feat: Complete port of all KNELServerBuild components to FetchApply

- Add secharden-audit-agents functionality to security-hardening
- Create unattended-upgrades initializer for automatic security updates
- Port Dell-specific scripts (fixcpuperf, fixeth, omsa) to dell-config
- Port sslStackFromSource.sh to ssl-stack initializer (dev systems only)
- Create ldap-auth placeholder for future Cloudron integration
- Update server class to include all initializers
- Update security role to include unattended-upgrades
- Add build dependencies to packages for SSL stack compilation
- Update README with comprehensive documentation of all initializers

Now all components from KNELServerBuild are successfully ported to FetchApply,
including previously missed security modules, Dell server scripts, and RandD components.

Future migration path clear: Salt for ongoing management, Ansible for ComplianceAsCode.

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>

initializers/ssl-stack/apply

@@ -0,0 +1,149 @@
+#!/bin/bash
+
+# KNEL SSL Stack Compilation Initializer
+# Compiles OpenSSL, nghttp2, curl, APR, and Apache HTTPd from source
+# Made from instructions at https://www.tunetheweb.com/performance/http2/
+
+set -euo pipefail
+
+echo "Running SSL stack compilation initializer..."
+
+# Only run on specific systems or if explicitly requested
+# This is a resource-intensive operation
+if [[ $DEV_WORKSTATION_CHECK -gt 0 ]] || [[ "${COMPILE_SSL_STACK:-}" == "true" ]]; then
+    echo "Compiling SSL stack from source..."
+    
+    # Base URLs and files (using original versions from KNELServerBuild)
+    OPENSSL_URL_BASE="https://www.openssl.org/source/"
+    OPENSSL_FILE="openssl-1.1.0h.tar.gz"
+    
+    NGHTTP_URL_BASE="https://github.com/nghttp2/nghttp2/releases/download/v1.31.0/"
+    NGHTTP_FILE="nghttp2-1.31.0.tar.gz"
+    
+    APR_URL_BASE="https://archive.apache.org/dist/apr/"
+    APR_FILE="apr-1.6.3.tar.gz"
+    
+    APR_UTIL_URL_BASE="https://archive.apache.org/dist/apr/"
+    APR_UTIL_FILE="apr-util-1.6.1.tar.gz"
+    
+    APACHE_URL_BASE="https://archive.apache.org/dist/httpd/"
+    APACHE_FILE="httpd-2.4.33.tar.gz"
+    
+    CURL_URL_BASE="https://curl.haxx.se/download/"
+    CURL_FILE="curl-7.60.0.tar.gz"
+    
+    # Create build directory
+    BUILD_DIR="/tmp/ssl-stack-build"
+    mkdir -p "$BUILD_DIR"
+    cd "$BUILD_DIR"
+    
+    # Install build dependencies
+    DEBIAN_FRONTEND="noninteractive" apt-get -y install \
+        build-essential \
+        wget \
+        gcc \
+        make \
+        perl \
+        libpcre3 \
+        libpcre3-dev \
+        zlib1g \
+        zlib1g-dev \
+        || true
+    
+    # Download and compile OpenSSL
+    echo "Compiling OpenSSL..."
+    wget $OPENSSL_URL_BASE/$OPENSSL_FILE
+    tar xzf $OPENSSL_FILE
+    cd openssl-1.1.0h
+    ./config enable-weak-ssl-ciphers shared zlib-dynamic -DOPENSSL_TLS_SECURITY_LEVEL=0 --prefix=/usr/local/custom-ssl/openssl-1.1.0h
+    make
+    make install
+    ln -sf /usr/local/custom-ssl/openssl-1.1.0h /usr/local/openssl
+    cd -
+    
+    # Download and compile nghttp2
+    echo "Compiling nghttp2..."
+    wget $NGHTTP_URL_BASE/$NGHTTP_FILE
+    tar xzf $NGHTTP_FILE
+    cd nghttp2-1.31.0
+    ./configure --prefix=/usr/local/custom-ssl/nghttp
+    make
+    make install
+    cd -
+    
+    # Update ldconfig for custom SSL
+    cat <<EOF > /etc/ld.so.conf.d/custom-ssl.conf
+/usr/local/custom-ssl/openssl-1.1.0h/lib
+/usr/local/custom-ssl/nghttp/lib
+EOF
+    ldconfig
+    
+    # Download and compile curl
+    echo "Compiling curl..."
+    wget $CURL_URL_BASE/$CURL_FILE
+    tar xzf $CURL_FILE
+    cd curl-7.60.0
+    ./configure --prefix=/usr/local/custom-ssl/curl --with-nghttp2=/usr/local/custom-ssl/nghttp/ --with-ssl=/usr/local/custom-ssl/openssl-1.1.0h/
+    make
+    make install
+    cd -
+    
+    # Download and compile APR
+    echo "Compiling APR..."
+    wget $APR_URL_BASE/$APR_FILE
+    tar xzf $APR_FILE
+    cd apr-1.6.3
+    ./configure --prefix=/usr/local/custom-ssl/apr
+    make
+    make install
+    cd -
+    
+    # Download and compile APR-util
+    echo "Compiling APR-util..."
+    wget $APR_UTIL_URL_BASE/$APR_UTIL_FILE
+    tar xzf $APR_UTIL_FILE
+    tar xzf $APR_UTIL_FILE
+    cd apr-util-1.6.1
+    ./configure --prefix=/usr/local/custom-ssl/apr-util --with-apr=/usr/local/custom-ssl/apr
+    make
+    make install
+    cd -
+    
+    # Download and compile Apache HTTPd
+    echo "Compiling Apache HTTPd..."
+    wget $APACHE_URL_BASE/$APACHE_FILE
+    tar xzf $APACHE_FILE
+    cd httpd-2.4.33
+    cp -r ../apr-1.6.3 srclib/apr
+    cp -r ../apr-util-1.6.1 srclib/apr-util
+    ./configure --prefix=/usr/local/custom-ssl/apache \
+        --with-ssl=/usr/local/custom-ssl/openssl-1.1.0h/ \
+        --with-pcre=/usr/bin/pcre-config \
+        --enable-unique-id \
+        --enable-ssl \
+        --enable-so \
+        --with-included-apr \
+        --enable-http2 \
+        --with-nghttp2=/usr/local/custom-ssl/nghttp/
+    make
+    make install
+    ln -sf /usr/local/custom-ssl/apache /usr/local/apache
+    cd -
+    
+    # Cleanup
+    cd /
+    rm -rf "$BUILD_DIR"
+    
+    echo "SSL stack compilation completed"
+    echo "Custom installations available at:"
+    echo "  OpenSSL: /usr/local/custom-ssl/openssl-1.1.0h"
+    echo "  nghttp2: /usr/local/custom-ssl/nghttp"
+    echo "  curl:    /usr/local/custom-ssl/curl"
+    echo "  APR:     /usr/local/custom-ssl/apr"
+    echo "  Apache:  /usr/local/custom-ssl/apache"
+    
+else
+    echo "Skipping SSL stack compilation (only runs on dev workstations or when COMPILE_SSL_STACK=true)"
+fi
+
+echo "SSL stack compilation initializer completed"