forked from stove/dataset
certificate for lemonldap
This commit is contained in:
parent
3316ae70d3
commit
1a3d562829
6 changed files with 30 additions and 19 deletions
|
@ -2,16 +2,18 @@
|
||||||
<rougail version="0.10">
|
<rougail version="0.10">
|
||||||
<services>
|
<services>
|
||||||
<service name="systemd-machined">
|
<service name="systemd-machined">
|
||||||
<file>/etc/systemd/system/risotto-images.service</file>
|
|
||||||
<file>/etc/systemd/system/risotto-images.timer</file>
|
|
||||||
<file>/etc/systemd/network/80-container-vz.network</file>
|
<file>/etc/systemd/network/80-container-vz.network</file>
|
||||||
<file file_type="variable" source="70-container.network" variable="zone_name">systemd_zone_filename</file>
|
<file file_type="variable" source="70-container.network" variable="zone_name">systemd_zone_filename</file>
|
||||||
<file file_type="variable" source="70-container.netdev" variable="zone_name">systemd_netzone_filename</file>
|
<file file_type="variable" source="70-container.netdev" variable="zone_name">systemd_netzone_filename</file>
|
||||||
</service>
|
</service>
|
||||||
<service name="risottofirewall" engine="creole" target="multi-user">
|
<service name="risotto-images" engine="creole" manage="False"/>
|
||||||
</service>
|
<service name="systemd-sysctl"/>
|
||||||
|
<service name="systemd-networkd"/>
|
||||||
|
<service name="systemd-resolved"/>
|
||||||
|
<service name="risotto-images" type="timer" engine="creole"/>
|
||||||
|
<service name="risottofirewall" engine="creole"/>
|
||||||
<service name="systemd-nspawn@">
|
<service name="systemd-nspawn@">
|
||||||
<file>/tmpfiles.d/0asystemd-nspawn.conf</file>
|
<file>/usr/local/lib/risotto-tmpfiles.d/0asystemd-nspawn.conf</file>
|
||||||
<file>/etc/systemd/system/systemd-nspawn@.service.d/systemd-nspawn@.conf</file>
|
<file>/etc/systemd/system/systemd-nspawn@.service.d/systemd-nspawn@.conf</file>
|
||||||
<file>/etc/distro.repos.d/boot.repo</file>
|
<file>/etc/distro.repos.d/boot.repo</file>
|
||||||
<file>/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-35-x86_64</file>
|
<file>/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-35-x86_64</file>
|
||||||
|
@ -25,8 +27,25 @@
|
||||||
<variable name="host_install_dir" type="filename" description="Nom du répertoire comprenant les descriptions d'installation" mandatory="True"/>
|
<variable name="host_install_dir" type="filename" description="Nom du répertoire comprenant les descriptions d'installation" mandatory="True"/>
|
||||||
<variable name="host_dhcp_filename" type="filename" hidden="True" multi="True"/>
|
<variable name="host_dhcp_filename" type="filename" hidden="True" multi="True"/>
|
||||||
<variable name="host_name" type="domainname" hidden="True" provider="global:server_name" mandatory="True"/>
|
<variable name="host_name" type="domainname" hidden="True" provider="global:server_name" mandatory="True"/>
|
||||||
|
<variable name="module_name" type="string" hidden="True" provider="global:module_name" mandatory="True"/>
|
||||||
<variable name="systemd_zone_filename" type="filename" hidden="True" multi="True"/>
|
<variable name="systemd_zone_filename" type="filename" hidden="True" multi="True"/>
|
||||||
<variable name="systemd_netzone_filename" type="filename" hidden="True" multi="True"/>
|
<variable name="systemd_netzone_filename" type="filename" hidden="True" multi="True"/>
|
||||||
|
<variable name="vm_swappiness" type="number" description="Ajustement de la mémoire virtuelle" mandatory="True">
|
||||||
|
<value>60</value>
|
||||||
|
</variable>
|
||||||
|
<variable name="host_packages" multi="True" hidden="True">
|
||||||
|
<value>systemd-container</value>
|
||||||
|
<value>dnf</value>
|
||||||
|
<value>jq</value>
|
||||||
|
<value>debootstrap</value>
|
||||||
|
<value>htop</value>
|
||||||
|
<value>gettext</value>
|
||||||
|
<value>patch</value>
|
||||||
|
<value>unzip</value>
|
||||||
|
<value>mlocate</value>
|
||||||
|
<value>xz-utils</value>
|
||||||
|
<value>iptables</value>
|
||||||
|
</variable>
|
||||||
<family name="network">
|
<family name="network">
|
||||||
<variable name="host_dhcp_interface" description="Carte réseau en DHCP" multi="True"/>
|
<variable name="host_dhcp_interface" description="Carte réseau en DHCP" multi="True"/>
|
||||||
<variable name="output_interface" description="Nom de l'interface de sortie" mandatory="True"/>
|
<variable name="output_interface" description="Nom de l'interface de sortie" mandatory="True"/>
|
||||||
|
|
|
@ -4,12 +4,3 @@ D /etc/systemd/network/ 0755 root root - -
|
||||||
D /usr/local/lib/systemd/system/ 0755 root root - -
|
D /usr/local/lib/systemd/system/ 0755 root root - -
|
||||||
d /var/lib/risotto/configurations/ 0755 root root - -
|
d /var/lib/risotto/configurations/ 0755 root root - -
|
||||||
r /etc/network/interfaces - - - - -
|
r /etc/network/interfaces - - - - -
|
||||||
%for %%filename in %%machined.nspawn_script_filename
|
|
||||||
C %%filename 0755 root root - %%host_install_dir/host/configurations/%%host_name%%filename
|
|
||||||
%end for
|
|
||||||
%for %%service in %%services
|
|
||||||
%if %%service.engine != 'none'
|
|
||||||
%set %%filename = '/usr/local/lib/systemd/system/' + %%service.doc
|
|
||||||
C %%filename 0755 root root - %%host_install_dir/host/configurations/%%host_name%%filename
|
|
||||||
%end if
|
|
||||||
%end for
|
|
||||||
|
|
|
@ -1,2 +1,3 @@
|
||||||
net.ipv4.ip_forward = 1
|
net.ipv4.ip_forward = 1
|
||||||
fs.inotify.max_user_instances = 1024
|
fs.inotify.max_user_instances = 1024
|
||||||
|
vm.swappiness = %%vm_swappiness
|
||||||
|
|
|
@ -5,7 +5,7 @@ After=network.target local-fs.target systemd-logind.service
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
WorkingDirectory=%%host_install_dir
|
WorkingDirectory=%%host_install_dir
|
||||||
ExecStart=%%host_install_dir/install_images %%host_name
|
ExecStart=/usr/local/sbin/build_images
|
||||||
ExecStart=%%host_install_dir/backup %%host_name no
|
ExecStart=%%host_install_dir/backup %%host_name no
|
||||||
ExecStart=%%host_install_dir/install_machines %%host_name
|
ExecStart=%%host_install_dir/install_machines %%host_name
|
||||||
|
|
||||||
|
|
|
@ -22,8 +22,8 @@ server {
|
||||||
#>GNUNUX
|
#>GNUNUX
|
||||||
listen 443 ssl;
|
listen 443 ssl;
|
||||||
server_name %%lemon_reload_web_name;
|
server_name %%lemon_reload_web_name;
|
||||||
ssl_certificate %%revprox_cert_file;
|
ssl_certificate %%revprox_client_cert_file;
|
||||||
ssl_certificate_key %%revprox_key_file;
|
ssl_certificate_key %%revprox_client_key_file;
|
||||||
ssl_client_certificate %%revprox_ca_file;
|
ssl_client_certificate %%revprox_ca_file;
|
||||||
#<GNUNUX
|
#<GNUNUX
|
||||||
root /var/www/html;
|
root /var/www/html;
|
||||||
|
|
|
@ -49,8 +49,8 @@ server {
|
||||||
#>GNUNUX
|
#>GNUNUX
|
||||||
listen 443 ssl;
|
listen 443 ssl;
|
||||||
server_name %%{revprox_client_external_domainnames[0]};
|
server_name %%{revprox_client_external_domainnames[0]};
|
||||||
ssl_certificate %%revprox_cert_file;
|
ssl_certificate %%revprox_client_cert_file;
|
||||||
ssl_certificate_key %%revprox_key_file;
|
ssl_certificate_key %%revprox_client_key_file;
|
||||||
ssl_client_certificate %%revprox_ca_file;
|
ssl_client_certificate %%revprox_ca_file;
|
||||||
ssl_session_cache shared:SSL:10m;
|
ssl_session_cache shared:SSL:10m;
|
||||||
#<GNUNUX
|
#<GNUNUX
|
||||||
|
|
Loading…
Reference in a new issue