From eda30a013c6de871b08429a15278537a45685f97 Mon Sep 17 00:00:00 2001
From: Patrick Marchand <pmarchand+git@evolix.ca>
Date: Wed, 2 Jan 2019 13:45:21 -0500
Subject: [PATCH 01/26] Switch documentation to mdoc(7)

Markdown is not a suitable language for technical documentation.
---
 bkctld.8              | 179 ++++++++++++++++++++++++++++++
 bkctld.conf.5         |  67 ++++++++++++
 docs/configuration.md |  92 +++++++++++++---
 docs/incrementals.md  |  93 +++++++++-------
 docs/usage.md         | 249 +++++++++++++++++++++++++-----------------
 evobackup-incl.5      |  79 ++++++++++++++
 6 files changed, 606 insertions(+), 153 deletions(-)
 create mode 100644 bkctld.8
 create mode 100644 bkctld.conf.5
 create mode 100644 evobackup-incl.5

diff --git a/bkctld.8 b/bkctld.8
new file mode 100644
index 0000000..ae8d2f6
--- /dev/null
+++ b/bkctld.8
@@ -0,0 +1,179 @@
+.Dd December 27, 2018
+.Dt BKCTLD 8
+.Os
+.Sh NAME
+.Nm bkctld
+.Nd tool to manage evobackup jails
+.Sh SYNOPSIS
+.Nm
+.Op Ar operand...
+.Sh DESCRIPTION
+.Nm
+is a shell script that creates and manages a backup server
+which can handle the backups of many other servers (clients).
+.Pp
+It uses
+.Xr ssh 1
+and
+.Xr chroot 8
+to sandbox every client's backups.
+Each client will upload it's data every day
+using
+.Xr rsync 1
+in it's
+.Xr chroot 8
+(using the root account).
+.Pp
+Prior backups are stored incrementally outside of the
+.Xr chroot 8
+using
+.Xr ln 1
+hard links or BTRFS snapshots. 
+(So they can not be affected by the client), 
+which backups are kept over time can be configured in the jail's nominal
+.Xr evobackup-incl 5
+configuration file.
+.Pp
+A large enough volume must be mounted on
+.Pa /backup ,
+if the filesystem is formatted with BTRFS,
+.Nm
+will use sub-volumes and snapshots to save space.
+.Pp
+It's default settings can be overridden in
+.Xr bkctld.conf 5
+file.
+.Pp
+The following operands are available:
+.Bl -tag -width Ds
+.It Cm init Ar jailname
+Create an evobackup jail
+.It Cm update Cm all | Ar jailname
+Update an evobackup jail
+.It Cm remove Cm all | Ar jailname
+Remove an evobackup jail
+.It Cm start Cm all | Ar jailname
+Start an evobackup jail
+.It Cm stop Cm all | Ar jailname
+Stop an evobackup jail
+.It Cm reload Cm all | Ar jailname
+Reload an evobackup jail
+.It Cm restart Cm all | Ar jailname
+Restart an evobackup jail
+.It Cm sync Cm all | Ar jailname
+Sync an evobackup jail, the mirror server is defined by the
+.Ev $NODE
+variable in
+.Pa /etc/default/bkctld
+.It Cm status Op Ar jailname
+Print the status of all jails or only
+.Op Ar jailname .
+.It Cm key Ar jailname Op Ar keyfile
+Print or set the
+.Xr ssh 1
+public key of an evobackup jail
+.It Cm port Ar jailname Op Cm auto | Ar port
+Print or set the
+.Xr ssh 1
+.Op Ar port
+of an evobackup jail.
+Using
+.Op Cm auto
+will set it to the next available port.
+.It Cm ip Ar jailname Op Cm all | Ar address
+Print or set the whitelisted IP
+.Op Ar address
+for an evobackup jail.
+.Op Cm all
+allows unrestricted access and is the default.
+.It Cm inc
+Generate incremental backups
+.It Cm rm
+Remove old incremental backups
+.El
+.Sh FILES
+.Bl -tag -width Ds
+.It Pa /usr/share/bkctld/bkctld.conf
+Template for
+.Xr bkctld.conf 5
+.It Pa /usr/share/bkctld/incl.tpl
+Default rules for the incremental backups are stored here.
+.El
+.Sh EXAMPLES
+Before creating a jail and backing up a client,
+the backup server administrator will need:
+.Bl -bullet
+.It
+The host name of the client system.
+.It
+The public RSA
+.Xr ssh 1
+key for the
+.Dq root
+user of the client system,
+it is recommended the private key be password-less if automation is desired.
+.It
+The IPv4 address of the client system is needed
+if the administrator wishes to maintain a whitelist,
+see
+.Va FIREWALL_RULES
+in
+.Xr bkctld.conf 5
+.El
+.Pp
+He can then create the jail:
+.Bd -literal -offset indent
+# bkctld init CLIENT_HOST_NAME
+# bkctld key CLIENT_HOST_NAME /root/CLIENT_HOST_NAME.pub
+# bkctld ip CLIENT_HOST_NAME CLIENT_IP_ADDRESS
+# bkctld start CLIENT_HOST_NAME
+# bkctld status CLIENT_HOST_NAME
+.Ed
+.Pp
+And override the default
+.Xr evobackup-incl 5
+rules
+.Bd -literal -offset indent
+# $EDITOR /etc/evobackup/CLIENT_HOST_NAME
+.Ed
+.Pp
+To sync itself,
+the client server will need to install
+.Xr rsync 1 .
+It can then be run manually:
+.Bd -literal -offset indent
+# rsync -av -e "ssh -p JAIL_PORT" /home/ root@BACKUP_SERVER:/var/backup/home/
+.Ed
+.Pp
+If a more automated setup is required,
+a script can be written in any programming language.
+In this case,
+it may be useful to validate the backup server's identity before hand.
+.Bd -literal -offset indent
+# ssh -p JAIL_PORT BACKUP_SERVER
+.Ed
+.Pp
+A
+.Xr bash 1
+example to be run under the
+.Dq root
+user's
+.Xr crontab 5
+can be found in the
+.Lk https://gitea.evolix.org/evolix/evobackup/src/branch/master/zzz_evobackup "source repository"
+.\" .Sh EXIT STATUS
+.\" For sections 1, 6, and 8 only.
+.\" .Sh DIAGNOSTICS
+.\" For sections 1, 4, 6, 7, 8, and 9 printf/stderr messages only.
+.Sh SEE ALSO
+.Xr rsync 1 ,
+.Xr ssh-keygen 1 ,
+.Xr bkctld 5 ,
+.Xr evobackup-incl 5 ,
+.Xr chroot 8 ,
+.Xr cron 8 ,
+.Xr sshd 8
+.Sh AUTHORS
+.An Victor Laborie
+.\" .Sh CAVEATS
+.\" .Sh BUGS
\ No newline at end of file
diff --git a/bkctld.conf.5 b/bkctld.conf.5
new file mode 100644
index 0000000..f281354
--- /dev/null
+++ b/bkctld.conf.5
@@ -0,0 +1,67 @@
+.Dd December 28, 2018
+.Dt BKCTLD.CONF 5
+.Os
+.Sh NAME
+.Nm bkctld.conf
+.Nd configuration file for
+.Xr bkctld 8
+.Sh SYNOPSIS
+.D1 name=[value]
+.Sh DESCRIPTION
+The
+.Nm
+file contains variables that override the behavior of the
+.Xr bkctld 8
+script.
+By default, it is located at
+.Pa /usr/share/bkctld/bkctld.conf .
+.Pp
+Each line must be a valid
+.Xr bash 1
+variable definition.
+Lines beginning with the
+.Sq #
+character are comments and are ignored.
+The order of the definitions does not matter.
+.Pp
+The following variables may be defined:
+.Bl -tag -width Ds
+.It Va CONFDIR
+Directory where
+.Xr evobackup-incl 5
+files are kept.
+It's default value is
+.Pa /etc/evobackup/ .
+.It Va JAILDIR
+Directory where the jails are stored,
+it is recommended that this be inside a BTRFS file system.
+It's default value is
+.Pa /backup/jails/ .
+.It Va INCDIR
+Directory where incremental backups are stored,
+it is recommended that this be inside a BTRFS file system.
+It's default value is
+.Pa /backup/incs/ .
+.It Va TPLDIR
+Directory where the default configuration files are stored.
+It's default value is
+.Pa /usr/share/bkctld/ .
+.It Va LOCALTPLDIR
+Directory where custom configuration files are stored.
+It's default is
+.Pa /usr/local/share/bkctld/ .
+.It Va LOGLEVEL
+Defines the amount of information to log, follows the same scale as in
+.In syslog.h
+and defaults to 6.
+.It Va FIREWALL_RULES
+Configuration file containing the firewall rules that govern jail access.
+This file must be sourced by your firewall.
+It does not have a default value and, if unset,
+.Xr bkctld 8
+will not automatically update the firewall.
+.El
+.Sh SEE ALSO
+.Xr bash 1 ,
+.Xr evobackup-incl 5 ,
+.Xr bkctld 8
diff --git a/docs/configuration.md b/docs/configuration.md
index 8045a6c..310bdb9 100644
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -1,20 +1,86 @@
-# CONFIGURATION VARS
+BKCTLD.CONF(5) - File Formats Manual
 
-bkctld configuration has to be set in /etc/default/bkctld file.
+# NAME
 
-## REQUIREDS VARS
+**bkctld.conf** - configuration file for
+bkctld(8)
 
-Default required vars are defined in bkctld script. Alter them to override default values.
+# SYNOPSIS
 
-* CONFDIR (default: /etc/evobackup) : Dir where incremental backup is configured. See INCS CONFIGURATION section for details.
-* JAILDIR (default : /backup/jails) : Dir for jail's root dir. BTRFS recommended.
-* INCDIR (default : /backups/incs) : Dir where incremental backup is stored. BTRFS recommended.
-* TPLDIR (default : /usr/share/bkctld) : Dir where jail template file is stored.
-* LOCALTPLDIR (default : /usr/local/share/bkctld) : Dir for surcharge jail templates.
-* LOGLEVEL (default : 6) : Define loglevel, based on syslog severity level.
+> name=\[value]
 
-## OPTIONALS VARS
+# DESCRIPTION
 
-Optionnals vars are no default value. No set them desactivate correspondant fonctionnality.
+The
+**bkctld.conf**
+file contains variables that override the behavior of the
+bkctld(8)
+script.
+By default, it is located at
+*/usr/share/bkctld/bkctld.conf*.
 
-* FIREWALL_RULES (default: no firewall auto configuration) : Configuration file were firewall was configured to allow jail access. This file must be sourced by your firewall configuration tool.
+Each line must be a valid
+bash(1)
+variable definition.
+Lines beginning with the
+'#'
+character are comments and are ignored.
+The order of the definitions does not matter.
+
+The following variables may be defined:
+
+*CONFDIR*
+
+> Directory where
+> evobackup-incl(5)
+> files are kept.
+> It's default value is
+> */etc/evobackup/*.
+
+*JAILDIR*
+
+> Directory where the jails are stored,
+> it is recommended that this be inside a BTRFS file system.
+> It's default value is
+> */backup/jails/*.
+
+*INCDIR*
+
+> Directory where incremental backups are stored,
+> it is recommended that this be inside a BTRFS file system.
+> It's default value is
+> */backup/incs/*.
+
+*TPLDIR*
+
+> Directory where the default configuration files are stored.
+> It's default value is
+> */usr/share/bkctld/*.
+
+*LOCALTPLDIR*
+
+> Directory where custom configuration files are stored.
+> It's default is
+> */usr/local/share/bkctld/*.
+
+*LOGLEVEL*
+
+> Defines the amount of information to log, follows the same scale as in
+> &lt;*syslog.h*>
+> and defaults to 6.
+
+*FIREWALL\_RULES*
+
+> Configuration file containing the firewall rules that govern jail access.
+> This file must be sourced by your firewall.
+> It does not have a default value and, if unset,
+> bkctld(8)
+> will not automatically update the firewall.
+
+# SEE ALSO
+
+bash(1),
+evobackup-incl(5),
+bkctld(8)
+
+OpenBSD 6.4 - December 28, 2018
diff --git a/docs/incrementals.md b/docs/incrementals.md
index 9cd3c9d..046fc7d 100644
--- a/docs/incrementals.md
+++ b/docs/incrementals.md
@@ -1,63 +1,80 @@
-# INCS CONFIGURATION
+EVOBACKUP-INCL(5) - File Formats Manual
 
-Located by default in /etc/evobackup/, each incl.tpl file is named
-after the EvoBackup for which the rules it contains must apply.
+# NAME
 
-The rules it defines decide which incremental backups are kept when
-running `bkctl rm`
+**evobackup-incl** - incremental backup configuration
 
-Each line defines a single rule.  The first part of the rule describes
-when the backup was taken, the second part decides how long to keep
-it.  Lines beginning with the # character are comments and are
-ignored.  The order of the rules does not matter.
+# SYNOPSIS
 
-Evobackups that do not have their nominal incl.tpl file use the
-default rules defined in /usr/share/bkctld/inc.tpl
+> \+%Y-%m-%d.-%day
+
+# DESCRIPTION
+
+Located by default in
+*/etc/evobackup/*,
+each
+**evobackup-incl**
+file is named after the
+bkctld(8)
+backup for which the rules it contains must apply.
+
+The rules it defines decide which incremental backups are kept when running
+
+	# bkctld rm
+
+Each line defines a single rule.
+The first part of the rule describes when the backup was taken,
+the second part decides how long to keep it.
+Lines beginning with the
+'#'
+character are comments and are ignored.
+The order of the rules does not matter.
+
+Evobackups that do not have their nominal
+**evobackup-incl**
+file use the default rules defined in
+*/usr/share/bkctld/inc.tpl*
+
+# EXAMPLES
 
 Keep today's backup:
 
-```
-+%Y-%m-%d.-0day
-```
+	+%Y-%m-%d.-0day
 
 Keep yesterday's backup:
 
-```
-+%Y-%m-%d.-1day
-```
+	+%Y-%m-%d.-1day
 
 Keep the first day of this month:
 
-```
-+%Y-%m-01.-0month
-```
+	+%Y-%m-01.-0month
 
 Keep the first day of last month:
 
-```
-+%Y-%m-01.-1month
-```
+	+%Y-%m-01.-1month
 
 Keep backups for every 15 days:
 
-```
-+%Y-%m-01.-1month
-+%Y-%m-15.-1month
-```
+	+%Y-%m-01.-1month
+	+%Y-%m-15.-1month
 
 Keep a backup of the first day of january:
 
-```
-+%Y-01-01.-1month
-```
+	+%Y-01-01.-1month
 
 Keep backups of the last 4 days and the first day of the last 2 months:
 
-```
-+%Y-%m-%d.-0day
-+%Y-%m-%d.-1day
-+%Y-%m-%d.-2day
-+%Y-%m-%d.-3day
-+%Y-%m-01.-0month
-+%Y-%m-01.-1month
-```
\ No newline at end of file
+	+%Y-%m-%d.-0day
+	+%Y-%m-%d.-1day
+	+%Y-%m-%d.-2day
+	+%Y-%m-%d.-3day
+	+%Y-%m-01.-0month
+	+%Y-%m-01.-1month
+
+# SEE ALSO
+
+bkctld(8),
+cron(8),
+*/etc/evobackup/tpl/inc.tpl*
+
+OpenBSD 6.4 - December 28, 2018
diff --git a/docs/usage.md b/docs/usage.md
index f67ca1d..bb22e64 100644
--- a/docs/usage.md
+++ b/docs/usage.md
@@ -1,162 +1,207 @@
+BKCTLD(8) - System Manager's Manual
+
 # NAME
 
-bkctld - tool to manage evobackup jail
+**bkctld** - tool to manage evobackup jails
 
 # SYNOPSIS
 
-~~~
-bkctld <command> [<args>]
-~~~
+**bkctld**
+\[*operand...*]
 
 # DESCRIPTION
 
-bkctld is a shell script that creates and manages a backup server
+**bkctld**
+is a shell script that creates and manages a backup server
 which can handle the backups of many other servers (clients).
-It uses OPENSSH and chroot's to sandbox every client's backups.
-Each client will upload it's data every day using rsync in it's chroot
+
+It uses
+ssh(1)
+and
+chroot(8)
+to sandbox every client's backups.
+Each client will upload it's data every day
+using
+rsync(1)
+in it's
+chroot(8)
 (using the root account).
 
-Prior backups are stored incrementally outside of the chroot
-using hard links or BTRFS snapshots (So they can not be affected
-by the client). Which backups are kept over time can be configured in the jail's nominal [incl.tpl](incrementals.md) configuration file. A large enough volume must be mounted on `/backup`, if the filesystem is formatted 
-with BTRFS, bkctld will use sub-volumes and snapshots to save space.
+Prior backups are stored incrementally outside of the
+chroot(8)
+using
+ln(1)
+hard links or BTRFS snapshots.
+(So they can not be affected by the client),
+which backups are kept over time can be configured in the jail's nominal
+evobackup-incl(5)
+configuration file.
 
-It's default settings can be overridden in the [configuration file](configuration.md).
+A large enough volume must be mounted on
+*/backup*,
+if the filesystem is formatted with BTRFS,
+**bkctld**
+will use sub-volumes and snapshots to save space.
 
-# BKCTLD COMMANDS
+It's default settings can be overridden in
+bkctld.conf(5)
+file.
 
-Create an evobackup jail :
+The following operands are available:
 
-~~~
-bkctld init <jailname>
-~~~
+**init** *jailname*
 
-Update an evobackup jail or all :
+> Create an evobackup jail
 
-~~~
-bkctld update <jailname>|all
-~~~
+**update** **all** | *jailname*
 
-Remove an evobackup jail or all :
+> Update an evobackup jail
 
-~~~
-bkctld remove <jailname>|all
-~~~
+**remove** **all** | *jailname*
 
-Start an evobackup jail or all :
+> Remove an evobackup jail
 
-~~~
-bkctld start <jailname>|all
-~~~
+**start** **all** | *jailname*
 
-Stop an evobackup jail or all :
+> Start an evobackup jail
 
-~~~
-bkctld stop <jailname>|all
-~~~
+**stop** **all** | *jailname*
 
-Reload an evobackup jail or all :
+> Stop an evobackup jail
 
-~~~
-bkctld reload <jailname>|all
-~~~
-        
-Restart an evobackup jail or all :
+**reload** **all** | *jailname*
 
-~~~
-bkctld restart <jailname>|all
-~~~
+> Reload an evobackup jail
 
-Sync an evobackup jail or all.
-Second server is defined by $NODE var in /etc/default/bkctld :
+**restart** **all** | *jailname*
 
-~~~
-bkctld sync <jailname>|all
-~~~
+> Restart an evobackup jail
 
-Print status of all evobackup jail or one jail :
+**sync** **all** | *jailname*
 
-~~~
-bkctld status [<jailname>]
-~~~
+> Sync an evobackup jail, the mirror server is defined by the
+> `$NODE`
+> variable in
+> */etc/default/bkctld*
 
-Print or set the SSH public key of an evobackup jail :
+**status** \[*jailname*]
 
-~~~
-bkctld key <jailname> [<keyfile>]
-~~~
+> Print the status of all jails or only
+> \[*jailname*].
 
-Print or set the SSH port of an evobackup jail.
-Auto to set next available port (last + 1) :
+**key** *jailname* \[*keyfile*]
 
-~~~
-bkctld port <jailname> [<ssh_port>|auto]
-~~~
+> Print or set the
+> ssh(1)
+> public key of an evobackup jail
 
-Print or set allowed IP of an evobackup jail.
-All for unrestricted access (default) :
+**port** *jailname* \[**auto** | *port*]
 
-~~~
-bkctld ip <jailname> [<ip>|all]
-~~~
+> Print or set the
+> ssh(1)
+> \[*port*]
+> of an evobackup jail.
+> Using
+> \[**auto**]
+> will set it to the next available port.
 
-Generate inc of an evobackup jail :
+**ip** *jailname* \[**all** | *address*]
 
-~~~
-bkctld inc
-~~~
+> Print or set the whitelisted IP
+> \[*address*]
+> for an evobackup jail.
+> \[**all**]
+> allows unrestricted access and is the default.
 
-Remove old inc of an evobackup jail :
+**inc**
 
-~~~
-bkctld rm
-~~~
+> Generate incremental backups
+
+**rm**
+
+> Remove old incremental backups
+
+# FILES
+
+*/usr/share/bkctld/bkctld.conf*
+
+> Template for
+> bkctld.conf(5)
+
+*/usr/share/bkctld/incl.tpl*
+
+> Default rules for the incremental backups are stored here.
+
+# EXAMPLES
 
-# CLIENT CONFIGURATION
 Before creating a jail and backing up a client,
 the backup server administrator will need:
 
-* The host name of the client system.
-* The public RSA OpenSSH key for the root user of the client system,
-it is recommended the private key be password-less if automation is desired.
-* The IPv4 address of the client system is needed
-if the administrator wishes to maintain a whitelist,
-see the FIREWALL_RULES variable in [bkctld.conf](configuration.md)
+*	The host name of the client system.
+
+*	The public RSA
+	ssh(1)
+	key for the
+	"root"
+	user of the client system,
+	it is recommended the private key be password-less if automation is desired.
+
+*	The IPv4 address of the client system is needed
+	if the administrator wishes to maintain a whitelist,
+	see
+	*FIREWALL\_RULES*
+	in
+	bkctld.conf(5)
 
 He can then create the jail:
 
-```
-# bkctld init CLIENT_HOST_NAME
-# bkctld key CLIENT_HOST_NAME /root/CLIENT_HOST_NAME.pub
-# bkctld ip CLIENT_HOST_NAME CLIENT_IP_ADDRESS
-# bkctld start CLIENT_HOST_NAME
-# bkctld status CLIENT_HOST_NAME
-```
+	# bkctld init CLIENT_HOST_NAME
+	# bkctld key CLIENT_HOST_NAME /root/CLIENT_HOST_NAME.pub
+	# bkctld ip CLIENT_HOST_NAME CLIENT_IP_ADDRESS
+	# bkctld start CLIENT_HOST_NAME
+	# bkctld status CLIENT_HOST_NAME
 
-And override the default [incremental](incrementals.md) rules
+And override the default
+evobackup-incl(5)
+rules
 
-```
-# $EDITOR /etc/evobackup/CLIENT_HOST_NAME
-```
+	# $EDITOR /etc/evobackup/CLIENT_HOST_NAME
 
-To sync itself, the client server will need to install rsync.
+To sync itself,
+the client server will need to install
+rsync(1).
 It can then be run manually:
 
-```
-# rsync -av -e "ssh -p JAIL_PORT" /home/ root@BACKUP_SERVER:/var/backup/home/
-```
+	# rsync -av -e "ssh -p JAIL_PORT" /home/ root@BACKUP_SERVER:/var/backup/home/
 
 If a more automated setup is required,
-a script can be written in any programming language. In this case,
+a script can be written in any programming language.
+In this case,
 it may be useful to validate the backup server's identity before hand.
 
-```
-# ssh -p JAIL_PORT BACKUP_SERVER
-```
+	# ssh -p JAIL_PORT BACKUP_SERVER
 
-A bash example to be run under the root user's crontab
-can be found in the  [source repository](https://gitea.evolix.org/evolix/evobackup/src/branch/master/zzz_evobackup)
+A
+bash(1)
+example to be run under the
+"root"
+user's
+crontab(5)
+can be found in the
+[source repository](https://gitea.evolix.org/evolix/evobackup/src/branch/master/zzz_evobackup)
 
 # SEE ALSO
 
-rsync(1), sshd(8), chroot(8).
+rsync(1),
+ssh-keygen(1),
+bkctld(5),
+evobackup-incl(5),
+chroot(8),
+cron(8),
+sshd(8)
+
+# AUTHORS
+
+Victor Laborie
+
+OpenBSD 6.4 - December 27, 2018
diff --git a/evobackup-incl.5 b/evobackup-incl.5
new file mode 100644
index 0000000..48f5453
--- /dev/null
+++ b/evobackup-incl.5
@@ -0,0 +1,79 @@
+.Dd December 28, 2018
+.Dt EVOBACKUP-INCL 5
+.Os
+.Sh NAME
+.Nm evobackup-incl
+.Nd incremental backup configuration
+.Sh SYNOPSIS
+.D1 +%Y-%m-%d.-%day
+.Sh DESCRIPTION
+Located by default in
+.Pa /etc/evobackup/ ,
+each
+.Nm
+file is named after the
+.Xr bkctld 8
+backup for which the rules it contains must apply.
+.Pp
+The rules it defines decide which incremental backups are kept when running
+.Bd -literal -offset indent
+# bkctld rm
+.Ed
+.Pp
+Each line defines a single rule.
+The first part of the rule describes when the backup was taken,
+the second part decides how long to keep it.
+Lines beginning with the
+.Sq #
+character are comments and are ignored.
+The order of the rules does not matter.
+.Pp
+Evobackups that do not have their nominal
+.Nm
+file use the default rules defined in
+.Pa /usr/share/bkctld/inc.tpl
+.Sh EXAMPLES
+Keep today's backup:
+.Bd -literal -offset indent
++%Y-%m-%d.-0day
+.Ed
+.Pp
+Keep yesterday's backup:
+.Bd -literal -offset indent
++%Y-%m-%d.-1day
+.Ed
+.Pp
+Keep the first day of this month:
+.Bd -literal -offset indent
++%Y-%m-01.-0month
+.Ed
+.Pp
+Keep the first day of last month:
+.Bd -literal -offset indent
++%Y-%m-01.-1month
+.Ed
+.Pp
+Keep backups for every 15 days:
+.Bd -literal -offset indent
++%Y-%m-01.-1month
++%Y-%m-15.-1month
+.Ed
+.Pp
+Keep a backup of the first day of january:
+.Bd -literal -offset indent
++%Y-01-01.-1month
+.Ed
+.Pp
+Keep backups of the last 4 days and the first day of the last 2 months:
+.Bd -literal -offset indent
++%Y-%m-%d.-0day
++%Y-%m-%d.-1day
++%Y-%m-%d.-2day
++%Y-%m-%d.-3day
++%Y-%m-01.-0month
++%Y-%m-01.-1month
+.Ed
+.Sh SEE ALSO
+.Xr bkctld 8 ,
+.Xr cron 8 ,
+.Pa /etc/evobackup/tpl/inc.tpl
\ No newline at end of file

From 15fa2dab0f656804d2264c695d81396a64dd6111 Mon Sep 17 00:00:00 2001
From: Patrick Marchand <pmarchand+git@evolix.ca>
Date: Wed, 2 Jan 2019 12:13:38 -0500
Subject: [PATCH 02/26] Improved documentation for example script

Added the description of variables to change into the zzz_evobackup
script comments and updated the path to the repository.
---
 zzz_evobackup | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/zzz_evobackup b/zzz_evobackup
index 6ac5a75..5524448 100755
--- a/zzz_evobackup
+++ b/zzz_evobackup
@@ -1,12 +1,20 @@
 #!/bin/sh
 #
 # Script Evobackup client
-# See https://forge.evolix.org/projects/evobackup
+# See https://gitea.evolix.org/evolix/evobackup
 # 
 # Author: Gregory Colpart <reg@evolix.fr>
 # Contributor: Romain Dessort <rdessort@evolix.fr>, Benoît Série <bserie@evolix.fr>, Tristan Pilat <tpilat@evolix.fr>, Victor Laborie <vlaborie@evolix.fr>,  Jérémy Lecour <jlecour@evolix.fr>
 # Licence: AGPLv3
 #
+# The following variables must be changed:
+# SSH_PORT: The Port used for the ssh(1) jail on the backup server
+# MAIL: The email address to send notifications to.
+# SRV: The hostname or IP address of the backup server.
+# 
+# You must then uncomment the various
+# examples that best suit your case
+#
 
 PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin
 

From 3af8ac1510dfc467c150aa408e08e307d4eafc35 Mon Sep 17 00:00:00 2001
From: Patrick Marchand <pmarchand+git@evolix.ca>
Date: Wed, 2 Jan 2019 12:20:41 -0500
Subject: [PATCH 03/26] Improved README.md and adjacent files.

 * Fixed the english in README.md and docs/debian.md
 * Moved installation instructions from README.md to docs/install.md
 * Reworked the rest of README.md
 * Added a few comments to bkctld.conf
---
 README.md       | 98 ++++++++++++++++++++-----------------------------
 bkctld.conf     |  5 ++-
 docs/debian.md  |  5 ++-
 docs/install.md | 47 ++++++++++++++++++++++++
 4 files changed, 93 insertions(+), 62 deletions(-)
 create mode 100644 docs/install.md

diff --git a/README.md b/README.md
index 5f77184..8e7e9c2 100644
--- a/README.md
+++ b/README.md
@@ -1,15 +1,18 @@
 Bkctld (aka evobackup)
 =========
 
-Bkctld is a shell script to create and manage a backup server which will
-handle the backup of many servers (clients). Licence is AGPLv3.
+Bkctld is a shell script that creates and manages a backup server
+which can handle the backups of many other servers (clients). It
+is licensed under the AGPLv3.
 
-The main principle uses SSH chroot (called "jails" in the FreeBSD
-world) for each client to backup. Each client will upload his data every day
-using rsync in his chroot (using root account).
-Incrementals are stored outside of the chroot using hard links or btrfs snapshots.
-(So incrementals are not available for clients). Using this method we can keep tens 
-of backup of each client securely and not using too much space.
+It uses SSH chroots (called "jails" in the FreeBSD world) to sandbox
+every clients backups. Each client will upload it's data every day
+using rsync in it's chroot (using the root account).  Prior backups
+are stored incrementally outside of the chroot using hard links or
+BTRFS snapshots.  (So they can not be affected by the client). 
+
+Using this method, we can keep a large quantity of backups of each
+client securely and efficiently.
 
 ~~~
                                     Backup server
@@ -20,56 +23,23 @@ Server 2 ------ SSH/rsync ------->  * tcp/2223 *
                                     ************
 ~~~
 
-This method uses standard tools (ssh, rsync, cp -al, btrfs subvolume). EvoBackup 
-is used for many years by Evolix for back up each day hundreds of servers which
- uses many terabytes of data.
+This method uses standard tools (ssh, rsync, cp -al, btrfs subvolume)
+and has been used for many years by Evolix to backup hundreds of
+servers, totaling many terabytes of data, each day.  bkctld has
+been tested on Debian Jessie and should be compatible with other
+Debian versions or derived distributions like Ubuntu.
 
-bkctld was test on Debian Jessie. It can be compatible with other Debian version
-or derivated distribution like Ubuntu or Debian Wheezy.
-
-A big size volume must be mount on /backup, we recommend usage of **btrfs** for
-subvolume and snapshot fonctionnality.
-This volume can be encrypted by **luks** for security reason.
+A large enough volume must be mounted on `/backup`, we recommend
+the usage of **BTRFS** so you can use sub-volumes and snapshots.
+This volume can also be encrypted with **LUKS**.
 
 ## Install
 
-A Debian package is available in Evolix repository
+See the [installation guide](docs/install.md) for instructions.
 
-~~~
-echo "http://pub.evolix.net/ jessie/" >> /etc/apt/sources.list
-apt update
-apt install bkctld
-~~~
+## Testing
 
-### Chroot dependency
-
-Chroot jail use part of this package
-
-~~~
-apt install bash coreutils sed dash mount rsync openssh-server openssh-sftp-server libc6-i386 libc6
-~~~
-
-#### Install cron for incremental backup
-
-Edit root crontab
-
-~~~
-crontab -e
-~~~
-
-Add this ligne
-
-~~~
-30 10 * * * /usr/sbin/bkctld inc && /usr/sbin/bkctld rm
-~~~ 
-
-> **Notes :**
-> If you want mutiples backups in a day (1 by hour maximum) you can run `bkctld inc` multiples times
-> If you want keep incremental backup **for ever**, you just need don't run `bkctld rm`
-
-## Test
-
-You can deploy tests environmments with Vagrant :
+You can deploy test environments with Vagrant :
 
 ~~~
 vagrant up
@@ -77,7 +47,8 @@ vagrant up
 
 ### Deployment
 
-Launch rsync-auto in a terminal for automatic synchronisation of your local code with Vagrant VM :
+Launch rsync-auto in a terminal for automatic synchronization of
+your local code with Vagrant VM :
 
 ~~~
 vagrant rsync-auto
@@ -85,7 +56,8 @@ vagrant rsync-auto
 
 ### Bats
 
-You can run [bats](https://github.com/sstephenson/bats) test with *test* provisionner :
+You can run [bats](https://github.com/sstephenson/bats) tests with
+the *test* provision :
 
 ~~~
 vagrant provision --provision-with test
@@ -95,21 +67,31 @@ vagrant provision --provision-with test
 
 See [docs/usage.md](docs/usage.md).
 
-Man page, in roff language, can be generated with pandoc :
+The man(1) page, in troff(7) language, can be generated with pandoc:
 
 ~~~
-pandoc -f markdown -t man usage.md --template default.man -V title=bkctld -V section=8 -V date="$(date '+%d %b %Y')" -V footer="$(git describe --tags)" -V header="bkctld man page"
+pandoc -f markdown \
+	-t man usage.md \
+	--template default.man \
+	-V title=bkctld \
+	-V section=8 \
+	-V date="$(date '+%d %b %Y')" \
+	-V footer="$(git describe --tags)" \
+	-V header="bkctld man page"
 ~~~
 
 #### Client configuration
 
-You can save various systems on evobackup jail :  Linux, BSD, Windows, MacOSX. Only prequisites is rsync command.
+You can save various systems in the evobackup jails :  Linux, BSD,
+Windows, MacOSX. The only prerequisite is the rsync command.
 
 ~~~
 rsync -av -e "ssh -p SSH_PORT" /home/ root@SERVER_NAME:/var/backup/home/
 ~~~
 
-An example script is present in zzz_evobackup, clone evobackup repo and read **CLIENT CONFIGURATION** section of the manual.
+An example synchronization script is present in `zzz_evobackup`,
+clone the evobackup repository and read the **CLIENT CONFIGURATION**
+section of the manual.
 
 ~~~
 git clone https://forge.evolix.org/evobackup.git
diff --git a/bkctld.conf b/bkctld.conf
index b876241..ddcb872 100644
--- a/bkctld.conf
+++ b/bkctld.conf
@@ -1,4 +1,5 @@
-# Defaults for bkctld command (evobackup)
+# bkctld.conf(5)
+# Defaults for bkctld(8) command (evobackup)
 # sourced by /usr/sbin/bkctld and /etc/init.d/bkctld
 
 #CONFDIR='/etc/evobackup'
@@ -10,5 +11,5 @@
 #SSHD_PID='/var/run/sshd.pid'
 #SSHD_CONFIG='/etc/ssh/sshd_config'
 #AUTHORIZED_KEYS='/root/.ssh/authorized_keys'
-#FIREWALL_RULES='/etc/firewall.rc.jails'
+#FIREWALL_RULES=''
 #LOGLEVEL=6
diff --git a/docs/debian.md b/docs/debian.md
index ddcc1b3..e99b0cf 100644
--- a/docs/debian.md
+++ b/docs/debian.md
@@ -1,6 +1,7 @@
 # Debian Package
 
-**bkctld** package can be build from the **debian** branch of this Git repository with git-buildpackage and sbuild.
+The **bkctld** package can be built from the **debian** branch of
+this git repository with git-buildpackage and sbuild.
 
 ## Dependencies
 
@@ -37,7 +38,7 @@ sbuild-createchroot --include=eatmydata,ccache,gnupg unstable /srv/chroot/sid ht
 
 ## Build
 
-You must be in **debian** branch :
+You must be in the **debian** branch :
 
 ~~~
 git checkout debian
diff --git a/docs/install.md b/docs/install.md
new file mode 100644
index 0000000..22d3aed
--- /dev/null
+++ b/docs/install.md
@@ -0,0 +1,47 @@
+# Install
+
+A Debian package is available in the Evolix repository
+
+~~~
+echo "http://pub.evolix.net/jessie/" >> /etc/apt/sources.list
+apt update
+apt install bkctld
+~~~
+
+Then edit `/etc//bkctld`
+
+## Chroot dependencies
+
+The chroot jails depend on these packages
+
+~~~
+apt install \
+	bash \
+	coreutils \
+	sed \
+	dash \
+	mount \
+	rsync \
+	openssh-server \
+	openssh-sftp-server \
+	libc6-i386 \
+	libc6
+~~~
+
+## Client dependencies
+
+The clients only require OpenSSH and rsync.
+
+### Cron job for incremental backups
+
+Edit the root crontab
+
+~~~
+# crontab -e
++ 30 10 * * * /usr/sbin/bkctld inc && /usr/sbin/bkctld rm
+~~~
+
+## Notes
+If you want mutiples backups in a day (1 by hour maximum) you can
+run `bkctld inc` multiples times, if you want to keep incremental
+backups **for ever**, just don't run `bkctld rm`.
\ No newline at end of file

From e960946285465cb1e3ae8f06a11b18d1b1ab4779 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Fri, 4 Jan 2019 13:51:05 +0100
Subject: [PATCH 04/26] Split bkctld into multiples scripts

---
 Vagrantfile        |   1 +
 bkctld             | 685 +++------------------------------------------
 lib/bkctld-check   |  67 +++++
 lib/bkctld-inc     |  23 ++
 lib/bkctld-init    |  29 ++
 lib/bkctld-ip      |   1 +
 lib/bkctld-key     |   1 +
 lib/bkctld-params  |  17 ++
 lib/bkctld-port    |   1 +
 lib/bkctld-reload  |  12 +
 lib/bkctld-remove  |  30 ++
 lib/bkctld-restart |  11 +
 lib/bkctld-rm      |  44 +++
 lib/bkctld-start   |  36 +++
 lib/bkctld-stats   |  23 ++
 lib/bkctld-status  |  17 ++
 lib/bkctld-stop    |  16 ++
 lib/bkctld-sync    |  21 ++
 lib/bkctld-update  |  11 +
 lib/config         |  23 ++
 lib/functions      | 133 +++++++++
 lib/logging        |  42 +++
 lib/mkjail         |  44 +++
 23 files changed, 648 insertions(+), 640 deletions(-)
 create mode 100755 lib/bkctld-check
 create mode 100755 lib/bkctld-inc
 create mode 100755 lib/bkctld-init
 create mode 120000 lib/bkctld-ip
 create mode 120000 lib/bkctld-key
 create mode 100755 lib/bkctld-params
 create mode 120000 lib/bkctld-port
 create mode 100755 lib/bkctld-reload
 create mode 100755 lib/bkctld-remove
 create mode 100755 lib/bkctld-restart
 create mode 100755 lib/bkctld-rm
 create mode 100755 lib/bkctld-start
 create mode 100755 lib/bkctld-stats
 create mode 100755 lib/bkctld-status
 create mode 100755 lib/bkctld-stop
 create mode 100755 lib/bkctld-sync
 create mode 100755 lib/bkctld-update
 create mode 100755 lib/config
 create mode 100755 lib/functions
 create mode 100755 lib/logging
 create mode 100755 lib/mkjail

diff --git a/Vagrantfile b/Vagrantfile
index 9fa28e9..66e0cd7 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -16,6 +16,7 @@ Vagrant.configure('2') do |config|
 
   $install = <<SCRIPT
 ln -fs /vagrant/bkctld /usr/sbin/bkctld
+ln -fs /vagrant/lib /usr/lib/bkctld
 ln -fs /vagrant/tpl /usr/share/bkctld
 ln -fs /vagrant/bash_completion /usr/share/bash-completion/completions/bkctld
 ln -fs /vagrant/bkctld.conf /etc/default/bkctld
diff --git a/bkctld b/bkctld
index 03a7a32..d1c01a7 100755
--- a/bkctld
+++ b/bkctld
@@ -10,652 +10,57 @@
 
 set -u
 
-usage(){
-    cat <<EOF
-Usage: $0 <subcommand> [options]
-Subcommands:
-    init        <jailname>                      Init jail <jailname>
-    update      <jailname>|all                  Update jail <jailname> or all
-    remove      <jailname>|all                  Remove jail <jailname> or all
-    start       <jailname>|all                  Start jail <jailname> or all
-    stop        <jailname>|all                  Stop jail <jailname> or all
-    reload      <jailname>|all                  Reload jail <jailname> or all
-    restart     <jailname>|all                  Restart jail <jailname> or all
-    sync        <jailname>|all                  Sync jail <jailname> or all to another node
-    status      [<jailname>]                    Print status of <jailname> (default all jail)
-    key         <jailname>      [<keyfile>]     Set or get ssh pubic key of <jailname>
-    port        <jailname>      [<port>|auto]   Set or get ssh port of <jailname>
-    ip          <jailname>      [<ip>|all]      Set or get allowed(s) ip(s) of <jailname>
-    inc                                         Make incremental inc of all jails
-    rm                                          Remove old incremtal inc of all jails
-    check                                       Run check on jails (NRPE output)
-    stats                                       Make and display stats on jails (size, lastconn)
+[ "$(id -u)" -ne 0 ] && error "You need to be root to run ${0} !"
 
-EOF
-}
+[ -d './lib' ] && LIBDIR='lib'
+[ -d '/usr/lib/bkctld' ] && LIBDIR='/usr/lib/bkctld'
+. "${LIBDIR}/config"
 
-## logging functions
+mkdir -p "${CONFDIR}" "${JAILDIR}" "${INCDIR}" "${INDEX_DIR}"
+subcommand="${1:-}"
+jail="${2:-}"
+option="${3:-}"
 
-debug() {
-    msg="${1:-$(cat /dev/stdin)}"
-    if [ "${LOGLEVEL}" -ge 7 ]; then
-        echo "${msg}"
-        logger -t bkctld -p daemon.debug "${msg}"
-    fi
-}
+[ -x "${LIBDIR}/bkctld-${subcommand}" ] || usage
 
-info() {
-    msg="${1:-$(cat /dev/stdin)}"
-    if [ "${LOGLEVEL}" -ge 6 ]; then
-        tty -s && echo "${msg}"
-        logger -t bkctld -p daemon.info "${msg}"
-    fi
-}
-
-notice() {
-    msg="${1:-$(cat /dev/stdin)}"
-    tty -s && echo "${msg}"
-    [ "${LOGLEVEL}" -ge 5 ] && logger -t bkctld -p daemon.notice "${msg}"
-}
-
-warning() {
-    msg="${1:-$(cat /dev/stdin)}"
-    tty -s && echo "WARNING : ${msg}" >&2
-    if [ "${LOGLEVEL}" -ge 4 ]; then
-        tty -s || echo "WARNING : ${msg}" >&2
-        logger -t bkctld -p daemon.warning "${msg}"
-    fi
-}
-
-error() {
-    msg="${1:-$(cat /dev/stdin)}"
-    tty -s && echo "ERROR : ${msg}" >&2
-    if [ "${LOGLEVEL}" -ge 5 ]; then
-        tty -s || echo "ERROR : ${msg}" >&2
-        logger -t bkctld -p daemon.error "${msg}"
-    fi
-    exit 1
-}
-
-## check functions
-
-check_jail() {
-    jail="${1}"
-    [ -d "${JAILDIR}/${jail}" ] && return 0
-    return 1
-}
-
-check_jail_on() {
-    jail="${1}"
-    return=1
-    if [ -f "${JAILDIR}/${jail}/${SSHD_PID}" ]; then
-        pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
-        ps -p "${pid}" > /dev/null && return=0
-    fi
-    if [ "${return}" -eq 1 ]; then
-        rm -f "${JAILDIR}/${jail}/${SSHD_PID}"
-        grep -q "${JAILDIR}/${jail}/proc" /proc/mounts && umount --lazy "${JAILDIR}/${jail}/proc/"
-        grep -q "${JAILDIR}/${jail}/dev" /proc/mounts && umount --lazy --recursive "${JAILDIR}/${jail}/dev"
-    fi
-    return "${return}"
-}
-
-## get functions : get info on jail
-
-get_port() {
-    jail="${1}"
-    port=$(grep -E "Port [0-9]+" "${JAILDIR}/${jail}/${SSHD_CONFIG}"|grep -oE "[0-9]+")
-    echo "${port}"
-}
-
-get_key() {
-    jail="${1}"
-    if [ -f "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}" ]; then
-        cat "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
-    fi
-}
-
-get_ip() {
-    jail="${1}"
-    grep -E "^AllowUsers" "${JAILDIR}/$jail/${SSHD_CONFIG}"|grep -Eo "root@[^ ]+"| while read allow; do
-        echo "${allow}"|cut -d'@' -f2
-    done
-}
-
-get_inc() {
-    jail="${1}"
-    inc="0"
-        if [ -f "${CONFDIR}/${jail}" ]; then
-            day=$(grep -c "day" "${CONFDIR}/${jail}")
-            month=$(grep -c "month" "${CONFDIR}/${jail}")
-            inc="${day}/${month}"
-        fi
-    echo "${inc}"
-}
-
-## set functions : set info on jail
-
-set_port() {
-    jail="${1}"
-    port="${2}"
-    if [ "${port}" = "auto" ]; then
-        port=$(grep -h Port "${JAILDIR}"/*/"${SSHD_CONFIG}" 2>/dev/null | grep -Eo "[0-9]+" | sort -n | tail -1)
-        port=$((port+1))
-        [ "${port}" -le 1 ] && port=2222
-    fi
-    sed -i "s/^Port .*/Port ${port}/" "${JAILDIR}/$jail/${SSHD_CONFIG}"
-    set_firewall "${jail}"
-}
-
-set_key() {
-    jail="${1}"
-    keyfile="${2}"
-    [ -e "${keyfile}" ] || error "Keyfile ${keyfile} dosen't exist !"
-    cat "${keyfile}" > "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
-    chmod 600 "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
-}
-
-set_ip() {
-    jail="${1}"
-    ip="${2}"
-    if [ "${ip}" = "all" ] || [ "${ip}" = "0.0.0.0/0" ]; then
-        ips="0.0.0.0/0"
+case "${subcommand}" in
+    "inc" | "rm" | "check" | "stats")
+        "${LIBDIR}/bkctld-${subcommand}"
+    ;;
+        "init")
+        "${LIBDIR}/bkctld-${subcommand}" "${jail}"
+    ;;
+    "key" | "port" | "ip")
+        "${LIBDIR}/bkctld-params" "${jail}" "${subcommand}" "${option}"
+    ;;
+    "start" | "stop" | "reload" | "restart" | "sync" | "update" | "remove")
+    if [ "${jail}" = "all" ]; then
+        jails=$(ls "${JAILDIR}")
+        for jail in ${jails}; do
+            case "${subcommand}" in
+                "start")
+                    check_jail_on "${jail}" || "${LIBDIR}/bkctld-${subcommand}" "${jail}"
+                ;;
+                "stop" | "reload" | "restart")
+                    check_jail_on "${jail}" && "${LIBDIR}/bkctld-${subcommand}" "${jail}"
+                ;;
+                *)
+                    "${LIBDIR}/bkctld-${subcommand}" "${jail}"
+                ;;
+            esac
+                done
     else
-        ips=$(get_ip "${jail}")
-        ips=$(echo "${ips}" "${ip}"|xargs -n1|grep -v "0.0.0.0/0"|sort|uniq)
+        "${LIBDIR}/bkctld-${subcommand}" "${jail}"
     fi
-    allow="AllowUsers"
-    for ip in $ips; do
-        allow="${allow} root@${ip}"
-    done
-    sed -i "s~^AllowUsers .*~${allow}~" "${JAILDIR}/$jail/${SSHD_CONFIG}"
-    set_firewall "${jail}"
-}
-
-set_firewall() {
-    jail="${1}"
-    if [ -n "${FIREWALL_RULES}" ]; then
-        if [ -f "${FIREWALL_RULES}" ]; then
-            sed -i "/#${jail}$/d" "${FIREWALL_RULES}"
-        fi
-        if ( check_jail "${jail}" ); then
-            port=$(get_port "${jail}")
-            for ip in $(get_ip "${jail}"); do
-                echo "/sbin/iptables -A INPUT -p tcp --sport 1024: --dport ${port} -s ${ip} -j ACCEPT #${jail}" >> "${FIREWALL_RULES}"
-            done
-            if [ -f /etc/init.d/minifirewall ]; then
-                /etc/init.d/minifirewall restart >/dev/null
-            fi
-        fi
-    fi
-}
-
-## mk_jail function : create or update a jail
-
-mk_jail() {
-    jail="${1}"
-    passwd="${TPLDIR}/passwd"
-    shadow="${TPLDIR}/shadow"
-    group="${TPLDIR}/group"
-    sshrc="${TPLDIR}/sshrc"
-    [ -f "${LOCALTPLDIR}/passwd" ] && passwd="${LOCALTPLDIR}/passwd"
-    [ -f "${LOCALTPLDIR}/shadow" ] && shadow="${LOCALTPLDIR}/shadow"
-    [ -f "${LOCALTPLDIR}/group" ] && group="${LOCALTPLDIR}/group"
-    [ -f "${LOCALTPLDIR}/sshrc" ] && group="${LOCALTPLDIR}/sshrc"
-    umask 077
-
-    info "1 - Creating the chroot"
-    cd "${JAILDIR}/${jail}"
-    rm -rf bin lib lib64 run usr var/run etc/ssh/*key
-    mkdir -p dev proc
-    mkdir -p usr/bin usr/sbin usr/lib usr/lib/x86_64-linux-gnu usr/lib/openssh usr/lib64
-    mkdir -p etc/ssh var/log run/sshd
-    mkdir -p root/.ssh var/backup -m 0700
-    ln -s usr/bin bin
-    ln -s usr/lib lib
-    ln -s usr/lib64 lib64
-    ln -st var ../run
-    touch var/log/lastlog var/log/wtmp run/utmp
-
-    info "2 - Copying essential files"
-    [ -f /etc/ssh/ssh_host_rsa_key ] && cp /etc/ssh/ssh_host_rsa_key etc/ssh
-    [ -f /etc/ssh/ssh_host_ecdsa_key ] && cp /etc/ssh/ssh_host_ecdsa_key etc/ssh
-    [ -f /etc/ssh/ssh_host_ed25519_key ] && cp /etc/ssh/ssh_host_ed25519_key etc/ssh
-    cp "${passwd}" etc
-    cp "${shadow}" etc
-    cp "${group}" etc
-    cp "${sshrc}" etc/ssh
-
-    info "3 - Copying binaries"
-    cp -f /lib/ld-linux.so.2 lib 2>/dev/null || cp -f /lib64/ld-linux-x86-64.so.2 lib64
-    cp /lib/x86_64-linux-gnu/libnss* lib/x86_64-linux-gnu
-
-    for dbin in /bin/sh /bin/ls /bin/mkdir /bin/cat /bin/rm /bin/sed /usr/bin/rsync /usr/bin/lastlog /usr/bin/touch /usr/sbin/sshd /usr/lib/openssh/sftp-server; do
-        cp -f "${dbin}" "${JAILDIR}/${jail}/${dbin}";
-        for lib in $(ldd "${dbin}" | grep -Eo "/.*so.[0-9\.]+"); do
-            cp -p "${lib}" "${JAILDIR}/${jail}/${lib}"
+    ;;
+    "status")
+    if [ -z "${jail}" ]; then
+        jails=$(ls "${JAILDIR}")
+        for jail in ${jails}; do
+            "${LIBDIR}/bkctld-${subcommand}" "${jail}"
         done
-    done
-}
-
-## sub functions : functions call by subcommand
-  
-sub_init() {
-    jail="${1}"
-    sshd_config="${TPLDIR}/sshd_config"
-    inctpl="${TPLDIR}/inc.tpl"
-    [ -f "${LOCALTPLDIR}/sshd_config" ] && sshd_config="${LOCALTPLDIR}/sshd_config"
-    [ -f "${LOCALTPLDIR}/inc.tpl" ] && inctpl="${LOCALTPLDIR}/inc.tpl"
-    check_jail "${jail}" && error "${jail} : trying to create existant jail"
-
-    rootdir=$(dirname "${JAILDIR}")
-    rootdir_inode=$(stat --format=%i "${rootdir}")
-    jaildir_inode=$(stat --format=%i "${JAILDIR}")
-    if [ "${rootdir_inode}" -eq 256 ] || [ "${jaildir_inode}" -eq 256 ]; then
-        /bin/btrfs subvolume create "${JAILDIR}/${jail}"
     else
-        mkdir -p "${JAILDIR}/${jail}"
+        "${LIBDIR}/bkctld-${subcommand}" "${jail}"
     fi
-    mk_jail "${jail}"
-    info "4 - Copie default sshd_config"
-    install -m 0640 "${sshd_config}" "${JAILDIR}/${jail}/${SSHD_CONFIG}"
-    info "5 - Set usable sshd port"
-    set_port "${jail}" auto
-    info "6 - Copie default inc configuration"
-    install -m 0640 "${inctpl}" "${CONFDIR}/${jail}"
-    notice "${jail} : created jail"
-}
-
-sub_update() {
-    jail="${1}"
-    check_jail "${jail}" || error "${jail} : trying to update inexistant jail"
-    check_jail_on "${jail}" && sub_stop "${jail}"
-
-    mk_jail "${jail}"
-    notice "${jail} : updated jail"
-}
-
-sub_remove() {
-    jail="${1}"
-    check_jail "${jail}" || error "${jail} : trying to remove inexistant jail"
-
-    check_jail_on "${jail}" && sub_stop "${jail}"
-    
-    rm -f "${CONFDIR}/${jail}"
-    jail_inode=$(stat --format=%i "${JAILDIR}/${jail}")
-    if [ "${jail_inode}" -eq 256 ]; then
-        /bin/btrfs subvolume delete "${JAILDIR}/${jail}" | debug
-    else
-        rm -rf "${JAILDIR}/${jail}" | debug
-    fi
-    if [ -d  "${INCDIR}/${jail}" ]; then
-        incs=$(ls "${INCDIR}/${jail}")
-        for inc in ${incs}; do
-            inc_inode=$(stat --format=%i "${INCDIR}/${jail}/${inc}")
-            if [ "${inc_inode}" -eq 256 ]; then
-                /bin/btrfs subvolume delete "${INCDIR}/${jail}/${inc}" | debug
-            else
-                warning "You need to purge ${INCDIR}/${jail}/${inc} manually !"
-            fi
-        done
-        rmdir --ignore-fail-on-non-empty "${INCDIR}/${jail}" | debug
-    fi
-    set_firewall "${jail}"
-    notice "${jail} : deleted jail"
-}
-
-sub_start() {
-    jail="${1}"
-    check_jail "${jail}" || error "${jail} : trying to start inexistant jail"
-    check_jail_on "${jail}" && error "${jail} : trying to start already running jail"
-
-    cd "${JAILDIR}/${jail}"
-    grep -q "${JAILDIR}/${jail}/proc" /proc/mounts || mount -t proc "proc-${jail}" proc
-    grep -q "${JAILDIR}/${jail}/dev" /proc/mounts || mount -nt tmpfs "dev-${jail}" dev
-    [ -e "dev/console" ] || mknod -m 622 dev/console c 5 1
-    [ -e "dev/null" ] || mknod -m 666 dev/null c 1 3
-    [ -e "dev/zero" ] || mknod -m 666 dev/zero c 1 5
-    [ -e "dev/ptmx" ] || mknod -m 666 dev/ptmx c 5 2
-    [ -e "dev/tty" ] || mknod -m 666 dev/tty c 5 0
-    [ -e "dev/random" ] || mknod -m 444 dev/random c 1 8
-    [ -e "dev/urandom" ] || mknod -m 444 dev/urandom c 1 9
-    chown root:tty dev/console dev/ptmx dev/tty
-    ln -fs proc/self/fd dev/fd
-    ln -fs proc/self/fd/0 dev/stdin
-    ln -fs proc/self/fd/1 dev/stdout
-    ln -fs proc/self/fd/2 dev/stderr
-    ln -fs proc/kcore dev/core
-    mkdir -p dev/pts
-    mkdir -p dev/shm
-    grep -q "${JAILDIR}/${jail}/dev/pts" /proc/mounts || mount -t devpts -o gid=4,mode=620 none dev/pts
-    grep -q "${JAILDIR}/${jail}/dev/shm" /proc/mounts || mount -t tmpfs none dev/shm
-    chroot "${JAILDIR}/${jail}" /usr/sbin/sshd -E /var/log/authlog || error "${jail} : error on starting sshd"
-    pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
-    notice "${jail} was started [${pid}]"
-}
-
-sub_stop() {
-    jail="${1}"
-    check_jail "${jail}" || error "${jail} : trying to stop inexistant jail"
-    check_jail_on "${jail}" || error "${jail} : trying to stop not running jail"
-
-    pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
-    for conn in $(ps --ppid "${pid}" -o pid=); do
-        kill "${conn}"
-    done
-    kill "${pid}" && notice "${jail} was stopped [${pid}]"
-    umount --lazy --recursive "${JAILDIR}/${jail}/dev"
-    umount --lazy "${JAILDIR}/${jail}/proc/"
-}
-
-sub_reload() {
-    jail="${1}"
-    check_jail "${jail}" || error "${jail} : trying to reload inexistant jail"
-    check_jail_on "${jail}" || error "${jail} : trying to reload not running jail"
-
-    pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
-
-    kill -HUP "${pid}" && notice "${jail} was reloaded [${pid}]"
-}
-
-sub_status() {
-    jail="${1}"
-    check_jail "${jail}" || error "${jail} : inexistant jail ! Use '$0 status' for list all"
-
-    inc=$(get_inc "${jail}")
-    if ( check_jail_on "${jail}" ); then
-        status="ON "
-    else
-        status="OFF"
-    fi
-    port=$(get_port "${jail}")
-    ip=$(get_ip "${jail}"|xargs|tr -s ' ' ',')
-    echo "${jail} ${status} ${port} ${inc} ${ip}" | awk '{ printf("%- 30s %- 10s %- 10s %- 10s %- 40s\n", $1, $2, $3, $4, $5); }'
-}
-
-sub_params() {
-    jail="${1}"
-    params="${2}"
-    option="${3}"
-    check_jail "${jail}" || error "${jail} : inexistant jail'"
-
-    if [ -z "${option}" ]; then
-        "get_${params}" "${jail}"
-    else
-        "set_${params}" "${jail}" "${option}"
-        check_jail_on "${jail}" && sub_reload "${jail}"
-        notice "${jail} : update ${params} => ${option}"
-    fi
-}
-
-sub_sync() {
-    jail="${1}"
-    check_jail "${jail}" || error "${jail} : trying to sync inexistant jail"
-
-    [ -n "${NODE}" ] || error "Sync need config of \$NODE in /etc/default/bkctld !"
-
-    jail="${1}"
-    ssh "${NODE}" bkctld init "${jail}" | debug
-    rsync -a "${JAILDIR}/${jail}/" "${NODE}:${JAILDIR}/${jail}/" --exclude proc/* --exclude sys/* --exclude dev/* --exclude run --exclude var/backup/*
-    rsync -a "${CONFDIR}/${jail}" "${NODE}:${CONFDIR}/${jail}"
-    if ( check_jail_on "${jail}" ); then
-        ssh "${NODE}" bkctld start "${jail}" | debug
-    fi
-    if [ -n "${FIREWALL_RULES}" ]; then
-        rsync -a "${FIREWALL_RULES}" "${NODE}:${FIREWALL_RULES}"
-        ssh "${NODE}" /etc/init.d/minifirewall restart | debug
-    fi
-}
-
-sub_inc() {
-    date=$(date +"%Y-%m-%d-%H")
-    jails=$(ls "${JAILDIR}")
-    for jail in ${jails}; do
-        inc="${INCDIR}/${jail}/${date}"
-        mkdir -p "${INCDIR}/${jail}"
-        if [ ! -d "${inc}" ]; then
-            start=$(date +"%H:%M:%S")
-            jail_inode=$(stat --format=%i "${JAILDIR}/${jail}")
-            if [ "$jail_inode" -eq 256 ]; then
-                /bin/btrfs subvolume snapshot -r "${JAILDIR}/${jail}" "${inc}" | debug
-            else
-                cp -alx "${JAILDIR}/${jail}/" "${inc}" | debug
-            fi
-            end=$(date +"%H:%M:%S")
-            notice "${jail} : made ${date} inc [${start}/${end}]"
-        else
-            warning "${jail} : trying to made already existant inc"
-        fi
-    done
-}
-
-sub_rm() {
-    empty="/tmp/bkctld-${$}-$(date +%N))"
-    mkdir "${empty}"
-    pidfile="/var/run/bkctld-rm.pid"
-    if [ -f "${pidfile}" ]; then
-        pid=$(cat "${pidfile}")
-        ps -u "${pid}" >/dev/null
-        if [ "${?}" -eq 0 ]; then
-            kill -9 "${pid}"
-            warning "${0} rm always run (PID ${pid}), killed by ${$} !"
-        fi
-        rm "${pidfile}"
-        fi
-    echo "${$}" > "${pidfile}"
-    jails=$(ls "${JAILDIR}")
-    for jail in ${jails}; do
-        incs=$(ls "${INCDIR}/${jail}")
-        if [ -f "${CONFDIR}/${jail}" ]; then
-            keepfile="${CONFDIR}/.keep-${jail}"
-            while read j; do
-                date=$( echo "${j}" | cut -d. -f1 )
-                before=$( echo "${j}" | cut -d. -f2 )
-                date -d "$(date "${date}") ${before}" "+%Y-%m-%d"
-            done < "${CONFDIR}/${jail}" > "${keepfile}"
-            for j in $(echo "${incs}" | grep -v -f "${keepfile}"); do
-                start=$(date +"%H:%M:%S")
-                inc_inode=$(stat --format=%i "${INCDIR}/${jail}/${j}")
-                if [ "${inc_inode}" -eq 256 ]; then
-                    /bin/btrfs subvolume delete "${INCDIR}/${jail}/${j}" | debug
-                else
-                    cd "${INCDIR}/${jail}"
-                    rsync -a --delete "${empty}/" "${j}/"
-                    rmdir "${j}"
-                fi
-                end=$(date +"%H:%M:%S")
-                notice "${jail} : deleted ${j} inc [${start}/${end}]"
-            done
-        fi
-    done
-    rmdir "${empty}"
-    rm "${pidfile}"
-}
-
-sub_check() {
-    cur_time=$(date "+%s")
-    return=0
-    nb_crit=0
-    nb_warn=0
-    nb_ok=0
-    nb_unkn=0
-    output=""
-
-    if [ -b "${BACKUP_DISK}" ]; then
-	cryptsetup isLuks "${BACKUP_DISK}"
-        if [ "$?" -eq 0 ]; then
-            if [ ! -b '/dev/mapper/backup' ]; then
-                echo "Luks disk ${BACKUP_DISK} is not mounted !\n"
-                echo "cryptsetup luksOpen ${BACKUP_DISK} backup"
-                exit 2
-            fi
-            BACKUP_DISK='/dev/mapper/backup'
-        fi
-        grep -qE "^${BACKUP_DISK} " /etc/mtab
-        if [ "$?" -ne 0 ]; then
-             echo "Backup disk ${BACKUP_DISK} is not mounted !\n"
-             echo "mount ${BACKUP_DISK} /backup"
-             exit 2
-        fi
-    fi
-
-    jails=$(ls "${JAILDIR}")
-    for jail in ${jails}; do
-        if [ -f "${JAILDIR}/${jail}/var/log/lastlog" ]; then
-            last_conn=$(stat --format=%Y "${JAILDIR}/${jail}/var/log/lastlog")
-            date_diff=$(( (cur_time - last_conn) / (60*60) ))
-            if [ "${date_diff}" -gt "${CRITICAL}" ]; then
-                nb_crit=$((nb_crit + 1))
-                output="${output}CRITICAL - ${jail} - ${date_diff} hours\n"
-                [ "${return}" -le 2 ] && return=2
-            elif [ "${date_diff}" -gt "${WARNING}" ]; then
-                nb_warn=$((nb_warn + 1))
-                output="${output}WARNING - ${jail} - ${date_diff} hours\n"
-                [ "${return}" -le 1 ] && return=1
-            else
-                nb_ok=$((nb_ok + 1))
-                output="${output}OK - ${jail} - ${date_diff} hours\n"
-            fi
-        else
-            nb_unkn=$((nb_unkn + 1))
-            output="${output}UNKNOWN - ${jail} doesn't have lastlog !\n"
-            [ "${return}" -le 3 ] && return=3
-        fi
-    done
-
-    [ "${return}" -ge 0 ] && header="OK"
-    [ "${return}" -ge 1 ] && header="WARNING"
-    [ "${return}" -ge 2 ] && header="CRITICAL"
-    [ "${return}" -ge 3 ] && header="UNKNOW"
-
-    printf "%s - %s UNK / %s CRIT / %s WARN / %s OK\n\n" "${header}" "${nb_unkn}" "${nb_crit}" "${nb_warn}" "${nb_ok}"
-
-    printf "${output}" | grep -E "^UNKNOW"
-    printf "${output}" | grep -E "^CRITICAL"
-    printf "${output}" | grep -E "^WARNING"
-    printf "${output}" | grep -E "^OK"
-
-    exit "${return}"
-}
-
-sub_stats() {
-    lsof "${IDX_FILE}" >/dev/null 2>&1 || nohup sh -s -- <<EOF >/dev/null 2>&1 &
-ionice -c3 "${DUC}" index -d "${IDX_FILE}" "${JAILDIR}"
-touch "${INDEX_DIR}/.lastrun.duc"
-EOF
-    [ ! -f "${INDEX_DIR}/.lastrun.duc" ] && notice "First run of DUC always in progress ..." && exit 0
-    [ ! -f ${IDX_FILE} ] && error "Index file do not exits !"
-    printf "Last update of index file : "
-    stat --format=%Y "${INDEX_DIR}/.lastrun.duc" | xargs -i -n1 date -R -d "@{}"
-    echo "<jail> <size> <incs> <lastconn>" | awk '{ printf("%- 30s %- 10s %- 10s %- 15s\n", $1, $2, $3, $4); }'
-    duc_output=$(mktemp)
-    stat_output=$(mktemp)
-    incs_output=$(mktemp)
-    trap "rm ${duc_output} ${incs_output} ${stat_output}" 0
-    "${DUC}" ls -d "${IDX_FILE}" "${JAILDIR}" > "${duc_output}"
-    awk '{ print $2 }' "${duc_output}" | while read jail; do
-        stat --format=%Y "/backup/jails/${jail}/var/log/lastlog" | xargs -i -n1 date -d "@{}" "+%d-%m-%Y" >> "${stat_output}"
-        get_inc "${jail}" >> "${incs_output}"
-    done
-    paste "${duc_output}" "${incs_output}" "${stat_output}" | awk '{ printf("%- 30s %- 10s %- 10s %- 15s\n", $2, $1, $3, $4); }'
-}
-
-## main function : check usage and valid params
-
-main() {
-    [ "$(id -u)" -ne 0 ] && error "You need to be root to run ${0} !"
-
-    [ -f /etc/default/bkctld ] && . /etc/default/bkctld
-    CONFDIR="${CONFDIR:-/etc/evobackup}"
-    BACKUP_DISK="${BACKUP_DISK:-}"
-    JAILDIR="${JAILDIR:-/backup/jails}"
-    INCDIR="${INCDIR:-/backup/incs}"
-    TPLDIR="${TPLDIR:-/usr/share/bkctld}"
-    INDEX_DIR="${INDEX_DIR:-/backup/index}"
-    IDX_FILE="${IDX_FILE:-${INDEX_DIR}/bkctld-jails.idx}"
-    LOCALTPLDIR="${LOCALTPLDIR:-/usr/local/share/bkctld}"
-    SSHD_PID="${SSHD_PID:-/run/sshd.pid}"
-    SSHD_CONFIG="${SSHD_CONFIG:-/etc/ssh/sshd_config}"
-    AUTHORIZED_KEYS="${AUTHORIZED_KEYS:-/root/.ssh/authorized_keys}"
-    FIREWALL_RULES="${FIREWALL_RULES:-}"
-    LOGLEVEL="${LOGLEVEL:-6}"
-    CRITICAL="${CRITICAL:-48}"
-    WARNING="${WARNING:-24}"
-    DUC=$(command -v duc-nox||command -v duc)
-    mkdir -p "${CONFDIR}" "${JAILDIR}" "${INCDIR}" "${INDEX_DIR}"
-    subcommand="${1:-}"
-    jail="${2:-}"
-    option="${3:-}"
-    case "${subcommand}" in
-        "" | "-h" | "--help")
-            usage
-            ;;
-        "inc" | "rm" | "check" | "stats")
-            "sub_${subcommand}"
-        ;;
-            "init")
-        if [ -n "${jail}" ]; then
-            "sub_${subcommand}" "${jail}"
-        else
-            usage
-        fi
-        ;;
-        "key" | "port" | "ip")
-        if [ -n "${jail}" ]; then
-            sub_params "${jail}" "${subcommand}" "${option}"
-        else
-            usage
-        fi
-        ;;
-        "start" | "stop" | "reload" | "restart" | "sync" | "update" | "remove")
-        if [ -n "${jail}" ]; then
-            if [ "${jail}" = "all" ]; then
-                jails=$(ls "${JAILDIR}")
-                for jail in ${jails}; do
-                    case "${subcommand}" in
-                        "start")
-                            check_jail_on "${jail}" || "sub_${subcommand}" "${jail}"
-                        ;;
-                        "stop" | "reload")
-                            check_jail_on "${jail}" && "sub_${subcommand}" "${jail}"
-                        ;;
-                        "restart")
-                            check_jail_on "${jail}" && sub_stop "${jail}"
-                            sub_start "${jail}"
-                        ;;
-                        *)
-                            "sub_${subcommand}" "${jail}"
-                        ;;
-                    esac
-                        done
-            else
-                if [ "${subcommand}" != "restart" ]; then
-                    "sub_${subcommand}" "${jail}"
-                else
-                    check_jail_on "${jail}" && sub_stop "${jail}"
-                    sub_start "${jail}"
-                fi
-            fi
-        else
-            usage
-        fi
-        ;;
-        "status")
-        if [ -z "${jail}" ]; then
-            jails=$(ls "${JAILDIR}")
-            for jail in ${jails}; do
-                "sub_${subcommand}" "${jail}"
-            done
-        else
-            "sub_${subcommand}" "${jail}"
-        fi
-        ;;
-        *)
-            shift
-            warning "'${subcommand}' is not a known subcommand." && usage
-            exit 1
-            ;;
-    esac
-}
-
-main "${@}"
+    ;;
+esac
diff --git a/lib/bkctld-check b/lib/bkctld-check
new file mode 100755
index 0000000..0e957b0
--- /dev/null
+++ b/lib/bkctld-check
@@ -0,0 +1,67 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+cur_time=$(date "+%s")
+return=0
+nb_crit=0
+nb_warn=0
+nb_ok=0
+nb_unkn=0
+output=""
+
+if [ -b "${BACKUP_DISK}" ]; then
+    cryptsetup isLuks "${BACKUP_DISK}"
+    if [ "$?" -eq 0 ]; then
+        if [ ! -b '/dev/mapper/backup' ]; then
+            echo "Luks disk ${BACKUP_DISK} is not mounted !\n"
+            echo "cryptsetup luksOpen ${BACKUP_DISK} backup"
+            exit 2
+        fi
+        BACKUP_DISK='/dev/mapper/backup'
+    fi
+    grep -qE "^${BACKUP_DISK} " /etc/mtab
+    if [ "$?" -ne 0 ]; then
+         echo "Backup disk ${BACKUP_DISK} is not mounted !\n"
+         echo "mount ${BACKUP_DISK} /backup"
+         exit 2
+    fi
+fi
+
+jails=$(ls "${JAILDIR}")
+for jail in ${jails}; do
+    if [ -f "${JAILDIR}/${jail}/var/log/lastlog" ]; then
+        last_conn=$(stat --format=%Y "${JAILDIR}/${jail}/var/log/lastlog")
+        date_diff=$(( (cur_time - last_conn) / (60*60) ))
+        if [ "${date_diff}" -gt "${CRITICAL}" ]; then
+            nb_crit=$((nb_crit + 1))
+            output="${output}CRITICAL - ${jail} - ${date_diff} hours\n"
+            [ "${return}" -le 2 ] && return=2
+        elif [ "${date_diff}" -gt "${WARNING}" ]; then
+            nb_warn=$((nb_warn + 1))
+            output="${output}WARNING - ${jail} - ${date_diff} hours\n"
+            [ "${return}" -le 1 ] && return=1
+        else
+            nb_ok=$((nb_ok + 1))
+            output="${output}OK - ${jail} - ${date_diff} hours\n"
+        fi
+    else
+        nb_unkn=$((nb_unkn + 1))
+        output="${output}UNKNOWN - ${jail} doesn't have lastlog !\n"
+        [ "${return}" -le 3 ] && return=3
+    fi
+done
+
+[ "${return}" -ge 0 ] && header="OK"
+[ "${return}" -ge 1 ] && header="WARNING"
+[ "${return}" -ge 2 ] && header="CRITICAL"
+[ "${return}" -ge 3 ] && header="UNKNOW"
+
+printf "%s - %s UNK / %s CRIT / %s WARN / %s OK\n\n" "${header}" "${nb_unkn}" "${nb_crit}" "${nb_warn}" "${nb_ok}"
+
+printf "${output}" | grep -E "^UNKNOW"
+printf "${output}" | grep -E "^CRITICAL"
+printf "${output}" | grep -E "^WARNING"
+printf "${output}" | grep -E "^OK"
+
+exit "${return}"
diff --git a/lib/bkctld-inc b/lib/bkctld-inc
new file mode 100755
index 0000000..f55a28c
--- /dev/null
+++ b/lib/bkctld-inc
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+date=$(date +"%Y-%m-%d-%H")
+jails=$(ls "${JAILDIR}")
+for jail in ${jails}; do
+    inc="${INCDIR}/${jail}/${date}"
+    mkdir -p "${INCDIR}/${jail}"
+    if [ ! -d "${inc}" ]; then
+        start=$(date +"%H:%M:%S")
+        jail_inode=$(stat --format=%i "${JAILDIR}/${jail}")
+        if [ "$jail_inode" -eq 256 ]; then
+            /bin/btrfs subvolume snapshot -r "${JAILDIR}/${jail}" "${inc}" | debug
+        else
+            cp -alx "${JAILDIR}/${jail}/" "${inc}" | debug
+        fi
+        end=$(date +"%H:%M:%S")
+        notice "${jail} : made ${date} inc [${start}/${end}]"
+    else
+        warning "${jail} : trying to made already existant inc"
+    fi
+done
diff --git a/lib/bkctld-init b/lib/bkctld-init
new file mode 100755
index 0000000..ddbe8ae
--- /dev/null
+++ b/lib/bkctld-init
@@ -0,0 +1,29 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+[ -n "${jail}" ] || usage
+check_jail "${jail}" && error "${jail} : trying to create existant jail"
+
+sshd_config="${TPLDIR}/sshd_config"
+inctpl="${TPLDIR}/inc.tpl"
+[ -f "${LOCALTPLDIR}/sshd_config" ] && sshd_config="${LOCALTPLDIR}/sshd_config"
+[ -f "${LOCALTPLDIR}/inc.tpl" ] && inctpl="${LOCALTPLDIR}/inc.tpl"
+
+rootdir=$(dirname "${JAILDIR}")
+rootdir_inode=$(stat --format=%i "${rootdir}")
+jaildir_inode=$(stat --format=%i "${JAILDIR}")
+if [ "${rootdir_inode}" -eq 256 ] || [ "${jaildir_inode}" -eq 256 ]; then
+    /bin/btrfs subvolume create "${JAILDIR}/${jail}"
+else
+    mkdir -p "${JAILDIR}/${jail}"
+fi
+. "${LIBDIR}/mkjail"
+info "4 - Copie default sshd_config"
+install -m 0640 "${sshd_config}" "${JAILDIR}/${jail}/${SSHD_CONFIG}"
+info "5 - Set usable sshd port"
+set_port "${jail}" auto
+info "6 - Copie default inc configuration"
+install -m 0640 "${inctpl}" "${CONFDIR}/${jail}"
+notice "${jail} : created jail"
diff --git a/lib/bkctld-ip b/lib/bkctld-ip
new file mode 120000
index 0000000..5b4f890
--- /dev/null
+++ b/lib/bkctld-ip
@@ -0,0 +1 @@
+bkctld-params
\ No newline at end of file
diff --git a/lib/bkctld-key b/lib/bkctld-key
new file mode 120000
index 0000000..5b4f890
--- /dev/null
+++ b/lib/bkctld-key
@@ -0,0 +1 @@
+bkctld-params
\ No newline at end of file
diff --git a/lib/bkctld-params b/lib/bkctld-params
new file mode 100755
index 0000000..f0fae46
--- /dev/null
+++ b/lib/bkctld-params
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+params="${2:-}"
+option="${3:-}"
+[ -n "${jail}" ] || usage
+check_jail "${jail}" || error "${jail} : inexistant jail'"
+
+if [ -z "${option}" ]; then
+    "get_${params}" "${jail}"
+else
+    "set_${params}" "${jail}" "${option}"
+    check_jail_on "${jail}" && . "${LIBDIR}/bkctld-reload" "${jail}"
+    notice "${jail} : update ${params} => ${option}"
+fi
diff --git a/lib/bkctld-port b/lib/bkctld-port
new file mode 120000
index 0000000..5b4f890
--- /dev/null
+++ b/lib/bkctld-port
@@ -0,0 +1 @@
+bkctld-params
\ No newline at end of file
diff --git a/lib/bkctld-reload b/lib/bkctld-reload
new file mode 100755
index 0000000..4c05dd4
--- /dev/null
+++ b/lib/bkctld-reload
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+[ -n "${jail}" ] || usage
+check_jail "${jail}" || error "${jail} : trying to reload inexistant jail"
+check_jail_on "${jail}" || error "${jail} : trying to reload not running jail"
+
+pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
+
+kill -HUP "${pid}" && notice "${jail} was reloaded [${pid}]"
diff --git a/lib/bkctld-remove b/lib/bkctld-remove
new file mode 100755
index 0000000..13f668e
--- /dev/null
+++ b/lib/bkctld-remove
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+[ -n "${jail}" ] || usage
+check_jail "${jail}" || error "${jail} : trying to remove inexistant jail"
+check_jail_on "${jail}" && . "${LIBDIR}/bkctld-stop" "${jail}"
+
+rm -f "${CONFDIR}/${jail}"
+jail_inode=$(stat --format=%i "${JAILDIR}/${jail}")
+if [ "${jail_inode}" -eq 256 ]; then
+    /bin/btrfs subvolume delete "${JAILDIR}/${jail}" | debug
+else
+    rm -rf "${JAILDIR}/${jail}" | debug
+fi
+if [ -d  "${INCDIR}/${jail}" ]; then
+    incs=$(ls "${INCDIR}/${jail}")
+    for inc in ${incs}; do
+        inc_inode=$(stat --format=%i "${INCDIR}/${jail}/${inc}")
+        if [ "${inc_inode}" -eq 256 ]; then
+            /bin/btrfs subvolume delete "${INCDIR}/${jail}/${inc}" | debug
+        else
+            warning "You need to purge ${INCDIR}/${jail}/${inc} manually !"
+        fi
+    done
+    rmdir --ignore-fail-on-non-empty "${INCDIR}/${jail}" | debug
+fi
+set_firewall "${jail}"
+notice "${jail} : deleted jail"
diff --git a/lib/bkctld-restart b/lib/bkctld-restart
new file mode 100755
index 0000000..3cef9ca
--- /dev/null
+++ b/lib/bkctld-restart
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -eu
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+[ -n "${jail}" ] || usage
+check_jail "${jail}" || error "${jail} : trying to restart inexistant jail"
+check_jail_on "${jail}" && "${LIBDIR}/bkctld-stop" "${jail}"
+"${LIBDIR}/bkctld-start" "${jail}"
diff --git a/lib/bkctld-rm b/lib/bkctld-rm
new file mode 100755
index 0000000..30e80a8
--- /dev/null
+++ b/lib/bkctld-rm
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+empty="/tmp/bkctld-${$}-$(date +%N))"
+mkdir "${empty}"
+pidfile="/var/run/bkctld-rm.pid"
+if [ -f "${pidfile}" ]; then
+    pid=$(cat "${pidfile}")
+    ps -u "${pid}" >/dev/null
+    if [ "${?}" -eq 0 ]; then
+        kill -9 "${pid}"
+        warning "${0} rm always run (PID ${pid}), killed by ${$} !"
+    fi
+    rm "${pidfile}"
+    fi
+echo "${$}" > "${pidfile}"
+jails=$(ls "${JAILDIR}")
+for jail in ${jails}; do
+    incs=$(ls "${INCDIR}/${jail}")
+    if [ -f "${CONFDIR}/${jail}" ]; then
+        keepfile="${CONFDIR}/.keep-${jail}"
+        while read j; do
+            date=$( echo "${j}" | cut -d. -f1 )
+            before=$( echo "${j}" | cut -d. -f2 )
+            date -d "$(date "${date}") ${before}" "+%Y-%m-%d"
+        done < "${CONFDIR}/${jail}" > "${keepfile}"
+        for j in $(echo "${incs}" | grep -v -f "${keepfile}"); do
+            start=$(date +"%H:%M:%S")
+            inc_inode=$(stat --format=%i "${INCDIR}/${jail}/${j}")
+            if [ "${inc_inode}" -eq 256 ]; then
+                /bin/btrfs subvolume delete "${INCDIR}/${jail}/${j}" | debug
+            else
+                cd "${INCDIR}/${jail}"
+                rsync -a --delete "${empty}/" "${j}/"
+                rmdir "${j}"
+            fi
+            end=$(date +"%H:%M:%S")
+            notice "${jail} : deleted ${j} inc [${start}/${end}]"
+        done
+    fi
+done
+rmdir "${empty}"
+rm "${pidfile}"
diff --git a/lib/bkctld-start b/lib/bkctld-start
new file mode 100755
index 0000000..f2514ab
--- /dev/null
+++ b/lib/bkctld-start
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+[ -n "${jail}" ] || usage
+check_jail "${jail}" || error "${jail} : trying to start inexistant jail"
+check_jail_on "${jail}" && error "${jail} : trying to start already running jail"
+
+cd "${JAILDIR}/${jail}"
+grep -q "${JAILDIR}/${jail}/proc" /proc/mounts || mount -t proc "proc-${jail}" proc
+grep -q "${JAILDIR}/${jail}/dev" /proc/mounts || mount -nt tmpfs "dev-${jail}" dev
+[ -e "dev/console" ] || mknod -m 622 dev/console c 5 1
+[ -e "dev/null" ] || mknod -m 666 dev/null c 1 3
+[ -e "dev/zero" ] || mknod -m 666 dev/zero c 1 5
+[ -e "dev/ptmx" ] || mknod -m 666 dev/ptmx c 5 2
+[ -e "dev/tty" ] || mknod -m 666 dev/tty c 5 0
+[ -e "dev/random" ] || mknod -m 444 dev/random c 1 8
+[ -e "dev/urandom" ] || mknod -m 444 dev/urandom c 1 9
+chown root:tty dev/console dev/ptmx dev/tty
+ln -fs proc/self/fd dev/fd
+ln -fs proc/self/fd/0 dev/stdin
+ln -fs proc/self/fd/1 dev/stdout
+ln -fs proc/self/fd/2 dev/stderr
+ln -fs proc/kcore dev/core
+mkdir -p dev/pts
+mkdir -p dev/shm
+grep -q "${JAILDIR}/${jail}/dev/pts" /proc/mounts || mount -t devpts -o gid=4,mode=620 none dev/pts
+grep -q "${JAILDIR}/${jail}/dev/shm" /proc/mounts || mount -t tmpfs none dev/shm
+chroot "${JAILDIR}/${jail}" /usr/sbin/sshd -E /var/log/authlog || error "${jail} : error on starting sshd"
+pidfile="${JAILDIR}/${jail}/${SSHD_PID}"
+for try in {1..10}; do
+    [ -f "${pidfile}" ] || sleep 0.3
+done
+pid=$(cat "${pidfile}")
+notice "${jail} was started [${pid}]"
diff --git a/lib/bkctld-stats b/lib/bkctld-stats
new file mode 100755
index 0000000..9e955ed
--- /dev/null
+++ b/lib/bkctld-stats
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+lsof "${IDX_FILE}" >/dev/null 2>&1 || nohup sh -s -- <<EOF >/dev/null 2>&1 &
+ce -c3 "${DUC}" index -d "${IDX_FILE}" "${JAILDIR}"
+touch "${INDEX_DIR}/.lastrun.duc"
+EOF
+[ ! -f "${INDEX_DIR}/.lastrun.duc" ] && notice "First run of DUC always in progress ..." && exit 0
+[ ! -f ${IDX_FILE} ] && error "Index file do not exits !"
+printf "Last update of index file : "
+stat --format=%Y "${INDEX_DIR}/.lastrun.duc" | xargs -i -n1 date -R -d "@{}"
+echo "<jail> <size> <incs> <lastconn>" | awk '{ printf("%- 30s %- 10s %- 10s %- 15s\n", $1, $2, $3, $4); }'
+duc_output=$(mktemp)
+stat_output=$(mktemp)
+incs_output=$(mktemp)
+trap "rm ${duc_output} ${incs_output} ${stat_output}" 0
+"${DUC}" ls -d "${IDX_FILE}" "${JAILDIR}" > "${duc_output}"
+awk '{ print $2 }' "${duc_output}" | while read jail; do
+    stat --format=%Y "/backup/jails/${jail}/var/log/lastlog" | xargs -i -n1 date -d "@{}" "+%d-%m-%Y" >> "${stat_output}"
+    get_inc "${jail}" >> "${incs_output}"
+done
+paste "${duc_output}" "${incs_output}" "${stat_output}" | awk '{ printf("%- 30s %- 10s %- 10s %- 15s\n", $2, $1, $3, $4); }'
diff --git a/lib/bkctld-status b/lib/bkctld-status
new file mode 100755
index 0000000..e0082d2
--- /dev/null
+++ b/lib/bkctld-status
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+[ -n "${jail}" ] || usage
+check_jail "${jail}" || error "${jail} : inexistant jail ! Use '$0 status' for list all"
+
+inc=$(get_inc "${jail}")
+if ( check_jail_on "${jail}" ); then
+    status="ON "
+else
+    status="OFF"
+fi
+port=$(get_port "${jail}")
+ip=$(get_ip "${jail}"|xargs|tr -s ' ' ',')
+echo "${jail} ${status} ${port} ${inc} ${ip}" | awk '{ printf("%- 30s %- 10s %- 10s %- 10s %- 40s\n", $1, $2, $3, $4, $5); }'
diff --git a/lib/bkctld-stop b/lib/bkctld-stop
new file mode 100755
index 0000000..1bafc0b
--- /dev/null
+++ b/lib/bkctld-stop
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+[ -n "${jail}" ] || usage
+check_jail "${jail}" || error "${jail} : trying to stop inexistant jail"
+check_jail_on "${jail}" || error "${jail} : trying to stop not running jail"
+
+pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
+for conn in $(ps --ppid "${pid}" -o pid=); do
+    kill "${conn}"
+done
+kill "${pid}" && notice "${jail} was stopped [${pid}]"
+umount --lazy --recursive "${JAILDIR}/${jail}/dev"
+umount --lazy "${JAILDIR}/${jail}/proc/"
diff --git a/lib/bkctld-sync b/lib/bkctld-sync
new file mode 100755
index 0000000..6081b7b
--- /dev/null
+++ b/lib/bkctld-sync
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+[ -n "${jail}" ] || usage
+check_jail "${jail}" || error "${jail} : trying to sync inexistant jail"
+
+[ -n "${NODE}" ] || error "Sync need config of \$NODE in /etc/default/bkctld !"
+
+jail="${1}"
+ssh "${NODE}" "${LIBDIR}/bkctld-init" "${jail}" | debug
+rsync -a "${JAILDIR}/${jail}/" "${NODE}:${JAILDIR}/${jail}/" --exclude proc/* --exclude sys/* --exclude dev/* --exclude run --exclude var/backup/*
+rsync -a "${CONFDIR}/${jail}" "${NODE}:${CONFDIR}/${jail}"
+if ( check_jail_on "${jail}" ); then
+    ssh "${NODE}" "${LIBDIR}/bkctld-start" "${jail}" | debug
+fi
+if [ -n "${FIREWALL_RULES}" ]; then
+    rsync -a "${FIREWALL_RULES}" "${NODE}:${FIREWALL_RULES}"
+    ssh "${NODE}" /etc/init.d/minifirewall restart | debug
+fi
diff --git a/lib/bkctld-update b/lib/bkctld-update
new file mode 100755
index 0000000..8ccaf50
--- /dev/null
+++ b/lib/bkctld-update
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+[ -n "${jail}" ] || usage
+check_jail "${jail}" || error "${jail} : trying to update inexistant jail"
+check_jail_on "${jail}" && . "${LIBDIR}$/bkctld-stop" "${jail}"
+
+. "${LIBDIR}/mkjail"
+notice "${jail} : updated jail"
diff --git a/lib/config b/lib/config
new file mode 100755
index 0000000..0c14959
--- /dev/null
+++ b/lib/config
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+[ -f /etc/default/bkctld ] && . /etc/default/bkctld
+LIBDIR=${LIBDIR:-/usr/lib/bkctld}
+CONFDIR="${CONFDIR:-/etc/evobackup}"
+BACKUP_DISK="${BACKUP_DISK:-}"
+JAILDIR="${JAILDIR:-/backup/jails}"
+INCDIR="${INCDIR:-/backup/incs}"
+TPLDIR="${TPLDIR:-/usr/share/bkctld}"
+INDEX_DIR="${INDEX_DIR:-/backup/index}"
+IDX_FILE="${IDX_FILE:-${INDEX_DIR}/bkctld-jails.idx}"
+LOCALTPLDIR="${LOCALTPLDIR:-/usr/local/share/bkctld}"
+SSHD_PID="${SSHD_PID:-/run/sshd.pid}"
+SSHD_CONFIG="${SSHD_CONFIG:-/etc/ssh/sshd_config}"
+AUTHORIZED_KEYS="${AUTHORIZED_KEYS:-/root/.ssh/authorized_keys}"
+FIREWALL_RULES="${FIREWALL_RULES:-}"
+LOGLEVEL="${LOGLEVEL:-6}"
+CRITICAL="${CRITICAL:-48}"
+WARNING="${WARNING:-24}"
+DUC=$(command -v duc-nox||command -v duc)
+
+. "${LIBDIR}/logging"
+. "${LIBDIR}/functions"
diff --git a/lib/functions b/lib/functions
new file mode 100755
index 0000000..d694c84
--- /dev/null
+++ b/lib/functions
@@ -0,0 +1,133 @@
+#!/bin/sh
+
+usage() {
+    cat <<EOF
+Usage: $0 <subcommand> [options]
+Subcommands:
+    init        <jailname>                      Init jail <jailname>
+    update      <jailname>|all                  Update jail <jailname> or all
+    remove      <jailname>|all                  Remove jail <jailname> or all
+    start       <jailname>|all                  Start jail <jailname> or all
+    stop        <jailname>|all                  Stop jail <jailname> or all
+    reload      <jailname>|all                  Reload jail <jailname> or all
+    restart     <jailname>|all                  Restart jail <jailname> or all
+    sync        <jailname>|all                  Sync jail <jailname> or all to another node
+    status      [<jailname>]                    Print status of <jailname> (default all jail)
+    key         <jailname>      [<keyfile>]     Set or get ssh pubic key of <jailname>
+    port        <jailname>      [<port>|auto]   Set or get ssh port of <jailname>
+    ip          <jailname>      [<ip>|all]      Set or get allowed(s) ip(s) of <jailname>
+    inc                                         Make incremental inc of all jails
+    rm                                          Remove old incremtal inc of all jails
+    check                                       Run check on jails (NRPE output)
+    stats                                       Make and display stats on jails (size, lastconn)
+
+EOF
+exit 1
+}
+
+check_jail() {
+    jail="${1}"
+    [ -d "${JAILDIR}/${jail}" ] && return 0
+    return 1
+}
+
+check_jail_on() {
+    jail="${1}"
+    return=1
+    if [ -f "${JAILDIR}/${jail}/${SSHD_PID}" ]; then
+        pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
+        ps -p "${pid}" > /dev/null && return=0
+    fi
+    if [ "${return}" -eq 1 ]; then
+        rm -f "${JAILDIR}/${jail}/${SSHD_PID}"
+        grep -q "${JAILDIR}/${jail}/proc" /proc/mounts && umount --lazy "${JAILDIR}/${jail}/proc/"
+        grep -q "${JAILDIR}/${jail}/dev" /proc/mounts && umount --lazy --recursive "${JAILDIR}/${jail}/dev"
+    fi
+    return "${return}"
+}
+
+get_port() {
+    jail="${1}"
+    port=$(grep -E "Port [0-9]+" "${JAILDIR}/${jail}/${SSHD_CONFIG}"|grep -oE "[0-9]+")
+    echo "${port}"
+}
+
+get_key() {
+    jail="${1}"
+    if [ -f "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}" ]; then
+        cat "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
+    fi
+}
+
+get_ip() {
+    jail="${1}"
+    grep -E "^AllowUsers" "${JAILDIR}/$jail/${SSHD_CONFIG}"|grep -Eo "root@[^ ]+"| while read allow; do
+        echo "${allow}"|cut -d'@' -f2
+    done
+}
+
+get_inc() {
+    jail="${1}"
+    inc="0"
+        if [ -f "${CONFDIR}/${jail}" ]; then
+            day=$(grep -c "day" "${CONFDIR}/${jail}")
+            month=$(grep -c "month" "${CONFDIR}/${jail}")
+            inc="${day}/${month}"
+        fi
+    echo "${inc}"
+}
+
+set_port() {
+    jail="${1}"
+    port="${2}"
+    if [ "${port}" = "auto" ]; then
+        port=$(grep -h Port "${JAILDIR}"/*/"${SSHD_CONFIG}" 2>/dev/null | grep -Eo "[0-9]+" | sort -n | tail -1)
+        port=$((port+1))
+        [ "${port}" -le 1 ] && port=2222
+    fi
+    sed -i "s/^Port .*/Port ${port}/" "${JAILDIR}/$jail/${SSHD_CONFIG}"
+    set_firewall "${jail}"
+}
+
+set_key() {
+    jail="${1}"
+    keyfile="${2}"
+    [ -e "${keyfile}" ] || error "Keyfile ${keyfile} dosen't exist !"
+    cat "${keyfile}" > "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
+    chmod 600 "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
+}
+
+set_ip() {
+    jail="${1}"
+    ip="${2}"
+    if [ "${ip}" = "all" ] || [ "${ip}" = "0.0.0.0/0" ]; then
+        ips="0.0.0.0/0"
+    else
+        ips=$(get_ip "${jail}")
+        ips=$(echo "${ips}" "${ip}"|xargs -n1|grep -v "0.0.0.0/0"|sort|uniq)
+    fi
+    allow="AllowUsers"
+    for ip in $ips; do
+        allow="${allow} root@${ip}"
+    done
+    sed -i "s~^AllowUsers .*~${allow}~" "${JAILDIR}/$jail/${SSHD_CONFIG}"
+    set_firewall "${jail}"
+}
+
+set_firewall() {
+    jail="${1}"
+    if [ -n "${FIREWALL_RULES}" ]; then
+        if [ -f "${FIREWALL_RULES}" ]; then
+            sed -i "/#${jail}$/d" "${FIREWALL_RULES}"
+        fi
+        if ( check_jail "${jail}" ); then
+            port=$(get_port "${jail}")
+            for ip in $(get_ip "${jail}"); do
+                echo "/sbin/iptables -A INPUT -p tcp --sport 1024: --dport ${port} -s ${ip} -j ACCEPT #${jail}" >> "${FIREWALL_RULES}"
+            done
+            if [ -f /etc/init.d/minifirewall ]; then
+                /etc/init.d/minifirewall restart >/dev/null
+            fi
+        fi
+    fi
+}
diff --git a/lib/logging b/lib/logging
new file mode 100755
index 0000000..529de4c
--- /dev/null
+++ b/lib/logging
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+debug() {
+    msg="${1:-$(cat /dev/stdin)}"
+    if [ "${LOGLEVEL}" -ge 7 ]; then
+        echo "${msg}"
+        logger -t bkctld -p daemon.debug "${msg}"
+    fi
+}
+
+info() {
+    msg="${1:-$(cat /dev/stdin)}"
+    if [ "${LOGLEVEL}" -ge 6 ]; then
+        tty -s && echo "${msg}"
+        logger -t bkctld -p daemon.info "${msg}"
+    fi
+}
+
+notice() {
+    msg="${1:-$(cat /dev/stdin)}"
+    tty -s && echo "${msg}"
+    [ "${LOGLEVEL}" -ge 5 ] && logger -t bkctld -p daemon.notice "${msg}"
+}
+
+warning() {
+    msg="${1:-$(cat /dev/stdin)}"
+    tty -s && echo "WARNING : ${msg}" >&2
+    if [ "${LOGLEVEL}" -ge 4 ]; then
+        tty -s || echo "WARNING : ${msg}" >&2
+        logger -t bkctld -p daemon.warning "${msg}"
+    fi
+}
+
+error() {
+    msg="${1:-$(cat /dev/stdin)}"
+    tty -s && echo "ERROR : ${msg}" >&2
+    if [ "${LOGLEVEL}" -ge 5 ]; then
+        tty -s || echo "ERROR : ${msg}" >&2
+        logger -t bkctld -p daemon.error "${msg}"
+    fi
+    exit 1
+}
diff --git a/lib/mkjail b/lib/mkjail
new file mode 100755
index 0000000..e21374d
--- /dev/null
+++ b/lib/mkjail
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+passwd="${TPLDIR}/passwd"
+shadow="${TPLDIR}/shadow"
+group="${TPLDIR}/group"
+sshrc="${TPLDIR}/sshrc"
+[ -f "${LOCALTPLDIR}/passwd" ] && passwd="${LOCALTPLDIR}/passwd"
+[ -f "${LOCALTPLDIR}/shadow" ] && shadow="${LOCALTPLDIR}/shadow"
+[ -f "${LOCALTPLDIR}/group" ] && group="${LOCALTPLDIR}/group"
+[ -f "${LOCALTPLDIR}/sshrc" ] && group="${LOCALTPLDIR}/sshrc"
+umask 077
+
+info "1 - Creating the chroot"
+cd "${JAILDIR}/${jail}"
+rm -rf bin lib lib64 run usr var/run etc/ssh/*key
+mkdir -p dev proc
+mkdir -p usr/bin usr/sbin usr/lib usr/lib/x86_64-linux-gnu usr/lib/openssh usr/lib64
+mkdir -p etc/ssh var/log run/sshd
+mkdir -p root/.ssh var/backup -m 0700
+ln -s usr/bin bin
+ln -s usr/lib lib
+ln -s usr/lib64 lib64
+ln -st var ../run
+touch var/log/lastlog var/log/wtmp run/utmp
+
+info "2 - Copying essential files"
+[ -f /etc/ssh/ssh_host_rsa_key ] && cp /etc/ssh/ssh_host_rsa_key etc/ssh
+[ -f /etc/ssh/ssh_host_ecdsa_key ] && cp /etc/ssh/ssh_host_ecdsa_key etc/ssh
+[ -f /etc/ssh/ssh_host_ed25519_key ] && cp /etc/ssh/ssh_host_ed25519_key etc/ssh
+cp "${passwd}" etc
+cp "${shadow}" etc
+cp "${group}" etc
+cp "${sshrc}" etc/ssh
+
+info "3 - Copying binaries"
+cp -f /lib/ld-linux.so.2 lib 2>/dev/null || cp -f /lib64/ld-linux-x86-64.so.2 lib64
+cp /lib/x86_64-linux-gnu/libnss* lib/x86_64-linux-gnu
+
+for dbin in /bin/sh /bin/ls /bin/mkdir /bin/cat /bin/rm /bin/sed /usr/bin/rsync /usr/bin/lastlog /usr/bin/touch /usr/sbin/sshd /usr/lib/openssh/sftp-server; do
+    cp -f "${dbin}" "${JAILDIR}/${jail}/${dbin}";
+    for lib in $(ldd "${dbin}" | grep -Eo "/.*so.[0-9\.]+"); do
+        cp -p "${lib}" "${JAILDIR}/${jail}/${lib}"
+    done
+done

From e788aa152a81ba469c389c3da169e396c23e1ab2 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Fri, 4 Jan 2019 13:53:56 +0100
Subject: [PATCH 05/26] Drop Debian Jessie support

---
 Vagrantfile | 12 +-----------
 1 file changed, 1 insertion(+), 11 deletions(-)

diff --git a/Vagrantfile b/Vagrantfile
index 66e0cd7..7db7458 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -24,7 +24,7 @@ mkdir -p /usr/lib/nagios/plugins/
 SCRIPT
 
   $deps = <<SCRIPT
-DEBIAN_FRONTEND=noninteractive apt-get -yq install openssh-server btrfs-tools rsync lsb-base coreutils sed dash mount openssh-sftp-server libc6 bash-completion duc-nox cryptsetup
+DEBIAN_FRONTEND=noninteractive apt-get -yq install openssh-server btrfs-tools rsync lsb-base coreutils sed dash mount openssh-sftp-server libc6 bash-completion duc-nox cryptsetup bats
 SCRIPT
 
   $pre_part = <<SCRIPT
@@ -39,8 +39,6 @@ mount /dev/vdb /backup
 SCRIPT
 
   nodes = [
-    { :version => "jessie", :fs => "btrfs" },
-    { :version => "jessie", :fs => "ext4" },
     { :version => "stretch", :fs => "btrfs" },
     { :version => "stretch", :fs => "ext4" }
   ]
@@ -50,14 +48,6 @@ SCRIPT
       node.vm.hostname = "bkctld-#{i[:version]}-#{i[:fs]}"
       node.vm.box = "debian/#{i[:version]}64"
       config.vm.provision "deps", type: "shell", :inline => $deps
-      if ("#{i[:version]}" == "jessie") then
-        config.vm.provision "backports", type: "shell" do |s|
-          s.inline = "echo 'deb http://deb.debian.org/debian jessie-backports main' > /etc/apt/sources.list.d/backports.list && apt-get update"
-        end
-        config.vm.provision "bats", type: "shell", :inline => "DEBIAN_FRONTEND=noninteractive apt-get -yq install -t jessie-backports bats"
-      else
-        config.vm.provision "bats", type: "shell", :inline => "DEBIAN_FRONTEND=noninteractive apt-get -yq install bats"
-      end
       config.vm.provision "install", type: "shell", :inline => $install
       config.vm.provision "pre_part", type: "shell", :inline => $pre_part
       config.vm.provision "part", type: "shell", :inline => "mkfs.btrfs -f /dev/vdb" if "#{i[:fs]}" == "btrfs"

From 0ff5d216a9ac288409fa3a064c6f6d3ac5ff905b Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Fri, 4 Jan 2019 15:55:34 +0100
Subject: [PATCH 06/26] Fix typo in bkctld-update

---
 lib/bkctld-update | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/bkctld-update b/lib/bkctld-update
index 8ccaf50..289c873 100755
--- a/lib/bkctld-update
+++ b/lib/bkctld-update
@@ -5,7 +5,7 @@ LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 jail="${1:-}"
 [ -n "${jail}" ] || usage
 check_jail "${jail}" || error "${jail} : trying to update inexistant jail"
-check_jail_on "${jail}" && . "${LIBDIR}$/bkctld-stop" "${jail}"
+check_jail_on "${jail}" && . "${LIBDIR}/bkctld-stop" "${jail}"
 
 . "${LIBDIR}/mkjail"
 notice "${jail} : updated jail"

From 51f25080d3b8932813dcb5d43b6307bd93586f8e Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Fri, 4 Jan 2019 16:00:31 +0100
Subject: [PATCH 07/26] Parallelize bkctld <subcommand> all

---
 bkctld            | 15 +--------------
 lib/bkctld-reload |  2 +-
 lib/bkctld-start  |  2 +-
 lib/bkctld-stop   |  2 +-
 4 files changed, 4 insertions(+), 17 deletions(-)

diff --git a/bkctld b/bkctld
index d1c01a7..79f9209 100755
--- a/bkctld
+++ b/bkctld
@@ -35,20 +35,7 @@ case "${subcommand}" in
     ;;
     "start" | "stop" | "reload" | "restart" | "sync" | "update" | "remove")
     if [ "${jail}" = "all" ]; then
-        jails=$(ls "${JAILDIR}")
-        for jail in ${jails}; do
-            case "${subcommand}" in
-                "start")
-                    check_jail_on "${jail}" || "${LIBDIR}/bkctld-${subcommand}" "${jail}"
-                ;;
-                "stop" | "reload" | "restart")
-                    check_jail_on "${jail}" && "${LIBDIR}/bkctld-${subcommand}" "${jail}"
-                ;;
-                *)
-                    "${LIBDIR}/bkctld-${subcommand}" "${jail}"
-                ;;
-            esac
-                done
+        ls "${JAILDIR}"|xargs --no-run-if-empty --max-args=1 --max-procs=0 "${LIBDIR}/bkctld-${subcommand}"
     else
         "${LIBDIR}/bkctld-${subcommand}" "${jail}"
     fi
diff --git a/lib/bkctld-reload b/lib/bkctld-reload
index 4c05dd4..1e97039 100755
--- a/lib/bkctld-reload
+++ b/lib/bkctld-reload
@@ -5,7 +5,7 @@ LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 jail="${1:-}"
 [ -n "${jail}" ] || usage
 check_jail "${jail}" || error "${jail} : trying to reload inexistant jail"
-check_jail_on "${jail}" || error "${jail} : trying to reload not running jail"
+check_jail_on "${jail}" || exit 0
 
 pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
 
diff --git a/lib/bkctld-start b/lib/bkctld-start
index f2514ab..cf0daa1 100755
--- a/lib/bkctld-start
+++ b/lib/bkctld-start
@@ -5,7 +5,7 @@ LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 jail="${1:-}"
 [ -n "${jail}" ] || usage
 check_jail "${jail}" || error "${jail} : trying to start inexistant jail"
-check_jail_on "${jail}" && error "${jail} : trying to start already running jail"
+check_jail_on "${jail}" && exit 0
 
 cd "${JAILDIR}/${jail}"
 grep -q "${JAILDIR}/${jail}/proc" /proc/mounts || mount -t proc "proc-${jail}" proc
diff --git a/lib/bkctld-stop b/lib/bkctld-stop
index 1bafc0b..da2f93a 100755
--- a/lib/bkctld-stop
+++ b/lib/bkctld-stop
@@ -5,7 +5,7 @@ LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 jail="${1:-}"
 [ -n "${jail}" ] || usage
 check_jail "${jail}" || error "${jail} : trying to stop inexistant jail"
-check_jail_on "${jail}" || error "${jail} : trying to stop not running jail"
+check_jail_on "${jail}" || exit 0
 
 pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
 for conn in $(ps --ppid "${pid}" -o pid=); do

From 503ecf23f5b54f0c4abac73b5114bd1367207b7a Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Fri, 4 Jan 2019 16:38:20 +0100
Subject: [PATCH 08/26] Merge bkctld-params and some functions into
 bkctld-(ip|port|key) scripts

---
 bkctld            |  2 +-
 lib/bkctld-init   |  5 ++--
 lib/bkctld-ip     | 31 +++++++++++++++++++++++-
 lib/bkctld-key    | 22 ++++++++++++++++-
 lib/bkctld-params | 17 -------------
 lib/bkctld-port   | 24 ++++++++++++++++++-
 lib/bkctld-status |  4 ++--
 lib/functions     | 61 ++---------------------------------------------
 8 files changed, 81 insertions(+), 85 deletions(-)
 mode change 120000 => 100755 lib/bkctld-ip
 mode change 120000 => 100755 lib/bkctld-key
 delete mode 100755 lib/bkctld-params
 mode change 120000 => 100755 lib/bkctld-port

diff --git a/bkctld b/bkctld
index 79f9209..9e54e6b 100755
--- a/bkctld
+++ b/bkctld
@@ -31,7 +31,7 @@ case "${subcommand}" in
         "${LIBDIR}/bkctld-${subcommand}" "${jail}"
     ;;
     "key" | "port" | "ip")
-        "${LIBDIR}/bkctld-params" "${jail}" "${subcommand}" "${option}"
+        "${LIBDIR}/bkctld-${subcommand}" "${jail}" "${option}"
     ;;
     "start" | "stop" | "reload" | "restart" | "sync" | "update" | "remove")
     if [ "${jail}" = "all" ]; then
diff --git a/lib/bkctld-init b/lib/bkctld-init
index ddbe8ae..c816b0f 100755
--- a/lib/bkctld-init
+++ b/lib/bkctld-init
@@ -22,8 +22,7 @@ fi
 . "${LIBDIR}/mkjail"
 info "4 - Copie default sshd_config"
 install -m 0640 "${sshd_config}" "${JAILDIR}/${jail}/${SSHD_CONFIG}"
-info "5 - Set usable sshd port"
-set_port "${jail}" auto
-info "6 - Copie default inc configuration"
+info "5 - Copie default inc configuration"
 install -m 0640 "${inctpl}" "${CONFDIR}/${jail}"
+"${LIBDIR}/bkctld-port" "${jail}" auto
 notice "${jail} : created jail"
diff --git a/lib/bkctld-ip b/lib/bkctld-ip
deleted file mode 120000
index 5b4f890..0000000
--- a/lib/bkctld-ip
+++ /dev/null
@@ -1 +0,0 @@
-bkctld-params
\ No newline at end of file
diff --git a/lib/bkctld-ip b/lib/bkctld-ip
new file mode 100755
index 0000000..3b8f10e
--- /dev/null
+++ b/lib/bkctld-ip
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+ip="${2:-}"
+[ -n "${jail}" ] || usage
+check_jail "${jail}" || error "${jail} : inexistant jail'"
+
+if [ -z "${ip}" ]; then
+    grep -E "^AllowUsers" "${JAILDIR}/$jail/${SSHD_CONFIG}"|grep -Eo "root@[^ ]+"| while read allow; do
+        echo "${allow}"|cut -d'@' -f2
+    done
+else
+    if [ "${ip}" = "all" ] || [ "${ip}" = "0.0.0.0/0" ]; then
+        ips="0.0.0.0/0"
+    else
+        ips=$("${LIBDIR}/bkctld-ip" "${jail}")
+        ips=$(echo "${ips}" "${ip}"|xargs -n1|grep -v "0.0.0.0/0"|sort|uniq)
+    fi
+    allow="AllowUsers"
+    for ip in $ips; do
+        allow="${allow} root@${ip}"
+    done
+    sed -i "s~^AllowUsers .*~${allow}~" "${JAILDIR}/$jail/${SSHD_CONFIG}"
+    set_firewall "${jail}"
+    notice "${jail} : update ip => ${ip}"
+
+    check_jail_on "${jail}" && "${LIBDIR}/bkctld-reload" "${jail}"
+fi
diff --git a/lib/bkctld-key b/lib/bkctld-key
deleted file mode 120000
index 5b4f890..0000000
--- a/lib/bkctld-key
+++ /dev/null
@@ -1 +0,0 @@
-bkctld-params
\ No newline at end of file
diff --git a/lib/bkctld-key b/lib/bkctld-key
new file mode 100755
index 0000000..4f26cf7
--- /dev/null
+++ b/lib/bkctld-key
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+keyfile="${2:-}"
+[ -n "${jail}" ] || usage
+check_jail "${jail}" || error "${jail} : inexistant jail'"
+
+if [ -z "${keyfile}" ]; then
+    if [ -f "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}" ]; then
+        cat "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
+    fi
+else
+    [ -e "${keyfile}" ] || error "Keyfile ${keyfile} dosen't exist !"
+    cat "${keyfile}" > "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
+    chmod 600 "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
+    notice "${jail} : update key => ${keyfile}"
+
+    check_jail_on "${jail}" && . "${LIBDIR}/bkctld-reload" "${jail}"
+fi
diff --git a/lib/bkctld-params b/lib/bkctld-params
deleted file mode 100755
index f0fae46..0000000
--- a/lib/bkctld-params
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/bin/sh
-
-LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
-
-jail="${1:-}"
-params="${2:-}"
-option="${3:-}"
-[ -n "${jail}" ] || usage
-check_jail "${jail}" || error "${jail} : inexistant jail'"
-
-if [ -z "${option}" ]; then
-    "get_${params}" "${jail}"
-else
-    "set_${params}" "${jail}" "${option}"
-    check_jail_on "${jail}" && . "${LIBDIR}/bkctld-reload" "${jail}"
-    notice "${jail} : update ${params} => ${option}"
-fi
diff --git a/lib/bkctld-port b/lib/bkctld-port
deleted file mode 120000
index 5b4f890..0000000
--- a/lib/bkctld-port
+++ /dev/null
@@ -1 +0,0 @@
-bkctld-params
\ No newline at end of file
diff --git a/lib/bkctld-port b/lib/bkctld-port
new file mode 100755
index 0000000..ee73356
--- /dev/null
+++ b/lib/bkctld-port
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+port="${2:-}"
+[ -n "${jail}" ] || usage
+check_jail "${jail}" || error "${jail} : inexistant jail'"
+
+if [ -z "${port}" ]; then
+    grep -E "Port [0-9]+" "${JAILDIR}/${jail}/${SSHD_CONFIG}"|grep -oE "[0-9]+"
+else
+    if [ "${port}" = "auto" ]; then
+        port=$(grep -h Port "${JAILDIR}"/*/"${SSHD_CONFIG}" 2>/dev/null | grep -Eo "[0-9]+" | sort -n | tail -1)
+        port=$((port+1))
+        [ "${port}" -le 1 ] && port=2222
+    fi
+    sed -i "s/^Port .*/Port ${port}/" "${JAILDIR}/$jail/${SSHD_CONFIG}"
+    set_firewall "${jail}"
+    notice "${jail} : update port => ${port}"
+
+    check_jail_on "${jail}" && . "${LIBDIR}/bkctld-reload" "${jail}"
+fi
diff --git a/lib/bkctld-status b/lib/bkctld-status
index e0082d2..2d3e9ba 100755
--- a/lib/bkctld-status
+++ b/lib/bkctld-status
@@ -12,6 +12,6 @@ if ( check_jail_on "${jail}" ); then
 else
     status="OFF"
 fi
-port=$(get_port "${jail}")
-ip=$(get_ip "${jail}"|xargs|tr -s ' ' ',')
+port=$("${LIBDIR}/bkctld-port" "${jail}")
+ip=$("${LIBDIR}/bkctld-ip" "${jail}"|xargs|tr -s ' ' ',')
 echo "${jail} ${status} ${port} ${inc} ${ip}" | awk '{ printf("%- 30s %- 10s %- 10s %- 10s %- 40s\n", $1, $2, $3, $4, $5); }'
diff --git a/lib/functions b/lib/functions
index d694c84..74d5b4f 100755
--- a/lib/functions
+++ b/lib/functions
@@ -46,26 +46,6 @@ check_jail_on() {
     return "${return}"
 }
 
-get_port() {
-    jail="${1}"
-    port=$(grep -E "Port [0-9]+" "${JAILDIR}/${jail}/${SSHD_CONFIG}"|grep -oE "[0-9]+")
-    echo "${port}"
-}
-
-get_key() {
-    jail="${1}"
-    if [ -f "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}" ]; then
-        cat "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
-    fi
-}
-
-get_ip() {
-    jail="${1}"
-    grep -E "^AllowUsers" "${JAILDIR}/$jail/${SSHD_CONFIG}"|grep -Eo "root@[^ ]+"| while read allow; do
-        echo "${allow}"|cut -d'@' -f2
-    done
-}
-
 get_inc() {
     jail="${1}"
     inc="0"
@@ -77,43 +57,6 @@ get_inc() {
     echo "${inc}"
 }
 
-set_port() {
-    jail="${1}"
-    port="${2}"
-    if [ "${port}" = "auto" ]; then
-        port=$(grep -h Port "${JAILDIR}"/*/"${SSHD_CONFIG}" 2>/dev/null | grep -Eo "[0-9]+" | sort -n | tail -1)
-        port=$((port+1))
-        [ "${port}" -le 1 ] && port=2222
-    fi
-    sed -i "s/^Port .*/Port ${port}/" "${JAILDIR}/$jail/${SSHD_CONFIG}"
-    set_firewall "${jail}"
-}
-
-set_key() {
-    jail="${1}"
-    keyfile="${2}"
-    [ -e "${keyfile}" ] || error "Keyfile ${keyfile} dosen't exist !"
-    cat "${keyfile}" > "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
-    chmod 600 "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
-}
-
-set_ip() {
-    jail="${1}"
-    ip="${2}"
-    if [ "${ip}" = "all" ] || [ "${ip}" = "0.0.0.0/0" ]; then
-        ips="0.0.0.0/0"
-    else
-        ips=$(get_ip "${jail}")
-        ips=$(echo "${ips}" "${ip}"|xargs -n1|grep -v "0.0.0.0/0"|sort|uniq)
-    fi
-    allow="AllowUsers"
-    for ip in $ips; do
-        allow="${allow} root@${ip}"
-    done
-    sed -i "s~^AllowUsers .*~${allow}~" "${JAILDIR}/$jail/${SSHD_CONFIG}"
-    set_firewall "${jail}"
-}
-
 set_firewall() {
     jail="${1}"
     if [ -n "${FIREWALL_RULES}" ]; then
@@ -121,8 +64,8 @@ set_firewall() {
             sed -i "/#${jail}$/d" "${FIREWALL_RULES}"
         fi
         if ( check_jail "${jail}" ); then
-            port=$(get_port "${jail}")
-            for ip in $(get_ip "${jail}"); do
+            port=$("${LIBDIR}/bkctld-port" "${jail}")
+            for ip in $("${LIBDIR}/bkctld-ip" "${jail}"); do
                 echo "/sbin/iptables -A INPUT -p tcp --sport 1024: --dport ${port} -s ${ip} -j ACCEPT #${jail}" >> "${FIREWALL_RULES}"
             done
             if [ -f /etc/init.d/minifirewall ]; then

From 54261e7bcc262e50c3af942c0b44391b3c305ea6 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Fri, 4 Jan 2019 16:55:56 +0100
Subject: [PATCH 09/26] Move firewall functions into bkctld-firewall script

---
 bkctld              |  2 +-
 lib/bkctld-firewall | 18 ++++++++++++++++++
 lib/bkctld-ip       |  3 +--
 lib/bkctld-port     |  3 +--
 lib/bkctld-remove   |  2 +-
 lib/functions       | 19 +------------------
 6 files changed, 23 insertions(+), 24 deletions(-)
 create mode 100755 lib/bkctld-firewall

diff --git a/bkctld b/bkctld
index 9e54e6b..98200ce 100755
--- a/bkctld
+++ b/bkctld
@@ -33,7 +33,7 @@ case "${subcommand}" in
     "key" | "port" | "ip")
         "${LIBDIR}/bkctld-${subcommand}" "${jail}" "${option}"
     ;;
-    "start" | "stop" | "reload" | "restart" | "sync" | "update" | "remove")
+    "start" | "stop" | "reload" | "restart" | "sync" | "update" | "remove" | "firewall")
     if [ "${jail}" = "all" ]; then
         ls "${JAILDIR}"|xargs --no-run-if-empty --max-args=1 --max-procs=0 "${LIBDIR}/bkctld-${subcommand}"
     else
diff --git a/lib/bkctld-firewall b/lib/bkctld-firewall
new file mode 100755
index 0000000..264398f
--- /dev/null
+++ b/lib/bkctld-firewall
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+[ -n "${jail}" ] || usage
+
+if [ -n "${FIREWALL_RULES}" ]; then
+    [ -f "${FIREWALL_RULES}" ] && sed -i "/#${jail}$/d" "${FIREWALL_RULES}"
+    if ( check_jail "${jail}" ); then
+        port=$("${LIBDIR}/bkctld-port" "${jail}")
+        for ip in $("${LIBDIR}/bkctld-ip" "${jail}"); do
+            echo "/sbin/iptables -A INPUT -p tcp --sport 1024: --dport ${port} -s ${ip} -j ACCEPT #${jail}" >> "${FIREWALL_RULES}"
+        done
+        [ -f /etc/init.d/minifirewall ] && /etc/init.d/minifirewall restart >/dev/null
+    fi
+    notice "${jail} : firewall rules updated"
+fi
diff --git a/lib/bkctld-ip b/lib/bkctld-ip
index 3b8f10e..25b326c 100755
--- a/lib/bkctld-ip
+++ b/lib/bkctld-ip
@@ -23,8 +23,7 @@ else
         allow="${allow} root@${ip}"
     done
     sed -i "s~^AllowUsers .*~${allow}~" "${JAILDIR}/$jail/${SSHD_CONFIG}"
-    set_firewall "${jail}"
     notice "${jail} : update ip => ${ip}"
-
     check_jail_on "${jail}" && "${LIBDIR}/bkctld-reload" "${jail}"
+    "${LIBDIR}/bkctld-firewall" "${jail}"
 fi
diff --git a/lib/bkctld-port b/lib/bkctld-port
index ee73356..6c8b0fb 100755
--- a/lib/bkctld-port
+++ b/lib/bkctld-port
@@ -16,8 +16,7 @@ else
         [ "${port}" -le 1 ] && port=2222
     fi
     sed -i "s/^Port .*/Port ${port}/" "${JAILDIR}/$jail/${SSHD_CONFIG}"
-    set_firewall "${jail}"
     notice "${jail} : update port => ${port}"
-
     check_jail_on "${jail}" && . "${LIBDIR}/bkctld-reload" "${jail}"
+    "${LIBDIR}/bkctld-firewall" "${jail}"
 fi
diff --git a/lib/bkctld-remove b/lib/bkctld-remove
index 13f668e..c423a43 100755
--- a/lib/bkctld-remove
+++ b/lib/bkctld-remove
@@ -26,5 +26,5 @@ if [ -d  "${INCDIR}/${jail}" ]; then
     done
     rmdir --ignore-fail-on-non-empty "${INCDIR}/${jail}" | debug
 fi
-set_firewall "${jail}"
+"${LIBDIR}/bkctld-firewall" "${jail}"
 notice "${jail} : deleted jail"
diff --git a/lib/functions b/lib/functions
index 74d5b4f..9a66bc4 100755
--- a/lib/functions
+++ b/lib/functions
@@ -12,6 +12,7 @@ Subcommands:
     reload      <jailname>|all                  Reload jail <jailname> or all
     restart     <jailname>|all                  Restart jail <jailname> or all
     sync        <jailname>|all                  Sync jail <jailname> or all to another node
+    firewall    <jailname>|all                  Update firewall rules of <jailname> or all
     status      [<jailname>]                    Print status of <jailname> (default all jail)
     key         <jailname>      [<keyfile>]     Set or get ssh pubic key of <jailname>
     port        <jailname>      [<port>|auto]   Set or get ssh port of <jailname>
@@ -56,21 +57,3 @@ get_inc() {
         fi
     echo "${inc}"
 }
-
-set_firewall() {
-    jail="${1}"
-    if [ -n "${FIREWALL_RULES}" ]; then
-        if [ -f "${FIREWALL_RULES}" ]; then
-            sed -i "/#${jail}$/d" "${FIREWALL_RULES}"
-        fi
-        if ( check_jail "${jail}" ); then
-            port=$("${LIBDIR}/bkctld-port" "${jail}")
-            for ip in $("${LIBDIR}/bkctld-ip" "${jail}"); do
-                echo "/sbin/iptables -A INPUT -p tcp --sport 1024: --dport ${port} -s ${ip} -j ACCEPT #${jail}" >> "${FIREWALL_RULES}"
-            done
-            if [ -f /etc/init.d/minifirewall ]; then
-                /etc/init.d/minifirewall restart >/dev/null
-            fi
-        fi
-    fi
-}

From ff65126537a70b1865bdc51f987104441f83e9f7 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Mon, 7 Jan 2019 14:47:05 +0100
Subject: [PATCH 10/26] Move usage functions into bkctld-help script

* Usage output is now auto-generated
---
 bkctld              |  6 ++++--
 lib/bkctld-check    |  4 ++++
 lib/bkctld-firewall |  8 +++++++-
 lib/bkctld-help     | 21 +++++++++++++++++++++
 lib/bkctld-inc      |  4 ++++
 lib/bkctld-init     |  8 +++++++-
 lib/bkctld-ip       |  8 +++++++-
 lib/bkctld-key      |  8 +++++++-
 lib/bkctld-port     |  8 +++++++-
 lib/bkctld-reload   |  8 +++++++-
 lib/bkctld-remove   |  8 +++++++-
 lib/bkctld-restart  |  8 +++++++-
 lib/bkctld-rm       |  4 ++++
 lib/bkctld-start    |  8 +++++++-
 lib/bkctld-stats    |  4 ++++
 lib/bkctld-status   |  8 +++++++-
 lib/bkctld-stop     |  8 +++++++-
 lib/bkctld-sync     |  8 +++++++-
 lib/bkctld-update   |  8 +++++++-
 lib/functions       | 26 --------------------------
 20 files changed, 132 insertions(+), 41 deletions(-)
 create mode 100755 lib/bkctld-help

diff --git a/bkctld b/bkctld
index 98200ce..f8d30d1 100755
--- a/bkctld
+++ b/bkctld
@@ -21,10 +21,12 @@ subcommand="${1:-}"
 jail="${2:-}"
 option="${3:-}"
 
-[ -x "${LIBDIR}/bkctld-${subcommand}" ] || usage
+if [ ! -x "${LIBDIR}/bkctld-${subcommand}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 
 case "${subcommand}" in
-    "inc" | "rm" | "check" | "stats")
+    "inc" | "rm" | "check" | "stats" | "help")
         "${LIBDIR}/bkctld-${subcommand}"
     ;;
         "init")
diff --git a/lib/bkctld-check b/lib/bkctld-check
index 0e957b0..df3fd29 100755
--- a/lib/bkctld-check
+++ b/lib/bkctld-check
@@ -1,4 +1,8 @@
 #!/bin/sh
+#
+# Run check on jails (NRPE output)
+# Usage: check
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
diff --git a/lib/bkctld-firewall b/lib/bkctld-firewall
index 264398f..d063fb4 100755
--- a/lib/bkctld-firewall
+++ b/lib/bkctld-firewall
@@ -1,9 +1,15 @@
 #!/bin/sh
+#
+# Update firewall rules of <jailname> or all
+# Usage: firewall <jailname>|all
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 jail="${1:-}"
-[ -n "${jail}" ] || usage
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 
 if [ -n "${FIREWALL_RULES}" ]; then
     [ -f "${FIREWALL_RULES}" ] && sed -i "/#${jail}$/d" "${FIREWALL_RULES}"
diff --git a/lib/bkctld-help b/lib/bkctld-help
new file mode 100755
index 0000000..6fd76f1
--- /dev/null
+++ b/lib/bkctld-help
@@ -0,0 +1,21 @@
+#!/bin/sh
+#
+# Print this help
+# Usage: help
+#
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+cat <<EOF
+Usage: bkctld <subcommand> [options]
+Subcommands:
+EOF
+
+for subcommand in ${LIBDIR}/bkctld-*; do
+    name=$(basename "${subcommand}"|cut -d'-' -f2)
+    desc=$(grep -E "^#" "${subcommand}"|sed -n '3p'|sed "s/^# //")
+    usage=$(grep -E "^# Usage: ${name}" "${subcommand}"|sed "s/^# Usage: ${name}//")
+    printf "    %- 10s %- 30s %- 40s\n" "${name}" "${usage}" "${desc}"
+done
+
+printf "\n"
diff --git a/lib/bkctld-inc b/lib/bkctld-inc
index f55a28c..7a04d2b 100755
--- a/lib/bkctld-inc
+++ b/lib/bkctld-inc
@@ -1,4 +1,8 @@
 #!/bin/sh
+#
+# Make incremental inc of all jails
+# Usage: inc
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
diff --git a/lib/bkctld-init b/lib/bkctld-init
index c816b0f..8010c6c 100755
--- a/lib/bkctld-init
+++ b/lib/bkctld-init
@@ -1,9 +1,15 @@
 #!/bin/sh
+#
+# Init jail <jailname>
+# Usage: init <jailname>
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 jail="${1:-}"
-[ -n "${jail}" ] || usage
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 check_jail "${jail}" && error "${jail} : trying to create existant jail"
 
 sshd_config="${TPLDIR}/sshd_config"
diff --git a/lib/bkctld-ip b/lib/bkctld-ip
index 25b326c..f381c02 100755
--- a/lib/bkctld-ip
+++ b/lib/bkctld-ip
@@ -1,10 +1,16 @@
 #!/bin/sh
+#
+# Set or get allowed(s) ip(s) of <jailname>
+# Usage: ip <jailname> [<ip>|all]
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 jail="${1:-}"
 ip="${2:-}"
-[ -n "${jail}" ] || usage
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 check_jail "${jail}" || error "${jail} : inexistant jail'"
 
 if [ -z "${ip}" ]; then
diff --git a/lib/bkctld-key b/lib/bkctld-key
index 4f26cf7..67e6662 100755
--- a/lib/bkctld-key
+++ b/lib/bkctld-key
@@ -1,10 +1,16 @@
 #!/bin/sh
+#
+# Set or get ssh pubic key of <jailname>
+# Usage: key <jailname> [<keyfile>]
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 jail="${1:-}"
 keyfile="${2:-}"
-[ -n "${jail}" ] || usage
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 check_jail "${jail}" || error "${jail} : inexistant jail'"
 
 if [ -z "${keyfile}" ]; then
diff --git a/lib/bkctld-port b/lib/bkctld-port
index 6c8b0fb..ac28d09 100755
--- a/lib/bkctld-port
+++ b/lib/bkctld-port
@@ -1,10 +1,16 @@
 #!/bin/sh
+#
+# Set or get ssh port of <jailname>
+# Usage: port <jailname> [<port>|auto]
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 jail="${1:-}"
 port="${2:-}"
-[ -n "${jail}" ] || usage
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 check_jail "${jail}" || error "${jail} : inexistant jail'"
 
 if [ -z "${port}" ]; then
diff --git a/lib/bkctld-reload b/lib/bkctld-reload
index 1e97039..70f1adf 100755
--- a/lib/bkctld-reload
+++ b/lib/bkctld-reload
@@ -1,9 +1,15 @@
 #!/bin/sh
+#
+# Reload jail <jailname> or all
+# Usage: reload <jailname>|all
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 jail="${1:-}"
-[ -n "${jail}" ] || usage
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 check_jail "${jail}" || error "${jail} : trying to reload inexistant jail"
 check_jail_on "${jail}" || exit 0
 
diff --git a/lib/bkctld-remove b/lib/bkctld-remove
index c423a43..942dd82 100755
--- a/lib/bkctld-remove
+++ b/lib/bkctld-remove
@@ -1,9 +1,15 @@
 #!/bin/sh
+#
+# Remove jail <jailname> or all
+# Usage: remove <jailname>|all
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 jail="${1:-}"
-[ -n "${jail}" ] || usage
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 check_jail "${jail}" || error "${jail} : trying to remove inexistant jail"
 check_jail_on "${jail}" && . "${LIBDIR}/bkctld-stop" "${jail}"
 
diff --git a/lib/bkctld-restart b/lib/bkctld-restart
index 3cef9ca..21db5b0 100755
--- a/lib/bkctld-restart
+++ b/lib/bkctld-restart
@@ -1,11 +1,17 @@
 #!/bin/sh
+#
+# Restart jail <jailname> or all
+# Usage: restart <jailname>|all
+#
 
 set -eu
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 jail="${1:-}"
-[ -n "${jail}" ] || usage
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 check_jail "${jail}" || error "${jail} : trying to restart inexistant jail"
 check_jail_on "${jail}" && "${LIBDIR}/bkctld-stop" "${jail}"
 "${LIBDIR}/bkctld-start" "${jail}"
diff --git a/lib/bkctld-rm b/lib/bkctld-rm
index 30e80a8..a89c0c5 100755
--- a/lib/bkctld-rm
+++ b/lib/bkctld-rm
@@ -1,4 +1,8 @@
 #!/bin/sh
+#
+# Remove old incremtal inc of all jails
+# Usage: rm
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
diff --git a/lib/bkctld-start b/lib/bkctld-start
index cf0daa1..4aa5a65 100755
--- a/lib/bkctld-start
+++ b/lib/bkctld-start
@@ -1,9 +1,15 @@
 #!/bin/sh
+#
+# Start jail <jailname> or all
+# Usage: start <jailname>|all
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 jail="${1:-}"
-[ -n "${jail}" ] || usage
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 check_jail "${jail}" || error "${jail} : trying to start inexistant jail"
 check_jail_on "${jail}" && exit 0
 
diff --git a/lib/bkctld-stats b/lib/bkctld-stats
index 9e955ed..7077f8e 100755
--- a/lib/bkctld-stats
+++ b/lib/bkctld-stats
@@ -1,4 +1,8 @@
 #!/bin/sh
+#
+# Make and display stats on jails (size, lastconn)
+# Usage: stats
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
diff --git a/lib/bkctld-status b/lib/bkctld-status
index 2d3e9ba..aaa2c7a 100755
--- a/lib/bkctld-status
+++ b/lib/bkctld-status
@@ -1,9 +1,15 @@
 #!/bin/sh
+#
+# Print status of <jailname> (default all jail)
+# Usage: status [<jailname>]
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 jail="${1:-}"
-[ -n "${jail}" ] || usage
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 check_jail "${jail}" || error "${jail} : inexistant jail ! Use '$0 status' for list all"
 
 inc=$(get_inc "${jail}")
diff --git a/lib/bkctld-stop b/lib/bkctld-stop
index da2f93a..3ca4f02 100755
--- a/lib/bkctld-stop
+++ b/lib/bkctld-stop
@@ -1,9 +1,15 @@
 #!/bin/sh
+#
+# Stop jail <jailname> or all
+# Usage: stop <jailname>|all
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 jail="${1:-}"
-[ -n "${jail}" ] || usage
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 check_jail "${jail}" || error "${jail} : trying to stop inexistant jail"
 check_jail_on "${jail}" || exit 0
 
diff --git a/lib/bkctld-sync b/lib/bkctld-sync
index 6081b7b..50db934 100755
--- a/lib/bkctld-sync
+++ b/lib/bkctld-sync
@@ -1,9 +1,15 @@
 #!/bin/sh
+#
+# Sync jail <jailname> or all to another node
+# Usage: sync <jailname>|all
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 jail="${1:-}"
-[ -n "${jail}" ] || usage
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 check_jail "${jail}" || error "${jail} : trying to sync inexistant jail"
 
 [ -n "${NODE}" ] || error "Sync need config of \$NODE in /etc/default/bkctld !"
diff --git a/lib/bkctld-update b/lib/bkctld-update
index 289c873..7c34038 100755
--- a/lib/bkctld-update
+++ b/lib/bkctld-update
@@ -1,9 +1,15 @@
 #!/bin/sh
+#
+# Update jail <jailname> or all
+# Usage: update <jailname>|all
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 jail="${1:-}"
-[ -n "${jail}" ] || usage
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 check_jail "${jail}" || error "${jail} : trying to update inexistant jail"
 check_jail_on "${jail}" && . "${LIBDIR}/bkctld-stop" "${jail}"
 
diff --git a/lib/functions b/lib/functions
index 9a66bc4..b1584d5 100755
--- a/lib/functions
+++ b/lib/functions
@@ -1,31 +1,5 @@
 #!/bin/sh
 
-usage() {
-    cat <<EOF
-Usage: $0 <subcommand> [options]
-Subcommands:
-    init        <jailname>                      Init jail <jailname>
-    update      <jailname>|all                  Update jail <jailname> or all
-    remove      <jailname>|all                  Remove jail <jailname> or all
-    start       <jailname>|all                  Start jail <jailname> or all
-    stop        <jailname>|all                  Stop jail <jailname> or all
-    reload      <jailname>|all                  Reload jail <jailname> or all
-    restart     <jailname>|all                  Restart jail <jailname> or all
-    sync        <jailname>|all                  Sync jail <jailname> or all to another node
-    firewall    <jailname>|all                  Update firewall rules of <jailname> or all
-    status      [<jailname>]                    Print status of <jailname> (default all jail)
-    key         <jailname>      [<keyfile>]     Set or get ssh pubic key of <jailname>
-    port        <jailname>      [<port>|auto]   Set or get ssh port of <jailname>
-    ip          <jailname>      [<ip>|all]      Set or get allowed(s) ip(s) of <jailname>
-    inc                                         Make incremental inc of all jails
-    rm                                          Remove old incremtal inc of all jails
-    check                                       Run check on jails (NRPE output)
-    stats                                       Make and display stats on jails (size, lastconn)
-
-EOF
-exit 1
-}
-
 check_jail() {
     jail="${1}"
     [ -d "${JAILDIR}/${jail}" ] && return 0

From d47b21343b783088b7458b83679145fb5bd1a886 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Mon, 7 Jan 2019 16:11:57 +0100
Subject: [PATCH 11/26] Fix typo in bkctld-stats

---
 lib/bkctld-stats | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/bkctld-stats b/lib/bkctld-stats
index 7077f8e..0f7d261 100755
--- a/lib/bkctld-stats
+++ b/lib/bkctld-stats
@@ -7,7 +7,7 @@
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 lsof "${IDX_FILE}" >/dev/null 2>&1 || nohup sh -s -- <<EOF >/dev/null 2>&1 &
-ce -c3 "${DUC}" index -d "${IDX_FILE}" "${JAILDIR}"
+ionice -c3 "${DUC}" index -d "${IDX_FILE}" "${JAILDIR}"
 touch "${INDEX_DIR}/.lastrun.duc"
 EOF
 [ ! -f "${INDEX_DIR}/.lastrun.duc" ] && notice "First run of DUC always in progress ..." && exit 0

From c9dcca1a776c9fa81045e57028188a7dcc4f42f3 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Mon, 7 Jan 2019 16:12:51 +0100
Subject: [PATCH 12/26] Remove get_inc function

---
 lib/bkctld-stats  |  8 +++++++-
 lib/bkctld-status |  7 ++++++-
 lib/functions     | 11 -----------
 3 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/lib/bkctld-stats b/lib/bkctld-stats
index 0f7d261..896b195 100755
--- a/lib/bkctld-stats
+++ b/lib/bkctld-stats
@@ -22,6 +22,12 @@ trap "rm ${duc_output} ${incs_output} ${stat_output}" 0
 "${DUC}" ls -d "${IDX_FILE}" "${JAILDIR}" > "${duc_output}"
 awk '{ print $2 }' "${duc_output}" | while read jail; do
     stat --format=%Y "/backup/jails/${jail}/var/log/lastlog" | xargs -i -n1 date -d "@{}" "+%d-%m-%Y" >> "${stat_output}"
-    get_inc "${jail}" >> "${incs_output}"
+    inc=0
+    if [ -f "${CONFDIR}/${jail}" ]; then
+        day=$(grep -c "day" "${CONFDIR}/${jail}")
+        month=$(grep -c "month" "${CONFDIR}/${jail}")
+        inc="${day}/${month}"
+    fi
+    echo "${inc}" >> "${incs_output}"
 done
 paste "${duc_output}" "${incs_output}" "${stat_output}" | awk '{ printf("%- 30s %- 10s %- 10s %- 15s\n", $2, $1, $3, $4); }'
diff --git a/lib/bkctld-status b/lib/bkctld-status
index aaa2c7a..fa057ac 100755
--- a/lib/bkctld-status
+++ b/lib/bkctld-status
@@ -12,7 +12,12 @@ if [ ! -n "${jail}" ]; then
 fi
 check_jail "${jail}" || error "${jail} : inexistant jail ! Use '$0 status' for list all"
 
-inc=$(get_inc "${jail}")
+inc="0"
+if [ -f "${CONFDIR}/${jail}" ]; then
+    day=$(grep -c "day" "${CONFDIR}/${jail}")
+    month=$(grep -c "month" "${CONFDIR}/${jail}")
+    inc="${day}/${month}"
+fi
 if ( check_jail_on "${jail}" ); then
     status="ON "
 else
diff --git a/lib/functions b/lib/functions
index b1584d5..5fb1461 100755
--- a/lib/functions
+++ b/lib/functions
@@ -20,14 +20,3 @@ check_jail_on() {
     fi
     return "${return}"
 }
-
-get_inc() {
-    jail="${1}"
-    inc="0"
-        if [ -f "${CONFDIR}/${jail}" ]; then
-            day=$(grep -c "day" "${CONFDIR}/${jail}")
-            month=$(grep -c "month" "${CONFDIR}/${jail}")
-            inc="${day}/${month}"
-        fi
-    echo "${inc}"
-}

From 18b44ce95801fecebd28fc73e962a1670f1fe08a Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Mon, 7 Jan 2019 16:33:08 +0100
Subject: [PATCH 13/26] Fix help output (command can have dash)

---
 lib/bkctld-help | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/bkctld-help b/lib/bkctld-help
index 6fd76f1..e38380f 100755
--- a/lib/bkctld-help
+++ b/lib/bkctld-help
@@ -12,7 +12,7 @@ Subcommands:
 EOF
 
 for subcommand in ${LIBDIR}/bkctld-*; do
-    name=$(basename "${subcommand}"|cut -d'-' -f2)
+    name=$(basename "${subcommand}"|sed 's/^bkctld-//')
     desc=$(grep -E "^#" "${subcommand}"|sed -n '3p'|sed "s/^# //")
     usage=$(grep -E "^# Usage: ${name}" "${subcommand}"|sed "s/^# Usage: ${name}//")
     printf "    %- 10s %- 30s %- 40s\n" "${name}" "${usage}" "${desc}"

From 79e0d28dcc6f663b246a99912c208b0725838b96 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Mon, 7 Jan 2019 16:34:14 +0100
Subject: [PATCH 14/26] Move check_jail_on functions into bkctld-is-on script

---
 bkctld             |  2 +-
 lib/bkctld-ip      |  2 +-
 lib/bkctld-is-on   | 26 ++++++++++++++++++++++++++
 lib/bkctld-key     |  2 +-
 lib/bkctld-port    |  2 +-
 lib/bkctld-reload  |  2 +-
 lib/bkctld-remove  |  2 +-
 lib/bkctld-restart |  2 +-
 lib/bkctld-start   |  2 +-
 lib/bkctld-status  |  7 ++-----
 lib/bkctld-stop    |  2 +-
 lib/bkctld-sync    |  4 +---
 lib/bkctld-update  |  2 +-
 lib/functions      | 15 ---------------
 14 files changed, 39 insertions(+), 33 deletions(-)
 create mode 100755 lib/bkctld-is-on

diff --git a/bkctld b/bkctld
index f8d30d1..80a93ef 100755
--- a/bkctld
+++ b/bkctld
@@ -29,7 +29,7 @@ case "${subcommand}" in
     "inc" | "rm" | "check" | "stats" | "help")
         "${LIBDIR}/bkctld-${subcommand}"
     ;;
-        "init")
+        "init" | "is-on")
         "${LIBDIR}/bkctld-${subcommand}" "${jail}"
     ;;
     "key" | "port" | "ip")
diff --git a/lib/bkctld-ip b/lib/bkctld-ip
index f381c02..49cb1b8 100755
--- a/lib/bkctld-ip
+++ b/lib/bkctld-ip
@@ -30,6 +30,6 @@ else
     done
     sed -i "s~^AllowUsers .*~${allow}~" "${JAILDIR}/$jail/${SSHD_CONFIG}"
     notice "${jail} : update ip => ${ip}"
-    check_jail_on "${jail}" && "${LIBDIR}/bkctld-reload" "${jail}"
+    "${LIBDIR}/bkctld-is-on" "${jail}" && "${LIBDIR}/bkctld-reload" "${jail}"
     "${LIBDIR}/bkctld-firewall" "${jail}"
 fi
diff --git a/lib/bkctld-is-on b/lib/bkctld-is-on
new file mode 100755
index 0000000..41f548a
--- /dev/null
+++ b/lib/bkctld-is-on
@@ -0,0 +1,26 @@
+#!/bin/sh
+#
+# Check if a jail is on or not
+# Usage: is-on <jailname>
+#
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
+check_jail "${jail}" || error "${jail} : trying to check inexistant jail"
+
+jail="${1}"
+return=1
+if [ -f "${JAILDIR}/${jail}/${SSHD_PID}" ]; then
+    pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
+    ps -p "${pid}" > /dev/null && return=0
+fi
+if [ "${return}" -eq 1 ]; then
+    rm -f "${JAILDIR}/${jail}/${SSHD_PID}"
+    grep -q "${JAILDIR}/${jail}/proc" /proc/mounts && umount --lazy "${JAILDIR}/${jail}/proc/"
+    grep -q "${JAILDIR}/${jail}/dev" /proc/mounts && umount --lazy --recursive "${JAILDIR}/${jail}/dev"
+fi
+exit "${return}"
diff --git a/lib/bkctld-key b/lib/bkctld-key
index 67e6662..bf75f8d 100755
--- a/lib/bkctld-key
+++ b/lib/bkctld-key
@@ -23,5 +23,5 @@ else
     chmod 600 "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
     notice "${jail} : update key => ${keyfile}"
 
-    check_jail_on "${jail}" && . "${LIBDIR}/bkctld-reload" "${jail}"
+    "${LIBDIR}/bkctld-is-on" "${jail}" && "${LIBDIR}/bkctld-reload" "${jail}"
 fi
diff --git a/lib/bkctld-port b/lib/bkctld-port
index ac28d09..86f05fc 100755
--- a/lib/bkctld-port
+++ b/lib/bkctld-port
@@ -23,6 +23,6 @@ else
     fi
     sed -i "s/^Port .*/Port ${port}/" "${JAILDIR}/$jail/${SSHD_CONFIG}"
     notice "${jail} : update port => ${port}"
-    check_jail_on "${jail}" && . "${LIBDIR}/bkctld-reload" "${jail}"
+    "${LIBDIR}/bkctld-is-on" "${jail}" && "${LIBDIR}/bkctld-reload" "${jail}"
     "${LIBDIR}/bkctld-firewall" "${jail}"
 fi
diff --git a/lib/bkctld-reload b/lib/bkctld-reload
index 70f1adf..1b8701f 100755
--- a/lib/bkctld-reload
+++ b/lib/bkctld-reload
@@ -11,7 +11,7 @@ if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
 check_jail "${jail}" || error "${jail} : trying to reload inexistant jail"
-check_jail_on "${jail}" || exit 0
+"${LIBDIR}/bkctld-is-on" "${jail}" || exit 0
 
 pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
 
diff --git a/lib/bkctld-remove b/lib/bkctld-remove
index 942dd82..bbd4884 100755
--- a/lib/bkctld-remove
+++ b/lib/bkctld-remove
@@ -11,7 +11,7 @@ if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
 check_jail "${jail}" || error "${jail} : trying to remove inexistant jail"
-check_jail_on "${jail}" && . "${LIBDIR}/bkctld-stop" "${jail}"
+"${LIBDIR}/bkctld-is-on" "${jail}" && "${LIBDIR}/bkctld-stop" "${jail}"
 
 rm -f "${CONFDIR}/${jail}"
 jail_inode=$(stat --format=%i "${JAILDIR}/${jail}")
diff --git a/lib/bkctld-restart b/lib/bkctld-restart
index 21db5b0..40701bc 100755
--- a/lib/bkctld-restart
+++ b/lib/bkctld-restart
@@ -13,5 +13,5 @@ if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
 check_jail "${jail}" || error "${jail} : trying to restart inexistant jail"
-check_jail_on "${jail}" && "${LIBDIR}/bkctld-stop" "${jail}"
+"${LIBDIR}/bkctld-is-on" "${jail}" && "${LIBDIR}/bkctld-stop" "${jail}"
 "${LIBDIR}/bkctld-start" "${jail}"
diff --git a/lib/bkctld-start b/lib/bkctld-start
index 4aa5a65..9749633 100755
--- a/lib/bkctld-start
+++ b/lib/bkctld-start
@@ -11,7 +11,7 @@ if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
 check_jail "${jail}" || error "${jail} : trying to start inexistant jail"
-check_jail_on "${jail}" && exit 0
+"${LIBDIR}/bkctld-is-on" "${jail}" && exit 0
 
 cd "${JAILDIR}/${jail}"
 grep -q "${JAILDIR}/${jail}/proc" /proc/mounts || mount -t proc "proc-${jail}" proc
diff --git a/lib/bkctld-status b/lib/bkctld-status
index fa057ac..d2e3dfa 100755
--- a/lib/bkctld-status
+++ b/lib/bkctld-status
@@ -18,11 +18,8 @@ if [ -f "${CONFDIR}/${jail}" ]; then
     month=$(grep -c "month" "${CONFDIR}/${jail}")
     inc="${day}/${month}"
 fi
-if ( check_jail_on "${jail}" ); then
-    status="ON "
-else
-    status="OFF"
-fi
+status="OFF"
+"${LIBDIR}/bkctld-is-on" "${jail}" && status="ON "
 port=$("${LIBDIR}/bkctld-port" "${jail}")
 ip=$("${LIBDIR}/bkctld-ip" "${jail}"|xargs|tr -s ' ' ',')
 echo "${jail} ${status} ${port} ${inc} ${ip}" | awk '{ printf("%- 30s %- 10s %- 10s %- 10s %- 40s\n", $1, $2, $3, $4, $5); }'
diff --git a/lib/bkctld-stop b/lib/bkctld-stop
index 3ca4f02..8f76cd7 100755
--- a/lib/bkctld-stop
+++ b/lib/bkctld-stop
@@ -11,7 +11,7 @@ if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
 check_jail "${jail}" || error "${jail} : trying to stop inexistant jail"
-check_jail_on "${jail}" || exit 0
+"${LIBDIR}/bkctld-is-on" "${jail}" || exit 0
 
 pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
 for conn in $(ps --ppid "${pid}" -o pid=); do
diff --git a/lib/bkctld-sync b/lib/bkctld-sync
index 50db934..b484bac 100755
--- a/lib/bkctld-sync
+++ b/lib/bkctld-sync
@@ -18,9 +18,7 @@ jail="${1}"
 ssh "${NODE}" "${LIBDIR}/bkctld-init" "${jail}" | debug
 rsync -a "${JAILDIR}/${jail}/" "${NODE}:${JAILDIR}/${jail}/" --exclude proc/* --exclude sys/* --exclude dev/* --exclude run --exclude var/backup/*
 rsync -a "${CONFDIR}/${jail}" "${NODE}:${CONFDIR}/${jail}"
-if ( check_jail_on "${jail}" ); then
-    ssh "${NODE}" "${LIBDIR}/bkctld-start" "${jail}" | debug
-fi
+"${LIBDIR}/bkctld-is-on" "${jail}" && ssh "${NODE}" "${LIBDIR}/bkctld-start" "${jail}" | debug
 if [ -n "${FIREWALL_RULES}" ]; then
     rsync -a "${FIREWALL_RULES}" "${NODE}:${FIREWALL_RULES}"
     ssh "${NODE}" /etc/init.d/minifirewall restart | debug
diff --git a/lib/bkctld-update b/lib/bkctld-update
index 7c34038..1998fea 100755
--- a/lib/bkctld-update
+++ b/lib/bkctld-update
@@ -11,7 +11,7 @@ if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
 check_jail "${jail}" || error "${jail} : trying to update inexistant jail"
-check_jail_on "${jail}" && . "${LIBDIR}/bkctld-stop" "${jail}"
+"${LIBDIR}/bkctld-is-on" "${jail}" && "${LIBDIR}/bkctld-stop" "${jail}"
 
 . "${LIBDIR}/mkjail"
 notice "${jail} : updated jail"
diff --git a/lib/functions b/lib/functions
index 5fb1461..c21fc2c 100755
--- a/lib/functions
+++ b/lib/functions
@@ -5,18 +5,3 @@ check_jail() {
     [ -d "${JAILDIR}/${jail}" ] && return 0
     return 1
 }
-
-check_jail_on() {
-    jail="${1}"
-    return=1
-    if [ -f "${JAILDIR}/${jail}/${SSHD_PID}" ]; then
-        pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
-        ps -p "${pid}" > /dev/null && return=0
-    fi
-    if [ "${return}" -eq 1 ]; then
-        rm -f "${JAILDIR}/${jail}/${SSHD_PID}"
-        grep -q "${JAILDIR}/${jail}/proc" /proc/mounts && umount --lazy "${JAILDIR}/${jail}/proc/"
-        grep -q "${JAILDIR}/${jail}/dev" /proc/mounts && umount --lazy --recursive "${JAILDIR}/${jail}/dev"
-    fi
-    return "${return}"
-}

From 3cb0bea28eb33443b99c40f5ace597b0245fe77e Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Mon, 7 Jan 2019 16:41:29 +0100
Subject: [PATCH 15/26] Remove check_jail function

---
 lib/bkctld-firewall | 2 +-
 lib/bkctld-init     | 2 +-
 lib/bkctld-ip       | 2 +-
 lib/bkctld-is-on    | 2 +-
 lib/bkctld-key      | 2 +-
 lib/bkctld-port     | 2 +-
 lib/bkctld-reload   | 2 +-
 lib/bkctld-remove   | 2 +-
 lib/bkctld-restart  | 2 +-
 lib/bkctld-start    | 2 +-
 lib/bkctld-status   | 2 +-
 lib/bkctld-stop     | 2 +-
 lib/bkctld-sync     | 2 +-
 lib/bkctld-update   | 2 +-
 lib/config          | 1 -
 lib/functions       | 7 -------
 16 files changed, 14 insertions(+), 22 deletions(-)
 delete mode 100755 lib/functions

diff --git a/lib/bkctld-firewall b/lib/bkctld-firewall
index d063fb4..eacb752 100755
--- a/lib/bkctld-firewall
+++ b/lib/bkctld-firewall
@@ -13,7 +13,7 @@ fi
 
 if [ -n "${FIREWALL_RULES}" ]; then
     [ -f "${FIREWALL_RULES}" ] && sed -i "/#${jail}$/d" "${FIREWALL_RULES}"
-    if ( check_jail "${jail}" ); then
+    if [ -d "${JAILDIR}/${jail}" ]; then
         port=$("${LIBDIR}/bkctld-port" "${jail}")
         for ip in $("${LIBDIR}/bkctld-ip" "${jail}"); do
             echo "/sbin/iptables -A INPUT -p tcp --sport 1024: --dport ${port} -s ${ip} -j ACCEPT #${jail}" >> "${FIREWALL_RULES}"
diff --git a/lib/bkctld-init b/lib/bkctld-init
index 8010c6c..29fe670 100755
--- a/lib/bkctld-init
+++ b/lib/bkctld-init
@@ -10,7 +10,7 @@ jail="${1:-}"
 if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
-check_jail "${jail}" && error "${jail} : trying to create existant jail"
+[ -d "${JAILDIR}/${jail}" ] && error "${jail} : trying to create existant jail"
 
 sshd_config="${TPLDIR}/sshd_config"
 inctpl="${TPLDIR}/inc.tpl"
diff --git a/lib/bkctld-ip b/lib/bkctld-ip
index 49cb1b8..5512b12 100755
--- a/lib/bkctld-ip
+++ b/lib/bkctld-ip
@@ -11,7 +11,7 @@ ip="${2:-}"
 if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
-check_jail "${jail}" || error "${jail} : inexistant jail'"
+[ -d "${JAILDIR}/${jail}" ] || error "${jail} : inexistant jail'"
 
 if [ -z "${ip}" ]; then
     grep -E "^AllowUsers" "${JAILDIR}/$jail/${SSHD_CONFIG}"|grep -Eo "root@[^ ]+"| while read allow; do
diff --git a/lib/bkctld-is-on b/lib/bkctld-is-on
index 41f548a..ac19ce0 100755
--- a/lib/bkctld-is-on
+++ b/lib/bkctld-is-on
@@ -10,7 +10,7 @@ jail="${1:-}"
 if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
-check_jail "${jail}" || error "${jail} : trying to check inexistant jail"
+[ -d "${JAILDIR}/${jail}" ] || error "${jail} : trying to check inexistant jail"
 
 jail="${1}"
 return=1
diff --git a/lib/bkctld-key b/lib/bkctld-key
index bf75f8d..5fb8c53 100755
--- a/lib/bkctld-key
+++ b/lib/bkctld-key
@@ -11,7 +11,7 @@ keyfile="${2:-}"
 if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
-check_jail "${jail}" || error "${jail} : inexistant jail'"
+[ -d "${JAILDIR}/${jail}" ] || error "${jail} : inexistant jail'"
 
 if [ -z "${keyfile}" ]; then
     if [ -f "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}" ]; then
diff --git a/lib/bkctld-port b/lib/bkctld-port
index 86f05fc..6f86092 100755
--- a/lib/bkctld-port
+++ b/lib/bkctld-port
@@ -11,7 +11,7 @@ port="${2:-}"
 if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
-check_jail "${jail}" || error "${jail} : inexistant jail'"
+[ -d "${JAILDIR}/${jail}" ] || error "${jail} : inexistant jail'"
 
 if [ -z "${port}" ]; then
     grep -E "Port [0-9]+" "${JAILDIR}/${jail}/${SSHD_CONFIG}"|grep -oE "[0-9]+"
diff --git a/lib/bkctld-reload b/lib/bkctld-reload
index 1b8701f..3f2fb56 100755
--- a/lib/bkctld-reload
+++ b/lib/bkctld-reload
@@ -10,7 +10,7 @@ jail="${1:-}"
 if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
-check_jail "${jail}" || error "${jail} : trying to reload inexistant jail"
+[ -d "${JAILDIR}/${jail}" ] || error "${jail} : trying to reload inexistant jail"
 "${LIBDIR}/bkctld-is-on" "${jail}" || exit 0
 
 pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
diff --git a/lib/bkctld-remove b/lib/bkctld-remove
index bbd4884..a8d6df7 100755
--- a/lib/bkctld-remove
+++ b/lib/bkctld-remove
@@ -10,7 +10,7 @@ jail="${1:-}"
 if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
-check_jail "${jail}" || error "${jail} : trying to remove inexistant jail"
+[ -d "${JAILDIR}/${jail}" ] || error "${jail} : trying to remove inexistant jail"
 "${LIBDIR}/bkctld-is-on" "${jail}" && "${LIBDIR}/bkctld-stop" "${jail}"
 
 rm -f "${CONFDIR}/${jail}"
diff --git a/lib/bkctld-restart b/lib/bkctld-restart
index 40701bc..22d778e 100755
--- a/lib/bkctld-restart
+++ b/lib/bkctld-restart
@@ -12,6 +12,6 @@ jail="${1:-}"
 if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
-check_jail "${jail}" || error "${jail} : trying to restart inexistant jail"
+[ -d "${JAILDIR}/${jail}" ] || error "${jail} : trying to restart inexistant jail"
 "${LIBDIR}/bkctld-is-on" "${jail}" && "${LIBDIR}/bkctld-stop" "${jail}"
 "${LIBDIR}/bkctld-start" "${jail}"
diff --git a/lib/bkctld-start b/lib/bkctld-start
index 9749633..810c5ce 100755
--- a/lib/bkctld-start
+++ b/lib/bkctld-start
@@ -10,7 +10,7 @@ jail="${1:-}"
 if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
-check_jail "${jail}" || error "${jail} : trying to start inexistant jail"
+[ -d "${JAILDIR}/${jail}" ] || error "${jail} : trying to start inexistant jail"
 "${LIBDIR}/bkctld-is-on" "${jail}" && exit 0
 
 cd "${JAILDIR}/${jail}"
diff --git a/lib/bkctld-status b/lib/bkctld-status
index d2e3dfa..b873ced 100755
--- a/lib/bkctld-status
+++ b/lib/bkctld-status
@@ -10,7 +10,7 @@ jail="${1:-}"
 if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
-check_jail "${jail}" || error "${jail} : inexistant jail ! Use '$0 status' for list all"
+[ -d "${JAILDIR}/${jail}" ] || error "${jail} : inexistant jail ! Use '$0 status' for list all"
 
 inc="0"
 if [ -f "${CONFDIR}/${jail}" ]; then
diff --git a/lib/bkctld-stop b/lib/bkctld-stop
index 8f76cd7..cdb2b25 100755
--- a/lib/bkctld-stop
+++ b/lib/bkctld-stop
@@ -10,7 +10,7 @@ jail="${1:-}"
 if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
-check_jail "${jail}" || error "${jail} : trying to stop inexistant jail"
+[ -d "${JAILDIR}/${jail}" ] || error "${jail} : trying to stop inexistant jail"
 "${LIBDIR}/bkctld-is-on" "${jail}" || exit 0
 
 pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
diff --git a/lib/bkctld-sync b/lib/bkctld-sync
index b484bac..65eb58b 100755
--- a/lib/bkctld-sync
+++ b/lib/bkctld-sync
@@ -10,7 +10,7 @@ jail="${1:-}"
 if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
-check_jail "${jail}" || error "${jail} : trying to sync inexistant jail"
+[ -d "${JAILDIR}/${jail}" ] || error "${jail} : trying to sync inexistant jail"
 
 [ -n "${NODE}" ] || error "Sync need config of \$NODE in /etc/default/bkctld !"
 
diff --git a/lib/bkctld-update b/lib/bkctld-update
index 1998fea..4e8f141 100755
--- a/lib/bkctld-update
+++ b/lib/bkctld-update
@@ -10,7 +10,7 @@ jail="${1:-}"
 if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
-check_jail "${jail}" || error "${jail} : trying to update inexistant jail"
+[ -d "${JAILDIR}/${jail}" ] || error "${jail} : trying to update inexistant jail"
 "${LIBDIR}/bkctld-is-on" "${jail}" && "${LIBDIR}/bkctld-stop" "${jail}"
 
 . "${LIBDIR}/mkjail"
diff --git a/lib/config b/lib/config
index 0c14959..d71ad55 100755
--- a/lib/config
+++ b/lib/config
@@ -20,4 +20,3 @@ WARNING="${WARNING:-24}"
 DUC=$(command -v duc-nox||command -v duc)
 
 . "${LIBDIR}/logging"
-. "${LIBDIR}/functions"
diff --git a/lib/functions b/lib/functions
deleted file mode 100755
index c21fc2c..0000000
--- a/lib/functions
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/sh
-
-check_jail() {
-    jail="${1}"
-    [ -d "${JAILDIR}/${jail}" ] && return 0
-    return 1
-}

From 084c7653dd81fcec31074784709f6d842fa75a7b Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Mon, 7 Jan 2019 16:57:12 +0100
Subject: [PATCH 16/26] Move logging functions into config

---
 lib/config  | 44 +++++++++++++++++++++++++++++++++++++++++++-
 lib/logging | 42 ------------------------------------------
 2 files changed, 43 insertions(+), 43 deletions(-)
 delete mode 100755 lib/logging

diff --git a/lib/config b/lib/config
index d71ad55..dac4f09 100755
--- a/lib/config
+++ b/lib/config
@@ -1,4 +1,7 @@
 #!/bin/sh
+#
+# Config for bkctld
+#
 
 [ -f /etc/default/bkctld ] && . /etc/default/bkctld
 LIBDIR=${LIBDIR:-/usr/lib/bkctld}
@@ -19,4 +22,43 @@ CRITICAL="${CRITICAL:-48}"
 WARNING="${WARNING:-24}"
 DUC=$(command -v duc-nox||command -v duc)
 
-. "${LIBDIR}/logging"
+debug() {
+    msg="${1:-$(cat /dev/stdin)}"
+    if [ "${LOGLEVEL}" -ge 7 ]; then
+        echo "${msg}"
+        logger -t bkctld -p daemon.debug "${msg}"
+    fi
+}
+
+info() {
+    msg="${1:-$(cat /dev/stdin)}"
+    if [ "${LOGLEVEL}" -ge 6 ]; then
+        tty -s && echo "${msg}"
+        logger -t bkctld -p daemon.info "${msg}"
+    fi
+}
+
+notice() {
+    msg="${1:-$(cat /dev/stdin)}"
+    tty -s && echo "${msg}"
+    [ "${LOGLEVEL}" -ge 5 ] && logger -t bkctld -p daemon.notice "${msg}"
+}
+
+warning() {
+    msg="${1:-$(cat /dev/stdin)}"
+    tty -s && echo "WARNING : ${msg}" >&2
+    if [ "${LOGLEVEL}" -ge 4 ]; then
+        tty -s || echo "WARNING : ${msg}" >&2
+        logger -t bkctld -p daemon.warning "${msg}"
+    fi
+}
+
+error() {
+    msg="${1:-$(cat /dev/stdin)}"
+    tty -s && echo "ERROR : ${msg}" >&2
+    if [ "${LOGLEVEL}" -ge 5 ]; then
+        tty -s || echo "ERROR : ${msg}" >&2
+        logger -t bkctld -p daemon.error "${msg}"
+    fi
+    exit 1
+}
diff --git a/lib/logging b/lib/logging
deleted file mode 100755
index 529de4c..0000000
--- a/lib/logging
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/bin/sh
-
-debug() {
-    msg="${1:-$(cat /dev/stdin)}"
-    if [ "${LOGLEVEL}" -ge 7 ]; then
-        echo "${msg}"
-        logger -t bkctld -p daemon.debug "${msg}"
-    fi
-}
-
-info() {
-    msg="${1:-$(cat /dev/stdin)}"
-    if [ "${LOGLEVEL}" -ge 6 ]; then
-        tty -s && echo "${msg}"
-        logger -t bkctld -p daemon.info "${msg}"
-    fi
-}
-
-notice() {
-    msg="${1:-$(cat /dev/stdin)}"
-    tty -s && echo "${msg}"
-    [ "${LOGLEVEL}" -ge 5 ] && logger -t bkctld -p daemon.notice "${msg}"
-}
-
-warning() {
-    msg="${1:-$(cat /dev/stdin)}"
-    tty -s && echo "WARNING : ${msg}" >&2
-    if [ "${LOGLEVEL}" -ge 4 ]; then
-        tty -s || echo "WARNING : ${msg}" >&2
-        logger -t bkctld -p daemon.warning "${msg}"
-    fi
-}
-
-error() {
-    msg="${1:-$(cat /dev/stdin)}"
-    tty -s && echo "ERROR : ${msg}" >&2
-    if [ "${LOGLEVEL}" -ge 5 ]; then
-        tty -s || echo "ERROR : ${msg}" >&2
-        logger -t bkctld -p daemon.error "${msg}"
-    fi
-    exit 1
-}

From 09adad03e3354dd8d18f6cc3b96d73f8aa54ab79 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Mon, 7 Jan 2019 17:52:19 +0100
Subject: [PATCH 17/26] Subcommand list are now dynamic in bash completion

---
 bash_completion | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bash_completion b/bash_completion
index 3f2c6f8..17d0192 100644
--- a/bash_completion
+++ b/bash_completion
@@ -9,7 +9,7 @@ function _bkctld()
 
 	cur=${COMP_WORDS[COMP_CWORD]};
 	prev=${COMP_WORDS[COMP_CWORD-1]};
-	commands="init update remove start stop reload restart sync status key port ip inc rm check stats"
+	commands=$(find /usr/lib/bkctld/ -name "bkctld-*" -exec basename {} \;|sed 's/^bkctld-//')
 
 	if [ $COMP_CWORD -eq 1 ]; then
 		COMPREPLY=($(compgen -W '${commands}' -- ${cur}))

From 43abccd6a435007feaef9af1f34ea493fd619155 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Tue, 8 Jan 2019 11:01:17 +0100
Subject: [PATCH 18/26] Rewrite bats test

---
 test/generate.bats |  11 ----
 test/main.bats     | 128 ++++++++++++++++++++++-----------------------
 test/nrpe.bats     |  26 ---------
 3 files changed, 64 insertions(+), 101 deletions(-)
 delete mode 100755 test/generate.bats
 delete mode 100755 test/nrpe.bats

diff --git a/test/generate.bats b/test/generate.bats
deleted file mode 100755
index 278ee51..0000000
--- a/test/generate.bats
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/usr/bin/env bats
-
-@test "generate" {
-    jails="test0 test1 test2 test3 test4 test5"
-    for jail in ${jails}; do
-        bkctld init "${jail}"
-        random=$(od -An -N4 -i < /dev/urandom|grep -Eo "[0-9]{2}$")
-        date=$(date -d "${random} hour ago")
-        touch -m --date="${date}" "/backup/jails/${jail}/var/log/lastlog"
-    done
-}
diff --git a/test/main.bats b/test/main.bats
index ee3e70e..0ecb339 100755
--- a/test/main.bats
+++ b/test/main.bats
@@ -5,129 +5,129 @@ setup() {
     date=$(date +"%Y-%m-%d-%H")
     inode=$(stat --format=%i /backup)
     rm -f /root/bkctld.key* && ssh-keygen -t rsa -N "" -f /root/bkctld.key -q
-    [ -f /etc/default/bkctld ] && . /etc/default/bkctld
-    CONFDIR="${CONFDIR:-/etc/evobackup}"
-    JAILDIR="${JAILDIR:-/backup/jails}"
-    INCDIR="${INCDIR:-/backup/incs}"
-    TPLDIR="${TPLDIR:-/usr/share/bkctld}"
-    LOCALTPLDIR="${LOCALTPLDIR:-/usr/local/share/bkctld}"
-    SSHD_PID="${SSHD_PID:-/run/sshd.pid}"
-    SSHD_CONFIG="${SSHD_CONFIG:-/etc/ssh/sshd_config}"
-    AUTHORIZED_KEYS="${AUTHORIZED_KEYS:-/root/.ssh/authorized_keys}"
-    FIREWALL_RULES="${FIREWALL_RULES:-}"
-    LOGLEVEL="${LOGLEVEL:-6}"
+    . /usr/lib/bkctld/config
+    JAILNAME=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w15 | head -n1)
 }
 
 teardown() {
-    bkctld remove all && rm -rf "${INCDIR}/*"
+    /usr/lib/bkctld/bkctld-remove "${JAILNAME}" && rm -rf "${INCDIR}/*"
 }
 
 @test "init" {
-    bkctld init test
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    inode=$(stat --format=%i /backup)
     if [ "${inode}" -eq 256 ]; then
-        run stat --format=%i "${JAILDIR}/test"
+        run stat --format=%i "${JAILDIR}/${JAILNAME}"
         [ "${output}" -eq 256 ]
     else
-        run test -d "${JAILDIR}/test"
+        run test -d "${JAILDIR}/${JAILNAME}"
         [ "${status}" -eq 0 ]
     fi
 }
 
-@test "update" {
-    skip
-}
-
 @test "start" {
-    bkctld init test
-    bkctld start test
-    pid=$(cat "${JAILDIR}/test/${SSHD_PID}")
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-start "${JAILNAME}"
+    pid=$(cat "${JAILDIR}/${JAILNAME}/${SSHD_PID}")
     run ps --pid "${pid}"
     [ "${status}" -eq 0 ]
 }
 
 @test "stop" {
-    bkctld init test
-    bkctld start test
-    pid=$(cat "${JAILDIR}/test/${SSHD_PID}")
-    bkctld stop test
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-start "${JAILNAME}"
+    pid=$(cat "${JAILDIR}/${JAILNAME}/${SSHD_PID}")
+    /usr/lib/bkctld/bkctld-stop "${JAILNAME}"
     run ps --pid "${pid}"
     [ "${status}" -ne 0 ]
 }
 
 @test "reload" {
-    bkctld init test
-    bkctld start test
-    bkctld reload test
-    run grep "Received SIGHUP; restarting." "${JAILDIR}/test/var/log/authlog"
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-start "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-reload "${JAILNAME}"
+    run grep "Received SIGHUP; restarting." "${JAILDIR}/${JAILNAME}/var/log/authlog"
     [ "${status}" -eq 0 ]
 }
 
 @test "restart" {
-    bkctld init test
-    bkctld start test
-    bpid=$(cat "${JAILDIR}/test/${SSHD_PID}")
-    bkctld restart test
-    apid=$(cat "${JAILDIR}/test/${SSHD_PID}")
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-start "${JAILNAME}"
+    bpid=$(cat "${JAILDIR}/${JAILNAME}/${SSHD_PID}")
+    /usr/lib/bkctld/bkctld-restart "${JAILNAME}"
+    apid=$(cat "${JAILDIR}/${JAILNAME}/${SSHD_PID}")
     [ "${bpid}" -ne "${apid}" ]
 }
 
 @test "status" {
-    bkctld init test
-    run bkctld status test
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    run /usr/lib/bkctld/bkctld-status "${JAILNAME}"
     [ "${status}" -eq 0 ]
 }
 
 @test "key" {
-    bkctld init test
-    bkctld start test
-    bkctld key test /root/bkctld.key.pub
-    run cat /backup/jails/test/root/.ssh/authorized_keys
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-start "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-key "${JAILNAME}" /root/bkctld.key.pub
+    run cat "/backup/jails/${JAILNAME}/root/.ssh/authorized_keys"
     [ "${status}" -eq 0 ]
     [ "${output}" = $(cat /root/bkctld.key.pub) ]
 }
 
 @test "port" {
-    bkctld init test
-    bkctld start test
-    bkctld port test "${port}"
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-start "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-port "${JAILNAME}" "${port}"
     run nc -vz 127.0.0.1 "${port}"
     [ "${status}" -eq 0 ]
 }
 
-@test "ip" {
-    skip
-}
-
 @test "inc" {
-    bkctld init test
-    bkctld inc
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-inc
     if [ "${inode}" -eq 256 ]; then
-        run stat --format=%i "${INCDIR}/test/${date}"
+        run stat --format=%i "${INCDIR}/${JAILNAME}/${date}"
         [ "${output}" -eq 256 ]
     else
-        run test -d "${INCDIR}/test/${date}"
+        run test -d "${INCDIR}/${JAILNAME}/${date}"
         [ "${status}" -eq 0 ]
     fi
 }
 
-@test "rm" {
-    skip
-}
-
 @test "ssh" {
-    bkctld init test
-    bkctld start test
-    bkctld port test "${port}"
-    bkctld key test /root/bkctld.key.pub
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-start "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-port "${JAILNAME}" "${port}"
+    /usr/lib/bkctld/bkctld-key "${JAILNAME}" /root/bkctld.key.pub
     run ssh -p "${port}" -i /root/bkctld.key -oStrictHostKeyChecking=no root@127.0.0.1 ls
     [ "$status" -eq 0 ]
 }
 
 @test "rsync" {
-    bkctld init test
-    bkctld start test
-    bkctld port test "${port}"
-    bkctld key test /root/bkctld.key.pub
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-start "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-port "${JAILNAME}" "${port}"
+    /usr/lib/bkctld/bkctld-key "${JAILNAME}" /root/bkctld.key.pub
     run rsync -a -e "ssh -p ${port} -i /root/bkctld.key -oStrictHostKeyChecking=no" /tmp/ root@127.0.0.1:/var/backup/
     [ "$status" -eq 0 ]
 }
+
+@test "check-ok" {
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    run /usr/lib/bkctld/bkctld-check
+    [ "$status" -eq 0 ]
+}
+
+@test "check-warning" {
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    touch --date="$(date -d -2days)" "/backup/jails/${JAILNAME}/var/log/lastlog"
+    run /usr/lib/bkctld/bkctld-check
+    [ "$status" -eq 1 ]
+}
+
+@test "check-critical" {
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    touch --date="$(date -d -3days)" "/backup/jails/${JAILNAME}/var/log/lastlog"
+    run /usr/lib/bkctld/bkctld-check
+    [ "$status" -eq 2 ]
+}
diff --git a/test/nrpe.bats b/test/nrpe.bats
deleted file mode 100755
index 6b72133..0000000
--- a/test/nrpe.bats
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/usr/bin/env bats
-
-setup() {
-    bkctld init test
-}
-
-teardown() {
-    bkctld remove all
-}
-
-@test "ok" {
-    run bkctld check
-    [ "$status" -eq 0 ]
-}
-
-@test "warning" {
-    touch --date="$(date -d -2days)" /backup/jails/*/var/log/lastlog
-    run bkctld check
-    [ "$status" -eq 1 ]
-}
-
-@test "critical" {
-    touch --date="$(date -d -3days)" /backup/jails/*/var/log/lastlog
-    run bkctld check
-    [ "$status" -eq 2 ]
-}

From f535b77f93f086e550793e1d5c44afdb5e302cd6 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Tue, 8 Jan 2019 11:11:47 +0100
Subject: [PATCH 19/26] Use lastlog in sshrc

---
 tpl/sshrc | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)
 mode change 100644 => 100755 tpl/sshrc

diff --git a/tpl/sshrc b/tpl/sshrc
old mode 100644
new mode 100755
index 78266bb..015983f
--- a/tpl/sshrc
+++ b/tpl/sshrc
@@ -1,5 +1,3 @@
 #!/bin/sh
 
-# lastlog -S isn't available in login package on Debian Jessie (need Debian Stretch or superior)
-#/usr/bin/lastlog -Su root
-/usr/bin/touch /var/log/lastlog
+/usr/bin/lastlog -Su root

From cba53d8ae7faf799df10fd14e20092a7cf355fa6 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Tue, 8 Jan 2019 11:26:42 +0100
Subject: [PATCH 20/26] Transform bkctld SysVinit script into systemd oneshot
 service

---
 Vagrantfile     |  1 +
 bkctld.service  | 14 ++++++++++++++
 bkctld.sysvinit | 42 ------------------------------------------
 3 files changed, 15 insertions(+), 42 deletions(-)
 create mode 100644 bkctld.service
 delete mode 100755 bkctld.sysvinit

diff --git a/Vagrantfile b/Vagrantfile
index 7db7458..a5c1926 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -20,6 +20,7 @@ ln -fs /vagrant/lib /usr/lib/bkctld
 ln -fs /vagrant/tpl /usr/share/bkctld
 ln -fs /vagrant/bash_completion /usr/share/bash-completion/completions/bkctld
 ln -fs /vagrant/bkctld.conf /etc/default/bkctld
+ln -fs /vagrant/bkctld.service /etc/systemd/system/bkctld.service && systemctl daemon-reload
 mkdir -p /usr/lib/nagios/plugins/
 SCRIPT
 
diff --git a/bkctld.service b/bkctld.service
new file mode 100644
index 0000000..393ecb3
--- /dev/null
+++ b/bkctld.service
@@ -0,0 +1,14 @@
+[Unit]
+Documentation=man:bkctld(8)
+Description=Backup manager using rsync and OpenSSH chroot.
+
+[Service]
+Type=oneshot
+ExecStart=/usr/sbin/bkctld start all
+ExecStop=/usr/sbin/bkctld stop all
+RemainAfterExit=true
+KillMode=control-group
+GuessMainPID=no
+
+[Install]
+WantedBy=multi-user.target
diff --git a/bkctld.sysvinit b/bkctld.sysvinit
deleted file mode 100755
index c790184..0000000
--- a/bkctld.sysvinit
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/bin/sh
-
-### BEGIN INIT INFO
-# Provides:             evobackup
-# Required-Start:       $syslog
-# Required-Stop:        $syslog
-# Default-Start:        2 3 4 5
-# Default-Stop:
-# Short-Description:    Backup manager using rsync and OpenSSH chroot.
-### END INIT INFO
-
-. /lib/lsb/init-functions
-
-case "$1" in
-    start)
-	bkctld start all
-    ;;
-
-    stop)
-	bkctld stop all
-    ;;
-
-    reload|force-reload)
-        bkctld reload all
-    ;;
-
-    restart)
-	bkctld restart all
-    ;;
-
-    status)
-	bkctld status
-    ;;
-
-  *)
-
-    echo "Usage: $0 {start|stop|restart|reload|status}"
-    exit 1
-
-esac
-
-exit 0

From 023fbd18baefe0255fb5c5d894a148965ac40624 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Tue, 8 Jan 2019 16:23:46 +0100
Subject: [PATCH 21/26] Use bkctld-list script for jails listing

---
 bkctld           |  9 +++------
 lib/bkctld-check |  3 +--
 lib/bkctld-inc   |  3 +--
 lib/bkctld-list  | 12 ++++++++++++
 lib/bkctld-rm    |  3 +--
 5 files changed, 18 insertions(+), 12 deletions(-)
 create mode 100755 lib/bkctld-list

diff --git a/bkctld b/bkctld
index 80a93ef..d50e8e8 100755
--- a/bkctld
+++ b/bkctld
@@ -26,7 +26,7 @@ if [ ! -x "${LIBDIR}/bkctld-${subcommand}" ]; then
 fi
 
 case "${subcommand}" in
-    "inc" | "rm" | "check" | "stats" | "help")
+    "inc" | "rm" | "check" | "stats" | "help" | "list")
         "${LIBDIR}/bkctld-${subcommand}"
     ;;
         "init" | "is-on")
@@ -37,17 +37,14 @@ case "${subcommand}" in
     ;;
     "start" | "stop" | "reload" | "restart" | "sync" | "update" | "remove" | "firewall")
     if [ "${jail}" = "all" ]; then
-        ls "${JAILDIR}"|xargs --no-run-if-empty --max-args=1 --max-procs=0 "${LIBDIR}/bkctld-${subcommand}"
+        "${LIBDIR}/bkctld-list"|xargs --no-run-if-empty --max-args=1 --max-procs=0 "${LIBDIR}/bkctld-${subcommand}"
     else
         "${LIBDIR}/bkctld-${subcommand}" "${jail}"
     fi
     ;;
     "status")
     if [ -z "${jail}" ]; then
-        jails=$(ls "${JAILDIR}")
-        for jail in ${jails}; do
-            "${LIBDIR}/bkctld-${subcommand}" "${jail}"
-        done
+        "${LIBDIR}/bkctld-list"|xargs --no-run-if-empty --max-args=1 "${LIBDIR}/bkctld-${subcommand}"
     else
         "${LIBDIR}/bkctld-${subcommand}" "${jail}"
     fi
diff --git a/lib/bkctld-check b/lib/bkctld-check
index df3fd29..a5faced 100755
--- a/lib/bkctld-check
+++ b/lib/bkctld-check
@@ -32,8 +32,7 @@ if [ -b "${BACKUP_DISK}" ]; then
     fi
 fi
 
-jails=$(ls "${JAILDIR}")
-for jail in ${jails}; do
+for jail in $("${LIBDIR}/bkctld-list"); do
     if [ -f "${JAILDIR}/${jail}/var/log/lastlog" ]; then
         last_conn=$(stat --format=%Y "${JAILDIR}/${jail}/var/log/lastlog")
         date_diff=$(( (cur_time - last_conn) / (60*60) ))
diff --git a/lib/bkctld-inc b/lib/bkctld-inc
index 7a04d2b..3ee7fb8 100755
--- a/lib/bkctld-inc
+++ b/lib/bkctld-inc
@@ -7,8 +7,7 @@
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 date=$(date +"%Y-%m-%d-%H")
-jails=$(ls "${JAILDIR}")
-for jail in ${jails}; do
+for jail in $("${LIBDIR}/bkctld-list"); do
     inc="${INCDIR}/${jail}/${date}"
     mkdir -p "${INCDIR}/${jail}"
     if [ ! -d "${inc}" ]; then
diff --git a/lib/bkctld-list b/lib/bkctld-list
new file mode 100755
index 0000000..f7f4f85
--- /dev/null
+++ b/lib/bkctld-list
@@ -0,0 +1,12 @@
+#!/bin/sh
+#
+# List jails
+# Usage: list
+#
+
+set -eu
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+[ -d "${JAILDIR}" ] || exit 0
+find "${JAILDIR}" -mindepth 1 -maxdepth 1 -type d|sed 's!.*/!!'
diff --git a/lib/bkctld-rm b/lib/bkctld-rm
index a89c0c5..6770c57 100755
--- a/lib/bkctld-rm
+++ b/lib/bkctld-rm
@@ -19,8 +19,7 @@ if [ -f "${pidfile}" ]; then
     rm "${pidfile}"
     fi
 echo "${$}" > "${pidfile}"
-jails=$(ls "${JAILDIR}")
-for jail in ${jails}; do
+for jail in $("${LIBDIR}/bkctld-list"); do
     incs=$(ls "${INCDIR}/${jail}")
     if [ -f "${CONFDIR}/${jail}" ]; then
         keepfile="${CONFDIR}/.keep-${jail}"

From 29f4fd6e960255ae1eee1a644fc9b774b520d752 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Tue, 8 Jan 2019 16:29:03 +0100
Subject: [PATCH 22/26] Do not create dirs in bkctld script

---
 bkctld           | 1 -
 lib/bkctld-init  | 1 +
 lib/bkctld-stats | 1 +
 3 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/bkctld b/bkctld
index d50e8e8..f9748b8 100755
--- a/bkctld
+++ b/bkctld
@@ -16,7 +16,6 @@ set -u
 [ -d '/usr/lib/bkctld' ] && LIBDIR='/usr/lib/bkctld'
 . "${LIBDIR}/config"
 
-mkdir -p "${CONFDIR}" "${JAILDIR}" "${INCDIR}" "${INDEX_DIR}"
 subcommand="${1:-}"
 jail="${2:-}"
 option="${3:-}"
diff --git a/lib/bkctld-init b/lib/bkctld-init
index 29fe670..35c59dc 100755
--- a/lib/bkctld-init
+++ b/lib/bkctld-init
@@ -12,6 +12,7 @@ if [ ! -n "${jail}" ]; then
 fi
 [ -d "${JAILDIR}/${jail}" ] && error "${jail} : trying to create existant jail"
 
+mkdir -p "${CONFDIR}" "${JAILDIR}"
 sshd_config="${TPLDIR}/sshd_config"
 inctpl="${TPLDIR}/inc.tpl"
 [ -f "${LOCALTPLDIR}/sshd_config" ] && sshd_config="${LOCALTPLDIR}/sshd_config"
diff --git a/lib/bkctld-stats b/lib/bkctld-stats
index 896b195..93b46e9 100755
--- a/lib/bkctld-stats
+++ b/lib/bkctld-stats
@@ -6,6 +6,7 @@
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
+mkdir -p "${INDEX_DIR}"
 lsof "${IDX_FILE}" >/dev/null 2>&1 || nohup sh -s -- <<EOF >/dev/null 2>&1 &
 ionice -c3 "${DUC}" index -d "${IDX_FILE}" "${JAILDIR}"
 touch "${INDEX_DIR}/.lastrun.duc"

From 835ccc5729ee23978b1c221e374fbc3936dad6d9 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Wed, 16 Jan 2019 16:19:09 +0100
Subject: [PATCH 23/26] Fix shell error on vagrant provision

---
 Vagrantfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Vagrantfile b/Vagrantfile
index a5c1926..8d0b67d 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -9,6 +9,7 @@ load File.expand_path(vagrantfile) if File.exists?(vagrantfile)
 
 Vagrant.configure('2') do |config|
   config.vm.synced_folder "./", "/vagrant", type: "rsync", rsync__exclude: [ '.vagrant', '.git' ]
+  config.ssh.shell="/bin/sh"
 
   config.vm.provider :libvirt do |libvirt|
     libvirt.storage :file, :size => '10G', :device => 'vdb'

From cdcedbd141c0f6aedc97a6d8ef09f41d39a07192 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Beno=C3=AEt=20S?= <bserie@evolix.fr>
Date: Mon, 21 Jan 2019 14:42:02 +0100
Subject: [PATCH 24/26] Break line for contributors header infos

---
 zzz_evobackup | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/zzz_evobackup b/zzz_evobackup
index 5524448..6292a79 100755
--- a/zzz_evobackup
+++ b/zzz_evobackup
@@ -4,7 +4,9 @@
 # See https://gitea.evolix.org/evolix/evobackup
 # 
 # Author: Gregory Colpart <reg@evolix.fr>
-# Contributor: Romain Dessort <rdessort@evolix.fr>, Benoît Série <bserie@evolix.fr>, Tristan Pilat <tpilat@evolix.fr>, Victor Laborie <vlaborie@evolix.fr>,  Jérémy Lecour <jlecour@evolix.fr>
+# Contributors: Romain Dessort <rdessort@evolix.fr>, Benoît Série
+# <bserie@evolix.fr>, Tristan Pilat <tpilat@evolix.fr>, Victor Laborie
+# <vlaborie@evolix.fr>,  Jérémy Lecour <jlecour@evolix.fr>
 # Licence: AGPLv3
 #
 # The following variables must be changed:

From 3222ee3145b708e4cb6ffda0593d4fed81528f9e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Beno=C3=AEt=20S?= <bserie@evolix.fr>
Date: Mon, 21 Jan 2019 14:44:30 +0100
Subject: [PATCH 25/26] Break line after every contributor name

---
 zzz_evobackup | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/zzz_evobackup b/zzz_evobackup
index 6292a79..6e3d2d7 100755
--- a/zzz_evobackup
+++ b/zzz_evobackup
@@ -4,9 +4,13 @@
 # See https://gitea.evolix.org/evolix/evobackup
 # 
 # Author: Gregory Colpart <reg@evolix.fr>
-# Contributors: Romain Dessort <rdessort@evolix.fr>, Benoît Série
-# <bserie@evolix.fr>, Tristan Pilat <tpilat@evolix.fr>, Victor Laborie
-# <vlaborie@evolix.fr>,  Jérémy Lecour <jlecour@evolix.fr>
+# Contributors:
+# Romain Dessort <rdessort@evolix.fr>
+# Benoît Série <bserie@evolix.fr>
+# Tristan Pilat <tpilat@evolix.fr>
+# Victor Laborie <vlaborie@evolix.fr>
+# Jérémy Lecour <jlecour@evolix.fr>
+#
 # Licence: AGPLv3
 #
 # The following variables must be changed:

From 77fe70aa7023f080fabc21b29bda6badf62e900a Mon Sep 17 00:00:00 2001
From: Patrick Marchand <pmarchand+git@evolix.ca>
Date: Tue, 29 Jan 2019 10:48:52 -0500
Subject: [PATCH 26/26] Fix default bkctld.conf path in docs

---
 bkctld.8              | 6 +++---
 bkctld.conf.5         | 2 +-
 docs/configuration.md | 2 +-
 docs/usage.md         | 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/bkctld.8 b/bkctld.8
index ae8d2f6..a162bb8 100644
--- a/bkctld.8
+++ b/bkctld.8
@@ -28,8 +28,8 @@ Prior backups are stored incrementally outside of the
 .Xr chroot 8
 using
 .Xr ln 1
-hard links or BTRFS snapshots. 
-(So they can not be affected by the client), 
+hard links or BTRFS snapshots.
+(So they can not be affected by the client),
 which backups are kept over time can be configured in the jail's nominal
 .Xr evobackup-incl 5
 configuration file.
@@ -93,7 +93,7 @@ Remove old incremental backups
 .El
 .Sh FILES
 .Bl -tag -width Ds
-.It Pa /usr/share/bkctld/bkctld.conf
+.It Pa /etc/default/bkctld
 Template for
 .Xr bkctld.conf 5
 .It Pa /usr/share/bkctld/incl.tpl
diff --git a/bkctld.conf.5 b/bkctld.conf.5
index f281354..3e44bd3 100644
--- a/bkctld.conf.5
+++ b/bkctld.conf.5
@@ -14,7 +14,7 @@ file contains variables that override the behavior of the
 .Xr bkctld 8
 script.
 By default, it is located at
-.Pa /usr/share/bkctld/bkctld.conf .
+.Pa /etc/default/bkctld .
 .Pp
 Each line must be a valid
 .Xr bash 1
diff --git a/docs/configuration.md b/docs/configuration.md
index 310bdb9..7b9456e 100644
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -17,7 +17,7 @@ file contains variables that override the behavior of the
 bkctld(8)
 script.
 By default, it is located at
-*/usr/share/bkctld/bkctld.conf*.
+*/etc/default/bkctld*.
 
 Each line must be a valid
 bash(1)
diff --git a/docs/usage.md b/docs/usage.md
index bb22e64..29c4589 100644
--- a/docs/usage.md
+++ b/docs/usage.md
@@ -123,7 +123,7 @@ The following operands are available:
 
 # FILES
 
-*/usr/share/bkctld/bkctld.conf*
+*/etc/default/bkctld*
 
 > Template for
 > bkctld.conf(5)