mariadb-server => mariadb

seed/applicationservice/2022.03.08/base/manual/install/install_host

@@ -5,7 +5,7 @@ if [ -z "$HOST_NAME" ]; then
     echo "usage: $0 host name"
     exit 1
 fi
-apt install --yes systemd-container dnf jq debootstrap htop gettext
+apt install --yes systemd-container dnf jq debootstrap htop gettext patch
 systemd-tmpfiles --create --clean --remove $PWD/host/configurations/$HOST_NAME/tmpfiles.d/0asystemd-nspawn.conf
 systemd-tmpfiles --create --clean --remove $PWD/host/configurations/$HOST_NAME/tmpfiles.d/0rougail.conf
 systemctl daemon-reload

seed/applicationservice/2022.03.08/base/manual/install/install_image

@@ -103,6 +103,9 @@ if [ -n "$COPR" ]; then
     wget "$COPR"
     cd -
 fi
+if [ "$FUSION" = true ]; then
+    dnf -y install "https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$RELEASEVER.noarch.rpm" --installroot="$IMAGE_NAME_RISOTTO_IMAGE_DIR"
+fi
 
 # FIXME verifier s'il y a des modifs sur pre/post
 if [ -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR".base.pkgs ] && [ -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR".pkgs ]; then
@@ -125,12 +128,19 @@ if [ "$INSTALL" = true ]; then
         VERSION=0
     fi
     mkdir tmp
+    ORI_DIR=$PWD
     cd tmp
     if [ ! "$VERSION" = 0 ]; then
         tar xf "$IMAGE_NAME_RISOTTO_IMAGE_NAME"
+        if [ "$INSTALL_TOOL" = "apt" ]; then
+            chown _apt "$IMAGE_NAME"
+        fi
+    else
+        mkdir "$IMAGE_NAME"
     fi
-    ../make_changelog "$IMAGE_NAME" "$VERSION" "$OS_NAME" "$RELEASEVER" > "$IMAGE_NAME_RISOTTO_IMAGE_DIR"_"$RELEASEVER"_"$VERSION"_changelog.md
+    cd "$IMAGE_NAME"
-    cd -
+    ../../make_changelog "$IMAGE_NAME" "$VERSION" "$OS_NAME" "$RELEASEVER" > "$IMAGE_NAME_RISOTTO_IMAGE_DIR"_"$RELEASEVER"_"$VERSION"_changelog.md
+    cd $ORI_DIR
     rm -rf tmp
     install_pkg
     sleep 2

seed/applicationservice/2022.03.08/base/manual/install/make_changelog

@@ -34,7 +34,6 @@ def read_dnf_pkg_file(os_name, filename1, filename2):
             for idx, pkg_line in enumerate(pkgs_fh.readlines()):
                 if idx < header_idx[fidx]:
                     # header
-                    print("béééé")
                     continue
                 sp_line = pkg_line.strip().split()
                 if len(sp_line) < idx_version[fidx] + 1:
@@ -154,13 +153,17 @@ type = "installe"
             for package in ori_pkg & new_dict:
                 if ori_dict[package] == new_dict[package]:
                     continue
-                run(['apt', 'download', package])
+                info = run(['apt', 'download', package], capture_output=True)
+                if info.returncode:
+                    raise Exception(f'cannot download {package}: {info}')
             packages = list(glob('*.deb'))
             packages.sort()
             for package in packages:
-                info = run(['apt-listchanges', '--which', 'both', '-f', 'text', package], capture_output=True)
+                info = run(['chroot', '.', 'apt-listchanges', '--which', 'both', '-f', 'text', package], capture_output=True)
+                if info.returncode:
+                    raise Exception(f'cannot list changes for {package}: {info}')
                 header = True
-                for line in info.split('\n'):
+                for line in info.stdout.decode().split('\n'):
                     if not header:
                         print(line)
                     if line.startswith('-----------------------'):

seed/applicationservice/2022.03.08/dovecot/dictionaries/22_dovecot.xml

@@ -86,6 +86,9 @@
         <variable name="local_authentification_ip_" type="ip" provider="mail_ip"/>
         <variable name="local_authentification_password_" type="secret" auto_save="True" provider="mail_password"/>
       </family>
+    </family>
+    <family name="nginx">
+      <variable name="nginx_default" redefine="True" remove_fill="True" mandatory="False"/>
       <variable name="revprox_ca_file" type="filename" description="Reverse proxy CA filename" hidden="True"/>
       <variable name="revprox_cert_file" type="filename" description="Reverse proxy certificate filename" hidden="True"/>
       <variable name="revprox_key_file" type="filename" description="Reverse proxy private key filename" hidden="True"/>

seed/applicationservice/2022.03.08/gitea/templates/app.ini

@@ -10,7 +10,7 @@ NAME     = %%pg_client_database
 USER     = %%pg_client_username
 PASSWD   = %%pg_client_password
 SCHEMA   =
-SSL_MODE = disable
+SSL_MODE = verify-full
 CHARSET  = utf8
 LOG_SQL  = false
 

seed/applicationservice/2022.03.08/host-systemd-machined/dictionaries/21-machined.xml

@@ -11,6 +11,8 @@
       <file>/etc/systemd/system/systemd-nspawn@.service.d/systemd-nspawn@.conf</file>
       <file>/etc/distro.repos.d/boot.repo</file>
       <file>/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-35-x86_64</file>
+      <file>/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-36-x86_64</file>
+      <file>/etc/pki/rpm-gpg/RPM-GPG-KEY-rpmfusion-free-fedora-36</file>
       <file>/etc/sysctl.d/90-risotto.conf</file>
       <file file_type="variable" source="dhcp.network" variable="host_dhcp_interface">host_dhcp_filename</file>
     </service>

seed/applicationservice/2022.03.08/lemonldap/dictionaries/70_lemonldap_ng.xml

@@ -8,6 +8,7 @@
       <file engine="none">/static/silique_email.png</file>
       <file engine="none">/static/silique_folder.png</file>
       <file engine="none">/static/silique_note.png</file>
+      <file engine="none">/static/silique_video.png</file>
       <file engine="none">/static/risotto.css</file>
       <file>/var/lib/lemonldap-ng/conf/lmConf-1.json</file>
       <file engine="none">/etc/lemonldap-ng/lemonldap-ng.ini</file>
@@ -21,20 +22,10 @@
   </services>
   <variables>
     <family name="lemonldap" description="LemonLDAP" help="Configuration de la solution d'authentification unique LemonLDAP::NG">
-      <variable name="lemon_domain" description="Nom DNS derrière LemonLDAP::NG"/>
-      <variable name="lemon_reload_web_name" description="Nom DNS du service Reload de LemonLDAP-NG" mode="expert"/>
       <variable name="lemon_proc" type="number" description="Nombre de processus dédié à LemonLdap (équivalent au nombre de processeurs)" mandatory="True">
         <value>1</value>
       </variable>
       <variable name="lemon_mail_admin" type="mail" description="Courriel de l'administrateur" mandatory="True"/>
     </family>
   </variables>
-  <constraints>
-    <fill name="calc_value">
-      <param>reload.</param>
-      <param type="variable">lemon_domain</param>
-      <param name="join"></param>
-      <target>lemon_reload_web_name</target>
-    </fill>
-  </constraints>
 </rougail>

seed/applicationservice/2022.03.08/lemonldap/templates/lmConf-1.json

@@ -57,12 +57,21 @@ commentStartToken = §
    "locationRules" : {
       "%%revprox_client_external_domainname" : {
          "default" : "accept"
+%set %%domains = []
 %for %%app in %%oauth2.remotes
   %set %%key = %%normalize_family(%%app)
+  %set %%external = %%oauth2['oauth2_' + %%key]['external_' + %%key]
+  § external is somethink like https://domain/
+  %if %%external
+   %set %%domain = %%str(%%external).split('/', 3)[-2]
+   %if %%domain not in %%domains
       },
-      "%%lemon_domain" : {
+      "%%domain" : {
          "^/logout" : "logout_sso",
          "default" : "accept"
+%%domains.append(%%domain)%slurp
+   %end if
+  %end if
 %end for
       }
    },
@@ -152,10 +161,6 @@ commentStartToken = §
    "portalDisplayRegister": 0,
    "portalDisplayResetPassword": 0,
    "portalMainLogo": "risotto/logo.png",
-   "registerUrl" : "https://%%lemon_reload_web_name/register",
-   "reloadUrls" : {
-      "localhost" : "https://%%lemon_reload_web_name/reload"
-   },
    "showLanguages": 0,
    "whatToTrace" : "_whatToTrace",
 %set %%remotes = {}

seed/applicationservice/2022.03.08/mailman/templates/mailman.cfg

@@ -24,8 +24,7 @@ layout: fhs
 #>GNUNUX
 [database]  
 class: mailman.database.postgresql.PostgreSQLDatabase  
-url: postgresql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database
+url: postgresql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database?sslmode=verify-full
-#FIXME ?sslmode=require
 
 [mta]
 lmtp_host: %%ip_eth0

seed/applicationservice/2022.03.08/mailman/templates/postorius-settings.py

@@ -10,6 +10,7 @@ DATABASES = {
         'HOST': '%%pg_client_server_domainname',      # Database server
         'PORT': '',               # Database port (leave blank for default)
         'CONN_MAX_AGE': 300,      # Max database connection age
+        'OPTIONS': {'sslmode': 'verify-full'},
     }
 }
 ALLOWED_HOSTS = ['%%revprox_client_external_domainname']

seed/applicationservice/2022.03.08/nextcloud/manual/image/preinstall/nextcloud.sh

@@ -1 +1 @@
-PKG="$PKG mod_ssl nextcloud-postgresql php-intl php-bcmath php-opcache php-pecl-redis"
+PKG="$PKG nextcloud-postgresql php-intl php-bcmath php-opcache php-pecl-redis"

seed/applicationservice/2022.03.08/nextcloud/templates/nextcloud-config.php

@@ -37,7 +37,7 @@ $CONFIG = array (
   'dbtableprefix' => 'oc_',
   'dbuser' => '%%pg_client_username',
   'dbpassword' => '%%pg_client_password',
-  'dbdriveroptions' => array('sslmode' => true),
+  'dbdriveroptions' => array('sslmode' => 'verify-full'),
   'passwordsalt' => '{{SALT}}',
   'secret' => '{{SECRET}}',
   'instanceid' => '%%nextcloud_instance_id',

seed/applicationservice/2022.03.08/nginx-common/dictionaries/20_nginx.xml

@@ -4,7 +4,7 @@
     <service name='nginx' target='multi-user'>
       <file>/etc/nginx/nginx.conf</file>
       <file source="default">/etc/nginx/sites-available/default</file>
-      <file source="default-nginx.conf">/etc/nginx/default.d/risotto.conf</file>
+      <file filelist="nginx_default" source="default-nginx.conf">/etc/nginx/default.d/risotto.conf</file>
       <!--file source="default-nginx-ssl.conf">/etc/nginx/conf.d/risotto-ssl.conf</file-->
       <file source="nginx.index.html">/var/www/html/index.html</file>
       <file source="nginx-options.conf">/etc/nginx/conf.d/options.conf</file>
@@ -36,5 +36,9 @@
       <param>Fedora</param>
       <target type="filelist">nginx_fedora</target>
     </condition>
+    <condition name="disabled_if_in" source="nginx_default">
+      <param type="nil"/>
+      <target type="filelist">nginx_default</target>
+    </condition>
   </constraints>
 </rougail>

seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/extras/nginx/00-nginx.xml

@@ -9,8 +9,8 @@
         <variable name="revprox_location_" type="filename" description="Répertoire ou nom de la page à rediriger" help="URL relative (sans le nom de domaine) redirigée pour l'adresse définie dans la variable ci-dessus (exemple &quot;/mail&quot;)" mandatory="True" multi="True" provider="revprox_location"/>
         <variable name="revprox_url_" type="web_address" description="Domaine de destination ou URI complète" mandatory="True" help="Nom de domaine ou IP de destination, par exemple &quot;http://domainelocal&quot; ou URI, par exemple &quot;http://domainelocal/dir/&quot;" provider="revprox_url"/>
 	<variable name="revprox_is_websocket_" type="boolean" description="Le point d'entré est de types websocket" mandatory="True" provider="revprox_is_websocket"/>
+	<variable name="revprox_max_body_size_" description="Taille maximum du corps" provider="revprox_max_body_size"/>
       </family>
     </family>
   </variables>
 </rougail>
-

seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/templates/revprox-nginx.conf

@@ -6,7 +6,7 @@
 server {
     listen 80;
     server_name %%domainname;
-    return 301 https://www.domain.com$request_uri;
+    return 301 https://%%domainname$request_uri;
 }
 
 # Configuration HTTPS %%domainname
@@ -25,6 +25,7 @@ server {
     location %%location {
         proxy_pass              %%location['revprox_url_' + family];
   %if %%location['revprox_is_websocket_' + family]
+        proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
   %else
@@ -41,6 +42,10 @@ server {
         proxy_ssl_verify       on;
         proxy_ssl_verify_depth 2;
         proxy_ssl_session_reuse on;
+  %set %%maxbody = %%location['revprox_max_body_size_' + family]
+  %if %%maxbody
+        client_max_body_size %%maxbody;
+  %end if
         set                     $dest  $http_destination;
         index  error.html;
         root /var/www/html;

seed/applicationservice/2022.03.08/php/applicationservice.yml

@@ -1,4 +1,2 @@
 format: '0.1'
 description: PHP configuration
-depends:
-  - apache

seed/applicationservice/2022.03.08/postfix-relay/dictionaries/30_postfix.xml

@@ -38,7 +38,6 @@
     <family name="postfix" description="Postfix mail server">
       <variable name="postfix_mail_hostname" type="domainname" description="Nom de domaine extérieur du serveur de courriel" mandatory="True"/>
       <variable name="postfix_relay_domains" type="domainname" description="Domaine de courriel généré localement" multi="True" mandatory="True" hidden="True"/>
-      <variable name='postfix_ca_chain' description="CA certificate" hidden='True'/>
       <variable name='postfix_relay_authentifications' description="CA certificate" hidden='True' multi="True" provider="mail"/>
       <family name="local_authentification_" description="Local server authentification" dynamic='postfix_relay_authentifications'>
         <variable name="local_authentification_ip_" type="ip" provider="mail_ip"/>
@@ -51,11 +50,6 @@
     </family>
   </variables>
   <constraints>
-    <fill name="get_chain">
-      <param name="authority_cn" type="variable">domain_name_eth0</param>
-      <param name="authority_name">MailServer</param>
-      <target>postfix_ca_chain</target>
-    </fill>
     <fill name="calc_value">
       <param>/etc/opendkim/keys/</param>
       <param type="variable">postfix_relay_domains</param>

seed/applicationservice/2022.03.08/postfix-relay/templates/ca_MailServer.crt

@@ -1 +1 @@
-%%postfix_ca_chain
+%%get_chain(authority_cn=%%domain_name_eth0, authority_name="MailServer")

seed/applicationservice/2022.03.08/postgresql-client/dictionaries/23_postgresql.xml

@@ -3,6 +3,9 @@
   <services>
     <service name="postgresqlclient" target="multi-user" engine="creole">
       <file mode="400">/secrets/postgresql.pass</file>
+      <file>/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt</file>
+      <file>/etc/pki/tls/certs/postgresql.crt</file>
+      <file owner_type="variable" owner="pg_client_key_owner" mode="440">/etc/pki/tls/private/postgresql.key</file>
     </service>
   </services>
   <variables>
@@ -11,6 +14,9 @@
       <variable name="pg_client_username" description="Client username" mandatory="True" hidden="True"/>
       <variable name="pg_client_password" type="password" description="Client password" mandatory="True" hidden="True"/>
       <variable name="pg_client_database" description="Client database" mandatory="True" hidden="True"/>
+      <variable name="pg_client_key_owner" type="unix_user" description="Key owner" mandatory="True">
+        <value>root</value>
+      </variable>
     </family>
   </variables>
   <constraints>

seed/applicationservice/2022.03.08/postgresql-client/templates/postgresqlclient.service

@@ -6,4 +6,4 @@ Before=network.target
 Type=oneshot
 Environment=PGPASSFILE=/usr/local/lib/secrets/postgresql.pass
 ExecStart=/usr/bin/timeout 90 sh -c 'while ! 3<> /dev/tcp/%%pg_client_server_domainname/5432; do sleep 1; done; echo "POSTGRESQL STARTED"'
-ExecStart=/usr/bin/timeout 90 sh -c 'while ! /usr/bin/psql -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -c "\l"; do sleep 1; done; echo "POSTGRESQL READY"'
+ExecStart=/usr/bin/timeout 90 sh -c 'while ! /usr/bin/psql --set=sslmode=verify-full -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -c "\l"; do sleep 1; done; echo "POSTGRESQL READY"'

seed/applicationservice/2022.03.08/postgresql-server/dictionaries/22_postgresql.xml

@@ -10,6 +10,9 @@
       <file engine="none">/etc/postgresql/pg_ident.conf</file>
       <file engine="none" mode="755">/bin/postgresql_init</file>
       <file engine="none" source="sysuser-postgresql.conf">/sysusers.d/0postgresql.conf</file>
+      <file>/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt</file>
+      <file>/etc/pki/tls/certs/postgresql.crt</file>
+      <file owner="root" group="postgres" mode="440">/etc/pki/tls/private/postgresql.key</file>
     </service>
   </services>
   <variables>

seed/applicationservice/2022.03.08/postgresql-server/manual/image/preinstall/postgresql_server.sh

@@ -1 +1 @@
-PKG="$PKG postgresql-server"
+PKG="$PKG postgresql-server postgresql-contrib"

seed/applicationservice/2022.03.08/postgresql-server/templates/pg_hba.conf

@@ -89,11 +89,11 @@ local   all         postgres	ident	map=pg_map
 #>GNUNUX
 # host    all             all             127.0.0.1/32            ident
 %for %%server in %%accounts.remotes
-host	%%normalize_family(%%server)	%%normalize_family(%%server)	%%server	md5
+hostssl	%%normalize_family(%%server)	%%normalize_family(%%server)	%%server	md5
 %end for
 #<GNUNUX
 # IPv6 local connections:
-host    all             all             ::1/128                 ident
+#host    all             all             ::1/128                 ident
 # Allow replication connections from localhost, by a user with the
 # replication privilege.
 #>GNUNUX

seed/applicationservice/2022.03.08/postgresql-server/templates/postgresql.conf

@@ -138,13 +138,12 @@ authentication_timeout = §§{pg_authentication_timeout}s
 #ssl_dh_params_file = ''
 #ssl_passphrase_command = ''
 #ssl_passphrase_command_supports_reload = off
-#>FIXME
+#>GNUNUX
-#ssl = true				# (change requires restart)
+ssl = true				# (change requires restart)
-#%import os
+ssl_ca_file = '/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt'
-#%set %%pg_server_cert_chain = os.path.splitext(§§pg_server_cert)[0] + '_ca-chain.crt'
+ssl_cert_file = '/etc/pki/tls/certs/postgresql.crt'		# (change requires restart)
-#ssl_cert_file = '%%pg_server_cert_chain'		# (change requires restart)
+ssl_key_file = '/etc/pki/tls/private/postgresql.key'		# (change requires restart)
-#ssl_key_file = '§§pg_server_key'		# (change requires restart)
+#<GNUNUX
-#<FIXME
 
 #------------------------------------------------------------------------------
 # RESOURCE USAGE (except WAL)

seed/applicationservice/2022.03.08/reverse-proxy-client/dictionaries/20_nginx_client.xml

@@ -1,95 +0,0 @@
-<?xml version='1.0' encoding='UTF-8'?>
-<rougail version="0.10">
-  <services>
-    <service name="nginx" manage="False">
-      <file file_type="variable" source="ca_InternalReverseProxy.crt">revprox_ca_file</file>
-      <file file_type="variable" source="revprox.crt">revprox_cert_file</file>
-      <file file_type="variable" source="revprox.key" owner_type="variable" owner="revprox_client_cert_owner" group_type="variable" group="revprox_client_cert_group" mode="400">revprox_key_file</file>
-    </service>
-  </services>
-  <variables>
-    <family name="nginx" description="Reverse proxy">
-      <variable name="revprox_client_server_domainname" type="domainname" description="Nom de domaine du serveur mandataire inverse" mandatory='True'/>
-      <variable name="revprox_client_server_ip" type="ip" hidden='True'/>
-      <variable name="revprox_client_external_domainname" type="domainname" description="Nom de domaine exterieur du serveur" mandatory='True' provider="external_domainname"/>
-      <family name="revprox_client" description="Point d'entré des clients" leadership="True">
-        <variable name="revprox_client_location" type="filename" description="Nom de l'arborescence racine du site" mandatory="True" multi="True">
-          <value>/</value>
-        </variable>
-        <variable name="revprox_client_is_websocket" type="boolean" description="Le point d'entré est de types websocket" mandatory="True">
-          <value>False</value>
-        </variable>
-      </family>
-      <variable name="revprox_client_local_location" type="filename" description="Nom de l'arborescene racine du site localement" hidden='True'/>
-      <variable name="revprox_client_web_address" type="web_address" description="Nom de domaine du client du mandataire inverse" hidden='True'/>
-      <variable name="revprox_client_port" type="port" description="Port du client du mandataire inverse" hidden='True'>
-        <value>443</value>
-      </variable>
-      <variable name="revprox_client_cert_owner" type="unix_user" description="Reverse proxy certificate owner">
-        <value>root</value>
-      </variable>
-      <variable name="revprox_client_cert_group" type="unix_user" description="Reverse proxy certificate group">
-        <value>root</value>
-      </variable>
-      <variable name="revprox_ca_file" type="filename" description="Reverse proxy CA filename" hidden="True"/>
-      <variable name="revprox_cert_file" type="filename" description="Reverse proxy certificate filename" hidden="True"/>
-      <variable name="revprox_key_file" type="filename" description="Reverse proxy private key filename" hidden="True"/>
-    </family>
-  </variables>
-  <constraints>
-    <fill name="calc_web_address">
-      <param type="variable">domain_name_eth0</param>
-      <param type="variable">revprox_client_port</param>
-      <param type="variable">revprox_client_local_location</param>
-      <target>revprox_client_web_address</target>
-    </fill>
-    <fill name="calc_value">
-      <param type="variable">tls_ca_directory</param>
-      <param>ca_InternalReverseProxy.crt</param>
-      <param name="join">/</param>
-      <target>revprox_ca_file</target>
-    </fill>
-    <fill name="calc_value">
-      <param type="variable">tls_cert_directory</param>
-      <param>revprox.crt</param>
-      <param name="join">/</param>
-      <target>revprox_cert_file</target>
-    </fill>
-    <fill name="calc_value">
-      <param type="variable">tls_key_directory</param>
-      <param>revprox.key</param>
-      <param name="join">/</param>
-      <target>revprox_key_file</target>
-    </fill>
-    <fill name="set_linked">
-      <param name="linked_server" type="variable">revprox_client_server_domainname</param>
-      <param name="linked_provider">revprox_clients</param>
-      <param name="linked_value" type="variable">revprox_client_external_domainname</param>
-      <param name="linked_returns">ip</param>
-      <param name="dynamic">0</param>
-      <target>revprox_client_server_ip</target>
-    </fill>
-    <check name="set_linked_configuration">
-      <param name="linked_server" type="variable">revprox_client_server_domainname</param>
-      <param name="linked_provider">revprox_location</param>
-      <param name="dynamic" type="variable">revprox_client_external_domainname</param>
-      <target>revprox_client_location</target>
-    </check>
-    <check name="set_linked_configuration">
-      <param name="linked_server" type="variable">revprox_client_server_domainname</param>
-      <param name="linked_provider">revprox_is_websocket</param>
-      <param name="dynamic" type="variable">revprox_client_external_domainname</param>
-      <param name="leader_provider">revprox_location</param>
-      <param name="leader_value" type="variable">revprox_client_location</param>
-      <target>revprox_client_is_websocket</target>
-    </check>
-    <check name="set_linked_configuration">
-      <param name="linked_server" type="variable">revprox_client_server_domainname</param>
-      <param name="linked_provider">revprox_url</param>
-      <param name="leader_provider">revprox_location</param>
-      <param name="leader_value" type="variable">revprox_client_location</param>
-      <param name="dynamic" type="variable">revprox_client_external_domainname</param>
-      <target>revprox_client_web_address</target>
-    </check>
-  </constraints>
-</rougail>

seed/applicationservice/2022.03.08/roundcube/dictionaries/31_roundcube.xml

@@ -5,6 +5,8 @@
       <file owner="root" group="apache" mode="640">/etc/roundcubemail/config.inc.php</file>
       <file>/etc/httpd/conf.d/roundcubemail.conf</file>
       <file>/secrets/roundcube-init.php</file>
+      <file engine="none">/static/silique_cloud.svg</file>
+      <file engine="none">/static/watermark.html</file>
       <file>/etc/pki/ca-trust/source/anchors/ca_MailServer.crt</file>
     </service>
   </services>

seed/applicationservice/2022.03.08/roundcube/manual/image/preinstall/roundcube.sh

@@ -1 +1 @@
-PKG="$PKG mod_ssl roundcubemail php-cli php-pgsql php-pecl-redis5"
+PKG="$PKG roundcubemail php-cli php-pgsql php-pecl-redis5"

seed/applicationservice/2022.03.08/roundcube/templates/config.inc.php

@@ -31,7 +31,7 @@ $config = [];
 //       e.g. 'mysql://roundcube:@localhost/roundcubemail?verify_server_cert=false'
 // GNUNUX $config['db_dsnw'] = 'mysql://roundcube:@localhost/roundcubemail';
 //>GNUNUX
-$config['db_dsnw'] = 'pgsql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database';
+$config['db_dsnw'] = 'pgsql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database?sslmode=verify-full';
 //<GNUNUX
 
 // Database DSN for read-only operations (if empty write database will be used)
@@ -532,7 +532,7 @@ $config['support_url'] = '';
 // file from the currently selected skin. Prepend name/path with a slash to use
 // current skin folder. Remove the slash to point to a file in the Roundcube
 // root directory. It can be also a full URL.
-$config['blankpage_url'] = '/watermark.html';
+$config['blankpage_url'] = '/risotto/watermark.html';
 
 // Logo image replacement. Specifies location of the image as:
 // - URL relative to the document root of this Roundcube installation
@@ -566,7 +566,7 @@ $config['blankpage_url'] = '/watermark.html';
      "[print]" => "/images/logo_print.png",
    ];
 */
-$config['skin_logo'] = null;
+$config['skin_logo'] = '/risotto/silique_cloud.svg';
 
 // Automatically register user in Roundcube database on successful (IMAP) logon.
 // Set to false if only registered users should be allowed to the webmail.

seed/applicationservice/2022.03.08/roundcube/templates/roundcubemail.conf

@@ -2,6 +2,13 @@
 # Round Cube Webmail is a browser-based multilingual IMAP client
 #
 
+
+#>GNUNUX
+Alias /roundcube/skins/elastic/risotto/ /usr/local/lib/static/
+<Directory /usr/local/lib/static/>
+    Require all granted
+</Directory>
+#<GNUNUX
 # GNUNUX Alias /roundcubemail /usr/share/roundcubemail
 Alias /roundcube /usr/share/roundcubemail
 

seed/applicationservice/2022.03.08/vaultwarden/templates/vaultwarden_config.env

@@ -20,7 +20,7 @@ DATA_FOLDER=/srv/vaultwarden
 ## - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING
 # DATABASE_URL=postgresql://user:password@host[:port]/database_name
 #>GNUNUX
-DATABASE_URL=postgresql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database
+DATABASE_URL=postgresql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database?sslmode=verify-full
 #<GNUNUX
 
 ## Database max connections