diff --git a/seed/apache/dictionaries/20_web.xml b/seed/apache/dictionaries/20_web.xml
index dfc519f..1cdf912 100644
--- a/seed/apache/dictionaries/20_web.xml
+++ b/seed/apache/dictionaries/20_web.xml
@@ -19,7 +19,7 @@
-
+
300
diff --git a/seed/apache/templates/server.ca b/seed/apache/templates/server.ca
index ad46dd6..91ed66d 100644
--- a/seed/apache/templates/server.ca
+++ b/seed/apache/templates/server.ca
@@ -1 +1 @@
-%%get_chain(authority_cn=%%revprox_client_server_domainname, authority_name="InternalReverseProxy", hide=%%hide_secret)
+%%get_chain(%%domain_name_eth0, authority_cn=%%revprox_client_server_domainname, authority_name="InternalReverseProxy", hide=%%hide_secret)
diff --git a/seed/base-debian/dictionaries/11-debian-base.xml b/seed/base-debian/dictionaries/11-debian-base.xml
index 48e321a..73c4a16 100644
--- a/seed/base-debian/dictionaries/11-debian-base.xml
+++ b/seed/base-debian/dictionaries/11-debian-base.xml
@@ -10,7 +10,9 @@
/sysusers.d/debian.conf
+
+
diff --git a/seed/base-debian/dictionaries/17-debian-base.xml b/seed/base-debian/dictionaries/17-debian-base.xml
index b17a9da..d3a0e36 100644
--- a/seed/base-debian/dictionaries/17-debian-base.xml
+++ b/seed/base-debian/dictionaries/17-debian-base.xml
@@ -1,7 +1,7 @@
-
+
diff --git a/seed/base-debian/manual/image/postinstall/debian.sh b/seed/base-debian/manual/image/postinstall/debian.sh
index b681f29..66f218d 100644
--- a/seed/base-debian/manual/image/postinstall/debian.sh
+++ b/seed/base-debian/manual/image/postinstall/debian.sh
@@ -1,8 +1,8 @@
-rm -f $IMAGE_NAME_RISOTTO_IMAGE_DIR/etc/resolv.conf
-ln -s ../run/systemd/resolve/stub-resolv.conf $IMAGE_NAME_RISOTTO_IMAGE_DIR/etc/resolv.conf
-#mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants
-#chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants
-#ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
-#ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
-#ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
-#ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"
+rm -f $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/etc/resolv.conf
+ln -s ../run/systemd/resolve/stub-resolv.conf $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/etc/resolv.conf
+#mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
+#chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
+#ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
+#ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
+#ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
+#ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"
diff --git a/seed/base-fedora-35/manual/image/postinstall/base_fedora_35.sh b/seed/base-fedora-35/manual/image/postinstall/base_fedora_35.sh
index 219e52e..f19a831 100644
--- a/seed/base-fedora-35/manual/image/postinstall/base_fedora_35.sh
+++ b/seed/base-fedora-35/manual/image/postinstall/base_fedora_35.sh
@@ -1,7 +1,7 @@
# ACTIVE NETWORKD
-mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants
-chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants
-ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
-ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
-ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
-ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"
+mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
+chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
+ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
+ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
+ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
+ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"
diff --git a/seed/base-fedora-36/manual/image/postinstall/base_fedora_version.sh b/seed/base-fedora-36/manual/image/postinstall/base_fedora_version.sh
index 219e52e..f19a831 100644
--- a/seed/base-fedora-36/manual/image/postinstall/base_fedora_version.sh
+++ b/seed/base-fedora-36/manual/image/postinstall/base_fedora_version.sh
@@ -1,7 +1,7 @@
# ACTIVE NETWORKD
-mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants
-chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants
-ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
-ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
-ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
-ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"
+mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
+chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
+ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
+ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
+ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
+ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"
diff --git a/seed/base-fedora/dictionaries/17-fedora-base.xml b/seed/base-fedora/dictionaries/17-fedora-base.xml
index 09f1c24..0983237 100644
--- a/seed/base-fedora/dictionaries/17-fedora-base.xml
+++ b/seed/base-fedora/dictionaries/17-fedora-base.xml
@@ -1,7 +1,7 @@
-
+
diff --git a/seed/base-fedora/manual/image/preinstall/base_fedora.sh b/seed/base-fedora/manual/image/preinstall/base_fedora.sh
index 1fbc878..2faeb9e 100644
--- a/seed/base-fedora/manual/image/preinstall/base_fedora.sh
+++ b/seed/base-fedora/manual/image/preinstall/base_fedora.sh
@@ -1,4 +1,4 @@
BASE_PKG="systemd systemd-networkd systemd-resolved fedora-release-container lsof strace glibc-langpack-fr $BASE_PKG"
INSTALL_TOOL="dnf"
OS_NAME='fedora'
-REPO_DIR="$IMAGE_NAME_RISOTTO_IMAGE_DIR/etc/yum.repos.d/"
+REPO_DIR="$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/etc/yum.repos.d/"
diff --git a/seed/base-machine/dictionaries/12-base.xml b/seed/base-machine/dictionaries/12-base.xml
index b81e59c..c03e7f8 100644
--- a/seed/base-machine/dictionaries/12-base.xml
+++ b/seed/base-machine/dictionaries/12-base.xml
@@ -6,25 +6,26 @@
-
+
False
-
+
-
+
+ zones
domain_name_eth
ip_eth
@@ -33,14 +34,16 @@
zone_name_eth
-
- zone_name_eth
+
+ zones
network
+ zone_name_eth
network_eth
-
- zone_name_eth
- gateway
+
+ zones
+ host_ip
+ zone_name_eth
gateway_eth
diff --git a/seed/base-machine/funcs/funcs.py b/seed/base-machine/funcs/funcs.py
index 6c4599c..1784d5a 100644
--- a/seed/base-machine/funcs/funcs.py
+++ b/seed/base-machine/funcs/funcs.py
@@ -6,9 +6,6 @@ from os.path import join as _join, isfile as _isfile, isdir as _isdir
from os import makedirs as _makedirs, environ as _environ
-#from risotto.utils import ZONES_SERVER
-
-
_HERE = _environ['PWD']
_PASSWORD_DIR = _join(_HERE, 'password')
diff --git a/seed/base/funcs/base.py b/seed/base/funcs/base.py
index 6e3dde3..c4fe712 100644
--- a/seed/base/funcs/base.py
+++ b/seed/base/funcs/base.py
@@ -1,10 +1,11 @@
-from typing import List
-from risotto.utils import load_domains, DOMAINS
from risotto.utils import multi_function as _multi_function
+from typing import List as _List
@_multi_function
-def get_ip(server_name: str) -> str:
+def get_ip(zones: dict,
+ server_name: str,
+ ) -> str:
if server_name is None:
return
if isinstance(server_name, list):
@@ -15,12 +16,32 @@ def get_ip(server_name: str) -> str:
lst = []
for s_name in server_name:
host_name, domain_name = s_name.split('.', 1)
- if not domain_name in DOMAINS:
+ for zone in zones.values():
+ if domain_name == zone['domain_name']:
+ break
+ else:
raise ValueError(f'cannot find IP in domain name "{domain_name}" (for "{s_name}")')
- domain = DOMAINS[domain_name]
- ret = domain[1][domain[0].index(host_name)]
+ ret = zone['hosts'][host_name]
if not return_list:
return ret
if ret not in lst:
lst.append(ret)
return lst
+
+
+@_multi_function
+def get_zones_info(zones: dict,
+ type: str,
+ zone_names: _List[str]=None,
+ zone_name: str=None,
+ index: int=None,
+ ) -> str:
+ if type == 'host_ip' and index != 0:
+ return
+ if zone_name:
+ if zone_name not in zones:
+ raise ValueError(f"cannot get zone informations in unknown zone '{zone_name}'")
+ if type == 'cidr':
+ return zones[zone_name]['host_ip'] + '/' + zones[zone_name]['network'].split('/')[-1]
+ return zones[zone_name][type]
+ return [data[type] for zone_name, data in zones.items() if not zone_names or zone_name in zone_names]
diff --git a/seed/dns-local/dictionaries/13-dns-local.xml b/seed/dns-local/dictionaries/13-dns-local.xml
index fb58cb4..3079657 100644
--- a/seed/dns-local/dictionaries/13-dns-local.xml
+++ b/seed/dns-local/dictionaries/13-dns-local.xml
@@ -10,12 +10,13 @@
True
-
+
+ zones
dns_client_address
ip_dns
diff --git a/seed/dns-local/templates/dns-local.yml b/seed/dns-local/templates/dns-local.yml
index 1f5b1ce..dca8aa9 100644
--- a/seed/dns-local/templates/dns-local.yml
+++ b/seed/dns-local/templates/dns-local.yml
@@ -6,15 +6,15 @@ addresses:
%elif %%getVar('unbound_forward_address', None) is not None
%for %%authority in %%unbound_forward_address
- dns_address: %%authority
- dns_ip: %%get_ip(%%str(%%authority))
+ dns_ip: %%authority.unbound_allowed_client
%end for
-%else
+%elif %%getVar('nsd_zones', None)
%for %%zone in %%nsd_zones
%set %%suffix = %%normalize_family(%%zone)
%set %%hostnames = %%nsd["nsd_zone_" + %%suffix]["hostname_" + %%suffix]["hostname_" + %%suffix]
- %for %%nsd in %%hostnames
-- dns_address: %%{nsd}.%%zone
- dns_ip: %%nsd["ip_" + %%suffix]
+ %for %%hostname in %%hostnames
+- dns_address: %%{hostname}.%%zone
+ dns_ip: %%hostname["ip_" + %%suffix]
%end for
%end for
%end if
diff --git a/seed/dovecot/dictionaries/26_dovecot.xml b/seed/dovecot/dictionaries/26_dovecot.xml
index 89a5502..db4d767 100644
--- a/seed/dovecot/dictionaries/26_dovecot.xml
+++ b/seed/dovecot/dictionaries/26_dovecot.xml
@@ -85,11 +85,13 @@
-
+
+
+
/var/www/html
diff --git a/seed/dovecot/templates/ca_IMAPServer.crt b/seed/dovecot/templates/ca_IMAPServer.crt
index d009787..8ccae2a 100644
--- a/seed/dovecot/templates/ca_IMAPServer.crt
+++ b/seed/dovecot/templates/ca_IMAPServer.crt
@@ -1 +1 @@
-%%get_chain(%%domain_name_eth0, "IMAPServer", hide=%%hide_secret)
+%%get_chain(%%domain_name_eth0, %%domain_name_eth0, "IMAPServer", hide=%%hide_secret)
diff --git a/seed/dovecot/templates/ca_MailServer.crt b/seed/dovecot/templates/ca_MailServer.crt
index 7b251ce..8b9ab56 100644
--- a/seed/dovecot/templates/ca_MailServer.crt
+++ b/seed/dovecot/templates/ca_MailServer.crt
@@ -1 +1 @@
-%%get_chain(%%domain_name_eth0, "MailServer", hide=%%hide_secret)
+%%get_chain(%%domain_name_eth0, %%domain_name_eth0, "MailServer", hide=%%hide_secret)
diff --git a/seed/dovecot/templates/imap.yml b/seed/dovecot/templates/imap.yml
index 82233af..d90e4f4 100644
--- a/seed/dovecot/templates/imap.yml
+++ b/seed/dovecot/templates/imap.yml
@@ -8,5 +8,5 @@ password: %%get_password(server_name='test', username=%%username, description="t
username_family: %%username_family
password_family: %%get_password(server_name='test', username=%%username_family, description='test', type="cleartext", hide=%%hide_secret, temporary=True)
name_family: %%name_family
-smtp: %%get_ip(%%smtp_relay_address)
+smtp: %%smtp_relay_ip
ext_username: 'test@example.net'
diff --git a/seed/gitea/dictionaries/31_gitea.xml b/seed/gitea/dictionaries/31_gitea.xml
index 7a52cfe..b41f158 100644
--- a/seed/gitea/dictionaries/31_gitea.xml
+++ b/seed/gitea/dictionaries/31_gitea.xml
@@ -1,7 +1,7 @@
-
+
/sysusers.d/0gitea.conf
/tmpfiles.d/0gitea.conf
/etc/gitea/app.ini
@@ -28,7 +28,7 @@
-
+
/
diff --git a/seed/gitea/manual/image/postinstall/gitea.sh b/seed/gitea/manual/image/postinstall/gitea.sh
index 3526c53..534a58e 100644
--- a/seed/gitea/manual/image/postinstall/gitea.sh
+++ b/seed/gitea/manual/image/postinstall/gitea.sh
@@ -9,9 +9,11 @@ VERS=$(wget https://dl.gitea.io/gitea/version.json -q -O - | jq -r '.latest.vers
mkdir -p ~/gitea/
if [ ! -f ~/"gitea/gitea-$VERS-linux-amd64.xz" ]; then
+ rm -rf ~/"gitea/gitea-*-linux-amd64.xz"
wget "https://dl.gitea.io/gitea/$VERS/gitea-$VERS-linux-amd64.xz" -O ~/"gitea/gitea-$VERS-linux-amd64.xz"
fi
if [ ! -f ~/"gitea/gitea-$VERS-linux-amd64.xz.asc" ]; then
+ rm -rf ~/"gitea/gitea-*-linux-amd64.xz.asc"
wget "https://dl.gitea.io/gitea/$VERS/gitea-$VERS-linux-amd64.xz.asc" -O ~/"gitea/gitea-$VERS-linux-amd64.xz.asc"
fi
@@ -19,5 +21,5 @@ gpg --verify ~/"gitea/gitea-$VERS-linux-amd64.xz.asc" ~/"gitea/gitea-$VERS-linux
cp -a ~/"gitea/gitea-$VERS-linux-amd64.xz" .
xz -d "gitea-$VERS-linux-amd64.xz"
-mv "gitea-$VERS-linux-amd64" "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/bin/gitea"
-chmod +x "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/bin/gitea"
+mv "gitea-$VERS-linux-amd64" "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/bin/gitea"
+chmod +x "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/bin/gitea"
diff --git a/seed/host-systemd-machined/dictionaries/21-machined.xml b/seed/host-systemd-machined/dictionaries/21-machined.xml
index 06f7bdb..37b8734 100644
--- a/seed/host-systemd-machined/dictionaries/21-machined.xml
+++ b/seed/host-systemd-machined/dictionaries/21-machined.xml
@@ -6,12 +6,12 @@
systemd_zone_filename
systemd_netzone_filename
-
+
-
-
+
+
/usr/local/lib/risotto-tmpfiles.d/0asystemd-nspawn.conf
/etc/systemd/system/systemd-nspawn@.service.d/systemd-nspawn@.conf
@@ -20,12 +20,11 @@
/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-36-x86_64
/etc/pki/rpm-gpg/RPM-GPG-KEY-rpmfusion-free-fedora-36
/etc/sysctl.d/90-risotto.conf
- host_dhcp_filename
+ host_network_filename
-
-
+
@@ -39,16 +38,34 @@
jq
debootstrap
htop
+ iotop
+ man
gettext
patch
unzip
mlocate
xz-utils
iptables
+ curl
+ tree
+ tshark
+ vim
-
+
+
+
+ dhcp
+ ipv4
+ dhcp
+
+
+
+
+
+
+
@@ -57,6 +74,7 @@
+ zones
zone_name
@@ -69,11 +87,11 @@
/etc/systemd/network/80-
- host_dhcp_interface
+ interface_names
.network
True
- host_dhcp_filename
+ host_network_filename
/etc/systemd/network/70-container-
@@ -83,10 +101,26 @@
True
systemd_netzone_filename
-
- zone_name
+
+ zones
cidr
+ zone_name
zone_cidr
+
+
+ first_interface
+
+
+ ipv4
+ interface_ip
+ interface_gateway
+ interface_domain_name_servers
+
+
+ True
+ interface_gateway
+ interface_domain_name_servers
+
diff --git a/seed/host-systemd-machined/extras/machined/00-machined.xml b/seed/host-systemd-machined/extras/machined/00-machined.xml
index 4f31f93..48acc18 100644
--- a/seed/host-systemd-machined/extras/machined/00-machined.xml
+++ b/seed/host-systemd-machined/extras/machined/00-machined.xml
@@ -15,6 +15,7 @@
+
@@ -35,6 +36,11 @@
True
machined.nspawn_zone_filename
+
+ zones
+
+ machined.machine_.ip_
+
diff --git a/seed/host-systemd-machined/templates/dhcp.network b/seed/host-systemd-machined/templates/dhcp.network
index d6df20a..53b91e9 100644
--- a/seed/host-systemd-machined/templates/dhcp.network
+++ b/seed/host-systemd-machined/templates/dhcp.network
@@ -2,4 +2,16 @@
Name=%%rougail_variable
[Network]
+%set %%leader = %%interface_names[%%rougail_index]
+%if %%leader.interface_type == 'dhcp'
DHCP=ipv4
+%else
+DHCP=no
+Address=%%leader.interface_ip
+ %if %%leader.first_interface
+Gateway=%%leader.interface_gateway
+ %for %%dns in %%leader.interface_domain_name_servers
+DNS=%%dns
+ %end for
+ %end if
+%end if
diff --git a/seed/host-systemd-machined/templates/risottofirewall.service b/seed/host-systemd-machined/templates/risottofirewall.service
index fa56e57..f83aae8 100644
--- a/seed/host-systemd-machined/templates/risottofirewall.service
+++ b/seed/host-systemd-machined/templates/risottofirewall.service
@@ -5,21 +5,27 @@ After=network.target
[Service]
Type=oneshot
RemainAfterExit=yes
+%set %%has_rules = False
%for %%dns in %%machined.machines
-%set %%machine = %%normalize_family(%%dns)
-%set %%outgoing = %%machined['machine_' + %%machine]['outgoing_ports_' + %%machine]
+ %set %%machine = %%normalize_family(%%dns)
+ %set %%outgoing = %%machined['machine_' + %%machine]['outgoing_ports_' + %%machine]
%if %%outgoing
+ %set %%ip = %%machined['machine_' + %%machine]['ip_' + %%machine]
%for %%port in %%outgoing
%if ':' in %%port
-%set %%protocol, %%port = %%port.split(':')
+ %set %%protocol, %%port = %%port.split(':')
%else
-%set %%protocol = 'tcp'
+ %set %%protocol = 'tcp'
%end if
-ExecStart=/sbin/iptables -t nat -A POSTROUTING -s %%get_ip(%%dns) -p %%protocol -m %%protocol --dport %%port -o %%output_interface -j MASQUERADE
-ExecStop=-/sbin/iptables -t nat -D POSTROUTING -s %%get_ip(%%dns) -p %%protocol -m %%protocol --dport %%port -o %%output_interface -j MASQUERADE
+ExecStart=/sbin/iptables -t nat -A POSTROUTING -s %%ip -p %%protocol -m %%protocol --dport %%port -o %%output_interface -j MASQUERADE
+ExecStop=-/sbin/iptables -t nat -D POSTROUTING -s %%ip -p %%protocol -m %%protocol --dport %%port -o %%output_interface -j MASQUERADE
+ %set %%has_rules = False
%end for
%end if
%end for
+%if not %%has_rules
+ExecStart=/usr/bin/echo "No rule"
+%end if
[Install]
WantedBy=multi-user.target
diff --git a/seed/imap-client/templates/ca_IMAPServer.crt b/seed/imap-client/templates/ca_IMAPServer.crt
index ed24ab8..04b8fc9 100644
--- a/seed/imap-client/templates/ca_IMAPServer.crt
+++ b/seed/imap-client/templates/ca_IMAPServer.crt
@@ -1 +1 @@
-%%get_chain(%%imap_address, 'IMAPServer', hide=%%hide_secret)
+%%get_chain(%%domain_name_eth0, %%imap_address, 'IMAPServer', hide=%%hide_secret)
diff --git a/seed/ldap-client/dictionaries/21_ldap-client.xml b/seed/ldap-client/dictionaries/21_ldap-client.xml
index b0835e4..4b1239a 100644
--- a/seed/ldap-client/dictionaries/21_ldap-client.xml
+++ b/seed/ldap-client/dictionaries/21_ldap-client.xml
@@ -2,7 +2,7 @@
-
+
ldap_client_file
ldap_ca_file
ldap_cert_file
diff --git a/seed/ldap-client/templates/ca_LDAP.crt b/seed/ldap-client/templates/ca_LDAP.crt
index d04f2f9..59f77a0 100644
--- a/seed/ldap-client/templates/ca_LDAP.crt
+++ b/seed/ldap-client/templates/ca_LDAP.crt
@@ -1 +1 @@
-%%get_chain(%%ldap_server_address, 'LDAP', hide=%%hide_secret)
+%%get_chain(cn=%%domain_name_eth0, authority_cn=%%ldap_server_address, authority_name="LDAP", hide=%%hide_secret)
diff --git a/seed/letsencrypt/funcs/letsencrypt.py b/seed/letsencrypt/funcs/letsencrypt.py
index 7238932..6628068 100644
--- a/seed/letsencrypt/funcs/letsencrypt.py
+++ b/seed/letsencrypt/funcs/letsencrypt.py
@@ -3,7 +3,7 @@ from subprocess import run as _run
from os.path import join as _join, isfile as _isfile, isdir as _isdir
from datetime import datetime as _datetime
from shutil import copyfile as _copyfile
-from os import makedirs as _makedirs, environ as _environ
+from os import makedirs as _makedirs, environ as _environ, listdir as _listdir, unlink as _unlink
_HERE = _environ['PWD']
@@ -54,25 +54,31 @@ def letsencrypt_certif(domain: str,
'360',
]
ret = _run(cli_args, capture_output=True)
- if ret.returncode != 0:
- print("FIXME")
+ #if ret.returncode != 0:
+ # print("FIXME")
#raise ValueError(ret.stderr.decode())
# print("Done")
with open(date_file, 'w') as fh:
fh.write(today)
rootdir = _join(_X509_DIR, f'{authority_name}+{authority_cn}')
- chaindir = _join(rootdir, 'ca')
certdir = _join(rootdir, 'certificats', domain, 'server')
+ chaindir = _join(rootdir, 'certificats', domain, 'ca')
week_number = date.isocalendar().week
for dirname in (chaindir, certdir):
if not _isdir(dirname):
_makedirs(dirname)
+ certificate_name = f'certificate_{week_number}.crt'
_copyfile(_join(_LE_DIR, domain, 'config/live', domain, 'chain.pem'),
- _join(chaindir, f'certificate_{week_number}.crt'),
+ _join(chaindir, certificate_name),
)
_copyfile(_join(_LE_DIR, domain, 'config/live', domain, 'privkey.pem'),
_join(certdir, 'private.key'),
)
_copyfile(_join(_LE_DIR, domain, 'config/live', domain, 'fullchain.pem'),
- _join(certdir, f'certificate_{week_number}.crt'),
+ _join(certdir, certificate_name),
)
+ for dirname in (chaindir, certdir):
+ for filename in _listdir(dirname):
+ if not filename.endswith('.crt') or filename == certificate_name:
+ continue
+ _unlink(_join(dirname, filename))
diff --git a/seed/mailman/dictionaries/31_mailman.xml b/seed/mailman/dictionaries/31_mailman.xml
index 3ee89c0..1e3378b 100644
--- a/seed/mailman/dictionaries/31_mailman.xml
+++ b/seed/mailman/dictionaries/31_mailman.xml
@@ -1,24 +1,23 @@
-
-
- /etc/mailman.cfg
- /etc/mailman3.d/postfix.cfg
- /sysusers.d/0mailman.conf
+
+
+ /etc/mailman3/mailman.cfg
/tmpfiles.d/0mailman.conf
-
-
- /etc/postorius/gunicorn_config.py
- /sysusers.d/0postorius.conf
- /etc/nginx/default.d/postorius.conf
- /etc/mailman3.d/postorius.py
/tests/mailman.yml
+
-
+
+
+ /etc/mailman3/mailman-web.py
+
+
- /etc/pki/tls/private/postgresql_postorius.key
-
+
+
@@ -56,7 +55,7 @@
- mailman
+ list
diff --git a/seed/mailman/manual/image/postinstall/postorius.sh b/seed/mailman/manual/image/postinstall/postorius.sh
index 23a6f7c..1c5ed1c 100644
--- a/seed/mailman/manual/image/postinstall/postorius.sh
+++ b/seed/mailman/manual/image/postinstall/postorius.sh
@@ -1,12 +1,12 @@
-PYTHON="usr/lib/python3.10/site-packages"
-cp -a "$IMAGE_DIR_RECIPIENT_IMAGE/postinstall/lemonldap" "$IMAGE_NAME_RISOTTO_IMAGE_DIR/$PYTHON/allauth/socialaccount/providers/"
-cp -a "$IMAGE_DIR_RECIPIENT_IMAGE/postinstall/risotto" "$IMAGE_NAME_RISOTTO_IMAGE_DIR/$PYTHON/allauth/socialaccount/providers/"
-cp -a "$IMAGE_DIR_RECIPIENT_IMAGE/postinstall/postorius" "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/share/postorius"
-chmod +x "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/share/postorius/manage.py"
-ln -s /etc/mailman3.d/postorius.py "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/share/postorius/m_postorius/settings_local.py"
-ln -s ../../django_mailman3/static/django-mailman3 "$IMAGE_NAME_RISOTTO_IMAGE_DIR/$PYTHON/postorius/static/"
-ln -s ../../django/contrib/admin/static/admin "$IMAGE_NAME_RISOTTO_IMAGE_DIR/$PYTHON/postorius/static/"
-#translation
-msgfmt $IMAGE_NAME_RISOTTO_IMAGE_DIR/$PYTHON/postorius/locale/fr/LC_MESSAGES/django.po -o $IMAGE_NAME_RISOTTO_IMAGE_DIR/$PYTHON/postorius/locale/fr/LC_MESSAGES/django.mo
-sed -i 's/$event.mlist.fqdn_listname\./$event.mlist.fqdn_listname/g' $IMAGE_NAME_RISOTTO_IMAGE_DIR/$PYTHON/mailman/messages/fr/LC_MESSAGES/mailman.po
-msgfmt $IMAGE_NAME_RISOTTO_IMAGE_DIR/$PYTHON/mailman/messages/fr/LC_MESSAGES/mailman.po -o $IMAGE_NAME_RISOTTO_IMAGE_DIR/$PYTHON/mailman/messages/fr/LC_MESSAGES/mailman.mo
+#PYTHON="usr/lib/python3/site-packages"
+#cp -a "$IMAGE_DIR_RECIPIENT_IMAGE/postinstall/lemonldap" "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/$PYTHON/allauth/socialaccount/providers/"
+#cp -a "$IMAGE_DIR_RECIPIENT_IMAGE/postinstall/risotto" "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/$PYTHON/allauth/socialaccount/providers/"
+#cp -a "$IMAGE_DIR_RECIPIENT_IMAGE/postinstall/postorius" "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/share/postorius"
+#chmod +x "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/share/postorius/manage.py"
+#ln -s /etc/mailman3.d/postorius.py "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/share/postorius/m_postorius/settings_local.py"
+#ln -s ../../django_mailman3/static/django-mailman3 "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/$PYTHON/postorius/static/"
+#ln -s ../../django/contrib/admin/static/admin "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/$PYTHON/postorius/static/"
+##translation
+#msgfmt $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/$PYTHON/postorius/locale/fr/LC_MESSAGES/django.po -o $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/$PYTHON/postorius/locale/fr/LC_MESSAGES/django.mo
+#sed -i 's/$event.mlist.fqdn_listname\./$event.mlist.fqdn_listname/g' $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/$PYTHON/mailman/messages/fr/LC_MESSAGES/mailman.po
+#msgfmt $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/$PYTHON/mailman/messages/fr/LC_MESSAGES/mailman.po -o $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/$PYTHON/mailman/messages/fr/LC_MESSAGES/mailman.mo
diff --git a/seed/mailman/manual/image/preinstall/mailman.sh b/seed/mailman/manual/image/preinstall/mailman.sh
index fcc29ea..2101ebb 100644
--- a/seed/mailman/manual/image/preinstall/mailman.sh
+++ b/seed/mailman/manual/image/preinstall/mailman.sh
@@ -1 +1,3 @@
-PKG="$PKG mailman3 postorius python3-psycopg2 python-unversioned-command python3-django-cors-headers"
+#PKG="$PKG mailman3 postorius python3-psycopg2 python-unversioned-command python3-django-cors-headers"
+PKG="$PKG mailman3-full"
+#python3-xapian-haystack
diff --git a/seed/mailman/templates/mailman-web.py b/seed/mailman/templates/mailman-web.py
index a0aae36..8ba705d 100644
--- a/seed/mailman/templates/mailman-web.py
+++ b/seed/mailman/templates/mailman-web.py
@@ -1,37 +1,239 @@
-# -*- coding: utf-8 -*-
+# This file is imported by the Mailman Suite. It is used to override
+# the default settings from /usr/share/mailman3-web/settings.py.
+
+# SECURITY WARNING: keep the secret key used in production secret!
+#>GNUNUX
SECRET_KEY = '%%postorius_secret_key'
-#FIXME same database has mailman?
+#GNUNUX
+ #'*'
+ '%%{revprox_client_external_domainnames[0]}'
+#GNUNUX
+# Mailman API credentials
+#MAILMAN_REST_API_URL = 'http://localhost:8001'
+#MAILMAN_REST_API_USER = 'restadmin'
+#MAILMAN_REST_API_PASS = 'T0zVrLFZBJrftkW9Sjs660sEr/P3zehYGYPuo93LSGZT1KHd'
+#MAILMAN_ARCHIVER_KEY = 'BzzgFI+QbeFOsGFy0Q6wfD5cp9fQvk1o'
+#MAILMAN_ARCHIVER_FROM = ('127.0.0.1', '::1')
+#GNUNUX
+ #'ENGINE': 'django.db.backends.sqlite3',
+#GNUNUX
+ #'NAME': '/var/lib/mailman3/web/mailman3web.db',
+#GNUNUX
+ #'USER': '',
+ #'PASSWORD': '',
+#GNUNUX
+ #'HOST': '',
'ENGINE': 'django.db.backends.postgresql_psycopg2',
- 'NAME': '%%pg_client_database', # Database name
+#FIXME same database has mailman?
+ 'NAME': '%%pg_client_database',
'USER': '%%pg_client_username', # PostgreSQL username
'PASSWORD': '%%pg_client_password', # PostgreSQL password
'HOST': '%%pg_client_server_domainname', # Database server
- 'PORT': '', # Database port (leave blank for default)
- 'CONN_MAX_AGE': 300, # Max database connection age
- 'OPTIONS': {'sslmode': 'verify-full', 'sslcert': '%%pg_client_crt_file', 'sslkey': '/etc/pki/tls/private/postgresql_postorius.key', 'sslrootcert': '%%pg_client_ca_file'},
+ 'CONN_MAX_AGE': 300,
+#>GNUNUX
+ # PORT: set to empty string for default.
+ 'PORT': '',
+ # OPTIONS: Extra parameters to use when connecting to the database.
+ 'OPTIONS': {
+ # Set sql_mode to 'STRICT_TRANS_TABLES' for MySQL. See
+ # https://docs.djangoproject.com/en/1.11/ref/
+ # databases/#setting-sql-mode
+ #'init_command': "SET sql_mode='STRICT_TRANS_TABLES'",
+#>GNUNUX
+ 'sslmode': 'verify-full',
+ 'sslcert': '%%pg_client_crt_file',
+ 'sslkey': '/etc/pki/tls/private/postgresql_postorius.key',
+ 'sslrootcert': '%%pg_client_ca_file',
+#GNUNUX
+SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+#GNUNUX
+CSRF_TRUSTED_ORIGINS = ['%%{revprox_client_external_domainnames[0]}']
+#GNUNUX
+#LANGUAGE_CODE = 'en-us'
+LANGUAGE_CODE = 'fr'
+#GNUNUX
+#DEFAULT_FROM_EMAIL = 'postorius@{}'.format(EMAILNAME)
+DEFAULT_FROM_EMAIL = '%%mailman_mail_owner'
+#GNUNUX
+#SERVER_EMAIL = 'root@{}'.format(EMAILNAME)
+SERVER_EMAIL = '%%mailman_mail_owner'
EMAIL_HOST = "%%smtp_relay_address"
EMAIL_PORT = 25
EMAIL_HOST_USER = "%%smtp_relay_user@%%ip_eth0"
EMAIL_HOST_PASSWORD = "%%smtp_relay_password"
EMAIL_USE_TLS = True
-DEFAULT_FROM_EMAIL = '%%mailman_mail_owner'
+#FIXME
EMAIL_SUBJECT_PREFIX = '[Django] '
-SERVER_EMAIL = '%%mailman_mail_owner'
-SOCIALACCOUNT_EMAIL_VERIFICATION = 'none'
+
+
+STATIC_URL = '/mailman/postorius_static/'
+FORCE_SCRIPT_NAME = '/mailman'
+#GNUNUX
+SOCIALACCOUNT_EMAIL_VERIFICATION = 'none'
+#GNUNUX
+#POSTORIUS_TEMPLATE_BASE_URL = 'http://localhost/mailman3/'
+POSTORIUS_TEMPLATE_BASE_URL = 'https://%%{revprox_client_external_domainnames[0]}'
+#.
+
+# This file contains the Debian configuration for mailman. It uses ini-style
+# formats under the lazr.config regime to define all system configuration
+# options. See for details.
+
[mailman]
-# GNUNUX default_language: en
-#>GNUNUX
-default_language: fr
-#GNUNUX
+#site_owner: changeme@example.com
site_owner: %%mailman_mail_owner
+#GNUNUX
+#default_language: en
+default_language: fr
+#>>
+
+# Banner to show on startup.
+banner: Welcome to the GNU Mailman shell
+
+# Use IPython as the shell, which must be found on the system. Valid values
+# are `no`, `yes`, and `debug` where the latter is equivalent to `yes` except
+# that any import errors will be displayed to stderr.
+use_ipython: no
+
+# Set this to allow for command line history if readline is available. This
+# can be as simple as $var_dir/history.py to put the file in the var directory.
+history_file:
+
+
+[paths.debian]
+# Important directories for Mailman operation. These are defined here so that
+# different layouts can be supported. For example, a developer layout would
+# be different from a FHS layout. Most paths are based off the var_dir, and
+# often just setting that will do the right thing for all the other paths.
+# You might also have to set spool_dir though.
+#
+# Substitutions are allowed, but must be of the form $var where 'var' names a
+# configuration variable in the paths.* section. Substitutions are expanded
+# recursively until no more $-variables are present. Beware of infinite
+# expansion loops!
+#
+# This is the root of the directory structure that Mailman will use to store
+# its run-time data.
+#>GNUNUX
+#var_dir: /var/lib/mailman3
+var_dir: /srv/mailman/
+#GNUNUX
+#log_dir: /var/log/mailman3
+log_dir: /srv/mailman/log
+#GNUNUX
-[database]
class: mailman.database.postgresql.PostgreSQLDatabase
+#GNUNUX
url: postgresql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database?sslmode=verify-full&sslcert=%%pg_client_crt_file&sslkey=%%pg_client_key_file&sslrootcert=%%pg_client_ca_file
+#GNUNUX
+#FIXME format: %(asctime)s (%(process)d) %(message)s
+#FIXME datefmt: %b %d %H:%M:%S %Y
+#FIXME propagate: no
+#FIXME level: info
+#FIXME path: mailman.log
+#GNUNUX
+#hostname: localhost
+hostname: %%mailman_domains
+#GNUNUX
+#port: 8001
+port: 443
+#GNUNUX
+#use_https: no
+use_https: yes
+#GNUNUX
+#smtp_host: localhost
smtp_host: %%smtp_relay_address
-smtp_user: %%smtp_relay_user@%%ip_eth0
-smtp_pass: %%smtp_relay_password
smtp_port: 25
+#smtp_user:
+smtp_user: %%smtp_relay_user@%%ip_eth0
+#smtp_pass:
+smtp_pass: %%smtp_relay_password
smtp_secure_mode: starttls
smtp_verify_cert: yes
smtp_verify_hostname: yes
#GNUNUX
-var_dir: /srv/mailman/lib
-queue_dir: /srv/mailman/spool
-log_dir: /var/log/mailman
+#lmtp_host: 127.0.0.1
+lmtp_host: %%ip_eth0
#
-
+
diff --git a/seed/mariadb/dictionaries/20_mariadb.xml b/seed/mariadb/dictionaries/20_mariadb.xml
index a035d51..e125dbb 100644
--- a/seed/mariadb/dictionaries/20_mariadb.xml
+++ b/seed/mariadb/dictionaries/20_mariadb.xml
@@ -6,7 +6,7 @@
/etc/my.cnf.d/risotto.cnf
/tmpfiles.d/0mariadb.conf
/etc/mariadb.sql
- /tests/mariadb.yml
+ /tests/mariadb.yml
diff --git a/seed/nextcloud/dictionaries/31_nextcloud.xml b/seed/nextcloud/dictionaries/31_nextcloud.xml
index 26e5a2e..c93e76c 100644
--- a/seed/nextcloud/dictionaries/31_nextcloud.xml
+++ b/seed/nextcloud/dictionaries/31_nextcloud.xml
@@ -3,7 +3,7 @@
-
+
/etc/nextcloud/config.php
/sbin/nextcloud.init
/etc/httpd/conf.d/a-nextcloud-access.conf
diff --git a/seed/nextcloud/manual/image/postinstall/nextcloud.sh b/seed/nextcloud/manual/image/postinstall/nextcloud.sh
index 4bc4832..ae2b060 100644
--- a/seed/nextcloud/manual/image/postinstall/nextcloud.sh
+++ b/seed/nextcloud/manual/image/postinstall/nextcloud.sh
@@ -1,6 +1,7 @@
-ln -s "$IMAGE_NAME_RISOTTO_IMAGE_DIR/srv/nextcloud/data" "/var/lib/risotto/images/nextcloud//usr/share/nextcloud/data"
-mkdir -p "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/local/share/nextcloud/apps"
-cd "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/local/share/nextcloud/apps"
+CALENDAR="3.5.2"
+ln -s "/srv/nextcloud/data" "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/share/nextcloud/data"
+mkdir -p "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/local/share/nextcloud/apps"
+cd "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/local/share/nextcloud/apps"
#user_saml=$(wget https://api.github.com/repos/nextcloud/user_saml/releases/latest -q -O - | jq -r '.assets[0].browser_download_url')
app=$(wget https://api.github.com/repos/pulsejet/nextcloud-oidc-login/releases/latest -q -O - | jq -r '.assets[0].browser_download_url')
wget -q $app
@@ -8,20 +9,21 @@ tar xf *tar.gz
rm -f *tar.gz
chown -R root: oidc_login
#
-app=$(wget https://api.github.com/repos/nextcloud-releases/calendar/releases/latest -q -O - | jq -r '.assets[0].browser_download_url')
+#app=$(wget https://api.github.com/repos/nextcloud-releases/calendar/releases/latest -q -O - | jq -r '.assets[0].browser_download_url')
+app="https://github.com/nextcloud-releases/calendar/releases/download/v${CALENDAR}/calendar-v${CALENDAR}.tar.gz"
wget -q $app -O app.tar.gz
tar xf app.tar.gz
rm -f app.tar.gz
chown -R root: calendar
#
-app=$(wget https://api.github.com/repos/nextcloud-releases/contacts/releases/latest -q -O - | jq -r '.assets[0].browser_download_url')
+#app=$(wget https://api.github.com/repos/nextcloud-releases/contacts/releases/latest -q -O - | jq -r '.assets[0].browser_download_url')
app=https://github.com/nextcloud-releases/contacts/releases/download/v4.2.2/contacts-v4.2.2.tar.gz
wget -q $app -O app.tar.gz
tar xf app.tar.gz
rm -f app.tar.gz
chown -R root: contacts
#
-app=$(wget https://api.github.com/repos/nextcloud/notes/releases/latest -q -O - | jq -r '.assets[0].browser_download_url')
+#app=$(wget https://api.github.com/repos/nextcloud/notes/releases/latest -q -O - | jq -r '.assets[0].browser_download_url')
app=https://github.com/nextcloud/notes/releases/download/v4.5.1/notes.tar.gz
wget -q $app -O app.tar.gz
tar xf app.tar.gz
diff --git a/seed/nginx-common/dictionaries/21_nginx.xml b/seed/nginx-common/dictionaries/21_nginx.xml
index 210676f..ec67a93 100644
--- a/seed/nginx-common/dictionaries/21_nginx.xml
+++ b/seed/nginx-common/dictionaries/21_nginx.xml
@@ -24,7 +24,7 @@
False
-
+
/usr/share/nginx/html
diff --git a/seed/nginx-https/templates/nginx.crt b/seed/nginx-https/templates/nginx.crt
index 9a43000..cec8489 100644
--- a/seed/nginx-https/templates/nginx.crt
+++ b/seed/nginx-https/templates/nginx.crt
@@ -1,2 +1,3 @@
+%set %%chain = %%get_chain(%%domain_name_eth0, %%revprox_client_server_domainname, 'InternalReverseProxy', hide=%%hide_secret)
%%get_certificate(%%domain_name_eth0, authority_cn=%%revprox_client_server_domainname, authority_name='InternalReverseProxy', type="server", hide=%%hide_secret)
-%%get_chain(%%revprox_client_server_domainname, 'InternalReverseProxy', hide=%%hide_secret)
+%%chain
diff --git a/seed/nginx-reverse-proxy/dictionaries/25_nginx.xml b/seed/nginx-reverse-proxy/dictionaries/25_nginx.xml
index e4aa369..2713401 100644
--- a/seed/nginx-reverse-proxy/dictionaries/25_nginx.xml
+++ b/seed/nginx-reverse-proxy/dictionaries/25_nginx.xml
@@ -2,7 +2,7 @@
-
+
/etc/nginx/conf.d/options-rp.conf
/etc/nginx/sites-enabled/risotto.conf
nginx.nginx_certificate_filename
diff --git a/seed/nginx-reverse-proxy/extras/nginx/00-nginx.xml b/seed/nginx-reverse-proxy/extras/nginx/00-nginx.xml
index c80da86..b68dcb3 100644
--- a/seed/nginx-reverse-proxy/extras/nginx/00-nginx.xml
+++ b/seed/nginx-reverse-proxy/extras/nginx/00-nginx.xml
@@ -7,7 +7,7 @@
-
+
@@ -36,5 +36,9 @@
True
nginx.nginx_private_key_filename
+
+ nginx.remotes
+ nginx_default
+
diff --git a/seed/nginx-reverse-proxy/templates/ca_HTTP.crt b/seed/nginx-reverse-proxy/templates/ca_HTTP.crt
index dcbc3aa..13cfeea 100644
--- a/seed/nginx-reverse-proxy/templates/ca_HTTP.crt
+++ b/seed/nginx-reverse-proxy/templates/ca_HTTP.crt
@@ -1,3 +1,3 @@
%for %%idx in %%range(%%len(%%zones_list))
-%%get_chain(authority_cn=%%getVar('domain_name_eth' + %%str(%%idx)), authority_name="HTTP", hide=%%hide_secret)
+%%get_chain(cn=%%getVar('domain_name_eth' + %%str(%%idx)), authority_cn=%%getVar('domain_name_eth' + %%str(%%idx)), authority_name="HTTP", hide=%%hide_secret)
%end for
diff --git a/seed/nginx-reverse-proxy/templates/ca_InternalReverseProxy.crt b/seed/nginx-reverse-proxy/templates/ca_InternalReverseProxy.crt
index 0342bde..69445ab 100644
--- a/seed/nginx-reverse-proxy/templates/ca_InternalReverseProxy.crt
+++ b/seed/nginx-reverse-proxy/templates/ca_InternalReverseProxy.crt
@@ -1,3 +1,3 @@
%for %%idx in %%range(%%len(%%zones_list))
-%%get_chain(authority_cn=%%getVar('domain_name_eth' + %%str(%%idx)), authority_name="InternalReverseProxy", hide=%%hide_secret)
+%%get_chain(cn=%%getVar('domain_name_eth' + %%str(%%idx)), authority_cn=%%getVar('domain_name_eth' + %%str(%%idx)), authority_name="InternalReverseProxy", hide=%%hide_secret)
%end for
diff --git a/seed/nginx-reverse-proxy/templates/certificate.crt b/seed/nginx-reverse-proxy/templates/certificate.crt
index f604de8..c3df7f2 100644
--- a/seed/nginx-reverse-proxy/templates/certificate.crt
+++ b/seed/nginx-reverse-proxy/templates/certificate.crt
@@ -1 +1,2 @@
+%set %%chain=%%get_chain(cn=%%rougail_variable, authority_cn=%%domain_name_eth0, authority_name="External", hide=%%hide_secret)
%%get_certificate(cn=%%rougail_variable, authority_cn=%%domain_name_eth0, authority_name='External', hide=%%hide_secret)
diff --git a/seed/nginx-reverse-proxy/templates/nginx.crt b/seed/nginx-reverse-proxy/templates/nginx.crt
index de2a8a1..f56de4f 100644
--- a/seed/nginx-reverse-proxy/templates/nginx.crt
+++ b/seed/nginx-reverse-proxy/templates/nginx.crt
@@ -1,2 +1,3 @@
+%set %%chain = %%get_chain(cn=%%nginx_default, authority_cn=%%domain_name_eth0, authority_name='HTTP', hide=%%hide_secret)
%%get_certificate(%%nginx_default, authority_cn=%%domain_name_eth0, authority_name='HTTP', type="server", hide=%%hide_secret)
-%%get_chain(%%nginx_default, 'HTTP', hide=%%hide_secret)
+%%chain
diff --git a/seed/nginx-reverse-proxy/templates/revprox-nginx.conf b/seed/nginx-reverse-proxy/templates/revprox-nginx.conf
index 0f48e77..a96adb5 100644
--- a/seed/nginx-reverse-proxy/templates/revprox-nginx.conf
+++ b/seed/nginx-reverse-proxy/templates/revprox-nginx.conf
@@ -45,6 +45,8 @@ server {
proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
proxy_ssl_session_reuse on;
+ # SNI support
+ proxy_ssl_server_name on;
%set %%maxbody = %%rp_domainname['revprox_max_body_size_' + %%family]
%if %%maxbody
client_max_body_size %%maxbody;
diff --git a/seed/nsd/dictionaries/20_nsd.xml b/seed/nsd/dictionaries/20_nsd.xml
index eb7c213..20d49b5 100644
--- a/seed/nsd/dictionaries/20_nsd.xml
+++ b/seed/nsd/dictionaries/20_nsd.xml
@@ -45,6 +45,7 @@
ip_dns
+ zones
nsd_allowed_client
nsd_allowed_client_ip
@@ -60,10 +61,13 @@
nsd_allowed_all_client
+ zones
nsd_resolver
nsd_resolve_ip
+ zones_list
+ zones
nsd_zones
@@ -101,7 +105,9 @@
nsd_reverse_filenames_signed
+ zones
network
+ zones_list
nsd_reverse_network
diff --git a/seed/nsd/extras/nsd/00_nsd.xml b/seed/nsd/extras/nsd/00_nsd.xml
index 16228ba..846c9cd 100644
--- a/seed/nsd/extras/nsd/00_nsd.xml
+++ b/seed/nsd/extras/nsd/00_nsd.xml
@@ -16,11 +16,13 @@
+ zones
host
nsd.nsd_zone_.hostname_.hostname_
+ zones
ip
diff --git a/seed/nsd/funcs/funcs.py b/seed/nsd/funcs/funcs.py
index 387743a..31582bb 100644
--- a/seed/nsd/funcs/funcs.py
+++ b/seed/nsd/funcs/funcs.py
@@ -8,8 +8,6 @@ from shutil import rmtree as _rmtree, copy2 as _copy2
from glob import glob as _glob
from filecmp import cmp as _cmp
-from risotto.utils import DOMAINS as _DOMAINS
-
_PKI_DIR = _abspath('pki/dnssec')
_ALGO = 'ECDSAP256SHA256'
@@ -106,8 +104,8 @@ def sign(zone_filename: str,
copy_file = _join(_PKI_DIR, cn, authority_cn, _basename(zone_filename))
signed_filename = f'{copy_file}.signed'
if not _isfile(copy_file) or not _cmp(zone_filename, copy_file):
- _copy2(zone_filename, copy_file)
zsk, ksk = _gen_keys(cn, authority_cn)
+ _copy2(zone_filename, copy_file)
cmd = ['ldns-signzone', '-n', zone_filename, zsk, ksk]
proc = _run(cmd, capture_output=True)
if proc.returncode != 0:
@@ -123,12 +121,20 @@ def sign(zone_filename: str,
return content
-def get_internal_info_in_zone(zone: str,
+def get_internal_info_in_zone(zones: list,
+ domain_name: str,
type: str,
index: int=None,
) -> _List[str]:
- if zone not in _DOMAINS:
+ for zone in zones.values():
+ if domain_name == zone['domain_name']:
+ break
+ else:
return []
if type == 'host':
- return list(_DOMAINS[zone][0])
- return _DOMAINS[zone][1][index]
+ return list(zone['hosts'])
+ return list(zone['hosts'].values())[index]
+
+
+def get_internal_zones(zones_name, zones) -> _List[str]:
+ return [zone['domain_name'] for zone_name, zone in zones.items() if zone_name in zones_name]
diff --git a/seed/nsd/templates/nsd.yml b/seed/nsd/templates/nsd.yml
index 8da8c98..ac42006 100644
--- a/seed/nsd/templates/nsd.yml
+++ b/seed/nsd/templates/nsd.yml
@@ -3,10 +3,10 @@ records:
%for %%domain in %%nsd_zones
%set %%suffix = %%normalize_family(%%domain)
%set %%hostnames = %%nsd["nsd_zone_" + %%suffix]["hostname_" + %%suffix]["hostname_" + %%suffix]
- %for %%nsd in %%hostnames
- %set %%type = %%nsd['type_' + %%suffix]
+ %for %%hostname in %%hostnames
+ %set %%type = %%hostname['type_' + %%suffix]
%if %%type == 'A'
- %%{nsd}.%%domain: '%%nsd['ip_' + %%suffix]'
+ %%{hostname}.%%domain: '%%hostname['ip_' + %%suffix]'
%end if
%end for
%end for
diff --git a/seed/oauth2-client/dictionaries/30_oauth2_client.xml b/seed/oauth2-client/dictionaries/30_oauth2_client.xml
index 80a28a6..c7a87e1 100644
--- a/seed/oauth2-client/dictionaries/30_oauth2_client.xml
+++ b/seed/oauth2-client/dictionaries/30_oauth2_client.xml
@@ -1,7 +1,7 @@
-
+
diff --git a/seed/oauth2-client/templates/oauth2-client.service b/seed/oauth2-client/templates/oauth2-client.service
index c2bb776..775aeb1 100644
--- a/seed/oauth2-client/templates/oauth2-client.service
+++ b/seed/oauth2-client/templates/oauth2-client.service
@@ -4,4 +4,4 @@ Before=risotto.target
[Service]
Type=oneshot
-ExecStart=/usr/bin/timeout 90 bash -c 'while ! [ "$(/usr/bin/curl --write-out '%{http_code}' --silent --output /dev/null https://%%oauth2_client_server_domainname/.well-known/openid-configuration)" = 200 ]; do sleep 1; done;'
+ExecStart=/usr/bin/timeout 90 bash -c 'while ! [ "$(/usr/bin/curl --write-out '%{http_code}' --silent --output /dev/null https://%%oauth2_client_server_domainname/.well-known/openid-configuration)" = 200 ]; do /usr/bin/curl https://%%oauth2_client_server_domainname/.well-known/openid-configuration; sleep 1; done;'
diff --git a/seed/odoo/dictionaries/40_odoo.xml b/seed/odoo/dictionaries/40_odoo.xml
index bf103ad..17461e9 100644
--- a/seed/odoo/dictionaries/40_odoo.xml
+++ b/seed/odoo/dictionaries/40_odoo.xml
@@ -4,7 +4,7 @@
/sysusers.d/1odoo.conf
- /tmpfiles.d/0odoo.conf
+ /tmpfiles.d/0odoo.conf
/sbin/config_odoo.py
/etc/odoo/odoo.conf
/etc/odoo/postgresql.pass
diff --git a/seed/odoo/manual/image/postinstall/odoo.sh b/seed/odoo/manual/image/postinstall/odoo.sh
index 8ff5579..3925932 100644
--- a/seed/odoo/manual/image/postinstall/odoo.sh
+++ b/seed/odoo/manual/image/postinstall/odoo.sh
@@ -2,16 +2,16 @@ set -e
ODOO_VERSION="16.0"
WKHTML_VERSION="0.12.6.1-2"
#curl http://nightly.odoo.com/${ODOO_VERSION}/nightly/rpm/odoo_${ODOO_VERSION}.latest.rpm -o odoo_${ODOO_VERSION}.latest.rpm
-#OPT=$(dnf_opt_base "$IMAGE_NAME_RISOTTO_IMAGE_DIR")
+#OPT=$(dnf_opt_base "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP")
#dnf --assumeyes $OPT localinstall odoo_${ODOO_VERSION}.latest.rpm
#rm -f odoo_${ODOO_VERSION}.latest.rpm
-mv $IMAGE_NAME_RISOTTO_IMAGE_DIR/etc/resolv.conf /tmp
-echo "nameserver 9.9.9.9" > $IMAGE_NAME_RISOTTO_IMAGE_DIR/etc/resolv.conf
+mv $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/etc/resolv.conf /tmp
+echo "nameserver 9.9.9.9" > $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/etc/resolv.conf
WKHTML_PKG=wkhtmltox_$WKHTML_VERSION.bullseye_amd64.deb
-curl https://nightly.odoo.com/odoo.key -o "$IMAGE_NAME_RISOTTO_IMAGE_DIR/odoo.key"
-curl -L "https://github.com/wkhtmltopdf/packaging/releases/download/$WKHTML_VERSION/$WKHTML_PKG" -o "$IMAGE_NAME_RISOTTO_IMAGE_DIR/$WKHTML_PKG"
+curl https://nightly.odoo.com/odoo.key -o "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/odoo.key"
+curl -L "https://github.com/wkhtmltopdf/packaging/releases/download/$WKHTML_VERSION/$WKHTML_PKG" -o "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/$WKHTML_PKG"
echo """#!/bin/bash -xe
cat /odoo.key | apt-key add -
rm /odoo.key
@@ -21,16 +21,16 @@ apt install --no-install-recommends -y odoo
dpkg -i /"$WKHTML_PKG" || true
rm -f /"$WKHTML_PKG"
apt -f install -y
-""" > $IMAGE_NAME_RISOTTO_IMAGE_DIR/install.sh
-chmod 755 $IMAGE_NAME_RISOTTO_IMAGE_DIR/install.sh
-chroot $IMAGE_NAME_RISOTTO_IMAGE_DIR /install.sh
+""" > $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/install.sh
+chmod 755 $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/install.sh
+chroot $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP /install.sh
-sed -i "s/'postgres'/odoo.tools.config['db_name']/g" $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/python3/dist-packages/odoo/service/server.py
-sed -i "s/'postgres'/odoo.tools.config['db_name']/g" $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/python3/dist-packages/odoo/service/db.py
-sed -i "s/'postgres'/odoo.tools.config['db_name']/g" $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/python3/dist-packages/odoo/addons/bus/models/bus.py
-sed -i "s/'postgres'/odoo.tools.config['db_name']/g" $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/python3/dist-packages/odoo/addons/base/models/ir_cron.py
-sed -i "s@ldap://@ldaps://@g" $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/python3/dist-packages/odoo/addons/auth_ldap/models/res_company_ldap.py
-mv -f /tmp/resolv.conf $IMAGE_NAME_RISOTTO_IMAGE_DIR/etc/resolv.conf
+sed -i "s/'postgres'/odoo.tools.config['db_name']/g" $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/python3/dist-packages/odoo/service/server.py
+sed -i "s/'postgres'/odoo.tools.config['db_name']/g" $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/python3/dist-packages/odoo/service/db.py
+sed -i "s/'postgres'/odoo.tools.config['db_name']/g" $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/python3/dist-packages/odoo/addons/bus/models/bus.py
+sed -i "s/'postgres'/odoo.tools.config['db_name']/g" $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/python3/dist-packages/odoo/addons/base/models/ir_cron.py
+sed -i "s@ldap://@ldaps://@g" $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/python3/dist-packages/odoo/addons/auth_ldap/models/res_company_ldap.py
+mv -f /tmp/resolv.conf $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/etc/resolv.conf
set +e
diff --git a/seed/openldap/dictionaries/21_openldap-server.xml b/seed/openldap/dictionaries/21_openldap-server.xml
index 29dfa49..154f28a 100644
--- a/seed/openldap/dictionaries/21_openldap-server.xml
+++ b/seed/openldap/dictionaries/21_openldap-server.xml
@@ -9,8 +9,8 @@
/var/lib/ldap/DB_CONFIG
/secrets/users.ldif
/secrets/users_mod.ldif
- /secrets/config.ldif
- /secrets/config_acl.ldif
+ /etc/ldap/secrets/config.ldif
+ /etc/ldap/secrets/config_acl.ldif
/secrets/admin_ldap.pwd
/sysusers.d/risotto-openldap.conf
/tmpfiles.d/0openldap-server.conf
diff --git a/seed/openldap/manual/image/postinstall/openldap_server.sh b/seed/openldap/manual/image/postinstall/openldap_server.sh
index c025a65..877e603 100644
--- a/seed/openldap/manual/image/postinstall/openldap_server.sh
+++ b/seed/openldap/manual/image/postinstall/openldap_server.sh
@@ -1 +1 @@
-rm -rf "$IMAGE_NAME_RISOTTO_IMAGE_DIR/etc/openldap/slapd.d/"
+rm -rf "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/etc/openldap/slapd.d/"
diff --git a/seed/openldap/templates/slapd.service b/seed/openldap/templates/slapd.service
index 8a3c056..4b9a639 100644
--- a/seed/openldap/templates/slapd.service
+++ b/seed/openldap/templates/slapd.service
@@ -1,10 +1,10 @@
[Service]
ExecStartPre=
-ExecStartPre=-/usr/sbin/slapadd -F /etc/openldap/slapd.d -v -b cn=config -l /usr/local/lib/secrets/config.ldif
+ExecStartPre=-/usr/sbin/slapadd -F /etc/openldap/slapd.d -v -b cn=config -l /etc/ldap/secrets/config.ldif
%for %%schema in %%ldap_schemas
ExecStartPre=-/usr/sbin/slapadd -F /etc/openldap/slapd.d -v -b cn=config -l %%schema
%end for
-ExecStartPre=-/usr/sbin/slapadd -F /etc/openldap/slapd.d -c -v -l /usr/local/lib/secrets/users.ldif
+ExecStartPre=-/usr/sbin/slapadd -F /etc/openldap/slapd.d -c -v -l /etc/ldap/secrets/users.ldif
User=ldap
Group=ldap
ExecStart=
@@ -12,5 +12,5 @@ ExecStart=
ExecStart=+/usr/sbin/slapd -u ldap -h ldaps:///
#waiting for ldap server...
ExecStartPost=/usr/bin/timeout 90 bash -c 'while ! 3<> /dev/tcp/localhost/%%ldap_port; do sleep 1; done'
-ExecStartPost=-/usr/bin/ldapmodify -D %%ldapclient_user -y /usr/local/lib/secrets/admin_ldap.pwd -v -f /usr/local/lib/secrets/config_acl.ldif
-ExecStartPost=-/usr/bin/ldapmodify -D %%ldapclient_user -y /usr/local/lib/secrets/admin_ldap.pwd -v -f /usr/local/lib/secrets/users_mod.ldif
+ExecStartPost=+-/usr/bin/ldapmodify -D %%ldapclient_user -y /usr/local/lib/secrets/admin_ldap.pwd -v -f /usr/local/lib/secrets/config_acl.ldif
+ExecStartPost=+-/usr/bin/ldapmodify -D %%ldapclient_user -y /usr/local/lib/secrets/admin_ldap.pwd -v -f /usr/local/lib/secrets/users_mod.ldif
diff --git a/seed/peertube/dictionaries/30_peertube.xml b/seed/peertube/dictionaries/30_peertube.xml
index 490afba..32e85b9 100644
--- a/seed/peertube/dictionaries/30_peertube.xml
+++ b/seed/peertube/dictionaries/30_peertube.xml
@@ -49,6 +49,8 @@
/usr/share/peertube
+
+
/
diff --git a/seed/peertube/manual/image/postinstall/peertube.sh b/seed/peertube/manual/image/postinstall/peertube.sh
index b8e6d45..a5492f7 100644
--- a/seed/peertube/manual/image/postinstall/peertube.sh
+++ b/seed/peertube/manual/image/postinstall/peertube.sh
@@ -1,5 +1,5 @@
-mkdir -p "$IMAGE_NAME_RISOTTO_IMAGE_DIR/proc/self/"
-cat /proc/self/stat > "$IMAGE_NAME_RISOTTO_IMAGE_DIR/proc/self/stat"
+mkdir -p "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/proc/self/"
+cat /proc/self/stat > "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/proc/self/stat"
PLUGINS_DIR=/usr/share/peertube_plugins
echo """#!/bin/bash
set -ex
@@ -15,13 +15,13 @@ chown peertube: "\$PLUGINS_DIR/data/peertube-plugin-auth-openid-connect"
rm -f /etc/resolv.conf
mv /tmp/resolv.conf /etc
-""" > "$IMAGE_NAME_RISOTTO_IMAGE_DIR/install.sh"
-chmod +x "$IMAGE_NAME_RISOTTO_IMAGE_DIR/install.sh"
-chroot "$IMAGE_NAME_RISOTTO_IMAGE_DIR" /install.sh
-rm "$IMAGE_NAME_RISOTTO_IMAGE_DIR/proc/self/stat"
-rmdir "$IMAGE_NAME_RISOTTO_IMAGE_DIR/proc/self/"
+""" > "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/install.sh"
+chmod +x "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/install.sh"
+chroot "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP" /install.sh
+rm "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/proc/self/stat"
+rmdir "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/proc/self/"
-rm -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR/install.sh"
-cd "$IMAGE_NAME_RISOTTO_IMAGE_DIR$PLUGINS_DIR/.."
+rm -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/install.sh"
+cd "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP$PLUGINS_DIR/.."
#patch -p0 < "$IMAGE_DIR_RECIPIENT_IMAGE/postinstall/peertube.patch"
cd -
diff --git a/seed/php-fpm/templates/php-fpm.conf b/seed/php-fpm/templates/php-fpm.conf
index 1532ebf..a198b02 100644
--- a/seed/php-fpm/templates/php-fpm.conf
+++ b/seed/php-fpm/templates/php-fpm.conf
@@ -137,3 +137,4 @@ daemonize = yes
; FPM can handle. Your system will tell you anyway :)
; See /etc/php-fpm.d/*.conf
+
diff --git a/seed/php-fpm/templates/www.conf b/seed/php-fpm/templates/www.conf
index 7a31528..4234882 100644
--- a/seed/php-fpm/templates/www.conf
+++ b/seed/php-fpm/templates/www.conf
@@ -448,10 +448,13 @@ php_admin_flag[log_errors] = on
; See warning about choosing the location of these directories on your system
; at http://php.net/session.save-path
;GNUNUX
php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache
;php_value[opcache.file_cache] = /var/lib/php/opcache
diff --git a/seed/php/dictionaries/20_php.xml b/seed/php/dictionaries/20_php.xml
index d985cec..7246925 100644
--- a/seed/php/dictionaries/20_php.xml
+++ b/seed/php/dictionaries/20_php.xml
@@ -7,25 +7,25 @@
-
+
32
-
+
16
-
+
30
-
+
60
-
+
512
False
-
+
3600
diff --git a/seed/php/templates/php.ini b/seed/php/templates/php.ini
index cb876f4..b1015ba 100644
--- a/seed/php/templates/php.ini
+++ b/seed/php/templates/php.ini
@@ -1266,11 +1266,14 @@ browscap = /etc/php/extra/browscap.ini
; Handler used to store/retrieve data.
; https://php.net/session.save-handler
;>GNUNUX
-; session.save_handler = files
+%if not %%getVar('redis_client_server_domainname', None)
+session.save_handler = files
+%else
session.save_handler = redis
session.save_path = "tcp://%%redis_client_server_domainname:6379?auth[user]=%%redis_client_username&auth[pass]=%%redis_client_password"
;GNUNUX https://github.com/phpredis/phpredis/issues/2062
;session.save_path = "tls://%%redis_client_server_domainname:6379?auth[user]=%%redis_client_username&auth[pass]=%%redis_client_password&stream[verify_peer]=1&stream[cafile]=/etc/pki/ca-trust/source/anchors/ca_Redis.crt&stream[local_cert]=/etc/pki/tls/certs/redis.crt&stream[local_pk]=/etc/pki/tls/private/redis.key"
+%end if
;
-
+
/tmpfiles.d/0piwigo.conf
/etc/piwigo/config.inc.php
/etc/piwigo/database.inc.php
@@ -13,11 +13,11 @@
-
+
Album photographique
-
+
diff --git a/seed/piwigo/manual/image/postinstall/piwigo.sh b/seed/piwigo/manual/image/postinstall/piwigo.sh
index f4f898d..36ea056 100644
--- a/seed/piwigo/manual/image/postinstall/piwigo.sh
+++ b/seed/piwigo/manual/image/postinstall/piwigo.sh
@@ -1,7 +1,15 @@
set -e
+
+gdthumb=7848
+rv_tscroller=8014
+openidconnect=7744
+community=8160 # FIXME translation already needed?
+embedded_videos=7924
+bootstrap_darkroom=8261
+
ORIPWD=$PWD
-mkdir -p "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/local/share"
-cd "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/local/share"
+mkdir -p "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/local/share"
+cd "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/local/share"
app=$(wget https://api.github.com/repos/Piwigo/Piwigo/releases/latest -q -O - | jq -r '.tag_name')
wget -q "https://github.com/Piwigo/Piwigo/archive/refs/tags/$app.tar.gz"
tar xf *tar.gz
@@ -20,11 +28,11 @@ patch -p0 < $IMAGE_DIR_RECIPIENT_IMAGE/postinstall/piwigo.patch
cp $IMAGE_DIR_RECIPIENT_IMAGE/postinstall/piwigo_cli.php piwigo/
# Plugins
cd piwigo/plugins
-wget https://piwigo.org/ext/download.php?rid=7848 -O plugin.zip
+wget https://piwigo.org/ext/download.php?rid=$gdthumb -O plugin.zip
unzip plugin.zip
rm -f plugin.zip
#
-wget https://piwigo.org/ext/download.php?rid=8014 -O plugin.zip
+wget https://piwigo.org/ext/download.php?rid=$rv_tscroller -O plugin.zip
unzip plugin.zip
rm -f plugin.zip
#
@@ -34,15 +42,14 @@ tar xf *tar.gz
rm -f *tar.gz
mv piwigo-openstreetmap-* piwigo-openstreetmap
#
-wget https://piwigo.org/ext/download.php?rid=7744 -O plugin.zip
+wget https://piwigo.org/ext/download.php?rid=$openidconnect -O plugin.zip
unzip plugin.zip
rm -f plugin.zip
# community
-wget https://piwigo.org/ext/download.php?rid=8160 -O plugin.zip
+wget https://piwigo.org/ext/download.php?rid=$community -O plugin.zip
unzip plugin.zip
rm -f plugin.zip
echo """
""" >> community/language/fr_FR/plugin.lang.php
# embedded
-wget https://fr.piwigo.org/ext/download.php?rid=7924 -O plugin.zip
+wget https://fr.piwigo.org/ext/download.php?rid=$embedded_videos -O plugin.zip
unzip plugin.zip
rm -f plugin.zip
# user delete photo
@@ -64,7 +71,7 @@ rm -f plugin.zip
#rm -f plugin.zip
# Theme
cd ../themes/
-wget https://piwigo.org/ext/download.php?rid=8163 -O plugin.zip
+wget https://piwigo.org/ext/download.php?rid=$bootstrap_darkroom -O plugin.zip
unzip plugin.zip
rm -f plugin.zip
ln -s /srv/piwigo/bootstrap_darkroom ../local/bootstrap_darkroom
diff --git a/seed/postfix-relay/dictionaries/30_postfix.xml b/seed/postfix-relay/dictionaries/30_postfix.xml
index eb8258b..65226aa 100644
--- a/seed/postfix-relay/dictionaries/30_postfix.xml
+++ b/seed/postfix-relay/dictionaries/30_postfix.xml
@@ -46,6 +46,7 @@
+
@@ -70,5 +71,10 @@
True
postfix_pem_files
+
+ zones
+
+ postfix_relay_ip_
+
diff --git a/seed/postfix-relay/templates/ca_MailServer.crt b/seed/postfix-relay/templates/ca_MailServer.crt
index 13b8d62..6eef509 100644
--- a/seed/postfix-relay/templates/ca_MailServer.crt
+++ b/seed/postfix-relay/templates/ca_MailServer.crt
@@ -1 +1 @@
-%%get_chain(authority_cn=%%domain_name_eth0, authority_name="MailServer", hide=%%hide_secret)
+%%get_chain(cn=%%domain_name_eth0, authority_cn=%%domain_name_eth0, authority_name="MailServer", hide=%%hide_secret)
diff --git a/seed/postfix-relay/templates/postfix.service b/seed/postfix-relay/templates/postfix.service
index bf6a4ed..c38325e 100644
--- a/seed/postfix-relay/templates/postfix.service
+++ b/seed/postfix-relay/templates/postfix.service
@@ -4,7 +4,7 @@ ExecStartPre=/usr/sbin/postmap -F /etc/postfix/sni
%for %%local in %%postfix_relay_authentifications
%set %%user = %%normalize_family(%%local)
%set %%password = %%getVar('local_authentification_password_' + %%user)
- %set %%ip = %%get_ip(%%local)
+ %set %%ip = %%getVar('postfix_relay_ip_' + %%user)
ExecStartPre=-/usr/bin/bash -c "echo %%password | /usr/sbin/saslpasswd2 -u %%ip %%user -p"
%end for
ExecStartPre=/usr/bin/chown postfix: /etc/sasl2/sasldb2
diff --git a/seed/postfix-relay/templates/sni.pem b/seed/postfix-relay/templates/sni.pem
index 92fdfd2..beb29d0 100644
--- a/seed/postfix-relay/templates/sni.pem
+++ b/seed/postfix-relay/templates/sni.pem
@@ -1,4 +1,4 @@
-%set %%chain = %%get_chain(authority_cn=%%rougail_variable, authority_name="MailRelay", hide=%%hide_secret)
+%set %%chain = %%get_chain(cn=%%rougail_variable, authority_cn=%%rougail_variable, authority_name="MailRelay", hide=%%hide_secret)
%set %%cert = %%get_certificate(cn=%%rougail_variable, authority_name='MailRelay', hide=%%hide_secret)
%%get_private_key(cn=%%rougail_variable, authority_name='MailRelay', hide=%%hide_secret)
%%cert
diff --git a/seed/postgresql-client/dictionaries/23_postgresql.xml b/seed/postgresql-client/dictionaries/23_postgresql.xml
index 9bdf204..5b90f9c 100644
--- a/seed/postgresql-client/dictionaries/23_postgresql.xml
+++ b/seed/postgresql-client/dictionaries/23_postgresql.xml
@@ -1,7 +1,7 @@
-
+
/secrets/postgresql.pass
pg_client_ca_file
pg_client_crt_file
@@ -11,11 +11,11 @@
-
+
-
+
apache
diff --git a/seed/postgresql-client/templates/ca_PostgreSQL.crt b/seed/postgresql-client/templates/ca_PostgreSQL.crt
index 72b8123..ecac9e5 100644
--- a/seed/postgresql-client/templates/ca_PostgreSQL.crt
+++ b/seed/postgresql-client/templates/ca_PostgreSQL.crt
@@ -1,2 +1,2 @@
-%%get_chain(authority_cn=%%pg_client_server_domainname, authority_name="PostgreSQL", hide=%%hide_secret)
+%%get_chain(cn=%%domain_name_eth0, authority_cn=%%pg_client_server_domainname, authority_name="PostgreSQL", hide=%%hide_secret)
diff --git a/seed/postgresql/dictionaries/22_postgresql.xml b/seed/postgresql/dictionaries/22_postgresql.xml
index b9a67c8..0caea0c 100644
--- a/seed/postgresql/dictionaries/22_postgresql.xml
+++ b/seed/postgresql/dictionaries/22_postgresql.xml
@@ -14,7 +14,7 @@
/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt
/etc/pki/tls/certs/postgresql.crt
/etc/pki/tls/private/postgresql.key
- /tests/postgresql.yml
+ /tests/postgresql.yml
@@ -68,7 +68,7 @@
MB
kB
-
+
4
diff --git a/seed/postgresql/extras/accounts/00_accounts.xml b/seed/postgresql/extras/accounts/00_accounts.xml
index 66111a8..ba80501 100644
--- a/seed/postgresql/extras/accounts/00_accounts.xml
+++ b/seed/postgresql/extras/accounts/00_accounts.xml
@@ -9,6 +9,7 @@
+ zones
accounts.remote_.remote_ip_
diff --git a/seed/postgresql/templates/ca_PostgreSQL.crt b/seed/postgresql/templates/ca_PostgreSQL.crt
index 4abf995..8c8c9cf 100644
--- a/seed/postgresql/templates/ca_PostgreSQL.crt
+++ b/seed/postgresql/templates/ca_PostgreSQL.crt
@@ -1 +1 @@
-%%get_chain(authority_cn=%%domain_name_eth0, authority_name="PostgreSQL", hide=%%hide_secret)
+%%get_chain(cn=%%domain_name_eth0, authority_cn=%%domain_name_eth0, authority_name="PostgreSQL", hide=%%hide_secret)
diff --git a/seed/provider-systemd-machined/dictionaries/10-machined.xml b/seed/provider-systemd-machined/dictionaries/10-machined.xml
index 0519f9b..267173a 100644
--- a/seed/provider-systemd-machined/dictionaries/10-machined.xml
+++ b/seed/provider-systemd-machined/dictionaries/10-machined.xml
@@ -1,7 +1,7 @@
-
+
diff --git a/seed/provider-systemd-machined/dictionaries/16-machined.xml b/seed/provider-systemd-machined/dictionaries/16-machined.xml
index f241fb7..cfd4261 100644
--- a/seed/provider-systemd-machined/dictionaries/16-machined.xml
+++ b/seed/provider-systemd-machined/dictionaries/16-machined.xml
@@ -27,8 +27,8 @@
False
-
-
+
+
host
diff --git a/seed/redis-client/dictionaries/23_redis.xml b/seed/redis-client/dictionaries/23_redis.xml
index c3ab018..a5aea6f 100644
--- a/seed/redis-client/dictionaries/23_redis.xml
+++ b/seed/redis-client/dictionaries/23_redis.xml
@@ -1,7 +1,7 @@
-
+
/etc/pki/ca-trust/source/anchors/ca_Redis.crt
/etc/pki/tls/certs/redis.crt
/etc/pki/tls/private/redis.key
diff --git a/seed/redis-client/templates/ca_Redis.crt b/seed/redis-client/templates/ca_Redis.crt
index 39aadb9..eb28c6c 100644
--- a/seed/redis-client/templates/ca_Redis.crt
+++ b/seed/redis-client/templates/ca_Redis.crt
@@ -1 +1 @@
-%%get_chain(authority_cn=%%redis_client_server_domainname, authority_name="Redis", hide=%%hide_secret)
+%%get_chain(cn=%%domain_name_eth0, authority_cn=%%redis_client_server_domainname, authority_name="Redis", hide=%%hide_secret)
diff --git a/seed/redis-client/templates/redis.pem b/seed/redis-client/templates/redis.pem
index 618f1e9..8e08671 100644
--- a/seed/redis-client/templates/redis.pem
+++ b/seed/redis-client/templates/redis.pem
@@ -1,4 +1,4 @@
-%set %%ca_chain = %%get_chain(authority_cn=%%redis_client_server_domainname, authority_name="Redis", hide=%%hide_secret)
+%set %%ca_chain = %%get_chain(cn=%%domain_name_eth0, authority_cn=%%redis_client_server_domainname, authority_name="Redis", hide=%%hide_secret)
%set %%cert = %%get_certificate(cn=%%domain_name_eth0, authority_cn=%%redis_client_server_domainname, authority_name='Redis', type="client", hide=%%hide_secret)
%%get_private_key(cn=%%domain_name_eth0, authority_cn=%%redis_client_server_domainname, authority_name='Redis', type="client", hide=%%hide_secret)
%%cert
diff --git a/seed/redis/dictionaries/90_redis.xml b/seed/redis/dictionaries/90_redis.xml
index dfd0b16..0da3c8c 100644
--- a/seed/redis/dictionaries/90_redis.xml
+++ b/seed/redis/dictionaries/90_redis.xml
@@ -14,7 +14,7 @@
-
+
False
diff --git a/seed/redis/extras/account/00_account.xml b/seed/redis/extras/account/00_account.xml
index 5de6542..7009bd7 100644
--- a/seed/redis/extras/account/00_account.xml
+++ b/seed/redis/extras/account/00_account.xml
@@ -7,6 +7,7 @@
+ zones
account.remote
account.remote_ip
diff --git a/seed/redis/templates/ca_Redis.crt b/seed/redis/templates/ca_Redis.crt
index bcf1212..e1c2cee 100644
--- a/seed/redis/templates/ca_Redis.crt
+++ b/seed/redis/templates/ca_Redis.crt
@@ -1 +1 @@
-%%get_chain(authority_cn=%%domain_name_eth0, authority_name="Redis", hide=%%hide_secret)
+%%get_chain(cn=%%domain_name_eth0, authority_cn=%%domain_name_eth0, authority_name="Redis", hide=%%hide_secret)
diff --git a/seed/relay-mail-client/dictionaries/20_smtp_client.xml b/seed/relay-mail-client/dictionaries/20_smtp_client.xml
index 5fb01e0..b0fac05 100644
--- a/seed/relay-mail-client/dictionaries/20_smtp_client.xml
+++ b/seed/relay-mail-client/dictionaries/20_smtp_client.xml
@@ -8,6 +8,7 @@
+
@@ -32,5 +33,10 @@
/
smtp_ca_file
+
+ zones
+ smtp_relay_address
+ smtp_relay_ip
+
diff --git a/seed/relay-mail-client/templates/ca_MailRelay.crt b/seed/relay-mail-client/templates/ca_MailRelay.crt
index e210e25..69db9a6 100644
--- a/seed/relay-mail-client/templates/ca_MailRelay.crt
+++ b/seed/relay-mail-client/templates/ca_MailRelay.crt
@@ -1 +1 @@
-%%get_chain(%%smtp_relay_address, authority_name='MailRelay', hide=%%hide_secret)
+%%get_chain(%%domain_name_eth0, %%smtp_relay_address, authority_name='MailRelay', hide=%%hide_secret)
diff --git a/seed/reverse-proxy-client/dictionaries/21_revprox_client.xml b/seed/reverse-proxy-client/dictionaries/21_revprox_client.xml
index 723dd6e..2050b61 100644
--- a/seed/reverse-proxy-client/dictionaries/21_revprox_client.xml
+++ b/seed/reverse-proxy-client/dictionaries/21_revprox_client.xml
@@ -1,22 +1,22 @@
-
+
revprox_client_cert_file
revprox_client_key_file
revprox_client_ca_file
-
-
+
+
-
+
/
-
+
False
@@ -26,10 +26,10 @@
443
-
+
root
-
+
root
@@ -39,6 +39,7 @@
+ zones
revprox_client_server_domainname
revprox_client_server_ip
diff --git a/seed/reverse-proxy-client/templates/ca_InternalReverseProxy.crt b/seed/reverse-proxy-client/templates/ca_InternalReverseProxy.crt
index 59b5b7a..da4561d 100644
--- a/seed/reverse-proxy-client/templates/ca_InternalReverseProxy.crt
+++ b/seed/reverse-proxy-client/templates/ca_InternalReverseProxy.crt
@@ -1 +1 @@
-%%get_chain(%%revprox_client_server_domainname, authority_name='InternalReverseProxy', hide=%%hide_secret)
+%%get_chain(%%domain_name_eth0, %%revprox_client_server_domainname, authority_name='InternalReverseProxy', hide=%%hide_secret)
diff --git a/seed/reverse-proxy-client/templates/revprox.crt b/seed/reverse-proxy-client/templates/revprox.crt
index 9a43000..f6be084 100644
--- a/seed/reverse-proxy-client/templates/revprox.crt
+++ b/seed/reverse-proxy-client/templates/revprox.crt
@@ -1,2 +1,2 @@
%%get_certificate(%%domain_name_eth0, authority_cn=%%revprox_client_server_domainname, authority_name='InternalReverseProxy', type="server", hide=%%hide_secret)
-%%get_chain(%%revprox_client_server_domainname, 'InternalReverseProxy', hide=%%hide_secret)
+%%get_chain(%%domain_name_eth0, %%revprox_client_server_domainname, 'InternalReverseProxy', hide=%%hide_secret)
diff --git a/seed/roundcube/dictionaries/31_roundcube.xml b/seed/roundcube/dictionaries/31_roundcube.xml
index 6e432cf..52c6402 100644
--- a/seed/roundcube/dictionaries/31_roundcube.xml
+++ b/seed/roundcube/dictionaries/31_roundcube.xml
@@ -1,7 +1,7 @@
-
+
/etc/roundcubemail/config.inc.php
/etc/nginx/default.d/roundcubemail.conf
roundcube_config
@@ -45,6 +45,8 @@
/usr/share/roundcubemail/
+
+
diff --git a/seed/roundcube/manual/image/postinstall/roundcube.sh b/seed/roundcube/manual/image/postinstall/roundcube.sh
index ea09851..b5cf94d 100644
--- a/seed/roundcube/manual/image/postinstall/roundcube.sh
+++ b/seed/roundcube/manual/image/postinstall/roundcube.sh
@@ -2,7 +2,7 @@
echo """#!/bin/bash -e
/usr/bin/chgrp nginx /etc/roundcubemail/*
-""" > "$IMAGE_NAME_RISOTTO_IMAGE_DIR/install.sh"
-chmod +x "$IMAGE_NAME_RISOTTO_IMAGE_DIR/install.sh"
-chroot "$IMAGE_NAME_RISOTTO_IMAGE_DIR" /install.sh
-rm -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR/install.sh"
+""" > "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/install.sh"
+chmod +x "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/install.sh"
+chroot "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP" /install.sh
+rm -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/install.sh"
diff --git a/seed/roundcube/templates/ca_MailServer.crt b/seed/roundcube/templates/ca_MailServer.crt
index ab69613..e2f8fe3 100644
--- a/seed/roundcube/templates/ca_MailServer.crt
+++ b/seed/roundcube/templates/ca_MailServer.crt
@@ -1 +1 @@
-%%get_chain(%%imap_address, 'MailServer', hide=%%hide_secret)
+%%get_chain(%%imap_address, %%imap_address, 'MailServer', hide=%%hide_secret)
diff --git a/seed/speedtest-rs/dictionaries/40_speedtest-rs.xml b/seed/speedtest-rs/dictionaries/40_speedtest-rs.xml
index 3925217..09b1ec7 100644
--- a/seed/speedtest-rs/dictionaries/40_speedtest-rs.xml
+++ b/seed/speedtest-rs/dictionaries/40_speedtest-rs.xml
@@ -9,8 +9,8 @@
-
-
+
+
speedtest
diff --git a/seed/speedtest-rs/manual/image/postinstall/speedtest-rs.sh b/seed/speedtest-rs/manual/image/postinstall/speedtest-rs.sh
index 8962f59..7c347cb 100644
--- a/seed/speedtest-rs/manual/image/postinstall/speedtest-rs.sh
+++ b/seed/speedtest-rs/manual/image/postinstall/speedtest-rs.sh
@@ -1,4 +1,4 @@
-rm "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/share/speedtest-rs/index.html"
-cp "$IMAGE_DIR_RECIPIENT_IMAGE/postinstall/index.html" "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/share/speedtest-rs/index.html"
-ln -s ../../../var/lib/speedtest-rs/speedtest-rs.css "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/share/speedtest-rs/"
-ln -s ../../../var/lib/speedtest-rs/logo.png "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/share/speedtest-rs/"
+rm "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/share/speedtest-rs/index.html"
+cp "$IMAGE_DIR_RECIPIENT_IMAGE/postinstall/index.html" "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/share/speedtest-rs/index.html"
+ln -s ../../../var/lib/speedtest-rs/speedtest-rs.css "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/share/speedtest-rs/"
+ln -s ../../../var/lib/speedtest-rs/logo.png "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/share/speedtest-rs/"
diff --git a/seed/systemd/dictionaries/15-systemd.xml b/seed/systemd/dictionaries/15-systemd.xml
index deaf2e7..ea12a0b 100644
--- a/seed/systemd/dictionaries/15-systemd.xml
+++ b/seed/systemd/dictionaries/15-systemd.xml
@@ -8,21 +8,21 @@
-
+
/repart.d/50-var.conf
-
+
/repart.d/40-tmp.conf
-
+
/repart.d/60-srv.conf
-
+
/repart.d/30-swap.conf
-
-
-
+
+
+
@@ -32,7 +32,7 @@
-
+
diff --git a/seed/systemd/extras/machine/10_systemd.xml b/seed/systemd/extras/machine/10_systemd.xml
index 8e3ef89..e6af7be 100644
--- a/seed/systemd/extras/machine/10_systemd.xml
+++ b/seed/systemd/extras/machine/10_systemd.xml
@@ -1,19 +1,19 @@
-
+
1024
-
-
+
+
1024
-
-
+
+
1024
-
-
+
+
512
diff --git a/seed/systemd/manual/image/postinstall/systemd.sh b/seed/systemd/manual/image/postinstall/systemd.sh
index 685e925..339d20a 100644
--- a/seed/systemd/manual/image/postinstall/systemd.sh
+++ b/seed/systemd/manual/image/postinstall/systemd.sh
@@ -1 +1 @@
-rm -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/network/80-container-host0.network"
+rm -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/network/80-container-host0.network"
diff --git a/seed/unbound/dictionaries/20_unbound.xml b/seed/unbound/dictionaries/20_unbound.xml
index 120779a..9338265 100644
--- a/seed/unbound/dictionaries/20_unbound.xml
+++ b/seed/unbound/dictionaries/20_unbound.xml
@@ -29,8 +29,8 @@
+
-
@@ -40,6 +40,7 @@
ip_dns
+ zones
unbound_forward_address
unbound_allowed_client
diff --git a/seed/unbound/templates/risotto.conf b/seed/unbound/templates/risotto.conf
index 8540752..2c91c78 100644
--- a/seed/unbound/templates/risotto.conf
+++ b/seed/unbound/templates/risotto.conf
@@ -8,8 +8,8 @@ server:
%for %%interface in %%range(%%len(%%zones_list))
access-control: %%getVar('ip_eth' + %%str(%%interface)) allow
%end for
-%for %%allowed in %%unbound_allowed_client
- access-control: %%allowed allow
+%for %%authority in %%unbound_forward_address
+ access-control: %%authority.unbound_allowed_client allow
%end for
do-not-query-localhost: no
auto-trust-anchor-file: "/srv/unbound/root.key"
@@ -21,7 +21,7 @@ remote-control:
%for %%zone in %%authority.unbound_forward_zones
forward-zone:
name: "%%zone"
- forward-addr: %%get_ip(%%str(%%authority))
+ forward-addr: %%authority.unbound_allowed_client
%end for
%end for
diff --git a/seed/vaultwarden/dictionaries/40_vaultwarden.xml b/seed/vaultwarden/dictionaries/40_vaultwarden.xml
index 5b69165..974b9d2 100644
--- a/seed/vaultwarden/dictionaries/40_vaultwarden.xml
+++ b/seed/vaultwarden/dictionaries/40_vaultwarden.xml
@@ -9,11 +9,11 @@
-
+
-
+
vaultwarden
diff --git a/seed/vaultwarden/manual/image/postinstall/vaultwarden.sh b/seed/vaultwarden/manual/image/postinstall/vaultwarden.sh
index 6771d08..55da267 100644
--- a/seed/vaultwarden/manual/image/postinstall/vaultwarden.sh
+++ b/seed/vaultwarden/manual/image/postinstall/vaultwarden.sh
@@ -1,3 +1,3 @@
# locale in jslib/common/src/models/domain/globalState.ts is "en" by default, change it to "fr"
# this information is store in browser local storage
-sed -i 's/this.locale="en",/this.locale="fr",/g' $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/share/vaultwarden/app/main.*.js
+sed -i 's/this.locale="en",/this.locale="fr",/g' $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/share/vaultwarden/app/main.*.js