feat: upgrate to format 1.1

By default, systemd don't want to (re)start too quickly. This make unecessary errors in log.

close #1

README.md

@@ -1,2 +1,3 @@
 # dataset
 
+[This dataset application services](seed/README.md)

doc/link.md

@@ -1,177 +1,13 @@
-# Configuration liée
+CAS 1 (Redis et RedisClient) :
 
-Une configuration liée est un ensemble d'élément partagé entre deux serveurs différents.
+application service "serveur" :
 
-## Lier un client à un serveur
+provider="xxx" : variable multiple qui récupère tous les noms de domaine des suppliers
+provider="xxx:yyy" : variable dans une famille dynamique qui récupère les infos de yyy
+supplier="xxx:zzz" : variable dans la famille dynamique qui transmet l'info de zzz (généralement par un calcul)
 
-```
-<check name="set_linked">
-  <param name="linked_provider">clients</param>
-  <param name="linked_value" type="variable">service_variable</param>
-  <target>service_variable_2</target>
-</check>
-```
+application service "client" :
 
-## Lier un client à un serveur avec un nom d'utilisateur issu du nom de domaine
-
-Il faut commencer de créer une variable côté serveur :
-
-```
-<variable name="remotes" description="All clients" type="domainname" multi="True" provider="clients"/>
-```
-
-Le nom d'utilisateur sera ici le nom de domaine du serveur avec l'application de la fonction 'normalize_family'.
-
-Pour lier deux configurations il faut créer deux variables côté client :
-
-```
-<variable name='service_server_address' type='domainname' description="Nom DNS du serveur" mandatory='True'/>
-<variable name='service_remote_user' type='string' description="Remote username" mandatory='True' hidden="True"/>
-```
-
-Enfin il faut lier les deux configurations :
-
-```
-<fill name="set_linked">
-  <param name="linked_server" type="variable">service_server_address</param>
-  <param name="linked_provider">clients</param>
-  <param name="linked_value" type="information">server_name</param>
-  <target>service_remote_user</target>
-</fill>
-```
-
-Ainsi, lorsque l'utilisateur renseignera la variable "service_server_address", cette valeur sera ajouter à la variable "remotes" du serveur.
-En retour la variable "service_remote_user" aura comme valeur "normalize_family(service_server_address)".
-
-## Lier un client unique à un serveur avec un nom d'utilisateur calculé sur le serveur
-
-Il faut commencer de créer les variables côté serveur :
-
-```
-<variables>
-  <variable name="remote" description="The client" type="domainname" provider="client"/>
-  <variable name="username" hidden="True" provider="client_name"/>
-</variables>
-<constraints>
-  <fill name="gen_user_name">
-    <target>username</target>
-  </fill>
-</constraints>
-```
-
-Côté client :
-
-```
-<variable name='service_server_address' type='domainname' description="Nom DNS du serveur" mandatory='True'/>
-<variable name='service_remote_user' type='string' description="Remote username" mandatory='True' hidden="True"/>
-```
-
-```
-<fill name="set_linked">
-  <param name="linked_server" type="variable">service_server_address</param>
-  <param name="linked_provider">clients</param>
-  <param name="linked_value" type="information">server_name</param>
-  <param name="linked_returns">client_name</param>
-  <target>service_remote_user</target>
-</fill>
-```
-
-Ainsi, lorsque l'utilisateur renseignera la variable "service_server_address", cette valeur sera la variable "remote" du serveur.
-Un nom d'utilisateur sera alors généré côté serveur, la valeur de ce nom sera retourner au client comme valeur de 'service_remote_user'.
-
-## Lier plusieurs clients à un serveur avec un nom d'utilisateur calculé sur le serveur
-
-Il faut commencer de créer les variables côté serveur :
-
-```
-<variables>
-  <variable name="remotes" description="All clients" type="domainname" multi="True" provider="clients"/>
-  <family name="remote_" description="Compte pour " dynamic="remotes">
-    <variable name="username_" hidden="True" provider="client_name"/>
-  </family>
-</variables>
-<constraints>
-  <fill name="gen_user_name">
-    <target>username_</target>
-  </fill>
-</constraints>
-```
-
-Côté client :
-
-```
-<variable name='service_server_address' type='domainname' description="Nom DNS du serveur" mandatory='True'/>
-<variable name='service_remote_user' type='string' description="Remote username" mandatory='True' hidden="True"/>
-```
-
-```
-<fill name="set_linked">
-  <param name="linked_server" type="variable">service_server_address</param>
-  <param name="linked_provider">clients</param>
-  <param name="linked_value" type="information">server_name</param>
-  <param name="linked_returns">client_name</param>
-  <param name="dynamic" type="information">server_name</param>
-  <target>service_remote_user</target>
-</fill>
-```
-
-Ainsi, lorsque l'utilisateur renseignera la variable "service_server_address", cette valeur sera ajouter à la variable "remotes" du serveur.
-Un nom d'utilisateur sera alors généré côté serveur, la valeur de ce nom sera retourner au client comme valeur de 'service_remote_user'.
-
-## Caculer une variable d'un client par rapport à la valeur d'un serveur
-
-Il faut commencer de créer une nouvelle variables côté serveur par exemple dans une famille dynamique :
-
-```
-<variables>
-  <family name="remote_" description="Compte pour " dynamic="remotes">
-    <variable name="password_" description="Password " auto_save="True" hidden="True" type="password" provider="client_password"/>
-  </family>
-</variables>
-<constraints>
-  <fill name="gen_password">
-    <target>password_</target>
-  </fill>
-</constraints>
-```
-
-Côté client on veut récupérer ce mot de passe dans une variable :
-
-```
-<variable name='service_remote_user_password' type='password' description="Remote password" mandatory='True' hidden="True"/>
-```
-
-Et calculer cette valeur :
-
-```
-<fill name="get_linked_configuration">
-  <param name="linked_server" type="variable">service_server_address</param>
-  <param name="linked_provider">client_password</param>
-  <param name="dynamic" type="variable">service_remote_user</param>
-  <target>service_remote_user_password</target>
-</fill>
-```
-
-## Propoger la valeur d'une variable d'un client vers un serveur
-
-```
-<check name="set_linked_configuration">
-  <param name="linked_server" type="variable">service_server_address</param>
-  <param name="linked_provider">client_var</param>
-  <param name="dynamic" type="variable">service_remote_user</param>
-  <target>service_variable</target>
-</check>
-```
-
-## Propoger la valeur d'une variable d'un client vers un variable esclave du serveur
-
-```
-<check name="set_linked_configuration">
-  <param name="linked_server" type="variable">service_server_address</param>
-  <param name="leader_provider">client_var</param>
-  <param name="leader_value" type="variable">service_variable</param>
-  <param name="linked_provider">slave</param>
-  <param name="dynamic" type="variable">service_server_address</param>
-  <target>service_variable_2</target>
-</check>
-```
+supplier="xxx" : variable qui récupère le nom de domaine du provider
+supplier="xxx:yyy" : variable qui transmet les infos de yyy (généralement par un calcul)
+provider="xxx:zzz" : variable récupère les infos de zzz

seed/README.ExternalDNS.md

@@ -0,0 +1,29 @@
+---
+gitea: none
+include_toc: true
+---
+
+
+[Return to the list of application services.](README.md)
+# ExternalDNS
+
+## Synopsis
+
+DNS forwarder for all DNS zones.<br/>This provider is able to answer query for external and internal domain name.
+
+## Variables
+
+| Parameter                                                                                                                                                                               | Comment                                          |
+|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|
+| **ExternalDNS:authority_zones**<br/>multiple<br/>**Type:** [`domainname`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Local DNS server can export own authority zones. |
+
+## Provider
+
+[unbound](unbound/README.md): Unbound, a validating, recursive, caching DNS resolver.
+
+## Suppliers
+
+- [postfix-relay](postfix-relay/README.md): Postfix, the mail server, as relay.
+- [peertube](peertube/README.md): Peertube, a federated (ActivityPub) video streaming platform.
+- [znc](znc/README.md): ZNC, a bouncer IRC.
+- [nsd-local](nsd-local/README.md): NSD, an authoritative DNS name server for local resolution.

seed/README.IMAP.md

@@ -0,0 +1,23 @@
+---
+gitea: none
+include_toc: true
+---
+
+
+[Return to the list of application services.](README.md)
+# IMAP
+
+## Synopsis
+
+IMAP server connexion.
+
+## Variables
+
+
+## Provider
+
+[dovecot](dovecot/README.md): Postfix and Dovecot as mail servers (IMAP and submission).
+
+## Supplier
+
+[roundcube](roundcube/README.md): Roundcube, a webmail.

seed/README.Journald.md

@@ -0,0 +1,54 @@
+---
+gitea: none
+include_toc: true
+---
+
+
+[Return to the list of application services.](README.md)
+# Journald
+
+## Synopsis
+
+Concentrate journal messages on one host.
+
+## Variables
+
+| Parameter                                                                                                                                                                           | Comment                                                                                    |
+|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------|
+| **Journald:message**<br/>mandatory, multiple<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Message to exclude for *supplier name*.                                                    |
+| **Journald:service**<br/>mandatory, multiple<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Log from this service to exclude for *supplier name*.                                      |
+| **Journald:function**<br/>multiple<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable)           | Function use to compare message (if not defined, exlude same message) for *supplier name*. |
+
+## Provider
+
+[vector](vector/README.md): Vector, a lightweight, ultra-fast tool for building observability pipelines.
+
+## Suppliers
+
+- [odoo](odoo/README.md): Odoo, an ERP and CRM.
+- [nginx-static](nginx-static/README.md): Nginx as static web site.
+- [grafana](grafana/README.md): Grafana is an analytics and interactive visualization web application.
+- [postgresql](postgresql/README.md): Postgresql, a database.
+- [postfix-relay](postfix-relay/README.md): Postfix, the mail server, as relay.
+- [mailman](mailman/README.md): GNU Mailman, managing electronic mail discussion and e-newsletter lists.
+- [peertube](peertube/README.md): Peertube, a federated (ActivityPub) video streaming platform.
+- [piwigo](piwigo/README.md): Piwigo, a photo management software.
+- [vector](vector/README.md): Vector, a lightweight, ultra-fast tool for building observability pipelines.
+- [dovecot](dovecot/README.md): Postfix and Dovecot as mail servers (IMAP and submission).
+- [unbound](unbound/README.md): Unbound, a validating, recursive, caching DNS resolver.
+- [redis](redis/README.md): Redis, an in-memory data structure store.
+- [loki](loki/README.md): Loki, a log aggregation platform.
+- [forgejo](forgejo/README.md): Forgejo, a community managed lightweight code hosting solution.
+- [nsd](nsd/README.md): NSD, an authoritative DNS name server.
+- [speedtest-rs](speedtest-rs/README.md): Speedtest-rs, a very lightweight Speedtest.
+- [nginx-reverse-proxy](nginx-reverse-proxy/README.md): Nginx as reverse proxy.
+- [roundcube](roundcube/README.md): Roundcube, a webmail.
+- [znc](znc/README.md): ZNC, a bouncer IRC.
+- [vaultwarden](vaultwarden/README.md): Vaultwarden, a password manager.
+- [prometheus](prometheus/README.md): Prometheus, an event monitoring.
+- [mariadb](mariadb/README.md): MariaDB, a relational database.
+- [nsd-local](nsd-local/README.md): NSD, an authoritative DNS name server for local resolution.
+- [nextcloud](nextcloud/README.md): Nextcloud, Online collaboration platform.
+- [lemonldap](lemonldap/README.md): LemonLDAP, a Web Single Sign On and Access Management.
+- [openldap](openldap/README.md): OpenLDAP, the LDAP server.
+- [gitea](gitea/README.md): Transitional package for Gitea to Forgejo.

seed/README.LDAP.md

@@ -0,0 +1,34 @@
+---
+gitea: none
+include_toc: true
+---
+
+
+[Return to the list of application services.](README.md)
+# LDAP
+
+## Synopsis
+
+Create account and connexion to a LDAP server.
+
+## Variables
+
+| Parameter                                                                                                                                                                | Comment                               |
+|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------|
+| **LDAP:family**<br/>**Type:** [`unix_user`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable)                | LDAP family name for *supplier name*. |
+| **LDAP:dn**<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable)                       | LDAP account DN for *supplier name*.  |
+| **LDAP:password**<br/>mandatory<br/>**Type:** [`password`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | LDAP passowrd for *supplier name*.    |
+| **LDAP:base_dn**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable)    | LDAP base DN for *supplier name*.     |
+
+## Provider
+
+[openldap](openldap/README.md): OpenLDAP, the LDAP server.
+
+## Suppliers
+
+- [odoo](odoo/README.md): Odoo, an ERP and CRM.
+- [piwigo](piwigo/README.md): Piwigo, a photo management software.
+- [dovecot](dovecot/README.md): Postfix and Dovecot as mail servers (IMAP and submission).
+- [roundcube](roundcube/README.md): Roundcube, a webmail.
+- [nextcloud](nextcloud/README.md): Nextcloud, Online collaboration platform.
+- [lemonldap](lemonldap/README.md): LemonLDAP, a Web Single Sign On and Access Management.

seed/README.LMTP.md

@@ -0,0 +1,27 @@
+---
+gitea: none
+include_toc: true
+---
+
+
+[Return to the list of application services.](README.md)
+# LMTP
+
+## Synopsis
+
+LMTP remote server.<br/>A service needs send email with LMTP protocol.
+
+## Variables
+
+| Parameter                                                                                                                                                                        | Comment                                                                   |
+|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------|
+| **LMTP:criteria**<br/>mandatory, multiple<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Domain name allowes to send email with LMTP protocol for *supplier name*. |
+
+## Provider
+
+[postfix-relay](postfix-relay/README.md): Postfix, the mail server, as relay.
+
+## Suppliers
+
+- [mailman](mailman/README.md): GNU Mailman, managing electronic mail discussion and e-newsletter lists.
+- [dovecot](dovecot/README.md): Postfix and Dovecot as mail servers (IMAP and submission).

seed/README.LocalDNS.md

@@ -0,0 +1,48 @@
+---
+gitea: none
+include_toc: true
+---
+
+
+[Return to the list of application services.](README.md)
+# LocalDNS
+
+## Synopsis
+
+DNS forwarder for local domain name.
+
+## Variables
+
+| Parameter                                                                                                                                                                  | Comment                 |
+|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------|
+| **LocalDNS:DNSSEC_DS**<br/>multiple<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | DNSSEC DS informations. |
+
+## Provider
+
+[nsd-local](nsd-local/README.md): NSD, an authoritative DNS name server for local resolution.
+
+## Suppliers
+
+- [odoo](odoo/README.md): Odoo, an ERP and CRM.
+- [nginx-static](nginx-static/README.md): Nginx as static web site.
+- [grafana](grafana/README.md): Grafana is an analytics and interactive visualization web application.
+- [postgresql](postgresql/README.md): Postgresql, a database.
+- [mailman](mailman/README.md): GNU Mailman, managing electronic mail discussion and e-newsletter lists.
+- [piwigo](piwigo/README.md): Piwigo, a photo management software.
+- [vector](vector/README.md): Vector, a lightweight, ultra-fast tool for building observability pipelines.
+- [dovecot](dovecot/README.md): Postfix and Dovecot as mail servers (IMAP and submission).
+- [redis](redis/README.md): Redis, an in-memory data structure store.
+- [loki](loki/README.md): Loki, a log aggregation platform.
+- [forgejo](forgejo/README.md): Forgejo, a community managed lightweight code hosting solution.
+- [nsd](nsd/README.md): NSD, an authoritative DNS name server.
+- [speedtest-rs](speedtest-rs/README.md): Speedtest-rs, a very lightweight Speedtest.
+- [nginx-reverse-proxy](nginx-reverse-proxy/README.md): Nginx as reverse proxy.
+- [roundcube](roundcube/README.md): Roundcube, a webmail.
+- [vaultwarden](vaultwarden/README.md): Vaultwarden, a password manager.
+- [prometheus](prometheus/README.md): Prometheus, an event monitoring.
+- [mariadb](mariadb/README.md): MariaDB, a relational database.
+- [nsd-local](nsd-local/README.md): NSD, an authoritative DNS name server for local resolution.
+- [nextcloud](nextcloud/README.md): Nextcloud, Online collaboration platform.
+- [lemonldap](lemonldap/README.md): LemonLDAP, a Web Single Sign On and Access Management.
+- [openldap](openldap/README.md): OpenLDAP, the LDAP server.
+- [gitea](gitea/README.md): Transitional package for Gitea to Forgejo.

seed/README.Loki.md

@@ -0,0 +1,23 @@
+---
+gitea: none
+include_toc: true
+---
+
+
+[Return to the list of application services.](README.md)
+# Loki
+
+## Synopsis
+
+Concentrate log messages.
+
+## Variables
+
+
+## Provider
+
+[loki](loki/README.md): Loki, a log aggregation platform.
+
+## Supplier
+
+[vector](vector/README.md): Vector, a lightweight, ultra-fast tool for building observability pipelines.

seed/README.MariaDB.md

@@ -0,0 +1,28 @@
+---
+gitea: none
+include_toc: true
+---
+
+
+[Return to the list of application services.](README.md)
+# MariaDB
+
+## Synopsis
+
+Create account and connexion to a MariaDB server.
+
+## Variables
+
+| Parameter                                                                                                                                                                 | Comment                                    |
+|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------|
+| **MariaDB:username**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | MariaDB user name for *supplier name*.     |
+| **MariaDB:password**<br/>mandatory<br/>**Type:** [`secret`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | MariaDB password for *supplier name*.      |
+| **MariaDB:database**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | MariaDB database name for *supplier name*. |
+
+## Provider
+
+[mariadb](mariadb/README.md): MariaDB, a relational database.
+
+## Supplier
+
+[piwigo](piwigo/README.md): Piwigo, a photo management software.

seed/README.OAuth2.md

@@ -0,0 +1,45 @@
+---
+gitea: none
+include_toc: true
+---
+
+
+[Return to the list of application services.](README.md)
+# OAuth2
+
+## Synopsis
+
+Remote clients needing to verify OAuth2 account.
+
+## Variables
+
+| Parameter                                                                                                                                                                               | Comment                                                                                            |
+|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------|
+| **OAuth2:name**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable)                    | Remote name for *supplier name*.                                                                   |
+| **OAuth2:description**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable)             | Remote description for *supplier name*.                                                            |
+| **OAuth2:login**<br/>**Type:** [`web_address`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable)                            | Remote URL to login for *supplier name*.                                                           |
+| **OAuth2:external**<br/>mandatory, multiple<br/>**Type:** [`web_address`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Remote external for *supplier name*.                                                               |
+| **OAuth2:family**<br/>mandatory, multiple<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable)        | Remote family for *supplier name*.                                                                 |
+| **OAuth2:category**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable)                | Remode category for *supplier name*.                                                               |
+| **OAuth2:logo**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable)                    | Logo for *supplier name*.                                                                          |
+| **OAuth2:client_id**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable)               | Remote client id for *supplier name*.                                                              |
+| **OAuth2:secret**<br/>mandatory<br/>**Type:** [`password`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable)                | Remote secret for *supplier name*.                                                                 |
+| **OAuth2:token_signature_algo**<br/>mandatory<br/>**Type:** [`choice`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable)    | OAuth2 token signature algorithm for *supplier name*.<br/>**Choices:**<br/>- `HS512`<br/>- `RS256` |
+| **OAuth2:external_domain**<br/>**Type:** [`domainname`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable)                   | OAuth2 server domain name.                                                                         |
+
+## Provider
+
+[lemonldap](lemonldap/README.md): LemonLDAP, a Web Single Sign On and Access Management.
+
+## Suppliers
+
+- [odoo](odoo/README.md): Odoo, an ERP and CRM.
+- [grafana](grafana/README.md): Grafana is an analytics and interactive visualization web application.
+- [mailman](mailman/README.md): GNU Mailman, managing electronic mail discussion and e-newsletter lists.
+- [peertube](peertube/README.md): Peertube, a federated (ActivityPub) video streaming platform.
+- [piwigo](piwigo/README.md): Piwigo, a photo management software.
+- [dovecot](dovecot/README.md): Postfix and Dovecot as mail servers (IMAP and submission).
+- [forgejo](forgejo/README.md): Forgejo, a community managed lightweight code hosting solution.
+- [roundcube](roundcube/README.md): Roundcube, a webmail.
+- [nextcloud](nextcloud/README.md): Nextcloud, Online collaboration platform.
+- [gitea](gitea/README.md): Transitional package for Gitea to Forgejo.

seed/README.Postgresql.md

@@ -0,0 +1,36 @@
+---
+gitea: none
+include_toc: true
+---
+
+
+[Return to the list of application services.](README.md)
+# Postgresql
+
+## Synopsis
+
+Create account and connexion to a PostgreSQL server.
+
+## Variables
+
+| Parameter                                                                                                                                                                      | Comment                                       |
+|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------|
+| **Postgresql:username**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable)   | Postgresql username for *supplier name*.      |
+| **Postgresql:password**<br/>mandatory<br/>**Type:** [`password`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Postgresql password for *supplier name*.      |
+| **Postgresql:database**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable)   | Postgresql database name for *supplier name*. |
+
+## Provider
+
+[postgresql](postgresql/README.md): Postgresql, a database.
+
+## Suppliers
+
+- [odoo](odoo/README.md): Odoo, an ERP and CRM.
+- [grafana](grafana/README.md): Grafana is an analytics and interactive visualization web application.
+- [mailman](mailman/README.md): GNU Mailman, managing electronic mail discussion and e-newsletter lists.
+- [peertube](peertube/README.md): Peertube, a federated (ActivityPub) video streaming platform.
+- [forgejo](forgejo/README.md): Forgejo, a community managed lightweight code hosting solution.
+- [roundcube](roundcube/README.md): Roundcube, a webmail.
+- [vaultwarden](vaultwarden/README.md): Vaultwarden, a password manager.
+- [nextcloud](nextcloud/README.md): Nextcloud, Online collaboration platform.
+- [gitea](gitea/README.md): Transitional package for Gitea to Forgejo.

seed/README.Prometheus.md

@@ -0,0 +1,19 @@
+---
+gitea: none
+include_toc: true
+---
+
+
+[Return to the list of application services.](README.md)
+# Prometheus
+
+## Synopsis
+
+Configure Prometheus exporter.
+
+## Variables
+
+
+## Provider
+
+[prometheus](prometheus/README.md): Prometheus, an event monitoring.

seed/README.Redis.md

@@ -0,0 +1,33 @@
+---
+gitea: none
+include_toc: true
+---
+
+
+[Return to the list of application services.](README.md)
+# Redis
+
+## Synopsis
+
+Create account and connexion to a Redis server.
+
+## Variables
+
+| Parameter                                                                                                                                                                 | Comment                                                                                                              |
+|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------|
+| **Redis:username**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable)   | Redis user name for *supplier name*.                                                                                 |
+| **Redis:password**<br/>mandatory<br/>**Type:** [`password`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Redis password for *supplier name*.                                                                                  |
+| **Redis:index**<br/>mandatory<br/>**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable)      | Redis database index.<br/>Only index 0 is allowed, Redis project discourage to use the server with several database. |
+
+## Provider
+
+[redis](redis/README.md): Redis, an in-memory data structure store.
+
+## Suppliers
+
+- [peertube](peertube/README.md): Peertube, a federated (ActivityPub) video streaming platform.
+- [piwigo](piwigo/README.md): Piwigo, a photo management software.
+- [forgejo](forgejo/README.md): Forgejo, a community managed lightweight code hosting solution.
+- [roundcube](roundcube/README.md): Roundcube, a webmail.
+- [nextcloud](nextcloud/README.md): Nextcloud, Online collaboration platform.
+- [gitea](gitea/README.md): Transitional package for Gitea to Forgejo.

seed/README.ReverseProxy.md

@@ -0,0 +1,44 @@
+---
+gitea: none
+include_toc: true
+---
+
+
+[Return to the list of application services.](README.md)
+# ReverseProxy
+
+## Synopsis
+
+Register to service to a reverse proxy server.
+
+## Variables
+
+| Parameter                                                                                                                                                                                    | Comment                                                                                                         |
+|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------|
+| **ReverseProxy:external**<br/>mandatory, multiple<br/>**Type:** [`domainname`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | External domain name for *supplier name*.                                                                       |
+| **ReverseProxy:location**<br/>mandatory<br/>**Type:** [`filename`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable)             | URI to redirect for *supplier name*.<br/>Relative redirected URI (without domaine name).<br/>**Example:** /mail |
+| **ReverseProxy:max_body_size**<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable)                        | Body size max for *supplier name*.                                                                              |
+| **ReverseProxy:websocket**<br/>mandatory<br/>**Type:** [`boolean`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable)             | The entry point is a websocket for *supplier name*.<br/>**Default:** [True]                                     |
+| **ReverseProxy:url**<br/>mandatory<br/>**Type:** [`web_address`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable)               | Internal URL for *supplier name*.                                                                               |
+| **ReverseProxy:http**<br/>mandatory<br/>**Type:** [`boolean`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable)                  | The website is in HTTP for *supplier name*.<br/>**Default:** True                                               |
+
+## Provider
+
+[nginx-reverse-proxy](nginx-reverse-proxy/README.md): Nginx as reverse proxy.
+
+## Suppliers
+
+- [odoo](odoo/README.md): Odoo, an ERP and CRM.
+- [nginx-static](nginx-static/README.md): Nginx as static web site.
+- [grafana](grafana/README.md): Grafana is an analytics and interactive visualization web application.
+- [mailman](mailman/README.md): GNU Mailman, managing electronic mail discussion and e-newsletter lists.
+- [peertube](peertube/README.md): Peertube, a federated (ActivityPub) video streaming platform.
+- [piwigo](piwigo/README.md): Piwigo, a photo management software.
+- [dovecot](dovecot/README.md): Postfix and Dovecot as mail servers (IMAP and submission).
+- [forgejo](forgejo/README.md): Forgejo, a community managed lightweight code hosting solution.
+- [speedtest-rs](speedtest-rs/README.md): Speedtest-rs, a very lightweight Speedtest.
+- [roundcube](roundcube/README.md): Roundcube, a webmail.
+- [vaultwarden](vaultwarden/README.md): Vaultwarden, a password manager.
+- [nextcloud](nextcloud/README.md): Nextcloud, Online collaboration platform.
+- [lemonldap](lemonldap/README.md): LemonLDAP, a Web Single Sign On and Access Management.
+- [gitea](gitea/README.md): Transitional package for Gitea to Forgejo.

seed/README.SMTP.md

@@ -0,0 +1,37 @@
+---
+gitea: none
+include_toc: true
+---
+
+
+[Return to the list of application services.](README.md)
+# SMTP
+
+## Synopsis
+
+Create a SMTP relay account and authorize sending email.<br/>A service needs send email with SMTP protocol, so an account is created and SMTP relay accept sending mail by this account.
+
+## Variables
+
+| Parameter                                                                                                                                                              | Comment                                         |
+|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------|
+| **SMTP:username**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | User account to send email for *supplier name*. |
+| **SMTP:password**<br/>mandatory<br/>**Type:** [`secret`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Password to send email for *supplier name*.     |
+
+## Provider
+
+[postfix-relay](postfix-relay/README.md): Postfix, the mail server, as relay.
+
+## Suppliers
+
+- [odoo](odoo/README.md): Odoo, an ERP and CRM.
+- [grafana](grafana/README.md): Grafana is an analytics and interactive visualization web application.
+- [mailman](mailman/README.md): GNU Mailman, managing electronic mail discussion and e-newsletter lists.
+- [peertube](peertube/README.md): Peertube, a federated (ActivityPub) video streaming platform.
+- [piwigo](piwigo/README.md): Piwigo, a photo management software.
+- [dovecot](dovecot/README.md): Postfix and Dovecot as mail servers (IMAP and submission).
+- [forgejo](forgejo/README.md): Forgejo, a community managed lightweight code hosting solution.
+- [vaultwarden](vaultwarden/README.md): Vaultwarden, a password manager.
+- [nextcloud](nextcloud/README.md): Nextcloud, Online collaboration platform.
+- [lemonldap](lemonldap/README.md): LemonLDAP, a Web Single Sign On and Access Management.
+- [gitea](gitea/README.md): Transitional package for Gitea to Forgejo.

seed/README.Vector.md

@@ -0,0 +1,22 @@
+---
+gitea: none
+include_toc: true
+---
+
+
+[Return to the list of application services.](README.md)
+# Vector
+
+## Synopsis
+
+Collect observability data from another Vector instance.
+
+## Variables
+
+| Parameter                                                                                                                                             | Comment                                                                                                                     |
+|-------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------|
+| **Vector:address**<br/>**Type:** [`ip`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Send Journal on this IP address.<br/>Vector must listen on this address, clients are configured to use this destination IP. |
+
+## Provider
+
+[vector](vector/README.md): Vector, a lightweight, ultra-fast tool for building observability pipelines.

seed/README.md

@@ -0,0 +1,91 @@
+# Application services
+
+- [dovecot](dovecot/README.md): Postfix and Dovecot as mail servers (IMAP and submission)
+- [forgejo](forgejo/README.md): Forgejo, a community managed lightweight code hosting solution
+- [gitea](gitea/README.md): Transitional package for Gitea to Forgejo
+- [grafana](grafana/README.md): Grafana is an analytics and interactive visualization web application
+- [lemonldap](lemonldap/README.md): LemonLDAP, a Web Single Sign On and Access Management
+- [loki](loki/README.md): Loki, a log aggregation platform
+- [mailman](mailman/README.md): GNU Mailman, managing electronic mail discussion and e-newsletter lists
+- [mariadb](mariadb/README.md): MariaDB, a relational database
+- [nextcloud](nextcloud/README.md): Nextcloud, Online collaboration platform
+- nginx:
+  - [nginx-reverse-proxy](nginx-reverse-proxy/README.md): Nginx as reverse proxy
+  - [nginx-static](nginx-static/README.md): Nginx as static web site
+- nsd:
+  - [nsd](nsd/README.md): NSD, an authoritative DNS name server
+  - [nsd-local](nsd-local/README.md): NSD, an authoritative DNS name server for local resolution
+- [odoo](odoo/README.md): Odoo, an ERP and CRM
+- [openldap](openldap/README.md): OpenLDAP, the LDAP server
+- [peertube](peertube/README.md): Peertube, a federated (ActivityPub) video streaming platform
+- [piwigo](piwigo/README.md): Piwigo, a photo management software
+- [postfix-relay](postfix-relay/README.md): Postfix, the mail server, as relay
+- [postgresql](postgresql/README.md): Postgresql, a database
+- [prometheus](prometheus/README.md): Prometheus, an event monitoring
+- [redis](redis/README.md): Redis, an in-memory data structure store
+- [roundcube](roundcube/README.md): Roundcube, a webmail
+- [speedtest-rs](speedtest-rs/README.md): Speedtest-rs, a very lightweight Speedtest
+- [unbound](unbound/README.md): Unbound, a validating, recursive, caching DNS resolver
+- [vaultwarden](vaultwarden/README.md): Vaultwarden, a password manager
+- [vector](vector/README.md): Vector, a lightweight, ultra-fast tool for building observability pipelines
+- [znc](znc/README.md): ZNC, a bouncer IRC
+# Application dependencies
+
+- [apache](apache/README.md): Apache as web server
+- base:
+  - [base](base/README.md): Base of all application services
+  - [base-debian](base-debian/README.md): Base information of a Debian server
+  - [base-debian-bullseye](base-debian-bullseye/README.md): Base information of a Debian Bulleye server
+  - [base-fedora](base-fedora/README.md): Base information of a Fedora
+  - [base-fedora-35](base-fedora-35/README.md): Base information of a Fedora 35
+  - [base-fedora-36](base-fedora-36/README.md): Base information of a Fedora 36
+  - [base-fedora-37](base-fedora-37/README.md): Base information of a Fedora 37
+  - [base-fedora-38](base-fedora-38/README.md): Base information of a Fedora 38
+  - [base-machine](base-machine/README.md): Base information for a machine
+- dns:
+  - [dns-external](dns-external/README.md): DNS client with resolution on all zones (especially outside)
+  - [dns-local](dns-local/README.md): DNS client with access to local zones
+- [host-systemd-machined](host-systemd-machined/README.md): Host with machine started in Systemd Machined environment
+- [imap-client](imap-client/README.md): Application service needs interact with an IMAP server
+- [journald](journald/README.md): Journald
+- [journald_remote](journald_remote/README.md): Journald remote
+- [ldap-client](ldap-client/README.md): Application service needs interact with a LDAP server
+- [mariadb-client](mariadb-client/README.md): Application service needs interact with a MariaDB server
+- nginx:
+  - [nginx-common](nginx-common/README.md): Nginx common configuration
+  - [nginx-https](nginx-https/README.md): Nginx as HTTPS web site
+- [oauth2-client](oauth2-client/README.md): Application service needs interact with a Oauth2 server
+- php:
+  - [php](php/README.md): PHP, a popular general-purpose scripting language
+  - [php-fpm](php-fpm/README.md): PHP FPM
+- [pki-tls](pki-tls/README.md): Autosign PKI or Let's encrypt support for TLS certificates
+- [postfix-lmtp-relay](postfix-lmtp-relay/README.md): Postfix, the mail server, as LMTP relay
+- [postgresql-client](postgresql-client/README.md): Application service needs interact with a Postgresql server
+- [provider-systemd-machined](provider-systemd-machined/README.md): Machine started in Systemd Machined environment
+- redis:
+  - [redis-client](redis-client/README.md): Application service needs interact with a Redis server
+  - [redis-common](redis-common/README.md): Redis, an in-memory data structure store
+- relay:
+  - [relay-lmtp-client](relay-lmtp-client/README.md): Application service needs interact with a Postfix server with LMTP protocol
+  - [relay-mail-client](relay-mail-client/README.md): Client SMTP
+- [resolved](resolved/README.md): Resolved
+- [reverse-proxy-client](reverse-proxy-client/README.md): Application service needs interact with a a reverse proxy server
+- [systemd](systemd/README.md): Systemd, a system and service manager
+
+# Providers
+
+- [ExternalDNS](README.ExternalDNS.md): DNS forwarder for all DNS zones.
+- [IMAP](README.IMAP.md): IMAP server connexion.
+- [Journald](README.Journald.md): Concentrate journal messages on one host.
+- [LDAP](README.LDAP.md): Create account and connexion to a LDAP server.
+- [LMTP](README.LMTP.md): LMTP remote server.
+- [LocalDNS](README.LocalDNS.md): DNS forwarder for local domain name.
+- [Loki](README.Loki.md): Concentrate log messages.
+- [MariaDB](README.MariaDB.md): Create account and connexion to a MariaDB server.
+- [OAuth2](README.OAuth2.md): Remote clients needing to verify OAuth2 account.
+- [Postgresql](README.Postgresql.md): Create account and connexion to a PostgreSQL server.
+- [Prometheus](README.Prometheus.md): Configure Prometheus exporter.
+- [Redis](README.Redis.md): Create account and connexion to a Redis server.
+- [ReverseProxy](README.ReverseProxy.md): Register to service to a reverse proxy server.
+- [SMTP](README.SMTP.md): Create a SMTP relay account and authorize sending email.
+- [Vector](README.Vector.md): Collect observability data from another Vector instance.

seed/apache/README.md

@@ -0,0 +1,36 @@
+---
+gitea: none
+include_toc: true
+---
+
+
+[Return to the list of application services.](../README.md)
+# apache
+
+## Synopsis
+
+
+[Apache as web server.](https://httpd.apache.org/)
+
+
+
+## Variables for expert
+
+### General
+
+#### Apache
+
+Advance Apache web server settings.
+
+| Parameter                                                                                                                                                                                                            | Comments                                                                                                                   |
+|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------|
+| **[general.apache.apache_timeout](dictionaries/20_web.xml)**<br/>mandatory<br/>**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable)    | Amount of time the server will wait for certain events before failing a request.<br/>Time in seconds.<br/>**Default:** 300 |
+| **[general.apache.apache_keepalive](dictionaries/20_web.xml)**<br/>mandatory<br/>**Type:** [`boolean`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Enables HTTP persistent connections.<br/>**Default:** True                                                                 |
+
+## Dependances
+
+- [reverse-proxy-client](../reverse-proxy-client/README.md): Application service needs interact with a a reverse proxy server.
+
+## Used by
+
+[nextcloud](../nextcloud/README.md)

seed/apache/applicationservice.yml

@@ -1,5 +1,6 @@
+---
 format: '0.1'
-description: Apache configuration
+description: Apache as web server
+website: https://httpd.apache.org/
 depends:
-  - base-fedora-35
   - reverse-proxy-client

seed/apache/dictionaries/20_web.xml

@@ -1,38 +0,0 @@
-<?xml version='1.0' encoding='UTF-8'?>
-<rougail version="0.10">
-  <services>
-    <service name="httpd" target="multi-user">
-      <file>/etc/pki/ca-trust/source/anchors/ca_InternalReverseProxy.crt</file>
-      <file>/etc/httpd/conf/httpd.conf</file>
-      <file>/etc/httpd/conf.d/risotto.conf</file>
-      <file>/etc/httpd/conf.d/ssl.conf</file>
-      <file>/etc/httpd/ssl/server.ca</file>
-      <file>/etc/httpd/ssl/server.crt</file>
-      <file>/etc/httpd/ssl/server.key</file>
-      <file engine="none" source="sysuser-httpd.conf">/sysusers.d/httpd.conf</file>
-      <file engine="none" source="tmpfile-httpd.conf">/tmpfiles.d/0httpd.conf</file>
-    </service>
-  </services>
-  <variables>
-    <family name="nginx">
-      <variable name="php_fpm_user" redefine="True" exists="True">
-        <value>apache</value>
-      </variable>
-    </family>
-    <family name="apache" description="Apache" help="Paramètrage avancé du serveur web Apache">
-      <variable name="apache_timeout" type="number" description="Temps en secondes pendant lequel le serveur va attendre des entrées/sorties avant de considérer qu'une requête a échoué">
-        <value>300</value>
-      </variable>
-      <variable name="apache_keepalive" type="boolean" description="Autoriser les connexions persistantes"/>
-      <variable name="server_ca" hidden="True"/>
-    </family>
-  </variables>
-  <constraints>
-    <fill name="get_chain">
-      <param name="authority_cn" type="variable">revprox_client_server_domainname</param>
-      <param name="authority_name">InternalReverseProxy</param>
-      <param name="hide" type="variable">hide_secret</param>
-      <target>server_ca</target>
-    </fill>
-  </constraints>
-</rougail>

seed/apache/dictionaries/20_web.yml

@@ -0,0 +1,23 @@
+---
+version: 1.1
+
+nginx:
+
+  php_fpm_user:
+    redefine: true
+    exists: true
+    default: apache
+
+apache:
+  description: Apache
+  help: Advance Apache web server settings
+  mode: advanced
+
+  apache_timeout:
+    description: >-
+      Amount of time the server will wait for certain events before failing a
+      request
+    help: Time in seconds
+    default: 300
+
+  apache_keepalive: true  # Enables HTTP persistent connections

seed/apache/manual/image/preinstall/apache.sh

@@ -1 +1 @@
-PKG="$PKG mod_ssl"
+PKG="$PKG httpd mod_ssl"

seed/apache/templates/risotto.conf

@@ -1,15 +1,15 @@
 # Timeout
-Timeout %%apache_timeout
+Timeout {{ general.apache.apache_timeout }}
 
 # Keepalive
-%if %%apache_keepalive
+{% if general.apache.apache_keepalive %}
 KeepAlive On
-%else
+{% else %}
 KeepAlive Off
-%end if
+{% endif %}
 MaxKeepAliveRequests 50
-KeepAliveTimeout %%apache_timeout
+KeepAliveTimeout {{ general.apache.apache_timeout }}
 
 # RemoteIp
 RemoteIPHeader X-Forwarded-For
-RemoteIPInternalProxy %%revprox_client_server_ip
+RemoteIPInternalProxy {{ general.revprox.revprox_client_server_ip }}

seed/apache/templates/server.ca

@@ -1 +0,0 @@
-%%server_ca

seed/apache/templates/server.crt

@@ -1 +0,0 @@
-%%get_certificate(%%domain_name_eth0, authority_cn=%%revprox_client_server_domainname, authority_name="InternalReverseProxy", hide=%%hide_secret)

seed/apache/templates/server.key

@@ -1 +0,0 @@
-%%get_private_key(%%domain_name_eth0, authority_cn=%%revprox_client_server_domainname, authority_name="InternalReverseProxy", hide=%%hide_secret)

seed/apache/templates/ssl.conf

@@ -100,7 +100,7 @@ SSLProxyCipherSuite PROFILE=SYSTEM
 #   require an ECC certificate which can also be configured in
 #   parallel.
 # GNUNUX SSLCertificateFile /etc/pki/tls/certs/localhost.crt
-SSLCertificateFile      /etc/httpd/ssl/server.crt
+SSLCertificateFile      {{ general.tls_cert_directory }}/revprox.crt
 
 #   Server Private Key:
 #   If the key is not combined with the certificate, use this
@@ -109,7 +109,7 @@ SSLCertificateFile      /etc/httpd/ssl/server.crt
 #   both in parallel (to also allow the use of DSA ciphers, etc.)
 #   ECC keys, when in use, can also be configured in parallel
 # GNUNUX SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
-SSLCertificateKeyFile   /etc/httpd/ssl/server.key
+SSLCertificateKeyFile   {{ general.tls_key_directory }}/revprox.key
 
 #   Server Certificate Chain:
 #   Point SSLCertificateChainFile at a file containing the
@@ -126,7 +126,7 @@ SSLCertificateKeyFile   /etc/httpd/ssl/server.key
 #   huge file containing all of them (file must be PEM encoded)
 #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
 #>GNUNUX
-SSLCACertificateFile /etc/httpd/ssl/server.ca
+SSLCACertificateFile {{ general.tls_ca_directory }}/InternalReverseProxy.crt
 #<GNUNUX
 
 #   Client Authentication (Type):

seed/base-debian-bullseye/README.md

@@ -0,0 +1,30 @@
+---
+gitea: none
+include_toc: true
+---
+
+
+[Return to the list of application services.](../README.md)
+# base-debian-bullseye
+
+## Synopsis
+
+
+[Base information of a Debian Bulleye server.](https://www.debian.org/)
+
+## Dependances
+
+- [base-debian](../base-debian/README.md): Base information of a Debian server.
+  - [systemd](../systemd/README.md): Systemd, a system and service manager.
+    - [base-machine](../base-machine/README.md): Base information for a machine.
+      - [base](../base/README.md): Base of all application services.
+      - [dns-local](../dns-local/README.md): DNS client with access to local zones.
+      - [pki-tls](../pki-tls/README.md): Autosign PKI or Let's encrypt support for TLS certificates.
+    - [journald](../journald/README.md): Journald.
+    - [resolved](../resolved/README.md): Resolved.
+
+## Used by
+
+- [odoo](../odoo/README.md)
+- [mailman](../mailman/README.md)
+- [lemonldap](../lemonldap/README.md)

seed/base-debian-bullseye/applicationservice.yml

@@ -1,4 +1,7 @@
+---
 format: '0.1'
-description: Information de base d'un serveur Debian Buster
+description: Base information of a Debian Bulleye server
+website: https://www.debian.org/
 depends:
   - base-debian
+distribution: true

seed/base-debian-bullseye/dictionaries/00-debian-bullseye.xml

@@ -1,13 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<rougail version="0.10">
-  <services>
-    <service name="dnssec" manage="False">
-      <file>/etc/dnssec-trust-anchors.d/local.negative</file>
-    </service>
-  </services>
-  <variables>
-    <variable name="os_version" type="string" description="Version de l'OS" hidden="True">
-      <value>bullseye</value>
-    </variable>
-  </variables>
-</rougail>

seed/base-debian-bullseye/dictionaries/00_debian-bullseye.yml

@@ -0,0 +1,7 @@
+---
+version: 1.1
+
+os_version:
+  description: Version de l'OS
+  hidden: true
+  default: bullseye

seed/base-debian-bullseye/templates/local.negative

@@ -1,2 +1,2 @@
-%set %%domain=%%domain_name_eth0.split('.', 1)[1]
-%%domain
+{% set domain = domain_name_eth0.split('.', 1)[1] %}
+{{ domain }}

seed/base-debian/README.md

@@ -0,0 +1,27 @@
+---
+gitea: none
+include_toc: true
+---
+
+
+[Return to the list of application services.](../README.md)
+# base-debian
+
+## Synopsis
+
+
+[Base information of a Debian server.](https://www.debian.org/)
+
+## Dependances
+
+- [systemd](../systemd/README.md): Systemd, a system and service manager.
+  - [base-machine](../base-machine/README.md): Base information for a machine.
+    - [base](../base/README.md): Base of all application services.
+    - [dns-local](../dns-local/README.md): DNS client with access to local zones.
+    - [pki-tls](../pki-tls/README.md): Autosign PKI or Let's encrypt support for TLS certificates.
+  - [journald](../journald/README.md): Journald.
+  - [resolved](../resolved/README.md): Resolved.
+
+## Used by
+
+[base-debian-bullseye](../base-debian-bullseye/README.md)

seed/base-debian/applicationservice.yml

@@ -1,5 +1,6 @@
+---
 format: '0.1'
-description: Information de base d'un serveur Debian
+description: Base information of a Debian server
+website: https://www.debian.org/
 depends:
-  - base-machine
   - systemd

seed/base-debian/dictionaries/11-debian-base.xml

@@ -1,15 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<rougail version="0.10">
-  <services>
-    <service name="debian" manage="False">
-      <file engine="none" source="tmpfile-tmp.conf">/tmpfiles.d/0tmp.conf</file>
-      <file engine="none">/etc/default/locale</file>
-    </service>
-  </services>
-  <variables>
-    <variable name="os_name" type="string" description="Nom de l'OS" hidden="True">
-      <value>Debian</value>
-    </variable>
-  </variables>
-</rougail>
-

seed/base-debian/dictionaries/11_debian-base.yml

@@ -0,0 +1,7 @@
+---
+version: 1.1
+
+os_name:
+  description: Nom de l'OS
+  hidden: true
+  default: Debian

seed/base-debian/dictionaries/17-debian-base.xml

@@ -1,17 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<rougail version="0.10">
-  <services>
-    <service name="update-ca-certificates" engine="creole" target="multi-user"/>
-  </services>
-  <variables>
-    <variable name="tls_ca_directory" type="filename" description="Répertoire des autorités de certification" hidden="True">
-      <value>/etc/ssl-localca</value>
-    </variable>
-    <variable name="tls_cert_directory" type="filename" description="Répertoire des certificats" hidden="True">
-      <value>/etc/ssl/certs</value>
-    </variable>
-    <variable name="tls_key_directory" type="filename" description="Répertoire des clefs privés" hidden="True">
-      <value>/etc/ssl/private</value>
-    </variable>
-  </variables>
-</rougail>

seed/base-debian/dictionaries/17_debian-base.yml

@@ -0,0 +1,20 @@
+---
+version: 1.1
+
+tls_ca_directory:
+  type: unix_filename
+  description: Répertoire des autorités de certification
+  hidden: true
+  default: /etc/ssl-localca
+
+tls_cert_directory:
+  type: unix_filename
+  description: Répertoire des certificats
+  hidden: true
+  default: /etc/ssl/certs
+
+tls_key_directory:
+  type: unix_filename
+  description: Répertoire des clefs privés
+  hidden: true
+  default: /etc/ssl/private

seed/base-debian/manual/image/postinstall/debian.sh

@@ -1,2 +1,8 @@
-rm -f $IMAGE_NAME_RISOTTO_IMAGE_DIR/etc/resolv.conf
-ln -s ../run/systemd/resolve/stub-resolv.conf $IMAGE_NAME_RISOTTO_IMAGE_DIR/etc/resolv.conf
+rm -f $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/etc/resolv.conf
+ln -s ../run/systemd/resolve/stub-resolv.conf $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/etc/resolv.conf
+#mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
+#chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
+#ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
+#ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
+#ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
+#ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"

seed/base-debian/templates/systemd-networkd.service

@@ -0,0 +1,2 @@
+[Unit]
+After=systemd-tmpfiles-setup.service

seed/base-debian/templates/sysuser-debian.conf

@@ -0,0 +1,3 @@
+g Debian-exim 109
+u Debian-exim 104:109 "Exim" /var/spool/exim4 /usr/sbin/nologin
+g kvm 103

seed/base-debian/templates/tmpfile-tmp.conf

@@ -1 +1,3 @@
 q /var/tmp 1777 root root 30d
+# Keys have good right
+d /etc/ssl/private 755 root root - -

seed/base-debian/templates/update-ca-certificates.service

@@ -4,7 +4,7 @@ Before=network-pre.target
 
 [Service]
 Type=oneshot
-ExecStart=/usr/sbin/update-ca-certificates --localcertsdir %%tls_ca_directory
+ExecStart=/usr/sbin/update-ca-certificates --localcertsdir {{ general.tls_ca_directory }}
 
 [Install]
 WantedBy=multi-user.target

seed/base-fedora-35/README.md

@@ -0,0 +1,28 @@
+---
+gitea: none
+include_toc: true
+---
+
+
+[Return to the list of application services.](../README.md)
+# base-fedora-35
+
+## Synopsis
+
+
+[Base information of a Fedora 35.](https://getfedora.org/)
+
+## Dependances
+
+- [base-fedora](../base-fedora/README.md): Base information of a Fedora.
+  - [systemd](../systemd/README.md): Systemd, a system and service manager.
+    - [base-machine](../base-machine/README.md): Base information for a machine.
+      - [base](../base/README.md): Base of all application services.
+      - [dns-local](../dns-local/README.md): DNS client with access to local zones.
+      - [pki-tls](../pki-tls/README.md): Autosign PKI or Let's encrypt support for TLS certificates.
+    - [journald](../journald/README.md): Journald.
+    - [resolved](../resolved/README.md): Resolved.
+
+## Used by
+
+[postfix-relay](../postfix-relay/README.md)

seed/base-fedora-35/applicationservice.yml

@@ -1,4 +1,7 @@
+---
 format: '0.1'
-description: Information de base d'un serveur fedora version 35
+description: Base information of a Fedora 35
+website: https://getfedora.org/
 depends:
   - base-fedora
+distribution: true

seed/base-fedora-35/dictionaries/11-fedora-35.xml

@@ -1,8 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<rougail version="0.10">
-  <variables>
-    <variable name="os_version" type="string" description="Version de l'OS" hidden="True">
-      <value>35</value>
-    </variable>
-  </variables>
-</rougail>

seed/base-fedora-35/dictionaries/11_fedora-35.yml

@@ -0,0 +1,7 @@
+---
+version: 1.1
+
+os_version:
+  description: Version de l'OS
+  hidden: true
+  default: '35'

seed/base-fedora-35/manual/image/postinstall/base_fedora_35.sh

@@ -1,7 +1,7 @@
 # ACTIVE NETWORKD
-mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants
-chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants
-ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
-ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
-ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
-ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"
+mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
+chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
+ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
+ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
+ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
+ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"

seed/base-fedora-36/README.md

@@ -0,0 +1,35 @@
+---
+gitea: none
+include_toc: true
+---
+
+
+[Return to the list of application services.](../README.md)
+# base-fedora-36
+
+## Synopsis
+
+
+[Base information of a Fedora 36.](https://getfedora.org/)
+
+## Dependances
+
+- [base-fedora](../base-fedora/README.md): Base information of a Fedora.
+  - [systemd](../systemd/README.md): Systemd, a system and service manager.
+    - [base-machine](../base-machine/README.md): Base information for a machine.
+      - [base](../base/README.md): Base of all application services.
+      - [dns-local](../dns-local/README.md): DNS client with access to local zones.
+      - [pki-tls](../pki-tls/README.md): Autosign PKI or Let's encrypt support for TLS certificates.
+    - [journald](../journald/README.md): Journald.
+    - [resolved](../resolved/README.md): Resolved.
+
+## Used by
+
+- [piwigo](../piwigo/README.md)
+- [dovecot](../dovecot/README.md)
+- [speedtest-rs](../speedtest-rs/README.md)
+- [roundcube](../roundcube/README.md)
+- [znc](../znc/README.md)
+- [vaultwarden](../vaultwarden/README.md)
+- [mariadb](../mariadb/README.md)
+- [nextcloud](../nextcloud/README.md)

seed/base-fedora-36/applicationservice.yml

@@ -1,4 +1,7 @@
+---
 format: '0.1'
-description: Information de base d'un serveur fedora version 36
+description: Base information of a Fedora 36
+website: https://getfedora.org/
 depends:
   - base-fedora
+distribution: true

seed/base-fedora-36/dictionaries/11-fedora-version.xml

@@ -1,13 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<rougail version="0.10">
-  <services>
-    <service name="base">
-      <file engine="none">/etc/pam.d/login</file>
-    </service>
-  </services>
-  <variables>
-    <variable name="os_version" type="string" description="Version de l'OS" hidden="True">
-      <value>36</value>
-    </variable>
-  </variables>
-</rougail>

seed/base-fedora-36/dictionaries/11_fedora-version.yml

@@ -0,0 +1,7 @@
+---
+version: 1.1
+
+os_version:
+  description: Version de l'OS
+  hidden: true
+  default: '36'

seed/base-fedora-36/manual/image/postinstall/base_fedora_version.sh

@@ -1,7 +1,7 @@
 # ACTIVE NETWORKD
-mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants
-chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants
-ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
-ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
-ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
-ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"
+mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
+chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
+ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
+ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
+ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
+ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"

seed/base-fedora-36/manual/image/preinstall/base_fedora_36.sh

@@ -1 +1 @@
-BASE_PKG="$BASE_PKG pam"
+BASE_PKG="$BASE_PKG pam util-linux"

seed/base-fedora-36/templates/login

@@ -1,4 +1,4 @@
-# File from util-linux-*.x86_64 (not installed)
+#GNUNUX File from util-linux-*.x86_64 (not installed)
 #%PAM-1.0
 auth       substack     system-auth
 auth       include      postlogin

seed/base-fedora-37/README.md

@@ -0,0 +1,33 @@
+---
+gitea: none
+include_toc: true
+---
+
+
+[Return to the list of application services.](../README.md)
+# base-fedora-37
+
+## Synopsis
+
+
+[Base information of a Fedora 37.](https://getfedora.org/)
+
+## Dependances
+
+- [base-fedora](../base-fedora/README.md): Base information of a Fedora.
+  - [systemd](../systemd/README.md): Systemd, a system and service manager.
+    - [base-machine](../base-machine/README.md): Base information for a machine.
+      - [base](../base/README.md): Base of all application services.
+      - [dns-local](../dns-local/README.md): DNS client with access to local zones.
+      - [pki-tls](../pki-tls/README.md): Autosign PKI or Let's encrypt support for TLS certificates.
+    - [journald](../journald/README.md): Journald.
+    - [resolved](../resolved/README.md): Resolved.
+
+## Used by
+
+- [nginx-static](../nginx-static/README.md)
+- [postgresql](../postgresql/README.md)
+- [unbound](../unbound/README.md)
+- [nsd](../nsd/README.md)
+- [nginx-reverse-proxy](../nginx-reverse-proxy/README.md)
+- [openldap](../openldap/README.md)

seed/base-fedora-37/applicationservice.yml

@@ -0,0 +1,7 @@
+---
+format: '0.1'
+description: Base information of a Fedora 37
+website: https://getfedora.org/
+depends:
+  - base-fedora
+distribution: true

seed/base-fedora-37/dictionaries/11_fedora-version.yml

@@ -0,0 +1,7 @@
+---
+version: 1.1
+
+os_version:
+  description: Version de l'OS
+  hidden: true
+  default: '37'

seed/base-fedora-37/manual/image/postinstall/base_fedora_version.sh

@@ -0,0 +1,7 @@
+# ACTIVE NETWORKD
+mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
+chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
+ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
+ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
+ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
+ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"

seed/base-fedora-37/manual/image/preinstall/base_fedora_37.sh

@@ -0,0 +1 @@
+BASE_PKG="$BASE_PKG pam util-linux"

seed/base-fedora-37/manual/image/preinstall/base_fedora_version.sh

@@ -0,0 +1 @@
+RELEASEVER=37

seed/base-fedora-37/templates/login

@@ -1,4 +1,4 @@
-# File from util-linux-*.x86_64 (not installed)
+#GNUNUX File from util-linux-*.x86_64 (not installed)
 #%PAM-1.0
 auth       substack     system-auth
 auth       include      postlogin

seed/base-fedora-38/README.md

@@ -0,0 +1,34 @@
+---
+gitea: none
+include_toc: true
+---
+
+
+[Return to the list of application services.](../README.md)
+# base-fedora-38
+
+## Synopsis
+
+
+[Base information of a Fedora 38.](https://getfedora.org/)
+
+## Dependances
+
+- [base-fedora](../base-fedora/README.md): Base information of a Fedora.
+  - [systemd](../systemd/README.md): Systemd, a system and service manager.
+    - [base-machine](../base-machine/README.md): Base information for a machine.
+      - [base](../base/README.md): Base of all application services.
+      - [dns-local](../dns-local/README.md): DNS client with access to local zones.
+      - [pki-tls](../pki-tls/README.md): Autosign PKI or Let's encrypt support for TLS certificates.
+    - [journald](../journald/README.md): Journald.
+    - [resolved](../resolved/README.md): Resolved.
+
+## Used by
+
+- [grafana](../grafana/README.md)
+- [peertube](../peertube/README.md)
+- [vector](../vector/README.md)
+- [redis](../redis/README.md)
+- [loki](../loki/README.md)
+- [forgejo](../forgejo/README.md)
+- [prometheus](../prometheus/README.md)

seed/base-fedora-38/applicationservice.yml

@@ -0,0 +1,7 @@
+---
+format: '0.1'
+description: Base information of a Fedora 38
+website: https://getfedora.org/
+depends:
+  - base-fedora
+distribution: true

seed/base-fedora-38/dictionaries/11_fedora-version.yml

@@ -0,0 +1,7 @@
+---
+version: 1.1
+
+os_version:
+  description: Version de l'OS
+  hidden: true
+  default: '38'

seed/base-fedora-38/manual/image/postinstall/base_fedora_version.sh

@@ -0,0 +1,7 @@
+# ACTIVE NETWORKD
+mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
+chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
+ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
+ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
+ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
+ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"

seed/base-fedora-38/manual/image/preinstall/base_fedora_38.sh

@@ -0,0 +1 @@
+BASE_PKG="$BASE_PKG pam util-linux"

seed/base-fedora-38/manual/image/preinstall/base_fedora_version.sh

@@ -0,0 +1 @@
+RELEASEVER=38

seed/base-fedora-38/templates/login

@@ -0,0 +1,17 @@
+#GNUNUX File from util-linux-*.x86_64 (not installed)
+#%PAM-1.0
+auth       substack     system-auth
+auth       include      postlogin
+account    required     pam_nologin.so
+account    include      system-auth
+password   include      system-auth
+# pam_selinux.so close should be the first session rule
+session    required     pam_selinux.so close
+session    required     pam_loginuid.so
+# pam_selinux.so open should only be followed by sessions to be executed in the user context
+session    required     pam_selinux.so open
+session    required     pam_namespace.so
+session    optional     pam_keyinit.so force revoke
+session    include      system-auth
+session    include      postlogin
+-session   optional     pam_ck_connector.so

seed/base-fedora/README.md

@@ -1 +1,30 @@
-Inspired by: https://pagure.io/fedora-kickstarts/tree/main
+---
+gitea: none
+include_toc: true
+---
+
+
+[Return to the list of application services.](../README.md)
+# base-fedora
+
+## Synopsis
+
+
+[Base information of a Fedora.](https://getfedora.org/)
+
+## Dependances
+
+- [systemd](../systemd/README.md): Systemd, a system and service manager.
+  - [base-machine](../base-machine/README.md): Base information for a machine.
+    - [base](../base/README.md): Base of all application services.
+    - [dns-local](../dns-local/README.md): DNS client with access to local zones.
+    - [pki-tls](../pki-tls/README.md): Autosign PKI or Let's encrypt support for TLS certificates.
+  - [journald](../journald/README.md): Journald.
+  - [resolved](../resolved/README.md): Resolved.
+
+## Used by
+
+- [base-fedora-36](../base-fedora-36/README.md)
+- [base-fedora-35](../base-fedora-35/README.md)
+- [base-fedora-38](../base-fedora-38/README.md)
+- [base-fedora-37](../base-fedora-37/README.md)

seed/base-fedora/applicationservice.yml

@@ -1,5 +1,6 @@
+---
 format: '0.1'
-description: Information de base d'un serveur Fedora
+description: Base information of a Fedora
+website: https://getfedora.org/
 depends:
-  - base-machine
   - systemd

seed/base-fedora/dictionaries/11-fedora-base.xml

@@ -1,13 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<rougail version="0.10">
-  <services>
-    <service name="fedora-base" manage="False">
-      <file engine="none">/tmpfiles.d/fedora.conf</file>
-    </service>
-  </services>
-  <variables>
-    <variable name="os_name" type="string" description="Nom de l'OS" hidden="True">
-      <value>Fedora</value>
-    </variable>
-  </variables>
-</rougail>

seed/base-fedora/dictionaries/11_fedora-base.yml

@@ -0,0 +1,7 @@
+---
+version: 1.1
+
+os_name:
+  description: Nom de l'OS
+  hidden: true
+  default: Fedora

seed/base-fedora/dictionaries/17-fedora-base.xml

@@ -1,17 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<rougail version="0.10">
-  <services>
-    <service name="update-ca-trust" engine="creole" target="multi-user"/>
-  </services>
-  <variables>
-    <variable name="tls_ca_directory" type="filename" description="Nom du répertoire des autorités de certification" hidden="True">
-      <value>/etc/pki/ca-trust/source/anchors</value>
-    </variable>
-    <variable name="tls_cert_directory" type="filename" description="Nom du répertoire des certificats" hidden="True">
-      <value>/etc/pki/tls/certs</value>
-    </variable>
-    <variable name="tls_key_directory" type="filename" description="Nom du répertoire des clefs privés" hidden="True">
-      <value>/etc/pki/tls/private</value>
-    </variable>
-  </variables>
-</rougail>

seed/base-fedora/dictionaries/17_fedora-base.yml

@@ -0,0 +1,20 @@
+---
+version: 1.1
+
+tls_ca_directory:
+  type: unix_filename
+  description: Nom du répertoire des autorités de certification
+  hidden: true
+  default: /etc/pki/ca-trust/source/anchors
+
+tls_cert_directory:
+  type: unix_filename
+  description: Nom du répertoire des certificats
+  hidden: true
+  default: /etc/pki/tls/certs
+
+tls_key_directory:
+  type: unix_filename
+  description: Nom du répertoire des clefs privés
+  hidden: true
+  default: /etc/pki/tls/private

seed/base-fedora/infos.md

@@ -0,0 +1 @@
+Inspired by: https://pagure.io/fedora-kickstarts/tree/main

seed/base-fedora/manual/image/preinstall/base_fedora.sh

@@ -1,4 +1,4 @@
 BASE_PKG="systemd systemd-networkd systemd-resolved fedora-release-container lsof strace glibc-langpack-fr $BASE_PKG"
 INSTALL_TOOL="dnf"
 OS_NAME='fedora'
-REPO_DIR="$IMAGE_NAME_RISOTTO_IMAGE_DIR/etc/yum.repos.d/"
+REPO_DIR="$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/etc/yum.repos.d/"

seed/base-machine/README.md

@@ -0,0 +1,32 @@
+---
+gitea: none
+include_toc: true
+---
+
+
+[Return to the list of application services.](../README.md)
+# base-machine
+
+## Synopsis
+
+Base information for a machine.
+
+
+## Variables
+
+### Machine
+
+| Parameter                                                                                                                                                                                       | Comments        |
+|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------|
+| **[machine.data_disk_size](extras/machine/00_base.xml)**<br/>**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Data disk size. |
+
+
+## Dependances
+
+- [base](../base/README.md): Base of all application services.
+- [dns-local](../dns-local/README.md): DNS client with access to local zones.
+- [pki-tls](../pki-tls/README.md): Autosign PKI or Let's encrypt support for TLS certificates.
+
+## Used by
+
+[systemd](../systemd/README.md)

seed/base-machine/applicationservice.yml

@@ -1,5 +1,7 @@
+---
 format: '0.1'
 description: Base information for a machine
 depends:
   - base
   - dns-local
+  - pki-tls

seed/base-machine/dictionaries/12-base.xml

@@ -1,48 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<rougail version="0.10">
-  <services>
-    <service name="base" manage="False">
-      <file engine="none">/etc/locale.conf</file>
-    </service>
-  </services>
-  <variables>
-    <variable name="hide_secret" type="boolean" description="Les secrets sont obscurcis" mode="expert" help="Obscurcir les secrets peut permettre de générer des configurations diffusable sans problème de confidentialité ou pour comparer deux configurations générés à des moments différents">
-      <value>False</value>
-    </variable>
-    <family name="network" description="Réseau">
-      <variable name="server_name" type="domainname" hidden="True" provider="global:server_name" mandatory="True"/>
-      <variable name="zones_list" type="string" multi="True" description="Liste de toutes les zones" mandatory="True" hidden="True" provider="global:zones_name"/>
-      <variable name="interfaces_list" type="number" multi="True" description="Liste de tous les numéros d'interfaces" hidden="True" provider="global:zones_list"/>
-      <family name="interface_" description="Interface " dynamic="interfaces_list">
-        <variable name="zone_name_eth" type="string" description="Nom de la zone de l'interface " hidden="True" mandatory="True"/>
-        <variable name="ip_eth" type="ip" description="Adresse IP pour l'interface " hidden="True" mandatory="True"/>
-        <variable name="network_eth" type="network_cidr" description="Réseau de l'interface " hidden="True"/>
-        <variable name="gateway_eth" type="ip" description="La route de l'interface "/>
-        <variable name="domain_name_eth" type="domainname" description="Nom de domaine pour l'interface " mandatory="True" hidden="True" provider="global:server_names"/>
-      </family>
-    </family>
-  </variables>
-  <constraints>
-    <fill name="get_ip">
-      <param name="server_name" type="variable">domain_name_eth</param>
-      <target>ip_eth</target>
-    </fill>
-    <fill name="get_zone_name">
-      <param type="variable">zones_list</param>
-      <param name="index" type="suffix"/>
-      <target>zone_name_eth</target>
-    </fill>
-    <fill name="zone_information">
-      <param type="variable">zone_name_eth</param>
-      <param>network</param>
-      <target>network_eth</target>
-    </fill>
-    <fill name="zone_information">
-      <param type="variable">zone_name_eth</param>
-      <param>gateway</param>
-      <param name="index" type="suffix"/>
-      <target>gateway_eth</target>
-    </fill>
-  </constraints>
-</rougail>
-

seed/base-machine/dictionaries/12_base.yml

@@ -0,0 +1,129 @@
+---
+version: 1.1
+
+hide_secret:
+  description: Les secrets sont obscurcis
+  mode: advanced
+  help: >-
+    Obscurcir les secrets peut permettre de générer des configurations
+    diffusable sans problème de confidentialité ou pour comparer deux
+    configurations générés à des moments différents
+  hidden: true
+  default: false
+
+base:
+
+  time_zone:
+    provider: Host:time_zone
+    hidden: true
+    mandatory: false
+
+module_name:
+  hidden: true
+  provider: global:module_name
+
+network:
+
+  server_name:
+    description: Nom de domaine du serveur
+    type: domainname
+    hidden: true
+    provider: global:server_name
+
+  last_server_name:
+    type: domainname
+    hidden: true
+    default:
+      jinja: >-
+        {%- if domain_name -%}
+        {{ domain_name[-1] }}
+        {%- endif -%}
+      params:
+        domain_name:
+          variable: >-
+            _.interface_{{ suffix }}.domain_name
+
+  zones_list:
+    multi: true
+    description: Liste de toutes les zones
+    hidden: true
+    provider: global:zones_name
+
+  interfaces_list:
+    type: number
+    multi: true
+    description: Liste de tous les numéros d'interfaces
+    hidden: true
+    provider: global:zones_list
+    mandatory: false
+
+  "interface_{{ suffix }}":
+    description: 'Interface {{ suffix }}'
+    dynamic:
+      variable: general.network.interfaces_list
+
+    zone_name:
+      description: "Nom de la zone de l'interface {{ suffix }}"
+      hidden: true
+      default:
+        jinja: >-
+          {%- if __.zones_list -%}
+          {{ __.zones_list[index] }}
+          {%- endif -%}
+        params:
+          index:
+            type: suffix
+
+    ip:
+      type: ip
+      description: "Adresse IP pour l'interface {{ suffix }}"
+      hidden: true
+      default:
+        jinja: >-
+          {{ zones | get_ip(server_name=_.domain_name) }}
+        params:
+          zones:
+            information: zones
+
+    network:
+      type: network_cidr
+      description: "Réseau de l'interface {{ suffix }}"
+      hidden: true
+      default:
+        jinja: >-
+          {{ zones | get_zones_info("network", zone_name=_.zone_name) }}
+        params:
+          zones:
+            information: zones
+
+    gateway:
+      type: ip
+      description: "La route de l'interface {{ suffix }}"
+      hidden: true
+      default:
+        jinja: >-
+          {{ zones | get_zones_info("host_ip",
+                                    zone_name=_.zone_name,
+                                    index=index)
+            }}
+        params:
+          zones:
+            information: zones
+          index:
+            type: suffix
+      disabled:
+        jinja: >-
+          {%- if index == 0 -%}
+          false
+          {%- else -%}
+          true
+          {%- endif -%}
+        params:
+          index:
+            type: suffix
+
+    domain_name:
+      type: domainname
+      description: "Nom de domaine pour l'interface {{ suffix }}"
+      hidden: true
+      provider: global:server_names

seed/base-machine/extras/machine/00_base.xml

@@ -1,14 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<rougail version="0.10">
-    <variables>
-        <variable name='name' description="Machine name" type="domainname" hidden="True"/>
-        <variable name='data_disk_size' description="Data disk size" type="number"/>
-    </variables>
-    <constraints>
-        <fill name="calc_value">
-            <param type="variable">domain_name_eth0</param>
-            <target>machine.name</target>
-        </fill>
-    </constraints>
-</rougail>
-

seed/base-machine/extras/machine/00_base.yml

@@ -0,0 +1,14 @@
+---
+version: 1.1
+
+name:
+  description: Machine name
+  type: domainname
+  hidden: true
+  default:
+    variable: general.network.server_name
+
+data_disk_size:
+  description: Data disk size
+  type: number
+  mandatory: false

seed/base-machine/funcs/funcs.py

@@ -2,22 +2,19 @@ import __main__
 from secrets import token_urlsafe as _token_urlsafe, token_hex as _token_hex
 from string import ascii_letters as _ascii_letters
 from random import choice as _choice
-from os.path import dirname as _dirname, abspath as _abspath, join as _join, isfile as _isfile, isdir as _isdir
-from os import makedirs as _makedirs
+from os.path import join as _join, isfile as _isfile, isdir as _isdir
+from os import makedirs as _makedirs, environ as _environ
 
 
-#from risotto.utils import ZONES_SERVER
-
-
-_HERE = _dirname(_abspath(__main__.__file__))
+_HERE = _environ['PWD']
 _PASSWORD_DIR = _join(_HERE, 'password')
 
 
-def get_password(server_name: str, 
-                 username: str,
+def get_password(username: str,
                  description: str,
                  type: str,
                  hide: bool,
+                 server_name: str='none', 
                  length: int=20,
                  temporary: bool=True,
                  ) -> str:
@@ -79,10 +76,3 @@ def _set_password(server_name: str,
     with open(file_name, 'r') as fh:
         file_content = fh.read().strip()
         return file_content
-
-
-def get_zone_name(zones: list,
-                  index: str,
-                  ):
-    if zones is not None:
-        return zones[int(index)]

seed/base-machine/manual/install/backup

@@ -1,42 +0,0 @@
-#!/bin/bash -e
-
-HOST_NAME=$1
-START=$2
-if [ -z "$HOST_NAME" ]; then
-    echo "usage: $0 host name"
-    exit 1
-fi
-
-. config.sh
-
-MACHINES=""
-for image in *; do
-    if [ -d "$image" ]; then
-        for os in $image/configurations/*; do
-            if [ -d "$os" ]; then
-                machine="$(basename $os)"
-                if [ -d "/var/lib/risotto/srv/$machine" ]; then
-                    MACHINES="$MACHINES$machine "
-                fi
-            fi
-        done
-    fi
-done
-cd /var/lib/risotto/srv/
-mkdir -p "$BACKUP_DIR"
-for machine in $MACHINES; do
-    machinectl stop $machine || true
-    while true; do
-        machinectl status "$machine" > /dev/null 2>&1 || break
-        sleep 1
-    done
-    BACKUP_FILE="$BACKUP_DIR/backup_$machine.tar.bz2"
-    rm -f "$BACKUP_FILE"
-    tar -cvJf $BACKUP_FILE $machine
-done
-
-if [ -z "$START" ]; then
-    machinectl start $MACHINES
-fi
-
-exit 0

seed/base-machine/manual/install/install_host

@@ -1,35 +0,0 @@
-#!/bin/bash -e
-
-HOST_NAME=$1
-if [ -z "$HOST_NAME" ]; then
-    echo "usage: $0 host name"
-    exit 1
-fi
-# remove current rules
-systemctl stop risottofirewall.service || true
-apt install --yes systemd-container dnf jq debootstrap htop gettext patch unzip mlocate xz-utils iptables
-systemd-tmpfiles --create --clean --remove $PWD/host/configurations/$HOST_NAME/tmpfiles.d/0asystemd-nspawn.conf
-systemd-tmpfiles --create --clean --remove $PWD/host/configurations/$HOST_NAME/tmpfiles.d/0rougail.conf
-systemctl daemon-reload
-systemctl restart systemd-sysctl.service
-systemctl enable systemd-networkd
-systemctl restart systemd-networkd
-systemctl enable systemd-resolved
-systemctl restart systemd-resolved
-# systemctl mask dev-hugepages.mount
-systemctl enable risotto-images.timer
-systemctl restart risotto-images.timer
-systemctl enable risottofirewall.service
-systemctl start risottofirewall.service
-
-#nft add table nat
-#nft flush table nat;
-#nft 'add chain nat prerouting { type nat hook prerouting priority -100; }'
-#nft 'add rule nat prerouting iif enp0s3 tcp dport { 80, 443 } dnat to 192.168.45.12'
-#nft 'add chain nat postrouting { type nat hook postrouting priority -100; }'
-#nft 'add rule nat postrouting ip saddr 192.168.45.10 oif enp0s8 tcp dport 53 snat to 10.0.3.15'
-#nft 'add rule nat postrouting ip saddr 192.168.45.10 oif enp0s8 udp dport 53 snat to 10.0.3.15'
-
-echo "install host OK"
-
-exit 0

seed/base-machine/manual/install/install_image

@@ -1,177 +0,0 @@
-#!/bin/bash -e
-
-HOST_NAME=$1
-IMAGE_NAME=$2
-
-if [ -z "$IMAGE_NAME" ]; then
-    echo "PAS DE NOM DE MODULE"
-    exit 1
-fi
-
-. config.sh
-
-rm -rf "$IMAGE_NAME_RISOTTO_IMAGE_DIR" tmp
-mkdir -p "$RISOTTO_IMAGE_DIR"
-PKG=""
-BASE_DIR=""
-for script in $(ls $IMAGE_NAME/manual/preinstall/*.sh 2> /dev/null); do
-    . "$script"
-done
-
-if [ -z "$OS_NAME" ]; then
-    echo "NO OS NAME DEFINED"
-    exit 0
-fi
-if [ -z "$RELEASEVER" ]; then
-    echo "NO RELEASEVER DEFINED"
-    exit 0
-fi
-if [ -z "$INSTALL_TOOL" ]; then
-    echo "NO INSTALL TOOL DEFINED"
-    exit 0
-fi
-BASE_NAME="$OS_NAME-$RELEASEVER"
-BASE_DIR="$IMAGE_BASE_RISOTTO_BASE_DIR/$BASE_NAME"
-BASE_TAR="$IMAGE_BASE_RISOTTO_BASE_DIR-$BASE_NAME".tar
-BASE_PKGS_FILE="$IMAGE_BASE_RISOTTO_BASE_DIR-$BASE_NAME.pkgs"
-BASE_LOCK="$IMAGE_BASE_RISOTTO_BASE_DIR-$BASE_NAME.build"
-
-function dnf_opt() {
-    INSTALL_DIR=$1
-    INSTALL_PKG=$2
-    echo "--setopt=install_weak_deps=False --nodocs --noplugins --installroot=$INSTALL_DIR --releasever $RELEASEVER install $INSTALL_PKG"
-}
-function new_package_base() {
-    if [ "$INSTALL_TOOL" = "dnf" ]; then
-        OPT=$(dnf_opt "$BASE_DIR" "$BASE_PKG")
-        dnf --assumeno $OPT | grep ^" " > "$BASE_PKGS_FILE".new
-    else
-        debootstrap --include="$BASE_PKG" --variant=minbase "$RELEASEVER" "$BASE_DIR" > /dev/null
-        chroot "$BASE_DIR" dpkg-query -f '${binary:Package} ${source:Version}\n' -W > "$BASE_PKGS_FILE".new
-    fi
-}
-function install_base() {
-    if [ "$INSTALL_TOOL" = "dnf" ]; then
-        OPT=$(dnf_opt "$BASE_DIR" "$BASE_PKG")
-        dnf --assumeyes $OPT
-    fi
-}
-function new_package() {
-    if [ "$INSTALL_TOOL" = "dnf" ]; then
-        OPT=$(dnf_opt "$IMAGE_NAME_RISOTTO_IMAGE_DIR" "$PKG")
-        dnf --assumeno $OPT | grep ^" " > "$IMAGE_NAME_RISOTTO_IMAGE_DIR".pkgs.new
-    else
-        chroot "$IMAGE_NAME_RISOTTO_IMAGE_DIR" apt install --no-install-recommends --yes $PKG -s 2>/dev/null|grep ^"Inst " > "$IMAGE_NAME_RISOTTO_IMAGE_DIR".pkgs.new
-    fi
-}
-function install_pkg() {
-    if [ "$INSTALL_TOOL" = "dnf" ]; then
-        OPT=$(dnf_opt "$IMAGE_NAME_RISOTTO_IMAGE_DIR" "$PKG")
-        dnf --assumeyes $OPT
-    else
-        chroot "$IMAGE_NAME_RISOTTO_IMAGE_DIR" apt install --no-install-recommends --yes $PKG
-    fi
-}
-
-
-if [ ! -f "$BASE_LOCK" ]; then
-    echo "  - reinstallation de l'image de base"
-    rm -rf "$BASE_DIR"
-    new_package_base
-    diff -u "$BASE_PKGS_FILE" "$BASE_PKGS_FILE".new && NEW_BASE=false || NEW_BASE=true
-    if [ ! -f "$BASE_TAR" ] || [ "$NEW_BASE" = true ]; then
-        mkdir -p "$IMAGE_BASE_RISOTTO_BASE_DIR"
-        install_base
-        cd "$IMAGE_BASE_RISOTTO_BASE_DIR"
-        tar cf "$BASE_TAR" "$BASE_NAME"
-        cd - > /dev/null
-        if [ -f "$BASE_PKGS_FILE" ]; then
-            mv "$BASE_PKGS_FILE" "$BASE_PKGS_FILE".old
-        fi
-        mv "$BASE_PKGS_FILE".new "$BASE_PKGS_FILE"
-        rm -rf "$IMAGE_BASE_RISOTTO_BASE_DIR"
-    fi
-    rm -rf "$BASE_DIR"
-    touch "$BASE_LOCK"
-fi
-
-tar xf "$BASE_TAR"
-mv "$BASE_NAME" "$IMAGE_NAME_RISOTTO_IMAGE_DIR"
-if [ -n "$COPR" ]; then
-    #FIXME signature...
-    mkdir -p "$REPO_DIR"
-    cd "$REPO_DIR"
-    wget -q "$COPR"
-    cd - > /dev/null
-fi
-if [ "$FUSION" = true ]; then
-    dnf -y install "https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$RELEASEVER.noarch.rpm" --installroot="$IMAGE_NAME_RISOTTO_IMAGE_DIR" > /dev/null
-fi
-
-# FIXME verifier s'il y a des modifs sur pre/post
-if [ -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR".base.pkgs ] && [ -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR".pkgs ]; then
-    echo "  - différence(s) avec les paquets de base"
-    diff -u "$IMAGE_NAME_RISOTTO_IMAGE_DIR".base.pkgs "$BASE_PKGS_FILE" && INSTALL=false || INSTALL=true
-else
-    INSTALL=true
-fi
-new_package
-if [ "$INSTALL" = false ]; then
-    echo "  - différence(s) avec les paquets de l'image"
-    diff -u "$IMAGE_NAME_RISOTTO_IMAGE_DIR".pkgs "$IMAGE_NAME_RISOTTO_IMAGE_DIR".pkgs.new && INSTALL=false || INSTALL=true
-fi
-find $IMAGE_NAME/manual -type f -exec md5sum '{}' \; > "$IMAGE_NAME_RISOTTO_IMAGE_DIR".md5sum.new
-if [ "$INSTALL" = false ]; then
-    diff -u "$IMAGE_NAME_RISOTTO_IMAGE_DIR".md5sum "$IMAGE_NAME_RISOTTO_IMAGE_DIR".md5sum.new && INSTALL=false || INSTALL=true
-fi
-if [ "$INSTALL" = true ]; then
-    echo "  - installation"
-    if [ -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR"_"$RELEASEVER".version ]; then
-        VERSION=$(cat "$IMAGE_NAME_RISOTTO_IMAGE_DIR"_"$RELEASEVER".version)
-    else
-        VERSION=0
-    fi
-    mkdir tmp
-    ORI_DIR=$PWD
-    cd tmp
-    if [ ! "$VERSION" = 0 ]; then
-        tar xf "$IMAGE_NAME_RISOTTO_IMAGE_NAME"
-        if [ "$INSTALL_TOOL" = "apt" ]; then
-            chown _apt "$IMAGE_NAME"
-        fi
-    else
-        mkdir "$IMAGE_NAME"
-    fi
-    cd "$IMAGE_NAME"
-    ../../make_changelog "$IMAGE_NAME" "$VERSION" "$OS_NAME" "$RELEASEVER" > "$IMAGE_NAME_RISOTTO_IMAGE_DIR"_"$RELEASEVER"_"$VERSION"_changelog.md
-    cd $ORI_DIR
-    rm -rf tmp
-    install_pkg
-    sleep 2
-    
-    for script in $(ls $IMAGE_NAME/manual/postinstall/*.sh 2> /dev/null); do
-        . "$script"
-    done
-    
-    CONTAINER=$IMAGE_NAME ./make_volatile /etc
-    if [ ! "$?" = 0 ]; then
-        echo "make_volatile failed"
-        exit 1
-    fi
-    cd "$RISOTTO_IMAGE_DIR"
-    #7zr a "$IMAGE_NAME".7z "$IMAGE_NAME"
-    if [ -f "$IMAGE_NAME_RISOTTO_IMAGE_NAME" ]; then
-        mv -f "$IMAGE_NAME_RISOTTO_IMAGE_NAME" "$IMAGE_NAME_RISOTTO_IMAGE_NAME".old
-    fi
-    tar cf "$IMAGE_NAME_RISOTTO_IMAGE_NAME" "$IMAGE_NAME"
-    sha256sum "$IMAGE_NAME_RISOTTO_IMAGE_NAME" > "$IMAGE_NAME_RISOTTO_IMAGE_NAME".sha
-    cd - > /dev/null
-    cp -f "$BASE_PKGS_FILE" "$IMAGE_NAME_RISOTTO_IMAGE_DIR".base.pkgs
-    mv -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR".pkgs.new "$IMAGE_NAME_RISOTTO_IMAGE_DIR".pkgs
-    mv -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR".md5sum.new "$IMAGE_NAME_RISOTTO_IMAGE_DIR".md5sum
-    VERSION=$((VERSION + 1)) 
-    echo "$VERSION" > "$IMAGE_NAME_RISOTTO_IMAGE_DIR"_"$RELEASEVER".version
-fi
-rm -rf "$IMAGE_NAME_RISOTTO_IMAGE_DIR"
-echo "  => OK"
-exit 0

seed/base-machine/manual/install/install_images

@@ -1,17 +0,0 @@
-#!/bin/bash -e
-HOST_NAME=$1
-if [ -z "$HOST_NAME" ]; then
-    echo "usage: $0 host name"
-    exit 1
-fi
-. config.sh
-rm -f $IMAGE_BASE_RISOTTO_BASE_DIR*.build
-for image in *; do
-    if [ -d "$image" ]; then
-	echo
-        echo "Install image $image"
-        ./install_image "$HOST_NAME" "$image"
-    fi
-done
-rm -f $IMAGE_BASE_RISOTTO_BASE_DIR*.build
-exit 0

seed/base-machine/manual/install/install_machine

@@ -2,6 +2,7 @@
 HOST_NAME=$1
 IMAGE_NAME=$2
 MACHINE=$3
+exit 0
 . config.sh
 . config_machine.sh
 if [ -z "$MACHINE" ]; then
@@ -40,24 +41,25 @@ fi
 if [ "$NEW_CONF" = true ]; then
     echo "  - delete old settings"
     ./diff.py "$MACHINE" "$MACHINE_RISOTTO_CONFIG_DIR" "$MACHINE_RISOTTO_CONFIG_DIR_LOCAL" > "$MACHINE_RISOTTO_CONFIG_DIR"_changelog.md
-    rm -rf "$MACHINE_RISOTTO_CONFIG_DIR"
+#    rm -rf "$MACHINE_RISOTTO_CONFIG_DIR"
 fi
 
-cp -a "$MACHINE_NAME_NSPAWN_LOCAL" "$MACHINE_NAME_NSPAWN"
-cp -a "$MACHINE_NAME_SCRIPT_LOCAL" "$MACHINE_NAME_SCRIPT"
-if [ ! -d "$MACHINE_RISOTTO_CONFIG_DIR" ]; then
-    cp -a "$MACHINE_RISOTTO_CONFIG_DIR_LOCAL" "$MACHINE_RISOTTO_CONFIG_DIR"
-fi
-if [ ! -d "$MACHINE_RISOTTO_SRV_DIR" ] && [ -d "$MACHINE_RISOTTO_SRV_DIR_LOCAL" ]; then
-    mkdir -p "$MACHINE_RISOTTO_SRV_DIR"
-fi
-mkdir -p "$RISOTTO_JOURNALD_DIR"
+#cp -a "$MACHINE_NAME_NSPAWN_LOCAL" "$MACHINE_NAME_NSPAWN"
+#cp -a "$MACHINE_NAME_SCRIPT_LOCAL" "$MACHINE_NAME_SCRIPT"
+#if [ ! -d "$MACHINE_RISOTTO_CONFIG_DIR" ]; then
+#    cp -a "$MACHINE_RISOTTO_CONFIG_DIR_LOCAL" "$MACHINE_RISOTTO_CONFIG_DIR"
+#fi
+#if [ ! -d "$MACHINE_RISOTTO_SRV_DIR" ] && [ -d "$MACHINE_RISOTTO_SRV_DIR_LOCAL" ]; then
+#    mkdir -p "$MACHINE_RISOTTO_SRV_DIR"
+#fi
+#mkdir -p "$RISOTTO_JOURNALD_DIR"
 if [ ! -d "$MACHINE_MACHINES_DIR" ]; then
     cd "$MACHINES_DIR"
+    mkdir "$IMAGE_NAME"
+    cd "$IMAGE_NAME"
     tar xf "$IMAGE_NAME_RISOTTO_IMAGE_NAME"
     mkdir -p "$SHA_MACHINE_DIR"
     cp -a "$IMAGE_NAME_RISOTTO_IMAGE_NAME".sha "$SHA_MACHINE"
-    mv "$IMAGE_NAME" "$MACHINE_MACHINES_DIR"
     cd - > /dev/null
 fi
 

seed/base-machine/templates/locale.conf

@@ -1 +1,6 @@
+# This is the fallback locale configuration provided by systemd.
+
+#>GNUNUX
+#LANG="C.UTF-8"
 LANG=fr_FR.UTF-8
+#<GNUNUX

seed/base/README.md

@@ -0,0 +1,17 @@
+---
+gitea: none
+include_toc: true
+---
+
+
+[Return to the list of application services.](../README.md)
+# base
+
+## Synopsis
+
+Base of all application services.
+
+## Used by
+
+- [host-systemd-machined](../host-systemd-machined/README.md)
+- [base-machine](../base-machine/README.md)

seed/base/applicationservice.yml

@@ -1,2 +1,3 @@
+---
 format: '0.1'
-description: Base
+description: Base of all application services

seed/base/dictionaries/00_base.yml

@@ -0,0 +1,16 @@
+---
+version: 1.1
+
+copy_tests:
+  type: boolean
+  hidden: true
+  default:
+    jinja: >-
+      {%- if copy_tests -%}
+      true
+      {%- else -%}
+      false
+      {%- endif -%}
+    params:
+      copy_tests:
+        information: copy_tests

seed/base/funcs/base.py

@@ -1,10 +1,11 @@
-from typing import List
-from risotto.utils import load_domains, DOMAINS
 from risotto.utils import multi_function as _multi_function
+from typing import List as _List
 
 
 @_multi_function
-def get_ip(server_name: str) -> str:
+def get_ip(zones: dict,
+           server_name: str,
+           ) -> str:
     if server_name is None:
         return
     if isinstance(server_name, list):
@@ -15,12 +16,47 @@ def get_ip(server_name: str) -> str:
     lst = []
     for s_name in server_name:
         host_name, domain_name = s_name.split('.', 1)
-        if not domain_name in DOMAINS:
+        for zone in zones.values():
+            if domain_name == zone['domain_name']:
+                break
+        else:
             raise ValueError(f'cannot find IP in domain name "{domain_name}" (for "{s_name}")')
-        domain = DOMAINS[domain_name]
-        ret = domain[1][domain[0].index(host_name)]
+        if host_name == zone['host_name']:
+            ret = zone['host_ip']
+        else:
+            if not host_name in zone['hosts']:
+                continue
+            ret = zone['hosts'][host_name]
         if not return_list:
             return ret
         if ret not in lst:
             lst.append(ret)
-    return lst
+    if return_list:
+        return lst
+
+
+@_multi_function
+def get_zones_info(zones: dict,
+                   type: str,
+                   zone_names: _List[str]=None,
+                   zone_name: str=None,
+                   index: int=None,
+                   uniq: bool=False,
+                   ) -> str:
+    if type == 'host_ip' and index != 0:
+        return
+    if zone_name:
+        if zone_name not in zones:
+            raise ValueError(f"cannot get zone informations in unknown zone '{zone_name}'")
+        if type == 'cidr':
+            return zones[zone_name]['host_ip'] + '/' + zones[zone_name]['network'].split('/')[-1]
+        return zones[zone_name][type]
+    ret = []
+    for zone_name, data in zones.items():
+        if zone_names and zone_name not in zone_names:
+            continue
+        val = data[type]
+        if uniq and val in ret:
+            continue
+        ret.append(val)
+    return ret

seed/dns-external/README.md

@@ -0,0 +1,19 @@
+---
+gitea: none
+include_toc: true
+---
+
+
+[Return to the list of application services.](../README.md)
+# dns-external
+
+## Synopsis
+
+DNS client with resolution on all zones (especially outside).
+
+## Used by
+
+- [postfix-relay](../postfix-relay/README.md)
+- [peertube](../peertube/README.md)
+- [unbound](../unbound/README.md)
+- [znc](../znc/README.md)

seed/dns-external/applicationservice.yml

@@ -1,2 +1,3 @@
+---
 format: '0.1'
-description: Configuration du client DNS externe
+description: DNS client with resolution on all zones (especially outside)

seed/dns-external/dictionaries/14-dns-external.xml

@@ -1,11 +0,0 @@
-<?xml version='1.0' encoding='UTF-8'?>
-<rougail version="0.10">
-  <variables>
-    <family name="network">
-      <variable name="dns_is_only_local" redefine="True">
-        <value>False</value>
-      </variable>
-      <variable name="dns_client_address" redefine="True" supplier="ExternalDNS"/>
-    </family>
-  </variables>
-</rougail>

seed/dns-external/dictionaries/14_dns-external.yml

@@ -0,0 +1,14 @@
+---
+version: 1.1
+
+network:
+
+  dns_is_only_local:
+    redefine: true
+    hidden: true
+    default: false
+
+  dns_client_address:
+    redefine: true
+    supplier: ExternalDNS
+    hidden: true

seed/dns-local/README.md

@@ -0,0 +1,16 @@
+---
+gitea: none
+include_toc: true
+---
+
+
+[Return to the list of application services.](../README.md)
+# dns-local
+
+## Synopsis
+
+DNS client with access to local zones.
+
+## Used by
+
+[base-machine](../base-machine/README.md)