fix

2022-11-27 02:33:21 +00:00 · 2022-11-27 02:33:21 +00:00 · 2b20a33133
parent c6a5e9cb00
commit 2b20a33133
40 changed files with 564 additions and 88 deletions
--- a/docker/x2go/xfce-debian/.aliases
+++ b/docker/x2go/xfce-debian/.aliases
@ -0,0 +1,4 @@
+l='ls -CF'
+la='ls -A'
+ll='ls -l'
+vi='nvim'
--- a/docker/x2go/xfce-debian/.bash_profile
+++ b/docker/x2go/xfce-debian/.bash_profile
@ -0,0 +1,19 @@
+# shellcheck shell=bash source=/dev/null
+# ~/.bash_profile: executed by the command interpreter for bash login shell.
+
+# bash-completion
+if ! shopt -oq posix && [ -z "${BASH_COMPLETION_VERSINFO-}" ]; then
+  if [ "${BASH_VERSINFO[0]}" -gt 4 ] \
+   || { [ "${BASH_VERSINFO[0]}" -eq 4 ] && [ "${BASH_VERSINFO[1]}" -ge 1 ] ;}; then
+    shopt -q progcomp && for file in \
+     /{*/local,usr}/share/bash-completion/bash_completion \
+     /etc/bash_completion; do
+      [ -r "$file" ] && . "$file"
+    done
+  fi
+  if [ -f "${XDG_CONFIG_HOME:-$HOME/.config}/bash_completion" ]; then
+    . "${XDG_CONFIG_HOME:-$HOME/.config}/bash_completion"
+  fi
+fi
+
+[ -f ~/.profile ] && . ~/.profile
--- a/docker/x2go/xfce-debian/.bashrc
+++ b/docker/x2go/xfce-debian/.bashrc
@ -0,0 +1,75 @@
+# shellcheck shell=bash
+# ~/.bashrc: executed by bash(1) for non-login shells.
+
+# If not running interactively, don't do anything
+case $- in
+  *i*) ;;
+  *) return;;
+esac
+
+# don't put duplicate lines or lines starting with space in the history.
+# See bash(1) for more options
+HISTCONTROL=ignoreboth
+
+# append to the history file, don't overwrite it
+shopt -s histappend
+
+# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
+HISTSIZE=1024
+HISTFILESIZE=2048
+
+# check the window size after each command and, if necessary,
+# update the values of LINES and COLUMNS.
+shopt -s checkwinsize
+
+# If set, the pattern "**" used in a pathname expansion context will
+# match all files and zero or more directories and subdirectories.
+#shopt -s globstar
+
+# make less more friendly for non-text input files, see lesspipe(1)
+#[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
+
+# set variable identifying the chroot you work in (used in the prompt below)
+if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then
+  debian_chroot=$(cat /etc/debian_chroot)
+fi
+
+# set a fancy prompt (non-color, unless we know we "want" color)
+case "$TERM" in
+  xterm-color|*-256color) color_prompt=yes;;
+esac
+
+# uncomment for a colored prompt, if the terminal has the capability; turned
+# off by default to not distract the user: the focus in a terminal window
+# should be on the output of commands, not on the prompt
+#force_color_prompt=yes
+
+if [ -n "$force_color_prompt" ]; then
+  if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
+    # We have color support; assume it's compliant with Ecma-48
+    # (ISO/IEC-6429). (Lack of such support is extremely rare, and such
+    # a case would tend to support setf rather than setaf.)
+    color_prompt=yes
+  else
+    color_prompt=
+  fi
+fi
+
+[ "$PS1" ] || if [ "$color_prompt" = yes ]; then
+  PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
+else
+  PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
+fi
+unset color_prompt force_color_prompt
+
+# If this is an xterm set the title to user@host:dir
+case "$TERM" in
+  xterm*|rxvt*)
+    PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
+    ;;
+  *)
+    ;;
+esac
+
+# colored GCC warnings and errors
+#export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'
--- a/docker/x2go/xfce-debian/.dircolors_aliases
+++ b/docker/x2go/xfce-debian/.dircolors_aliases
@ -0,0 +1,7 @@
+test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
+alias ls='ls --color=auto'
+alias dir='dir --color=auto'
+alias vdir='vdir --color=auto'
+alias grep='grep --color=auto'
+alias fgrep='fgrep --color=auto'
+alias egrep='egrep --color=auto'
--- a/docker/x2go/xfce-debian/.docker_aliases
+++ b/docker/x2go/xfce-debian/.docker_aliases
@ -0,0 +1,3 @@
+alias ctop='docker run --rm -it -v /var/run/docker.sock:/var/run/docker.sock:ro quay.io/vektorlab/ctop:latest'
+alias shellcheck='docker run --rm -v "$PWD/mnt" koalaman/shellcheck:stable'
+alias trans='docker run -it soimort/translate-shell'
--- a/docker/x2go/xfce-debian/.profile
+++ b/docker/x2go/xfce-debian/.profile
@ -0,0 +1,37 @@
+# shellcheck shell=sh source=/dev/null
+# ~/.profile: executed by the command interpreter for login shells.
+
+# source ~/.*aliases and ~/.*functions files
+for source in aliases functions; do
+  for file in "$HOME"/.*"$source"; do
+    [ -f "$file" ] || continue
+    # remove $HOME/. prefix from file
+    file="${file#${HOME}/.}"
+    # remove _$source suffix from $file
+    command="${file%_$source}"
+    # source file if command exists, ie ~/.bash_aliases
+    command -v "$command" >/dev/null 2>&1 && . "${HOME}/.$file"
+    # remove $source suffix from $file, ie ~/.aliases
+    command="${file%$source}"
+    # source file if command empty, ie ~/.aliases
+    [ -z "$command" ] && . "${HOME}/.$file"
+  done
+done
+
+# source ~/.*shrc
+for file in "$HOME"/.*shrc; do
+  [ -f "$file" ] || continue
+  # remove $HOME/. prefix from file
+  file="${file#${HOME}/.}"
+  # source file if match current shell
+  [ "$(basename "${SHELL}")" = "${file%rc}" ] && . "${HOME}/.$file"
+done
+
+# set PATH to include user's bin
+for path in /*/local/sbin /*/local/bin /*/local/*/bin "${HOME}"/.*/bin; do
+  [ -d "$path" ] || continue
+  case ":${PATH}:" in
+    *:"$path":*) ;;
+    *) export PATH="${path}:$PATH" ;;
+  esac
+done
--- a/docker/x2go/xfce-debian/.shrc
+++ b/docker/x2go/xfce-debian/.shrc
@ -0,0 +1,5 @@
+export EDITOR=nvim
+export GIT_PS1_SHOWUPSTREAM=auto
+export GIT_PS1_SHOWDIRTYSTATE=false
+export GIT_PS1_HIDE_IF_PWD_IGNORED=true
+export PAGER=less
--- a/docker/x2go/xfce-debian/Dockerfile
+++ b/docker/x2go/xfce-debian/Dockerfile
@ -1,10 +1,12 @@
 FROM danger89/xfcevdi_x2go as dist
 LABEL maintainer aynic.os <support+docker@asycn.io>
 ARG DOCKER_BUILD_DIR
+ARG DOCKER_GID

 RUN apt-get update \
 && apt-get -fy upgrade \
 && apt-get -fy install \
+    docker.io \
    ecryptfs-utils \
    fail2ban \
    iptables \
@ -12,10 +14,18 @@ RUN apt-get update \
    libpam-script \
    neovim \
    python3-pip \
+    sudo \
 && pip install ssh-crypt \
 && apt-get clean \
 && rm -rf /var/cache/apt/archives/* /var/lib/apt/lists/*

+RUN [ "$DOCKER_GID" -eq "$DOCKER_GID" ] 2>/dev/null \
+ && if [ "$(getent group docker |awk -F: '{print $3}')" != "$DOCKER_GID" ]; then \
+      sed -i 's/^docker:x:[0-9]\+:/docker:x:'$DOCKER_GID':/' /etc/group; \
+    fi \
+|| true
+
+
 RUN cp /usr/share/doc/libpam-script/examples/logscript /usr/share/libpam-script \
 && sed -i 's/LOGFILE=\/tmp/LOGFILE=\/var\/log/' /usr/share/libpam-script/logscript \
 && for script in auth acct passwd ses_open ses_close; do \
@ -23,8 +33,11 @@ RUN cp /usr/share/doc/libpam-script/examples/logscript /usr/share/libpam-script
    done \
 && ln -s /usr/share/libpam-script /etc/pam-script

-WORKDIR /app
 COPY ${DOCKER_BUILD_DIR}/*.sh /app/
+COPY ${DOCKER_BUILD_DIR}/issue.net /etc/
+COPY ${DOCKER_BUILD_DIR}/rc*.sh /etc/profile.d/
+COPY ${DOCKER_BUILD_DIR}/.*aliases ${DOCKER_BUILD_DIR}/.*profile ${DOCKER_BUILD_DIR}/.*rc /etc/skel/
+WORKDIR /app

 ARG SSH_PORT=22
 CMD []
--- a/docker/x2go/xfce-debian/issue.net
+++ b/docker/x2go/xfce-debian/issue.net
@ -0,0 +1,6 @@
+UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
+
+You must have explicit, authorized permission to access or configure this device.
+Unauthorized attempts and actions to access or use this system may result in civil and/or criminal penalties.
+All activities performed on this device are logged and monitored.
+
--- a/docker/x2go/xfce-debian/rc.sh
+++ b/docker/x2go/xfce-debian/rc.sh
@ -0,0 +1,45 @@
+# shellcheck shell=sh
+# file rc.sh: Call user defined functions
+## author: Yann "aya" Autissier
+## license: GPL
+## version: 20220630
+
+case $- in
+  # if this is an interactive shell
+  *i*)
+    # load user stuff from ~/.rc.d/* files
+    for file in "${HOME}"/.rc.d/*; do
+        # read files only
+        if [ -f "${file}" ]; then
+            func_name=$(basename "${file}")
+            func_args=$(cat "${file}")
+            # at this stage, func_name can start with numbers to allow ordering function calls with file names starting with numbers
+            # func_name must start with a letter, remove all other characters at the beginning of func_name until a letter is found
+            while [ "${func_name}" != "" ] && [ "${func_name#[a-z]}" = "${func_name}" ]; do
+                # remove first char of func_name
+                func_name="${func_name#?}"
+            done
+            # call user function with args passed from the content of the file
+            command -v "${func_name}" >/dev/null 2>&1 && "${func_name}" "${func_args}"
+        fi
+    done
+    # load user stuff from RC_* env vars
+    IFS="$(printf '%b_' '\n')"; IFS="${IFS%_}"; for line in $(printenv 2>/dev/null |awk '$0 ~ /^RC_[0-9A-Z_]*=/' |sort); do
+        func_name=$(printf '%s\n' "${line%%=*}" |awk '{print tolower(substr($0,4))}')
+        eval func_args=\$"${line%%=*}"
+        [ "${func_args}" = "false" ] && continue
+        [ "${func_args}" = "true" ] && unset func_args
+        # at this stage, func_name can start with numbers to allow ordering function calls with file names starting with numbers
+        # func_name must start with a letter, remove all other characters at the beginning of func_name until a letter is found
+        while [ "${func_name}" != "" ] && [ "${func_name#[a-z]}" = "${func_name}" ]; do
+            # remove first char of func_name
+            func_name="${func_name#?}"
+        done
+        # call user function with args passed from the value of the env var
+        command -v "${func_name}" >/dev/null 2>&1 && "${func_name}" "${func_args}"
+    done
+    unset IFS
+  ;;
+esac
+
+# vim:ts=2:sw=2:sts=2:et
--- a/docker/x2go/xfce-debian/rc_functions.sh
+++ b/docker/x2go/xfce-debian/rc_functions.sh
@ -0,0 +1,281 @@
+# shellcheck shell=sh
+# file rc_functions.sh: Define shell functions
+## author: Yann "aya" Autissier
+## license: GPL
+## version: 20220630
+
+# function force: Run a command sine die
+force() {
+  if [ $# -gt 0 ]; then
+    while true; do
+      "$@"
+      sleep 1
+    done
+  fi
+}
+
+# function force8: Run a command sine die if not already running
+force8() {
+  if [ $# -gt 0 ]; then
+    while true; do
+      # awk expression to match $@
+      [ "$(ps wwx -o args 2>/dev/null |awk -v field="${PS_X_FIELD:-1}" '
+        BEGIN { nargs=split("'"$*"'",args); }
+        # first field matched
+        $field == args[1] {
+          matched=1;
+          # match following fields
+          for (i=1;i<=NF-field;i++) {
+            if ($(i+field) == args[i+1]) { matched++; }
+          };
+          # all fields matched
+          if (matched == nargs) { found++; }
+        }
+        END { print found+0; }'
+      )" = 0 ] && "$@"
+      sleep 1
+    done
+  fi
+}
+
+# function load_average; Print the current load average
+load_average() {
+  uptime 2>/dev/null |awk '{printf "%.1f\n", $(NF-2)}'
+}
+
+# function process_count: Print number of "processes"/"running processes"/"D-state"
+process_count() {
+  ps ax -o stat 2>/dev/null |awk '
+    $1 ~ /R/ {process_running++};
+    $1 ~ /D/ {process_dstate++};
+    END { print NR-1"/"process_running+0"/"process_dstate+0; }'
+}
+
+# function prompt_set: Export custom PROMPT_COMMAND
+prompt_set() {
+  case "${TERM}" in
+    screen*)
+      ESCAPE_CODE_DCS="\033k"
+      ESCAPE_CODE_ST="\033\\"
+      ;;
+    linux*|xterm*|rxvt*)
+      ESCAPE_CODE_DCS="\033]0;"
+      ESCAPE_CODE_ST="\007"
+      ;;
+    *)
+      ;;
+  esac
+  # in a screen
+  if [ -n "${STY}" ]; then
+    export PROMPT_COMMAND='printf\
+     "${ESCAPE_CODE_DCS:-\033]0;}%s${ESCAPE_CODE_ST:-\007}"\
+     "${PWD##*/}"'
+  else
+    export PROMPT_COMMAND='printf\
+     "${ESCAPE_CODE_DCS:-\033]0;}%s@%s:%s${ESCAPE_CODE_ST:-\007}"\
+     "${USER}"\
+     "${HOSTNAME%%.*}"\
+     "${PWD##*/}"'
+  fi
+  unset ESCAPE_CODE_DCS ESCAPE_CODE_ST
+}
+
+# function ps1_set: Export custom PS1
+ps1_set() {
+  case "$0" in
+    *sh)
+      COLOR_DGRAY="\[\033[1;30m\]"
+      COLOR_RED="\[\033[01;31m\]"
+      COLOR_GREEN="\[\033[01;32m\]"
+      COLOR_BROWN="\[\033[0;33m\]"
+      COLOR_YELLOW="\[\033[01;33m\]"
+      COLOR_BLUE="\[\033[01;34m\]"
+      COLOR_CYAN="\[\033[0;36m\]"
+      COLOR_GRAY="\[\033[0;37m\]"
+      COLOR_RESET="\[\033[0m\]"
+      ;;
+    *)
+      ;;
+  esac
+
+  PS1_STATUS="\$?"
+  PS1_COUNT="${COLOR_DGRAY}[\`
+    case \"$PS1_STATUS\" in
+      0)
+        printf \"${COLOR_BLUE}${PS1_STATUS}\";;
+      1)
+        printf \"${COLOR_YELLOW}${PS1_STATUS}\";;
+      *)
+        printf \"${COLOR_RED}${PS1_STATUS}\";;
+    esac
+    type process_count >/dev/null 2>&1 && printf\
+     \"${COLOR_DGRAY}|${COLOR_BLUE}%s\"\
+     \"\$(process_count 2>/dev/null)\"
+    type user_count >/dev/null 2>&1 && printf\
+     \"${PS1_COUNT}${COLOR_DGRAY}|${COLOR_BLUE}%s\"\
+     \"\$(user_count 2>/dev/null)\"
+    type load_average >/dev/null 2>&1 && printf\
+     \"${PS1_COUNT}${COLOR_DGRAY}|${COLOR_BLUE}%s\"\
+     \"\$(load_average 2>/dev/null)\"
+  \`${COLOR_DGRAY}]${COLOR_RESET}"
+  PS1_END="${COLOR_DGRAY}\$(
+    if [ \"\$(id -u)\" = 0 ]; then
+      printf \"#\";
+    else
+      printf \"\$\";
+    fi
+  )${COLOR_RESET}"
+  PS1_GIT="\$(
+    if type __git_ps1 >/dev/null 2>&1; then
+      printf \"\$(__git_ps1 2>/dev/null \" (%s)\")\"
+    else
+      printf \"\$(BRANCH=\$(git rev-parse --abbrev-ref HEAD 2>/dev/null);\
+              [ -n \"\${BRANCH}\" ] && printf \" (\${BRANCH})\")\"
+    fi
+  )"
+  PS1_GIT="${COLOR_CYAN}${PS1_GIT}${COLOR_RESET}"
+  PS1_HOSTNAME_COLOR="\`case \"\${ENV}${HOSTNAME%%.*}\" in
+    *[Pp][Rr][0Oo][Dd]*|*[Pp][Rr][Dd]*)
+      printf \"${COLOR_RED}\";;
+    *)
+      if [ -n \"\${ENV}\" ]; then
+        printf \"${COLOR_YELLOW}\";
+      else
+        printf \"${COLOR_GREEN}\";
+      fi;;
+  esac\`"
+  PS1_HOSTNAME="${PS1_HOSTNAME_COLOR}\$(hostname |sed 's/\..*//')${COLOR_RESET}"
+  PS1_USER_COLOR="\$(
+    if [ \"\$(id -u)\" = 0 ]; then
+      printf \"${COLOR_RED}\";
+    else
+      printf \"${COLOR_BROWN}\";
+    fi
+  )"
+  PS1_USER="${PS1_USER_COLOR}\$(id -nu):\$(id -u)${COLOR_RESET}"
+  PS1_WORKDIR="${COLOR_GRAY}\$(
+    pwd |sed 's|^'\${HOME}'\(/.*\)*$|~\1|'
+  )${COLOR_RESET}"
+  PS1="${PS1_COUNT}${PS1_USER}${COLOR_DGRAY}@${PS1_HOSTNAME}"
+  PS1="${PS1}${COLOR_DGRAY}:${PS1_WORKDIR}${PS1_GIT}${PS1_END} "
+  export 'PS1'
+  unset PS1_COUNT PS1_END PS1_GIT PS1_HOSTNAME PS1_HOSTNAME_COLOR\
+        PS1_USER PS1_USER_COLOR PS1_STATUS PS1_WORKDIR
+}
+
+# function screen_attach: Attach existing screen session or Create a new one
+screen_attach() {
+  command -v screen >/dev/null 2>&1 || return
+  SCREEN_SESSION="$(id -nu)@$(hostname |sed 's/\..*//')"
+  if [ -z "${STY}" ]; then
+    # attach screen in tmux window 0 only ;)
+    [ -n "${TMUX}" ] \
+     && [ "$(tmux list-window 2>/dev/null |awk '$NF == "(active)" {print $1}'\
+      |sed 's/:$//')" != "0" ] \
+     && return
+    printf 'Attaching screen.' && sleep 1\
+     && printf '.' && sleep 1\
+     && printf '.' && sleep 1
+    exec screen -xRR -S "${SCREEN_SESSION}"
+  fi
+  unset SCREEN_SESSION
+}
+
+# function screen_detach: Detach current screen session
+screen_detach() {
+  screen -d
+}
+
+# function ssh_add: Load all private keys in ~/.ssh/ to ssh agent
+ssh_add() {
+  command -v ssh-agent >/dev/null 2>&1 && command -v ssh-add >/dev/null 2>&1 || return
+  SSH_AGENT_DIR="/tmp/ssh-$(id -u)"
+  SSH_AGENT_SOCK="${SSH_AGENT_DIR}/agent@$(hostname |sed 's/\..*//')"
+  # launch a new agent
+  if [ -z "${SSH_AUTH_SOCK}" ]; then
+    [ ! -d "${SSH_AGENT_DIR}" ] \
+     && mkdir -p "${SSH_AGENT_DIR}" 2>/dev/null\
+     && chmod 0700 "${SSH_AGENT_DIR}"
+    # search for an already running agent
+    if ps wwx -o args |awk '$1 ~ "ssh-agent$" && $3 == "'"${SSH_AGENT_SOCK}"'"' |wc -l |grep -q 0; then
+      rm -f "${SSH_AGENT_SOCK}"
+      ssh-agent -a "${SSH_AGENT_SOCK}" >/dev/null 2>&1
+    fi
+  fi
+  # attach to agent
+  export SSH_AUTH_SOCK="${SSH_AUTH_SOCK:-${SSH_AGENT_SOCK}}"
+  # list private keys to add
+  # shellcheck disable=SC2068
+  for dir in ${@:-${HOME}/.ssh}; do
+    if [ "${SSH_ADD_RECURSIVE:-}" = true ]; then
+      GREP_RECURSIVE_FLAG="r"
+    else
+      GREP_RECURSIVE_CHAR="*"
+    fi
+    SSH_PRIVATE_KEYS="${SSH_PRIVATE_KEYS:-} ${dir}/id_ed25519 ${dir}/id_rsa $(grep -l${GREP_RECURSIVE_FLAG:-} 'PRIVATE KEY' "${dir}/"${GREP_RECURSIVE_CHAR:-} 2>/dev/null |grep -vwE "${dir}/id_(rsa|ed25519)")"
+  done
+  # shellcheck disable=SC2086
+  printf '%s\n' ${SSH_PRIVATE_KEYS} |while read -r file; do
+    [ -r "${file}" ] || continue
+    # add private key to agent
+    ssh-add -l |grep -q "$(ssh-keygen -lf "${file}" 2>/dev/null |awk '{print $2}')" 2>/dev/null || ssh-add "${file}"
+  done
+  unset GREP_RECURSIVE_CHAR GREP_RECURSIVE_FLAG SSH_AGENT_DIR SSH_AGENT_SOCK SSH_PRIVATE_KEYS
+}
+
+# function ssh_del: removes all private keys in ~/.ssh/ from ssh agent
+ssh_del() {
+  command -v ssh-add >/dev/null 2>&1 || return
+  # attach to agent
+  if [ -z "${SSH_AUTH_SOCK}" ]; then
+    return
+  fi
+  # list private keys to del
+  # shellcheck disable=SC2068
+  for dir in ${@:-${HOME}/.ssh}; do
+    if [ "${SSH_DEL_RECURSIVE:-}" = true ]; then
+      GREP_RECURSIVE_FLAG="r"
+    else
+      GREP_RECURSIVE_CHAR="*"
+    fi
+    SSH_PRIVATE_KEYS="${SSH_PRIVATE_KEYS:-} ${dir}/id_ed25519 ${dir}/id_rsa $(grep -l${GREP_RECURSIVE_FLAG:-} 'PRIVATE KEY' "${dir}/"${GREP_RECURSIVE_CHAR:-} 2>/dev/null |grep -vwE "${dir}/id_(rsa|ed25519)")"
+  done
+  # shellcheck disable=SC2086
+  printf '%s\n' ${SSH_PRIVATE_KEYS} |while read -r file; do
+    [ -r "${file}" ] || continue
+    # remove private key from agent
+    ssh-add -l |grep -q "$(ssh-keygen -lf "${file}" 2>/dev/null |awk '{print $2}')" 2>/dev/null && ssh-add -d "${file}"
+  done
+  unset GREP_RECURSIVE_CHAR GREP_RECURSIVE_FLAG SSH_PRIVATE_KEYS
+}
+
+# function tmux_attach: Attach existing tmux session or Create a new one
+tmux_attach() {
+  command -v tmux >/dev/null 2>&1 || return
+  TMUX_SESSION="$(id -nu)@$(hostname |sed 's/\..*//')"
+  # do not attach tmux in screen ;)
+  if [ -z "${TMUX}" -a -z "${STY}" ]; then
+    printf 'Attaching tmux.' && sleep 1\
+     && printf '.' && sleep 1\
+     && printf '.' && sleep 1
+    exec tmux -L"${TMUX_SESSION}" new-session -A -s"${TMUX_SESSION}"
+  fi
+  unset TMUX_SESSION
+}
+
+# function tmux_detach: Detach current tmux session
+tmux_detach() {
+  tmux detach
+}
+
+# function user_count: Print number of "users sessions"/"users"/"logged users"
+user_count() {
+  ps ax -o pid,user,tty,comm 2>/dev/null |awk '
+    $3 ~ /^(pts\/|tty[sS]?|[0-9]+,)[0-9]+$/ && $4 != "getty" { users_sessions++; logged[$2]++; };
+    $1 ~ /^[0-9]+$/ { count[$2]++; }
+    END {
+      for (uc in count) { c = c" "uc; }; users_count=split(c,v," ");
+      for (ul in logged) { l = l" "ul; }; users_logged=split(l,v," ");
+      print users_sessions+0"/"users_count+0"/"users_logged+0;
+    }'
+}
--- a/docker/x2go/xfce-debian/setup_users.sh
+++ b/docker/x2go/xfce-debian/setup_users.sh
@ -8,11 +8,12 @@ for user in ${USERS:-${USER:-user}}; do
   && mkdir -p "/home/${user}" \
   && chown "${user}" "/home/${user}" \
   && chmod 0750 "/home/${user}"
-  for file in .bash_logout .bashrc .profile; do
-    [ ! -f "/home/${user}/${file}" ] \
+  for file in .aliases .bash_aliases .bash_profile .bashrc .dircolors_aliases .docker_aliases .profile .sh_aliases .sh_profile .shrc; do \
+    [ -f "/etc/skel/${file}" ] && [ ! -f "/home/${user}/${file}" ] \
     && cp "/etc/skel/${file}" "/home/${user}" \
     && chown "${user}" "/home/${user}/${file}"
  done
+  usermod -a -G docker   "${user}"
  usermod -a -G x2gouser "${user}"
  mkdir -p "/home/${user}/.ssh"
  keys=$(su "${user}" /app/authorized_keys.sh 2>/dev/null) \
--- a/make/def.docker.mk
+++ b/make/def.docker.mk
@ -25,7 +25,7 @@ NODE_GID                        ?= 100
 NODE_UID                        ?= 123
 RESU_DOCKER_REPOSITORY          ?= $(subst -,/,$(subst _,/,$(USER_COMPOSE_PROJECT_NAME)))
 USER_COMPOSE_PROJECT_NAME       ?= $(strip $(RESU))
-USER_COMPOSE_SERVICE_NAME       ?= $(subst _,-,$(USER_COMPOSE_PROJECT_NAME))
+USER_COMPOSE_SERVICE_NAME       ?= $(subst _,-,$(subst .,-,$(USER_COMPOSE_PROJECT_NAME)))
 USER_DOCKER_IMAGE               ?= $(USER_DOCKER_REPOSITORY):${DOCKER_IMAGE_TAG}
 USER_DOCKER_NAME                ?= $(USER_COMPOSE_PROJECT_NAME)
 USER_DOCKER_REPOSITORY          ?= $(subst -,/,$(subst _,/,$(USER)))
--- a/make/def.mk
+++ b/make/def.mk
@ -68,7 +68,7 @@ GIT_UPSTREAM_USER               ?= $(lastword $(subst /, ,$(call pop,$(MYOS_REPO
 GIT_USER                        ?= $(USER)
 GIT_VERSION                     ?= $(shell git describe --tags $(BRANCH) 2>/dev/null || git rev-parse $(BRANCH) 2>/dev/null)
 GROUP                           ?= $(shell id -ng 2>/dev/null)
-HOSTNAME                        ?= $(shell hostname 2>/dev/null |sed 's/\..*//')
+HOSTNAME                        ?= $(call LOWERCASE,$(shell hostname 2>/dev/null |sed 's/\..*//'))
 IGNORE_DRYRUN                   ?= false
 IGNORE_VERBOSE                  ?= false
 INSTALL                         ?= $(RUN) $(SUDO) $(subst &&,&& $(RUN) $(SUDO),$(INSTALL_CMD))
@ -170,14 +170,16 @@ INFO = $(if $(VERBOSE),$(if $(filter-out true,$(IGNORE_VERBOSE)), \
 # macro RESU: Print USER associated to MAIL
 RESU = \
 $(if $(findstring @,$(MAIL)), \
-  $(eval user      := $(subst +,,$(subst -,,$(subst .,,$(call LOWERCASE,$(shell printf '$(MAIL)' |awk -F "@" '{print $$1}')))))) \
+  $(eval user      := $(subst +,,$(subst -,,$(call LOWERCASE,$(shell printf '$(MAIL)' |awk -F "@" '{print $$1}'))))) \
  $(eval domain    := $(call LOWERCASE,$(call subst,_,,$(shell printf '$(MAIL)' |awk -F "@" '{print $$NF}')))) \
  $(if $(domain), \
    $(eval mail      := $(MAIL)) \
-    $(eval niamod    := $(subst $(space),_,$(strip $(call reverse,$(subst .,$(space),$(domain)))))) \
-    $(eval resu      := $(niamod)_$(user)) \
-    $(eval resu_path := $(subst _,/,$(niamod))/$(user)) \
-    $(resu) \
+    $(eval niamod    := $(subst $(space),.,$(strip $(call reverse,$(subst ., ,$(domain)))))) \
+    $(eval resu      := $(subst $(space),.,$(strip $(call reverse,$(subst ., ,$(user)))))) \
+    $(eval resu_niamod := $(niamod).$(resu)) \
+    $(eval resu_path := $(subst .,/,$(resu_niamod))) \
+    $(eval user_domain := $(user).$(domain)) \
+    $(resu_niamod) \
  , $(USER) \
  ) \
 , $(USER) \
--- a/stack/User.mk
+++ b/stack/User.mk
@ -2,7 +2,6 @@ CMDARGS                         += user-exec user-exec:% user-exec@% user-run us
 ENV_VARS                        += USER_DOMAIN user_domain
 USER_DOMAIN                     ?= $(USER).$(DOMAIN)
 User                            ?= $(patsubst stack/%,%,$(patsubst %.yml,%,$(wildcard stack/User/*.yml)))
-user_domain                     ?= $(user).$(domain)

 # target start-stack-User: Fire ssh-add
 .PHONY: start-stack-User
--- a/stack/User/.env.dist
+++ b/stack/User/.env.dist
@ -1,6 +0,0 @@
-USER_MYOS_RC_PROMPT_SET=true
-USER_MYOS_RC_PS1_SET=true
-USER_MYOS_RC_SCREEN_ATTACH=true
-USER_MYOS_RC_SOURCE=/etc/profile.d/rc_functions.sh
-USER_MYOS_RC_SSH_ADD=true
-USER_MYOS_RC_TMUX_ATTACH=false
--- a/stack/User/User.yml
+++ b/stack/User/User.yml
@ -20,12 +20,12 @@ services:
    container_name: ${USER_DOCKER_NAME}
    environment:
    - ENV=${ENV}
-    - RC_00_SOURCE=${USER_MYOS_RC_SOURCE}
-    - RC_01_PS1_SET=${USER_MYOS_RC_PS1_SET}
-    - RC_02_PROMPT_SET=${USER_MYOS_RC_PROMPT_SET}
-    - RC_03_SSH_ADD=${USER_MYOS_RC_SSH_ADD}
-    - RC_04_TMUX_ATTACH=${USER_MYOS_RC_TMUX_ATTACH}
-    - RC_05_SCREEN_ATTACH=${USER_MYOS_RC_SCREEN_ATTACH}
+    - RC_00_SOURCE=${USER_RC_SOURCE:-/etc/profile.d/rc_functions.sh}
+    - RC_01_PS1_SET=${USER_RC_PS1_SET:-true}
+    - RC_02_PROMPT_SET=${USER_RC_PROMPT_SET:-true}
+    - RC_03_SSH_ADD=${USER_RC_SSH_ADD:-true}
+    - RC_04_TMUX_ATTACH=${USER_RC_TMUX_ATTACH:-false}
+    - RC_05_SCREEN_ATTACH=${USER_RC_SCREEN_ATTACH:-true}
    - SHELL=${DOCKER_SHELL}
    image: ${USER_DOCKER_IMAGE}
    networks:
--- a/stack/User/ipfs.mk
+++ b/stack/User/ipfs.mk
@ -1,4 +1,4 @@
 ENV_VARS                                  += USER_IPFS_API_HTTPHEADERS_ACA_ORIGIN USER_IPFS_SERVICE_5001_TAGS USER_IPFS_SERVICE_8080_TAGS
-USER_IPFS_API_HTTPHEADERS_ACA_ORIGIN      ?= ["https://ipfs.$(USER_DOMAIN)", "http://ipfs.localhost:8080"]
-USER_IPFS_SERVICE_5001_TAGS               ?= urlprefix-ipfs.$(USER_DOMAIN)/user/$(user_domain)/api
-USER_IPFS_SERVICE_8080_TAGS               ?= urlprefix-ipfs.$(USER_DOMAIN)/user/$(user_domain),urlprefix-*.ipfs.$(USER_DOMAIN)/user/$(user_domain),urlprefix-ipns.$(USER_DOMAIN)/user/$(user_domain),urlprefix-*.ipns.$(USER_DOMAIN)/user/$(user_domain)
+USER_IPFS_API_HTTPHEADERS_ACA_ORIGIN      ?= ["https://ipfs.$(user_domain).$(DOMAIN)"]
+USER_IPFS_SERVICE_5001_TAGS               ?= urlprefix-ipfs.$(user_domain).$(DOMAIN)/api/
+USER_IPFS_SERVICE_8080_TAGS               ?= urlprefix-ipfs.$(user_domain).$(DOMAIN)/
--- a/stack/User/ipfs.yml
+++ b/stack/User/ipfs.yml
@ -90,6 +90,7 @@ services:

 volumes:
  ipfs:
+    name: ${USER_DOCKER_VOLUME}_ipfs

 networks:
  private:
--- a/stack/node/.env.dist
+++ b/stack/node/.env.dist
@ -1,9 +0,0 @@
-NODE_CONSUL_ACL_TOKENS_MASTER=01234567-89AB-CDEF-0123-456789ABCDEF
-NODE_CONSUL_HTTP_TOKEN=01234567-89AB-CDEF-0123-456789ABCDEF
-NODE_CONSUL_SERVICE_8500_TAGS=urlprefix-consul.${DOMAIN}/
-NODE_FABIO_SERVICE_9998_TAGS=urlprefix-fabio.${DOMAIN}/
-NODE_SSH_PORT=${SSH_PORT}
-NODE_SSH_PUBLIC_HOSTS=${SSH_PUBLIC_HOSTS}
-UFW_UPDATE_certbot=53/udp
-UFW_UPDATE_consul=8500
-UFW_DOCKER_fabio=80 443
--- a/stack/node/backup/.env.dist
+++ b/stack/node/backup/.env.dist
@ -1,2 +0,0 @@
-NODE_RESTIC_REPOSITORY=
-NODE_RESTIC_PASSWORD=
--- a/stack/node/backup/restic.yml
+++ b/stack/node/backup/restic.yml
@ -8,12 +8,10 @@ services:
      BACKUP_CRON: "30 3 * * *"
      RESTIC_REPOSITORY: ${NODE_RESTIC_REPOSITORY}
      RESTIC_PASSWORD: ${NODE_RESTIC_PASSWORD}
-      RESTIC_BACKUP_SOURCES: /var/lib/docker/volumes
-      RESTIC_BACKUP_TAGS: docker-volumes
-      RESTIC_FORGET_ARGS: --prune --keep-last 14 --keep-daily 1
-      TZ: Europe/Paris
-    networks:
-    - private
+      RESTIC_BACKUP_SOURCES: ${NODE_RESTIC_BACKUP_SOURCES:-/var/lib/docker/volumes}
+      RESTIC_BACKUP_TAGS: ${NODE_RESTIC_BACKUP_TAGS:-docker-volumes}
+      RESTIC_FORGET_ARGS: ${NODE_RESTIC_FORGET_ARGS:---prune --keep-last 14 --keep-daily 1}
+      TZ: ${NODE_TZ:-${TZ}}
    volumes:
      - restic:/root/.config
      - /var/lib/docker/volumes:/var/lib/docker/volumes:ro
@ -21,7 +19,3 @@ services:
 volumes:
  restic:

-networks:
-  private:
-    external: true
-    name: ${DOCKER_NETWORK_PRIVATE}
--- a/stack/node/certbot.mk
+++ b/stack/node/certbot.mk
@ -0,0 +1 @@
+NODE_CERTBOT_UFW_UPDATE                   ?= 53/udp
--- a/stack/node/consul.mk
+++ b/stack/node/consul.mk
@ -0,0 +1,5 @@
+ENV_VARS                                  += NODE_CONSUL_ACL_TOKENS_MASTER NODE_CONSUL_HTTP_TOKEN NODE_CONSUL_SERVICE_8500_TAGS
+NODE_CONSUL_ACL_TOKENS_MASTER             ?= 01234567-89ab-cdef-0123-456789abcdef
+NODE_CONSUL_HTTP_TOKEN                    ?= $(NODE_CONSUL_ACL_TOKENS_MASTER)
+NODE_CONSUL_SERVICE_8500_TAGS             ?= urlprefix-consul.${DOMAIN}/
+NODE_CONSUL_UFW_UPDATE                    ?= 8500
--- a/stack/node/exporter.mk
+++ b/stack/node/exporter.mk
@ -0,0 +1,3 @@
+ENV_VARS                                  += NODE_EXPORTER_CADVISOR_SERVICE_8080_TAGS NODE_EXPORTER_NODE_SERVICE_9100_TAGS
+NODE_EXPORTER_CADVISOR_SERVICE_8080_TAGS  ?= urlprefix-cadvisor-exporter.${DOMAIN}/
+NODE_EXPORTER_NODE_SERVICE_9100_TAGS      ?= urlprefix-node-exporter.${DOMAIN}/
--- a/stack/node/exporter/.env.dist
+++ b/stack/node/exporter/.env.dist
@ -1,2 +0,0 @@
-NODE_EXPORTER_CADVISOR_SERVICE_8080_TAGS=urlprefix-exporter-cadvisor.${DOMAIN}/
-NODE_EXPORTER_NODE_SERVICE_9100_TAGS=urlprefix-exporter-node.${DOMAIN}/
--- a/stack/node/fabio.mk
+++ b/stack/node/fabio.mk
@ -0,0 +1,3 @@
+ENV_VARS                                  += NODE_FABIO_SERVICE_9998_TAGS
+NODE_FABIO_SERVICE_9998_TAGS              ?= urlprefix-fabio.${DOMAIN}/
+NODE_FABIO_UFW_UPDATE                     ?= 80/tcp 443/tcp
--- a/stack/node/mail.mk
+++ b/stack/node/mail.mk
@ -0,0 +1,6 @@
+# ENV_VARS                                  += NODE_MAILSERVER_ENABLE_MANAGESIEVE NODE_MAILSERVER_SPOOF_PROTECTION NODE_MAILSERVER_SSL_TYPE NODE_MAILSERVER_ENABLE_UPDATE_CHECK
+NODE_MAILSERVER_ENABLE_MANAGESIEVE        ?= 1
+NODE_MAILSERVER_SPOOF_PROTECTION          ?= 1
+NODE_MAILSERVER_SSL_TYPE                  ?= letsencrypt
+NODE_MAILSERVER_ENABLE_UPDATE_CHECK       ?= 0
+NODE_MAILSERVER_UFW_DOCKER                ?= 25/tcp 465/tcp 587/tcp 993/tcp
--- a/stack/node/mail/.env.dist
+++ b/stack/node/mail/.env.dist
@ -1,5 +0,0 @@
-NODE_MAILSERVER_ENABLE_MANAGESIEVE=1
-NODE_MAILSERVER_SPOOF_PROTECTION=1
-NODE_MAILSERVER_SSL_TYPE=letsencrypt
-NODE_MAILSERVER_UPDATE_CHECK=0
-UFW_DOCKER_mailserver=25 465 587 993
--- a/stack/node/mail/mailserver.yml
+++ b/stack/node/mail/mailserver.yml
@ -15,13 +15,13 @@ services:
    - ONE_DIR=${NODE_MAILSERVER_ONE_DIR:-1}
    - ACCOUNT_PROVISIONER=${NODE_MAILSERVER_ACCOUNT_PROVISIONER:-}
    - POSTMASTER_ADDRESS=${NODE_MAILSERVER_POSTMASTER_ADDRESS:-}
-    - ENABLE_UPDATE_CHECK=${NODE_MAILSERVER_ENABLE_UPDATE_CHECK:-1}
+    - ENABLE_UPDATE_CHECK=${NODE_MAILSERVER_ENABLE_UPDATE_CHECK:-0}
    - UPDATE_CHECK_INTERVAL=${NODE_MAILSERVER_UPDATE_CHECK_INTERVAL:-1d}
    - PERMIT_DOCKER=${NODE_MAILSERVER_PERMIT_DOCKER:-none}
-    - TZ=${NODE_MAILSERVER_TZ:-}
+    - TZ=${NODE_MAILSERVER_TZ:-${TZ}}
    - NETWORK_INTERFACE=${NODE_MAILSERVER_NETWORK_INTERFACE:-}
    - TLS_LEVEL=${NODE_MAILSERVER_TLS_LEVEL:-}
-    - SPOOF_PROTECTION=${NODE_MAILSERVER_SPOOF_PROTECTION:-}
+    - SPOOF_PROTECTION=${NODE_MAILSERVER_SPOOF_PROTECTION:-1}
    - ENABLE_SRS=${NODE_MAILSERVER_ENABLE_SRS:-0}
    - ENABLE_POP3=${NODE_MAILSERVER_ENABLE_POP3:-}
    - ENABLE_CLAMAV=${NODE_MAILSERVER_ENABLE_CLAMAV:-0}
@ -30,10 +30,10 @@ services:
    - ENABLE_DNSBL=${NODE_MAILSERVER_ENABLE_DNSBL:-0}
    - ENABLE_FAIL2BAN=${NODE_MAILSERVER_ENABLE_FAIL2BAN:-0}
    - FAIL2BAN_BLOCKTYPE=${NODE_MAILSERVER_FAIL2BAN_BLOCKTYPE:-drop}
-    - ENABLE_MANAGESIEVE=${NODE_MAILSERVER_ENABLE_MANAGESIEVE:-}
+    - ENABLE_MANAGESIEVE=${NODE_MAILSERVER_ENABLE_MANAGESIEVE:-1}
    - POSTSCREEN_ACTION=${NODE_MAILSERVER_POSTSCREEN_ACTION:-enforce}
    - SMTP_ONLY=${NODE_MAILSERVER_SMTP_ONLY:-}
-    - SSL_TYPE=${NODE_MAILSERVER_SSL_TYPE:-}
+    - SSL_TYPE=${NODE_MAILSERVER_SSL_TYPE:-letsencrypt}
    - SSL_CERT_PATH=${NODE_MAILSERVER_SSL_CERT_PATH:-}
    - SSL_KEY_PATH=${NODE_MAILSERVER_SSL_KEY_PATH:-}
    - SSL_ALT_CERT_PATH=${NODE_MAILSERVER_SSL_ALT_CERT_PATH:-}
--- a/stack/node/portainer.mk
+++ b/stack/node/portainer.mk
@ -0,0 +1,2 @@
+ENV_VARS                                  += NODE_PORTAINER_SERVICE_9000_TAGS
+NODE_PORTAINER_SERVICE_9000_TAGS          ?= urlprefix-portainer.${DOMAIN}/
--- a/stack/node/portainer/portainer.yml
+++ b/stack/node/portainer/portainer.yml
--- a/stack/node/portainer/.env.dist
+++ b/stack/node/portainer/.env.dist
@ -1 +0,0 @@
-NODE_PORTAINER_SERVICE_9000_TAGS=urlprefix-portainer.${DOMAIN}/
--- a/stack/node/vdi/.env.dist
+++ b/stack/node/vdi/.env.dist
@ -1,7 +0,0 @@
-NODE_VDI_ECRYPTERS=${USER}
-NODE_VDI_LANG=${LANG}
-NODE_VDI_PORT=${SSH_PORT}
-NODE_VDI_SUDOERS=
-NODE_VDI_TZ=UTC
-NODE_VDI_USERS=${USER}
-UFW_DOCKER_vdi=${SSH_PORT}
--- a/stack/node/vdi/vdi.yml
+++ b/stack/node/vdi/vdi.yml
@ -5,7 +5,7 @@ services:
    build:
      args:
      - DOCKER_BUILD_DIR=docker/x2go/xfce-debian
-      - SSH_PORT=${NODE_VDI_PORT:-22}
+      - SSH_PORT=${NODE_SSH_PORT:-${SSH_PORT}}
      context: ../..
      dockerfile: docker/x2go/xfce-debian/Dockerfile
    cap_add:
@ -17,14 +17,14 @@ services:
    cpus: 0.5
    environment:
    - DEBUG=${VDI_DEBUG:-}
-    - ECRYPTERS=${NODE_VDI_ECRYPTERS:-}
-    - LANG=${NODE_VDI_LANG:-}
-    - SSH_PORT=${NODE_VDI_PORT:-22}
+    - ECRYPTERS=${NODE_VDI_ECRYPTERS:-${USER}}
+    - LANG=${NODE_VDI_LANG:-C.UTF-8}
+    - SSH_PORT=${NODE_SSH_PORT:-${SSH_PORT}}
    - SSH_AUTHORIZED_KEYS=${SSH_AUTHORIZED_KEYS:-}
-    - SSH_PUBLIC_HOSTS=${NODE_SSH_PUBLIC_HOSTS:-}
-    - SUDOERS=${NODE_VDI_SUDOERS:-}
+    - SSH_PUBLIC_HOSTS=${NODE_SSH_PUBLIC_HOSTS:-${SSH_PUBLIC_HOSTS}}
+    - SUDOERS=${NODE_VDI_SUDOERS:-${USER}}
    - TZ=${NODE_VDI_TZ:-}
-    - USERS=${NODE_VDI_USERS:-}
+    - USERS=${NODE_VDI_USERS:-${USER}}
    image: ${NODE_DOCKER_REPOSITORY}/vdi:${DOCKER_IMAGE_TAG}
    networks:
    - public
--- a/stack/node/vsftpd/.env.dist
+++ b/stack/node/vsftpd/.env.dist
@ -1,3 +0,0 @@
-NODE_VSFTPD_S3_AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
-NODE_VSFTPD_S3_AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
-NODE_VSFTPD_S3_FTPD_USERS=ftpuser::ftppass::ftpbucket
--- a/stack/node/vsftpd/s3.yml
+++ b/stack/node/vsftpd/s3.yml
@ -13,8 +13,8 @@ services:
    devices:
    - /dev/fuse
    environment:
-    - AWS_ACCESS_KEY_ID=${NODE_VSFTPD_S3_AWS_ACCESS_KEY_ID}
-    - AWS_SECRET_ACCESS_KEY=${NODE_VSFTPD_S3_AWS_SECRET_ACCESS_KEY}
+    - AWS_ACCESS_KEY_ID=${NODE_VSFTPD_S3_AWS_ACCESS_KEY_ID:-${AWS_ACCESS_KEY_ID}}
+    - AWS_SECRET_ACCESS_KEY=${NODE_VSFTPD_S3_AWS_SECRET_ACCESS_KEY:-${AWS_SECRET_ACCESS_KEY}}
    - DIR_REMOTE=${NODE_VSFTPD_S3_DIR_REMOTE}
    - FTP_HOST=${NODE_VSFTPD_S3_FTP_HOST}
    - FTP_PASS=${NODE_VSFTPD_S3_FTP_PASS}
--- a/stack/x2go/.env.dist
+++ b/stack/x2go/.env.dist
@ -1,6 +0,0 @@
-VDI_ECRYPTERS=
-VDI_LANG=${LANG}
-VDI_PORT=8260
-VDI_SUDOERS=
-VDI_TZ=UTC
-VDI_USERS=${USER}
--- a/stack/x2go/vdi.mk
+++ b/stack/x2go/vdi.mk
@ -0,0 +1,4 @@
+VDI_LANG                        ?= C.UTF-8
+VDI_PORT                        ?= 123
+VDI_TZ                          ?= UTC
+VDI_USERS                       ?= $(USER)
--- a/stack/x2go/xfce_debian.yml
+++ b/stack/x2go/xfce_debian.yml
@ -5,7 +5,8 @@ services:
    build:
      args:
      - DOCKER_BUILD_DIR=docker/x2go/xfce-debian
-      - SSH_PORT=${VDI_PORT:-22}
+      - DOCKER_GID=${DOCKER_GID:-}
+      - SSH_PORT=${SSH_PORT:-22}
      context: ../..
      dockerfile: docker/x2go/xfce-debian/Dockerfile
    cap_add:
@ -18,7 +19,7 @@ services:
    - DEBUG=${VDI_DEBUG:-}
    - ECRYPTERS=${VDI_ECRYPTERS:-}
    - LANG=${VDI_LANG:-}
-    - SSH_PORT=${VDI_PORT:-22}
+    - SSH_PORT=${SSH_PORT:-22}
    - SSH_PUBLIC_HOSTS=${SSH_PUBLIC_HOSTS:-}
    - SUDOERS=${VDI_SUDOERS:-}
    - TZ=${VDI_TZ:-}
@ -28,7 +29,7 @@ services:
    - private
    - public
    ports:
-    - ${SSH_PORT}
+    - ${VDI_PORT}:${SSH_PORT}
    restart: unless-stopped
    security_opt:
    - apparmor=unconfined # ecryptfs
				`@ -1 +0,0 @@`
				`NODE_PORTAINER_SERVICE_9000_TAGS=urlprefix-portainer.${DOMAIN}/`