start extraction before backup function

seed/base-debian/dictionaries/11_debian-base.xml

@@ -4,6 +4,7 @@
     <service name="systemd-networkd">
       <override/>
     </service>
+    <service name='logrotate' disabled="True"/>
     <service name="debian" manage="False">
       <file engine="none" source="tmpfile-tmp.conf">/tmpfiles.d/0tmp.conf</file>
       <file engine="none">/etc/default/locale</file>

seed/dovecot/dictionaries/26_dovecot.xml

@@ -14,6 +14,7 @@
       <file>/etc/postfix/relay_passwd</file>
       <file>/etc/postfix/ldapsource.cf</file>
       <file>/etc/postfix/sni</file>
+      <file mode="700">/sbin/risotto_backup</file>
     </service>
     <service name='dovecot-init'>
       <override/>

seed/dovecot/templates/risotto_backup

@@ -0,0 +1,21 @@
+%echo "#!/bin/bash"
+
+BACKUP_DIR="%%backup_dir"
+
+mkdir -p $BACKUP_DIR
+chown vmail: $BACKUP_DIR
+
+rm -f $BACKUP_DIR/*.done
+find /srv/home/ -name *@* -type d -printf "%f\n" | while read user; do
+    doveadm backup -u $user maildir:$BACKUP_DIR/$user
+    touch $BACKUP_DIR/$user.done
+done
+
+ls $BACKUP_DIR | while read $user; do
+    if [ ! -f $BACKUP_DIR/$user.done ]; then
+        rm -rf $BACKUP_DIR/$user
+    if
+done
+rm -f $BACKUP_DIR/*.done
+
+exit 0

seed/forgejo/templates/app.ini

@@ -188,13 +188,13 @@ SSH_DOMAIN       = %%revprox_client_external_domainnames[0]
 ;; Port number to be exposed in clone URL
 ;SSH_PORT = 22
 ;>GNUNUX
-SSH_PORT         = %%incoming_ports
+SSH_PORT         = %%incoming_ports[0]
 ;<GNUNUX
 ;;
 ;; The port number the builtin SSH server should listen on
 ;SSH_LISTEN_PORT = %(SSH_PORT)s
 ;>GNUNUX
-SSH_LISTEN_PORT  = %%incoming_ports
+SSH_LISTEN_PORT  = %%incoming_ports[0]
 ;<GNUNUX
 ;;
 ;; Root path of SSH directory, default is '~/.ssh', but you have to use '/home/git/.ssh'.

seed/forgejo/templates/forgejo.yml

@@ -8,4 +8,4 @@ auth_server: %%oauth2_server_domainname
 username: %%username
 password: %%get_password(server_name='test', username=%%username, description='test', type="cleartext", hide=%%hide_secret, temporary=True)
 forgejo_title: "%%forgejo_title"
-git_url: "[%%domain]:%%incoming_ports"
+git_url: "[%%domain]:%%incoming_ports[0]"

seed/mariadb/dictionaries/20_mariadb.xml

@@ -7,6 +7,7 @@
       <file engine="none" source="tmpfile-mariadb.conf">/tmpfiles.d/0mariadb.conf</file>
       <file mode="600" owner="mysql" group="mysql">/etc/mariadb.sql</file>
       <file filelist="copy_tests">/tests/mariadb.yml</file>
+      <file mode="700">/sbin/risotto_backup</file>
     </service>
   </services>
   <variables>

seed/mariadb/manual/image/preinstall/mariadb_server.sh

@@ -1 +1 @@
-PKG="$PKG mariadb-server"
+PKG="$PKG mariadb-server mariadb-backup"

seed/mariadb/templates/risotto_backup

@@ -0,0 +1,6 @@
+%echo "#!/bin/bash -e"
+
+mkdir -p %%backup_dir
+mariabackup --backup --target-dir=%%backup_dir --user=root --password=%%mariadb_root_password
+
+exit 0

seed/odoo/dictionaries/40_odoo.xml

@@ -5,11 +5,11 @@
       <override/>
       <file engine="none" source="sysuser-odoo.conf">/sysusers.d/1odoo.conf</file>
       <file engine="none" source="tmpfile-odoo.conf">/tmpfiles.d/0odoo.conf</file>
-      <file mode="700">/sbin/config_odoo.py</file>
+      <file mode="755">/sbin/config_odoo.py</file>
       <file mode="400" owner="odoo">/etc/odoo/odoo.conf</file>
       <file mode="400" owner="odoo">/etc/odoo/postgresql.pass</file>
       <file>/etc/hosts</file>
-      <file source="config-nginx.conf">/etc/nginx/default.d/odoo.conf</file>
+      <file source="config-nginx.conf">/etc/nginx/sites-enabled/odoo.conf</file>
     </service>
   </services>
   <variables>
@@ -78,6 +78,11 @@
         </variable>
       </family>
     </family>
+    <family name="nginx">
+      <variable name="nginx_default_https" redefine="True">
+        <value>False</value>
+      </variable>
+    </family>
   </variables>
   <constraints>
     <fill name="get_password">

seed/odoo/manual/image/postinstall/odoo.sh

@@ -24,9 +24,6 @@ apt -f install -y
 """ > $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/install.sh
 chmod 755 $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/install.sh
 chroot $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP /install.sh
-
-
-
 sed -i "s/'postgres'/odoo.tools.config['db_name']/g" $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/python3/dist-packages/odoo/service/server.py
 sed -i "s/'postgres'/odoo.tools.config['db_name']/g" $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/python3/dist-packages/odoo/service/db.py 
 sed -i "s/'postgres'/odoo.tools.config['db_name']/g" $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/python3/dist-packages/odoo/addons/bus/models/bus.py

seed/odoo/templates/config-nginx.conf

@@ -1,19 +1,38 @@
-# Redirect requests to odoo backend server
-location / {
-  proxy_redirect off;
-  proxy_pass http://127.0.0.1:8069;
-  
-  proxy_read_timeout 720s;
-  proxy_connect_timeout 720s;
-  proxy_send_timeout 720s;
-  
-  # Add Headers for odoo proxy mode
-  proxy_set_header X-Forwarded-Host $host;
-  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-  proxy_set_header X-Forwarded-Proto $scheme;
-  proxy_set_header X-Real-IP $remote_addr;
+server {
+    listen 443 ssl http2;
+#    listen [::]:443 ssl http2;
+    server_name _;
+    server_tokens off;
 
-  # common gzip
-  gzip_types text/css text/scss text/plain text/xml application/xml application/json application/javascript;
-  gzip on;
+    ## Strong SSL Security
+    ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
+#    ssl on;
+    ssl_certificate              %%tls_cert_directory/revprox.crt;
+    ssl_certificate_key          %%tls_key_directory/revprox.key;
+    ssl_client_certificate       %%tls_ca_directory/InternalReverseProxy.crt;
+
+    ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 5m;
+    # Redirect requests to odoo backend server
+    location / {
+      proxy_redirect off;
+      proxy_pass http://127.0.0.1:8069;
+      
+      proxy_read_timeout 720s;
+      proxy_connect_timeout 720s;
+      proxy_send_timeout 720s;
+      
+      # Add Headers for odoo proxy mode
+      proxy_set_header X-Forwarded-Host $host;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_set_header X-Real-IP $remote_addr;
+    
+      # common gzip
+      gzip_types text/css text/scss text/plain text/xml application/xml application/json application/javascript;
+      gzip on;
+    }
 }

seed/odoo/templates/odoo.service

@@ -11,7 +11,7 @@ Environment="PGPASSFILE=/etc/odoo/postgresql.pass"
 %set %%addons = ','.join(%%odoo_addons)
 ExecStartPre=/usr/bin/bash -c '/usr/bin/psql --set=sslmode=verify-full -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -c "\dt account_account" 2>&1 | grep -vq "not find" || (echo "INIT DATABASE"; /usr/bin/odoo --config /etc/odoo/odoo.conf -i %%addons --stop-after-init; echo "OK")'
 #change default values in database
-ExecStartPre=+/usr/local/lib/sbin/config_odoo.py
+ExecStartPre=/usr/local/lib/sbin/config_odoo.py
 
 ExecStart=
 ExecStart=/usr/bin/odoo --config /etc/odoo/odoo.conf

seed/provider-systemd-machined/dictionaries/16_machined.xml

@@ -33,6 +33,9 @@
         <value>host</value>
       </variable>
       <variable name="zones_list" redefine="True" supplier="Host:machine_zones"/>
+      <variable name="backup_dir" type="filename" hidden="True">
+        <value>/srv/backup</value>
+      </variable>
     </family>
   </variables>
   <constraints>