From 65a68176c9f56a588bd77710cde4cc32d2b66058 Mon Sep 17 00:00:00 2001
From: Vincent Vanwaelscappel <vincent@cubedesigners.com>
Date: Fri, 9 Dec 2022 09:56:15 +0100
Subject: [PATCH] wait #5635 @1.5

---
 .docker/config/imagemagick/policy.xml         |  96 ++++++++++++
 .docker/config/passwords                      |   1 +
 .docker/config/php.ini                        |   1 +
 .docker/config/rsyslog/50-default.conf        |  48 ++++++
 .docker/config/rsyslog/init.d                 | 137 ++++++++++++++++++
 .docker/config/rsyslog/rsyslog.conf           |  60 ++++++++
 .docker/config/ssh/root/authorized_keys2      |   3 +
 .docker/config/ssh/{ => root}/id_rsa          |   0
 .docker/config/ssh/{ => root}/id_rsa.pub      |   0
 .docker/config/ssh/{ => root}/known_hosts     |   0
 .../{sshd/sshd_config => ssh/server/moduli}   |   0
 .docker/config/ssh/server/ssh_config          |   0
 .docker/config/ssh/server/ssh_host_dsa_key    |  21 +++
 .../config/ssh/server/ssh_host_dsa_key.pub    |   1 +
 .docker/config/ssh/server/ssh_host_ecdsa_key  |   9 ++
 .../config/ssh/server/ssh_host_ecdsa_key.pub  |   1 +
 .../config/ssh/server/ssh_host_ed25519_key    |   7 +
 .../ssh/server/ssh_host_ed25519_key.pub       |   1 +
 .docker/config/ssh/server/ssh_host_rsa_key    |  38 +++++
 .../config/ssh/server/ssh_host_rsa_key.pub    |   1 +
 .docker/config/ssh/server/sshd_config         | 115 +++++++++++++++
 .docker/config/ssh/user/authorized_keys2      |   3 +
 .docker/config/ssh/user/id_rsa                |  27 ++++
 .docker/config/ssh/user/id_rsa.pub            |   1 +
 .docker/config/ssh/user/known_hosts           |  56 +++++++
 .docker/docker-compose.yml                    |  30 +++-
 .docker/images/php/Dockerfile                 |   9 +-
 .docker/images/php/startup                    |  32 +++-
 28 files changed, 689 insertions(+), 9 deletions(-)
 create mode 100644 .docker/config/imagemagick/policy.xml
 create mode 100644 .docker/config/passwords
 create mode 100644 .docker/config/rsyslog/50-default.conf
 create mode 100644 .docker/config/rsyslog/init.d
 create mode 100644 .docker/config/rsyslog/rsyslog.conf
 create mode 100644 .docker/config/ssh/root/authorized_keys2
 rename .docker/config/ssh/{ => root}/id_rsa (100%)
 rename .docker/config/ssh/{ => root}/id_rsa.pub (100%)
 rename .docker/config/ssh/{ => root}/known_hosts (100%)
 rename .docker/config/{sshd/sshd_config => ssh/server/moduli} (100%)
 create mode 100644 .docker/config/ssh/server/ssh_config
 create mode 100644 .docker/config/ssh/server/ssh_host_dsa_key
 create mode 100644 .docker/config/ssh/server/ssh_host_dsa_key.pub
 create mode 100644 .docker/config/ssh/server/ssh_host_ecdsa_key
 create mode 100644 .docker/config/ssh/server/ssh_host_ecdsa_key.pub
 create mode 100644 .docker/config/ssh/server/ssh_host_ed25519_key
 create mode 100644 .docker/config/ssh/server/ssh_host_ed25519_key.pub
 create mode 100644 .docker/config/ssh/server/ssh_host_rsa_key
 create mode 100644 .docker/config/ssh/server/ssh_host_rsa_key.pub
 create mode 100644 .docker/config/ssh/server/sshd_config
 create mode 100644 .docker/config/ssh/user/authorized_keys2
 create mode 100644 .docker/config/ssh/user/id_rsa
 create mode 100644 .docker/config/ssh/user/id_rsa.pub
 create mode 100644 .docker/config/ssh/user/known_hosts

diff --git a/.docker/config/imagemagick/policy.xml b/.docker/config/imagemagick/policy.xml
new file mode 100644
index 000000000..cf31ee668
--- /dev/null
+++ b/.docker/config/imagemagick/policy.xml
@@ -0,0 +1,96 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policymap [
+        <!ELEMENT policymap (policy)+>
+        <!ATTLIST policymap xmlns CDATA #FIXED ''>
+        <!ELEMENT policy EMPTY>
+        <!ATTLIST policy xmlns CDATA #FIXED '' domain NMTOKEN #REQUIRED
+                name NMTOKEN #IMPLIED pattern CDATA #IMPLIED rights NMTOKEN #IMPLIED
+                stealth NMTOKEN #IMPLIED value CDATA #IMPLIED>
+        ]>
+<!--
+  Configure ImageMagick policies.
+
+  Domains include system, delegate, coder, filter, path, or resource.
+
+  Rights include none, read, write, execute and all.  Use | to combine them,
+  for example: "read | write" to permit read from, or write to, a path.
+
+  Use a glob expression as a pattern.
+
+  Suppose we do not want users to process MPEG video images:
+
+    <policy domain="delegate" rights="none" pattern="mpeg:decode" />
+
+  Here we do not want users reading images from HTTP:
+
+    <policy domain="coder" rights="none" pattern="HTTP" />
+
+  The /repository file system is restricted to read only.  We use a glob
+  expression to match all paths that start with /repository:
+
+    <policy domain="path" rights="read" pattern="/repository/*" />
+
+  Lets prevent users from executing any image filters:
+
+    <policy domain="filter" rights="none" pattern="*" />
+
+  Any large image is cached to disk rather than memory:
+
+    <policy domain="resource" name="area" value="1GP"/>
+
+  Define arguments for the memory, map, area, width, height and disk resources
+  with SI prefixes (.e.g 100MB).  In addition, resource policies are maximums
+  for each instance of ImageMagick (e.g. policy memory limit 1GB, -limit 2GB
+  exceeds policy maximum so memory limit is 1GB).
+
+  Rules are processed in order.  Here we want to restrict ImageMagick to only
+  read or write a small subset of proven web-safe image types:
+
+    <policy domain="delegate" rights="none" pattern="*" />
+    <policy domain="filter" rights="none" pattern="*" />
+    <policy domain="coder" rights="none" pattern="*" />
+    <policy domain="coder" rights="read|write" pattern="{GIF,JPEG,PNG,WEBP}" />
+-->
+<policymap>
+    <!-- <policy domain="system" name="shred" value="2"/> -->
+    <!-- <policy domain="system" name="precision" value="6"/> -->
+    <!-- <policy domain="system" name="memory-map" value="anonymous"/> -->
+    <!-- <policy domain="system" name="max-memory-request" value="256MiB"/> -->
+    <!-- <policy domain="resource" name="temporary-path" value="/tmp"/> -->
+    <policy domain="resource" name="memory" value="2GiB"/>
+    <policy domain="resource" name="map" value="4GiB"/>
+    <policy domain="resource" name="width" value="128KP"/>
+    <policy domain="resource" name="height" value="128KP"/>
+    <!-- <policy domain="resource" name="list-length" value="128"/> -->
+    <policy domain="resource" name="area" value="1.0737GP"/>
+    <policy domain="resource" name="disk" value="16GiB"/>
+    <policy domain="resource" name="file" value="768"/>
+    <policy domain="resource" name="thread" value="8"/>
+    <policy domain="resource" name="throttle" value="0"/>
+    <!-- <policy domain="resource" name="time" value="3600"/> -->
+    <!-- <policy domain="coder" rights="none" pattern="MVG" /> -->
+    <!-- <policy domain="module" rights="none" pattern="{PS,PDF,XPS}" /> -->
+    <!-- <policy domain="delegate" rights="none" pattern="HTTPS" /> -->
+    <!-- <policy domain="path" rights="none" pattern="@*" /> -->
+    <!-- <policy domain="cache" name="memory-map" value="anonymous"/> -->
+    <!-- <policy domain="cache" name="synchronize" value="True"/> -->
+    <!-- <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/> -->
+    <!-- <policy domain="system" name="pixel-cache-memory" value="anonymous"/> -->
+    <!-- <policy domain="system" name="shred" value="2"/> -->
+    <!-- <policy domain="system" name="precision" value="6"/> -->
+    <!-- not needed due to the need to use explicitly by mvg: -->
+    <!-- <policy domain="delegate" rights="none" pattern="MVG" /> -->
+    <!-- use curl -->
+    <policy domain="delegate" rights="none" pattern="URL" />
+    <policy domain="delegate" rights="none" pattern="HTTPS" />
+    <policy domain="delegate" rights="none" pattern="HTTP" />
+    <!-- in order to avoid to get image with password text -->
+    <policy domain="path" rights="none" pattern="@*"/>
+    <!-- disable ghostscript format types -->
+    <policy domain="coder" rights="none" pattern="PS" />
+    <policy domain="coder" rights="none" pattern="PS2" />
+    <policy domain="coder" rights="none" pattern="PS3" />
+    <policy domain="coder" rights="none" pattern="EPS" />
+    <policy domain="coder" rights="none" pattern="PDF" />
+    <policy domain="coder" rights="none" pattern="XPS" />
+</policymap>
\ No newline at end of file
diff --git a/.docker/config/passwords b/.docker/config/passwords
new file mode 100644
index 000000000..7c3130e18
--- /dev/null
+++ b/.docker/config/passwords
@@ -0,0 +1 @@
+toolbox:F3Qm8o87oFyi6JAWCwsb
diff --git a/.docker/config/php.ini b/.docker/config/php.ini
index 702f901d9..c0ef7ab55 100644
--- a/.docker/config/php.ini
+++ b/.docker/config/php.ini
@@ -3,3 +3,4 @@ post_max_size = 8G
 error_log = /proc/self/fd/2
 log_errors = 1
 memory_limit = 12G
+max_input_vars = 1000000
diff --git a/.docker/config/rsyslog/50-default.conf b/.docker/config/rsyslog/50-default.conf
new file mode 100644
index 000000000..f939a484b
--- /dev/null
+++ b/.docker/config/rsyslog/50-default.conf
@@ -0,0 +1,48 @@
+#  Default rules for rsyslog.
+#
+#                       For more information see rsyslog.conf(5) and /etc/rsyslog.conf
+
+#
+# First some standard log files.  Log by facility.
+#
+auth,authpriv.*                 /var/log/auth.log
+*.*;auth,authpriv.none          -/var/log/syslog
+#cron.*                         /var/log/cron.log
+#daemon.*                       -/var/log/daemon.log
+kern.*                          -/var/log/kern.log
+#lpr.*                          -/var/log/lpr.log
+mail.*                          -/var/log/mail.log
+#user.*                         -/var/log/user.log
+
+#
+# Logging for the mail system.  Split it up so that
+# it is easy to write scripts to parse these files.
+#
+#mail.info                      -/var/log/mail.info
+#mail.warn                      -/var/log/mail.warn
+mail.err                        /var/log/mail.err
+
+#
+# Some "catch-all" log files.
+#
+#*.=debug;\
+#       auth,authpriv.none;\
+#       news.none;mail.none     -/var/log/debug
+#*.=info;*.=notice;*.=warn;\
+#       auth,authpriv.none;\
+#       cron,daemon.none;\
+#       mail,news.none          -/var/log/messages
+
+#
+# Emergencies are sent to everybody logged in.
+#
+*.emerg                         :omusrmsg:*
+
+#
+# I like to have messages displayed on the console, but only on a virtual
+# console I usually leave idle.
+#
+#daemon,mail.*;\
+#       news.=crit;news.=err;news.=notice;\
+#       *.=debug;*.=info;\
+#       *.=notice;*.=warn       /dev/tty8
diff --git a/.docker/config/rsyslog/init.d b/.docker/config/rsyslog/init.d
new file mode 100644
index 000000000..96ddd1499
--- /dev/null
+++ b/.docker/config/rsyslog/init.d
@@ -0,0 +1,137 @@
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides:          rsyslog
+# Required-Start:    $remote_fs $time
+# Required-Stop:     umountnfs $time
+# X-Stop-After:      sendsigs
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: enhanced syslogd
+# Description:       Rsyslog is an enhanced multi-threaded syslogd.
+#                    It is quite compatible to stock sysklogd and can be
+#                    used as a drop-in replacement.
+### END INIT INFO
+
+#
+# Author: Michael Biebl <biebl@debian.org>
+#
+
+# PATH should only include /usr/* if it runs after the mountnfs.sh script
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="enhanced syslogd"
+NAME=rsyslog
+
+RSYSLOGD=rsyslogd
+RSYSLOGD_BIN=/usr/sbin/rsyslogd
+RSYSLOGD_OPTIONS="-c5"
+RSYSLOGD_PIDFILE=/var/run/rsyslogd.pid
+
+SCRIPTNAME=/etc/init.d/$NAME
+
+# Exit if the package is not installed
+[ -x "$RSYSLOGD_BIN" ] || exit 0
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
+# Define LSB log_* functions.
+. /lib/lsb/init-functions
+
+do_start()
+{
+	DAEMON="$RSYSLOGD_BIN"
+	DAEMON_ARGS="$RSYSLOGD_OPTIONS"
+	PIDFILE="$RSYSLOGD_PIDFILE"
+
+	# Return
+	#   0 if daemon has been started
+	#   1 if daemon was already running
+	#   other if daemon could not be started or a failure occured
+	start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- $DAEMON_ARGS
+}
+
+do_stop()
+{
+	DAEMON="$RSYSLOGD_BIN"
+	PIDFILE="$RSYSLOGD_PIDFILE"
+
+	# Return
+	#   0 if daemon has been stopped
+	#   1 if daemon was already stopped
+	#   other if daemon could not be stopped or a failure occurred
+	start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --exec $DAEMON
+}
+
+#
+# Tell rsyslogd to close all open files
+#
+do_rotate() {
+	DAEMON="$RSYSLOGD_BIN"
+	PIDFILE="$RSYSLOGD_PIDFILE"
+
+	start-stop-daemon --stop --signal HUP --quiet --pidfile $PIDFILE --exec $DAEMON
+}
+
+create_xconsole() {
+	XCONSOLE=/dev/xconsole
+	if [ "$(uname -s)" != "Linux" ]; then
+		XCONSOLE=/run/xconsole
+		ln -sf $XCONSOLE /dev/xconsole
+	fi
+	if [ ! -e $XCONSOLE ]; then
+		mknod -m 640 $XCONSOLE p
+		chown root:adm $XCONSOLE
+		[ -x /sbin/restorecon ] && /sbin/restorecon $XCONSOLE
+	fi
+}
+
+sendsigs_omit() {
+	OMITDIR=/run/sendsigs.omit.d
+	mkdir -p $OMITDIR
+	ln -sf $RSYSLOGD_PIDFILE $OMITDIR/rsyslog
+}
+
+case "$1" in
+  start)
+	log_daemon_msg "Starting $DESC" "$RSYSLOGD"
+	create_xconsole
+	do_start
+	case "$?" in
+		0) sendsigs_omit
+		   log_end_msg 0 ;;
+		1) log_progress_msg "already started"
+		   log_end_msg 0 ;;
+		*) log_end_msg 1 ;;
+	esac
+
+	;;
+  stop)
+	log_daemon_msg "Stopping $DESC" "$RSYSLOGD"
+	do_stop
+	case "$?" in
+		0) log_end_msg 0 ;;
+		1) log_progress_msg "already stopped"
+		   log_end_msg 0 ;;
+		*) log_end_msg 1 ;;
+	esac
+
+	;;
+  rotate)
+	log_daemon_msg "Closing open files" "$RSYSLOGD"
+	do_rotate
+	log_end_msg $?
+	;;
+  restart|force-reload)
+	$0 stop
+	$0 start
+	;;
+  status)
+	status_of_proc -p $RSYSLOGD_PIDFILE $RSYSLOGD_BIN $RSYSLOGD && exit 0 || exit $?
+	;;
+  *)
+	echo "Usage: $SCRIPTNAME {start|stop|rotate|restart|force-reload|status}" >&2
+	exit 3
+	;;
+esac
+
+:
\ No newline at end of file
diff --git a/.docker/config/rsyslog/rsyslog.conf b/.docker/config/rsyslog/rsyslog.conf
new file mode 100644
index 000000000..94bc18f26
--- /dev/null
+++ b/.docker/config/rsyslog/rsyslog.conf
@@ -0,0 +1,60 @@
+# /etc/rsyslog.conf configuration file for rsyslog
+#
+# For more information install rsyslog-doc and see
+# /usr/share/doc/rsyslog-doc/html/configuration/index.html
+#
+# Default logging rules can be found in /etc/rsyslog.d/50-default.conf
+
+
+#################
+#### MODULES ####
+#################
+
+module(load="imuxsock") # provides support for local system logging
+#module(load="immark")  # provides --MARK-- message capability
+
+# provides UDP syslog reception
+#module(load="imudp")
+#input(type="imudp" port="514")
+
+# provides TCP syslog reception
+#module(load="imtcp")
+#input(type="imtcp" port="514")
+
+# provides kernel logging support and enable non-kernel klog messages
+# module(load="imklog" permitnonkernelfacility="on")
+
+
+###########################
+#### GLOBAL DIRECTIVES ####
+###########################
+
+#
+# Use traditional timestamp format.
+# To enable high precision timestamps, comment out the following line.
+#
+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+
+# Filter duplicated messages
+$RepeatedMsgReduction on
+
+#
+# Set the default permissions for all log files.
+#
+$FileOwner syslog
+$FileGroup adm
+$FileCreateMode 0640
+$DirCreateMode 0755
+$Umask 0022
+$PrivDropToUser syslog
+$PrivDropToGroup syslog
+
+#
+# Where to place spool and state files
+#
+$WorkDirectory /var/spool/rsyslog
+
+#
+# Include all config files in /etc/rsyslog.d/
+#
+$IncludeConfig /etc/rsyslog.d/*.conf
\ No newline at end of file
diff --git a/.docker/config/ssh/root/authorized_keys2 b/.docker/config/ssh/root/authorized_keys2
new file mode 100644
index 000000000..43c5e7d4e
--- /dev/null
+++ b/.docker/config/ssh/root/authorized_keys2
@@ -0,0 +1,3 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDwuvRRPH1/Xph5kTo77b/OBRbpumjmu8EZ83h4wFPeg5oy8EpsMKSevYpXWmEuZuUL34HJdmY1WYb+EecUpcOYM1DfLJwGcD324chf7qddpt/85y/fRyplJQNkWcgzUAppA2AXHR21xgNPsqpMYbuIJmqcAAzGLeBznq3TB/sQqSXkoOqcyZxCXPAr4f+UmO+QG7Ct2iuXDjENEiQ3/Ckn4P9bCKNFkol9qQTznM5NN8x+nxU4+Kpkefxr3mhx6Cxl3K2raa5Yq2BzcXXQQR7eJBoqDEJpGcdAybO5IyMeB0LBXIrsSXy6e4zTj0Aj9k7Kr7ilh5eoJ20T4OvO3KFF stephen@cubedesigners.com
+ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAtabxRZZMjtmq+r8uXsBmfLgAtkxqwigGpx0e6Mx066ukIWIafFsguity6aV5QNI4UfxXnX3QXROcWeIiyLBV4yDGxuq7ah4r0X1CjqHUvHoGpXwJ2DIWPeaa8XyXnavmj0SNtKn0f1T+oJS0fcryUTLyxY7eOgNsr+pp1fVmgca9Efj0BKUXV/SUIjp8JX3x0/E/3PAqG81zus2SxzuOO1b0FKXDq43Gx6Ov3Ok7+Pje4G4pB56rJiiXlPxrBlY0e8Pz/7+kFF8izCiztJLtZig32Dx0HbLYGtSvIPJKYxK8DDD/RWWpL3mgNPYZ2PE3wHf4c7CTlxLCDP+NeRS1yQ== vincent+2021@cubedesigners.com
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDwRQkEWWqc1KbEyiTxR2doyaYccrlVrtpFETuzoB9QaBp4x+Iz948f1l7s4t+8JKU+AomYoPM7sDNoSaUihMxBz7zsI0HH41Bw5my1X0ugzt6dEPpR6VL31/DMeDRDAvJWH/kCDBjxclOJVv52E8sdPqvsKo3VeCZz1gdw0I+AEVFaTtZGFyXUW5/7iPi6kpxkPOoO83+7Ijb+Jdso/KT99Hp+X6W0NsTUpQiRt4+Vp9AKl8hXfPYzx2Nw86w8Lw/nIp6rwJ/c/ZmgCZFMEN2NrRbfQtV32E7c2QT25ljwNRfNc/wjzH4QJgTB2TPbqid01w/9EQr6G1wcqD0zZZeUe+Fz/rXo/sJkhlTIrvfO4pJx6IS4x+r1pTBECOt++9+6MhiBHUL2TsIUQBu52QPXqLfUP8S/HjPgDNA0bUM7S7t8jBIHj2MuVKIDqWgcSIV4Gcs38aMy2mqR4lh0i1bM7eP2MQfbK3Q1hpHzJkuUiZx9gHgnaie+AA14srMW16k= root@her.cubedesigners.com
diff --git a/.docker/config/ssh/id_rsa b/.docker/config/ssh/root/id_rsa
similarity index 100%
rename from .docker/config/ssh/id_rsa
rename to .docker/config/ssh/root/id_rsa
diff --git a/.docker/config/ssh/id_rsa.pub b/.docker/config/ssh/root/id_rsa.pub
similarity index 100%
rename from .docker/config/ssh/id_rsa.pub
rename to .docker/config/ssh/root/id_rsa.pub
diff --git a/.docker/config/ssh/known_hosts b/.docker/config/ssh/root/known_hosts
similarity index 100%
rename from .docker/config/ssh/known_hosts
rename to .docker/config/ssh/root/known_hosts
diff --git a/.docker/config/sshd/sshd_config b/.docker/config/ssh/server/moduli
similarity index 100%
rename from .docker/config/sshd/sshd_config
rename to .docker/config/ssh/server/moduli
diff --git a/.docker/config/ssh/server/ssh_config b/.docker/config/ssh/server/ssh_config
new file mode 100644
index 000000000..e69de29bb
diff --git a/.docker/config/ssh/server/ssh_host_dsa_key b/.docker/config/ssh/server/ssh_host_dsa_key
new file mode 100644
index 000000000..b814cc0f9
--- /dev/null
+++ b/.docker/config/ssh/server/ssh_host_dsa_key
@@ -0,0 +1,21 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABsQAAAAdzc2gtZH
+NzAAAAgQCnADFd+E6phChygVvaA/I9D6jItqJzG2A/hEwE4cOciXxNC/+wJ/IqW4T7pOH2
+YpINLLqPMCqVNLj7744GeeNStwRjoMfd8f6zYoGBpimYc1WS3yi/QA1CH5o9qBDjgKV4/4
+zfqjvOwpEj7HZj3hNo1nvCfYrfAuVUVpOqt/Lo0wAAABUA7NkJP07kis6ZZ21WqVzFxam7
+cP8AAACAfp8vDPYcvhzECMtc66fIIEW82A3Hf5Ptoq8llPdX4NAlO+tWUg9zx+MqmuhGfP
+u+KsI7bY8HRIFqvR+HHABZLS6S3kOU6/o78XXgoUXBJW7mAzQvrxPwEiOty8ZOcSl30GGs
+pPKcj9IuRUqWKfTzEJ8q2Yjgz57LtMD0f8QtL+wAAACAdKlWQT2cBqD0hdF0ZnCCFzwlhm
+ZFJdkW0/GSci7IOVUH6ov4++NNzTlInsncd7Ft0dK+fFHiAFTYXz0DBpDafX7dp85PHhOT
+gCGYpym+aMzj5vTug49aROpRvWb1cDVwJQuc0u43FT8F2o+szWjpB4HwqQ1gs7LqyPOIei
+lqWaAAAAHoOhqY1DoamNQAAAAHc3NoLWRzcwAAAIEApwAxXfhOqYQocoFb2gPyPQ+oyLai
+cxtgP4RMBOHDnIl8TQv/sCfyKluE+6Th9mKSDSy6jzAqlTS4+++OBnnjUrcEY6DH3fH+s2
+KBgaYpmHNVkt8ov0ANQh+aPagQ44CleP+M36o7zsKRI+x2Y94TaNZ7wn2K3wLlVFaTqrfy
+6NMAAAAVAOzZCT9O5IrOmWdtVqlcxcWpu3D/AAAAgH6fLwz2HL4cxAjLXOunyCBFvNgNx3
++T7aKvJZT3V+DQJTvrVlIPc8fjKproRnz7virCO22PB0SBar0fhxwAWS0ukt5DlOv6O/F1
+4KFFwSVu5gM0L68T8BIjrcvGTnEpd9BhrKTynI/SLkVKlin08xCfKtmI4M+ey7TA9H/ELS
+/sAAAAgHSpVkE9nAag9IXRdGZwghc8JYZmRSXZFtPxknIuyDlVB+qL+PvjTc05SJ7J3Hex
+bdHSvnxR4gBU2F89AwaQ2n1+3afOTx4Tk4AhmKcpvmjM4+b07oOPWkTqUb1m9XA1cCULnN
+LuNxU/BdqPrM1o6QeB8KkNYLOy6sjziHopalmgAAAAFQDRrqQqUf/GssrI/cGr4/M699Bo
+hgAAAA1yb290QGV4dHJhbmV0AQIDBAU=
+-----END OPENSSH PRIVATE KEY-----
diff --git a/.docker/config/ssh/server/ssh_host_dsa_key.pub b/.docker/config/ssh/server/ssh_host_dsa_key.pub
new file mode 100644
index 000000000..56cbf2b2f
--- /dev/null
+++ b/.docker/config/ssh/server/ssh_host_dsa_key.pub
@@ -0,0 +1 @@
+ssh-dss AAAAB3NzaC1kc3MAAACBAKcAMV34TqmEKHKBW9oD8j0PqMi2onMbYD+ETAThw5yJfE0L/7An8ipbhPuk4fZikg0suo8wKpU0uPvvjgZ541K3BGOgx93x/rNigYGmKZhzVZLfKL9ADUIfmj2oEOOApXj/jN+qO87CkSPsdmPeE2jWe8J9it8C5VRWk6q38ujTAAAAFQDs2Qk/TuSKzplnbVapXMXFqbtw/wAAAIB+ny8M9hy+HMQIy1zrp8ggRbzYDcd/k+2iryWU91fg0CU761ZSD3PH4yqa6EZ8+74qwjttjwdEgWq9H4ccAFktLpLeQ5Tr+jvxdeChRcElbuYDNC+vE/ASI63Lxk5xKXfQYayk8pyP0i5FSpYp9PMQnyrZiODPnsu0wPR/xC0v7AAAAIB0qVZBPZwGoPSF0XRmcIIXPCWGZkUl2RbT8ZJyLsg5VQfqi/j7403NOUieydx3sW3R0r58UeIAVNhfPQMGkNp9ft2nzk8eE5OAIZinKb5ozOPm9O6Dj1pE6lG9ZvVwNXAlC5zS7jcVPwXaj6zNaOkHgfCpDWCzsurI84h6KWpZoA== root@extranet
diff --git a/.docker/config/ssh/server/ssh_host_ecdsa_key b/.docker/config/ssh/server/ssh_host_ecdsa_key
new file mode 100644
index 000000000..fa2d15e4d
--- /dev/null
+++ b/.docker/config/ssh/server/ssh_host_ecdsa_key
@@ -0,0 +1,9 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
+1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQRzsJmlJjWrmyn9xLQj2y7TdqX1cS2x
+WHusCEO1c/CjUn+gK/fLPicmVF1RsuqJ+hqFGxOKqHHSTKtzgZBMk4j0AAAAsB3y+3Qd8v
+t0AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHOwmaUmNaubKf3E
+tCPbLtN2pfVxLbFYe6wIQ7Vz8KNSf6Ar98s+JyZUXVGy6on6GoUbE4qocdJMq3OBkEyTiP
+QAAAAgTVhrbxB1wGmOhpY/SKh/21zI+682tVUj1kAP7MUwMeAAAAAWcm9vdEBmbHVpZGJv
+b2stdG9vbGJveAEC
+-----END OPENSSH PRIVATE KEY-----
diff --git a/.docker/config/ssh/server/ssh_host_ecdsa_key.pub b/.docker/config/ssh/server/ssh_host_ecdsa_key.pub
new file mode 100644
index 000000000..832bbd7ab
--- /dev/null
+++ b/.docker/config/ssh/server/ssh_host_ecdsa_key.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHOwmaUmNaubKf3EtCPbLtN2pfVxLbFYe6wIQ7Vz8KNSf6Ar98s+JyZUXVGy6on6GoUbE4qocdJMq3OBkEyTiPQ= root@fluidbook-toolbox
diff --git a/.docker/config/ssh/server/ssh_host_ed25519_key b/.docker/config/ssh/server/ssh_host_ed25519_key
new file mode 100644
index 000000000..252a296a3
--- /dev/null
+++ b/.docker/config/ssh/server/ssh_host_ed25519_key
@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACBh5gRbUVdUBUrFjacwO0gclTe8ftAXHlR+icwrqQsoRQAAAKDsSyo97Esq
+PQAAAAtzc2gtZWQyNTUxOQAAACBh5gRbUVdUBUrFjacwO0gclTe8ftAXHlR+icwrqQsoRQ
+AAAEDb28yvjXwNNePQG/X5VGZRtXDpigdVUbJR8tEfMEVmn2HmBFtRV1QFSsWNpzA7SByV
+N7x+0BceVH6JzCupCyhFAAAAFnJvb3RAZmx1aWRib29rLXRvb2xib3gBAgMEBQYH
+-----END OPENSSH PRIVATE KEY-----
diff --git a/.docker/config/ssh/server/ssh_host_ed25519_key.pub b/.docker/config/ssh/server/ssh_host_ed25519_key.pub
new file mode 100644
index 000000000..a9feec3ed
--- /dev/null
+++ b/.docker/config/ssh/server/ssh_host_ed25519_key.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGHmBFtRV1QFSsWNpzA7SByVN7x+0BceVH6JzCupCyhF root@fluidbook-toolbox
diff --git a/.docker/config/ssh/server/ssh_host_rsa_key b/.docker/config/ssh/server/ssh_host_rsa_key
new file mode 100644
index 000000000..21a19ffd2
--- /dev/null
+++ b/.docker/config/ssh/server/ssh_host_rsa_key
@@ -0,0 +1,38 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
+NhAAAAAwEAAQAAAYEA48blEj7RvFbA1CmPoTYRPMxJdxYmTgk9q3EpW5OWCeM0xxfQpH8l
+0Xavlwxxd7g1VASo6hTG1mWztef3guJrBCcRJPlSa/p27CUtrtRhUokafedBuxFxScgkL4
+EFgS+/Ja778VKEb2C54I5r7lbE0KyxMAqM+w4MZSkhgNjbgFyA3cZU3vgj4zHxnMQGDtUz
+zDqQbjwttV9eieXcdemgHPK8HVw/sByirW+7m4UNk/PS1EQ7uLhmQ0vNlHeI0TLTHHhSqB
+7i7Nb8vhOtTnzdeQkS7LQiE3K0yza1Wo32Yb/3paqMZzoCOCMGDBbHctg+oqxvV0C4NDQ3
+/jVJ9VpnFWKXdl7Y53r6+PzCTxhaxb/KE6jnGLrd4J1dQHiDSmWGaSpaGF8mgWhBA2pLt0
+uVGnotkkqSO/zGt0GAFHGQJDKptN9Zs4PBsAFOvSs2t97V3/BtFM7XLmo+yz/HzF9E7iHc
+Rj1EHkjTxVY7jW0lGMszl11S0a5W5igz1AMXW0RRAAAFkHqJny56iZ8uAAAAB3NzaC1yc2
+EAAAGBAOPG5RI+0bxWwNQpj6E2ETzMSXcWJk4JPatxKVuTlgnjNMcX0KR/JdF2r5cMcXe4
+NVQEqOoUxtZls7Xn94LiawQnEST5Umv6duwlLa7UYVKJGn3nQbsRcUnIJC+BBYEvvyWu+/
+FShG9gueCOa+5WxNCssTAKjPsODGUpIYDY24BcgN3GVN74I+Mx8ZzEBg7VM8w6kG48LbVf
+Xonl3HXpoBzyvB1cP7Acoq1vu5uFDZPz0tREO7i4ZkNLzZR3iNEy0xx4Uqge4uzW/L4TrU
+583XkJEuy0IhNytMs2tVqN9mG/96WqjGc6AjgjBgwWx3LYPqKsb1dAuDQ0N/41SfVaZxVi
+l3Ze2Od6+vj8wk8YWsW/yhOo5xi63eCdXUB4g0plhmkqWhhfJoFoQQNqS7dLlRp6LZJKkj
+v8xrdBgBRxkCQyqbTfWbODwbABTr0rNrfe1d/wbRTO1y5qPss/x8xfRO4h3EY9RB5I08VW
+O41tJRjLM5ddUtGuVuYoM9QDF1tEUQAAAAMBAAEAAAGAAso9JJHR6ltqrb6blIcvw12iOb
+vy+Ko6z+aJMea3JARdMWIci2NGUJBCWtiLbEK8nnyXIBTkkZw5zQzcFoWU935OArSuGoX9
+HmvfKSDPV144DZo/Tx4J0/RIYy+SpHA0CG9iBST0W9PkuvgroMX9z6uJ2ROMAgg8RSHxl9
+0wJRyc9Hp5MCj8cYw7UCcDhvt8ELCX8823Zp0WMJy47FXSAQDFJpvqaMsVAAhaFS/WSH1o
+U/LJA3x4vjLHwB2NtrhHYUtfOPL4g1ENAUyFxtPQv6Og6KazVtOJxnYB8/Cr+sbqzrMdED
+Kwxgm1M2fVrf7Ly1IEQSn4m4T2VkBVy/wBEhYOqTlpkG111sNIukAdcOqJWFnDD/Jvdcmf
+9za3EkY3EjpSp6JV1N2WkQU8pgQ7HDH6p9Mf4KU5GaUG4pFsIM/+DW2ABl75pow8WtJu9t
+gpcyiDzYY+SWG1h5Ysa0ecHIeAbblYXDrIHnJXuTvioLPapedMT+Ryf9JkMb16pPWxAAAA
+wAQHIYucyrZL7236SOR4kp11ggFkY1gOfS3CxqMgAFrc6rq7x0uXIvCs0P10WClfurZl3P
+trMcV5OXYKm59z5HdLO0Ftl/iWDxovbK5pYiNqyTO+csC8zDWbsklhPpBWmiOo6Foq5sd6
+NCELsYLBwWNHmOhUu+vrgbJHKyE1kkg2k6ZCChH8//noFZgw1n65nD2WQ3jNOThw6jPBhc
+Dq9Fvfei2ecIPDw0nahJNKYZBLj8sXoAcZKy1sbAJ8dASQUAAAAMEA9sYTnORN4BT0maAF
+Z7hGXFRPAwMkTA1derAJrr9poS/Znz/1zppx0BgVxrThY82kglPnRuCe5Ym196qevmFH12
+a5gZsGA627q6woa68+xnKM/Vlwey1Z+20DvRY4ZJ8eAbZ25g0Kg04sYjBv5nko197cIWVE
+LcE8o/aoSvpDyfgF5feU3LkJ0Q/Inmb551phUPBcKrs3OcJeSIQSX2Xo2OhKQK5PwBMsET
+AcOZiZN2r7JfzKWDLdv98+2dJltr2pAAAAwQDsSv7r6iaeE/ebeUrUUmYD81W43T4HiN3P
+/1LLGXAlm89gxWRZZkAMrsdqSMH/Q28d70T09RmMq6t+okCZVrPm9kl/EOgRehZ9q1US5d
+HDMgxpHIvV63ZFT65QONLp1FRU1KHqLALlA4ow4AiKdmD2cKHycNctiGWF+jsD929bYvHO
+QDM4iS04WjwyILVFg82reUMMqbq0KKmlB8PzYf6t8ZdfANsmmGdzlUkovljT6HClscjpfo
+mRJxF6LL6T6mkAAAAWcm9vdEBmbHVpZGJvb2stdG9vbGJveAECAwQF
+-----END OPENSSH PRIVATE KEY-----
diff --git a/.docker/config/ssh/server/ssh_host_rsa_key.pub b/.docker/config/ssh/server/ssh_host_rsa_key.pub
new file mode 100644
index 000000000..72ebaddf2
--- /dev/null
+++ b/.docker/config/ssh/server/ssh_host_rsa_key.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDjxuUSPtG8VsDUKY+hNhE8zEl3FiZOCT2rcSlbk5YJ4zTHF9CkfyXRdq+XDHF3uDVUBKjqFMbWZbO15/eC4msEJxEk+VJr+nbsJS2u1GFSiRp950G7EXFJyCQvgQWBL78lrvvxUoRvYLngjmvuVsTQrLEwCoz7DgxlKSGA2NuAXIDdxlTe+CPjMfGcxAYO1TPMOpBuPC21X16J5dx16aAc8rwdXD+wHKKtb7ubhQ2T89LURDu4uGZDS82Ud4jRMtMceFKoHuLs1vy+E61OfN15CRLstCITcrTLNrVajfZhv/elqoxnOgI4IwYMFsdy2D6irG9XQLg0NDf+NUn1WmcVYpd2Xtjnevr4/MJPGFrFv8oTqOcYut3gnV1AeINKZYZpKloYXyaBaEEDaku3S5Uaei2SSpI7/Ma3QYAUcZAkMqm031mzg8GwAU69Kza33tXf8G0Uztcuaj7LP8fMX0TuIdxGPUQeSNPFVjuNbSUYyzOXXVLRrlbmKDPUAxdbRFE= root@fluidbook-toolbox
diff --git a/.docker/config/ssh/server/sshd_config b/.docker/config/ssh/server/sshd_config
new file mode 100644
index 000000000..f9386d2a9
--- /dev/null
+++ b/.docker/config/ssh/server/sshd_config
@@ -0,0 +1,115 @@
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+
+Include /etc/ssh/sshd_config.d/*.conf
+
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+#PermitRootLogin prohibit-password
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#PubkeyAuthentication yes
+
+# Expect .ssh/authorized_keys2 to be disregarded by default in future.
+#AuthorizedKeysFile	.ssh/authorized_keys .ssh/authorized_keys2
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+#PasswordAuthentication yes
+#PermitEmptyPasswords no
+
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+KbdInteractiveAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+#GSSAPIStrictAcceptorCheck yes
+#GSSAPIKeyExchange no
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the KbdInteractiveAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via KbdInteractiveAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and KbdInteractiveAuthentication to 'no'.
+UsePAM yes
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+X11Forwarding yes
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+PrintMotd no
+#PrintLastLog yes
+#TCPKeepAlive yes
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS no
+#PidFile /run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+# override default of no subsystems
+Subsystem	sftp	/usr/lib/openssh/sftp-server
diff --git a/.docker/config/ssh/user/authorized_keys2 b/.docker/config/ssh/user/authorized_keys2
new file mode 100644
index 000000000..43c5e7d4e
--- /dev/null
+++ b/.docker/config/ssh/user/authorized_keys2
@@ -0,0 +1,3 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDwuvRRPH1/Xph5kTo77b/OBRbpumjmu8EZ83h4wFPeg5oy8EpsMKSevYpXWmEuZuUL34HJdmY1WYb+EecUpcOYM1DfLJwGcD324chf7qddpt/85y/fRyplJQNkWcgzUAppA2AXHR21xgNPsqpMYbuIJmqcAAzGLeBznq3TB/sQqSXkoOqcyZxCXPAr4f+UmO+QG7Ct2iuXDjENEiQ3/Ckn4P9bCKNFkol9qQTznM5NN8x+nxU4+Kpkefxr3mhx6Cxl3K2raa5Yq2BzcXXQQR7eJBoqDEJpGcdAybO5IyMeB0LBXIrsSXy6e4zTj0Aj9k7Kr7ilh5eoJ20T4OvO3KFF stephen@cubedesigners.com
+ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAtabxRZZMjtmq+r8uXsBmfLgAtkxqwigGpx0e6Mx066ukIWIafFsguity6aV5QNI4UfxXnX3QXROcWeIiyLBV4yDGxuq7ah4r0X1CjqHUvHoGpXwJ2DIWPeaa8XyXnavmj0SNtKn0f1T+oJS0fcryUTLyxY7eOgNsr+pp1fVmgca9Efj0BKUXV/SUIjp8JX3x0/E/3PAqG81zus2SxzuOO1b0FKXDq43Gx6Ov3Ok7+Pje4G4pB56rJiiXlPxrBlY0e8Pz/7+kFF8izCiztJLtZig32Dx0HbLYGtSvIPJKYxK8DDD/RWWpL3mgNPYZ2PE3wHf4c7CTlxLCDP+NeRS1yQ== vincent+2021@cubedesigners.com
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDwRQkEWWqc1KbEyiTxR2doyaYccrlVrtpFETuzoB9QaBp4x+Iz948f1l7s4t+8JKU+AomYoPM7sDNoSaUihMxBz7zsI0HH41Bw5my1X0ugzt6dEPpR6VL31/DMeDRDAvJWH/kCDBjxclOJVv52E8sdPqvsKo3VeCZz1gdw0I+AEVFaTtZGFyXUW5/7iPi6kpxkPOoO83+7Ijb+Jdso/KT99Hp+X6W0NsTUpQiRt4+Vp9AKl8hXfPYzx2Nw86w8Lw/nIp6rwJ/c/ZmgCZFMEN2NrRbfQtV32E7c2QT25ljwNRfNc/wjzH4QJgTB2TPbqid01w/9EQr6G1wcqD0zZZeUe+Fz/rXo/sJkhlTIrvfO4pJx6IS4x+r1pTBECOt++9+6MhiBHUL2TsIUQBu52QPXqLfUP8S/HjPgDNA0bUM7S7t8jBIHj2MuVKIDqWgcSIV4Gcs38aMy2mqR4lh0i1bM7eP2MQfbK3Q1hpHzJkuUiZx9gHgnaie+AA14srMW16k= root@her.cubedesigners.com
diff --git a/.docker/config/ssh/user/id_rsa b/.docker/config/ssh/user/id_rsa
new file mode 100644
index 000000000..4770249ab
--- /dev/null
+++ b/.docker/config/ssh/user/id_rsa
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAt7xzRO52uvGlDxcACuId1Vvj0eBmWi7Ewncki3bfPe+IypbT
+A31nRGzP/5kDpuJziw5D5G5/k19Brkzbv0pxUz/6pxu3vqfqaobmK78PQhwR7bBq
+D2UtWVrOd8Ll27iZmE8yTGjFfnYm0Ydq1/7sx+3QTVUCTBhXEJI66v1J4SU4CmT6
+a4cdrQ1eEZu9hlx+CTovsmrrTO4yttYKcXRVCcu1WjWjwdYqnAopJ/obQjbNZ/AY
+1UcADDyPQAenhIH1+vA8lRfNExi8lsZQrphTmVwxC4Tp3ibTtMxTEhLgVV2z5tnz
+atY2jGnqoJmakImTTNKOIalv2S3ER9JPoBlxxwIDAQABAoIBAGykogRAfTRNbqxd
+jUjiK4Hds/iGF/97aB0VFibhQ1/8I4anaF7H6Cgtr1ATynUDsg6ngL2yGP2rdcr6
+53VVL21qh2wIl73EzHfxDGkRsJQGxRMnHY+84/PSHgPy2rfxj+Df83369cyxUILU
+7/iIZLpThLg1bAZS3iiOTwhkfSsDNci1A1tGg5xDBEfydNCYF704wufyR6tDAZMg
+2EwadCsEtAltD9HjkFscGKoRkrbMq0t7IS3huqElqJv3kUxmaXFLBj4PZltUOEp3
+6NuGIXz5oNr2Ny11ZtOoyTVn5SrGq/ijbKA3UjEqtrYTO2zbqQ/nhCIIX6o7k3zp
+gZF8iAECgYEA6eImFX2r6d7emCCS8dO61TyWTiaipEgHo7Z/BP/CD6x9f9QSp1yd
+L/AJ5afKGE2c75J1OqLikP7LIgq5kSc6SmYYY8J6etohZ5Z+vWvnJyvAZkgGL8U3
+E6dm8IuOnLlkjga7KEALsoH2AhIBYMxYPlGc34+RG0+h/5QjjXqkOucCgYEAyRxW
+EW0NGVzUtxJI3rQGpsGJ4Og7zsBWg3CTMYpOR3E5SYNhmoa015bHeqJdsblqE8qo
+BeEyfPxRcQCql0oZBNhawbh4TDuJ6TKyM8rxdSCxXmSjLbTdA216VW5N+KbjOVQT
+IdC144kZYQwZD7K0rNhuajoSZmIL452Bh59yFiECgYEAxjBkE0wGFM1OFN1th8zi
+gnWv7JOiuNFs39bytdrAqKWDR4H/OKErdgbTbC+N+qAyP3T9L+39Td8LZVJvQ0hZ
+hdgUDN0tCtOzAOOvjHZWT4Qsqr+Xtn1JGbd+bJHmDHqxcgTULdxvzRmBzOlTD6K5
+mD1yUKOI0/rcDQaMRgRKDLsCgYEAijpMuft/VmBk4FPT/CY2sCU0VH6qpOe0TvFw
+akuKlDYxTuLbki9mWwwKnbK9vWsYivPu2uO3JQr0Gzx/BC9s1NS0RJQ7MwJ1PvCW
+ZVzm6z+GSb/YHJFEm5eCzvda5j4mzX+JCuP+MJ9J71c2XoDRCEBWW/MANJjNXSwk
+HIiuDKECgYBEP2JJ1yOKH4rxkGkRJklOqfpF/dUXVyCDs64E1701AptfK+rKjay7
+eTZGuT6pgCqtUAeXS7sb/5QlYOOoJ8YpzCo1TH+KtPS9nZBxir+a+Ui6s9lxcUcK
+sbqfaDYxb3dHUevKhOhUIDJLXehq9sw0+zETDM6zMnBonoFcvTBEhQ==
+-----END RSA PRIVATE KEY-----
diff --git a/.docker/config/ssh/user/id_rsa.pub b/.docker/config/ssh/user/id_rsa.pub
new file mode 100644
index 000000000..2f7a68c96
--- /dev/null
+++ b/.docker/config/ssh/user/id_rsa.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3vHNE7na68aUPFwAK4h3VW+PR4GZaLsTCdySLdt8974jKltMDfWdEbM//mQOm4nOLDkPkbn+TX0GuTNu/SnFTP/qnG7e+p+pqhuYrvw9CHBHtsGoPZS1ZWs53wuXbuJmYTzJMaMV+dibRh2rX/uzH7dBNVQJMGFcQkjrq/UnhJTgKZPprhx2tDV4Rm72GXH4JOi+yautM7jK21gpxdFUJy7VaNaPB1iqcCikn+htCNs1n8BjVRwAMPI9AB6eEgfX68DyVF80TGLyWxlCumFOZXDELhOneJtO0zFMSEuBVXbPm2fNq1jaMaeqgmZqQiZNM0o4hqW/ZLcRH0k+gGXHH extranet@amarcord.cubedesigners.com
diff --git a/.docker/config/ssh/user/known_hosts b/.docker/config/ssh/user/known_hosts
new file mode 100644
index 000000000..59c896d8f
--- /dev/null
+++ b/.docker/config/ssh/user/known_hosts
@@ -0,0 +1,56 @@
+|1|3IVVBxZXULg3/WOtSN48ccHM8CE=|kgSZNXrlf9Na7pr0Rznwc72BIF0= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAqGqBPO6XTFdvWPXvJPAGMYfugcbPp51KXkVH7NPMmdKeo6/Q9xbBajJmlXRh3jAeeCOehZ8C3acpMFIie0iFcECBaHNT+fElEN45AMRpnP2OHkZUdm9VtbT4FrHhHJKgHh/GHn4rx3PJWO+bPoPHFu3oyn5pDKAjA6Lzb8uqA34Oyv3aDySKgBx9rORzeOI58AFnldOEOsCnJNkF3/3lgbt+h70Pk42ks6gxcOCQk4Ag47FqrZ7jrqKo+qnZW0ybIcXuuJdNh2CPEzLHvCXDppBuVKTYKsF57i/yDYheq4cXTvztYaW9DEwClnJULYX0sEzZaDSAR9wQyseNb3z7Bw==
+|1|79Gj1cwpFZ5sfN3wlkBoZBTiJoQ=|l5GsQWwZJ2bYPekKCOO6qXfG3QM= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAqGqBPO6XTFdvWPXvJPAGMYfugcbPp51KXkVH7NPMmdKeo6/Q9xbBajJmlXRh3jAeeCOehZ8C3acpMFIie0iFcECBaHNT+fElEN45AMRpnP2OHkZUdm9VtbT4FrHhHJKgHh/GHn4rx3PJWO+bPoPHFu3oyn5pDKAjA6Lzb8uqA34Oyv3aDySKgBx9rORzeOI58AFnldOEOsCnJNkF3/3lgbt+h70Pk42ks6gxcOCQk4Ag47FqrZ7jrqKo+qnZW0ybIcXuuJdNh2CPEzLHvCXDppBuVKTYKsF57i/yDYheq4cXTvztYaW9DEwClnJULYX0sEzZaDSAR9wQyseNb3z7Bw==
+|1|JB8CpLWqmxSPxOODwUlZ3BNWNm8=|YNelVJvU8nVRuZtsjEv9tjXi5S0= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9IKKQQsmGCFUJwYTCJ1uEavuYtCVoKni0Hxx6QsxkyP73ehJ/mFucqbwSdgNWLPmuCnRtanHtzb1/pFxi6Om9BKVND0mp8WkAoNIVAt57FkWZ6QacfoPJ3PGeTt+jmEkRX38qrnGqsIzaAVQLNXmDQWsgS1wWl7O/tBBNr4kF4FPXeNvfhvqr32m81UESCgomyPIGFvEoVLSbHLfGIKR2iQveR02k73T1ZYJOdsY40lBl1Qukdgl3a/MtyuuNp6Y5Y1UsAFAgHw+65XpAPE+mIHfVVq61AB1tqO8YclYVc1EcYe0oCXX0pEVAZ6ovgOQp5vwi9XXamdLQwxhCC6Nv
+|1|6gvpL4YUhLcoIL7jdxOH1IUlytU=|JBLgxV+tWJTqGZIwx4yzgIw+99c= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/7+EoVIn+sUMZwhBNCz1J7U+dJbUmsV8R7F7JhOIeEMzTb7ZEgV3ai12Rqysi6ig3UkBztsRZWXFmXtBC5BmhB1axfMMIdJLNzX5dZLxT0Py8Sm8i2Xh/JoaiqyVaa9Om+Hd8G+94HDQkelW4bEz1EPLOo021Mja5b8N2P7W47H4ajYZs1IndabjXldG0e4yOu0Yt4fTF+UKc3vD0TgibpJlfFvyEWYIJmvYxwc23IlTut5HxxLDuUmTScFxw08xJibuE/W0fz2+vT8iVZH5ycw1UTb9CJQYI4/jqWMAgF/II7WToZ33CNSfkNKucwOggoqqiq++yx20FxC22l1pJ
+|1|Uea6nsxny1zmqQunea1mVrMhj2c=|Wq5ajXUFSpG2nMQYW3q7JWOVv1A= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/7+EoVIn+sUMZwhBNCz1J7U+dJbUmsV8R7F7JhOIeEMzTb7ZEgV3ai12Rqysi6ig3UkBztsRZWXFmXtBC5BmhB1axfMMIdJLNzX5dZLxT0Py8Sm8i2Xh/JoaiqyVaa9Om+Hd8G+94HDQkelW4bEz1EPLOo021Mja5b8N2P7W47H4ajYZs1IndabjXldG0e4yOu0Yt4fTF+UKc3vD0TgibpJlfFvyEWYIJmvYxwc23IlTut5HxxLDuUmTScFxw08xJibuE/W0fz2+vT8iVZH5ycw1UTb9CJQYI4/jqWMAgF/II7WToZ33CNSfkNKucwOggoqqiq++yx20FxC22l1pJ
+|1|CXic6YjQjVPYsCXH/qkhlh3M0k0=|BhcTCPYg9r1J2l6G2t43DNy73a0= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/7+EoVIn+sUMZwhBNCz1J7U+dJbUmsV8R7F7JhOIeEMzTb7ZEgV3ai12Rqysi6ig3UkBztsRZWXFmXtBC5BmhB1axfMMIdJLNzX5dZLxT0Py8Sm8i2Xh/JoaiqyVaa9Om+Hd8G+94HDQkelW4bEz1EPLOo021Mja5b8N2P7W47H4ajYZs1IndabjXldG0e4yOu0Yt4fTF+UKc3vD0TgibpJlfFvyEWYIJmvYxwc23IlTut5HxxLDuUmTScFxw08xJibuE/W0fz2+vT8iVZH5ycw1UTb9CJQYI4/jqWMAgF/II7WToZ33CNSfkNKucwOggoqqiq++yx20FxC22l1pJ
+|1|A8NgqsDMpVf0ns3j3hYJ4PQdffA=|+vb9SJgj1SWQcYY3VRQfkqtHack= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/7+EoVIn+sUMZwhBNCz1J7U+dJbUmsV8R7F7JhOIeEMzTb7ZEgV3ai12Rqysi6ig3UkBztsRZWXFmXtBC5BmhB1axfMMIdJLNzX5dZLxT0Py8Sm8i2Xh/JoaiqyVaa9Om+Hd8G+94HDQkelW4bEz1EPLOo021Mja5b8N2P7W47H4ajYZs1IndabjXldG0e4yOu0Yt4fTF+UKc3vD0TgibpJlfFvyEWYIJmvYxwc23IlTut5HxxLDuUmTScFxw08xJibuE/W0fz2+vT8iVZH5ycw1UTb9CJQYI4/jqWMAgF/II7WToZ33CNSfkNKucwOggoqqiq++yx20FxC22l1pJ
+|1|OjQ1Mm5cchDnVBEtOlqfz7LTLrg=|k2r3tfhHXBBXKfFgWuuw5u4jpWc= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/7+EoVIn+sUMZwhBNCz1J7U+dJbUmsV8R7F7JhOIeEMzTb7ZEgV3ai12Rqysi6ig3UkBztsRZWXFmXtBC5BmhB1axfMMIdJLNzX5dZLxT0Py8Sm8i2Xh/JoaiqyVaa9Om+Hd8G+94HDQkelW4bEz1EPLOo021Mja5b8N2P7W47H4ajYZs1IndabjXldG0e4yOu0Yt4fTF+UKc3vD0TgibpJlfFvyEWYIJmvYxwc23IlTut5HxxLDuUmTScFxw08xJibuE/W0fz2+vT8iVZH5ycw1UTb9CJQYI4/jqWMAgF/II7WToZ33CNSfkNKucwOggoqqiq++yx20FxC22l1pJ
+|1|BnxfVgZBBlN7XTDhT0lEF+Zfaxk=|xd+kTDGYOXcR2XM7AtxA5uzbeIY= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKwJElTYlGbB3mkZmRORB1sidkB7c7M0cVjsxHB0/0E9HgvnoFU3n59w/250s+AQvgxd1yVCFTVvoKuenOFsrO4=
+|1|Fg32JjcqpbD8G8iqS2/uBg/9utc=|lP7P37zRHrn7tN6gRWdRJIGIrQA= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKwJElTYlGbB3mkZmRORB1sidkB7c7M0cVjsxHB0/0E9HgvnoFU3n59w/250s+AQvgxd1yVCFTVvoKuenOFsrO4=
+|1|JK0UKVXeAaqmtsXO+FE09tboyUU=|+6hN9wY1k4g4vRq9EGEJXfnvy+o= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPYP64CSI+tBizZ3/ooWRuKAqElrfO4sgjjeFixkctKtY8AX/nvRBGcbt04GLz0s7MAWC/fD8IHx6hcfMJFIVZE=
+|1|Mk2DCVcx82lnw6pHPwwBPkDZxCs=|cNjaLJfVZIIgUCDoA0NkvqorccA= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJeLh7OP6Mm9daVphpXKuy4X4xfRdfbvSv07qEpzJOurT9PYkYZ3/j4TU9RtnwYoBjUlJRd9/RnqM2FI65J8Ry8=
+|1|szICOSWCm2u6BXcKG3yiO8WPddM=|JsMpAskGQWAkJnnE+FJhimT9ZUg= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIwustnnEdkm0E6FGbyJOZjOx6L4OitNv8f8IALrYUbUAchWJkZMO+YamJELJNIfrcm52LcZHZJhJ4GEaTLHa1vs7pBF9S2RExpCfAhMFy0f6nL/Wc1n8oEePQX9t4xtHLtkdVqQ2ltjiy74zrNIwsMffpYnNgF1Zbexn+DkSzRSvngMKbt/gJEVBNvKCAuzydEMfjWzgi3sr0fKOvAgMLvK97I5adBHBAn3A9ex12RCGKAPqkkwKeKA6KcP0Uu/fsaXGZ2fy4Gm4Lb7WpZKFod7qIApDlFP2qeToMoItc2SirMULmGiWNvfa+zk51bNl+dwIw9jMdS648wYIcZNy7
+|1|azs4qvB1uhtyask+/kSuwMp9pqU=|ErvvSESJuf5tp8KH62zHgGv5FeI= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIwustnnEdkm0E6FGbyJOZjOx6L4OitNv8f8IALrYUbUAchWJkZMO+YamJELJNIfrcm52LcZHZJhJ4GEaTLHa1vs7pBF9S2RExpCfAhMFy0f6nL/Wc1n8oEePQX9t4xtHLtkdVqQ2ltjiy74zrNIwsMffpYnNgF1Zbexn+DkSzRSvngMKbt/gJEVBNvKCAuzydEMfjWzgi3sr0fKOvAgMLvK97I5adBHBAn3A9ex12RCGKAPqkkwKeKA6KcP0Uu/fsaXGZ2fy4Gm4Lb7WpZKFod7qIApDlFP2qeToMoItc2SirMULmGiWNvfa+zk51bNl+dwIw9jMdS648wYIcZNy7
+|1|W6ssvgu/Pw03xLcqTEXbcnIka8w=|9FbEBUU+S605/ndSN1f611WQXP8= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLOqdqX9xy0b2tPgtANigsFcYNt/p7b5FMhZWeN6vx0VInFpMsZDoM7+lcpeUb+wpi9bs7WLXQUGs7VelYocjII=
+|1|4qud+Pr10Vz1fhpUKmunUlm+9kg=|PGblvhJvPTlM/mmIPaR7Cm5hIzY= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBUmAzVaD0rw86Z2y6z7eTY5bC2jwg/UBmNL11uDNjM6
+|1|7Je9LMj8dW01Ujd4XwgFSRuy8B4=|pRykMkdqaN68UFxStxpBvh85aaU= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBUmAzVaD0rw86Z2y6z7eTY5bC2jwg/UBmNL11uDNjM6
+|1|A5z48bDvnhWm6ZVowfPONCogMmo=|+05MEl1MREuhgzccYf+k6DFLotc= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHWYd5yPqlxB5DFpwCnboloHXan7fuXZXvPsf9sg1DflTMcDBiMQByVFiQLo52C05CCbb2N9sr0KjQ1RC/86R98=
+|1|jAiyVJJ2D/C9BOEzcU+PA2I+JBc=|HdhP5+tIldDp4z8mgzDVOJtP0i4= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIANFl2JCSaJevMwQgEbkSTskRo9sEPNbPcaCURgxDu6q
+|1|LVweLKLBsyUmx8UJHbqzKkq1ZNs=|B2xMwTg2g1LtquygF3ftkYDAYYs= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBUmAzVaD0rw86Z2y6z7eTY5bC2jwg/UBmNL11uDNjM6
+|1|5h/ZI07cOIahqG8ZXlwL07csAng=|qBlVMasAWjyEH2OlbVAQYBb/GOE= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEGI/UefTFGQMkNX5fjbcI6ZIwDbOvWi0Pu2NAdrnqMI7OEHbFZ2PZdyOFkOvg+r6L989kt9xX7UDC4hb7YbFXI=
+|1|TyPofypGFkvVPkgf0VPHku/it7E=|SrGBcMs+gITKdRnDYAznuP63K1g= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEGI/UefTFGQMkNX5fjbcI6ZIwDbOvWi0Pu2NAdrnqMI7OEHbFZ2PZdyOFkOvg+r6L989kt9xX7UDC4hb7YbFXI=
+|1|1126l6G+5eWpyt6IdlJkxl+BTCY=|BKXnjXNzcawljQpFoTGcVXghxbY= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEGI/UefTFGQMkNX5fjbcI6ZIwDbOvWi0Pu2NAdrnqMI7OEHbFZ2PZdyOFkOvg+r6L989kt9xX7UDC4hb7YbFXI=
+|1|xjWEULYYILhbC6bxVj4QHY8zSIU=|DmvZydVvC/Ub3JxXf7Io+wF1NNE= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEGI/UefTFGQMkNX5fjbcI6ZIwDbOvWi0Pu2NAdrnqMI7OEHbFZ2PZdyOFkOvg+r6L989kt9xX7UDC4hb7YbFXI=
+|1|t5LTHqQ9UtmJGKXY/oXsiDAbWjY=|oxuNyGtrEFKfkq2OgFLC8ZDZNAA= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEGI/UefTFGQMkNX5fjbcI6ZIwDbOvWi0Pu2NAdrnqMI7OEHbFZ2PZdyOFkOvg+r6L989kt9xX7UDC4hb7YbFXI=
+|1|nhLwsXEFCFUpb3mwd3cvgbcKyoY=|yTnzVSfLnUS6ylPzwAdO5E8Zk3g= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEGI/UefTFGQMkNX5fjbcI6ZIwDbOvWi0Pu2NAdrnqMI7OEHbFZ2PZdyOFkOvg+r6L989kt9xX7UDC4hb7YbFXI=
+|1|+amZBmoTNV8lvrWIo6hdzaeW6Uo=|rNoMKmaeiWEgAX/fFsSstzp0L1Y= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEGI/UefTFGQMkNX5fjbcI6ZIwDbOvWi0Pu2NAdrnqMI7OEHbFZ2PZdyOFkOvg+r6L989kt9xX7UDC4hb7YbFXI=
+|1|aBdXxexDgVPYQsaUl5MDVfWPoXM=|MQPc420PQ7lQ33vvKfoUSVGYF48= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLUeUcxDMT/9EmZ5HR9ZspANuClSEuabhCXQKqudEqyatg6Zlg0mrRoNV/rG1jmw3yyBTnfACfFhSwSTWsApwp0=
+|1|yXcm07b0rV+Vd+0JlLAapRggqbg=|8JL8yvNw00WjLAGIdfRMEl+5W20= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLUeUcxDMT/9EmZ5HR9ZspANuClSEuabhCXQKqudEqyatg6Zlg0mrRoNV/rG1jmw3yyBTnfACfFhSwSTWsApwp0=
+|1|bXruBwRG47+1nsj6BBaJWNQbXyI=|SBHm20MGcP6FNFHiXSYeVU5jcAI= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIcf3EkFhhbkL74VV3dG/ZN6X7Do+JDfzw0l7VJX6EmuTM3l2oNdg5jDp4vRHT8c9SKVe/JumeiAkIa/h6fVD4Y=
+|1|DuHmn7aqZDHihuIgaK34MPl9new=|5sAYc09JmnMpNmxqIB3FlUnMNM4= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIcf3EkFhhbkL74VV3dG/ZN6X7Do+JDfzw0l7VJX6EmuTM3l2oNdg5jDp4vRHT8c9SKVe/JumeiAkIa/h6fVD4Y=
+|1|e/eXj9j6o2Ae8lQKYwvDkSZwIqs=|lvP7UWwCudtoa543DeGMSfr0M9o= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNOnVdhduDkhosibtcgg9CM7GMUjBLFPz/sQHEbGtzBaFBKFCIzgWbiaN/9bAu9bkiFrfcIuTLklD7pyiGH7DYw=
+|1|BnSbTMCwg4/xW9/mbjFOFpqyOv0=|tX1tppQEqCgVEUR1sdHCJuhGx44= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOvpP7Wfp+QvXpn6uhmGHKiWMpmIs/4m93i3DdS0iEJ5qtY147Nx2Xm5N43mc7fR2DzT1cOifWyVu5brTeM7V28=
+|1|lb1wLp7UKxtYVfl1Sz6GZ8SZ3TM=|0NxvxYXqC0k3HUK/6oGZ4OBMUmI= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIh4YMXBzPm6skv/vNIM5o2fX87+BxIGBqayKN0Yt6BaTYkEUjh6YMTIjZaaRtv0OJYae50ZvA7hx0Sgcsz+pg4=
+|1|hcGrBWJV3jFU2Q9icCSM6nqZiYI=|+j2fP2bl3xNvjBeIyGm1VOZ1Y9U= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIh4YMXBzPm6skv/vNIM5o2fX87+BxIGBqayKN0Yt6BaTYkEUjh6YMTIjZaaRtv0OJYae50ZvA7hx0Sgcsz+pg4=
+|1|AyTiKE/O5JFwb5iTcJ49CsmGc5g=|pBSyS7bev1/c45f41Xo6WvMPKdA= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNNde7ObB2Q4zgKdLdnD94Jj7L0D/zVeYs11gOt0rLKzsnDVv5z9Vof4ymc1xAGh+IXeFGCERVsG7LoyluZ7aSU=
+|1|azC61snzpEWt6RFgQ3MmdI43Rk8=|dO5MibdFS5fPYuZwPwa+P/48t1M= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNNde7ObB2Q4zgKdLdnD94Jj7L0D/zVeYs11gOt0rLKzsnDVv5z9Vof4ymc1xAGh+IXeFGCERVsG7LoyluZ7aSU=
+|1|9hOelAm5gp0PgOJMz8pvUhr0O4Q=|1JY5lUP0qcY/nSh2AD8vGyFFdeE= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIh4YMXBzPm6skv/vNIM5o2fX87+BxIGBqayKN0Yt6BaTYkEUjh6YMTIjZaaRtv0OJYae50ZvA7hx0Sgcsz+pg4=
+|1|rTkfDZ2juQhpp59vVHat9zmcyQA=|+BGz6IkDhsbpDRvygLZqdiJYojM= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIh4YMXBzPm6skv/vNIM5o2fX87+BxIGBqayKN0Yt6BaTYkEUjh6YMTIjZaaRtv0OJYae50ZvA7hx0Sgcsz+pg4=
+|1|Z9oypZlgPtxdPOB0YoQPh0gJF+w=|aiqGBZcypAOiabZFvHNuFiNwuTY= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+Mn4735wbGXRTDDAx4hHc6PPytq067B9Dhk7jfh5Y0
+|1|MAbLLIerWNHEO4gG0Y/8UXaJIb8=|aJe5SrLdaNVHW0wjLzBpN2p+9yQ= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+Mn4735wbGXRTDDAx4hHc6PPytq067B9Dhk7jfh5Y0
+|1|eJUcrdux2A3Uks/7xdgGTHwfDZ0=|olrn5CjnV0motVzoGro6GUN30zI= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOvpP7Wfp+QvXpn6uhmGHKiWMpmIs/4m93i3DdS0iEJ5qtY147Nx2Xm5N43mc7fR2DzT1cOifWyVu5brTeM7V28=
+|1|BmFYIUzSRlOfd2YgWuPh6i/CQoA=|837lAkMkJyZMDmkvdzF0pgOMhpI= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+Mn4735wbGXRTDDAx4hHc6PPytq067B9Dhk7jfh5Y0
+|1|gsbbO8LvomIad7mJBlhRsrdxpao=|EBaC6cc66xA1ltRQtbCqHjV4+Oc= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+Mn4735wbGXRTDDAx4hHc6PPytq067B9Dhk7jfh5Y0
+|1|C+b8T0nJXzNe+eY3e5wXL9loZsI=|UclVRb+xGrbp+SRe81m4ngSzT4c= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+Mn4735wbGXRTDDAx4hHc6PPytq067B9Dhk7jfh5Y0
+|1|ZdcWTq/KqKWA/KsPS9LOadvUSeM=|Bv/XMe0oOc4GK1xl4WIGx44abOk= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+Mn4735wbGXRTDDAx4hHc6PPytq067B9Dhk7jfh5Y0
+|1|t8EmVmv70OzgBwLOtQ5yUrTZD6I=|zbw2rpHTL+6SziUFqMenyKsruNU= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFfdc+dxNFnjYXUgJ4FybxyM7JMBuy3U/llPOhDyKRyKkllGm1Ao5JxxS8YE5u6LGVZvGLDeT178FdCkbKiXn4k=
+|1|sfzJBm/GM+ssETBzO7W/0AZVbwU=|L0FqgovLIp6cSC5rQ68R7WQts6E= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFfdc+dxNFnjYXUgJ4FybxyM7JMBuy3U/llPOhDyKRyKkllGm1Ao5JxxS8YE5u6LGVZvGLDeT178FdCkbKiXn4k=
+|1|hgYTRdy0aciJu1ErQoZ2T0lsgO4=|7T0IuuEMD93drXELHXpvCnkW7+0= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBO58Sl069DltxV+qe5/RH0U5lfhzmCxPZkn+OtK7xaM/TUBW7AR4BSEFlB6a0H2g9mDpaLf9pcAAs2R9piOH7oE=
+|1|ZC39ZwmyoybZyFOHCZZ3o7e+t9Q=|ZSP26RQPspgfWYPlDmUSHJ5C8+4= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBO58Sl069DltxV+qe5/RH0U5lfhzmCxPZkn+OtK7xaM/TUBW7AR4BSEFlB6a0H2g9mDpaLf9pcAAs2R9piOH7oE=
+|1|BrKGN+8Fb97Ub11H8JmtYi3k8Ec=|U1bk8qk1QHcUyuK9Eg09fHVdlMk= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLUeUcxDMT/9EmZ5HR9ZspANuClSEuabhCXQKqudEqyatg6Zlg0mrRoNV/rG1jmw3yyBTnfACfFhSwSTWsApwp0=
+|1|RHy+VvewmFiZBxA7YTv7lihtJbs=|+wm1qs6/Au0foAuYH+A3Q2lwNsY= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIh4YMXBzPm6skv/vNIM5o2fX87+BxIGBqayKN0Yt6BaTYkEUjh6YMTIjZaaRtv0OJYae50ZvA7hx0Sgcsz+pg4=
+|1|chY5NZ+8E3Z2QCHvKMFulLL8Z7E=|ojACImhNSrgMtYdpCLqgISFwyiU= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIh4YMXBzPm6skv/vNIM5o2fX87+BxIGBqayKN0Yt6BaTYkEUjh6YMTIjZaaRtv0OJYae50ZvA7hx0Sgcsz+pg4=
+|1|EmZ7B29Ivw6vXBlnc4XgrTLl9+8=|78a+bA6zcqZqT3mcCSA7DgfgtWQ= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEKmRybFZ/yMrtKp92N7MpKSByOo4TNm1yFa96mvH4ktgxG9Iw5LdRBELGknXZO0hRkysrblSsQ6Opu/8ZOdPuo=
+|1|JzPIYF8QCrSBS4t2fVId5Ym7Kyg=|0K3icsRiZpexNkPIchHkADj+UJE= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEKmRybFZ/yMrtKp92N7MpKSByOo4TNm1yFa96mvH4ktgxG9Iw5LdRBELGknXZO0hRkysrblSsQ6Opu/8ZOdPuo=
+|1|6wykuWMhStQ5Tv99aBiqb6H+zyY=|cl+8o5TNKooA36tWnHoIAOIvV4k= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEGI/UefTFGQMkNX5fjbcI6ZIwDbOvWi0Pu2NAdrnqMI7OEHbFZ2PZdyOFkOvg+r6L989kt9xX7UDC4hb7YbFXI=
diff --git a/.docker/docker-compose.yml b/.docker/docker-compose.yml
index 8ee1e7132..8df95b100 100644
--- a/.docker/docker-compose.yml
+++ b/.docker/docker-compose.yml
@@ -12,8 +12,6 @@ services:
       - '/mnt:/mnt'
       - '/home/toolbox/www:/application'
       - '/home/toolbox/www/storage/app/public/:/application/public/storage/'
-      - '/home/toolbox/www/.docker/config/php.ini:/etc/php/8.1/fpm/conf.d/99-overrides.ini'
-      - '/home/toolbox/www/.docker/config/cron/crontab:/etc/crontab'
       - '/mnt/sshfs/godzilla/data/fluidbook/docs/:/application/protected/fluidbookpublication/docs/'
       - '/data/extranet/www/fluidbook/books/working/:/application/protected/fluidbookpublication/working/'
       - '/home/extranet:/home/extranet'
@@ -36,26 +34,43 @@ services:
       TZ: Europe/Paris
       HOME: /application
     volumes:
-      - '/home/toolbox/www/.docker/config/ssh/:/root/.ssh/'
-      - '/home/toolbox/www/.docker/config/ssh/:/application/.ssh/'
+      # SSH
+      - '/home/toolbox/www/.docker/config/ssh/root/:/root/.ssh/'
+      - '/home/toolbox/www/.docker/config/ssh/user/:/application/.ssh/'
+      - '/home/toolbox/www/.docker/config/ssh/server/:/etc/ssh/'
+      # Rsyslog
+      - '/home/toolbox/www/.docker/config/rsyslog/rsyslog.conf:/etc/rsyslog.conf'
+      - '/home/toolbox/www/.docker/config/rsyslog/50-default.conf:/etc/rsyslog.d/50-default.conf'
+      # Supervisor
       - '/home/toolbox/www/.docker/config/supervisor/:/etc/supervisor/conf.d/'
+      # Composer
       - '/home/toolbox/www/.docker/config/composer/:/root/.config/composer/'
       - '/home/toolbox/www/.docker/config/composer/:/application/.config/composer/'
+      # NPM
       - '/home/toolbox/www/.docker/config/npm/:/root/.npm/'
+      # GIT
       - '/home/toolbox/www/.docker/config/gitconfig:/root/.gitconfig'
       - '/home/toolbox/www/.docker/config/git/:/root/.config/git/'
       - '/home/toolbox/www/.docker/config/git/:/application/.config/git/'
       - '/home/toolbox/www/.docker/config/gitconfig:/application/.gitconfig'
+      # Monit
       - '/home/toolbox/www/.docker/config/monit/:/etc/monit/'
-      - '/home/toolbox/www/.docker/config/sudoers:/etc/sudoers.d/toolbox'
       - '/home/toolbox/www/.docker/config/monit/id:/var/lib/monit/id'
+      # Sudoers
+      - '/home/toolbox/www/.docker/config/sudoers:/etc/sudoers.d/toolbox'
+      # ImageMagick
+      - '/home/toolbox/www/.docker/config/imagemagick/policy.xml:/etc/ImageMagick-6/policy.xml'
+      # Passwords
+      - '/home/toolbox/www/.docker/config/passwords:/root/passwords'
+      # Cron
+      - '/home/toolbox/www/.docker/config/cron/crontab:/etc/crontab'
+      # PHP
+      - '/home/toolbox/www/.docker/config/php.ini:/etc/php/8.1/fpm/conf.d/99-overrides.ini'
       # Files
       - '/home/extranet/share:/application/share'
       - '/mnt:/mnt'
       - '/home/toolbox/www:/application'
       - '/home/toolbox/www/storage/app/public/:/application/public/storage/'
-      - '/home/toolbox/www/.docker/config/php.ini:/etc/php/8.1/fpm/conf.d/99-overrides.ini'
-      - '/home/toolbox/www/.docker/config/cron/crontab:/etc/crontab'
       - '/mnt/sshfs/godzilla/data/fluidbook/docs/:/application/protected/fluidbookpublication/docs/'
       - '/data/extranet/www/fluidbook/books/working/:/application/protected/fluidbookpublication/working/'
       - '/home/extranet:/home/extranet'
@@ -65,6 +80,7 @@ services:
       - '/application/storage/framework:uid=1001,gid=33'
     ports:
       - '58744:8123'
+      - '58745:22'
     networks:
       - fluidbook-toolbox
       - fluidbook-processfarm
diff --git a/.docker/images/php/Dockerfile b/.docker/images/php/Dockerfile
index 7a3072f05..b6b804140 100644
--- a/.docker/images/php/Dockerfile
+++ b/.docker/images/php/Dockerfile
@@ -69,7 +69,14 @@ RUN apt-get -y --no-install-recommends install build-essential chrpath libssl-de
 RUN apt-get -y --no-install-recommends install libreoffice
 RUN apt-get -y --no-install-recommends install lftp
 RUN apt-get -y --no-install-recommends install sshfs python3 python3-pip
-RUN apt-get -y --no-install-recommends install openssh-server
+RUN apt-get -y --no-install-recommends install openssh-server rsyslog
+
+RUN apt-get -y --no-install-recommends install locales
+RUN sed -i '/fr_FR.UTF-8/s/^# //g' /etc/locale.gen && \
+    locale-gen
+ENV LANG fr_FR.UTF-8
+ENV LANGUAGE fr_FR:fr
+ENV LC_ALL fr_FR.UTF-8
 
 RUN cd /root;wget https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-2.1.1-linux-x86_64.tar.bz2;tar xvjf phantomjs-2.1.1-linux-x86_64.tar.bz2;mv phantomjs-2.1.1-linux-x86_64 /usr/local/share;ln -sf /usr/local/share/phantomjs-2.1.1-linux-x86_64/bin/phantomjs /usr/local/bin
 RUN cd /root;wget https://github.com/nwutils/Web2Executable/releases/download/v0.7.1b/Web2ExeLinux-CMD.zip;unzip Web2ExeLinux-CMD.zip;mv Web2ExeLinux-CMD /usr/local/web2exe
diff --git a/.docker/images/php/startup b/.docker/images/php/startup
index d5847a22f..ec00d2c19 100644
--- a/.docker/images/php/startup
+++ b/.docker/images/php/startup
@@ -1,7 +1,37 @@
 #!/bin/sh
+# Set file rights
+umask 0000
+chmod -R 777 /tmp
 chown -R root:root /etc/sudoers.d
+chown -R toolbox:www-data /application/storage/framework
+chmod 755 /etc/ssh/*.d
+chmod 600 /etc/ssh/*_key
+chmod 750 /application
+chmod 600 /application/.ssh/id_rsa
+chmod 700 /application/.ssh/
+chmod 600 /application/.ssh/authorized_keys2
+chmod 600 /root/.ssh/id_rsa
+chmod 700 /root/.ssh/
+chmod 600 /root/.ssh/authorized_keys2
+
+# Rsyslog
+start-stop-daemon --start -b -x /usr/sbin/rsyslogd -- -n
+
+# SSH Server
+/usr/sbin/service ssh start
+
+# Supervisor
 /usr/sbin/service supervisor start
+
+# Cron
 chmod 0644 /etc/crontab && crontab -u root /etc/crontab && /usr/sbin/service cron start
-chown -R toolbox:www-data /application/storage/framework
+
+# Set user password
+chpasswd < /root/passwords
+
+# Launch monit
+chmod -R 700 /etc/monit;chown -R root:root /etc/monit;/usr/bin/monit
 chown -R root:root /etc/monit && /usr/bin/monit
+
+# Launch PHP
 /usr/sbin/php-fpm8.1 -O
-- 
2.39.5