Merge branch 'unstable' of evolix/ansible-roles into stable

2019-04-16 16:45:20 +02:00 · 2019-04-16 16:45:20 +02:00 · 2c11f02554
parent 271746494c daae099aef
commit 2c11f02554
105 changed files with 6793 additions and 633 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -18,6 +18,33 @@ The **patch** part changes incrementally at each release.
 ### Security
 ## [9.9.0] - 2019-04-16
 ### Added
 * evocheck : add "x-frame-options: sameorigin" for Munin
 * etc-git: ignore evobackup/.keep-* files
 * lxc: /home is mounted in the container by default
 ### Changed
 * changed remote repository to https://gitea.evolix.org/evolix/ansible-roles
 * apt: Ensure jessie-backport from archives.debian.org is accepted
 * apt: Remove jessie-update suite as it's no longer exists
 * apt: Replace mirror.evolix.org by archives.debian.org for jessie-backport
 * evocheck : update script from upstream
 * evolinux-base: remove apt-listchanges on Stretch and later
 * evomaintenance: embed version 0.5.0
 * opendkim: aligning roles with our conventions, major changes in opendkim-add.sh
 * redis: higher limit of open files
 * redis: set variables on inclusion, not with set_facts
 * tomcat: better tomcat version management
 * webapps/evoadmin-web: add dbadmin.sh to sudoers file
 ### Fixed
 * spamassasin: fix sa-update.sh and ensure service is started and enabled
 * tomcat-instance: deploy correct version of config files
 * tomcat-instance: deploy correct version of server.xml
 ## [9.8.0] - 2019-01-31
 ### Added
--- a/README.md
+++ b/README.md
@ -4,7 +4,7 @@ A repository for Ansible roles used by Evolix on Debian GNU/Linux 9 (stretch) se
 Few roles are also be compatible with Debian GNU/Linux 8 (jessie) servers.
 It contains only roles, everything else is available at
-https://forge.evolix.org/projects/ansible-public
+https://gitea.evolix.org/evolix/ansible-public
 ## Branches
@ -20,7 +20,7 @@ First, check-out the repository :
 ```
 $ cd ~/GIT/
-$ git clone https://forge.evolix.org/projects/ansible-roles
+$ git clone https://gitea.evolix.org/evolix/ansible-roles
 ```
 Then, add its path to your ansible load path :
@ -48,7 +48,7 @@ Contributions are welcome, especially bug fixes and "ansible good practices". Th
 Before starting anything of importance, we suggest contacting us to discuss what you'd like to add or change.
-Our conventions are available in the "ansible-public":https://forge.evolix.org/projects/ansible-public repository, in the CONVENTIONS.md file.
+Our conventions are available in the "ansible-public":https://gitea.evolix.org/evolix/ansible-public repository, in the CONVENTIONS.md file.
 ## Workflow
--- a/apache/meta/main.yml
+++ b/apache/meta/main.yml
@ -2,7 +2,7 @@ galaxy_info:
  author: Evolix
  description: Installation and basic configuration of Apache
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/apt/meta/main.yml
+++ b/apt/meta/main.yml
@ -2,7 +2,7 @@ galaxy_info:
  author: Evolix
  description: Add repositories to APT sources list.
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/apt/tasks/backports.yml
+++ b/apt/tasks/backports.yml
@ -27,6 +27,14 @@
  tags:
  - apt
 - name: Archived backport are accepted (jessie)
  lineinfile:
    dest: '/etc/apt/apt.conf.d/99no-check-valid-until'
    line: 'Acquire::Check-Valid-Until no;'
    create: yes
    state: present
  when: ansible_distribution_release == "jessie"
 - name: Apt update
  apt:
    update_cache: yes
--- a/apt/templates/jessie_backports.list.j2
+++ b/apt/templates/jessie_backports.list.j2
@ -1,3 +1,3 @@
 # {{ ansible_managed }}
-deb http://mirror.evolix.org/debian jessie-backports {{ apt_backports_components | mandatory }}
+deb http://archive.debian.org/debian jessie-backports {{ apt_backports_components | mandatory }}
--- a/apt/templates/jessie_basics.list.j2
+++ b/apt/templates/jessie_basics.list.j2
@ -1,5 +1,4 @@
 # {{ ansible_managed }}
 deb http://mirror.evolix.org/debian/ jessie {{ apt_basics_components | mandatory }}
 deb http://mirror.evolix.org/debian/ jessie-updates {{ apt_basics_components | mandatory }}
 deb http://security.debian.org/ jessie/updates {{ apt_basics_components | mandatory }}
--- a/bind/meta/main.yml
+++ b/bind/meta/main.yml
@ -2,7 +2,7 @@ galaxy_info:
  author: Evolix
  description: Installation and basic configuration of bind9.
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/dhcpd/meta/main.yml
+++ b/dhcpd/meta/main.yml
@ -2,7 +2,7 @@ galaxy_info:
  author: Evolix
  description: Installation and basic configuration of isc-dhcp-server.
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/drbd/meta/main.yml
+++ b/drbd/meta/main.yml
@ -2,7 +2,7 @@ galaxy_info:
  author: Evolix
  description: Install tools to setup DRBD replication accross servers.
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/elasticsearch/defaults/main.yml
+++ b/elasticsearch/defaults/main.yml
@ -24,3 +24,5 @@ elasticsearch_plugin_head_group: "{{ elasticsearch_plugin_head_owner }}"
 elasticsearch_plugin_head_home: "/home/{{ elasticsearch_plugin_head_owner }}"
 elasticsearch_plugin_head_clone_dir: "{{ elasticsearch_plugin_head_home }}/www"
 elasticsearch_plugin_head_tmp_dir: "{{ elasticsearch_plugin_head_home }}/tmp"
 elasticsearch_additional_scripts_dir: /usr/share/scripts
--- a/elasticsearch/files/upgrade_elasticsearch_plugins.sh
+++ b/elasticsearch/files/upgrade_elasticsearch_plugins.sh
@ -0,0 +1,23 @@
 #!/bin/bash
 # WARNING:
 # This script is installed and maintained via Ansible. Don't edit directly.
 # Create a fork if you need changes that can't go into the regular script.
 set -e
 set -u
 PLUGIN_BIN=/usr/share/elasticsearch/bin/elasticsearch-plugin
 NEED_RESTART=""
 for plugin in $(${PLUGIN_BIN} list | grep -v WARNING); do
    "${PLUGIN_BIN}" remove "${plugin}"
    "${PLUGIN_BIN}" install "${plugin}"
    NEED_RESTART="1"
 done
 if [ -n "${NEED_RESTART}" ]; then
    systemctl restart elasticsearch
 fi
 exit 0
--- a/elasticsearch/meta/main.yml
+++ b/elasticsearch/meta/main.yml
@ -3,7 +3,7 @@ galaxy_info:
  author: Evolix
  description: Install Elasticsearch
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/elasticsearch/tasks/additional_scripts.yml
+++ b/elasticsearch/tasks/additional_scripts.yml
@ -0,0 +1,22 @@
 ---
 - include_role:
    name: remount-usr
  when: elasticsearch_additional_scripts_dir | search ("/usr")
 - name: "{{ elasticsearch_additional_scripts_dir }} exists"
  file:
    dest: "{{ elasticsearch_additional_scripts_dir }}"
    mode: "0700"
    owner: root
    group: root
    state: directory
 - name: Plugins upgrade script is installed
  copy:
    src: upgrade_elasticsearch_plugins.sh
    dest: "{{ elasticsearch_additional_scripts_dir }}/upgrade_elasticsearch_plugins.sh"
    mode: "0755"
    owner: "root"
    group: "root"
    force: yes
--- a/elasticsearch/tasks/main.yml
+++ b/elasticsearch/tasks/main.yml
@ -12,6 +12,8 @@
 - include: logs.yml
 - include: additional_scripts.yml
 - include: plugin_head.yml
  when: elasticsearch_plugin_head
--- a/etc-git/meta/main.yml
+++ b/etc-git/meta/main.yml
@ -2,7 +2,7 @@ galaxy_info:
  author: Evolix
  description: Put /etc under Git version control.
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/etc-git/tasks/main.yml
+++ b/etc-git/tasks/main.yml
@ -55,6 +55,7 @@
    - "postfix/sa-blacklist.access"
    - "postfix/*.db"
    - "postfix/spamd.cidr"
    - "evobackup/.keep-*"
  tags:
    - etc-git
--- a/evoacme/README.md
+++ b/evoacme/README.md
@ -2,7 +2,7 @@
 EvoAcme is an [Ansible](https://www.ansible.com/) role and a [Certbot](https://certbot.eff.org) wrapper for generate [Let's Encrypt](https://letsencrypt.org/) certificates.
-It is a project hosted at [Evolix's forge](https://forge.evolix.org/projects/ansible-roles/repository/)
+It is a project hosted at [Evolix's forge](https://gitea.evolix.org/evolix/ansible-roles/)
 Evoacme is open source software licensed under the AGPLv3 License.
--- a/evoacme/files/hooks/commit
+++ b/evoacme/files/hooks/commit
@ -0,0 +1,18 @@
 #!/bin/sh
 git_bin=$(command -v git)
 letsencrypt_dir=/etc/letsencrypt
 export GIT_DIR="/etc/.git"
 export GIT_WORK_TREE="/etc"
 if test -x "${git_bin}" && test -d "${GIT_DIR}" && test -d "${GIT_WORK_TREE}"; then
  changed_lines=$(${git_bin} status --porcelain -- ${letsencrypt_dir} | wc -l | tr -d ' ')
  if [ "${changed_lines}" != "0" ]; then
      ${git_bin} add --all ${letsencrypt_dir}
      message="[letsencrypt] certificates renewal (${RENEWED_DOMAINS})"
      ${git_bin} commit --message "${message}" --quiet
  else
      echo "Weird, nothing has changed but the hook has been executed for '${RENEWED_DOMAINS}'"
  fi
 fi
--- a/evoacme/files/make-csr.sh
+++ b/evoacme/files/make-csr.sh
@ -215,7 +215,6 @@ main() {
    [ -w "${SELF_SIGNED_DIR}" ] || error "Directory ${SELF_SIGNED_DIR} is not writable"
    mkdir -p "${SSL_KEY_DIR}"
    chown root: "${SSL_KEY_DIR}"
    [ -w "${SSL_KEY_DIR}" ]     || error "Directory ${SSL_KEY_DIR} is not writable"
    [ -r "${SSL_CONFIG_FILE}" ] || error "File ${SSL_CONFIG_FILE} is not readable"
--- a/evoacme/meta/main.yml
+++ b/evoacme/meta/main.yml
@ -2,7 +2,7 @@ galaxy_info:
  author: Evolix
  description: Install evoacme ; a wrapper for Certbot (Let's Encrypt)
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/evoacme/tasks/main.yml
+++ b/evoacme/tasks/main.yml
@ -17,6 +17,7 @@
    - reload_nginx
    - reload_dovecot
    - reload_postfix
    - commit
 - include: conf.yml
--- a/evocheck/files/evocheck.sh
+++ b/evocheck/files/evocheck.sh
@ -5,7 +5,9 @@
 # powered by Evolix
 # Repository: https://gitea.evolix.org/evolix/evocheck
-# Commit: e6e0b8c216ed28a2ee2229e5e122ff1d49701ffc
+# Commit: 84d197047a718f4f5b31c39a2e1741b5963271de
 VERSION="0.14.0.beta2"
 # Disable LANG*
 export LANG=C
@ -61,7 +63,6 @@ IS_BINDCHROOT=1
 IS_REPVOLATILE=1
 IS_AUTOIF=1
 IS_INTERFACESGW=1
 IS_TOOMUCHDEBIANSYSMAINT=1
 IS_USERLOGROTATE=1
 IS_MODSECURITY=1
 IS_APACHECTL=1
@ -73,6 +74,7 @@ IS_KERNELUPTODATE=1
 IS_UPTIME=1
 IS_MUNINRUNNING=1
 IS_BACKUPUPTODATE=1
 IS_ETCGIT=1
 IS_GITPERMS=1
 IS_NOTUPGRADED=1
 IS_TUNE2FS_M5=1
@ -109,6 +111,8 @@ IS_EVOACME_CRON=1
 IS_EVOACME_LIVELINKS=1
 IS_APACHE_CONFENABLED=1
 IS_MELTDOWN_SPECTRE=1
 IS_OLD_HOME_DIR=1
 IS_LSBRELEASE=1
 #Proper to OpenBSD
 IS_SOFTDEP=1
@ -127,110 +131,291 @@ IS_NRPEDAEMON=1
 IS_ALERTBOOT=1
 IS_RSYNC=1
 # Default return code : 0 = no error
 RC=0
 # Source configuration file
 # shellcheck disable=SC1091
 test -f /etc/evocheck.cf && . /etc/evocheck.cf
-# If --cron is passed, ignore some checks.
+# OS detection
-if [ "$1" = "--cron" ]; then
+DEBIAN_RELEASE=""
-    IS_KERNELUPTODATE=0
+LSB_RELEASE_BIN=$(command -v lsb_release)
-    IS_UPTIME=0
+OPENBSD_RELEASE=""
 if [ -e /etc/debian_version ]; then
    DEBIAN_VERSION=$(cut -d "." -f 1 < /etc/debian_version)
    if [ -x "${LSB_RELEASE_BIN}" ]; then
        DEBIAN_RELEASE=$(${LSB_RELEASE_BIN} --codename --short)
    else
        case ${DEBIAN_VERSION} in
            5) DEBIAN_RELEASE="lenny";;
            6) DEBIAN_RELEASE="squeeze";;
            7) DEBIAN_RELEASE="wheezy";;
            8) DEBIAN_RELEASE="jessie";;
            9) DEBIAN_RELEASE="stretch";;
        esac
    fi
 elif [ "$(uname -s)" = "OpenBSD" ]; then
    # use a better release name
    OPENBSD_RELEASE=$(uname -r)
 fi
 # Functions
 show_version() {
    cat <<END
 evocheck version ${VERSION}
 Copyright 2009-2019 Evolix <info@evolix.fr>,
                    Romain Dessort <rdessort@evolix.fr>,
                    Benoit Série <bserie@evolix.fr>,
                    Gregory Colpart <reg@evolix.fr>,
                    Jérémy Lecour <jlecour@evolix.fr>,
                    Tristan Pilat <tpilat@evolix.fr>,
                    Victor Laborie <vlaborie@evolix.fr>
                    and others.
 evocheck comes with ABSOLUTELY NO WARRANTY.  This is free software,
 and you are welcome to redistribute it under certain conditions.
 See the GNU General Public License v3.0 for details.
 END
 }
 show_help() {
    cat <<END
 evocheck is a script that verifies Evolix conventions on Debian/OpenBSD servers.
 Usage: evocheck
  or   evocheck --cron
  or   evocheck --quiet
  or   evocheck --verbose
 Options
     --cron                  disable a few checks
 -v, --verbose               increase verbosity of checks
 -q, --quiet                 nothing is printed on stdout nor stderr
 -h, --help                  print this message and exit
     --version               print version and exit
 END
 }
 is_debian() {
  test -n "${DEBIAN_RELEASE}"
 }
 is_debian_lenny() {
    test "${DEBIAN_RELEASE}" = "lenny"
 }
 is_debian_squeeze() {
    test "${DEBIAN_RELEASE}" = "squeeze"
 }
 is_debian_wheezy() {
    test "${DEBIAN_RELEASE}" = "wheezy"
 }
 is_debian_jessie() {
    test "${DEBIAN_RELEASE}" = "jessie"
 }
 is_debian_stretch() {
    test "${DEBIAN_RELEASE}" = "stretch"
 }
 debian_release() {
    printf "%s" "${DEBIAN_RELEASE}"
 }
 debian_version() {
    printf "%s" "${DEBIAN_VERSION}"
 }
 is_openbsd() {
  test -n "${OPENBSD_RELEASE}"
 }
 is_pack_web(){
    test -e /usr/share/scripts/web-add.sh || test -e /usr/share/scripts/evoadmin/web-add.sh
 }
 is_pack_samba(){
    test -e /usr/share/scripts/add.pl
 }
 is_installed(){
-    for pkg in $*; do
+    for pkg in "$@"; do
-            dpkg -l $pkg 2>/dev/null | grep -q -E '^(i|h)i' || return 1
+        dpkg -l "$pkg" 2> /dev/null | grep -q -E '^(i|h)i' || return 1
    done
 }
-is_debianversion(){
+# logging
-    [ $(lsb_release -c -s) = $1 ] && return 0
+failed() {
    check_name=$1
    shift
    check_comments=$*
    RC=1
    if [ "${QUIET}" != 1 ]; then
        if [ -n "${check_comments}" ] && [ "${VERBOSE}" = 1 ]; then
            printf "%s FAILED! %s\n" "${check_name}" "${check_comments}" 2>&1
        else
            printf "%s FAILED!\n" "${check_name}" 2>&1
        fi
    fi
 }
-is_debianversion squeeze && MINIFW_FILE=/etc/firewall.rc
+# Parse options
-is_debianversion wheezy && MINIFW_FILE=/etc/firewall.rc
+# based on https://gist.github.com/deshion/10d3cb5f88a21671e17a
-is_debianversion jessie && MINIFW_FILE=/etc/default/minifirewall
+while :; do
-is_debianversion stretch && MINIFW_FILE=/etc/default/minifirewall
+    case $1 in
        -h|-\?|--help)
            show_help
            exit 0
            ;;
        --version)
            show_version
            exit 0
            ;;
        --cron)
            IS_KERNELUPTODATE=0
            IS_UPTIME=0
            ;;
        -v|--verbose)
            VERBOSE=1
            ;;
        -q|--quiet)
            QUIET=1
            VERBOSE=0
            ;;
        --)
            # End of all options.
            shift
            break
            ;;
        -?*|[[:alnum:]]*)
            # ignore unknown options
            if [ "${QUIET}" != 1 ]; then
                printf 'WARN: Unknown option (ignored): %s\n' "$1" >&2
            fi
            ;;
        *)
            # Default case: If no more options then break out of the loop.
            break
            ;;
    esac
    shift
 done
 #-----------------------------------------------------------
 #Vérifie si c'est une debian et fait les tests appropriés.
 #-----------------------------------------------------------
-if [ -e /etc/debian_version ]; then
+if is_debian; then
    is_debian_lenny   && MINIFW_FILE=/etc/firewall.rc
    is_debian_squeeze && MINIFW_FILE=/etc/firewall.rc
    is_debian_wheezy  && MINIFW_FILE=/etc/firewall.rc
    is_debian_jessie  && MINIFW_FILE=/etc/default/minifirewall
    is_debian_stretch && MINIFW_FILE=/etc/default/minifirewall
    if [ "$IS_LSBRELEASE" = 1 ]; then
        if [ -x "${LSB_RELEASE_BIN}" ]; then
            ## only the major version matters
            lhs=$(${LSB_RELEASE_BIN} --release --short | cut -d "." -f 1)
            rhs=$(cut -d "." -f 1 < /etc/debian_version)
            test "$lhs" = "$rhs" || failed "IS_LSBRELEASE" "release is not consistent between lsb_release and /etc/debian_version"
        else
            failed "IS_LSBRELEASE" "lsb_release is missing or not executable"
        fi
    fi
    if [ "$IS_DPKGWARNING" = 1 ]; then
-        is_debianversion squeeze && ( [ "$IS_USRRO" = 1 ] || [ "$IS_TMPNOEXEC" = 1 ] ) && ( \
+        if is_debian_squeeze; then
-            grep -E -i "(Pre-Invoke ..echo Are you sure to have rw on|Post-Invoke ..echo Dont forget to mount -o remount)" \
+            if [ "$IS_USRRO" = 1 ] || [ "$IS_TMPNOEXEC" = 1 ]; then
-            /etc/apt/apt.conf | wc -l | grep -q ^2$ || echo 'IS_DPKGWARNING FAILED!' )
+                count=$(grep -c -E -i "(Pre-Invoke ..echo Are you sure to have rw on|Post-Invoke ..echo Dont forget to mount -o remount)" /etc/apt/apt.conf)
-        is_debianversion wheezy && ( ( [ "$IS_USRRO" = 1 ] || [ "$IS_TMPNOEXEC" = 1 ] ) && \
+                test "$count" = 2 || failed "IS_DPKGWARNING" "Pre/Post-Invoke are missing."
-            ( test -e /etc/apt/apt.conf.d/80evolinux || echo 'IS_DPKGWARNING FAILED!' )
+            fi
-            test -e /etc/apt/apt.conf && echo 'IS_DPKGWARNING FAILED!' )
+        elif is_debian_wheezy; then
-        is_debianversion stretch && (test -e /etc/apt/apt.conf.d/z-evolinux.conf || echo 'IS_DPKGWARNING FAILED!')
+            if [ "$IS_USRRO" = 1 ] || [ "$IS_TMPNOEXEC" = 1 ]; then
                test -e /etc/apt/apt.conf.d/80evolinux \
                    || failed "IS_DPKGWARNING" "/etc/apt/apt.conf.d/80evolinux is missing"
                test -e /etc/apt/apt.conf \
                    && failed "IS_DPKGWARNING" "/etc/apt/apt.conf is missing"
            fi
        elif is_debian_stretch; then
            test -e /etc/apt/apt.conf.d/z-evolinux.conf \
                || failed "IS_DPKGWARNING" "/etc/apt/apt.conf.d/z-evolinux.conf is missing"
        fi
    fi
    if [ "$IS_UMASKSUDOERS" = 1 ]; then
-        is_debianversion squeeze && ( grep -q ^Defaults.*umask=0077 /etc/sudoers || echo 'IS_UMASKSUDOERS FAILED!' )
+        if is_debian_squeeze; then
            grep -q "^Defaults.*umask=0077" /etc/sudoers \
                || failed "IS_UMASKSUDOERS" "sudoers must set umask to 0077"
        fi
    fi
    # Verifying check_mailq in Nagios NRPE config file. (Option "-M postfix" need to be set if the MTA is Postfix)
    if [ "$IS_NRPEPOSTFIX" = 1 ]; then
-        is_debianversion squeeze && is_installed postfix && ( grep -q "^command.*check_mailq -M postfix" /etc/nagios/nrpe.cfg || echo 'IS_NRPEPOSTFIX FAILED!' )
+        if is_installed postfix; then
-        is_debianversion squeeze || ( is_installed postfix && ( test -e /etc/nagios/nrpe.cfg && grep -qr "^command.*check_mailq -M postfix" /etc/nagios/nrpe.* || echo 'IS_NRPEPOSTFIX FAILED!' ) )
+            if is_debian_squeeze; then
                grep -q "^command.*check_mailq -M postfix" /etc/nagios/nrpe.cfg \
                    || failed "IS_NRPEPOSTFIX" "NRPE \"check_mailq\" for postfix is missing"
            else
                { test -e /etc/nagios/nrpe.cfg \
                    && grep -qr "^command.*check_mailq -M postfix" /etc/nagios/nrpe.*;
                } || failed "IS_NRPEPOSTFIX" "NRPE \"check_mailq\" for postfix is missing"
            fi
        fi
    fi
    # Check if mod-security config file is present
    if [ "$IS_MODSECURITY" = 1 ]; then
-        is_debianversion squeeze && is_installed libapache-mod-security && \
+        if is_debian_squeeze; then
-            (test -e /etc/apache2/conf.d/mod-security2.conf || echo 'IS_MODSECURITY FAILED!')
+            if is_installed libapache-mod-security; then
-        is_debianversion wheezy && is_installed libapache2-modsecurity && \
+                test -e /etc/apache2/conf.d/mod-security2.conf || failed "IS_MODSECURITY" "missing configuration file"
-            (test -e /etc/apache2/conf.d/mod-security2.conf || echo 'IS_MODSECURITY FAILED!')
+            fi
        elif is_debian_wheezy; then
            if is_installed libapache2-modsecurity; then
                test -e /etc/apache2/conf.d/mod-security2.conf || failed "IS_MODSECURITY" "missing configuration file"
            fi
        fi
    fi
    if [ "$IS_CUSTOMSUDOERS" = 1 ]; then
-        grep -E -qr "umask=0077" /etc/sudoers* || echo 'IS_CUSTOMSUDOERS FAILED!'
+        grep -E -qr "umask=0077" /etc/sudoers* || failed "IS_CUSTOMSUDOERS"
    fi
    if [ "$IS_VARTMPFS" = 1 ]; then
-        df /var/tmp | grep -q tmpfs || echo 'IS_VARTMPFS FAILED!'
+        df /var/tmp | grep -q tmpfs || failed "IS_VARTMPFS" "/var/tmp is not a tmpfs"
    fi
    if [ "$IS_SERVEURBASE" = 1 ]; then
-        is_installed serveur-base || echo 'IS_SERVEURBASE FAILED!'
+        is_installed serveur-base || failed "IS_SERVEURBASE" "serveur-base package is not installed"
    fi
    if [ "$IS_LOGROTATECONF" = 1 ]; then
-        test -e /etc/logrotate.d/zsyslog || echo 'IS_LOGROTATECONF FAILED!'
+        test -e /etc/logrotate.d/zsyslog || failed "IS_LOGROTATECONF"
    fi
    if [ "$IS_SYSLOGCONF" = 1 ]; then
-        grep -q "^# Syslog for Pack Evolix serveur" /etc/*syslog.conf || echo 'IS_SYSLOGCONF FAILED!'
+        grep -q "^# Syslog for Pack Evolix serveur" /etc/*syslog.conf \
            || failed "IS_SYSLOGCONF"
    fi
    if [ "$IS_DEBIANSECURITY" = 1 ]; then
-        grep -q "^deb.*security" /etc/apt/sources.list || echo 'IS_DEBIANSECURITY FAILED!'
+        grep -q "^deb.*security" /etc/apt/sources.list \
            || failed "IS_DEBIANSECURITY"
    fi
    if [ "$IS_APTITUDEONLY" = 1 ]; then
-        is_debianversion squeeze && test -e /usr/bin/apt-get && echo 'IS_APTITUDEONLY FAILED!'
+        if is_debian_squeeze || is_debian_wheezy; then
-        is_debianversion wheezy && test -e /usr/bin/apt-get && echo 'IS_APTITUDEONLY FAILED!'
+            test -e /usr/bin/apt-get && failed "IS_APTITUDEONLY"
        fi
    fi
    if [ "$IS_APTITUDE" = 1 ]; then
-        is_debianversion jessie && test -e /usr/bin/aptitude && echo 'IS_APTITUDE FAILED!'
+        if is_debian_jessie || is_debian_stretch; then
-        is_debianversion stretch && test -e /usr/bin/aptitude && echo 'IS_APTITUDE FAILED!'
+            test -e /usr/bin/aptitude && failed "IS_APTITUDE"
        fi
    fi
    if [ "$IS_APTGETBAK" = 1 ]; then
-        is_debianversion jessie && test -e /usr/bin/apt-get.bak && echo 'IS_APTGETBAK FAILED!'
+        if is_debian_jessie || is_debian_stretch; then
-        is_debianversion stretch && test -e /usr/bin/apt-get.bak && echo 'IS_APTGETBAK FAILED!'
+            test -e /usr/bin/apt-get.bak && failed "IS_APTGETBAK"
        fi
    fi
    if [ "$IS_APTICRON" = 1 ]; then
@ -238,133 +423,216 @@ if [ -e /etc/debian_version ]; then
        test -e /etc/cron.d/apticron || status="fail"
        test -e /etc/cron.daily/apticron && status="fail"
        test "$status" = "fail" || test -e /usr/bin/apt-get.bak || status="fail"
-        ( is_debianversion squeeze || is_debianversion wheezy ) && test "$status" = "fail" && echo 'IS_APTICRON FAILED!'
+
        if is_debian_squeeze || is_debian_wheezy; then
            test "$status" = "fail" && failed "IS_APTICRON"
        fi
    fi
    if [ "$IS_USRRO" = 1 ]; then
-        grep /usr /etc/fstab | grep -q ro || echo 'IS_USRRO FAILED!'
+        grep /usr /etc/fstab | grep -q ro || failed "IS_USRRO"
    fi
    if [ "$IS_TMPNOEXEC" = 1 ]; then
-        mount | grep "on /tmp" | grep -q noexec || echo 'IS_TMPNOEXEC FAILED!'
+        mount | grep "on /tmp" | grep -q noexec || failed "IS_TMPNOEXEC"
    fi
    if [ "$IS_MOUNT_FSTAB" = 1 ]; then
        # Test if lsblk available, if not skip this test...
-        if test -x "$(command -v lsblk)"; then
+        LSBLK_BIN=$(command -v lsblk)
-            for mountPoint in $(lsblk -o MOUNTPOINT -l -n | grep '/'); do
+        if test -x "${LSBLK_BIN}"; then
-                grep -Eq "$mountPoint\W" /etc/fstab || echo 'IS_MOUNT_FSTAB FAILED!'
+            for mountPoint in $(${LSBLK_BIN} -o MOUNTPOINT -l -n | grep '/'); do
                grep -Eq "$mountPoint\W" /etc/fstab || failed "IS_MOUNT_FSTAB"
            done
        fi
    fi
    if [ "$IS_LISTCHANGESCONF" = 1 ]; then
-        if is_debianversion stretch; then
+        if is_debian_stretch; then
-            is_installed apt-listchanges && echo 'IS_LISTCHANGESCONF FAILED!'
+            if is_installed apt-listchanges; then
                failed "IS_LISTCHANGESCONF" "apt-listchanges must not be installed on Stretch"
            fi
        else
-            test -e /etc/apt/listchanges.conf && grep -E "(which=both|confirm=1)" /etc/apt/listchanges.conf | wc -l | grep -q ^2$ || echo 'IS_LISTCHANGESCONF FAILED!'
+            if [ -e "/etc/apt/listchanges.conf" ]; then
                lines=$(grep -cE "(which=both|confirm=1)" /etc/apt/listchanges.conf)
                if [ "$lines" != 2 ]; then
                    failed "IS_LISTCHANGESCONF" "apt-listchanges config is incorrect"
                fi
            else
                failed "IS_LISTCHANGESCONF" "apt-listchanges config is missing"
            fi
        fi
    fi
    if [ "$IS_CUSTOMCRONTAB" = 1 ]; then
-        grep -E "^(17 \*|25 6|47 6|52 6)" /etc/crontab | wc -l | grep -q ^4$ && echo 'IS_CUSTOMCRONTAB FAILED!'
+        found_lines=$(grep -c -E "^(17 \*|25 6|47 6|52 6)" /etc/crontab)
        test "$found_lines" = 4 && failed "IS_CUSTOMCRONTAB"
    fi
    if [ "$IS_SSHALLOWUSERS" = 1 ]; then
-        grep -E -qi "(AllowUsers|AllowGroups)" /etc/ssh/sshd_config || echo 'IS_SSHALLOWUSERS FAILED!'
+        grep -E -qi "(AllowUsers|AllowGroups)" /etc/ssh/sshd_config || failed "IS_SSHALLOWUSERS"
    fi
    if [ "$IS_DISKPERF" = 1 ]; then
-        test -e /root/disk-perf.txt || echo 'IS_DISKPERF FAILED!'
+        test -e /root/disk-perf.txt || failed "IS_DISKPERF"
    fi
    if [ "$IS_TMOUTPROFILE" = 1 ]; then
-        grep -q TMOUT= /etc/profile /etc/profile.d/evolinux.sh || echo 'IS_TMOUTPROFILE FAILED!'
+        grep -sq "TMOUT=" /etc/profile /etc/profile.d/evolinux.sh || failed "IS_TMOUTPROFILE" "TMOUT is not set"
    fi
    if [ "$IS_ALERT5BOOT" = 1 ]; then
-        grep -q ^date /etc/rc2.d/S*alert5 || echo 'IS_ALERT5BOOT FAILED!'
+        if [ -n "$(find /etc/rc2.d/ -name 'S*alert5')" ]; then
            grep -q "^date" /etc/rc2.d/S*alert5 || failed "IS_ALERT5BOOT" "boot mail is not sent by alert5 init script"
        else
            failed "IS_ALERT5BOOT" "alert5 init script is missing"
        fi
    fi
    if [ "$IS_ALERT5MINIFW" = 1 ]; then
-        grep -q ^/etc/init.d/minifirewall /etc/rc2.d/S*alert5 || echo 'IS_ALERT5MINIFW FAILED!'
+        if [ -n "$(find /etc/rc2.d/ -name 'S*alert5')" ]; then
            grep -q "^/etc/init.d/minifirewall" /etc/rc2.d/S*alert5 \
                || failed "IS_ALERT5MINIFW" "Minifirewall is not started by alert5 init script"
        else
            failed "IS_ALERT5MINIFW" "alert5 init script is missing"
        fi
    fi
    if [ "$IS_ALERT5MINIFW" = 1 ] && [ "$IS_MINIFW" = 1 ]; then
-        /sbin/iptables -L -n | grep -q -E "^ACCEPT\s*all\s*--\s*31\.170\.8\.4\s*0\.0\.0\.0/0\s*$" || echo 'IS_MINIFW FAILED!'
+        /sbin/iptables -L -n | grep -q -E "^ACCEPT\s*all\s*--\s*31\.170\.8\.4\s*0\.0\.0\.0/0\s*$" \
            || failed "IS_MINIFW"
    fi
    if [ "$IS_NRPEPERMS" = 1 ]; then
-        test -d /etc/nagios && ls -ld /etc/nagios | grep -q drwxr-x--- || echo 'IS_NRPEPERMS FAILED!'
+        if [ -d /etc/nagios ]; then
            actual=$(stat --format "%a" /etc/nagios)
            expected="750"
            test "$expected" = "$actual" || failed "IS_NRPEPERMS"
        fi
    fi
    if [ "$IS_MINIFWPERMS" = 1 ]; then
-        ls -l "$MINIFW_FILE" | grep -q -- -rw------- || echo 'IS_MINIFWPERMS FAILED!'
+        if [ -f "$MINIFW_FILE" ]; then
            actual=$(stat --format "%a" $MINIFW_FILE)
            expected="600"
            test "$expected" = "$actual" || failed "IS_MINIFWPERMS"
        fi
    fi
    if [ "$IS_NRPEDISKS" = 1 ]; then
-        NRPEDISKS=$(grep command.check_disk /etc/nagios/nrpe.cfg | grep ^command.check_disk[0-9] | sed -e "s/^command.check_disk\([0-9]\+\).*/\1/" | sort -n | tail -1)
+        NRPEDISKS=$(grep command.check_disk /etc/nagios/nrpe.cfg | grep "^command.check_disk[0-9]" | sed -e "s/^command.check_disk\([0-9]\+\).*/\1/" | sort -n | tail -1)
-        DFDISKS=$(df -Pl | grep -E -v "(^Filesystem|/lib/init/rw|/dev/shm|udev|rpc_pipefs)" | wc -l)
+        DFDISKS=$(df -Pl | grep -c -E -v "(^Filesystem|/lib/init/rw|/dev/shm|udev|rpc_pipefs)")
-        [ "$NRPEDISKS" = "$DFDISKS" ] || echo 'IS_NRPEDISKS FAILED!'
+        test "$NRPEDISKS" = "$DFDISKS" || failed "IS_NRPEDISKS"
    fi
    if [ "$IS_NRPEPID" = 1 ]; then
-        is_debianversion squeeze || (test -e /etc/nagios/nrpe.cfg && grep -q "^pid_file=/var/run/nagios/nrpe.pid" /etc/nagios/nrpe.cfg || echo 'IS_NRPEPID FAILED!')
+        if ! is_debian_squeeze; then
            { test -e /etc/nagios/nrpe.cfg \
                && grep -q "^pid_file=/var/run/nagios/nrpe.pid" /etc/nagios/nrpe.cfg;
            } || failed "IS_NRPEPID"
        fi
    fi
    if [ "$IS_GRSECPROCS" = 1 ]; then
-        uname -a | grep -q grsec && ( grep -q ^command.check_total_procs..sudo /etc/nagios/nrpe.cfg && grep -A1 "^\[processes\]" /etc/munin/plugin-conf.d/munin-node | grep -q "^user root" || echo 'IS_GRSECPROCS FAILED!' )
+        if uname -a | grep -q grsec; then
            { grep -q "^command.check_total_procs..sudo" /etc/nagios/nrpe.cfg \
                && grep -A1 "^\[processes\]" /etc/munin/plugin-conf.d/munin-node | grep -q "^user root";
            } || failed "IS_GRSECPROCS"
        fi
    fi
    if [ "$IS_APACHEMUNIN" = 1 ]; then
-        test -e /etc/apache2/apache2.conf && ( is_debianversion stretch || ( grep -E -q "^env.url.*/server-status-[[:alnum:]]{4}" /etc/munin/plugin-conf.d/munin-node && grep -E -q "/server-status-[[:alnum:]]{4}" /etc/apache2/apache2.conf || grep -E -q "/server-status-[[:alnum:]]{4}" /etc/apache2/apache2.conf /etc/apache2/mods-enabled/status.conf 2>/dev/null || echo 'IS_APACHEMUNIN FAILED!' ) )
+        if test -e /etc/apache2/apache2.conf; then
-        test -e /etc/apache2/apache2.conf && ( is_debianversion stretch && ( test -h /etc/apache2/mods-enabled/status.load && test -h /etc/munin/plugins/apache_accesses && test -h /etc/munin/plugins/apache_processes && test -h /etc/munin/plugins/apache_accesses || echo 'IS_APACHEMUNIN FAILED!' ) )
+            if is_debian_stretch; then
                { test -h /etc/apache2/mods-enabled/status.load \
                    && test -h /etc/munin/plugins/apache_accesses \
                    && test -h /etc/munin/plugins/apache_processes \
                    && test -h /etc/munin/plugins/apache_volume; } \
                    || failed "IS_APACHEMUNIN" "missing munin plugins for Apache"
            else
                pattern="/server-status-[[:alnum:]]{4,}"
                { grep -r -q -s -E "^env.url.*${pattern}" /etc/munin/plugin-conf.d \
                    && { grep -q -s -E "${pattern}" /etc/apache2/apache2.conf \
                        || grep -q -s -E "${pattern}" /etc/apache2/mods-enabled/status.conf;
                    };
                } || failed "IS_APACHEMUNIN" "server status is not properly configured"
            fi
        fi
    fi
    # Verification mytop + Munin si MySQL
    if [ "$IS_MYSQLUTILS" = 1 ]; then
-        is_installed mysql-server && ( grep -q mysqladmin /root/.my.cnf && test -x /usr/bin/mytop && grep -q debian-sys-maint /root/.mytop || echo 'IS_MYSQLUTILS FAILED!' )
+        MYSQL_ADMIN=${MYSQL_ADMIN:-mysqladmin}
        if is_installed mysql-server; then
            # You can configure MYSQL_ADMIN in evocheck.cf
            if ! grep -qs "$MYSQL_ADMIN" /root/.my.cnf; then
                failed "IS_MYSQLUTILS" "mysqladmin missing in /root/.my.cnf"
            fi
            if ! test -x /usr/bin/mytop; then
                if ! test -x /usr/local/bin/mytop; then
                    failed "IS_MYSQLUTILS" "mytop binary missing"
                fi
            fi
            if ! grep -qs debian-sys-maint /root/.mytop; then
                failed "IS_MYSQLUTILS" "debian-sys-maint missing in /root/.mytop"
            fi
        fi
    fi
    # Verification de la configuration du raid soft (mdadm)
    if [ "$IS_RAIDSOFT" = 1 ]; then
-        test -e /proc/mdstat && grep -q md /proc/mdstat && \
+        if test -e /proc/mdstat && grep -q md /proc/mdstat; then
-            ( grep -q "^AUTOCHECK=true" /etc/default/mdadm \
+            { grep -q "^AUTOCHECK=true" /etc/default/mdadm \
-        && grep -q "^START_DAEMON=true" /etc/default/mdadm \
+                && grep -q "^START_DAEMON=true" /etc/default/mdadm \
-        && grep -qv "^MAILADDR ___MAIL___" /etc/mdadm/mdadm.conf || echo 'IS_RAIDSOFT FAILED!')
+                && grep -qv "^MAILADDR ___MAIL___" /etc/mdadm/mdadm.conf;
            } || failed "IS_RAIDSOFT"
        fi
    fi
    # Verification du LogFormat de AWStats
    if [ "$IS_AWSTATSLOGFORMAT" = 1 ]; then
-        is_installed apache2.2-common && ( grep -qE '^LogFormat=1' /etc/awstats/awstats.conf.local || echo 'IS_AWSTATSLOGFORMAT FAILED!' )
+        if is_installed apache2.2-common awstats; then
            grep -qE '^LogFormat=1' /etc/awstats/awstats.conf.local \
                || failed "IS_AWSTATSLOGFORMAT"
        fi
    fi
    # Verification de la présence de la config logrotate pour Munin
    if [ "$IS_MUNINLOGROTATE" = 1 ]; then
-        ( test -e /etc/logrotate.d/munin-node && test -e /etc/logrotate.d/munin ) || echo 'IS_MUNINLOGROTATE FAILED!'
+        { test -e /etc/logrotate.d/munin-node \
            && test -e /etc/logrotate.d/munin;
        } || failed "IS_MUNINLOGROTATE"
    fi
    # Verification de la présence de metche
    #if [ "$IS_METCHE" = 1 ]; then
-    #	is_installed metche || echo 'IS_METCHE FAILED!'
+    #    is_installed metche || failed "IS_METCHE"
    #fi
    # Verification de l'activation de Squid dans le cas d'un pack mail
    if [ "$IS_SQUID" = 1 ]; then
-        squidconffile=/etc/squid*/squid.conf
+        if is_debian_stretch; then
-        is_debianversion stretch && squidconffile=/etc/squid/evolinux-custom.conf
+            squidconffile="/etc/squid/evolinux-custom.conf"
-        is_pack_web && ( is_installed squid || is_installed squid3 \
+        else
-        && grep -qE "^[^#]*iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner proxy -j ACCEPT" $MINIFW_FILE \
+            squidconffile="/etc/squid*/squid.conf"
-        && grep -qE "^[^#]*iptables -t nat -A OUTPUT -p tcp --dport 80 -d `hostname -i` -j ACCEPT" $MINIFW_FILE \
+        fi
-        && grep -qE "^[^#]*iptables -t nat -A OUTPUT -p tcp --dport 80 -d 127.0.0.(1|0/8) -j ACCEPT" $MINIFW_FILE \
+        if is_pack_web && (is_installed squid || is_installed squid3); then
-        && grep -qE "^[^#]*iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port.* `grep http_port $squidconffile | cut -f 2 -d " "`" $MINIFW_FILE || echo 'IS_SQUID FAILED!' )
+            host=$(hostname -i)
            # shellcheck disable=SC2086
            http_port=$(grep "http_port" $squidconffile | cut -f 2 -d " ")
            { grep -qE "^[^#]*iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner proxy -j ACCEPT" "$MINIFW_FILE" \
                && grep -qE "^[^#]*iptables -t nat -A OUTPUT -p tcp --dport 80 -d $host -j ACCEPT" "$MINIFW_FILE" \
                && grep -qE "^[^#]*iptables -t nat -A OUTPUT -p tcp --dport 80 -d 127.0.0.(1|0/8) -j ACCEPT" "$MINIFW_FILE" \
                && grep -qE "^[^#]*iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port.* $http_port" "$MINIFW_FILE";
            } || failed "IS_SQUID"
        fi
    fi
    if [ "$IS_EVOMAINTENANCE_FW" = 1 ]; then
        if [ -f "$MINIFW_FILE" ]; then
            rulesNumber=$(grep -c "/sbin/iptables -A INPUT -p tcp --sport 5432 --dport 1024:65535 -s .* -m state --state ESTABLISHED,RELATED -j ACCEPT" "$MINIFW_FILE")
            if [ "$rulesNumber" -lt 2 ]; then
-                echo 'IS_EVOMAINTENANCE_FW FAILED!'
+                failed "IS_EVOMAINTENANCE_FW"
            fi
        fi
    fi
@ -372,265 +640,410 @@ if [ -e /etc/debian_version ]; then
    # Verification de la conf et de l'activation de mod-deflate
    if [ "$IS_MODDEFLATE" = 1 ]; then
        f=/etc/apache2/mods-enabled/deflate.conf
-        is_installed apache2.2 && (test -e $f && grep -q "AddOutputFilterByType DEFLATE text/html text/plain text/xml" $f \
+        if is_installed apache2.2; then
-        && grep -q "AddOutputFilterByType DEFLATE text/css" $f \
+            { test -e $f && grep -q "AddOutputFilterByType DEFLATE text/html text/plain text/xml" $f \
-        && grep -q "AddOutputFilterByType DEFLATE application/x-javascript application/javascript" $f || echo 'IS_MODDEFLATE FAILED!')
+                && grep -q "AddOutputFilterByType DEFLATE text/css" $f \
                && grep -q "AddOutputFilterByType DEFLATE application/x-javascript application/javascript" $f;
            } || failed "IS_MODDEFLATE"
        fi
    fi
    # Verification de la conf log2mail
    if [ "$IS_LOG2MAILRUNNING" = 1 ]; then
-        is_pack_web && (is_installed log2mail && pgrep log2mail >/dev/null || echo 'IS_LOG2MAILRUNNING')
+        if is_pack_web && is_installed log2mail; then
            pgrep log2mail >/dev/null || failed 'IS_LOG2MAILRUNNING'
        fi
    fi
    if [ "$IS_LOG2MAILAPACHE" = 1 ]; then
-        if is_debianversion stretch; then
+        if is_debian_stretch; then
            conf=/etc/log2mail/config/apache
        else
            conf=/etc/log2mail/config/default
        fi
-        is_pack_web && ( is_installed log2mail && grep -q "^file = /var/log/apache2/error.log" $conf 2>/dev/null || echo 'IS_LOG2MAILAPACHE FAILED!' )
+        if is_pack_web && is_installed log2mail; then
            grep -s -q "^file = /var/log/apache2/error.log" $conf \
                || failed "IS_LOG2MAILAPACHE"
        fi
    fi
    if [ "$IS_LOG2MAILMYSQL" = 1 ]; then
-        is_pack_web && ( is_installed log2mail && grep -q "^file = /var/log/syslog" /etc/log2mail/config/{default,mysql,mysql.conf} 2>/dev/null || echo 'IS_LOG2MAILMYSQL FAILED!' )
+        if is_pack_web && is_installed log2mail; then
            grep -s -q "^file = /var/log/syslog" /etc/log2mail/config/{default,mysql,mysql.conf} \
                || failed "IS_LOG2MAILMYSQL"
        fi
    fi
    if [ "$IS_LOG2MAILSQUID" = 1 ]; then
-        is_pack_web && ( is_installed log2mail && grep -q "^file = /var/log/squid.*/access.log" \
+        if is_pack_web && is_installed log2mail; then
-            /etc/log2mail/config/* 2>/dev/null || echo 'IS_LOG2MAILSQUID FAILED!' )
+            grep -s -q "^file = /var/log/squid.*/access.log" /etc/log2mail/config/* \
                || failed "IS_LOG2MAILSQUID"
        fi
    fi
    # Verification si bind est chroote
    if [ "$IS_BINDCHROOT" = 1 ]; then
-        if is_installed bind9 && $(netstat -utpln |grep "/named" |grep :53 |grep -qvE "(127.0.0.1|::1)"); then
+        if is_installed bind9; then
-            if grep -q '^OPTIONS=".*-t' /etc/default/bind9 && grep -q '^OPTIONS=".*-u' /etc/default/bind9; then
+            if netstat -utpln | grep "/named" | grep :53 | grep -qvE "(127.0.0.1|::1)"; then
-                if [ "$(md5sum /usr/sbin/named |cut -f 1 -d ' ')" != "$(md5sum /var/chroot-bind/usr/sbin/named |cut -f 1 -d ' ')" ]; then
+                if grep -q '^OPTIONS=".*-t' /etc/default/bind9 && grep -q '^OPTIONS=".*-u' /etc/default/bind9; then
-                    echo 'IS_BINDCHROOT FAILED!'
+                    md5_original=$(md5sum /usr/sbin/named | cut -f 1 -d ' ')
                    md5_chrooted=$(md5sum /var/chroot-bind/usr/sbin/named | cut -f 1 -d ' ')
                    if [ "$md5_original" != "$md5_chrooted" ]; then
                        failed "IS_BINDCHROOT" "The chrooted bind binary is differet than the original binary"
                    fi
                else
                    failed "IS_BINDCHROOT" "bind process is not chrooted"
                fi
            else
                echo 'IS_BINDCHROOT FAILED!'
            fi
        fi
    fi
    # Verification de la présence du depot volatile
    if [ "$IS_REPVOLATILE" = 1 ]; then
-        test `cat /etc/debian_version |cut -d "." -f 1` -eq 5 && (grep -qE "^deb http://volatile.debian.org/debian-volatile" /etc/apt/sources.list || echo 'IS_REPVOLATILE FAILED!')
+        if is_debian_lenny; then
-            test `cat /etc/debian_version |cut -d "." -f 1` -eq 6 && (grep -qE "^deb.*squeeze-updates" /etc/apt/sources.list || echo 'IS_REPVOLATILE FAILED!')
+            grep -qE "^deb http://volatile.debian.org/debian-volatile" /etc/apt/sources.list \
                || failed "IS_REPVOLATILE"
        fi
        if is_debian_squeeze; then
            grep -qE "^deb.*squeeze-updates" /etc/apt/sources.list \
                || failed "IS_REPVOLATILE"
        fi
    fi
    # /etc/network/interfaces should be present, we don't manage systemd-network yet
    if [ "$IS_NETWORK_INTERFACES" = 1 ]; then
        if ! test -f /etc/network/interfaces; then
            echo "IS_NETWORK_INTERFACES FAILED!"
            IS_AUTOIF=0
            IS_INTERFACESGW=0
            failed "IS_NETWORK_INTERFACES" "systemd network configuration is not supported yet"
        fi
    fi
    # Verify if all if are in auto
    if [ "$IS_AUTOIF" = 1 ]; then
-        is_debianversion stretch || for interface in `/sbin/ifconfig -s |tail -n +2 |grep -E -v "^(lo|vnet|docker|veth|tun|tap|macvtap)" |cut -d " " -f 1 |tr "\n" " "`; do
+        if is_debian_stretch; then
-                    grep -q "^auto $interface" /etc/network/interfaces || (echo 'IS_AUTOIF FAILED!' && break)
+            interfaces=$(/sbin/ip address show up | grep "^[0-9]*:" | grep -E -v "(lo|vnet|docker|veth|tun|tap|macvtap)" | cut -d " " -f 2 | tr -d : | cut -d@ -f1 | tr "\n" " ")
-            done
+        else
-        is_debianversion stretch && for interface in `/sbin/ip address show up | grep ^[0-9]*: |grep -E -v "(lo|vnet|docker|veth|tun|tap|macvtap)" | cut -d " " -f 2 |tr -d : |cut -d@ -f1 |tr "\n" " "`; do
+            interfaces=$(/sbin/ifconfig -s | tail -n +2 | grep -E -v "^(lo|vnet|docker|veth|tun|tap|macvtap)" | cut -d " " -f 1 |tr "\n" " ")
-                    grep -q "^auto $interface" /etc/network/interfaces || (echo 'IS_AUTOIF FAILED!' && break)
+        fi
-            done
+        for interface in $interfaces; do
            if ! grep -q "^auto $interface" /etc/network/interfaces; then
                failed "IS_AUTOIF" "Network interface \`${interface}' is not set to auto"
                test "${VERBOSE}" = 1 || break
            fi
        done
    fi
    # Network conf verification
    if [ "$IS_INTERFACESGW" = 1 ]; then
        number=$(grep -Ec "^[^#]*gateway [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}" /etc/network/interfaces)
-        test $number -gt 1 && echo 'IS_INTERFACESGW FAILED!'
+        test "$number" -gt 1 && failed "IS_INTERFACESGW" "there is more than 1 IPv4 gateway"
        number=$(grep -Ec "^[^#]*gateway [0-9a-fA-F]+:" /etc/network/interfaces)
-        test $number -gt 1 && echo 'IS_INTERFACESGW FAILED!'
+        test "$number" -gt 1 && failed "IS_INTERFACESGW" "there is more than 1 IPv6 gateway"
    fi
    # Verification de la mise en place d'evobackup
    if [ "$IS_EVOBACKUP" = 1 ]; then
-        ls /etc/cron* |grep -q "evobackup" || echo 'IS_EVOBACKUP FAILED!'
+        evobackup_found=$(find /etc/cron* -name '*evobackup*' | wc -l)
        test "$evobackup_found" -gt 0 || failed "IS_EVOBACKUP"
    fi
    # Verification de la presence du userlogrotate
    if [ "$IS_USERLOGROTATE" = 1 ]; then
-        is_pack_web && (test -x /etc/cron.weekly/userlogrotate || echo 'IS_USERLOGROTATE FAILED!')
+        if is_pack_web; then
            test -x /etc/cron.weekly/userlogrotate || failed "IS_USERLOGROTATE"
        fi
    fi
    # Verification de la syntaxe de la conf d'Apache
    if [ "$IS_APACHECTL" = 1 ]; then
-        is_installed apache2.2-common && (/usr/sbin/apache2ctl configtest 2>&1 |grep -q "^Syntax OK$" || echo 'IS_APACHECTL FAILED!')
+        if is_installed apache2.2-common; then
            /usr/sbin/apache2ctl configtest 2>&1 | grep -q "^Syntax OK$" || failed "IS_APACHECTL"
        fi
    fi
    # Check if there is regular files in Apache sites-enabled.
    if [ "$IS_APACHESYMLINK" = 1 ]; then
-        is_installed apache2.2-common && \
+        if is_installed apache2.2-common; then
-            (stat -c %F /etc/apache2/sites-enabled/* | grep -q regular && echo 'IS_APACHESYMLINK FAILED!')
+            stat -c %F /etc/apache2/sites-enabled/* | grep -q regular && failed "IS_APACHESYMLINK"
        fi
    fi
    # Check if there is real IP addresses in Allow/Deny directives (no trailing space, inline comments or so).
    if [ "$IS_APACHEIPINALLOW" = 1 ]; then
        # Note: Replace "exit 1" by "print" in Perl code to debug it.
-        is_installed apache2.2-common && \
+        if is_installed apache2.2-common; then
-            (grep -IrE "^[^#] *(Allow|Deny) from" /etc/apache2/ |grep -iv "from all" |grep -iv "env=" |perl -ne 'exit 1 unless (/from( [\da-f:.\/]+)+$/i)' || echo 'IS_APACHEIPINALLOW FAILED!')
+            grep -IrE "^[^#] *(Allow|Deny) from" /etc/apache2/ \
                | grep -iv "from all" \
                | grep -iv "env=" \
                | perl -ne 'exit 1 unless (/from( [\da-f:.\/]+)+$/i)' \
                || failed "IS_APACHEIPINALLOW"
        fi
    fi
    # Check if default Apache configuration file for munin is absent (or empty or commented).
    if [ "$IS_MUNINAPACHECONF" = 1 ]; then
-        if is_debianversion squeeze || is_debianversion wheezy; then
+        if is_debian_squeeze || is_debian_wheezy; then
            muninconf="/etc/apache2/conf.d/munin"
        else
            muninconf="/etc/apache2/conf-available/munin.conf"
        fi
-        is_installed apache2.2-common && ([ -e $muninconf ] && grep -vEq "^( |\t)*#" $muninconf && echo 'IS_MUNINAPACHECONF FAILED!')
+        if is_installed apache2.2-common; then
            test -e $muninconf && grep -vEq "^( |\t)*#" "$muninconf" && failed "IS_MUNINAPACHECONF"
        fi
    fi
    # Verification de la priorité du package samba si les backports sont utilisés
    if [ "$IS_SAMBAPINPRIORITY" = 1 ]; then
-        is_pack_samba && grep -qrE "^[^#].*backport" /etc/apt/sources.list{,.d} && ( priority=`grep -E -A2 "^Package:.*samba" /etc/apt/preferences |grep -A1 "^Pin: release a=lenny-backports" |grep "^Pin-Priority:" |cut -f2 -d" "` && test $priority -gt 500 || echo 'IS_SAMBAPINPRIORITY FAILED!' )
+        if is_debian_lenny && is_pack_samba; then
            if grep -qrE "^[^#].*backport" /etc/apt/sources.list{,.d}; then
                priority=$(grep -E -A2 "^Package:.*samba" /etc/apt/preferences | grep -A1 "^Pin: release a=lenny-backports" | grep "^Pin-Priority:" | cut -f2 -d" ")
                test "$priority" -gt 500 || failed "IS_SAMBAPINPRIORITY"
            fi
        fi
    fi
    # Verification si le système doit redémarrer suite màj kernel.
    if [ "$IS_KERNELUPTODATE" = 1 ]; then
-        if is_installed linux-image* && [ $(date -d $(ls --full-time -lcrt /boot | tail -n1 | tr -s " " | cut -d " " -f 6) +%s) -gt $(($(date +%s) - $(cut -f1 -d '.' /proc/uptime))) ]; then
+        if is_installed linux-image*; then
-            echo 'IS_KERNELUPTODATE FAILED!'
+            # shellcheck disable=SC2012
            kernel_installed_at=$(date -d "$(ls --full-time -lcrt /boot | tail -n1 | awk '{print $6}')" +%s)
            last_reboot_at=$(($(date +%s) - $(cut -f1 -d '.' /proc/uptime)))
            if [ "$kernel_installed_at" -gt "$last_reboot_at" ]; then
                failed "IS_KERNELUPTODATE"
            fi
        fi
    fi
    # Check if the server is running for more than a year.
    if [ "$IS_UPTIME" = 1 ]; then
-        if is_installed linux-image* && [ $(date -d "now - 2 year" +%s) -gt $(($(date +%s) - $(cut -f1 -d '.' /proc/uptime))) ]; then
+        if is_installed linux-image*; then
-            echo 'IS_UPTIME FAILED!'
+            limit=$(date -d "now - 2 year" +%s)
            last_reboot_at=$(($(date +%s) - $(cut -f1 -d '.' /proc/uptime)))
            if [ "$limit" -gt "$last_reboot_at" ]; then
                failed "IS_UPTIME"
            fi
        fi
    fi
    # Check if munin-node running and RRD files are up to date.
    if [ "$IS_MUNINRUNNING" = 1 ]; then
-        pgrep munin-node >/dev/null || echo 'IS_MUNINRUNNING FAILED!'
+        if ! pgrep munin-node >/dev/null; then
-        [ "$(stat -c "%Y" /var/lib/munin/*/*load-g.rrd |sort |tail -1)" -lt $(date +"%s" -d "now - 10 minutes") ] && echo 'IS_MUNINRUNNING FAILED!'
+            failed "IS_MUNINRUNNING" "Munin is not running"
-        grep -q "^graph_strategy cron" /etc/munin/munin.conf && ([ "$(stat -c "%Y" /var/cache/munin/www/*/*/load-day.png |sort |tail -1)" -lt $(date +"%s" -d "now - 10 minutes") ]) && echo 'IS_MUNINRUNNING FAILED!'
+        elif [ -d "/var/lib/munin/" ] && [ -d "/var/cache/munin/" ]; then
            limit=$(date +"%s" -d "now - 10 minutes")
            if [ -n "$(find /var/lib/munin/ -name '*load-g.rrd')" ]; then
                updated_at=$(stat -c "%Y" /var/lib/munin/*/*load-g.rrd |sort |tail -1)
                [ "$limit" -gt "$updated_at" ] && failed "IS_MUNINRUNNING" "Munin load RRD has not been updated in the last 10 minutes"
            else
                failed "IS_MUNINRUNNING" "Munin is not installed properly (load RRD not found)"
            fi
            if [ -n "$(find  /var/cache/munin/www/ -name 'load-day.png')" ]; then
                updated_at=$(stat -c "%Y" /var/cache/munin/www/*/*/load-day.png |sort |tail -1)
                grep -sq "^graph_strategy cron" /etc/munin/munin.conf && [ "$limit" -gt "$updated_at" ] && failed "IS_MUNINRUNNING" "Munin load PNG has not been updated in the last 10 minutes"
            else
                failed "IS_MUNINRUNNING" "Munin is not installed properly (load PNG not found)"
            fi
        else
            failed "IS_MUNINRUNNING" "Munin is not installed properly (main directories are missing)"
        fi
    fi
    # Check if files in /home/backup/ are up-to-date
    if [ "$IS_BACKUPUPTODATE" = 1 ]; then
-        [ -d /home/backup/ ] && for file in /home/backup/*; do
+        if [ -d /home/backup/ ]; then
-            if [ -f $file ] && [ $(stat -c "%Y" $file) -lt $(date +"%s" -d "now - 2 day") ]; then
+            if [ -n "$(ls -A /home/backup/)" ]; then
-                echo 'IS_BACKUPUPTODATE FAILED!'
+                for file in /home/backup/*; do
-                break;
+                    limit=$(date +"%s" -d "now - 2 day")
                    updated_at=$(stat -c "%Y" "$file")
                    if [ -f "$file" ] && [ "$limit" -gt "$updated_at" ]; then
                        failed "IS_BACKUPUPTODATE" "$file has not been backed up"
                        test "${VERBOSE}" = 1 || break;
                    fi
                done
            else
                failed "IS_BACKUPUPTODATE" "/home/backup/ is empty"
            fi
-        done
+        else
            failed "IS_BACKUPUPTODATE" "/home/backup/ is missing"
        fi
    fi
    if [ "$IS_ETCGIT" = 1 ]; then
        (cd /etc; git rev-parse --is-inside-work-tree > /dev/null 2>&1) || failed "IS_ETCGIT" "/etc is not a Git repository"
    fi
    # Check if /etc/.git/ has read/write permissions for root only.
    if [ "$IS_GITPERMS" = 1 ]; then
-        test -d /etc/.git && [ "$(stat -c "%a" /etc/.git/)" = "700" ] || echo 'IS_GITPERMS FAILED!'
+        if test -d /etc/.git; then
            expected="700"
            actual=$(stat -c "%a" /etc/.git/)
            [ "$expected" = "$actual" ] || failed "IS_GITPERMS"
        fi
    fi
    # Check if no package has been upgraded since $limit.
    if [ "$IS_NOTUPGRADED" = 1 ]; then
-        last_upgrade=$(date +%s -d $(zgrep -h upgrade /var/log/dpkg.log* |sort -n |tail -1 |cut -f1 -d ' '))
+        last_upgrade=0
-        if grep -sq '^mailto="listupgrade-todo@' /etc/evolinux/listupgrade.cnf \
+        upgraded=false
-        || grep -sq -E '^[[:digit:]]+[[:space:]]+[[:digit:]]+[[:space:]]+[^\*]' /etc/cron.d/listupgrade; then
+        for log in /var/log/dpkg.log*; do
            if zgrep -qsm1 upgrade "$log"; then
                # There is at least one upgrade
                upgraded=true
                break
            fi
        done
        if $upgraded; then
            last_upgrade=$(date +%s -d "$(zgrep -h upgrade /var/log/dpkg.log* | sort -n | tail -1 | cut -f1 -d ' ')")
        fi
        if grep -qs '^mailto="listupgrade-todo@' /etc/evolinux/listupgrade.cnf \
            || grep -qs -E '^[[:digit:]]+[[:space:]]+[[:digit:]]+[[:space:]]+[^\*]' /etc/cron.d/listupgrade; then
            # Manual upgrade process
            limit=$(date +%s -d "now - 180 days")
        else
            # Regular process
            limit=$(date +%s -d "now - 90 days")
        fi
-        if [ -f /var/log/evolinux/00_prepare_system.log ]; then
+        install_date=0
-            install_date=$(stat -c %Z /var/log/evolinux/00_prepare_system.log)
+        if [ -d /var/log/installer ]; then
-        else
+            install_date=$(stat -c %Z /var/log/installer)
-            install_date=0
+        fi
        # Check install_date if the system never received an upgrade
        if [ "$last_upgrade" -eq 0 ]; then
            [ "$install_date" -lt "$limit" ] && failed "IS_NOTUPGRADED" "The system has never been updated"
        else
            [ "$last_upgrade" -lt "$limit" ] && failed "IS_NOTUPGRADED" "The system hasn't been updated for too long"
        fi
        [ $install_date -lt $limit ] && [ $last_upgrade -lt $limit ] && echo 'IS_NOTUPGRADED FAILED!'
    fi
    # Check if reserved blocks for root is at least 5% on every mounted partitions.
    if [ "$IS_TUNE2FS_M5" = 1 ]; then
        min=5
        parts=$(grep -E "ext(3|4)" /proc/mounts | cut -d ' ' -f1 | tr -s '\n' ' ')
        for part in $parts; do
            blockCount=$(dumpe2fs -h "$part" 2>/dev/null | grep -e "Block count:" | grep -Eo "[0-9]+")
            # If buggy partition, skip it.
-            if [ -z $blockCount ]; then
+            if [ -z "$blockCount" ]; then
                continue
            fi
            reservedBlockCount=$(dumpe2fs -h "$part" 2>/dev/null | grep -e "Reserved block count:" | grep -Eo "[0-9]+")
-            percentage=$(python -c "print(int(round(float(${reservedBlockCount})/${blockCount}*100)))")
+            # Use awk to have a rounded percentage
-            if [ "$percentage" -lt 5 ]; then
+            # python is slow, bash is unable and bc rounds weirdly
-                echo 'IS_TUNE2FS_M5 FAILED!'
+            percentage=$(awk "BEGIN { pc=100*${reservedBlockCount}/${blockCount}; i=int(pc); print (pc-i<0.5)?i:i+1 }")
-                # Set debug to 1, to displays which partitions has less than 5%
+
-                debug=0
+            if [ "$percentage" -lt "${min}" ]; then
-                if [ "$debug" -eq 1 ]; then
+                failed "IS_TUNE2FS_M5" "Partition ${part} has less than ${min}% reserved blocks (${percentage}%)"
                    echo "Partition $part has less than 5% reserved blocks!"
                fi
            fi
        done
    fi
    if [ "$IS_EVOLINUXSUDOGROUP" = 1 ]; then
-        if is_debianversion stretch; then
+        if is_debian_stretch; then
-            (grep -q ^evolinux-sudo: /etc/group \
+            if grep -q "^evolinux-sudo:" /etc/group; then
-                && grep -q '^%evolinux-sudo  ALL=(ALL:ALL) ALL' /etc/sudoers.d/evolinux) || echo 'IS_EVOLINUXSUDOGROUP FAILED!'
+                grep -q '^%evolinux-sudo  ALL=(ALL:ALL) ALL' /etc/sudoers.d/evolinux \
                    || failed "IS_EVOLINUXSUDOGROUP"
            fi
        fi
    fi
    if [ "$IS_USERINADMGROUP" = 1 ]; then
-        if is_debianversion stretch; then
+        if is_debian_stretch; then
-            for user in $(grep ^evolinux-sudo: /etc/group |awk -F: '{print $4}' |tr ',' ' '); do
+            users=$(grep "^evolinux-sudo:" /etc/group | awk -F: '{print $4}' | tr ',' ' ')
-                groups $user |grep -q adm || echo 'IS_USERINADMGROUP FAILED!'
+            for user in $users; do
                if ! groups "$user" | grep -q adm; then
                    failed "IS_USERINADMGROUP" "User $user doesn't belong to \`adm' group"
                    test "${VERBOSE}" = 1 || break
                fi
            done
        fi
    fi
    if [ "$IS_APACHE2EVOLINUXCONF" = 1 ]; then
-        if (test -d /etc/apache2 && is_debianversion stretch); then
+        if is_debian_stretch && test -d /etc/apache2; then
-            (test -L /etc/apache2/conf-enabled/z-evolinux-defaults.conf \
+            { test -L /etc/apache2/conf-enabled/z-evolinux-defaults.conf \
                && test -L /etc/apache2/conf-enabled/zzz-evolinux-custom.conf \
-                && test -f /etc/apache2/ipaddr_whitelist.conf) || echo 'IS_APACHE2EVOLINUXCONF FAILED!'
+                && test -f /etc/apache2/ipaddr_whitelist.conf;
            } || failed "IS_APACHE2EVOLINUXCONF"
        fi
    fi
    if [ "$IS_BACKPORTSCONF" = 1 ]; then
-        if is_debianversion stretch; then
+        if is_debian_stretch; then
-            grep -qE "^[^#].*backports" /etc/apt/sources.list && echo 'IS_BACKPORTSCONF FAILED!'
+            grep -qsE "^[^#].*backports" /etc/apt/sources.list \
-            grep -qE "^[^#].*backports" /etc/apt/sources.list.d/*.list 2>/dev/null && (grep -qE "^[^#].*backports" /etc/apt/preferences.d/* || echo 'IS_BACKPORTSCONF FAILED!')
+                && failed "IS_BACKPORTSCONF" "backports can't be in main sources list"
            if grep -qsE "^[^#].*backports" /etc/apt/sources.list.d/*.list; then
                grep -qsE "^[^#].*backports" /etc/apt/preferences.d/* \
                    || failed "IS_BACKPORTSCONF" "backports must have preferences"
            fi
        fi
    fi
    if [ "$IS_BIND9MUNIN" = 1 ]; then
-        if is_debianversion stretch && is_installed bind9; then
+        if is_debian_stretch && is_installed bind9; then
-            (test -L /etc/munin/plugins/bind9 && test -e /etc/munin/plugin-conf.d/bind9) || echo 'IS_BIND9MUNIN FAILED!'
+            { test -L /etc/munin/plugins/bind9 \
                && test -e /etc/munin/plugin-conf.d/bind9;
            } || failed "IS_BIND9MUNIN"
        fi
    fi
    if [ "$IS_BIND9LOGROTATE" = 1 ]; then
-        if is_debianversion stretch && is_installed bind9; then
+        if is_debian_stretch && is_installed bind9; then
-            test -e /etc/logrotate.d/bind9 || echo 'IS_BIND9LOGROTATE FAILED!'
+            test -e /etc/logrotate.d/bind9 || failed "IS_BIND9LOGROTATE"
        fi
    fi
    if [ "$IS_BROADCOMFIRMWARE" = 1 ]; then
-        if lspci | grep -q 'NetXtreme II'; then
+        LSPCI_BIN=$(command -v lspci)
-            (is_installed firmware-bnx2 && grep -q "^deb http://mirror.evolix.org/debian.* non-free" /etc/apt/sources.list) || echo 'IS_BROADCOMFIRMWARE FAILED!'
+        if [ -x "${LSPCI_BIN}" ]; then
            if ${LSPCI_BIN} | grep -q 'NetXtreme II'; then
                { is_installed firmware-bnx2 \
                    && grep -q "^deb http://mirror.evolix.org/debian.* non-free" /etc/apt/sources.list;
                } || failed "IS_BROADCOMFIRMWARE"
            fi
        else
            failed "IS_BROADCOMFIRMWARE" "lspci is missing"
        fi
    fi
    if [ "$IS_HARDWARERAIDTOOL" = 1 ]; then
-        lspci |grep -q 'MegaRAID SAS' && (is_installed megacli && (is_installed megaclisas-status || is_installed megaraidsas-status) || echo 'IS_HARDWARERAIDTOOL FAILED!')
+        LSPCI_BIN=$(command -v lspci)
-        lspci |grep -q 'Hewlett-Packard Company Smart Array' && (is_installed cciss-vol-status || echo 'IS_HARDWARERAIDTOOL FAILED!')
+        if [ -x "${LSPCI_BIN}" ]; then
            if ${LSPCI_BIN} | grep -q 'MegaRAID SAS'; then
                # shellcheck disable=SC2015
                is_installed megacli && { is_installed megaclisas-status || is_installed megaraidsas-status; } \
                    || failed "IS_HARDWARERAIDTOOL" "Mega tools not found"
            fi
            if ${LSPCI_BIN} | grep -q 'Hewlett-Packard Company Smart Array'; then
                is_installed cciss-vol-status || failed "IS_HARDWARERAIDTOOL" "cciss-vol-status not installed"
            fi
        else
            failed "IS_HARDWARERAIDTOOL" "lspci is missing"
        fi
    fi
    if [ "$IS_LOG2MAILSYSTEMDUNIT" = 1 ]; then
-        if is_debianversion stretch; then
+        if is_debian_stretch; then
-            (systemctl -q is-active log2mail.service && test -f /etc/systemd/system/log2mail.service && ! test -f /etc/init.d/log2mail) || echo 'IS_LOG2MAILSYSTEMDUNIT FAILED!'
+            { systemctl -q is-active log2mail.service \
                && test -f /etc/systemd/system/log2mail.service \
                && ! test -f /etc/init.d/log2mail;
            } || failed "IS_LOG2MAILSYSTEMDUNIT"
        fi
    fi
    if [ "$IS_LISTUPGRADE" = 1 ]; then
-        (test -f /etc/cron.d/listupgrade && test -x /usr/share/scripts/listupgrade.sh) || echo 'IS_LISTUPGRADE FAILED!'
+        { test -f /etc/cron.d/listupgrade \
            && test -x /usr/share/scripts/listupgrade.sh;
        } || failed "IS_LISTUPGRADE"
    fi
    if [ "$IS_MARIADBEVOLINUXCONF" = 1 ]; then
-        if is_debianversion stretch && is_installed mariadb-server; then
+        if is_debian_stretch; then
-            (test -f /etc/mysql/mariadb.conf.d/z-evolinux-defaults.cnf \
+            if is_installed mariadb-server; then
-                && test -f /etc/mysql/mariadb.conf.d/zzz-evolinux-custom.cnf) || echo 'IS_MARIADBEVOLINUXCONF FAILED!'
+                { test -f /etc/mysql/mariadb.conf.d/z-evolinux-defaults.cnf \
                    && test -f /etc/mysql/mariadb.conf.d/zzz-evolinux-custom.cnf;
                } || failed "IS_MARIADBEVOLINUXCONF"
            fi
        fi
    fi
@ -638,16 +1051,16 @@ if [ -e /etc/debian_version ]; then
        if (is_installed "mysql-server" || is_installed "mariadb-server"); then
            # You could change the default path in /etc/evocheck.cf
            SQL_BACKUP_PATH=${SQL_BACKUP_PATH:-"/home/backup/mysql.bak.gz"}
-            test -f "$SQL_BACKUP_PATH" || echo 'IS_SQL_BACKUP FAILED!'
+            test -f "$SQL_BACKUP_PATH" || failed "IS_SQL_BACKUP" "MySQL dump is missing (${SQL_BACKUP_PATH})"
        fi
    fi
    if [ "$IS_POSTGRES_BACKUP" = 1 ]; then
        if is_installed "postgresql-9*"; then
-            # If you use something like barman, you should deactivate this check
+            # If you use something like barman, you should disable this check
            # You could change the default path in /etc/evocheck.cf
            POSTGRES_BACKUP_PATH=${POSTGRES_BACKUP_PATH:-"/home/backup/pg.dump.bak"}
-            test -f "$POSTGRES_BACKUP_PATH" || echo 'IS_POSTGRES_BACKUP FAILED!'
+            test -f "$POSTGRES_BACKUP_PATH" || failed "IS_POSTGRES_BACKUP" "PostgreSQL dump is missing (${POSTGRES_BACKUP_PATH})"
        fi
    fi
@ -656,16 +1069,19 @@ if [ -e /etc/debian_version ]; then
            # You could change the default path in /etc/evocheck.cf
            MONGO_BACKUP_PATH=${MONGO_BACKUP_PATH:-"/home/backup/mongodump"}
            if [ -d "$MONGO_BACKUP_PATH" ]; then
-                for file in ${MONGO_BACKUP_PATH}/*/*.{json,bson}; do
+                for file in "${MONGO_BACKUP_PATH}"/*/*.{json,bson}; do
                    # Skip indexes file.
                    if ! [[ "$file" =~ indexes ]]; then
-                        if [ -f $file ] && [ $(stat -c "%Y" $file) -lt $(date +"%s" -d "now - 2 day") ]; then
+                        limit=$(date +"%s" -d "now - 2 day")
-                            echo 'IS_MONGO_BACKUP FAILED!'
+                        updated_at=$(stat -c "%Y" "$file")
                        if [ -f "$file" ] && [ "$limit" -gt "$updated_at"  ]; then
                            failed "IS_MONGO_BACKUP" "MongoDB hasn't been dumped for more than 2 days"
                            break
                        fi
                    fi
                done
            else
-                echo 'IS_MONGO_BACKUP FAILED!'
+                failed "IS_MONGO_BACKUP" "MongoDB dump directory is missing (${MONGO_BACKUP_PATH})"
            fi
        fi
    fi
@ -674,7 +1090,7 @@ if [ -e /etc/debian_version ]; then
        if is_installed slapd; then
            # You could change the default path in /etc/evocheck.cf
            LDAP_BACKUP_PATH=${LDAP_BACKUP_PATH:-"/home/backup/ldap.bak"}
-            test -f "$LDAP_BACKUP_PATH" || echo 'IS_LDAP_BACKUP FAILED!'
+            test -f "$LDAP_BACKUP_PATH" || failed "IS_LDAP_BACKUP" "LDAP dump is missing (${LDAP_BACKUP_PATH})"
        fi
    fi
@ -682,7 +1098,7 @@ if [ -e /etc/debian_version ]; then
        if is_installed redis-server; then
            # You could change the default path in /etc/evocheck.cf
            REDIS_BACKUP_PATH=${REDIS_BACKUP_PATH:-"/home/backup/dump.rdb"}
-            test -f "$REDIS_BACKUP_PATH" || echo 'IS_REDIS_BACKUP FAILED!'
+            test -f "$REDIS_BACKUP_PATH" || failed "IS_REDIS_BACKUP" "Redis dump is missing (${REDIS_BACKUP_PATH})"
        fi
    fi
@ -690,114 +1106,128 @@ if [ -e /etc/debian_version ]; then
        if is_installed elasticsearch; then
            # You could change the default path in /etc/evocheck.cf
            ELASTIC_BACKUP_PATH=${ELASTIC_BACKUP_PATH:-"/home/backup/elasticsearch"}
-            test -d "$ELASTIC_BACKUP_PATH" || echo 'IS_ELASTIC_BACKUP FAILED!'
+            test -d "$ELASTIC_BACKUP_PATH" || failed "IS_ELASTIC_BACKUP" "Elastic snapshot is missing (${ELASTIC_BACKUP_PATH})"
        fi
    fi
    if [ "$IS_MARIADBSYSTEMDUNIT" = 1 ]; then
-        if is_debianversion stretch && is_installed mariadb-server; then
+        if is_debian_stretch && is_installed mariadb-server; then
-            (systemctl -q is-active mariadb.service && test -f /etc/systemd/system/mariadb.service.d/evolinux.conf) || echo 'IS_MARIADBSYSTEMDUNIT FAILED!'
+            { systemctl -q is-active mariadb.service \
                && test -f /etc/systemd/system/mariadb.service.d/evolinux.conf;
            } || failed "IS_MARIADBSYSTEMDUNIT"
        fi
    fi
    if [ "$IS_MYSQLMUNIN" = 1 ]; then
-        if is_debianversion stretch && is_installed mariadb-server; then
+        if is_debian_stretch && is_installed mariadb-server; then
            for file in mysql_bytes mysql_queries mysql_slowqueries \
-            mysql_threads mysql_connections mysql_files_tables \
+                mysql_threads mysql_connections mysql_files_tables \
-            mysql_innodb_bpool mysql_innodb_bpool_act mysql_innodb_io \
+                mysql_innodb_bpool mysql_innodb_bpool_act mysql_innodb_io \
-            mysql_innodb_log mysql_innodb_rows mysql_innodb_semaphores \
+                mysql_innodb_log mysql_innodb_rows mysql_innodb_semaphores \
-            mysql_myisam_indexes mysql_qcache mysql_qcache_mem \
+                mysql_myisam_indexes mysql_qcache mysql_qcache_mem \
-            mysql_sorts mysql_tmp_tables; do
+                mysql_sorts mysql_tmp_tables; do
                if [[ ! -L /etc/munin/plugins/$file ]]; then
-                    echo 'IS_MYSQLMUNIN FAILED!'
+                    failed "IS_MYSQLMUNIN" "Munin plugin '$file' is missing"
-                    break
+                    test "${VERBOSE}" = 1 || break
                fi
            done
        fi
    fi
    if [ "$IS_MYSQLNRPE" = 1 ]; then
-        if is_debianversion stretch && is_installed mariadb-server; then
+        if is_debian_stretch && is_installed mariadb-server; then
-            (test -f ~nagios/.my.cnf \
+            nagios_file="~nagios/.my.cnf"
-                && [ $(stat -c %U ~nagios/.my.cnf) = "nagios" ] \
+            { test -f $nagios_file \
-                && [ $(stat -c %a ~nagios/.my.cnf) = "600" ] \
+                && [ "$(stat -c %U $nagios_file)" = "nagios" ] \
-                && grep -q -F "command[check_mysql]=/usr/lib/nagios/plugins/check_mysql -H localhost  -f ~nagios/.my.cnf") || echo 'IS_MYSQLNRPE FAILED!'
+                && [ "$(stat -c %a $nagios_file)" = "600" ] \
                && grep -q -F "command[check_mysql]=/usr/lib/nagios/plugins/check_mysql -H localhost  -f $nagios_file";
            } || failed "IS_MYSQLNRPE"
        fi
    fi
    if [ "$IS_PHPEVOLINUXCONF" = 1 ]; then
-        if is_debianversion stretch && is_installed php; then
+        if is_debian_stretch && is_installed php; then
-            (test -f /etc/php/7.0/cli/conf.d/z-evolinux-defaults.ini \
+            { test -f /etc/php/7.0/cli/conf.d/z-evolinux-defaults.ini \
-                && test -f /etc/php/7.0/cli/conf.d/zzz-evolinux-custom.ini) || echo 'IS_PHPEVOLINUXCONF FAILED!'
+                && test -f /etc/php/7.0/cli/conf.d/zzz-evolinux-custom.ini;
            } || failed "IS_PHPEVOLINUXCONF"
        fi
    fi
    if [ "$IS_SQUIDLOGROTATE" = 1 ]; then
-        if is_debianversion stretch && is_installed squid; then
+        if is_debian_stretch && is_installed squid; then
-            grep -q monthly /etc/logrotate.d/squid || echo 'IS_SQUIDLOGROTATE FAILED!'
+            grep -q monthly /etc/logrotate.d/squid || failed "IS_SQUIDLOGROTATE"
        fi
    fi
    if [ "$IS_SQUIDEVOLINUXCONF" = 1 ]; then
-        if is_debianversion stretch && is_installed squid; then
+        if is_debian_stretch && is_installed squid; then
-            (grep -q "^CONFIG=/etc/squid/evolinux-defaults.conf$" /etc/default/squid \
+            { grep -qs "^CONFIG=/etc/squid/evolinux-defaults.conf$" /etc/default/squid \
                && test -f /etc/squid/evolinux-defaults.conf \
                && test -f /etc/squid/evolinux-whitelist-defaults.conf \
                && test -f /etc/squid/evolinux-whitelist-custom.conf \
                && test -f /etc/squid/evolinux-acl.conf \
                && test -f /etc/squid/evolinux-httpaccess.conf \
-                && test -f /etc/squid/evolinux-custom.conf) || echo 'IS_SQUIDEVOLINUXCONF FAILED!'
+                && test -f /etc/squid/evolinux-custom.conf;
            } || failed "IS_SQUIDEVOLINUXCONF"
        fi
    fi
    if [ "$IS_DUPLICATE_FS_LABEL" = 1 ]; then
        # Do it only if thereis blkid binary
-        if [ -x "$(which blkid)" ]; then
+        BLKID_BIN=$(command -v blkid)
        if [ -x "$BLKID_BIN" ]; then
            tmpFile=$(mktemp -p /tmp)
-            for part in $(blkid | grep -v raid_member | grep -Eo ' LABEL=".*"' | cut -d'"' -f2); do
+            parts=$($BLKID_BIN | grep -ve raid_member -e EFI_SYSPART | grep -Eo ' LABEL=".*"' | cut -d'"' -f2)
            for part in $parts; do
                echo "$part" >> "$tmpFile"
            done
            tmpOutput=$(sort < "$tmpFile" | uniq -d)
            # If there is no duplicate, uniq will have no output
            # So, if $tmpOutput is not null, there is a duplicate
            if [ -n "$tmpOutput" ]; then
-                echo 'IS_DUPLICATE_FS_LABEL FAILED!'
+                # shellcheck disable=SC2086
-                # For debug, you may echo the contents of $tmpOutput
+                labels=$(echo -n $tmpOutput | tr '\n' ' ')
-                # echo $tmpOutput
+                failed "IS_DUPLICATE_FS_LABEL" "Duplicate labels: $labels"
            fi
-            rm $tmpFile
+            rm "$tmpFile"
        else
            failed "IS_DUPLICATE_FS_LABEL" "blkid not found"
        fi
    fi
    if [ "$IS_EVOLIX_USER" = 1 ]; then
-        getent passwd evolix >/dev/null && echo 'IS_EVOLIX_USER FAILED!'
+        grep -q "evolix:" /etc/passwd && failed "IS_EVOLIX_USER"
    fi
    if [ "$IS_EVOACME_CRON" = 1 ]; then
        if [ -f "/usr/local/sbin/evoacme" ]; then
            # Old cron file, should be deleted
-            test -f /etc/cron.daily/certbot && echo 'IS_EVOACME_CRON FAILED!'
+            test -f /etc/cron.daily/certbot && failed "IS_EVOACME_CRON" "certbot cron is incompatible with evoacme"
            # evoacme cron file should be present
-            test -f /etc/cron.daily/evoacme || echo 'IS_EVOACME_CRON FAILED!'
+            test -f /etc/cron.daily/evoacme || failed "IS_EVOACME_CRON" "evoacme cron is missing"
        fi
    fi
    if [ "$IS_EVOACME_LIVELINKS" = 1 ]; then
-        if [ -x "$(which evoacme)" ]; then
+        EVOACME_BIN=$(command -v evoacme)
        if [ -x "$EVOACME_BIN" ]; then
            # Sometimes evoacme is installed but no certificates has been generated
            numberOfLinks=$(find /etc/letsencrypt/ -type l | wc -l)
-            if [ $numberOfLinks -gt 0 ]; then
+            if [ "$numberOfLinks" -gt 0 ]; then
                for live in /etc/letsencrypt/*/live; do
-                    actualLink=$(ls -lhad $live | tr -s ' ' | cut -d' ' -f 11)
+                    actualLink=$(readlink -f "$live")
-                    actualCertDate=$(cut -d'/' -f5 <<< $actualLink)
+                    actualVersion=$(basename "$actualLink")
-                    liveDir=$(ls -lhad $live | tr -s ' ' | cut -d' ' -f 9)
+
-                    certDir=${liveDir%%/live}
+                    certDir=$(dirname "$live")
-                    lastCertDir=$(stat -c %n ${certDir}/[0-9]* | tail -1)
+                    certName=$(basename "$certDir")
-                    lastCertDate=$(cut -d'/' -f5 <<< $lastCertDir)
+                    # shellcheck disable=SC2012
-                    if [[ "$actualCertDate" != "$lastCertDate" ]]; then
+                    lastCertDir=$(ls -ds "${certDir}"/[0-9]* | tail -1)
-                        echo 'IS_EVOACME_LIVELINKS FAILED!'
+                    lastVersion=$(basename "$lastCertDir")
-                        break
+
                    if [[ "$lastVersion" != "$actualVersion" ]]; then
                        failed "IS_EVOACME_LIVELINKS" "Certificate \`$certName' hasn't been updated"
                        test "${VERBOSE}" = 1 || break
                    fi
                done
            fi
@ -808,11 +1238,10 @@ if [ -e /etc/debian_version ]; then
        # Starting from Jessie and Apache 2.4, /etc/apache2/conf.d/
        # must be replaced by conf-available/ and config files symlinked
        # to conf-enabled/
-        if is_debianversion jessie || is_debianversion stretch; then
+        if is_debian_jessie || is_debian_stretch; then
            if [ -f /etc/apache2/apache2.conf ]; then
-                test -d /etc/apache2/conf.d/ && echo 'IS_APACHE_CONFENABLED FAILED!'
+                test -d /etc/apache2/conf.d/ && failed "IS_APACHE_CONFENABLED"
-                grep -q 'Include conf.d' /etc/apache2/apache2.conf && \
+                grep -q 'Include conf.d' /etc/apache2/apache2.conf && failed "IS_APACHE_CONFENABLED"
                  echo 'IS_APACHE_CONFENABLED FAILED!'
            fi
        fi
    fi
@ -820,113 +1249,135 @@ if [ -e /etc/debian_version ]; then
    if [ "$IS_MELTDOWN_SPECTRE" = 1 ]; then
        # For Stretch, detection is easy as the kernel use
        # /sys/devices/system/cpu/vulnerabilities/
-        if is_debianversion stretch; then
+        if is_debian_stretch; then
            for vuln in meltdown spectre_v1 spectre_v2; do
-                test -f /sys/devices/system/cpu/vulnerabilities/$vuln || echo 'IS_MELTDOWN_SPECTRE FAILED!'
+                test -f "/sys/devices/system/cpu/vulnerabilities/$vuln" \
                    || failed "IS_MELTDOWN_SPECTRE"
            done
        # For Jessie this is quite complicated to verify and we need to use kernel config file
-        elif is_debianversion jessie; then
+        elif is_debian_jessie; then
-            if grep -q BOOT_IMAGE= /proc/cmdline; then
+            if grep -q "BOOT_IMAGE=" /proc/cmdline; then
                kernelPath=$(grep -Eo 'BOOT_IMAGE=[^ ]+' /proc/cmdline | cut -d= -f2)
                kernelVer=${kernelPath##*/vmlinuz-}
                kernelConfig="config-${kernelVer}"
                # Sometimes autodetection of kernel config file fail, so we test if the file really exists.
-                if [ -f /boot/$kernelConfig ]; then
+                if [ -f "/boot/${kernelConfig}" ]; then
-                    grep -Eq '^CONFIG_PAGE_TABLE_ISOLATION=y' /boot/$kernelConfig || echo 'IS_MELTDOWN_SPECTRE FAILED!'
+                    grep -Eq '^CONFIG_PAGE_TABLE_ISOLATION=y' "/boot/$kernelConfig" \
-                    grep -Eq '^CONFIG_RETPOLINE=y' /boot/$kernelConfig || echo 'IS_MELTDOWN_SPECTRE FAILED!'
+                        || failed "IS_MELTDOWN_SPECTRE" "PAGE_TABLE_ISOLATION vulnerability is not patched"
                    grep -Eq '^CONFIG_RETPOLINE=y' "/boot/$kernelConfig" \
                        || failed "IS_MELTDOWN_SPECTRE" "RETPOLINE vulnerability is not patched"
                fi
            fi
        fi
    fi
    if [ "$IS_OLD_HOME_DIR" = 1 ]; then
        homeDir=${homeDir:-/home}
        for dir in "$homeDir"/*; do
            statResult=$(stat -c "%n has owner %u resolved as %U" "$dir" \
                | grep -Eve '.bak' -e '\.[0-9]{2}-[0-9]{2}-[0-9]{4}' \
                | grep "UNKNOWN")
            # There is at least one dir matching
            if [[ -n "$statResult" ]]; then
                failed "IS_OLD_HOME_DIR" "$statResult"
                test "${VERBOSE}" = 1 || break
            fi
        done
    fi
 fi
-if [ `uname -s` == "OpenBSD" ]; then
+if is_openbsd; then
    if [ "$IS_SOFTDEP" = 1 ]; then
-        grep -q "softdep" /etc/fstab || echo 'IS_SOFTDEP FAILED!'
+        grep -q "softdep" /etc/fstab || failed "IS_SOFTDEP"
    fi
    if [ "$IS_WHEEL" = 1 ]; then
-        grep -qE "^%wheel.*$" /etc/sudoers || echo 'IS_WHEEL FAILED!'
+        grep -qE "^%wheel.*$" /etc/sudoers || failed "IS_WHEEL"
    fi
    if [ "$IS_SUDOADMIN" = 1 ]; then
-    grep -qE "^User_Alias ADMIN=.*$" /etc/sudoers || echo 'IS_SUDOADMIN FAILED!'
+        grep -qE "^User_Alias ADMIN=.*$" /etc/sudoers || failed "IS_SUDOADMIN"
    fi
    if [ "$IS_PKGMIRROR" = 1 ]; then
-        grep -qE "^export PKG_PATH=http://ftp\.fr\.openbsd\.org/pub/OpenBSD/[0-9.]+/packages/[a-z0-9]+/$" /root/.profile || echo 'IS_PKGMIRROR FAILED!'
+        grep -qE "^export PKG_PATH=http://ftp\.fr\.openbsd\.org/pub/OpenBSD/[0-9.]+/packages/[a-z0-9]+/$" /root/.profile \
            || failed "IS_PKGMIRROR"
    fi
    if [ "$IS_HISTORY" = 1 ]; then
        f=/root/.profile
-        grep -q "^HISTFILE=\$HOME/.histfile" $f \
+        { grep -q "^HISTFILE=\$HOME/.histfile" $f \
-        && grep -q "^export HISTFILE" $f \
+            && grep -q "^export HISTFILE" $f \
-        && grep -q "^HISTSIZE=1000" $f \
+            && grep -q "^HISTSIZE=1000" $f \
-        && grep -q "^export HISTSIZE" $f \
+            && grep -q "^export HISTSIZE" $f;
-        || echo 'IS_HISTORY FAILED!'
+        } || failed "IS_HISTORY"
    fi
    if [ "$IS_VIM" = 1 ]; then
-        which vim 2>1 >> /dev/null || echo 'IS_VIM FAILED!'
+        command -v vim > /dev/null 2>&1 || failed "IS_VIM"
    fi
    if [ "$IS_TTYC0SECURE" = 1 ]; then
-        grep -Eqv "^ttyC0.*secure$" /etc/ttys || echo 'IS_TTYC0SECURE FAILED!'
+        grep -Eqv "^ttyC0.*secure$" /etc/ttys || failed "IS_TTYC0SECURE"
    fi
    if [ "$IS_CUSTOMSYSLOG" = 1 ]; then
-        grep -q Evolix /etc/newsyslog.conf || echo 'IS_CUSTOMSYSLOG FAILED!'
+        grep -q "Evolix" /etc/newsyslog.conf || failed "IS_CUSTOMSYSLOG"
    fi
    if [ "$IS_NOINETD" = 1 ]; then
-        grep -q inetd=NO /etc/rc.conf.local 2>/dev/null || echo 'IS_NOINETD FAILED!'
+        grep -q "inetd=NO" /etc/rc.conf.local 2>/dev/null || failed "IS_NOINETD"
    fi
    if [ "$IS_SUDOMAINT" = 1 ]; then
        f=/etc/sudoers
-        grep -q "Cmnd_Alias MAINT = /usr/share/scripts/evomaintenance.sh" $f \
+        { grep -q "Cmnd_Alias MAINT = /usr/share/scripts/evomaintenance.sh" $f \
-        && grep -q "ADMIN ALL=NOPASSWD: MAINT" $f \
+            && grep -q "ADMIN ALL=NOPASSWD: MAINT" $f;
-        || echo 'IS_SUDOMAINT FAILED!'
+        } || failed "IS_SUDOMAINT"
    fi
    if [ "$IS_POSTGRESQL" = 1 ]; then
-        pkg info | grep -q postgresql-client || echo 'IS_POSTGRESQL FAILED!'
+        pkg info | grep -q postgresql-client || failed "IS_POSTGRESQL" "postgresql-client is not installed"
    fi
    if [ "$IS_NRPE" = 1 ]; then
-        ( pkg info | grep -qE "nagios-plugins-[0-9.]" \
+        { pkg info | grep -qE "nagios-plugins-[0-9.]" \
-        && pkg info | grep -q nagios-plugins-ntp \
+            && pkg info | grep -q nagios-plugins-ntp \
-        && pkg info | grep -q nrpe ) || echo 'IS_NRPE FAILED!'
+            && pkg info | grep -q nrpe;
        } || failed "IS_NRPE" "NRPE is not installed"
    fi
 # if [ "$IS_NRPEDISKS" = 1 ]; then
-#     NRPEDISKS=$(grep command.check_disk /etc/nrpe.cfg 2>/dev/null | grep ^command.check_disk[0-9] | sed -e "s/^command.check_disk\([0-9]\+\).*/\1/" | sort -n | tail -1)
+#     NRPEDISKS=$(grep command.check_disk /etc/nrpe.cfg 2>/dev/null | grep "^command.check_disk[0-9]" | sed -e "s/^command.check_disk\([0-9]\+\).*/\1/" | sort -n | tail -1)
 #     DFDISKS=$(df -Pl | grep -E -v "(^Filesystem|/lib/init/rw|/dev/shm|udev|rpc_pipefs)" | wc -l)
-#     [ "$NRPEDISKS" = "$DFDISKS" ] || echo 'IS_NRPEDISKS FAILED!'
+#     [ "$NRPEDISKS" = "$DFDISKS" ] || failed "IS_NRPEDISKS"
 # fi
 # Verification du check_mailq dans nrpe.cfg (celui-ci doit avoir l'option "-M postfix" si le MTA est Postfix)
 #
 # if [ "$IS_NRPEPOSTFIX" = 1 ]; then
-#     pkg info | grep -q postfix && ( grep -q "^command.*check_mailq -M postfix" /etc/nrpe.cfg 2>/dev/null || echo 'IS_NRPEPOSTFIX FAILED!' )
+#     pkg info | grep -q postfix && ( grep -q "^command.*check_mailq -M postfix" /etc/nrpe.cfg 2>/dev/null || failed "IS_NRPEPOSTFIX" )
 # fi
    if [ "$IS_NRPEDAEMON" = 1 ]; then
-        grep -q "echo -n ' nrpe';        /usr/local/sbin/nrpe -d" /etc/rc.local || echo 'IS_NREPEDAEMON FAILED!'
+        grep -q "echo -n ' nrpe';        /usr/local/sbin/nrpe -d" /etc/rc.local \
            || failed "IS_NREPEDAEMON"
    fi
    if [ "$IS_ALERTBOOT" = 1 ]; then
-        grep -qE "^date \| mail -sboot/reboot .*evolix.fr$" /etc/rc.local || echo 'IS_ALERTBOOT FAILED!'
+        grep -qE "^date \| mail -sboot/reboot .*evolix.fr$" /etc/rc.local \
            || failed "IS_ALERTBOOT"
    fi
    if [ "$IS_RSYNC" = 1 ]; then
-        pkg info | grep -q rsync || echo 'IS_RSYNC FAILED!'
+        pkg info | grep -q rsync || failed "IS_RSYNC"
    fi
    if [ "$IS_CRONPATH" = 1 ]; then
-        grep -q "PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin" /var/cron/tabs/root || echo 'IS_CRONPATH FAILED!'
+        grep -q "PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin" /var/cron/tabs/root \
            || failed "IS_CRONPATH"
    fi
    #TODO
@ -935,61 +1386,89 @@ if [ `uname -s` == "OpenBSD" ]; then
 fi
 if [ "$IS_TMP_1777" = 1 ]; then
-    ls -ld /tmp | grep -q drwxrwxrwt || echo 'IS_TMP_1777 FAILED!'
+    actual=$(stat --format "%a" /tmp)
    expected="1777"
    test "$expected" = "$actual" || failed "IS_TMP_1777"
 fi
 if [ "$IS_ROOT_0700" = 1 ]; then
-    ls -ld /root | grep -q drwx------ || echo 'IS_ROOT_0700 FAILED!'
+    actual=$(stat --format "%a" /root)
    expected="700"
    test "$expected" = "$actual" || failed "IS_ROOT_0700"
 fi
 if [ "$IS_USRSHARESCRIPTS" = 1 ]; then
-    ls -ld /usr/share/scripts | grep -q drwx------ || echo 'IS_USRSHARESCRIPTS FAILED!'
+    actual=$(stat --format "%a" /usr/share/scripts)
    expected="700"
    test "$expected" = "$actual" || failed "IS_USRSHARESCRIPTS"
 fi
 if [ "$IS_SSHPERMITROOTNO" = 1 ]; then
-    is_debianversion stretch || ( grep -E -qi "PermitRoot.*no" /etc/ssh/sshd_config || echo 'IS_SSHPERMITROOTNO FAILED!' )
+    if is_debian_stretch; then
-    is_debianversion stretch && grep -q ^PermitRoot /etc/ssh/sshd_config && ( grep -E -qi "PermitRoot.*no" /etc/ssh/sshd_config || echo 'IS_SSHPERMITROOTNO FAILED!' )
+        if grep -q "^PermitRoot" /etc/ssh/sshd_config; then
            grep -E -qi "PermitRoot.*no" /etc/ssh/sshd_config || failed "IS_SSHPERMITROOTNO"
        fi
    else
        grep -E -qi "PermitRoot.*no" /etc/ssh/sshd_config || failed "IS_SSHPERMITROOTNO"
    fi
 fi
 if [ "$IS_EVOMAINTENANCEUSERS" = 1 ]; then
-    if ! is_debianversion stretch; then
+    if is_debian_stretch; then
        users=$(getent group evolinux-sudo | cut -d':' -f4 | tr ',' ' ')
    else
        if [ -f /etc/sudoers.d/evolinux ]; then
            sudoers="/etc/sudoers.d/evolinux"
        else
            sudoers="/etc/sudoers"
        fi
-        for i in $( (grep "^User_Alias *ADMIN" $sudoers | cut -d= -f2 | tr -d " "; grep ^sudo /etc/group |cut -d: -f 4) | tr "," "\n" |sort -u); do
+        # combine users from User_Alias and sudo group
-            grep -q "^trap.*sudo.*evomaintenance.sh" /home/$i/.*profile || echo 'IS_EVOMAINTENANCEUSERS FAILED!'
+        users=$({ grep "^User_Alias *ADMIN" $sudoers | cut -d= -f2 | tr -d " "; grep "^sudo" /etc/group | cut -d: -f 4; } | tr "," "\n" | sort -u)
        done
    else
        for i in $(getent group evolinux-sudo | cut -d':' -f4 | tr ',' ' '); do
            grep -q "^trap.*sudo.*evomaintenance.sh" /home/$i/.*profile || echo 'IS_EVOMAINTENANCEUSERS FAILED!'
        done
    fi
    for user in $users; do
        user_home=$(getent passwd "$user" | cut -d: -f6)
        if [ -n "$user_home" ] && [ -d "$user_home" ]; then
            if ! grep -qs "^trap.*sudo.*evomaintenance.sh" "${user_home}"/.*profile; then
                failed "IS_EVOMAINTENANCEUSERS" "${user} doesn't have an evomaintenance trap"
                test "${VERBOSE}" = 1 || break
            fi
        fi
    done
 fi
 # Verification de la configuration d'evomaintenance
 if [ "$IS_EVOMAINTENANCECONF" = 1 ]; then
    f=/etc/evomaintenance.cf
-    ( test -e $f \
+    if [ -e "$f" ]; then
-    && test $(stat -c "%a" $f) = "600" \
+        perms=$(stat -c "%a" $f)
-    && grep "^export PGPASSWORD" $f |grep -qv "your-passwd" \
+        test "$perms" = "600" || failed "IS_EVOMAINTENANCECONF" "Wrong permissions on \`$f' ($perms instead of 600)"
-    && grep "^PGDB" $f |grep -qv "your-db" \
+
-    && grep "^PGTABLE" $f |grep -qv "your-table" \
+        { grep "^export PGPASSWORD" $f | grep -qv "your-passwd" \
-    && grep "^PGHOST" $f |grep -qv "your-pg-host" \
+            && grep "^PGDB" $f | grep -qv "your-db" \
-    && grep "^FROM" $f |grep -qv "jdoe@example.com" \
+            && grep "^PGTABLE" $f | grep -qv "your-table" \
-    && grep "^FULLFROM" $f |grep -qv "John Doe <jdoe@example.com>" \
+            && grep "^PGHOST" $f | grep -qv "your-pg-host" \
-    && grep "^URGENCYFROM" $f |grep -qv "mama.doe@example.com" \
+            && grep "^FROM" $f | grep -qv "jdoe@example.com" \
-    && grep "^URGENCYTEL" $f |grep -qv "06.00.00.00.00" \
+            && grep "^FULLFROM" $f | grep -qv "John Doe <jdoe@example.com>" \
-    && grep "^REALM" $f |grep -qv "example.com" ) || echo 'IS_EVOMAINTENANCECONF FAILED!'
+            && grep "^URGENCYFROM" $f | grep -qv "mama.doe@example.com" \
            && grep "^URGENCYTEL" $f | grep -qv "06.00.00.00.00" \
            && grep "^REALM" $f | grep -qv "example.com";
        } || failed "IS_EVOMAINTENANCECONF" "evomaintenance is not correctly configured"
    else
        failed "IS_EVOMAINTENANCECONF" "Configuration file \`$f' is missing"
    fi
 fi
 if [ "$IS_PRIVKEYWOLRDREADABLE" = 1 ]; then
-    for f in /etc/ssl/private/*; do
+    # a simple globbing fails if directory is empty
-        perms=$(stat -L -c "%a" $f)
+    if [ -n "$(ls -A /etc/ssl/private/)" ]; then
-        if [ ${perms: -1} != "0" ]; then
+        for f in /etc/ssl/private/*; do
-            echo 'IS_PRIVKEYWOLRDREADABLE FAILED!'
+            perms=$(stat -L -c "%a" "$f")
-            break
+            if [ "${perms: -1}" != 0 ]; then
-        fi
+                failed "IS_PRIVKEYWOLRDREADABLE" "$f is world-readable"
-    done
+                test "${VERBOSE}" = 1 || break
            fi
        done
    fi
 fi
 exit ${RC}
--- a/evocheck/meta/main.yml
+++ b/evocheck/meta/main.yml
@ -3,7 +3,7 @@ galaxy_info:
  description: Install evocheck
  company: Evolix
-  issue_tracker_url: https://forge.evolix.org/projects/evocheck/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/evocheck/issues
  license: GPLv2
--- a/evolinux-base/meta/main.yml
+++ b/evolinux-base/meta/main.yml
@ -2,7 +2,7 @@ galaxy_info:
  author: Evolix
  description: Evolix usual customizations for a Debian installation.
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/evolinux-base/tasks/packages.yml
+++ b/evolinux-base/tasks/packages.yml
@ -113,16 +113,25 @@
 # TODO: use ini_file when Ansible > 2.1 (no_extra_spaces: yes)
- name: Configure Listchanges
+- name: Configure Listchanges on Jessie
  lineinfile:
    dest: /etc/apt/listchanges.conf
    regexp: '^{{ item.option }}\s*='
    line: "{{ item.option }}={{ item.value }}"
  with_items:
-  - { option: "confirm", value: "1" }
+    - { option: "confirm", value: "1" }
-  - { option: "which",   value: "both" }
+    - { option: "which",   value: "both" }
  when:
-  - evolinux_packages_listchanges
+    - evolinux_packages_listchanges
-  - ansible_distribution_release == "jessie"
+    - ansible_distribution == "Debian"
    - ansible_distribution_release == "jessie"
 - name: apt-listchanges is absent on Stretch and later 
  apt:
    name: apt-listchanges
    state: absent
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version | version_compare('9', '>=')
 - meta: flush_handlers
--- a/evolinux-todo/meta/main.yml
+++ b/evolinux-todo/meta/main.yml
@ -3,7 +3,7 @@ galaxy_info:
  description: Install evolinux-todo
  company: Evolix
-  issue_tracker_url: https://forge.evolix.org/projects/evocheck/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/evocheck/issues
  license: GPLv2
--- a/evolinux-users/meta/main.yml
+++ b/evolinux-users/meta/main.yml
@ -2,7 +2,7 @@ galaxy_info:
  author: Evolix
  description: Creates evolinux users accounts.
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/evomaintenance/files/evomaintenance.sh
+++ b/evomaintenance/files/evomaintenance.sh
@ -4,82 +4,404 @@
 # Dependencies (all OS): git postgresql-client
 # Dependencies (Debian): sudo
-# version 0.4.1
+# version 0.5.0
-# Copyright 2007-2018 Gregory Colpart <reg@evolix.fr>, Jérémy Lecour <jlecour@evolix.fr>, Evolix <info@evolix.fr>
+# Copyright 2007-2019 Evolix <info@evolix.fr>, Gregory Colpart <reg@evolix.fr>,
 #                     Jérémy Lecour <jlecour@evolix.fr> and others.
 VERSION="0.5.0"
 show_version() {
    cat <<END
 evomaintenance version ${VERSION}
 Copyright 2007-2019 Evolix <info@evolix.fr>, Gregory Colpart <reg@evolix.fr>,
                    Jérémy Lecour <jlecour@evolix.fr> and others.
 evomaintenance comes with ABSOLUTELY NO WARRANTY.  This is free software,
 and you are welcome to redistribute it under certain conditions.
 See the GNU General Public Licence for details.
 END
 }
 show_help() {
    cat <<END
 evomaintenance is a program that helps reporting what you've done on a server
 Usage: evomaintenance
  or   evomaintenance --message="add new host"
  or   evomaintenance --no-db --no-mail --no-commit
  or   echo "add new vhost" | evomaintenance
 Options
 -m, --message=MESSAGE       set the message from the command line
     --mail                  enable the mail hook (default)
     --no-mail               disable the mail hook
     --db                    enable the database hook (default)
     --no-db                 disable the database hook
     --commit                enable the commit hook (default)
     --no-commit             disable the commit hook
     --evocheck              enable evocheck execution (default)
     --no-evocheck           disable evocheck execution
     --auto                  use "auto" mode
     --no-auto               use "manual" mode (default)
 -v, --verbose               increase verbosity
 -n, --dry-run               actions are not executed
     --help                  print this message and exit
     --version               print version and exit
 END
 }
 get_system() {
-  uname -s
+    uname -s
 }
 get_fqdn() {
-  if [ "$(get_system)" = "Linux" ]; then
+    if [ "$(get_system)" = "Linux" ]; then
-    hostname --fqdn
+        hostname --fqdn
-  elif [ "$(get_system)" = "OpenBSD" ]; then
+    elif [ "$(get_system)" = "OpenBSD" ]; then
-    hostname
+        hostname
-  else
+    else
-    echo "OS not detected!"
+        echo "OS not detected!"
-    exit 1
+        exit 1
-  fi
+    fi
 }
 get_tty() {
-  if [ "$(get_system)" = "Linux" ]; then
+    if [ "$(get_system)" = "Linux" ]; then
-    ps -o tty= | tail -1
+        ps -o tty= | tail -1
-  elif [ "$(get_system)" = "OpenBSD" ]; then
+    elif [ "$(get_system)" = "OpenBSD" ]; then
-    env | grep SSH_TTY | cut -d"/" -f3
+        env | grep SSH_TTY | cut -d"/" -f3
-  else
+    else
-    echo "OS not detected!"
+        echo "OS not detected!"
-    exit 1
+        exit 1
-  fi
+    fi
 }
 get_who() {
-  who=$(LC_ALL=C who -m)
+    who=$(LC_ALL=C who -m | tr -s ' ')
-  if [ -n "${who}" ]; then
+    if [ -n "${who}" ]; then
-    echo "${who}"
+        echo "${who}"
-  else
+    else
-    LC_ALL=C who | grep $(get_tty) | tr -s ' '
+        LC_ALL=C who | grep "$(get_tty)" | tr -s ' '
-  fi
+    fi
 }
 get_begin_date() {
-  echo "$(date "+%Y") $(echo $(get_who) | cut -d" " -f3,4,5)"
+    printf "%s %s" "$(date "+%Y")" "$(get_who | cut -d" " -f3,4,5)"
 }
 get_ip() {
-  ip=$(echo $(get_who) | cut -d" " -f6 | sed -e "s/^(// ; s/)$//")
+    ip=$(get_who | cut -d" " -f6 | sed -e "s/^(// ; s/)$//")
-  [ -z "${ip}" ] && ip="unknown (no tty)"
+    [ -z "${ip}" ] && ip="unknown (no tty)"
-  [ "${ip}" = ":0" ] && ip="localhost"
+    [ "${ip}" = ":0" ] && ip="localhost"
-  echo "${ip}"
+    echo "${ip}"
 }
 get_end_date() {
-  date +"%Y %b %d %H:%M"
+    date +"%Y %b %d %H:%M"
 }
 get_now() {
-  date +"%Y-%m-%dT%H:%M:%S%z"
+    date +"%Y-%m-%dT%H:%M:%S%z"
 }
 get_complete_hostname() {
    REAL_HOSTNAME=$(get_fqdn)
    if [ "${HOSTNAME}" = "${REAL_HOSTNAME}" ]; then
        echo "${HOSTNAME}"
    else
        echo "${HOSTNAME} (${REAL_HOSTNAME})"
    fi
 }
 get_repository_status() {
    dir=$1
    # tell Git where to find the repository and the work tree (no need to `cd …` there)
    export GIT_DIR="${dir}/.git" GIT_WORK_TREE="${dir}"
    # If the repository and the work tree exist, try to commit changes
    if [ -d "${GIT_DIR}" ] && [ -d "${GIT_WORK_TREE}" ]; then
        CHANGED_LINES=$(${GIT_BIN} status --porcelain | wc -l | tr -d ' ')
        if [ "${CHANGED_LINES}" != "0" ]; then
            STATUS=$(${GIT_BIN} status --short | tail -n ${GIT_STATUS_MAX_LINES})
            printf "%s\n%s\n" "${GIT_DIR} (last ${GIT_STATUS_MAX_LINES} lines)" "${STATUS}" | sed -e '/^$/d'
        fi
    fi
    # unset environment variables to prevent accidental influence on other git commands
    unset GIT_DIR GIT_WORK_TREE
 }
 get_evocheck() {
    if [ -x "${EVOCHECK_BIN}" ]; then
        printf "Evocheck status :"
        EVOCHECK_OUT=$(${EVOCHECK_BIN})
        EVOCHECK_RC=$?
        if [ "${EVOCHECK_RC}" = "0" ] && [ -z "${EVOCHECK_OUT}" ]; then
            printf " OK\n\n"
        else
            printf " ERROR\n%s\n\n" "${EVOCHECK_OUT}"
        fi
    fi
 }
 print_log() {
    printf "*********** %s ***************\n" "$(get_now)"
    print_session_data
    printf "Hooks     : commit=%s db=%s mail=%s\n"\
           "${HOOK_COMMIT}" "${HOOK_DB}" "${HOOK_MAIL}"
    if [ "${HOOK_MAIL}" = "1" ]; then
        printf "Mailto    : %s\n" "${EVOMAINTMAIL}"
    fi
 }
 print_session_data() {
    printf "Host      : %s\n" "${HOSTNAME_TEXT}"
    printf "User      : %s\n" "${USER}"
    printf "IP        : %s\n" "${IP}"
    printf "Begin     : %s\n" "${BEGIN_DATE}"
    printf "End       : %s\n" "${END_DATE}"
    printf "Message   : %s\n" "${MESSAGE}"
 }
 hook_commit() {
    if [ -x "${GIT_BIN}" ]; then
        # loop on possible directories managed by GIT
        for dir in ${GIT_REPOSITORIES}; do
            # tell Git where to find the repository and the work tree (no need to `cd …` there)
            export GIT_DIR="${dir}/.git" GIT_WORK_TREE="${dir}"
            # If the repository and the work tree exist, try to commit changes
            if [ -d "${GIT_DIR}" ] && [ -d "${GIT_WORK_TREE}" ]; then
                CHANGED_LINES=$(${GIT_BIN} status --porcelain | wc -l | tr -d ' ')
                if [ "${CHANGED_LINES}" != "0" ]; then
                    if [ "${DRY_RUN}" = "1" ]; then
                        # STATS_SHORT=$(${GIT_BIN} diff --stat | tail -1)
                        STATS=$(${GIT_BIN} diff --stat | tail -n ${GIT_STATUS_MAX_LINES})
                        # GIT_COMMITS_SHORT=$(printf "%s\n%s : %s" "${GIT_COMMITS_SHORT}" "${GIT_DIR}" "${STATS_SHORT}" | sed -e '/^$/d')
                        GIT_COMMITS=$(printf "%s\n%s\n%s" "${GIT_COMMITS}" "${GIT_DIR}" "${STATS}" | sed -e '/^$/d')
                    else
                        ${GIT_BIN} add --all
                        ${GIT_BIN} commit --message "${MESSAGE}" --author="${USER} <${USER}@evolix.net>" --quiet
                        # Add the SHA to the log file if something has been committed
                        SHA=$(${GIT_BIN} rev-parse --short HEAD)
                        # STATS_SHORT=$(${GIT_BIN} show --stat | tail -1)
                        STATS=$(${GIT_BIN} show --stat --pretty=format:"" | tail -n ${GIT_STATUS_MAX_LINES})
                        # append commit data, without empty lines
                        # GIT_COMMITS_SHORT=$(printf "%s\n%s : %s –%s" "${GIT_COMMITS_SHORT}" "${GIT_DIR}" "${SHA}" "${STATS_SHORT}" | sed -e '/^$/d')
                        GIT_COMMITS=$(printf "%s\n%s : %s\n%s" "${GIT_COMMITS}" "${GIT_DIR}" "${SHA}" "${STATS}" | sed -e '/^$/d')
                    fi
                fi
            fi
            # unset environment variables to prevent accidental influence on other git commands
            unset GIT_DIR GIT_WORK_TREE
        done
        if [ -n "${GIT_COMMITS}" ]; then
            # if [ "${VERBOSE}" = "1" ]; then
                printf "\n********** Commits ****************\n%s\n***********************************\n" "${GIT_COMMITS}"
            # fi
            if [ "${DRY_RUN}" != "1" ]; then
                echo "${GIT_COMMITS}" >> "${LOGFILE}"
            fi
        fi
    fi
 }
 hook_db() {
    SQL_DETAILS=$(echo "${MESSAGE}" | sed "s/'/''/g")
    PG_QUERY="INSERT INTO evomaint(hostname,userid,ipaddress,begin_date,end_date,details) VALUES ('${HOSTNAME}','${USER}','${IP}','${BEGIN_DATE}',now(),'${SQL_DETAILS}')"
    if [ "${VERBOSE}" = "1" ]; then
        printf "\n********** DB query **************\n%s\n***********************************\n" "${PG_QUERY}"
    fi
    if [ "${DRY_RUN}" != "1" ] && [ -x "${PSQL_BIN}" ]; then
        echo "${PG_QUERY}" | ${PSQL_BIN} "${PGDB}" "${PGTABLE}" -h "${PGHOST}"
    fi
 }
 format_mail() {
    cat <<EOTEMPLATE
 From: ${FULLFROM}
 Content-Type: text/plain; charset=UTF-8
 MIME-Version: 1.0
 Content-Transfer-Encoding: 8bit
 To: ${EVOMAINTMAIL}
 Subject: [evomaintenance] Intervention sur ${HOSTNAME_TEXT} (${USER})
 Bonjour,
 Une intervention vient de se terminer sur votre serveur.
 Nom du serveur : ${HOSTNAME_TEXT}
 Personne ayant réalisée l'intervention : ${USER}
 Intervention réalisée depuis : ${IP}
 Début de l'intervention : ${BEGIN_DATE}
 Fin de l'intervention : ${END_DATE}
 ### Renseignements sur l'intervention
 ${MESSAGE}
 ###
 EOTEMPLATE
    if [ -n "${GIT_COMMITS}" ]; then
        cat << EOTEMPLATE
 ### Commits
 ${GIT_COMMITS}
 ###
 EOTEMPLATE
    fi
    cat <<EOTEMPLATE
 Pour réagir à cette intervention, vous pouvez répondre à ce message
 (sur l'adresse mail ${FROM}). En cas d'urgence, utilisez
 l'adresse ${URGENCYFROM} ou notre téléphone portable d'astreinte
 (${URGENCYTEL})
 Cordialement,
 --
 ${FULLFROM}
 EOTEMPLATE
 }
 hook_mail() {
    MAIL_CONTENT=$(format_mail)
    if [ "${VERBOSE}" = "1" ]; then
        printf "\n********** Mail *******************\n%s\n***********************************\n" "${MAIL_CONTENT}"
    fi
    if [ "${DRY_RUN}" != "1" ] && [ -x "${SENDMAIL_BIN}" ]; then
        echo "${MAIL_CONTENT}" | ${SENDMAIL_BIN} -oi -t -f "${FROM}"
    fi
 }
 hook_log() {
  if [ "${VERBOSE}" = "1" ]; then
      print_log
  fi
  if [ "${DRY_RUN}" != "1" ]; then
      print_log >> "${LOGFILE}"
  fi
 }
 # load configuration if present.
 test -f /etc/evomaintenance.cf && . /etc/evomaintenance.cf
-[ -n "${HOSTNAME}" ]     || HOSTNAME=$(get_fqdn)
+HOSTNAME=${HOSTNAME:-$(get_fqdn)}
-[ -n "${EVOMAINTMAIL}" ] || EVOMAINTMAIL=evomaintenance-$(echo "${HOSTNAME}" | cut -d- -f1)@${REALM}
+EVOMAINTMAIL=${EVOMAINTMAIL:-"evomaintenance-$(echo "${HOSTNAME}" | cut -d- -f1)@${REALM}"}
-[ -n "${LOGFILE}" ]      || LOGFILE=/var/log/evomaintenance.log
+LOGFILE=${LOGFILE:-"/var/log/evomaintenance.log"}
 HOOK_COMMIT=${HOOK_COMMIT:-"1"}
 HOOK_DB=${HOOK_DB:-"1"}
 HOOK_MAIL=${HOOK_MAIL:-"1"}
 DRY_RUN=${DRY_RUN:-"0"}
 VERBOSE=${VERBOSE:-"0"}
 AUTO=${AUTO:-"0"}
 EVOCHECK=${EVOCHECK:-"0"}
 GIT_STATUS_MAX_LINES=${GIT_STATUS_MAX_LINES:-20}
 # initialize variables
 MESSAGE=""
 # GIT_COMMITS_SHORT=""
 GIT_COMMITS=""
 # Parse options
 # based on https://gist.github.com/deshion/10d3cb5f88a21671e17a
 while :; do
    case $1 in
        -h|-\?|--help)
            show_help
            exit 0
            ;;
        --version)
            show_version
            exit 0
            ;;
        -m|--message)
            # message options, with value speparated by space
            if [ -n "$2" ]; then
                MESSAGE=$2
                shift
            else
                printf 'ERROR: "--message" requires a non-empty option argument.\n' >&2
                exit 1
            fi
            ;;
        --message=?*)
            # message options, with value speparated by =
            MESSAGE=${1#*=}
            ;;
        --message=)
            # message options, without value
            printf 'ERROR: "--message" requires a non-empty option argument.\n' >&2
            exit 1
            ;;
        --no-commit)
            # disable commit hook
            HOOK_COMMIT=0
            ;;
        --commit)
            # enable commit hook
            HOOK_COMMIT=1
            ;;
        --no-db)
            # disable DB hook
            HOOK_DB=0
            ;;
        --db)
            # enable DB hook
            HOOK_DB=1
            ;;
        --no-mail)
            # disable mail hook
            HOOK_MAIL=0
            ;;
        --mail)
            # enable mail hook
            HOOK_MAIL=1
            ;;
        --no-auto)
            # use "manual" mode
            AUTO=0
            ;;
        --auto)
            # use "auto" mode
            AUTO=1
            ;;
        -n|--dry-run)
            # disable actual commands
            DRY_RUN=1
            ;;
        -v|--verbose)
            # print verbose information
            VERBOSE=1
            ;;
        --)
            # End of all options.
            shift
            break
            ;;
        -?*|[[:alnum:]]*)
            # ignore unknown options
            printf 'WARN: Unknown option (ignored): %s\n' "$1" >&2
            ;;
        *)
            # Default case: If no more options then break out of the loop.
            break
            ;;
    esac
    shift
 done
 # Treat unset variables as an error when substituting.
 # Only after this line, because some config variables might be missing.
 set -u
-REAL_HOSTNAME=$(get_fqdn)
+# Gather information
-if [ "${HOSTNAME}" = "${REAL_HOSTNAME}" ]; then
+HOSTNAME_TEXT=$(get_complete_hostname)
    HOSTNAME_TEXT="${HOSTNAME}"
 else
    HOSTNAME_TEXT="${HOSTNAME} (${REAL_HOSTNAME})"
 fi
 # TTY=$(get_tty)
 # WHO=$(get_who)
 IP=$(get_ip)
@ -90,109 +412,231 @@ USER=$(logname)
 PATH=${PATH}:/usr/sbin
 SENDMAIL_BIN=$(command -v sendmail)
 readonly SENDMAIL_BIN
 if [ -z "${SENDMAIL_BIN}" ]; then
    echo "No \`sendmail' command has been found, can't send mail." 2>&1
 fi
 GIT_BIN=$(command -v git)
 readonly GIT_BIN
 if [ -z "${GIT_BIN}" ]; then
    echo "No \`git' command has been found, can't commit changes" 2>&1
 fi
 PSQL_BIN=$(command -v psql)
 readonly PSQL_BIN
 if [ -z "${PSQL_BIN}" ]; then
    echo "No \`psql' command has been found, can't save to the database." 2>&1
 fi
 EVOCHECK_BIN="/usr/share/scripts/evocheck.sh"
 GIT_REPOSITORIES="/etc /etc/bind"
-# git statuses
+# initialize variable
 GIT_STATUSES=""
-
+# git statuses
-if test -x "${GIT_BIN}"; then
+if [ -x "${GIT_BIN}" ]; then
    # loop on possible directories managed by GIT
    for dir in ${GIT_REPOSITORIES}; do
-        # tell Git where to find the repository and the work tree (no need to `cd …` there)
+        RESULT=$(get_repository_status "${dir}")
-        export GIT_DIR="${dir}/.git" GIT_WORK_TREE="${dir}"
+        if [ -n "${RESULT}" ]; then
-        # If the repository and the work tree exist, try to commit changes
+            # append diff data, without empty lines
-        if test -d "${GIT_DIR}" && test -d "${GIT_WORK_TREE}"; then
+            GIT_STATUSES=$(printf "%s\n%s\n" "${GIT_STATUSES}" "${RESULT}" | sed -e '/^$/d')
            CHANGED_LINES=$(${GIT_BIN} status --porcelain | wc -l | tr -d ' ')
            if [ "${CHANGED_LINES}" != "0" ]; then
              STATUS=$(${GIT_BIN} status --short | tail -n 10)
              # append diff data, without empty lines
              GIT_STATUSES=$(printf "%s\n%s\n%s\n" "${GIT_STATUSES}" "${GIT_DIR} (last 10 lines)" "${STATUS}" | sed -e '/^$/d')
            fi
        fi
-        # unset environment variables to prevent accidental influence on other git commands
+        unset RESULT
        unset GIT_DIR GIT_WORK_TREE
    done
    if [ -n "${GIT_STATUSES}" ]; then
      echo "/!\ There are some uncommited changes. If you proceed, everything will be commited."
      echo "${GIT_STATUSES}"
      echo ""
    fi
 fi
-# get input from stdin
+# find out if running in interactive mode, or not
-echo "> Please, enter details about your maintenance"
+if [ -t 0 ]; then
-read TEXTE
+    INTERACTIVE=1
 else
    INTERACTIVE=0
 fi
 readonly INTERACTIVE
-if [ "${TEXTE}" = "" ]; then
+if [ "${INTERACTIVE}" = "1" ] && [ "${EVOCHECK}" = "1" ]; then
    get_evocheck
 fi
 if [ -n "${GIT_STATUSES}" ] && [ "${INTERACTIVE}" = "1" ]; then
    printf "/!\ There are some uncommited changes.\n%s\n\n" "${GIT_STATUSES}"
 fi
 if [ -z "${MESSAGE}" ]; then
    if [ "${INTERACTIVE}" = "1" ]; then
        printf "> Please, enter details about your maintenance:\n"
    fi
    read -r MESSAGE
 fi
 if [ -z "${MESSAGE}" ]; then
    echo "no value..."
    exit 1
 fi
-# recapitulatif
+print_session_data
 BLOB=$(cat <<END
 Host      : $HOSTNAME_TEXT
 User      : $USER
 IP        : $IP
 Begin     : $BEGIN_DATE
 End       : $END_DATE
 Message   : $TEXTE
 END
 )
-echo ""
+if [ "${INTERACTIVE}" = "1" ] && [ "${AUTO}" = "0" ]; then
-echo "${BLOB}"
+    if  [ "${HOOK_COMMIT}" = "1" ] || [ "${HOOK_MAIL}" = "1" ] || [ "${HOOK_DB}" = "1" ]; then
-echo ""
+        printf "\nActions to execute:\n"
-echo "> Press <Enter> to submit, or <Ctrl+c> to cancel."
+        if [ "${HOOK_COMMIT}" = "1" ]; then
-read enter
+            printf "* commit changes in repositories\n"
 # write log
 echo "----------- $(get_now) ---------------" >> "${LOGFILE}"
 echo "${BLOB}" >> "${LOGFILE}"
 # git commit
 GIT_COMMITS=""
 if test -x "${GIT_BIN}"; then
    # loop on possible directories managed by GIT
    for dir in ${GIT_REPOSITORIES}; do
        # tell Git where to find the repository and the work tree (no need to `cd …` there)
        export GIT_DIR="${dir}/.git" GIT_WORK_TREE="${dir}"
        # If the repository and the work tree exist, try to commit changes
        if test -d "${GIT_DIR}" && test -d "${GIT_WORK_TREE}"; then
            CHANGED_LINES=$(${GIT_BIN} status --porcelain | wc -l | tr -d ' ')
            if [ "${CHANGED_LINES}" != "0" ]; then
              ${GIT_BIN} add --all
              ${GIT_BIN} commit --message "${TEXTE}" --author="${USER} <${USER}@evolix.net>" --quiet
              # Add the SHA to the log file if something has been committed
              SHA=$(${GIT_BIN} rev-parse --short HEAD)
              STATS=$(${GIT_BIN} show --stat | tail -1)
              # append commit data, without empty lines
              GIT_COMMITS=$(printf "%s\n%s : %s –%s" "${GIT_COMMITS}" "${GIT_DIR}" "${SHA}" "${STATS}" | sed -e '/^$/d')
            fi
        fi
-        # unset environment variables to prevent accidental influence on other git commands
+        if [ "${HOOK_MAIL}" = "1" ]; then
-        unset GIT_DIR GIT_WORK_TREE
+            printf "* send mail to %s\n" "${EVOMAINTMAIL}"
-    done
+        fi
-    if [ -n "${GIT_COMMITS}" ]; then
+        if [ "${HOOK_DB}" = "1" ]; then
-      echo "${GIT_COMMITS}" >> "${LOGFILE}"
+            printf "* save metadata to the database\n"
        fi
        echo ""
        answer=""
        while :; do
            printf "> Let's continue? [Y,n,i,?] "
            read -r answer
            case $answer in
                [Yy]|"" )
                    # force "auto" mode, but keep hooks settings
                    AUTO=1
                    break
                    ;;
                [Nn] )
                    # force "auto" mode, and disable all hooks
                    HOOK_COMMIT=0
                    HOOK_MAIL=0
                    HOOK_DB=0
                    AUTO=1
                    break
                    ;;
                [Ii] )
                    # force "manual" mode
                    AUTO=0
                    break
                    ;;
                * )
                    printf "y - yes, execute actions and exit\n"
                    printf "n - no, don't execute actions and exit\n"
                    printf "i - switch to interactive mode\n"
                    printf "? - print this help\n"
                    ;;
            esac
        done
    fi
 fi
-# insert into PG
+if [ "${INTERACTIVE}" = "1" ] && [ "${AUTO}" = "0" ]; then
-# SQL_TEXTE=`echo "${TEXTE}" | sed "s/'/\\\\\\'/g ; s@/@\\\\\/@g ; s@\\&@et@g"`
+    # Commit hook
-SQL_TEXTE=`echo "${TEXTE}" | sed "s/'/''/g"`
+    if [ -n "${GIT_STATUSES}" ] && [ "${HOOK_COMMIT}" = "1" ]; then
        printf "/!\ There are some uncommited changes.\n%s\n\n" "${GIT_STATUSES}"
-PG_QUERY="INSERT INTO evomaint(hostname,userid,ipaddress,begin_date,end_date,details) VALUES ('${HOSTNAME}','${USER}','${IP}','${BEGIN_DATE}',now(),'${SQL_TEXTE}')"
+        y="Y"; n="n"
-echo "${PG_QUERY}" | psql ${PGDB} ${PGTABLE} -h ${PGHOST}
+        answer=""
        while :; do
            printf "> Do you want to commit the changes? [%s] " "${y},${n}"
            read -r answer
            case $answer in
                [Yy] )
                    hook_commit;
                    break
                    ;;
                [Nn] )
                    break
                    ;;
                "" )
                    if [ "${HOOK_COMMIT}" = "1" ]; then
                      hook_commit
                    fi
                    break
                    ;;
                * )
                    echo "answer with a valid choice"
                    ;;
            esac
        done
    fi
-# send mail
+    # Mail hook
-MAIL_TEXTE=$(echo "${TEXTE}" | sed -e "s@/@\\\\\/@g ; s@&@\\\\&@")
+    if [ "${HOOK_MAIL}" = "1" ]; then
-MAIL_GIT_COMMITS=$(echo "${GIT_COMMITS}" | sed -e "s@/@\\\\\/@g ; s@&@\\\\&@")
+        y="Y"; n="n"
    else
        y="y"; n="N"
    fi
    answer=""
    while :; do
        printf "> Do you want to send an email to <%s>? [%s] " "${EVOMAINTMAIL}" "${y},${n},e"
        read -r answer
        case $answer in
            [Yy] )
                hook_mail;
                break
                ;;
            [Nn] )
                break
                ;;
            [Ee] )
                printf "> To: [%s] " "${EVOMAINTMAIL}"
                read -r mail_recipient
                if [ -n "${mail_recipient}" ]; then
                    EVOMAINTMAIL="${mail_recipient}"
                fi
                ;;
            "" )
                if [ "${HOOK_MAIL}" = "1" ]; then
                    hook_mail
                fi
                break
                ;;
            * )
                echo "answer with a valid choice"
                ;;
        esac
    done
-cat /usr/share/scripts/evomaintenance.tpl | \
+    # Database hook
-    sed -e "s/__TO__/${EVOMAINTMAIL}/ ; s/__HOSTNAME__/${HOSTNAME_TEXT}/ ; s/__USER__/${USER}/ ; s/__BEGIN_DATE__/${BEGIN_DATE}/ ; s/__END_DATE__/${END_DATE}/ ; s/__GIT_COMMITS__/${MAIL_GIT_COMMITS}/ ; s/__TEXTE__/${MAIL_TEXTE}/ ; s/__IP__/${IP}/ ; s/__FULLFROM__/${FULLFROM}/ ; s/__FROM__/${FROM}/ ; s/__URGENCYFROM__/${URGENCYFROM}/ ; s/__URGENCYTEL__/${URGENCYTEL}/" | \
+    if [ "${HOOK_DB}" = "1" ]; then
-    ${SENDMAIL_BIN} -oi -t -f ${FROM}
+        y="Y"; n="n"
    else
        y="y"; n="N"
    fi
    answer=""
    while :; do
        printf "> Do you want to insert your message into the database? [%s] " "${y},${n}"
        read -r answer
        case $answer in
            [Yy] )
                hook_db;
                break
                ;;
            [Nn] )
                break
                ;;
            "" )
                if [ "${HOOK_DB}" = "1" ]; then
                  hook_db
                fi
                break
                ;;
            * )
                echo "answer with a valid choice"
                ;;
        esac
    done
 fi
 # Log hook
 hook_log
 if [ "${INTERACTIVE}" = "0" ] || [ "${AUTO}" = "1" ]; then
    if [ "${HOOK_COMMIT}" = "1" ]; then
        hook_commit
    fi
    if [ "${HOOK_MAIL}" = "1" ]; then
        hook_mail
    fi
    if [ "${HOOK_DB}" = "1" ]; then
        hook_db
    fi
 fi
 exit 0
--- a/evomaintenance/meta/main.yml
+++ b/evomaintenance/meta/main.yml
@ -3,7 +3,7 @@ galaxy_info:
  description: Install evomaintenance
  company: Evolix
-  issue_tracker_url: https://forge.evolix.org/projects/evomaintenance/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/evomaintenance/issues
  license: GPLv2
--- a/fail2ban/meta/main.yml
+++ b/fail2ban/meta/main.yml
@ -2,7 +2,7 @@ galaxy_info:
  author: Evolix
  description: Install Fail2ban and a few filters.
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/fail2ban/templates/jail.local.j2
+++ b/fail2ban/templates/jail.local.j2
@ -27,6 +27,12 @@ action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(proto
 action = %(action_mwl)s
 [sshd]
 port    = ssh,2222
 logpath = %(sshd_log)s
 backend = %(sshd_backend)s
 maxretry = 10
 {% if fail2ban_wordpress %}
 [wordpress-hard]
 enabled = true
--- a/filebeat/meta/main.yml
+++ b/filebeat/meta/main.yml
@ -2,7 +2,7 @@ galaxy_info:
  author: Evolix
  description: Installation and basic configuration of Filebeat.
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/haproxy/meta/main.yml
+++ b/haproxy/meta/main.yml
@ -2,7 +2,7 @@ galaxy_info:
  author: Evolix
  description: Installation and basic configuration of HAProxy
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/java/meta/main.yml
+++ b/java/meta/main.yml
@ -3,7 +3,7 @@ galaxy_info:
  author: Evolix
  description: Installation of Java
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/jenkins/meta/main.yml
+++ b/jenkins/meta/main.yml
@ -3,7 +3,7 @@ galaxy_info:
  author: Evolix
  description: Install Jenkins
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/kibana/meta/main.yml
+++ b/kibana/meta/main.yml
@ -2,7 +2,7 @@ galaxy_info:
  author: Evolix
  description: Installation and basic configuration of Kibana.
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/kvm-host/meta/main.yml
+++ b/kvm-host/meta/main.yml
@ -2,7 +2,7 @@ galaxy_info:
  author: Evolix
  description: Install tools to set-up a KVM host
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/ldap/meta/main.yml
+++ b/ldap/meta/main.yml
@ -2,7 +2,7 @@ galaxy_info:
  author: Evolix
  description: Installation and basic configuration of ldap.
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/listupgrade/meta/main.yml
+++ b/listupgrade/meta/main.yml
@ -2,7 +2,7 @@ galaxy_info:
  author: Evolix
  description: Installation and configuration of the listupgrade script
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/logstash/meta/main.yml
+++ b/logstash/meta/main.yml
@ -2,7 +2,7 @@ galaxy_info:
  author: Evolix
  description: Installation and basic configuration of Logstash.
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/lxc/templates/default.conf
+++ b/lxc/templates/default.conf
@ -11,7 +11,7 @@ lxc.network.type = {{lxc_network_type}}
 {% if lxc_mount_part %}
 # Mount {{lxc_mount_part}} into containers.
-# lxc.mount.entry = {{lxc_mount_part}} {{lxc_mount_part |replace('/', '')}} none bind 0 0
+lxc.mount.entry = {{lxc_mount_part}} {{lxc_mount_part |replace('/', '')}} none bind 0 0
 {% endif %}
 # Only one tty is enough.
--- a/memcached/meta/main.yml
+++ b/memcached/meta/main.yml
@ -2,7 +2,7 @@ galaxy_info:
  author: Evolix
  description: Installation and basic configuration of memcached.
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/metricbeat/meta/main.yml
+++ b/metricbeat/meta/main.yml
@ -2,7 +2,7 @@ galaxy_info:
  author: Evolix
  description: Installation and basic configuration of Metricbeat.
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/minifirewall/files/minifirewall.conf
+++ b/minifirewall/files/minifirewall.conf
@ -1,4 +1,4 @@
-# Configuration for minifirewall : https://forge.evolix.org/projects/minifirewall
+# Configuration for minifirewall : https://gitea.evolix.org/evolix/minifirewall
 # For fun, we keep last change from first CVS repository:
 # version 0.1 - 12 juillet 2007 $Id: firewall.rc,v 1.2 2007/07/12 19:08:59 reg Exp $
--- a/minifirewall/meta/main.yml
+++ b/minifirewall/meta/main.yml
@ -2,7 +2,7 @@ galaxy_info:
  author: Evolix
  description: Installation and configuration of Minifirewall
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/minifirewall/templates/minifirewall.j2
+++ b/minifirewall/templates/minifirewall.j2
@ -2,7 +2,7 @@
 # minifirewall is shellscripts for easy firewalling on a standalone server
 # we used netfilter/iptables http://netfilter.org/ designed for recent Linux kernel
-# See https://forge.evolix.org/projects/minifirewall
+# See https://gitea.evolix.org/evolix/minifirewall
 # Copyright (c) 2007-2015 Evolix
 # This program is free software; you can redistribute it and/or
--- a/monit/meta/main.yml
+++ b/monit/meta/main.yml
@ -2,7 +2,7 @@ galaxy_info:
  author: Evolix
  description: Installation and basic configuration of Monit.
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/munin/meta/main.yml
+++ b/munin/meta/main.yml
@ -2,7 +2,7 @@ galaxy_info:
  author: Evolix
  description: Installation of Munin with a selection of plugins
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/mysql-oracle/meta/main.yml
+++ b/mysql-oracle/meta/main.yml
@ -2,7 +2,7 @@ galaxy_info:
  author: Evolix
  description: Install and configure MySQL 5.7 (with Oracle packages)
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/mysql/meta/main.yml
+++ b/mysql/meta/main.yml
@ -2,7 +2,7 @@ galaxy_info:
  author: Evolix
  description: your description
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/nagios-nrpe/meta/main.yml
+++ b/nagios-nrpe/meta/main.yml
@ -2,7 +2,7 @@ galaxy_info:
  author: Evolix
  description: Installation and custom configuration of Nagios NRPE server.
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/networkd-to-ifconfig/meta/main.yml
+++ b/networkd-to-ifconfig/meta/main.yml
@ -2,7 +2,7 @@ galaxy_info:
  author: Evolix
  description: Switch back from systemd "networkd" to plain old /etc/network/interfaces.
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/newrelic/meta/main.yml
+++ b/newrelic/meta/main.yml
@ -2,7 +2,7 @@ galaxy_info:
  author: Evolix
  description: Installation of NewRelic tools.
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/nginx/meta/main.yml
+++ b/nginx/meta/main.yml
@ -2,7 +2,7 @@ galaxy_info:
  author: Evolix
  description: Installation and basic configuration of Nginx
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/nginx/templates/evolinux-default.conf.j2
+++ b/nginx/templates/evolinux-default.conf.j2
@ -35,6 +35,7 @@ server {
    location /munin/ {
        alias   /var/cache/munin/www/;
        add_header X-Frame-Options "SAMEORIGIN";
    }
    location ^~ /munin-cgi/munin-cgi-graph/ {
--- a/nodejs/meta/main.yml
+++ b/nodejs/meta/main.yml
@ -2,7 +2,7 @@ galaxy_info:
  author: Evolix
  description: Installation of NodeJS from NPM repositories
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/opendkim/files/opendkim-add.sh
+++ b/opendkim/files/opendkim-add.sh
@ -1,52 +1,37 @@
 #!/bin/sh
 dpkg -l |grep -e 'opendkim-tools' -e 'opendkim' -q
 if [ "$?" -ne 0 ]; then 
    echo "Require opendkim-tools and opendkim"
    exit 1
 fi
 if [ "$#" -ne 1 ]; then
    echo "Usage : $0 example.com" >&2
    exit 1
 fi
 servername="$(cat /etc/hostname)"
 domain="$(echo "$1"|xargs)"
-mkdir -pm 0750 "/etc/opendkim/keys/${domain}"
+if [ ! -f "/etc/ssl/private/dkim-${servername}.private" ]; then
 chown opendkim:opendkim "/etc/opendkim/keys/${domain}"
 if [ ! -f "/etc/opendkim/keys/${domain}/default.private" ]; then
    cd "/etc/opendkim/keys/${domain}"
    echo "Generate DKIM keys ..."
-    sudo -u opendkim opendkim-genkey -r -d "${domain}"
+    opendkim-genkey -D /etc/ssl/private/ -r -d "${domain}" -s "dkim-${servername}"
-    chmod 640 /etc/opendkim/keys/${domain}/*
+    chown opendkim:opendkim "/etc/ssl/private/dkim-${servername}.private"
-fi
+    chmod 640 "/etc/ssl/private/dkim-${servername}.private"
-
+    mv "/etc/ssl/private/dkim-${servername}.txt" "/etc/ssl/certs/"
 grep -q "${domain}" /etc/opendkim/TrustedHosts
 if [ "$?" -ne 0 ]; then
    echo "Add ${domain} to TrustedHosts ..."
    echo "${domain}" >> /etc/opendkim/TrustedHosts
 fi
 grep -q "${domain}" /etc/opendkim/KeyTable
 if [ "$?" -ne 0 ]; then
    echo "Add ${domain} to KeyTable ..."
-    echo "default._domainkey.${domain} ${domain}:default:/etc/opendkim/keys/${domain}/default.private" >> /etc/opendkim/KeyTable
+    echo "dkim-${servername}._domainkey.${domain} ${domain}:dkim-${servername}:/etc/ssl/private/dkim-${servername}.private" >> /etc/opendkim/KeyTable
 fi
 grep -q "${domain}" /etc/opendkim/SigningTable
 if [ "$?" -ne 0 ]; then
    echo "Add ${domain} to SigningTable ..."
-    echo "*@${domain} default._domainkey.${domain}" >> /etc/opendkim/SigningTable
+    echo "*@${domain} dkim-${servername}._domainkey.${domain}" >> /etc/opendkim/SigningTable
 fi
 systemctl reload opendkim
 if [ "$?" -eq 0 ]; then
    echo "OpenDKIM successfully reloaded"
-    echo "Public key is in : /etc/opendkim/keys/${domain}/default.txt"
+    echo "Public key is in : /etc/ssl/certs/dkim-${servername}.txt"
    exit 0
 else
    echo "An error has occurred while opendkim reload, please FIX configuration !" >&2
--- a/opendkim/files/opendkim.conf
+++ b/opendkim/files/opendkim.conf
@ -5,7 +5,6 @@ OversignHeaders         From
 TrustAnchorFile         /usr/share/dns/root.key
 Selector                default
 Canonicalization        relaxed/relaxed
 ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
 InternalHosts           refile:/etc/opendkim/TrustedHosts
 KeyTable                refile:/etc/opendkim/KeyTable
 LogResults              Yes
--- a/opendkim/tasks/main.yml
+++ b/opendkim/tasks/main.yml
@ -6,19 +6,17 @@
  with_items:
  - opendkim
  - opendkim-tools
  - ssl-cert
  - dns-root-data
  tags:
  - opendkim
- name: create keys directory
+- name: Add user opendkim in ssl-cert group
-  file:
+  user:
-    name: "{{ item }}"
+    name: opendkim
-    state: directory
+    groups: ssl-cert
-    owner: opendkim
+    state: present
-    group: opendkim
+    append: yes
    mode: "0750"
  with_items:
  - '/etc/opendkim'
  - '/etc/opendkim/keys'
  tags:
  - opendkim
@ -58,6 +56,15 @@
  tags:
  - opendkim
 - name: Set folder permissions to 0750
  file:
    path: "/etc/opendkim/" 
    mode: "0750"
    force: yes
  tags:
  - opendkim
 - name: ensure opendkim is started and enabled
  systemd:
    name: opendkim
--- a/packweb-apache/meta/main.yml
+++ b/packweb-apache/meta/main.yml
@ -2,7 +2,7 @@ galaxy_info:
  author: Evolix
  description: Installation of Evolix "Pack Web" meta-role
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/php/files/sury.preferences
+++ b/php/files/sury.preferences
@ -1,4 +1,4 @@
-Package: php* libapache2-mod-php*
+Package: php* libapache2-mod-php* libpcre2* libzip4*
 Pin: origin packages.sury.org
 Pin-Priority: 999
--- a/php/meta/main.yml
+++ b/php/meta/main.yml
@ -2,7 +2,7 @@ galaxy_info:
  author: Evolix
  description: Installation and basic configuration of php-fpm.
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/php/tasks/sury_post.yml
+++ b/php/tasks/sury_post.yml
@ -1,52 +1,52 @@
 ---
- name: Symlink Evolix CLI config files from 7.2 to 7.0
+- name: Symlink Evolix CLI config files from 7.3 to 7.0
  file:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    force: yes
    state: link
  with_items:
-    - { src: "{{ php_cli_defaults_ini_file }}", dest: "/etc/php/7.2/cli/conf.d/z-evolinux-defaults.ini" }
+    - { src: "{{ php_cli_defaults_ini_file }}", dest: "/etc/php/7.3/cli/conf.d/z-evolinux-defaults.ini" }
-    - { src: "{{ php_cli_custom_ini_file }}", dest: "/etc/php/7.2/cli/conf.d/zzz-evolinux-custom.ini" }
+    - { src: "{{ php_cli_custom_ini_file }}", dest: "/etc/php/7.3/cli/conf.d/zzz-evolinux-custom.ini" }
- name: Enforce permissions on PHP 7.2/cli directory
+- name: Enforce permissions on PHP 7.3/cli directory
  file:
-    dest: /etc/php/7.2/cli
+    dest: /etc/php/7.3/cli
    mode: "0755"
- name: Symlink Evolix Apache config files from 7.2 to 7.0
+- name: Symlink Evolix Apache config files from 7.3 to 7.0
  file:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    force: yes
    state: link
  with_items:
-    - { src: "{{ php_apache_defaults_ini_file }}", dest: "/etc/php/7.2/apache2/conf.d/z-evolinux-defaults.ini" }
+    - { src: "{{ php_apache_defaults_ini_file }}", dest: "/etc/php/7.3/apache2/conf.d/z-evolinux-defaults.ini" }
-    - { src: "{{ php_apache_custom_ini_file }}", dest: "/etc/php/7.2/apache2/conf.d/zzz-evolinux-custom.ini" }
+    - { src: "{{ php_apache_custom_ini_file }}", dest: "/etc/php/7.3/apache2/conf.d/zzz-evolinux-custom.ini" }
  when: php_apache_enable
- name: Enforce permissions on PHP 7.2/cli directory
+- name: Enforce permissions on PHP 7.3/cli directory
  file:
-    dest: /etc/php/7.2/apache2
+    dest: /etc/php/7.3/apache2
    mode: "0755"
  when: php_apache_enable
- name: Symlink Evolix FPM config files from 7.2 to 7.0
+- name: Symlink Evolix FPM config files from 7.3 to 7.0
  file:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    force: yes
    state: link
  with_items:
-    - { src: "{{ php_fpm_defaults_ini_file }}", dest: "/etc/php/7.2/fpm/conf.d/z-evolinux-defaults.ini" }
+    - { src: "{{ php_fpm_defaults_ini_file }}", dest: "/etc/php/7.3/fpm/conf.d/z-evolinux-defaults.ini" }
-    - { src: "{{ php_fpm_custom_ini_file }}", dest: "/etc/php/7.2/fpm/conf.d/zzz-evolinux-custom.ini" }
+    - { src: "{{ php_fpm_custom_ini_file }}", dest: "/etc/php/7.3/fpm/conf.d/zzz-evolinux-custom.ini" }
-    - { src: "{{ php_fpm_defaults_conf_file }}", dest: "/etc/php/7.2/fpm/pool.d/z-evolinux-defaults.conf" }
+    - { src: "{{ php_fpm_defaults_conf_file }}", dest: "/etc/php/7.3/fpm/pool.d/z-evolinux-defaults.conf" }
-    - { src: "{{ php_fpm_custom_conf_file }}", dest: "/etc/php/7.2/fpm/pool.d/zzz-evolinux-custom.conf" }
+    - { src: "{{ php_fpm_custom_conf_file }}", dest: "/etc/php/7.3/fpm/pool.d/zzz-evolinux-custom.conf" }
  when: php_fpm_enable
- name: Enforce permissions on PHP 7.2/cli directory
+- name: Enforce permissions on PHP 7.3/cli directory
  file:
-    dest: /etc/php/7.2/fpm
+    dest: /etc/php/7.3/fpm
    mode: "0755"
  when: php_fpm_enable
--- a/postfix/meta/main.yml
+++ b/postfix/meta/main.yml
@ -2,7 +2,7 @@ galaxy_info:
  author: Evolix
  description: Installation and basic configuration of Postfix.
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/postgresql/meta/main.yml
+++ b/postgresql/meta/main.yml
@ -2,7 +2,7 @@ galaxy_info:
  author: Evolix
  description: Installation and basic configuration of PostgreSQL
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/proftpd/meta/main.yml
+++ b/proftpd/meta/main.yml
@ -2,7 +2,7 @@ galaxy_info:
  author: Evolix
  description: Installation and basic configuration of ProFTPd
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/rabbitmq/meta/main.yml
+++ b/rabbitmq/meta/main.yml
@ -2,7 +2,7 @@ galaxy_info:
  author: Evolix
  description: Installation and basic configuration of RabbitMq
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/rbenv/meta/main.yml
+++ b/rbenv/meta/main.yml
@ -2,7 +2,7 @@ galaxy_info:
  author: Evolix
  description: Installation of Rbenv, Ruby and some default gems.
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/redis/files/redis-server@.service
+++ b/redis/files/redis-server@.service
@ -13,6 +13,7 @@ ExecStop=/usr/bin/redis-cli -s /run/redis/%i/redis.sock shutdown
 Restart=always
 User=redis-%i
 Group=redis-%i
 LimitNOFILE=65535
 [Install]
 WantedBy=multi-user.target
--- a/redis/meta/main.yml
+++ b/redis/meta/main.yml
@ -2,7 +2,7 @@ galaxy_info:
  author: Evolix
  description: Installation and basic configuration of Redis.
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/redis/tasks/instances.yml
+++ b/redis/tasks/instances.yml
@ -1,4 +1,16 @@
 ---
 # - name: "Set variables for the instance '{{ redis_instance_name }}'"
 #   set_fact:
 #     redis_daemon: "redis-server@{{ redis_instance_name }}"
 #     redis_conf_path: "/etc/redis/redis-{{ redis_instance_name }}.conf"
 #     redis_unixsocket: "/var/run/redis/{{ redis_instance_name }}/redis.sock"
 #     redis_pidfile: "/var/run/redis/{{ redis_instance_name }}/{{ redis_daemon }}.pid"
 #     redis_logfile: "/var/log/redis/{{ redis_instance_name }}/redis-server.log"
 #     redis_dbdir: "/var/lib/redis/{{ redis_instance_name }}"
 #   tags:
 #     - redis
 - name: Systemd template for redis instances is installed
  copy:
    src: 'redis-server@.service'
@ -15,18 +27,7 @@
  tags:
    - redis
- name: Set variables for the instance
+- name: "Redis instance '{{ redis_instance_name }}' configuration file is present"
  set_fact:
    redis_daemon: "redis-server@{{ redis_instance_name }}"
    redis_conf_path: "/etc/redis/redis-{{ redis_instance_name }}.conf"
    redis_unixsocket: "/var/run/redis/{{ redis_instance_name }}/redis.sock"
    redis_pidfile: "/var/run/redis/{{ redis_instance_name }}/{{ redis_daemon }}.pid"
    redis_logfile: "/var/log/redis/{{ redis_instance_name }}/redis-server.log"
    redis_dbdir: "/var/lib/redis/{{ redis_instance_name }}"
  tags:
    - redis
 - name: Redis instance configuration file is present.
  template:
    src: redis.conf.j2
    dest: "{{ redis_conf_path }}"
@ -34,7 +35,7 @@
  tags:
    - redis
- name: Redis instance group is present
+- name: "Redis instance '{{ redis_instance_name }}' group is present"
  group:
    name: "redis-{{ redis_instance_name }}"
    state: present
@ -42,7 +43,7 @@
  tags:
    - redis
- name: Redis instance user is present
+- name: "Redis instance '{{ redis_instance_name }}' user is present"
  user:
    name: "redis-{{ redis_instance_name }}"
    group: "redis-{{ redis_instance_name }}"
@ -52,7 +53,7 @@
  tags:
    - redis
- name: Ensure redis base folders will be accessible for all instances
+- name: "Ensure redis base folders will be accessible for all instances"
  file:
    dest: "{{ item }}"
    state: directory
@ -63,7 +64,7 @@
    - "/var/lib/redis"
    - "/var/log/redis"
- name: Instances directories are present
+- name: "Instances '{{ redis_instance_name }}' directories are present"
  file:
    dest: "{{ item }}"
    state: directory
@ -76,7 +77,7 @@
  tags:
    - redis
- name: Redis systemd unit is enabled and started
+- name: "Redis '{{ redis_instance_name }}' systemd unit is enabled and started"
  systemd:
    name: "{{ redis_daemon }}"
    enabled: yes
--- a/redis/tasks/main.yml
+++ b/redis/tasks/main.yml
@ -29,6 +29,13 @@
    - redis
 - include: instances.yml
  vars:
    redis_daemon: "redis-server@{{ redis_instance_name }}"
    redis_conf_path: "/etc/redis/redis-{{ redis_instance_name }}.conf"
    redis_unixsocket: "/var/run/redis/{{ redis_instance_name }}/redis.sock"
    redis_pidfile: "/var/run/redis/{{ redis_instance_name }}/{{ redis_daemon }}.pid"
    redis_logfile: "/var/log/redis/{{ redis_instance_name }}/redis-server.log"
    redis_dbdir: "/var/lib/redis/{{ redis_instance_name }}"
  when: redis_instance_name is defined
 - name: Redis is configured.
--- a/spamassasin/files/sa-update.sh
+++ b/spamassasin/files/sa-update.sh
@ -12,7 +12,7 @@ test -x /etc/init.d/spamassassin || exit 0
 # of spamassassin --lint (which will typically get emailed to root)
 # and abort.
 die_with_lint() {
-    su debian-spamd -c "spamassassin --lint -D 2>&1"
+    su - debian-spamd -c "spamassassin --lint -D 2>&1"
    exit 1
 }
@ -20,7 +20,7 @@ do_compile() {
 # Compile, if rules have previously been compiled, and it's possible
    if [ -x /usr/bin/re2c -a -x /usr/bin/sa-compile \
        -a -d /var/lib/spamassassin/compiled ]; then
-        su debian-spamd -c "sa-compile --quiet"
+        su - debian-spamd -c "sa-compile --quiet"
        # Fixup perms -- group and other should be able to
        # read and execute, but never write.  Works around
        # sa-compile's failure to obey umask.
@ -43,12 +43,12 @@ reload() {
 # Update
 umask 022
-su debian-spamd -c "sa-update --gpghomedir /var/lib/spamassassin/sa-update-keys"
+su - debian-spamd -c "sa-update --gpghomedir /var/lib/spamassassin/sa-update-keys"
 case $? in
    0)
        # got updates!
-        su debian-spamd -c "spamassassin --lint" || die_with_lint
+        su - debian-spamd -c "spamassassin --lint" || die_with_lint
        do_compile
        reload
        echo -e "Les règles SpamAsassin ont été mises à jour. Merci de reporter toute anomalie." | \
--- a/spamassasin/tasks/main.yml
+++ b/spamassasin/tasks/main.yml
@ -71,3 +71,11 @@
  changed_when: false
  tags:
  - spamassassin
 - name: ensure SpamAssasin is started and enabled
  systemd:
    name: spamassassin
    state: started
    enabled: True
  tags:
  - spamassassin
--- a/squid/files/evolinux-whitelist-defaults.conf
+++ b/squid/files/evolinux-whitelist-defaults.conf
@ -153,6 +153,7 @@
 ^pkg\.jenkins-ci\.org$
 ^mirrors\.jenkins\.io$
 ^jenkins\.mirror\.isppower\.de$
 ^ftp-.*\.osuosl\.org$
 ^ftp\.icm\.edu\.pl$
 ^apt\.newrelic\.com$
 ^.*\.cloudfront\.net$
--- a/squid/meta/main.yml
+++ b/squid/meta/main.yml
@ -2,7 +2,7 @@ galaxy_info:
  author: Evolix
  description: Installatin and configuration of Squid as an outgoing proxy.
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/ssl/meta/main.yml
+++ b/ssl/meta/main.yml
@ -2,7 +2,7 @@ galaxy_info:
  author: Evolix
  description: Deployment of SSL certificate, key and dhparams
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/tomcat-instance/files/tomcat7/catalina.properties
+++ b/tomcat-instance/files/tomcat7/catalina.properties
--- a/tomcat-instance/files/tomcat7/context.xml
+++ b/tomcat-instance/files/tomcat7/context.xml
--- a/tomcat-instance/files/tomcat7/logging.properties
+++ b/tomcat-instance/files/tomcat7/logging.properties
--- a/tomcat-instance/files/tomcat7/tomcat-users.xml
+++ b/tomcat-instance/files/tomcat7/tomcat-users.xml
--- a/tomcat-instance/files/tomcat7/web.xml
+++ b/tomcat-instance/files/tomcat7/web.xml
--- a/tomcat-instance/files/tomcat8/catalina.properties
+++ b/tomcat-instance/files/tomcat8/catalina.properties
@ -0,0 +1,152 @@
 # Licensed to the Apache Software Foundation (ASF) under one or more
 # contributor license agreements.  See the NOTICE file distributed with
 # this work for additional information regarding copyright ownership.
 # The ASF licenses this file to You under the Apache License, Version 2.0
 # (the "License"); you may not use this file except in compliance with
 # the License.  You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
 # List of comma-separated packages that start with or equal this string
 # will cause a security exception to be thrown when
 # passed to checkPackageAccess unless the
 # corresponding RuntimePermission ("accessClassInPackage."+package) has
 # been granted.
 package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.jasper.,org.apache.tomcat.
 #
 # List of comma-separated packages that start with or equal this string
 # will cause a security exception to be thrown when
 # passed to checkPackageDefinition unless the
 # corresponding RuntimePermission ("defineClassInPackage."+package) has
 # been granted.
 #
 # by default, no packages are restricted for definition, and none of
 # the class loaders supplied with the JDK call checkPackageDefinition.
 #
 package.definition=sun.,java.,org.apache.catalina.,org.apache.coyote.,\
 org.apache.jasper.,org.apache.naming.,org.apache.tomcat.
 #
 #
 # List of comma-separated paths defining the contents of the "common"
 # classloader. Prefixes should be used to define what is the repository type.
 # Path may be relative to the CATALINA_HOME or CATALINA_BASE path or absolute.
 # If left as blank,the JVM system loader will be used as Catalina's "common"
 # loader.
 # Examples:
 #     "foo": Add this folder as a class repository
 #     "foo/*.jar": Add all the JARs of the specified folder as class
 #                  repositories
 #     "foo/bar.jar": Add bar.jar as a class repository
 #
 # Note: Values are enclosed in double quotes ("...") in case either the
 #       ${catalina.base} path or the ${catalina.home} path contains a comma.
 #       Because double quotes are used for quoting, the double quote character
 #       may not appear in a path.
 common.loader="${catalina.base}/lib","${catalina.base}/lib/*.jar","${catalina.home}/lib","${catalina.home}/lib/*.jar","${catalina.base}/common/classes","${catalina.base}/common/*.jar","${catalina.home}/common/classes","${catalina.home}/common/*.jar"
 #
 # List of comma-separated paths defining the contents of the "server"
 # classloader. Prefixes should be used to define what is the repository type.
 # Path may be relative to the CATALINA_HOME or CATALINA_BASE path or absolute.
 # If left as blank, the "common" loader will be used as Catalina's "server"
 # loader.
 # Examples:
 #     "foo": Add this folder as a class repository
 #     "foo/*.jar": Add all the JARs of the specified folder as class
 #                  repositories
 #     "foo/bar.jar": Add bar.jar as a class repository
 #
 # Note: Values may be enclosed in double quotes ("...") in case either the
 #       ${catalina.base} path or the ${catalina.home} path contains a comma.
 #       Because double quotes are used for quoting, the double quote character
 #       may not appear in a path.
 server.loader="${catalina.base}/server/classes","${catalina.base}/server/*.jar","${catalina.home}/server/classes","${catalina.home}/server/*.jar"
 #
 # List of comma-separated paths defining the contents of the "shared"
 # classloader. Prefixes should be used to define what is the repository type.
 # Path may be relative to the CATALINA_BASE path or absolute. If left as blank,
 # the "common" loader will be used as Catalina's "shared" loader.
 # Examples:
 #     "foo": Add this folder as a class repository
 #     "foo/*.jar": Add all the JARs of the specified folder as class
 #                  repositories
 #     "foo/bar.jar": Add bar.jar as a class repository
 # Please note that for single jars, e.g. bar.jar, you need the URL form
 # starting with file:.
 #
 # Note: Values may be enclosed in double quotes ("...") in case either the
 #       ${catalina.base} path or the ${catalina.home} path contains a comma.
 #       Because double quotes are used for quoting, the double quote character
 #       may not appear in a path.
 shared.loader="${catalina.base}/shared/classes","${catalina.base}/shared/*.jar","${catalina.home}/shared/classes","${catalina.home}/shared/*.jar"
 # Default list of JAR files that should not be scanned using the JarScanner
 # functionality. This is typically used to scan JARs for configuration
 # information. JARs that do not contain such information may be excluded from
 # the scan to speed up the scanning process. This is the default list. JARs on
 # this list are excluded from all scans. The list must be a comma separated list
 # of JAR file names.
 # The list of JARs to skip may be over-ridden at a Context level for individual
 # scan types by configuring a JarScanner with a nested JarScanFilter.
 # The JARs listed below include:
 # - Tomcat Bootstrap JARs
 # - Tomcat API JARs
 # - Catalina JARs
 # - Jasper JARs
 # - Tomcat JARs
 # - Common non-Tomcat JARs
 # - Test JARs (JUnit, Cobertura and dependencies)
 tomcat.util.scan.StandardJarScanFilter.jarsToSkip=\
 bootstrap.jar,commons-daemon.jar,tomcat-juli.jar,\
 annotations-api.jar,el-api.jar,jsp-api.jar,servlet-api.jar,websocket-api.jar,\
 jaspic-api.jar,\
 catalina.jar,catalina-ant.jar,catalina-ha.jar,catalina-storeconfig.jar,\
 catalina-tribes.jar,\
 jasper.jar,jasper-el.jar,ecj-*.jar,\
 tomcat-api.jar,tomcat-util.jar,tomcat-util-scan.jar,tomcat-coyote.jar,\
 tomcat-dbcp.jar,tomcat-jni.jar,tomcat-websocket.jar,\
 tomcat-i18n-en.jar,tomcat-i18n-es.jar,tomcat-i18n-fr.jar,tomcat-i18n-ja.jar,\
 tomcat-juli-adapters.jar,catalina-jmx-remote.jar,catalina-ws.jar,\
 tomcat-jdbc.jar,\
 tools.jar,\
 commons-beanutils*.jar,commons-codec*.jar,commons-collections*.jar,\
 commons-dbcp*.jar,commons-digester*.jar,commons-fileupload*.jar,\
 commons-httpclient*.jar,commons-io*.jar,commons-lang*.jar,commons-logging*.jar,\
 commons-math*.jar,commons-pool*.jar,\
 jstl.jar,taglibs-standard-spec-*.jar,\
 geronimo-spec-jaxrpc*.jar,wsdl4j*.jar,\
 ant.jar,ant-junit*.jar,aspectj*.jar,jmx.jar,h2*.jar,hibernate*.jar,httpclient*.jar,\
 jmx-tools.jar,jta*.jar,log4j*.jar,mail*.jar,slf4j*.jar,\
 xercesImpl.jar,xmlParserAPIs.jar,xml-apis.jar,\
 junit.jar,junit-*.jar,hamcrest-*.jar,easymock-*.jar,cglib-*.jar,\
 objenesis-*.jar,ant-launcher.jar,\
 cobertura-*.jar,asm-*.jar,dom4j-*.jar,icu4j-*.jar,jaxen-*.jar,jdom-*.jar,\
 jetty-*.jar,oro-*.jar,servlet-api-*.jar,tagsoup-*.jar,xmlParserAPIs-*.jar,\
 xom-*.jar
 # Default list of JAR files that should be scanned that overrides the default
 # jarsToSkip list above. This is typically used to include a specific JAR that
 # has been excluded by a broad file name pattern in the jarsToSkip list.
 # The list of JARs to scan may be over-ridden at a Context level for individual
 # scan types by configuring a JarScanner with a nested JarScanFilter.
 tomcat.util.scan.StandardJarScanFilter.jarsToScan=\
 log4j-web*.jar,log4j-taglib*.jar,log4javascript*.jar,slf4j-taglib*.jar
 # String cache configuration.
 tomcat.util.buf.StringCache.byte.enabled=true
 #tomcat.util.buf.StringCache.char.enabled=true
 #tomcat.util.buf.StringCache.trainThreshold=500000
 #tomcat.util.buf.StringCache.cacheSize=5000
 # Allow for changes to HTTP request validation
 # WARNING: Using this option will expose the server to CVE-2016-6816
 #tomcat.util.http.parser.HttpParser.requestTargetAllow=|
--- a/tomcat-instance/files/tomcat8/context.xml
+++ b/tomcat-instance/files/tomcat8/context.xml
@ -0,0 +1,30 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at
      http://www.apache.org/licenses/LICENSE-2.0
  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
 -->
 <!-- The contents of this file will be loaded for each web application -->
 <Context>
    <!-- Default set of monitored resources. If one of these changes, the    -->
    <!-- web application will be reloaded.                                   -->
    <WatchedResource>WEB-INF/web.xml</WatchedResource>
    <WatchedResource>${catalina.base}/conf/web.xml</WatchedResource>
    <!-- Uncomment this to disable session persistence across Tomcat restarts -->
    <!--
    <Manager pathname="" />
    -->
 </Context>
--- a/tomcat-instance/files/tomcat8/jaspic-providers.xml
+++ b/tomcat-instance/files/tomcat8/jaspic-providers.xml
@ -0,0 +1,23 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at
      http://www.apache.org/licenses/LICENSE-2.0
  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
 -->
 <jaspic-providers xmlns="http://tomcat.apache.org/xml"
                  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                  xsi:schemaLocation="http://tomcat.apache.org/xml jaspic-providers.xsd"
                  version="1.0">
  <!-- No JASPIC providers configured by default -->
 </jaspic-providers>
--- a/tomcat-instance/files/tomcat8/logging.properties
+++ b/tomcat-instance/files/tomcat8/logging.properties
@ -0,0 +1,56 @@
 # Licensed to the Apache Software Foundation (ASF) under one or more
 # contributor license agreements.  See the NOTICE file distributed with
 # this work for additional information regarding copyright ownership.
 # The ASF licenses this file to You under the Apache License, Version 2.0
 # (the "License"); you may not use this file except in compliance with
 # the License.  You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 handlers = 1catalina.org.apache.juli.AsyncFileHandler, 2localhost.org.apache.juli.AsyncFileHandler, java.util.logging.ConsoleHandler
 .handlers = 1catalina.org.apache.juli.AsyncFileHandler, java.util.logging.ConsoleHandler
 ############################################################
 # Handler specific properties.
 # Describes specific configuration info for Handlers.
 ############################################################
 1catalina.org.apache.juli.AsyncFileHandler.level = FINE
 1catalina.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs
 1catalina.org.apache.juli.AsyncFileHandler.prefix = catalina.
 2localhost.org.apache.juli.AsyncFileHandler.level = FINE
 2localhost.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs
 2localhost.org.apache.juli.AsyncFileHandler.prefix = localhost.
 java.util.logging.ConsoleHandler.level = FINE
 java.util.logging.ConsoleHandler.formatter = org.apache.juli.OneLineFormatter
 ############################################################
 # Facility specific properties.
 # Provides extra control for each logger.
 ############################################################
 org.apache.catalina.core.ContainerBase.[Catalina].[localhost].level = INFO
 org.apache.catalina.core.ContainerBase.[Catalina].[localhost].handlers = 2localhost.org.apache.juli.AsyncFileHandler
 # For example, set the org.apache.catalina.util.LifecycleBase logger to log
 # each component that extends LifecycleBase changing state:
 #org.apache.catalina.util.LifecycleBase.level = FINE
 # To see debug messages in TldLocationsCache, uncomment the following line:
 #org.apache.jasper.compiler.TldLocationsCache.level = FINE
 # To see debug messages for HTTP/2 handling, uncomment the following line:
 #org.apache.coyote.http2.level = FINE
 # To see debug messages for WebSocket handling, uncomment the following line:
 #org.apache.tomcat.websocket.level = FINE
--- a/tomcat-instance/files/tomcat8/tomcat-users.xml
+++ b/tomcat-instance/files/tomcat8/tomcat-users.xml
@ -0,0 +1,44 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at
      http://www.apache.org/licenses/LICENSE-2.0
  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
 -->
 <tomcat-users xmlns="http://tomcat.apache.org/xml"
              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
              xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
              version="1.0">
 <!--
  NOTE:  By default, no user is included in the "manager-gui" role required
  to operate the "/manager/html" web application.  If you wish to use this app,
  you must define such a user - the username and password are arbitrary. It is
  strongly recommended that you do NOT use one of the users in the commented out
  section below since they are intended for use with the examples web
  application.
 -->
 <!--
  NOTE:  The sample user and role entries below are intended for use with the
  examples web application. They are wrapped in a comment and thus are ignored
  when reading this file. If you wish to configure these users for use with the
  examples web application, do not forget to remove the <!.. ..> that surrounds
  them. You will also need to set the passwords to something appropriate.
 -->
 <!--
  <role rolename="tomcat"/>
  <role rolename="role1"/>
  <user username="tomcat" password="<must-be-changed>" roles="tomcat"/>
  <user username="both" password="<must-be-changed>" roles="tomcat,role1"/>
  <user username="role1" password="<must-be-changed>" roles="role1"/>
 -->
 </tomcat-users>
--- a/tomcat-instance/files/tomcat8/web.xml
+++ b/tomcat-instance/files/tomcat8/web.xml
@ -0,0 +1,4681 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at
      http://www.apache.org/licenses/LICENSE-2.0
  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
 -->
 <web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
                      http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
  version="3.1">
  <!-- ======================== Introduction ============================== -->
  <!-- This document defines default values for *all* web applications      -->
  <!-- loaded into this instance of Tomcat.  As each application is         -->
  <!-- deployed, this file is processed, followed by the                    -->
  <!-- "/WEB-INF/web.xml" deployment descriptor from your own               -->
  <!-- applications.                                                        -->
  <!--                                                                      -->
  <!-- WARNING:  Do not configure application-specific resources here!      -->
  <!-- They should go in the "/WEB-INF/web.xml" file in your application.   -->
  <!-- ================== Built In Servlet Definitions ==================== -->
  <!-- The default servlet for all web applications, that serves static     -->
  <!-- resources.  It processes all requests that are not mapped to other   -->
  <!-- servlets with servlet mappings (defined either here or in your own   -->
  <!-- web.xml file).  This servlet supports the following initialization   -->
  <!-- parameters (default values are in square brackets):                  -->
  <!--                                                                      -->
  <!--   debug               Debugging detail level for messages logged     -->
  <!--                       by this servlet. Useful values are 0, 1, and   -->
  <!--                       11 where higher values mean more detail. [0]   -->
  <!--                                                                      -->
  <!--   fileEncoding        Encoding to be used to read static resources   -->
  <!--                       [platform default]                             -->
  <!--                                                                      -->
  <!--   input               Input buffer size (in bytes) when reading      -->
  <!--                       resources to be served.  [2048]                -->
  <!--                                                                      -->
  <!--   listings            Should directory listings be produced if there -->
  <!--                       is no welcome file in this directory?  [false] -->
  <!--                       WARNING: Listings for directories with many    -->
  <!--                       entries can be slow and may consume            -->
  <!--                       significant proportions of server resources.   -->
  <!--                                                                      -->
  <!--   output              Output buffer size (in bytes) when writing     -->
  <!--                       resources to be served.  [2048]                -->
  <!--                                                                      -->
  <!--   readonly            Is this context "read only", so HTTP           -->
  <!--                       commands like PUT and DELETE are               -->
  <!--                       rejected?  [true]                              -->
  <!--                                                                      -->
  <!--   readmeFile          File to display together with the directory    -->
  <!--                       contents. [null]                               -->
  <!--                                                                      -->
  <!--   sendfileSize        If the connector used supports sendfile, this  -->
  <!--                       represents the minimal file size in KB for     -->
  <!--                       which sendfile will be used. Use a negative    -->
  <!--                       value to always disable sendfile.  [48]        -->
  <!--                                                                      -->
  <!--   useAcceptRanges     Should the Accept-Ranges header be included    -->
  <!--                       in responses where appropriate? [true]         -->
  <!--                                                                      -->
  <!--  For directory listing customization. Checks localXsltFile, then     -->
  <!--  globalXsltFile, then defaults to original behavior.                 -->
  <!--                                                                      -->
  <!--   localXsltFile       Make directory listings an XML doc and         -->
  <!--                       pass the result to this style sheet residing   -->
  <!--                       in that directory. This overrides              -->
  <!--                       contextXsltFile and globalXsltFile[null]       -->
  <!--                                                                      -->
  <!--   contextXsltFile     Make directory listings an XML doc and         -->
  <!--                       pass the result to this style sheet which is   -->
  <!--                       relative to the context root. This overrides   -->
  <!--                       globalXsltFile[null]                           -->
  <!--                                                                      -->
  <!--   globalXsltFile      Site wide configuration version of             -->
  <!--                       localXsltFile. This argument must either be an -->
  <!--                       absolute or relative (to either                -->
  <!--                       $CATALINA_BASE/conf or $CATALINA_HOME/conf)    -->
  <!--                       path that points to a location below either    -->
  <!--                       $CATALINA_BASE/conf (checked first) or         -->
  <!--                       $CATALINA_HOME/conf (checked second).[null]    -->
  <!--                                                                      -->
  <!--   showServerInfo      Should server information be presented in the  -->
  <!--                       response sent to clients when directory        -->
  <!--                       listings is enabled? [true]                    -->
    <servlet>
        <servlet-name>default</servlet-name>
        <servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>
        <init-param>
            <param-name>debug</param-name>
            <param-value>0</param-value>
        </init-param>
        <init-param>
            <param-name>listings</param-name>
            <param-value>false</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>
  <!-- The JSP page compiler and execution servlet, which is the mechanism  -->
  <!-- used by Tomcat to support JSP pages.  Traditionally, this servlet    -->
  <!-- is mapped to the URL pattern "*.jsp".  This servlet supports the     -->
  <!-- following initialization parameters (default values are in square    -->
  <!-- brackets):                                                           -->
  <!--                                                                      -->
  <!--   checkInterval       If development is false and checkInterval is   -->
  <!--                       greater than zero, background compilations are -->
  <!--                       enabled. checkInterval is the time in seconds  -->
  <!--                       between checks to see if a JSP page (and its   -->
  <!--                       dependent files) needs to  be recompiled. [0]  -->
  <!--                                                                      -->
  <!--   classdebuginfo      Should the class file be compiled with         -->
  <!--                       debugging information?  [true]                 -->
  <!--                                                                      -->
  <!--   classpath           What class path should I use while compiling   -->
  <!--                       generated servlets?  [Created dynamically      -->
  <!--                       based on the current web application]          -->
  <!--                                                                      -->
  <!--   compiler            Which compiler Ant should use to compile JSP   -->
  <!--                       pages.  See the jasper documentation for more  -->
  <!--                       information.                                   -->
  <!--                                                                      -->
  <!--   compilerSourceVM    Compiler source VM. [1.7]                      -->
  <!--                                                                      -->
  <!--   compilerTargetVM    Compiler target VM. [1.7]                      -->
  <!--                                                                      -->
  <!--   development         Is Jasper used in development mode? If true,   -->
  <!--                       the frequency at which JSPs are checked for    -->
  <!--                       modification may be specified via the          -->
  <!--                       modificationTestInterval parameter. [true]     -->
  <!--                                                                      -->
  <!--   displaySourceFragment                                              -->
  <!--                       Should a source fragment be included in        -->
  <!--                       exception messages? [true]                     -->
  <!--                                                                      -->
  <!--   dumpSmap            Should the SMAP info for JSR45 debugging be    -->
  <!--                       dumped to a file? [false]                      -->
  <!--                       False if suppressSmap is true                  -->
  <!--                                                                      -->
  <!--   enablePooling       Determines whether tag handler pooling is      -->
  <!--                       enabled. This is a compilation option. It will -->
  <!--                       not alter the behaviour of JSPs that have      -->
  <!--                       already been compiled. [true]                  -->
  <!--                                                                      -->
  <!--   engineOptionsClass  Allows specifying the Options class used to    -->
  <!--                       configure Jasper. If not present, the default  -->
  <!--                       EmbeddedServletOptions will be used.           -->
  <!--                       This option is ignored when running under a    -->
  <!--                       SecurityManager.                               -->
  <!--                                                                      -->
  <!--   errorOnUseBeanInvalidClassAttribute                                -->
  <!--                       Should Jasper issue an error when the value of -->
  <!--                       the class attribute in an useBean action is    -->
  <!--                       not a valid bean class?  [true]                -->
  <!--                                                                      -->
  <!--   fork                Tell Ant to fork compiles of JSP pages so that -->
  <!--                       a separate JVM is used for JSP page compiles   -->
  <!--                       from the one Tomcat is running in. [true]      -->
  <!--                                                                      -->
  <!--   genStringAsCharArray                                               -->
  <!--                       Should text strings be generated as char       -->
  <!--                       arrays, to improve performance in some cases?  -->
  <!--                       [false]                                        -->
  <!--                                                                      -->
  <!--   ieClassId           The class-id value to be sent to Internet      -->
  <!--                       Explorer when using <jsp:plugin> tags.         -->
  <!--                       [clsid:8AD9C840-044E-11D1-B3E9-00805F499D93]   -->
  <!--                                                                      -->
  <!--   javaEncoding        Java file encoding to use for generating java  -->
  <!--                       source files. [UTF8]                           -->
  <!--                                                                      -->
  <!--   keepgenerated       Should we keep the generated Java source code  -->
  <!--                       for each page instead of deleting it? [true]   -->
  <!--                                                                      -->
  <!--   mappedfile          Should we generate static content with one     -->
  <!--                       print statement per input line, to ease        -->
  <!--                       debugging?  [true]                             -->
  <!--                                                                      -->
  <!--   maxLoadedJsps       The maximum number of JSPs that will be loaded -->
  <!--                       for a web application. If more than this       -->
  <!--                       number of JSPs are loaded, the least recently  -->
  <!--                       used JSPs will be unloaded so that the number  -->
  <!--                       of JSPs loaded at any one time does not exceed -->
  <!--                       this limit. A value of zero or less indicates  -->
  <!--                       no limit. [-1]                                 -->
  <!--                                                                      -->
  <!--   jspIdleTimeout      The amount of time in seconds a JSP can be     -->
  <!--                       idle before it is unloaded. A value of zero    -->
  <!--                       or less indicates never unload. [-1]           -->
  <!--                                                                      -->
  <!--   modificationTestInterval                                           -->
  <!--                       Causes a JSP (and its dependent files) to not  -->
  <!--                       be checked for modification during the         -->
  <!--                       specified time interval (in seconds) from the  -->
  <!--                       last time the JSP was checked for              -->
  <!--                       modification. A value of 0 will cause the JSP  -->
  <!--                       to be checked on every access.                 -->
  <!--                       Used in development mode only. [4]             -->
  <!--                                                                      -->
  <!--   recompileOnFail     If a JSP compilation fails should the          -->
  <!--                       modificationTestInterval be ignored and the    -->
  <!--                       next access trigger a re-compilation attempt?  -->
  <!--                       Used in development mode only and is disabled  -->
  <!--                       by default as compilation may be expensive and -->
  <!--                       could lead to excessive resource usage.        -->
  <!--                       [false]                                        -->
  <!--                                                                      -->
  <!--   scratchdir          What scratch directory should we use when      -->
  <!--                       compiling JSP pages?  [default work directory  -->
  <!--                       for the current web application]               -->
  <!--                       This option is ignored when running under a    -->
  <!--                       SecurityManager.                               -->
  <!--                                                                      -->
  <!--   suppressSmap        Should the generation of SMAP info for JSR45   -->
  <!--                       debugging be suppressed?  [false]              -->
  <!--                                                                      -->
  <!--   trimSpaces          Should white spaces in template text between   -->
  <!--                       actions or directives be trimmed?  [false]     -->
  <!--                                                                      -->
  <!--   xpoweredBy          Determines whether X-Powered-By response       -->
  <!--                       header is added by generated servlet.  [false] -->
  <!--                                                                      -->
  <!--   strictQuoteEscaping When scriptlet expressions are used for        -->
  <!--                       attribute values, should the rules in JSP.1.6  -->
  <!--                       for the escaping of quote characters be        -->
  <!--                       strictly applied? [true]                       -->
  <!--                                                                      -->
  <!--   quoteAttributeEL    When EL is used in an attribute value on a     -->
  <!--                       JSP page should the rules for quoting of       -->
  <!--                       attributes described in JSP.1.6 be applied to  -->
  <!--                       the expression? [true]                         -->
    <servlet>
        <servlet-name>jsp</servlet-name>
        <servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
        <init-param>
            <param-name>fork</param-name>
            <param-value>false</param-value>
        </init-param>
        <init-param>
            <param-name>xpoweredBy</param-name>
            <param-value>false</param-value>
        </init-param>
        <load-on-startup>3</load-on-startup>
    </servlet>
  <!-- NOTE: An SSI Filter is also available as an alternative SSI          -->
  <!-- implementation. Use either the Servlet or the Filter but NOT both.   -->
  <!--                                                                      -->
  <!-- Server Side Includes processing servlet, which processes SSI         -->
  <!-- directives in HTML pages consistent with similar support in web      -->
  <!-- servers like Apache.  Traditionally, this servlet is mapped to the   -->
  <!-- URL pattern "*.shtml".  This servlet supports the following          -->
  <!-- initialization parameters (default values are in square brackets):   -->
  <!--                                                                      -->
  <!--   buffered            Should output from this servlet be buffered?   -->
  <!--                       (0=false, 1=true)  [0]                         -->
  <!--                                                                      -->
  <!--   debug               Debugging detail level for messages logged     -->
  <!--                       by this servlet.  [0]                          -->
  <!--                                                                      -->
  <!--   expires             The number of seconds before a page with SSI   -->
  <!--                       directives will expire.  [No default]          -->
  <!--                                                                      -->
  <!--   isVirtualWebappRelative                                            -->
  <!--                       Should "virtual" paths be interpreted as       -->
  <!--                       relative to the context root, instead of       -->
  <!--                       the server root? [false]                       -->
  <!--                                                                      -->
  <!--   inputEncoding       The encoding to assume for SSI resources if    -->
  <!--                       one is not available from the resource.        -->
  <!--                       [Platform default]                             -->
  <!--                                                                      -->
  <!--   outputEncoding      The encoding to use for the page that results  -->
  <!--                       from the SSI processing. [UTF-8]               -->
  <!--                                                                      -->
  <!--   allowExec           Is use of the exec command enabled? [false]    -->
 <!--
    <servlet>
        <servlet-name>ssi</servlet-name>
        <servlet-class>
          org.apache.catalina.ssi.SSIServlet
        </servlet-class>
        <init-param>
          <param-name>buffered</param-name>
          <param-value>1</param-value>
        </init-param>
        <init-param>
          <param-name>debug</param-name>
          <param-value>0</param-value>
        </init-param>
        <init-param>
          <param-name>expires</param-name>
          <param-value>666</param-value>
        </init-param>
        <init-param>
          <param-name>isVirtualWebappRelative</param-name>
          <param-value>false</param-value>
        </init-param>
        <load-on-startup>4</load-on-startup>
    </servlet>
 -->
  <!-- Common Gateway Includes (CGI) processing servlet, which supports     -->
  <!-- execution of external applications that conform to the CGI spec      -->
  <!-- requirements.  Typically, this servlet is mapped to the URL pattern  -->
  <!-- "/cgi-bin/*", which means that any CGI applications that are         -->
  <!-- executed must be present within the web application.  This servlet   -->
  <!-- supports the following initialization parameters (default values     -->
  <!-- are in square brackets):                                             -->
  <!--                                                                      -->
  <!--   cgiPathPrefix        The CGI search path will start at             -->
  <!--                        webAppRootDir + File.separator + this prefix. -->
  <!--                        If not set, then webAppRootDir is used.       -->
  <!--                        Recommended value: WEB-INF/cgi                -->
  <!--                                                                      -->
  <!--   executable           Name of the executable used to run the        -->
  <!--                        script. [perl]                                -->
  <!--                                                                      -->
  <!--   envHttpHeaders       A regular expression used to select the HTTP  -->
  <!--                        headers passed to the CGI process as          -->
  <!--                        environment variables. Note that headers are  -->
  <!--                        converted to upper case before matching and   -->
  <!--                        that the entire header name must match the    -->
  <!--                        pattern.                                      -->
  <!--                        [ACCEPT[-0-9A-Z]*|CACHE-CONTROL|COOKIE|HOST|  -->
  <!--                         IF-[-0-9A-Z]*|REFERER|USER-AGENT]            -->
  <!--                                                                      -->
  <!--   parameterEncoding    Name of parameter encoding to be used with    -->
  <!--                        CGI servlet.                                  -->
  <!--                        [System.getProperty("file.encoding","UTF-8")] -->
  <!--                                                                      -->
  <!--   passShellEnvironment Should the shell environment variables (if    -->
  <!--                        any) be passed to the CGI script? [false]     -->
  <!--                                                                      -->
  <!--   stderrTimeout        The time (in milliseconds) to wait for the    -->
  <!--                        reading of stderr to complete before          -->
  <!--                        terminating the CGI process. [2000]           -->
 <!--
    <servlet>
        <servlet-name>cgi</servlet-name>
        <servlet-class>org.apache.catalina.servlets.CGIServlet</servlet-class>
        <init-param>
          <param-name>cgiPathPrefix</param-name>
          <param-value>WEB-INF/cgi</param-value>
        </init-param>
        <load-on-startup>5</load-on-startup>
    </servlet>
 -->
  <!-- ================ Built In Servlet Mappings ========================= -->
  <!-- The servlet mappings for the built in servlets defined above.  Note  -->
  <!-- that, by default, the CGI and SSI servlets are *not* mapped.  You    -->
  <!-- must uncomment these mappings (or add them to your application's own -->
  <!-- web.xml deployment descriptor) to enable these services              -->
    <!-- The mapping for the default servlet -->
    <servlet-mapping>
        <servlet-name>default</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>
    <!-- The mappings for the JSP servlet -->
    <servlet-mapping>
        <servlet-name>jsp</servlet-name>
        <url-pattern>*.jsp</url-pattern>
        <url-pattern>*.jspx</url-pattern>
    </servlet-mapping>
    <!-- The mapping for the SSI servlet -->
 <!--
    <servlet-mapping>
        <servlet-name>ssi</servlet-name>
        <url-pattern>*.shtml</url-pattern>
    </servlet-mapping>
 -->
    <!-- The mapping for the CGI Gateway servlet -->
 <!--
    <servlet-mapping>
        <servlet-name>cgi</servlet-name>
        <url-pattern>/cgi-bin/*</url-pattern>
    </servlet-mapping>
 -->
  <!-- ================== Built In Filter Definitions ===================== -->
  <!-- A filter that sets various security related HTTP Response headers.   -->
  <!-- This filter supports the following initialization parameters         -->
  <!-- (default values are in square brackets):                             -->
  <!--                                                                      -->
  <!--   hstsEnabled         Should the HTTP Strict Transport Security      -->
  <!--                       (HSTS) header be added to the response? See    -->
  <!--                       RFC 6797 for more information on HSTS. [true]  -->
  <!--                                                                      -->
  <!--   hstsMaxAgeSeconds   The max age value that should be used in the   -->
  <!--                       HSTS header. Negative values will be treated   -->
  <!--                       as zero. [0]                                   -->
  <!--                                                                      -->
  <!--   hstsIncludeSubDomains                                              -->
  <!--                       Should the includeSubDomains parameter be      -->
  <!--                       included in the HSTS header.                   -->
  <!--                                                                      -->
  <!--   antiClickJackingEnabled                                            -->
  <!--                       Should the anti click-jacking header           -->
  <!--                       X-Frame-Options be added to every response?    -->
  <!--                       [true]                                         -->
  <!--                                                                      -->
  <!--   antiClickJackingOption                                             -->
  <!--                       What value should be used for the header. Must -->
  <!--                       be one of DENY, SAMEORIGIN, ALLOW-FROM         -->
  <!--                       (case-insensitive). [DENY]                     -->
  <!--                                                                      -->
  <!--   antiClickJackingUri IF ALLOW-FROM is used, what URI should be      -->
  <!--                       allowed? []                                    -->
  <!--                                                                      -->
  <!--   blockContentTypeSniffingEnabled                                    -->
  <!--                       Should the header that blocks content type     -->
  <!--                       sniffing be added to every response? [true]    -->
 <!--
    <filter>
        <filter-name>httpHeaderSecurity</filter-name>
        <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
        <async-supported>true</async-supported>
    </filter>
 -->
  <!-- A filter that sets character encoding that is used to decode -->
  <!-- parameters in a POST request -->
 <!--
    <filter>
        <filter-name>setCharacterEncodingFilter</filter-name>
        <filter-class>org.apache.catalina.filters.SetCharacterEncodingFilter</filter-class>
        <init-param>
            <param-name>encoding</param-name>
            <param-value>UTF-8</param-value>
        </init-param>
        <async-supported>true</async-supported>
    </filter>
 -->
  <!-- A filter that triggers request parameters parsing and rejects the    -->
  <!-- request if some parameters were skipped because of parsing errors or -->
  <!-- request size limitations.                                            -->
 <!--
    <filter>
        <filter-name>failedRequestFilter</filter-name>
        <filter-class>
          org.apache.catalina.filters.FailedRequestFilter
        </filter-class>
        <async-supported>true</async-supported>
    </filter>
 -->
  <!-- NOTE: An SSI Servlet is also available as an alternative SSI         -->
  <!-- implementation. Use either the Servlet or the Filter but NOT both.   -->
  <!--                                                                      -->
  <!-- Server Side Includes processing filter, which processes SSI          -->
  <!-- directives in HTML pages consistent with similar support in web      -->
  <!-- servers like Apache.  Traditionally, this filter is mapped to the    -->
  <!-- URL pattern "*.shtml", though it can be mapped to "*" as it will     -->
  <!-- selectively enable/disable SSI processing based on mime types. For   -->
  <!-- this to work you will need to uncomment the .shtml mime type         -->
  <!-- definition towards the bottom of this file.                          -->
  <!-- The contentType init param allows you to apply SSI processing to JSP -->
  <!-- pages, javascript, or any other content you wish.  This filter       -->
  <!-- supports the following initialization parameters (default values are -->
  <!-- in square brackets):                                                 -->
  <!--                                                                      -->
  <!--   contentType         A regex pattern that must be matched before    -->
  <!--                       SSI processing is applied.                     -->
  <!--                       [text/x-server-parsed-html(;.*)?]              -->
  <!--                                                                      -->
  <!--   debug               Debugging detail level for messages logged     -->
  <!--                       by this servlet.  [0]                          -->
  <!--                                                                      -->
  <!--   expires             The number of seconds before a page with SSI   -->
  <!--                       directives will expire.  [No default]          -->
  <!--                                                                      -->
  <!--   isVirtualWebappRelative                                            -->
  <!--                       Should "virtual" paths be interpreted as       -->
  <!--                       relative to the context root, instead of       -->
  <!--                       the server root? [false]                       -->
  <!--                                                                      -->
  <!--   allowExec           Is use of the exec command enabled? [false]    -->
 <!--
    <filter>
        <filter-name>ssi</filter-name>
        <filter-class>
          org.apache.catalina.ssi.SSIFilter
        </filter-class>
        <init-param>
          <param-name>contentType</param-name>
          <param-value>text/x-server-parsed-html(;.*)?</param-value>
        </init-param>
        <init-param>
          <param-name>debug</param-name>
          <param-value>0</param-value>
        </init-param>
        <init-param>
          <param-name>expires</param-name>
          <param-value>666</param-value>
        </init-param>
        <init-param>
          <param-name>isVirtualWebappRelative</param-name>
          <param-value>false</param-value>
        </init-param>
    </filter>
 -->
  <!-- ==================== Built In Filter Mappings ====================== -->
  <!-- The mapping for the HTTP header security Filter -->
 <!--
    <filter-mapping>
        <filter-name>httpHeaderSecurity</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
    </filter-mapping>
 -->
  <!-- The mapping for the Set Character Encoding Filter -->
 <!--
    <filter-mapping>
        <filter-name>setCharacterEncodingFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
 -->
  <!-- The mapping for the Failed Request Filter -->
 <!--
    <filter-mapping>
        <filter-name>failedRequestFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
 -->
  <!-- The mapping for the SSI Filter -->
 <!--
    <filter-mapping>
        <filter-name>ssi</filter-name>
        <url-pattern>*.shtml</url-pattern>
    </filter-mapping>
 -->
  <!-- ==================== Default Session Configuration ================= -->
  <!-- You can set the default session timeout (in minutes) for all newly   -->
  <!-- created sessions by modifying the value below.                       -->
    <session-config>
        <session-timeout>30</session-timeout>
    </session-config>
  <!-- ===================== Default MIME Type Mappings =================== -->
  <!-- When serving static resources, Tomcat will automatically generate    -->
  <!-- a "Content-Type" header based on the resource's filename extension,  -->
  <!-- based on these mappings.  Additional mappings can be added here (to  -->
  <!-- apply to all web applications), or in your own application's web.xml -->
  <!-- deployment descriptor.                                               -->
  <!-- Note: Extensions are always matched in a case-insensitive manner.    -->
    <mime-mapping>
        <extension>123</extension>
        <mime-type>application/vnd.lotus-1-2-3</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>3dml</extension>
        <mime-type>text/vnd.in3d.3dml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>3ds</extension>
        <mime-type>image/x-3ds</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>3g2</extension>
        <mime-type>video/3gpp2</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>3gp</extension>
        <mime-type>video/3gpp</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>7z</extension>
        <mime-type>application/x-7z-compressed</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>aab</extension>
        <mime-type>application/x-authorware-bin</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>aac</extension>
        <mime-type>audio/x-aac</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>aam</extension>
        <mime-type>application/x-authorware-map</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>aas</extension>
        <mime-type>application/x-authorware-seg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>abs</extension>
        <mime-type>audio/x-mpeg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>abw</extension>
        <mime-type>application/x-abiword</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ac</extension>
        <mime-type>application/pkix-attr-cert</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>acc</extension>
        <mime-type>application/vnd.americandynamics.acc</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ace</extension>
        <mime-type>application/x-ace-compressed</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>acu</extension>
        <mime-type>application/vnd.acucobol</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>acutc</extension>
        <mime-type>application/vnd.acucorp</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>adp</extension>
        <mime-type>audio/adpcm</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>aep</extension>
        <mime-type>application/vnd.audiograph</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>afm</extension>
        <mime-type>application/x-font-type1</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>afp</extension>
        <mime-type>application/vnd.ibm.modcap</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ahead</extension>
        <mime-type>application/vnd.ahead.space</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ai</extension>
        <mime-type>application/postscript</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>aif</extension>
        <mime-type>audio/x-aiff</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>aifc</extension>
        <mime-type>audio/x-aiff</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>aiff</extension>
        <mime-type>audio/x-aiff</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>aim</extension>
        <mime-type>application/x-aim</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>air</extension>
        <mime-type>application/vnd.adobe.air-application-installer-package+zip</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ait</extension>
        <mime-type>application/vnd.dvb.ait</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ami</extension>
        <mime-type>application/vnd.amiga.ami</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>anx</extension>
        <mime-type>application/annodex</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>apk</extension>
        <mime-type>application/vnd.android.package-archive</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>appcache</extension>
        <mime-type>text/cache-manifest</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>application</extension>
        <mime-type>application/x-ms-application</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>apr</extension>
        <mime-type>application/vnd.lotus-approach</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>arc</extension>
        <mime-type>application/x-freearc</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>art</extension>
        <mime-type>image/x-jg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>asc</extension>
        <mime-type>application/pgp-signature</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>asf</extension>
        <mime-type>video/x-ms-asf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>asm</extension>
        <mime-type>text/x-asm</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>aso</extension>
        <mime-type>application/vnd.accpac.simply.aso</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>asx</extension>
        <mime-type>video/x-ms-asf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>atc</extension>
        <mime-type>application/vnd.acucorp</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>atom</extension>
        <mime-type>application/atom+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>atomcat</extension>
        <mime-type>application/atomcat+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>atomsvc</extension>
        <mime-type>application/atomsvc+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>atx</extension>
        <mime-type>application/vnd.antix.game-component</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>au</extension>
        <mime-type>audio/basic</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>avi</extension>
        <mime-type>video/x-msvideo</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>avx</extension>
        <mime-type>video/x-rad-screenplay</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>aw</extension>
        <mime-type>application/applixware</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>axa</extension>
        <mime-type>audio/annodex</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>axv</extension>
        <mime-type>video/annodex</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>azf</extension>
        <mime-type>application/vnd.airzip.filesecure.azf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>azs</extension>
        <mime-type>application/vnd.airzip.filesecure.azs</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>azw</extension>
        <mime-type>application/vnd.amazon.ebook</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>bat</extension>
        <mime-type>application/x-msdownload</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>bcpio</extension>
        <mime-type>application/x-bcpio</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>bdf</extension>
        <mime-type>application/x-font-bdf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>bdm</extension>
        <mime-type>application/vnd.syncml.dm+wbxml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>bed</extension>
        <mime-type>application/vnd.realvnc.bed</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>bh2</extension>
        <mime-type>application/vnd.fujitsu.oasysprs</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>bin</extension>
        <mime-type>application/octet-stream</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>blb</extension>
        <mime-type>application/x-blorb</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>blorb</extension>
        <mime-type>application/x-blorb</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>bmi</extension>
        <mime-type>application/vnd.bmi</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>bmp</extension>
        <mime-type>image/bmp</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>body</extension>
        <mime-type>text/html</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>book</extension>
        <mime-type>application/vnd.framemaker</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>box</extension>
        <mime-type>application/vnd.previewsystems.box</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>boz</extension>
        <mime-type>application/x-bzip2</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>bpk</extension>
        <mime-type>application/octet-stream</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>btif</extension>
        <mime-type>image/prs.btif</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>bz</extension>
        <mime-type>application/x-bzip</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>bz2</extension>
        <mime-type>application/x-bzip2</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>c</extension>
        <mime-type>text/x-c</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>c11amc</extension>
        <mime-type>application/vnd.cluetrust.cartomobile-config</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>c11amz</extension>
        <mime-type>application/vnd.cluetrust.cartomobile-config-pkg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>c4d</extension>
        <mime-type>application/vnd.clonk.c4group</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>c4f</extension>
        <mime-type>application/vnd.clonk.c4group</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>c4g</extension>
        <mime-type>application/vnd.clonk.c4group</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>c4p</extension>
        <mime-type>application/vnd.clonk.c4group</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>c4u</extension>
        <mime-type>application/vnd.clonk.c4group</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cab</extension>
        <mime-type>application/vnd.ms-cab-compressed</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>caf</extension>
        <mime-type>audio/x-caf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cap</extension>
        <mime-type>application/vnd.tcpdump.pcap</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>car</extension>
        <mime-type>application/vnd.curl.car</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cat</extension>
        <mime-type>application/vnd.ms-pki.seccat</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cb7</extension>
        <mime-type>application/x-cbr</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cba</extension>
        <mime-type>application/x-cbr</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cbr</extension>
        <mime-type>application/x-cbr</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cbt</extension>
        <mime-type>application/x-cbr</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cbz</extension>
        <mime-type>application/x-cbr</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cc</extension>
        <mime-type>text/x-c</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cct</extension>
        <mime-type>application/x-director</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ccxml</extension>
        <mime-type>application/ccxml+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cdbcmsg</extension>
        <mime-type>application/vnd.contact.cmsg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cdf</extension>
        <mime-type>application/x-cdf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cdkey</extension>
        <mime-type>application/vnd.mediastation.cdkey</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cdmia</extension>
        <mime-type>application/cdmi-capability</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cdmic</extension>
        <mime-type>application/cdmi-container</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cdmid</extension>
        <mime-type>application/cdmi-domain</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cdmio</extension>
        <mime-type>application/cdmi-object</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cdmiq</extension>
        <mime-type>application/cdmi-queue</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cdx</extension>
        <mime-type>chemical/x-cdx</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cdxml</extension>
        <mime-type>application/vnd.chemdraw+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cdy</extension>
        <mime-type>application/vnd.cinderella</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cer</extension>
        <mime-type>application/pkix-cert</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cfs</extension>
        <mime-type>application/x-cfs-compressed</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cgm</extension>
        <mime-type>image/cgm</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>chat</extension>
        <mime-type>application/x-chat</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>chm</extension>
        <mime-type>application/vnd.ms-htmlhelp</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>chrt</extension>
        <mime-type>application/vnd.kde.kchart</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cif</extension>
        <mime-type>chemical/x-cif</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cii</extension>
        <mime-type>application/vnd.anser-web-certificate-issue-initiation</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cil</extension>
        <mime-type>application/vnd.ms-artgalry</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cla</extension>
        <mime-type>application/vnd.claymore</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>class</extension>
        <mime-type>application/java</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>clkk</extension>
        <mime-type>application/vnd.crick.clicker.keyboard</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>clkp</extension>
        <mime-type>application/vnd.crick.clicker.palette</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>clkt</extension>
        <mime-type>application/vnd.crick.clicker.template</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>clkw</extension>
        <mime-type>application/vnd.crick.clicker.wordbank</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>clkx</extension>
        <mime-type>application/vnd.crick.clicker</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>clp</extension>
        <mime-type>application/x-msclip</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cmc</extension>
        <mime-type>application/vnd.cosmocaller</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cmdf</extension>
        <mime-type>chemical/x-cmdf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cml</extension>
        <mime-type>chemical/x-cml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cmp</extension>
        <mime-type>application/vnd.yellowriver-custom-menu</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cmx</extension>
        <mime-type>image/x-cmx</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cod</extension>
        <mime-type>application/vnd.rim.cod</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>com</extension>
        <mime-type>application/x-msdownload</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>conf</extension>
        <mime-type>text/plain</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cpio</extension>
        <mime-type>application/x-cpio</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cpp</extension>
        <mime-type>text/x-c</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cpt</extension>
        <mime-type>application/mac-compactpro</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>crd</extension>
        <mime-type>application/x-mscardfile</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>crl</extension>
        <mime-type>application/pkix-crl</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>crt</extension>
        <mime-type>application/x-x509-ca-cert</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cryptonote</extension>
        <mime-type>application/vnd.rig.cryptonote</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>csh</extension>
        <mime-type>application/x-csh</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>csml</extension>
        <mime-type>chemical/x-csml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>csp</extension>
        <mime-type>application/vnd.commonspace</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>css</extension>
        <mime-type>text/css</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cst</extension>
        <mime-type>application/x-director</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>csv</extension>
        <mime-type>text/csv</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cu</extension>
        <mime-type>application/cu-seeme</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>curl</extension>
        <mime-type>text/vnd.curl</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cww</extension>
        <mime-type>application/prs.cww</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cxt</extension>
        <mime-type>application/x-director</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cxx</extension>
        <mime-type>text/x-c</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dae</extension>
        <mime-type>model/vnd.collada+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>daf</extension>
        <mime-type>application/vnd.mobius.daf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dart</extension>
        <mime-type>application/vnd.dart</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dataless</extension>
        <mime-type>application/vnd.fdsn.seed</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>davmount</extension>
        <mime-type>application/davmount+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dbk</extension>
        <mime-type>application/docbook+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dcr</extension>
        <mime-type>application/x-director</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dcurl</extension>
        <mime-type>text/vnd.curl.dcurl</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dd2</extension>
        <mime-type>application/vnd.oma.dd2+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ddd</extension>
        <mime-type>application/vnd.fujixerox.ddd</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>deb</extension>
        <mime-type>application/x-debian-package</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>def</extension>
        <mime-type>text/plain</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>deploy</extension>
        <mime-type>application/octet-stream</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>der</extension>
        <mime-type>application/x-x509-ca-cert</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dfac</extension>
        <mime-type>application/vnd.dreamfactory</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dgc</extension>
        <mime-type>application/x-dgc-compressed</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dib</extension>
        <mime-type>image/bmp</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dic</extension>
        <mime-type>text/x-c</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dir</extension>
        <mime-type>application/x-director</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dis</extension>
        <mime-type>application/vnd.mobius.dis</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dist</extension>
        <mime-type>application/octet-stream</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>distz</extension>
        <mime-type>application/octet-stream</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>djv</extension>
        <mime-type>image/vnd.djvu</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>djvu</extension>
        <mime-type>image/vnd.djvu</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dll</extension>
        <mime-type>application/x-msdownload</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dmg</extension>
        <mime-type>application/x-apple-diskimage</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dmp</extension>
        <mime-type>application/vnd.tcpdump.pcap</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dms</extension>
        <mime-type>application/octet-stream</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dna</extension>
        <mime-type>application/vnd.dna</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>doc</extension>
        <mime-type>application/msword</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>docm</extension>
        <mime-type>application/vnd.ms-word.document.macroenabled.12</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>docx</extension>
        <mime-type>application/vnd.openxmlformats-officedocument.wordprocessingml.document</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dot</extension>
        <mime-type>application/msword</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dotm</extension>
        <mime-type>application/vnd.ms-word.template.macroenabled.12</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dotx</extension>
        <mime-type>application/vnd.openxmlformats-officedocument.wordprocessingml.template</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dp</extension>
        <mime-type>application/vnd.osgi.dp</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dpg</extension>
        <mime-type>application/vnd.dpgraph</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dra</extension>
        <mime-type>audio/vnd.dra</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dsc</extension>
        <mime-type>text/prs.lines.tag</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dssc</extension>
        <mime-type>application/dssc+der</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dtb</extension>
        <mime-type>application/x-dtbook+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dtd</extension>
        <mime-type>application/xml-dtd</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dts</extension>
        <mime-type>audio/vnd.dts</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dtshd</extension>
        <mime-type>audio/vnd.dts.hd</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dump</extension>
        <mime-type>application/octet-stream</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dv</extension>
        <mime-type>video/x-dv</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dvb</extension>
        <mime-type>video/vnd.dvb.file</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dvi</extension>
        <mime-type>application/x-dvi</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dwf</extension>
        <mime-type>model/vnd.dwf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dwg</extension>
        <mime-type>image/vnd.dwg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dxf</extension>
        <mime-type>image/vnd.dxf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dxp</extension>
        <mime-type>application/vnd.spotfire.dxp</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dxr</extension>
        <mime-type>application/x-director</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ecelp4800</extension>
        <mime-type>audio/vnd.nuera.ecelp4800</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ecelp7470</extension>
        <mime-type>audio/vnd.nuera.ecelp7470</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ecelp9600</extension>
        <mime-type>audio/vnd.nuera.ecelp9600</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ecma</extension>
        <mime-type>application/ecmascript</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>edm</extension>
        <mime-type>application/vnd.novadigm.edm</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>edx</extension>
        <mime-type>application/vnd.novadigm.edx</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>efif</extension>
        <mime-type>application/vnd.picsel</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ei6</extension>
        <mime-type>application/vnd.pg.osasli</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>elc</extension>
        <mime-type>application/octet-stream</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>emf</extension>
        <mime-type>application/x-msmetafile</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>eml</extension>
        <mime-type>message/rfc822</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>emma</extension>
        <mime-type>application/emma+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>emz</extension>
        <mime-type>application/x-msmetafile</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>eol</extension>
        <mime-type>audio/vnd.digital-winds</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>eot</extension>
        <mime-type>application/vnd.ms-fontobject</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>eps</extension>
        <mime-type>application/postscript</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>epub</extension>
        <mime-type>application/epub+zip</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>es3</extension>
        <mime-type>application/vnd.eszigno3+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>esa</extension>
        <mime-type>application/vnd.osgi.subsystem</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>esf</extension>
        <mime-type>application/vnd.epson.esf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>et3</extension>
        <mime-type>application/vnd.eszigno3+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>etx</extension>
        <mime-type>text/x-setext</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>eva</extension>
        <mime-type>application/x-eva</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>evy</extension>
        <mime-type>application/x-envoy</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>exe</extension>
        <mime-type>application/octet-stream</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>exi</extension>
        <mime-type>application/exi</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ext</extension>
        <mime-type>application/vnd.novadigm.ext</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ez</extension>
        <mime-type>application/andrew-inset</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ez2</extension>
        <mime-type>application/vnd.ezpix-album</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ez3</extension>
        <mime-type>application/vnd.ezpix-package</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>f</extension>
        <mime-type>text/x-fortran</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>f4v</extension>
        <mime-type>video/x-f4v</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>f77</extension>
        <mime-type>text/x-fortran</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>f90</extension>
        <mime-type>text/x-fortran</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>fbs</extension>
        <mime-type>image/vnd.fastbidsheet</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>fcdt</extension>
        <mime-type>application/vnd.adobe.formscentral.fcdt</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>fcs</extension>
        <mime-type>application/vnd.isac.fcs</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>fdf</extension>
        <mime-type>application/vnd.fdf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>fe_launch</extension>
        <mime-type>application/vnd.denovo.fcselayout-link</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>fg5</extension>
        <mime-type>application/vnd.fujitsu.oasysgp</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>fgd</extension>
        <mime-type>application/x-director</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>fh</extension>
        <mime-type>image/x-freehand</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>fh4</extension>
        <mime-type>image/x-freehand</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>fh5</extension>
        <mime-type>image/x-freehand</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>fh7</extension>
        <mime-type>image/x-freehand</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>fhc</extension>
        <mime-type>image/x-freehand</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>fig</extension>
        <mime-type>application/x-xfig</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>flac</extension>
        <mime-type>audio/flac</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>fli</extension>
        <mime-type>video/x-fli</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>flo</extension>
        <mime-type>application/vnd.micrografx.flo</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>flv</extension>
        <mime-type>video/x-flv</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>flw</extension>
        <mime-type>application/vnd.kde.kivio</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>flx</extension>
        <mime-type>text/vnd.fmi.flexstor</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>fly</extension>
        <mime-type>text/vnd.fly</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>fm</extension>
        <mime-type>application/vnd.framemaker</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>fnc</extension>
        <mime-type>application/vnd.frogans.fnc</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>for</extension>
        <mime-type>text/x-fortran</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>fpx</extension>
        <mime-type>image/vnd.fpx</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>frame</extension>
        <mime-type>application/vnd.framemaker</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>fsc</extension>
        <mime-type>application/vnd.fsc.weblaunch</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>fst</extension>
        <mime-type>image/vnd.fst</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ftc</extension>
        <mime-type>application/vnd.fluxtime.clip</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>fti</extension>
        <mime-type>application/vnd.anser-web-funds-transfer-initiation</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>fvt</extension>
        <mime-type>video/vnd.fvt</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>fxp</extension>
        <mime-type>application/vnd.adobe.fxp</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>fxpl</extension>
        <mime-type>application/vnd.adobe.fxp</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>fzs</extension>
        <mime-type>application/vnd.fuzzysheet</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>g2w</extension>
        <mime-type>application/vnd.geoplan</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>g3</extension>
        <mime-type>image/g3fax</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>g3w</extension>
        <mime-type>application/vnd.geospace</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>gac</extension>
        <mime-type>application/vnd.groove-account</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>gam</extension>
        <mime-type>application/x-tads</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>gbr</extension>
        <mime-type>application/rpki-ghostbusters</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>gca</extension>
        <mime-type>application/x-gca-compressed</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>gdl</extension>
        <mime-type>model/vnd.gdl</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>geo</extension>
        <mime-type>application/vnd.dynageo</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>gex</extension>
        <mime-type>application/vnd.geometry-explorer</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ggb</extension>
        <mime-type>application/vnd.geogebra.file</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ggt</extension>
        <mime-type>application/vnd.geogebra.tool</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ghf</extension>
        <mime-type>application/vnd.groove-help</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>gif</extension>
        <mime-type>image/gif</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>gim</extension>
        <mime-type>application/vnd.groove-identity-message</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>gml</extension>
        <mime-type>application/gml+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>gmx</extension>
        <mime-type>application/vnd.gmx</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>gnumeric</extension>
        <mime-type>application/x-gnumeric</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>gph</extension>
        <mime-type>application/vnd.flographit</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>gpx</extension>
        <mime-type>application/gpx+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>gqf</extension>
        <mime-type>application/vnd.grafeq</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>gqs</extension>
        <mime-type>application/vnd.grafeq</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>gram</extension>
        <mime-type>application/srgs</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>gramps</extension>
        <mime-type>application/x-gramps-xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>gre</extension>
        <mime-type>application/vnd.geometry-explorer</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>grv</extension>
        <mime-type>application/vnd.groove-injector</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>grxml</extension>
        <mime-type>application/srgs+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>gsf</extension>
        <mime-type>application/x-font-ghostscript</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>gtar</extension>
        <mime-type>application/x-gtar</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>gtm</extension>
        <mime-type>application/vnd.groove-tool-message</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>gtw</extension>
        <mime-type>model/vnd.gtw</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>gv</extension>
        <mime-type>text/vnd.graphviz</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>gxf</extension>
        <mime-type>application/gxf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>gxt</extension>
        <mime-type>application/vnd.geonext</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>gz</extension>
        <mime-type>application/x-gzip</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>h</extension>
        <mime-type>text/x-c</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>h261</extension>
        <mime-type>video/h261</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>h263</extension>
        <mime-type>video/h263</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>h264</extension>
        <mime-type>video/h264</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>hal</extension>
        <mime-type>application/vnd.hal+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>hbci</extension>
        <mime-type>application/vnd.hbci</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>hdf</extension>
        <mime-type>application/x-hdf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>hh</extension>
        <mime-type>text/x-c</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>hlp</extension>
        <mime-type>application/winhlp</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>hpgl</extension>
        <mime-type>application/vnd.hp-hpgl</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>hpid</extension>
        <mime-type>application/vnd.hp-hpid</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>hps</extension>
        <mime-type>application/vnd.hp-hps</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>hqx</extension>
        <mime-type>application/mac-binhex40</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>htc</extension>
        <mime-type>text/x-component</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>htke</extension>
        <mime-type>application/vnd.kenameaapp</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>htm</extension>
        <mime-type>text/html</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>html</extension>
        <mime-type>text/html</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>hvd</extension>
        <mime-type>application/vnd.yamaha.hv-dic</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>hvp</extension>
        <mime-type>application/vnd.yamaha.hv-voice</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>hvs</extension>
        <mime-type>application/vnd.yamaha.hv-script</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>i2g</extension>
        <mime-type>application/vnd.intergeo</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>icc</extension>
        <mime-type>application/vnd.iccprofile</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ice</extension>
        <mime-type>x-conference/x-cooltalk</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>icm</extension>
        <mime-type>application/vnd.iccprofile</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ico</extension>
        <mime-type>image/x-icon</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ics</extension>
        <mime-type>text/calendar</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ief</extension>
        <mime-type>image/ief</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ifb</extension>
        <mime-type>text/calendar</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ifm</extension>
        <mime-type>application/vnd.shana.informed.formdata</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>iges</extension>
        <mime-type>model/iges</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>igl</extension>
        <mime-type>application/vnd.igloader</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>igm</extension>
        <mime-type>application/vnd.insors.igm</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>igs</extension>
        <mime-type>model/iges</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>igx</extension>
        <mime-type>application/vnd.micrografx.igx</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>iif</extension>
        <mime-type>application/vnd.shana.informed.interchange</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>imp</extension>
        <mime-type>application/vnd.accpac.simply.imp</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ims</extension>
        <mime-type>application/vnd.ms-ims</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>in</extension>
        <mime-type>text/plain</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ink</extension>
        <mime-type>application/inkml+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>inkml</extension>
        <mime-type>application/inkml+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>install</extension>
        <mime-type>application/x-install-instructions</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>iota</extension>
        <mime-type>application/vnd.astraea-software.iota</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ipfix</extension>
        <mime-type>application/ipfix</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ipk</extension>
        <mime-type>application/vnd.shana.informed.package</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>irm</extension>
        <mime-type>application/vnd.ibm.rights-management</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>irp</extension>
        <mime-type>application/vnd.irepository.package+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>iso</extension>
        <mime-type>application/x-iso9660-image</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>itp</extension>
        <mime-type>application/vnd.shana.informed.formtemplate</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ivp</extension>
        <mime-type>application/vnd.immervision-ivp</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ivu</extension>
        <mime-type>application/vnd.immervision-ivu</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>jad</extension>
        <mime-type>text/vnd.sun.j2me.app-descriptor</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>jam</extension>
        <mime-type>application/vnd.jam</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>jar</extension>
        <mime-type>application/java-archive</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>java</extension>
        <mime-type>text/x-java-source</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>jisp</extension>
        <mime-type>application/vnd.jisp</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>jlt</extension>
        <mime-type>application/vnd.hp-jlyt</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>jnlp</extension>
        <mime-type>application/x-java-jnlp-file</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>joda</extension>
        <mime-type>application/vnd.joost.joda-archive</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>jpe</extension>
        <mime-type>image/jpeg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>jpeg</extension>
        <mime-type>image/jpeg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>jpg</extension>
        <mime-type>image/jpeg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>jpgm</extension>
        <mime-type>video/jpm</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>jpgv</extension>
        <mime-type>video/jpeg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>jpm</extension>
        <mime-type>video/jpm</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>js</extension>
        <mime-type>application/javascript</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>jsf</extension>
        <mime-type>text/plain</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>json</extension>
        <mime-type>application/json</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>jsonml</extension>
        <mime-type>application/jsonml+json</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>jspf</extension>
        <mime-type>text/plain</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>kar</extension>
        <mime-type>audio/midi</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>karbon</extension>
        <mime-type>application/vnd.kde.karbon</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>kfo</extension>
        <mime-type>application/vnd.kde.kformula</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>kia</extension>
        <mime-type>application/vnd.kidspiration</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>kml</extension>
        <mime-type>application/vnd.google-earth.kml+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>kmz</extension>
        <mime-type>application/vnd.google-earth.kmz</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>kne</extension>
        <mime-type>application/vnd.kinar</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>knp</extension>
        <mime-type>application/vnd.kinar</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>kon</extension>
        <mime-type>application/vnd.kde.kontour</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>kpr</extension>
        <mime-type>application/vnd.kde.kpresenter</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>kpt</extension>
        <mime-type>application/vnd.kde.kpresenter</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>kpxx</extension>
        <mime-type>application/vnd.ds-keypoint</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ksp</extension>
        <mime-type>application/vnd.kde.kspread</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ktr</extension>
        <mime-type>application/vnd.kahootz</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ktx</extension>
        <mime-type>image/ktx</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ktz</extension>
        <mime-type>application/vnd.kahootz</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>kwd</extension>
        <mime-type>application/vnd.kde.kword</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>kwt</extension>
        <mime-type>application/vnd.kde.kword</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>lasxml</extension>
        <mime-type>application/vnd.las.las+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>latex</extension>
        <mime-type>application/x-latex</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>lbd</extension>
        <mime-type>application/vnd.llamagraphics.life-balance.desktop</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>lbe</extension>
        <mime-type>application/vnd.llamagraphics.life-balance.exchange+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>les</extension>
        <mime-type>application/vnd.hhe.lesson-player</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>lha</extension>
        <mime-type>application/x-lzh-compressed</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>link66</extension>
        <mime-type>application/vnd.route66.link66+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>list</extension>
        <mime-type>text/plain</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>list3820</extension>
        <mime-type>application/vnd.ibm.modcap</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>listafp</extension>
        <mime-type>application/vnd.ibm.modcap</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>lnk</extension>
        <mime-type>application/x-ms-shortcut</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>log</extension>
        <mime-type>text/plain</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>lostxml</extension>
        <mime-type>application/lost+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>lrf</extension>
        <mime-type>application/octet-stream</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>lrm</extension>
        <mime-type>application/vnd.ms-lrm</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ltf</extension>
        <mime-type>application/vnd.frogans.ltf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>lvp</extension>
        <mime-type>audio/vnd.lucent.voice</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>lwp</extension>
        <mime-type>application/vnd.lotus-wordpro</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>lzh</extension>
        <mime-type>application/x-lzh-compressed</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>m13</extension>
        <mime-type>application/x-msmediaview</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>m14</extension>
        <mime-type>application/x-msmediaview</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>m1v</extension>
        <mime-type>video/mpeg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>m21</extension>
        <mime-type>application/mp21</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>m2a</extension>
        <mime-type>audio/mpeg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>m2v</extension>
        <mime-type>video/mpeg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>m3a</extension>
        <mime-type>audio/mpeg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>m3u</extension>
        <mime-type>audio/x-mpegurl</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>m3u8</extension>
        <mime-type>application/vnd.apple.mpegurl</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>m4a</extension>
        <mime-type>audio/mp4</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>m4b</extension>
        <mime-type>audio/mp4</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>m4r</extension>
        <mime-type>audio/mp4</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>m4u</extension>
        <mime-type>video/vnd.mpegurl</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>m4v</extension>
        <mime-type>video/mp4</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ma</extension>
        <mime-type>application/mathematica</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mac</extension>
        <mime-type>image/x-macpaint</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mads</extension>
        <mime-type>application/mads+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mag</extension>
        <mime-type>application/vnd.ecowin.chart</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>maker</extension>
        <mime-type>application/vnd.framemaker</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>man</extension>
        <mime-type>text/troff</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mar</extension>
        <mime-type>application/octet-stream</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mathml</extension>
        <mime-type>application/mathml+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mb</extension>
        <mime-type>application/mathematica</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mbk</extension>
        <mime-type>application/vnd.mobius.mbk</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mbox</extension>
        <mime-type>application/mbox</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mc1</extension>
        <mime-type>application/vnd.medcalcdata</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mcd</extension>
        <mime-type>application/vnd.mcd</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mcurl</extension>
        <mime-type>text/vnd.curl.mcurl</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mdb</extension>
        <mime-type>application/x-msaccess</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mdi</extension>
        <mime-type>image/vnd.ms-modi</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>me</extension>
        <mime-type>text/troff</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mesh</extension>
        <mime-type>model/mesh</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>meta4</extension>
        <mime-type>application/metalink4+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>metalink</extension>
        <mime-type>application/metalink+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mets</extension>
        <mime-type>application/mets+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mfm</extension>
        <mime-type>application/vnd.mfmp</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mft</extension>
        <mime-type>application/rpki-manifest</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mgp</extension>
        <mime-type>application/vnd.osgeo.mapguide.package</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mgz</extension>
        <mime-type>application/vnd.proteus.magazine</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mid</extension>
        <mime-type>audio/midi</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>midi</extension>
        <mime-type>audio/midi</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mie</extension>
        <mime-type>application/x-mie</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mif</extension>
        <mime-type>application/x-mif</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mime</extension>
        <mime-type>message/rfc822</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mj2</extension>
        <mime-type>video/mj2</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mjp2</extension>
        <mime-type>video/mj2</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mk3d</extension>
        <mime-type>video/x-matroska</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mka</extension>
        <mime-type>audio/x-matroska</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mks</extension>
        <mime-type>video/x-matroska</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mkv</extension>
        <mime-type>video/x-matroska</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mlp</extension>
        <mime-type>application/vnd.dolby.mlp</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mmd</extension>
        <mime-type>application/vnd.chipnuts.karaoke-mmd</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mmf</extension>
        <mime-type>application/vnd.smaf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mmr</extension>
        <mime-type>image/vnd.fujixerox.edmics-mmr</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mng</extension>
        <mime-type>video/x-mng</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mny</extension>
        <mime-type>application/x-msmoney</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mobi</extension>
        <mime-type>application/x-mobipocket-ebook</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mods</extension>
        <mime-type>application/mods+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mov</extension>
        <mime-type>video/quicktime</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>movie</extension>
        <mime-type>video/x-sgi-movie</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mp1</extension>
        <mime-type>audio/mpeg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mp2</extension>
        <mime-type>audio/mpeg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mp21</extension>
        <mime-type>application/mp21</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mp2a</extension>
        <mime-type>audio/mpeg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mp3</extension>
        <mime-type>audio/mpeg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mp4</extension>
        <mime-type>video/mp4</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mp4a</extension>
        <mime-type>audio/mp4</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mp4s</extension>
        <mime-type>application/mp4</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mp4v</extension>
        <mime-type>video/mp4</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mpa</extension>
        <mime-type>audio/mpeg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mpc</extension>
        <mime-type>application/vnd.mophun.certificate</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mpe</extension>
        <mime-type>video/mpeg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mpeg</extension>
        <mime-type>video/mpeg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mpega</extension>
        <mime-type>audio/x-mpeg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mpg</extension>
        <mime-type>video/mpeg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mpg4</extension>
        <mime-type>video/mp4</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mpga</extension>
        <mime-type>audio/mpeg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mpkg</extension>
        <mime-type>application/vnd.apple.installer+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mpm</extension>
        <mime-type>application/vnd.blueice.multipass</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mpn</extension>
        <mime-type>application/vnd.mophun.application</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mpp</extension>
        <mime-type>application/vnd.ms-project</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mpt</extension>
        <mime-type>application/vnd.ms-project</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mpv2</extension>
        <mime-type>video/mpeg2</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mpy</extension>
        <mime-type>application/vnd.ibm.minipay</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mqy</extension>
        <mime-type>application/vnd.mobius.mqy</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mrc</extension>
        <mime-type>application/marc</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mrcx</extension>
        <mime-type>application/marcxml+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ms</extension>
        <mime-type>text/troff</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mscml</extension>
        <mime-type>application/mediaservercontrol+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mseed</extension>
        <mime-type>application/vnd.fdsn.mseed</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mseq</extension>
        <mime-type>application/vnd.mseq</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>msf</extension>
        <mime-type>application/vnd.epson.msf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>msh</extension>
        <mime-type>model/mesh</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>msi</extension>
        <mime-type>application/x-msdownload</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>msl</extension>
        <mime-type>application/vnd.mobius.msl</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>msty</extension>
        <mime-type>application/vnd.muvee.style</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mts</extension>
        <mime-type>model/vnd.mts</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mus</extension>
        <mime-type>application/vnd.musician</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>musicxml</extension>
        <mime-type>application/vnd.recordare.musicxml+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mvb</extension>
        <mime-type>application/x-msmediaview</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mwf</extension>
        <mime-type>application/vnd.mfer</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mxf</extension>
        <mime-type>application/mxf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mxl</extension>
        <mime-type>application/vnd.recordare.musicxml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mxml</extension>
        <mime-type>application/xv+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mxs</extension>
        <mime-type>application/vnd.triscape.mxs</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mxu</extension>
        <mime-type>video/vnd.mpegurl</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>n-gage</extension>
        <mime-type>application/vnd.nokia.n-gage.symbian.install</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>n3</extension>
        <mime-type>text/n3</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>nb</extension>
        <mime-type>application/mathematica</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>nbp</extension>
        <mime-type>application/vnd.wolfram.player</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>nc</extension>
        <mime-type>application/x-netcdf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ncx</extension>
        <mime-type>application/x-dtbncx+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>nfo</extension>
        <mime-type>text/x-nfo</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ngdat</extension>
        <mime-type>application/vnd.nokia.n-gage.data</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>nitf</extension>
        <mime-type>application/vnd.nitf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>nlu</extension>
        <mime-type>application/vnd.neurolanguage.nlu</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>nml</extension>
        <mime-type>application/vnd.enliven</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>nnd</extension>
        <mime-type>application/vnd.noblenet-directory</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>nns</extension>
        <mime-type>application/vnd.noblenet-sealer</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>nnw</extension>
        <mime-type>application/vnd.noblenet-web</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>npx</extension>
        <mime-type>image/vnd.net-fpx</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>nsc</extension>
        <mime-type>application/x-conference</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>nsf</extension>
        <mime-type>application/vnd.lotus-notes</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ntf</extension>
        <mime-type>application/vnd.nitf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>nzb</extension>
        <mime-type>application/x-nzb</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>oa2</extension>
        <mime-type>application/vnd.fujitsu.oasys2</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>oa3</extension>
        <mime-type>application/vnd.fujitsu.oasys3</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>oas</extension>
        <mime-type>application/vnd.fujitsu.oasys</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>obd</extension>
        <mime-type>application/x-msbinder</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>obj</extension>
        <mime-type>application/x-tgif</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>oda</extension>
        <mime-type>application/oda</mime-type>
    </mime-mapping>
    <mime-mapping>
        <!-- OpenDocument Database -->
        <extension>odb</extension>
        <mime-type>application/vnd.oasis.opendocument.database</mime-type>
    </mime-mapping>
    <mime-mapping>
        <!-- OpenDocument Chart -->
        <extension>odc</extension>
        <mime-type>application/vnd.oasis.opendocument.chart</mime-type>
    </mime-mapping>
    <mime-mapping>
        <!-- OpenDocument Formula -->
        <extension>odf</extension>
        <mime-type>application/vnd.oasis.opendocument.formula</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>odft</extension>
        <mime-type>application/vnd.oasis.opendocument.formula-template</mime-type>
    </mime-mapping>
    <mime-mapping>
        <!-- OpenDocument Drawing -->
        <extension>odg</extension>
        <mime-type>application/vnd.oasis.opendocument.graphics</mime-type>
    </mime-mapping>
    <mime-mapping>
        <!-- OpenDocument Image -->
        <extension>odi</extension>
        <mime-type>application/vnd.oasis.opendocument.image</mime-type>
    </mime-mapping>
    <mime-mapping>
        <!-- OpenDocument Master Document -->
        <extension>odm</extension>
        <mime-type>application/vnd.oasis.opendocument.text-master</mime-type>
    </mime-mapping>
    <mime-mapping>
        <!-- OpenDocument Presentation -->
        <extension>odp</extension>
        <mime-type>application/vnd.oasis.opendocument.presentation</mime-type>
    </mime-mapping>
    <mime-mapping>
        <!-- OpenDocument Spreadsheet -->
        <extension>ods</extension>
        <mime-type>application/vnd.oasis.opendocument.spreadsheet</mime-type>
    </mime-mapping>
    <mime-mapping>
        <!-- OpenDocument Text -->
        <extension>odt</extension>
        <mime-type>application/vnd.oasis.opendocument.text</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>oga</extension>
        <mime-type>audio/ogg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ogg</extension>
        <mime-type>audio/ogg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ogv</extension>
        <mime-type>video/ogg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <!-- xiph mime types -->
        <extension>ogx</extension>
        <mime-type>application/ogg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>omdoc</extension>
        <mime-type>application/omdoc+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>onepkg</extension>
        <mime-type>application/onenote</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>onetmp</extension>
        <mime-type>application/onenote</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>onetoc</extension>
        <mime-type>application/onenote</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>onetoc2</extension>
        <mime-type>application/onenote</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>opf</extension>
        <mime-type>application/oebps-package+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>opml</extension>
        <mime-type>text/x-opml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>oprc</extension>
        <mime-type>application/vnd.palm</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>org</extension>
        <mime-type>application/vnd.lotus-organizer</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>osf</extension>
        <mime-type>application/vnd.yamaha.openscoreformat</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>osfpvg</extension>
        <mime-type>application/vnd.yamaha.openscoreformat.osfpvg+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>otc</extension>
        <mime-type>application/vnd.oasis.opendocument.chart-template</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>otf</extension>
        <mime-type>application/x-font-otf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <!-- OpenDocument Drawing Template -->
        <extension>otg</extension>
        <mime-type>application/vnd.oasis.opendocument.graphics-template</mime-type>
    </mime-mapping>
    <mime-mapping>
        <!-- HTML Document Template -->
        <extension>oth</extension>
        <mime-type>application/vnd.oasis.opendocument.text-web</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>oti</extension>
        <mime-type>application/vnd.oasis.opendocument.image-template</mime-type>
    </mime-mapping>
    <mime-mapping>
        <!-- OpenDocument Presentation Template -->
        <extension>otp</extension>
        <mime-type>application/vnd.oasis.opendocument.presentation-template</mime-type>
    </mime-mapping>
    <mime-mapping>
        <!-- OpenDocument Spreadsheet Template -->
        <extension>ots</extension>
        <mime-type>application/vnd.oasis.opendocument.spreadsheet-template</mime-type>
    </mime-mapping>
    <mime-mapping>
        <!-- OpenDocument Text Template -->
        <extension>ott</extension>
        <mime-type>application/vnd.oasis.opendocument.text-template</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>oxps</extension>
        <mime-type>application/oxps</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>oxt</extension>
        <mime-type>application/vnd.openofficeorg.extension</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>p</extension>
        <mime-type>text/x-pascal</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>p10</extension>
        <mime-type>application/pkcs10</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>p12</extension>
        <mime-type>application/x-pkcs12</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>p7b</extension>
        <mime-type>application/x-pkcs7-certificates</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>p7c</extension>
        <mime-type>application/pkcs7-mime</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>p7m</extension>
        <mime-type>application/pkcs7-mime</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>p7r</extension>
        <mime-type>application/x-pkcs7-certreqresp</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>p7s</extension>
        <mime-type>application/pkcs7-signature</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>p8</extension>
        <mime-type>application/pkcs8</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pas</extension>
        <mime-type>text/x-pascal</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>paw</extension>
        <mime-type>application/vnd.pawaafile</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pbd</extension>
        <mime-type>application/vnd.powerbuilder6</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pbm</extension>
        <mime-type>image/x-portable-bitmap</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pcap</extension>
        <mime-type>application/vnd.tcpdump.pcap</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pcf</extension>
        <mime-type>application/x-font-pcf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pcl</extension>
        <mime-type>application/vnd.hp-pcl</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pclxl</extension>
        <mime-type>application/vnd.hp-pclxl</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pct</extension>
        <mime-type>image/pict</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pcurl</extension>
        <mime-type>application/vnd.curl.pcurl</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pcx</extension>
        <mime-type>image/x-pcx</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pdb</extension>
        <mime-type>application/vnd.palm</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pdf</extension>
        <mime-type>application/pdf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pfa</extension>
        <mime-type>application/x-font-type1</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pfb</extension>
        <mime-type>application/x-font-type1</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pfm</extension>
        <mime-type>application/x-font-type1</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pfr</extension>
        <mime-type>application/font-tdpfr</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pfx</extension>
        <mime-type>application/x-pkcs12</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pgm</extension>
        <mime-type>image/x-portable-graymap</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pgn</extension>
        <mime-type>application/x-chess-pgn</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pgp</extension>
        <mime-type>application/pgp-encrypted</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pic</extension>
        <mime-type>image/pict</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pict</extension>
        <mime-type>image/pict</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pkg</extension>
        <mime-type>application/octet-stream</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pki</extension>
        <mime-type>application/pkixcmp</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pkipath</extension>
        <mime-type>application/pkix-pkipath</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>plb</extension>
        <mime-type>application/vnd.3gpp.pic-bw-large</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>plc</extension>
        <mime-type>application/vnd.mobius.plc</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>plf</extension>
        <mime-type>application/vnd.pocketlearn</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pls</extension>
        <mime-type>audio/x-scpls</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pml</extension>
        <mime-type>application/vnd.ctc-posml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>png</extension>
        <mime-type>image/png</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pnm</extension>
        <mime-type>image/x-portable-anymap</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pnt</extension>
        <mime-type>image/x-macpaint</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>portpkg</extension>
        <mime-type>application/vnd.macports.portpkg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pot</extension>
        <mime-type>application/vnd.ms-powerpoint</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>potm</extension>
        <mime-type>application/vnd.ms-powerpoint.template.macroenabled.12</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>potx</extension>
        <mime-type>application/vnd.openxmlformats-officedocument.presentationml.template</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ppam</extension>
        <mime-type>application/vnd.ms-powerpoint.addin.macroenabled.12</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ppd</extension>
        <mime-type>application/vnd.cups-ppd</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ppm</extension>
        <mime-type>image/x-portable-pixmap</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pps</extension>
        <mime-type>application/vnd.ms-powerpoint</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ppsm</extension>
        <mime-type>application/vnd.ms-powerpoint.slideshow.macroenabled.12</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ppsx</extension>
        <mime-type>application/vnd.openxmlformats-officedocument.presentationml.slideshow</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ppt</extension>
        <mime-type>application/vnd.ms-powerpoint</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pptm</extension>
        <mime-type>application/vnd.ms-powerpoint.presentation.macroenabled.12</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pptx</extension>
        <mime-type>application/vnd.openxmlformats-officedocument.presentationml.presentation</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pqa</extension>
        <mime-type>application/vnd.palm</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>prc</extension>
        <mime-type>application/x-mobipocket-ebook</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pre</extension>
        <mime-type>application/vnd.lotus-freelance</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>prf</extension>
        <mime-type>application/pics-rules</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ps</extension>
        <mime-type>application/postscript</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>psb</extension>
        <mime-type>application/vnd.3gpp.pic-bw-small</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>psd</extension>
        <mime-type>image/vnd.adobe.photoshop</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>psf</extension>
        <mime-type>application/x-font-linux-psf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pskcxml</extension>
        <mime-type>application/pskc+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ptid</extension>
        <mime-type>application/vnd.pvi.ptid1</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pub</extension>
        <mime-type>application/x-mspublisher</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pvb</extension>
        <mime-type>application/vnd.3gpp.pic-bw-var</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pwn</extension>
        <mime-type>application/vnd.3m.post-it-notes</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pya</extension>
        <mime-type>audio/vnd.ms-playready.media.pya</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pyv</extension>
        <mime-type>video/vnd.ms-playready.media.pyv</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>qam</extension>
        <mime-type>application/vnd.epson.quickanime</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>qbo</extension>
        <mime-type>application/vnd.intu.qbo</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>qfx</extension>
        <mime-type>application/vnd.intu.qfx</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>qps</extension>
        <mime-type>application/vnd.publishare-delta-tree</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>qt</extension>
        <mime-type>video/quicktime</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>qti</extension>
        <mime-type>image/x-quicktime</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>qtif</extension>
        <mime-type>image/x-quicktime</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>qwd</extension>
        <mime-type>application/vnd.quark.quarkxpress</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>qwt</extension>
        <mime-type>application/vnd.quark.quarkxpress</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>qxb</extension>
        <mime-type>application/vnd.quark.quarkxpress</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>qxd</extension>
        <mime-type>application/vnd.quark.quarkxpress</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>qxl</extension>
        <mime-type>application/vnd.quark.quarkxpress</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>qxt</extension>
        <mime-type>application/vnd.quark.quarkxpress</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ra</extension>
        <mime-type>audio/x-pn-realaudio</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ram</extension>
        <mime-type>audio/x-pn-realaudio</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>rar</extension>
        <mime-type>application/x-rar-compressed</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ras</extension>
        <mime-type>image/x-cmu-raster</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>rcprofile</extension>
        <mime-type>application/vnd.ipunplugged.rcprofile</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>rdf</extension>
        <mime-type>application/rdf+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>rdz</extension>
        <mime-type>application/vnd.data-vision.rdz</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>rep</extension>
        <mime-type>application/vnd.businessobjects</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>res</extension>
        <mime-type>application/x-dtbresource+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>rgb</extension>
        <mime-type>image/x-rgb</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>rif</extension>
        <mime-type>application/reginfo+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>rip</extension>
        <mime-type>audio/vnd.rip</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ris</extension>
        <mime-type>application/x-research-info-systems</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>rl</extension>
        <mime-type>application/resource-lists+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>rlc</extension>
        <mime-type>image/vnd.fujixerox.edmics-rlc</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>rld</extension>
        <mime-type>application/resource-lists-diff+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>rm</extension>
        <mime-type>application/vnd.rn-realmedia</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>rmi</extension>
        <mime-type>audio/midi</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>rmp</extension>
        <mime-type>audio/x-pn-realaudio-plugin</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>rms</extension>
        <mime-type>application/vnd.jcp.javame.midlet-rms</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>rmvb</extension>
        <mime-type>application/vnd.rn-realmedia-vbr</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>rnc</extension>
        <mime-type>application/relax-ng-compact-syntax</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>roa</extension>
        <mime-type>application/rpki-roa</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>roff</extension>
        <mime-type>text/troff</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>rp9</extension>
        <mime-type>application/vnd.cloanto.rp9</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>rpss</extension>
        <mime-type>application/vnd.nokia.radio-presets</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>rpst</extension>
        <mime-type>application/vnd.nokia.radio-preset</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>rq</extension>
        <mime-type>application/sparql-query</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>rs</extension>
        <mime-type>application/rls-services+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>rsd</extension>
        <mime-type>application/rsd+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>rss</extension>
        <mime-type>application/rss+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>rtf</extension>
        <mime-type>application/rtf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>rtx</extension>
        <mime-type>text/richtext</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>s</extension>
        <mime-type>text/x-asm</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>s3m</extension>
        <mime-type>audio/s3m</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>saf</extension>
        <mime-type>application/vnd.yamaha.smaf-audio</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sbml</extension>
        <mime-type>application/sbml+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sc</extension>
        <mime-type>application/vnd.ibm.secure-container</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>scd</extension>
        <mime-type>application/x-msschedule</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>scm</extension>
        <mime-type>application/vnd.lotus-screencam</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>scq</extension>
        <mime-type>application/scvp-cv-request</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>scs</extension>
        <mime-type>application/scvp-cv-response</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>scurl</extension>
        <mime-type>text/vnd.curl.scurl</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sda</extension>
        <mime-type>application/vnd.stardivision.draw</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sdc</extension>
        <mime-type>application/vnd.stardivision.calc</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sdd</extension>
        <mime-type>application/vnd.stardivision.impress</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sdkd</extension>
        <mime-type>application/vnd.solent.sdkm+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sdkm</extension>
        <mime-type>application/vnd.solent.sdkm+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sdp</extension>
        <mime-type>application/sdp</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sdw</extension>
        <mime-type>application/vnd.stardivision.writer</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>see</extension>
        <mime-type>application/vnd.seemail</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>seed</extension>
        <mime-type>application/vnd.fdsn.seed</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sema</extension>
        <mime-type>application/vnd.sema</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>semd</extension>
        <mime-type>application/vnd.semd</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>semf</extension>
        <mime-type>application/vnd.semf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ser</extension>
        <mime-type>application/java-serialized-object</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>setpay</extension>
        <mime-type>application/set-payment-initiation</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>setreg</extension>
        <mime-type>application/set-registration-initiation</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sfd-hdstx</extension>
        <mime-type>application/vnd.hydrostatix.sof-data</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sfs</extension>
        <mime-type>application/vnd.spotfire.sfs</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sfv</extension>
        <mime-type>text/x-sfv</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sgi</extension>
        <mime-type>image/sgi</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sgl</extension>
        <mime-type>application/vnd.stardivision.writer-global</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sgm</extension>
        <mime-type>text/sgml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sgml</extension>
        <mime-type>text/sgml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sh</extension>
        <mime-type>application/x-sh</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>shar</extension>
        <mime-type>application/x-shar</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>shf</extension>
        <mime-type>application/shf+xml</mime-type>
    </mime-mapping>
    <!--
    <mime-mapping>
        <extension>shtml</extension>
        <mime-type>text/x-server-parsed-html</mime-type>
    </mime-mapping>
    -->
    <mime-mapping>
        <extension>sid</extension>
        <mime-type>image/x-mrsid-image</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sig</extension>
        <mime-type>application/pgp-signature</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sil</extension>
        <mime-type>audio/silk</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>silo</extension>
        <mime-type>model/mesh</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sis</extension>
        <mime-type>application/vnd.symbian.install</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sisx</extension>
        <mime-type>application/vnd.symbian.install</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sit</extension>
        <mime-type>application/x-stuffit</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sitx</extension>
        <mime-type>application/x-stuffitx</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>skd</extension>
        <mime-type>application/vnd.koan</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>skm</extension>
        <mime-type>application/vnd.koan</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>skp</extension>
        <mime-type>application/vnd.koan</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>skt</extension>
        <mime-type>application/vnd.koan</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sldm</extension>
        <mime-type>application/vnd.ms-powerpoint.slide.macroenabled.12</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sldx</extension>
        <mime-type>application/vnd.openxmlformats-officedocument.presentationml.slide</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>slt</extension>
        <mime-type>application/vnd.epson.salt</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sm</extension>
        <mime-type>application/vnd.stepmania.stepchart</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>smf</extension>
        <mime-type>application/vnd.stardivision.math</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>smi</extension>
        <mime-type>application/smil+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>smil</extension>
        <mime-type>application/smil+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>smv</extension>
        <mime-type>video/x-smv</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>smzip</extension>
        <mime-type>application/vnd.stepmania.package</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>snd</extension>
        <mime-type>audio/basic</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>snf</extension>
        <mime-type>application/x-font-snf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>so</extension>
        <mime-type>application/octet-stream</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>spc</extension>
        <mime-type>application/x-pkcs7-certificates</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>spf</extension>
        <mime-type>application/vnd.yamaha.smaf-phrase</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>spl</extension>
        <mime-type>application/x-futuresplash</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>spot</extension>
        <mime-type>text/vnd.in3d.spot</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>spp</extension>
        <mime-type>application/scvp-vp-response</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>spq</extension>
        <mime-type>application/scvp-vp-request</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>spx</extension>
        <mime-type>audio/ogg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sql</extension>
        <mime-type>application/x-sql</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>src</extension>
        <mime-type>application/x-wais-source</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>srt</extension>
        <mime-type>application/x-subrip</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sru</extension>
        <mime-type>application/sru+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>srx</extension>
        <mime-type>application/sparql-results+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ssdl</extension>
        <mime-type>application/ssdl+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sse</extension>
        <mime-type>application/vnd.kodak-descriptor</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ssf</extension>
        <mime-type>application/vnd.epson.ssf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ssml</extension>
        <mime-type>application/ssml+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>st</extension>
        <mime-type>application/vnd.sailingtracker.track</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>stc</extension>
        <mime-type>application/vnd.sun.xml.calc.template</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>std</extension>
        <mime-type>application/vnd.sun.xml.draw.template</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>stf</extension>
        <mime-type>application/vnd.wt.stf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sti</extension>
        <mime-type>application/vnd.sun.xml.impress.template</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>stk</extension>
        <mime-type>application/hyperstudio</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>stl</extension>
        <mime-type>application/vnd.ms-pki.stl</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>str</extension>
        <mime-type>application/vnd.pg.format</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>stw</extension>
        <mime-type>application/vnd.sun.xml.writer.template</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sub</extension>
        <mime-type>text/vnd.dvb.subtitle</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sus</extension>
        <mime-type>application/vnd.sus-calendar</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>susp</extension>
        <mime-type>application/vnd.sus-calendar</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sv4cpio</extension>
        <mime-type>application/x-sv4cpio</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sv4crc</extension>
        <mime-type>application/x-sv4crc</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>svc</extension>
        <mime-type>application/vnd.dvb.service</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>svd</extension>
        <mime-type>application/vnd.svd</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>svg</extension>
        <mime-type>image/svg+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>svgz</extension>
        <mime-type>image/svg+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>swa</extension>
        <mime-type>application/x-director</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>swf</extension>
        <mime-type>application/x-shockwave-flash</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>swi</extension>
        <mime-type>application/vnd.aristanetworks.swi</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sxc</extension>
        <mime-type>application/vnd.sun.xml.calc</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sxd</extension>
        <mime-type>application/vnd.sun.xml.draw</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sxg</extension>
        <mime-type>application/vnd.sun.xml.writer.global</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sxi</extension>
        <mime-type>application/vnd.sun.xml.impress</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sxm</extension>
        <mime-type>application/vnd.sun.xml.math</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sxw</extension>
        <mime-type>application/vnd.sun.xml.writer</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>t</extension>
        <mime-type>text/troff</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>t3</extension>
        <mime-type>application/x-t3vm-image</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>taglet</extension>
        <mime-type>application/vnd.mynfc</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>tao</extension>
        <mime-type>application/vnd.tao.intent-module-archive</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>tar</extension>
        <mime-type>application/x-tar</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>tcap</extension>
        <mime-type>application/vnd.3gpp2.tcap</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>tcl</extension>
        <mime-type>application/x-tcl</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>teacher</extension>
        <mime-type>application/vnd.smart.teacher</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>tei</extension>
        <mime-type>application/tei+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>teicorpus</extension>
        <mime-type>application/tei+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>tex</extension>
        <mime-type>application/x-tex</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>texi</extension>
        <mime-type>application/x-texinfo</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>texinfo</extension>
        <mime-type>application/x-texinfo</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>text</extension>
        <mime-type>text/plain</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>tfi</extension>
        <mime-type>application/thraud+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>tfm</extension>
        <mime-type>application/x-tex-tfm</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>tga</extension>
        <mime-type>image/x-tga</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>thmx</extension>
        <mime-type>application/vnd.ms-officetheme</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>tif</extension>
        <mime-type>image/tiff</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>tiff</extension>
        <mime-type>image/tiff</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>tmo</extension>
        <mime-type>application/vnd.tmobile-livetv</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>torrent</extension>
        <mime-type>application/x-bittorrent</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>tpl</extension>
        <mime-type>application/vnd.groove-tool-template</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>tpt</extension>
        <mime-type>application/vnd.trid.tpt</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>tr</extension>
        <mime-type>text/troff</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>tra</extension>
        <mime-type>application/vnd.trueapp</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>trm</extension>
        <mime-type>application/x-msterminal</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>tsd</extension>
        <mime-type>application/timestamped-data</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>tsv</extension>
        <mime-type>text/tab-separated-values</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ttc</extension>
        <mime-type>application/x-font-ttf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ttf</extension>
        <mime-type>application/x-font-ttf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ttl</extension>
        <mime-type>text/turtle</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>twd</extension>
        <mime-type>application/vnd.simtech-mindmapper</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>twds</extension>
        <mime-type>application/vnd.simtech-mindmapper</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>txd</extension>
        <mime-type>application/vnd.genomatix.tuxedo</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>txf</extension>
        <mime-type>application/vnd.mobius.txf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>txt</extension>
        <mime-type>text/plain</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>u32</extension>
        <mime-type>application/x-authorware-bin</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>udeb</extension>
        <mime-type>application/x-debian-package</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ufd</extension>
        <mime-type>application/vnd.ufdl</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ufdl</extension>
        <mime-type>application/vnd.ufdl</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ulw</extension>
        <mime-type>audio/basic</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ulx</extension>
        <mime-type>application/x-glulx</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>umj</extension>
        <mime-type>application/vnd.umajin</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>unityweb</extension>
        <mime-type>application/vnd.unity</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>uoml</extension>
        <mime-type>application/vnd.uoml+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>uri</extension>
        <mime-type>text/uri-list</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>uris</extension>
        <mime-type>text/uri-list</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>urls</extension>
        <mime-type>text/uri-list</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ustar</extension>
        <mime-type>application/x-ustar</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>utz</extension>
        <mime-type>application/vnd.uiq.theme</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>uu</extension>
        <mime-type>text/x-uuencode</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>uva</extension>
        <mime-type>audio/vnd.dece.audio</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>uvd</extension>
        <mime-type>application/vnd.dece.data</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>uvf</extension>
        <mime-type>application/vnd.dece.data</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>uvg</extension>
        <mime-type>image/vnd.dece.graphic</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>uvh</extension>
        <mime-type>video/vnd.dece.hd</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>uvi</extension>
        <mime-type>image/vnd.dece.graphic</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>uvm</extension>
        <mime-type>video/vnd.dece.mobile</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>uvp</extension>
        <mime-type>video/vnd.dece.pd</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>uvs</extension>
        <mime-type>video/vnd.dece.sd</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>uvt</extension>
        <mime-type>application/vnd.dece.ttml+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>uvu</extension>
        <mime-type>video/vnd.uvvu.mp4</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>uvv</extension>
        <mime-type>video/vnd.dece.video</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>uvva</extension>
        <mime-type>audio/vnd.dece.audio</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>uvvd</extension>
        <mime-type>application/vnd.dece.data</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>uvvf</extension>
        <mime-type>application/vnd.dece.data</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>uvvg</extension>
        <mime-type>image/vnd.dece.graphic</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>uvvh</extension>
        <mime-type>video/vnd.dece.hd</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>uvvi</extension>
        <mime-type>image/vnd.dece.graphic</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>uvvm</extension>
        <mime-type>video/vnd.dece.mobile</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>uvvp</extension>
        <mime-type>video/vnd.dece.pd</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>uvvs</extension>
        <mime-type>video/vnd.dece.sd</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>uvvt</extension>
        <mime-type>application/vnd.dece.ttml+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>uvvu</extension>
        <mime-type>video/vnd.uvvu.mp4</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>uvvv</extension>
        <mime-type>video/vnd.dece.video</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>uvvx</extension>
        <mime-type>application/vnd.dece.unspecified</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>uvvz</extension>
        <mime-type>application/vnd.dece.zip</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>uvx</extension>
        <mime-type>application/vnd.dece.unspecified</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>uvz</extension>
        <mime-type>application/vnd.dece.zip</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>vcard</extension>
        <mime-type>text/vcard</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>vcd</extension>
        <mime-type>application/x-cdlink</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>vcf</extension>
        <mime-type>text/x-vcard</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>vcg</extension>
        <mime-type>application/vnd.groove-vcard</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>vcs</extension>
        <mime-type>text/x-vcalendar</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>vcx</extension>
        <mime-type>application/vnd.vcx</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>vis</extension>
        <mime-type>application/vnd.visionary</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>viv</extension>
        <mime-type>video/vnd.vivo</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>vob</extension>
        <mime-type>video/x-ms-vob</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>vor</extension>
        <mime-type>application/vnd.stardivision.writer</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>vox</extension>
        <mime-type>application/x-authorware-bin</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>vrml</extension>
        <mime-type>model/vrml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>vsd</extension>
        <mime-type>application/vnd.visio</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>vsf</extension>
        <mime-type>application/vnd.vsf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>vss</extension>
        <mime-type>application/vnd.visio</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>vst</extension>
        <mime-type>application/vnd.visio</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>vsw</extension>
        <mime-type>application/vnd.visio</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>vtu</extension>
        <mime-type>model/vnd.vtu</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>vxml</extension>
        <mime-type>application/voicexml+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>w3d</extension>
        <mime-type>application/x-director</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>wad</extension>
        <mime-type>application/x-doom</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>wav</extension>
        <mime-type>audio/x-wav</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>wax</extension>
        <mime-type>audio/x-ms-wax</mime-type>
    </mime-mapping>
    <mime-mapping>
        <!-- Wireless Bitmap -->
        <extension>wbmp</extension>
        <mime-type>image/vnd.wap.wbmp</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>wbs</extension>
        <mime-type>application/vnd.criticaltools.wbs+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>wbxml</extension>
        <mime-type>application/vnd.wap.wbxml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>wcm</extension>
        <mime-type>application/vnd.ms-works</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>wdb</extension>
        <mime-type>application/vnd.ms-works</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>wdp</extension>
        <mime-type>image/vnd.ms-photo</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>weba</extension>
        <mime-type>audio/webm</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>webm</extension>
        <mime-type>video/webm</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>webp</extension>
        <mime-type>image/webp</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>wg</extension>
        <mime-type>application/vnd.pmi.widget</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>wgt</extension>
        <mime-type>application/widget</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>wks</extension>
        <mime-type>application/vnd.ms-works</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>wm</extension>
        <mime-type>video/x-ms-wm</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>wma</extension>
        <mime-type>audio/x-ms-wma</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>wmd</extension>
        <mime-type>application/x-ms-wmd</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>wmf</extension>
        <mime-type>application/x-msmetafile</mime-type>
    </mime-mapping>
    <mime-mapping>
        <!-- WML Source -->
        <extension>wml</extension>
        <mime-type>text/vnd.wap.wml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <!-- Compiled WML -->
        <extension>wmlc</extension>
        <mime-type>application/vnd.wap.wmlc</mime-type>
    </mime-mapping>
    <mime-mapping>
        <!-- WML Script Source -->
        <extension>wmls</extension>
        <mime-type>text/vnd.wap.wmlscript</mime-type>
    </mime-mapping>
    <mime-mapping>
        <!-- Compiled WML Script -->
        <extension>wmlsc</extension>
        <mime-type>application/vnd.wap.wmlscriptc</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>wmv</extension>
        <mime-type>video/x-ms-wmv</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>wmx</extension>
        <mime-type>video/x-ms-wmx</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>wmz</extension>
        <mime-type>application/x-msmetafile</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>woff</extension>
        <mime-type>application/x-font-woff</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>wpd</extension>
        <mime-type>application/vnd.wordperfect</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>wpl</extension>
        <mime-type>application/vnd.ms-wpl</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>wps</extension>
        <mime-type>application/vnd.ms-works</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>wqd</extension>
        <mime-type>application/vnd.wqd</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>wri</extension>
        <mime-type>application/x-mswrite</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>wrl</extension>
        <mime-type>model/vrml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>wsdl</extension>
        <mime-type>application/wsdl+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>wspolicy</extension>
        <mime-type>application/wspolicy+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>wtb</extension>
        <mime-type>application/vnd.webturbo</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>wvx</extension>
        <mime-type>video/x-ms-wvx</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>x32</extension>
        <mime-type>application/x-authorware-bin</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>x3d</extension>
        <mime-type>model/x3d+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>x3db</extension>
        <mime-type>model/x3d+binary</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>x3dbz</extension>
        <mime-type>model/x3d+binary</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>x3dv</extension>
        <mime-type>model/x3d+vrml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>x3dvz</extension>
        <mime-type>model/x3d+vrml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>x3dz</extension>
        <mime-type>model/x3d+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xaml</extension>
        <mime-type>application/xaml+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xap</extension>
        <mime-type>application/x-silverlight-app</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xar</extension>
        <mime-type>application/vnd.xara</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xbap</extension>
        <mime-type>application/x-ms-xbap</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xbd</extension>
        <mime-type>application/vnd.fujixerox.docuworks.binder</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xbm</extension>
        <mime-type>image/x-xbitmap</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xdf</extension>
        <mime-type>application/xcap-diff+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xdm</extension>
        <mime-type>application/vnd.syncml.dm+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xdp</extension>
        <mime-type>application/vnd.adobe.xdp+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xdssc</extension>
        <mime-type>application/dssc+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xdw</extension>
        <mime-type>application/vnd.fujixerox.docuworks</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xenc</extension>
        <mime-type>application/xenc+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xer</extension>
        <mime-type>application/patch-ops-error+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xfdf</extension>
        <mime-type>application/vnd.adobe.xfdf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xfdl</extension>
        <mime-type>application/vnd.xfdl</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xht</extension>
        <mime-type>application/xhtml+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xhtml</extension>
        <mime-type>application/xhtml+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xhvml</extension>
        <mime-type>application/xv+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xif</extension>
        <mime-type>image/vnd.xiff</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xla</extension>
        <mime-type>application/vnd.ms-excel</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xlam</extension>
        <mime-type>application/vnd.ms-excel.addin.macroenabled.12</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xlc</extension>
        <mime-type>application/vnd.ms-excel</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xlf</extension>
        <mime-type>application/x-xliff+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xlm</extension>
        <mime-type>application/vnd.ms-excel</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xls</extension>
        <mime-type>application/vnd.ms-excel</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xlsb</extension>
        <mime-type>application/vnd.ms-excel.sheet.binary.macroenabled.12</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xlsm</extension>
        <mime-type>application/vnd.ms-excel.sheet.macroenabled.12</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xlsx</extension>
        <mime-type>application/vnd.openxmlformats-officedocument.spreadsheetml.sheet</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xlt</extension>
        <mime-type>application/vnd.ms-excel</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xltm</extension>
        <mime-type>application/vnd.ms-excel.template.macroenabled.12</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xltx</extension>
        <mime-type>application/vnd.openxmlformats-officedocument.spreadsheetml.template</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xlw</extension>
        <mime-type>application/vnd.ms-excel</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xm</extension>
        <mime-type>audio/xm</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xml</extension>
        <mime-type>application/xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xo</extension>
        <mime-type>application/vnd.olpc-sugar</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xop</extension>
        <mime-type>application/xop+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xpi</extension>
        <mime-type>application/x-xpinstall</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xpl</extension>
        <mime-type>application/xproc+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xpm</extension>
        <mime-type>image/x-xpixmap</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xpr</extension>
        <mime-type>application/vnd.is-xpr</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xps</extension>
        <mime-type>application/vnd.ms-xpsdocument</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xpw</extension>
        <mime-type>application/vnd.intercon.formnet</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xpx</extension>
        <mime-type>application/vnd.intercon.formnet</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xsl</extension>
        <mime-type>application/xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xslt</extension>
        <mime-type>application/xslt+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xsm</extension>
        <mime-type>application/vnd.syncml+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xspf</extension>
        <mime-type>application/xspf+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xul</extension>
        <mime-type>application/vnd.mozilla.xul+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xvm</extension>
        <mime-type>application/xv+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xvml</extension>
        <mime-type>application/xv+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xwd</extension>
        <mime-type>image/x-xwindowdump</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xyz</extension>
        <mime-type>chemical/x-xyz</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xz</extension>
        <mime-type>application/x-xz</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>yang</extension>
        <mime-type>application/yang</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>yin</extension>
        <mime-type>application/yin+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>z</extension>
        <mime-type>application/x-compress</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>Z</extension>
        <mime-type>application/x-compress</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>z1</extension>
        <mime-type>application/x-zmachine</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>z2</extension>
        <mime-type>application/x-zmachine</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>z3</extension>
        <mime-type>application/x-zmachine</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>z4</extension>
        <mime-type>application/x-zmachine</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>z5</extension>
        <mime-type>application/x-zmachine</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>z6</extension>
        <mime-type>application/x-zmachine</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>z7</extension>
        <mime-type>application/x-zmachine</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>z8</extension>
        <mime-type>application/x-zmachine</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>zaz</extension>
        <mime-type>application/vnd.zzazz.deck+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>zip</extension>
        <mime-type>application/zip</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>zir</extension>
        <mime-type>application/vnd.zul</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>zirz</extension>
        <mime-type>application/vnd.zul</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>zmm</extension>
        <mime-type>application/vnd.handheld-entertainment+xml</mime-type>
    </mime-mapping>
  <!-- ==================== Default Welcome File List ===================== -->
  <!-- When a request URI refers to a directory, the default servlet looks  -->
  <!-- for a "welcome file" within that directory and, if present, to the   -->
  <!-- corresponding resource URI for display.                              -->
  <!-- If no welcome files are present, the default servlet either serves a -->
  <!-- directory listing (see default servlet configuration on how to       -->
  <!-- customize) or returns a 404 status, depending on the value of the    -->
  <!-- listings setting.                                                    -->
  <!--                                                                      -->
  <!-- If you define welcome files in your own application's web.xml        -->
  <!-- deployment descriptor, that list *replaces* the list configured      -->
  <!-- here, so be sure to include any of the default values that you wish  -->
  <!-- to use within your application.                                       -->
    <welcome-file-list>
        <welcome-file>index.html</welcome-file>
        <welcome-file>index.htm</welcome-file>
        <welcome-file>index.jsp</welcome-file>
    </welcome-file-list>
 </web-app>
--- a/tomcat-instance/meta/main.yml
+++ b/tomcat-instance/meta/main.yml
@ -3,7 +3,7 @@ galaxy_info:
  author: Evolix
  description: Configuration of a Tomcat instance.
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/tomcat-instance/tasks/bootstrap.yml
+++ b/tomcat-instance/tasks/bootstrap.yml
@ -14,29 +14,31 @@
    - 'temp'
    - 'lib'
- name: Templating of config file
+- name: Templating of env file
  template:
-    src: 'templates/{{ item }}.j2'
+    src: 'templates/env.j2'
-    dest: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}/conf/{{ item }}"
+    dest: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}/conf/env"
    mode: "0660"
    owner: "{{ tomcat_instance_name }}"
    group: "{{ tomcat_instance_name }}"
    force: no
 - name: Templating of server.xml file
  template:
    src: 'templates/server.xml-tomcat{{ tomcat_version }}.j2'
    dest: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}/conf/server.xml"
    mode: "0660"
    owner: "{{ tomcat_instance_name }}"
    group: "{{ tomcat_instance_name }}"
    force: no
  with_items:
  - server.xml
  - env
 - name: Copy config file
  copy:
    src: "{{ item }}"
-    dest: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}/conf/{{ item }}"
+    dest: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}/conf/{{ item | basename }}"
    mode: "0660"
    owner: "{{ tomcat_instance_name }}"
    group: "{{ tomcat_instance_name }}"
    force: no
-  with_items:
+  with_fileglob:
-  - catalina.properties
+    - "tomcat{{ tomcat_version }}/*"
  - logging.properties
  - context.xml
  - tomcat-users.xml
  - web.xml
--- a/tomcat-instance/templates/server.xml-tomcat7.j2
+++ b/tomcat-instance/templates/server.xml-tomcat7.j2
--- a/tomcat-instance/templates/server.xml-tomcat8.j2
+++ b/tomcat-instance/templates/server.xml-tomcat8.j2
@ -0,0 +1,169 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at
      http://www.apache.org/licenses/LICENSE-2.0
  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
 -->
 <!-- Note:  A "Server" is not itself a "Container", so you may not
     define subcomponents such as "Valves" at this level.
     Documentation at /docs/config/server.html
 -->
 <Server port="{{ tomcat_instance_shutdown }}" shutdown="SHUTDOWN">
  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
  <!-- Security listener. Documentation at /docs/config/listeners.html
  <Listener className="org.apache.catalina.security.SecurityListener" />
  -->
  <!--APR library loader. Documentation at /docs/apr.html -->
  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
  <!-- Global JNDI resources
       Documentation at /docs/jndi-resources-howto.html
  -->
  <GlobalNamingResources>
    <!-- Editable user database that can also be used by
         UserDatabaseRealm to authenticate users
    -->
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>
  <!-- A "Service" is a collection of one or more "Connectors" that share
       a single "Container" Note:  A "Service" is not itself a "Container",
       so you may not define subcomponents such as "Valves" at this level.
       Documentation at /docs/config/service.html
   -->
  <Service name="Catalina">
    <!--The connectors can use a shared executor, you can define one or more named thread pools-->
    <!--
    <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
        maxThreads="150" minSpareThreads="4"/>
    -->
    <!-- A "Connector" represents an endpoint by which requests are received
         and responses are returned. Documentation at :
         Java HTTP Connector: /docs/config/http.html
         Java AJP  Connector: /docs/config/ajp.html
         APR (HTTP/AJP) Connector: /docs/apr.html
         Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
    -->
    <Connector port="{{ tomcat_instance_port }}" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />
    <!-- A "Connector" using the shared thread pool-->
    <!--
    <Connector executor="tomcatThreadPool"
               port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />
    -->
    <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
         This connector uses the NIO implementation. The default
         SSLImplementation will depend on the presence of the APR/native
         library and the useOpenSSL attribute of the
         AprLifecycleListener.
         Either JSSE or OpenSSL style configuration may be used regardless of
         the SSLImplementation selected. JSSE style configuration is used below.
    -->
    <!--
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true">
        <SSLHostConfig>
            <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
                         type="RSA" />
        </SSLHostConfig>
    </Connector>
    -->
    <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
         This connector uses the APR/native implementation which always uses
         OpenSSL for TLS.
         Either JSSE or OpenSSL style configuration may be used. OpenSSL style
         configuration is used below.
    -->
    <!--
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
               maxThreads="150" SSLEnabled="true" >
        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
        <SSLHostConfig>
            <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
                         certificateFile="conf/localhost-rsa-cert.pem"
                         certificateChainFile="conf/localhost-rsa-chain.pem"
                         type="RSA" />
        </SSLHostConfig>
    </Connector>
    -->
    <!-- Define an AJP 1.3 Connector on port 8009 -->
    <!--
    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
    -->
    <!-- An Engine represents the entry point (within Catalina) that processes
         every request.  The Engine implementation for Tomcat stand alone
         analyzes the HTTP headers included with the request, and passes them
         on to the appropriate Host (virtual host).
         Documentation at /docs/config/engine.html -->
    <!-- You should set jvmRoute to support load-balancing via AJP ie :
    <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
    -->
    <Engine name="Catalina" defaultHost="localhost">
      <!--For clustering, please take a look at documentation at:
          /docs/cluster-howto.html  (simple how to)
          /docs/config/cluster.html (reference documentation) -->
      <!--
      <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
      -->
      <!-- Use the LockOutRealm to prevent attempts to guess user passwords
           via a brute-force attack -->
      <Realm className="org.apache.catalina.realm.LockOutRealm">
        <!-- This Realm uses the UserDatabase configured in the global JNDI
             resources under the key "UserDatabase".  Any edits
             that are performed against this UserDatabase are immediately
             available for use by the Realm.  -->
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
               resourceName="UserDatabase"/>
      </Realm>
      <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">
        <!-- SingleSignOn valve, share authentication between web applications
             Documentation at: /docs/config/valve.html -->
        <!--
        <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
        -->
        <!-- Access log processes all example.
             Documentation at: /docs/config/valve.html
             Note: The pattern used is equivalent to using pattern="common" -->
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />
      </Host>
    </Engine>
  </Service>
 </Server>
--- a/tomcat/defaults/main.yml
+++ b/tomcat/defaults/main.yml
@ -1,2 +1,3 @@
 ---
 tomcat_instance_root: '/srv/tomcat'
 tomat_version: 8
--- a/tomcat/files/tomcat_stretch.service
+++ b/tomcat/files/tomcat_stretch.service
@ -1,15 +0,0 @@
 [Unit]
 Description=Tomcat %u.
 After=network.target
 [Service]
 WorkingDirectory=%h
 Environment="CATALINA_BASE=%h"
 EnvironmentFile=%h/conf/env
 UMask=0002
 ExecStart=/usr/share/tomcat8/bin/startup.sh
 ExecStop=/usr/share/tomcat8/bin/shutdown.sh
 Type=forking
 [Install]
 WantedBy=default.target
--- a/tomcat/meta/main.yml
+++ b/tomcat/meta/main.yml
@ -2,7 +2,7 @@ galaxy_info:
  author: Evolix
  description: Installation of a Tomcat.
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
  license: GPLv2
--- a/tomcat/tasks/main.yml
+++ b/tomcat/tasks/main.yml
@ -1,8 +1,4 @@
 ---
- include: packages_jessie.yml
+- include: packages.yml
  when: ansible_distribution_release == "jessie"
 - include: packages_stretch.yml
  when: ansible_distribution_major_version | version_compare('9', '>=')
 - include: nagios.yml
--- a/tomcat/tasks/packages_jessie.yml
+++ b/tomcat/tasks/packages_jessie.yml
@ -4,9 +4,9 @@
    name: "{{ item }}"
    state: present
  with_items:
-    - 'tomcat7'
+    - "tomcat{{ tomcat_version }}"
-    - 'tomcat7-user'
+    - "tomcat{{ tomcat_version }}-user"
-    - 'libpam-systemd'
+    - "libpam-systemd"
 - name: Create tomcat root dir
  file:
@ -17,13 +17,13 @@
    mode: "0755"
 - name: Copy systemd unit
-  copy:
+  template:
-    src: 'tomcat_jessie.service'
+    src: 'tomcat.service.j2'
    dest: "/etc/systemd/user/tomcat.service"
    mode: "0755"
- name: Disable default tomcat7 service
+- name: Disable default tomcat service
  service:
-    name: tomcat7
+    name: "tomcat{{ tomcat_version }}"
    state: stopped
    enabled: false
--- a/tomcat/tasks/packages_stretch.yml
+++ b/tomcat/tasks/packages_stretch.yml
@ -1,29 +0,0 @@
 ---
 - name: Install packages
  apt:
    name: "{{ item }}"
    state: present
  with_items:
    - 'tomcat8'
    - 'tomcat8-user'
    - 'libpam-systemd'
 - name: Create tomcat root dir
  file:
    path: "{{ tomcat_instance_root }}"
    state: directory
    owner: 'root'
    group: 'root'
    mode: "0755"
 - name: Copy systemd unit
  copy:
    src: 'tomcat_stretch.service'
    dest: "/etc/systemd/user/tomcat.service"
    mode: "0755"
 - name: Disable default tomcat8 service
  service:
    name: tomcat8
    state: stopped
    enabled: false
--- a/tomcat/templates/tomcat.service.j2
+++ b/tomcat/templates/tomcat.service.j2
@ -7,8 +7,8 @@ WorkingDirectory=%h
 Environment="CATALINA_BASE=%h"
 EnvironmentFile=%h/conf/env
 UMask=0002
-ExecStart=/usr/share/tomcat7/bin/startup.sh
+ExecStart=/usr/share/tomcat{{ tomcat_version }}/bin/startup.sh
-ExecStop=/usr/share/tomcat7/bin/shutdown.sh
+ExecStop=/usr/share/tomcat{{ tomcat_version }}/bin/shutdown.sh
 Type=forking
 [Install]
--- a/Show More
+++ b/Show More
`@ -1,3 +1,3 @@`
	`# {{ ansible_managed }}`	`# {{ ansible_managed }}`

	`deb http://mirror.evolix.org/debian jessie-backports {{ apt_backports_components \| mandatory }}`	`deb http://archive.debian.org/debian jessie-backports {{ apt_backports_components \| mandatory }}`