seed/applicationservice/2022.03.08/base/manual/install/install_host

@@ -15,8 +15,6 @@ systemctl restart systemd-networkd
 systemctl enable systemd-resolved
 systemctl restart systemd-resolved
 # systemctl mask dev-hugepages.mount
-systemctl enable risotto-images.timer
-systemctl restart risotto-images.timer
 
 #nft add table nat
 #nft flush table nat;

seed/applicationservice/2022.03.08/base/manual/install/install_image

@@ -105,23 +105,25 @@ if [ -n "$COPR" ]; then
     cd - > /dev/null
 fi
 if [ "$FUSION" = true ]; then
-    dnf -y install "https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$RELEASEVER.noarch.rpm" --installroot="$IMAGE_NAME_RISOTTO_IMAGE_DIR" > /dev/null
+    dnf -y install "https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$RELEASEVER.noarch.rpm" --installroot="$IMAGE_NAME_RISOTTO_IMAGE_DIR"
 fi
 
 # FIXME verifier s'il y a des modifs sur pre/post
 if [ -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR".base.pkgs ] && [ -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR".pkgs ]; then
     echo "  - différence(s) avec les paquets de base"
-    diff -u "$IMAGE_NAME_RISOTTO_IMAGE_DIR".base.pkgs "$BASE_PKGS_FILE" && INSTALL=false || INSTALL=true
+    diff -u "$IMAGE_NAME_RISOTTO_IMAGE_DIR".base.pkgs "$BASE_PKGS_FILE" && NEW_BASE=false || NEW_BASE=true
+else
+    NEW_BASE=true
+fi
+new_package
+if [ "$NEW_BASE" = false ]; then
+    echo "  - différence(s) avec les paquets de l'image"
+    diff -u "$IMAGE_NAME_RISOTTO_IMAGE_DIR".pkgs "$IMAGE_NAME_RISOTTO_IMAGE_DIR".pkgs.new && INSTALL=false || INSTALL=true
 else
     INSTALL=true
 fi
-new_package
-if [ "$INSTALL" = false ]; then
-    echo "  - différence(s) avec les paquets de l'image"
-    diff -u "$IMAGE_NAME_RISOTTO_IMAGE_DIR".pkgs "$IMAGE_NAME_RISOTTO_IMAGE_DIR".pkgs.new && INSTALL=false || INSTALL=true
-fi
 find $IMAGE_NAME/manual -type f -exec md5sum '{}' \; > "$IMAGE_NAME_RISOTTO_IMAGE_DIR".md5sum.new
-if [ "$INSTALL" = false ]; then
+if [ "$NEW_BASE" = false ]; then
     diff -u "$IMAGE_NAME_RISOTTO_IMAGE_DIR".md5sum "$IMAGE_NAME_RISOTTO_IMAGE_DIR".md5sum.new && INSTALL=false || INSTALL=true
 fi
 if [ "$INSTALL" = true ]; then

seed/applicationservice/2022.03.08/dovecot/DOC.md

@@ -1,4 +0,0 @@
-Ajouter le domaine
-==================
-
-Ajouter le domaine autoconfig.xxxx.xx

seed/applicationservice/2022.03.08/dovecot/dictionaries/22_dovecot.xml

@@ -65,7 +65,6 @@
     <family name="mail" description="Mail domain" leadership="True">
       <variable name="mail_domains" type="domainname" description="Domaine de courriel géré localement" mandatory="True" multi="True"/>
       <variable name="mail_domains_calc" type="domainname" hidden="True"/>
-      <variable name="mail_domains_calc_autoconfig" type="domainname" hidden="True"/>
       <variable name="imap_domainname" type="domainname" mandatory="True"/>
       <variable name="submission_domainname" type="domainname" mandatory="True"/>
     </family>
@@ -79,7 +78,7 @@
       <variable name='external_imap_key' type="filename" hidden='True' multi='True'/>
     </family>
     <family name="nginx">
-      <variable name="revprox_client_external_domainnames" redefine="True" mandatory="False"/>
+      <variable name="revprox_client_external_domainname" redefine="True" mandatory="False"/>
       <family name="revprox_client">
         <variable name="revprox_client_location" redefine="True" mandatory="False">
           <value/>
@@ -128,12 +127,6 @@
       <param type="variable">mail_domains</param>
       <target>mail_domains_calc</target>
     </fill>
-    <fill name="calc_value">
-      <param>autoconfig</param>
-      <param type="variable">mail_domains</param>
-      <param name="join">.</param>
-      <target>mail_domains_calc_autoconfig</target>
-    </fill>
     <fill name="calc_value">
       <param>/var/www/html/mail/</param>
       <param type="variable">mail_domains</param>
@@ -143,19 +136,6 @@
       <param name="multi" type="boolean">True</param>
       <target>well_known_filenames</target>
     </fill>
-    <check name="set_linked_multi_variables">
-      <param type="variable">revprox_client_server_domainname</param>
-      <param name="linked_provider_0">revprox_clients</param>
-      <param name="linked_provider_1">revprox_location</param>
-      <param name="linked_value_1">/mail/config-v1.1.xml</param>
-      <param name="linked_provider_2">revprox_is_websocket</param>
-      <param name="linked_value_2" type="boolean">False</param>
-      <param name="linked_provider_3">revprox_url</param>
-      <param name="linked_value_3" type="variable">well_knowns</param>
-      <param name="variable_index_3" type="boolean">True</param>
-      <param name="variable_index" type="index"/>
-      <target>mail_domains_calc_autoconfig</target>
-    </check>
     <check name="set_linked_multi_variables">
       <param type="variable">revprox_client_server_domainname</param>
       <param name="linked_provider_0">revprox_clients</param>
@@ -165,8 +145,6 @@
       <param name="linked_value_2" type="boolean">False</param>
       <param name="linked_provider_3">revprox_url</param>
       <param name="linked_value_3" type="variable">well_knowns</param>
-      <param name="variable_index_3" type="boolean">True</param>
-      <param name="variable_index" type="index"/>
       <target>mail_domains_calc</target>
     </check>
     <check name="set_linked_multi_variables">
@@ -178,8 +156,6 @@
       <param name="linked_value_2" type="boolean">False</param>
       <param name="linked_provider_3">revprox_url</param>
       <param name="linked_value_3" type="variable">well_knowns</param>
-      <param name="variable_index_3" type="boolean">True</param>
-      <param name="variable_index" type="index"/>
       <target>mail_domains_calc</target>
     </check>
     <fill name="calc_well_known">

seed/applicationservice/2022.03.08/dovecot/templates/dovecot-ldap.conf.ext

@@ -81,9 +81,6 @@ tls_require_cert = hard
 # is still used, only the password field is ignored in it. Before doing any
 # search, the binding is switched back to the default DN.
 #auth_bind = no
-#>GNUNUX
-auth_bind = yes
-#<GNUNUX
 
 # If authentication binding is used, you can save one LDAP request per login
 # if users' DN can be specified with a common template. The template can use
@@ -100,6 +97,10 @@ auth_bind = yes
 #   auth_bind_userdn = cn=%u,ou=people,o=org
 #
 #auth_bind_userdn =
+#>GNUNUX
+auth_bind = yes
+auth_bind_userdn = cn=%u,%%ldapclient_base_dn
+#<GNUNUX
 
 # LDAP protocol version to use. Likely 2 or 3.
 #ldap_version = 3
@@ -107,7 +108,7 @@ auth_bind = yes
 # LDAP base. %variables can be used here.
 # For example: dc=mail, dc=example, dc=org
 # GNUNUX base =
-base = %%calc_ldapclient_base_dn(%%ldap_base_dn, None, accounts=True)
+base = %%ldapclient_base_dn
 
 # Dereference: never, searching, finding, always
 #deref = never
@@ -136,7 +137,7 @@ user_attrs = homeDirectory=home
 #   %d - domain part in user@domain, empty if user there's no domain
 #user_filter = (&(objectClass=posixAccount)(uid=%u))
 #>GNUNUX
-user_filter = (&(objectClass=inetOrgPerson)(mail=%u))
+user_filter = (&(objectClass=inetOrgPerson)(cn=%u))
 #<GNUNUX
 
 # Password checking attributes:

seed/applicationservice/2022.03.08/dovecot/templates/ldapsource.cf

@@ -9,5 +9,5 @@ bind = yes
 bind_dn = %%ldapclient_remote_user
 bind_pw = %%ldapclient_remote_user_password
 search_base = %%calc_ldapclient_base_dn(%%ldap_base_dn, None, accounts=True)
-query_filter = (mailLocalAddress=%s)
+query_filter = (mail=%s)
 result_attribute = cn

seed/applicationservice/2022.03.08/gitea/dictionaries/31_gitea.xml

@@ -13,9 +13,7 @@
       <value>2222</value>
     </variable>
     <family name="gitea" description="Gitea" help="Git forge Gitea">
-      <variable name="gitea_title" mandatory="True" description="Titre de la forge">
+      <variable name="gitea_title" mandatory="True" description="Titre de la forge"/>
-        <value>Gitea: Git avec une tasse de thé</value>
-      </variable>
       <variable name="gitea_mail_sender" type="mail" description="Les courriels sont envoyés à partir de cet adresse" mandatory="True"/>
       <variable name="gitea_secret_key" type="password" hidden="True"/>
       <variable name="gitea_internal_token" type="password" hidden="True"/>
@@ -58,6 +56,12 @@
     </family>
   </variables>
   <constraints>
+    <fill name="calc_value">
+      <param>Gitea: Git with a cup of tea for</param>
+      <param type="variable">revprox_client_external_domainname</param>
+      <param name="join" type="space"/>
+      <target>gitea_title</target>
+    </fill>
     <fill name="get_password">
       <param name="server_name" type="variable">domain_name_eth0</param>
       <param name="username">secret_key</param>
@@ -83,7 +87,7 @@
       <target>gitea_lfs_jwt_secret</target>
     </fill>
     <fill name="calc_oauth2_client_external">
-      <param type="variable" optional="True">revprox_client_external_domainnames</param>
+      <param type="variable" optional="True">revprox_client_external_domainname</param>
       <param type="variable" optional="True">revprox_client_location</param>
       <param>user/oauth2/</param>
       <param type="variable">domain_name_eth0</param>
@@ -91,7 +95,7 @@
       <target>oauth2_client_login</target>
     </fill>
     <fill name="calc_oauth2_client_external">
-      <param type="variable">revprox_client_external_domainnames</param>
+      <param type="variable">revprox_client_external_domainname</param>
       <param type="variable">revprox_client_location</param>
       <param>user/oauth2/</param>
       <param type="variable">domain_name_eth0</param>

seed/applicationservice/2022.03.08/gitea/manual/image/postinstall/gitea.sh

@@ -4,20 +4,20 @@ set -ex
 
 gpg --keyserver keys.openpgp.org --recv 7C9E68152594688862D62AF62D9AE806EC1592E2
 
-VERS=$(wget https://dl.gitea.io/gitea/version.json -q -O - | jq -r '.latest.version')
+VERSION=$(wget https://dl.gitea.io/gitea/version.json -q -O - | jq -r '.latest.version')
 
 mkdir -p ~/gitea/
 
-if [ ! -f ~/"gitea/gitea-$VERS-linux-amd64.xz" ]; then
+if [ ! -f ~/"gitea/gitea-$VERSION-linux-amd64.xz" ]; then
-    wget "https://dl.gitea.io/gitea/$VERS/gitea-$VERS-linux-amd64.xz" -O ~/"gitea/gitea-$VERS-linux-amd64.xz"
+    wget "https://dl.gitea.io/gitea/$VERSION/gitea-$VERSION-linux-amd64.xz" -O ~/"gitea/gitea-$VERSION-linux-amd64.xz"
 fi
-if [ ! -f ~/"gitea/gitea-$VERS-linux-amd64.xz.asc" ]; then
+if [ ! -f ~/"gitea/gitea-$VERSION-linux-amd64.xz.asc" ]; then
-    wget "https://dl.gitea.io/gitea/$VERS/gitea-$VERS-linux-amd64.xz.asc" -O ~/"gitea/gitea-$VERS-linux-amd64.xz.asc"
+    wget "https://dl.gitea.io/gitea/$VERSION/gitea-$VERSION-linux-amd64.xz.asc" -O ~/"gitea/gitea-$VERSION-linux-amd64.xz.asc"
 fi
 
-gpg --verify ~/"gitea/gitea-$VERS-linux-amd64.xz.asc" ~/"gitea/gitea-$VERS-linux-amd64.xz"
+gpg --verify ~/"gitea/gitea-$VERSION-linux-amd64.xz.asc" ~/"gitea/gitea-$VERSION-linux-amd64.xz"
 
-cp -a ~/"gitea/gitea-$VERS-linux-amd64.xz" .
+cp -a ~/"gitea/gitea-$VERSION-linux-amd64.xz" .
-xz -d "gitea-$VERS-linux-amd64.xz"
+xz -d "gitea-$VERSION-linux-amd64.xz"
-mv "gitea-$VERS-linux-amd64" "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/bin/gitea"
+mv "gitea-$VERSION-linux-amd64" "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/bin/gitea"
 chmod +x "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/bin/gitea"

seed/applicationservice/2022.03.08/host-systemd-machined/dictionaries/21-machined.xml

@@ -2,8 +2,6 @@
 <rougail version="0.10">
   <services>
     <service name="systemd-machined">
-      <file>/etc/systemd/system/risotto-images.service</file>
-      <file>/etc/systemd/system/risotto-images.timer</file>
       <file>/etc/systemd/network/80-container-vz.network</file>
       <file file_type="variable" source="70-container.network" variable="zone_name">systemd_zone_filename</file>
       <file file_type="variable" source="70-container.netdev" variable="zone_name">systemd_netzone_filename</file>

seed/applicationservice/2022.03.08/host-systemd-machined/templates/risotto-images.service

@@ -1,12 +0,0 @@
-[Unit]
-Description=Daily images update activities
-After=network.target local-fs.target systemd-logind.service
-
-[Service]
-Type=oneshot
-WorkingDirectory=%%host_install_dir
-ExecStart=%%host_install_dir/install_images %%host_name
-ExecStart=%%host_install_dir/install_machines %%host_name
-
-[Install]
-WantedBy=multi-user.target

seed/applicationservice/2022.03.08/host-systemd-machined/templates/risotto-images.timer

@@ -1,9 +0,0 @@
-[Unit]
-Description=Daily images update activities
-
-[Timer]
-OnCalendar=*-*-* 5:00
-Persistent=true
-
-[Install]
-WantedBy=timers.target

seed/applicationservice/2022.03.08/ldap-client/dictionaries/21_ldap-client.xml

@@ -12,7 +12,7 @@
   <variables>
     <family name="annuaire">
       <variable name='ldap_server_address' type='domainname' description="Nom DNS du serveur LDAP" mandatory='True'/>
-      <variable name='ldapclient_family' type='unix_user' description="Nom de la famille LDAP"/>
+      <variable name='ldapclient_family' type='unix_user' description="L'arbre LDAP est de type famille"/>
       <variable name='ldapclient_remote_user' type='string' description="DN de l'tilisateur distant" mandatory='True' hidden="True"/>
       <variable name='ldapclient_remote_user_password' type='password' description="Mot de passe de l'utilisateur distant" mandatory='True' hidden="True"/>
       <variable name='ldap_base_dn' type='string' description="Base DN de l'annuaire" mandatory="True" test="dc=test,o=fr"/>

seed/applicationservice/2022.03.08/lemonldap/templates/lmConf-1.json

@@ -13,7 +13,7 @@ commentStartToken = §
    "ldapPpolicyControl" : 1,
    "ldapAllowResetExpiredPassword" : 1,
    "ldapChangePasswordAsUser" : 1,
-   "ldapBase" : "%%calc_ldapclient_base_dn(%%ldap_base_dn, None, accounts=True)",
+   "ldapBase" : "%%ldapclient_base_dn",
    "ldapExportedVars" : {
       "uid" : "uid",
       "cn" : "cn",

seed/applicationservice/2022.03.08/letsencrypt/funcs/letsencrypt.py

@@ -53,7 +53,7 @@ def letsencrypt_certif(domain: str,
                     ]
         ret = _run(cli_args, capture_output=True)
         if ret.returncode != 0:
-            raise ValueError(ret.stderr.decode())
+            raise ValueError(ret.stderr)
         print("Done")
     with open(date_file, 'w') as fh:
         fh.write(today)

seed/applicationservice/2022.03.08/mailman/dictionaries/31_mailman.xml

@@ -60,7 +60,7 @@
       <target>postorius_secret_key</target>
     </fill>
     <fill name="calc_oauth2_client_external">
-      <param type="variable">revprox_client_external_domainnames</param>
+      <param type="variable">revprox_client_external_domainname</param>
       <param type="variable">revprox_client_location</param>
       <param>/accounts/risotto/login/</param>
       <target>oauth2_client_external</target>

seed/applicationservice/2022.03.08/nextcloud/dictionaries/31_nextcloud.xml

@@ -65,7 +65,7 @@
       <target>nextcloud_instance_id</target>
     </fill>
     <fill name="calc_value">
-      <param type="variable">revprox_client_external_domainnames</param>
+      <param type="variable">revprox_client_external_domainname</param>
       <target>nextcloud_well_known_server</target>
     </fill>
     <check name="set_linked_multi_variables">

seed/applicationservice/2022.03.08/nginx-reverse-proxy/doc.md

@@ -3,6 +3,6 @@ Providers
 
 - revprox_clients : nom de domaine des serveurs HTTPS accessible derrière le serveur mandataire inverse, cette variable est une variable meneuse, les variables suivantes sont des suiveuses.
 - revprox_location : nom du répertoire diffusé sur le client
-- revprox_url : quelque chose comme https://domain/location (cette variable est multiple)
+- revprox_url : quelque chose comme https://domain/location
 - revprox_is_websocket : les URL sont de type websocket
 - revprox_max_body_size : taille maximal du coprs de la requête

seed/applicationservice/2022.03.08/oauth2-client/dictionaries/30_oauth2_client.xml

@@ -8,8 +8,8 @@
       </variable>
       <variable name="oauth2_client_name" description="OAuth2 client name" mandatory='True'/>
       <variable name="oauth2_client_description" description="OAuth2 client description" mandatory='True'/>
-      <variable name="oauth2_client_login" type="web_address" description="OAuth2 URL to valid login" multi="True"/>
+      <variable name="oauth2_client_login" type="web_address" description="OAuth2 URL to valid login"/>
-      <variable name="oauth2_client_external" type="web_address" description="OAuth2 client external" mandatory='True' multi="True"/>
+      <variable name="oauth2_client_external" type="web_address" description="OAuth2 client external" mandatory='True'/>
       <variable name="oauth2_client_category" description="OAuth2 category" mandatory='True'>
         <value>Défaut</value>
       </variable>
@@ -87,7 +87,7 @@
       <target>oauth2_client_token_signature_algo</target>
     </check>
     <fill name="calc_oauth2_client_external">
-      <param type="variable" optional="True">revprox_client_external_domainnames</param>
+      <param type="variable" optional="True">revprox_client_external_domainname</param>
       <param type="variable" optional="True">revprox_client_location</param>
       <target>oauth2_client_external</target>
     </fill>

seed/applicationservice/2022.03.08/openldap/DEBUG.md

@@ -1,13 +1,9 @@
 # DEBUG
 
-systemctl stop slapd
-usr/sbin/slapd -u ldap -h ldaps:/// -d 256
-
-
 Search with admin user:
 
 ```
-ldapsearch -D cn=admin,ou=in,o=gnunux,o=info -y /usr/local/lib/secrets/admin_ldap.pwd -b ou=accounts,ou=in,o=gnunux,o=info
+ldapsearch -D cn=admin,ou=in,o=gnunux,o=info -y /usr/local/lib/secrets/admin_ldap.pwd -b ou=users,ou=in,o=gnunux,o=info
 ```
 
 Search with nexcloud admin user:

seed/applicationservice/2022.03.08/openldap/dictionaries/21_openldap-server.xml

@@ -32,7 +32,6 @@
           <value>uid</value>
           <value>cn</value>
           <value>sn</value>
-          <!--value>mailLocalAddress</value-->
           <value>givenName</value>
           <value>mail</value>
           <value>entryCSN</value>
@@ -49,7 +48,6 @@
         <value>/etc/openldap/schema/cosine.ldif</value>
         <value>/etc/openldap/schema/inetorgperson.ldif</value>
         <value>/etc/openldap/schema/nis.ldif</value>
-        <value>/etc/openldap/schema/misc.ldif</value>
       </variable>
       <variable name='ldap_loglevel' type='number' description='Niveau de log' mode="expert">
         <value>0</value>

seed/applicationservice/2022.03.08/openldap/extras/accounts/00_account.xml

@@ -14,7 +14,7 @@
     </family>
     <family name="users" description="Gestion des utilisateurs" leadership="True">
       <variable name='ldap_user_mail' type="mail" description="Adresse courriel du compte" multi="True"/>
-      <variable name='ldap_user_aliases' type="mail" description="Aliases du mail" multi="True"/>
+      <variable name='ldap_user_aliases' type="mail" description="Aliases du mail" multi="True"/> <!-- FIXME -->
       <variable name='ldap_user_uid' type="unix_user" description="Nom de compte" mandatory="True"/>
       <variable name='ldap_user_sn' type="string" description="Prénom" mandatory="True"/>
       <variable name='ldap_user_gn' type="string" description="Nom de famille" mandatory="True"/>
@@ -24,7 +24,7 @@
     <family name="family_" description="Gestion de la famille " dynamic="accounts.families">
       <family name="users_" description="Gestion des utilisateurs" leadership="True">
         <variable name='ldap_user_mail_' type="mail" description="Adresse courriel du compte" multi="True"/>
-        <variable name='ldap_user_aliases_' type="mail" description="Aliases du mail" multi="True"/>
+        <variable name='ldap_user_aliases_' type="mail" description="Aliases du mail" multi="True"/> <!-- FIXME -->
         <variable name='ldap_user_uid_' type="unix_user" description="Nom de compte" mandatory="True"/>
         <variable name='ldap_user_sn_' type="string" description="Prénom" mandatory="True"/>
         <variable name='ldap_user_gn_' type="string" description="Nom de famille" mandatory="True"/>

seed/applicationservice/2022.03.08/openldap/templates/users.ldif

@@ -44,18 +44,11 @@ givenName: %%user.ldap_user_gn
 uid: %%user.ldap_user_uid
 userPassword:: %%ssha_encode(%%user.ldap_user_password)
 homeDirectory: /srv/home/users/%%user
-mailLocalAddress: %%user
-  %if %%user.ldap_user_aliases
-    %for %%alias in %%user.ldap_user_aliases
-mailLocalAddress: %%alias
-    %end for
-  %end if
 uidNumber: 0
 gidNumber: 0
 objectClass: top
 objectClass: inetOrgPerson
 objectClass: posixAccount
-objectClass: inetLocalMailRecipient
 
 %end for
 ## Families
@@ -80,18 +73,11 @@ givenName: %%user['ldap_user_gn_' + %%family]
 uid: %%user['ldap_user_uid_' + %%family]
 userPassword:: %%ssha_encode(%%user['ldap_user_password_' + %%family])
 homeDirectory: /srv/home/families/%%family/%%user
-mailLocalAddress: %%user
-    %if %%user['ldap_user_aliases_' + %%family]
-      %for %%alias in %%user['ldap_user_aliases_' + %%family]
-mailLocalAddress: %%alias
-      %end for
-    %end if
 uidNumber: 0
 gidNumber: 0
 objectClass: top
 objectClass: inetOrgPerson
 objectClass: posixAccount
-objectClass: inetLocalMailRecipient
 
   %end for
 %end for

seed/applicationservice/2022.03.08/openldap/templates/users_mod.ldif

@@ -7,39 +7,22 @@ replace: userPassword
 userPassword:: %%ssha_encode(%%accounts['remote_' + %%name]['password_' + %%name])
 
 %end for
-# Users
+## Users
-%set %%users = %%calc_ldapclient_base_dn(%%ldap_base_dn, '')
+#%set %%users = %%calc_ldapclient_base_dn(%%ldap_base_dn, '')
-%for %%user in %%accounts.users.ldap_user_mail
+#%for %%user in %%accounts.users.ldap_user_mail
-dn: cn=%%user,%%users
+#dn: cn=%%user,%%users
-changetype: modify
+#changetype: modify
-#add: objectClass
+#replace: homeDirectory
-#objectClass: inetLocalMailRecipient
+#homeDirectory: /srv/home/users/%%user
-#-
+#
-replace: mailLocalAddress
+#%end for
-mailLocalAddress: %%user
+## Families
-  %if %%user.ldap_user_aliases
+#%for %%family in %%accounts.families
-    %for %%alias in %%user.ldap_user_aliases
+#  %set %%families = %%calc_ldapclient_base_dn(%%ldap_base_dn, %%family)
-mailLocalAddress: %%alias
+#  %for %%user in %%accounts['family_' + %%family]['users_' + %%family]['ldap_user_mail_' + %%family]
-    %end for
+#dn: cn=%%user,%%families
-  %end if
+#replace: homeDirectory
-
+#homeDirectory: /srv/home/families/%%family/%%user
-%end for
+#
-# Families
+#  %end for
-%for %%family in %%accounts.families
+#%end for
-  %set %%families = %%calc_ldapclient_base_dn(%%ldap_base_dn, %%family)
-  %for %%user in %%accounts['family_' + %%family]['users_' + %%family]['ldap_user_mail_' + %%family]
-dn: cn=%%user,%%families
-changetype: modify
-#add: objectClass
-#objectClass: inetLocalMailRecipient
-#-
-replace: mailLocalAddress
-mailLocalAddress: %%user
-    %if %%user['ldap_user_aliases_' + %%family]
-      %for %%alias in %%user['ldap_user_aliases_' + %%family]
-mailLocalAddress: %%alias
-      %end for
-    %end if
-
-  %end for
-%end for

seed/applicationservice/2022.03.08/peertube/dictionaries/30_peertube.xml

@@ -51,7 +51,7 @@
   </variables>
   <constraints>
     <fill name="calc_oauth2_client_external">
-      <param type="variable">revprox_client_external_domainnames</param>
+      <param type="variable">revprox_client_external_domainname</param>
       <param type="variable">revprox_client_location</param>
       <param>plugins/auth-openid-connect/0.0.7/auth/openid-connect</param>
       <target>oauth2_client_external</target>

seed/applicationservice/2022.03.08/pleroma/dictionaries/30_peertube.xml

@@ -51,7 +51,7 @@
   </variables>
   <constraints>
     <fill name="calc_oauth2_client_external">
-      <param type="variable">revprox_client_external_domainnames</param>
+      <param type="variable">revprox_client_external_domainname</param>
       <param type="variable">revprox_client_location</param>
       <param>plugins/auth-openid-connect/0.0.7/auth/openid-connect</param>
       <target>oauth2_client_external</target>

seed/applicationservice/2022.03.08/postfix-relay/templates/opendmarc.conf

@@ -319,7 +319,7 @@ IgnoreAuthenticatedClients true
 #
 # RejectFailures false
 #>GNUNUX
-#FIXME RejectFailures true
+RejectFailures true
 #<GNUNUX
 
 ##  RejectMultiValueFrom { true | false }

seed/applicationservice/2022.03.08/reverse-proxy-client/dictionaries/21_nginx_client.xml

@@ -10,8 +10,7 @@
     <family name="nginx" description="Reverse proxy">
       <variable name="revprox_client_server_domainname" type="domainname" description="Nom de domaine du serveur mandataire inverse" mandatory='True'/>
       <variable name="revprox_client_server_ip" type="ip" hidden='True'/>
-      <variable name="revprox_client_external_domainnames" type="domainname" description="Nom de domaine exterieur du serveur" mandatory='True' multi="True"/>
+      <variable name="revprox_client_external_domainname" type="domainname" description="Nom de domaine exterieur du serveur" mandatory='True' provider="external_domainname"/>
-      <variable name="revprox_client_external_domainname" type="domainname" provider="external_domainname" hidden="True"/>
       <family name="revprox_client" description="Point d'entré des clients" leadership="True">
         <variable name="revprox_client_location" type="filename" description="Nom de l'arborescence racine du site" mandatory="True" multi="True">
           <value>/</value>
@@ -37,10 +36,6 @@
     </family>
   </variables>
   <constraints>
-    <fill name="get_first_value">
-      <param type="variable">revprox_client_external_domainnames</param>
-      <target>revprox_client_external_domainname</target>
-    </fill>
     <fill name="calc_web_address">
       <param type="variable">domain_name_eth0</param>
       <param type="variable">revprox_client_port</param>
@@ -59,23 +54,43 @@
       <param name="join">/</param>
       <target>revprox_key_file</target>
     </fill>
-    <fill name="set_linked_multi_variables">
+    <fill name="set_linked">
-      <param type="variable">revprox_client_server_domainname</param>
+      <param name="linked_server" type="variable">revprox_client_server_domainname</param>
-      <param name="linked_provider_0">revprox_clients</param>
+      <param name="linked_provider">revprox_clients</param>
-      <param name="linked_value_0" type="variable">revprox_client_external_domainnames</param>
+      <param name="linked_value" type="variable">revprox_client_external_domainname</param>
-      <param name="linked_provider_1">revprox_location</param>
+      <param name="linked_returns">ip</param>
-      <param name="linked_value_1" type="variable">revprox_client_location</param>
+      <param name="dynamic">0</param>
-      <param name="linked_provider_2">revprox_is_websocket</param>
-      <param name="linked_value_2" type="variable">revprox_client_is_websocket</param>
-      <param name="linked_provider_3">revprox_max_body_size</param>
-      <param name="linked_value_3" type="variable">revprox_client_max_body_size</param>
-      <param name="linked_provider_4">revprox_url</param>
-      <param name="linked_value_4" type="variable">revprox_client_web_address</param>
       <target>revprox_client_server_ip</target>
     </fill>
-    <!--fill name="get_ip_from_domain">
+    <check name="set_linked_configuration">
-      <param type="variable">revprox_client_server_domainname</param>
+      <param name="linked_server" type="variable">revprox_client_server_domainname</param>
-      <target>revprox_client_server_ip</target>
+      <param name="linked_provider">revprox_location</param>
-    </fill-->
+      <param name="dynamic" type="variable">revprox_client_external_domainname</param>
+      <target>revprox_client_location</target>
+    </check>
+    <check name="set_linked_configuration">
+      <param name="linked_server" type="variable">revprox_client_server_domainname</param>
+      <param name="linked_provider">revprox_is_websocket</param>
+      <param name="dynamic" type="variable">revprox_client_external_domainname</param>
+      <param name="leader_provider">revprox_location</param>
+      <param name="leader_value" type="variable">revprox_client_location</param>
+      <target>revprox_client_is_websocket</target>
+    </check>
+    <check name="set_linked_configuration">
+      <param name="linked_server" type="variable">revprox_client_server_domainname</param>
+      <param name="linked_provider">revprox_max_body_size</param>
+      <param name="dynamic" type="variable">revprox_client_external_domainname</param>
+      <param name="leader_provider">revprox_location</param>
+      <param name="leader_value" type="variable">revprox_client_location</param>
+      <target>revprox_client_max_body_size</target>
+    </check>
+    <check name="set_linked_configuration">
+      <param name="linked_server" type="variable">revprox_client_server_domainname</param>
+      <param name="linked_provider">revprox_url</param>
+      <param name="leader_provider">revprox_location</param>
+      <param name="leader_value" type="variable">revprox_client_location</param>
+      <param name="dynamic" type="variable">revprox_client_external_domainname</param>
+      <target>revprox_client_web_address</target>
+    </check>
   </constraints>
 </rougail>

seed/applicationservice/2022.03.08/reverse-proxy-client/funcs/revprox_client.py

@@ -7,8 +7,3 @@ def calc_web_address(domain_name: str, port: str, local_location: str) -> str:
     if local_location:
         web_address += local_location
     return web_address
-
-
-def get_first_value(lst: list):
-    if lst:
-        return lst[0]

seed/applicationservice/2022.03.08/roundcube/dictionaries/31_roundcube.xml

@@ -14,6 +14,10 @@
   <variables>
     <family name="roundcube" description="Interface web de consultation des courriels Roundcube">
       <variable name="roundcube_des_key" type="secret" auto_freeze="True" hidden="True"/>
+      <family name="domaines" description="Noms de domaine extérieur" leadership="True">
+        <variable name="revprox_client_external_domainnames" multi="True" description="Nom de domaine"/>
+	<variable name="ldap_family" description="Nom de la famille LDAP"/>
+      </family>
     </family>
     <family name="oauth2_client">
       <variable name="oauth2_is_client_application" redefine='True'>
@@ -34,6 +38,7 @@
       <variable name="oauth2_client_external" redefine="True" multi='True'/>
     </family>
     <family name="nginx">
+      <variable name="revprox_client_external_domainname" redefine="True" mandatory="False" hidden="True"/>
       <variable name="nginx_root" redefine="True">
         <value>/usr/share/roundcubemail/</value>
       </variable>
@@ -50,5 +55,18 @@
       <param name="type">cleartext</param>
       <target>roundcube_des_key</target>
     </fill>
+    <fill name="calc_oauth2_client_external">
+      <param type="variable" optional="True">revprox_client_external_domainnames</param>
+      <param type="variable" optional="True">revprox_client_location</param>
+      <param>index.php/login/oauth</param>
+      <target>oauth2_client_external</target>
+    </fill>
+    <check name="set_linked_configuration">
+      <param name="linked_value">all</param>
+      <param name="linked_server" type="variable">ldap_server_address</param>
+      <param name="linked_provider">client_family</param>
+      <param name="dynamic" type="variable">domain_name_eth0</param>
+      <target>ldap_family</target>
+    </check>
   </constraints>
 </rougail>

seed/applicationservice/2022.03.08/vaultwarden/dictionaries/40_vaultwarden.xml

@@ -35,11 +35,6 @@
         <value>Vaultwarden</value>
       </variable>
     </family>
-    <family name="postgresql" description="PostgreSQL">
-      <variable name="pg_client_key_owner" redefine="True">
-        <value>vaultwarden</value>
-      </variable>
-    </family>
   </variables>
   <constraints>
     <fill name="get_password">

seed/applicationservice/2022.03.08/vaultwarden/templates/vaultwarden_config.env

@@ -20,7 +20,7 @@ DATA_FOLDER=/srv/vaultwarden
 ## - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING
 # DATABASE_URL=postgresql://user:password@host[:port]/database_name
 #>GNUNUX
-DATABASE_URL=postgresql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database?sslmode=verify-full&sslcert=/etc/pki/tls/certs/postgresql.crt&sslkey=/etc/pki/tls/private/postgresql.key&sslrootcert=/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt
+DATABASE_URL=postgresql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database?sslmode=verify-full
 #<GNUNUX
 
 ## Database max connections