gnunux/dataset
1
0
Fork 0
forked from stove/dataset
Code Issues Pull requests Projects Releases Wiki Activity

Compare commits

base: gnunux:856607fc5291ae2d3d9e8889e2aa0f2fa22f1a85
Branches Tags
gnunux:main
gnunux:develop
stove:main
...
compare: gnunux:8bff1ca5ac08e4301291e4297d06d2b7ed674b7d
Branches Tags
gnunux:main
gnunux:develop
stove:main

14 commits
856607fc52 ... 8bff1ca5ac

Author SHA1 Message Date
Emmanuel Garette
8bff1ca5ac add speedtest-rs 2022-10-17 18:41:34 +02:00
Emmanuel Garette
d0d49bdccc postgresql client: list table, not database 2022-10-17 18:41:06 +02:00
Emmanuel Garette
1b72abb549 reverse-proxy-client must include reverse proxy CA 2022-10-17 18:40:07 +02:00
Emmanuel Garette
0541fb67d6 php-fpm not only in fedora 35 2022-10-17 18:36:27 +02:00
Emmanuel Garette
0bb87bdaf9 do not starts old machines 2022-10-17 18:35:57 +02:00
Emmanuel Garette
e51e4b482b apache not only in fedora 35 2022-10-17 18:35:09 +02:00
Emmanuel Garette
a716f0cc47 update nextcloud 2022-10-17 18:33:01 +02:00
Emmanuel Garette
67ff08b47d update module path 2022-10-17 18:28:22 +02:00
Emmanuel Garette
cfac2651b2 start vaultwarden after risotto.target 2022-10-17 18:24:00 +02:00
Emmanuel Garette
629ee5b548 update module path 2022-10-17 18:21:41 +02:00
Emmanuel Garette
381aada804 systemd: debug 2022-10-17 18:20:45 +02:00
Emmanuel Garette
1c57c980d3 debian: systemd-networkd after tmpfile.d 2022-10-17 18:20:09 +02:00
Emmanuel Garette
bb51db3e0a redis-client: add service to wait redis 2022-10-17 18:18:58 +02:00
Emmanuel Garette
8b3bcd14a1 upgrade peertube 2022-10-17 18:17:28 +02:00
42 changed files with 695 additions and 110 deletions
Show stats Expand all files Collapse all files

1
seed/apache/applicationservice.yml
View file

@ -1,5 +1,4 @@
format: '0.1'
description: Apache configuration
depends:
- base-fedora-35
- reverse-proxy-client

1
seed/apache/dictionaries/20_web.xml
View file

@ -2,7 +2,6 @@
<rougail version="0.10">
<services>
<service name="httpd" target="multi-user">
<file>/etc/pki/ca-trust/source/anchors/ca_InternalReverseProxy.crt</file>
<file>/etc/httpd/conf/httpd.conf</file>
<file>/etc/httpd/conf.d/risotto.conf</file>
<file>/etc/httpd/conf.d/ssl.conf</file>

3
seed/base-debian/dictionaries/11-debian-base.xml
View file

@ -1,6 +1,9 @@
<?xml version="1.0" encoding="utf-8"?>
<rougail version="0.10">
<services>
<service name="systemd-networkd">
<override/>
</service>
<service name="debian" manage="False">
<file engine="none" source="tmpfile-tmp.conf">/tmpfiles.d/0tmp.conf</file>
<file engine="none">/etc/default/locale</file>

2
seed/base-debian/templates/systemd-networkd.service Normal file
View file

@ -0,0 +1,2 @@
[Unit]
After=systemd-tmpfiles-setup.service

6
seed/base-machine/funcs/funcs.py
View file

@ -2,14 +2,14 @@ import __main__
from secrets import token_urlsafe as _token_urlsafe, token_hex as _token_hex
from string import ascii_letters as _ascii_letters
from random import choice as _choice
from os.path import dirname as _dirname, abspath as _abspath, join as _join, isfile as _isfile, isdir as _isdir
from os import makedirs as _makedirs
from os.path import join as _join, isfile as _isfile, isdir as _isdir
from os import makedirs as _makedirs, environ as _environ
#from risotto.utils import ZONES_SERVER
_HERE = _dirname(_dirname(_abspath(__main__.__file__)))
_HERE = _environ['PWD']
_PASSWORD_DIR = _join(_HERE, 'password')

6
seed/gitea/dictionaries/31_gitea.xml
View file

@ -2,7 +2,6 @@
<rougail version="0.10">
<services>
<service name="gitea" target="multi-user" engine="creole">
<file>/etc/pki/ca-trust/source/anchors/ca_InternalReverseProxy.crt</file>
<file engine="none" source="sysuser-gitea.conf">/sysusers.d/0gitea.conf</file>
<file engine="none" source="tmpfile-gitea.conf">/tmpfiles.d/0gitea.conf</file>
<file>/etc/gitea/app.ini</file>
@ -15,6 +14,11 @@
<value>2222</value>
</variable>
</family>
<family name="redis" description="Redis">
<variable name="redis_client_key_owner" redefine="True">
<value>gitea</value>
</variable>
</family>
<family name="gitea" description="Gitea" help="Git forge Gitea">
<variable name="gitea_title" mandatory="True" description="Titre de la forge">
<value>Gitea: Git avec une tasse de thé</value>

1
seed/host-systemd-machined/templates/0asystemd-nspawn.conf
View file

@ -2,5 +2,6 @@ D /usr/local/lib/sbin/ 0755 root root - -
D /etc/systemd/nspawn/ 0755 root root - -
D /etc/systemd/network/ 0755 root root - -
D /usr/local/lib/systemd/system/ 0755 root root - -
D /etc/systemd/system/machines.target.wants/ 0755 root root - -
d /var/lib/risotto/configurations/ 0755 root root - -
r /etc/network/interfaces - - - - -

1
seed/ldap-client/templates/ldap-client.service
View file

@ -5,4 +5,3 @@ Before=risotto.target
[Service]
Type=oneshot
ExecStart=/usr/bin/timeout 90 bash -c 'while ! 3<> /dev/tcp/%%ldap_server_address/%%ldap_port; do sleep 1; done'

8
seed/letsencrypt/funcs/letsencrypt.py
View file

@ -1,14 +1,12 @@
import __main__
from subprocess import run as _run
from os.path import dirname as _dirname, abspath as _abspath, join as _join, isfile as _isfile, isdir as _isdir
from os.path import join as _join, isfile as _isfile, isdir as _isdir
from datetime import datetime as _datetime
from shutil import copyfile as _copyfile
from os import makedirs as _makedirs
from os import makedirs as _makedirs, environ as _environ
_HERE = _dirname(_abspath(__main__.__file__))
_HERE = '/home/gnunux/git/risotto/risotto'
_HERE = _environ['PWD']
_LE_DIR = _join(_HERE, 'pki', 'letsencrypt')
_X509_DIR = _join(_HERE, 'pki', 'x509')

2
seed/nextcloud/applicationservice.yml
View file

@ -1,7 +1,7 @@
format: '0.1'
description: Nextcloud
depends:
- base-fedora-35
- base-fedora-36
- postgresql-client
- ldap-client-fedora
- redis-client

6
seed/nextcloud/templates/nextcloud-config.php
View file

@ -52,8 +52,8 @@ $CONFIG = array (
'maintenance' => false,
'appstoreenabled' => false,
'appcodechecker' => false,
'memcache.distributed' => '\\OC\\Memcache\\Redis',
'memcache.locking' => '\\OC\\Memcache\\Redis',
# 'memcache.distributed' => '\\OC\\Memcache\\Redis',
# 'memcache.locking' => '\\OC\\Memcache\\Redis',
'trusted_proxies' => '%%revprox_client_server_ip',
'overwritehost' => '%%revprox_client_external_domainnames[0]',
'filelocking.enabled' => true,
@ -69,7 +69,7 @@ $CONFIG = array (
'local_cert' => '/etc/pki/tls/certs/redis.crt',
'local_pk' => '/etc/pki/tls/private/redis.key',
'cafile' => '/etc/pki/ca-trust/source/anchors/ca_Redis.crt',
)
),
),
'default_phone_region' => 'FR',
# OIDC login

11
seed/nextcloud/templates/nextcloud.init
View file

@ -1,11 +1,15 @@
%echo "#!/bin/bash -ex"
if [ ! -f /srv/nextcloud/keys/secret.txt ]; then
sed -i "s/'config_is_read_only' => true,/'config_is_read_only' => false,/g" /etc/nextcloud/config.php
/usr/bin/php /usr/share/nextcloud/occ maintenance:install --no-interaction --data-dir /srv/nextcloud/data/ --database "pgsql" --database-host "%%pg_client_server_domainname" --database-name "%%pg_client_database" --database-user "%%pg_client_username" --database-pass "%%pg_client_password" --admin-user "admin" --admin-pass "%%nextcloud_admin_password"
sed -i "s/'config_is_read_only' => false,/'config_is_read_only' => true,/g" /etc/nextcloud/config.php
umask 027
/usr/bin/php /usr/share/nextcloud/occ --no-warnings config:system:get passwordsalt > /srv/nextcloud/keys/passwordsalt.txt
/usr/bin/php /usr/share/nextcloud/occ --no-warnings config:system:get secret > /srv/nextcloud/keys/secret.txt
/usr/bin/php /usr/share/nextcloud/occ --no-warnings config:system:get version > /srv/nextcloud/keys/version.txt
VERSION=$(/usr/bin/php /usr/share/nextcloud/occ --no-warnings config:system:get version)
if ! echo "$VERSION"|grep -E '^[0-9][0-9.]*$'; then echo "unknown version: $VERSION"; exit 1; fi
echo $VERSION > /srv/nextcloud/keys/version.txt
/usr/bin/php /usr/share/nextcloud/occ app:enable user_ldap -q
/usr/bin/php /usr/share/nextcloud/occ ldap:create-empty-config -q
@ -15,11 +19,14 @@ else
sed -i "s'{{VERSION}}'$(cat /srv/nextcloud/keys/version.txt)'g" /etc/nextcloud/config.php
sed -i "s/'installed' => false,/'installed' => true,/g" /etc/nextcloud/config.php
# Upgrade
cp -f /etc/nextcloud/config.php /srv/nextcloud/keys/config.ORI.php
sha256sum /etc/nextcloud/config.php > /tmp/sha
sed -i "s/'config_is_read_only' => true,/'config_is_read_only' => false,/g" /etc/nextcloud/config.php
/usr/bin/php /usr/share/nextcloud/occ upgrade || true
sed -i "s/'config_is_read_only' => false,/'config_is_read_only' => true,/g" /etc/nextcloud/config.php
/usr/bin/php /usr/share/nextcloud/occ --no-warnings config:system:get version > /srv/nextcloud/keys/version.txt
VERSION=$(/usr/bin/php /usr/share/nextcloud/occ --no-warnings config:system:get version)
if ! echo "$VERSION"|grep -E '^[0-9][0-9.]*$'; then echo "unknown version: $VERSION"; exit 1; fi
echo $VERSION > /srv/nextcloud/keys/version.txt
## if file is modified, copy upgraded version
sha256sum -c /tmp/sha || cp -a /etc/nextcloud/config.php /srv/nextcloud/keys/config.UPGRADED.php
# Configure LDAP

1
seed/nginx-common/dictionaries/21_nginx.xml
View file

@ -10,7 +10,6 @@
<file>/var/www/html/error.html</file>
<file engine="none" source="sysusers.nginx.conf" filelist="nginx_fedora">/sysusers.d/nginx.conf</file>
<file source="tmpfiles.nginx.conf">/tmpfiles.d/nginx.conf</file>
<file file_type="variable" source="ca_InternalReverseProxy.crt">revprox_ca_file</file>
<file file_type="variable" filelist="nginx_default_https" mode="600" source="nginx.crt">revprox_crt_file</file>
<file file_type="variable" filelist="nginx_default_https" mode="600" source="nginx.key">revprox_key_file</file>
<file>/tests/nginx-common.yml</file>

1
seed/nginx-reverse-proxy/dictionaries/20_nginx.xml
View file

@ -3,6 +3,7 @@
<services>
<service name='nginx'>
<file>/etc/pki/ca-trust/source/anchors/ca_HTTP.crt</file>
<file file_type="variable" source="ca_InternalReverseProxy.crt">revprox_ca_file</file>
</service>
</services>
</rougail>

6
seed/openldap/funcs/ldap.py
View file

@ -1,12 +1,12 @@
import __main__
from os import urandom as _urandom
from os import urandom as _urandom, environ as _environ
from hashlib import sha1 as _sha1
from base64 import encodebytes as _encodebytes, b64encode as _b64encode
from json import load as _load, dump as _dump
from os.path import dirname as _dirname, abspath as _abspath, join as _join, isfile as _isfile
from os.path import join as _join, isfile as _isfile
_HERE = _dirname(_dirname(_abspath(__main__.__file__)))
_HERE = _environ['PWD']
_SSHA_PASSWORD_DIR = _join(_HERE, 'password', 'ssha.json')

7
seed/peertube/UPGRADE.md Normal file
View file

@ -0,0 +1,7 @@
peertube-plugin-auth-openid-connect
===================================
Modify version in:
- peertube/manual/image/postinstall/peertube.sh
- peertube/templates/peertube.service
- peertube/dictionaries/30_peertube.xml

2
seed/peertube/dictionaries/30_peertube.xml
View file

@ -63,7 +63,7 @@
<fill name="calc_oauth2_client_external">
<param type="variable">revprox_client_external_domainnames</param>
<param type="variable">revprox_client_location</param>
<param>plugins/auth-openid-connect/0.0.7/auth/openid-connect</param>
<param>plugins/auth-openid-connect/0.1.0/auth/openid-connect</param>
<target>oauth2_client_external</target>
</fill>
<fill name="calc_value">

60
seed/peertube/manual/image/postinstall/peertube.patch
View file

@ -1,60 +0,0 @@
--- peertube_plugins/node_modules/peertube-plugin-auth-openid-connect/main.js
+++ peertube_plugins/node_modules/peertube-plugin-auth-openid-connect/main.js
@@ -110,6 +110,14 @@ async function register ({
descriptionHTML: 'Will only allow login for users whose group array contains this group'
})
+ registerSetting({
+ name: 'signature-algorithm',
+ label: 'Token signature algorithm',
+ type: 'input',
+ private: true,
+ default: 'RS256'
+ })
+
const router = getRouter()
router.use('/code-cb', (req, res) => handleCb(peertubeHelpers, settingsManager, req, res))
@@ -159,7 +167,8 @@ async function loadSettingsAndCreateClient (registerExternalAuth, unregisterExte
'scope',
'discover-url',
'client-id',
- 'client-secret'
+ 'client-secret',
+ 'signature-algorithm'
])
if (!settings['discover-url']) {
@@ -188,6 +197,8 @@ async function loadSettingsAndCreateClient (registerExternalAuth, unregisterExte
} else {
clientOptions.token_endpoint_auth_method = 'none'
}
+ clientOptions.id_token_signed_response_alg = settings['signature-algorithm']
+ clientOptions.authorization_signed_response_alg = settings['signature-algorithm']
store.client = new issuer.Client(clientOptions)
--- peertube/dist/server/helpers/custom-validators/activitypub/actor.js.ori 2022-04-06 13:58:17.752681849 +0000
+++ peertube/dist/server/helpers/custom-validators/activitypub/actor.js 2022-04-06 13:58:22.268682531 +0000
@@ -43,8 +43,8 @@
function isActorPrivateKeyValid(privateKey) {
return (0, misc_1.exists)(privateKey) &&
typeof privateKey === 'string' &&
- privateKey.startsWith('-----BEGIN RSA PRIVATE KEY-----') &&
- privateKey.includes('-----END RSA PRIVATE KEY-----') &&
+ privateKey.startsWith('-----BEGIN PRIVATE KEY-----') &&
+ privateKey.includes('-----END PRIVATE KEY-----') &&
validator_1.default.isLength(privateKey, constants_1.CONSTRAINTS_FIELDS.ACTORS.PRIVATE_KEY);
}
exports.isActorPrivateKeyValid = isActorPrivateKeyValid;
--- peertube/node_modules/pem/lib/pem.js.ori 2022-04-06 13:59:36.232693763 +0000
+++ peertube/node_modules/pem/lib/pem.js 2022-04-06 13:59:48.916695687 +0000
@@ -74,7 +74,7 @@
params.push(keyBitsize)
- openssl.exec(params, 'RSA PRIVATE KEY', function (sslErr, key) {
+ openssl.exec(params, 'PRIVATE KEY', function (sslErr, key) {
function done (err) {
if (err) {
return callback(err)

4
seed/peertube/manual/image/postinstall/peertube.sh
View file

@ -8,7 +8,7 @@ echo "nameserver 9.9.9.9" > /etc/resolv.conf
PLUGINS_DIR=$PLUGINS_DIR
mkdir -p "\$PLUGINS_DIR"
cd "\$PLUGINS_DIR"
yarn add peertube-plugin-auth-openid-connect@0.0.7 --production
yarn add peertube-plugin-auth-openid-connect@0.1.0 --production
mkdir -p "\$PLUGINS_DIR/data/peertube-plugin-auth-openid-connect"
chown peertube: "\$PLUGINS_DIR/data"
chown peertube: "\$PLUGINS_DIR/data/peertube-plugin-auth-openid-connect"
@ -23,5 +23,5 @@ rmdir "$IMAGE_NAME_RISOTTO_IMAGE_DIR/proc/self/"
rm -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR/install.sh"
cd "$IMAGE_NAME_RISOTTO_IMAGE_DIR$PLUGINS_DIR/.."
patch -p0 < "$IMAGE_DIR_RECIPIENT_IMAGE/postinstall/peertube.patch"
#patch -p0 < "$IMAGE_DIR_RECIPIENT_IMAGE/postinstall/peertube.patch"
cd -

3
seed/peertube/manual/image/preinstall/peertube.sh
View file

@ -1,3 +1,4 @@
PKG="$PKG peertube yarnpkg"
PKG="$PKG peertube peertube-tools yarnpkg"
#PKG="$PKG peertube yarnpkg"
COPR="https://copr.fedorainfracloud.org/coprs/daftaupe/peertube/repo/fedora-36/daftaupe-peertube-fedora-36.repo"
FUSION=true

2
seed/peertube/templates/peertube.service
View file

@ -2,4 +2,4 @@
Environment=PGPASSFILE=/usr/local/lib/secrets/postgresql.pass
ExecStartPost=+/usr/bin/timeout 90 sh -c 'while ! /usr/bin/psql --set=sslmode=verify-full -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -c "SELECT * FROM plugin;"; do sleep 1; done'
ExecStartPost=+/usr/bin/psql --set=sslmode=verify-full -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -c "DELETE FROM plugin;"
ExecStartPost=+/usr/bin/psql --set=sslmode=verify-full -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -c "INSERT INTO plugin (name, type, version, enabled, uninstalled, \"peertubeEngine\", description, homepage, settings, \"createdAt\", \"updatedAt\") VALUES ('auth-openid-connect', '1', '0.0.7', true, false, '>=2.2.0', 'Add OpenID connect support to login form in PeerTube.', 'https://framagit.org/framasoft/peertube/official-plugins/tree/master/peertube-plugin-auth-openid-connect', '{\"scope\": \"openid email profile\", \"client-id\": \"%%oauth2_client_id\", \"discover-url\": \"https://%%oauth2_client_server_domainname/.well-known/openid-configuration\", \"client-secret\": \"%%oauth2_client_secret\", \"mail-property\": \"email\", \"auth-display-name\": \"OpenID Connect\", \"username-property\": \"nickname\", \"signature-algorithm\": \"%%oauth2_client_token_signature_algo\", \"display-name-property\": \"email\"}', '2022-04-05 18:12:34.832+02', '2022-04-05 18:12:34.832+02')"
ExecStartPost=+/usr/bin/psql --set=sslmode=verify-full -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -c "INSERT INTO plugin (name, type, version, enabled, uninstalled, \"peertubeEngine\", description, homepage, settings, \"createdAt\", \"updatedAt\") VALUES ('auth-openid-connect', '1', '0.1.0', true, false, '>=2.2.0', 'Add OpenID connect support to login form in PeerTube.', 'https://framagit.org/framasoft/peertube/official-plugins/tree/master/peertube-plugin-auth-openid-connect', '{\"scope\": \"openid email profile\", \"client-id\": \"%%oauth2_client_id\", \"discover-url\": \"https://%%oauth2_client_server_domainname/.well-known/openid-configuration\", \"client-secret\": \"%%oauth2_client_secret\", \"mail-property\": \"email\", \"auth-display-name\": \"OpenID Connect\", \"username-property\": \"nickname\", \"signature-algorithm\": \"%%oauth2_client_token_signature_algo\", \"display-name-property\": \"email\"}', '2022-04-05 18:12:34.832+02', '2022-04-05 18:12:34.832+02')"

150
seed/peertube/templates/production.yaml
View file

@ -28,6 +28,10 @@ rates_limit:
# 3 attempts in 5 min
window: 5 minutes
max: 3
receive_client_log:
# 10 attempts in 10 min
window: 10 minutes
max: 10
# Proxies to trust to get real client IP
# If you run PeerTube just behind a local proxy (nginx), keep 'loopback'
@ -49,7 +53,7 @@ database:
# Redis server for short time storage
# You can also specify a 'socket' path to a unix socket but first need to
# comment out hostname and port
# set 'hostname' and 'port' to null
redis:
hostname: '%%redis_client_server_domainname'
port: 6379
@ -95,11 +99,13 @@ defaults:
licence: null
p2p:
# Enable P2P by default
# Enable P2P by default in PeerTube client
# Can be enabled/disabled by anonymous users and logged in users
webapp:
enabled: true
# Enable P2P by default in PeerTube embed
# Can be enabled/disabled by URL option
embed:
enabled: true
@ -138,6 +144,9 @@ object_storage:
region: 'us-east-1'
# Set this ACL on each uploaded object
upload_acl: 'public-read'
credentials:
# You can also use AWS_ACCESS_KEY_ID env variable
access_key_id: ''
@ -145,7 +154,10 @@ object_storage:
secret_access_key: ''
# Maximum amount to upload in one request to object storage
# GNUNUX max_upload_part: 100MB
#>GNUNUX
max_upload_part: 2GB
#<GNUNUX
streaming_playlists:
bucket_name: 'streaming-playlists'
@ -165,20 +177,46 @@ object_storage:
log:
level: 'info' # 'debug' | 'info' | 'warn' | 'error'
rotation:
# GNUNUX enabled : true # Enabled by default, if disabled make sure that 'storage.logs' is pointing to a folder handled by logrotate
#>GNUNUX
enabled : false # Enabled by default, if disabled make sure that 'storage.logs' is pointing to a folder handled by logrotate
#<GNUNUX
max_file_size: 12MB
max_files: 20
anonymize_ip: false
log_ping_requests: true
log_tracker_unknown_infohash: true
prettify_sql: false
# Accept warn/error logs coming from the client
accept_client_log: true
# Highly experimental support of Open Telemetry
open_telemetry:
metrics:
enabled: false
# Create a prometheus exporter server on this port so prometheus server can scrape PeerTube metrics
prometheus_exporter:
port: 9091
tracing:
enabled: false
# Send traces to a Jaeger compatible endpoint
jaeger_exporter:
endpoint: ''
trending:
videos:
interval_days: 7 # Compute trending videos for the last x days
algorithms:
enabled:
- 'best' # adaptation of Reddit's 'Best' algorithm (Hot minus History)
- 'hot' # adaptation of Reddit's 'Hot' algorithm
- 'most-viewed' # default, used initially by PeerTube as the trending page
- 'most-liked'
@ -227,7 +265,7 @@ security:
enabled: true
tracker:
# If you disable the tracker, you disable the P2P aspect of PeerTube
# If you disable the tracker, you disable the P2P on your PeerTube instance
enabled: true
# Only handle requests on your videos
# If you set this to false it means you have a public tracker
@ -258,11 +296,21 @@ views:
ip_view_expiration: '1 hour'
# Used to get country location of views of local videos
geo_ip:
enabled: true
country:
database_url: 'https://dbip.mirror.framasoft.org/files/dbip-country-lite-latest.mmdb'
plugins:
# The website PeerTube will ask for available PeerTube plugins and themes
# This is an unmoderated plugin index, so only install plugins/themes you trust
index:
# GNUNUX enabled: true
#>GNUNUX
enabled: false
#<GNUNUX
check_latest_versions_interval: '12 hours' # How often you want to check new plugins/themes versions
url: 'https://packages.joinpeertube.org'
@ -277,7 +325,10 @@ federation:
peertube:
check_latest_version:
# Check and notify admins of new PeerTube versions
# GNUNUX enabled: true
#>GNUNUX
enabled: false
#<GNUNUX
# You can use a custom URL if your want, that respect the format behind https://joinpeertube.org/api/v1/versions.json
url: 'https://joinpeertube.org/api/v1/versions.json'
@ -285,17 +336,30 @@ webadmin:
configuration:
edition:
# Set this to false if you don't want to allow config edition in the web interface by instance admins
# GNUNUX allowed: true
#>GNUNUX
allowed: false
#<GNUNUX
# XML, Atom or JSON feeds
feeds:
videos:
# Default number of videos displayed in feeds
count: 20
comments:
# Default number of comments displayed in feeds
count: 20
###############################################################################
#
# From this point, all the following keys can be overridden by the web interface
# From this point, almost all following keys can be overridden by the web interface
# (local-production.json file). If you need to change some values, prefer to
# use the web interface because the configuration will be automatically
# reloaded without any need to restart PeerTube
#
# /!\ If you already have a local-production.json file, the modification of the
# following keys will have no effect /!\
# /!\ If you already have a local-production.json file, modification of some of
# the following keys will have no effect /!\
#
###############################################################################
@ -368,6 +432,9 @@ transcoding:
1440p: false
2160p: false
# Transcode and keep original resolution, even if it's above your maximum enabled resolution
always_transcode_original_resolution: true
# Generate videos in a WebTorrent format (what we do since the first PeerTube release)
# If you also enabled the hls format, it will multiply videos storage by 2
# If disabled, breaks federation with PeerTube instances < 2.1
@ -404,19 +471,43 @@ live:
# /!\ transcoding.enabled (and not live.transcoding.enabled) has to be true to create a replay
allow_replay: true
# Allow your users to change latency settings (small latency/default/high latency)
# Small latency live streams cannot use P2P
# High latency live streams can increase P2P ratio
latency_setting:
enabled: true
# Your firewall should accept traffic from this port in TCP if you enable live
rtmp:
enabled: true
# Listening hostname/port for RTMP server
# '::' to listen on IPv6 and IPv4, '0.0.0.0' to listen on IPv4
# Use null to automatically listen on '::' if IPv6 is available, or '0.0.0.0' otherwise
hostname: null
port: 1935
# Public hostname of your RTMP server
# Use null to use the same value than `webserver.hostname`
public_hostname: null
rtmps:
enabled: false
# Listening hostname/port for RTMPS server
# '::' to listen on IPv6 and IPv4, '0.0.0.0' to listen on IPv4
# Use null to automatically listen on '::' if IPv6 is available, or '0.0.0.0' otherwise
hostname: null
port: 1936
# Absolute path
# Absolute paths
key_file: ''
# Absolute path
cert_file: ''
# Public hostname of your RTMPS server
# Use null to use the same value than `webserver.hostname`
public_hostname: null
# Allow to transcode the live streaming in multiple live resolutions
transcoding:
enabled: true
@ -437,17 +528,31 @@ live:
1440p: false
2160p: false
# Also transcode original resolution, even if it's above your maximum enabled resolution
always_transcode_original_resolution: true
video_studio:
# Enable video edition by users (cut, add intro/outro, add watermark etc)
# If enabled, users can create transcoding tasks as they wish
enabled: false
import:
# Add ability for your users to import remote videos (from YouTube, torrent...)
videos:
# Amount of import jobs to execute in parallel
concurrency: 1
# Set a custom video import timeout to not block import queue
timeout: '2 hours'
# Classic HTTP or all sites supported by youtube-dl https://rg3.github.io/youtube-dl/supportedsites.html
http:
# We recommend to use a HTTP proxy if you enable HTTP import to prevent private URL access from this server
# See https://docs.joinpeertube.org/maintain-configuration?id=security for more information
# GNUNUX enabled: false
#>GNUNUX
enabled: true
#<GNUNUX
youtube_dl_release:
# Direct download URL to youtube-dl binary
@ -455,11 +560,11 @@ import:
# Examples:
# * https://api.github.com/repos/ytdl-org/youtube-dl/releases
# * https://api.github.com/repos/yt-dlp/yt-dlp/releases
url: 'https://yt-dl.org/downloads/latest/youtube-dl'
# * https://yt-dl.org/downloads/latest/youtube-dl
url: 'https://api.github.com/repos/yt-dlp/yt-dlp/releases'
# youtube-dl binary name
# yt-dlp is also supported
name: 'youtube-dl'
# Release binary name: 'yt-dlp' or 'youtube-dl'
name: 'yt-dlp'
# Path to the python binary to execute for youtube-dl or yt-dlp
python_path: '/usr/bin/python3'
@ -473,6 +578,17 @@ import:
# See https://docs.joinpeertube.org/maintain-configuration?id=security for more information
enabled: false
# Add ability for your users to synchronize their channels with external channels, playlists, etc.
video_channel_synchronization:
enabled: false
max_per_user: 10
check_interval: 1 hour
# Number of latest published videos to check and to potentially import when syncing a channel
videos_limit_per_synchronization: 10
auto_blacklist:
# New videos automatically blacklisted so moderators can review before publishing
videos:
@ -512,7 +628,10 @@ instance:
languages:
# - en
# - es
# GNUNUX - fr
#>GNUNUX
- fr
#<GNUNUX
# You can specify the main categories of your instance (dedicated to music, gaming or politics etc)
# Uncomment or add the category ids you want
@ -630,6 +749,11 @@ client:
miniature:
# By default PeerTube client displays author username
prefer_author_display_name: false
display_author_avatar: false
resumable_upload:
# Max size of upload chunks, e.g. '90MB'
# If null, it will be calculated based on network speed
max_chunk_size: null
menu:
login:

1
seed/php-fpm/applicationservice.yml
View file

@ -1,5 +1,4 @@
format: '0.1'
description: PHP FPM
depends:
- base-fedora-35
- php

6
seed/postfix-relay/funcs/opendkim.py
View file

@ -1,6 +1,6 @@
import dkim.dknewkey as _dknewkey
from os.path import dirname as _dirname, abspath as _abspath, join as _join, isfile as _isfile, isdir as _isdir
from os import makedirs as _makedirs
from os.path import join as _join, isfile as _isfile, isdir as _isdir
from os import makedirs as _makedirs, environ as _environ
from shutil import rmtree as _rmtree
import __main__
@ -10,7 +10,7 @@ def _eprint(*args, **kwargs):
_dknewkey.eprint = _eprint
_HERE = _dirname(_dirname(_abspath(__main__.__file__)))
_HERE = _environ['PWD']
_DKIM_DIR = _join(_HERE, 'pki/dkim')

2
seed/postgresql-client/templates/postgresqlclient.service
View file

@ -7,4 +7,4 @@ Before=risotto.target
Type=oneshot
Environment=PGPASSFILE=/usr/local/lib/secrets/postgresql.pass
ExecStart=/usr/bin/timeout 300 bash -c 'while ! 3<> /dev/tcp/%%pg_client_server_domainname/5432; do sleep 1; done; echo "POSTGRESQL STARTED"'
ExecStart=/usr/bin/timeout 90 bash -c 'while ! /usr/bin/psql --set=sslmode=verify-full -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -c "\l"; do sleep 1; done; echo "POSTGRESQL READY"'
ExecStart=/usr/bin/timeout 90 bash -c 'while ! /usr/bin/psql --set=sslmode=verify-full -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -c "\dt"; do sleep 1; done; echo "POSTGRESQL READY"'

2
seed/redis-client/dictionaries/23_redis.xml
View file

@ -1,7 +1,7 @@
<?xml version='1.0' encoding='UTF-8'?>
<rougail version="0.10">
<services>
<service name="redisclient" manage="False">
<service name="redis-client" target="risotto" engine="creole">
<file>/etc/pki/ca-trust/source/anchors/ca_Redis.crt</file>
<file>/etc/pki/tls/certs/redis.crt</file>
<file owner_type="variable" owner="redis_client_key_owner" mode="400">/etc/pki/tls/private/redis.key</file>

1
seed/redis-client/manual/image/preinstall/redis.sh Normal file
View file

@ -0,0 +1 @@
PKG="$PKG redis"

8
seed/redis-client/templates/redis-client.service Normal file
View file

@ -0,0 +1,8 @@
[Unit]
After=network-online.target
Before=risotto.target
[Service]
Type=oneshot
User=%%redis_client_key_owner
ExecStart=/usr/bin/timeout 90 bash -c 'while ! /usr/bin/redis-cli --tls -a %%redis_client_password --cacert /etc/pki/ca-trust/source/anchors/ca_Redis.crt --cert /etc/pki/tls/certs/redis.crt --key /etc/pki/tls/private/redis.key -h %%redis_client_server_domainname -p 6380 PING; do sleep 1; done'

8
seed/reverse-proxy-client/dictionaries/21_nginx_client.xml
View file

@ -4,6 +4,7 @@
<service name="nginx" manage="False">
<file file_type="variable" source="revprox.crt">revprox_client_cert_file</file>
<file file_type="variable" source="revprox.key" owner_type="variable" owner="revprox_client_cert_owner" group_type="variable" group="revprox_client_cert_group" mode="400">revprox_client_key_file</file>
<file file_type="variable" source="ca_InternalReverseProxy.crt">revprox_client_ca_file</file>
</service>
</services>
<variables>
@ -33,6 +34,7 @@
</variable>
<variable name="revprox_client_cert_file" type="filename" description="Reverse proxy certificate filename" hidden="True"/>
<variable name="revprox_client_key_file" type="filename" description="Reverse proxy private key filename" hidden="True"/>
<variable name="revprox_client_ca_file" type="filename" description="Reverse proxy CA filename" hidden="True"/>
</family>
</variables>
<constraints>
@ -58,5 +60,11 @@
<param name="join">/</param>
<target>revprox_client_key_file</target>
</fill>
<fill name="calc_value">
<param type="variable">tls_ca_directory</param>
<param>ca_InternalReverseProxy.crt</param>
<param name="join">/</param>
<target>revprox_client_ca_file</target>
</fill>
</constraints>
</rougail>

5
seed/speedtest-rs/applicationservice.yml Normal file
View file

@ -0,0 +1,5 @@
format: '0.1'
description: Speedtest-rs
depends:
- base-fedora-36
- reverse-proxy-client

18
seed/speedtest-rs/dictionaries/40_speedtest-rs.xml Normal file
View file

@ -0,0 +1,18 @@
<?xml version='1.0' encoding='UTF-8'?>
<rougail version="0.10">
<services>
<service name="speedtest-rs" target="multi-user">
<override/>
<file>/etc/speedtest-rs/config.env</file>
<file engine="none">/var/lib/speedtest-rs/speedtest-rs.css</file>
<file engine="none">/var/lib/speedtest-rs/logo.png</file>
</service>
</services>
<variables>
<family name="nginx">
<variable name="revprox_client_cert_owner" redefine="True" hidden="True">
<value>speedtest</value>
</variable>
</family>
</variables>
</rougail>

391
seed/speedtest-rs/manual/image/postinstall/index.html Normal file
View file

@ -0,0 +1,391 @@
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no, user-scalable=no" />
<meta charset="UTF-8" />
<link rel="shortcut icon" href="favicon.ico">
<script type="text/javascript" src="speedtest.js"></script>
<script type="text/javascript">
function I(i){return document.getElementById(i);}
//INITIALIZE SPEEDTEST
var s=new Speedtest(); //create speedtest object
//s.setParameter("telemetry_level","basic"); //enable telemetry
s.setParameter("getIp_ispInfo",false);
var meterBk=/Trident.*rv:(\d+\.\d+)/i.test(navigator.userAgent)?"#EAEAEA":"#80808040";
var pingColor="#b8ae32",
jitterColor="#91c644";
dlColor="#885f3c";
ulColor="#685730";
var progColor="#91c644";
//CODE FOR GAUGES
function drawMeter(c,amount,bk,fg,progress,prog){
//>GNUNUX
var gaugeWeight=6;
//<GNUNUX
var ctx=c.getContext("2d");
var dp=window.devicePixelRatio||1;
var cw=c.clientWidth*dp, ch=c.clientHeight*dp;
var sizScale=ch*0.0055;
if(c.width==cw&&c.height==ch){
ctx.clearRect(0,0,cw,ch);
}else{
c.width=cw;
c.height=ch;
}
ctx.beginPath();
ctx.strokeStyle=bk;
// ctx.lineWidth=12*sizScale;
//>GNUNUX
ctx.lineWidth=gaugeWeight*sizScale;
//<GNUNUX
ctx.arc(c.width/2,c.height-58*sizScale,c.height/1.8-ctx.lineWidth,-Math.PI*1.1,Math.PI*0.1);
ctx.stroke();
ctx.beginPath();
ctx.strokeStyle=fg;
// ctx.lineWidth=12*sizScale;
//>GNUNUX
ctx.lineWidth=gaugeWeight*sizScale;
//<GNUNUX
ctx.arc(c.width/2,c.height-58*sizScale,c.height/1.8-ctx.lineWidth,-Math.PI*1.1,amount*Math.PI*1.2-Math.PI*1.1);
ctx.stroke();
if(typeof progress !== "undefined"){
ctx.fillStyle=prog;
ctx.fillRect(c.width*0.3,c.height-16*sizScale,c.width*0.4*progress,4*sizScale);
}
}
function mbpsToAmount(s){
return 1-(1/(Math.pow(1.3,Math.sqrt(s))));
}
//>GNUNUX
function msToAmount(s) {
return 1 - (1 / (Math.pow(1.08, Math.sqrt(s))));
}
//<GNUNUX
function format(d){
d=Number(d);
if(d<10) return d.toFixed(2);
if(d<100) return d.toFixed(1);
return d.toFixed(0);
}
//UI CODE
var uiData=null;
function startStop(){
if(s.getState()==3){
//speedtest is running, abort
s.abort();
data=null;
I("startStopBtn").className="";
initUI();
}else{
//test is not running, begin
I("startStopBtn").className="running";
//GNUNUX I("shareArea").style.display="none";
s.onupdate=function(data){
uiData=data;
};
s.onend=function(aborted){
I("startStopBtn").className="";
updateUI(true);
if(!aborted){
//if testId is present, show sharing panel, otherwise do nothing
try{
var testId=uiData.testId;
if(testId!=null){
var shareURL=window.location.href.substring(0,window.location.href.lastIndexOf("/"))+"/results/?id="+testId;
I("resultsImg").src=shareURL;
I("resultsURL").value=shareURL;
I("testId").innerHTML=testId;
//GNUNUX I("shareArea").style.display="";
}
}catch(e){}
}
};
s.start();
}
}
//this function reads the data sent back by the test and updates the UI
function updateUI(forced){
if(!forced&&s.getState()!=3) return;
if(uiData==null) return;
var status=uiData.testState;
I("ip").textContent="Adresse IP : "+uiData.clientIp;
I("dlText").textContent=(status==1&&uiData.dlStatus==0)?"...":format(uiData.dlStatus);
drawMeter(I("dlMeter"),mbpsToAmount(Number(uiData.dlStatus*(status==1?oscillate():1))),meterBk,dlColor,Number(uiData.dlProgress),progColor);
I("ulText").textContent=(status==3&&uiData.ulStatus==0)?"...":format(uiData.ulStatus);
drawMeter(I("ulMeter"),mbpsToAmount(Number(uiData.ulStatus*(status==3?oscillate():1))),meterBk,ulColor,Number(uiData.ulProgress),progColor);
I("pingText").textContent=format(uiData.pingStatus);
drawMeter(I("pingMeter"), msToAmount(Number(uiData.pingStatus * (status == 2 ? oscillate() : 1))), meterBk, pingColor, Number(uiData.pingProgress), progColor);
I("jitText").textContent=format(uiData.jitterStatus);
drawMeter(I("jitterMeter"), msToAmount(Number(uiData.jitterStatus * (status == 2 ? oscillate() : 1))), meterBk, jitterColor, Number(uiData.pingProgress), progColor);
}
function oscillate(){
return 1+0.02*Math.sin(Date.now()/100);
}
//update the UI every frame
window.requestAnimationFrame=window.requestAnimationFrame||window.webkitRequestAnimationFrame||window.mozRequestAnimationFrame||window.msRequestAnimationFrame||(function(callback,element){setTimeout(callback,1000/60);});
function frame(){
requestAnimationFrame(frame);
updateUI();
}
frame(); //start frame loop
//function to (re)initialize UI
function initUI(){
drawMeter(I("dlMeter"),0,meterBk,dlColor,0);
drawMeter(I("ulMeter"),0,meterBk,ulColor,0);
drawMeter(I("pingMeter"),0,meterBk,pingColor,0);
drawMeter(I("jitterMeter"),0,meterBk,jitterColor,0);
I("dlText").textContent="";
I("ulText").textContent="";
I("pingText").textContent="";
I("jitText").textContent="";
I("ip").textContent="";
}
</script>
<style type="text/css">
html,body{
border:none; padding:0; margin:0;
background:#FFFFFF;
color:#202020;
}
body{
text-align:center;
font-family:"Roboto",sans-serif;
}
h1{
color:#404040;
}
#startStopBtn{
display:inline-block;
margin:0 auto;
color:#6060AA;
background-color:rgba(0,0,0,0);
border:0.15em solid #6060FF;
border-radius:0.3em;
transition:all 0.3s;
box-sizing:border-box;
width:8em; height:3em;
line-height:2.7em;
cursor:pointer;
box-shadow: 0 0 0 rgba(0,0,0,0.1), inset 0 0 0 rgba(0,0,0,0.1);
}
#startStopBtn:hover{
box-shadow: 0 0 2em rgba(0,0,0,0.1), inset 0 0 1em rgba(0,0,0,0.1);
}
#startStopBtn.running{
background-color:#FF3030;
border-color:#FF6060;
color:#FFFFFF;
}
#startStopBtn:before{
content:"Start";
}
#startStopBtn.running:before{
content:"Abort";
}
#test{
margin-top:2em;
margin-bottom:12em;
}
div.testArea{
display:inline-block;
width:16em;
height:12.5em;
position:relative;
box-sizing:border-box;
}
div.testArea2{
display:inline-block;
width:14em;
height:7em;
position:relative;
box-sizing:border-box;
text-align:center;
}
div.testArea div.testName{
position:absolute;
top:0.1em; left:0;
width:100%;
font-size:1.4em;
z-index:9;
}
div.testArea2 div.testName{
display:block;
text-align:center;
font-size:1.4em;
}
div.testArea div.meterText{
position:absolute;
bottom:1.55em; left:0;
width:100%;
font-size:2.5em;
z-index:9;
}
div.testArea2 div.meterText{
display:inline-block;
font-size:2.5em;
}
div.meterText:empty:before{
content:"0.00";
}
div.testArea div.unit{
position:absolute;
bottom:2em; left:0;
width:100%;
z-index:9;
}
div.testArea2 div.unit{
display:inline-block;
}
div.testArea canvas{
position:absolute;
top:0; left:0; width:100%; height:100%;
z-index:1;
}
div.testGroup{
display:block;
margin: 0 auto;
}
#shareArea{
width:95%;
max-width:40em;
margin:0 auto;
margin-top:2em;
}
#shareArea > *{
display:block;
width:100%;
height:auto;
margin: 0.25em 0;
}
#privacyPolicy{
position:fixed;
top:2em;
bottom:2em;
left:2em;
right:2em;
overflow-y:auto;
width:auto;
height:auto;
box-shadow:0 0 3em 1em #000000;
z-index:999999;
text-align:left;
background-color:#FFFFFF;
padding:1em;
}
a.privacy{
text-align:center;
font-size:0.8em;
color:#808080;
padding: 0 3em;
}
div.closePrivacyPolicy {
width: 100%;
text-align: center;
}
div.closePrivacyPolicy a.privacy {
padding: 1em 3em;
}
@media all and (max-width:40em){
body{
font-size:0.8em;
}
}
</style>
<link rel="stylesheet" href="speedtest-rs.css" />
<title>Débit</title>
</head>
<body>
<a href="https://www.silique.fr/"><img src="logo.png" alt="Logo"/></a>
<h1>Débit</h1>
<div id="testWrapper">
<!--GNUNUX <div id="startStopBtn" onclick="startStop()"></div><br/>
<a class="privacy" href="#" onclick="I('privacyPolicy').style.display=''">Privacy</a>-->
<div id="test">
<div class="testGroup">
<div class="testArea">
<div class="testName">Ping</div>
<canvas id="pingMeter" class="meter"></canvas>
<div id="pingText" class="meterText"></div>
<div class="unit">ms</div>
</div>
<div class="testArea">
<div class="testName">Latence</div>
<canvas id="jitterMeter" class="meter"></canvas>
<div id="jitText" class="meterText"></div>
<div class="unit">ms</div>
</div>
</div>
<div class="testGroup">
<div class="testArea">
<div class="testName">Descendant</div>
<canvas id="dlMeter" class="meter"></canvas>
<div id="dlText" class="meterText"></div>
<div class="unit">Mbps</div>
</div>
<div class="testArea">
<div class="testName">Montant</div>
<canvas id="ulMeter" class="meter"></canvas>
<div id="ulText" class="meterText"></div>
<div class="unit">Mbps</div>
</div>
</div>
<div id="startStopBtn" onclick="startStop()"></div>
<div id="ipArea">
<span id="ip"></span>
</div>
<!--GNUNUX <div id="shareArea" style="display:none">
<h3>Share results</h3>
<p>Test ID: <span id="testId"></span></p>
<input type="text" value="" id="resultsURL" readonly="readonly" onclick="this.select();this.focus();this.select();document.execCommand('copy');alert('Link copied')"/>
<img src="" id="resultsImg" />
</div>-->
</div>
<a href="https://cloud.silique.fr/gitea/Silique/speedtest-rs">Source code</a>
</div>
<!-- >GNUNUX<div id="privacyPolicy" style="display:none">
<h2>Privacy Policy</h2>
<p>This HTML5 Speedtest server is configured with telemetry enabled.</p>
<h4>What data we collect</h4>
<p>
At the end of the test, the following data is collected and stored:
<ul>
<li>Test ID</li>
<li>Time of testing</li>
<li>Test results (download and upload speed, ping and jitter)</li>
<li>IP address</li>
<li>ISP information</li>
<li>Approximate location (inferred from IP address, not GPS)</li>
<li>User agent and browser locale</li>
<li>Test log (contains no personal information)</li>
</ul>
</p>
<h4>How we use the data</h4>
<p>
Data collected through this service is used to:
<ul>
<li>Allow sharing of test results (sharable image for forums, etc.)</li>
<li>To improve the service offered to you (for instance, to detect problems on our side)</li>
</ul>
No personal information is disclosed to third parties.
</p>
<h4>Your consent</h4>
<p>
By starting the test, you consent to the terms of this privacy policy.
</p>
<h4>Data removal</h4>
<p>
If you want to have your information deleted, you need to provide either the ID of the test or your IP address. This is the only way to identify your data, without this information we won't be able to comply with your request.<br/><br/>
Contact this email address for all deletion requests: <a href="mailto:PUT@YOUR_EMAIL.HERE">TO BE FILLED BY DEVELOPER</a>.
</p>
<br/><br/>
<div class="closePrivacyPolicy">
<a class="privacy" href="#" onclick="I('privacyPolicy').style.display='none'">Close</a>
</div>
<br/>
</div>-->
<script type="text/javascript">setTimeout(function(){initUI()},100);</script>
</body>
</html>

4
seed/speedtest-rs/manual/image/postinstall/speedtest-rs.sh Normal file
View file

@ -0,0 +1,4 @@
rm "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/share/speedtest-rs/index.html"
cp "$IMAGE_DIR_RECIPIENT_IMAGE/postinstall/index.html" "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/share/speedtest-rs/index.html"
ln -s ../../../var/lib/speedtest-rs/speedtest-rs.css "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/share/speedtest-rs/"
ln -s ../../../var/lib/speedtest-rs/logo.png "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/share/speedtest-rs/"

2
seed/speedtest-rs/manual/image/preinstall/speedtest-rs.sh Normal file
View file

@ -0,0 +1,2 @@
PKG="$PKG speedtest-rs"
COPR="https://copr.fedorainfracloud.org/coprs/gnunux/speedtest-rs/repo/fedora-36/gnunux-speedtest-rs-fedora-36.repo"

20
seed/speedtest-rs/templates/config.env Normal file
View file

@ -0,0 +1,20 @@
# server listening to
SPEEDTEST_ADDRESS=0.0.0.0
SPEEDTEST_PORT=443
# certificats and public key
# those to option are mandatory if you want tu active TLS support
SPEEDTEST_CERT=/etc/pki/tls/certs/revprox.crt
SPEEDTEST_KEY=/etc/pki/tls/private/revprox.key
# optional CA to validate client
SPEEDTEST_CA_CERT=%%revprox_client_ca_file
# Directory with HTML/js files
SPEEDTEST_DIR=/usr/share/speedtest-rs/
# https://ipinfo.io/ token to use this service
#IPINFO_TOKEN=
# to get distance between client and server we need to know the server coordonate
#SPEEDTEST_LATITUDE=0.0
#SPEEDTEST_LONGITUDE=0.0

BIN
seed/speedtest-rs/templates/logo.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 9.7 KiB

15
seed/speedtest-rs/templates/speedtest-rs.css Normal file
View file

@ -0,0 +1,15 @@
#startStopBtn{
color:#FFFFFF;
background-color:#91c644;
border:0.15em solid #91c644;
margin-bottom:1em;
}
#startStopBtn:before{
content:"Démarrer";
}
#startStopBtn.running:before{
content:"Annuler";
}
div.testArea{
margin: 1em;
}

12
seed/speedtest-rs/templates/speedtest-rs.service Normal file
View file

@ -0,0 +1,12 @@
[Unit]
After=risotto.target
[Service]
PrivateDevices=false
ProtectHome=false
ProtectSystem=false
LimitNOFILE=
LimitNPROC=
WorkingDirectory=/srv/vaultwarden
ReadWriteDirectories=
ReadWriteDirectories=

16
seed/systemd/DEBUG.md Normal file
View file

@ -0,0 +1,16 @@
Debug systemd-networkd
=======================
Dans /usr/lib/systemd/system/systemd-networkd.service ajouter :
```
[Service]
Environment=SYSTEMD_LOG_LEVEL=debug
```
Redémarrer :
```
machinectl reboot lemonldap.in.silique.fr
machinectl shell lemonldap.in.silique.fr /usr/bin/networkctl status -l -a
```

1
seed/vaultwarden/dictionaries/40_vaultwarden.xml
View file

@ -3,7 +3,6 @@
<services>
<service name="vaultwarden" target="multi-user">
<override/>
<file>/etc/pki/ca-trust/source/anchors/ca_InternalReverseProxy.crt</file>
<file engine="none" source="tmpfile-vaultwarden.conf">/tmpfiles.d/0vaultwarden.conf</file>
<file source="vaultwarden_config.env">/etc/vaultwarden/config.env</file>
<file>/tests/vaultwarden.yml</file>

6
seed/vaultwarden/funcs/vaultwarden.py
View file

@ -1,10 +1,10 @@
import __main__
from os.path import dirname as _dirname, abspath as _abspath, join as _join, isfile as _isfile, isdir as _isdir
from os import makedirs as _makedirs
from os.path import join as _join, isfile as _isfile, isdir as _isdir
from os import makedirs as _makedirs, environ as _environ
from uuid import uuid4 as _uuid4
_HERE = _dirname(_dirname(_abspath(__main__.__file__)))
_HERE = _environ['PWD']
_PASSWORD_DIR = _join(_HERE, 'password')

3
seed/vaultwarden/templates/vaultwarden.service
View file

@ -1,3 +1,6 @@
[Unit]
After=risotto.target
[Service]
PrivateDevices=false
ProtectHome=false