forked from stove/dataset
Compare commits
98 commits
Author | SHA1 | Date | |
---|---|---|---|
43b00863ae | |||
0df0c1e80b | |||
c9162a5042 | |||
772283e0a6 | |||
ccb279d482 | |||
f2d4c644e6 | |||
e8e9e8719e | |||
71a61627e3 | |||
0c415b8d4d | |||
4c7a20f2c5 | |||
c781af11a5 | |||
b9552cd7fa | |||
c9fa6cf0e5 | |||
9d2c456c59 | |||
7384400cd4 | |||
532f20faf4 | |||
cc533f69bb | |||
21c86b0e97 | |||
84e583f8a4 | |||
cc56ea6286 | |||
a2838d1068 | |||
80484b0a32 | |||
5b29e1630b | |||
b91e8ab455 | |||
4fb6cd810b | |||
0305290883 | |||
8ad544de8b | |||
d317ab48ea | |||
d382e185d7 | |||
c09ab0c794 | |||
aa09ef03ea | |||
17033403b9 | |||
c676afdb26 | |||
f369998d15 | |||
b77d7d5784 | |||
ef3871720e | |||
ffed310d27 | |||
5c12724f33 | |||
cbe8fee94b | |||
1d1bdacb75 | |||
63e6b966cc | |||
ae4fe7e931 | |||
b96c29e40e | |||
8b39e07aa4 | |||
|
1de8353ac5 | ||
|
f66172b86c | ||
|
3e4204c53e | ||
|
5729dfb4f6 | ||
|
cebfab0b05 | ||
|
03ea888efd | ||
|
21b6a1298d | ||
|
e5f53eda0d | ||
|
d06e4bc9ee | ||
|
8bff1ca5ac | ||
|
d0d49bdccc | ||
|
1b72abb549 | ||
|
0541fb67d6 | ||
|
0bb87bdaf9 | ||
|
e51e4b482b | ||
|
a716f0cc47 | ||
|
67ff08b47d | ||
|
cfac2651b2 | ||
|
629ee5b548 | ||
|
381aada804 | ||
|
1c57c980d3 | ||
|
bb51db3e0a | ||
|
8b3bcd14a1 | ||
|
856607fc52 | ||
|
abe9155b4c | ||
|
ffaed709df | ||
|
b2eab154bc | ||
|
3862609e6b | ||
|
d572b8f64f | ||
|
465f68235b | ||
|
16f930572e | ||
|
97e74efd17 | ||
|
63ebd87431 | ||
|
b61bb58f73 | ||
|
0a2b6d1fa2 | ||
|
30b4e12ae8 | ||
|
1a3d562829 | ||
|
3316ae70d3 | ||
|
cacc4afc4d | ||
|
dd4d51c53c | ||
|
dab5d03ac5 | ||
|
2d10335f45 | ||
|
2d9de85e03 | ||
|
d3c31e0cea | ||
|
94c73f97ab | ||
|
b25763ec32 | ||
|
0ac3e884e4 | ||
|
349a035ad0 | ||
|
52e612afba | ||
|
883bdac398 | ||
|
f1b2e20063 | ||
|
b1e7064488 | ||
|
7cbd9b00fc | ||
|
b021f59e08 |
688 changed files with 20128 additions and 7538 deletions
|
@ -1,2 +1,3 @@
|
||||||
# dataset
|
# dataset
|
||||||
|
|
||||||
|
[This dataset application services](seed/README.md)
|
||||||
|
|
182
doc/link.md
182
doc/link.md
|
@ -1,177 +1,13 @@
|
||||||
# Configuration liée
|
CAS 1 (Redis et RedisClient) :
|
||||||
|
|
||||||
Une configuration liée est un ensemble d'élément partagé entre deux serveurs différents.
|
application service "serveur" :
|
||||||
|
|
||||||
## Lier un client à un serveur
|
provider="xxx" : variable multiple qui récupère tous les noms de domaine des suppliers
|
||||||
|
provider="xxx:yyy" : variable dans une famille dynamique qui récupère les infos de yyy
|
||||||
|
supplier="xxx:zzz" : variable dans la famille dynamique qui transmet l'info de zzz (généralement par un calcul)
|
||||||
|
|
||||||
```
|
application service "client" :
|
||||||
<check name="set_linked">
|
|
||||||
<param name="linked_provider">clients</param>
|
|
||||||
<param name="linked_value" type="variable">service_variable</param>
|
|
||||||
<target>service_variable_2</target>
|
|
||||||
</check>
|
|
||||||
```
|
|
||||||
|
|
||||||
## Lier un client à un serveur avec un nom d'utilisateur issu du nom de domaine
|
supplier="xxx" : variable qui récupère le nom de domaine du provider
|
||||||
|
supplier="xxx:yyy" : variable qui transmet les infos de yyy (généralement par un calcul)
|
||||||
Il faut commencer de créer une variable côté serveur :
|
provider="xxx:zzz" : variable récupère les infos de zzz
|
||||||
|
|
||||||
```
|
|
||||||
<variable name="remotes" description="All clients" type="domainname" multi="True" provider="clients"/>
|
|
||||||
```
|
|
||||||
|
|
||||||
Le nom d'utilisateur sera ici le nom de domaine du serveur avec l'application de la fonction 'normalize_family'.
|
|
||||||
|
|
||||||
Pour lier deux configurations il faut créer deux variables côté client :
|
|
||||||
|
|
||||||
```
|
|
||||||
<variable name='service_server_address' type='domainname' description="Nom DNS du serveur" mandatory='True'/>
|
|
||||||
<variable name='service_remote_user' type='string' description="Remote username" mandatory='True' hidden="True"/>
|
|
||||||
```
|
|
||||||
|
|
||||||
Enfin il faut lier les deux configurations :
|
|
||||||
|
|
||||||
```
|
|
||||||
<fill name="set_linked">
|
|
||||||
<param name="linked_server" type="variable">service_server_address</param>
|
|
||||||
<param name="linked_provider">clients</param>
|
|
||||||
<param name="linked_value" type="information">server_name</param>
|
|
||||||
<target>service_remote_user</target>
|
|
||||||
</fill>
|
|
||||||
```
|
|
||||||
|
|
||||||
Ainsi, lorsque l'utilisateur renseignera la variable "service_server_address", cette valeur sera ajouter à la variable "remotes" du serveur.
|
|
||||||
En retour la variable "service_remote_user" aura comme valeur "normalize_family(service_server_address)".
|
|
||||||
|
|
||||||
## Lier un client unique à un serveur avec un nom d'utilisateur calculé sur le serveur
|
|
||||||
|
|
||||||
Il faut commencer de créer les variables côté serveur :
|
|
||||||
|
|
||||||
```
|
|
||||||
<variables>
|
|
||||||
<variable name="remote" description="The client" type="domainname" provider="client"/>
|
|
||||||
<variable name="username" hidden="True" provider="client_name"/>
|
|
||||||
</variables>
|
|
||||||
<constraints>
|
|
||||||
<fill name="gen_user_name">
|
|
||||||
<target>username</target>
|
|
||||||
</fill>
|
|
||||||
</constraints>
|
|
||||||
```
|
|
||||||
|
|
||||||
Côté client :
|
|
||||||
|
|
||||||
```
|
|
||||||
<variable name='service_server_address' type='domainname' description="Nom DNS du serveur" mandatory='True'/>
|
|
||||||
<variable name='service_remote_user' type='string' description="Remote username" mandatory='True' hidden="True"/>
|
|
||||||
```
|
|
||||||
|
|
||||||
```
|
|
||||||
<fill name="set_linked">
|
|
||||||
<param name="linked_server" type="variable">service_server_address</param>
|
|
||||||
<param name="linked_provider">clients</param>
|
|
||||||
<param name="linked_value" type="information">server_name</param>
|
|
||||||
<param name="linked_returns">client_name</param>
|
|
||||||
<target>service_remote_user</target>
|
|
||||||
</fill>
|
|
||||||
```
|
|
||||||
|
|
||||||
Ainsi, lorsque l'utilisateur renseignera la variable "service_server_address", cette valeur sera la variable "remote" du serveur.
|
|
||||||
Un nom d'utilisateur sera alors généré côté serveur, la valeur de ce nom sera retourner au client comme valeur de 'service_remote_user'.
|
|
||||||
|
|
||||||
## Lier plusieurs clients à un serveur avec un nom d'utilisateur calculé sur le serveur
|
|
||||||
|
|
||||||
Il faut commencer de créer les variables côté serveur :
|
|
||||||
|
|
||||||
```
|
|
||||||
<variables>
|
|
||||||
<variable name="remotes" description="All clients" type="domainname" multi="True" provider="clients"/>
|
|
||||||
<family name="remote_" description="Compte pour " dynamic="remotes">
|
|
||||||
<variable name="username_" hidden="True" provider="client_name"/>
|
|
||||||
</family>
|
|
||||||
</variables>
|
|
||||||
<constraints>
|
|
||||||
<fill name="gen_user_name">
|
|
||||||
<target>username_</target>
|
|
||||||
</fill>
|
|
||||||
</constraints>
|
|
||||||
```
|
|
||||||
|
|
||||||
Côté client :
|
|
||||||
|
|
||||||
```
|
|
||||||
<variable name='service_server_address' type='domainname' description="Nom DNS du serveur" mandatory='True'/>
|
|
||||||
<variable name='service_remote_user' type='string' description="Remote username" mandatory='True' hidden="True"/>
|
|
||||||
```
|
|
||||||
|
|
||||||
```
|
|
||||||
<fill name="set_linked">
|
|
||||||
<param name="linked_server" type="variable">service_server_address</param>
|
|
||||||
<param name="linked_provider">clients</param>
|
|
||||||
<param name="linked_value" type="information">server_name</param>
|
|
||||||
<param name="linked_returns">client_name</param>
|
|
||||||
<param name="dynamic" type="information">server_name</param>
|
|
||||||
<target>service_remote_user</target>
|
|
||||||
</fill>
|
|
||||||
```
|
|
||||||
|
|
||||||
Ainsi, lorsque l'utilisateur renseignera la variable "service_server_address", cette valeur sera ajouter à la variable "remotes" du serveur.
|
|
||||||
Un nom d'utilisateur sera alors généré côté serveur, la valeur de ce nom sera retourner au client comme valeur de 'service_remote_user'.
|
|
||||||
|
|
||||||
## Caculer une variable d'un client par rapport à la valeur d'un serveur
|
|
||||||
|
|
||||||
Il faut commencer de créer une nouvelle variables côté serveur par exemple dans une famille dynamique :
|
|
||||||
|
|
||||||
```
|
|
||||||
<variables>
|
|
||||||
<family name="remote_" description="Compte pour " dynamic="remotes">
|
|
||||||
<variable name="password_" description="Password " auto_save="True" hidden="True" type="password" provider="client_password"/>
|
|
||||||
</family>
|
|
||||||
</variables>
|
|
||||||
<constraints>
|
|
||||||
<fill name="gen_password">
|
|
||||||
<target>password_</target>
|
|
||||||
</fill>
|
|
||||||
</constraints>
|
|
||||||
```
|
|
||||||
|
|
||||||
Côté client on veut récupérer ce mot de passe dans une variable :
|
|
||||||
|
|
||||||
```
|
|
||||||
<variable name='service_remote_user_password' type='password' description="Remote password" mandatory='True' hidden="True"/>
|
|
||||||
```
|
|
||||||
|
|
||||||
Et calculer cette valeur :
|
|
||||||
|
|
||||||
```
|
|
||||||
<fill name="get_linked_configuration">
|
|
||||||
<param name="linked_server" type="variable">service_server_address</param>
|
|
||||||
<param name="linked_provider">client_password</param>
|
|
||||||
<param name="dynamic" type="variable">service_remote_user</param>
|
|
||||||
<target>service_remote_user_password</target>
|
|
||||||
</fill>
|
|
||||||
```
|
|
||||||
|
|
||||||
## Propoger la valeur d'une variable d'un client vers un serveur
|
|
||||||
|
|
||||||
```
|
|
||||||
<check name="set_linked_configuration">
|
|
||||||
<param name="linked_server" type="variable">service_server_address</param>
|
|
||||||
<param name="linked_provider">client_var</param>
|
|
||||||
<param name="dynamic" type="variable">service_remote_user</param>
|
|
||||||
<target>service_variable</target>
|
|
||||||
</check>
|
|
||||||
```
|
|
||||||
|
|
||||||
## Propoger la valeur d'une variable d'un client vers un variable esclave du serveur
|
|
||||||
|
|
||||||
```
|
|
||||||
<check name="set_linked_configuration">
|
|
||||||
<param name="linked_server" type="variable">service_server_address</param>
|
|
||||||
<param name="leader_provider">client_var</param>
|
|
||||||
<param name="leader_value" type="variable">service_variable</param>
|
|
||||||
<param name="linked_provider">slave</param>
|
|
||||||
<param name="dynamic" type="variable">service_server_address</param>
|
|
||||||
<target>service_variable_2</target>
|
|
||||||
</check>
|
|
||||||
```
|
|
||||||
|
|
29
seed/README.ExternalDNS.md
Normal file
29
seed/README.ExternalDNS.md
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
---
|
||||||
|
gitea: none
|
||||||
|
include_toc: true
|
||||||
|
---
|
||||||
|
|
||||||
|
|
||||||
|
[Return to the list of application services.](README.md)
|
||||||
|
# ExternalDNS
|
||||||
|
|
||||||
|
## Synopsis
|
||||||
|
|
||||||
|
DNS forwarder for all DNS zones.<br/>This provider is able to answer query for external and internal domain name.
|
||||||
|
|
||||||
|
## Variables
|
||||||
|
|
||||||
|
| Parameter | Comment |
|
||||||
|
|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|
|
||||||
|
| **ExternalDNS:authority_zones**<br/>multiple<br/>**Type:** [`domainname`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Local DNS server can export own authority zones. |
|
||||||
|
|
||||||
|
## Provider
|
||||||
|
|
||||||
|
[unbound](unbound/README.md): Unbound, a validating, recursive, caching DNS resolver.
|
||||||
|
|
||||||
|
## Suppliers
|
||||||
|
|
||||||
|
- [postfix-relay](postfix-relay/README.md): Postfix, the mail server, as relay.
|
||||||
|
- [peertube](peertube/README.md): Peertube, a federated (ActivityPub) video streaming platform.
|
||||||
|
- [znc](znc/README.md): ZNC, a bouncer IRC.
|
||||||
|
- [nsd-local](nsd-local/README.md): NSD, an authoritative DNS name server for local resolution.
|
23
seed/README.IMAP.md
Normal file
23
seed/README.IMAP.md
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
---
|
||||||
|
gitea: none
|
||||||
|
include_toc: true
|
||||||
|
---
|
||||||
|
|
||||||
|
|
||||||
|
[Return to the list of application services.](README.md)
|
||||||
|
# IMAP
|
||||||
|
|
||||||
|
## Synopsis
|
||||||
|
|
||||||
|
IMAP server connexion.
|
||||||
|
|
||||||
|
## Variables
|
||||||
|
|
||||||
|
|
||||||
|
## Provider
|
||||||
|
|
||||||
|
[dovecot](dovecot/README.md): Postfix and Dovecot as mail servers (IMAP and submission).
|
||||||
|
|
||||||
|
## Supplier
|
||||||
|
|
||||||
|
[roundcube](roundcube/README.md): Roundcube, a webmail.
|
54
seed/README.Journald.md
Normal file
54
seed/README.Journald.md
Normal file
|
@ -0,0 +1,54 @@
|
||||||
|
---
|
||||||
|
gitea: none
|
||||||
|
include_toc: true
|
||||||
|
---
|
||||||
|
|
||||||
|
|
||||||
|
[Return to the list of application services.](README.md)
|
||||||
|
# Journald
|
||||||
|
|
||||||
|
## Synopsis
|
||||||
|
|
||||||
|
Concentrate journal messages on one host.
|
||||||
|
|
||||||
|
## Variables
|
||||||
|
|
||||||
|
| Parameter | Comment |
|
||||||
|
|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------|
|
||||||
|
| **Journald:message**<br/>mandatory, multiple<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Message to exclude for *supplier name*. |
|
||||||
|
| **Journald:service**<br/>mandatory, multiple<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Log from this service to exclude for *supplier name*. |
|
||||||
|
| **Journald:function**<br/>multiple<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Function use to compare message (if not defined, exlude same message) for *supplier name*. |
|
||||||
|
|
||||||
|
## Provider
|
||||||
|
|
||||||
|
[vector](vector/README.md): Vector, a lightweight, ultra-fast tool for building observability pipelines.
|
||||||
|
|
||||||
|
## Suppliers
|
||||||
|
|
||||||
|
- [odoo](odoo/README.md): Odoo, an ERP and CRM.
|
||||||
|
- [nginx-static](nginx-static/README.md): Nginx as static web site.
|
||||||
|
- [grafana](grafana/README.md): Grafana is an analytics and interactive visualization web application.
|
||||||
|
- [postgresql](postgresql/README.md): Postgresql, a database.
|
||||||
|
- [postfix-relay](postfix-relay/README.md): Postfix, the mail server, as relay.
|
||||||
|
- [mailman](mailman/README.md): GNU Mailman, managing electronic mail discussion and e-newsletter lists.
|
||||||
|
- [peertube](peertube/README.md): Peertube, a federated (ActivityPub) video streaming platform.
|
||||||
|
- [piwigo](piwigo/README.md): Piwigo, a photo management software.
|
||||||
|
- [vector](vector/README.md): Vector, a lightweight, ultra-fast tool for building observability pipelines.
|
||||||
|
- [dovecot](dovecot/README.md): Postfix and Dovecot as mail servers (IMAP and submission).
|
||||||
|
- [unbound](unbound/README.md): Unbound, a validating, recursive, caching DNS resolver.
|
||||||
|
- [redis](redis/README.md): Redis, an in-memory data structure store.
|
||||||
|
- [loki](loki/README.md): Loki, a log aggregation platform.
|
||||||
|
- [forgejo](forgejo/README.md): Forgejo, a community managed lightweight code hosting solution.
|
||||||
|
- [nsd](nsd/README.md): NSD, an authoritative DNS name server.
|
||||||
|
- [speedtest-rs](speedtest-rs/README.md): Speedtest-rs, a very lightweight Speedtest.
|
||||||
|
- [nginx-reverse-proxy](nginx-reverse-proxy/README.md): Nginx as reverse proxy.
|
||||||
|
- [roundcube](roundcube/README.md): Roundcube, a webmail.
|
||||||
|
- [znc](znc/README.md): ZNC, a bouncer IRC.
|
||||||
|
- [vaultwarden](vaultwarden/README.md): Vaultwarden, a password manager.
|
||||||
|
- [prometheus](prometheus/README.md): Prometheus, an event monitoring.
|
||||||
|
- [mariadb](mariadb/README.md): MariaDB, a relational database.
|
||||||
|
- [nsd-local](nsd-local/README.md): NSD, an authoritative DNS name server for local resolution.
|
||||||
|
- [nextcloud](nextcloud/README.md): Nextcloud, Online collaboration platform.
|
||||||
|
- [lemonldap](lemonldap/README.md): LemonLDAP, a Web Single Sign On and Access Management.
|
||||||
|
- [openldap](openldap/README.md): OpenLDAP, the LDAP server.
|
||||||
|
- [gitea](gitea/README.md): Transitional package for Gitea to Forgejo.
|
34
seed/README.LDAP.md
Normal file
34
seed/README.LDAP.md
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
---
|
||||||
|
gitea: none
|
||||||
|
include_toc: true
|
||||||
|
---
|
||||||
|
|
||||||
|
|
||||||
|
[Return to the list of application services.](README.md)
|
||||||
|
# LDAP
|
||||||
|
|
||||||
|
## Synopsis
|
||||||
|
|
||||||
|
Create account and connexion to a LDAP server.
|
||||||
|
|
||||||
|
## Variables
|
||||||
|
|
||||||
|
| Parameter | Comment |
|
||||||
|
|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------|
|
||||||
|
| **LDAP:family**<br/>**Type:** [`unix_user`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | LDAP family name for *supplier name*. |
|
||||||
|
| **LDAP:dn**<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | LDAP account DN for *supplier name*. |
|
||||||
|
| **LDAP:password**<br/>mandatory<br/>**Type:** [`password`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | LDAP passowrd for *supplier name*. |
|
||||||
|
| **LDAP:base_dn**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | LDAP base DN for *supplier name*. |
|
||||||
|
|
||||||
|
## Provider
|
||||||
|
|
||||||
|
[openldap](openldap/README.md): OpenLDAP, the LDAP server.
|
||||||
|
|
||||||
|
## Suppliers
|
||||||
|
|
||||||
|
- [odoo](odoo/README.md): Odoo, an ERP and CRM.
|
||||||
|
- [piwigo](piwigo/README.md): Piwigo, a photo management software.
|
||||||
|
- [dovecot](dovecot/README.md): Postfix and Dovecot as mail servers (IMAP and submission).
|
||||||
|
- [roundcube](roundcube/README.md): Roundcube, a webmail.
|
||||||
|
- [nextcloud](nextcloud/README.md): Nextcloud, Online collaboration platform.
|
||||||
|
- [lemonldap](lemonldap/README.md): LemonLDAP, a Web Single Sign On and Access Management.
|
27
seed/README.LMTP.md
Normal file
27
seed/README.LMTP.md
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
---
|
||||||
|
gitea: none
|
||||||
|
include_toc: true
|
||||||
|
---
|
||||||
|
|
||||||
|
|
||||||
|
[Return to the list of application services.](README.md)
|
||||||
|
# LMTP
|
||||||
|
|
||||||
|
## Synopsis
|
||||||
|
|
||||||
|
LMTP remote server.<br/>A service needs send email with LMTP protocol.
|
||||||
|
|
||||||
|
## Variables
|
||||||
|
|
||||||
|
| Parameter | Comment |
|
||||||
|
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------|
|
||||||
|
| **LMTP:criteria**<br/>mandatory, multiple<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Domain name allowes to send email with LMTP protocol for *supplier name*. |
|
||||||
|
|
||||||
|
## Provider
|
||||||
|
|
||||||
|
[postfix-relay](postfix-relay/README.md): Postfix, the mail server, as relay.
|
||||||
|
|
||||||
|
## Suppliers
|
||||||
|
|
||||||
|
- [mailman](mailman/README.md): GNU Mailman, managing electronic mail discussion and e-newsletter lists.
|
||||||
|
- [dovecot](dovecot/README.md): Postfix and Dovecot as mail servers (IMAP and submission).
|
48
seed/README.LocalDNS.md
Normal file
48
seed/README.LocalDNS.md
Normal file
|
@ -0,0 +1,48 @@
|
||||||
|
---
|
||||||
|
gitea: none
|
||||||
|
include_toc: true
|
||||||
|
---
|
||||||
|
|
||||||
|
|
||||||
|
[Return to the list of application services.](README.md)
|
||||||
|
# LocalDNS
|
||||||
|
|
||||||
|
## Synopsis
|
||||||
|
|
||||||
|
DNS forwarder for local domain name.
|
||||||
|
|
||||||
|
## Variables
|
||||||
|
|
||||||
|
| Parameter | Comment |
|
||||||
|
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------|
|
||||||
|
| **LocalDNS:DNSSEC_DS**<br/>multiple<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | DNSSEC DS informations. |
|
||||||
|
|
||||||
|
## Provider
|
||||||
|
|
||||||
|
[nsd-local](nsd-local/README.md): NSD, an authoritative DNS name server for local resolution.
|
||||||
|
|
||||||
|
## Suppliers
|
||||||
|
|
||||||
|
- [odoo](odoo/README.md): Odoo, an ERP and CRM.
|
||||||
|
- [nginx-static](nginx-static/README.md): Nginx as static web site.
|
||||||
|
- [grafana](grafana/README.md): Grafana is an analytics and interactive visualization web application.
|
||||||
|
- [postgresql](postgresql/README.md): Postgresql, a database.
|
||||||
|
- [mailman](mailman/README.md): GNU Mailman, managing electronic mail discussion and e-newsletter lists.
|
||||||
|
- [piwigo](piwigo/README.md): Piwigo, a photo management software.
|
||||||
|
- [vector](vector/README.md): Vector, a lightweight, ultra-fast tool for building observability pipelines.
|
||||||
|
- [dovecot](dovecot/README.md): Postfix and Dovecot as mail servers (IMAP and submission).
|
||||||
|
- [redis](redis/README.md): Redis, an in-memory data structure store.
|
||||||
|
- [loki](loki/README.md): Loki, a log aggregation platform.
|
||||||
|
- [forgejo](forgejo/README.md): Forgejo, a community managed lightweight code hosting solution.
|
||||||
|
- [nsd](nsd/README.md): NSD, an authoritative DNS name server.
|
||||||
|
- [speedtest-rs](speedtest-rs/README.md): Speedtest-rs, a very lightweight Speedtest.
|
||||||
|
- [nginx-reverse-proxy](nginx-reverse-proxy/README.md): Nginx as reverse proxy.
|
||||||
|
- [roundcube](roundcube/README.md): Roundcube, a webmail.
|
||||||
|
- [vaultwarden](vaultwarden/README.md): Vaultwarden, a password manager.
|
||||||
|
- [prometheus](prometheus/README.md): Prometheus, an event monitoring.
|
||||||
|
- [mariadb](mariadb/README.md): MariaDB, a relational database.
|
||||||
|
- [nsd-local](nsd-local/README.md): NSD, an authoritative DNS name server for local resolution.
|
||||||
|
- [nextcloud](nextcloud/README.md): Nextcloud, Online collaboration platform.
|
||||||
|
- [lemonldap](lemonldap/README.md): LemonLDAP, a Web Single Sign On and Access Management.
|
||||||
|
- [openldap](openldap/README.md): OpenLDAP, the LDAP server.
|
||||||
|
- [gitea](gitea/README.md): Transitional package for Gitea to Forgejo.
|
23
seed/README.Loki.md
Normal file
23
seed/README.Loki.md
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
---
|
||||||
|
gitea: none
|
||||||
|
include_toc: true
|
||||||
|
---
|
||||||
|
|
||||||
|
|
||||||
|
[Return to the list of application services.](README.md)
|
||||||
|
# Loki
|
||||||
|
|
||||||
|
## Synopsis
|
||||||
|
|
||||||
|
Concentrate log messages.
|
||||||
|
|
||||||
|
## Variables
|
||||||
|
|
||||||
|
|
||||||
|
## Provider
|
||||||
|
|
||||||
|
[loki](loki/README.md): Loki, a log aggregation platform.
|
||||||
|
|
||||||
|
## Supplier
|
||||||
|
|
||||||
|
[vector](vector/README.md): Vector, a lightweight, ultra-fast tool for building observability pipelines.
|
28
seed/README.MariaDB.md
Normal file
28
seed/README.MariaDB.md
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
---
|
||||||
|
gitea: none
|
||||||
|
include_toc: true
|
||||||
|
---
|
||||||
|
|
||||||
|
|
||||||
|
[Return to the list of application services.](README.md)
|
||||||
|
# MariaDB
|
||||||
|
|
||||||
|
## Synopsis
|
||||||
|
|
||||||
|
Create account and connexion to a MariaDB server.
|
||||||
|
|
||||||
|
## Variables
|
||||||
|
|
||||||
|
| Parameter | Comment |
|
||||||
|
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------|
|
||||||
|
| **MariaDB:username**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | MariaDB user name for *supplier name*. |
|
||||||
|
| **MariaDB:password**<br/>mandatory<br/>**Type:** [`secret`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | MariaDB password for *supplier name*. |
|
||||||
|
| **MariaDB:database**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | MariaDB database name for *supplier name*. |
|
||||||
|
|
||||||
|
## Provider
|
||||||
|
|
||||||
|
[mariadb](mariadb/README.md): MariaDB, a relational database.
|
||||||
|
|
||||||
|
## Supplier
|
||||||
|
|
||||||
|
[piwigo](piwigo/README.md): Piwigo, a photo management software.
|
45
seed/README.OAuth2.md
Normal file
45
seed/README.OAuth2.md
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
---
|
||||||
|
gitea: none
|
||||||
|
include_toc: true
|
||||||
|
---
|
||||||
|
|
||||||
|
|
||||||
|
[Return to the list of application services.](README.md)
|
||||||
|
# OAuth2
|
||||||
|
|
||||||
|
## Synopsis
|
||||||
|
|
||||||
|
Remote clients needing to verify OAuth2 account.
|
||||||
|
|
||||||
|
## Variables
|
||||||
|
|
||||||
|
| Parameter | Comment |
|
||||||
|
|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------|
|
||||||
|
| **OAuth2:name**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Remote name for *supplier name*. |
|
||||||
|
| **OAuth2:description**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Remote description for *supplier name*. |
|
||||||
|
| **OAuth2:login**<br/>**Type:** [`web_address`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Remote URL to login for *supplier name*. |
|
||||||
|
| **OAuth2:external**<br/>mandatory, multiple<br/>**Type:** [`web_address`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Remote external for *supplier name*. |
|
||||||
|
| **OAuth2:family**<br/>mandatory, multiple<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Remote family for *supplier name*. |
|
||||||
|
| **OAuth2:category**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Remode category for *supplier name*. |
|
||||||
|
| **OAuth2:logo**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Logo for *supplier name*. |
|
||||||
|
| **OAuth2:client_id**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Remote client id for *supplier name*. |
|
||||||
|
| **OAuth2:secret**<br/>mandatory<br/>**Type:** [`password`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Remote secret for *supplier name*. |
|
||||||
|
| **OAuth2:token_signature_algo**<br/>mandatory<br/>**Type:** [`choice`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | OAuth2 token signature algorithm for *supplier name*.<br/>**Choices:**<br/>- `HS512`<br/>- `RS256` |
|
||||||
|
| **OAuth2:external_domain**<br/>**Type:** [`domainname`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | OAuth2 server domain name. |
|
||||||
|
|
||||||
|
## Provider
|
||||||
|
|
||||||
|
[lemonldap](lemonldap/README.md): LemonLDAP, a Web Single Sign On and Access Management.
|
||||||
|
|
||||||
|
## Suppliers
|
||||||
|
|
||||||
|
- [odoo](odoo/README.md): Odoo, an ERP and CRM.
|
||||||
|
- [grafana](grafana/README.md): Grafana is an analytics and interactive visualization web application.
|
||||||
|
- [mailman](mailman/README.md): GNU Mailman, managing electronic mail discussion and e-newsletter lists.
|
||||||
|
- [peertube](peertube/README.md): Peertube, a federated (ActivityPub) video streaming platform.
|
||||||
|
- [piwigo](piwigo/README.md): Piwigo, a photo management software.
|
||||||
|
- [dovecot](dovecot/README.md): Postfix and Dovecot as mail servers (IMAP and submission).
|
||||||
|
- [forgejo](forgejo/README.md): Forgejo, a community managed lightweight code hosting solution.
|
||||||
|
- [roundcube](roundcube/README.md): Roundcube, a webmail.
|
||||||
|
- [nextcloud](nextcloud/README.md): Nextcloud, Online collaboration platform.
|
||||||
|
- [gitea](gitea/README.md): Transitional package for Gitea to Forgejo.
|
36
seed/README.Postgresql.md
Normal file
36
seed/README.Postgresql.md
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
---
|
||||||
|
gitea: none
|
||||||
|
include_toc: true
|
||||||
|
---
|
||||||
|
|
||||||
|
|
||||||
|
[Return to the list of application services.](README.md)
|
||||||
|
# Postgresql
|
||||||
|
|
||||||
|
## Synopsis
|
||||||
|
|
||||||
|
Create account and connexion to a PostgreSQL server.
|
||||||
|
|
||||||
|
## Variables
|
||||||
|
|
||||||
|
| Parameter | Comment |
|
||||||
|
|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------|
|
||||||
|
| **Postgresql:username**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Postgresql username for *supplier name*. |
|
||||||
|
| **Postgresql:password**<br/>mandatory<br/>**Type:** [`password`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Postgresql password for *supplier name*. |
|
||||||
|
| **Postgresql:database**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Postgresql database name for *supplier name*. |
|
||||||
|
|
||||||
|
## Provider
|
||||||
|
|
||||||
|
[postgresql](postgresql/README.md): Postgresql, a database.
|
||||||
|
|
||||||
|
## Suppliers
|
||||||
|
|
||||||
|
- [odoo](odoo/README.md): Odoo, an ERP and CRM.
|
||||||
|
- [grafana](grafana/README.md): Grafana is an analytics and interactive visualization web application.
|
||||||
|
- [mailman](mailman/README.md): GNU Mailman, managing electronic mail discussion and e-newsletter lists.
|
||||||
|
- [peertube](peertube/README.md): Peertube, a federated (ActivityPub) video streaming platform.
|
||||||
|
- [forgejo](forgejo/README.md): Forgejo, a community managed lightweight code hosting solution.
|
||||||
|
- [roundcube](roundcube/README.md): Roundcube, a webmail.
|
||||||
|
- [vaultwarden](vaultwarden/README.md): Vaultwarden, a password manager.
|
||||||
|
- [nextcloud](nextcloud/README.md): Nextcloud, Online collaboration platform.
|
||||||
|
- [gitea](gitea/README.md): Transitional package for Gitea to Forgejo.
|
19
seed/README.Prometheus.md
Normal file
19
seed/README.Prometheus.md
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
---
|
||||||
|
gitea: none
|
||||||
|
include_toc: true
|
||||||
|
---
|
||||||
|
|
||||||
|
|
||||||
|
[Return to the list of application services.](README.md)
|
||||||
|
# Prometheus
|
||||||
|
|
||||||
|
## Synopsis
|
||||||
|
|
||||||
|
Configure Prometheus exporter.
|
||||||
|
|
||||||
|
## Variables
|
||||||
|
|
||||||
|
|
||||||
|
## Provider
|
||||||
|
|
||||||
|
[prometheus](prometheus/README.md): Prometheus, an event monitoring.
|
33
seed/README.Redis.md
Normal file
33
seed/README.Redis.md
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
---
|
||||||
|
gitea: none
|
||||||
|
include_toc: true
|
||||||
|
---
|
||||||
|
|
||||||
|
|
||||||
|
[Return to the list of application services.](README.md)
|
||||||
|
# Redis
|
||||||
|
|
||||||
|
## Synopsis
|
||||||
|
|
||||||
|
Create account and connexion to a Redis server.
|
||||||
|
|
||||||
|
## Variables
|
||||||
|
|
||||||
|
| Parameter | Comment |
|
||||||
|
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------|
|
||||||
|
| **Redis:username**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Redis user name for *supplier name*. |
|
||||||
|
| **Redis:password**<br/>mandatory<br/>**Type:** [`password`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Redis password for *supplier name*. |
|
||||||
|
| **Redis:index**<br/>mandatory<br/>**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Redis database index.<br/>Only index 0 is allowed, Redis project discourage to use the server with several database. |
|
||||||
|
|
||||||
|
## Provider
|
||||||
|
|
||||||
|
[redis](redis/README.md): Redis, an in-memory data structure store.
|
||||||
|
|
||||||
|
## Suppliers
|
||||||
|
|
||||||
|
- [peertube](peertube/README.md): Peertube, a federated (ActivityPub) video streaming platform.
|
||||||
|
- [piwigo](piwigo/README.md): Piwigo, a photo management software.
|
||||||
|
- [forgejo](forgejo/README.md): Forgejo, a community managed lightweight code hosting solution.
|
||||||
|
- [roundcube](roundcube/README.md): Roundcube, a webmail.
|
||||||
|
- [nextcloud](nextcloud/README.md): Nextcloud, Online collaboration platform.
|
||||||
|
- [gitea](gitea/README.md): Transitional package for Gitea to Forgejo.
|
44
seed/README.ReverseProxy.md
Normal file
44
seed/README.ReverseProxy.md
Normal file
|
@ -0,0 +1,44 @@
|
||||||
|
---
|
||||||
|
gitea: none
|
||||||
|
include_toc: true
|
||||||
|
---
|
||||||
|
|
||||||
|
|
||||||
|
[Return to the list of application services.](README.md)
|
||||||
|
# ReverseProxy
|
||||||
|
|
||||||
|
## Synopsis
|
||||||
|
|
||||||
|
Register to service to a reverse proxy server.
|
||||||
|
|
||||||
|
## Variables
|
||||||
|
|
||||||
|
| Parameter | Comment |
|
||||||
|
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------|
|
||||||
|
| **ReverseProxy:external**<br/>mandatory, multiple<br/>**Type:** [`domainname`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | External domain name for *supplier name*. |
|
||||||
|
| **ReverseProxy:location**<br/>mandatory<br/>**Type:** [`filename`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | URI to redirect for *supplier name*.<br/>Relative redirected URI (without domaine name).<br/>**Example:** /mail |
|
||||||
|
| **ReverseProxy:max_body_size**<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Body size max for *supplier name*. |
|
||||||
|
| **ReverseProxy:websocket**<br/>mandatory<br/>**Type:** [`boolean`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | The entry point is a websocket for *supplier name*.<br/>**Default:** [True] |
|
||||||
|
| **ReverseProxy:url**<br/>mandatory<br/>**Type:** [`web_address`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Internal URL for *supplier name*. |
|
||||||
|
| **ReverseProxy:http**<br/>mandatory<br/>**Type:** [`boolean`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | The website is in HTTP for *supplier name*.<br/>**Default:** True |
|
||||||
|
|
||||||
|
## Provider
|
||||||
|
|
||||||
|
[nginx-reverse-proxy](nginx-reverse-proxy/README.md): Nginx as reverse proxy.
|
||||||
|
|
||||||
|
## Suppliers
|
||||||
|
|
||||||
|
- [odoo](odoo/README.md): Odoo, an ERP and CRM.
|
||||||
|
- [nginx-static](nginx-static/README.md): Nginx as static web site.
|
||||||
|
- [grafana](grafana/README.md): Grafana is an analytics and interactive visualization web application.
|
||||||
|
- [mailman](mailman/README.md): GNU Mailman, managing electronic mail discussion and e-newsletter lists.
|
||||||
|
- [peertube](peertube/README.md): Peertube, a federated (ActivityPub) video streaming platform.
|
||||||
|
- [piwigo](piwigo/README.md): Piwigo, a photo management software.
|
||||||
|
- [dovecot](dovecot/README.md): Postfix and Dovecot as mail servers (IMAP and submission).
|
||||||
|
- [forgejo](forgejo/README.md): Forgejo, a community managed lightweight code hosting solution.
|
||||||
|
- [speedtest-rs](speedtest-rs/README.md): Speedtest-rs, a very lightweight Speedtest.
|
||||||
|
- [roundcube](roundcube/README.md): Roundcube, a webmail.
|
||||||
|
- [vaultwarden](vaultwarden/README.md): Vaultwarden, a password manager.
|
||||||
|
- [nextcloud](nextcloud/README.md): Nextcloud, Online collaboration platform.
|
||||||
|
- [lemonldap](lemonldap/README.md): LemonLDAP, a Web Single Sign On and Access Management.
|
||||||
|
- [gitea](gitea/README.md): Transitional package for Gitea to Forgejo.
|
37
seed/README.SMTP.md
Normal file
37
seed/README.SMTP.md
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
---
|
||||||
|
gitea: none
|
||||||
|
include_toc: true
|
||||||
|
---
|
||||||
|
|
||||||
|
|
||||||
|
[Return to the list of application services.](README.md)
|
||||||
|
# SMTP
|
||||||
|
|
||||||
|
## Synopsis
|
||||||
|
|
||||||
|
Create a SMTP relay account and authorize sending email.<br/>A service needs send email with SMTP protocol, so an account is created and SMTP relay accept sending mail by this account.
|
||||||
|
|
||||||
|
## Variables
|
||||||
|
|
||||||
|
| Parameter | Comment |
|
||||||
|
|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------|
|
||||||
|
| **SMTP:username**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | User account to send email for *supplier name*. |
|
||||||
|
| **SMTP:password**<br/>mandatory<br/>**Type:** [`secret`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Password to send email for *supplier name*. |
|
||||||
|
|
||||||
|
## Provider
|
||||||
|
|
||||||
|
[postfix-relay](postfix-relay/README.md): Postfix, the mail server, as relay.
|
||||||
|
|
||||||
|
## Suppliers
|
||||||
|
|
||||||
|
- [odoo](odoo/README.md): Odoo, an ERP and CRM.
|
||||||
|
- [grafana](grafana/README.md): Grafana is an analytics and interactive visualization web application.
|
||||||
|
- [mailman](mailman/README.md): GNU Mailman, managing electronic mail discussion and e-newsletter lists.
|
||||||
|
- [peertube](peertube/README.md): Peertube, a federated (ActivityPub) video streaming platform.
|
||||||
|
- [piwigo](piwigo/README.md): Piwigo, a photo management software.
|
||||||
|
- [dovecot](dovecot/README.md): Postfix and Dovecot as mail servers (IMAP and submission).
|
||||||
|
- [forgejo](forgejo/README.md): Forgejo, a community managed lightweight code hosting solution.
|
||||||
|
- [vaultwarden](vaultwarden/README.md): Vaultwarden, a password manager.
|
||||||
|
- [nextcloud](nextcloud/README.md): Nextcloud, Online collaboration platform.
|
||||||
|
- [lemonldap](lemonldap/README.md): LemonLDAP, a Web Single Sign On and Access Management.
|
||||||
|
- [gitea](gitea/README.md): Transitional package for Gitea to Forgejo.
|
22
seed/README.Vector.md
Normal file
22
seed/README.Vector.md
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
---
|
||||||
|
gitea: none
|
||||||
|
include_toc: true
|
||||||
|
---
|
||||||
|
|
||||||
|
|
||||||
|
[Return to the list of application services.](README.md)
|
||||||
|
# Vector
|
||||||
|
|
||||||
|
## Synopsis
|
||||||
|
|
||||||
|
Collect observability data from another Vector instance.
|
||||||
|
|
||||||
|
## Variables
|
||||||
|
|
||||||
|
| Parameter | Comment |
|
||||||
|
|-------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------|
|
||||||
|
| **Vector:address**<br/>**Type:** [`ip`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Send Journal on this IP address.<br/>Vector must listen on this address, clients are configured to use this destination IP. |
|
||||||
|
|
||||||
|
## Provider
|
||||||
|
|
||||||
|
[vector](vector/README.md): Vector, a lightweight, ultra-fast tool for building observability pipelines.
|
91
seed/README.md
Normal file
91
seed/README.md
Normal file
|
@ -0,0 +1,91 @@
|
||||||
|
# Application services
|
||||||
|
|
||||||
|
- [dovecot](dovecot/README.md): Postfix and Dovecot as mail servers (IMAP and submission)
|
||||||
|
- [forgejo](forgejo/README.md): Forgejo, a community managed lightweight code hosting solution
|
||||||
|
- [gitea](gitea/README.md): Transitional package for Gitea to Forgejo
|
||||||
|
- [grafana](grafana/README.md): Grafana is an analytics and interactive visualization web application
|
||||||
|
- [lemonldap](lemonldap/README.md): LemonLDAP, a Web Single Sign On and Access Management
|
||||||
|
- [loki](loki/README.md): Loki, a log aggregation platform
|
||||||
|
- [mailman](mailman/README.md): GNU Mailman, managing electronic mail discussion and e-newsletter lists
|
||||||
|
- [mariadb](mariadb/README.md): MariaDB, a relational database
|
||||||
|
- [nextcloud](nextcloud/README.md): Nextcloud, Online collaboration platform
|
||||||
|
- nginx:
|
||||||
|
- [nginx-reverse-proxy](nginx-reverse-proxy/README.md): Nginx as reverse proxy
|
||||||
|
- [nginx-static](nginx-static/README.md): Nginx as static web site
|
||||||
|
- nsd:
|
||||||
|
- [nsd](nsd/README.md): NSD, an authoritative DNS name server
|
||||||
|
- [nsd-local](nsd-local/README.md): NSD, an authoritative DNS name server for local resolution
|
||||||
|
- [odoo](odoo/README.md): Odoo, an ERP and CRM
|
||||||
|
- [openldap](openldap/README.md): OpenLDAP, the LDAP server
|
||||||
|
- [peertube](peertube/README.md): Peertube, a federated (ActivityPub) video streaming platform
|
||||||
|
- [piwigo](piwigo/README.md): Piwigo, a photo management software
|
||||||
|
- [postfix-relay](postfix-relay/README.md): Postfix, the mail server, as relay
|
||||||
|
- [postgresql](postgresql/README.md): Postgresql, a database
|
||||||
|
- [prometheus](prometheus/README.md): Prometheus, an event monitoring
|
||||||
|
- [redis](redis/README.md): Redis, an in-memory data structure store
|
||||||
|
- [roundcube](roundcube/README.md): Roundcube, a webmail
|
||||||
|
- [speedtest-rs](speedtest-rs/README.md): Speedtest-rs, a very lightweight Speedtest
|
||||||
|
- [unbound](unbound/README.md): Unbound, a validating, recursive, caching DNS resolver
|
||||||
|
- [vaultwarden](vaultwarden/README.md): Vaultwarden, a password manager
|
||||||
|
- [vector](vector/README.md): Vector, a lightweight, ultra-fast tool for building observability pipelines
|
||||||
|
- [znc](znc/README.md): ZNC, a bouncer IRC
|
||||||
|
# Application dependencies
|
||||||
|
|
||||||
|
- [apache](apache/README.md): Apache as web server
|
||||||
|
- base:
|
||||||
|
- [base](base/README.md): Base of all application services
|
||||||
|
- [base-debian](base-debian/README.md): Base information of a Debian server
|
||||||
|
- [base-debian-bullseye](base-debian-bullseye/README.md): Base information of a Debian Bulleye server
|
||||||
|
- [base-fedora](base-fedora/README.md): Base information of a Fedora
|
||||||
|
- [base-fedora-35](base-fedora-35/README.md): Base information of a Fedora 35
|
||||||
|
- [base-fedora-36](base-fedora-36/README.md): Base information of a Fedora 36
|
||||||
|
- [base-fedora-37](base-fedora-37/README.md): Base information of a Fedora 37
|
||||||
|
- [base-fedora-38](base-fedora-38/README.md): Base information of a Fedora 38
|
||||||
|
- [base-machine](base-machine/README.md): Base information for a machine
|
||||||
|
- dns:
|
||||||
|
- [dns-external](dns-external/README.md): DNS client with resolution on all zones (especially outside)
|
||||||
|
- [dns-local](dns-local/README.md): DNS client with access to local zones
|
||||||
|
- [host-systemd-machined](host-systemd-machined/README.md): Host with machine started in Systemd Machined environment
|
||||||
|
- [imap-client](imap-client/README.md): Application service needs interact with an IMAP server
|
||||||
|
- [journald](journald/README.md): Journald
|
||||||
|
- [journald_remote](journald_remote/README.md): Journald remote
|
||||||
|
- [ldap-client](ldap-client/README.md): Application service needs interact with a LDAP server
|
||||||
|
- [mariadb-client](mariadb-client/README.md): Application service needs interact with a MariaDB server
|
||||||
|
- nginx:
|
||||||
|
- [nginx-common](nginx-common/README.md): Nginx common configuration
|
||||||
|
- [nginx-https](nginx-https/README.md): Nginx as HTTPS web site
|
||||||
|
- [oauth2-client](oauth2-client/README.md): Application service needs interact with a Oauth2 server
|
||||||
|
- php:
|
||||||
|
- [php](php/README.md): PHP, a popular general-purpose scripting language
|
||||||
|
- [php-fpm](php-fpm/README.md): PHP FPM
|
||||||
|
- [pki-tls](pki-tls/README.md): Autosign PKI or Let's encrypt support for TLS certificates
|
||||||
|
- [postfix-lmtp-relay](postfix-lmtp-relay/README.md): Postfix, the mail server, as LMTP relay
|
||||||
|
- [postgresql-client](postgresql-client/README.md): Application service needs interact with a Postgresql server
|
||||||
|
- [provider-systemd-machined](provider-systemd-machined/README.md): Machine started in Systemd Machined environment
|
||||||
|
- redis:
|
||||||
|
- [redis-client](redis-client/README.md): Application service needs interact with a Redis server
|
||||||
|
- [redis-common](redis-common/README.md): Redis, an in-memory data structure store
|
||||||
|
- relay:
|
||||||
|
- [relay-lmtp-client](relay-lmtp-client/README.md): Application service needs interact with a Postfix server with LMTP protocol
|
||||||
|
- [relay-mail-client](relay-mail-client/README.md): Client SMTP
|
||||||
|
- [resolved](resolved/README.md): Resolved
|
||||||
|
- [reverse-proxy-client](reverse-proxy-client/README.md): Application service needs interact with a a reverse proxy server
|
||||||
|
- [systemd](systemd/README.md): Systemd, a system and service manager
|
||||||
|
|
||||||
|
# Providers
|
||||||
|
|
||||||
|
- [ExternalDNS](README.ExternalDNS.md): DNS forwarder for all DNS zones.
|
||||||
|
- [IMAP](README.IMAP.md): IMAP server connexion.
|
||||||
|
- [Journald](README.Journald.md): Concentrate journal messages on one host.
|
||||||
|
- [LDAP](README.LDAP.md): Create account and connexion to a LDAP server.
|
||||||
|
- [LMTP](README.LMTP.md): LMTP remote server.
|
||||||
|
- [LocalDNS](README.LocalDNS.md): DNS forwarder for local domain name.
|
||||||
|
- [Loki](README.Loki.md): Concentrate log messages.
|
||||||
|
- [MariaDB](README.MariaDB.md): Create account and connexion to a MariaDB server.
|
||||||
|
- [OAuth2](README.OAuth2.md): Remote clients needing to verify OAuth2 account.
|
||||||
|
- [Postgresql](README.Postgresql.md): Create account and connexion to a PostgreSQL server.
|
||||||
|
- [Prometheus](README.Prometheus.md): Configure Prometheus exporter.
|
||||||
|
- [Redis](README.Redis.md): Create account and connexion to a Redis server.
|
||||||
|
- [ReverseProxy](README.ReverseProxy.md): Register to service to a reverse proxy server.
|
||||||
|
- [SMTP](README.SMTP.md): Create a SMTP relay account and authorize sending email.
|
||||||
|
- [Vector](README.Vector.md): Collect observability data from another Vector instance.
|
36
seed/apache/README.md
Normal file
36
seed/apache/README.md
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
---
|
||||||
|
gitea: none
|
||||||
|
include_toc: true
|
||||||
|
---
|
||||||
|
|
||||||
|
|
||||||
|
[Return to the list of application services.](../README.md)
|
||||||
|
# apache
|
||||||
|
|
||||||
|
## Synopsis
|
||||||
|
|
||||||
|
|
||||||
|
[Apache as web server.](https://httpd.apache.org/)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## Variables for expert
|
||||||
|
|
||||||
|
### General
|
||||||
|
|
||||||
|
#### Apache
|
||||||
|
|
||||||
|
Advance Apache web server settings.
|
||||||
|
|
||||||
|
| Parameter | Comments |
|
||||||
|
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------|
|
||||||
|
| **[general.apache.apache_timeout](dictionaries/20_web.xml)**<br/>mandatory<br/>**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Amount of time the server will wait for certain events before failing a request.<br/>Time in seconds.<br/>**Default:** 300 |
|
||||||
|
| **[general.apache.apache_keepalive](dictionaries/20_web.xml)**<br/>mandatory<br/>**Type:** [`boolean`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Enables HTTP persistent connections.<br/>**Default:** True |
|
||||||
|
|
||||||
|
## Dependances
|
||||||
|
|
||||||
|
- [reverse-proxy-client](../reverse-proxy-client/README.md): Application service needs interact with a a reverse proxy server.
|
||||||
|
|
||||||
|
## Used by
|
||||||
|
|
||||||
|
[nextcloud](../nextcloud/README.md)
|
|
@ -1,5 +1,6 @@
|
||||||
|
---
|
||||||
format: '0.1'
|
format: '0.1'
|
||||||
description: Apache configuration
|
description: Apache as web server
|
||||||
|
website: https://httpd.apache.org/
|
||||||
depends:
|
depends:
|
||||||
- base-fedora-35
|
|
||||||
- reverse-proxy-client
|
- reverse-proxy-client
|
||||||
|
|
|
@ -1,38 +0,0 @@
|
||||||
<?xml version='1.0' encoding='UTF-8'?>
|
|
||||||
<rougail version="0.10">
|
|
||||||
<services>
|
|
||||||
<service name="httpd" target="multi-user">
|
|
||||||
<file>/etc/pki/ca-trust/source/anchors/ca_InternalReverseProxy.crt</file>
|
|
||||||
<file>/etc/httpd/conf/httpd.conf</file>
|
|
||||||
<file>/etc/httpd/conf.d/risotto.conf</file>
|
|
||||||
<file>/etc/httpd/conf.d/ssl.conf</file>
|
|
||||||
<file>/etc/httpd/ssl/server.ca</file>
|
|
||||||
<file>/etc/httpd/ssl/server.crt</file>
|
|
||||||
<file>/etc/httpd/ssl/server.key</file>
|
|
||||||
<file engine="none" source="sysuser-httpd.conf">/sysusers.d/httpd.conf</file>
|
|
||||||
<file engine="none" source="tmpfile-httpd.conf">/tmpfiles.d/0httpd.conf</file>
|
|
||||||
</service>
|
|
||||||
</services>
|
|
||||||
<variables>
|
|
||||||
<family name="nginx">
|
|
||||||
<variable name="php_fpm_user" redefine="True" exists="True">
|
|
||||||
<value>apache</value>
|
|
||||||
</variable>
|
|
||||||
</family>
|
|
||||||
<family name="apache" description="Apache" help="Paramètrage avancé du serveur web Apache">
|
|
||||||
<variable name="apache_timeout" type="number" description="Temps en secondes pendant lequel le serveur va attendre des entrées/sorties avant de considérer qu'une requête a échoué">
|
|
||||||
<value>300</value>
|
|
||||||
</variable>
|
|
||||||
<variable name="apache_keepalive" type="boolean" description="Autoriser les connexions persistantes"/>
|
|
||||||
<variable name="server_ca" hidden="True"/>
|
|
||||||
</family>
|
|
||||||
</variables>
|
|
||||||
<constraints>
|
|
||||||
<fill name="get_chain">
|
|
||||||
<param name="authority_cn" type="variable">revprox_client_server_domainname</param>
|
|
||||||
<param name="authority_name">InternalReverseProxy</param>
|
|
||||||
<param name="hide" type="variable">hide_secret</param>
|
|
||||||
<target>server_ca</target>
|
|
||||||
</fill>
|
|
||||||
</constraints>
|
|
||||||
</rougail>
|
|
23
seed/apache/dictionaries/20_web.yml
Normal file
23
seed/apache/dictionaries/20_web.yml
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
---
|
||||||
|
version: 1.1
|
||||||
|
|
||||||
|
nginx:
|
||||||
|
|
||||||
|
php_fpm_user:
|
||||||
|
redefine: true
|
||||||
|
exists: true
|
||||||
|
default: apache
|
||||||
|
|
||||||
|
apache:
|
||||||
|
description: Apache
|
||||||
|
help: Advance Apache web server settings
|
||||||
|
mode: advanced
|
||||||
|
|
||||||
|
apache_timeout:
|
||||||
|
description: >-
|
||||||
|
Amount of time the server will wait for certain events before failing a
|
||||||
|
request
|
||||||
|
help: Time in seconds
|
||||||
|
default: 300
|
||||||
|
|
||||||
|
apache_keepalive: true # Enables HTTP persistent connections
|
|
@ -1 +1 @@
|
||||||
PKG="$PKG mod_ssl"
|
PKG="$PKG httpd mod_ssl"
|
||||||
|
|
|
@ -1,15 +1,15 @@
|
||||||
# Timeout
|
# Timeout
|
||||||
Timeout %%apache_timeout
|
Timeout {{ general.apache.apache_timeout }}
|
||||||
|
|
||||||
# Keepalive
|
# Keepalive
|
||||||
%if %%apache_keepalive
|
{% if general.apache.apache_keepalive %}
|
||||||
KeepAlive On
|
KeepAlive On
|
||||||
%else
|
{% else %}
|
||||||
KeepAlive Off
|
KeepAlive Off
|
||||||
%end if
|
{% endif %}
|
||||||
MaxKeepAliveRequests 50
|
MaxKeepAliveRequests 50
|
||||||
KeepAliveTimeout %%apache_timeout
|
KeepAliveTimeout {{ general.apache.apache_timeout }}
|
||||||
|
|
||||||
# RemoteIp
|
# RemoteIp
|
||||||
RemoteIPHeader X-Forwarded-For
|
RemoteIPHeader X-Forwarded-For
|
||||||
RemoteIPInternalProxy %%revprox_client_server_ip
|
RemoteIPInternalProxy {{ general.revprox.revprox_client_server_ip }}
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
%%server_ca
|
|
|
@ -1 +0,0 @@
|
||||||
%%get_certificate(%%domain_name_eth0, authority_cn=%%revprox_client_server_domainname, authority_name="InternalReverseProxy", hide=%%hide_secret)
|
|
|
@ -1 +0,0 @@
|
||||||
%%get_private_key(%%domain_name_eth0, authority_cn=%%revprox_client_server_domainname, authority_name="InternalReverseProxy", hide=%%hide_secret)
|
|
|
@ -100,7 +100,7 @@ SSLProxyCipherSuite PROFILE=SYSTEM
|
||||||
# require an ECC certificate which can also be configured in
|
# require an ECC certificate which can also be configured in
|
||||||
# parallel.
|
# parallel.
|
||||||
# GNUNUX SSLCertificateFile /etc/pki/tls/certs/localhost.crt
|
# GNUNUX SSLCertificateFile /etc/pki/tls/certs/localhost.crt
|
||||||
SSLCertificateFile /etc/httpd/ssl/server.crt
|
SSLCertificateFile {{ general.tls_cert_directory }}/revprox.crt
|
||||||
|
|
||||||
# Server Private Key:
|
# Server Private Key:
|
||||||
# If the key is not combined with the certificate, use this
|
# If the key is not combined with the certificate, use this
|
||||||
|
@ -109,7 +109,7 @@ SSLCertificateFile /etc/httpd/ssl/server.crt
|
||||||
# both in parallel (to also allow the use of DSA ciphers, etc.)
|
# both in parallel (to also allow the use of DSA ciphers, etc.)
|
||||||
# ECC keys, when in use, can also be configured in parallel
|
# ECC keys, when in use, can also be configured in parallel
|
||||||
# GNUNUX SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
|
# GNUNUX SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
|
||||||
SSLCertificateKeyFile /etc/httpd/ssl/server.key
|
SSLCertificateKeyFile {{ general.tls_key_directory }}/revprox.key
|
||||||
|
|
||||||
# Server Certificate Chain:
|
# Server Certificate Chain:
|
||||||
# Point SSLCertificateChainFile at a file containing the
|
# Point SSLCertificateChainFile at a file containing the
|
||||||
|
@ -126,7 +126,7 @@ SSLCertificateKeyFile /etc/httpd/ssl/server.key
|
||||||
# huge file containing all of them (file must be PEM encoded)
|
# huge file containing all of them (file must be PEM encoded)
|
||||||
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
|
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
|
||||||
#>GNUNUX
|
#>GNUNUX
|
||||||
SSLCACertificateFile /etc/httpd/ssl/server.ca
|
SSLCACertificateFile {{ general.tls_ca_directory }}/InternalReverseProxy.crt
|
||||||
#<GNUNUX
|
#<GNUNUX
|
||||||
|
|
||||||
# Client Authentication (Type):
|
# Client Authentication (Type):
|
||||||
|
|
30
seed/base-debian-bullseye/README.md
Normal file
30
seed/base-debian-bullseye/README.md
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
---
|
||||||
|
gitea: none
|
||||||
|
include_toc: true
|
||||||
|
---
|
||||||
|
|
||||||
|
|
||||||
|
[Return to the list of application services.](../README.md)
|
||||||
|
# base-debian-bullseye
|
||||||
|
|
||||||
|
## Synopsis
|
||||||
|
|
||||||
|
|
||||||
|
[Base information of a Debian Bulleye server.](https://www.debian.org/)
|
||||||
|
|
||||||
|
## Dependances
|
||||||
|
|
||||||
|
- [base-debian](../base-debian/README.md): Base information of a Debian server.
|
||||||
|
- [systemd](../systemd/README.md): Systemd, a system and service manager.
|
||||||
|
- [base-machine](../base-machine/README.md): Base information for a machine.
|
||||||
|
- [base](../base/README.md): Base of all application services.
|
||||||
|
- [dns-local](../dns-local/README.md): DNS client with access to local zones.
|
||||||
|
- [pki-tls](../pki-tls/README.md): Autosign PKI or Let's encrypt support for TLS certificates.
|
||||||
|
- [journald](../journald/README.md): Journald.
|
||||||
|
- [resolved](../resolved/README.md): Resolved.
|
||||||
|
|
||||||
|
## Used by
|
||||||
|
|
||||||
|
- [odoo](../odoo/README.md)
|
||||||
|
- [mailman](../mailman/README.md)
|
||||||
|
- [lemonldap](../lemonldap/README.md)
|
|
@ -1,4 +1,7 @@
|
||||||
|
---
|
||||||
format: '0.1'
|
format: '0.1'
|
||||||
description: Information de base d'un serveur Debian Buster
|
description: Base information of a Debian Bulleye server
|
||||||
|
website: https://www.debian.org/
|
||||||
depends:
|
depends:
|
||||||
- base-debian
|
- base-debian
|
||||||
|
distribution: true
|
||||||
|
|
|
@ -1,13 +0,0 @@
|
||||||
<?xml version="1.0" encoding="utf-8"?>
|
|
||||||
<rougail version="0.10">
|
|
||||||
<services>
|
|
||||||
<service name="dnssec" manage="False">
|
|
||||||
<file>/etc/dnssec-trust-anchors.d/local.negative</file>
|
|
||||||
</service>
|
|
||||||
</services>
|
|
||||||
<variables>
|
|
||||||
<variable name="os_version" type="string" description="Version de l'OS" hidden="True">
|
|
||||||
<value>bullseye</value>
|
|
||||||
</variable>
|
|
||||||
</variables>
|
|
||||||
</rougail>
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
version: 1.1
|
||||||
|
|
||||||
|
os_version:
|
||||||
|
description: Version de l'OS
|
||||||
|
hidden: true
|
||||||
|
default: bullseye
|
|
@ -1,2 +1,2 @@
|
||||||
%set %%domain=%%domain_name_eth0.split('.', 1)[1]
|
{% set domain = domain_name_eth0.split('.', 1)[1] %}
|
||||||
%%domain
|
{{ domain }}
|
||||||
|
|
27
seed/base-debian/README.md
Normal file
27
seed/base-debian/README.md
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
---
|
||||||
|
gitea: none
|
||||||
|
include_toc: true
|
||||||
|
---
|
||||||
|
|
||||||
|
|
||||||
|
[Return to the list of application services.](../README.md)
|
||||||
|
# base-debian
|
||||||
|
|
||||||
|
## Synopsis
|
||||||
|
|
||||||
|
|
||||||
|
[Base information of a Debian server.](https://www.debian.org/)
|
||||||
|
|
||||||
|
## Dependances
|
||||||
|
|
||||||
|
- [systemd](../systemd/README.md): Systemd, a system and service manager.
|
||||||
|
- [base-machine](../base-machine/README.md): Base information for a machine.
|
||||||
|
- [base](../base/README.md): Base of all application services.
|
||||||
|
- [dns-local](../dns-local/README.md): DNS client with access to local zones.
|
||||||
|
- [pki-tls](../pki-tls/README.md): Autosign PKI or Let's encrypt support for TLS certificates.
|
||||||
|
- [journald](../journald/README.md): Journald.
|
||||||
|
- [resolved](../resolved/README.md): Resolved.
|
||||||
|
|
||||||
|
## Used by
|
||||||
|
|
||||||
|
[base-debian-bullseye](../base-debian-bullseye/README.md)
|
|
@ -1,5 +1,6 @@
|
||||||
|
---
|
||||||
format: '0.1'
|
format: '0.1'
|
||||||
description: Information de base d'un serveur Debian
|
description: Base information of a Debian server
|
||||||
|
website: https://www.debian.org/
|
||||||
depends:
|
depends:
|
||||||
- base-machine
|
|
||||||
- systemd
|
- systemd
|
||||||
|
|
|
@ -1,15 +0,0 @@
|
||||||
<?xml version="1.0" encoding="utf-8"?>
|
|
||||||
<rougail version="0.10">
|
|
||||||
<services>
|
|
||||||
<service name="debian" manage="False">
|
|
||||||
<file engine="none" source="tmpfile-tmp.conf">/tmpfiles.d/0tmp.conf</file>
|
|
||||||
<file engine="none">/etc/default/locale</file>
|
|
||||||
</service>
|
|
||||||
</services>
|
|
||||||
<variables>
|
|
||||||
<variable name="os_name" type="string" description="Nom de l'OS" hidden="True">
|
|
||||||
<value>Debian</value>
|
|
||||||
</variable>
|
|
||||||
</variables>
|
|
||||||
</rougail>
|
|
||||||
|
|
7
seed/base-debian/dictionaries/11_debian-base.yml
Normal file
7
seed/base-debian/dictionaries/11_debian-base.yml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
version: 1.1
|
||||||
|
|
||||||
|
os_name:
|
||||||
|
description: Nom de l'OS
|
||||||
|
hidden: true
|
||||||
|
default: Debian
|
|
@ -1,17 +0,0 @@
|
||||||
<?xml version="1.0" encoding="utf-8"?>
|
|
||||||
<rougail version="0.10">
|
|
||||||
<services>
|
|
||||||
<service name="update-ca-certificates" engine="creole" target="multi-user"/>
|
|
||||||
</services>
|
|
||||||
<variables>
|
|
||||||
<variable name="tls_ca_directory" type="filename" description="Répertoire des autorités de certification" hidden="True">
|
|
||||||
<value>/etc/ssl-localca</value>
|
|
||||||
</variable>
|
|
||||||
<variable name="tls_cert_directory" type="filename" description="Répertoire des certificats" hidden="True">
|
|
||||||
<value>/etc/ssl/certs</value>
|
|
||||||
</variable>
|
|
||||||
<variable name="tls_key_directory" type="filename" description="Répertoire des clefs privés" hidden="True">
|
|
||||||
<value>/etc/ssl/private</value>
|
|
||||||
</variable>
|
|
||||||
</variables>
|
|
||||||
</rougail>
|
|
20
seed/base-debian/dictionaries/17_debian-base.yml
Normal file
20
seed/base-debian/dictionaries/17_debian-base.yml
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
---
|
||||||
|
version: 1.1
|
||||||
|
|
||||||
|
tls_ca_directory:
|
||||||
|
type: unix_filename
|
||||||
|
description: Répertoire des autorités de certification
|
||||||
|
hidden: true
|
||||||
|
default: /etc/ssl-localca
|
||||||
|
|
||||||
|
tls_cert_directory:
|
||||||
|
type: unix_filename
|
||||||
|
description: Répertoire des certificats
|
||||||
|
hidden: true
|
||||||
|
default: /etc/ssl/certs
|
||||||
|
|
||||||
|
tls_key_directory:
|
||||||
|
type: unix_filename
|
||||||
|
description: Répertoire des clefs privés
|
||||||
|
hidden: true
|
||||||
|
default: /etc/ssl/private
|
|
@ -1,2 +1,8 @@
|
||||||
rm -f $IMAGE_NAME_RISOTTO_IMAGE_DIR/etc/resolv.conf
|
rm -f $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/etc/resolv.conf
|
||||||
ln -s ../run/systemd/resolve/stub-resolv.conf $IMAGE_NAME_RISOTTO_IMAGE_DIR/etc/resolv.conf
|
ln -s ../run/systemd/resolve/stub-resolv.conf $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/etc/resolv.conf
|
||||||
|
#mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
|
||||||
|
#chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
|
||||||
|
#ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
|
||||||
|
#ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
|
||||||
|
#ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
|
||||||
|
#ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"
|
||||||
|
|
2
seed/base-debian/templates/systemd-networkd.service
Normal file
2
seed/base-debian/templates/systemd-networkd.service
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
[Unit]
|
||||||
|
After=systemd-tmpfiles-setup.service
|
3
seed/base-debian/templates/sysuser-debian.conf
Normal file
3
seed/base-debian/templates/sysuser-debian.conf
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
g Debian-exim 109
|
||||||
|
u Debian-exim 104:109 "Exim" /var/spool/exim4 /usr/sbin/nologin
|
||||||
|
g kvm 103
|
|
@ -1 +1,3 @@
|
||||||
q /var/tmp 1777 root root 30d
|
q /var/tmp 1777 root root 30d
|
||||||
|
# Keys have good right
|
||||||
|
d /etc/ssl/private 755 root root - -
|
||||||
|
|
|
@ -4,7 +4,7 @@ Before=network-pre.target
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
ExecStart=/usr/sbin/update-ca-certificates --localcertsdir %%tls_ca_directory
|
ExecStart=/usr/sbin/update-ca-certificates --localcertsdir {{ general.tls_ca_directory }}
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
|
28
seed/base-fedora-35/README.md
Normal file
28
seed/base-fedora-35/README.md
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
---
|
||||||
|
gitea: none
|
||||||
|
include_toc: true
|
||||||
|
---
|
||||||
|
|
||||||
|
|
||||||
|
[Return to the list of application services.](../README.md)
|
||||||
|
# base-fedora-35
|
||||||
|
|
||||||
|
## Synopsis
|
||||||
|
|
||||||
|
|
||||||
|
[Base information of a Fedora 35.](https://getfedora.org/)
|
||||||
|
|
||||||
|
## Dependances
|
||||||
|
|
||||||
|
- [base-fedora](../base-fedora/README.md): Base information of a Fedora.
|
||||||
|
- [systemd](../systemd/README.md): Systemd, a system and service manager.
|
||||||
|
- [base-machine](../base-machine/README.md): Base information for a machine.
|
||||||
|
- [base](../base/README.md): Base of all application services.
|
||||||
|
- [dns-local](../dns-local/README.md): DNS client with access to local zones.
|
||||||
|
- [pki-tls](../pki-tls/README.md): Autosign PKI or Let's encrypt support for TLS certificates.
|
||||||
|
- [journald](../journald/README.md): Journald.
|
||||||
|
- [resolved](../resolved/README.md): Resolved.
|
||||||
|
|
||||||
|
## Used by
|
||||||
|
|
||||||
|
[postfix-relay](../postfix-relay/README.md)
|
|
@ -1,4 +1,7 @@
|
||||||
|
---
|
||||||
format: '0.1'
|
format: '0.1'
|
||||||
description: Information de base d'un serveur fedora version 35
|
description: Base information of a Fedora 35
|
||||||
|
website: https://getfedora.org/
|
||||||
depends:
|
depends:
|
||||||
- base-fedora
|
- base-fedora
|
||||||
|
distribution: true
|
||||||
|
|
|
@ -1,8 +0,0 @@
|
||||||
<?xml version="1.0" encoding="utf-8"?>
|
|
||||||
<rougail version="0.10">
|
|
||||||
<variables>
|
|
||||||
<variable name="os_version" type="string" description="Version de l'OS" hidden="True">
|
|
||||||
<value>35</value>
|
|
||||||
</variable>
|
|
||||||
</variables>
|
|
||||||
</rougail>
|
|
7
seed/base-fedora-35/dictionaries/11_fedora-35.yml
Normal file
7
seed/base-fedora-35/dictionaries/11_fedora-35.yml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
version: 1.1
|
||||||
|
|
||||||
|
os_version:
|
||||||
|
description: Version de l'OS
|
||||||
|
hidden: true
|
||||||
|
default: '35'
|
|
@ -1,7 +1,7 @@
|
||||||
# ACTIVE NETWORKD
|
# ACTIVE NETWORKD
|
||||||
mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants
|
mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
|
||||||
chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants
|
chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
|
||||||
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
|
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
|
||||||
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
|
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
|
||||||
ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
|
ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
|
||||||
ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"
|
ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"
|
||||||
|
|
35
seed/base-fedora-36/README.md
Normal file
35
seed/base-fedora-36/README.md
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
---
|
||||||
|
gitea: none
|
||||||
|
include_toc: true
|
||||||
|
---
|
||||||
|
|
||||||
|
|
||||||
|
[Return to the list of application services.](../README.md)
|
||||||
|
# base-fedora-36
|
||||||
|
|
||||||
|
## Synopsis
|
||||||
|
|
||||||
|
|
||||||
|
[Base information of a Fedora 36.](https://getfedora.org/)
|
||||||
|
|
||||||
|
## Dependances
|
||||||
|
|
||||||
|
- [base-fedora](../base-fedora/README.md): Base information of a Fedora.
|
||||||
|
- [systemd](../systemd/README.md): Systemd, a system and service manager.
|
||||||
|
- [base-machine](../base-machine/README.md): Base information for a machine.
|
||||||
|
- [base](../base/README.md): Base of all application services.
|
||||||
|
- [dns-local](../dns-local/README.md): DNS client with access to local zones.
|
||||||
|
- [pki-tls](../pki-tls/README.md): Autosign PKI or Let's encrypt support for TLS certificates.
|
||||||
|
- [journald](../journald/README.md): Journald.
|
||||||
|
- [resolved](../resolved/README.md): Resolved.
|
||||||
|
|
||||||
|
## Used by
|
||||||
|
|
||||||
|
- [piwigo](../piwigo/README.md)
|
||||||
|
- [dovecot](../dovecot/README.md)
|
||||||
|
- [speedtest-rs](../speedtest-rs/README.md)
|
||||||
|
- [roundcube](../roundcube/README.md)
|
||||||
|
- [znc](../znc/README.md)
|
||||||
|
- [vaultwarden](../vaultwarden/README.md)
|
||||||
|
- [mariadb](../mariadb/README.md)
|
||||||
|
- [nextcloud](../nextcloud/README.md)
|
|
@ -1,4 +1,7 @@
|
||||||
|
---
|
||||||
format: '0.1'
|
format: '0.1'
|
||||||
description: Information de base d'un serveur fedora version 36
|
description: Base information of a Fedora 36
|
||||||
|
website: https://getfedora.org/
|
||||||
depends:
|
depends:
|
||||||
- base-fedora
|
- base-fedora
|
||||||
|
distribution: true
|
||||||
|
|
|
@ -1,13 +0,0 @@
|
||||||
<?xml version="1.0" encoding="utf-8"?>
|
|
||||||
<rougail version="0.10">
|
|
||||||
<services>
|
|
||||||
<service name="base">
|
|
||||||
<file engine="none">/etc/pam.d/login</file>
|
|
||||||
</service>
|
|
||||||
</services>
|
|
||||||
<variables>
|
|
||||||
<variable name="os_version" type="string" description="Version de l'OS" hidden="True">
|
|
||||||
<value>36</value>
|
|
||||||
</variable>
|
|
||||||
</variables>
|
|
||||||
</rougail>
|
|
7
seed/base-fedora-36/dictionaries/11_fedora-version.yml
Normal file
7
seed/base-fedora-36/dictionaries/11_fedora-version.yml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
version: 1.1
|
||||||
|
|
||||||
|
os_version:
|
||||||
|
description: Version de l'OS
|
||||||
|
hidden: true
|
||||||
|
default: '36'
|
|
@ -1,7 +1,7 @@
|
||||||
# ACTIVE NETWORKD
|
# ACTIVE NETWORKD
|
||||||
mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants
|
mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
|
||||||
chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants
|
chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
|
||||||
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
|
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
|
||||||
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
|
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
|
||||||
ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
|
ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
|
||||||
ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"
|
ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
BASE_PKG="$BASE_PKG pam"
|
BASE_PKG="$BASE_PKG pam util-linux"
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# File from util-linux-*.x86_64 (not installed)
|
#GNUNUX File from util-linux-*.x86_64 (not installed)
|
||||||
#%PAM-1.0
|
#%PAM-1.0
|
||||||
auth substack system-auth
|
auth substack system-auth
|
||||||
auth include postlogin
|
auth include postlogin
|
||||||
|
|
33
seed/base-fedora-37/README.md
Normal file
33
seed/base-fedora-37/README.md
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
---
|
||||||
|
gitea: none
|
||||||
|
include_toc: true
|
||||||
|
---
|
||||||
|
|
||||||
|
|
||||||
|
[Return to the list of application services.](../README.md)
|
||||||
|
# base-fedora-37
|
||||||
|
|
||||||
|
## Synopsis
|
||||||
|
|
||||||
|
|
||||||
|
[Base information of a Fedora 37.](https://getfedora.org/)
|
||||||
|
|
||||||
|
## Dependances
|
||||||
|
|
||||||
|
- [base-fedora](../base-fedora/README.md): Base information of a Fedora.
|
||||||
|
- [systemd](../systemd/README.md): Systemd, a system and service manager.
|
||||||
|
- [base-machine](../base-machine/README.md): Base information for a machine.
|
||||||
|
- [base](../base/README.md): Base of all application services.
|
||||||
|
- [dns-local](../dns-local/README.md): DNS client with access to local zones.
|
||||||
|
- [pki-tls](../pki-tls/README.md): Autosign PKI or Let's encrypt support for TLS certificates.
|
||||||
|
- [journald](../journald/README.md): Journald.
|
||||||
|
- [resolved](../resolved/README.md): Resolved.
|
||||||
|
|
||||||
|
## Used by
|
||||||
|
|
||||||
|
- [nginx-static](../nginx-static/README.md)
|
||||||
|
- [postgresql](../postgresql/README.md)
|
||||||
|
- [unbound](../unbound/README.md)
|
||||||
|
- [nsd](../nsd/README.md)
|
||||||
|
- [nginx-reverse-proxy](../nginx-reverse-proxy/README.md)
|
||||||
|
- [openldap](../openldap/README.md)
|
7
seed/base-fedora-37/applicationservice.yml
Normal file
7
seed/base-fedora-37/applicationservice.yml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
format: '0.1'
|
||||||
|
description: Base information of a Fedora 37
|
||||||
|
website: https://getfedora.org/
|
||||||
|
depends:
|
||||||
|
- base-fedora
|
||||||
|
distribution: true
|
7
seed/base-fedora-37/dictionaries/11_fedora-version.yml
Normal file
7
seed/base-fedora-37/dictionaries/11_fedora-version.yml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
version: 1.1
|
||||||
|
|
||||||
|
os_version:
|
||||||
|
description: Version de l'OS
|
||||||
|
hidden: true
|
||||||
|
default: '37'
|
|
@ -0,0 +1,7 @@
|
||||||
|
# ACTIVE NETWORKD
|
||||||
|
mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
|
||||||
|
chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
|
||||||
|
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
|
||||||
|
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
|
||||||
|
ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
|
||||||
|
ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"
|
|
@ -0,0 +1 @@
|
||||||
|
BASE_PKG="$BASE_PKG pam util-linux"
|
|
@ -0,0 +1 @@
|
||||||
|
RELEASEVER=37
|
|
@ -1,4 +1,4 @@
|
||||||
# File from util-linux-*.x86_64 (not installed)
|
#GNUNUX File from util-linux-*.x86_64 (not installed)
|
||||||
#%PAM-1.0
|
#%PAM-1.0
|
||||||
auth substack system-auth
|
auth substack system-auth
|
||||||
auth include postlogin
|
auth include postlogin
|
34
seed/base-fedora-38/README.md
Normal file
34
seed/base-fedora-38/README.md
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
---
|
||||||
|
gitea: none
|
||||||
|
include_toc: true
|
||||||
|
---
|
||||||
|
|
||||||
|
|
||||||
|
[Return to the list of application services.](../README.md)
|
||||||
|
# base-fedora-38
|
||||||
|
|
||||||
|
## Synopsis
|
||||||
|
|
||||||
|
|
||||||
|
[Base information of a Fedora 38.](https://getfedora.org/)
|
||||||
|
|
||||||
|
## Dependances
|
||||||
|
|
||||||
|
- [base-fedora](../base-fedora/README.md): Base information of a Fedora.
|
||||||
|
- [systemd](../systemd/README.md): Systemd, a system and service manager.
|
||||||
|
- [base-machine](../base-machine/README.md): Base information for a machine.
|
||||||
|
- [base](../base/README.md): Base of all application services.
|
||||||
|
- [dns-local](../dns-local/README.md): DNS client with access to local zones.
|
||||||
|
- [pki-tls](../pki-tls/README.md): Autosign PKI or Let's encrypt support for TLS certificates.
|
||||||
|
- [journald](../journald/README.md): Journald.
|
||||||
|
- [resolved](../resolved/README.md): Resolved.
|
||||||
|
|
||||||
|
## Used by
|
||||||
|
|
||||||
|
- [grafana](../grafana/README.md)
|
||||||
|
- [peertube](../peertube/README.md)
|
||||||
|
- [vector](../vector/README.md)
|
||||||
|
- [redis](../redis/README.md)
|
||||||
|
- [loki](../loki/README.md)
|
||||||
|
- [forgejo](../forgejo/README.md)
|
||||||
|
- [prometheus](../prometheus/README.md)
|
7
seed/base-fedora-38/applicationservice.yml
Normal file
7
seed/base-fedora-38/applicationservice.yml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
format: '0.1'
|
||||||
|
description: Base information of a Fedora 38
|
||||||
|
website: https://getfedora.org/
|
||||||
|
depends:
|
||||||
|
- base-fedora
|
||||||
|
distribution: true
|
7
seed/base-fedora-38/dictionaries/11_fedora-version.yml
Normal file
7
seed/base-fedora-38/dictionaries/11_fedora-version.yml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
version: 1.1
|
||||||
|
|
||||||
|
os_version:
|
||||||
|
description: Version de l'OS
|
||||||
|
hidden: true
|
||||||
|
default: '38'
|
|
@ -0,0 +1,7 @@
|
||||||
|
# ACTIVE NETWORKD
|
||||||
|
mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
|
||||||
|
chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
|
||||||
|
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
|
||||||
|
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
|
||||||
|
ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
|
||||||
|
ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"
|
|
@ -0,0 +1 @@
|
||||||
|
BASE_PKG="$BASE_PKG pam util-linux"
|
|
@ -0,0 +1 @@
|
||||||
|
RELEASEVER=38
|
17
seed/base-fedora-38/templates/login
Normal file
17
seed/base-fedora-38/templates/login
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
#GNUNUX File from util-linux-*.x86_64 (not installed)
|
||||||
|
#%PAM-1.0
|
||||||
|
auth substack system-auth
|
||||||
|
auth include postlogin
|
||||||
|
account required pam_nologin.so
|
||||||
|
account include system-auth
|
||||||
|
password include system-auth
|
||||||
|
# pam_selinux.so close should be the first session rule
|
||||||
|
session required pam_selinux.so close
|
||||||
|
session required pam_loginuid.so
|
||||||
|
# pam_selinux.so open should only be followed by sessions to be executed in the user context
|
||||||
|
session required pam_selinux.so open
|
||||||
|
session required pam_namespace.so
|
||||||
|
session optional pam_keyinit.so force revoke
|
||||||
|
session include system-auth
|
||||||
|
session include postlogin
|
||||||
|
-session optional pam_ck_connector.so
|
|
@ -1 +1,30 @@
|
||||||
Inspired by: https://pagure.io/fedora-kickstarts/tree/main
|
---
|
||||||
|
gitea: none
|
||||||
|
include_toc: true
|
||||||
|
---
|
||||||
|
|
||||||
|
|
||||||
|
[Return to the list of application services.](../README.md)
|
||||||
|
# base-fedora
|
||||||
|
|
||||||
|
## Synopsis
|
||||||
|
|
||||||
|
|
||||||
|
[Base information of a Fedora.](https://getfedora.org/)
|
||||||
|
|
||||||
|
## Dependances
|
||||||
|
|
||||||
|
- [systemd](../systemd/README.md): Systemd, a system and service manager.
|
||||||
|
- [base-machine](../base-machine/README.md): Base information for a machine.
|
||||||
|
- [base](../base/README.md): Base of all application services.
|
||||||
|
- [dns-local](../dns-local/README.md): DNS client with access to local zones.
|
||||||
|
- [pki-tls](../pki-tls/README.md): Autosign PKI or Let's encrypt support for TLS certificates.
|
||||||
|
- [journald](../journald/README.md): Journald.
|
||||||
|
- [resolved](../resolved/README.md): Resolved.
|
||||||
|
|
||||||
|
## Used by
|
||||||
|
|
||||||
|
- [base-fedora-36](../base-fedora-36/README.md)
|
||||||
|
- [base-fedora-35](../base-fedora-35/README.md)
|
||||||
|
- [base-fedora-38](../base-fedora-38/README.md)
|
||||||
|
- [base-fedora-37](../base-fedora-37/README.md)
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
|
---
|
||||||
format: '0.1'
|
format: '0.1'
|
||||||
description: Information de base d'un serveur Fedora
|
description: Base information of a Fedora
|
||||||
|
website: https://getfedora.org/
|
||||||
depends:
|
depends:
|
||||||
- base-machine
|
|
||||||
- systemd
|
- systemd
|
||||||
|
|
|
@ -1,13 +0,0 @@
|
||||||
<?xml version="1.0" encoding="utf-8"?>
|
|
||||||
<rougail version="0.10">
|
|
||||||
<services>
|
|
||||||
<service name="fedora-base" manage="False">
|
|
||||||
<file engine="none">/tmpfiles.d/fedora.conf</file>
|
|
||||||
</service>
|
|
||||||
</services>
|
|
||||||
<variables>
|
|
||||||
<variable name="os_name" type="string" description="Nom de l'OS" hidden="True">
|
|
||||||
<value>Fedora</value>
|
|
||||||
</variable>
|
|
||||||
</variables>
|
|
||||||
</rougail>
|
|
7
seed/base-fedora/dictionaries/11_fedora-base.yml
Normal file
7
seed/base-fedora/dictionaries/11_fedora-base.yml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
version: 1.1
|
||||||
|
|
||||||
|
os_name:
|
||||||
|
description: Nom de l'OS
|
||||||
|
hidden: true
|
||||||
|
default: Fedora
|
|
@ -1,17 +0,0 @@
|
||||||
<?xml version="1.0" encoding="utf-8"?>
|
|
||||||
<rougail version="0.10">
|
|
||||||
<services>
|
|
||||||
<service name="update-ca-trust" engine="creole" target="multi-user"/>
|
|
||||||
</services>
|
|
||||||
<variables>
|
|
||||||
<variable name="tls_ca_directory" type="filename" description="Nom du répertoire des autorités de certification" hidden="True">
|
|
||||||
<value>/etc/pki/ca-trust/source/anchors</value>
|
|
||||||
</variable>
|
|
||||||
<variable name="tls_cert_directory" type="filename" description="Nom du répertoire des certificats" hidden="True">
|
|
||||||
<value>/etc/pki/tls/certs</value>
|
|
||||||
</variable>
|
|
||||||
<variable name="tls_key_directory" type="filename" description="Nom du répertoire des clefs privés" hidden="True">
|
|
||||||
<value>/etc/pki/tls/private</value>
|
|
||||||
</variable>
|
|
||||||
</variables>
|
|
||||||
</rougail>
|
|
20
seed/base-fedora/dictionaries/17_fedora-base.yml
Normal file
20
seed/base-fedora/dictionaries/17_fedora-base.yml
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
---
|
||||||
|
version: 1.1
|
||||||
|
|
||||||
|
tls_ca_directory:
|
||||||
|
type: unix_filename
|
||||||
|
description: Nom du répertoire des autorités de certification
|
||||||
|
hidden: true
|
||||||
|
default: /etc/pki/ca-trust/source/anchors
|
||||||
|
|
||||||
|
tls_cert_directory:
|
||||||
|
type: unix_filename
|
||||||
|
description: Nom du répertoire des certificats
|
||||||
|
hidden: true
|
||||||
|
default: /etc/pki/tls/certs
|
||||||
|
|
||||||
|
tls_key_directory:
|
||||||
|
type: unix_filename
|
||||||
|
description: Nom du répertoire des clefs privés
|
||||||
|
hidden: true
|
||||||
|
default: /etc/pki/tls/private
|
1
seed/base-fedora/infos.md
Normal file
1
seed/base-fedora/infos.md
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Inspired by: https://pagure.io/fedora-kickstarts/tree/main
|
|
@ -1,4 +1,4 @@
|
||||||
BASE_PKG="systemd systemd-networkd systemd-resolved fedora-release-container lsof strace glibc-langpack-fr $BASE_PKG"
|
BASE_PKG="systemd systemd-networkd systemd-resolved fedora-release-container lsof strace glibc-langpack-fr $BASE_PKG"
|
||||||
INSTALL_TOOL="dnf"
|
INSTALL_TOOL="dnf"
|
||||||
OS_NAME='fedora'
|
OS_NAME='fedora'
|
||||||
REPO_DIR="$IMAGE_NAME_RISOTTO_IMAGE_DIR/etc/yum.repos.d/"
|
REPO_DIR="$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/etc/yum.repos.d/"
|
||||||
|
|
32
seed/base-machine/README.md
Normal file
32
seed/base-machine/README.md
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
---
|
||||||
|
gitea: none
|
||||||
|
include_toc: true
|
||||||
|
---
|
||||||
|
|
||||||
|
|
||||||
|
[Return to the list of application services.](../README.md)
|
||||||
|
# base-machine
|
||||||
|
|
||||||
|
## Synopsis
|
||||||
|
|
||||||
|
Base information for a machine.
|
||||||
|
|
||||||
|
|
||||||
|
## Variables
|
||||||
|
|
||||||
|
### Machine
|
||||||
|
|
||||||
|
| Parameter | Comments |
|
||||||
|
|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------|
|
||||||
|
| **[machine.data_disk_size](extras/machine/00_base.xml)**<br/>**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Data disk size. |
|
||||||
|
|
||||||
|
|
||||||
|
## Dependances
|
||||||
|
|
||||||
|
- [base](../base/README.md): Base of all application services.
|
||||||
|
- [dns-local](../dns-local/README.md): DNS client with access to local zones.
|
||||||
|
- [pki-tls](../pki-tls/README.md): Autosign PKI or Let's encrypt support for TLS certificates.
|
||||||
|
|
||||||
|
## Used by
|
||||||
|
|
||||||
|
[systemd](../systemd/README.md)
|
|
@ -1,5 +1,7 @@
|
||||||
|
---
|
||||||
format: '0.1'
|
format: '0.1'
|
||||||
description: Base information for a machine
|
description: Base information for a machine
|
||||||
depends:
|
depends:
|
||||||
- base
|
- base
|
||||||
- dns-local
|
- dns-local
|
||||||
|
- pki-tls
|
||||||
|
|
|
@ -1,48 +0,0 @@
|
||||||
<?xml version="1.0" encoding="utf-8"?>
|
|
||||||
<rougail version="0.10">
|
|
||||||
<services>
|
|
||||||
<service name="base" manage="False">
|
|
||||||
<file engine="none">/etc/locale.conf</file>
|
|
||||||
</service>
|
|
||||||
</services>
|
|
||||||
<variables>
|
|
||||||
<variable name="hide_secret" type="boolean" description="Les secrets sont obscurcis" mode="expert" help="Obscurcir les secrets peut permettre de générer des configurations diffusable sans problème de confidentialité ou pour comparer deux configurations générés à des moments différents">
|
|
||||||
<value>False</value>
|
|
||||||
</variable>
|
|
||||||
<family name="network" description="Réseau">
|
|
||||||
<variable name="server_name" type="domainname" hidden="True" provider="global:server_name" mandatory="True"/>
|
|
||||||
<variable name="zones_list" type="string" multi="True" description="Liste de toutes les zones" mandatory="True" hidden="True" provider="global:zones_name"/>
|
|
||||||
<variable name="interfaces_list" type="number" multi="True" description="Liste de tous les numéros d'interfaces" hidden="True" provider="global:zones_list"/>
|
|
||||||
<family name="interface_" description="Interface " dynamic="interfaces_list">
|
|
||||||
<variable name="zone_name_eth" type="string" description="Nom de la zone de l'interface " hidden="True" mandatory="True"/>
|
|
||||||
<variable name="ip_eth" type="ip" description="Adresse IP pour l'interface " hidden="True" mandatory="True"/>
|
|
||||||
<variable name="network_eth" type="network_cidr" description="Réseau de l'interface " hidden="True"/>
|
|
||||||
<variable name="gateway_eth" type="ip" description="La route de l'interface "/>
|
|
||||||
<variable name="domain_name_eth" type="domainname" description="Nom de domaine pour l'interface " mandatory="True" hidden="True" provider="global:server_names"/>
|
|
||||||
</family>
|
|
||||||
</family>
|
|
||||||
</variables>
|
|
||||||
<constraints>
|
|
||||||
<fill name="get_ip">
|
|
||||||
<param name="server_name" type="variable">domain_name_eth</param>
|
|
||||||
<target>ip_eth</target>
|
|
||||||
</fill>
|
|
||||||
<fill name="get_zone_name">
|
|
||||||
<param type="variable">zones_list</param>
|
|
||||||
<param name="index" type="suffix"/>
|
|
||||||
<target>zone_name_eth</target>
|
|
||||||
</fill>
|
|
||||||
<fill name="zone_information">
|
|
||||||
<param type="variable">zone_name_eth</param>
|
|
||||||
<param>network</param>
|
|
||||||
<target>network_eth</target>
|
|
||||||
</fill>
|
|
||||||
<fill name="zone_information">
|
|
||||||
<param type="variable">zone_name_eth</param>
|
|
||||||
<param>gateway</param>
|
|
||||||
<param name="index" type="suffix"/>
|
|
||||||
<target>gateway_eth</target>
|
|
||||||
</fill>
|
|
||||||
</constraints>
|
|
||||||
</rougail>
|
|
||||||
|
|
129
seed/base-machine/dictionaries/12_base.yml
Normal file
129
seed/base-machine/dictionaries/12_base.yml
Normal file
|
@ -0,0 +1,129 @@
|
||||||
|
---
|
||||||
|
version: 1.1
|
||||||
|
|
||||||
|
hide_secret:
|
||||||
|
description: Les secrets sont obscurcis
|
||||||
|
mode: advanced
|
||||||
|
help: >-
|
||||||
|
Obscurcir les secrets peut permettre de générer des configurations
|
||||||
|
diffusable sans problème de confidentialité ou pour comparer deux
|
||||||
|
configurations générés à des moments différents
|
||||||
|
hidden: true
|
||||||
|
default: false
|
||||||
|
|
||||||
|
base:
|
||||||
|
|
||||||
|
time_zone:
|
||||||
|
provider: Host:time_zone
|
||||||
|
hidden: true
|
||||||
|
mandatory: false
|
||||||
|
|
||||||
|
module_name:
|
||||||
|
hidden: true
|
||||||
|
provider: global:module_name
|
||||||
|
|
||||||
|
network:
|
||||||
|
|
||||||
|
server_name:
|
||||||
|
description: Nom de domaine du serveur
|
||||||
|
type: domainname
|
||||||
|
hidden: true
|
||||||
|
provider: global:server_name
|
||||||
|
|
||||||
|
last_server_name:
|
||||||
|
type: domainname
|
||||||
|
hidden: true
|
||||||
|
default:
|
||||||
|
jinja: >-
|
||||||
|
{%- if domain_name -%}
|
||||||
|
{{ domain_name[-1] }}
|
||||||
|
{%- endif -%}
|
||||||
|
params:
|
||||||
|
domain_name:
|
||||||
|
variable: >-
|
||||||
|
_.interface_{{ suffix }}.domain_name
|
||||||
|
|
||||||
|
zones_list:
|
||||||
|
multi: true
|
||||||
|
description: Liste de toutes les zones
|
||||||
|
hidden: true
|
||||||
|
provider: global:zones_name
|
||||||
|
|
||||||
|
interfaces_list:
|
||||||
|
type: number
|
||||||
|
multi: true
|
||||||
|
description: Liste de tous les numéros d'interfaces
|
||||||
|
hidden: true
|
||||||
|
provider: global:zones_list
|
||||||
|
mandatory: false
|
||||||
|
|
||||||
|
"interface_{{ suffix }}":
|
||||||
|
description: 'Interface {{ suffix }}'
|
||||||
|
dynamic:
|
||||||
|
variable: general.network.interfaces_list
|
||||||
|
|
||||||
|
zone_name:
|
||||||
|
description: "Nom de la zone de l'interface {{ suffix }}"
|
||||||
|
hidden: true
|
||||||
|
default:
|
||||||
|
jinja: >-
|
||||||
|
{%- if __.zones_list -%}
|
||||||
|
{{ __.zones_list[index] }}
|
||||||
|
{%- endif -%}
|
||||||
|
params:
|
||||||
|
index:
|
||||||
|
type: suffix
|
||||||
|
|
||||||
|
ip:
|
||||||
|
type: ip
|
||||||
|
description: "Adresse IP pour l'interface {{ suffix }}"
|
||||||
|
hidden: true
|
||||||
|
default:
|
||||||
|
jinja: >-
|
||||||
|
{{ zones | get_ip(server_name=_.domain_name) }}
|
||||||
|
params:
|
||||||
|
zones:
|
||||||
|
information: zones
|
||||||
|
|
||||||
|
network:
|
||||||
|
type: network_cidr
|
||||||
|
description: "Réseau de l'interface {{ suffix }}"
|
||||||
|
hidden: true
|
||||||
|
default:
|
||||||
|
jinja: >-
|
||||||
|
{{ zones | get_zones_info("network", zone_name=_.zone_name) }}
|
||||||
|
params:
|
||||||
|
zones:
|
||||||
|
information: zones
|
||||||
|
|
||||||
|
gateway:
|
||||||
|
type: ip
|
||||||
|
description: "La route de l'interface {{ suffix }}"
|
||||||
|
hidden: true
|
||||||
|
default:
|
||||||
|
jinja: >-
|
||||||
|
{{ zones | get_zones_info("host_ip",
|
||||||
|
zone_name=_.zone_name,
|
||||||
|
index=index)
|
||||||
|
}}
|
||||||
|
params:
|
||||||
|
zones:
|
||||||
|
information: zones
|
||||||
|
index:
|
||||||
|
type: suffix
|
||||||
|
disabled:
|
||||||
|
jinja: >-
|
||||||
|
{%- if index == 0 -%}
|
||||||
|
false
|
||||||
|
{%- else -%}
|
||||||
|
true
|
||||||
|
{%- endif -%}
|
||||||
|
params:
|
||||||
|
index:
|
||||||
|
type: suffix
|
||||||
|
|
||||||
|
domain_name:
|
||||||
|
type: domainname
|
||||||
|
description: "Nom de domaine pour l'interface {{ suffix }}"
|
||||||
|
hidden: true
|
||||||
|
provider: global:server_names
|
|
@ -1,14 +0,0 @@
|
||||||
<?xml version="1.0" encoding="utf-8"?>
|
|
||||||
<rougail version="0.10">
|
|
||||||
<variables>
|
|
||||||
<variable name='name' description="Machine name" type="domainname" hidden="True"/>
|
|
||||||
<variable name='data_disk_size' description="Data disk size" type="number"/>
|
|
||||||
</variables>
|
|
||||||
<constraints>
|
|
||||||
<fill name="calc_value">
|
|
||||||
<param type="variable">domain_name_eth0</param>
|
|
||||||
<target>machine.name</target>
|
|
||||||
</fill>
|
|
||||||
</constraints>
|
|
||||||
</rougail>
|
|
||||||
|
|
14
seed/base-machine/extras/machine/00_base.yml
Normal file
14
seed/base-machine/extras/machine/00_base.yml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
---
|
||||||
|
version: 1.1
|
||||||
|
|
||||||
|
name:
|
||||||
|
description: Machine name
|
||||||
|
type: domainname
|
||||||
|
hidden: true
|
||||||
|
default:
|
||||||
|
variable: general.network.server_name
|
||||||
|
|
||||||
|
data_disk_size:
|
||||||
|
description: Data disk size
|
||||||
|
type: number
|
||||||
|
mandatory: false
|
|
@ -2,22 +2,19 @@ import __main__
|
||||||
from secrets import token_urlsafe as _token_urlsafe, token_hex as _token_hex
|
from secrets import token_urlsafe as _token_urlsafe, token_hex as _token_hex
|
||||||
from string import ascii_letters as _ascii_letters
|
from string import ascii_letters as _ascii_letters
|
||||||
from random import choice as _choice
|
from random import choice as _choice
|
||||||
from os.path import dirname as _dirname, abspath as _abspath, join as _join, isfile as _isfile, isdir as _isdir
|
from os.path import join as _join, isfile as _isfile, isdir as _isdir
|
||||||
from os import makedirs as _makedirs
|
from os import makedirs as _makedirs, environ as _environ
|
||||||
|
|
||||||
|
|
||||||
#from risotto.utils import ZONES_SERVER
|
_HERE = _environ['PWD']
|
||||||
|
|
||||||
|
|
||||||
_HERE = _dirname(_abspath(__main__.__file__))
|
|
||||||
_PASSWORD_DIR = _join(_HERE, 'password')
|
_PASSWORD_DIR = _join(_HERE, 'password')
|
||||||
|
|
||||||
|
|
||||||
def get_password(server_name: str,
|
def get_password(username: str,
|
||||||
username: str,
|
|
||||||
description: str,
|
description: str,
|
||||||
type: str,
|
type: str,
|
||||||
hide: bool,
|
hide: bool,
|
||||||
|
server_name: str='none',
|
||||||
length: int=20,
|
length: int=20,
|
||||||
temporary: bool=True,
|
temporary: bool=True,
|
||||||
) -> str:
|
) -> str:
|
||||||
|
@ -79,10 +76,3 @@ def _set_password(server_name: str,
|
||||||
with open(file_name, 'r') as fh:
|
with open(file_name, 'r') as fh:
|
||||||
file_content = fh.read().strip()
|
file_content = fh.read().strip()
|
||||||
return file_content
|
return file_content
|
||||||
|
|
||||||
|
|
||||||
def get_zone_name(zones: list,
|
|
||||||
index: str,
|
|
||||||
):
|
|
||||||
if zones is not None:
|
|
||||||
return zones[int(index)]
|
|
||||||
|
|
|
@ -1,42 +0,0 @@
|
||||||
#!/bin/bash -e
|
|
||||||
|
|
||||||
HOST_NAME=$1
|
|
||||||
START=$2
|
|
||||||
if [ -z "$HOST_NAME" ]; then
|
|
||||||
echo "usage: $0 host name"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
. config.sh
|
|
||||||
|
|
||||||
MACHINES=""
|
|
||||||
for image in *; do
|
|
||||||
if [ -d "$image" ]; then
|
|
||||||
for os in $image/configurations/*; do
|
|
||||||
if [ -d "$os" ]; then
|
|
||||||
machine="$(basename $os)"
|
|
||||||
if [ -d "/var/lib/risotto/srv/$machine" ]; then
|
|
||||||
MACHINES="$MACHINES$machine "
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
cd /var/lib/risotto/srv/
|
|
||||||
mkdir -p "$BACKUP_DIR"
|
|
||||||
for machine in $MACHINES; do
|
|
||||||
machinectl stop $machine || true
|
|
||||||
while true; do
|
|
||||||
machinectl status "$machine" > /dev/null 2>&1 || break
|
|
||||||
sleep 1
|
|
||||||
done
|
|
||||||
BACKUP_FILE="$BACKUP_DIR/backup_$machine.tar.bz2"
|
|
||||||
rm -f "$BACKUP_FILE"
|
|
||||||
tar -cvJf $BACKUP_FILE $machine
|
|
||||||
done
|
|
||||||
|
|
||||||
if [ -z "$START" ]; then
|
|
||||||
machinectl start $MACHINES
|
|
||||||
fi
|
|
||||||
|
|
||||||
exit 0
|
|
|
@ -1,35 +0,0 @@
|
||||||
#!/bin/bash -e
|
|
||||||
|
|
||||||
HOST_NAME=$1
|
|
||||||
if [ -z "$HOST_NAME" ]; then
|
|
||||||
echo "usage: $0 host name"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
# remove current rules
|
|
||||||
systemctl stop risottofirewall.service || true
|
|
||||||
apt install --yes systemd-container dnf jq debootstrap htop gettext patch unzip mlocate xz-utils iptables
|
|
||||||
systemd-tmpfiles --create --clean --remove $PWD/host/configurations/$HOST_NAME/tmpfiles.d/0asystemd-nspawn.conf
|
|
||||||
systemd-tmpfiles --create --clean --remove $PWD/host/configurations/$HOST_NAME/tmpfiles.d/0rougail.conf
|
|
||||||
systemctl daemon-reload
|
|
||||||
systemctl restart systemd-sysctl.service
|
|
||||||
systemctl enable systemd-networkd
|
|
||||||
systemctl restart systemd-networkd
|
|
||||||
systemctl enable systemd-resolved
|
|
||||||
systemctl restart systemd-resolved
|
|
||||||
# systemctl mask dev-hugepages.mount
|
|
||||||
systemctl enable risotto-images.timer
|
|
||||||
systemctl restart risotto-images.timer
|
|
||||||
systemctl enable risottofirewall.service
|
|
||||||
systemctl start risottofirewall.service
|
|
||||||
|
|
||||||
#nft add table nat
|
|
||||||
#nft flush table nat;
|
|
||||||
#nft 'add chain nat prerouting { type nat hook prerouting priority -100; }'
|
|
||||||
#nft 'add rule nat prerouting iif enp0s3 tcp dport { 80, 443 } dnat to 192.168.45.12'
|
|
||||||
#nft 'add chain nat postrouting { type nat hook postrouting priority -100; }'
|
|
||||||
#nft 'add rule nat postrouting ip saddr 192.168.45.10 oif enp0s8 tcp dport 53 snat to 10.0.3.15'
|
|
||||||
#nft 'add rule nat postrouting ip saddr 192.168.45.10 oif enp0s8 udp dport 53 snat to 10.0.3.15'
|
|
||||||
|
|
||||||
echo "install host OK"
|
|
||||||
|
|
||||||
exit 0
|
|
|
@ -1,177 +0,0 @@
|
||||||
#!/bin/bash -e
|
|
||||||
|
|
||||||
HOST_NAME=$1
|
|
||||||
IMAGE_NAME=$2
|
|
||||||
|
|
||||||
if [ -z "$IMAGE_NAME" ]; then
|
|
||||||
echo "PAS DE NOM DE MODULE"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
. config.sh
|
|
||||||
|
|
||||||
rm -rf "$IMAGE_NAME_RISOTTO_IMAGE_DIR" tmp
|
|
||||||
mkdir -p "$RISOTTO_IMAGE_DIR"
|
|
||||||
PKG=""
|
|
||||||
BASE_DIR=""
|
|
||||||
for script in $(ls $IMAGE_NAME/manual/preinstall/*.sh 2> /dev/null); do
|
|
||||||
. "$script"
|
|
||||||
done
|
|
||||||
|
|
||||||
if [ -z "$OS_NAME" ]; then
|
|
||||||
echo "NO OS NAME DEFINED"
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
if [ -z "$RELEASEVER" ]; then
|
|
||||||
echo "NO RELEASEVER DEFINED"
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
if [ -z "$INSTALL_TOOL" ]; then
|
|
||||||
echo "NO INSTALL TOOL DEFINED"
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
BASE_NAME="$OS_NAME-$RELEASEVER"
|
|
||||||
BASE_DIR="$IMAGE_BASE_RISOTTO_BASE_DIR/$BASE_NAME"
|
|
||||||
BASE_TAR="$IMAGE_BASE_RISOTTO_BASE_DIR-$BASE_NAME".tar
|
|
||||||
BASE_PKGS_FILE="$IMAGE_BASE_RISOTTO_BASE_DIR-$BASE_NAME.pkgs"
|
|
||||||
BASE_LOCK="$IMAGE_BASE_RISOTTO_BASE_DIR-$BASE_NAME.build"
|
|
||||||
|
|
||||||
function dnf_opt() {
|
|
||||||
INSTALL_DIR=$1
|
|
||||||
INSTALL_PKG=$2
|
|
||||||
echo "--setopt=install_weak_deps=False --nodocs --noplugins --installroot=$INSTALL_DIR --releasever $RELEASEVER install $INSTALL_PKG"
|
|
||||||
}
|
|
||||||
function new_package_base() {
|
|
||||||
if [ "$INSTALL_TOOL" = "dnf" ]; then
|
|
||||||
OPT=$(dnf_opt "$BASE_DIR" "$BASE_PKG")
|
|
||||||
dnf --assumeno $OPT | grep ^" " > "$BASE_PKGS_FILE".new
|
|
||||||
else
|
|
||||||
debootstrap --include="$BASE_PKG" --variant=minbase "$RELEASEVER" "$BASE_DIR" > /dev/null
|
|
||||||
chroot "$BASE_DIR" dpkg-query -f '${binary:Package} ${source:Version}\n' -W > "$BASE_PKGS_FILE".new
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
function install_base() {
|
|
||||||
if [ "$INSTALL_TOOL" = "dnf" ]; then
|
|
||||||
OPT=$(dnf_opt "$BASE_DIR" "$BASE_PKG")
|
|
||||||
dnf --assumeyes $OPT
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
function new_package() {
|
|
||||||
if [ "$INSTALL_TOOL" = "dnf" ]; then
|
|
||||||
OPT=$(dnf_opt "$IMAGE_NAME_RISOTTO_IMAGE_DIR" "$PKG")
|
|
||||||
dnf --assumeno $OPT | grep ^" " > "$IMAGE_NAME_RISOTTO_IMAGE_DIR".pkgs.new
|
|
||||||
else
|
|
||||||
chroot "$IMAGE_NAME_RISOTTO_IMAGE_DIR" apt install --no-install-recommends --yes $PKG -s 2>/dev/null|grep ^"Inst " > "$IMAGE_NAME_RISOTTO_IMAGE_DIR".pkgs.new
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
function install_pkg() {
|
|
||||||
if [ "$INSTALL_TOOL" = "dnf" ]; then
|
|
||||||
OPT=$(dnf_opt "$IMAGE_NAME_RISOTTO_IMAGE_DIR" "$PKG")
|
|
||||||
dnf --assumeyes $OPT
|
|
||||||
else
|
|
||||||
chroot "$IMAGE_NAME_RISOTTO_IMAGE_DIR" apt install --no-install-recommends --yes $PKG
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
if [ ! -f "$BASE_LOCK" ]; then
|
|
||||||
echo " - reinstallation de l'image de base"
|
|
||||||
rm -rf "$BASE_DIR"
|
|
||||||
new_package_base
|
|
||||||
diff -u "$BASE_PKGS_FILE" "$BASE_PKGS_FILE".new && NEW_BASE=false || NEW_BASE=true
|
|
||||||
if [ ! -f "$BASE_TAR" ] || [ "$NEW_BASE" = true ]; then
|
|
||||||
mkdir -p "$IMAGE_BASE_RISOTTO_BASE_DIR"
|
|
||||||
install_base
|
|
||||||
cd "$IMAGE_BASE_RISOTTO_BASE_DIR"
|
|
||||||
tar cf "$BASE_TAR" "$BASE_NAME"
|
|
||||||
cd - > /dev/null
|
|
||||||
if [ -f "$BASE_PKGS_FILE" ]; then
|
|
||||||
mv "$BASE_PKGS_FILE" "$BASE_PKGS_FILE".old
|
|
||||||
fi
|
|
||||||
mv "$BASE_PKGS_FILE".new "$BASE_PKGS_FILE"
|
|
||||||
rm -rf "$IMAGE_BASE_RISOTTO_BASE_DIR"
|
|
||||||
fi
|
|
||||||
rm -rf "$BASE_DIR"
|
|
||||||
touch "$BASE_LOCK"
|
|
||||||
fi
|
|
||||||
|
|
||||||
tar xf "$BASE_TAR"
|
|
||||||
mv "$BASE_NAME" "$IMAGE_NAME_RISOTTO_IMAGE_DIR"
|
|
||||||
if [ -n "$COPR" ]; then
|
|
||||||
#FIXME signature...
|
|
||||||
mkdir -p "$REPO_DIR"
|
|
||||||
cd "$REPO_DIR"
|
|
||||||
wget -q "$COPR"
|
|
||||||
cd - > /dev/null
|
|
||||||
fi
|
|
||||||
if [ "$FUSION" = true ]; then
|
|
||||||
dnf -y install "https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$RELEASEVER.noarch.rpm" --installroot="$IMAGE_NAME_RISOTTO_IMAGE_DIR" > /dev/null
|
|
||||||
fi
|
|
||||||
|
|
||||||
# FIXME verifier s'il y a des modifs sur pre/post
|
|
||||||
if [ -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR".base.pkgs ] && [ -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR".pkgs ]; then
|
|
||||||
echo " - différence(s) avec les paquets de base"
|
|
||||||
diff -u "$IMAGE_NAME_RISOTTO_IMAGE_DIR".base.pkgs "$BASE_PKGS_FILE" && INSTALL=false || INSTALL=true
|
|
||||||
else
|
|
||||||
INSTALL=true
|
|
||||||
fi
|
|
||||||
new_package
|
|
||||||
if [ "$INSTALL" = false ]; then
|
|
||||||
echo " - différence(s) avec les paquets de l'image"
|
|
||||||
diff -u "$IMAGE_NAME_RISOTTO_IMAGE_DIR".pkgs "$IMAGE_NAME_RISOTTO_IMAGE_DIR".pkgs.new && INSTALL=false || INSTALL=true
|
|
||||||
fi
|
|
||||||
find $IMAGE_NAME/manual -type f -exec md5sum '{}' \; > "$IMAGE_NAME_RISOTTO_IMAGE_DIR".md5sum.new
|
|
||||||
if [ "$INSTALL" = false ]; then
|
|
||||||
diff -u "$IMAGE_NAME_RISOTTO_IMAGE_DIR".md5sum "$IMAGE_NAME_RISOTTO_IMAGE_DIR".md5sum.new && INSTALL=false || INSTALL=true
|
|
||||||
fi
|
|
||||||
if [ "$INSTALL" = true ]; then
|
|
||||||
echo " - installation"
|
|
||||||
if [ -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR"_"$RELEASEVER".version ]; then
|
|
||||||
VERSION=$(cat "$IMAGE_NAME_RISOTTO_IMAGE_DIR"_"$RELEASEVER".version)
|
|
||||||
else
|
|
||||||
VERSION=0
|
|
||||||
fi
|
|
||||||
mkdir tmp
|
|
||||||
ORI_DIR=$PWD
|
|
||||||
cd tmp
|
|
||||||
if [ ! "$VERSION" = 0 ]; then
|
|
||||||
tar xf "$IMAGE_NAME_RISOTTO_IMAGE_NAME"
|
|
||||||
if [ "$INSTALL_TOOL" = "apt" ]; then
|
|
||||||
chown _apt "$IMAGE_NAME"
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
mkdir "$IMAGE_NAME"
|
|
||||||
fi
|
|
||||||
cd "$IMAGE_NAME"
|
|
||||||
../../make_changelog "$IMAGE_NAME" "$VERSION" "$OS_NAME" "$RELEASEVER" > "$IMAGE_NAME_RISOTTO_IMAGE_DIR"_"$RELEASEVER"_"$VERSION"_changelog.md
|
|
||||||
cd $ORI_DIR
|
|
||||||
rm -rf tmp
|
|
||||||
install_pkg
|
|
||||||
sleep 2
|
|
||||||
|
|
||||||
for script in $(ls $IMAGE_NAME/manual/postinstall/*.sh 2> /dev/null); do
|
|
||||||
. "$script"
|
|
||||||
done
|
|
||||||
|
|
||||||
CONTAINER=$IMAGE_NAME ./make_volatile /etc
|
|
||||||
if [ ! "$?" = 0 ]; then
|
|
||||||
echo "make_volatile failed"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
cd "$RISOTTO_IMAGE_DIR"
|
|
||||||
#7zr a "$IMAGE_NAME".7z "$IMAGE_NAME"
|
|
||||||
if [ -f "$IMAGE_NAME_RISOTTO_IMAGE_NAME" ]; then
|
|
||||||
mv -f "$IMAGE_NAME_RISOTTO_IMAGE_NAME" "$IMAGE_NAME_RISOTTO_IMAGE_NAME".old
|
|
||||||
fi
|
|
||||||
tar cf "$IMAGE_NAME_RISOTTO_IMAGE_NAME" "$IMAGE_NAME"
|
|
||||||
sha256sum "$IMAGE_NAME_RISOTTO_IMAGE_NAME" > "$IMAGE_NAME_RISOTTO_IMAGE_NAME".sha
|
|
||||||
cd - > /dev/null
|
|
||||||
cp -f "$BASE_PKGS_FILE" "$IMAGE_NAME_RISOTTO_IMAGE_DIR".base.pkgs
|
|
||||||
mv -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR".pkgs.new "$IMAGE_NAME_RISOTTO_IMAGE_DIR".pkgs
|
|
||||||
mv -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR".md5sum.new "$IMAGE_NAME_RISOTTO_IMAGE_DIR".md5sum
|
|
||||||
VERSION=$((VERSION + 1))
|
|
||||||
echo "$VERSION" > "$IMAGE_NAME_RISOTTO_IMAGE_DIR"_"$RELEASEVER".version
|
|
||||||
fi
|
|
||||||
rm -rf "$IMAGE_NAME_RISOTTO_IMAGE_DIR"
|
|
||||||
echo " => OK"
|
|
||||||
exit 0
|
|
|
@ -1,17 +0,0 @@
|
||||||
#!/bin/bash -e
|
|
||||||
HOST_NAME=$1
|
|
||||||
if [ -z "$HOST_NAME" ]; then
|
|
||||||
echo "usage: $0 host name"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
. config.sh
|
|
||||||
rm -f $IMAGE_BASE_RISOTTO_BASE_DIR*.build
|
|
||||||
for image in *; do
|
|
||||||
if [ -d "$image" ]; then
|
|
||||||
echo
|
|
||||||
echo "Install image $image"
|
|
||||||
./install_image "$HOST_NAME" "$image"
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
rm -f $IMAGE_BASE_RISOTTO_BASE_DIR*.build
|
|
||||||
exit 0
|
|
|
@ -2,6 +2,7 @@
|
||||||
HOST_NAME=$1
|
HOST_NAME=$1
|
||||||
IMAGE_NAME=$2
|
IMAGE_NAME=$2
|
||||||
MACHINE=$3
|
MACHINE=$3
|
||||||
|
exit 0
|
||||||
. config.sh
|
. config.sh
|
||||||
. config_machine.sh
|
. config_machine.sh
|
||||||
if [ -z "$MACHINE" ]; then
|
if [ -z "$MACHINE" ]; then
|
||||||
|
@ -40,24 +41,25 @@ fi
|
||||||
if [ "$NEW_CONF" = true ]; then
|
if [ "$NEW_CONF" = true ]; then
|
||||||
echo " - delete old settings"
|
echo " - delete old settings"
|
||||||
./diff.py "$MACHINE" "$MACHINE_RISOTTO_CONFIG_DIR" "$MACHINE_RISOTTO_CONFIG_DIR_LOCAL" > "$MACHINE_RISOTTO_CONFIG_DIR"_changelog.md
|
./diff.py "$MACHINE" "$MACHINE_RISOTTO_CONFIG_DIR" "$MACHINE_RISOTTO_CONFIG_DIR_LOCAL" > "$MACHINE_RISOTTO_CONFIG_DIR"_changelog.md
|
||||||
rm -rf "$MACHINE_RISOTTO_CONFIG_DIR"
|
# rm -rf "$MACHINE_RISOTTO_CONFIG_DIR"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
cp -a "$MACHINE_NAME_NSPAWN_LOCAL" "$MACHINE_NAME_NSPAWN"
|
#cp -a "$MACHINE_NAME_NSPAWN_LOCAL" "$MACHINE_NAME_NSPAWN"
|
||||||
cp -a "$MACHINE_NAME_SCRIPT_LOCAL" "$MACHINE_NAME_SCRIPT"
|
#cp -a "$MACHINE_NAME_SCRIPT_LOCAL" "$MACHINE_NAME_SCRIPT"
|
||||||
if [ ! -d "$MACHINE_RISOTTO_CONFIG_DIR" ]; then
|
#if [ ! -d "$MACHINE_RISOTTO_CONFIG_DIR" ]; then
|
||||||
cp -a "$MACHINE_RISOTTO_CONFIG_DIR_LOCAL" "$MACHINE_RISOTTO_CONFIG_DIR"
|
# cp -a "$MACHINE_RISOTTO_CONFIG_DIR_LOCAL" "$MACHINE_RISOTTO_CONFIG_DIR"
|
||||||
fi
|
#fi
|
||||||
if [ ! -d "$MACHINE_RISOTTO_SRV_DIR" ] && [ -d "$MACHINE_RISOTTO_SRV_DIR_LOCAL" ]; then
|
#if [ ! -d "$MACHINE_RISOTTO_SRV_DIR" ] && [ -d "$MACHINE_RISOTTO_SRV_DIR_LOCAL" ]; then
|
||||||
mkdir -p "$MACHINE_RISOTTO_SRV_DIR"
|
# mkdir -p "$MACHINE_RISOTTO_SRV_DIR"
|
||||||
fi
|
#fi
|
||||||
mkdir -p "$RISOTTO_JOURNALD_DIR"
|
#mkdir -p "$RISOTTO_JOURNALD_DIR"
|
||||||
if [ ! -d "$MACHINE_MACHINES_DIR" ]; then
|
if [ ! -d "$MACHINE_MACHINES_DIR" ]; then
|
||||||
cd "$MACHINES_DIR"
|
cd "$MACHINES_DIR"
|
||||||
|
mkdir "$IMAGE_NAME"
|
||||||
|
cd "$IMAGE_NAME"
|
||||||
tar xf "$IMAGE_NAME_RISOTTO_IMAGE_NAME"
|
tar xf "$IMAGE_NAME_RISOTTO_IMAGE_NAME"
|
||||||
mkdir -p "$SHA_MACHINE_DIR"
|
mkdir -p "$SHA_MACHINE_DIR"
|
||||||
cp -a "$IMAGE_NAME_RISOTTO_IMAGE_NAME".sha "$SHA_MACHINE"
|
cp -a "$IMAGE_NAME_RISOTTO_IMAGE_NAME".sha "$SHA_MACHINE"
|
||||||
mv "$IMAGE_NAME" "$MACHINE_MACHINES_DIR"
|
|
||||||
cd - > /dev/null
|
cd - > /dev/null
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
|
@ -1 +1,6 @@
|
||||||
|
# This is the fallback locale configuration provided by systemd.
|
||||||
|
|
||||||
|
#>GNUNUX
|
||||||
|
#LANG="C.UTF-8"
|
||||||
LANG=fr_FR.UTF-8
|
LANG=fr_FR.UTF-8
|
||||||
|
#<GNUNUX
|
||||||
|
|
17
seed/base/README.md
Normal file
17
seed/base/README.md
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
---
|
||||||
|
gitea: none
|
||||||
|
include_toc: true
|
||||||
|
---
|
||||||
|
|
||||||
|
|
||||||
|
[Return to the list of application services.](../README.md)
|
||||||
|
# base
|
||||||
|
|
||||||
|
## Synopsis
|
||||||
|
|
||||||
|
Base of all application services.
|
||||||
|
|
||||||
|
## Used by
|
||||||
|
|
||||||
|
- [host-systemd-machined](../host-systemd-machined/README.md)
|
||||||
|
- [base-machine](../base-machine/README.md)
|
|
@ -1,2 +1,3 @@
|
||||||
|
---
|
||||||
format: '0.1'
|
format: '0.1'
|
||||||
description: Base
|
description: Base of all application services
|
||||||
|
|
16
seed/base/dictionaries/00_base.yml
Normal file
16
seed/base/dictionaries/00_base.yml
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
---
|
||||||
|
version: 1.1
|
||||||
|
|
||||||
|
copy_tests:
|
||||||
|
type: boolean
|
||||||
|
hidden: true
|
||||||
|
default:
|
||||||
|
jinja: >-
|
||||||
|
{%- if copy_tests -%}
|
||||||
|
true
|
||||||
|
{%- else -%}
|
||||||
|
false
|
||||||
|
{%- endif -%}
|
||||||
|
params:
|
||||||
|
copy_tests:
|
||||||
|
information: copy_tests
|
|
@ -1,10 +1,11 @@
|
||||||
from typing import List
|
|
||||||
from risotto.utils import load_domains, DOMAINS
|
|
||||||
from risotto.utils import multi_function as _multi_function
|
from risotto.utils import multi_function as _multi_function
|
||||||
|
from typing import List as _List
|
||||||
|
|
||||||
|
|
||||||
@_multi_function
|
@_multi_function
|
||||||
def get_ip(server_name: str) -> str:
|
def get_ip(zones: dict,
|
||||||
|
server_name: str,
|
||||||
|
) -> str:
|
||||||
if server_name is None:
|
if server_name is None:
|
||||||
return
|
return
|
||||||
if isinstance(server_name, list):
|
if isinstance(server_name, list):
|
||||||
|
@ -15,12 +16,47 @@ def get_ip(server_name: str) -> str:
|
||||||
lst = []
|
lst = []
|
||||||
for s_name in server_name:
|
for s_name in server_name:
|
||||||
host_name, domain_name = s_name.split('.', 1)
|
host_name, domain_name = s_name.split('.', 1)
|
||||||
if not domain_name in DOMAINS:
|
for zone in zones.values():
|
||||||
|
if domain_name == zone['domain_name']:
|
||||||
|
break
|
||||||
|
else:
|
||||||
raise ValueError(f'cannot find IP in domain name "{domain_name}" (for "{s_name}")')
|
raise ValueError(f'cannot find IP in domain name "{domain_name}" (for "{s_name}")')
|
||||||
domain = DOMAINS[domain_name]
|
if host_name == zone['host_name']:
|
||||||
ret = domain[1][domain[0].index(host_name)]
|
ret = zone['host_ip']
|
||||||
|
else:
|
||||||
|
if not host_name in zone['hosts']:
|
||||||
|
continue
|
||||||
|
ret = zone['hosts'][host_name]
|
||||||
if not return_list:
|
if not return_list:
|
||||||
return ret
|
return ret
|
||||||
if ret not in lst:
|
if ret not in lst:
|
||||||
lst.append(ret)
|
lst.append(ret)
|
||||||
|
if return_list:
|
||||||
return lst
|
return lst
|
||||||
|
|
||||||
|
|
||||||
|
@_multi_function
|
||||||
|
def get_zones_info(zones: dict,
|
||||||
|
type: str,
|
||||||
|
zone_names: _List[str]=None,
|
||||||
|
zone_name: str=None,
|
||||||
|
index: int=None,
|
||||||
|
uniq: bool=False,
|
||||||
|
) -> str:
|
||||||
|
if type == 'host_ip' and index != 0:
|
||||||
|
return
|
||||||
|
if zone_name:
|
||||||
|
if zone_name not in zones:
|
||||||
|
raise ValueError(f"cannot get zone informations in unknown zone '{zone_name}'")
|
||||||
|
if type == 'cidr':
|
||||||
|
return zones[zone_name]['host_ip'] + '/' + zones[zone_name]['network'].split('/')[-1]
|
||||||
|
return zones[zone_name][type]
|
||||||
|
ret = []
|
||||||
|
for zone_name, data in zones.items():
|
||||||
|
if zone_names and zone_name not in zone_names:
|
||||||
|
continue
|
||||||
|
val = data[type]
|
||||||
|
if uniq and val in ret:
|
||||||
|
continue
|
||||||
|
ret.append(val)
|
||||||
|
return ret
|
||||||
|
|
19
seed/dns-external/README.md
Normal file
19
seed/dns-external/README.md
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
---
|
||||||
|
gitea: none
|
||||||
|
include_toc: true
|
||||||
|
---
|
||||||
|
|
||||||
|
|
||||||
|
[Return to the list of application services.](../README.md)
|
||||||
|
# dns-external
|
||||||
|
|
||||||
|
## Synopsis
|
||||||
|
|
||||||
|
DNS client with resolution on all zones (especially outside).
|
||||||
|
|
||||||
|
## Used by
|
||||||
|
|
||||||
|
- [postfix-relay](../postfix-relay/README.md)
|
||||||
|
- [peertube](../peertube/README.md)
|
||||||
|
- [unbound](../unbound/README.md)
|
||||||
|
- [znc](../znc/README.md)
|
|
@ -1,2 +1,3 @@
|
||||||
|
---
|
||||||
format: '0.1'
|
format: '0.1'
|
||||||
description: Configuration du client DNS externe
|
description: DNS client with resolution on all zones (especially outside)
|
||||||
|
|
|
@ -1,11 +0,0 @@
|
||||||
<?xml version='1.0' encoding='UTF-8'?>
|
|
||||||
<rougail version="0.10">
|
|
||||||
<variables>
|
|
||||||
<family name="network">
|
|
||||||
<variable name="dns_is_only_local" redefine="True">
|
|
||||||
<value>False</value>
|
|
||||||
</variable>
|
|
||||||
<variable name="dns_client_address" redefine="True" supplier="ExternalDNS"/>
|
|
||||||
</family>
|
|
||||||
</variables>
|
|
||||||
</rougail>
|
|
14
seed/dns-external/dictionaries/14_dns-external.yml
Normal file
14
seed/dns-external/dictionaries/14_dns-external.yml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
---
|
||||||
|
version: 1.1
|
||||||
|
|
||||||
|
network:
|
||||||
|
|
||||||
|
dns_is_only_local:
|
||||||
|
redefine: true
|
||||||
|
hidden: true
|
||||||
|
default: false
|
||||||
|
|
||||||
|
dns_client_address:
|
||||||
|
redefine: true
|
||||||
|
supplier: ExternalDNS
|
||||||
|
hidden: true
|
16
seed/dns-local/README.md
Normal file
16
seed/dns-local/README.md
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
---
|
||||||
|
gitea: none
|
||||||
|
include_toc: true
|
||||||
|
---
|
||||||
|
|
||||||
|
|
||||||
|
[Return to the list of application services.](../README.md)
|
||||||
|
# dns-local
|
||||||
|
|
||||||
|
## Synopsis
|
||||||
|
|
||||||
|
DNS client with access to local zones.
|
||||||
|
|
||||||
|
## Used by
|
||||||
|
|
||||||
|
[base-machine](../base-machine/README.md)
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue