remove old file and add missing one

seed/applicationservice/2022.03.08/base-fedora-35/applicationservice.yml

@@ -0,0 +1,4 @@
+format: '0.1'
+description: Information de base d'un serveur fedora version 35
+depends:
+  - base-fedora

seed/applicationservice/2022.03.08/base-fedora-35/dictionaries/00-fedora-35.xml

@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="utf-8"?>
+<rougail version="0.10">
+  <variables>
+    <family name="general">
+      <variable name="os_version" type="string" description="OS Version" hidden="True">
+        <value>35</value>
+      </variable>
+    </family>
+  </variables>
+</rougail>

seed/applicationservice/2022.03.08/base-fedora-35/manual/image/postinstall/base_fedora_35.sh

@@ -0,0 +1,7 @@
+# ACTIVE NETWORKD
+mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants
+chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants
+ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
+ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
+ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
+ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"

seed/applicationservice/2022.03.08/base-fedora-35/manual/image/preinstall/base_fedora_35.sh

@@ -0,0 +1 @@
+RELEASEVER=35

seed/applicationservice/2022.03.08/base-fedora/manual/image/preinstall/base_fedora.sh

@@ -1,4 +1,4 @@
-BASE_PKG="systemd systemd-networkd systemd-resolved fedora-release-container lsof strace"
+BASE_PKG="systemd systemd-networkd systemd-resolved fedora-release-container lsof strace glibc-langpack-fr"
 INSTALL_TOOL="dnf"
 OS_NAME='fedora'
 REPO_DIR="$IMAGE_NAME_RISOTTO_IMAGE_DIR/etc/yum.repos.d/"

seed/applicationservice/2022.03.08/base-fedora/packer/image/preprocessors

@@ -1,11 +0,0 @@
-#!/bin/bash
-
-set -xe
-
-echo "Preprocessors"
-
-if [ ! -z $https_proxy ]; then
-    echo "echo 'export https_proxy=$https_proxy' > /tmp/proxy.sh" > scripts/00-proxy
-fi
-
-exit 0

seed/applicationservice/2022.03.08/base-fedora/packer/image/recipe.json

@@ -1,63 +0,0 @@
-{
-  "builders": [
-    {
-      "format": "qcow2",
-      "headless": true,
-      "output_directory": "{{user `tmp_directory`}}/output",
-      "shutdown_command": "echo packer | sudo -S shutdown -P now",
-      "ssh_password": "qemubuild",
-      "ssh_username": "qemubuild",
-      "ssh_wait_timeout": "120m",
-      "type": "qemu",
-      "disk_interface": "virtio",
-      "vm_name": "image.img",
-      "qemuargs": [
-          ["-drive", "file=output/image.img,if=virtio,cache=writeback,discard=ignore,format=qcow2"],
-          ["-drive", "if=pflash,format=raw,readonly=on,file=/usr/share/OVMF/OVMF_CODE.fd"]
-      ],
-      "memory": "2048",
-      "vnc_bind_address": "0.0.0.0",
-      "disk_image": true,
-      "iso_checksum": "{{user `iso_checksum` }}",
-      "iso_url": "{{user `iso_url` }}",
-      "iso_checksum_type": "sha256"
-    }
-  ],
-  "provisioners": [
-    {
-      "type": "file",
-      "source": "{{user `tmp_directory`}}/scripts",
-      "destination": "/tmp/scripts"
-    },
-    {
-      "type": "shell",
-      "inline": [
-        "sudo chown root: /tmp/scripts/*",
-        "sudo chmod +x /tmp/scripts/*",
-        "sudo risotto-run-parts /tmp/scripts/"
-      ]
-   }
-  ],
-  "post-processors": [
-    {
-      "type": "shell-local",
-      "inline": [
-        "sleep 5",
-        "mkdir -p {{user `tmp_directory`}}/tmp",
-        "echo 'Syst Prep'",
-        "LIBGUESTFS_BACKEND=direct virt-sysprep --delete \"/var/*\" --delete \"/home/*\" -a {{user `tmp_directory`}}/output/image.img",
-        "echo 'Sparsify before shink'",
-        "LIBGUESTFS_BACKEND=direct virt-sparsify --check-tmpdir=ignore --tmp {{user `tmp_directory`}}/tmp/ {{user `tmp_directory`}}/output/image.img {{user `tmp_directory`}}/output/sparse.img",
-        "echo 'Shink'",
-        "guestfish add {{user `tmp_directory`}}/output/sparse.img : run : resize2fs-M /dev/sda2",
-        "truncate -s $(virt-df {{user `tmp_directory`}}/output/sparse.img --csv|tail -n +2|awk -F, '{x+=$3}END{print x + 16012}')K {{user `tmp_directory`}}/output/shrink.img",
-        "virt-resize --shrink /dev/sda2 {{user `tmp_directory`}}/output/sparse.img {{user `tmp_directory`}}/output/shrink.img",
-        "echo 'Sparsify and convert to qcow2'",
-        "LIBGUESTFS_BACKEND=direct virt-sparsify --check-tmpdir=ignore --tmp {{user `tmp_directory`}}/tmp/ --compress --convert qcow2 {{user `tmp_directory`}}/output/shrink.img {{user `tmp_directory`}}/image.img",
-        "echo 'SHASUM'",
-        "sha256sum {{user `tmp_directory`}}/image.img > {{user `tmp_directory`}}/image.sha256",
-        "rm -rf {{user `tmp_directory`}}/tmp {{user `tmp_directory`}}/output"
-      ]
-    }
-  ]
-}

seed/applicationservice/2022.03.08/base-fedora/packer/image/recipe.json.ext2

@@ -1,63 +0,0 @@
-{
-  "builders": [
-    {
-      "format": "qcow2",
-      "headless": true,
-      "output_directory": "{{user `tmp_directory`}}/output",
-      "shutdown_command": "echo packer | sudo -S shutdown -P now",
-      "ssh_password": "qemubuild",
-      "ssh_username": "qemubuild",
-      "ssh_wait_timeout": "120m",
-      "type": "qemu",
-      "disk_interface": "virtio",
-      "vm_name": "image.img",
-      "qemuargs": [
-          ["-drive", "file=output/image.img,if=virtio,cache=writeback,discard=ignore,format=qcow2"],
-          ["-drive", "if=pflash,format=raw,readonly=on,file=/usr/share/OVMF/OVMF_CODE.fd"]
-      ],
-      "memory": "2048",
-      "vnc_bind_address": "0.0.0.0",
-      "disk_image": true,
-      "iso_checksum": "{{user `iso_checksum` }}",
-      "iso_url": "{{user `iso_url` }}",
-      "iso_checksum_type": "sha256"
-    }
-  ],
-  "provisioners": [
-    {
-      "type": "file",
-      "source": "{{user `tmp_directory`}}/scripts",
-      "destination": "/tmp/scripts"
-    },
-    {
-      "type": "shell",
-      "inline": [
-        "sudo chown root: /tmp/scripts/*",
-        "sudo chmod +x /tmp/scripts/*",
-        "sudo risotto-run-parts /tmp/scripts/"
-      ]
-   }
-  ],
-  "post-processors": [
-    {
-      "type": "shell-local",
-      "inline": [
-        "sleep 5",
-        "mkdir -p {{user `tmp_directory`}}/tmp",
-        "echo 'Syst Prep'",
-        "LIBGUESTFS_BACKEND=direct virt-sysprep --delete \"/var/*\" --delete \"/home/*\" -a {{user `tmp_directory`}}/output/image.img",
-        "echo 'Sparsify before shink'",
-        "LIBGUESTFS_BACKEND=direct virt-sparsify --check-tmpdir=ignore --tmp {{user `tmp_directory`}}/tmp/ {{user `tmp_directory`}}/output/image.img {{user `tmp_directory`}}/output/sparse.img",
-        "echo 'Shink'",
-        "guestfish add {{user `tmp_directory`}}/output/sparse.img : run : resize2fs-M /dev/sda2",
-        "truncate -s $(virt-df {{user `tmp_directory`}}/output/sparse.img --csv|tail -n +2|awk -F, '{x+=$3}END{print x + 16384}')K {{user `tmp_directory`}}/output/shrink.img",
-        "virt-resize --shrink /dev/sda2 {{user `tmp_directory`}}/output/sparse.img {{user `tmp_directory`}}/output/shrink.img",
-        "echo 'Sparsify and convert to qcow2'",
-        "LIBGUESTFS_BACKEND=direct virt-sparsify --check-tmpdir=ignore --tmp {{user `tmp_directory`}}/tmp/ --compress --convert qcow2 {{user `tmp_directory`}}/output/shrink.img {{user `tmp_directory`}}/image.img",
-        "echo 'SHASUM'",
-        "sha256sum {{user `tmp_directory`}}/image.img > {{user `tmp_directory`}}/image.sha256",
-        "rm -rf {{user `tmp_directory`}}/tmp {{user `tmp_directory`}}/output"
-      ]
-    }
-  ]
-}

seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/10-update

@@ -1,8 +0,0 @@
-#!/bin/bash
-
-set -xe
-
-[ -e /tmp/proxy.sh ] && . /tmp/proxy.sh
-microdnf update
-
-exit 0

seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/40-remove_microdnf

@@ -1,9 +0,0 @@
-#!/bin/bash
-set -xe
-
-microdnf clean all
-for package in microdnf libdnf libpeas libstdc++ gobject-introspection libsolv librepo libmodulemd file-libs zchunk-libs libyaml gpgme gnupg2 libassuan libksba libusbx npth; do
-    rpm -e $package || true
-done
-rm -rf /var/lib/dnf
-exit 0

seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/50-rpm_vaccum

@@ -1,29 +0,0 @@
-#!/bin/bash
-set -xe
-
-rpm -qa | sort > /tmp/rpm.txt
-# try to remove this packages
-PKG=" rpm rpm-libs curl libcurl lua-libs libarchive sqlite-libs libnghttp2 libssh libbrotli libpsl publicsuffix-list-dafsa libxml2 libssh-config elfutils-libs dbus-broker "
-# exclude package
-PKG2=""
-while read -r a; do
-    pkg="$(echo "$a" | awk '{ print $1 }' | awk -F'(' '{ print $1 }')"
-    [ -n "$PKG2" ] && PKG2="$PKG2\n"
-    PKG2="$PKG2$pkg"
-done <<< "$( rpm --test -ev $PKG 2>&1 | grep -v ^'erreur' )"
-
-while read -r b; do
-    pkg=$(rpm -q $b --quiet && echo $b || rpm -qf $(find / -name $b -print -quit) --query --queryformat "%{NAME}\n";)
-    echo "Ne pas désinstaller $pkg"
-    PKG=${PKG// $pkg / }
-done <<< "$(echo -e $PKG2 | sort -u)"
-
-echo "Suppression de $PKG"
-rpm -e $PKG
-
-echo "Remove rpm database"
-rm -rf /var/lib/rpm/*
-rm -rf /usr/lib/rpm
-mv /tmp/rpm.txt /var/lib/rpm/rpm.txt
-
-exit 0

seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/60-tmpfiles

@@ -1,11 +0,0 @@
-#!/bin/bash
-
-set -xe
-
-rm -rf /etc/X11 /etc/firewalld /etc/pki/rpm-gpg /etc/yum.repos.d /etc/dconf
-make_volatile /etc
-#
-make_volatile /var/lib/rpm
-
-sed -i 's/ ro$/ ro systemd.volatile=yes selinux=1 net.ifnames=0/g' /boot/efi/loader/entries/fedora.conf
-exit 0

seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/70-locale

@@ -1,15 +0,0 @@
-#!/bin/bash
-
-set -xe
-
-find /usr/share/locale/ -mindepth 1 -maxdepth 1 ! -name fr ! -name fr_FR -exec rm -rf '{}' \;
-find /usr/lib/locale/ -mindepth 1 -maxdepth 1 ! -name fr_FR.utf8 ! -name C.utf8 -exec rm -rf '{}' \;
-find /usr/lib/kbd/keymaps/xkb/ -type f ! -name fr-oss.map.gz -delete
-find /usr/lib/kbd/consolefonts/ -type f ! -name eurlatgr.psfu.gz -delete
-rm -rf /usr/share/bash-completion
-rm -rf /usr/share/pkgconfig
-rm -rf /usr/share/licenses/
-rm -rf /usr/share/zsh
-rm -rf /usr/lib/.build-id
-rm -rf /usr/lib/debug
-exit 0

seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/80-log

@@ -1,7 +0,0 @@
-#!/bin/bash
-
-set -xe
-
-rm -rf /var/cache/* /var/log/*
-
-exit 0

seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/90-initrd

@@ -1,10 +0,0 @@
-#!/bin/bash
-
-set -xe
-
-KERNELVERSION=$(ls /lib/modules)
-if [ -f "/boot/efi/$KERNELVERSION/initrd.cdrom" ]; then
-    mv "/boot/efi/$KERNELVERSION/initrd.cdrom" "/boot/efi/$KERNELVERSION/initrd"
-fi
-
-exit 0

seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/99-reduce

@@ -1,11 +0,0 @@
-#!/bin/bash
-
-set -ex
-#
-#duperemove -rd /
-#
-#for size in 1000000000 100000000 10000000 1000000 100000 10000 1000 100 10 1; do
-#    echo "========================= $size ========================="
-#    while btrfs filesystem resize -$size /; do :; done
-#done
-exit 0

seed/applicationservice/2022.03.08/base-fedora/packer/os/bin/make_volatile

@@ -1,63 +0,0 @@
-#!/bin/bash
-set -e
-DESTDIR='/usr/lib/tmpfiles.d'
-CONF_DST='/usr/share/factory'
-EXCLUDES="^(/etc/passwd|/etc/group|/etc/.updated|/etc/.pwd.lock|/etc/pam.d|/etc/systemd/network/dhcp.network|/etc/sudoers.d/qemubuild)$"
-ONLY_COPY="^(/etc/localtime)$"
-FORCE_LINKS="^(/etc/udev/hwdb.bin)$"
-
-function file_dir_in_tmpfiles() {
-    letter=$1
-    directory=$2
-    mode=$(stat --format "%a" "$directory")
-    user=$(stat --format "%U" "$directory")
-    group=$(stat --format "%G" "$directory")
-    echo "$letter $directory $mode $user $group - -"
-}
-
-function calc_symlink_in_tmpfiles() {
-    dest_name=$1
-    src_file=$(readlink "$dest_name")
-    symlink_in_tmpfiles "$dest_name" "$src_file"
-}
-
-function symlink_in_tmpfiles() {
-    dest_name=$1
-    src_file=$2
-    echo "L+ $dest_name - - - - $src_file"
-}
-
-function main() {
-    dir_config_orig=$1
-
-    mkdir -p "$DESTDIR"
-    mkdir -p "$CONF_DST$dir_config_orig"
-    name="${dir_config_orig//\//-}"
-    systemd_conf="$DESTDIR/risotto$name.conf"
-    echo "" > $systemd_conf
-    while IFS= read -r -d '' src_file; do
-        dest_file="$CONF_DST$src_file"
-	echo $src_file
-        if [[ "$src_file" =~ $EXCLUDES ]]; then
-             echo "$src_file: exclude" >&2
-        elif [[ -L "$src_file" ]]; then
-            calc_symlink_in_tmpfiles "$src_file" >> $systemd_conf
-        elif [[ "$src_file" =~ $FORCE_LINKS ]]; then
-            symlink_in_tmpfiles "$src_file" "$dest_file" >> $systemd_conf
-        elif [[ -d "$src_file" ]]; then
-            file_dir_in_tmpfiles 'd' "$src_file" >> $systemd_conf
-            [[ ! -d "$dest_file" ]] && mkdir -p "$dest_file"
-            #echo "$src_file: directory ok"
-        else
-            if [[ ! "$src_file" =~ $ONLY_COPY ]]; then
-                file_dir_in_tmpfiles "C" "$src_file" >> $systemd_conf
-            fi
-            [[ -e "$dest_file" ]] && rm -f "$dest_file"
-            # not a symlink... an hardlink
-            ln "$src_file" "$dest_file"
-            #echo "$src_file: file ok"
-        fi
-    done <  <(find "$dir_config_orig" -print0)
-}
-main "$1"
-exit 0

seed/applicationservice/2022.03.08/base-fedora/packer/os/bin/risotto-run-parts

@@ -1,24 +0,0 @@
-#!/usr/bin/bash
-# run-parts - concept taken from Debian
-
-set +xe
-
-if [ $# -lt 1 ]; then
-	echo "Usage: risotto-run-parts <dir>"
-	exit 1
-fi
-
-if [ ! -d $1 ]; then
-	echo "Not a directory: $1"
-	exit 1
-fi
-
-# Ignore *~ and *, scripts
-for i in $(LC_ALL=C; echo ${1%/}/*[^~,]) ; do
-	[ -d $i ] && continue
-	[ ! -x $i ] && continue
-	echo "execute $i"
-	$i 2>&1
-done
-
-exit 0

seed/applicationservice/2022.03.08/base-fedora/packer/os/http/ks-34.cfg

@@ -1,169 +0,0 @@
-# Keyboard layouts
-keyboard --xlayouts='fr (oss)'
-# System language
-lang fr_FR.UTF-8
-# Required settings
-rootpw qemubuild
-user --name=qemubuild --password=qemubuild --groups=wheel
-authconfig --enableshadow --enablemd5
-
-# System timezone
-timezone Europe/Paris --utc
-repo --name=fedora --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-$releasever&arch=$basearch
-repo --name=updates --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f$releasever&arch=$basearch
-url --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-\$releasever&arch=\$basearch%%EXTRA_URL%%
-
-# Optional settings
-#bootloader --location=mbr
-bootloader --disabled
-clearpart --all --initlabel
-firstboot --enable
-#install
-network --bootproto=dhcp
-reboot
-selinux --enforcing
-#services --enabled=sshd,zram-swap,systemd-networkd,systemd-resolved
-services --enabled=sshd --disabled=systemd-vconsole-setup
-skipx
-text
-zerombr
-
-# Disk partition
-part / --fstype="ext2" --ondisk=vda --grow
-# btrfs : part btrfs.50 --fstype="btrfs" --ondisk=vda --grow
-part /boot/efi --fstype="efi" --ondisk=vda --size=30 --fsoptions="umask=0077,shortname=winnt"
-
-#btrfs none --label=fedora_fedora btrfs.50
-#btrfs / --subvol --name=root LABEL=fedora_fedora
-
-# Packages
-%packages --excludedocs --instLangs=fr --nocore --exclude-weakdeps
-#@core --nodefaults
-audit
-bash
-coreutils
-#dracut-config-generic
-# btrfs duperemove
-#glibc-langpack-fr
-kbd
-kernel-core
-microdnf
-openssh-server
-openssh-clients
-qemu-guest-agent
-systemd-networkd
-#rpm
-#shadow-utils
-screen
-sudo
-systemd
-#util-linux
--zram
-#
--kernel
-%end
-
-# Post
-%post
-
-# for microdnf
-touch /etc/dnf/dnf.conf
-
-# add qemubuild to sudo
-echo "qemubuild        ALL=(ALL)       NOPASSWD: ALL" >> /etc/sudoers.d/qemubuild
-
-# remove unecessary directories
-rm -rf /usr/share/doc
-rm -rf /usr/share/licenses
-#rm -rfv /usr/share/icons/*
-# remove some random help txt files
-rm -fv /usr/share/gnupg/help*.txt
-# Pruning random things
-rm usr/lib/rpm/rpm.daily
-#some random not-that-useful binaries
-rm -fv /usr/bin/pinky
-
-# if you want to change the timezone, bind-mount it from the host or reinstall tzdata
-localzone=$(readlink /etc/localtime)
-mv $localzone /tmp
-rm -rfv  /usr/share/zoneinfo
-mkdir -p $(dirname $localzone)
-mv /tmp/$(basename $localzone) $localzone
-
-# configure systemd-networkd
-echo """[Match]
-Name=*
-
-[Network]
-DHCP=yes""" > /etc/systemd/network/dhcp.network
-SYSTEMDDIR=/usr/lib/systemd/system
-MULTI=$SYSTEMDDIR/multi-user.target.wants
-ln -sf ../systemd-networkd.service $MULTI/systemd-networkd.service
-ln -sf ../systemd-resolved.service $MULTI/systemd-resolved.service
-
-# initramfs have to mount iso9660 partition
-# install bootload
-SYSDISK="/dev/vda2"
-MACHINEID=`cat /etc/machine-id`
-KERNELVERSION=`ls /lib/modules`
-DISK=`lsblk -n $SYSDISK -o uuid`
-mkdir /boot/$MACHINEID
-# btrfs : echo "root=UUID=$DISK ro rootflags=subvol=root" > /etc/kernel/cmdline
-echo "root=UUID=$DISK ro" > /etc/kernel/cmdline
-# add CDROM driver
-echo 'add_drivers+=" iso9660 "' > /etc/dracut.conf.d/cdrom.conf
-kernel-install add $KERNELVERSION /lib/modules/$KERNELVERSION/vmlinuz
-mv /boot/$MACHINEID/$KERNELVERSION /boot/efi
-# // ADD MOUNT INSTRUCTION IN INITRAMFS
-# build second initrd file that mount cdrom to /usr
-#echo 'add_fstab+=/tmp/fstab' >> /etc/dracut.conf.d/cdrom.conf
-#echo "/dev/sr0 /sysroot/usr/local/lib iso9660 ro,relatime,x-systemd.after=sysroot.mount,x-systemd.before=systemd-volatile-root.service 0 0" > /tmp/fstab
-#echo "/dev/sr0 /sysroot/usr/local/lib iso9660 ro,x-initrd.mount,nosuid,noexec,uid=0,gid=0,mode=400 0 0" > /tmp/fstab
-echo "[Unit]
-DefaultDependencies=no
-After=sysroot.mount
-Before=initrd-udevadm-cleanup-db.service
-#Before=systemd-volatile-root.service
-After=blockdev@dev-sr0.target
-
-[Service]
-Type=oneshot
-ExecStart=mount /dev/sr0 /sysroot/usr/local/lib -t iso9660 -o defaults,ro,nosuid,noexec,uid=0,gid=0,mode=400
-" > /usr/lib/systemd/system/sysroot-usr-local-lib.service
-
-# // VERSION .mount
-#[Mount]
-#Where=/sysroot/usr/local/lib
-#What=/dev/sr0
-#Type=iso9660
-#Options=defaults,ro,nosuid,noexec,uid=0,gid=0,mode=400" > /usr/lib/systemd/system/sysroot-usr-local-lib.mount
-mkdir -p /usr/lib/systemd/system/initrd-root-fs.target.requires
-cd /usr/lib/systemd/system/initrd-root-fs.target.requires
-#ln -sf ../sysroot-usr-local-lib.mount .
-ln -sf ../sysroot-usr-local-lib.service .
-#echo 'install_items+=" /usr/lib/systemd/system/sysroot-usr-local-lib.mount /usr/lib/systemd/system/initrd-root-fs.target.requires/sysroot-usr-local-lib.mount "' >> /etc/dracut.conf.d/cdrom.conf
-echo 'install_items+=" /usr/lib/systemd/system/sysroot-usr-local-lib.service /usr/lib/systemd/system/initrd-root-fs.target.requires/sysroot-usr-local-lib.service "' >> /etc/dracut.conf.d/cdrom.conf
-kernel-install add $KERNELVERSION /lib/modules/$KERNELVERSION/vmlinuz
-mv /boot/$MACHINEID/$KERNELVERSION/initrd /boot/efi/$KERNELVERSION/initrd.cdrom
-rm -f /etc/dracut.conf.d/cdrom.conf
- // END INITRAMFS
-# rename entry file without machine ID
-mv /boot/loader/entries/$MACHINEID-$KERNELVERSION.conf /boot/loader/entries/fedora.conf
-sed -i "/^machine-id /d" /boot/loader/entries/fedora.conf
-sed -i "s@/boot/$MACHINEID/$KERNELVERSION/@/$KERNELVERSION/@g" /boot/loader/entries/fedora.conf
-# move it in EFI directory for systemd-boot
-mv /boot/loader /boot/efi
-# remove unused file
-rm -rf /lib/modules/$KERNELVERSION/vmlinuz /boot/initramfs* /boot/$MACHINEID
-# install systemd-boot
-bootctl install
-
-# remove authselect and dracut
-microdnf -y remove dracut xz acl authselect authselect-compat authselect-libs chrony cpio libkcapi-hmaccalc libkcapi linux-firmware linux-firmware-whence
-# remove python3
-microdnf -y remove python3 python3-libs python-pip-wheel python-setuptools-wheel gdbm-libs
-# remove langpacks fr
-microdnf -y remove langpacks-fr langpacks-core-fr langpacks-core-font-fr dejavu-sans-fonts fonts-filesystem
-rm -f /var/lib/systemd/random-seed
-rm -rfv /var/lib/authselect
-%end

seed/applicationservice/2022.03.08/base-fedora/packer/os/preprocessors

@@ -1,13 +0,0 @@
-#!/bin/bash
-
-set -xe
-
-echo "Preprocessors"
-
-if [ ! -z $https_proxy ]; then
-    sed -i "s@%%EXTRA_URL%%@ --proxy=$https_proxy@g" http/ks-34.cfg
-else
-    sed -i "s@%%EXTRA_URL%%@@g" http/ks-34.cfg
-fi
-
-exit 0

seed/applicationservice/2022.03.08/base-fedora/packer/os/recipe.json

@@ -1,71 +0,0 @@
-{
-  "builders": [
-    {
-      "format": "qcow2",
-      "headless": true,
-      "output_directory": "{{user `tmp_directory`}}/output",
-      "shutdown_command": "echo packer | sudo -S shutdown -P now",
-      "ssh_password": "qemubuild",
-      "ssh_username": "qemubuild",
-      "ssh_wait_timeout": "120m",
-      "type": "qemu",
-      "disk_interface": "virtio",
-      "vm_name": "image.img",
-      "qemuargs": [
-          ["-drive", "file=output/image.img,if=virtio,cache=writeback,discard=ignore,format=qcow2"],
-          ["-drive", "if=pflash,format=raw,readonly=on,file=/usr/share/OVMF/OVMF_CODE.fd"]
-      ],
-      "memory": "2048",
-      "vnc_bind_address": "0.0.0.0",
-      "boot_command": [
-        "<up>e<down><down><end> inst.text inst.gpt inst.ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/ks-34.cfg <leftCtrlOn>x<leftCtrlOff> <wait>"
-      ],
-      "disk_size": "4096",
-      "iso_checksum_type": "sha256",
-      "iso_checksum": "e1a38b9faa62f793ad4561b308c31f32876cfaaee94457a7a9108aaddaeec406",
-      "iso_url": "https://download.fedoraproject.org/pub/fedora/linux/releases/34/Server/x86_64/iso/Fedora-Server-netinst-x86_64-34-1.2.iso",
-      "http_directory": "{{user `tmp_directory`}}/http"
-    }
-  ],
-  "provisioners": [
-    {
-      "type": "file",
-      "source": "{{user `tmp_directory`}}/bin",
-      "destination": "/tmp/bin"
-    },
-    {
-      "type": "shell",
-      "inline": [
-        "sudo mv /tmp/bin/* /usr/local/bin",
-        "sudo chown root: /usr/local/bin/*",
-        "sudo chmod +x /usr/local/bin/*"
-      ]
-    },
-    {
-      "type": "file",
-      "source": "{{user `tmp_directory`}}/scripts",
-      "destination": "/tmp/scripts"
-    },
-    {
-      "type": "shell",
-      "inline": [
-        "sudo chown root: /tmp/scripts/*",
-        "sudo chmod +x /tmp/scripts/*",
-        "sudo risotto-run-parts /tmp/scripts/"
-      ]
-   }
-  ],
-  "post-processors": [
-    {
-      "type": "shell-local",
-      "inline": [
-        "sleep 5",
-        "mkdir -p {{user `tmp_directory`}}/tmp",
-        "LIBGUESTFS_BACKEND=direct virt-sysprep -a {{user `tmp_directory`}}/output/image.img",
-        "LIBGUESTFS_BACKEND=direct virt-sparsify --check-tmpdir=ignore --tmp {{user `tmp_directory`}}/tmp/ --compress {{user `tmp_directory`}}/output/image.img {{user `tmp_directory`}}/image.img",
-        "sha256sum {{user `tmp_directory`}}/image.img > {{user `tmp_directory`}}/image.sha256",
-        "rm -rf {{user `tmp_directory`}}/tmp {{user `tmp_directory`}}/output"
-      ]
-    }
-  ]
-}

seed/applicationservice/2022.03.08/base-fedora/packer/os/scripts/30-rpm_vaccum

@@ -1,7 +0,0 @@
-#!/bin/bash
-set -xe
-
-echo VACUUM |sqlite3 /var/lib/rpm/rpmdb.sqlite
-
-exit 0
-

seed/applicationservice/2022.03.08/base-fedora/packer/os/scripts/40-locale

@@ -1,19 +0,0 @@
-#!/bin/bash
-
-set -xe
-
-find /usr/share/locale/ -mindepth 1 -maxdepth 1 ! -name fr ! -name fr_FR -exec rm -rf '{}' \;
-find /usr/lib/locale/ -mindepth 1 -maxdepth 1 ! -name fr_FR.utf8 ! -name C.utf8 -exec rm -rf '{}' \;
-find /usr/share/terminfo -mindepth 1 -maxdepth 1 ! -name l ! -name d ! -name s -exec rm -rf '{}' \;
-find /usr/share/terminfo/s/screen -type f ! -name screen-256color -delete
-find /usr/lib/kbd/keymaps/xkb/ -type f ! -name fr-oss.map.gz -delete
-find /usr/lib/kbd/consolefonts/ -type f ! -name eurlatgr.psfu.gz -delete
-rm -rf /usr/lib/kbd/consoletrans
-rm -rf /usr/lib/kbd/unimaps
-rm -rf /usr/lib/kernel
-rm -rf /usr/lib/systemd/boot
-rm -rf /usr/share/bash-completion
-rm -rf /usr/share/pkgconfig
-rm -rf /usr/share/licenses/
-rm -rf /usr/lib/debug
-exit 0

seed/applicationservice/2022.03.08/base/dictionaries/00-base.xml

@@ -1,5 +1,10 @@
 <?xml version="1.0" encoding="utf-8"?>
 <rougail version="0.10">
+  <services>
+    <service name="base" manage="False">
+      <file engine="none">/etc/locale.conf</file>
+    </service>
+  </services>
   <variables>
     <family name='general' description="Général">
       <variable name="zones_list" type="string" multi="True" description="Liste de toutes les zones" hidden="True"/>

seed/applicationservice/2022.03.08/gitea/dictionaries/31_gitea.xml

@@ -19,9 +19,6 @@
       <variable name="gitea_lfs_jwt_secret" type="password" hidden="True"/>
     </family>
     <family name="nginx">
-      <variable name="revprox_client_location" redefine="True">
-        <value>/gitea/</value>
-      </variable>
       <variable name="revprox_client_local_location" redefine="True">
         <value>/</value>
       </variable>
@@ -82,23 +79,19 @@
       <param name="length" type="number">43</param>
       <target>gitea_lfs_jwt_secret</target>
     </fill>
-    <fill name="calc_value">
+    <fill name="calc_oauth2_client_external">
-      <param>https://</param>
       <param type="variable" optional="True">revprox_client_external_domainname</param>
       <param type="variable" optional="True">revprox_client_location</param>
       <param>user/oauth2/</param>
       <param type="variable">domain_name_eth0</param>
       <param>/callback</param>
-      <param name="join"></param>
       <target>oauth2_client_login</target>
     </fill>
-    <fill name="calc_value">
+    <fill name="calc_oauth2_client_external">
-      <param>https://</param>
       <param type="variable">revprox_client_external_domainname</param>
       <param type="variable">revprox_client_location</param>
       <param>user/oauth2/</param>
       <param type="variable">domain_name_eth0</param>
-      <param name="join"></param>
       <target>oauth2_client_external</target>
     </fill>
   </constraints>

seed/applicationservice/2022.03.08/gitea/manual/image/postinstall/gitea.sh

@@ -8,17 +8,16 @@ VERSION=$(wget https://dl.gitea.io/gitea/version.json -q -O - | jq -r '.latest.v
 
 mkdir -p ~/gitea/
 
-if [ ! -f "~/gitea/gitea-$VERSION-linux-amd64.xz" ]; then
+if [ ! -f ~/"gitea/gitea-$VERSION-linux-amd64.xz" ]; then
-    wget https://dl.gitea.io/gitea/$VERSION/gitea-$VERSION-linux-amd64.xz -O ~/gitea/gitea-$VERSION-linux-amd64.xz
+    wget "https://dl.gitea.io/gitea/$VERSION/gitea-$VERSION-linux-amd64.xz" -O ~/"gitea/gitea-$VERSION-linux-amd64.xz"
 fi
-if [ ! -f "~/gitea/gitea-$VERSION-linux-amd64.xz.asc" ]; then
+if [ ! -f ~/"gitea/gitea-$VERSION-linux-amd64.xz.asc" ]; then
-    wget https://dl.gitea.io/gitea/$VERSION/gitea-$VERSION-linux-amd64.xz.asc -O ~/gitea/gitea-$VERSION-linux-amd64.xz.asc
+    wget "https://dl.gitea.io/gitea/$VERSION/gitea-$VERSION-linux-amd64.xz.asc" -O ~/"gitea/gitea-$VERSION-linux-amd64.xz.asc"
 fi
 
-gpg --verify ~/gitea/gitea-$VERSION-linux-amd64.xz.asc ~/gitea/gitea-$VERSION-linux-amd64.xz
+gpg --verify ~/"gitea/gitea-$VERSION-linux-amd64.xz.asc" ~/"gitea/gitea-$VERSION-linux-amd64.xz"
-
-cp -a ~/gitea/gitea-$VERSION-linux-amd64.xz .
-xz -d gitea-$VERSION-linux-amd64.xz
-mv gitea-$VERSION-linux-amd64 $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/bin/gitea
-chmod +x $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/bin/gitea
 
+cp -a ~/"gitea/gitea-$VERSION-linux-amd64.xz" .
+xz -d "gitea-$VERSION-linux-amd64.xz"
+mv "gitea-$VERSION-linux-amd64" "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/bin/gitea"
+chmod +x "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/bin/gitea"

seed/applicationservice/2022.03.08/host-systemd-machined/dictionaries/21-machined.xml

@@ -19,7 +19,7 @@
     <variable name="host_install_dir" type="filename" description="Nom du répertoire comprenant les descriptions d'installation" mandatory="True"/>
     <variable name="host_dhcp_interface" description="Carte réseau en DHCP" multi="True"/>
     <variable name="host_dhcp_filename" type="filename" hidden="True" multi="True"/>
-    <variable name="host_name" type="hostname" hidden="True"/>
+    <variable name="host_name" type="domainname" hidden="True"/>
     <variable name="systemd_zone_filename" type="filename" hidden="True" multi="True"/>
     <variable name="systemd_netzone_filename" type="filename" hidden="True" multi="True"/>
     <family name="zones" leadership="True">

seed/applicationservice/2022.03.08/mailman/dictionaries/31_mailman.xml

@@ -21,11 +21,6 @@
       <variable name="mailman_domains" type="domainname" description="Nom de domaine des listes" multi="True" mandatory="True" provider="domain_list"/>
       <variable name="postorius_secret_key" type="password" description="Internal secret key" mandatory="True" hidden="True" auto_save="True"/>
     </family>
-    <family name="nginx">
-      <variable name="revprox_client_location" redefine="True">
-        <value>/mailman</value>
-      </variable>
-    </family>
     <family name="oauth2_client">
       <variable name="oauth2_is_client_application" redefine='True'>
         <value>True</value>
@@ -50,12 +45,10 @@
       <param name="type">cleartext</param>
       <target>postorius_secret_key</target>
     </fill>
-    <fill name="calc_value">
+    <fill name="calc_oauth2_client_external">
-      <param>https://</param>
       <param type="variable">revprox_client_external_domainname</param>
       <param type="variable">revprox_client_location</param>
       <param>/accounts/risotto/login/</param>
-      <param name="join"></param>
       <target>oauth2_client_external</target>
     </fill>
   </constraints>

seed/applicationservice/2022.03.08/mailman/funcs/mailman.py

@@ -1,4 +1,4 @@
-from utils import multi_function as _multi_function
+from risotto.utils import multi_function as _multi_function
 from itertools import chain
 
 

seed/applicationservice/2022.03.08/nextcloud/dictionaries/31_nextcloud.xml

@@ -18,11 +18,6 @@
       <variable name="nextcloud_mail_admin" type="mail" mandatory="True"/>
       <variable name="nextcloud_instance_id" type="password" auto_freeze="True" hidden="True"/>
     </family>
-    <family name="nginx">
-      <variable name="revprox_client_location" redefine="True">
-        <value>/nextcloud</value>
-      </variable>
-    </family>
     <family name="oauth2_client">
       <variable name="oauth2_is_client_application" redefine='True'>
         <value>True</value>

seed/applicationservice/2022.03.08/nextcloud/templates/nextcloud.init

@@ -44,9 +44,13 @@ fi
 /usr/bin/php /usr/share/nextcloud/occ ldap:set-config s01 ldapUserDisplayName "sn"
 /usr/bin/php /usr/share/nextcloud/occ ldap:set-config s01 ldapConfigurationActive "1"
 #/usr/bin/php /usr/share/nextcloud/occ ldap:set-config s01 ldapTLS "1"
-# cron
+# Cron
 /usr/bin/php /usr/share/nextcloud/occ config:app:set core backgroundjobs_mode --value=cron
-# need network
+# Need network
 /usr/bin/php /usr/share/nextcloud/occ app:disable weather_status
+# Maintenance
+/usr/bin/php /usr/share/nextcloud/occ upgrade
+/usr/bin/php /usr/share/nextcloud/occ files:scan --all -q
+/usr/bin/php /usr/share/nextcloud/occ maintenance:repair -q
 
 exit 0

seed/applicationservice/2022.03.08/nextcloud/templates/nextcloud.service

@@ -9,8 +9,6 @@ WorkingDirectory=/usr/share/nextcloud
 #FIXME
 ExecStart=+/usr/bin/chmod +w /etc/nextcloud/config.php
 ExecStart=/etc/nextcloud/nextcloud.init
-ExecStart=/usr/bin/php occ files:scan --all -q
-ExecStart=/usr/bin/php occ maintenance:repair -q
 ExecStart=+/usr/bin/chmod -w /etc/nextcloud/config.php
 User=apache
 Group=apache

seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/DEBUG

@@ -0,0 +1,2 @@
+sed -i 's@error_log syslog:server=unix:/dev/log;@error_log syslog:server=unix:/dev/log debug;@g' /etc/nginx/nginx.conf
+systemctl restart nginx

seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/dictionaries/25_nginx.xml

@@ -22,7 +22,7 @@
     <family name="nginx" description="NGINX" help="Paramétrage global de NGINX">
       <variable name="nginx_default" redefine="True" remove_fill="True"/>
       <variable name="revprox_domainnames" type="domainname" description="Nom des domaines à configurer dans le serveur mandataire inverse" help="Liste des domaines gérés par le serveur mandataire inverse" multi="True"/>
-      <variable name="revprox_domainnames_auto" type="domainname" description="Nom des domaines auto-configurés dans le serveur mandataire inverse" multi="True" provider="clients" hidden="True"/>
+      <variable name="revprox_domainnames_auto" type="domainname" description="Nom des domaines auto-configurés dans le serveur mandataire inverse" multi="True" provider="revprox_clients" hidden="True"/>
       <variable name="revprox_domainnames_all" type="domainname" description="Tous les noms de domaines" multi="True" hidden="True"/>
       <variable name='nginx_private_key_filename' type="filename" description="Private key filename" hidden='True' multi='True'/>
       <variable name='nginx_certificate_filename' type="filename" description="Certificate filename" hidden='True' multi='True'/>

seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/extras/nginx/00-nginx.xml

@@ -6,8 +6,9 @@
         <value>False</value>
       </variable>
       <family name="reverse_proxy_" description="Reverse proxy" help="Paramètrage du proxy inverse" leadership="True">
-        <variable name="revprox_location_" type="filename" description="Répertoire ou nom de la page à rediriger" help="URL relative (sans le nom de domaine) redirigée pour l'adresse définie dans la variable ci-dessus (exemple &quot;/mail&quot;)" mandatory="True" multi="True" provider="location"/>
+        <variable name="revprox_location_" type="filename" description="Répertoire ou nom de la page à rediriger" help="URL relative (sans le nom de domaine) redirigée pour l'adresse définie dans la variable ci-dessus (exemple &quot;/mail&quot;)" mandatory="True" multi="True" provider="revprox_location"/>
-        <variable name="revprox_url_" type="web_address" description="Domaine de destination ou URI complète" mandatory="True" help="Nom de domaine ou IP de destination, par exemple &quot;http://domainelocal&quot; ou URI, par exemple &quot;http://domainelocal/dir/&quot;" provider="url"/>
+        <variable name="revprox_url_" type="web_address" description="Domaine de destination ou URI complète" mandatory="True" help="Nom de domaine ou IP de destination, par exemple &quot;http://domainelocal&quot; ou URI, par exemple &quot;http://domainelocal/dir/&quot;" provider="revprox_url"/>
+	<variable name="revprox_is_websocket_" type="boolean" description="Le point d'entré est de types websocket" mandatory="True" provider="revprox_is_websocket"/>
       </family>
     </family>
   </variables>

seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/funcs/nginx.py

@@ -1,5 +1,5 @@
 from typing import List as _List
-from utils import multi_function
+from risotto.utils import multi_function
 
 
 @multi_function

seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/templates/revprox-nginx.conf

@@ -39,7 +39,7 @@ server {
 
 # Configuration HTTPS %%domainname
 server {
-    listen 443 ssl;
+    listen 443 ssl http2;
     ssl_certificate    %%nginx_certificate_filename[%%idx];
     ssl_certificate_key     %%nginx_private_key_filename[%%idx];
     ssl_client_certificate    %%nginx_chain_filename[%%idx];
@@ -51,12 +51,12 @@ server {
 
  %for %%location in %%revprox['revprox_location_' + family]
     location %%location {
-	# FIXME proxy_bind A.A.A.A;
+  # FIXME proxy_bind A.A.A.A;
-  %set %%location_str = %%str(%%location)
-  %if %%location_str != '/' and not %%location_str.endswith('/')
-        rewrite ^(%%location_str)$ $1/ permanent;
-  %end if
         proxy_pass              %%location['revprox_url_' + family];
+#  %if %%location['revprox_is_websocket_' + family]
+#        proxy_set_header Upgrade $http_upgrade;
+#        proxy_set_header Connection "upgrade";
+#  %else
         proxy_set_header        Host                    $http_host;
         proxy_set_header        X-Real-IP               $remote_addr;
         proxy_set_header        X-Forwarded-Host        $host;
@@ -65,6 +65,7 @@ server {
         proxy_set_header        X-Forwarded-For         $proxy_add_x_forwarded_for;
         proxy_set_header        X-Forwarded-Proto       $scheme;
         proxy_set_header        Destination             $dest;
+#  %end if
         proxy_ssl_trusted_certificate /etc/pki/ca-trust/source/anchors/ca_ReverseProxy.crt;
         proxy_ssl_verify       on;
         proxy_ssl_verify_depth 2;
@@ -73,6 +74,7 @@ server {
         index  error.html;
         root /var/www/html;
     }
+# If user missing '/'
   %if %%location_str != '/' and %%location_str.endswith('/')
     location %%location_str[:-1] {
         rewrite ^(%%location_str[:-1])$ $1/ permanent;

seed/applicationservice/2022.03.08/nsd/packer/image/scripts/20-nsd

@@ -1,9 +0,0 @@
-#!/bin/bash
-
-set -xe
-
-[ -e /tmp/proxy.sh ] && . /tmp/proxy.sh
-microdnf -y --nodocs --noplugins install nsd
-# make_volatile /var/lib/nsd
-
-exit 0

seed/applicationservice/2022.03.08/oauth2-client/dictionaries/30_oauth2_client.xml

@@ -68,11 +68,9 @@
       <param name="dynamic" type="variable">oauth2_client_id</param>
       <target>oauth2_client_token_signature_algo</target>
     </check>
-    <fill name="calc_value">
+    <fill name="calc_oauth2_client_external">
-      <param>https://</param>
       <param type="variable" optional="True">revprox_client_external_domainname</param>
       <param type="variable" optional="True">revprox_client_location</param>
-      <param name="join"></param>
       <target>oauth2_client_external</target>
     </fill>
     <condition name="disabled_if_in" source="oauth2_is_client_application">

seed/applicationservice/2022.03.08/openldap-server/packer/image/scripts/20-openldap-server

@@ -1,7 +0,0 @@
-#!/bin/bash
-
-set -xe
-
-microdnf -y --nodocs --noplugins install openldap-servers
-
-exit 0

seed/applicationservice/2022.03.08/postgresql-server/manual/image/preinstall/postgresql_server.sh

@@ -1 +1 @@
-PKG="$PKG postgresql-server glibc-langpack-fr"
+PKG="$PKG postgresql-server"

seed/applicationservice/2022.03.08/provider-systemd-machined/dictionaries/21-machined.xml

@@ -15,7 +15,7 @@
     <variable name="container_config_path" type="filename" description="Nom du répertoire racine des configurations">
       <value>/var/lib/risotto/configurations</value>
     </variable>
-    <variable name="host" type="hostname" description="Machine où est démarrer le conteneur" mandatory="True"/>
+    <variable name="host" type="domainname" description="Machine où est démarrer le conteneur" mandatory="True"/>
     <variable name="external_ports" type="port" description="Port exposé depuis l'extérieur" multi="True"/>
     <variable name="srv_dir" type="filename" hidden="True"/>
     <variable name="config_dir" type="filename" hidden="True" mandatory="True"/>

seed/applicationservice/2022.03.08/reverse-proxy-client/dictionaries/20_nginx_client.xml

@@ -12,9 +12,14 @@
       <variable name="revprox_client_server_domainname" type="domainname" description="Nom de domaine du serveur mandataire inverse" mandatory='True'/>
       <variable name="revprox_client_server_ip" type="ip" hidden='True'/>
       <variable name="revprox_client_external_domainname" type="domainname" description="Nom de domaine exterieur du serveur" mandatory='True' provider="external_domainname"/>
-      <variable name="revprox_client_location" type="filename" description="Nom de l'arborescence racine du site" mandatory="True">
+      <family name="revprox_client" description="Point d'entré des clients" leadership="True">
-        <value>/</value>
+        <variable name="revprox_client_location" type="filename" description="Nom de l'arborescence racine du site" mandatory="True" multi="True">
-      </variable>
+          <value>/</value>
+        </variable>
+        <variable name="revprox_client_is_websocket" type="boolean" description="Le point d'entré est de types websocket" mandatory="True">
+          <value>False</value>
+        </variable>
+      </family>
       <variable name="revprox_client_local_location" type="filename" description="Nom de l'arborescene racine du site localement" hidden='True'/>
       <variable name="revprox_client_web_address" type="web_address" description="Nom de domaine du client du mandataire inverse" hidden='True'/>
       <variable name="revprox_client_port" type="port" description="Port du client du mandataire inverse" hidden='True'>
@@ -58,7 +63,7 @@
     </fill>
     <fill name="set_linked">
       <param name="linked_server" type="variable">revprox_client_server_domainname</param>
-      <param name="linked_provider">clients</param>
+      <param name="linked_provider">revprox_clients</param>
       <param name="linked_value" type="variable">revprox_client_external_domainname</param>
       <param name="linked_returns">ip</param>
       <param name="dynamic">0</param>
@@ -66,15 +71,22 @@
     </fill>
     <check name="set_linked_configuration">
       <param name="linked_server" type="variable">revprox_client_server_domainname</param>
-      <param name="linked_provider">location</param>
+      <param name="linked_provider">revprox_location</param>
       <param name="dynamic" type="variable">revprox_client_external_domainname</param>
       <target>revprox_client_location</target>
     </check>
     <check name="set_linked_configuration">
       <param name="linked_server" type="variable">revprox_client_server_domainname</param>
-      <param name="leader_provider">location</param>
+      <param name="linked_provider">revprox_is_websocket</param>
+      <param name="dynamic" type="variable">revprox_client_external_domainname</param>
+      <param name="leader_index" type="index"/>
+      <target>revprox_client_is_websocket</target>
+    </check>
+    <check name="set_linked_configuration">
+      <param name="linked_server" type="variable">revprox_client_server_domainname</param>
+      <param name="linked_provider">revprox_url</param>
+      <param name="leader_provider">revprox_location</param>
       <param name="leader_value" type="variable">revprox_client_location</param>
-      <param name="linked_provider">url</param>
       <param name="dynamic" type="variable">revprox_client_external_domainname</param>
       <target>revprox_client_web_address</target>
     </check>

seed/applicationservice/2022.03.08/roundcube/dictionaries/31_roundcube.xml

@@ -12,11 +12,6 @@
     <family name="roundcube" description="Interface web de consultation des courriels Roundcube">
       <variable name="roundcube_des_key" type="secret" auto_freeze="True" hidden="True"/>
     </family>
-    <family name="nginx">
-      <variable name="revprox_client_location" redefine="True">
-        <value>/roundcube</value>
-      </variable>
-    </family>
     <family name="oauth2_client">
       <variable name="oauth2_is_client_application" redefine='True'>
         <value>True</value>
@@ -37,12 +32,10 @@
       <param name="type">cleartext</param>
       <target>roundcube_des_key</target>
     </fill>
-    <fill name="calc_value">
+    <fill name="calc_oauth2_client_external">
-      <param>https://</param>
       <param type="variable" optional="True">revprox_client_external_domainname</param>
       <param type="variable" optional="True">revprox_client_location</param>
       <param>/index.php/login/oauth</param>
-      <param name="join"></param>
       <target>oauth2_client_login</target>
     </fill>
   </constraints>

seed/applicationservice/2022.03.08/unbound/packer/image/scripts/20-unbound

@@ -1,9 +0,0 @@
-#!/bin/bash
-
-set -xe
-
-[ -e /tmp/proxy.sh ] && . /tmp/proxy.sh
-microdnf -y --nodocs --noplugins install unbound
-make_volatile /var/lib/unbound
-
-exit 0

seed/applicationservice/2022.03.08/unbound/templates/unbound.conf

@@ -578,6 +578,13 @@ server:
 
 	# Ignore chain of trust. Domain is treated as insecure.
 	# domain-insecure: "example.com"
+	#>GNUNUX
+%for %%authority in %%unbound_forward_address
+ %for %%zone in %%authority.unbound_forward_zones
+	domain-insecure: "%%zone"
+ %end for
+%end for
+	#<GNUNUX
 
 	# Override the date for validation with a specific fixed date.
 	# Do not set this unless you are debugging signature inception

seed/applicationservice/2022.03.08/vaultwarden/dictionaries/20_vaultwarden.xml

@@ -9,10 +9,14 @@
   </services>
   <variables>
     <family name="nginx">
-      <variable name="revprox_client_location" redefine="True">
+      <family name="revprox_client">
-        <value>/vaultwarden</value>
+        <variable name="revprox_client_location" redefine="True">
-      </variable>
+          <value>/</value>
-      <variable name="revprox_client_cert_group" redefine="True" hidden="True">
+          <value>/notifications/hub</value>
+          <value>/notifications/hub/negotiate</value>
+        </variable>
+      </family>
+      <variable name="revprox_client_cert_owner" redefine="True" hidden="True">
         <value>vaultwarden</value>
       </variable>
     </family>
@@ -42,5 +46,12 @@
     <fill name="gen_uuid">
       <target>vaultwarden_device_identifier</target>
     </fill>
+    <fill name="calc_value">
+      <param type="boolean">True</param>
+      <param name="default" type="boolean">False</param>
+      <param name="condition" type="variable">revprox_client_location</param>
+      <param name="expected">/notifications/hub</param>
+      <target>revprox_client_is_websocket</target>
+    </fill>
   </constraints>
 </rougail>

seed/applicationservice/2022.03.08/vaultwarden/manual/image/postinstall/vaultwarden.sh

@@ -0,0 +1,3 @@
+# locale in jslib/common/src/models/domain/globalState.ts is "en" by default, change it to "fr"
+# this information is store in browser local storage
+sed -i 's/this.locale="en",/this.locale="fr",/g' $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/share/vaultwarden/app/main.*.js

seed/applicationservice/2022.03.08/vaultwarden/templates/vaultwarden_config.env

@@ -256,7 +256,11 @@ INVITATION_ORG_NAME=%%vaultwarden_org_name
 ## For U2F to work, the server must use HTTPS, you can use Let's Encrypt for free certs
 # DOMAIN=https://bw.domain.tld:8443
 #>GNUNUX
-DOMAIN=https://%%revprox_client_external_domainname%%revprox_client_location
+%set %%location = %%str(%%revprox_client_location[0])
+%if %%location.endswith('/')
+ %set %%location = %%location[:-1]
+%end if
+DOMAIN=https://%%revprox_client_external_domainname%%location
 #<GNUNUX
 
 ## Allowed iframe ancestors (Know the risks!)
@@ -305,7 +309,7 @@ DOMAIN=https://%%revprox_client_external_domainname%%revprox_client_location
 # ROCKET_TLS={certs="/path/to/certs.pem",key="/path/to/key.pem"}
 #>GNUNUX
 ROCKET_PORT=443
-ROCKET_TLS='{certs="/etc/pki/tls/certs/revproxy.crt",key="/etc/pki/tls/private/revproxy.key"}'
+ROCKET_TLS='{certs="/etc/pki/tls/certs/revprox.crt",key="/etc/pki/tls/private/revprox.key"}'
 #<GNUNUX
 
 ## Mail specific settings, set SMTP_HOST and SMTP_FROM to enable the mail service.
@@ -322,9 +326,9 @@ ROCKET_TLS='{certs="/etc/pki/tls/certs/revproxy.crt",key="/etc/pki/tls/private/r
 # SMTP_TIMEOUT=15
 #>GNUNUX
 SMTP_HOST=%%smtp_relay_address
-SMTP_FROM=root@%%domain_name_eth0
+SMTP_FROM=%%vaultwarden_admin_email
 SMTP_FROM_NAME=%%domain_name_eth0
-SMTP_PORT=587
+SMTP_PORT=25
 SMTP_SSL=true
 #SMTP_EXPLICIT_TLS=true
 SMTP_TIMEOUT=15