forked from stove/dataset
Compare commits
3 commits
3f631b1d5b
...
1951438f20
| Author | SHA1 | Date | |
|---|---|---|---|
|
1951438f20 | ||
|
|
6dd625670e | ||
|
|
41c8b44bd1 |
44 changed files with 142 additions and 41 deletions
|
|
@ -1,5 +1,5 @@
|
||||||
format: '0.1'
|
format: '0.1'
|
||||||
description: Information de base d'un serveur Debian
|
description: Information de base d'un serveur Debian
|
||||||
depends:
|
depends:
|
||||||
- base
|
- base-machine
|
||||||
- systemd
|
- systemd
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,10 @@
|
||||||
<?xml version="1.0" encoding="utf-8"?>
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
<rougail version="0.10">
|
<rougail version="0.10">
|
||||||
|
<services>
|
||||||
|
<service name="base">
|
||||||
|
<file engine="none">/etc/pam.d/login</file>
|
||||||
|
</service>
|
||||||
|
</services>
|
||||||
<variables>
|
<variables>
|
||||||
<variable name="os_version" type="string" description="Version de l'OS" hidden="True">
|
<variable name="os_version" type="string" description="Version de l'OS" hidden="True">
|
||||||
<value>36</value>
|
<value>36</value>
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1 @@
|
||||||
|
BASE_PKG="$BASE_PKG pam"
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
format: '0.1'
|
format: '0.1'
|
||||||
description: Information de base d'un serveur Fedora
|
description: Information de base d'un serveur Fedora
|
||||||
depends:
|
depends:
|
||||||
- base
|
- base-machine
|
||||||
- systemd
|
- systemd
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
BASE_PKG="systemd systemd-networkd systemd-resolved fedora-release-container lsof strace glibc-langpack-fr"
|
BASE_PKG="systemd systemd-networkd systemd-resolved fedora-release-container lsof strace glibc-langpack-fr $BASE_PKG"
|
||||||
INSTALL_TOOL="dnf"
|
INSTALL_TOOL="dnf"
|
||||||
OS_NAME='fedora'
|
OS_NAME='fedora'
|
||||||
REPO_DIR="$IMAGE_NAME_RISOTTO_IMAGE_DIR/etc/yum.repos.d/"
|
REPO_DIR="$IMAGE_NAME_RISOTTO_IMAGE_DIR/etc/yum.repos.d/"
|
||||||
|
|
|
||||||
|
|
@ -8,4 +8,3 @@ ExecStart=/usr/bin/update-ca-trust
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,4 @@
|
||||||
|
format: '0.1'
|
||||||
|
description: Base information for a machine
|
||||||
|
depends:
|
||||||
|
- base
|
||||||
|
|
@ -46,8 +46,6 @@
|
||||||
</fill>
|
</fill>
|
||||||
<fill name="get_ip">
|
<fill name="get_ip">
|
||||||
<param name="server_name" type="information">server_name</param>
|
<param name="server_name" type="information">server_name</param>
|
||||||
<param name="zones_name" type="information">zones_name</param>
|
|
||||||
<param name="index" type="suffix"/>
|
|
||||||
<target>ip_eth</target>
|
<target>ip_eth</target>
|
||||||
</fill>
|
</fill>
|
||||||
<!-- Return "server_name" only for domain_name_eth0 -->
|
<!-- Return "server_name" only for domain_name_eth0 -->
|
||||||
|
|
@ -1,5 +1,4 @@
|
||||||
import __main__
|
import __main__
|
||||||
from typing import List
|
|
||||||
from secrets import token_urlsafe as _token_urlsafe, token_hex as _token_hex
|
from secrets import token_urlsafe as _token_urlsafe, token_hex as _token_hex
|
||||||
from string import ascii_letters as _ascii_letters
|
from string import ascii_letters as _ascii_letters
|
||||||
from random import choice as _choice
|
from random import choice as _choice
|
||||||
|
|
@ -7,7 +6,7 @@ from os.path import dirname as _dirname, abspath as _abspath, join as _join, isf
|
||||||
from os import makedirs as _makedirs
|
from os import makedirs as _makedirs
|
||||||
|
|
||||||
|
|
||||||
from risotto.utils import load_domains, DOMAINS, ZONES_SERVER
|
from risotto.utils import ZONES_SERVER
|
||||||
|
|
||||||
|
|
||||||
_HERE = _dirname(_abspath(__main__.__file__))
|
_HERE = _dirname(_abspath(__main__.__file__))
|
||||||
|
|
@ -103,16 +102,6 @@ def get_domain_name(server_name: str,
|
||||||
return extra_domainnames[index - 1]
|
return extra_domainnames[index - 1]
|
||||||
|
|
||||||
|
|
||||||
def get_ip(server_name: str,
|
|
||||||
zones_name: List[str],
|
|
||||||
index: str,
|
|
||||||
) -> str:
|
|
||||||
load_domains()
|
|
||||||
host_name, domain_name = server_name.split('.', 1)
|
|
||||||
domain = DOMAINS[domain_name]
|
|
||||||
return domain[1][domain[0].index(host_name)]
|
|
||||||
|
|
||||||
|
|
||||||
def get_provider_name(network_name: str,
|
def get_provider_name(network_name: str,
|
||||||
provider: str,
|
provider: str,
|
||||||
) -> str:
|
) -> str:
|
||||||
|
|
@ -5,6 +5,8 @@ from os.path import join
|
||||||
from filecmp import dircmp
|
from filecmp import dircmp
|
||||||
from difflib import unified_diff
|
from difflib import unified_diff
|
||||||
from sys import stdout, argv
|
from sys import stdout, argv
|
||||||
|
from os import walk
|
||||||
|
from os.path import join
|
||||||
from datetime import datetime, timezone
|
from datetime import datetime, timezone
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -13,16 +15,16 @@ OLD_DIR = argv[2]
|
||||||
NEW_DIR = argv[3]
|
NEW_DIR = argv[3]
|
||||||
WEBSITE = len(argv) != 5
|
WEBSITE = len(argv) != 5
|
||||||
|
|
||||||
FILES = []
|
|
||||||
def diff_files(dcmp):
|
def diff_files(dcmp):
|
||||||
|
files = []
|
||||||
for name in dcmp.diff_files:
|
for name in dcmp.diff_files:
|
||||||
FILES.append(join(dcmp.right[len(NEW_DIR):], name))
|
files.append(join(dcmp.right[len(NEW_DIR):], name))
|
||||||
for sub_dcmp in dcmp.subdirs.values():
|
for sub_dcmp in dcmp.subdirs.values():
|
||||||
diff_files(sub_dcmp)
|
files.extend(diff_files(sub_dcmp))
|
||||||
|
return files
|
||||||
|
|
||||||
|
|
||||||
dcmp = dircmp(OLD_DIR, NEW_DIR)
|
dcmp = dircmp(OLD_DIR, NEW_DIR)
|
||||||
diff_files(dcmp)
|
|
||||||
|
|
||||||
date = datetime.now(timezone.utc).isoformat()
|
date = datetime.now(timezone.utc).isoformat()
|
||||||
title = f"Nouvelle version de la configuration de {os_name}"
|
title = f"Nouvelle version de la configuration de {os_name}"
|
||||||
|
|
@ -42,18 +44,19 @@ authors = ["Automate"]
|
||||||
[extra]
|
[extra]
|
||||||
lead = "{subtitle}."
|
lead = "{subtitle}."
|
||||||
type = "installe"
|
type = "installe"
|
||||||
+++
|
+++""")
|
||||||
""")
|
|
||||||
TITLE = True
|
TITLE = True
|
||||||
else:
|
else:
|
||||||
TITLE = False
|
TITLE = False
|
||||||
for filename in FILES:
|
|
||||||
|
|
||||||
|
for filename in diff_files(dcmp):
|
||||||
if not TITLE:
|
if not TITLE:
|
||||||
print(title)
|
print(title)
|
||||||
print("=" * len(title))
|
print("=" * len(title))
|
||||||
print()
|
print()
|
||||||
TITLE = True
|
TITLE = True
|
||||||
print(f'- mise à jour du fichier {filename} :\n')
|
print(f'\n- mise à jour du fichier {filename} :\n')
|
||||||
try:
|
try:
|
||||||
with open(join(OLD_DIR, filename[1:]), 'r') as ori:
|
with open(join(OLD_DIR, filename[1:]), 'r') as ori:
|
||||||
ori_content = ori.readlines()
|
ori_content = ori.readlines()
|
||||||
|
|
@ -68,3 +71,26 @@ for filename in FILES:
|
||||||
print(line.rstrip())
|
print(line.rstrip())
|
||||||
if WEBSITE:
|
if WEBSITE:
|
||||||
print('```')
|
print('```')
|
||||||
|
|
||||||
|
|
||||||
|
old = set()
|
||||||
|
new = set()
|
||||||
|
for rootname, set_ in ((OLD_DIR, old), (NEW_DIR, new)):
|
||||||
|
len_rootname = len(rootname) + 1
|
||||||
|
for dirname, _, filenames in walk(rootname):
|
||||||
|
for filename in filenames:
|
||||||
|
set_.add(join(dirname[len_rootname:], filename))
|
||||||
|
|
||||||
|
|
||||||
|
for filename in old - new:
|
||||||
|
print(f'\n- fichier {filename} supprimé.\n')
|
||||||
|
|
||||||
|
|
||||||
|
for filename in new - old:
|
||||||
|
print(f'\n- fichier {filename} ajouté :\n')
|
||||||
|
with open(join(NEW_DIR, filename), 'r') as fh:
|
||||||
|
if WEBSITE:
|
||||||
|
print('```')
|
||||||
|
print(fh.read())
|
||||||
|
if WEBSITE:
|
||||||
|
print('```')
|
||||||
|
|
@ -5,7 +5,7 @@ if [ -z "$HOST_NAME" ]; then
|
||||||
echo "usage: $0 host name"
|
echo "usage: $0 host name"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
apt install --yes systemd-container dnf jq debootstrap htop gettext patch unzip mlocate
|
apt install --yes systemd-container dnf jq debootstrap htop gettext patch unzip mlocate xz-utils
|
||||||
systemd-tmpfiles --create --clean --remove $PWD/host/configurations/$HOST_NAME/tmpfiles.d/0asystemd-nspawn.conf
|
systemd-tmpfiles --create --clean --remove $PWD/host/configurations/$HOST_NAME/tmpfiles.d/0asystemd-nspawn.conf
|
||||||
systemd-tmpfiles --create --clean --remove $PWD/host/configurations/$HOST_NAME/tmpfiles.d/0rougail.conf
|
systemd-tmpfiles --create --clean --remove $PWD/host/configurations/$HOST_NAME/tmpfiles.d/0rougail.conf
|
||||||
systemctl daemon-reload
|
systemctl daemon-reload
|
||||||
|
|
@ -1,2 +1,2 @@
|
||||||
format: '0.1'
|
format: '0.1'
|
||||||
description: Information de base d'un serveur
|
description: Base
|
||||||
|
|
|
||||||
9
seed/applicationservice/2022.03.08/base/funcs/base.py
Normal file
9
seed/applicationservice/2022.03.08/base/funcs/base.py
Normal file
|
|
@ -0,0 +1,9 @@
|
||||||
|
from typing import List
|
||||||
|
from risotto.utils import load_domains, DOMAINS
|
||||||
|
|
||||||
|
|
||||||
|
def get_ip(server_name: str) -> str:
|
||||||
|
load_domains()
|
||||||
|
host_name, domain_name = server_name.split('.', 1)
|
||||||
|
domain = DOMAINS[domain_name]
|
||||||
|
return domain[1][domain[0].index(host_name)]
|
||||||
|
|
@ -51,7 +51,7 @@
|
||||||
</services>
|
</services>
|
||||||
<variables>
|
<variables>
|
||||||
<family name="network">
|
<family name="network">
|
||||||
<variable name="external_ports" redefine="True">
|
<variable name="incoming_ports" redefine="True">
|
||||||
<value>587</value>
|
<value>587</value>
|
||||||
<value>993</value>
|
<value>993</value>
|
||||||
</variable>
|
</variable>
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,7 @@
|
||||||
</services>
|
</services>
|
||||||
<variables>
|
<variables>
|
||||||
<family name="network">
|
<family name="network">
|
||||||
<variable name="external_ports" redefine="True">
|
<variable name="incoming_ports" redefine="True">
|
||||||
<value>2222</value>
|
<value>2222</value>
|
||||||
</variable>
|
</variable>
|
||||||
</family>
|
</family>
|
||||||
|
|
|
||||||
|
|
@ -1,2 +1,4 @@
|
||||||
format: '0.1'
|
format: '0.1'
|
||||||
description: Configure Systemd Machined
|
description: Configure Systemd Machined
|
||||||
|
depends:
|
||||||
|
- base
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,8 @@
|
||||||
<file file_type="variable" source="70-container.network" variable="zone_name">systemd_zone_filename</file>
|
<file file_type="variable" source="70-container.network" variable="zone_name">systemd_zone_filename</file>
|
||||||
<file file_type="variable" source="70-container.netdev" variable="zone_name">systemd_netzone_filename</file>
|
<file file_type="variable" source="70-container.netdev" variable="zone_name">systemd_netzone_filename</file>
|
||||||
</service>
|
</service>
|
||||||
|
<service name="risottofirewall" engine="creole" target="multi-user">
|
||||||
|
</service>
|
||||||
<service name="systemd-nspawn@">
|
<service name="systemd-nspawn@">
|
||||||
<file>/tmpfiles.d/0asystemd-nspawn.conf</file>
|
<file>/tmpfiles.d/0asystemd-nspawn.conf</file>
|
||||||
<file>/etc/systemd/system/systemd-nspawn@.service.d/systemd-nspawn@.conf</file>
|
<file>/etc/systemd/system/systemd-nspawn@.service.d/systemd-nspawn@.conf</file>
|
||||||
|
|
|
||||||
|
|
@ -2,7 +2,7 @@ Providers
|
||||||
=========
|
=========
|
||||||
|
|
||||||
- machines : nom de domaine des machines (au sens systemd-machined) exécuté sur l'hôte (c'est une variable multiple). Cette variable est une variable meneuse, les variables suivantes sont des variables suiveuses.
|
- machines : nom de domaine des machines (au sens systemd-machined) exécuté sur l'hôte (c'est une variable multiple). Cette variable est une variable meneuse, les variables suivantes sont des variables suiveuses.
|
||||||
- external_ports : ports rendu accessible depuis l'extérieur (cette variable est multiple).
|
- incoming_ports : ports rendu accessible depuis l'extérieur (cette variable est multiple).
|
||||||
- machine_srv : répertoire contenant le répertoire /srv de la machine (cette variable n'est pas obligatoire).
|
- machine_srv : répertoire contenant le répertoire /srv de la machine (cette variable n'est pas obligatoire).
|
||||||
- marchine_journal : répertoire contenant le répertoire /var/log/journal de la machine.
|
- marchine_journal : répertoire contenant le répertoire /var/log/journal de la machine.
|
||||||
- machine_config : répertoire contenant le répertoire /usr/local/lib de la machine.
|
- machine_config : répertoire contenant le répertoire /usr/local/lib de la machine.
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,8 @@
|
||||||
<variables>
|
<variables>
|
||||||
<variable name="machines" description="Machines started in this host" type="domainname" multi="True" provider="machines"/>
|
<variable name="machines" description="Machines started in this host" type="domainname" multi="True" provider="machines"/>
|
||||||
<family name="machine_" description="Machine " dynamic="machined.machines">
|
<family name="machine_" description="Machine " dynamic="machined.machines">
|
||||||
<variable name="external_ports_" description="External ports for " hidden="True" type="port" multi="True" provider="external_ports"/>
|
<variable name="incoming_ports_" description="Incomming external ports for " hidden="True" type="port" multi="True" provider="incoming_ports"/>
|
||||||
|
<variable name="outgoing_ports_" description="Outcoming external ports for " hidden="True" type="port" multi="True" provider="outgoing_ports"/>
|
||||||
<variable name="srv_dir_" description="Directory with srv volume for " hidden="True" type="filename" provider="machine_srv"/>
|
<variable name="srv_dir_" description="Directory with srv volume for " hidden="True" type="filename" provider="machine_srv"/>
|
||||||
<variable name="journal_dir_" description="Directory with journal volume for " hidden="True" type="filename" provider="machine_journal"/>
|
<variable name="journal_dir_" description="Directory with journal volume for " hidden="True" type="filename" provider="machine_journal"/>
|
||||||
<variable name="config_dir_" description="Directory with configuration volume for " hidden="True" type="filename" provider="machine_config" mandatory="True"/>
|
<variable name="config_dir_" description="Directory with configuration volume for " hidden="True" type="filename" provider="machine_config" mandatory="True"/>
|
||||||
|
|
|
||||||
|
|
@ -23,6 +23,6 @@ VirtualEthernetExtra=%%intname[:15]:host%%idx
|
||||||
%end if
|
%end if
|
||||||
%end for
|
%end for
|
||||||
%end if
|
%end if
|
||||||
%for %%port in %%container['external_ports_' + %%name]
|
%for %%port in %%container['incoming_ports_' + %%name]
|
||||||
Port=tcp:%%port:%%port
|
Port=tcp:%%port:%%port
|
||||||
%end for
|
%end for
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,24 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Firewall for Risotto
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
%for %%dns in %%machined.machines
|
||||||
|
%set %%machine = %%normalize_family(%%dns)
|
||||||
|
%set %%outgoing = %%machined['machine_' + %%machine]['outgoing_ports_' + %%machine]
|
||||||
|
%if %%outgoing
|
||||||
|
%for %%port in %%outgoing
|
||||||
|
%if ':' in %%port
|
||||||
|
%set %%protocol, %%port = %%port.split(':')
|
||||||
|
%else
|
||||||
|
%set %%protocol = 'tcp'
|
||||||
|
%end if
|
||||||
|
ExecStart=/sbin/iptables -t nat -A POSTROUTING -s %%get_ip(%%dns) -p %%protocol -m %%protocol --dport %%port -o enp3s0 -j MASQUERADE
|
||||||
|
ExecStop=-/sbin/iptables -t nat -D POSTROUTING -s %%get_ip(%%dns) -p %%protocol -m %%protocol --dport %%port -o enp3s0 -j MASQUERADE
|
||||||
|
%end for
|
||||||
|
%end if
|
||||||
|
%end for
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
|
@ -11,7 +11,7 @@
|
||||||
</services>
|
</services>
|
||||||
<variables>
|
<variables>
|
||||||
<family name="network">
|
<family name="network">
|
||||||
<variable name="external_ports" redefine="True">
|
<variable name="incoming_ports" redefine="True">
|
||||||
<value>80</value>
|
<value>80</value>
|
||||||
<value>443</value>
|
<value>443</value>
|
||||||
</variable>
|
</variable>
|
||||||
|
|
|
||||||
|
|
@ -2,5 +2,5 @@ format: '0.1'
|
||||||
description: Configuration du serveur faisant autorité NSD
|
description: Configuration du serveur faisant autorité NSD
|
||||||
service: true
|
service: true
|
||||||
depends:
|
depends:
|
||||||
- base-fedora-35
|
- base-fedora-36
|
||||||
provider: LocalDNS
|
provider: LocalDNS
|
||||||
|
|
|
||||||
|
|
@ -11,6 +11,7 @@
|
||||||
<file file_type="variable" source="nsd.signed" variable="nsd_reverse_filenames">nsd_reverse_filenames_signed</file>
|
<file file_type="variable" source="nsd.signed" variable="nsd_reverse_filenames">nsd_reverse_filenames_signed</file>
|
||||||
<file engine="none" source="sysuser-nsd.conf">/sysusers.d/0nsd.conf</file>
|
<file engine="none" source="sysuser-nsd.conf">/sysusers.d/0nsd.conf</file>
|
||||||
<file engine="none" source="tmpfile-nsd.conf">/tmpfiles.d/0nsd.conf</file>
|
<file engine="none" source="tmpfile-nsd.conf">/tmpfiles.d/0nsd.conf</file>
|
||||||
|
<file>/tests/nsd.yml</file>
|
||||||
</service>
|
</service>
|
||||||
</services>
|
</services>
|
||||||
<variables>
|
<variables>
|
||||||
|
|
|
||||||
12
seed/applicationservice/2022.03.08/nsd/templates/nsd.yml
Normal file
12
seed/applicationservice/2022.03.08/nsd/templates/nsd.yml
Normal file
|
|
@ -0,0 +1,12 @@
|
||||||
|
address: '%%ip_eth0'
|
||||||
|
records:
|
||||||
|
%for %%domain in %%nsd_zones_all
|
||||||
|
%set %%suffix = %%normalize_family(%%domain)
|
||||||
|
%set %%hostnames = %%nsd["nsd_zone_" + %%suffix]["hostname_" + %%suffix]["hostname_" + %%suffix]
|
||||||
|
%for %%nsd in %%hostnames
|
||||||
|
%set %%type = %%nsd['type_' + %%suffix]
|
||||||
|
%if %%type == 'A'
|
||||||
|
%%{nsd}.%%domain: '%%nsd['ip_' + %%suffix]'
|
||||||
|
%end if
|
||||||
|
%end for
|
||||||
|
%end for
|
||||||
1
seed/applicationservice/2022.03.08/nsd/tests/FIXME
Normal file
1
seed/applicationservice/2022.03.08/nsd/tests/FIXME
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
python3-dnspython
|
||||||
14
seed/applicationservice/2022.03.08/nsd/tests/test_dns.py
Normal file
14
seed/applicationservice/2022.03.08/nsd/tests/test_dns.py
Normal file
|
|
@ -0,0 +1,14 @@
|
||||||
|
# DNSSEC : https://github.com/wubo1994/DNS-resolver-in-python3/blob/master/dnssec.py
|
||||||
|
from yaml import loads
|
||||||
|
from dns.resolver import Resolver
|
||||||
|
|
||||||
|
|
||||||
|
def test_nsd():
|
||||||
|
data = loads('./nsd.yml')
|
||||||
|
resolver = Resolver()
|
||||||
|
resolver.nameservers = [data['address']]
|
||||||
|
for dns, ip in data['records'].items():
|
||||||
|
records = resolver.resolve(dns, 'A')
|
||||||
|
ips = [record.address for record in records]
|
||||||
|
assert len(ips) == 1, f"le domaine {dns} n'a pas qu'une ip {ips}"
|
||||||
|
assert ips[0] == ip, f"l'IP du domaine {dns} n'est pas correct, attendu : {ip}, obtenu {ips[0}}"
|
||||||
|
|
@ -6,7 +6,6 @@
|
||||||
<file engine="none" source="sysuser-peertube.conf">/sysusers.d/0peertube.conf</file>
|
<file engine="none" source="sysuser-peertube.conf">/sysusers.d/0peertube.conf</file>
|
||||||
<file engine="none" source="tmpfile-peertube.conf">/tmpfiles.d/0peertube.conf</file>
|
<file engine="none" source="tmpfile-peertube.conf">/tmpfiles.d/0peertube.conf</file>
|
||||||
<file>/etc/peertube/production.yaml</file>
|
<file>/etc/peertube/production.yaml</file>
|
||||||
<file engine="none">/etc/pam.d/login</file>
|
|
||||||
<file source="nginx.peertube.conf">/etc/nginx/conf.d/peertube.conf</file>
|
<file source="nginx.peertube.conf">/etc/nginx/conf.d/peertube.conf</file>
|
||||||
</service>
|
</service>
|
||||||
</services>
|
</services>
|
||||||
|
|
|
||||||
|
|
@ -34,7 +34,10 @@
|
||||||
<variables>
|
<variables>
|
||||||
<family name="network">
|
<family name="network">
|
||||||
<variable name="dns_client_address" redefine="True"/>
|
<variable name="dns_client_address" redefine="True"/>
|
||||||
<variable name="external_ports" redefine="True">
|
<variable name="outgoing_ports" redefine="True">
|
||||||
|
<value>25</value>
|
||||||
|
</variable>
|
||||||
|
<variable name="incoming_ports" redefine="True">
|
||||||
<value>25</value>
|
<value>25</value>
|
||||||
</variable>
|
</variable>
|
||||||
</family>
|
</family>
|
||||||
|
|
|
||||||
|
|
@ -26,7 +26,8 @@
|
||||||
<value>False</value>
|
<value>False</value>
|
||||||
</variable>
|
</variable>
|
||||||
<family name="network">
|
<family name="network">
|
||||||
<variable name="external_ports" type="port" description="Ports exposés depuis l'extérieur" multi="True"/>
|
<variable name="incoming_ports" type="port" description="Ports exposés depuis l'extérieur" multi="True"/>
|
||||||
|
<variable name="outgoing_ports" type="port" description="Ports autorisés vers l'extérieur" multi="True"/>
|
||||||
<variable name="netwokd_interface_name_type" redefine="True">
|
<variable name="netwokd_interface_name_type" redefine="True">
|
||||||
<value>host</value>
|
<value>host</value>
|
||||||
</variable>
|
</variable>
|
||||||
|
|
@ -65,9 +66,15 @@
|
||||||
</check>
|
</check>
|
||||||
<check name="set_linked_configuration">
|
<check name="set_linked_configuration">
|
||||||
<param name="linked_server" type="variable">host</param>
|
<param name="linked_server" type="variable">host</param>
|
||||||
<param name="linked_provider">external_ports</param>
|
<param name="linked_provider">incoming_ports</param>
|
||||||
<param name="dynamic" type="variable">domain_name_eth0</param>
|
<param name="dynamic" type="variable">domain_name_eth0</param>
|
||||||
<target>external_ports</target>
|
<target>incoming_ports</target>
|
||||||
|
</check>
|
||||||
|
<check name="set_linked_configuration">
|
||||||
|
<param name="linked_server" type="variable">host</param>
|
||||||
|
<param name="linked_provider">outgoing_ports</param>
|
||||||
|
<param name="dynamic" type="variable">domain_name_eth0</param>
|
||||||
|
<target>outgoing_ports</target>
|
||||||
</check>
|
</check>
|
||||||
<check name="set_linked_configuration">
|
<check name="set_linked_configuration">
|
||||||
<param name="linked_server" type="variable">host</param>
|
<param name="linked_server" type="variable">host</param>
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
format: '0.1'
|
format: '0.1'
|
||||||
description: Configuration de systemd
|
description: Configuration de systemd
|
||||||
depends:
|
depends:
|
||||||
- base
|
- base-machine
|
||||||
|
|
|
||||||
|
|
@ -19,6 +19,10 @@
|
||||||
<family name="network">
|
<family name="network">
|
||||||
<variable name="dns_client_address" redefine="True" disabled="True"/>
|
<variable name="dns_client_address" redefine="True" disabled="True"/>
|
||||||
<variable name="ip_dns" redefine="True" remove_fill="True"/>
|
<variable name="ip_dns" redefine="True" remove_fill="True"/>
|
||||||
|
<variable name="outgoing_ports" redefine="True">
|
||||||
|
<value>udp:53</value>
|
||||||
|
<value>53</value>
|
||||||
|
</variable>
|
||||||
</family>
|
</family>
|
||||||
<family name='dns_resolver' description='Résolveur DNS'>
|
<family name='dns_resolver' description='Résolveur DNS'>
|
||||||
<variable name="unbound_allowed_client" type="ip" description="Réseau des clients autorisés à faire des requêtes DNS" multi="True" mandatory="True" provider="dns"/>
|
<variable name="unbound_allowed_client" type="ip" description="Réseau des clients autorisés à faire des requêtes DNS" multi="True" mandatory="True" provider="dns"/>
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue