diff --git a/seed/applicationservice/2022.03.08/base-debian/applicationservice.yml b/seed/applicationservice/2022.03.08/base-debian/applicationservice.yml
index 3d7d747..afedc8c 100644
--- a/seed/applicationservice/2022.03.08/base-debian/applicationservice.yml
+++ b/seed/applicationservice/2022.03.08/base-debian/applicationservice.yml
@@ -1,5 +1,5 @@
format: '0.1'
description: Information de base d'un serveur Debian
depends:
- - base
+ - base-machine
- systemd
diff --git a/seed/applicationservice/2022.03.08/base-fedora/applicationservice.yml b/seed/applicationservice/2022.03.08/base-fedora/applicationservice.yml
index f961670..32ea7ab 100644
--- a/seed/applicationservice/2022.03.08/base-fedora/applicationservice.yml
+++ b/seed/applicationservice/2022.03.08/base-fedora/applicationservice.yml
@@ -1,5 +1,5 @@
format: '0.1'
description: Information de base d'un serveur Fedora
depends:
- - base
+ - base-machine
- systemd
diff --git a/seed/applicationservice/2022.03.08/base-fedora/templates/update-ca-trust.service b/seed/applicationservice/2022.03.08/base-fedora/templates/update-ca-trust.service
index ace2152..2339983 100644
--- a/seed/applicationservice/2022.03.08/base-fedora/templates/update-ca-trust.service
+++ b/seed/applicationservice/2022.03.08/base-fedora/templates/update-ca-trust.service
@@ -8,4 +8,3 @@ ExecStart=/usr/bin/update-ca-trust
[Install]
WantedBy=multi-user.target
-
diff --git a/seed/applicationservice/2022.03.08/base-machine/applicationservice.yml b/seed/applicationservice/2022.03.08/base-machine/applicationservice.yml
new file mode 100644
index 0000000..faed7a8
--- /dev/null
+++ b/seed/applicationservice/2022.03.08/base-machine/applicationservice.yml
@@ -0,0 +1,4 @@
+format: '0.1'
+description: Base information for a machine
+depends:
+ - base
diff --git a/seed/applicationservice/2022.03.08/base/dictionaries/12-base.xml b/seed/applicationservice/2022.03.08/base-machine/dictionaries/12-base.xml
similarity index 96%
rename from seed/applicationservice/2022.03.08/base/dictionaries/12-base.xml
rename to seed/applicationservice/2022.03.08/base-machine/dictionaries/12-base.xml
index 553c19a..20dbf7b 100644
--- a/seed/applicationservice/2022.03.08/base/dictionaries/12-base.xml
+++ b/seed/applicationservice/2022.03.08/base-machine/dictionaries/12-base.xml
@@ -46,8 +46,6 @@
server_name
- zones_name
-
ip_eth
diff --git a/seed/applicationservice/2022.03.08/base/doc.md b/seed/applicationservice/2022.03.08/base-machine/doc.md
similarity index 100%
rename from seed/applicationservice/2022.03.08/base/doc.md
rename to seed/applicationservice/2022.03.08/base-machine/doc.md
diff --git a/seed/applicationservice/2022.03.08/base/extras/machine/00_base.xml b/seed/applicationservice/2022.03.08/base-machine/extras/machine/00_base.xml
similarity index 100%
rename from seed/applicationservice/2022.03.08/base/extras/machine/00_base.xml
rename to seed/applicationservice/2022.03.08/base-machine/extras/machine/00_base.xml
diff --git a/seed/applicationservice/2022.03.08/base/funcs/funcs.py b/seed/applicationservice/2022.03.08/base-machine/funcs/funcs.py
similarity index 90%
rename from seed/applicationservice/2022.03.08/base/funcs/funcs.py
rename to seed/applicationservice/2022.03.08/base-machine/funcs/funcs.py
index bd0e6e2..848abfa 100644
--- a/seed/applicationservice/2022.03.08/base/funcs/funcs.py
+++ b/seed/applicationservice/2022.03.08/base-machine/funcs/funcs.py
@@ -1,5 +1,4 @@
import __main__
-from typing import List
from secrets import token_urlsafe as _token_urlsafe, token_hex as _token_hex
from string import ascii_letters as _ascii_letters
from random import choice as _choice
@@ -7,7 +6,7 @@ from os.path import dirname as _dirname, abspath as _abspath, join as _join, isf
from os import makedirs as _makedirs
-from risotto.utils import load_domains, DOMAINS, ZONES_SERVER
+from risotto.utils import ZONES_SERVER
_HERE = _dirname(_abspath(__main__.__file__))
@@ -103,16 +102,6 @@ def get_domain_name(server_name: str,
return extra_domainnames[index - 1]
-def get_ip(server_name: str,
- zones_name: List[str],
- index: str,
- ) -> str:
- load_domains()
- host_name, domain_name = server_name.split('.', 1)
- domain = DOMAINS[domain_name]
- return domain[1][domain[0].index(host_name)]
-
-
def get_provider_name(network_name: str,
provider: str,
) -> str:
diff --git a/seed/applicationservice/2022.03.08/base/manual/install/config.sh b/seed/applicationservice/2022.03.08/base-machine/manual/install/config.sh
similarity index 100%
rename from seed/applicationservice/2022.03.08/base/manual/install/config.sh
rename to seed/applicationservice/2022.03.08/base-machine/manual/install/config.sh
diff --git a/seed/applicationservice/2022.03.08/base/manual/install/config_machine.sh b/seed/applicationservice/2022.03.08/base-machine/manual/install/config_machine.sh
similarity index 100%
rename from seed/applicationservice/2022.03.08/base/manual/install/config_machine.sh
rename to seed/applicationservice/2022.03.08/base-machine/manual/install/config_machine.sh
diff --git a/seed/applicationservice/2022.03.08/base/manual/install/diff.py b/seed/applicationservice/2022.03.08/base-machine/manual/install/diff.py
similarity index 100%
rename from seed/applicationservice/2022.03.08/base/manual/install/diff.py
rename to seed/applicationservice/2022.03.08/base-machine/manual/install/diff.py
diff --git a/seed/applicationservice/2022.03.08/base/manual/install/install_host b/seed/applicationservice/2022.03.08/base-machine/manual/install/install_host
similarity index 100%
rename from seed/applicationservice/2022.03.08/base/manual/install/install_host
rename to seed/applicationservice/2022.03.08/base-machine/manual/install/install_host
diff --git a/seed/applicationservice/2022.03.08/base/manual/install/install_image b/seed/applicationservice/2022.03.08/base-machine/manual/install/install_image
similarity index 100%
rename from seed/applicationservice/2022.03.08/base/manual/install/install_image
rename to seed/applicationservice/2022.03.08/base-machine/manual/install/install_image
diff --git a/seed/applicationservice/2022.03.08/base/manual/install/install_images b/seed/applicationservice/2022.03.08/base-machine/manual/install/install_images
similarity index 100%
rename from seed/applicationservice/2022.03.08/base/manual/install/install_images
rename to seed/applicationservice/2022.03.08/base-machine/manual/install/install_images
diff --git a/seed/applicationservice/2022.03.08/base/manual/install/install_machine b/seed/applicationservice/2022.03.08/base-machine/manual/install/install_machine
similarity index 100%
rename from seed/applicationservice/2022.03.08/base/manual/install/install_machine
rename to seed/applicationservice/2022.03.08/base-machine/manual/install/install_machine
diff --git a/seed/applicationservice/2022.03.08/base/manual/install/install_machines b/seed/applicationservice/2022.03.08/base-machine/manual/install/install_machines
similarity index 100%
rename from seed/applicationservice/2022.03.08/base/manual/install/install_machines
rename to seed/applicationservice/2022.03.08/base-machine/manual/install/install_machines
diff --git a/seed/applicationservice/2022.03.08/base/manual/install/make_changelog b/seed/applicationservice/2022.03.08/base-machine/manual/install/make_changelog
similarity index 100%
rename from seed/applicationservice/2022.03.08/base/manual/install/make_changelog
rename to seed/applicationservice/2022.03.08/base-machine/manual/install/make_changelog
diff --git a/seed/applicationservice/2022.03.08/base/manual/install/make_volatile b/seed/applicationservice/2022.03.08/base-machine/manual/install/make_volatile
similarity index 100%
rename from seed/applicationservice/2022.03.08/base/manual/install/make_volatile
rename to seed/applicationservice/2022.03.08/base-machine/manual/install/make_volatile
diff --git a/seed/applicationservice/2022.03.08/base/templates/locale.conf b/seed/applicationservice/2022.03.08/base-machine/templates/locale.conf
similarity index 100%
rename from seed/applicationservice/2022.03.08/base/templates/locale.conf
rename to seed/applicationservice/2022.03.08/base-machine/templates/locale.conf
diff --git a/seed/applicationservice/2022.03.08/base/applicationservice.yml b/seed/applicationservice/2022.03.08/base/applicationservice.yml
index 029925a..2daf18e 100644
--- a/seed/applicationservice/2022.03.08/base/applicationservice.yml
+++ b/seed/applicationservice/2022.03.08/base/applicationservice.yml
@@ -1,2 +1,2 @@
format: '0.1'
-description: Information de base d'un serveur
+description: Base
diff --git a/seed/applicationservice/2022.03.08/base/funcs/base.py b/seed/applicationservice/2022.03.08/base/funcs/base.py
new file mode 100644
index 0000000..10a4031
--- /dev/null
+++ b/seed/applicationservice/2022.03.08/base/funcs/base.py
@@ -0,0 +1,9 @@
+from typing import List
+from risotto.utils import load_domains, DOMAINS
+
+
+def get_ip(server_name: str) -> str:
+ load_domains()
+ host_name, domain_name = server_name.split('.', 1)
+ domain = DOMAINS[domain_name]
+ return domain[1][domain[0].index(host_name)]
diff --git a/seed/applicationservice/2022.03.08/dovecot/dictionaries/26_dovecot.xml b/seed/applicationservice/2022.03.08/dovecot/dictionaries/26_dovecot.xml
index c711bea..696623d 100644
--- a/seed/applicationservice/2022.03.08/dovecot/dictionaries/26_dovecot.xml
+++ b/seed/applicationservice/2022.03.08/dovecot/dictionaries/26_dovecot.xml
@@ -51,7 +51,7 @@
-
+
587
993
diff --git a/seed/applicationservice/2022.03.08/gitea/dictionaries/31_gitea.xml b/seed/applicationservice/2022.03.08/gitea/dictionaries/31_gitea.xml
index 8855276..812ea94 100644
--- a/seed/applicationservice/2022.03.08/gitea/dictionaries/31_gitea.xml
+++ b/seed/applicationservice/2022.03.08/gitea/dictionaries/31_gitea.xml
@@ -10,7 +10,7 @@
-
+
2222
diff --git a/seed/applicationservice/2022.03.08/host-systemd-machined/applicationservice.yml b/seed/applicationservice/2022.03.08/host-systemd-machined/applicationservice.yml
index d8ff0c1..747473a 100644
--- a/seed/applicationservice/2022.03.08/host-systemd-machined/applicationservice.yml
+++ b/seed/applicationservice/2022.03.08/host-systemd-machined/applicationservice.yml
@@ -1,2 +1,4 @@
format: '0.1'
description: Configure Systemd Machined
+depends:
+ - base
diff --git a/seed/applicationservice/2022.03.08/host-systemd-machined/dictionaries/21-machined.xml b/seed/applicationservice/2022.03.08/host-systemd-machined/dictionaries/21-machined.xml
index 161a535..9e19a52 100644
--- a/seed/applicationservice/2022.03.08/host-systemd-machined/dictionaries/21-machined.xml
+++ b/seed/applicationservice/2022.03.08/host-systemd-machined/dictionaries/21-machined.xml
@@ -8,6 +8,8 @@
systemd_zone_filename
systemd_netzone_filename
+
+
/tmpfiles.d/0asystemd-nspawn.conf
/etc/systemd/system/systemd-nspawn@.service.d/systemd-nspawn@.conf
diff --git a/seed/applicationservice/2022.03.08/host-systemd-machined/doc.md b/seed/applicationservice/2022.03.08/host-systemd-machined/doc.md
index c859c38..4686184 100644
--- a/seed/applicationservice/2022.03.08/host-systemd-machined/doc.md
+++ b/seed/applicationservice/2022.03.08/host-systemd-machined/doc.md
@@ -2,7 +2,7 @@ Providers
=========
- machines : nom de domaine des machines (au sens systemd-machined) exécuté sur l'hôte (c'est une variable multiple). Cette variable est une variable meneuse, les variables suivantes sont des variables suiveuses.
-- external_ports : ports rendu accessible depuis l'extérieur (cette variable est multiple).
+- incoming_ports : ports rendu accessible depuis l'extérieur (cette variable est multiple).
- machine_srv : répertoire contenant le répertoire /srv de la machine (cette variable n'est pas obligatoire).
- marchine_journal : répertoire contenant le répertoire /var/log/journal de la machine.
- machine_config : répertoire contenant le répertoire /usr/local/lib de la machine.
diff --git a/seed/applicationservice/2022.03.08/host-systemd-machined/extras/machined/00-machined.xml b/seed/applicationservice/2022.03.08/host-systemd-machined/extras/machined/00-machined.xml
index 3b1449d..c75f73d 100644
--- a/seed/applicationservice/2022.03.08/host-systemd-machined/extras/machined/00-machined.xml
+++ b/seed/applicationservice/2022.03.08/host-systemd-machined/extras/machined/00-machined.xml
@@ -9,7 +9,8 @@
-
+
+
diff --git a/seed/applicationservice/2022.03.08/host-systemd-machined/templates/nspawn b/seed/applicationservice/2022.03.08/host-systemd-machined/templates/nspawn
index d67b4c6..4a9a5fa 100644
--- a/seed/applicationservice/2022.03.08/host-systemd-machined/templates/nspawn
+++ b/seed/applicationservice/2022.03.08/host-systemd-machined/templates/nspawn
@@ -23,6 +23,6 @@ VirtualEthernetExtra=%%intname[:15]:host%%idx
%end if
%end for
%end if
-%for %%port in %%container['external_ports_' + %%name]
+%for %%port in %%container['incoming_ports_' + %%name]
Port=tcp:%%port:%%port
%end for
diff --git a/seed/applicationservice/2022.03.08/host-systemd-machined/templates/risottofirewall.service b/seed/applicationservice/2022.03.08/host-systemd-machined/templates/risottofirewall.service
new file mode 100644
index 0000000..d3eb053
--- /dev/null
+++ b/seed/applicationservice/2022.03.08/host-systemd-machined/templates/risottofirewall.service
@@ -0,0 +1,24 @@
+[Unit]
+Description=Firewall for Risotto
+After=network.target
+
+[Service]
+Type=oneshot
+%for %%dns in %%machined.machines
+%set %%machine = %%normalize_family(%%dns)
+%set %%outgoing = %%machined['machine_' + %%machine]['outgoing_ports_' + %%machine]
+ %if %%outgoing
+ %for %%port in %%outgoing
+ %if ':' in %%port
+%set %%protocol, %%port = %%port.split(':')
+ %else
+%set %%protocol = 'tcp'
+ %end if
+ExecStart=/sbin/iptables -t nat -A POSTROUTING -s %%get_ip(%%dns) -p %%protocol -m %%protocol --dport %%port -o enp3s0 -j MASQUERADE
+ExecStop=-/sbin/iptables -t nat -D POSTROUTING -s %%get_ip(%%dns) -p %%protocol -m %%protocol --dport %%port -o enp3s0 -j MASQUERADE
+ %end for
+ %end if
+%end for
+
+[Install]
+WantedBy=multi-user.target
diff --git a/seed/applicationservice/2022.03.08/nginx-reverse-proxy/dictionaries/25_nginx.xml b/seed/applicationservice/2022.03.08/nginx-reverse-proxy/dictionaries/25_nginx.xml
index 515ff0b..dd65443 100644
--- a/seed/applicationservice/2022.03.08/nginx-reverse-proxy/dictionaries/25_nginx.xml
+++ b/seed/applicationservice/2022.03.08/nginx-reverse-proxy/dictionaries/25_nginx.xml
@@ -11,7 +11,7 @@
-
+
80
443
diff --git a/seed/applicationservice/2022.03.08/postfix-relay/dictionaries/30_postfix.xml b/seed/applicationservice/2022.03.08/postfix-relay/dictionaries/30_postfix.xml
index 7897421..c7c0388 100644
--- a/seed/applicationservice/2022.03.08/postfix-relay/dictionaries/30_postfix.xml
+++ b/seed/applicationservice/2022.03.08/postfix-relay/dictionaries/30_postfix.xml
@@ -34,7 +34,10 @@
-
+
+ 25
+
+
25
diff --git a/seed/applicationservice/2022.03.08/provider-systemd-machined/dictionaries/16-machined.xml b/seed/applicationservice/2022.03.08/provider-systemd-machined/dictionaries/16-machined.xml
index 0e131b9..0e08e93 100644
--- a/seed/applicationservice/2022.03.08/provider-systemd-machined/dictionaries/16-machined.xml
+++ b/seed/applicationservice/2022.03.08/provider-systemd-machined/dictionaries/16-machined.xml
@@ -26,7 +26,8 @@
False
-
+
+
host
@@ -65,9 +66,15 @@
host
- external_ports
+ incoming_ports
domain_name_eth0
- external_ports
+ incoming_ports
+
+
+ host
+ outgoing_ports
+ domain_name_eth0
+ outgoing_ports
host
diff --git a/seed/applicationservice/2022.03.08/systemd/applicationservice.yml b/seed/applicationservice/2022.03.08/systemd/applicationservice.yml
index 0805bb8..30e352a 100644
--- a/seed/applicationservice/2022.03.08/systemd/applicationservice.yml
+++ b/seed/applicationservice/2022.03.08/systemd/applicationservice.yml
@@ -1,4 +1,4 @@
format: '0.1'
description: Configuration de systemd
depends:
- - base
+ - base-machine
diff --git a/seed/applicationservice/2022.03.08/unbound/dictionaries/20_unbound.xml b/seed/applicationservice/2022.03.08/unbound/dictionaries/20_unbound.xml
index 5459f62..aba7c4b 100644
--- a/seed/applicationservice/2022.03.08/unbound/dictionaries/20_unbound.xml
+++ b/seed/applicationservice/2022.03.08/unbound/dictionaries/20_unbound.xml
@@ -19,6 +19,10 @@
+
+ udp:53
+ 53
+