gnunux/dataset
1
0
Fork 0
forked from stove/dataset
Code Issues Pull requests Projects Releases Wiki Activity

remove old file and add missing one

Browse source
This commit is contained in:
Emmanuel Garette 2022-03-11 18:41:49 +01:00
parent a093f49780
commit f49ecd419f
50 changed files with 119 additions and 705 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
seed/applicationservice/2022.03.08/base-fedora-35/applicationservice.yml Normal file
View file

@ -0,0 +1,4 @@
format: '0.1'
description: Information de base d'un serveur fedora version 35
depends:
- base-fedora

10
seed/applicationservice/2022.03.08/base-fedora-35/dictionaries/00-fedora-35.xml Normal file
View file

@ -0,0 +1,10 @@
<?xml version="1.0" encoding="utf-8"?>
<rougail version="0.10">
<variables>
<family name="general">
<variable name="os_version" type="string" description="OS Version" hidden="True">
<value>35</value>
</variable>
</family>
</variables>
</rougail>

7
seed/applicationservice/2022.03.08/base-fedora-35/manual/image/postinstall/base_fedora_35.sh Normal file
View file

@ -0,0 +1,7 @@
# ACTIVE NETWORKD
mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants
chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"

1
seed/applicationservice/2022.03.08/base-fedora-35/manual/image/preinstall/base_fedora_35.sh Normal file
View file

@ -0,0 +1 @@
RELEASEVER=35

2
seed/applicationservice/2022.03.08/base-fedora/manual/image/preinstall/base_fedora.sh
View file

@ -1,4 +1,4 @@
BASE_PKG="systemd systemd-networkd systemd-resolved fedora-release-container lsof strace"
BASE_PKG="systemd systemd-networkd systemd-resolved fedora-release-container lsof strace glibc-langpack-fr"
INSTALL_TOOL="dnf"
OS_NAME='fedora'
REPO_DIR="$IMAGE_NAME_RISOTTO_IMAGE_DIR/etc/yum.repos.d/"

11
seed/applicationservice/2022.03.08/base-fedora/packer/image/preprocessors
View file

@ -1,11 +0,0 @@
#!/bin/bash
set -xe
echo "Preprocessors"
if [ ! -z $https_proxy ]; then
echo "echo 'export https_proxy=$https_proxy' > /tmp/proxy.sh" > scripts/00-proxy
fi
exit 0

63
seed/applicationservice/2022.03.08/base-fedora/packer/image/recipe.json
View file

@ -1,63 +0,0 @@
{
"builders": [
{
"format": "qcow2",
"headless": true,
"output_directory": "{{user `tmp_directory`}}/output",
"shutdown_command": "echo packer | sudo -S shutdown -P now",
"ssh_password": "qemubuild",
"ssh_username": "qemubuild",
"ssh_wait_timeout": "120m",
"type": "qemu",
"disk_interface": "virtio",
"vm_name": "image.img",
"qemuargs": [
["-drive", "file=output/image.img,if=virtio,cache=writeback,discard=ignore,format=qcow2"],
["-drive", "if=pflash,format=raw,readonly=on,file=/usr/share/OVMF/OVMF_CODE.fd"]
],
"memory": "2048",
"vnc_bind_address": "0.0.0.0",
"disk_image": true,
"iso_checksum": "{{user `iso_checksum` }}",
"iso_url": "{{user `iso_url` }}",
"iso_checksum_type": "sha256"
}
],
"provisioners": [
{
"type": "file",
"source": "{{user `tmp_directory`}}/scripts",
"destination": "/tmp/scripts"
},
{
"type": "shell",
"inline": [
"sudo chown root: /tmp/scripts/*",
"sudo chmod +x /tmp/scripts/*",
"sudo risotto-run-parts /tmp/scripts/"
]
}
],
"post-processors": [
{
"type": "shell-local",
"inline": [
"sleep 5",
"mkdir -p {{user `tmp_directory`}}/tmp",
"echo 'Syst Prep'",
"LIBGUESTFS_BACKEND=direct virt-sysprep --delete \"/var/*\" --delete \"/home/*\" -a {{user `tmp_directory`}}/output/image.img",
"echo 'Sparsify before shink'",
"LIBGUESTFS_BACKEND=direct virt-sparsify --check-tmpdir=ignore --tmp {{user `tmp_directory`}}/tmp/ {{user `tmp_directory`}}/output/image.img {{user `tmp_directory`}}/output/sparse.img",
"echo 'Shink'",
"guestfish add {{user `tmp_directory`}}/output/sparse.img : run : resize2fs-M /dev/sda2",
"truncate -s $(virt-df {{user `tmp_directory`}}/output/sparse.img --csv|tail -n +2|awk -F, '{x+=$3}END{print x + 16012}')K {{user `tmp_directory`}}/output/shrink.img",
"virt-resize --shrink /dev/sda2 {{user `tmp_directory`}}/output/sparse.img {{user `tmp_directory`}}/output/shrink.img",
"echo 'Sparsify and convert to qcow2'",
"LIBGUESTFS_BACKEND=direct virt-sparsify --check-tmpdir=ignore --tmp {{user `tmp_directory`}}/tmp/ --compress --convert qcow2 {{user `tmp_directory`}}/output/shrink.img {{user `tmp_directory`}}/image.img",
"echo 'SHASUM'",
"sha256sum {{user `tmp_directory`}}/image.img > {{user `tmp_directory`}}/image.sha256",
"rm -rf {{user `tmp_directory`}}/tmp {{user `tmp_directory`}}/output"
]
}
]
}

63
seed/applicationservice/2022.03.08/base-fedora/packer/image/recipe.json.ext2
View file

@ -1,63 +0,0 @@
{
"builders": [
{
"format": "qcow2",
"headless": true,
"output_directory": "{{user `tmp_directory`}}/output",
"shutdown_command": "echo packer | sudo -S shutdown -P now",
"ssh_password": "qemubuild",
"ssh_username": "qemubuild",
"ssh_wait_timeout": "120m",
"type": "qemu",
"disk_interface": "virtio",
"vm_name": "image.img",
"qemuargs": [
["-drive", "file=output/image.img,if=virtio,cache=writeback,discard=ignore,format=qcow2"],
["-drive", "if=pflash,format=raw,readonly=on,file=/usr/share/OVMF/OVMF_CODE.fd"]
],
"memory": "2048",
"vnc_bind_address": "0.0.0.0",
"disk_image": true,
"iso_checksum": "{{user `iso_checksum` }}",
"iso_url": "{{user `iso_url` }}",
"iso_checksum_type": "sha256"
}
],
"provisioners": [
{
"type": "file",
"source": "{{user `tmp_directory`}}/scripts",
"destination": "/tmp/scripts"
},
{
"type": "shell",
"inline": [
"sudo chown root: /tmp/scripts/*",
"sudo chmod +x /tmp/scripts/*",
"sudo risotto-run-parts /tmp/scripts/"
]
}
],
"post-processors": [
{
"type": "shell-local",
"inline": [
"sleep 5",
"mkdir -p {{user `tmp_directory`}}/tmp",
"echo 'Syst Prep'",
"LIBGUESTFS_BACKEND=direct virt-sysprep --delete \"/var/*\" --delete \"/home/*\" -a {{user `tmp_directory`}}/output/image.img",
"echo 'Sparsify before shink'",
"LIBGUESTFS_BACKEND=direct virt-sparsify --check-tmpdir=ignore --tmp {{user `tmp_directory`}}/tmp/ {{user `tmp_directory`}}/output/image.img {{user `tmp_directory`}}/output/sparse.img",
"echo 'Shink'",
"guestfish add {{user `tmp_directory`}}/output/sparse.img : run : resize2fs-M /dev/sda2",
"truncate -s $(virt-df {{user `tmp_directory`}}/output/sparse.img --csv|tail -n +2|awk -F, '{x+=$3}END{print x + 16384}')K {{user `tmp_directory`}}/output/shrink.img",
"virt-resize --shrink /dev/sda2 {{user `tmp_directory`}}/output/sparse.img {{user `tmp_directory`}}/output/shrink.img",
"echo 'Sparsify and convert to qcow2'",
"LIBGUESTFS_BACKEND=direct virt-sparsify --check-tmpdir=ignore --tmp {{user `tmp_directory`}}/tmp/ --compress --convert qcow2 {{user `tmp_directory`}}/output/shrink.img {{user `tmp_directory`}}/image.img",
"echo 'SHASUM'",
"sha256sum {{user `tmp_directory`}}/image.img > {{user `tmp_directory`}}/image.sha256",
"rm -rf {{user `tmp_directory`}}/tmp {{user `tmp_directory`}}/output"
]
}
]
}

8
seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/10-update
View file

@ -1,8 +0,0 @@
#!/bin/bash
set -xe
[ -e /tmp/proxy.sh ] && . /tmp/proxy.sh
microdnf update
exit 0

9
seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/40-remove_microdnf
View file

@ -1,9 +0,0 @@
#!/bin/bash
set -xe
microdnf clean all
for package in microdnf libdnf libpeas libstdc++ gobject-introspection libsolv librepo libmodulemd file-libs zchunk-libs libyaml gpgme gnupg2 libassuan libksba libusbx npth; do
rpm -e $package || true
done
rm -rf /var/lib/dnf
exit 0

29
seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/50-rpm_vaccum
View file

@ -1,29 +0,0 @@
#!/bin/bash
set -xe
rpm -qa | sort > /tmp/rpm.txt
# try to remove this packages
PKG=" rpm rpm-libs curl libcurl lua-libs libarchive sqlite-libs libnghttp2 libssh libbrotli libpsl publicsuffix-list-dafsa libxml2 libssh-config elfutils-libs dbus-broker "
# exclude package
PKG2=""
while read -r a; do
pkg="$(echo "$a" | awk '{ print $1 }' | awk -F'(' '{ print $1 }')"
[ -n "$PKG2" ] && PKG2="$PKG2\n"
PKG2="$PKG2$pkg"
done <<< "$( rpm --test -ev $PKG 2>&1 | grep -v ^'erreur' )"
while read -r b; do
pkg=$(rpm -q $b --quiet && echo $b || rpm -qf $(find / -name $b -print -quit) --query --queryformat "%{NAME}\n";)
echo "Ne pas désinstaller $pkg"
PKG=${PKG// $pkg / }
done <<< "$(echo -e $PKG2 | sort -u)"
echo "Suppression de $PKG"
rpm -e $PKG
echo "Remove rpm database"
rm -rf /var/lib/rpm/*
rm -rf /usr/lib/rpm
mv /tmp/rpm.txt /var/lib/rpm/rpm.txt
exit 0

11
seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/60-tmpfiles
View file

@ -1,11 +0,0 @@
#!/bin/bash
set -xe
rm -rf /etc/X11 /etc/firewalld /etc/pki/rpm-gpg /etc/yum.repos.d /etc/dconf
make_volatile /etc
#
make_volatile /var/lib/rpm
sed -i 's/ ro$/ ro systemd.volatile=yes selinux=1 net.ifnames=0/g' /boot/efi/loader/entries/fedora.conf
exit 0

15
seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/70-locale
View file

@ -1,15 +0,0 @@
#!/bin/bash
set -xe
find /usr/share/locale/ -mindepth 1 -maxdepth 1 ! -name fr ! -name fr_FR -exec rm -rf '{}' \;
find /usr/lib/locale/ -mindepth 1 -maxdepth 1 ! -name fr_FR.utf8 ! -name C.utf8 -exec rm -rf '{}' \;
find /usr/lib/kbd/keymaps/xkb/ -type f ! -name fr-oss.map.gz -delete
find /usr/lib/kbd/consolefonts/ -type f ! -name eurlatgr.psfu.gz -delete
rm -rf /usr/share/bash-completion
rm -rf /usr/share/pkgconfig
rm -rf /usr/share/licenses/
rm -rf /usr/share/zsh
rm -rf /usr/lib/.build-id
rm -rf /usr/lib/debug
exit 0

7
seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/80-log
View file

@ -1,7 +0,0 @@
#!/bin/bash
set -xe
rm -rf /var/cache/* /var/log/*
exit 0

10
seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/90-initrd
View file

@ -1,10 +0,0 @@
#!/bin/bash
set -xe
KERNELVERSION=$(ls /lib/modules)
if [ -f "/boot/efi/$KERNELVERSION/initrd.cdrom" ]; then
mv "/boot/efi/$KERNELVERSION/initrd.cdrom" "/boot/efi/$KERNELVERSION/initrd"
fi
exit 0

11
seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/99-reduce
View file

@ -1,11 +0,0 @@
#!/bin/bash
set -ex
#
#duperemove -rd /
#
#for size in 1000000000 100000000 10000000 1000000 100000 10000 1000 100 10 1; do
# echo "========================= $size ========================="
# while btrfs filesystem resize -$size /; do :; done
#done
exit 0

63
seed/applicationservice/2022.03.08/base-fedora/packer/os/bin/make_volatile
View file

@ -1,63 +0,0 @@
#!/bin/bash
set -e
DESTDIR='/usr/lib/tmpfiles.d'
CONF_DST='/usr/share/factory'
EXCLUDES="^(/etc/passwd|/etc/group|/etc/.updated|/etc/.pwd.lock|/etc/pam.d|/etc/systemd/network/dhcp.network|/etc/sudoers.d/qemubuild)$"
ONLY_COPY="^(/etc/localtime)$"
FORCE_LINKS="^(/etc/udev/hwdb.bin)$"
function file_dir_in_tmpfiles() {
letter=$1
directory=$2
mode=$(stat --format "%a" "$directory")
user=$(stat --format "%U" "$directory")
group=$(stat --format "%G" "$directory")
echo "$letter $directory $mode $user $group - -"
}
function calc_symlink_in_tmpfiles() {
dest_name=$1
src_file=$(readlink "$dest_name")
symlink_in_tmpfiles "$dest_name" "$src_file"
}
function symlink_in_tmpfiles() {
dest_name=$1
src_file=$2
echo "L+ $dest_name - - - - $src_file"
}
function main() {
dir_config_orig=$1
mkdir -p "$DESTDIR"
mkdir -p "$CONF_DST$dir_config_orig"
name="${dir_config_orig//\//-}"
systemd_conf="$DESTDIR/risotto$name.conf"
echo "" > $systemd_conf
while IFS= read -r -d '' src_file; do
dest_file="$CONF_DST$src_file"
echo $src_file
if [[ "$src_file" =~ $EXCLUDES ]]; then
echo "$src_file: exclude" >&2
elif [[ -L "$src_file" ]]; then
calc_symlink_in_tmpfiles "$src_file" >> $systemd_conf
elif [[ "$src_file" =~ $FORCE_LINKS ]]; then
symlink_in_tmpfiles "$src_file" "$dest_file" >> $systemd_conf
elif [[ -d "$src_file" ]]; then
file_dir_in_tmpfiles 'd' "$src_file" >> $systemd_conf
[[ ! -d "$dest_file" ]] && mkdir -p "$dest_file"
#echo "$src_file: directory ok"
else
if [[ ! "$src_file" =~ $ONLY_COPY ]]; then
file_dir_in_tmpfiles "C" "$src_file" >> $systemd_conf
fi
[[ -e "$dest_file" ]] && rm -f "$dest_file"
# not a symlink... an hardlink
ln "$src_file" "$dest_file"
#echo "$src_file: file ok"
fi
done < <(find "$dir_config_orig" -print0)
}
main "$1"
exit 0

24
seed/applicationservice/2022.03.08/base-fedora/packer/os/bin/risotto-run-parts
View file

@ -1,24 +0,0 @@
#!/usr/bin/bash
# run-parts - concept taken from Debian
set +xe
if [ $# -lt 1 ]; then
echo "Usage: risotto-run-parts <dir>"
exit 1
fi
if [ ! -d $1 ]; then
echo "Not a directory: $1"
exit 1
fi
# Ignore *~ and *, scripts
for i in $(LC_ALL=C; echo ${1%/}/*[^~,]) ; do
[ -d $i ] && continue
[ ! -x $i ] && continue
echo "execute $i"
$i 2>&1
done
exit 0

169
seed/applicationservice/2022.03.08/base-fedora/packer/os/http/ks-34.cfg
View file

@ -1,169 +0,0 @@
# Keyboard layouts
keyboard --xlayouts='fr (oss)'
# System language
lang fr_FR.UTF-8
# Required settings
rootpw qemubuild
user --name=qemubuild --password=qemubuild --groups=wheel
authconfig --enableshadow --enablemd5
# System timezone
timezone Europe/Paris --utc
repo --name=fedora --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-$releasever&arch=$basearch
repo --name=updates --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f$releasever&arch=$basearch
url --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-\$releasever&arch=\$basearch%%EXTRA_URL%%
# Optional settings
#bootloader --location=mbr
bootloader --disabled
clearpart --all --initlabel
firstboot --enable
#install
network --bootproto=dhcp
reboot
selinux --enforcing
#services --enabled=sshd,zram-swap,systemd-networkd,systemd-resolved
services --enabled=sshd --disabled=systemd-vconsole-setup
skipx
text
zerombr
# Disk partition
part / --fstype="ext2" --ondisk=vda --grow
# btrfs : part btrfs.50 --fstype="btrfs" --ondisk=vda --grow
part /boot/efi --fstype="efi" --ondisk=vda --size=30 --fsoptions="umask=0077,shortname=winnt"
#btrfs none --label=fedora_fedora btrfs.50
#btrfs / --subvol --name=root LABEL=fedora_fedora
# Packages
%packages --excludedocs --instLangs=fr --nocore --exclude-weakdeps
#@core --nodefaults
audit
bash
coreutils
#dracut-config-generic
# btrfs duperemove
#glibc-langpack-fr
kbd
kernel-core
microdnf
openssh-server
openssh-clients
qemu-guest-agent
systemd-networkd
#rpm
#shadow-utils
screen
sudo
systemd
#util-linux
-zram
#
-kernel
%end
# Post
%post
# for microdnf
touch /etc/dnf/dnf.conf
# add qemubuild to sudo
echo "qemubuild ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/qemubuild
# remove unecessary directories
rm -rf /usr/share/doc
rm -rf /usr/share/licenses
#rm -rfv /usr/share/icons/*
# remove some random help txt files
rm -fv /usr/share/gnupg/help*.txt
# Pruning random things
rm usr/lib/rpm/rpm.daily
#some random not-that-useful binaries
rm -fv /usr/bin/pinky
# if you want to change the timezone, bind-mount it from the host or reinstall tzdata
localzone=$(readlink /etc/localtime)
mv $localzone /tmp
rm -rfv /usr/share/zoneinfo
mkdir -p $(dirname $localzone)
mv /tmp/$(basename $localzone) $localzone
# configure systemd-networkd
echo """[Match]
Name=*
[Network]
DHCP=yes""" > /etc/systemd/network/dhcp.network
SYSTEMDDIR=/usr/lib/systemd/system
MULTI=$SYSTEMDDIR/multi-user.target.wants
ln -sf ../systemd-networkd.service $MULTI/systemd-networkd.service
ln -sf ../systemd-resolved.service $MULTI/systemd-resolved.service
# initramfs have to mount iso9660 partition
# install bootload
SYSDISK="/dev/vda2"
MACHINEID=`cat /etc/machine-id`
KERNELVERSION=`ls /lib/modules`
DISK=`lsblk -n $SYSDISK -o uuid`
mkdir /boot/$MACHINEID
# btrfs : echo "root=UUID=$DISK ro rootflags=subvol=root" > /etc/kernel/cmdline
echo "root=UUID=$DISK ro" > /etc/kernel/cmdline
# add CDROM driver
echo 'add_drivers+=" iso9660 "' > /etc/dracut.conf.d/cdrom.conf
kernel-install add $KERNELVERSION /lib/modules/$KERNELVERSION/vmlinuz
mv /boot/$MACHINEID/$KERNELVERSION /boot/efi
# // ADD MOUNT INSTRUCTION IN INITRAMFS
# build second initrd file that mount cdrom to /usr
#echo 'add_fstab+=/tmp/fstab' >> /etc/dracut.conf.d/cdrom.conf
#echo "/dev/sr0 /sysroot/usr/local/lib iso9660 ro,relatime,x-systemd.after=sysroot.mount,x-systemd.before=systemd-volatile-root.service 0 0" > /tmp/fstab
#echo "/dev/sr0 /sysroot/usr/local/lib iso9660 ro,x-initrd.mount,nosuid,noexec,uid=0,gid=0,mode=400 0 0" > /tmp/fstab
echo "[Unit]
DefaultDependencies=no
After=sysroot.mount
Before=initrd-udevadm-cleanup-db.service
#Before=systemd-volatile-root.service
After=blockdev@dev-sr0.target
[Service]
Type=oneshot
ExecStart=mount /dev/sr0 /sysroot/usr/local/lib -t iso9660 -o defaults,ro,nosuid,noexec,uid=0,gid=0,mode=400
" > /usr/lib/systemd/system/sysroot-usr-local-lib.service
# // VERSION .mount
#[Mount]
#Where=/sysroot/usr/local/lib
#What=/dev/sr0
#Type=iso9660
#Options=defaults,ro,nosuid,noexec,uid=0,gid=0,mode=400" > /usr/lib/systemd/system/sysroot-usr-local-lib.mount
mkdir -p /usr/lib/systemd/system/initrd-root-fs.target.requires
cd /usr/lib/systemd/system/initrd-root-fs.target.requires
#ln -sf ../sysroot-usr-local-lib.mount .
ln -sf ../sysroot-usr-local-lib.service .
#echo 'install_items+=" /usr/lib/systemd/system/sysroot-usr-local-lib.mount /usr/lib/systemd/system/initrd-root-fs.target.requires/sysroot-usr-local-lib.mount "' >> /etc/dracut.conf.d/cdrom.conf
echo 'install_items+=" /usr/lib/systemd/system/sysroot-usr-local-lib.service /usr/lib/systemd/system/initrd-root-fs.target.requires/sysroot-usr-local-lib.service "' >> /etc/dracut.conf.d/cdrom.conf
kernel-install add $KERNELVERSION /lib/modules/$KERNELVERSION/vmlinuz
mv /boot/$MACHINEID/$KERNELVERSION/initrd /boot/efi/$KERNELVERSION/initrd.cdrom
rm -f /etc/dracut.conf.d/cdrom.conf
// END INITRAMFS
# rename entry file without machine ID
mv /boot/loader/entries/$MACHINEID-$KERNELVERSION.conf /boot/loader/entries/fedora.conf
sed -i "/^machine-id /d" /boot/loader/entries/fedora.conf
sed -i "s@/boot/$MACHINEID/$KERNELVERSION/@/$KERNELVERSION/@g" /boot/loader/entries/fedora.conf
# move it in EFI directory for systemd-boot
mv /boot/loader /boot/efi
# remove unused file
rm -rf /lib/modules/$KERNELVERSION/vmlinuz /boot/initramfs* /boot/$MACHINEID
# install systemd-boot
bootctl install
# remove authselect and dracut
microdnf -y remove dracut xz acl authselect authselect-compat authselect-libs chrony cpio libkcapi-hmaccalc libkcapi linux-firmware linux-firmware-whence
# remove python3
microdnf -y remove python3 python3-libs python-pip-wheel python-setuptools-wheel gdbm-libs
# remove langpacks fr
microdnf -y remove langpacks-fr langpacks-core-fr langpacks-core-font-fr dejavu-sans-fonts fonts-filesystem
rm -f /var/lib/systemd/random-seed
rm -rfv /var/lib/authselect
%end

13
seed/applicationservice/2022.03.08/base-fedora/packer/os/preprocessors
View file

@ -1,13 +0,0 @@
#!/bin/bash
set -xe
echo "Preprocessors"
if [ ! -z $https_proxy ]; then
sed -i "s@%%EXTRA_URL%%@ --proxy=$https_proxy@g" http/ks-34.cfg
else
sed -i "s@%%EXTRA_URL%%@@g" http/ks-34.cfg
fi
exit 0

71
seed/applicationservice/2022.03.08/base-fedora/packer/os/recipe.json
View file

@ -1,71 +0,0 @@
{
"builders": [
{
"format": "qcow2",
"headless": true,
"output_directory": "{{user `tmp_directory`}}/output",
"shutdown_command": "echo packer | sudo -S shutdown -P now",
"ssh_password": "qemubuild",
"ssh_username": "qemubuild",
"ssh_wait_timeout": "120m",
"type": "qemu",
"disk_interface": "virtio",
"vm_name": "image.img",
"qemuargs": [
["-drive", "file=output/image.img,if=virtio,cache=writeback,discard=ignore,format=qcow2"],
["-drive", "if=pflash,format=raw,readonly=on,file=/usr/share/OVMF/OVMF_CODE.fd"]
],
"memory": "2048",
"vnc_bind_address": "0.0.0.0",
"boot_command": [
"<up>e<down><down><end> inst.text inst.gpt inst.ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/ks-34.cfg <leftCtrlOn>x<leftCtrlOff> <wait>"
],
"disk_size": "4096",
"iso_checksum_type": "sha256",
"iso_checksum": "e1a38b9faa62f793ad4561b308c31f32876cfaaee94457a7a9108aaddaeec406",
"iso_url": "https://download.fedoraproject.org/pub/fedora/linux/releases/34/Server/x86_64/iso/Fedora-Server-netinst-x86_64-34-1.2.iso",
"http_directory": "{{user `tmp_directory`}}/http"
}
],
"provisioners": [
{
"type": "file",
"source": "{{user `tmp_directory`}}/bin",
"destination": "/tmp/bin"
},
{
"type": "shell",
"inline": [
"sudo mv /tmp/bin/* /usr/local/bin",
"sudo chown root: /usr/local/bin/*",
"sudo chmod +x /usr/local/bin/*"
]
},
{
"type": "file",
"source": "{{user `tmp_directory`}}/scripts",
"destination": "/tmp/scripts"
},
{
"type": "shell",
"inline": [
"sudo chown root: /tmp/scripts/*",
"sudo chmod +x /tmp/scripts/*",
"sudo risotto-run-parts /tmp/scripts/"
]
}
],
"post-processors": [
{
"type": "shell-local",
"inline": [
"sleep 5",
"mkdir -p {{user `tmp_directory`}}/tmp",
"LIBGUESTFS_BACKEND=direct virt-sysprep -a {{user `tmp_directory`}}/output/image.img",
"LIBGUESTFS_BACKEND=direct virt-sparsify --check-tmpdir=ignore --tmp {{user `tmp_directory`}}/tmp/ --compress {{user `tmp_directory`}}/output/image.img {{user `tmp_directory`}}/image.img",
"sha256sum {{user `tmp_directory`}}/image.img > {{user `tmp_directory`}}/image.sha256",
"rm -rf {{user `tmp_directory`}}/tmp {{user `tmp_directory`}}/output"
]
}
]
}

7
seed/applicationservice/2022.03.08/base-fedora/packer/os/scripts/30-rpm_vaccum
View file

@ -1,7 +0,0 @@
#!/bin/bash
set -xe
echo VACUUM |sqlite3 /var/lib/rpm/rpmdb.sqlite
exit 0

19
seed/applicationservice/2022.03.08/base-fedora/packer/os/scripts/40-locale
View file

@ -1,19 +0,0 @@
#!/bin/bash
set -xe
find /usr/share/locale/ -mindepth 1 -maxdepth 1 ! -name fr ! -name fr_FR -exec rm -rf '{}' \;
find /usr/lib/locale/ -mindepth 1 -maxdepth 1 ! -name fr_FR.utf8 ! -name C.utf8 -exec rm -rf '{}' \;
find /usr/share/terminfo -mindepth 1 -maxdepth 1 ! -name l ! -name d ! -name s -exec rm -rf '{}' \;
find /usr/share/terminfo/s/screen -type f ! -name screen-256color -delete
find /usr/lib/kbd/keymaps/xkb/ -type f ! -name fr-oss.map.gz -delete
find /usr/lib/kbd/consolefonts/ -type f ! -name eurlatgr.psfu.gz -delete
rm -rf /usr/lib/kbd/consoletrans
rm -rf /usr/lib/kbd/unimaps
rm -rf /usr/lib/kernel
rm -rf /usr/lib/systemd/boot
rm -rf /usr/share/bash-completion
rm -rf /usr/share/pkgconfig
rm -rf /usr/share/licenses/
rm -rf /usr/lib/debug
exit 0

5
seed/applicationservice/2022.03.08/base/dictionaries/00-base.xml
View file

@ -1,5 +1,10 @@
<?xml version="1.0" encoding="utf-8"?>
<rougail version="0.10">
<services>
<service name="base" manage="False">
<file engine="none">/etc/locale.conf</file>
</service>
</services>
<variables>
<family name='general' description="Général">
<variable name="zones_list" type="string" multi="True" description="Liste de toutes les zones" hidden="True"/>

11
seed/applicationservice/2022.03.08/gitea/dictionaries/31_gitea.xml
View file

@ -19,9 +19,6 @@
<variable name="gitea_lfs_jwt_secret" type="password" hidden="True"/>
</family>
<family name="nginx">
<variable name="revprox_client_location" redefine="True">
<value>/gitea/</value>
</variable>
<variable name="revprox_client_local_location" redefine="True">
<value>/</value>
</variable>
@ -82,23 +79,19 @@
<param name="length" type="number">43</param>
<target>gitea_lfs_jwt_secret</target>
</fill>
<fill name="calc_value">
<param>https://</param>
<fill name="calc_oauth2_client_external">
<param type="variable" optional="True">revprox_client_external_domainname</param>
<param type="variable" optional="True">revprox_client_location</param>
<param>user/oauth2/</param>
<param type="variable">domain_name_eth0</param>
<param>/callback</param>
<param name="join"></param>
<target>oauth2_client_login</target>
</fill>
<fill name="calc_value">
<param>https://</param>
<fill name="calc_oauth2_client_external">
<param type="variable">revprox_client_external_domainname</param>
<param type="variable">revprox_client_location</param>
<param>user/oauth2/</param>
<param type="variable">domain_name_eth0</param>
<param name="join"></param>
<target>oauth2_client_external</target>
</fill>
</constraints>

19
seed/applicationservice/2022.03.08/gitea/manual/image/postinstall/gitea.sh
View file

@ -8,17 +8,16 @@ VERSION=$(wget https://dl.gitea.io/gitea/version.json -q -O - | jq -r '.latest.v
mkdir -p ~/gitea/
if [ ! -f "~/gitea/gitea-$VERSION-linux-amd64.xz" ]; then
wget https://dl.gitea.io/gitea/$VERSION/gitea-$VERSION-linux-amd64.xz -O ~/gitea/gitea-$VERSION-linux-amd64.xz
if [ ! -f ~/"gitea/gitea-$VERSION-linux-amd64.xz" ]; then
wget "https://dl.gitea.io/gitea/$VERSION/gitea-$VERSION-linux-amd64.xz" -O ~/"gitea/gitea-$VERSION-linux-amd64.xz"
fi
if [ ! -f "~/gitea/gitea-$VERSION-linux-amd64.xz.asc" ]; then
wget https://dl.gitea.io/gitea/$VERSION/gitea-$VERSION-linux-amd64.xz.asc -O ~/gitea/gitea-$VERSION-linux-amd64.xz.asc
if [ ! -f ~/"gitea/gitea-$VERSION-linux-amd64.xz.asc" ]; then
wget "https://dl.gitea.io/gitea/$VERSION/gitea-$VERSION-linux-amd64.xz.asc" -O ~/"gitea/gitea-$VERSION-linux-amd64.xz.asc"
fi
gpg --verify ~/gitea/gitea-$VERSION-linux-amd64.xz.asc ~/gitea/gitea-$VERSION-linux-amd64.xz
cp -a ~/gitea/gitea-$VERSION-linux-amd64.xz .
xz -d gitea-$VERSION-linux-amd64.xz
mv gitea-$VERSION-linux-amd64 $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/bin/gitea
chmod +x $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/bin/gitea
gpg --verify ~/"gitea/gitea-$VERSION-linux-amd64.xz.asc" ~/"gitea/gitea-$VERSION-linux-amd64.xz"
cp -a ~/"gitea/gitea-$VERSION-linux-amd64.xz" .
xz -d "gitea-$VERSION-linux-amd64.xz"
mv "gitea-$VERSION-linux-amd64" "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/bin/gitea"
chmod +x "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/bin/gitea"

0
seed/applicationservice/2022.03.08/gitea/manual/image/preinstall/mailman.sh → seed/applicationservice/2022.03.08/gitea/manual/image/preinstall/gitea.sh
View file

2
seed/applicationservice/2022.03.08/host-systemd-machined/dictionaries/21-machined.xml
View file

@ -19,7 +19,7 @@
<variable name="host_install_dir" type="filename" description="Nom du répertoire comprenant les descriptions d'installation" mandatory="True"/>
<variable name="host_dhcp_interface" description="Carte réseau en DHCP" multi="True"/>
<variable name="host_dhcp_filename" type="filename" hidden="True" multi="True"/>
<variable name="host_name" type="hostname" hidden="True"/>
<variable name="host_name" type="domainname" hidden="True"/>
<variable name="systemd_zone_filename" type="filename" hidden="True" multi="True"/>
<variable name="systemd_netzone_filename" type="filename" hidden="True" multi="True"/>
<family name="zones" leadership="True">

9
seed/applicationservice/2022.03.08/mailman/dictionaries/31_mailman.xml
View file

@ -21,11 +21,6 @@
<variable name="mailman_domains" type="domainname" description="Nom de domaine des listes" multi="True" mandatory="True" provider="domain_list"/>
<variable name="postorius_secret_key" type="password" description="Internal secret key" mandatory="True" hidden="True" auto_save="True"/>
</family>
<family name="nginx">
<variable name="revprox_client_location" redefine="True">
<value>/mailman</value>
</variable>
</family>
<family name="oauth2_client">
<variable name="oauth2_is_client_application" redefine='True'>
<value>True</value>
@ -50,12 +45,10 @@
<param name="type">cleartext</param>
<target>postorius_secret_key</target>
</fill>
<fill name="calc_value">
<param>https://</param>
<fill name="calc_oauth2_client_external">
<param type="variable">revprox_client_external_domainname</param>
<param type="variable">revprox_client_location</param>
<param>/accounts/risotto/login/</param>
<param name="join"></param>
<target>oauth2_client_external</target>
</fill>
</constraints>

2
seed/applicationservice/2022.03.08/mailman/funcs/mailman.py
View file

@ -1,4 +1,4 @@
from utils import multi_function as _multi_function
from risotto.utils import multi_function as _multi_function
from itertools import chain

5
seed/applicationservice/2022.03.08/nextcloud/dictionaries/31_nextcloud.xml
View file

@ -18,11 +18,6 @@
<variable name="nextcloud_mail_admin" type="mail" mandatory="True"/>
<variable name="nextcloud_instance_id" type="password" auto_freeze="True" hidden="True"/>
</family>
<family name="nginx">
<variable name="revprox_client_location" redefine="True">
<value>/nextcloud</value>
</variable>
</family>
<family name="oauth2_client">
<variable name="oauth2_is_client_application" redefine='True'>
<value>True</value>

8
seed/applicationservice/2022.03.08/nextcloud/templates/nextcloud.init
View file

@ -44,9 +44,13 @@ fi
/usr/bin/php /usr/share/nextcloud/occ ldap:set-config s01 ldapUserDisplayName "sn"
/usr/bin/php /usr/share/nextcloud/occ ldap:set-config s01 ldapConfigurationActive "1"
#/usr/bin/php /usr/share/nextcloud/occ ldap:set-config s01 ldapTLS "1"
# cron
# Cron
/usr/bin/php /usr/share/nextcloud/occ config:app:set core backgroundjobs_mode --value=cron
# need network
# Need network
/usr/bin/php /usr/share/nextcloud/occ app:disable weather_status
# Maintenance
/usr/bin/php /usr/share/nextcloud/occ upgrade
/usr/bin/php /usr/share/nextcloud/occ files:scan --all -q
/usr/bin/php /usr/share/nextcloud/occ maintenance:repair -q
exit 0

2
seed/applicationservice/2022.03.08/nextcloud/templates/nextcloud.service
View file

@ -9,8 +9,6 @@ WorkingDirectory=/usr/share/nextcloud
#FIXME
ExecStart=+/usr/bin/chmod +w /etc/nextcloud/config.php
ExecStart=/etc/nextcloud/nextcloud.init
ExecStart=/usr/bin/php occ files:scan --all -q
ExecStart=/usr/bin/php occ maintenance:repair -q
ExecStart=+/usr/bin/chmod -w /etc/nextcloud/config.php
User=apache
Group=apache

2
seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/DEBUG Normal file
View file

@ -0,0 +1,2 @@
sed -i 's@error_log syslog:server=unix:/dev/log;@error_log syslog:server=unix:/dev/log debug;@g' /etc/nginx/nginx.conf
systemctl restart nginx

2
seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/dictionaries/25_nginx.xml
View file

@ -22,7 +22,7 @@
<family name="nginx" description="NGINX" help="Paramétrage global de NGINX">
<variable name="nginx_default" redefine="True" remove_fill="True"/>
<variable name="revprox_domainnames" type="domainname" description="Nom des domaines à configurer dans le serveur mandataire inverse" help="Liste des domaines gérés par le serveur mandataire inverse" multi="True"/>
<variable name="revprox_domainnames_auto" type="domainname" description="Nom des domaines auto-configurés dans le serveur mandataire inverse" multi="True" provider="clients" hidden="True"/>
<variable name="revprox_domainnames_auto" type="domainname" description="Nom des domaines auto-configurés dans le serveur mandataire inverse" multi="True" provider="revprox_clients" hidden="True"/>
<variable name="revprox_domainnames_all" type="domainname" description="Tous les noms de domaines" multi="True" hidden="True"/>
<variable name='nginx_private_key_filename' type="filename" description="Private key filename" hidden='True' multi='True'/>
<variable name='nginx_certificate_filename' type="filename" description="Certificate filename" hidden='True' multi='True'/>

5
seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/extras/nginx/00-nginx.xml
View file

@ -6,8 +6,9 @@
<value>False</value>
</variable>
<family name="reverse_proxy_" description="Reverse proxy" help="Paramètrage du proxy inverse" leadership="True">
<variable name="revprox_location_" type="filename" description="Répertoire ou nom de la page à rediriger" help="URL relative (sans le nom de domaine) redirigée pour l'adresse définie dans la variable ci-dessus (exemple &quot;/mail&quot;)" mandatory="True" multi="True" provider="location"/>
<variable name="revprox_url_" type="web_address" description="Domaine de destination ou URI complète" mandatory="True" help="Nom de domaine ou IP de destination, par exemple &quot;http://domainelocal&quot; ou URI, par exemple &quot;http://domainelocal/dir/&quot;" provider="url"/>
<variable name="revprox_location_" type="filename" description="Répertoire ou nom de la page à rediriger" help="URL relative (sans le nom de domaine) redirigée pour l'adresse définie dans la variable ci-dessus (exemple &quot;/mail&quot;)" mandatory="True" multi="True" provider="revprox_location"/>
<variable name="revprox_url_" type="web_address" description="Domaine de destination ou URI complète" mandatory="True" help="Nom de domaine ou IP de destination, par exemple &quot;http://domainelocal&quot; ou URI, par exemple &quot;http://domainelocal/dir/&quot;" provider="revprox_url"/>
<variable name="revprox_is_websocket_" type="boolean" description="Le point d'entré est de types websocket" mandatory="True" provider="revprox_is_websocket"/>
</family>
</family>
</variables>

2
seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/funcs/nginx.py
View file

@ -1,5 +1,5 @@
from typing import List as _List
from utils import multi_function
from risotto.utils import multi_function
@multi_function

14
seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/templates/revprox-nginx.conf
View file

@ -39,7 +39,7 @@ server {
# Configuration HTTPS %%domainname
server {
listen 443 ssl;
listen 443 ssl http2;
ssl_certificate %%nginx_certificate_filename[%%idx];
ssl_certificate_key %%nginx_private_key_filename[%%idx];
ssl_client_certificate %%nginx_chain_filename[%%idx];
@ -51,12 +51,12 @@ server {
%for %%location in %%revprox['revprox_location_' + family]
location %%location {
# FIXME proxy_bind A.A.A.A;
%set %%location_str = %%str(%%location)
%if %%location_str != '/' and not %%location_str.endswith('/')
rewrite ^(%%location_str)$ $1/ permanent;
%end if
# FIXME proxy_bind A.A.A.A;
proxy_pass %%location['revprox_url_' + family];
# %if %%location['revprox_is_websocket_' + family]
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
# %else
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
@ -65,6 +65,7 @@ server {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Destination $dest;
# %end if
proxy_ssl_trusted_certificate /etc/pki/ca-trust/source/anchors/ca_ReverseProxy.crt;
proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
@ -73,6 +74,7 @@ server {
index error.html;
root /var/www/html;
}
# If user missing '/'
%if %%location_str != '/' and %%location_str.endswith('/')
location %%location_str[:-1] {
rewrite ^(%%location_str[:-1])$ $1/ permanent;

9
seed/applicationservice/2022.03.08/nsd/packer/image/scripts/20-nsd
View file

@ -1,9 +0,0 @@
#!/bin/bash
set -xe
[ -e /tmp/proxy.sh ] && . /tmp/proxy.sh
microdnf -y --nodocs --noplugins install nsd
# make_volatile /var/lib/nsd
exit 0

4
seed/applicationservice/2022.03.08/oauth2-client/dictionaries/30_oauth2_client.xml
View file

@ -68,11 +68,9 @@
<param name="dynamic" type="variable">oauth2_client_id</param>
<target>oauth2_client_token_signature_algo</target>
</check>
<fill name="calc_value">
<param>https://</param>
<fill name="calc_oauth2_client_external">
<param type="variable" optional="True">revprox_client_external_domainname</param>
<param type="variable" optional="True">revprox_client_location</param>
<param name="join"></param>
<target>oauth2_client_external</target>
</fill>
<condition name="disabled_if_in" source="oauth2_is_client_application">

7
seed/applicationservice/2022.03.08/openldap-server/packer/image/scripts/20-openldap-server
View file

@ -1,7 +0,0 @@
#!/bin/bash
set -xe
microdnf -y --nodocs --noplugins install openldap-servers
exit 0

2
seed/applicationservice/2022.03.08/postgresql-server/manual/image/preinstall/postgresql_server.sh
View file

@ -1 +1 @@
PKG="$PKG postgresql-server glibc-langpack-fr"
PKG="$PKG postgresql-server"

2
seed/applicationservice/2022.03.08/provider-systemd-machined/dictionaries/21-machined.xml
View file

@ -15,7 +15,7 @@
<variable name="container_config_path" type="filename" description="Nom du répertoire racine des configurations">
<value>/var/lib/risotto/configurations</value>
</variable>
<variable name="host" type="hostname" description="Machine où est démarrer le conteneur" mandatory="True"/>
<variable name="host" type="domainname" description="Machine où est démarrer le conteneur" mandatory="True"/>
<variable name="external_ports" type="port" description="Port exposé depuis l'extérieur" multi="True"/>
<variable name="srv_dir" type="filename" hidden="True"/>
<variable name="config_dir" type="filename" hidden="True" mandatory="True"/>

26
seed/applicationservice/2022.03.08/reverse-proxy-client/dictionaries/20_nginx_client.xml
View file

@ -12,9 +12,14 @@
<variable name="revprox_client_server_domainname" type="domainname" description="Nom de domaine du serveur mandataire inverse" mandatory='True'/>
<variable name="revprox_client_server_ip" type="ip" hidden='True'/>
<variable name="revprox_client_external_domainname" type="domainname" description="Nom de domaine exterieur du serveur" mandatory='True' provider="external_domainname"/>
<variable name="revprox_client_location" type="filename" description="Nom de l'arborescence racine du site" mandatory="True">
<value>/</value>
</variable>
<family name="revprox_client" description="Point d'entré des clients" leadership="True">
<variable name="revprox_client_location" type="filename" description="Nom de l'arborescence racine du site" mandatory="True" multi="True">
<value>/</value>
</variable>
<variable name="revprox_client_is_websocket" type="boolean" description="Le point d'entré est de types websocket" mandatory="True">
<value>False</value>
</variable>
</family>
<variable name="revprox_client_local_location" type="filename" description="Nom de l'arborescene racine du site localement" hidden='True'/>
<variable name="revprox_client_web_address" type="web_address" description="Nom de domaine du client du mandataire inverse" hidden='True'/>
<variable name="revprox_client_port" type="port" description="Port du client du mandataire inverse" hidden='True'>
@ -58,7 +63,7 @@
</fill>
<fill name="set_linked">
<param name="linked_server" type="variable">revprox_client_server_domainname</param>
<param name="linked_provider">clients</param>
<param name="linked_provider">revprox_clients</param>
<param name="linked_value" type="variable">revprox_client_external_domainname</param>
<param name="linked_returns">ip</param>
<param name="dynamic">0</param>
@ -66,15 +71,22 @@
</fill>
<check name="set_linked_configuration">
<param name="linked_server" type="variable">revprox_client_server_domainname</param>
<param name="linked_provider">location</param>
<param name="linked_provider">revprox_location</param>
<param name="dynamic" type="variable">revprox_client_external_domainname</param>
<target>revprox_client_location</target>
</check>
<check name="set_linked_configuration">
<param name="linked_server" type="variable">revprox_client_server_domainname</param>
<param name="leader_provider">location</param>
<param name="linked_provider">revprox_is_websocket</param>
<param name="dynamic" type="variable">revprox_client_external_domainname</param>
<param name="leader_index" type="index"/>
<target>revprox_client_is_websocket</target>
</check>
<check name="set_linked_configuration">
<param name="linked_server" type="variable">revprox_client_server_domainname</param>
<param name="linked_provider">revprox_url</param>
<param name="leader_provider">revprox_location</param>
<param name="leader_value" type="variable">revprox_client_location</param>
<param name="linked_provider">url</param>
<param name="dynamic" type="variable">revprox_client_external_domainname</param>
<target>revprox_client_web_address</target>
</check>

9
seed/applicationservice/2022.03.08/roundcube/dictionaries/31_roundcube.xml
View file

@ -12,11 +12,6 @@
<family name="roundcube" description="Interface web de consultation des courriels Roundcube">
<variable name="roundcube_des_key" type="secret" auto_freeze="True" hidden="True"/>
</family>
<family name="nginx">
<variable name="revprox_client_location" redefine="True">
<value>/roundcube</value>
</variable>
</family>
<family name="oauth2_client">
<variable name="oauth2_is_client_application" redefine='True'>
<value>True</value>
@ -37,12 +32,10 @@
<param name="type">cleartext</param>
<target>roundcube_des_key</target>
</fill>
<fill name="calc_value">
<param>https://</param>
<fill name="calc_oauth2_client_external">
<param type="variable" optional="True">revprox_client_external_domainname</param>
<param type="variable" optional="True">revprox_client_location</param>
<param>/index.php/login/oauth</param>
<param name="join"></param>
<target>oauth2_client_login</target>
</fill>
</constraints>

9
seed/applicationservice/2022.03.08/unbound/packer/image/scripts/20-unbound
View file

@ -1,9 +0,0 @@
#!/bin/bash
set -xe
[ -e /tmp/proxy.sh ] && . /tmp/proxy.sh
microdnf -y --nodocs --noplugins install unbound
make_volatile /var/lib/unbound
exit 0

7
seed/applicationservice/2022.03.08/unbound/templates/unbound.conf
View file

@ -578,6 +578,13 @@ server:
# Ignore chain of trust. Domain is treated as insecure.
# domain-insecure: "example.com"
#>GNUNUX
%for %%authority in %%unbound_forward_address
%for %%zone in %%authority.unbound_forward_zones
domain-insecure: "%%zone"
%end for
%end for
#<GNUNUX
# Override the date for validation with a specific fixed date.
# Do not set this unless you are debugging signature inception

19
seed/applicationservice/2022.03.08/vaultwarden/dictionaries/20_vaultwarden.xml
View file

@ -9,10 +9,14 @@
</services>
<variables>
<family name="nginx">
<variable name="revprox_client_location" redefine="True">
<value>/vaultwarden</value>
</variable>
<variable name="revprox_client_cert_group" redefine="True" hidden="True">
<family name="revprox_client">
<variable name="revprox_client_location" redefine="True">
<value>/</value>
<value>/notifications/hub</value>
<value>/notifications/hub/negotiate</value>
</variable>
</family>
<variable name="revprox_client_cert_owner" redefine="True" hidden="True">
<value>vaultwarden</value>
</variable>
</family>
@ -42,5 +46,12 @@
<fill name="gen_uuid">
<target>vaultwarden_device_identifier</target>
</fill>
<fill name="calc_value">
<param type="boolean">True</param>
<param name="default" type="boolean">False</param>
<param name="condition" type="variable">revprox_client_location</param>
<param name="expected">/notifications/hub</param>
<target>revprox_client_is_websocket</target>
</fill>
</constraints>
</rougail>

3
seed/applicationservice/2022.03.08/vaultwarden/manual/image/postinstall/vaultwarden.sh Normal file
View file

@ -0,0 +1,3 @@
# locale in jslib/common/src/models/domain/globalState.ts is "en" by default, change it to "fr"
# this information is store in browser local storage
sed -i 's/this.locale="en",/this.locale="fr",/g' $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/share/vaultwarden/app/main.*.js

12
seed/applicationservice/2022.03.08/vaultwarden/templates/vaultwarden_config.env
View file

@ -256,7 +256,11 @@ INVITATION_ORG_NAME=%%vaultwarden_org_name
## For U2F to work, the server must use HTTPS, you can use Let's Encrypt for free certs
# DOMAIN=https://bw.domain.tld:8443
#>GNUNUX
DOMAIN=https://%%revprox_client_external_domainname%%revprox_client_location
%set %%location = %%str(%%revprox_client_location[0])
%if %%location.endswith('/')
%set %%location = %%location[:-1]
%end if
DOMAIN=https://%%revprox_client_external_domainname%%location
#<GNUNUX
## Allowed iframe ancestors (Know the risks!)
@ -305,7 +309,7 @@ DOMAIN=https://%%revprox_client_external_domainname%%revprox_client_location
# ROCKET_TLS={certs="/path/to/certs.pem",key="/path/to/key.pem"}
#>GNUNUX
ROCKET_PORT=443
ROCKET_TLS='{certs="/etc/pki/tls/certs/revproxy.crt",key="/etc/pki/tls/private/revproxy.key"}'
ROCKET_TLS='{certs="/etc/pki/tls/certs/revprox.crt",key="/etc/pki/tls/private/revprox.key"}'
#<GNUNUX
## Mail specific settings, set SMTP_HOST and SMTP_FROM to enable the mail service.
@ -322,9 +326,9 @@ ROCKET_TLS='{certs="/etc/pki/tls/certs/revproxy.crt",key="/etc/pki/tls/private/r
# SMTP_TIMEOUT=15
#>GNUNUX
SMTP_HOST=%%smtp_relay_address
SMTP_FROM=root@%%domain_name_eth0
SMTP_FROM=%%vaultwarden_admin_email
SMTP_FROM_NAME=%%domain_name_eth0
SMTP_PORT=587
SMTP_PORT=25
SMTP_SSL=true
#SMTP_EXPLICIT_TLS=true
SMTP_TIMEOUT=15