forked from stove/dataset
improvements
This commit is contained in:
parent
8b39e07aa4
commit
b96c29e40e
100 changed files with 946 additions and 309 deletions
|
@ -19,7 +19,7 @@
|
||||||
</variable>
|
</variable>
|
||||||
</family>
|
</family>
|
||||||
<family name="apache" description="Apache" help="Paramètrage avancé du serveur web Apache">
|
<family name="apache" description="Apache" help="Paramètrage avancé du serveur web Apache">
|
||||||
<variable name="apache_timeout" type="number" description="Temps en secondes pendant lequel le serveur va attendre des entrées/sorties avant de considérer qu'une requête a échoué">
|
<variable name="apache_timeout" type="number" description="Temps d'attente des entrées/sorties avant de considérer qu'une requête a échoué" help="Temps en secondes">
|
||||||
<value>300</value>
|
<value>300</value>
|
||||||
</variable>
|
</variable>
|
||||||
<variable name="apache_keepalive" type="boolean" description="Autoriser les connexions persistantes"/>
|
<variable name="apache_keepalive" type="boolean" description="Autoriser les connexions persistantes"/>
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
%%get_chain(authority_cn=%%revprox_client_server_domainname, authority_name="InternalReverseProxy", hide=%%hide_secret)
|
%%get_chain(%%domain_name_eth0, authority_cn=%%revprox_client_server_domainname, authority_name="InternalReverseProxy", hide=%%hide_secret)
|
||||||
|
|
|
@ -10,7 +10,9 @@
|
||||||
<file engine="none" source="sysuser-debian.conf">/sysusers.d/debian.conf</file>
|
<file engine="none" source="sysuser-debian.conf">/sysusers.d/debian.conf</file>
|
||||||
</service>
|
</service>
|
||||||
<service name='apt-daily' disabled="True"/>
|
<service name='apt-daily' disabled="True"/>
|
||||||
|
<service name='apt-daily' disabled="True" type="timer"/>
|
||||||
<service name='apt-daily-upgrade' disabled="True"/>
|
<service name='apt-daily-upgrade' disabled="True"/>
|
||||||
|
<service name='apt-daily-upgrade' disabled="True" type="timer"/>
|
||||||
<service name='avahi-daemon' disabled="True"/>
|
<service name='avahi-daemon' disabled="True"/>
|
||||||
<service name='cron' disabled="True"/>
|
<service name='cron' disabled="True"/>
|
||||||
</services>
|
</services>
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
<?xml version="1.0" encoding="utf-8"?>
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
<rougail version="0.10">
|
<rougail version="0.10">
|
||||||
<services>
|
<services>
|
||||||
<service name="update-ca-certificates" engine="creole" target="multi-user"/>
|
<service name="update-ca-certificates" engine="cheetah" target="multi-user"/>
|
||||||
</services>
|
</services>
|
||||||
<variables>
|
<variables>
|
||||||
<variable name="tls_ca_directory" type="filename" description="Répertoire des autorités de certification" hidden="True">
|
<variable name="tls_ca_directory" type="filename" description="Répertoire des autorités de certification" hidden="True">
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
rm -f $IMAGE_NAME_RISOTTO_IMAGE_DIR/etc/resolv.conf
|
rm -f $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/etc/resolv.conf
|
||||||
ln -s ../run/systemd/resolve/stub-resolv.conf $IMAGE_NAME_RISOTTO_IMAGE_DIR/etc/resolv.conf
|
ln -s ../run/systemd/resolve/stub-resolv.conf $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/etc/resolv.conf
|
||||||
#mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants
|
#mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
|
||||||
#chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants
|
#chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
|
||||||
#ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
|
#ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
|
||||||
#ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
|
#ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
|
||||||
#ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
|
#ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
|
||||||
#ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"
|
#ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# ACTIVE NETWORKD
|
# ACTIVE NETWORKD
|
||||||
mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants
|
mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
|
||||||
chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants
|
chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
|
||||||
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
|
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
|
||||||
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
|
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
|
||||||
ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
|
ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
|
||||||
ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"
|
ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# ACTIVE NETWORKD
|
# ACTIVE NETWORKD
|
||||||
mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants
|
mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
|
||||||
chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants
|
chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
|
||||||
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
|
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
|
||||||
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
|
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
|
||||||
ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
|
ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
|
||||||
ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"
|
ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
<?xml version="1.0" encoding="utf-8"?>
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
<rougail version="0.10">
|
<rougail version="0.10">
|
||||||
<services>
|
<services>
|
||||||
<service name="update-ca-trust" engine="creole" target="multi-user"/>
|
<service name="update-ca-trust" engine="cheetah" target="multi-user"/>
|
||||||
</services>
|
</services>
|
||||||
<variables>
|
<variables>
|
||||||
<variable name="tls_ca_directory" type="filename" description="Nom du répertoire des autorités de certification" hidden="True">
|
<variable name="tls_ca_directory" type="filename" description="Nom du répertoire des autorités de certification" hidden="True">
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
BASE_PKG="systemd systemd-networkd systemd-resolved fedora-release-container lsof strace glibc-langpack-fr $BASE_PKG"
|
BASE_PKG="systemd systemd-networkd systemd-resolved fedora-release-container lsof strace glibc-langpack-fr $BASE_PKG"
|
||||||
INSTALL_TOOL="dnf"
|
INSTALL_TOOL="dnf"
|
||||||
OS_NAME='fedora'
|
OS_NAME='fedora'
|
||||||
REPO_DIR="$IMAGE_NAME_RISOTTO_IMAGE_DIR/etc/yum.repos.d/"
|
REPO_DIR="$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/etc/yum.repos.d/"
|
||||||
|
|
|
@ -6,25 +6,26 @@
|
||||||
</service>
|
</service>
|
||||||
</services>
|
</services>
|
||||||
<variables>
|
<variables>
|
||||||
<variable name="hide_secret" type="boolean" description="Les secrets sont obscurcis" mode="expert" help="Obscurcir les secrets peut permettre de générer des configurations diffusable sans problème de confidentialité ou pour comparer deux configurations générés à des moments différents">
|
<variable name="hide_secret" type="boolean" description="Les secrets sont obscurcis" mode="expert" help="Obscurcir les secrets peut permettre de générer des configurations diffusable sans problème de confidentialité ou pour comparer deux configurations générés à des moments différents" hidden="True">
|
||||||
<value>False</value>
|
<value>False</value>
|
||||||
</variable>
|
</variable>
|
||||||
<variable name="module_name" type="string" hidden="True" provider="global:module_name" mandatory="True"/>
|
<variable name="module_name" type="string" hidden="True" provider="global:module_name" mandatory="True"/>
|
||||||
<family name="network" description="Réseau">
|
<family name="network" description="Réseau">
|
||||||
<variable name="server_name" type="domainname" hidden="True" provider="global:server_name" mandatory="True"/>
|
<variable name="server_name" description="Nom de domaine du serveur" type="domainname" hidden="True" provider="global:server_name" mandatory="True"/>
|
||||||
<variable name="zones_list" type="string" multi="True" description="Liste de toutes les zones" mandatory="True" hidden="True" provider="global:zones_name"/>
|
<variable name="zones_list" type="string" multi="True" description="Liste de toutes les zones" mandatory="True" hidden="True" provider="global:zones_name"/>
|
||||||
<variable name="interfaces_list" type="number" multi="True" description="Liste de tous les numéros d'interfaces" hidden="True" provider="global:zones_list"/>
|
<variable name="interfaces_list" type="number" multi="True" description="Liste de tous les numéros d'interfaces" hidden="True" provider="global:zones_list"/>
|
||||||
<family name="interface_" description="Interface " dynamic="interfaces_list">
|
<family name="interface_" description="Interface " dynamic="interfaces_list">
|
||||||
<variable name="zone_name_eth" type="string" description="Nom de la zone de l'interface " hidden="True" mandatory="True"/>
|
<variable name="zone_name_eth" type="string" description="Nom de la zone de l'interface " hidden="True" mandatory="True"/>
|
||||||
<variable name="ip_eth" type="ip" description="Adresse IP pour l'interface " hidden="True" mandatory="True"/>
|
<variable name="ip_eth" type="ip" description="Adresse IP pour l'interface " hidden="True" mandatory="True"/>
|
||||||
<variable name="network_eth" type="network_cidr" description="Réseau de l'interface " hidden="True"/>
|
<variable name="network_eth" type="network_cidr" description="Réseau de l'interface " hidden="True"/>
|
||||||
<variable name="gateway_eth" type="ip" description="La route de l'interface "/>
|
<variable name="gateway_eth" type="ip" description="La route de l'interface " hidden="True"/>
|
||||||
<variable name="domain_name_eth" type="domainname" description="Nom de domaine pour l'interface " mandatory="True" hidden="True" provider="global:server_names"/>
|
<variable name="domain_name_eth" type="domainname" description="Nom de domaine pour l'interface " mandatory="True" hidden="True" provider="global:server_names"/>
|
||||||
</family>
|
</family>
|
||||||
</family>
|
</family>
|
||||||
</variables>
|
</variables>
|
||||||
<constraints>
|
<constraints>
|
||||||
<fill name="get_ip">
|
<fill name="get_ip">
|
||||||
|
<param type="information">zones</param>
|
||||||
<param name="server_name" type="variable">domain_name_eth</param>
|
<param name="server_name" type="variable">domain_name_eth</param>
|
||||||
<target>ip_eth</target>
|
<target>ip_eth</target>
|
||||||
</fill>
|
</fill>
|
||||||
|
@ -33,14 +34,16 @@
|
||||||
<param name="index" type="suffix"/>
|
<param name="index" type="suffix"/>
|
||||||
<target>zone_name_eth</target>
|
<target>zone_name_eth</target>
|
||||||
</fill>
|
</fill>
|
||||||
<fill name="zone_information">
|
<fill name="get_zones_info">
|
||||||
<param type="variable">zone_name_eth</param>
|
<param type="information">zones</param>
|
||||||
<param>network</param>
|
<param>network</param>
|
||||||
|
<param type="variable" name="zone_name">zone_name_eth</param>
|
||||||
<target>network_eth</target>
|
<target>network_eth</target>
|
||||||
</fill>
|
</fill>
|
||||||
<fill name="zone_information">
|
<fill name="get_zones_info">
|
||||||
<param type="variable">zone_name_eth</param>
|
<param type="information">zones</param>
|
||||||
<param>gateway</param>
|
<param>host_ip</param>
|
||||||
|
<param type="variable" name="zone_name">zone_name_eth</param>
|
||||||
<param name="index" type="suffix"/>
|
<param name="index" type="suffix"/>
|
||||||
<target>gateway_eth</target>
|
<target>gateway_eth</target>
|
||||||
</fill>
|
</fill>
|
||||||
|
|
|
@ -6,9 +6,6 @@ from os.path import join as _join, isfile as _isfile, isdir as _isdir
|
||||||
from os import makedirs as _makedirs, environ as _environ
|
from os import makedirs as _makedirs, environ as _environ
|
||||||
|
|
||||||
|
|
||||||
#from risotto.utils import ZONES_SERVER
|
|
||||||
|
|
||||||
|
|
||||||
_HERE = _environ['PWD']
|
_HERE = _environ['PWD']
|
||||||
_PASSWORD_DIR = _join(_HERE, 'password')
|
_PASSWORD_DIR = _join(_HERE, 'password')
|
||||||
|
|
||||||
|
|
|
@ -1,10 +1,11 @@
|
||||||
from typing import List
|
|
||||||
from risotto.utils import load_domains, DOMAINS
|
|
||||||
from risotto.utils import multi_function as _multi_function
|
from risotto.utils import multi_function as _multi_function
|
||||||
|
from typing import List as _List
|
||||||
|
|
||||||
|
|
||||||
@_multi_function
|
@_multi_function
|
||||||
def get_ip(server_name: str) -> str:
|
def get_ip(zones: dict,
|
||||||
|
server_name: str,
|
||||||
|
) -> str:
|
||||||
if server_name is None:
|
if server_name is None:
|
||||||
return
|
return
|
||||||
if isinstance(server_name, list):
|
if isinstance(server_name, list):
|
||||||
|
@ -15,12 +16,32 @@ def get_ip(server_name: str) -> str:
|
||||||
lst = []
|
lst = []
|
||||||
for s_name in server_name:
|
for s_name in server_name:
|
||||||
host_name, domain_name = s_name.split('.', 1)
|
host_name, domain_name = s_name.split('.', 1)
|
||||||
if not domain_name in DOMAINS:
|
for zone in zones.values():
|
||||||
|
if domain_name == zone['domain_name']:
|
||||||
|
break
|
||||||
|
else:
|
||||||
raise ValueError(f'cannot find IP in domain name "{domain_name}" (for "{s_name}")')
|
raise ValueError(f'cannot find IP in domain name "{domain_name}" (for "{s_name}")')
|
||||||
domain = DOMAINS[domain_name]
|
ret = zone['hosts'][host_name]
|
||||||
ret = domain[1][domain[0].index(host_name)]
|
|
||||||
if not return_list:
|
if not return_list:
|
||||||
return ret
|
return ret
|
||||||
if ret not in lst:
|
if ret not in lst:
|
||||||
lst.append(ret)
|
lst.append(ret)
|
||||||
return lst
|
return lst
|
||||||
|
|
||||||
|
|
||||||
|
@_multi_function
|
||||||
|
def get_zones_info(zones: dict,
|
||||||
|
type: str,
|
||||||
|
zone_names: _List[str]=None,
|
||||||
|
zone_name: str=None,
|
||||||
|
index: int=None,
|
||||||
|
) -> str:
|
||||||
|
if type == 'host_ip' and index != 0:
|
||||||
|
return
|
||||||
|
if zone_name:
|
||||||
|
if zone_name not in zones:
|
||||||
|
raise ValueError(f"cannot get zone informations in unknown zone '{zone_name}'")
|
||||||
|
if type == 'cidr':
|
||||||
|
return zones[zone_name]['host_ip'] + '/' + zones[zone_name]['network'].split('/')[-1]
|
||||||
|
return zones[zone_name][type]
|
||||||
|
return [data[type] for zone_name, data in zones.items() if not zone_names or zone_name in zone_names]
|
||||||
|
|
|
@ -10,12 +10,13 @@
|
||||||
<variable name="dns_is_only_local" type="boolean" description="DNS resolve only local address" hidden="True">
|
<variable name="dns_is_only_local" type="boolean" description="DNS resolve only local address" hidden="True">
|
||||||
<value>True</value>
|
<value>True</value>
|
||||||
</variable>
|
</variable>
|
||||||
<variable name="dns_client_address" type="domainname" description="Nom de domaine du serveur DNS" supplier="LocalDNS"/>
|
<variable name="dns_client_address" type="domainname" description="Nom de domaine du serveur DNS" supplier="LocalDNS" hidden="True"/>
|
||||||
<variable name="ip_dns" type="ip" description="Adresse IP du serveur DNS" hidden="True"/>
|
<variable name="ip_dns" type="ip" description="Adresse IP du serveur DNS" hidden="True"/>
|
||||||
</family>
|
</family>
|
||||||
</variables>
|
</variables>
|
||||||
<constraints>
|
<constraints>
|
||||||
<fill name="get_ip">
|
<fill name="get_ip">
|
||||||
|
<param type="information">zones</param>
|
||||||
<param name="server_name" type="variable">dns_client_address</param>
|
<param name="server_name" type="variable">dns_client_address</param>
|
||||||
<target>ip_dns</target>
|
<target>ip_dns</target>
|
||||||
</fill>
|
</fill>
|
||||||
|
|
|
@ -6,15 +6,15 @@ addresses:
|
||||||
%elif %%getVar('unbound_forward_address', None) is not None
|
%elif %%getVar('unbound_forward_address', None) is not None
|
||||||
%for %%authority in %%unbound_forward_address
|
%for %%authority in %%unbound_forward_address
|
||||||
- dns_address: %%authority
|
- dns_address: %%authority
|
||||||
dns_ip: %%get_ip(%%str(%%authority))
|
dns_ip: %%authority.unbound_allowed_client
|
||||||
%end for
|
%end for
|
||||||
%else
|
%elif %%getVar('nsd_zones', None)
|
||||||
%for %%zone in %%nsd_zones
|
%for %%zone in %%nsd_zones
|
||||||
%set %%suffix = %%normalize_family(%%zone)
|
%set %%suffix = %%normalize_family(%%zone)
|
||||||
%set %%hostnames = %%nsd["nsd_zone_" + %%suffix]["hostname_" + %%suffix]["hostname_" + %%suffix]
|
%set %%hostnames = %%nsd["nsd_zone_" + %%suffix]["hostname_" + %%suffix]["hostname_" + %%suffix]
|
||||||
%for %%nsd in %%hostnames
|
%for %%hostname in %%hostnames
|
||||||
- dns_address: %%{nsd}.%%zone
|
- dns_address: %%{hostname}.%%zone
|
||||||
dns_ip: %%nsd["ip_" + %%suffix]
|
dns_ip: %%hostname["ip_" + %%suffix]
|
||||||
%end for
|
%end for
|
||||||
%end for
|
%end for
|
||||||
%end if
|
%end if
|
||||||
|
|
|
@ -85,11 +85,13 @@
|
||||||
<variable name='external_imap_crt' type="filename" hidden='True' multi='True'/>
|
<variable name='external_imap_crt' type="filename" hidden='True' multi='True'/>
|
||||||
<variable name='external_imap_key' type="filename" hidden='True' multi='True'/>
|
<variable name='external_imap_key' type="filename" hidden='True' multi='True'/>
|
||||||
</family>
|
</family>
|
||||||
<family name="nginx">
|
<family name="revprox">
|
||||||
<family name="revprox_client">
|
<family name="revprox_client">
|
||||||
<variable name="revprox_client_external_domainnames" redefine="True"/>
|
<variable name="revprox_client_external_domainnames" redefine="True"/>
|
||||||
<variable name="revprox_client_web_address" redefine="True"/>
|
<variable name="revprox_client_web_address" redefine="True"/>
|
||||||
</family>
|
</family>
|
||||||
|
</family>
|
||||||
|
<family name="nginx">
|
||||||
<variable name="nginx_root" redefine='True'>
|
<variable name="nginx_root" redefine='True'>
|
||||||
<value>/var/www/html</value>
|
<value>/var/www/html</value>
|
||||||
</variable>
|
</variable>
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
%%get_chain(%%domain_name_eth0, "IMAPServer", hide=%%hide_secret)
|
%%get_chain(%%domain_name_eth0, %%domain_name_eth0, "IMAPServer", hide=%%hide_secret)
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
%%get_chain(%%domain_name_eth0, "MailServer", hide=%%hide_secret)
|
%%get_chain(%%domain_name_eth0, %%domain_name_eth0, "MailServer", hide=%%hide_secret)
|
||||||
|
|
|
@ -8,5 +8,5 @@ password: %%get_password(server_name='test', username=%%username, description="t
|
||||||
username_family: %%username_family
|
username_family: %%username_family
|
||||||
password_family: %%get_password(server_name='test', username=%%username_family, description='test', type="cleartext", hide=%%hide_secret, temporary=True)
|
password_family: %%get_password(server_name='test', username=%%username_family, description='test', type="cleartext", hide=%%hide_secret, temporary=True)
|
||||||
name_family: %%name_family
|
name_family: %%name_family
|
||||||
smtp: %%get_ip(%%smtp_relay_address)
|
smtp: %%smtp_relay_ip
|
||||||
ext_username: 'test@example.net'
|
ext_username: 'test@example.net'
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
<?xml version='1.0' encoding='UTF-8'?>
|
<?xml version='1.0' encoding='UTF-8'?>
|
||||||
<rougail version="0.10">
|
<rougail version="0.10">
|
||||||
<services>
|
<services>
|
||||||
<service name="gitea" target="multi-user" engine="creole">
|
<service name="gitea" target="multi-user" engine="cheetah">
|
||||||
<file engine="none" source="sysuser-gitea.conf">/sysusers.d/0gitea.conf</file>
|
<file engine="none" source="sysuser-gitea.conf">/sysusers.d/0gitea.conf</file>
|
||||||
<file engine="none" source="tmpfile-gitea.conf">/tmpfiles.d/0gitea.conf</file>
|
<file engine="none" source="tmpfile-gitea.conf">/tmpfiles.d/0gitea.conf</file>
|
||||||
<file>/etc/gitea/app.ini</file>
|
<file>/etc/gitea/app.ini</file>
|
||||||
|
@ -28,7 +28,7 @@
|
||||||
<variable name="gitea_internal_token" type="password" hidden="True"/>
|
<variable name="gitea_internal_token" type="password" hidden="True"/>
|
||||||
<variable name="gitea_lfs_jwt_secret" type="password" hidden="True"/>
|
<variable name="gitea_lfs_jwt_secret" type="password" hidden="True"/>
|
||||||
</family>
|
</family>
|
||||||
<family name="nginx">
|
<family name="revprox">
|
||||||
<family name="revprox_client">
|
<family name="revprox_client">
|
||||||
<variable name="revprox_client_local_location" redefine="True">
|
<variable name="revprox_client_local_location" redefine="True">
|
||||||
<value>/</value>
|
<value>/</value>
|
||||||
|
|
|
@ -9,9 +9,11 @@ VERS=$(wget https://dl.gitea.io/gitea/version.json -q -O - | jq -r '.latest.vers
|
||||||
mkdir -p ~/gitea/
|
mkdir -p ~/gitea/
|
||||||
|
|
||||||
if [ ! -f ~/"gitea/gitea-$VERS-linux-amd64.xz" ]; then
|
if [ ! -f ~/"gitea/gitea-$VERS-linux-amd64.xz" ]; then
|
||||||
|
rm -rf ~/"gitea/gitea-*-linux-amd64.xz"
|
||||||
wget "https://dl.gitea.io/gitea/$VERS/gitea-$VERS-linux-amd64.xz" -O ~/"gitea/gitea-$VERS-linux-amd64.xz"
|
wget "https://dl.gitea.io/gitea/$VERS/gitea-$VERS-linux-amd64.xz" -O ~/"gitea/gitea-$VERS-linux-amd64.xz"
|
||||||
fi
|
fi
|
||||||
if [ ! -f ~/"gitea/gitea-$VERS-linux-amd64.xz.asc" ]; then
|
if [ ! -f ~/"gitea/gitea-$VERS-linux-amd64.xz.asc" ]; then
|
||||||
|
rm -rf ~/"gitea/gitea-*-linux-amd64.xz.asc"
|
||||||
wget "https://dl.gitea.io/gitea/$VERS/gitea-$VERS-linux-amd64.xz.asc" -O ~/"gitea/gitea-$VERS-linux-amd64.xz.asc"
|
wget "https://dl.gitea.io/gitea/$VERS/gitea-$VERS-linux-amd64.xz.asc" -O ~/"gitea/gitea-$VERS-linux-amd64.xz.asc"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -19,5 +21,5 @@ gpg --verify ~/"gitea/gitea-$VERS-linux-amd64.xz.asc" ~/"gitea/gitea-$VERS-linux
|
||||||
|
|
||||||
cp -a ~/"gitea/gitea-$VERS-linux-amd64.xz" .
|
cp -a ~/"gitea/gitea-$VERS-linux-amd64.xz" .
|
||||||
xz -d "gitea-$VERS-linux-amd64.xz"
|
xz -d "gitea-$VERS-linux-amd64.xz"
|
||||||
mv "gitea-$VERS-linux-amd64" "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/bin/gitea"
|
mv "gitea-$VERS-linux-amd64" "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/bin/gitea"
|
||||||
chmod +x "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/bin/gitea"
|
chmod +x "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/bin/gitea"
|
||||||
|
|
|
@ -6,12 +6,12 @@
|
||||||
<file file_type="variable" source="70-container.network" variable="zone_name">systemd_zone_filename</file>
|
<file file_type="variable" source="70-container.network" variable="zone_name">systemd_zone_filename</file>
|
||||||
<file file_type="variable" source="70-container.netdev" variable="zone_name">systemd_netzone_filename</file>
|
<file file_type="variable" source="70-container.netdev" variable="zone_name">systemd_netzone_filename</file>
|
||||||
</service>
|
</service>
|
||||||
<service name="risotto-images" engine="creole" manage="False"/>
|
<service name="risotto-images" engine="cheetah" manage="False"/>
|
||||||
<service name="systemd-sysctl"/>
|
<service name="systemd-sysctl"/>
|
||||||
<service name="systemd-networkd"/>
|
<service name="systemd-networkd"/>
|
||||||
<service name="systemd-resolved"/>
|
<service name="systemd-resolved"/>
|
||||||
<service name="risotto-images" type="timer" engine="creole"/>
|
<service name="risotto-images" type="timer" engine="cheetah"/>
|
||||||
<service name="risottofirewall" engine="creole"/>
|
<service name="risottofirewall" engine="cheetah"/>
|
||||||
<service name="systemd-nspawn@">
|
<service name="systemd-nspawn@">
|
||||||
<file>/usr/local/lib/risotto-tmpfiles.d/0asystemd-nspawn.conf</file>
|
<file>/usr/local/lib/risotto-tmpfiles.d/0asystemd-nspawn.conf</file>
|
||||||
<file>/etc/systemd/system/systemd-nspawn@.service.d/systemd-nspawn@.conf</file>
|
<file>/etc/systemd/system/systemd-nspawn@.service.d/systemd-nspawn@.conf</file>
|
||||||
|
@ -20,12 +20,11 @@
|
||||||
<file>/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-36-x86_64</file>
|
<file>/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-36-x86_64</file>
|
||||||
<file>/etc/pki/rpm-gpg/RPM-GPG-KEY-rpmfusion-free-fedora-36</file>
|
<file>/etc/pki/rpm-gpg/RPM-GPG-KEY-rpmfusion-free-fedora-36</file>
|
||||||
<file>/etc/sysctl.d/90-risotto.conf</file>
|
<file>/etc/sysctl.d/90-risotto.conf</file>
|
||||||
<file file_type="variable" source="dhcp.network" variable="host_dhcp_interface">host_dhcp_filename</file>
|
<file file_type="variable" source="dhcp.network" variable="interface_names">host_network_filename</file>
|
||||||
</service>
|
</service>
|
||||||
</services>
|
</services>
|
||||||
<variables>
|
<variables>
|
||||||
<variable name="host_install_dir" type="filename" description="Nom du répertoire comprenant les descriptions d'installation" mandatory="True"/>
|
<variable name="host_install_dir" type="filename" description="Nom du répertoire comprenant les descriptions d'installation" mandatory="True" provider="global:host_install_dir"/>
|
||||||
<variable name="host_dhcp_filename" type="filename" hidden="True" multi="True"/>
|
|
||||||
<variable name="host_name" type="domainname" hidden="True" provider="global:server_name" mandatory="True"/>
|
<variable name="host_name" type="domainname" hidden="True" provider="global:server_name" mandatory="True"/>
|
||||||
<variable name="module_name" type="string" hidden="True" provider="global:module_name" mandatory="True"/>
|
<variable name="module_name" type="string" hidden="True" provider="global:module_name" mandatory="True"/>
|
||||||
<variable name="systemd_zone_filename" type="filename" hidden="True" multi="True"/>
|
<variable name="systemd_zone_filename" type="filename" hidden="True" multi="True"/>
|
||||||
|
@ -39,16 +38,34 @@
|
||||||
<value>jq</value>
|
<value>jq</value>
|
||||||
<value>debootstrap</value>
|
<value>debootstrap</value>
|
||||||
<value>htop</value>
|
<value>htop</value>
|
||||||
|
<value>iotop</value>
|
||||||
|
<value>man</value>
|
||||||
<value>gettext</value>
|
<value>gettext</value>
|
||||||
<value>patch</value>
|
<value>patch</value>
|
||||||
<value>unzip</value>
|
<value>unzip</value>
|
||||||
<value>mlocate</value>
|
<value>mlocate</value>
|
||||||
<value>xz-utils</value>
|
<value>xz-utils</value>
|
||||||
<value>iptables</value>
|
<value>iptables</value>
|
||||||
|
<value>curl</value>
|
||||||
|
<value>tree</value>
|
||||||
|
<value>tshark</value>
|
||||||
|
<value>vim</value>
|
||||||
</variable>
|
</variable>
|
||||||
<family name="network">
|
<family name="network">
|
||||||
<variable name="host_dhcp_interface" description="Carte réseau en DHCP" multi="True"/>
|
|
||||||
<variable name="output_interface" description="Nom de l'interface de sortie" mandatory="True"/>
|
<variable name="output_interface" description="Nom de l'interface de sortie" mandatory="True"/>
|
||||||
|
<family name="interfaces" leadership="True">
|
||||||
|
<variable name="interface_names" description="Nom de l'interface" multi="True" mandatory="True"/>
|
||||||
|
<variable name="interface_type" type="choice" description="Type de la carte" mandatory="True">
|
||||||
|
<choice>dhcp</choice>
|
||||||
|
<choice>ipv4</choice>
|
||||||
|
<value>dhcp</value>
|
||||||
|
</variable>
|
||||||
|
<variable name="interface_ip" type="cidr" description="IP au format CIDR de l'interface" mandatory="True"/>
|
||||||
|
<variable name="interface_gateway" type="ip" description="IP de la route par défaut" mandatory="True"/>
|
||||||
|
<variable name="interface_domain_name_servers" type="ip" description="IP des serveurs DNS" mandatory="True" multi="True"/>
|
||||||
|
<variable name="first_interface" type="boolean" hidden="True"/>
|
||||||
|
</family>
|
||||||
|
<variable name="host_network_filename" type="filename" multi="True" hidden="True"/>
|
||||||
</family>
|
</family>
|
||||||
<family name="zones" leadership="True">
|
<family name="zones" leadership="True">
|
||||||
<variable name="zone_name" type="string" hidden="True" multi="True"/>
|
<variable name="zone_name" type="string" hidden="True" multi="True"/>
|
||||||
|
@ -57,6 +74,7 @@
|
||||||
</variables>
|
</variables>
|
||||||
<constraints>
|
<constraints>
|
||||||
<fill name="get_internal_zone_names">
|
<fill name="get_internal_zone_names">
|
||||||
|
<param type="information">zones</param>
|
||||||
<target>zone_name</target>
|
<target>zone_name</target>
|
||||||
</fill>
|
</fill>
|
||||||
<fill name="calc_value">
|
<fill name="calc_value">
|
||||||
|
@ -69,11 +87,11 @@
|
||||||
</fill>
|
</fill>
|
||||||
<fill name="calc_value">
|
<fill name="calc_value">
|
||||||
<param>/etc/systemd/network/80-</param>
|
<param>/etc/systemd/network/80-</param>
|
||||||
<param type="variable">host_dhcp_interface</param>
|
<param type="variable">interface_names</param>
|
||||||
<param>.network</param>
|
<param>.network</param>
|
||||||
<param name="join"></param>
|
<param name="join"></param>
|
||||||
<param name="multi" type="boolean">True</param>
|
<param name="multi" type="boolean">True</param>
|
||||||
<target>host_dhcp_filename</target>
|
<target>host_network_filename</target>
|
||||||
</fill>
|
</fill>
|
||||||
<fill name="calc_value">
|
<fill name="calc_value">
|
||||||
<param>/etc/systemd/network/70-container-</param>
|
<param>/etc/systemd/network/70-container-</param>
|
||||||
|
@ -83,10 +101,26 @@
|
||||||
<param name="multi" type="boolean">True</param>
|
<param name="multi" type="boolean">True</param>
|
||||||
<target>systemd_netzone_filename</target>
|
<target>systemd_netzone_filename</target>
|
||||||
</fill>
|
</fill>
|
||||||
<fill name="get_internal_zone_information">
|
<fill name="get_zones_info">
|
||||||
<param type="variable">zone_name</param>
|
<param type="information">zones</param>
|
||||||
<param>cidr</param>
|
<param>cidr</param>
|
||||||
|
<param type="variable" name="zone_name">zone_name</param>
|
||||||
<target>zone_cidr</target>
|
<target>zone_cidr</target>
|
||||||
</fill>
|
</fill>
|
||||||
|
<fill name="is_first_interface">
|
||||||
|
<param type="index"/>
|
||||||
|
<target>first_interface</target>
|
||||||
|
</fill>
|
||||||
|
<condition name="disabled_if_not_in" source="interface_type">
|
||||||
|
<param>ipv4</param>
|
||||||
|
<target>interface_ip</target>
|
||||||
|
<target>interface_gateway</target>
|
||||||
|
<target>interface_domain_name_servers</target>
|
||||||
|
</condition>
|
||||||
|
<condition name="disabled_if_not_in" source="first_interface">
|
||||||
|
<param>True</param>
|
||||||
|
<target>interface_gateway</target>
|
||||||
|
<target>interface_domain_name_servers</target>
|
||||||
|
</condition>
|
||||||
</constraints>
|
</constraints>
|
||||||
</rougail>
|
</rougail>
|
||||||
|
|
|
@ -15,6 +15,7 @@
|
||||||
<variable name="journal_dir_" description="Directory with journal volume for " hidden="True" type="filename" provider="Host:machine_journal"/>
|
<variable name="journal_dir_" description="Directory with journal volume for " hidden="True" type="filename" provider="Host:machine_journal"/>
|
||||||
<variable name="config_dir_" description="Directory with configuration volume for " hidden="True" type="filename" provider="Host:config_dir" mandatory="True"/>
|
<variable name="config_dir_" description="Directory with configuration volume for " hidden="True" type="filename" provider="Host:config_dir" mandatory="True"/>
|
||||||
<variable name="zones_" description="Zones for " hidden="True" provider="Host:machine_zones" mandatory="True" multi="True"/>
|
<variable name="zones_" description="Zones for " hidden="True" provider="Host:machine_zones" mandatory="True" multi="True"/>
|
||||||
|
<variable name="ip_" description="IP for " type="ip" hidden="True"/>
|
||||||
</family>
|
</family>
|
||||||
<variable name="nspawn_zone_filename" type="filename" hidden="True" multi="True"/>
|
<variable name="nspawn_zone_filename" type="filename" hidden="True" multi="True"/>
|
||||||
<variable name="nspawn_script_filename" type="filename" hidden="True" multi="True"/>
|
<variable name="nspawn_script_filename" type="filename" hidden="True" multi="True"/>
|
||||||
|
@ -35,6 +36,11 @@
|
||||||
<param name="multi" type="boolean">True</param>
|
<param name="multi" type="boolean">True</param>
|
||||||
<target>machined.nspawn_zone_filename</target>
|
<target>machined.nspawn_zone_filename</target>
|
||||||
</fill>
|
</fill>
|
||||||
|
<fill name="get_ip">
|
||||||
|
<param type="information">zones</param>
|
||||||
|
<param type="suffix"/>
|
||||||
|
<target>machined.machine_.ip_</target>
|
||||||
|
</fill>
|
||||||
</constraints>
|
</constraints>
|
||||||
</rougail>
|
</rougail>
|
||||||
|
|
||||||
|
|
|
@ -2,4 +2,16 @@
|
||||||
Name=%%rougail_variable
|
Name=%%rougail_variable
|
||||||
|
|
||||||
[Network]
|
[Network]
|
||||||
|
%set %%leader = %%interface_names[%%rougail_index]
|
||||||
|
%if %%leader.interface_type == 'dhcp'
|
||||||
DHCP=ipv4
|
DHCP=ipv4
|
||||||
|
%else
|
||||||
|
DHCP=no
|
||||||
|
Address=%%leader.interface_ip
|
||||||
|
%if %%leader.first_interface
|
||||||
|
Gateway=%%leader.interface_gateway
|
||||||
|
%for %%dns in %%leader.interface_domain_name_servers
|
||||||
|
DNS=%%dns
|
||||||
|
%end for
|
||||||
|
%end if
|
||||||
|
%end if
|
||||||
|
|
|
@ -5,21 +5,27 @@ After=network.target
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
RemainAfterExit=yes
|
RemainAfterExit=yes
|
||||||
|
%set %%has_rules = False
|
||||||
%for %%dns in %%machined.machines
|
%for %%dns in %%machined.machines
|
||||||
%set %%machine = %%normalize_family(%%dns)
|
%set %%machine = %%normalize_family(%%dns)
|
||||||
%set %%outgoing = %%machined['machine_' + %%machine]['outgoing_ports_' + %%machine]
|
%set %%outgoing = %%machined['machine_' + %%machine]['outgoing_ports_' + %%machine]
|
||||||
%if %%outgoing
|
%if %%outgoing
|
||||||
|
%set %%ip = %%machined['machine_' + %%machine]['ip_' + %%machine]
|
||||||
%for %%port in %%outgoing
|
%for %%port in %%outgoing
|
||||||
%if ':' in %%port
|
%if ':' in %%port
|
||||||
%set %%protocol, %%port = %%port.split(':')
|
%set %%protocol, %%port = %%port.split(':')
|
||||||
%else
|
%else
|
||||||
%set %%protocol = 'tcp'
|
%set %%protocol = 'tcp'
|
||||||
%end if
|
%end if
|
||||||
ExecStart=/sbin/iptables -t nat -A POSTROUTING -s %%get_ip(%%dns) -p %%protocol -m %%protocol --dport %%port -o %%output_interface -j MASQUERADE
|
ExecStart=/sbin/iptables -t nat -A POSTROUTING -s %%ip -p %%protocol -m %%protocol --dport %%port -o %%output_interface -j MASQUERADE
|
||||||
ExecStop=-/sbin/iptables -t nat -D POSTROUTING -s %%get_ip(%%dns) -p %%protocol -m %%protocol --dport %%port -o %%output_interface -j MASQUERADE
|
ExecStop=-/sbin/iptables -t nat -D POSTROUTING -s %%ip -p %%protocol -m %%protocol --dport %%port -o %%output_interface -j MASQUERADE
|
||||||
|
%set %%has_rules = False
|
||||||
%end for
|
%end for
|
||||||
%end if
|
%end if
|
||||||
%end for
|
%end for
|
||||||
|
%if not %%has_rules
|
||||||
|
ExecStart=/usr/bin/echo "No rule"
|
||||||
|
%end if
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
%%get_chain(%%imap_address, 'IMAPServer', hide=%%hide_secret)
|
%%get_chain(%%domain_name_eth0, %%imap_address, 'IMAPServer', hide=%%hide_secret)
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
<rougail version="0.10">
|
<rougail version="0.10">
|
||||||
<services>
|
<services>
|
||||||
<service name="ldap-client" target="risotto" engine="creole">
|
<service name="ldap-client" target="risotto" engine="cheetah">
|
||||||
<file source="ldap.conf" file_type="variable">ldap_client_file</file>
|
<file source="ldap.conf" file_type="variable">ldap_client_file</file>
|
||||||
<file source="ca_LDAP.crt" file_type="variable">ldap_ca_file</file>
|
<file source="ca_LDAP.crt" file_type="variable">ldap_ca_file</file>
|
||||||
<file source="ldap_client.crt" file_type="variable">ldap_cert_file</file>
|
<file source="ldap_client.crt" file_type="variable">ldap_cert_file</file>
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
%%get_chain(%%ldap_server_address, 'LDAP', hide=%%hide_secret)
|
%%get_chain(cn=%%domain_name_eth0, authority_cn=%%ldap_server_address, authority_name="LDAP", hide=%%hide_secret)
|
||||||
|
|
|
@ -3,7 +3,7 @@ from subprocess import run as _run
|
||||||
from os.path import join as _join, isfile as _isfile, isdir as _isdir
|
from os.path import join as _join, isfile as _isfile, isdir as _isdir
|
||||||
from datetime import datetime as _datetime
|
from datetime import datetime as _datetime
|
||||||
from shutil import copyfile as _copyfile
|
from shutil import copyfile as _copyfile
|
||||||
from os import makedirs as _makedirs, environ as _environ
|
from os import makedirs as _makedirs, environ as _environ, listdir as _listdir, unlink as _unlink
|
||||||
|
|
||||||
|
|
||||||
_HERE = _environ['PWD']
|
_HERE = _environ['PWD']
|
||||||
|
@ -54,25 +54,31 @@ def letsencrypt_certif(domain: str,
|
||||||
'360',
|
'360',
|
||||||
]
|
]
|
||||||
ret = _run(cli_args, capture_output=True)
|
ret = _run(cli_args, capture_output=True)
|
||||||
if ret.returncode != 0:
|
#if ret.returncode != 0:
|
||||||
print("FIXME")
|
# print("FIXME")
|
||||||
#raise ValueError(ret.stderr.decode())
|
#raise ValueError(ret.stderr.decode())
|
||||||
# print("Done")
|
# print("Done")
|
||||||
with open(date_file, 'w') as fh:
|
with open(date_file, 'w') as fh:
|
||||||
fh.write(today)
|
fh.write(today)
|
||||||
rootdir = _join(_X509_DIR, f'{authority_name}+{authority_cn}')
|
rootdir = _join(_X509_DIR, f'{authority_name}+{authority_cn}')
|
||||||
chaindir = _join(rootdir, 'ca')
|
|
||||||
certdir = _join(rootdir, 'certificats', domain, 'server')
|
certdir = _join(rootdir, 'certificats', domain, 'server')
|
||||||
|
chaindir = _join(rootdir, 'certificats', domain, 'ca')
|
||||||
week_number = date.isocalendar().week
|
week_number = date.isocalendar().week
|
||||||
for dirname in (chaindir, certdir):
|
for dirname in (chaindir, certdir):
|
||||||
if not _isdir(dirname):
|
if not _isdir(dirname):
|
||||||
_makedirs(dirname)
|
_makedirs(dirname)
|
||||||
|
certificate_name = f'certificate_{week_number}.crt'
|
||||||
_copyfile(_join(_LE_DIR, domain, 'config/live', domain, 'chain.pem'),
|
_copyfile(_join(_LE_DIR, domain, 'config/live', domain, 'chain.pem'),
|
||||||
_join(chaindir, f'certificate_{week_number}.crt'),
|
_join(chaindir, certificate_name),
|
||||||
)
|
)
|
||||||
_copyfile(_join(_LE_DIR, domain, 'config/live', domain, 'privkey.pem'),
|
_copyfile(_join(_LE_DIR, domain, 'config/live', domain, 'privkey.pem'),
|
||||||
_join(certdir, 'private.key'),
|
_join(certdir, 'private.key'),
|
||||||
)
|
)
|
||||||
_copyfile(_join(_LE_DIR, domain, 'config/live', domain, 'fullchain.pem'),
|
_copyfile(_join(_LE_DIR, domain, 'config/live', domain, 'fullchain.pem'),
|
||||||
_join(certdir, f'certificate_{week_number}.crt'),
|
_join(certdir, certificate_name),
|
||||||
)
|
)
|
||||||
|
for dirname in (chaindir, certdir):
|
||||||
|
for filename in _listdir(dirname):
|
||||||
|
if not filename.endswith('.crt') or filename == certificate_name:
|
||||||
|
continue
|
||||||
|
_unlink(_join(dirname, filename))
|
||||||
|
|
|
@ -1,24 +1,23 @@
|
||||||
<?xml version='1.0' encoding='UTF-8'?>
|
<?xml version='1.0' encoding='UTF-8'?>
|
||||||
<rougail version="0.10">
|
<rougail version="0.10">
|
||||||
<services>
|
<services>
|
||||||
<service name="mailman3" target="multi-user">
|
<service name="mailman3"> <!-- target="multi-user">-->
|
||||||
<override/>
|
<!--override/-->
|
||||||
<file owner="root" group="mailman" mode="640">/etc/mailman.cfg</file>
|
<file owner="root" group="list" mode="640">/etc/mailman3/mailman.cfg</file>
|
||||||
<file owner="root" group="mailman" mode="640">/etc/mailman3.d/postfix.cfg</file>
|
|
||||||
<file engine="none" source="sysuser-mailman.conf">/sysusers.d/0mailman.conf</file>
|
|
||||||
<file engine="none" source="tmpfile-mailman.conf">/tmpfiles.d/0mailman.conf</file>
|
<file engine="none" source="tmpfile-mailman.conf">/tmpfiles.d/0mailman.conf</file>
|
||||||
</service>
|
|
||||||
<service name="postorius" target="multi-user" engine="creole">
|
|
||||||
<file engine="none">/etc/postorius/gunicorn_config.py</file>
|
|
||||||
<file engine="none" source="sysuser-postorius.conf">/sysusers.d/0postorius.conf</file>
|
|
||||||
<file source="config-nginx.conf">/etc/nginx/default.d/postorius.conf</file>
|
|
||||||
<file source="postorius-settings.py">/etc/mailman3.d/postorius.py</file>
|
|
||||||
<file>/tests/mailman.yml</file>
|
<file>/tests/mailman.yml</file>
|
||||||
|
<!--file owner="root" group="mailman" mode="640">/etc/mailman3.d/postfix.cfg</file-->
|
||||||
</service>
|
</service>
|
||||||
<service name="postgresqlclient" target="multi-user" engine="creole">
|
<service name="mailman3-web"> <!-- target="multi-user" engine="cheetah">-->
|
||||||
|
<!--file engine="none">/etc/postorius/gunicorn_config.py</file>
|
||||||
|
<file engine="none" source="sysuser-postorius.conf">/sysusers.d/0postorius.conf</file>
|
||||||
|
<file source="config-nginx.conf">/etc/nginx/default.d/postorius.conf</file-->
|
||||||
|
<file>/etc/mailman3/mailman-web.py</file>
|
||||||
|
</service>
|
||||||
|
<!--service name="postgresqlclient" target="multi-user" engine="cheetah"-->
|
||||||
<!-- mailman and postorius have differents username -->
|
<!-- mailman and postorius have differents username -->
|
||||||
<file owner="postorius" mode="400" source="postgresql.key">/etc/pki/tls/private/postgresql_postorius.key</file>
|
<!--file owner="postorius" mode="400" source="postgresql.key">/etc/pki/tls/private/postgresql_postorius.key</file-->
|
||||||
</service>
|
<!--/service-->
|
||||||
</services>
|
</services>
|
||||||
<variables>
|
<variables>
|
||||||
<family name="mailman" description="Gestionnaire de liste">
|
<family name="mailman" description="Gestionnaire de liste">
|
||||||
|
@ -56,7 +55,7 @@
|
||||||
</family>
|
</family>
|
||||||
<family name="postgresql">
|
<family name="postgresql">
|
||||||
<variable name="pg_client_key_owner" redefine="True">
|
<variable name="pg_client_key_owner" redefine="True">
|
||||||
<value>mailman</value>
|
<value>list</value>
|
||||||
</variable>
|
</variable>
|
||||||
</family>
|
</family>
|
||||||
</variables>
|
</variables>
|
||||||
|
|
|
@ -1,12 +1,12 @@
|
||||||
PYTHON="usr/lib/python3.10/site-packages"
|
#PYTHON="usr/lib/python3/site-packages"
|
||||||
cp -a "$IMAGE_DIR_RECIPIENT_IMAGE/postinstall/lemonldap" "$IMAGE_NAME_RISOTTO_IMAGE_DIR/$PYTHON/allauth/socialaccount/providers/"
|
#cp -a "$IMAGE_DIR_RECIPIENT_IMAGE/postinstall/lemonldap" "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/$PYTHON/allauth/socialaccount/providers/"
|
||||||
cp -a "$IMAGE_DIR_RECIPIENT_IMAGE/postinstall/risotto" "$IMAGE_NAME_RISOTTO_IMAGE_DIR/$PYTHON/allauth/socialaccount/providers/"
|
#cp -a "$IMAGE_DIR_RECIPIENT_IMAGE/postinstall/risotto" "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/$PYTHON/allauth/socialaccount/providers/"
|
||||||
cp -a "$IMAGE_DIR_RECIPIENT_IMAGE/postinstall/postorius" "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/share/postorius"
|
#cp -a "$IMAGE_DIR_RECIPIENT_IMAGE/postinstall/postorius" "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/share/postorius"
|
||||||
chmod +x "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/share/postorius/manage.py"
|
#chmod +x "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/share/postorius/manage.py"
|
||||||
ln -s /etc/mailman3.d/postorius.py "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/share/postorius/m_postorius/settings_local.py"
|
#ln -s /etc/mailman3.d/postorius.py "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/share/postorius/m_postorius/settings_local.py"
|
||||||
ln -s ../../django_mailman3/static/django-mailman3 "$IMAGE_NAME_RISOTTO_IMAGE_DIR/$PYTHON/postorius/static/"
|
#ln -s ../../django_mailman3/static/django-mailman3 "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/$PYTHON/postorius/static/"
|
||||||
ln -s ../../django/contrib/admin/static/admin "$IMAGE_NAME_RISOTTO_IMAGE_DIR/$PYTHON/postorius/static/"
|
#ln -s ../../django/contrib/admin/static/admin "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/$PYTHON/postorius/static/"
|
||||||
#translation
|
##translation
|
||||||
msgfmt $IMAGE_NAME_RISOTTO_IMAGE_DIR/$PYTHON/postorius/locale/fr/LC_MESSAGES/django.po -o $IMAGE_NAME_RISOTTO_IMAGE_DIR/$PYTHON/postorius/locale/fr/LC_MESSAGES/django.mo
|
#msgfmt $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/$PYTHON/postorius/locale/fr/LC_MESSAGES/django.po -o $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/$PYTHON/postorius/locale/fr/LC_MESSAGES/django.mo
|
||||||
sed -i 's/$event.mlist.fqdn_listname\./$event.mlist.fqdn_listname/g' $IMAGE_NAME_RISOTTO_IMAGE_DIR/$PYTHON/mailman/messages/fr/LC_MESSAGES/mailman.po
|
#sed -i 's/$event.mlist.fqdn_listname\./$event.mlist.fqdn_listname/g' $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/$PYTHON/mailman/messages/fr/LC_MESSAGES/mailman.po
|
||||||
msgfmt $IMAGE_NAME_RISOTTO_IMAGE_DIR/$PYTHON/mailman/messages/fr/LC_MESSAGES/mailman.po -o $IMAGE_NAME_RISOTTO_IMAGE_DIR/$PYTHON/mailman/messages/fr/LC_MESSAGES/mailman.mo
|
#msgfmt $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/$PYTHON/mailman/messages/fr/LC_MESSAGES/mailman.po -o $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/$PYTHON/mailman/messages/fr/LC_MESSAGES/mailman.mo
|
||||||
|
|
|
@ -1 +1,3 @@
|
||||||
PKG="$PKG mailman3 postorius python3-psycopg2 python-unversioned-command python3-django-cors-headers"
|
#PKG="$PKG mailman3 postorius python3-psycopg2 python-unversioned-command python3-django-cors-headers"
|
||||||
|
PKG="$PKG mailman3-full"
|
||||||
|
#python3-xapian-haystack
|
||||||
|
|
|
@ -1,37 +1,239 @@
|
||||||
# -*- coding: utf-8 -*-
|
# This file is imported by the Mailman Suite. It is used to override
|
||||||
|
# the default settings from /usr/share/mailman3-web/settings.py.
|
||||||
|
|
||||||
|
# SECURITY WARNING: keep the secret key used in production secret!
|
||||||
|
#>GNUNUX
|
||||||
SECRET_KEY = '%%postorius_secret_key'
|
SECRET_KEY = '%%postorius_secret_key'
|
||||||
#FIXME same database has mailman?
|
#<GNUNUX
|
||||||
|
|
||||||
|
|
||||||
|
#FIXME
|
||||||
|
#ADMINS = (
|
||||||
|
# ('Mailman Suite Admin', 'root@localhost'),
|
||||||
|
#)
|
||||||
|
|
||||||
|
# Hosts/domain names that are valid for this site; required if DEBUG is False
|
||||||
|
# See https://docs.djangoproject.com/en/1.8/ref/settings/#allowed-hosts
|
||||||
|
# Set to '*' per default in the Deian package to allow all hostnames. Mailman3
|
||||||
|
# is meant to run behind a webserver reverse proxy anyway.
|
||||||
|
ALLOWED_HOSTS = [
|
||||||
|
#"localhost", # Archiving API from Mailman, keep it.
|
||||||
|
# "lists.your-domain.org",
|
||||||
|
# Add here all production URLs you may have.
|
||||||
|
#>GNUNUX
|
||||||
|
#'*'
|
||||||
|
'%%{revprox_client_external_domainnames[0]}'
|
||||||
|
#<GNUNUX
|
||||||
|
]
|
||||||
|
|
||||||
|
#>GNUNUX
|
||||||
|
# Mailman API credentials
|
||||||
|
#MAILMAN_REST_API_URL = 'http://localhost:8001'
|
||||||
|
#MAILMAN_REST_API_USER = 'restadmin'
|
||||||
|
#MAILMAN_REST_API_PASS = 'T0zVrLFZBJrftkW9Sjs660sEr/P3zehYGYPuo93LSGZT1KHd'
|
||||||
|
#MAILMAN_ARCHIVER_KEY = 'BzzgFI+QbeFOsGFy0Q6wfD5cp9fQvk1o'
|
||||||
|
#MAILMAN_ARCHIVER_FROM = ('127.0.0.1', '::1')
|
||||||
|
#<GNUNUX
|
||||||
|
|
||||||
|
# Application definition
|
||||||
|
|
||||||
|
#FIXME
|
||||||
|
INSTALLED_APPS = (
|
||||||
|
'hyperkitty',
|
||||||
|
'postorius',
|
||||||
|
'django_mailman3',
|
||||||
|
# Uncomment the next line to enable the admin:
|
||||||
|
'django.contrib.admin',
|
||||||
|
# Uncomment the next line to enable admin documentation:
|
||||||
|
# 'django.contrib.admindocs',
|
||||||
|
'django.contrib.auth',
|
||||||
|
'django.contrib.contenttypes',
|
||||||
|
'django.contrib.sessions',
|
||||||
|
'django.contrib.sites',
|
||||||
|
'django.contrib.messages',
|
||||||
|
'django.contrib.staticfiles',
|
||||||
|
'rest_framework',
|
||||||
|
'django_gravatar',
|
||||||
|
'compressor',
|
||||||
|
'haystack',
|
||||||
|
'django_extensions',
|
||||||
|
'django_q',
|
||||||
|
'allauth',
|
||||||
|
'allauth.account',
|
||||||
|
'allauth.socialaccount',
|
||||||
|
'django_mailman3.lib.auth.fedora',
|
||||||
|
#'allauth.socialaccount.providers.openid',
|
||||||
|
#'allauth.socialaccount.providers.github',
|
||||||
|
#'allauth.socialaccount.providers.gitlab',
|
||||||
|
#'allauth.socialaccount.providers.google',
|
||||||
|
#'allauth.socialaccount.providers.facebook',
|
||||||
|
#'allauth.socialaccount.providers.twitter',
|
||||||
|
#'allauth.socialaccount.providers.stackexchange',
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
# Database
|
||||||
|
# https://docs.djangoproject.com/en/1.8/ref/settings/#databases
|
||||||
|
|
||||||
DATABASES = {
|
DATABASES = {
|
||||||
'default' : {
|
'default': {
|
||||||
|
# Use 'sqlite3', 'postgresql_psycopg2', 'mysql', 'sqlite3' or 'oracle'.
|
||||||
|
#>GNUNUX
|
||||||
|
#'ENGINE': 'django.db.backends.sqlite3',
|
||||||
|
#<GNUNUX
|
||||||
|
#'ENGINE': 'django.db.backends.postgresql_psycopg2',
|
||||||
|
#'ENGINE': 'django.db.backends.mysql',
|
||||||
|
# DB name or path to database file if using sqlite3.
|
||||||
|
#>GNUNUX
|
||||||
|
#'NAME': '/var/lib/mailman3/web/mailman3web.db',
|
||||||
|
#<GNUNUX
|
||||||
|
# The following settings are not used with sqlite3:
|
||||||
|
#>GNUNUX
|
||||||
|
#'USER': '',
|
||||||
|
#'PASSWORD': '',
|
||||||
|
#<GNUNUX
|
||||||
|
# HOST: empty for localhost through domain sockets or '127.0.0.1' for
|
||||||
|
# localhost through TCP.
|
||||||
|
#>GNUNUX
|
||||||
|
#'HOST': '',
|
||||||
'ENGINE': 'django.db.backends.postgresql_psycopg2',
|
'ENGINE': 'django.db.backends.postgresql_psycopg2',
|
||||||
'NAME': '%%pg_client_database', # Database name
|
#FIXME same database has mailman?
|
||||||
|
'NAME': '%%pg_client_database',
|
||||||
'USER': '%%pg_client_username', # PostgreSQL username
|
'USER': '%%pg_client_username', # PostgreSQL username
|
||||||
'PASSWORD': '%%pg_client_password', # PostgreSQL password
|
'PASSWORD': '%%pg_client_password', # PostgreSQL password
|
||||||
'HOST': '%%pg_client_server_domainname', # Database server
|
'HOST': '%%pg_client_server_domainname', # Database server
|
||||||
'PORT': '', # Database port (leave blank for default)
|
'CONN_MAX_AGE': 300,
|
||||||
'CONN_MAX_AGE': 300, # Max database connection age
|
#>GNUNUX
|
||||||
'OPTIONS': {'sslmode': 'verify-full', 'sslcert': '%%pg_client_crt_file', 'sslkey': '/etc/pki/tls/private/postgresql_postorius.key', 'sslrootcert': '%%pg_client_ca_file'},
|
# PORT: set to empty string for default.
|
||||||
|
'PORT': '',
|
||||||
|
# OPTIONS: Extra parameters to use when connecting to the database.
|
||||||
|
'OPTIONS': {
|
||||||
|
# Set sql_mode to 'STRICT_TRANS_TABLES' for MySQL. See
|
||||||
|
# https://docs.djangoproject.com/en/1.11/ref/
|
||||||
|
# databases/#setting-sql-mode
|
||||||
|
#'init_command': "SET sql_mode='STRICT_TRANS_TABLES'",
|
||||||
|
#>GNUNUX
|
||||||
|
'sslmode': 'verify-full',
|
||||||
|
'sslcert': '%%pg_client_crt_file',
|
||||||
|
'sslkey': '/etc/pki/tls/private/postgresql_postorius.key',
|
||||||
|
'sslrootcert': '%%pg_client_ca_file',
|
||||||
|
#<GNUNUX
|
||||||
|
},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
ALLOWED_HOSTS = ['%%{revprox_client_external_domainnames[0]}']
|
|
||||||
POSTORIUS_TEMPLATE_BASE_URL = 'https://%%{revprox_client_external_domainnames[0]}'
|
|
||||||
CSRF_TRUSTED_ORIGINS = ['%%{revprox_client_external_domainnames[0]}']
|
|
||||||
USE_X_FORWARDED_HOST = True
|
|
||||||
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
|
|
||||||
LANGUAGE_CODE = 'fr'
|
|
||||||
STATIC_URL = '/mailman/postorius_static/'
|
|
||||||
FORCE_SCRIPT_NAME = '/mailman'
|
|
||||||
|
|
||||||
|
|
||||||
|
# If you're behind a proxy, use the X-Forwarded-Host header
|
||||||
|
# See https://docs.djangoproject.com/en/1.8/ref/settings/#use-x-forwarded-host
|
||||||
|
USE_X_FORWARDED_HOST = True
|
||||||
|
|
||||||
|
# And if your proxy does your SSL encoding for you, set SECURE_PROXY_SSL_HEADER
|
||||||
|
# https://docs.djangoproject.com/en/1.8/ref/settings/#secure-proxy-ssl-header
|
||||||
|
# SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
|
||||||
|
# SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_SCHEME', 'https')
|
||||||
|
#>GNUNUX
|
||||||
|
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
|
||||||
|
#<GNUNUX
|
||||||
|
|
||||||
|
# Other security settings
|
||||||
|
# SECURE_SSL_REDIRECT = True
|
||||||
|
# If you set SECURE_SSL_REDIRECT to True, make sure the SECURE_REDIRECT_EXEMPT
|
||||||
|
# contains at least this line:
|
||||||
|
# SECURE_REDIRECT_EXEMPT = [
|
||||||
|
# "archives/api/mailman/.*", # Request from Mailman.
|
||||||
|
# ]
|
||||||
|
# SESSION_COOKIE_SECURE = True
|
||||||
|
# SECURE_CONTENT_TYPE_NOSNIFF = True
|
||||||
|
# SECURE_BROWSER_XSS_FILTER = True
|
||||||
|
# CSRF_COOKIE_SECURE = True
|
||||||
|
# CSRF_COOKIE_HTTPONLY = True
|
||||||
|
# X_FRAME_OPTIONS = 'DENY'
|
||||||
|
#>GNUNUX
|
||||||
|
CSRF_TRUSTED_ORIGINS = ['%%{revprox_client_external_domainnames[0]}']
|
||||||
|
#<GNUNUX
|
||||||
|
|
||||||
|
# Internationalization
|
||||||
|
# https://docs.djangoproject.com/en/1.8/topics/i18n/
|
||||||
|
|
||||||
|
#>GNUNUX
|
||||||
|
#LANGUAGE_CODE = 'en-us'
|
||||||
|
LANGUAGE_CODE = 'fr'
|
||||||
|
#<GNUNUX
|
||||||
|
|
||||||
|
TIME_ZONE = 'UTC'
|
||||||
|
|
||||||
|
USE_I18N = True
|
||||||
|
USE_L10N = True
|
||||||
|
USE_TZ = True
|
||||||
|
|
||||||
|
|
||||||
|
# Set default domain for email addresses.
|
||||||
|
#FIXME
|
||||||
|
EMAILNAME = 'localhost.local'
|
||||||
|
|
||||||
|
# If you enable internal authentication, this is the address that the emails
|
||||||
|
# will appear to be coming from. Make sure you set a valid domain name,
|
||||||
|
# otherwise the emails may get rejected.
|
||||||
|
# https://docs.djangoproject.com/en/1.8/ref/settings/#default-from-email
|
||||||
|
# DEFAULT_FROM_EMAIL = "mailing-lists@you-domain.org"
|
||||||
|
#>GNUNUX
|
||||||
|
#DEFAULT_FROM_EMAIL = 'postorius@{}'.format(EMAILNAME)
|
||||||
|
DEFAULT_FROM_EMAIL = '%%mailman_mail_owner'
|
||||||
|
#<GNUNUX
|
||||||
|
|
||||||
|
# If you enable email reporting for error messages, this is where those emails
|
||||||
|
# will appear to be coming from. Make sure you set a valid domain name,
|
||||||
|
# otherwise the emails may get rejected.
|
||||||
|
# https://docs.djangoproject.com/en/1.8/ref/settings/#std:setting-SERVER_EMAIL
|
||||||
|
# SERVER_EMAIL = 'root@your-domain.org'
|
||||||
|
#>GNUNUX
|
||||||
|
#SERVER_EMAIL = 'root@{}'.format(EMAILNAME)
|
||||||
|
SERVER_EMAIL = '%%mailman_mail_owner'
|
||||||
EMAIL_HOST = "%%smtp_relay_address"
|
EMAIL_HOST = "%%smtp_relay_address"
|
||||||
EMAIL_PORT = 25
|
EMAIL_PORT = 25
|
||||||
EMAIL_HOST_USER = "%%smtp_relay_user@%%ip_eth0"
|
EMAIL_HOST_USER = "%%smtp_relay_user@%%ip_eth0"
|
||||||
EMAIL_HOST_PASSWORD = "%%smtp_relay_password"
|
EMAIL_HOST_PASSWORD = "%%smtp_relay_password"
|
||||||
EMAIL_USE_TLS = True
|
EMAIL_USE_TLS = True
|
||||||
DEFAULT_FROM_EMAIL = '%%mailman_mail_owner'
|
#FIXME
|
||||||
EMAIL_SUBJECT_PREFIX = '[Django] '
|
EMAIL_SUBJECT_PREFIX = '[Django] '
|
||||||
SERVER_EMAIL = '%%mailman_mail_owner'
|
|
||||||
SOCIALACCOUNT_EMAIL_VERIFICATION = 'none'
|
|
||||||
|
STATIC_URL = '/mailman/postorius_static/'
|
||||||
|
FORCE_SCRIPT_NAME = '/mailman'
|
||||||
|
#<GNUNUX
|
||||||
|
|
||||||
|
# Django Allauth
|
||||||
|
ACCOUNT_DEFAULT_HTTP_PROTOCOL = "https"
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# Social auth
|
||||||
|
#
|
||||||
SOCIALACCOUNT_PROVIDERS = {
|
SOCIALACCOUNT_PROVIDERS = {
|
||||||
|
#'openid': {
|
||||||
|
# 'SERVERS': [
|
||||||
|
# dict(id='yahoo',
|
||||||
|
# name='Yahoo',
|
||||||
|
# openid_url='http://me.yahoo.com'),
|
||||||
|
# ],
|
||||||
|
#},
|
||||||
|
#'google': {
|
||||||
|
# 'SCOPE': ['profile', 'email'],
|
||||||
|
# 'AUTH_PARAMS': {'access_type': 'online'},
|
||||||
|
#},
|
||||||
|
#'facebook': {
|
||||||
|
# 'METHOD': 'oauth2',
|
||||||
|
# 'SCOPE': ['email'],
|
||||||
|
# 'FIELDS': [
|
||||||
|
# 'email',
|
||||||
|
# 'name',
|
||||||
|
# 'first_name',
|
||||||
|
# 'last_name',
|
||||||
|
# 'locale',
|
||||||
|
# 'timezone',
|
||||||
|
# ],
|
||||||
|
# 'VERSION': 'v2.4',
|
||||||
|
#},
|
||||||
'risotto': {
|
'risotto': {
|
||||||
'LEMONLDAP_NAME': 'Authentification centralisée',
|
'LEMONLDAP_NAME': 'Authentification centralisée',
|
||||||
'LEMONLDAP_URL': 'https://%%oauth2_server_domainname',
|
'LEMONLDAP_URL': 'https://%%oauth2_server_domainname',
|
||||||
|
@ -44,13 +246,18 @@ SOCIALACCOUNT_PROVIDERS = {
|
||||||
'VERIFIED_EMAIL': True,
|
'VERIFIED_EMAIL': True,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
#FIXME
|
#>GNUNUX
|
||||||
## This goes in /etc/cron.d/mailman
|
SOCIALACCOUNT_EMAIL_VERIFICATION = 'none'
|
||||||
#
|
#<GNUNUX
|
||||||
#@hourly mailman /opt/mailman/venv/bin/mailman-web runjobs hourly
|
|
||||||
#@daily mailman /opt/mailman/venv/bin/mailman-web runjobs daily
|
# On a production setup, setting COMPRESS_OFFLINE to True will bring a
|
||||||
#@weekly mailman /opt/mailman/venv/bin/mailman-web runjobs weekly
|
# significant performance improvement, as CSS files will not need to be
|
||||||
#@monthly mailman /opt/mailman/venv/bin/mailman-web runjobs monthly
|
# recompiled on each requests. It means running an additional "compress"
|
||||||
#@yearly mailman /opt/mailman/venv/bin/mailman-web runjobs yearly
|
# management command after each code upgrade.
|
||||||
#* * * * * mailman /opt/mailman/venv/bin/mailman-web runjobs minutely
|
# http://django-compressor.readthedocs.io/en/latest/usage/#offline-compression
|
||||||
#2,17,32,47 * * * * mailman /opt/mailman/venv/bin/mailman-web runjobs quarter_hourly
|
COMPRESS_OFFLINE = True
|
||||||
|
|
||||||
|
#>GNUNUX
|
||||||
|
#POSTORIUS_TEMPLATE_BASE_URL = 'http://localhost/mailman3/'
|
||||||
|
POSTORIUS_TEMPLATE_BASE_URL = 'https://%%{revprox_client_external_domainnames[0]}'
|
||||||
|
#<GNUNUX
|
||||||
|
|
|
@ -1,53 +1,331 @@
|
||||||
# This is the absolute bare minimum base configuration file. User supplied
|
# Copyright (C) 2008-2017 by the Free Software Foundation, Inc.
|
||||||
# configurations are pushed onto this.
|
#
|
||||||
|
# This file is part of GNU Mailman.
|
||||||
|
#
|
||||||
|
# GNU Mailman is free software: you can redistribute it and/or modify it under
|
||||||
|
# the terms of the GNU General Public License as published by the Free
|
||||||
|
# Software Foundation, either version 3 of the License, or (at your option)
|
||||||
|
# any later version.
|
||||||
|
#
|
||||||
|
# GNU Mailman is distributed in the hope that it will be useful, but WITHOUT
|
||||||
|
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||||
|
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
|
||||||
|
# more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License along with
|
||||||
|
# GNU Mailman. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
# This file contains the Debian configuration for mailman. It uses ini-style
|
||||||
|
# formats under the lazr.config regime to define all system configuration
|
||||||
|
# options. See <https://launchpad.net/lazr.config> for details.
|
||||||
|
|
||||||
|
|
||||||
[mailman]
|
[mailman]
|
||||||
# GNUNUX default_language: en
|
|
||||||
#>GNUNUX
|
|
||||||
default_language: fr
|
|
||||||
#<GNUNUX
|
|
||||||
# This address is the "site owner" address. Certain messages which must be
|
# This address is the "site owner" address. Certain messages which must be
|
||||||
# delivered to a human, but which can't be delivered to a list owner (e.g. a
|
# delivered to a human, but which can't be delivered to a list owner (e.g. a
|
||||||
# bounce from a list owner), will be sent to this address. It should point to
|
# bounce from a list owner), will be sent to this address. It should point to
|
||||||
# a human.
|
# a human.
|
||||||
# GNUNUX site_owner: root@localhost
|
#>GNUNUX
|
||||||
|
#site_owner: changeme@example.com
|
||||||
site_owner: %%mailman_mail_owner
|
site_owner: %%mailman_mail_owner
|
||||||
|
#<GNUNUX
|
||||||
|
|
||||||
|
# This is the local-part of an email address used in the From field whenever a
|
||||||
|
# message comes from some entity to which there is no natural reply recipient.
|
||||||
|
# Mailman will append '@' and the host name of the list involved. This
|
||||||
|
# address must not bounce and it must not point to a Mailman process.
|
||||||
|
noreply_address: noreply
|
||||||
|
|
||||||
|
# The default language for this server.
|
||||||
|
#>GNUNUX
|
||||||
|
#default_language: en
|
||||||
|
default_language: fr
|
||||||
|
#<GNUNUX
|
||||||
|
|
||||||
|
# Membership tests for posting purposes are usually performed by looking at a
|
||||||
|
# set of headers, passing the test if any of their values match a member of
|
||||||
|
# the list. Headers are checked in the order given in this variable. The
|
||||||
|
# value From_ means to use the envelope sender. Field names are case
|
||||||
|
# insensitive. This is a space separate list of headers.
|
||||||
|
sender_headers: from from_ reply-to sender
|
||||||
|
|
||||||
# The local URL part to the administration interface (Postorius).
|
# The local URL part to the administration interface (Postorius).
|
||||||
# The full URL will be constructed by prepending the domain URL set in the
|
# The full URL will be constructed by prepending the domain URL set in the
|
||||||
# list's domain properties.
|
# list's domain properties.
|
||||||
#listinfo_url = /postorius/
|
#listinfo_url = /postorius/
|
||||||
|
|
||||||
# Set the paths to be Fedora-compliant
|
# Mail command processor will ignore mail command lines after designated max.
|
||||||
layout: fhs
|
email_commands_max_lines: 10
|
||||||
|
|
||||||
|
# Default length of time a pending request is live before it is evicted from
|
||||||
|
# the pending database.
|
||||||
|
pending_request_life: 3d
|
||||||
|
|
||||||
|
# How long should files be saved before they are evicted from the cache?
|
||||||
|
cache_life: 7d
|
||||||
|
|
||||||
|
# A callable to run with no arguments early in the initialization process.
|
||||||
|
# This runs before database initialization.
|
||||||
|
pre_hook:
|
||||||
|
|
||||||
|
# A callable to run with no arguments late in the initialization process.
|
||||||
|
# This runs after adapters are initialized.
|
||||||
|
post_hook:
|
||||||
|
|
||||||
|
# Which paths.* file system layout to use.
|
||||||
|
# You should not change this variable.
|
||||||
|
layout: debian
|
||||||
|
|
||||||
|
# Can MIME filtered messages be preserved by list owners?
|
||||||
|
filtered_messages_are_preservable: no
|
||||||
|
|
||||||
|
# How should text/html parts be converted to text/plain when the mailing list
|
||||||
|
# is set to convert HTML to plaintext? This names a command to be called,
|
||||||
|
# where the substitution variable $filename is filled in by Mailman, and
|
||||||
|
# contains the path to the temporary file that the command should read from.
|
||||||
|
# The command should print the converted text to stdout.
|
||||||
|
html_to_plain_text_command: /usr/bin/lynx -dump $filename
|
||||||
|
|
||||||
|
# Specify what characters are allowed in list names. Characters outside of
|
||||||
|
# the class [-_.+=!$*{}~0-9a-z] matched case insensitively are never allowed,
|
||||||
|
# but this specifies a subset as the only allowable characters. This must be
|
||||||
|
# a valid character class regexp or the effect on list creation is
|
||||||
|
# unpredictable.
|
||||||
|
listname_chars: [-_.0-9a-z]
|
||||||
|
|
||||||
|
|
||||||
|
[shell]
|
||||||
|
# `mailman shell` (also `withlist`) gives you an interactive prompt that you
|
||||||
|
# can use to interact with an initialized and configured Mailman system. Use
|
||||||
|
# --help for more information. This section allows you to configure certain
|
||||||
|
# aspects of this interactive shell.
|
||||||
|
|
||||||
|
# Customize the interpreter prompt.
|
||||||
|
prompt: >>>
|
||||||
|
|
||||||
|
# Banner to show on startup.
|
||||||
|
banner: Welcome to the GNU Mailman shell
|
||||||
|
|
||||||
|
# Use IPython as the shell, which must be found on the system. Valid values
|
||||||
|
# are `no`, `yes`, and `debug` where the latter is equivalent to `yes` except
|
||||||
|
# that any import errors will be displayed to stderr.
|
||||||
|
use_ipython: no
|
||||||
|
|
||||||
|
# Set this to allow for command line history if readline is available. This
|
||||||
|
# can be as simple as $var_dir/history.py to put the file in the var directory.
|
||||||
|
history_file:
|
||||||
|
|
||||||
|
|
||||||
|
[paths.debian]
|
||||||
|
# Important directories for Mailman operation. These are defined here so that
|
||||||
|
# different layouts can be supported. For example, a developer layout would
|
||||||
|
# be different from a FHS layout. Most paths are based off the var_dir, and
|
||||||
|
# often just setting that will do the right thing for all the other paths.
|
||||||
|
# You might also have to set spool_dir though.
|
||||||
|
#
|
||||||
|
# Substitutions are allowed, but must be of the form $var where 'var' names a
|
||||||
|
# configuration variable in the paths.* section. Substitutions are expanded
|
||||||
|
# recursively until no more $-variables are present. Beware of infinite
|
||||||
|
# expansion loops!
|
||||||
|
#
|
||||||
|
# This is the root of the directory structure that Mailman will use to store
|
||||||
|
# its run-time data.
|
||||||
#>GNUNUX
|
#>GNUNUX
|
||||||
|
#var_dir: /var/lib/mailman3
|
||||||
|
var_dir: /srv/mailman/
|
||||||
|
#<GNUNUX
|
||||||
|
# This is where the Mailman queue files directories will be created.
|
||||||
|
queue_dir: $var_dir/queue
|
||||||
|
# This is the directory containing the Mailman 'runner' and 'master' commands
|
||||||
|
# if set to the string '$argv', it will be taken as the directory containing
|
||||||
|
# the 'mailman' command.
|
||||||
|
bin_dir: /usr/lib/mailman3/bin
|
||||||
|
# All list-specific data.
|
||||||
|
list_data_dir: $var_dir/lists
|
||||||
|
# Directory where log files go.
|
||||||
|
#>GNUNUX
|
||||||
|
#log_dir: /var/log/mailman3
|
||||||
|
log_dir: /srv/mailman/log
|
||||||
|
#<GNUNUX
|
||||||
|
# Directory for system-wide locks.
|
||||||
|
lock_dir: $var_dir/locks
|
||||||
|
# Directory for system-wide data.
|
||||||
|
data_dir: $var_dir/data
|
||||||
|
# Cache files.
|
||||||
|
cache_dir: $var_dir/cache
|
||||||
|
# Directory for configuration files and such.
|
||||||
|
etc_dir: /etc/mailman3
|
||||||
|
# Directory containing Mailman plugins.
|
||||||
|
ext_dir: $var_dir/ext
|
||||||
|
# Directory where the default IMessageStore puts its messages.
|
||||||
|
messages_dir: $var_dir/messages
|
||||||
|
# Directory for archive backends to store their messages in. Archivers should
|
||||||
|
# create a subdirectory in here to store their files.
|
||||||
|
archive_dir: $var_dir/archives
|
||||||
|
# Root directory for site-specific template override files.
|
||||||
|
template_dir: $var_dir/templates
|
||||||
|
# There are also a number of paths to specific file locations that can be
|
||||||
|
# defined. For these, the directory containing the file must already exist,
|
||||||
|
# or be one of the directories created by Mailman as per above.
|
||||||
|
#
|
||||||
|
# This is where PID file for the master runner is stored.
|
||||||
|
pid_file: /run/mailman3/master.pid
|
||||||
|
# Lock file.
|
||||||
|
lock_file: $lock_dir/master.lck
|
||||||
|
|
||||||
|
|
||||||
[database]
|
[database]
|
||||||
|
# The class implementing the IDatabase.
|
||||||
|
#GNUNUX class: mailman.database.sqlite.SQLiteDatabase
|
||||||
|
#class: mailman.database.mysql.MySQLDatabase
|
||||||
|
#class: mailman.database.postgresql.PostgreSQLDatabase
|
||||||
|
#>GNUNUX
|
||||||
class: mailman.database.postgresql.PostgreSQLDatabase
|
class: mailman.database.postgresql.PostgreSQLDatabase
|
||||||
|
#<GNUNUX
|
||||||
|
|
||||||
|
# Use this to set the Storm database engine URL. You generally have one
|
||||||
|
# primary database connection for all of Mailman. List data and most rosters
|
||||||
|
# will store their data in this database, although external rosters may access
|
||||||
|
# other databases in their own way. This string supports standard
|
||||||
|
# 'configuration' substitutions.
|
||||||
|
#GNUNUX url: sqlite:///$DATA_DIR/mailman.db
|
||||||
|
#url: mysql+pymysql://mailman3:mmpass@localhost/mailman3?charset=utf8&use_unicode=1
|
||||||
|
#url: postgres://mailman3:mmpass@localhost/mailman3
|
||||||
|
#>GNUNUX
|
||||||
url: postgresql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database?sslmode=verify-full&sslcert=%%pg_client_crt_file&sslkey=%%pg_client_key_file&sslrootcert=%%pg_client_ca_file
|
url: postgresql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database?sslmode=verify-full&sslcert=%%pg_client_crt_file&sslkey=%%pg_client_key_file&sslrootcert=%%pg_client_ca_file
|
||||||
|
#<GNUNUX
|
||||||
|
|
||||||
|
debug: no
|
||||||
|
|
||||||
|
|
||||||
|
[logging.debian]
|
||||||
|
# This defines various log settings. The options available are:
|
||||||
|
#
|
||||||
|
# - level -- Overrides the default level; this may be any of the
|
||||||
|
# standard Python logging levels, case insensitive.
|
||||||
|
# - format -- Overrides the default format string
|
||||||
|
# - datefmt -- Overrides the default date format string
|
||||||
|
# - path -- Overrides the default logger path. This may be a relative
|
||||||
|
# path name, in which case it is relative to Mailman's LOG_DIR,
|
||||||
|
# or it may be an absolute path name. You cannot change the
|
||||||
|
# handler class that will be used.
|
||||||
|
# - propagate -- Boolean specifying whether to propagate log message from this
|
||||||
|
# logger to the root "mailman" logger. You cannot override
|
||||||
|
# settings for the root logger.
|
||||||
|
#
|
||||||
|
# In this section, you can define defaults for all loggers, which will be
|
||||||
|
# prefixed by 'mailman.'. Use subsections to override settings for specific
|
||||||
|
# loggers. The names of the available loggers are:
|
||||||
|
#
|
||||||
|
# - archiver -- All archiver output
|
||||||
|
# - bounce -- All bounce processing logs go here
|
||||||
|
# - config -- Configuration issues
|
||||||
|
# - database -- Database logging (SQLAlchemy and Alembic)
|
||||||
|
# - debug -- Only used for development
|
||||||
|
# - error -- All exceptions go to this log
|
||||||
|
# - fromusenet -- Information related to the Usenet to Mailman gateway
|
||||||
|
# - http -- Internal wsgi-based web interface
|
||||||
|
# - locks -- Lock state changes
|
||||||
|
# - mischief -- Various types of hostile activity
|
||||||
|
# - runner -- Runner process start/stops
|
||||||
|
# - smtp -- Successful SMTP activity
|
||||||
|
# - smtp-failure -- Unsuccessful SMTP activity
|
||||||
|
# - subscribe -- Information about leaves/joins
|
||||||
|
# - vette -- Message vetting information
|
||||||
|
#>GNUNUX
|
||||||
|
#FIXME format: %(asctime)s (%(process)d) %(message)s
|
||||||
|
#FIXME datefmt: %b %d %H:%M:%S %Y
|
||||||
|
#FIXME propagate: no
|
||||||
|
#FIXME level: info
|
||||||
|
#FIXME path: mailman.log
|
||||||
|
#<GNUNUX
|
||||||
|
|
||||||
|
[webservice]
|
||||||
|
# The hostname at which admin web service resources are exposed.
|
||||||
|
#>GNUNUX
|
||||||
|
#hostname: localhost
|
||||||
|
hostname: %%mailman_domains
|
||||||
|
#<GNUNUX
|
||||||
|
|
||||||
|
# The port at which the admin web service resources are exposed.
|
||||||
|
#>GNUNUX
|
||||||
|
#port: 8001
|
||||||
|
port: 443
|
||||||
|
#<GNUNUX
|
||||||
|
|
||||||
|
# Whether or not requests to the web service are secured through SSL.
|
||||||
|
#>GNUNUX
|
||||||
|
#use_https: no
|
||||||
|
use_https: yes
|
||||||
|
#<GNUNUX
|
||||||
|
|
||||||
|
# Whether or not to show tracebacks in an HTTP response for a request that
|
||||||
|
# raised an exception.
|
||||||
|
show_tracebacks: yes
|
||||||
|
|
||||||
|
# The API version number for the current (highest) API.
|
||||||
|
api_version: 3.1
|
||||||
|
|
||||||
|
# The administrative username.
|
||||||
|
admin_user: restadmin
|
||||||
|
|
||||||
|
# The administrative password.
|
||||||
|
admin_pass: T0zVrLFZBJrftkW9Sjs660sEr/P3zehYGYPuo93LSGZT1KHd
|
||||||
|
|
||||||
[mta]
|
[mta]
|
||||||
lmtp_host: %%ip_eth0
|
# The class defining the interface to the incoming mail transport agent.
|
||||||
configuration: /etc/mailman3.d/postfix.cfg
|
#incoming: mailman.mta.exim4.LMTP
|
||||||
|
incoming: mailman.mta.postfix.LMTP
|
||||||
|
|
||||||
|
# The callable implementing delivery to the outgoing mail transport agent.
|
||||||
|
# This must accept three arguments, the mailing list, the message, and the
|
||||||
|
# message metadata dictionary.
|
||||||
|
outgoing: mailman.mta.deliver.deliver
|
||||||
|
|
||||||
|
# How to connect to the outgoing MTA. If smtp_user and smtp_pass is given,
|
||||||
|
# then Mailman will attempt to log into the MTA when making a new connection.
|
||||||
|
#>GNUNUX
|
||||||
|
#smtp_host: localhost
|
||||||
smtp_host: %%smtp_relay_address
|
smtp_host: %%smtp_relay_address
|
||||||
smtp_user: %%smtp_relay_user@%%ip_eth0
|
|
||||||
smtp_pass: %%smtp_relay_password
|
|
||||||
smtp_port: 25
|
smtp_port: 25
|
||||||
|
#smtp_user:
|
||||||
|
smtp_user: %%smtp_relay_user@%%ip_eth0
|
||||||
|
#smtp_pass:
|
||||||
|
smtp_pass: %%smtp_relay_password
|
||||||
smtp_secure_mode: starttls
|
smtp_secure_mode: starttls
|
||||||
smtp_verify_cert: yes
|
smtp_verify_cert: yes
|
||||||
smtp_verify_hostname: yes
|
smtp_verify_hostname: yes
|
||||||
#<GNUNUX
|
#<GNUNUX
|
||||||
|
|
||||||
[paths.fhs]
|
# Where the LMTP server listens for connections. Use 127.0.0.1 instead of
|
||||||
bin_dir: /usr/libexec/mailman3
|
# localhost for Postfix integration, because Postfix only consults DNS
|
||||||
# GNUNUX var_dir: /var/lib/mailman3
|
# (e.g. not /etc/hosts).
|
||||||
# GNUNUX queue_dir: /var/spool/mailman3
|
|
||||||
# GNUNUX log_dir: /var/log/mailman3
|
|
||||||
#>GNUNUX
|
#>GNUNUX
|
||||||
var_dir: /srv/mailman/lib
|
#lmtp_host: 127.0.0.1
|
||||||
queue_dir: /srv/mailman/spool
|
lmtp_host: %%ip_eth0
|
||||||
log_dir: /var/log/mailman
|
|
||||||
#<GNUNUX
|
#<GNUNUX
|
||||||
lock_dir: /run/lock/mailman3
|
lmtp_port: 8024
|
||||||
ext_dir: /etc/mailman3.d
|
|
||||||
pid_file: /run/mailman3/master.pid
|
# Where can we find the mail server specific configuration file? The path can
|
||||||
|
# be either a file system path or a Python import path. If the value starts
|
||||||
|
# with python: then it is a Python import path, otherwise it is a file system
|
||||||
|
# path. File system paths must be absolute since no guarantees are made about
|
||||||
|
# the current working directory. Python paths should not include the trailing
|
||||||
|
# .cfg, which the file must end with.
|
||||||
|
#configuration: python:mailman.config.exim4
|
||||||
|
configuration: python:mailman.config.postfix
|
||||||
|
|
||||||
|
# see /usr/lib/python3.10/site-packages/mailman/config/postfix.cfg
|
||||||
|
[postfix]
|
||||||
|
# Additional configuration variables for the postfix MTA.
|
||||||
|
|
||||||
|
# This variable describe the program to use for regenerating the transport map
|
||||||
|
# db file, from the associated plain text files. The file being updated will
|
||||||
|
# be appended to this string (with a separating space), so it must be
|
||||||
|
# appropriate for os.system().
|
||||||
|
postmap_command: /usr/sbin/postmap
|
||||||
|
|
||||||
|
# This variable describes the type of transport maps that will be generated by
|
||||||
|
# mailman to be used with postfix for LMTP transport. By default, it is set to
|
||||||
|
# hash, but mailman also supports `regex` tables.
|
||||||
|
transport_file_type: regex
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
d /srv/mailman 750 mailman mailman - -
|
d /srv/mailman 750 list list - -
|
||||||
d /var/log/mailman 755 mailman mailman - -
|
d /var/log/mailman 755 list list - -
|
||||||
f /var/log/mailman/postorius.log 644 postorius postorius - -
|
#f /var/log/mailman/postorius.log 644 postorius postorius - -
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
<?xml version='1.0' encoding='UTF-8'?>
|
<?xml version='1.0' encoding='UTF-8'?>
|
||||||
<rougail version="0.10">
|
<rougail version="0.10">
|
||||||
<services>
|
<services>
|
||||||
<service name="mariadbclient" target="risotto" engine="creole"/>
|
<service name="mariadbclient" target="risotto" engine="cheetah"/>
|
||||||
</services>
|
</services>
|
||||||
<variables>
|
<variables>
|
||||||
<family name="mariadb" description="MariaDB">
|
<family name="mariadb" description="MariaDB">
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
<file>/etc/my.cnf.d/risotto.cnf</file>
|
<file>/etc/my.cnf.d/risotto.cnf</file>
|
||||||
<file engine="none" source="tmpfile-mariadb.conf">/tmpfiles.d/0mariadb.conf</file>
|
<file engine="none" source="tmpfile-mariadb.conf">/tmpfiles.d/0mariadb.conf</file>
|
||||||
<file mode="600" owner="mysql" group="mysql">/etc/mariadb.sql</file>
|
<file mode="600" owner="mysql" group="mysql">/etc/mariadb.sql</file>
|
||||||
<file>/tests/mariadb.yml</file>
|
<file>/tests/mariadb.yml</file>
|
||||||
</service>
|
</service>
|
||||||
</services>
|
</services>
|
||||||
<variables>
|
<variables>
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
<services>
|
<services>
|
||||||
<service name="nextcloudcron" engine="none"/>
|
<service name="nextcloudcron" engine="none"/>
|
||||||
<service name="nextcloudcron" type="timer" engine="none" target="timers"/>
|
<service name="nextcloudcron" type="timer" engine="none" target="timers"/>
|
||||||
<service name="nextcloud" engine="creole" target="multi-user">
|
<service name="nextcloud" engine="cheetah" target="multi-user">
|
||||||
<file owner="apache" group="apache" mode="440" source="nextcloud-config.php">/etc/nextcloud/config.php</file>
|
<file owner="apache" group="apache" mode="440" source="nextcloud-config.php">/etc/nextcloud/config.php</file>
|
||||||
<file owner="root" group="root" mode="755">/sbin/nextcloud.init</file>
|
<file owner="root" group="root" mode="755">/sbin/nextcloud.init</file>
|
||||||
<file>/etc/httpd/conf.d/a-nextcloud-access.conf</file>
|
<file>/etc/httpd/conf.d/a-nextcloud-access.conf</file>
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
ln -s "$IMAGE_NAME_RISOTTO_IMAGE_DIR/srv/nextcloud/data" "/var/lib/risotto/images/nextcloud//usr/share/nextcloud/data"
|
CALENDAR="3.5.2"
|
||||||
mkdir -p "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/local/share/nextcloud/apps"
|
ln -s "/srv/nextcloud/data" "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/share/nextcloud/data"
|
||||||
cd "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/local/share/nextcloud/apps"
|
mkdir -p "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/local/share/nextcloud/apps"
|
||||||
|
cd "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/local/share/nextcloud/apps"
|
||||||
#user_saml=$(wget https://api.github.com/repos/nextcloud/user_saml/releases/latest -q -O - | jq -r '.assets[0].browser_download_url')
|
#user_saml=$(wget https://api.github.com/repos/nextcloud/user_saml/releases/latest -q -O - | jq -r '.assets[0].browser_download_url')
|
||||||
app=$(wget https://api.github.com/repos/pulsejet/nextcloud-oidc-login/releases/latest -q -O - | jq -r '.assets[0].browser_download_url')
|
app=$(wget https://api.github.com/repos/pulsejet/nextcloud-oidc-login/releases/latest -q -O - | jq -r '.assets[0].browser_download_url')
|
||||||
wget -q $app
|
wget -q $app
|
||||||
|
@ -8,20 +9,21 @@ tar xf *tar.gz
|
||||||
rm -f *tar.gz
|
rm -f *tar.gz
|
||||||
chown -R root: oidc_login
|
chown -R root: oidc_login
|
||||||
#
|
#
|
||||||
app=$(wget https://api.github.com/repos/nextcloud-releases/calendar/releases/latest -q -O - | jq -r '.assets[0].browser_download_url')
|
#app=$(wget https://api.github.com/repos/nextcloud-releases/calendar/releases/latest -q -O - | jq -r '.assets[0].browser_download_url')
|
||||||
|
app="https://github.com/nextcloud-releases/calendar/releases/download/v${CALENDAR}/calendar-v${CALENDAR}.tar.gz"
|
||||||
wget -q $app -O app.tar.gz
|
wget -q $app -O app.tar.gz
|
||||||
tar xf app.tar.gz
|
tar xf app.tar.gz
|
||||||
rm -f app.tar.gz
|
rm -f app.tar.gz
|
||||||
chown -R root: calendar
|
chown -R root: calendar
|
||||||
#
|
#
|
||||||
app=$(wget https://api.github.com/repos/nextcloud-releases/contacts/releases/latest -q -O - | jq -r '.assets[0].browser_download_url')
|
#app=$(wget https://api.github.com/repos/nextcloud-releases/contacts/releases/latest -q -O - | jq -r '.assets[0].browser_download_url')
|
||||||
app=https://github.com/nextcloud-releases/contacts/releases/download/v4.2.2/contacts-v4.2.2.tar.gz
|
app=https://github.com/nextcloud-releases/contacts/releases/download/v4.2.2/contacts-v4.2.2.tar.gz
|
||||||
wget -q $app -O app.tar.gz
|
wget -q $app -O app.tar.gz
|
||||||
tar xf app.tar.gz
|
tar xf app.tar.gz
|
||||||
rm -f app.tar.gz
|
rm -f app.tar.gz
|
||||||
chown -R root: contacts
|
chown -R root: contacts
|
||||||
#
|
#
|
||||||
app=$(wget https://api.github.com/repos/nextcloud/notes/releases/latest -q -O - | jq -r '.assets[0].browser_download_url')
|
#app=$(wget https://api.github.com/repos/nextcloud/notes/releases/latest -q -O - | jq -r '.assets[0].browser_download_url')
|
||||||
app=https://github.com/nextcloud/notes/releases/download/v4.5.1/notes.tar.gz
|
app=https://github.com/nextcloud/notes/releases/download/v4.5.1/notes.tar.gz
|
||||||
wget -q $app -O app.tar.gz
|
wget -q $app -O app.tar.gz
|
||||||
tar xf app.tar.gz
|
tar xf app.tar.gz
|
||||||
|
|
|
@ -24,7 +24,7 @@
|
||||||
<value>False</value>
|
<value>False</value>
|
||||||
</variable>
|
</variable>
|
||||||
<variable name="nginx_default" type="domainname" description="Nom de domaine du serveur mandataire inverse par défaut" help="Si un client accède au serveur avec un nom de domaine non déclaré, le flux est redirigé vers ce domaine" mandatory='False'/>
|
<variable name="nginx_default" type="domainname" description="Nom de domaine du serveur mandataire inverse par défaut" help="Si un client accède au serveur avec un nom de domaine non déclaré, le flux est redirigé vers ce domaine" mandatory='False'/>
|
||||||
<variable name="nginx_root" type="filename" mandatory='False'>
|
<variable name="nginx_root" type="filename" mandatory='False' hidden="True">
|
||||||
<value>/usr/share/nginx/html</value>
|
<value>/usr/share/nginx/html</value>
|
||||||
</variable>
|
</variable>
|
||||||
<variable name="nginx_hash_bucket_size" description="Longueur maximum pour un nom de domaine" mode="expert" type="choice">
|
<variable name="nginx_hash_bucket_size" description="Longueur maximum pour un nom de domaine" mode="expert" type="choice">
|
||||||
|
|
|
@ -1,2 +1,3 @@
|
||||||
|
%set %%chain = %%get_chain(%%domain_name_eth0, %%revprox_client_server_domainname, 'InternalReverseProxy', hide=%%hide_secret)
|
||||||
%%get_certificate(%%domain_name_eth0, authority_cn=%%revprox_client_server_domainname, authority_name='InternalReverseProxy', type="server", hide=%%hide_secret)
|
%%get_certificate(%%domain_name_eth0, authority_cn=%%revprox_client_server_domainname, authority_name='InternalReverseProxy', type="server", hide=%%hide_secret)
|
||||||
%%get_chain(%%revprox_client_server_domainname, 'InternalReverseProxy', hide=%%hide_secret)
|
%%chain
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
<rougail version="0.10">
|
<rougail version="0.10">
|
||||||
<services>
|
<services>
|
||||||
<service name='nginx'>
|
<service name='nginx'>
|
||||||
<override engine="creole"/>
|
<override engine="cheetah"/>
|
||||||
<file source="nginx-options-rp.conf">/etc/nginx/conf.d/options-rp.conf</file>
|
<file source="nginx-options-rp.conf">/etc/nginx/conf.d/options-rp.conf</file>
|
||||||
<file source="revprox-nginx.conf">/etc/nginx/sites-enabled/risotto.conf</file>
|
<file source="revprox-nginx.conf">/etc/nginx/sites-enabled/risotto.conf</file>
|
||||||
<file source="certificate.crt" file_type="variable" mode="600" variable="nginx.revprox_domainnames">nginx.nginx_certificate_filename</file>
|
<file source="certificate.crt" file_type="variable" mode="600" variable="nginx.revprox_domainnames">nginx.nginx_certificate_filename</file>
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
<variable name="revprox_domainnames_" type="domainname" description="Nom des domaines auto-configurés dans le serveur mandataire inverse" multi="True" provider="ReverseProxy:external" hidden="True"/>
|
<variable name="revprox_domainnames_" type="domainname" description="Nom des domaines auto-configurés dans le serveur mandataire inverse" multi="True" provider="ReverseProxy:external" hidden="True"/>
|
||||||
<variable name="revprox_location_" type="filename" description="Répertoire ou nom de la page à rediriger pour " help="URL relative (sans le nom de domaine) redirigée pour l'adresse définie dans la variable ci-dessus (exemple "/mail")" mandatory="True" multi="True" provider="ReverseProxy:location"/>
|
<variable name="revprox_location_" type="filename" description="Répertoire ou nom de la page à rediriger pour " help="URL relative (sans le nom de domaine) redirigée pour l'adresse définie dans la variable ci-dessus (exemple "/mail")" mandatory="True" multi="True" provider="ReverseProxy:location"/>
|
||||||
<variable name="revprox_url_" type="web_address" description="Domaine de destination ou URI complète pour " mandatory="True" help="Nom de domaine ou IP de destination, par exemple "http://domainelocal" ou URI, par exemple "http://domainelocal/dir/"" provider="ReverseProxy:url"/>
|
<variable name="revprox_url_" type="web_address" description="Domaine de destination ou URI complète pour " mandatory="True" help="Nom de domaine ou IP de destination, par exemple "http://domainelocal" ou URI, par exemple "http://domainelocal/dir/"" provider="ReverseProxy:url"/>
|
||||||
<variable name="revprox_is_websocket_" type="boolean" description="Le point d'entré est de types websocket pour " mandatory="True" multi="True" provider="ReverseProxy:websocket"/>
|
<variable name="revprox_is_websocket_" type="boolean" description="Le point d'entrée est de types websocket pour " mandatory="True" multi="True" provider="ReverseProxy:websocket"/>
|
||||||
<variable name="revprox_max_body_size_" description="Taille maximum du corps pour " provider="ReverseProxy:max_body_size"/>
|
<variable name="revprox_max_body_size_" description="Taille maximum du corps pour " provider="ReverseProxy:max_body_size"/>
|
||||||
</family>
|
</family>
|
||||||
</family>
|
</family>
|
||||||
|
@ -36,5 +36,9 @@
|
||||||
<param name="multi" type="boolean">True</param>
|
<param name="multi" type="boolean">True</param>
|
||||||
<target>nginx.nginx_private_key_filename</target>
|
<target>nginx.nginx_private_key_filename</target>
|
||||||
</fill>
|
</fill>
|
||||||
|
<fill name="get_first_value">
|
||||||
|
<param type="variable">nginx.remotes</param>
|
||||||
|
<target>nginx_default</target>
|
||||||
|
</fill>
|
||||||
</constraints>
|
</constraints>
|
||||||
</rougail>
|
</rougail>
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
%for %%idx in %%range(%%len(%%zones_list))
|
%for %%idx in %%range(%%len(%%zones_list))
|
||||||
%%get_chain(authority_cn=%%getVar('domain_name_eth' + %%str(%%idx)), authority_name="HTTP", hide=%%hide_secret)
|
%%get_chain(cn=%%getVar('domain_name_eth' + %%str(%%idx)), authority_cn=%%getVar('domain_name_eth' + %%str(%%idx)), authority_name="HTTP", hide=%%hide_secret)
|
||||||
%end for
|
%end for
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
%for %%idx in %%range(%%len(%%zones_list))
|
%for %%idx in %%range(%%len(%%zones_list))
|
||||||
%%get_chain(authority_cn=%%getVar('domain_name_eth' + %%str(%%idx)), authority_name="InternalReverseProxy", hide=%%hide_secret)
|
%%get_chain(cn=%%getVar('domain_name_eth' + %%str(%%idx)), authority_cn=%%getVar('domain_name_eth' + %%str(%%idx)), authority_name="InternalReverseProxy", hide=%%hide_secret)
|
||||||
%end for
|
%end for
|
||||||
|
|
|
@ -1 +1,2 @@
|
||||||
|
%set %%chain=%%get_chain(cn=%%rougail_variable, authority_cn=%%domain_name_eth0, authority_name="External", hide=%%hide_secret)
|
||||||
%%get_certificate(cn=%%rougail_variable, authority_cn=%%domain_name_eth0, authority_name='External', hide=%%hide_secret)
|
%%get_certificate(cn=%%rougail_variable, authority_cn=%%domain_name_eth0, authority_name='External', hide=%%hide_secret)
|
||||||
|
|
|
@ -1,2 +1,3 @@
|
||||||
|
%set %%chain = %%get_chain(cn=%%nginx_default, authority_cn=%%domain_name_eth0, authority_name='HTTP', hide=%%hide_secret)
|
||||||
%%get_certificate(%%nginx_default, authority_cn=%%domain_name_eth0, authority_name='HTTP', type="server", hide=%%hide_secret)
|
%%get_certificate(%%nginx_default, authority_cn=%%domain_name_eth0, authority_name='HTTP', type="server", hide=%%hide_secret)
|
||||||
%%get_chain(%%nginx_default, 'HTTP', hide=%%hide_secret)
|
%%chain
|
||||||
|
|
|
@ -45,6 +45,8 @@ server {
|
||||||
proxy_ssl_verify on;
|
proxy_ssl_verify on;
|
||||||
proxy_ssl_verify_depth 2;
|
proxy_ssl_verify_depth 2;
|
||||||
proxy_ssl_session_reuse on;
|
proxy_ssl_session_reuse on;
|
||||||
|
# SNI support
|
||||||
|
proxy_ssl_server_name on;
|
||||||
%set %%maxbody = %%rp_domainname['revprox_max_body_size_' + %%family]
|
%set %%maxbody = %%rp_domainname['revprox_max_body_size_' + %%family]
|
||||||
%if %%maxbody
|
%if %%maxbody
|
||||||
client_max_body_size %%maxbody;
|
client_max_body_size %%maxbody;
|
||||||
|
|
|
@ -45,6 +45,7 @@
|
||||||
<target>ip_dns</target>
|
<target>ip_dns</target>
|
||||||
</fill>
|
</fill>
|
||||||
<fill name="get_ip">
|
<fill name="get_ip">
|
||||||
|
<param type="information">zones</param>
|
||||||
<param type="variable">nsd_allowed_client</param>
|
<param type="variable">nsd_allowed_client</param>
|
||||||
<target>nsd_allowed_client_ip</target>
|
<target>nsd_allowed_client_ip</target>
|
||||||
</fill>
|
</fill>
|
||||||
|
@ -60,10 +61,13 @@
|
||||||
<target>nsd_allowed_all_client</target>
|
<target>nsd_allowed_all_client</target>
|
||||||
</fill>
|
</fill>
|
||||||
<fill name="get_ip">
|
<fill name="get_ip">
|
||||||
|
<param type="information">zones</param>
|
||||||
<param type="variable">nsd_resolver</param>
|
<param type="variable">nsd_resolver</param>
|
||||||
<target>nsd_resolve_ip</target>
|
<target>nsd_resolve_ip</target>
|
||||||
</fill>
|
</fill>
|
||||||
<fill name="get_internal_zones">
|
<fill name="get_internal_zones">
|
||||||
|
<param type="variable">zones_list</param>
|
||||||
|
<param type="information">zones</param>
|
||||||
<target>nsd_zones</target>
|
<target>nsd_zones</target>
|
||||||
</fill>
|
</fill>
|
||||||
<fill name="get_reverse_name">
|
<fill name="get_reverse_name">
|
||||||
|
@ -101,7 +105,9 @@
|
||||||
<target>nsd_reverse_filenames_signed</target>
|
<target>nsd_reverse_filenames_signed</target>
|
||||||
</fill>
|
</fill>
|
||||||
<fill name="get_zones_info">
|
<fill name="get_zones_info">
|
||||||
|
<param type="information">zones</param>
|
||||||
<param>network</param>
|
<param>network</param>
|
||||||
|
<param type="variable" name="zone_names">zones_list</param>
|
||||||
<target>nsd_reverse_network</target>
|
<target>nsd_reverse_network</target>
|
||||||
</fill>
|
</fill>
|
||||||
</constraints>
|
</constraints>
|
||||||
|
|
|
@ -16,11 +16,13 @@
|
||||||
</variables>
|
</variables>
|
||||||
<constraints>
|
<constraints>
|
||||||
<fill name="get_internal_info_in_zone">
|
<fill name="get_internal_info_in_zone">
|
||||||
|
<param type="information">zones</param>
|
||||||
<param type="suffix"/>
|
<param type="suffix"/>
|
||||||
<param>host</param>
|
<param>host</param>
|
||||||
<target>nsd.nsd_zone_.hostname_.hostname_</target>
|
<target>nsd.nsd_zone_.hostname_.hostname_</target>
|
||||||
</fill>
|
</fill>
|
||||||
<fill name="get_internal_info_in_zone">
|
<fill name="get_internal_info_in_zone">
|
||||||
|
<param type="information">zones</param>
|
||||||
<param type="suffix"/>
|
<param type="suffix"/>
|
||||||
<param>ip</param>
|
<param>ip</param>
|
||||||
<param type="index"/>
|
<param type="index"/>
|
||||||
|
|
|
@ -8,8 +8,6 @@ from shutil import rmtree as _rmtree, copy2 as _copy2
|
||||||
from glob import glob as _glob
|
from glob import glob as _glob
|
||||||
from filecmp import cmp as _cmp
|
from filecmp import cmp as _cmp
|
||||||
|
|
||||||
from risotto.utils import DOMAINS as _DOMAINS
|
|
||||||
|
|
||||||
|
|
||||||
_PKI_DIR = _abspath('pki/dnssec')
|
_PKI_DIR = _abspath('pki/dnssec')
|
||||||
_ALGO = 'ECDSAP256SHA256'
|
_ALGO = 'ECDSAP256SHA256'
|
||||||
|
@ -106,8 +104,8 @@ def sign(zone_filename: str,
|
||||||
copy_file = _join(_PKI_DIR, cn, authority_cn, _basename(zone_filename))
|
copy_file = _join(_PKI_DIR, cn, authority_cn, _basename(zone_filename))
|
||||||
signed_filename = f'{copy_file}.signed'
|
signed_filename = f'{copy_file}.signed'
|
||||||
if not _isfile(copy_file) or not _cmp(zone_filename, copy_file):
|
if not _isfile(copy_file) or not _cmp(zone_filename, copy_file):
|
||||||
_copy2(zone_filename, copy_file)
|
|
||||||
zsk, ksk = _gen_keys(cn, authority_cn)
|
zsk, ksk = _gen_keys(cn, authority_cn)
|
||||||
|
_copy2(zone_filename, copy_file)
|
||||||
cmd = ['ldns-signzone', '-n', zone_filename, zsk, ksk]
|
cmd = ['ldns-signzone', '-n', zone_filename, zsk, ksk]
|
||||||
proc = _run(cmd, capture_output=True)
|
proc = _run(cmd, capture_output=True)
|
||||||
if proc.returncode != 0:
|
if proc.returncode != 0:
|
||||||
|
@ -123,12 +121,20 @@ def sign(zone_filename: str,
|
||||||
return content
|
return content
|
||||||
|
|
||||||
|
|
||||||
def get_internal_info_in_zone(zone: str,
|
def get_internal_info_in_zone(zones: list,
|
||||||
|
domain_name: str,
|
||||||
type: str,
|
type: str,
|
||||||
index: int=None,
|
index: int=None,
|
||||||
) -> _List[str]:
|
) -> _List[str]:
|
||||||
if zone not in _DOMAINS:
|
for zone in zones.values():
|
||||||
|
if domain_name == zone['domain_name']:
|
||||||
|
break
|
||||||
|
else:
|
||||||
return []
|
return []
|
||||||
if type == 'host':
|
if type == 'host':
|
||||||
return list(_DOMAINS[zone][0])
|
return list(zone['hosts'])
|
||||||
return _DOMAINS[zone][1][index]
|
return list(zone['hosts'].values())[index]
|
||||||
|
|
||||||
|
|
||||||
|
def get_internal_zones(zones_name, zones) -> _List[str]:
|
||||||
|
return [zone['domain_name'] for zone_name, zone in zones.items() if zone_name in zones_name]
|
||||||
|
|
|
@ -3,10 +3,10 @@ records:
|
||||||
%for %%domain in %%nsd_zones
|
%for %%domain in %%nsd_zones
|
||||||
%set %%suffix = %%normalize_family(%%domain)
|
%set %%suffix = %%normalize_family(%%domain)
|
||||||
%set %%hostnames = %%nsd["nsd_zone_" + %%suffix]["hostname_" + %%suffix]["hostname_" + %%suffix]
|
%set %%hostnames = %%nsd["nsd_zone_" + %%suffix]["hostname_" + %%suffix]["hostname_" + %%suffix]
|
||||||
%for %%nsd in %%hostnames
|
%for %%hostname in %%hostnames
|
||||||
%set %%type = %%nsd['type_' + %%suffix]
|
%set %%type = %%hostname['type_' + %%suffix]
|
||||||
%if %%type == 'A'
|
%if %%type == 'A'
|
||||||
%%{nsd}.%%domain: '%%nsd['ip_' + %%suffix]'
|
%%{hostname}.%%domain: '%%hostname['ip_' + %%suffix]'
|
||||||
%end if
|
%end if
|
||||||
%end for
|
%end for
|
||||||
%end for
|
%end for
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
<?xml version='1.0' encoding='UTF-8'?>
|
<?xml version='1.0' encoding='UTF-8'?>
|
||||||
<rougail version="0.10">
|
<rougail version="0.10">
|
||||||
<services>
|
<services>
|
||||||
<service name="oauth2-client" target="risotto" engine="creole"/>
|
<service name="oauth2-client" target="risotto" engine="cheetah"/>
|
||||||
</services>
|
</services>
|
||||||
<variables>
|
<variables>
|
||||||
<family name="oauth2_client" description="OAuth2 client">
|
<family name="oauth2_client" description="OAuth2 client">
|
||||||
|
|
|
@ -4,4 +4,4 @@ Before=risotto.target
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
ExecStart=/usr/bin/timeout 90 bash -c 'while ! [ "$(/usr/bin/curl --write-out '%{http_code}' --silent --output /dev/null https://%%oauth2_client_server_domainname/.well-known/openid-configuration)" = 200 ]; do sleep 1; done;'
|
ExecStart=/usr/bin/timeout 90 bash -c 'while ! [ "$(/usr/bin/curl --write-out '%{http_code}' --silent --output /dev/null https://%%oauth2_client_server_domainname/.well-known/openid-configuration)" = 200 ]; do /usr/bin/curl https://%%oauth2_client_server_domainname/.well-known/openid-configuration; sleep 1; done;'
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
<service name="odoo" target="multi-user">
|
<service name="odoo" target="multi-user">
|
||||||
<override/>
|
<override/>
|
||||||
<file engine="none" source="sysuser-odoo.conf">/sysusers.d/1odoo.conf</file>
|
<file engine="none" source="sysuser-odoo.conf">/sysusers.d/1odoo.conf</file>
|
||||||
<file source="tmpfile-odoo.conf">/tmpfiles.d/0odoo.conf</file>
|
<file engine="none" source="tmpfile-odoo.conf">/tmpfiles.d/0odoo.conf</file>
|
||||||
<file mode="700">/sbin/config_odoo.py</file>
|
<file mode="700">/sbin/config_odoo.py</file>
|
||||||
<file mode="400" owner="odoo">/etc/odoo/odoo.conf</file>
|
<file mode="400" owner="odoo">/etc/odoo/odoo.conf</file>
|
||||||
<file mode="400" owner="odoo">/etc/odoo/postgresql.pass</file>
|
<file mode="400" owner="odoo">/etc/odoo/postgresql.pass</file>
|
||||||
|
|
|
@ -2,16 +2,16 @@ set -e
|
||||||
ODOO_VERSION="16.0"
|
ODOO_VERSION="16.0"
|
||||||
WKHTML_VERSION="0.12.6.1-2"
|
WKHTML_VERSION="0.12.6.1-2"
|
||||||
#curl http://nightly.odoo.com/${ODOO_VERSION}/nightly/rpm/odoo_${ODOO_VERSION}.latest.rpm -o odoo_${ODOO_VERSION}.latest.rpm
|
#curl http://nightly.odoo.com/${ODOO_VERSION}/nightly/rpm/odoo_${ODOO_VERSION}.latest.rpm -o odoo_${ODOO_VERSION}.latest.rpm
|
||||||
#OPT=$(dnf_opt_base "$IMAGE_NAME_RISOTTO_IMAGE_DIR")
|
#OPT=$(dnf_opt_base "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP")
|
||||||
#dnf --assumeyes $OPT localinstall odoo_${ODOO_VERSION}.latest.rpm
|
#dnf --assumeyes $OPT localinstall odoo_${ODOO_VERSION}.latest.rpm
|
||||||
#rm -f odoo_${ODOO_VERSION}.latest.rpm
|
#rm -f odoo_${ODOO_VERSION}.latest.rpm
|
||||||
mv $IMAGE_NAME_RISOTTO_IMAGE_DIR/etc/resolv.conf /tmp
|
mv $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/etc/resolv.conf /tmp
|
||||||
echo "nameserver 9.9.9.9" > $IMAGE_NAME_RISOTTO_IMAGE_DIR/etc/resolv.conf
|
echo "nameserver 9.9.9.9" > $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/etc/resolv.conf
|
||||||
|
|
||||||
WKHTML_PKG=wkhtmltox_$WKHTML_VERSION.bullseye_amd64.deb
|
WKHTML_PKG=wkhtmltox_$WKHTML_VERSION.bullseye_amd64.deb
|
||||||
|
|
||||||
curl https://nightly.odoo.com/odoo.key -o "$IMAGE_NAME_RISOTTO_IMAGE_DIR/odoo.key"
|
curl https://nightly.odoo.com/odoo.key -o "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/odoo.key"
|
||||||
curl -L "https://github.com/wkhtmltopdf/packaging/releases/download/$WKHTML_VERSION/$WKHTML_PKG" -o "$IMAGE_NAME_RISOTTO_IMAGE_DIR/$WKHTML_PKG"
|
curl -L "https://github.com/wkhtmltopdf/packaging/releases/download/$WKHTML_VERSION/$WKHTML_PKG" -o "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/$WKHTML_PKG"
|
||||||
echo """#!/bin/bash -xe
|
echo """#!/bin/bash -xe
|
||||||
cat /odoo.key | apt-key add -
|
cat /odoo.key | apt-key add -
|
||||||
rm /odoo.key
|
rm /odoo.key
|
||||||
|
@ -21,16 +21,16 @@ apt install --no-install-recommends -y odoo
|
||||||
dpkg -i /"$WKHTML_PKG" || true
|
dpkg -i /"$WKHTML_PKG" || true
|
||||||
rm -f /"$WKHTML_PKG"
|
rm -f /"$WKHTML_PKG"
|
||||||
apt -f install -y
|
apt -f install -y
|
||||||
""" > $IMAGE_NAME_RISOTTO_IMAGE_DIR/install.sh
|
""" > $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/install.sh
|
||||||
chmod 755 $IMAGE_NAME_RISOTTO_IMAGE_DIR/install.sh
|
chmod 755 $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/install.sh
|
||||||
chroot $IMAGE_NAME_RISOTTO_IMAGE_DIR /install.sh
|
chroot $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP /install.sh
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
sed -i "s/'postgres'/odoo.tools.config['db_name']/g" $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/python3/dist-packages/odoo/service/server.py
|
sed -i "s/'postgres'/odoo.tools.config['db_name']/g" $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/python3/dist-packages/odoo/service/server.py
|
||||||
sed -i "s/'postgres'/odoo.tools.config['db_name']/g" $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/python3/dist-packages/odoo/service/db.py
|
sed -i "s/'postgres'/odoo.tools.config['db_name']/g" $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/python3/dist-packages/odoo/service/db.py
|
||||||
sed -i "s/'postgres'/odoo.tools.config['db_name']/g" $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/python3/dist-packages/odoo/addons/bus/models/bus.py
|
sed -i "s/'postgres'/odoo.tools.config['db_name']/g" $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/python3/dist-packages/odoo/addons/bus/models/bus.py
|
||||||
sed -i "s/'postgres'/odoo.tools.config['db_name']/g" $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/python3/dist-packages/odoo/addons/base/models/ir_cron.py
|
sed -i "s/'postgres'/odoo.tools.config['db_name']/g" $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/python3/dist-packages/odoo/addons/base/models/ir_cron.py
|
||||||
sed -i "s@ldap://@ldaps://@g" $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/python3/dist-packages/odoo/addons/auth_ldap/models/res_company_ldap.py
|
sed -i "s@ldap://@ldaps://@g" $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/python3/dist-packages/odoo/addons/auth_ldap/models/res_company_ldap.py
|
||||||
mv -f /tmp/resolv.conf $IMAGE_NAME_RISOTTO_IMAGE_DIR/etc/resolv.conf
|
mv -f /tmp/resolv.conf $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/etc/resolv.conf
|
||||||
set +e
|
set +e
|
||||||
|
|
|
@ -9,8 +9,8 @@
|
||||||
<file owner="ldap">/var/lib/ldap/DB_CONFIG</file>
|
<file owner="ldap">/var/lib/ldap/DB_CONFIG</file>
|
||||||
<file>/secrets/users.ldif</file>
|
<file>/secrets/users.ldif</file>
|
||||||
<file>/secrets/users_mod.ldif</file>
|
<file>/secrets/users_mod.ldif</file>
|
||||||
<file>/secrets/config.ldif</file>
|
<file owner="ldap" mode="400">/etc/ldap/secrets/config.ldif</file>
|
||||||
<file>/secrets/config_acl.ldif</file>
|
<file owner="ldap" mode="400">/etc/ldap/secrets/config_acl.ldif</file>
|
||||||
<file>/secrets/admin_ldap.pwd</file>
|
<file>/secrets/admin_ldap.pwd</file>
|
||||||
<file engine="none">/sysusers.d/risotto-openldap.conf</file>
|
<file engine="none">/sysusers.d/risotto-openldap.conf</file>
|
||||||
<file source="tmpfile-openldap-server.conf">/tmpfiles.d/0openldap-server.conf</file>
|
<file source="tmpfile-openldap-server.conf">/tmpfiles.d/0openldap-server.conf</file>
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
rm -rf "$IMAGE_NAME_RISOTTO_IMAGE_DIR/etc/openldap/slapd.d/"
|
rm -rf "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/etc/openldap/slapd.d/"
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
[Service]
|
[Service]
|
||||||
ExecStartPre=
|
ExecStartPre=
|
||||||
ExecStartPre=-/usr/sbin/slapadd -F /etc/openldap/slapd.d -v -b cn=config -l /usr/local/lib/secrets/config.ldif
|
ExecStartPre=-/usr/sbin/slapadd -F /etc/openldap/slapd.d -v -b cn=config -l /etc/ldap/secrets/config.ldif
|
||||||
%for %%schema in %%ldap_schemas
|
%for %%schema in %%ldap_schemas
|
||||||
ExecStartPre=-/usr/sbin/slapadd -F /etc/openldap/slapd.d -v -b cn=config -l %%schema
|
ExecStartPre=-/usr/sbin/slapadd -F /etc/openldap/slapd.d -v -b cn=config -l %%schema
|
||||||
%end for
|
%end for
|
||||||
ExecStartPre=-/usr/sbin/slapadd -F /etc/openldap/slapd.d -c -v -l /usr/local/lib/secrets/users.ldif
|
ExecStartPre=-/usr/sbin/slapadd -F /etc/openldap/slapd.d -c -v -l /etc/ldap/secrets/users.ldif
|
||||||
User=ldap
|
User=ldap
|
||||||
Group=ldap
|
Group=ldap
|
||||||
ExecStart=
|
ExecStart=
|
||||||
|
@ -12,5 +12,5 @@ ExecStart=
|
||||||
ExecStart=+/usr/sbin/slapd -u ldap -h ldaps:///
|
ExecStart=+/usr/sbin/slapd -u ldap -h ldaps:///
|
||||||
#waiting for ldap server...
|
#waiting for ldap server...
|
||||||
ExecStartPost=/usr/bin/timeout 90 bash -c 'while ! 3<> /dev/tcp/localhost/%%ldap_port; do sleep 1; done'
|
ExecStartPost=/usr/bin/timeout 90 bash -c 'while ! 3<> /dev/tcp/localhost/%%ldap_port; do sleep 1; done'
|
||||||
ExecStartPost=-/usr/bin/ldapmodify -D %%ldapclient_user -y /usr/local/lib/secrets/admin_ldap.pwd -v -f /usr/local/lib/secrets/config_acl.ldif
|
ExecStartPost=+-/usr/bin/ldapmodify -D %%ldapclient_user -y /usr/local/lib/secrets/admin_ldap.pwd -v -f /usr/local/lib/secrets/config_acl.ldif
|
||||||
ExecStartPost=-/usr/bin/ldapmodify -D %%ldapclient_user -y /usr/local/lib/secrets/admin_ldap.pwd -v -f /usr/local/lib/secrets/users_mod.ldif
|
ExecStartPost=+-/usr/bin/ldapmodify -D %%ldapclient_user -y /usr/local/lib/secrets/admin_ldap.pwd -v -f /usr/local/lib/secrets/users_mod.ldif
|
||||||
|
|
|
@ -49,6 +49,8 @@
|
||||||
<variable name="nginx_root" redefine='True'>
|
<variable name="nginx_root" redefine='True'>
|
||||||
<value>/usr/share/peertube</value>
|
<value>/usr/share/peertube</value>
|
||||||
</variable>
|
</variable>
|
||||||
|
</family>
|
||||||
|
<family name="revprox">
|
||||||
<family name="revprox_client">
|
<family name="revprox_client">
|
||||||
<variable name="revprox_client_location" redefine="True">
|
<variable name="revprox_client_location" redefine="True">
|
||||||
<value>/</value>
|
<value>/</value>
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
mkdir -p "$IMAGE_NAME_RISOTTO_IMAGE_DIR/proc/self/"
|
mkdir -p "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/proc/self/"
|
||||||
cat /proc/self/stat > "$IMAGE_NAME_RISOTTO_IMAGE_DIR/proc/self/stat"
|
cat /proc/self/stat > "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/proc/self/stat"
|
||||||
PLUGINS_DIR=/usr/share/peertube_plugins
|
PLUGINS_DIR=/usr/share/peertube_plugins
|
||||||
echo """#!/bin/bash
|
echo """#!/bin/bash
|
||||||
set -ex
|
set -ex
|
||||||
|
@ -15,13 +15,13 @@ chown peertube: "\$PLUGINS_DIR/data/peertube-plugin-auth-openid-connect"
|
||||||
|
|
||||||
rm -f /etc/resolv.conf
|
rm -f /etc/resolv.conf
|
||||||
mv /tmp/resolv.conf /etc
|
mv /tmp/resolv.conf /etc
|
||||||
""" > "$IMAGE_NAME_RISOTTO_IMAGE_DIR/install.sh"
|
""" > "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/install.sh"
|
||||||
chmod +x "$IMAGE_NAME_RISOTTO_IMAGE_DIR/install.sh"
|
chmod +x "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/install.sh"
|
||||||
chroot "$IMAGE_NAME_RISOTTO_IMAGE_DIR" /install.sh
|
chroot "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP" /install.sh
|
||||||
rm "$IMAGE_NAME_RISOTTO_IMAGE_DIR/proc/self/stat"
|
rm "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/proc/self/stat"
|
||||||
rmdir "$IMAGE_NAME_RISOTTO_IMAGE_DIR/proc/self/"
|
rmdir "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/proc/self/"
|
||||||
|
|
||||||
rm -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR/install.sh"
|
rm -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/install.sh"
|
||||||
cd "$IMAGE_NAME_RISOTTO_IMAGE_DIR$PLUGINS_DIR/.."
|
cd "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP$PLUGINS_DIR/.."
|
||||||
#patch -p0 < "$IMAGE_DIR_RECIPIENT_IMAGE/postinstall/peertube.patch"
|
#patch -p0 < "$IMAGE_DIR_RECIPIENT_IMAGE/postinstall/peertube.patch"
|
||||||
cd -
|
cd -
|
||||||
|
|
|
@ -137,3 +137,4 @@ daemonize = yes
|
||||||
; FPM can handle. Your system will tell you anyway :)
|
; FPM can handle. Your system will tell you anyway :)
|
||||||
|
|
||||||
; See /etc/php-fpm.d/*.conf
|
; See /etc/php-fpm.d/*.conf
|
||||||
|
|
||||||
|
|
|
@ -448,10 +448,13 @@ php_admin_flag[log_errors] = on
|
||||||
; See warning about choosing the location of these directories on your system
|
; See warning about choosing the location of these directories on your system
|
||||||
; at http://php.net/session.save-path
|
; at http://php.net/session.save-path
|
||||||
;<GNUNUX
|
;<GNUNUX
|
||||||
;php_value[session.save_handler] = files
|
%if not %%getVar('redis_client_server_domainname', None)
|
||||||
;php_value[session.save_path] = /var/lib/php/session
|
php_value[session.save_handler] = files
|
||||||
|
php_value[session.save_path] = /var/lib/php/session
|
||||||
|
%else
|
||||||
php_value[session.save_handler] = redis
|
php_value[session.save_handler] = redis
|
||||||
;php_value[session.save_path] = "tcp://%%redis_client_server_domainname:6379?auth[user]=%%redis_client_username&auth[pass]=%%redis_client_password"
|
;php_value[session.save_path] = "tcp://%%redis_client_server_domainname:6379?auth[user]=%%redis_client_username&auth[pass]=%%redis_client_password"
|
||||||
|
%end if
|
||||||
;>GNUNUX
|
;>GNUNUX
|
||||||
php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache
|
php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache
|
||||||
;php_value[opcache.file_cache] = /var/lib/php/opcache
|
;php_value[opcache.file_cache] = /var/lib/php/opcache
|
||||||
|
|
|
@ -7,25 +7,25 @@
|
||||||
</services>
|
</services>
|
||||||
<variables>
|
<variables>
|
||||||
<family name="php" description="PHP" mode="expert" help="Paramètrage avancé de PHP">
|
<family name="php" description="PHP" mode="expert" help="Paramètrage avancé de PHP">
|
||||||
<variable name="php_post_max_size" type="number" description="Taille maximale des données reçues par la méthode POST (en Mo)">
|
<variable name="php_post_max_size" type="number" description="Taille maximale des données reçues par la méthode POST" help="Valeur en Mo">
|
||||||
<value>32</value>
|
<value>32</value>
|
||||||
</variable>
|
</variable>
|
||||||
<variable name="php_upload_max_filesize" type="number" description="Taille maximale d'un fichier à charger (en Mo)">
|
<variable name="php_upload_max_filesize" type="number" description="Taille maximale d'un fichier à charger" help="Valeur en Mo">
|
||||||
<value>16</value>
|
<value>16</value>
|
||||||
</variable>
|
</variable>
|
||||||
<variable name="php_max_execution_time" type="number" description="Temps maximal d'exécution d'un script (en secondes)">
|
<variable name="php_max_execution_time" type="number" description="Temps maximal d'exécution d'un script" help="Valeur en secondes">
|
||||||
<value>30</value>
|
<value>30</value>
|
||||||
</variable>
|
</variable>
|
||||||
<variable name="php_max_input_time" type="number" description="Durée maximale pour analyser les données d'entrée (en secondes)">
|
<variable name="php_max_input_time" type="number" description="Durée maximale pour analyser les données d'entrée" help="Valeur en secondes">
|
||||||
<value>60</value>
|
<value>60</value>
|
||||||
</variable>
|
</variable>
|
||||||
<variable name="php_memory_limit" type="number" description="Taille mémoire maximale qu'un script est autorisé à allouer (en Mo)">
|
<variable name="php_memory_limit" type="number" description="Taille mémoire maximale qu'un script est autorisé à allouer" help="Valeur en Mo">
|
||||||
<value>512</value>
|
<value>512</value>
|
||||||
</variable>
|
</variable>
|
||||||
<variable name="php_display_errors" type="boolean" description="Affichage des erreurs à l'écran">
|
<variable name="php_display_errors" type="boolean" description="Affichage des erreurs à l'écran">
|
||||||
<value>False</value>
|
<value>False</value>
|
||||||
</variable>
|
</variable>
|
||||||
<variable name="php_session_gc_maxlifetime" type="number" description="Durée de vie des données sur le serveur (en secondes)">
|
<variable name="php_session_gc_maxlifetime" type="number" description="Durée de vie des données sur le serveur" help="Valeur en secondes">
|
||||||
<value>3600</value>
|
<value>3600</value>
|
||||||
</variable>
|
</variable>
|
||||||
<variable name="php_browscap" type="boolean" description="Activer la directive de configuration browscap" help="La directive de configuration browscap permet d'obtenir plus d'information sur les capacités du navigateur client grâce à la fonction get_browser()">
|
<variable name="php_browscap" type="boolean" description="Activer la directive de configuration browscap" help="La directive de configuration browscap permet d'obtenir plus d'information sur les capacités du navigateur client grâce à la fonction get_browser()">
|
||||||
|
|
|
@ -1266,11 +1266,14 @@ browscap = /etc/php/extra/browscap.ini
|
||||||
; Handler used to store/retrieve data.
|
; Handler used to store/retrieve data.
|
||||||
; https://php.net/session.save-handler
|
; https://php.net/session.save-handler
|
||||||
;>GNUNUX
|
;>GNUNUX
|
||||||
; session.save_handler = files
|
%if not %%getVar('redis_client_server_domainname', None)
|
||||||
|
session.save_handler = files
|
||||||
|
%else
|
||||||
session.save_handler = redis
|
session.save_handler = redis
|
||||||
session.save_path = "tcp://%%redis_client_server_domainname:6379?auth[user]=%%redis_client_username&auth[pass]=%%redis_client_password"
|
session.save_path = "tcp://%%redis_client_server_domainname:6379?auth[user]=%%redis_client_username&auth[pass]=%%redis_client_password"
|
||||||
;GNUNUX https://github.com/phpredis/phpredis/issues/2062
|
;GNUNUX https://github.com/phpredis/phpredis/issues/2062
|
||||||
;session.save_path = "tls://%%redis_client_server_domainname:6379?auth[user]=%%redis_client_username&auth[pass]=%%redis_client_password&stream[verify_peer]=1&stream[cafile]=/etc/pki/ca-trust/source/anchors/ca_Redis.crt&stream[local_cert]=/etc/pki/tls/certs/redis.crt&stream[local_pk]=/etc/pki/tls/private/redis.key"
|
;session.save_path = "tls://%%redis_client_server_domainname:6379?auth[user]=%%redis_client_username&auth[pass]=%%redis_client_password&stream[verify_peer]=1&stream[cafile]=/etc/pki/ca-trust/source/anchors/ca_Redis.crt&stream[local_cert]=/etc/pki/tls/certs/redis.crt&stream[local_pk]=/etc/pki/tls/private/redis.key"
|
||||||
|
%end if
|
||||||
;<GNUNUX
|
;<GNUNUX
|
||||||
|
|
||||||
; Argument passed to save_handler. In the case of files, this is the path
|
; Argument passed to save_handler. In the case of files, this is the path
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
<?xml version='1.0' encoding='UTF-8'?>
|
<?xml version='1.0' encoding='UTF-8'?>
|
||||||
<rougail version="0.10">
|
<rougail version="0.10">
|
||||||
<services>
|
<services>
|
||||||
<service name="piwigo" engine="creole" target="multi-user">
|
<service name="piwigo" engine="cheetah" target="multi-user">
|
||||||
<file source="tmpfile-piwigo.conf">/tmpfiles.d/0piwigo.conf</file>
|
<file source="tmpfile-piwigo.conf">/tmpfiles.d/0piwigo.conf</file>
|
||||||
<file>/etc/piwigo/config.inc.php</file>
|
<file>/etc/piwigo/config.inc.php</file>
|
||||||
<file>/etc/piwigo/database.inc.php</file>
|
<file>/etc/piwigo/database.inc.php</file>
|
||||||
|
@ -13,11 +13,11 @@
|
||||||
<variables>
|
<variables>
|
||||||
<variable name="piwigo_admin_email" type="mail" description="Adresse courriel de l'administrateur Piwigo" mandatory="True"/>
|
<variable name="piwigo_admin_email" type="mail" description="Adresse courriel de l'administrateur Piwigo" mandatory="True"/>
|
||||||
<variable name="piwigo_admin_password" type="password" auto_save="False" hidden="True"/>
|
<variable name="piwigo_admin_password" type="password" auto_save="False" hidden="True"/>
|
||||||
<variable name="piwigo_locations" type="filename" multi="True" mandatory="True"/>
|
<variable name="piwigo_locations" type="filename" multi="True" mandatory="True" hidden="True"/>
|
||||||
<variable name="piwigo_title" type="string" description="Titre de l'album" mandatory="True">
|
<variable name="piwigo_title" type="string" description="Titre de l'album" mandatory="True">
|
||||||
<value>Album photographique</value>
|
<value>Album photographique</value>
|
||||||
</variable>
|
</variable>
|
||||||
<family name="users" leadership="True">
|
<family name="users" description="Piwigo users" leadership="True">
|
||||||
<variable name="piwigo_users" type="unix_user" description="Utilisateur ayant un album" multi="True" mandatory="True"/>
|
<variable name="piwigo_users" type="unix_user" description="Utilisateur ayant un album" multi="True" mandatory="True"/>
|
||||||
<variable name="piwigo_email" type="mail" description="Adresse courriel" mandatory="True"/>
|
<variable name="piwigo_email" type="mail" description="Adresse courriel" mandatory="True"/>
|
||||||
</family>
|
</family>
|
||||||
|
|
|
@ -1,7 +1,15 @@
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
|
gdthumb=7848
|
||||||
|
rv_tscroller=8014
|
||||||
|
openidconnect=7744
|
||||||
|
community=8160 # FIXME translation already needed?
|
||||||
|
embedded_videos=7924
|
||||||
|
bootstrap_darkroom=8261
|
||||||
|
|
||||||
ORIPWD=$PWD
|
ORIPWD=$PWD
|
||||||
mkdir -p "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/local/share"
|
mkdir -p "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/local/share"
|
||||||
cd "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/local/share"
|
cd "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/local/share"
|
||||||
app=$(wget https://api.github.com/repos/Piwigo/Piwigo/releases/latest -q -O - | jq -r '.tag_name')
|
app=$(wget https://api.github.com/repos/Piwigo/Piwigo/releases/latest -q -O - | jq -r '.tag_name')
|
||||||
wget -q "https://github.com/Piwigo/Piwigo/archive/refs/tags/$app.tar.gz"
|
wget -q "https://github.com/Piwigo/Piwigo/archive/refs/tags/$app.tar.gz"
|
||||||
tar xf *tar.gz
|
tar xf *tar.gz
|
||||||
|
@ -20,11 +28,11 @@ patch -p0 < $IMAGE_DIR_RECIPIENT_IMAGE/postinstall/piwigo.patch
|
||||||
cp $IMAGE_DIR_RECIPIENT_IMAGE/postinstall/piwigo_cli.php piwigo/
|
cp $IMAGE_DIR_RECIPIENT_IMAGE/postinstall/piwigo_cli.php piwigo/
|
||||||
# Plugins
|
# Plugins
|
||||||
cd piwigo/plugins
|
cd piwigo/plugins
|
||||||
wget https://piwigo.org/ext/download.php?rid=7848 -O plugin.zip
|
wget https://piwigo.org/ext/download.php?rid=$gdthumb -O plugin.zip
|
||||||
unzip plugin.zip
|
unzip plugin.zip
|
||||||
rm -f plugin.zip
|
rm -f plugin.zip
|
||||||
#
|
#
|
||||||
wget https://piwigo.org/ext/download.php?rid=8014 -O plugin.zip
|
wget https://piwigo.org/ext/download.php?rid=$rv_tscroller -O plugin.zip
|
||||||
unzip plugin.zip
|
unzip plugin.zip
|
||||||
rm -f plugin.zip
|
rm -f plugin.zip
|
||||||
#
|
#
|
||||||
|
@ -34,15 +42,14 @@ tar xf *tar.gz
|
||||||
rm -f *tar.gz
|
rm -f *tar.gz
|
||||||
mv piwigo-openstreetmap-* piwigo-openstreetmap
|
mv piwigo-openstreetmap-* piwigo-openstreetmap
|
||||||
#
|
#
|
||||||
wget https://piwigo.org/ext/download.php?rid=7744 -O plugin.zip
|
wget https://piwigo.org/ext/download.php?rid=$openidconnect -O plugin.zip
|
||||||
unzip plugin.zip
|
unzip plugin.zip
|
||||||
rm -f plugin.zip
|
rm -f plugin.zip
|
||||||
# community
|
# community
|
||||||
wget https://piwigo.org/ext/download.php?rid=8160 -O plugin.zip
|
wget https://piwigo.org/ext/download.php?rid=$community -O plugin.zip
|
||||||
unzip plugin.zip
|
unzip plugin.zip
|
||||||
rm -f plugin.zip
|
rm -f plugin.zip
|
||||||
echo """<?php
|
echo """<?php
|
||||||
\$lang['Edit photos'] = 'Editer les photos';
|
|
||||||
\$lang['Edit Photos'] = 'Editer les photos';
|
\$lang['Edit Photos'] = 'Editer les photos';
|
||||||
\$lang['Edit your photos'] = 'Editer vos photos';
|
\$lang['Edit your photos'] = 'Editer vos photos';
|
||||||
\$lang['Photos posted by %s'] = 'Photos postées par %s';
|
\$lang['Photos posted by %s'] = 'Photos postées par %s';
|
||||||
|
@ -55,7 +62,7 @@ echo """<?php
|
||||||
?>
|
?>
|
||||||
""" >> community/language/fr_FR/plugin.lang.php
|
""" >> community/language/fr_FR/plugin.lang.php
|
||||||
# embedded
|
# embedded
|
||||||
wget https://fr.piwigo.org/ext/download.php?rid=7924 -O plugin.zip
|
wget https://fr.piwigo.org/ext/download.php?rid=$embedded_videos -O plugin.zip
|
||||||
unzip plugin.zip
|
unzip plugin.zip
|
||||||
rm -f plugin.zip
|
rm -f plugin.zip
|
||||||
# user delete photo
|
# user delete photo
|
||||||
|
@ -64,7 +71,7 @@ rm -f plugin.zip
|
||||||
#rm -f plugin.zip
|
#rm -f plugin.zip
|
||||||
# Theme
|
# Theme
|
||||||
cd ../themes/
|
cd ../themes/
|
||||||
wget https://piwigo.org/ext/download.php?rid=8163 -O plugin.zip
|
wget https://piwigo.org/ext/download.php?rid=$bootstrap_darkroom -O plugin.zip
|
||||||
unzip plugin.zip
|
unzip plugin.zip
|
||||||
rm -f plugin.zip
|
rm -f plugin.zip
|
||||||
ln -s /srv/piwigo/bootstrap_darkroom ../local/bootstrap_darkroom
|
ln -s /srv/piwigo/bootstrap_darkroom ../local/bootstrap_darkroom
|
||||||
|
|
|
@ -46,6 +46,7 @@
|
||||||
<variable name='postfix_relay_authentifications' description="Authentification sur le relai SMTP" multi="True" provider="SMTP"/>
|
<variable name='postfix_relay_authentifications' description="Authentification sur le relai SMTP" multi="True" provider="SMTP"/>
|
||||||
<family name="local_authentification_" description="Local server authentification" dynamic='postfix_relay_authentifications'>
|
<family name="local_authentification_" description="Local server authentification" dynamic='postfix_relay_authentifications'>
|
||||||
<variable name="local_authentification_password_" type="secret" auto_save="False" provider="SMTP:password"/>
|
<variable name="local_authentification_password_" type="secret" auto_save="False" provider="SMTP:password"/>
|
||||||
|
<variable name="postfix_relay_ip_" type="ip" hidden="True"/>
|
||||||
</family>
|
</family>
|
||||||
<variable name='postfix_pem_files' type="filename" hidden='True' multi='True'/>
|
<variable name='postfix_pem_files' type="filename" hidden='True' multi='True'/>
|
||||||
</family>
|
</family>
|
||||||
|
@ -70,5 +71,10 @@
|
||||||
<param name="multi" type="boolean">True</param>
|
<param name="multi" type="boolean">True</param>
|
||||||
<target>postfix_pem_files</target>
|
<target>postfix_pem_files</target>
|
||||||
</fill>
|
</fill>
|
||||||
|
<fill name="get_ip">
|
||||||
|
<param type="information">zones</param>
|
||||||
|
<param type="suffix"/>
|
||||||
|
<target>postfix_relay_ip_</target>
|
||||||
|
</fill>
|
||||||
</constraints>
|
</constraints>
|
||||||
</rougail>
|
</rougail>
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
%%get_chain(authority_cn=%%domain_name_eth0, authority_name="MailServer", hide=%%hide_secret)
|
%%get_chain(cn=%%domain_name_eth0, authority_cn=%%domain_name_eth0, authority_name="MailServer", hide=%%hide_secret)
|
||||||
|
|
|
@ -4,7 +4,7 @@ ExecStartPre=/usr/sbin/postmap -F /etc/postfix/sni
|
||||||
%for %%local in %%postfix_relay_authentifications
|
%for %%local in %%postfix_relay_authentifications
|
||||||
%set %%user = %%normalize_family(%%local)
|
%set %%user = %%normalize_family(%%local)
|
||||||
%set %%password = %%getVar('local_authentification_password_' + %%user)
|
%set %%password = %%getVar('local_authentification_password_' + %%user)
|
||||||
%set %%ip = %%get_ip(%%local)
|
%set %%ip = %%getVar('postfix_relay_ip_' + %%user)
|
||||||
ExecStartPre=-/usr/bin/bash -c "echo %%password | /usr/sbin/saslpasswd2 -u %%ip %%user -p"
|
ExecStartPre=-/usr/bin/bash -c "echo %%password | /usr/sbin/saslpasswd2 -u %%ip %%user -p"
|
||||||
%end for
|
%end for
|
||||||
ExecStartPre=/usr/bin/chown postfix: /etc/sasl2/sasldb2
|
ExecStartPre=/usr/bin/chown postfix: /etc/sasl2/sasldb2
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
%set %%chain = %%get_chain(authority_cn=%%rougail_variable, authority_name="MailRelay", hide=%%hide_secret)
|
%set %%chain = %%get_chain(cn=%%rougail_variable, authority_cn=%%rougail_variable, authority_name="MailRelay", hide=%%hide_secret)
|
||||||
%set %%cert = %%get_certificate(cn=%%rougail_variable, authority_name='MailRelay', hide=%%hide_secret)
|
%set %%cert = %%get_certificate(cn=%%rougail_variable, authority_name='MailRelay', hide=%%hide_secret)
|
||||||
%%get_private_key(cn=%%rougail_variable, authority_name='MailRelay', hide=%%hide_secret)
|
%%get_private_key(cn=%%rougail_variable, authority_name='MailRelay', hide=%%hide_secret)
|
||||||
%%cert
|
%%cert
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
<?xml version='1.0' encoding='UTF-8'?>
|
<?xml version='1.0' encoding='UTF-8'?>
|
||||||
<rougail version="0.10">
|
<rougail version="0.10">
|
||||||
<services>
|
<services>
|
||||||
<service name="postgresqlclient" target="risotto" engine="creole">
|
<service name="postgresqlclient" target="risotto" engine="cheetah">
|
||||||
<file mode="400">/secrets/postgresql.pass</file>
|
<file mode="400">/secrets/postgresql.pass</file>
|
||||||
<file file_type="variable" source="ca_PostgreSQL.crt">pg_client_ca_file</file>
|
<file file_type="variable" source="ca_PostgreSQL.crt">pg_client_ca_file</file>
|
||||||
<file file_type="variable" owner_type="variable" owner="pg_client_key_owner" mode="444" source="postgresql.crt">pg_client_crt_file</file>
|
<file file_type="variable" owner_type="variable" owner="pg_client_key_owner" mode="444" source="postgresql.crt">pg_client_crt_file</file>
|
||||||
|
@ -11,11 +11,11 @@
|
||||||
</services>
|
</services>
|
||||||
<variables>
|
<variables>
|
||||||
<family name="postgresql" description="PostgreSQL">
|
<family name="postgresql" description="PostgreSQL">
|
||||||
<variable name="pg_client_server_domainname" type="domainname" description="Nom de domaine du serveur PostgreSQL" mandatory="True" supplier="Postgresql"/>
|
<variable name="pg_client_server_domainname" type="domainname" description="Nom de domaine du serveur PostgreSQL" mandatory="True" supplier="Postgresql" hidden="True"/>
|
||||||
<variable name="pg_client_username" description="Client username" mandatory="True" hidden="True"/>
|
<variable name="pg_client_username" description="Client username" mandatory="True" hidden="True"/>
|
||||||
<variable name="pg_client_password" type="password" description="Client password" mandatory="True" hidden="True" supplier="Postgresql:password"/>
|
<variable name="pg_client_password" type="password" description="Client password" mandatory="True" hidden="True" supplier="Postgresql:password"/>
|
||||||
<variable name="pg_client_database" description="Client database" mandatory="True" hidden="True"/>
|
<variable name="pg_client_database" description="Client database" mandatory="True" hidden="True"/>
|
||||||
<variable name="pg_client_key_owner" type="unix_user" description="Key owner" mandatory="True">
|
<variable name="pg_client_key_owner" type="unix_user" description="Key owner" mandatory="True" hidden="True">
|
||||||
<value>apache</value>
|
<value>apache</value>
|
||||||
</variable>
|
</variable>
|
||||||
<variable name="pg_client_ca_file" type="filename" description="Postgresql CA filename" hidden="True"/>
|
<variable name="pg_client_ca_file" type="filename" description="Postgresql CA filename" hidden="True"/>
|
||||||
|
|
|
@ -1,2 +1,2 @@
|
||||||
%%get_chain(authority_cn=%%pg_client_server_domainname, authority_name="PostgreSQL", hide=%%hide_secret)
|
%%get_chain(cn=%%domain_name_eth0, authority_cn=%%pg_client_server_domainname, authority_name="PostgreSQL", hide=%%hide_secret)
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
<file>/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt</file>
|
<file>/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt</file>
|
||||||
<file>/etc/pki/tls/certs/postgresql.crt</file>
|
<file>/etc/pki/tls/certs/postgresql.crt</file>
|
||||||
<file owner="root" group="postgres" mode="440">/etc/pki/tls/private/postgresql.key</file>
|
<file owner="root" group="postgres" mode="440">/etc/pki/tls/private/postgresql.key</file>
|
||||||
<file>/tests/postgresql.yml</file>
|
<file>/tests/postgresql.yml</file>
|
||||||
</service>
|
</service>
|
||||||
</services>
|
</services>
|
||||||
<variables>
|
<variables>
|
||||||
|
@ -68,7 +68,7 @@
|
||||||
<choice type="string">MB</choice>
|
<choice type="string">MB</choice>
|
||||||
<choice type="string">kB</choice>
|
<choice type="string">kB</choice>
|
||||||
</variable>
|
</variable>
|
||||||
<variable name="pg_effective_cache_size" type="number" description="Taille du cache (blocs de 8ko)" mandatory="True" help="Initialise l'estimation faite par le planificateur de la taille réelle du cache disque disponible pour une requête">
|
<variable name="pg_effective_cache_size" type="number" description="Taille du cache" mandatory="True" help="Initialise l'estimation faite par le planificateur pour le nombre de bloc de 8ko réelle du cache disque disponible pour une requête">
|
||||||
<value>4</value>
|
<value>4</value>
|
||||||
</variable>
|
</variable>
|
||||||
<variable name="pg_effective_cache_size_unit" description="Unité de la taille du cache" type="choice">
|
<variable name="pg_effective_cache_size_unit" description="Unité de la taille du cache" type="choice">
|
||||||
|
|
|
@ -9,6 +9,7 @@
|
||||||
</variables>
|
</variables>
|
||||||
<constraints>
|
<constraints>
|
||||||
<fill name="get_ip">
|
<fill name="get_ip">
|
||||||
|
<param type="information">zones</param>
|
||||||
<param type="suffix"/>
|
<param type="suffix"/>
|
||||||
<target>accounts.remote_.remote_ip_</target>
|
<target>accounts.remote_.remote_ip_</target>
|
||||||
</fill>
|
</fill>
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
%%get_chain(authority_cn=%%domain_name_eth0, authority_name="PostgreSQL", hide=%%hide_secret)
|
%%get_chain(cn=%%domain_name_eth0, authority_cn=%%domain_name_eth0, authority_name="PostgreSQL", hide=%%hide_secret)
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
<?xml version="1.0" encoding="utf-8"?>
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
<rougail version="0.10">
|
<rougail version="0.10">
|
||||||
<variables>
|
<variables>
|
||||||
<variable name="host" type="domainname" description="Machine où est démarré le conteneur" mandatory="True" supplier="Host"/>
|
<variable name="host" type="domainname" description="Machine où est démarré le conteneur" mandatory="True" provider="global:host_name" supplier="Host" hidden="True"/>
|
||||||
</variables>
|
</variables>
|
||||||
</rougail>
|
</rougail>
|
||||||
|
|
||||||
|
|
|
@ -27,8 +27,8 @@
|
||||||
<value>False</value>
|
<value>False</value>
|
||||||
</variable>
|
</variable>
|
||||||
<family name="network">
|
<family name="network">
|
||||||
<variable name="incoming_ports" type="port" description="Ports exposés depuis l'extérieur" multi="True" supplier="Host:incoming_ports"/>
|
<variable name="incoming_ports" type="port" description="Ports exposés depuis l'extérieur" multi="True" supplier="Host:incoming_ports" hidden="True"/>
|
||||||
<variable name="outgoing_ports" type="port" description="Ports autorisés vers l'extérieur" multi="True" supplier="Host:outgoing_ports"/>
|
<variable name="outgoing_ports" type="port" description="Ports autorisés vers l'extérieur" multi="True" supplier="Host:outgoing_ports" hidden="True"/>
|
||||||
<variable name="netwokd_interface_name_type" redefine="True">
|
<variable name="netwokd_interface_name_type" redefine="True">
|
||||||
<value>host</value>
|
<value>host</value>
|
||||||
</variable>
|
</variable>
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
<?xml version='1.0' encoding='UTF-8'?>
|
<?xml version='1.0' encoding='UTF-8'?>
|
||||||
<rougail version="0.10">
|
<rougail version="0.10">
|
||||||
<services>
|
<services>
|
||||||
<service name="redis-client" target="risotto" engine="creole">
|
<service name="redis-client" target="risotto" engine="cheetah">
|
||||||
<file>/etc/pki/ca-trust/source/anchors/ca_Redis.crt</file>
|
<file>/etc/pki/ca-trust/source/anchors/ca_Redis.crt</file>
|
||||||
<file>/etc/pki/tls/certs/redis.crt</file>
|
<file>/etc/pki/tls/certs/redis.crt</file>
|
||||||
<file owner_type="variable" owner="redis_client_key_owner" mode="400">/etc/pki/tls/private/redis.key</file>
|
<file owner_type="variable" owner="redis_client_key_owner" mode="400">/etc/pki/tls/private/redis.key</file>
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
%%get_chain(authority_cn=%%redis_client_server_domainname, authority_name="Redis", hide=%%hide_secret)
|
%%get_chain(cn=%%domain_name_eth0, authority_cn=%%redis_client_server_domainname, authority_name="Redis", hide=%%hide_secret)
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
%set %%ca_chain = %%get_chain(authority_cn=%%redis_client_server_domainname, authority_name="Redis", hide=%%hide_secret)
|
%set %%ca_chain = %%get_chain(cn=%%domain_name_eth0, authority_cn=%%redis_client_server_domainname, authority_name="Redis", hide=%%hide_secret)
|
||||||
%set %%cert = %%get_certificate(cn=%%domain_name_eth0, authority_cn=%%redis_client_server_domainname, authority_name='Redis', type="client", hide=%%hide_secret)
|
%set %%cert = %%get_certificate(cn=%%domain_name_eth0, authority_cn=%%redis_client_server_domainname, authority_name='Redis', type="client", hide=%%hide_secret)
|
||||||
%%get_private_key(cn=%%domain_name_eth0, authority_cn=%%redis_client_server_domainname, authority_name='Redis', type="client", hide=%%hide_secret)
|
%%get_private_key(cn=%%domain_name_eth0, authority_cn=%%redis_client_server_domainname, authority_name='Redis', type="client", hide=%%hide_secret)
|
||||||
%%cert
|
%%cert
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
</services>
|
</services>
|
||||||
<variables>
|
<variables>
|
||||||
<family name="redis" description="Redis" help="Configuration du service de cache Redis">
|
<family name="redis" description="Redis" help="Configuration du service de cache Redis">
|
||||||
<variable name="redis_instance_name" description="Nom de l'instance"/>
|
<variable name="redis_instance_name" description="Nom de l'instance" mandatory="True"/>
|
||||||
<variable name="redis_save" description="Activer la persistence des données">
|
<variable name="redis_save" description="Activer la persistence des données">
|
||||||
<value>False</value>
|
<value>False</value>
|
||||||
</variable>
|
</variable>
|
||||||
|
|
|
@ -7,6 +7,7 @@
|
||||||
</variables>
|
</variables>
|
||||||
<constraints>
|
<constraints>
|
||||||
<fill name="get_ip">
|
<fill name="get_ip">
|
||||||
|
<param type="information">zones</param>
|
||||||
<param type="variable">account.remote</param>
|
<param type="variable">account.remote</param>
|
||||||
<target>account.remote_ip</target>
|
<target>account.remote_ip</target>
|
||||||
</fill>
|
</fill>
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
%%get_chain(authority_cn=%%domain_name_eth0, authority_name="Redis", hide=%%hide_secret)
|
%%get_chain(cn=%%domain_name_eth0, authority_cn=%%domain_name_eth0, authority_name="Redis", hide=%%hide_secret)
|
||||||
|
|
|
@ -8,6 +8,7 @@
|
||||||
<variables>
|
<variables>
|
||||||
<family name="smtp" description="Client SMTP">
|
<family name="smtp" description="Client SMTP">
|
||||||
<variable name="smtp_relay_address" type="domainname" description="Nom de domaine du serveur SMTP" mandatory="True" supplier="SMTP"/>
|
<variable name="smtp_relay_address" type="domainname" description="Nom de domaine du serveur SMTP" mandatory="True" supplier="SMTP"/>
|
||||||
|
<variable name="smtp_relay_ip" type="ip" hidden="True"/>
|
||||||
<variable name="smtp_relay_user" type="unix_user" description="Relay username" mandatory="True" hidden="True"/>
|
<variable name="smtp_relay_user" type="unix_user" description="Relay username" mandatory="True" hidden="True"/>
|
||||||
<variable name="smtp_relay_password" type="secret" description="Relay password" mandatory="True" hidden="True" supplier="SMTP:password"/>
|
<variable name="smtp_relay_password" type="secret" description="Relay password" mandatory="True" hidden="True" supplier="SMTP:password"/>
|
||||||
<variable name="smtp_ca_file" type="filename" description="SMTP CA filename" hidden="True"/>
|
<variable name="smtp_ca_file" type="filename" description="SMTP CA filename" hidden="True"/>
|
||||||
|
@ -32,5 +33,10 @@
|
||||||
<param name="join">/</param>
|
<param name="join">/</param>
|
||||||
<target>smtp_ca_file</target>
|
<target>smtp_ca_file</target>
|
||||||
</fill>
|
</fill>
|
||||||
|
<fill name="get_ip">
|
||||||
|
<param type="information">zones</param>
|
||||||
|
<param type="variable">smtp_relay_address</param>
|
||||||
|
<target>smtp_relay_ip</target>
|
||||||
|
</fill>
|
||||||
</constraints>
|
</constraints>
|
||||||
</rougail>
|
</rougail>
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
%%get_chain(%%smtp_relay_address, authority_name='MailRelay', hide=%%hide_secret)
|
%%get_chain(%%domain_name_eth0, %%smtp_relay_address, authority_name='MailRelay', hide=%%hide_secret)
|
||||||
|
|
|
@ -1,22 +1,22 @@
|
||||||
<?xml version='1.0' encoding='UTF-8'?>
|
<?xml version='1.0' encoding='UTF-8'?>
|
||||||
<rougail version="0.10">
|
<rougail version="0.10">
|
||||||
<services>
|
<services>
|
||||||
<service name="nginx" manage="False">
|
<service name="revprox" manage="False">
|
||||||
<file file_type="variable" source="revprox.crt">revprox_client_cert_file</file>
|
<file file_type="variable" source="revprox.crt">revprox_client_cert_file</file>
|
||||||
<file file_type="variable" source="revprox.key" owner_type="variable" owner="revprox_client_cert_owner" group_type="variable" group="revprox_client_cert_group" mode="400">revprox_client_key_file</file>
|
<file file_type="variable" source="revprox.key" owner_type="variable" owner="revprox_client_cert_owner" group_type="variable" group="revprox_client_cert_group" mode="400">revprox_client_key_file</file>
|
||||||
<file file_type="variable" source="ca_InternalReverseProxy.crt">revprox_client_ca_file</file>
|
<file file_type="variable" source="ca_InternalReverseProxy.crt">revprox_client_ca_file</file>
|
||||||
</service>
|
</service>
|
||||||
</services>
|
</services>
|
||||||
<variables>
|
<variables>
|
||||||
<family name="nginx" description="Reverse proxy">
|
<family name="revprox" description="Reverse proxy">
|
||||||
<variable name="revprox_client_server_domainname" type="domainname" description="Nom de domaine du serveur mandataire inverse" mandatory='True' supplier="ReverseProxy"/>
|
<variable name="revprox_client_server_domainname" type="domainname" description="Nom de domaine du serveur mandataire inverse" mandatory='True' supplier="ReverseProxy" hidden="True"/>
|
||||||
<variable name="revprox_client_server_ip" type="ip" hidden='True'/>
|
<variable name="revprox_client_server_ip" type="ip" hidden='True'/>
|
||||||
<family name="revprox_client" description="Point d'entré des clients" leadership="True">
|
<family name="revprox_client" description="Point d'entrée des clients" leadership="True">
|
||||||
<variable name="revprox_client_external_domainnames" type="domainname" description="Nom de domaine exterieur du serveur" mandatory='True' multi="True" unique="False" supplier="ReverseProxy:external"/>
|
<variable name="revprox_client_external_domainnames" type="domainname" description="Nom de domaine exterieur du serveur" mandatory='True' multi="True" unique="False" supplier="ReverseProxy:external"/>
|
||||||
<variable name="revprox_client_location" type="filename" description="Nom de l'arborescence racine du site" mandatory="True" supplier="ReverseProxy:location">
|
<variable name="revprox_client_location" type="filename" description="Nom de l'arborescence racine du site" mandatory="True" supplier="ReverseProxy:location">
|
||||||
<value>/</value>
|
<value>/</value>
|
||||||
</variable>
|
</variable>
|
||||||
<variable name="revprox_client_is_websocket" type="boolean" description="Le point d'entré est de types websocket" mandatory="True" supplier="ReverseProxy:websocket">
|
<variable name="revprox_client_is_websocket" type="boolean" description="Le point d'entrée est de types websocket" mandatory="True" supplier="ReverseProxy:websocket" hidden="True">
|
||||||
<value>False</value>
|
<value>False</value>
|
||||||
</variable>
|
</variable>
|
||||||
<variable name="revprox_client_max_body_size" description="Taille maximum du corps" supplier="ReverseProxy:max_body_size"/>
|
<variable name="revprox_client_max_body_size" description="Taille maximum du corps" supplier="ReverseProxy:max_body_size"/>
|
||||||
|
@ -26,10 +26,10 @@
|
||||||
<variable name="revprox_client_port" type="port" description="Port du client du mandataire inverse" hidden='True'>
|
<variable name="revprox_client_port" type="port" description="Port du client du mandataire inverse" hidden='True'>
|
||||||
<value>443</value>
|
<value>443</value>
|
||||||
</variable>
|
</variable>
|
||||||
<variable name="revprox_client_cert_owner" type="unix_user" description="Reverse proxy certificate owner">
|
<variable name="revprox_client_cert_owner" type="unix_user" description="Reverse proxy certificate owner" hidden="True">
|
||||||
<value>root</value>
|
<value>root</value>
|
||||||
</variable>
|
</variable>
|
||||||
<variable name="revprox_client_cert_group" type="unix_user" description="Reverse proxy certificate group">
|
<variable name="revprox_client_cert_group" type="unix_user" description="Reverse proxy certificate group" hidden="True">
|
||||||
<value>root</value>
|
<value>root</value>
|
||||||
</variable>
|
</variable>
|
||||||
<variable name="revprox_client_cert_file" type="filename" description="Reverse proxy certificate filename" hidden="True"/>
|
<variable name="revprox_client_cert_file" type="filename" description="Reverse proxy certificate filename" hidden="True"/>
|
||||||
|
@ -39,6 +39,7 @@
|
||||||
</variables>
|
</variables>
|
||||||
<constraints>
|
<constraints>
|
||||||
<fill name="get_ip">
|
<fill name="get_ip">
|
||||||
|
<param type="information">zones</param>
|
||||||
<param type="variable">revprox_client_server_domainname</param>
|
<param type="variable">revprox_client_server_domainname</param>
|
||||||
<target>revprox_client_server_ip</target>
|
<target>revprox_client_server_ip</target>
|
||||||
</fill>
|
</fill>
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
%%get_chain(%%revprox_client_server_domainname, authority_name='InternalReverseProxy', hide=%%hide_secret)
|
%%get_chain(%%domain_name_eth0, %%revprox_client_server_domainname, authority_name='InternalReverseProxy', hide=%%hide_secret)
|
||||||
|
|
|
@ -1,2 +1,2 @@
|
||||||
%%get_certificate(%%domain_name_eth0, authority_cn=%%revprox_client_server_domainname, authority_name='InternalReverseProxy', type="server", hide=%%hide_secret)
|
%%get_certificate(%%domain_name_eth0, authority_cn=%%revprox_client_server_domainname, authority_name='InternalReverseProxy', type="server", hide=%%hide_secret)
|
||||||
%%get_chain(%%revprox_client_server_domainname, 'InternalReverseProxy', hide=%%hide_secret)
|
%%get_chain(%%domain_name_eth0, %%revprox_client_server_domainname, 'InternalReverseProxy', hide=%%hide_secret)
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
<?xml version='1.0' encoding='UTF-8'?>
|
<?xml version='1.0' encoding='UTF-8'?>
|
||||||
<rougail version="0.10">
|
<rougail version="0.10">
|
||||||
<services>
|
<services>
|
||||||
<service name="roundcube" engine="creole" target="multi-user">
|
<service name="roundcube" engine="cheetah" target="multi-user">
|
||||||
<file owner="root" group="nginx" mode="640">/etc/roundcubemail/config.inc.php</file>
|
<file owner="root" group="nginx" mode="640">/etc/roundcubemail/config.inc.php</file>
|
||||||
<file>/etc/nginx/default.d/roundcubemail.conf</file>
|
<file>/etc/nginx/default.d/roundcubemail.conf</file>
|
||||||
<file source="domain.inc.php" file_type="variable" variable="roundcube_domains">roundcube_config</file>
|
<file source="domain.inc.php" file_type="variable" variable="roundcube_domains">roundcube_config</file>
|
||||||
|
@ -45,6 +45,8 @@
|
||||||
<variable name="nginx_root" redefine="True">
|
<variable name="nginx_root" redefine="True">
|
||||||
<value>/usr/share/roundcubemail/</value>
|
<value>/usr/share/roundcubemail/</value>
|
||||||
</variable>
|
</variable>
|
||||||
|
</family>
|
||||||
|
<family name="revprox">
|
||||||
<family name="revprox_client">
|
<family name="revprox_client">
|
||||||
<variable name="revprox_client_external_domainnames" redefine="True" hidden="True"/>
|
<variable name="revprox_client_external_domainnames" redefine="True" hidden="True"/>
|
||||||
<variable name="revprox_client_local_location" redefine="True">
|
<variable name="revprox_client_local_location" redefine="True">
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
echo """#!/bin/bash -e
|
echo """#!/bin/bash -e
|
||||||
/usr/bin/chgrp nginx /etc/roundcubemail/*
|
/usr/bin/chgrp nginx /etc/roundcubemail/*
|
||||||
""" > "$IMAGE_NAME_RISOTTO_IMAGE_DIR/install.sh"
|
""" > "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/install.sh"
|
||||||
chmod +x "$IMAGE_NAME_RISOTTO_IMAGE_DIR/install.sh"
|
chmod +x "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/install.sh"
|
||||||
chroot "$IMAGE_NAME_RISOTTO_IMAGE_DIR" /install.sh
|
chroot "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP" /install.sh
|
||||||
rm -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR/install.sh"
|
rm -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/install.sh"
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
%%get_chain(%%imap_address, 'MailServer', hide=%%hide_secret)
|
%%get_chain(%%imap_address, %%imap_address, 'MailServer', hide=%%hide_secret)
|
||||||
|
|
|
@ -9,8 +9,8 @@
|
||||||
</service>
|
</service>
|
||||||
</services>
|
</services>
|
||||||
<variables>
|
<variables>
|
||||||
<family name="nginx">
|
<family name="revprox">
|
||||||
<variable name="revprox_client_cert_owner" redefine="True" hidden="True">
|
<variable name="revprox_client_cert_owner" redefine="True">
|
||||||
<value>speedtest</value>
|
<value>speedtest</value>
|
||||||
</variable>
|
</variable>
|
||||||
</family>
|
</family>
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
rm "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/share/speedtest-rs/index.html"
|
rm "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/share/speedtest-rs/index.html"
|
||||||
cp "$IMAGE_DIR_RECIPIENT_IMAGE/postinstall/index.html" "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/share/speedtest-rs/index.html"
|
cp "$IMAGE_DIR_RECIPIENT_IMAGE/postinstall/index.html" "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/share/speedtest-rs/index.html"
|
||||||
ln -s ../../../var/lib/speedtest-rs/speedtest-rs.css "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/share/speedtest-rs/"
|
ln -s ../../../var/lib/speedtest-rs/speedtest-rs.css "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/share/speedtest-rs/"
|
||||||
ln -s ../../../var/lib/speedtest-rs/logo.png "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/share/speedtest-rs/"
|
ln -s ../../../var/lib/speedtest-rs/logo.png "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/share/speedtest-rs/"
|
||||||
|
|
|
@ -8,21 +8,21 @@
|
||||||
<service name="systemd-repart" servicelist='systemd_repart' undisable="True">
|
<service name="systemd-repart" servicelist='systemd_repart' undisable="True">
|
||||||
<override/>
|
<override/>
|
||||||
</service>
|
</service>
|
||||||
<service name="systemd-makefs@dev-disk-by\x2dpartlabel-var" engine="creole" target="multi-user" servicelist='systemd_repart' undisable='True'>
|
<service name="systemd-makefs@dev-disk-by\x2dpartlabel-var" engine="cheetah" target="multi-user" servicelist='systemd_repart' undisable='True'>
|
||||||
<file>/repart.d/50-var.conf</file>
|
<file>/repart.d/50-var.conf</file>
|
||||||
</service>
|
</service>
|
||||||
<service name="systemd-makefs@dev-disk-by\x2dpartlabel-var-tmp" engine="creole" target="multi-user" servicelist="add_tmp" undisable='True'>
|
<service name="systemd-makefs@dev-disk-by\x2dpartlabel-var-tmp" engine="cheetah" target="multi-user" servicelist="add_tmp" undisable='True'>
|
||||||
<file>/repart.d/40-tmp.conf</file>
|
<file>/repart.d/40-tmp.conf</file>
|
||||||
</service>
|
</service>
|
||||||
<service name="systemd-makefs@dev-disk-by\x2dpartlabel-srv" engine="creole" target="multi-user" servicelist="add_srv" undisable='True'>
|
<service name="systemd-makefs@dev-disk-by\x2dpartlabel-srv" engine="cheetah" target="multi-user" servicelist="add_srv" undisable='True'>
|
||||||
<file>/repart.d/60-srv.conf</file>
|
<file>/repart.d/60-srv.conf</file>
|
||||||
</service>
|
</service>
|
||||||
<service name="systemd-makefs@dev-disk-by\x2dpartlabel-swap" engine="creole" target="multi-user" servicelist="add_swap" undisable='True'>
|
<service name="systemd-makefs@dev-disk-by\x2dpartlabel-swap" engine="cheetah" target="multi-user" servicelist="add_swap" undisable='True'>
|
||||||
<file>/repart.d/30-swap.conf</file>
|
<file>/repart.d/30-swap.conf</file>
|
||||||
</service>
|
</service>
|
||||||
<service name="var" engine="creole" target="multi-user" type="mount" servicelist='systemd_repart' undisable='True'/>
|
<service name="var" engine="cheetah" target="multi-user" type="mount" servicelist='systemd_repart' undisable='True'/>
|
||||||
<service name="var-tmp" engine="creole" target="multi-user" type="mount" servicelist="add_tmp" undisable='True'/>
|
<service name="var-tmp" engine="cheetah" target="multi-user" type="mount" servicelist="add_tmp" undisable='True'/>
|
||||||
<service name="srv" engine="creole" target="multi-user" type="mount" servicelist="add_srv" undisable='True'/>
|
<service name="srv" engine="cheetah" target="multi-user" type="mount" servicelist="add_srv" undisable='True'/>
|
||||||
<service name="dev-disk-by\x2dpartlabel-swap" engine="none" target="multi-user" type="swap" servicelist="add_swap" undisable='True'/>
|
<service name="dev-disk-by\x2dpartlabel-swap" engine="none" target="multi-user" type="swap" servicelist="add_swap" undisable='True'/>
|
||||||
<service name="systemd-firstboot">
|
<service name="systemd-firstboot">
|
||||||
<override/>
|
<override/>
|
||||||
|
@ -32,7 +32,7 @@
|
||||||
<service name="risotto" target="multi-user" type="target" engine="none"/>
|
<service name="risotto" target="multi-user" type="target" engine="none"/>
|
||||||
</services>
|
</services>
|
||||||
<variables>
|
<variables>
|
||||||
<variable name='root_password' type="password" description="Mot de passe de l'administrateur système root" auto_save='False' mandatory="True"/>
|
<variable name='root_password' type="password" description="Mot de passe de l'administrateur système root" mandatory="True" hidden="True"/>
|
||||||
<variable name="link_configurations" description='Nom des fichiers "link" networkd' type="filename" multi="True" hidden="True"/>
|
<variable name="link_configurations" description='Nom des fichiers "link" networkd' type="filename" multi="True" hidden="True"/>
|
||||||
<variable name="use_systemd_repart" description='Activer le partitionnement systemd' type="boolean" hidden="True"/>
|
<variable name="use_systemd_repart" description='Activer le partitionnement systemd' type="boolean" hidden="True"/>
|
||||||
<family name="network">
|
<family name="network">
|
||||||
|
|
|
@ -1,19 +1,19 @@
|
||||||
<?xml version="1.0" encoding="utf-8"?>
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
<rougail version="0.10">
|
<rougail version="0.10">
|
||||||
<variables>
|
<variables>
|
||||||
<variable name="var_size" type="number" description="Variable directory size">
|
<variable name="var_size" type="number" description="Variable directory size" hidden="True">
|
||||||
<value>1024</value>
|
<value>1024</value>
|
||||||
</variable>
|
</variable>
|
||||||
<variable name="add_tmp" type="boolean" description="Add a temporary directory"/>
|
<variable name="add_tmp" type="boolean" description="Add a temporary directory" hidden="True"/>
|
||||||
<variable name="var_tmp_size" type="number" description="Temporary directory size">
|
<variable name="var_tmp_size" type="number" description="Temporary directory size" hidden="True">
|
||||||
<value>1024</value>
|
<value>1024</value>
|
||||||
</variable>
|
</variable>
|
||||||
<variable name="add_srv" type="boolean" description="Add a persistent directory"/>
|
<variable name="add_srv" type="boolean" description="Add a persistent directory" hidden="True"/>
|
||||||
<variable name="srv_size" type="number" description="Persistent directory size">
|
<variable name="srv_size" type="number" description="Persistent directory size" hidden="True">
|
||||||
<value>1024</value>
|
<value>1024</value>
|
||||||
</variable>
|
</variable>
|
||||||
<variable name="add_swap" type="boolean" description="Add a SWAP partition"/>
|
<variable name="add_swap" type="boolean" description="Add a SWAP partition" hidden="True"/>
|
||||||
<variable name="swap_size" type="number" description="SWAP size">
|
<variable name="swap_size" type="number" description="SWAP size" hidden="True">
|
||||||
<value>512</value>
|
<value>512</value>
|
||||||
</variable>
|
</variable>
|
||||||
</variables>
|
</variables>
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
rm -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/network/80-container-host0.network"
|
rm -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/network/80-container-host0.network"
|
||||||
|
|
|
@ -29,8 +29,8 @@
|
||||||
<variable name="unbound_forward_address" description="Adresse du serveur faisant autorité" provider="ExternalDNS" multi="True"/>
|
<variable name="unbound_forward_address" description="Adresse du serveur faisant autorité" provider="ExternalDNS" multi="True"/>
|
||||||
<variable name="unbound_forward_zones" type="domainname" description="Nom de domaine de la zone" multi="True" provider="ExternalDNS:authority_zones"/>
|
<variable name="unbound_forward_zones" type="domainname" description="Nom de domaine de la zone" multi="True" provider="ExternalDNS:authority_zones"/>
|
||||||
<variable name="unbound_forward_reverse_zones" type="domainname" description="Nom de domaine de la zone" multi="True" provider="ExternalDNS:reverse_authority_zones"/>
|
<variable name="unbound_forward_reverse_zones" type="domainname" description="Nom de domaine de la zone" multi="True" provider="ExternalDNS:reverse_authority_zones"/>
|
||||||
|
<variable name="unbound_allowed_client" type="ip" hidden="True"/>
|
||||||
</family>
|
</family>
|
||||||
<variable name="unbound_allowed_client" type="ip" description="IP des clients autorisés à faire des requêtes DNS" multi="True" mandatory="True"/>
|
|
||||||
<variable name="unbound_default_forwards" description="Serveur résolveur DNS par défaut" multi="True" mandatory="True"/>
|
<variable name="unbound_default_forwards" description="Serveur résolveur DNS par défaut" multi="True" mandatory="True"/>
|
||||||
</family>
|
</family>
|
||||||
</variables>
|
</variables>
|
||||||
|
@ -40,6 +40,7 @@
|
||||||
<target>ip_dns</target>
|
<target>ip_dns</target>
|
||||||
</fill>
|
</fill>
|
||||||
<fill name="get_ip">
|
<fill name="get_ip">
|
||||||
|
<param type="information">zones</param>
|
||||||
<param type="variable">unbound_forward_address</param>
|
<param type="variable">unbound_forward_address</param>
|
||||||
<target>unbound_allowed_client</target>
|
<target>unbound_allowed_client</target>
|
||||||
</fill>
|
</fill>
|
||||||
|
|
|
@ -8,8 +8,8 @@ server:
|
||||||
%for %%interface in %%range(%%len(%%zones_list))
|
%for %%interface in %%range(%%len(%%zones_list))
|
||||||
access-control: %%getVar('ip_eth' + %%str(%%interface)) allow
|
access-control: %%getVar('ip_eth' + %%str(%%interface)) allow
|
||||||
%end for
|
%end for
|
||||||
%for %%allowed in %%unbound_allowed_client
|
%for %%authority in %%unbound_forward_address
|
||||||
access-control: %%allowed allow
|
access-control: %%authority.unbound_allowed_client allow
|
||||||
%end for
|
%end for
|
||||||
do-not-query-localhost: no
|
do-not-query-localhost: no
|
||||||
auto-trust-anchor-file: "/srv/unbound/root.key"
|
auto-trust-anchor-file: "/srv/unbound/root.key"
|
||||||
|
@ -21,7 +21,7 @@ remote-control:
|
||||||
%for %%zone in %%authority.unbound_forward_zones
|
%for %%zone in %%authority.unbound_forward_zones
|
||||||
forward-zone:
|
forward-zone:
|
||||||
name: "%%zone"
|
name: "%%zone"
|
||||||
forward-addr: %%get_ip(%%str(%%authority))
|
forward-addr: %%authority.unbound_allowed_client
|
||||||
|
|
||||||
%end for
|
%end for
|
||||||
%end for
|
%end for
|
||||||
|
|
|
@ -9,11 +9,11 @@
|
||||||
</service>
|
</service>
|
||||||
</services>
|
</services>
|
||||||
<variables>
|
<variables>
|
||||||
<family name="nginx">
|
<family name="revprox">
|
||||||
<family name="revprox_client">
|
<family name="revprox_client">
|
||||||
<variable name="revprox_client_external_domainnames" redefine="True" hidden="True"/>
|
<variable name="revprox_client_external_domainnames" redefine="True" hidden="True"/>
|
||||||
</family>
|
</family>
|
||||||
<variable name="revprox_client_cert_owner" redefine="True" hidden="True">
|
<variable name="revprox_client_cert_owner" redefine="True">
|
||||||
<value>vaultwarden</value>
|
<value>vaultwarden</value>
|
||||||
</variable>
|
</variable>
|
||||||
</family>
|
</family>
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
# locale in jslib/common/src/models/domain/globalState.ts is "en" by default, change it to "fr"
|
# locale in jslib/common/src/models/domain/globalState.ts is "en" by default, change it to "fr"
|
||||||
# this information is store in browser local storage
|
# this information is store in browser local storage
|
||||||
sed -i 's/this.locale="en",/this.locale="fr",/g' $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/share/vaultwarden/app/main.*.js
|
sed -i 's/this.locale="en",/this.locale="fr",/g' $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/share/vaultwarden/app/main.*.js
|
||||||
|
|
Loading…
Reference in a new issue