From 72dd2b43095efd72d4df6640b5bfcac50ec247b1 Mon Sep 17 00:00:00 2001 From: Emmanuel Garette Date: Fri, 8 Apr 2022 18:52:43 +0200 Subject: [PATCH] mariadb-server => mariadb --- .../base/manual/install/install_host | 2 +- .../base/manual/install/install_image | 14 ++- .../base/manual/install/make_changelog | 11 ++- .../dovecot/dictionaries/22_dovecot.xml | 3 + .../2022.03.08/gitea/templates/app.ini | 2 +- .../dictionaries/21-machined.xml | 2 + .../dictionaries/70_lemonldap_ng.xml | 11 +-- .../lemonldap/templates/lmConf-1.json | 15 ++- .../2022.03.08/mailman/templates/mailman.cfg | 3 +- .../mailman/templates/postorius-settings.py | 1 + .../applicationservice.yml | 0 .../dictionaries/20_mariadb.xml | 0 .../manual/image/preinstall/mariadb_server.sh | 0 .../templates/mariadb.service | 0 .../templates/mariadb.sql | 0 .../templates/risotto.cnf | 0 .../templates/tmpfile-mariadb.conf | 0 .../manual/image/preinstall/nextcloud.sh | 2 +- .../nextcloud/templates/nextcloud-config.php | 2 +- .../nginx-common/dictionaries/20_nginx.xml | 6 +- .../extras/nginx/00-nginx.xml | 2 +- .../templates/revprox-nginx.conf | 7 +- .../2022.03.08/php/applicationservice.yml | 2 - .../postfix-relay/dictionaries/30_postfix.xml | 6 -- .../postfix-relay/templates/ca_MailServer.crt | 2 +- .../dictionaries/23_postgresql.xml | 6 ++ .../templates/postgresqlclient.service | 2 +- .../dictionaries/22_postgresql.xml | 3 + .../image/preinstall/postgresql_server.sh | 2 +- .../postgresql-server/templates/pg_hba.conf | 4 +- .../templates/postgresql.conf | 13 ++- .../dictionaries/20_nginx_client.xml | 95 ------------------- .../roundcube/dictionaries/31_roundcube.xml | 2 + .../manual/image/preinstall/roundcube.sh | 2 +- .../roundcube/templates/config.inc.php | 6 +- .../roundcube/templates/roundcubemail.conf | 7 ++ ...{20_vaultwarden.xml => 40_vaultwarden.xml} | 0 .../templates/vaultwarden_config.env | 2 +- 38 files changed, 87 insertions(+), 150 deletions(-) rename seed/applicationservice/2022.03.08/{mariadb-server => mariadb}/applicationservice.yml (100%) rename seed/applicationservice/2022.03.08/{mariadb-server => mariadb}/dictionaries/20_mariadb.xml (100%) rename seed/applicationservice/2022.03.08/{mariadb-server => mariadb}/manual/image/preinstall/mariadb_server.sh (100%) rename seed/applicationservice/2022.03.08/{mariadb-server => mariadb}/templates/mariadb.service (100%) rename seed/applicationservice/2022.03.08/{mariadb-server => mariadb}/templates/mariadb.sql (100%) rename seed/applicationservice/2022.03.08/{mariadb-server => mariadb}/templates/risotto.cnf (100%) rename seed/applicationservice/2022.03.08/{mariadb-server => mariadb}/templates/tmpfile-mariadb.conf (100%) delete mode 100644 seed/applicationservice/2022.03.08/reverse-proxy-client/dictionaries/20_nginx_client.xml rename seed/applicationservice/2022.03.08/vaultwarden/dictionaries/{20_vaultwarden.xml => 40_vaultwarden.xml} (100%) diff --git a/seed/applicationservice/2022.03.08/base/manual/install/install_host b/seed/applicationservice/2022.03.08/base/manual/install/install_host index f63b5cd..f6cb4ae 100755 --- a/seed/applicationservice/2022.03.08/base/manual/install/install_host +++ b/seed/applicationservice/2022.03.08/base/manual/install/install_host @@ -5,7 +5,7 @@ if [ -z "$HOST_NAME" ]; then echo "usage: $0 host name" exit 1 fi -apt install --yes systemd-container dnf jq debootstrap htop gettext +apt install --yes systemd-container dnf jq debootstrap htop gettext patch systemd-tmpfiles --create --clean --remove $PWD/host/configurations/$HOST_NAME/tmpfiles.d/0asystemd-nspawn.conf systemd-tmpfiles --create --clean --remove $PWD/host/configurations/$HOST_NAME/tmpfiles.d/0rougail.conf systemctl daemon-reload diff --git a/seed/applicationservice/2022.03.08/base/manual/install/install_image b/seed/applicationservice/2022.03.08/base/manual/install/install_image index b63231c..36a3b5d 100755 --- a/seed/applicationservice/2022.03.08/base/manual/install/install_image +++ b/seed/applicationservice/2022.03.08/base/manual/install/install_image @@ -103,6 +103,9 @@ if [ -n "$COPR" ]; then wget "$COPR" cd - fi +if [ "$FUSION" = true ]; then + dnf -y install "https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$RELEASEVER.noarch.rpm" --installroot="$IMAGE_NAME_RISOTTO_IMAGE_DIR" +fi # FIXME verifier s'il y a des modifs sur pre/post if [ -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR".base.pkgs ] && [ -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR".pkgs ]; then @@ -125,12 +128,19 @@ if [ "$INSTALL" = true ]; then VERSION=0 fi mkdir tmp + ORI_DIR=$PWD cd tmp if [ ! "$VERSION" = 0 ]; then tar xf "$IMAGE_NAME_RISOTTO_IMAGE_NAME" + if [ "$INSTALL_TOOL" = "apt" ]; then + chown _apt "$IMAGE_NAME" + fi + else + mkdir "$IMAGE_NAME" fi - ../make_changelog "$IMAGE_NAME" "$VERSION" "$OS_NAME" "$RELEASEVER" > "$IMAGE_NAME_RISOTTO_IMAGE_DIR"_"$RELEASEVER"_"$VERSION"_changelog.md - cd - + cd "$IMAGE_NAME" + ../../make_changelog "$IMAGE_NAME" "$VERSION" "$OS_NAME" "$RELEASEVER" > "$IMAGE_NAME_RISOTTO_IMAGE_DIR"_"$RELEASEVER"_"$VERSION"_changelog.md + cd $ORI_DIR rm -rf tmp install_pkg sleep 2 diff --git a/seed/applicationservice/2022.03.08/base/manual/install/make_changelog b/seed/applicationservice/2022.03.08/base/manual/install/make_changelog index fcc0967..c2da6ea 100755 --- a/seed/applicationservice/2022.03.08/base/manual/install/make_changelog +++ b/seed/applicationservice/2022.03.08/base/manual/install/make_changelog @@ -34,7 +34,6 @@ def read_dnf_pkg_file(os_name, filename1, filename2): for idx, pkg_line in enumerate(pkgs_fh.readlines()): if idx < header_idx[fidx]: # header - print("béééé") continue sp_line = pkg_line.strip().split() if len(sp_line) < idx_version[fidx] + 1: @@ -154,13 +153,17 @@ type = "installe" for package in ori_pkg & new_dict: if ori_dict[package] == new_dict[package]: continue - run(['apt', 'download', package]) + info = run(['apt', 'download', package], capture_output=True) + if info.returncode: + raise Exception(f'cannot download {package}: {info}') packages = list(glob('*.deb')) packages.sort() for package in packages: - info = run(['apt-listchanges', '--which', 'both', '-f', 'text', package], capture_output=True) + info = run(['chroot', '.', 'apt-listchanges', '--which', 'both', '-f', 'text', package], capture_output=True) + if info.returncode: + raise Exception(f'cannot list changes for {package}: {info}') header = True - for line in info.split('\n'): + for line in info.stdout.decode().split('\n'): if not header: print(line) if line.startswith('-----------------------'): diff --git a/seed/applicationservice/2022.03.08/dovecot/dictionaries/22_dovecot.xml b/seed/applicationservice/2022.03.08/dovecot/dictionaries/22_dovecot.xml index 1348cb7..9a4717e 100644 --- a/seed/applicationservice/2022.03.08/dovecot/dictionaries/22_dovecot.xml +++ b/seed/applicationservice/2022.03.08/dovecot/dictionaries/22_dovecot.xml @@ -86,6 +86,9 @@ + + + - diff --git a/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/templates/revprox-nginx.conf b/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/templates/revprox-nginx.conf index 72a00b2..f0763ac 100644 --- a/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/templates/revprox-nginx.conf +++ b/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/templates/revprox-nginx.conf @@ -6,7 +6,7 @@ server { listen 80; server_name %%domainname; - return 301 https://www.domain.com$request_uri; + return 301 https://%%domainname$request_uri; } # Configuration HTTPS %%domainname @@ -25,6 +25,7 @@ server { location %%location { proxy_pass %%location['revprox_url_' + family]; %if %%location['revprox_is_websocket_' + family] + proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; %else @@ -41,6 +42,10 @@ server { proxy_ssl_verify on; proxy_ssl_verify_depth 2; proxy_ssl_session_reuse on; + %set %%maxbody = %%location['revprox_max_body_size_' + family] + %if %%maxbody + client_max_body_size %%maxbody; + %end if set $dest $http_destination; index error.html; root /var/www/html; diff --git a/seed/applicationservice/2022.03.08/php/applicationservice.yml b/seed/applicationservice/2022.03.08/php/applicationservice.yml index b097efd..60a4316 100644 --- a/seed/applicationservice/2022.03.08/php/applicationservice.yml +++ b/seed/applicationservice/2022.03.08/php/applicationservice.yml @@ -1,4 +1,2 @@ format: '0.1' description: PHP configuration -depends: - - apache diff --git a/seed/applicationservice/2022.03.08/postfix-relay/dictionaries/30_postfix.xml b/seed/applicationservice/2022.03.08/postfix-relay/dictionaries/30_postfix.xml index 7926827..37d0f69 100644 --- a/seed/applicationservice/2022.03.08/postfix-relay/dictionaries/30_postfix.xml +++ b/seed/applicationservice/2022.03.08/postfix-relay/dictionaries/30_postfix.xml @@ -38,7 +38,6 @@ diff --git a/seed/applicationservice/2022.03.08/postgresql-client/templates/postgresqlclient.service b/seed/applicationservice/2022.03.08/postgresql-client/templates/postgresqlclient.service index 6ae07e0..c25764a 100644 --- a/seed/applicationservice/2022.03.08/postgresql-client/templates/postgresqlclient.service +++ b/seed/applicationservice/2022.03.08/postgresql-client/templates/postgresqlclient.service @@ -6,4 +6,4 @@ Before=network.target Type=oneshot Environment=PGPASSFILE=/usr/local/lib/secrets/postgresql.pass ExecStart=/usr/bin/timeout 90 sh -c 'while ! 3<> /dev/tcp/%%pg_client_server_domainname/5432; do sleep 1; done; echo "POSTGRESQL STARTED"' -ExecStart=/usr/bin/timeout 90 sh -c 'while ! /usr/bin/psql -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -c "\l"; do sleep 1; done; echo "POSTGRESQL READY"' +ExecStart=/usr/bin/timeout 90 sh -c 'while ! /usr/bin/psql --set=sslmode=verify-full -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -c "\l"; do sleep 1; done; echo "POSTGRESQL READY"' diff --git a/seed/applicationservice/2022.03.08/postgresql-server/dictionaries/22_postgresql.xml b/seed/applicationservice/2022.03.08/postgresql-server/dictionaries/22_postgresql.xml index bed1dbd..4cb925f 100644 --- a/seed/applicationservice/2022.03.08/postgresql-server/dictionaries/22_postgresql.xml +++ b/seed/applicationservice/2022.03.08/postgresql-server/dictionaries/22_postgresql.xml @@ -10,6 +10,9 @@ /etc/postgresql/pg_ident.conf /bin/postgresql_init /sysusers.d/0postgresql.conf + /etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt + /etc/pki/tls/certs/postgresql.crt + /etc/pki/tls/private/postgresql.key diff --git a/seed/applicationservice/2022.03.08/postgresql-server/manual/image/preinstall/postgresql_server.sh b/seed/applicationservice/2022.03.08/postgresql-server/manual/image/preinstall/postgresql_server.sh index 6ddfa5c..4bdeb8e 100644 --- a/seed/applicationservice/2022.03.08/postgresql-server/manual/image/preinstall/postgresql_server.sh +++ b/seed/applicationservice/2022.03.08/postgresql-server/manual/image/preinstall/postgresql_server.sh @@ -1 +1 @@ -PKG="$PKG postgresql-server" +PKG="$PKG postgresql-server postgresql-contrib" diff --git a/seed/applicationservice/2022.03.08/postgresql-server/templates/pg_hba.conf b/seed/applicationservice/2022.03.08/postgresql-server/templates/pg_hba.conf index 75c3d46..7a48fb3 100644 --- a/seed/applicationservice/2022.03.08/postgresql-server/templates/pg_hba.conf +++ b/seed/applicationservice/2022.03.08/postgresql-server/templates/pg_hba.conf @@ -89,11 +89,11 @@ local all postgres ident map=pg_map #>GNUNUX # host all all 127.0.0.1/32 ident %for %%server in %%accounts.remotes -host %%normalize_family(%%server) %%normalize_family(%%server) %%server md5 +hostssl %%normalize_family(%%server) %%normalize_family(%%server) %%server md5 %end for #GNUNUX diff --git a/seed/applicationservice/2022.03.08/postgresql-server/templates/postgresql.conf b/seed/applicationservice/2022.03.08/postgresql-server/templates/postgresql.conf index 625df37..8849422 100644 --- a/seed/applicationservice/2022.03.08/postgresql-server/templates/postgresql.conf +++ b/seed/applicationservice/2022.03.08/postgresql-server/templates/postgresql.conf @@ -138,13 +138,12 @@ authentication_timeout = §§{pg_authentication_timeout}s #ssl_dh_params_file = '' #ssl_passphrase_command = '' #ssl_passphrase_command_supports_reload = off -#>FIXME -#ssl = true # (change requires restart) -#%import os -#%set %%pg_server_cert_chain = os.path.splitext(§§pg_server_cert)[0] + '_ca-chain.crt' -#ssl_cert_file = '%%pg_server_cert_chain' # (change requires restart) -#ssl_key_file = '§§pg_server_key' # (change requires restart) -#GNUNUX +ssl = true # (change requires restart) +ssl_ca_file = '/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt' +ssl_cert_file = '/etc/pki/tls/certs/postgresql.crt' # (change requires restart) +ssl_key_file = '/etc/pki/tls/private/postgresql.key' # (change requires restart) +# - - - - revprox_ca_file - revprox_cert_file - revprox_key_file - - - - - - - - - - domain_name_eth0 - revprox_client_port - revprox_client_local_location - revprox_client_web_address - - - tls_ca_directory - ca_InternalReverseProxy.crt - / - revprox_ca_file - - - tls_cert_directory - revprox.crt - / - revprox_cert_file - - - tls_key_directory - revprox.key - / - revprox_key_file - - - revprox_client_server_domainname - revprox_clients - revprox_client_external_domainname - ip - 0 - revprox_client_server_ip - - - revprox_client_server_domainname - revprox_location - revprox_client_external_domainname - revprox_client_location - - - revprox_client_server_domainname - revprox_is_websocket - revprox_client_external_domainname - revprox_location - revprox_client_location - revprox_client_is_websocket - - - revprox_client_server_domainname - revprox_url - revprox_location - revprox_client_location - revprox_client_external_domainname - revprox_client_web_address - - - diff --git a/seed/applicationservice/2022.03.08/roundcube/dictionaries/31_roundcube.xml b/seed/applicationservice/2022.03.08/roundcube/dictionaries/31_roundcube.xml index b658451..96dbd00 100644 --- a/seed/applicationservice/2022.03.08/roundcube/dictionaries/31_roundcube.xml +++ b/seed/applicationservice/2022.03.08/roundcube/dictionaries/31_roundcube.xml @@ -5,6 +5,8 @@ /etc/roundcubemail/config.inc.php /etc/httpd/conf.d/roundcubemail.conf /secrets/roundcube-init.php + /static/silique_cloud.svg + /static/watermark.html /etc/pki/ca-trust/source/anchors/ca_MailServer.crt diff --git a/seed/applicationservice/2022.03.08/roundcube/manual/image/preinstall/roundcube.sh b/seed/applicationservice/2022.03.08/roundcube/manual/image/preinstall/roundcube.sh index 276c052..b8cca87 100644 --- a/seed/applicationservice/2022.03.08/roundcube/manual/image/preinstall/roundcube.sh +++ b/seed/applicationservice/2022.03.08/roundcube/manual/image/preinstall/roundcube.sh @@ -1 +1 @@ -PKG="$PKG mod_ssl roundcubemail php-cli php-pgsql php-pecl-redis5" +PKG="$PKG roundcubemail php-cli php-pgsql php-pecl-redis5" diff --git a/seed/applicationservice/2022.03.08/roundcube/templates/config.inc.php b/seed/applicationservice/2022.03.08/roundcube/templates/config.inc.php index 9c95668..6c081cb 100644 --- a/seed/applicationservice/2022.03.08/roundcube/templates/config.inc.php +++ b/seed/applicationservice/2022.03.08/roundcube/templates/config.inc.php @@ -31,7 +31,7 @@ $config = []; // e.g. 'mysql://roundcube:@localhost/roundcubemail?verify_server_cert=false' // GNUNUX $config['db_dsnw'] = 'mysql://roundcube:@localhost/roundcubemail'; //>GNUNUX -$config['db_dsnw'] = 'pgsql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database'; +$config['db_dsnw'] = 'pgsql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database?sslmode=verify-full'; // "/images/logo_print.png", ]; */ -$config['skin_logo'] = null; +$config['skin_logo'] = '/risotto/silique_cloud.svg'; // Automatically register user in Roundcube database on successful (IMAP) logon. // Set to false if only registered users should be allowed to the webmail. diff --git a/seed/applicationservice/2022.03.08/roundcube/templates/roundcubemail.conf b/seed/applicationservice/2022.03.08/roundcube/templates/roundcubemail.conf index 5cc2fce..63f39d6 100644 --- a/seed/applicationservice/2022.03.08/roundcube/templates/roundcubemail.conf +++ b/seed/applicationservice/2022.03.08/roundcube/templates/roundcubemail.conf @@ -2,6 +2,13 @@ # Round Cube Webmail is a browser-based multilingual IMAP client # + +#>GNUNUX +Alias /roundcube/skins/elastic/risotto/ /usr/local/lib/static/ + + Require all granted + +#GNUNUX -DATABASE_URL=postgresql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database +DATABASE_URL=postgresql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database?sslmode=verify-full #