turnkeylinux · JedMeister · Mar 20, 2026 · Mar 21, 2026 · Mar 22, 2026 · Mar 22, 2026
diff --git a/conf/turnkey.d/confconsole-autorun b/conf/turnkey.d/confconsole-autorun
@@ -2,12 +2,20 @@
 
 # copy in confconsole auto start file
 mkdir -p /root/.bashrc.d/
-cp /usr/share/confconsole/autostart/confconsole-auto \
-    /root/.bashrc.d/confconsole-auto
-# should already be executable, but just in case
-chmod +x /root/.bashrc.d/confconsole-auto
+if [ -f /usr/share/confconsole/autostart/confconsole-auto ]; then
+    cp /usr/share/confconsole/autostart/confconsole-auto \
+        /root/.bashrc.d/confconsole-auto
+    # should already be executable, but just in case
+    chmod +x /root/.bashrc.d/confconsole-auto
+else
+    echo "Warning: confconsole-auto file not found, skipping copy"
+fi
 
 # autostart "once"
 CONF=/etc/confconsole/confconsole.conf
-sed -i "s|^#autostart|autostart|g" $CONF
-sed -i "s|^autostart.*|autostart once|g" $CONF
+if [ -f "$CONF" ]; then
+    sed -i "s|^#autostart|autostart|g" $CONF
+    sed -i "s|^autostart.*|autostart once|g" $CONF
+else
+    echo "Warning: $CONF not found, skipping autostart configuration"
+fi
diff --git a/conf/turnkey.d/dpkg-vendor b/conf/turnkey.d/dpkg-vendor
@@ -4,4 +4,4 @@
 # returns the correct string
 
 rm -rf /etc/dpkg/origins/default
-ln -s /etc/dpkg/origins/TurnKey /etc/dpkg/origins/default
+ln -sf /etc/dpkg/origins/TurnKey /etc/dpkg/origins/default
diff --git a/conf/turnkey.d/etckeeper b/conf/turnkey.d/etckeeper
@@ -2,5 +2,6 @@
 # un-initialize etckeeper
 
 echo "inithooks.conf" >> /etc/.gitignore
+mkdir -p /etc/etckeeper/uninit.d
 etckeeper uninit -f
 
diff --git a/conf/turnkey.d/fail2ban-fixes b/conf/turnkey.d/fail2ban-fixes
@@ -4,6 +4,7 @@
 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024305
 
 CONF=/etc/fail2ban/fail2ban.conf
+[ -f "$CONF" ] || exit 0
 if ! grep -q '^allowipv6' $CONF; then
     sed -i '\|^\[Definition\]|a \\nallowipv6 = auto' $CONF
 fi
@@ -27,7 +28,7 @@ cat > fail2ban.patch <<EOF
  cmnfailre-failed-pub-ignore =
 
 EOF
-git apply fail2ban.patch
+git apply --check fail2ban.patch 2>/dev/null && git apply fail2ban.patch || echo "patch already applied, skipping"
 rm fail2ban.patch
 
 cat > /etc/cron.weekly/fail2ban <<EOF

diff --git a/conf/turnkey.d/monit b/conf/turnkey.d/monit
@@ -1,3 +1,3 @@
 #!/bin/bash
 
-ln -s /etc/monit/monitrc.d/system /etc/monit/conf.d/system
+ln -sf /etc/monit/monitrc.d/system /etc/monit/conf.d/system
diff --git a/conf/turnkey.d/roothome b/conf/turnkey.d/roothome
@@ -1,7 +1,7 @@
 #!/bin/bash -e
 
 # harden ssh client directories
-mkdir -m 0700 /etc/skel/.ssh
+mkdir -p -m 0700 /etc/skel/.ssh
 cp -dRn /etc/skel/.ssh /root
 
 cp /etc/skel/.bashrc /root

diff --git a/conf/turnkey.d/webmin-conf b/conf/turnkey.d/webmin-conf
@@ -26,3 +26,4 @@ update_or_add no_tls1_1 1
 update_or_add no_tls1_2
 update_or_add extracas
 update_or_add ssl_hsts 0
+update_or_add ipv6 1
diff --git a/conf/turnkey.d/webmin-history b/conf/turnkey.d/webmin-history
@@ -1,5 +1,6 @@
 #!/bin/sh -e
-
-mkdir -p /etc/webmin/system-status/history
-mv /etc/webmin/system-status/history /var/webmin/
-ln -s /var/webmin/history /etc/webmin/system-status/history 
+if [ ! -L /etc/webmin/system-status/history ]; then
+    mkdir -p /etc/webmin/system-status/history
+    mv /etc/webmin/system-status/history /var/webmin/
+fi
+ln -sf /var/webmin/history /etc/webmin/system-status/history
diff --git a/conf/turnkey.d/webmin-lets-enc b/conf/turnkey.d/webmin-lets-enc
@@ -1,7 +1,9 @@
 #/bin/bash -e
-
 # Disable Webmin Let's Encrypt config - via patch
-
-cd /usr/share/webmin/webmin
-git apply /usr/local/src/webmin.patch
-rm /usr/local/src/webmin.patch
+if [ -f /usr/local/src/webmin.patch ]; then
+    cd /usr/share/webmin/webmin
+    git apply /usr/local/src/webmin.patch
+    rm /usr/local/src/webmin.patch
+else
+    echo "webmin.patch not found, skipping (may already be applied)"
+fi
diff --git a/conf/turnkey.d/webmin-theme b/conf/turnkey.d/webmin-theme
@@ -1,12 +1,12 @@
 #!/bin/sh -e
-
 set ${WEBMIN_THEME:=authentic-theme}
-
 CONF_DIR=/etc/webmin
 LOGO_DIR=$CONF_DIR/$WEBMIN_THEME
-
 echo "theme=$WEBMIN_THEME" >> $CONF_DIR/config
 echo "preroot=$WEBMIN_THEME" >> $CONF_DIR/miniserv.conf
-
-mv $LOGO_DIR/tkl-logo-white.png $LOGO_DIR/logo.png
-mv $LOGO_DIR/tkl-logo-black.png $LOGO_DIR/logo_welcome.png
+if [ -f $LOGO_DIR/tkl-logo-white.png ]; then
+    mv $LOGO_DIR/tkl-logo-white.png $LOGO_DIR/logo.png
+    mv $LOGO_DIR/tkl-logo-black.png $LOGO_DIR/logo_welcome.png
+else
+    echo "TKL logos not found in overlay, skipping webmin theme logos"
+fi
diff --git a/overlays/turnkey.d/networking/etc/gai.conf b/overlays/turnkey.d/networking/etc/gai.conf
@@ -0,0 +1,2 @@
+# Prefer IPv4 for external connections (v19)
+precedence ::ffff:0:0/96  100
diff --git a/plans/turnkey/base b/plans/turnkey/base
@@ -50,7 +50,9 @@ etckeeper
 git
 
 lsb-release
+locales
 localepurge
+mawk
 man-db
 screen
 dtach

diff --git a/plans/turnkey/postgresql b/plans/turnkey/postgresql
@@ -0,0 +1,2 @@
+postgresql
+webmin-postgresql
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		# Prefer IPv4 for external connections (v19)
		precedence ::ffff:0:0/96 100
-Original file line number
+Diff line change
@@ Expand Up / @@ -50,7 +50,9 @@ etckeeper @@
     git
     lsb-release
+    locales
     localepurge
+    mawk
     man-db
     screen
     dtach
@@ Expand Down @@