Compare commits

..

98 commits

Author SHA1 Message Date
43b00863ae feat: upgrate to format 1.1 2024-10-01 13:19:35 +02:00
0df0c1e80b fix 2024-09-10 13:41:03 +02:00
c9162a5042 update doc 2023-08-29 10:37:29 +02:00
772283e0a6 better yaml support for example 2023-08-11 08:54:16 +02:00
ccb279d482 update doc 2023-08-10 21:58:39 +02:00
f2d4c644e6 update openldap documentations 2023-08-10 21:54:24 +02:00
e8e9e8719e update doc 2023-08-10 09:34:41 +02:00
71a61627e3 update conf for forgejo 1.20 2023-08-01 18:22:01 +02:00
0c415b8d4d update doc 2023-08-01 15:13:17 +02:00
4c7a20f2c5 update doc 2023-08-01 14:34:26 +02:00
c781af11a5 update doc 2023-07-31 18:41:59 +02:00
b9552cd7fa fix(seed/relay-mail-client/funcs/relay_mail.py): do not raise if ip_smtp is None 2023-07-31 16:46:55 +02:00
c9fa6cf0e5 add resolved dataset 2023-07-31 16:34:57 +02:00
9d2c456c59 update 2023-07-31 15:30:32 +02:00
7384400cd4 doc: update README files 2023-06-29 18:56:46 +02:00
532f20faf4 fix(redis): install redis and link to client 2023-06-29 18:53:31 +02:00
cc533f69bb enhancement(host): modprobe@ and resolvconf-pull-resolved services are restarted when a machine is started
By default, systemd don't want to (re)start too quickly. This make unecessary errors in log.

close #1
2023-06-29 18:50:53 +02:00
21c86b0e97 ansible template 2023-06-23 08:12:05 +02:00
84e583f8a4 redis: create redis user in client 2023-06-23 08:10:03 +02:00
cc56ea6286 nsd: support network with prefix smaller than 24 2023-03-03 14:08:12 +01:00
a2838d1068 local DNS is mandatory 2023-03-02 21:40:50 +01:00
80484b0a32 revprox only if eth0 exists (for tls server) 2023-03-02 21:40:33 +01:00
5b29e1630b tls: must started even if there is no reverse proxy or external dns 2023-03-02 21:37:42 +01:00
b91e8ab455 start extraction before backup function 2023-02-27 12:23:45 +01:00
4fb6cd810b raise if incoming ports are used multiple times 2023-02-15 17:57:25 +01:00
0305290883 use incoming ports variable instead of hard coding value 2023-02-15 17:55:44 +01:00
8ad544de8b used by external dataset 2023-02-14 14:47:33 +01:00
d317ab48ea update mailman 2023-02-14 14:27:17 +01:00
d382e185d7 TLS 2023-02-14 14:24:16 +01:00
c09ab0c794 update tests 2023-01-23 20:21:42 +01:00
aa09ef03ea update doc 2023-01-18 09:28:02 +01:00
17033403b9 fedora 37 2023-01-17 21:48:07 +01:00
c676afdb26 update documentations 2023-01-17 21:43:32 +01:00
f369998d15 gitea to forgejo 2023-01-03 11:36:37 +01:00
b77d7d5784 merge ldap-client-fedora and ldap-client-debian into ldap-client 2022-12-25 20:23:58 +01:00
ef3871720e function from risotto to dataset 2022-12-25 17:11:26 +01:00
ffed310d27 add dotclear 2022-12-25 17:11:04 +01:00
5c12724f33 add openldap machine informations 2022-12-25 17:10:47 +01:00
cbe8fee94b add piwigo upgrade informations 2022-12-25 17:10:11 +01:00
1d1bdacb75 add galette 2022-12-25 17:09:52 +01:00
63e6b966cc add sensmotdire 2022-12-25 17:09:37 +01:00
ae4fe7e931 add znc 2022-12-25 17:09:14 +01:00
b96c29e40e improvements 2022-12-25 17:08:52 +01:00
8b39e07aa4 docs for application services 2022-12-25 12:17:15 +01:00
Emmanuel Garette
1de8353ac5 upgrade roundcube 2022-10-20 22:40:01 +02:00
Emmanuel Garette
f66172b86c add upgrade information for nextcloud 2022-10-20 21:09:02 +02:00
Emmanuel Garette
3e4204c53e add machine configuration for speedtest-rs 2022-10-20 21:08:40 +02:00
Emmanuel Garette
5729dfb4f6 add_srv is true by default 2022-10-20 21:02:24 +02:00
Emmanuel Garette
cebfab0b05 force plugin version 2022-10-20 21:02:08 +02:00
Emmanuel Garette
03ea888efd add_srv is true by default 2022-10-20 21:01:47 +02:00
Emmanuel Garette
21b6a1298d backup 2022-10-19 21:31:06 +02:00
Emmanuel Garette
e5f53eda0d smtp and postgresql tls path 2022-10-19 18:37:51 +02:00
Emmanuel Garette
d06e4bc9ee odoo 16 2022-10-19 15:19:31 +02:00
Emmanuel Garette
8bff1ca5ac add speedtest-rs 2022-10-17 18:41:34 +02:00
Emmanuel Garette
d0d49bdccc postgresql client: list table, not database 2022-10-17 18:41:06 +02:00
Emmanuel Garette
1b72abb549 reverse-proxy-client must include reverse proxy CA 2022-10-17 18:40:07 +02:00
Emmanuel Garette
0541fb67d6 php-fpm not only in fedora 35 2022-10-17 18:36:27 +02:00
Emmanuel Garette
0bb87bdaf9 do not starts old machines 2022-10-17 18:35:57 +02:00
Emmanuel Garette
e51e4b482b apache not only in fedora 35 2022-10-17 18:35:09 +02:00
Emmanuel Garette
a716f0cc47 update nextcloud 2022-10-17 18:33:01 +02:00
Emmanuel Garette
67ff08b47d update module path 2022-10-17 18:28:22 +02:00
Emmanuel Garette
cfac2651b2 start vaultwarden after risotto.target 2022-10-17 18:24:00 +02:00
Emmanuel Garette
629ee5b548 update module path 2022-10-17 18:21:41 +02:00
Emmanuel Garette
381aada804 systemd: debug 2022-10-17 18:20:45 +02:00
Emmanuel Garette
1c57c980d3 debian: systemd-networkd after tmpfile.d 2022-10-17 18:20:09 +02:00
Emmanuel Garette
bb51db3e0a redis-client: add service to wait redis 2022-10-17 18:18:58 +02:00
Emmanuel Garette
8b3bcd14a1 upgrade peertube 2022-10-17 18:17:28 +02:00
Emmanuel Garette
856607fc52 ansible integration 2022-10-01 19:29:50 +02:00
Emmanuel Garette
abe9155b4c certificate for reverse proxy 2022-10-01 19:29:09 +02:00
Emmanuel Garette
ffaed709df remove logrotate service 2022-10-01 19:28:39 +02:00
Emmanuel Garette
b2eab154bc add util-linux in fedora 36 (for 'su' command) 2022-10-01 19:28:13 +02:00
Emmanuel Garette
3862609e6b add distribution attribute 2022-10-01 19:26:37 +02:00
Emmanuel Garette
d572b8f64f certificate for apache 2022-10-01 19:25:21 +02:00
Emmanuel Garette
465f68235b change base directory for postfix 2022-10-01 19:24:39 +02:00
Emmanuel Garette
16f930572e remove comment 2022-10-01 19:23:14 +02:00
Emmanuel Garette
97e74efd17 correction in piwigo 2022-10-01 19:22:47 +02:00
Emmanuel Garette
63ebd87431 certificate for pleroma 2022-10-01 19:22:12 +02:00
Emmanuel Garette
b61bb58f73 certificate for gitea 2022-10-01 19:21:55 +02:00
Emmanuel Garette
0a2b6d1fa2 change base directory for mailman 2022-10-01 19:16:35 +02:00
Emmanuel Garette
30b4e12ae8 correction with userdn 2022-10-01 19:16:07 +02:00
Emmanuel Garette
1a3d562829 certificate for lemonldap 2022-10-01 19:13:56 +02:00
Emmanuel Garette
3316ae70d3 manage aliases 2022-10-01 19:12:00 +02:00
Emmanuel Garette
cacc4afc4d upgrade for nextcloud 2022-10-01 19:11:05 +02:00
Emmanuel Garette
dd4d51c53c change directory path for patch 2022-10-01 19:10:05 +02:00
Emmanuel Garette
dab5d03ac5 static nginx 2022-10-01 19:09:16 +02:00
Emmanuel Garette
2d10335f45 remove systemd-machine-id-commit service 2022-10-01 19:08:36 +02:00
Emmanuel Garette
2d9de85e03 add postgresql debug informations 2022-10-01 19:08:05 +02:00
Emmanuel Garette
d3c31e0cea hidden redis owner 2022-10-01 19:07:42 +02:00
Emmanuel Garette
94c73f97ab add redis debug informations 2022-10-01 19:07:14 +02:00
Emmanuel Garette
b25763ec32 change base directory for vaultwarden 2022-10-01 19:04:48 +02:00
Emmanuel Garette
0ac3e884e4 postgresql client for debian 2022-10-01 19:01:12 +02:00
Emmanuel Garette
349a035ad0 update base debian template 2022-10-01 19:00:20 +02:00
Emmanuel Garette
52e612afba add static web with nginx 2022-10-01 18:58:20 +02:00
Emmanuel Garette
883bdac398 add nextcloud tests 2022-10-01 18:57:53 +02:00
Emmanuel Garette
f1b2e20063 add odoo 2022-10-01 18:57:37 +02:00
Emmanuel Garette
b1e7064488 Merge branch 'develop' 2022-08-25 11:12:09 +02:00
Emmanuel Garette
7cbd9b00fc Merge branch 'develop' 2022-08-18 10:19:53 +02:00
Emmanuel Garette
b021f59e08 backup with xz format 2022-07-08 10:26:19 +02:00
688 changed files with 20128 additions and 7538 deletions

View file

@ -1,2 +1,3 @@
# dataset # dataset
[This dataset application services](seed/README.md)

View file

@ -1,177 +1,13 @@
# Configuration liée CAS 1 (Redis et RedisClient) :
Une configuration liée est un ensemble d'élément partagé entre deux serveurs différents. application service "serveur" :
## Lier un client à un serveur provider="xxx" : variable multiple qui récupère tous les noms de domaine des suppliers
provider="xxx:yyy" : variable dans une famille dynamique qui récupère les infos de yyy
supplier="xxx:zzz" : variable dans la famille dynamique qui transmet l'info de zzz (généralement par un calcul)
``` application service "client" :
<check name="set_linked">
<param name="linked_provider">clients</param>
<param name="linked_value" type="variable">service_variable</param>
<target>service_variable_2</target>
</check>
```
## Lier un client à un serveur avec un nom d'utilisateur issu du nom de domaine supplier="xxx" : variable qui récupère le nom de domaine du provider
supplier="xxx:yyy" : variable qui transmet les infos de yyy (généralement par un calcul)
Il faut commencer de créer une variable côté serveur : provider="xxx:zzz" : variable récupère les infos de zzz
```
<variable name="remotes" description="All clients" type="domainname" multi="True" provider="clients"/>
```
Le nom d'utilisateur sera ici le nom de domaine du serveur avec l'application de la fonction 'normalize_family'.
Pour lier deux configurations il faut créer deux variables côté client :
```
<variable name='service_server_address' type='domainname' description="Nom DNS du serveur" mandatory='True'/>
<variable name='service_remote_user' type='string' description="Remote username" mandatory='True' hidden="True"/>
```
Enfin il faut lier les deux configurations :
```
<fill name="set_linked">
<param name="linked_server" type="variable">service_server_address</param>
<param name="linked_provider">clients</param>
<param name="linked_value" type="information">server_name</param>
<target>service_remote_user</target>
</fill>
```
Ainsi, lorsque l'utilisateur renseignera la variable "service_server_address", cette valeur sera ajouter à la variable "remotes" du serveur.
En retour la variable "service_remote_user" aura comme valeur "normalize_family(service_server_address)".
## Lier un client unique à un serveur avec un nom d'utilisateur calculé sur le serveur
Il faut commencer de créer les variables côté serveur :
```
<variables>
<variable name="remote" description="The client" type="domainname" provider="client"/>
<variable name="username" hidden="True" provider="client_name"/>
</variables>
<constraints>
<fill name="gen_user_name">
<target>username</target>
</fill>
</constraints>
```
Côté client :
```
<variable name='service_server_address' type='domainname' description="Nom DNS du serveur" mandatory='True'/>
<variable name='service_remote_user' type='string' description="Remote username" mandatory='True' hidden="True"/>
```
```
<fill name="set_linked">
<param name="linked_server" type="variable">service_server_address</param>
<param name="linked_provider">clients</param>
<param name="linked_value" type="information">server_name</param>
<param name="linked_returns">client_name</param>
<target>service_remote_user</target>
</fill>
```
Ainsi, lorsque l'utilisateur renseignera la variable "service_server_address", cette valeur sera la variable "remote" du serveur.
Un nom d'utilisateur sera alors généré côté serveur, la valeur de ce nom sera retourner au client comme valeur de 'service_remote_user'.
## Lier plusieurs clients à un serveur avec un nom d'utilisateur calculé sur le serveur
Il faut commencer de créer les variables côté serveur :
```
<variables>
<variable name="remotes" description="All clients" type="domainname" multi="True" provider="clients"/>
<family name="remote_" description="Compte pour " dynamic="remotes">
<variable name="username_" hidden="True" provider="client_name"/>
</family>
</variables>
<constraints>
<fill name="gen_user_name">
<target>username_</target>
</fill>
</constraints>
```
Côté client :
```
<variable name='service_server_address' type='domainname' description="Nom DNS du serveur" mandatory='True'/>
<variable name='service_remote_user' type='string' description="Remote username" mandatory='True' hidden="True"/>
```
```
<fill name="set_linked">
<param name="linked_server" type="variable">service_server_address</param>
<param name="linked_provider">clients</param>
<param name="linked_value" type="information">server_name</param>
<param name="linked_returns">client_name</param>
<param name="dynamic" type="information">server_name</param>
<target>service_remote_user</target>
</fill>
```
Ainsi, lorsque l'utilisateur renseignera la variable "service_server_address", cette valeur sera ajouter à la variable "remotes" du serveur.
Un nom d'utilisateur sera alors généré côté serveur, la valeur de ce nom sera retourner au client comme valeur de 'service_remote_user'.
## Caculer une variable d'un client par rapport à la valeur d'un serveur
Il faut commencer de créer une nouvelle variables côté serveur par exemple dans une famille dynamique :
```
<variables>
<family name="remote_" description="Compte pour " dynamic="remotes">
<variable name="password_" description="Password " auto_save="True" hidden="True" type="password" provider="client_password"/>
</family>
</variables>
<constraints>
<fill name="gen_password">
<target>password_</target>
</fill>
</constraints>
```
Côté client on veut récupérer ce mot de passe dans une variable :
```
<variable name='service_remote_user_password' type='password' description="Remote password" mandatory='True' hidden="True"/>
```
Et calculer cette valeur :
```
<fill name="get_linked_configuration">
<param name="linked_server" type="variable">service_server_address</param>
<param name="linked_provider">client_password</param>
<param name="dynamic" type="variable">service_remote_user</param>
<target>service_remote_user_password</target>
</fill>
```
## Propoger la valeur d'une variable d'un client vers un serveur
```
<check name="set_linked_configuration">
<param name="linked_server" type="variable">service_server_address</param>
<param name="linked_provider">client_var</param>
<param name="dynamic" type="variable">service_remote_user</param>
<target>service_variable</target>
</check>
```
## Propoger la valeur d'une variable d'un client vers un variable esclave du serveur
```
<check name="set_linked_configuration">
<param name="linked_server" type="variable">service_server_address</param>
<param name="leader_provider">client_var</param>
<param name="leader_value" type="variable">service_variable</param>
<param name="linked_provider">slave</param>
<param name="dynamic" type="variable">service_server_address</param>
<target>service_variable_2</target>
</check>
```

View file

@ -0,0 +1,29 @@
---
gitea: none
include_toc: true
---
[Return to the list of application services.](README.md)
# ExternalDNS
## Synopsis
DNS forwarder for all DNS zones.<br/>This provider is able to answer query for external and internal domain name.
## Variables
| Parameter | Comment |
|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|
| **ExternalDNS:authority_zones**<br/>multiple<br/>**Type:** [`domainname`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Local DNS server can export own authority zones. |
## Provider
[unbound](unbound/README.md): Unbound, a validating, recursive, caching DNS resolver.
## Suppliers
- [postfix-relay](postfix-relay/README.md): Postfix, the mail server, as relay.
- [peertube](peertube/README.md): Peertube, a federated (ActivityPub) video streaming platform.
- [znc](znc/README.md): ZNC, a bouncer IRC.
- [nsd-local](nsd-local/README.md): NSD, an authoritative DNS name server for local resolution.

23
seed/README.IMAP.md Normal file
View file

@ -0,0 +1,23 @@
---
gitea: none
include_toc: true
---
[Return to the list of application services.](README.md)
# IMAP
## Synopsis
IMAP server connexion.
## Variables
## Provider
[dovecot](dovecot/README.md): Postfix and Dovecot as mail servers (IMAP and submission).
## Supplier
[roundcube](roundcube/README.md): Roundcube, a webmail.

54
seed/README.Journald.md Normal file
View file

@ -0,0 +1,54 @@
---
gitea: none
include_toc: true
---
[Return to the list of application services.](README.md)
# Journald
## Synopsis
Concentrate journal messages on one host.
## Variables
| Parameter | Comment |
|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------|
| **Journald:message**<br/>mandatory, multiple<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Message to exclude for *supplier name*. |
| **Journald:service**<br/>mandatory, multiple<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Log from this service to exclude for *supplier name*. |
| **Journald:function**<br/>multiple<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Function use to compare message (if not defined, exlude same message) for *supplier name*. |
## Provider
[vector](vector/README.md): Vector, a lightweight, ultra-fast tool for building observability pipelines.
## Suppliers
- [odoo](odoo/README.md): Odoo, an ERP and CRM.
- [nginx-static](nginx-static/README.md): Nginx as static web site.
- [grafana](grafana/README.md): Grafana is an analytics and interactive visualization web application.
- [postgresql](postgresql/README.md): Postgresql, a database.
- [postfix-relay](postfix-relay/README.md): Postfix, the mail server, as relay.
- [mailman](mailman/README.md): GNU Mailman, managing electronic mail discussion and e-newsletter lists.
- [peertube](peertube/README.md): Peertube, a federated (ActivityPub) video streaming platform.
- [piwigo](piwigo/README.md): Piwigo, a photo management software.
- [vector](vector/README.md): Vector, a lightweight, ultra-fast tool for building observability pipelines.
- [dovecot](dovecot/README.md): Postfix and Dovecot as mail servers (IMAP and submission).
- [unbound](unbound/README.md): Unbound, a validating, recursive, caching DNS resolver.
- [redis](redis/README.md): Redis, an in-memory data structure store.
- [loki](loki/README.md): Loki, a log aggregation platform.
- [forgejo](forgejo/README.md): Forgejo, a community managed lightweight code hosting solution.
- [nsd](nsd/README.md): NSD, an authoritative DNS name server.
- [speedtest-rs](speedtest-rs/README.md): Speedtest-rs, a very lightweight Speedtest.
- [nginx-reverse-proxy](nginx-reverse-proxy/README.md): Nginx as reverse proxy.
- [roundcube](roundcube/README.md): Roundcube, a webmail.
- [znc](znc/README.md): ZNC, a bouncer IRC.
- [vaultwarden](vaultwarden/README.md): Vaultwarden, a password manager.
- [prometheus](prometheus/README.md): Prometheus, an event monitoring.
- [mariadb](mariadb/README.md): MariaDB, a relational database.
- [nsd-local](nsd-local/README.md): NSD, an authoritative DNS name server for local resolution.
- [nextcloud](nextcloud/README.md): Nextcloud, Online collaboration platform.
- [lemonldap](lemonldap/README.md): LemonLDAP, a Web Single Sign On and Access Management.
- [openldap](openldap/README.md): OpenLDAP, the LDAP server.
- [gitea](gitea/README.md): Transitional package for Gitea to Forgejo.

34
seed/README.LDAP.md Normal file
View file

@ -0,0 +1,34 @@
---
gitea: none
include_toc: true
---
[Return to the list of application services.](README.md)
# LDAP
## Synopsis
Create account and connexion to a LDAP server.
## Variables
| Parameter | Comment |
|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------|
| **LDAP:family**<br/>**Type:** [`unix_user`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | LDAP family name for *supplier name*. |
| **LDAP:dn**<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | LDAP account DN for *supplier name*. |
| **LDAP:password**<br/>mandatory<br/>**Type:** [`password`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | LDAP passowrd for *supplier name*. |
| **LDAP:base_dn**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | LDAP base DN for *supplier name*. |
## Provider
[openldap](openldap/README.md): OpenLDAP, the LDAP server.
## Suppliers
- [odoo](odoo/README.md): Odoo, an ERP and CRM.
- [piwigo](piwigo/README.md): Piwigo, a photo management software.
- [dovecot](dovecot/README.md): Postfix and Dovecot as mail servers (IMAP and submission).
- [roundcube](roundcube/README.md): Roundcube, a webmail.
- [nextcloud](nextcloud/README.md): Nextcloud, Online collaboration platform.
- [lemonldap](lemonldap/README.md): LemonLDAP, a Web Single Sign On and Access Management.

27
seed/README.LMTP.md Normal file
View file

@ -0,0 +1,27 @@
---
gitea: none
include_toc: true
---
[Return to the list of application services.](README.md)
# LMTP
## Synopsis
LMTP remote server.<br/>A service needs send email with LMTP protocol.
## Variables
| Parameter | Comment |
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------|
| **LMTP:criteria**<br/>mandatory, multiple<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Domain name allowes to send email with LMTP protocol for *supplier name*. |
## Provider
[postfix-relay](postfix-relay/README.md): Postfix, the mail server, as relay.
## Suppliers
- [mailman](mailman/README.md): GNU Mailman, managing electronic mail discussion and e-newsletter lists.
- [dovecot](dovecot/README.md): Postfix and Dovecot as mail servers (IMAP and submission).

48
seed/README.LocalDNS.md Normal file
View file

@ -0,0 +1,48 @@
---
gitea: none
include_toc: true
---
[Return to the list of application services.](README.md)
# LocalDNS
## Synopsis
DNS forwarder for local domain name.
## Variables
| Parameter | Comment |
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------|
| **LocalDNS:DNSSEC_DS**<br/>multiple<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | DNSSEC DS informations. |
## Provider
[nsd-local](nsd-local/README.md): NSD, an authoritative DNS name server for local resolution.
## Suppliers
- [odoo](odoo/README.md): Odoo, an ERP and CRM.
- [nginx-static](nginx-static/README.md): Nginx as static web site.
- [grafana](grafana/README.md): Grafana is an analytics and interactive visualization web application.
- [postgresql](postgresql/README.md): Postgresql, a database.
- [mailman](mailman/README.md): GNU Mailman, managing electronic mail discussion and e-newsletter lists.
- [piwigo](piwigo/README.md): Piwigo, a photo management software.
- [vector](vector/README.md): Vector, a lightweight, ultra-fast tool for building observability pipelines.
- [dovecot](dovecot/README.md): Postfix and Dovecot as mail servers (IMAP and submission).
- [redis](redis/README.md): Redis, an in-memory data structure store.
- [loki](loki/README.md): Loki, a log aggregation platform.
- [forgejo](forgejo/README.md): Forgejo, a community managed lightweight code hosting solution.
- [nsd](nsd/README.md): NSD, an authoritative DNS name server.
- [speedtest-rs](speedtest-rs/README.md): Speedtest-rs, a very lightweight Speedtest.
- [nginx-reverse-proxy](nginx-reverse-proxy/README.md): Nginx as reverse proxy.
- [roundcube](roundcube/README.md): Roundcube, a webmail.
- [vaultwarden](vaultwarden/README.md): Vaultwarden, a password manager.
- [prometheus](prometheus/README.md): Prometheus, an event monitoring.
- [mariadb](mariadb/README.md): MariaDB, a relational database.
- [nsd-local](nsd-local/README.md): NSD, an authoritative DNS name server for local resolution.
- [nextcloud](nextcloud/README.md): Nextcloud, Online collaboration platform.
- [lemonldap](lemonldap/README.md): LemonLDAP, a Web Single Sign On and Access Management.
- [openldap](openldap/README.md): OpenLDAP, the LDAP server.
- [gitea](gitea/README.md): Transitional package for Gitea to Forgejo.

23
seed/README.Loki.md Normal file
View file

@ -0,0 +1,23 @@
---
gitea: none
include_toc: true
---
[Return to the list of application services.](README.md)
# Loki
## Synopsis
Concentrate log messages.
## Variables
## Provider
[loki](loki/README.md): Loki, a log aggregation platform.
## Supplier
[vector](vector/README.md): Vector, a lightweight, ultra-fast tool for building observability pipelines.

28
seed/README.MariaDB.md Normal file
View file

@ -0,0 +1,28 @@
---
gitea: none
include_toc: true
---
[Return to the list of application services.](README.md)
# MariaDB
## Synopsis
Create account and connexion to a MariaDB server.
## Variables
| Parameter | Comment |
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------|
| **MariaDB:username**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | MariaDB user name for *supplier name*. |
| **MariaDB:password**<br/>mandatory<br/>**Type:** [`secret`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | MariaDB password for *supplier name*. |
| **MariaDB:database**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | MariaDB database name for *supplier name*. |
## Provider
[mariadb](mariadb/README.md): MariaDB, a relational database.
## Supplier
[piwigo](piwigo/README.md): Piwigo, a photo management software.

45
seed/README.OAuth2.md Normal file
View file

@ -0,0 +1,45 @@
---
gitea: none
include_toc: true
---
[Return to the list of application services.](README.md)
# OAuth2
## Synopsis
Remote clients needing to verify OAuth2 account.
## Variables
| Parameter | Comment |
|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------|
| **OAuth2:name**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Remote name for *supplier name*. |
| **OAuth2:description**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Remote description for *supplier name*. |
| **OAuth2:login**<br/>**Type:** [`web_address`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Remote URL to login for *supplier name*. |
| **OAuth2:external**<br/>mandatory, multiple<br/>**Type:** [`web_address`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Remote external for *supplier name*. |
| **OAuth2:family**<br/>mandatory, multiple<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Remote family for *supplier name*. |
| **OAuth2:category**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Remode category for *supplier name*. |
| **OAuth2:logo**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Logo for *supplier name*. |
| **OAuth2:client_id**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Remote client id for *supplier name*. |
| **OAuth2:secret**<br/>mandatory<br/>**Type:** [`password`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Remote secret for *supplier name*. |
| **OAuth2:token_signature_algo**<br/>mandatory<br/>**Type:** [`choice`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | OAuth2 token signature algorithm for *supplier name*.<br/>**Choices:**<br/>- `HS512`<br/>- `RS256` |
| **OAuth2:external_domain**<br/>**Type:** [`domainname`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | OAuth2 server domain name. |
## Provider
[lemonldap](lemonldap/README.md): LemonLDAP, a Web Single Sign On and Access Management.
## Suppliers
- [odoo](odoo/README.md): Odoo, an ERP and CRM.
- [grafana](grafana/README.md): Grafana is an analytics and interactive visualization web application.
- [mailman](mailman/README.md): GNU Mailman, managing electronic mail discussion and e-newsletter lists.
- [peertube](peertube/README.md): Peertube, a federated (ActivityPub) video streaming platform.
- [piwigo](piwigo/README.md): Piwigo, a photo management software.
- [dovecot](dovecot/README.md): Postfix and Dovecot as mail servers (IMAP and submission).
- [forgejo](forgejo/README.md): Forgejo, a community managed lightweight code hosting solution.
- [roundcube](roundcube/README.md): Roundcube, a webmail.
- [nextcloud](nextcloud/README.md): Nextcloud, Online collaboration platform.
- [gitea](gitea/README.md): Transitional package for Gitea to Forgejo.

36
seed/README.Postgresql.md Normal file
View file

@ -0,0 +1,36 @@
---
gitea: none
include_toc: true
---
[Return to the list of application services.](README.md)
# Postgresql
## Synopsis
Create account and connexion to a PostgreSQL server.
## Variables
| Parameter | Comment |
|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------|
| **Postgresql:username**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Postgresql username for *supplier name*. |
| **Postgresql:password**<br/>mandatory<br/>**Type:** [`password`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Postgresql password for *supplier name*. |
| **Postgresql:database**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Postgresql database name for *supplier name*. |
## Provider
[postgresql](postgresql/README.md): Postgresql, a database.
## Suppliers
- [odoo](odoo/README.md): Odoo, an ERP and CRM.
- [grafana](grafana/README.md): Grafana is an analytics and interactive visualization web application.
- [mailman](mailman/README.md): GNU Mailman, managing electronic mail discussion and e-newsletter lists.
- [peertube](peertube/README.md): Peertube, a federated (ActivityPub) video streaming platform.
- [forgejo](forgejo/README.md): Forgejo, a community managed lightweight code hosting solution.
- [roundcube](roundcube/README.md): Roundcube, a webmail.
- [vaultwarden](vaultwarden/README.md): Vaultwarden, a password manager.
- [nextcloud](nextcloud/README.md): Nextcloud, Online collaboration platform.
- [gitea](gitea/README.md): Transitional package for Gitea to Forgejo.

19
seed/README.Prometheus.md Normal file
View file

@ -0,0 +1,19 @@
---
gitea: none
include_toc: true
---
[Return to the list of application services.](README.md)
# Prometheus
## Synopsis
Configure Prometheus exporter.
## Variables
## Provider
[prometheus](prometheus/README.md): Prometheus, an event monitoring.

33
seed/README.Redis.md Normal file
View file

@ -0,0 +1,33 @@
---
gitea: none
include_toc: true
---
[Return to the list of application services.](README.md)
# Redis
## Synopsis
Create account and connexion to a Redis server.
## Variables
| Parameter | Comment |
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------|
| **Redis:username**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Redis user name for *supplier name*. |
| **Redis:password**<br/>mandatory<br/>**Type:** [`password`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Redis password for *supplier name*. |
| **Redis:index**<br/>mandatory<br/>**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Redis database index.<br/>Only index 0 is allowed, Redis project discourage to use the server with several database. |
## Provider
[redis](redis/README.md): Redis, an in-memory data structure store.
## Suppliers
- [peertube](peertube/README.md): Peertube, a federated (ActivityPub) video streaming platform.
- [piwigo](piwigo/README.md): Piwigo, a photo management software.
- [forgejo](forgejo/README.md): Forgejo, a community managed lightweight code hosting solution.
- [roundcube](roundcube/README.md): Roundcube, a webmail.
- [nextcloud](nextcloud/README.md): Nextcloud, Online collaboration platform.
- [gitea](gitea/README.md): Transitional package for Gitea to Forgejo.

View file

@ -0,0 +1,44 @@
---
gitea: none
include_toc: true
---
[Return to the list of application services.](README.md)
# ReverseProxy
## Synopsis
Register to service to a reverse proxy server.
## Variables
| Parameter | Comment |
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------|
| **ReverseProxy:external**<br/>mandatory, multiple<br/>**Type:** [`domainname`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | External domain name for *supplier name*. |
| **ReverseProxy:location**<br/>mandatory<br/>**Type:** [`filename`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | URI to redirect for *supplier name*.<br/>Relative redirected URI (without domaine name).<br/>**Example:** /mail |
| **ReverseProxy:max_body_size**<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Body size max for *supplier name*. |
| **ReverseProxy:websocket**<br/>mandatory<br/>**Type:** [`boolean`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | The entry point is a websocket for *supplier name*.<br/>**Default:** [True] |
| **ReverseProxy:url**<br/>mandatory<br/>**Type:** [`web_address`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Internal URL for *supplier name*. |
| **ReverseProxy:http**<br/>mandatory<br/>**Type:** [`boolean`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | The website is in HTTP for *supplier name*.<br/>**Default:** True |
## Provider
[nginx-reverse-proxy](nginx-reverse-proxy/README.md): Nginx as reverse proxy.
## Suppliers
- [odoo](odoo/README.md): Odoo, an ERP and CRM.
- [nginx-static](nginx-static/README.md): Nginx as static web site.
- [grafana](grafana/README.md): Grafana is an analytics and interactive visualization web application.
- [mailman](mailman/README.md): GNU Mailman, managing electronic mail discussion and e-newsletter lists.
- [peertube](peertube/README.md): Peertube, a federated (ActivityPub) video streaming platform.
- [piwigo](piwigo/README.md): Piwigo, a photo management software.
- [dovecot](dovecot/README.md): Postfix and Dovecot as mail servers (IMAP and submission).
- [forgejo](forgejo/README.md): Forgejo, a community managed lightweight code hosting solution.
- [speedtest-rs](speedtest-rs/README.md): Speedtest-rs, a very lightweight Speedtest.
- [roundcube](roundcube/README.md): Roundcube, a webmail.
- [vaultwarden](vaultwarden/README.md): Vaultwarden, a password manager.
- [nextcloud](nextcloud/README.md): Nextcloud, Online collaboration platform.
- [lemonldap](lemonldap/README.md): LemonLDAP, a Web Single Sign On and Access Management.
- [gitea](gitea/README.md): Transitional package for Gitea to Forgejo.

37
seed/README.SMTP.md Normal file
View file

@ -0,0 +1,37 @@
---
gitea: none
include_toc: true
---
[Return to the list of application services.](README.md)
# SMTP
## Synopsis
Create a SMTP relay account and authorize sending email.<br/>A service needs send email with SMTP protocol, so an account is created and SMTP relay accept sending mail by this account.
## Variables
| Parameter | Comment |
|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------|
| **SMTP:username**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | User account to send email for *supplier name*. |
| **SMTP:password**<br/>mandatory<br/>**Type:** [`secret`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Password to send email for *supplier name*. |
## Provider
[postfix-relay](postfix-relay/README.md): Postfix, the mail server, as relay.
## Suppliers
- [odoo](odoo/README.md): Odoo, an ERP and CRM.
- [grafana](grafana/README.md): Grafana is an analytics and interactive visualization web application.
- [mailman](mailman/README.md): GNU Mailman, managing electronic mail discussion and e-newsletter lists.
- [peertube](peertube/README.md): Peertube, a federated (ActivityPub) video streaming platform.
- [piwigo](piwigo/README.md): Piwigo, a photo management software.
- [dovecot](dovecot/README.md): Postfix and Dovecot as mail servers (IMAP and submission).
- [forgejo](forgejo/README.md): Forgejo, a community managed lightweight code hosting solution.
- [vaultwarden](vaultwarden/README.md): Vaultwarden, a password manager.
- [nextcloud](nextcloud/README.md): Nextcloud, Online collaboration platform.
- [lemonldap](lemonldap/README.md): LemonLDAP, a Web Single Sign On and Access Management.
- [gitea](gitea/README.md): Transitional package for Gitea to Forgejo.

22
seed/README.Vector.md Normal file
View file

@ -0,0 +1,22 @@
---
gitea: none
include_toc: true
---
[Return to the list of application services.](README.md)
# Vector
## Synopsis
Collect observability data from another Vector instance.
## Variables
| Parameter | Comment |
|-------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------|
| **Vector:address**<br/>**Type:** [`ip`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Send Journal on this IP address.<br/>Vector must listen on this address, clients are configured to use this destination IP. |
## Provider
[vector](vector/README.md): Vector, a lightweight, ultra-fast tool for building observability pipelines.

91
seed/README.md Normal file
View file

@ -0,0 +1,91 @@
# Application services
- [dovecot](dovecot/README.md): Postfix and Dovecot as mail servers (IMAP and submission)
- [forgejo](forgejo/README.md): Forgejo, a community managed lightweight code hosting solution
- [gitea](gitea/README.md): Transitional package for Gitea to Forgejo
- [grafana](grafana/README.md): Grafana is an analytics and interactive visualization web application
- [lemonldap](lemonldap/README.md): LemonLDAP, a Web Single Sign On and Access Management
- [loki](loki/README.md): Loki, a log aggregation platform
- [mailman](mailman/README.md): GNU Mailman, managing electronic mail discussion and e-newsletter lists
- [mariadb](mariadb/README.md): MariaDB, a relational database
- [nextcloud](nextcloud/README.md): Nextcloud, Online collaboration platform
- nginx:
- [nginx-reverse-proxy](nginx-reverse-proxy/README.md): Nginx as reverse proxy
- [nginx-static](nginx-static/README.md): Nginx as static web site
- nsd:
- [nsd](nsd/README.md): NSD, an authoritative DNS name server
- [nsd-local](nsd-local/README.md): NSD, an authoritative DNS name server for local resolution
- [odoo](odoo/README.md): Odoo, an ERP and CRM
- [openldap](openldap/README.md): OpenLDAP, the LDAP server
- [peertube](peertube/README.md): Peertube, a federated (ActivityPub) video streaming platform
- [piwigo](piwigo/README.md): Piwigo, a photo management software
- [postfix-relay](postfix-relay/README.md): Postfix, the mail server, as relay
- [postgresql](postgresql/README.md): Postgresql, a database
- [prometheus](prometheus/README.md): Prometheus, an event monitoring
- [redis](redis/README.md): Redis, an in-memory data structure store
- [roundcube](roundcube/README.md): Roundcube, a webmail
- [speedtest-rs](speedtest-rs/README.md): Speedtest-rs, a very lightweight Speedtest
- [unbound](unbound/README.md): Unbound, a validating, recursive, caching DNS resolver
- [vaultwarden](vaultwarden/README.md): Vaultwarden, a password manager
- [vector](vector/README.md): Vector, a lightweight, ultra-fast tool for building observability pipelines
- [znc](znc/README.md): ZNC, a bouncer IRC
# Application dependencies
- [apache](apache/README.md): Apache as web server
- base:
- [base](base/README.md): Base of all application services
- [base-debian](base-debian/README.md): Base information of a Debian server
- [base-debian-bullseye](base-debian-bullseye/README.md): Base information of a Debian Bulleye server
- [base-fedora](base-fedora/README.md): Base information of a Fedora
- [base-fedora-35](base-fedora-35/README.md): Base information of a Fedora 35
- [base-fedora-36](base-fedora-36/README.md): Base information of a Fedora 36
- [base-fedora-37](base-fedora-37/README.md): Base information of a Fedora 37
- [base-fedora-38](base-fedora-38/README.md): Base information of a Fedora 38
- [base-machine](base-machine/README.md): Base information for a machine
- dns:
- [dns-external](dns-external/README.md): DNS client with resolution on all zones (especially outside)
- [dns-local](dns-local/README.md): DNS client with access to local zones
- [host-systemd-machined](host-systemd-machined/README.md): Host with machine started in Systemd Machined environment
- [imap-client](imap-client/README.md): Application service needs interact with an IMAP server
- [journald](journald/README.md): Journald
- [journald_remote](journald_remote/README.md): Journald remote
- [ldap-client](ldap-client/README.md): Application service needs interact with a LDAP server
- [mariadb-client](mariadb-client/README.md): Application service needs interact with a MariaDB server
- nginx:
- [nginx-common](nginx-common/README.md): Nginx common configuration
- [nginx-https](nginx-https/README.md): Nginx as HTTPS web site
- [oauth2-client](oauth2-client/README.md): Application service needs interact with a Oauth2 server
- php:
- [php](php/README.md): PHP, a popular general-purpose scripting language
- [php-fpm](php-fpm/README.md): PHP FPM
- [pki-tls](pki-tls/README.md): Autosign PKI or Let's encrypt support for TLS certificates
- [postfix-lmtp-relay](postfix-lmtp-relay/README.md): Postfix, the mail server, as LMTP relay
- [postgresql-client](postgresql-client/README.md): Application service needs interact with a Postgresql server
- [provider-systemd-machined](provider-systemd-machined/README.md): Machine started in Systemd Machined environment
- redis:
- [redis-client](redis-client/README.md): Application service needs interact with a Redis server
- [redis-common](redis-common/README.md): Redis, an in-memory data structure store
- relay:
- [relay-lmtp-client](relay-lmtp-client/README.md): Application service needs interact with a Postfix server with LMTP protocol
- [relay-mail-client](relay-mail-client/README.md): Client SMTP
- [resolved](resolved/README.md): Resolved
- [reverse-proxy-client](reverse-proxy-client/README.md): Application service needs interact with a a reverse proxy server
- [systemd](systemd/README.md): Systemd, a system and service manager
# Providers
- [ExternalDNS](README.ExternalDNS.md): DNS forwarder for all DNS zones.
- [IMAP](README.IMAP.md): IMAP server connexion.
- [Journald](README.Journald.md): Concentrate journal messages on one host.
- [LDAP](README.LDAP.md): Create account and connexion to a LDAP server.
- [LMTP](README.LMTP.md): LMTP remote server.
- [LocalDNS](README.LocalDNS.md): DNS forwarder for local domain name.
- [Loki](README.Loki.md): Concentrate log messages.
- [MariaDB](README.MariaDB.md): Create account and connexion to a MariaDB server.
- [OAuth2](README.OAuth2.md): Remote clients needing to verify OAuth2 account.
- [Postgresql](README.Postgresql.md): Create account and connexion to a PostgreSQL server.
- [Prometheus](README.Prometheus.md): Configure Prometheus exporter.
- [Redis](README.Redis.md): Create account and connexion to a Redis server.
- [ReverseProxy](README.ReverseProxy.md): Register to service to a reverse proxy server.
- [SMTP](README.SMTP.md): Create a SMTP relay account and authorize sending email.
- [Vector](README.Vector.md): Collect observability data from another Vector instance.

36
seed/apache/README.md Normal file
View file

@ -0,0 +1,36 @@
---
gitea: none
include_toc: true
---
[Return to the list of application services.](../README.md)
# apache
## Synopsis
[Apache as web server.](https://httpd.apache.org/)
## Variables for expert
### General
#### Apache
Advance Apache web server settings.
| Parameter | Comments |
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------|
| **[general.apache.apache_timeout](dictionaries/20_web.xml)**<br/>mandatory<br/>**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Amount of time the server will wait for certain events before failing a request.<br/>Time in seconds.<br/>**Default:** 300 |
| **[general.apache.apache_keepalive](dictionaries/20_web.xml)**<br/>mandatory<br/>**Type:** [`boolean`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Enables HTTP persistent connections.<br/>**Default:** True |
## Dependances
- [reverse-proxy-client](../reverse-proxy-client/README.md): Application service needs interact with a a reverse proxy server.
## Used by
[nextcloud](../nextcloud/README.md)

View file

@ -1,5 +1,6 @@
---
format: '0.1' format: '0.1'
description: Apache configuration description: Apache as web server
website: https://httpd.apache.org/
depends: depends:
- base-fedora-35
- reverse-proxy-client - reverse-proxy-client

View file

@ -1,38 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<rougail version="0.10">
<services>
<service name="httpd" target="multi-user">
<file>/etc/pki/ca-trust/source/anchors/ca_InternalReverseProxy.crt</file>
<file>/etc/httpd/conf/httpd.conf</file>
<file>/etc/httpd/conf.d/risotto.conf</file>
<file>/etc/httpd/conf.d/ssl.conf</file>
<file>/etc/httpd/ssl/server.ca</file>
<file>/etc/httpd/ssl/server.crt</file>
<file>/etc/httpd/ssl/server.key</file>
<file engine="none" source="sysuser-httpd.conf">/sysusers.d/httpd.conf</file>
<file engine="none" source="tmpfile-httpd.conf">/tmpfiles.d/0httpd.conf</file>
</service>
</services>
<variables>
<family name="nginx">
<variable name="php_fpm_user" redefine="True" exists="True">
<value>apache</value>
</variable>
</family>
<family name="apache" description="Apache" help="Paramètrage avancé du serveur web Apache">
<variable name="apache_timeout" type="number" description="Temps en secondes pendant lequel le serveur va attendre des entrées/sorties avant de considérer qu'une requête a échoué">
<value>300</value>
</variable>
<variable name="apache_keepalive" type="boolean" description="Autoriser les connexions persistantes"/>
<variable name="server_ca" hidden="True"/>
</family>
</variables>
<constraints>
<fill name="get_chain">
<param name="authority_cn" type="variable">revprox_client_server_domainname</param>
<param name="authority_name">InternalReverseProxy</param>
<param name="hide" type="variable">hide_secret</param>
<target>server_ca</target>
</fill>
</constraints>
</rougail>

View file

@ -0,0 +1,23 @@
---
version: 1.1
nginx:
php_fpm_user:
redefine: true
exists: true
default: apache
apache:
description: Apache
help: Advance Apache web server settings
mode: advanced
apache_timeout:
description: >-
Amount of time the server will wait for certain events before failing a
request
help: Time in seconds
default: 300
apache_keepalive: true # Enables HTTP persistent connections

View file

@ -1 +1 @@
PKG="$PKG mod_ssl" PKG="$PKG httpd mod_ssl"

View file

@ -1,15 +1,15 @@
# Timeout # Timeout
Timeout %%apache_timeout Timeout {{ general.apache.apache_timeout }}
# Keepalive # Keepalive
%if %%apache_keepalive {% if general.apache.apache_keepalive %}
KeepAlive On KeepAlive On
%else {% else %}
KeepAlive Off KeepAlive Off
%end if {% endif %}
MaxKeepAliveRequests 50 MaxKeepAliveRequests 50
KeepAliveTimeout %%apache_timeout KeepAliveTimeout {{ general.apache.apache_timeout }}
# RemoteIp # RemoteIp
RemoteIPHeader X-Forwarded-For RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy %%revprox_client_server_ip RemoteIPInternalProxy {{ general.revprox.revprox_client_server_ip }}

View file

@ -1 +0,0 @@
%%server_ca

View file

@ -1 +0,0 @@
%%get_certificate(%%domain_name_eth0, authority_cn=%%revprox_client_server_domainname, authority_name="InternalReverseProxy", hide=%%hide_secret)

View file

@ -1 +0,0 @@
%%get_private_key(%%domain_name_eth0, authority_cn=%%revprox_client_server_domainname, authority_name="InternalReverseProxy", hide=%%hide_secret)

View file

@ -100,7 +100,7 @@ SSLProxyCipherSuite PROFILE=SYSTEM
# require an ECC certificate which can also be configured in # require an ECC certificate which can also be configured in
# parallel. # parallel.
# GNUNUX SSLCertificateFile /etc/pki/tls/certs/localhost.crt # GNUNUX SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateFile /etc/httpd/ssl/server.crt SSLCertificateFile {{ general.tls_cert_directory }}/revprox.crt
# Server Private Key: # Server Private Key:
# If the key is not combined with the certificate, use this # If the key is not combined with the certificate, use this
@ -109,7 +109,7 @@ SSLCertificateFile /etc/httpd/ssl/server.crt
# both in parallel (to also allow the use of DSA ciphers, etc.) # both in parallel (to also allow the use of DSA ciphers, etc.)
# ECC keys, when in use, can also be configured in parallel # ECC keys, when in use, can also be configured in parallel
# GNUNUX SSLCertificateKeyFile /etc/pki/tls/private/localhost.key # GNUNUX SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLCertificateKeyFile /etc/httpd/ssl/server.key SSLCertificateKeyFile {{ general.tls_key_directory }}/revprox.key
# Server Certificate Chain: # Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the # Point SSLCertificateChainFile at a file containing the
@ -126,7 +126,7 @@ SSLCertificateKeyFile /etc/httpd/ssl/server.key
# huge file containing all of them (file must be PEM encoded) # huge file containing all of them (file must be PEM encoded)
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
#>GNUNUX #>GNUNUX
SSLCACertificateFile /etc/httpd/ssl/server.ca SSLCACertificateFile {{ general.tls_ca_directory }}/InternalReverseProxy.crt
#<GNUNUX #<GNUNUX
# Client Authentication (Type): # Client Authentication (Type):

View file

@ -0,0 +1,30 @@
---
gitea: none
include_toc: true
---
[Return to the list of application services.](../README.md)
# base-debian-bullseye
## Synopsis
[Base information of a Debian Bulleye server.](https://www.debian.org/)
## Dependances
- [base-debian](../base-debian/README.md): Base information of a Debian server.
- [systemd](../systemd/README.md): Systemd, a system and service manager.
- [base-machine](../base-machine/README.md): Base information for a machine.
- [base](../base/README.md): Base of all application services.
- [dns-local](../dns-local/README.md): DNS client with access to local zones.
- [pki-tls](../pki-tls/README.md): Autosign PKI or Let's encrypt support for TLS certificates.
- [journald](../journald/README.md): Journald.
- [resolved](../resolved/README.md): Resolved.
## Used by
- [odoo](../odoo/README.md)
- [mailman](../mailman/README.md)
- [lemonldap](../lemonldap/README.md)

View file

@ -1,4 +1,7 @@
---
format: '0.1' format: '0.1'
description: Information de base d'un serveur Debian Buster description: Base information of a Debian Bulleye server
website: https://www.debian.org/
depends: depends:
- base-debian - base-debian
distribution: true

View file

@ -1,13 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<rougail version="0.10">
<services>
<service name="dnssec" manage="False">
<file>/etc/dnssec-trust-anchors.d/local.negative</file>
</service>
</services>
<variables>
<variable name="os_version" type="string" description="Version de l'OS" hidden="True">
<value>bullseye</value>
</variable>
</variables>
</rougail>

View file

@ -0,0 +1,7 @@
---
version: 1.1
os_version:
description: Version de l'OS
hidden: true
default: bullseye

View file

@ -1,2 +1,2 @@
%set %%domain=%%domain_name_eth0.split('.', 1)[1] {% set domain = domain_name_eth0.split('.', 1)[1] %}
%%domain {{ domain }}

View file

@ -0,0 +1,27 @@
---
gitea: none
include_toc: true
---
[Return to the list of application services.](../README.md)
# base-debian
## Synopsis
[Base information of a Debian server.](https://www.debian.org/)
## Dependances
- [systemd](../systemd/README.md): Systemd, a system and service manager.
- [base-machine](../base-machine/README.md): Base information for a machine.
- [base](../base/README.md): Base of all application services.
- [dns-local](../dns-local/README.md): DNS client with access to local zones.
- [pki-tls](../pki-tls/README.md): Autosign PKI or Let's encrypt support for TLS certificates.
- [journald](../journald/README.md): Journald.
- [resolved](../resolved/README.md): Resolved.
## Used by
[base-debian-bullseye](../base-debian-bullseye/README.md)

View file

@ -1,5 +1,6 @@
---
format: '0.1' format: '0.1'
description: Information de base d'un serveur Debian description: Base information of a Debian server
website: https://www.debian.org/
depends: depends:
- base-machine
- systemd - systemd

View file

@ -1,15 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<rougail version="0.10">
<services>
<service name="debian" manage="False">
<file engine="none" source="tmpfile-tmp.conf">/tmpfiles.d/0tmp.conf</file>
<file engine="none">/etc/default/locale</file>
</service>
</services>
<variables>
<variable name="os_name" type="string" description="Nom de l'OS" hidden="True">
<value>Debian</value>
</variable>
</variables>
</rougail>

View file

@ -0,0 +1,7 @@
---
version: 1.1
os_name:
description: Nom de l'OS
hidden: true
default: Debian

View file

@ -1,17 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<rougail version="0.10">
<services>
<service name="update-ca-certificates" engine="creole" target="multi-user"/>
</services>
<variables>
<variable name="tls_ca_directory" type="filename" description="Répertoire des autorités de certification" hidden="True">
<value>/etc/ssl-localca</value>
</variable>
<variable name="tls_cert_directory" type="filename" description="Répertoire des certificats" hidden="True">
<value>/etc/ssl/certs</value>
</variable>
<variable name="tls_key_directory" type="filename" description="Répertoire des clefs privés" hidden="True">
<value>/etc/ssl/private</value>
</variable>
</variables>
</rougail>

View file

@ -0,0 +1,20 @@
---
version: 1.1
tls_ca_directory:
type: unix_filename
description: Répertoire des autorités de certification
hidden: true
default: /etc/ssl-localca
tls_cert_directory:
type: unix_filename
description: Répertoire des certificats
hidden: true
default: /etc/ssl/certs
tls_key_directory:
type: unix_filename
description: Répertoire des clefs privés
hidden: true
default: /etc/ssl/private

View file

@ -1,2 +1,8 @@
rm -f $IMAGE_NAME_RISOTTO_IMAGE_DIR/etc/resolv.conf rm -f $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/etc/resolv.conf
ln -s ../run/systemd/resolve/stub-resolv.conf $IMAGE_NAME_RISOTTO_IMAGE_DIR/etc/resolv.conf ln -s ../run/systemd/resolve/stub-resolv.conf $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/etc/resolv.conf
#mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
#chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
#ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
#ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
#ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
#ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"

View file

@ -0,0 +1,2 @@
[Unit]
After=systemd-tmpfiles-setup.service

View file

@ -0,0 +1,3 @@
g Debian-exim 109
u Debian-exim 104:109 "Exim" /var/spool/exim4 /usr/sbin/nologin
g kvm 103

View file

@ -1 +1,3 @@
q /var/tmp 1777 root root 30d q /var/tmp 1777 root root 30d
# Keys have good right
d /etc/ssl/private 755 root root - -

View file

@ -4,7 +4,7 @@ Before=network-pre.target
[Service] [Service]
Type=oneshot Type=oneshot
ExecStart=/usr/sbin/update-ca-certificates --localcertsdir %%tls_ca_directory ExecStart=/usr/sbin/update-ca-certificates --localcertsdir {{ general.tls_ca_directory }}
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

View file

@ -0,0 +1,28 @@
---
gitea: none
include_toc: true
---
[Return to the list of application services.](../README.md)
# base-fedora-35
## Synopsis
[Base information of a Fedora 35.](https://getfedora.org/)
## Dependances
- [base-fedora](../base-fedora/README.md): Base information of a Fedora.
- [systemd](../systemd/README.md): Systemd, a system and service manager.
- [base-machine](../base-machine/README.md): Base information for a machine.
- [base](../base/README.md): Base of all application services.
- [dns-local](../dns-local/README.md): DNS client with access to local zones.
- [pki-tls](../pki-tls/README.md): Autosign PKI or Let's encrypt support for TLS certificates.
- [journald](../journald/README.md): Journald.
- [resolved](../resolved/README.md): Resolved.
## Used by
[postfix-relay](../postfix-relay/README.md)

View file

@ -1,4 +1,7 @@
---
format: '0.1' format: '0.1'
description: Information de base d'un serveur fedora version 35 description: Base information of a Fedora 35
website: https://getfedora.org/
depends: depends:
- base-fedora - base-fedora
distribution: true

View file

@ -1,8 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<rougail version="0.10">
<variables>
<variable name="os_version" type="string" description="Version de l'OS" hidden="True">
<value>35</value>
</variable>
</variables>
</rougail>

View file

@ -0,0 +1,7 @@
---
version: 1.1
os_version:
description: Version de l'OS
hidden: true
default: '35'

View file

@ -1,7 +1,7 @@
# ACTIVE NETWORKD # ACTIVE NETWORKD
mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/dbus-org.freedesktop.network1.service" ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service" ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service" ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket" ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"

View file

@ -0,0 +1,35 @@
---
gitea: none
include_toc: true
---
[Return to the list of application services.](../README.md)
# base-fedora-36
## Synopsis
[Base information of a Fedora 36.](https://getfedora.org/)
## Dependances
- [base-fedora](../base-fedora/README.md): Base information of a Fedora.
- [systemd](../systemd/README.md): Systemd, a system and service manager.
- [base-machine](../base-machine/README.md): Base information for a machine.
- [base](../base/README.md): Base of all application services.
- [dns-local](../dns-local/README.md): DNS client with access to local zones.
- [pki-tls](../pki-tls/README.md): Autosign PKI or Let's encrypt support for TLS certificates.
- [journald](../journald/README.md): Journald.
- [resolved](../resolved/README.md): Resolved.
## Used by
- [piwigo](../piwigo/README.md)
- [dovecot](../dovecot/README.md)
- [speedtest-rs](../speedtest-rs/README.md)
- [roundcube](../roundcube/README.md)
- [znc](../znc/README.md)
- [vaultwarden](../vaultwarden/README.md)
- [mariadb](../mariadb/README.md)
- [nextcloud](../nextcloud/README.md)

View file

@ -1,4 +1,7 @@
---
format: '0.1' format: '0.1'
description: Information de base d'un serveur fedora version 36 description: Base information of a Fedora 36
website: https://getfedora.org/
depends: depends:
- base-fedora - base-fedora
distribution: true

View file

@ -1,13 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<rougail version="0.10">
<services>
<service name="base">
<file engine="none">/etc/pam.d/login</file>
</service>
</services>
<variables>
<variable name="os_version" type="string" description="Version de l'OS" hidden="True">
<value>36</value>
</variable>
</variables>
</rougail>

View file

@ -0,0 +1,7 @@
---
version: 1.1
os_version:
description: Version de l'OS
hidden: true
default: '36'

View file

@ -1,7 +1,7 @@
# ACTIVE NETWORKD # ACTIVE NETWORKD
mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/dbus-org.freedesktop.network1.service" ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service" ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service" ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket" ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"

View file

@ -1 +1 @@
BASE_PKG="$BASE_PKG pam" BASE_PKG="$BASE_PKG pam util-linux"

View file

@ -1,4 +1,4 @@
# File from util-linux-*.x86_64 (not installed) #GNUNUX File from util-linux-*.x86_64 (not installed)
#%PAM-1.0 #%PAM-1.0
auth substack system-auth auth substack system-auth
auth include postlogin auth include postlogin

View file

@ -0,0 +1,33 @@
---
gitea: none
include_toc: true
---
[Return to the list of application services.](../README.md)
# base-fedora-37
## Synopsis
[Base information of a Fedora 37.](https://getfedora.org/)
## Dependances
- [base-fedora](../base-fedora/README.md): Base information of a Fedora.
- [systemd](../systemd/README.md): Systemd, a system and service manager.
- [base-machine](../base-machine/README.md): Base information for a machine.
- [base](../base/README.md): Base of all application services.
- [dns-local](../dns-local/README.md): DNS client with access to local zones.
- [pki-tls](../pki-tls/README.md): Autosign PKI or Let's encrypt support for TLS certificates.
- [journald](../journald/README.md): Journald.
- [resolved](../resolved/README.md): Resolved.
## Used by
- [nginx-static](../nginx-static/README.md)
- [postgresql](../postgresql/README.md)
- [unbound](../unbound/README.md)
- [nsd](../nsd/README.md)
- [nginx-reverse-proxy](../nginx-reverse-proxy/README.md)
- [openldap](../openldap/README.md)

View file

@ -0,0 +1,7 @@
---
format: '0.1'
description: Base information of a Fedora 37
website: https://getfedora.org/
depends:
- base-fedora
distribution: true

View file

@ -0,0 +1,7 @@
---
version: 1.1
os_version:
description: Version de l'OS
hidden: true
default: '37'

View file

@ -0,0 +1,7 @@
# ACTIVE NETWORKD
mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"

View file

@ -0,0 +1 @@
BASE_PKG="$BASE_PKG pam util-linux"

View file

@ -0,0 +1 @@
RELEASEVER=37

View file

@ -1,4 +1,4 @@
# File from util-linux-*.x86_64 (not installed) #GNUNUX File from util-linux-*.x86_64 (not installed)
#%PAM-1.0 #%PAM-1.0
auth substack system-auth auth substack system-auth
auth include postlogin auth include postlogin

View file

@ -0,0 +1,34 @@
---
gitea: none
include_toc: true
---
[Return to the list of application services.](../README.md)
# base-fedora-38
## Synopsis
[Base information of a Fedora 38.](https://getfedora.org/)
## Dependances
- [base-fedora](../base-fedora/README.md): Base information of a Fedora.
- [systemd](../systemd/README.md): Systemd, a system and service manager.
- [base-machine](../base-machine/README.md): Base information for a machine.
- [base](../base/README.md): Base of all application services.
- [dns-local](../dns-local/README.md): DNS client with access to local zones.
- [pki-tls](../pki-tls/README.md): Autosign PKI or Let's encrypt support for TLS certificates.
- [journald](../journald/README.md): Journald.
- [resolved](../resolved/README.md): Resolved.
## Used by
- [grafana](../grafana/README.md)
- [peertube](../peertube/README.md)
- [vector](../vector/README.md)
- [redis](../redis/README.md)
- [loki](../loki/README.md)
- [forgejo](../forgejo/README.md)
- [prometheus](../prometheus/README.md)

View file

@ -0,0 +1,7 @@
---
format: '0.1'
description: Base information of a Fedora 38
website: https://getfedora.org/
depends:
- base-fedora
distribution: true

View file

@ -0,0 +1,7 @@
---
version: 1.1
os_version:
description: Version de l'OS
hidden: true
default: '38'

View file

@ -0,0 +1,7 @@
# ACTIVE NETWORKD
mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"

View file

@ -0,0 +1 @@
BASE_PKG="$BASE_PKG pam util-linux"

View file

@ -0,0 +1 @@
RELEASEVER=38

View file

@ -0,0 +1,17 @@
#GNUNUX File from util-linux-*.x86_64 (not installed)
#%PAM-1.0
auth substack system-auth
auth include postlogin
account required pam_nologin.so
account include system-auth
password include system-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session include system-auth
session include postlogin
-session optional pam_ck_connector.so

View file

@ -1 +1,30 @@
Inspired by: https://pagure.io/fedora-kickstarts/tree/main ---
gitea: none
include_toc: true
---
[Return to the list of application services.](../README.md)
# base-fedora
## Synopsis
[Base information of a Fedora.](https://getfedora.org/)
## Dependances
- [systemd](../systemd/README.md): Systemd, a system and service manager.
- [base-machine](../base-machine/README.md): Base information for a machine.
- [base](../base/README.md): Base of all application services.
- [dns-local](../dns-local/README.md): DNS client with access to local zones.
- [pki-tls](../pki-tls/README.md): Autosign PKI or Let's encrypt support for TLS certificates.
- [journald](../journald/README.md): Journald.
- [resolved](../resolved/README.md): Resolved.
## Used by
- [base-fedora-36](../base-fedora-36/README.md)
- [base-fedora-35](../base-fedora-35/README.md)
- [base-fedora-38](../base-fedora-38/README.md)
- [base-fedora-37](../base-fedora-37/README.md)

View file

@ -1,5 +1,6 @@
---
format: '0.1' format: '0.1'
description: Information de base d'un serveur Fedora description: Base information of a Fedora
website: https://getfedora.org/
depends: depends:
- base-machine
- systemd - systemd

View file

@ -1,13 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<rougail version="0.10">
<services>
<service name="fedora-base" manage="False">
<file engine="none">/tmpfiles.d/fedora.conf</file>
</service>
</services>
<variables>
<variable name="os_name" type="string" description="Nom de l'OS" hidden="True">
<value>Fedora</value>
</variable>
</variables>
</rougail>

View file

@ -0,0 +1,7 @@
---
version: 1.1
os_name:
description: Nom de l'OS
hidden: true
default: Fedora

View file

@ -1,17 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<rougail version="0.10">
<services>
<service name="update-ca-trust" engine="creole" target="multi-user"/>
</services>
<variables>
<variable name="tls_ca_directory" type="filename" description="Nom du répertoire des autorités de certification" hidden="True">
<value>/etc/pki/ca-trust/source/anchors</value>
</variable>
<variable name="tls_cert_directory" type="filename" description="Nom du répertoire des certificats" hidden="True">
<value>/etc/pki/tls/certs</value>
</variable>
<variable name="tls_key_directory" type="filename" description="Nom du répertoire des clefs privés" hidden="True">
<value>/etc/pki/tls/private</value>
</variable>
</variables>
</rougail>

View file

@ -0,0 +1,20 @@
---
version: 1.1
tls_ca_directory:
type: unix_filename
description: Nom du répertoire des autorités de certification
hidden: true
default: /etc/pki/ca-trust/source/anchors
tls_cert_directory:
type: unix_filename
description: Nom du répertoire des certificats
hidden: true
default: /etc/pki/tls/certs
tls_key_directory:
type: unix_filename
description: Nom du répertoire des clefs privés
hidden: true
default: /etc/pki/tls/private

View file

@ -0,0 +1 @@
Inspired by: https://pagure.io/fedora-kickstarts/tree/main

View file

@ -1,4 +1,4 @@
BASE_PKG="systemd systemd-networkd systemd-resolved fedora-release-container lsof strace glibc-langpack-fr $BASE_PKG" BASE_PKG="systemd systemd-networkd systemd-resolved fedora-release-container lsof strace glibc-langpack-fr $BASE_PKG"
INSTALL_TOOL="dnf" INSTALL_TOOL="dnf"
OS_NAME='fedora' OS_NAME='fedora'
REPO_DIR="$IMAGE_NAME_RISOTTO_IMAGE_DIR/etc/yum.repos.d/" REPO_DIR="$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/etc/yum.repos.d/"

View file

@ -0,0 +1,32 @@
---
gitea: none
include_toc: true
---
[Return to the list of application services.](../README.md)
# base-machine
## Synopsis
Base information for a machine.
## Variables
### Machine
| Parameter | Comments |
|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------|
| **[machine.data_disk_size](extras/machine/00_base.xml)**<br/>**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Data disk size. |
## Dependances
- [base](../base/README.md): Base of all application services.
- [dns-local](../dns-local/README.md): DNS client with access to local zones.
- [pki-tls](../pki-tls/README.md): Autosign PKI or Let's encrypt support for TLS certificates.
## Used by
[systemd](../systemd/README.md)

View file

@ -1,5 +1,7 @@
---
format: '0.1' format: '0.1'
description: Base information for a machine description: Base information for a machine
depends: depends:
- base - base
- dns-local - dns-local
- pki-tls

View file

@ -1,48 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<rougail version="0.10">
<services>
<service name="base" manage="False">
<file engine="none">/etc/locale.conf</file>
</service>
</services>
<variables>
<variable name="hide_secret" type="boolean" description="Les secrets sont obscurcis" mode="expert" help="Obscurcir les secrets peut permettre de générer des configurations diffusable sans problème de confidentialité ou pour comparer deux configurations générés à des moments différents">
<value>False</value>
</variable>
<family name="network" description="Réseau">
<variable name="server_name" type="domainname" hidden="True" provider="global:server_name" mandatory="True"/>
<variable name="zones_list" type="string" multi="True" description="Liste de toutes les zones" mandatory="True" hidden="True" provider="global:zones_name"/>
<variable name="interfaces_list" type="number" multi="True" description="Liste de tous les numéros d'interfaces" hidden="True" provider="global:zones_list"/>
<family name="interface_" description="Interface " dynamic="interfaces_list">
<variable name="zone_name_eth" type="string" description="Nom de la zone de l'interface " hidden="True" mandatory="True"/>
<variable name="ip_eth" type="ip" description="Adresse IP pour l'interface " hidden="True" mandatory="True"/>
<variable name="network_eth" type="network_cidr" description="Réseau de l'interface " hidden="True"/>
<variable name="gateway_eth" type="ip" description="La route de l'interface "/>
<variable name="domain_name_eth" type="domainname" description="Nom de domaine pour l'interface " mandatory="True" hidden="True" provider="global:server_names"/>
</family>
</family>
</variables>
<constraints>
<fill name="get_ip">
<param name="server_name" type="variable">domain_name_eth</param>
<target>ip_eth</target>
</fill>
<fill name="get_zone_name">
<param type="variable">zones_list</param>
<param name="index" type="suffix"/>
<target>zone_name_eth</target>
</fill>
<fill name="zone_information">
<param type="variable">zone_name_eth</param>
<param>network</param>
<target>network_eth</target>
</fill>
<fill name="zone_information">
<param type="variable">zone_name_eth</param>
<param>gateway</param>
<param name="index" type="suffix"/>
<target>gateway_eth</target>
</fill>
</constraints>
</rougail>

View file

@ -0,0 +1,129 @@
---
version: 1.1
hide_secret:
description: Les secrets sont obscurcis
mode: advanced
help: >-
Obscurcir les secrets peut permettre de générer des configurations
diffusable sans problème de confidentialité ou pour comparer deux
configurations générés à des moments différents
hidden: true
default: false
base:
time_zone:
provider: Host:time_zone
hidden: true
mandatory: false
module_name:
hidden: true
provider: global:module_name
network:
server_name:
description: Nom de domaine du serveur
type: domainname
hidden: true
provider: global:server_name
last_server_name:
type: domainname
hidden: true
default:
jinja: >-
{%- if domain_name -%}
{{ domain_name[-1] }}
{%- endif -%}
params:
domain_name:
variable: >-
_.interface_{{ suffix }}.domain_name
zones_list:
multi: true
description: Liste de toutes les zones
hidden: true
provider: global:zones_name
interfaces_list:
type: number
multi: true
description: Liste de tous les numéros d'interfaces
hidden: true
provider: global:zones_list
mandatory: false
"interface_{{ suffix }}":
description: 'Interface {{ suffix }}'
dynamic:
variable: general.network.interfaces_list
zone_name:
description: "Nom de la zone de l'interface {{ suffix }}"
hidden: true
default:
jinja: >-
{%- if __.zones_list -%}
{{ __.zones_list[index] }}
{%- endif -%}
params:
index:
type: suffix
ip:
type: ip
description: "Adresse IP pour l'interface {{ suffix }}"
hidden: true
default:
jinja: >-
{{ zones | get_ip(server_name=_.domain_name) }}
params:
zones:
information: zones
network:
type: network_cidr
description: "Réseau de l'interface {{ suffix }}"
hidden: true
default:
jinja: >-
{{ zones | get_zones_info("network", zone_name=_.zone_name) }}
params:
zones:
information: zones
gateway:
type: ip
description: "La route de l'interface {{ suffix }}"
hidden: true
default:
jinja: >-
{{ zones | get_zones_info("host_ip",
zone_name=_.zone_name,
index=index)
}}
params:
zones:
information: zones
index:
type: suffix
disabled:
jinja: >-
{%- if index == 0 -%}
false
{%- else -%}
true
{%- endif -%}
params:
index:
type: suffix
domain_name:
type: domainname
description: "Nom de domaine pour l'interface {{ suffix }}"
hidden: true
provider: global:server_names

View file

@ -1,14 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<rougail version="0.10">
<variables>
<variable name='name' description="Machine name" type="domainname" hidden="True"/>
<variable name='data_disk_size' description="Data disk size" type="number"/>
</variables>
<constraints>
<fill name="calc_value">
<param type="variable">domain_name_eth0</param>
<target>machine.name</target>
</fill>
</constraints>
</rougail>

View file

@ -0,0 +1,14 @@
---
version: 1.1
name:
description: Machine name
type: domainname
hidden: true
default:
variable: general.network.server_name
data_disk_size:
description: Data disk size
type: number
mandatory: false

View file

@ -2,22 +2,19 @@ import __main__
from secrets import token_urlsafe as _token_urlsafe, token_hex as _token_hex from secrets import token_urlsafe as _token_urlsafe, token_hex as _token_hex
from string import ascii_letters as _ascii_letters from string import ascii_letters as _ascii_letters
from random import choice as _choice from random import choice as _choice
from os.path import dirname as _dirname, abspath as _abspath, join as _join, isfile as _isfile, isdir as _isdir from os.path import join as _join, isfile as _isfile, isdir as _isdir
from os import makedirs as _makedirs from os import makedirs as _makedirs, environ as _environ
#from risotto.utils import ZONES_SERVER _HERE = _environ['PWD']
_HERE = _dirname(_abspath(__main__.__file__))
_PASSWORD_DIR = _join(_HERE, 'password') _PASSWORD_DIR = _join(_HERE, 'password')
def get_password(server_name: str, def get_password(username: str,
username: str,
description: str, description: str,
type: str, type: str,
hide: bool, hide: bool,
server_name: str='none',
length: int=20, length: int=20,
temporary: bool=True, temporary: bool=True,
) -> str: ) -> str:
@ -79,10 +76,3 @@ def _set_password(server_name: str,
with open(file_name, 'r') as fh: with open(file_name, 'r') as fh:
file_content = fh.read().strip() file_content = fh.read().strip()
return file_content return file_content
def get_zone_name(zones: list,
index: str,
):
if zones is not None:
return zones[int(index)]

View file

@ -1,42 +0,0 @@
#!/bin/bash -e
HOST_NAME=$1
START=$2
if [ -z "$HOST_NAME" ]; then
echo "usage: $0 host name"
exit 1
fi
. config.sh
MACHINES=""
for image in *; do
if [ -d "$image" ]; then
for os in $image/configurations/*; do
if [ -d "$os" ]; then
machine="$(basename $os)"
if [ -d "/var/lib/risotto/srv/$machine" ]; then
MACHINES="$MACHINES$machine "
fi
fi
done
fi
done
cd /var/lib/risotto/srv/
mkdir -p "$BACKUP_DIR"
for machine in $MACHINES; do
machinectl stop $machine || true
while true; do
machinectl status "$machine" > /dev/null 2>&1 || break
sleep 1
done
BACKUP_FILE="$BACKUP_DIR/backup_$machine.tar.bz2"
rm -f "$BACKUP_FILE"
tar -cvJf $BACKUP_FILE $machine
done
if [ -z "$START" ]; then
machinectl start $MACHINES
fi
exit 0

View file

@ -1,35 +0,0 @@
#!/bin/bash -e
HOST_NAME=$1
if [ -z "$HOST_NAME" ]; then
echo "usage: $0 host name"
exit 1
fi
# remove current rules
systemctl stop risottofirewall.service || true
apt install --yes systemd-container dnf jq debootstrap htop gettext patch unzip mlocate xz-utils iptables
systemd-tmpfiles --create --clean --remove $PWD/host/configurations/$HOST_NAME/tmpfiles.d/0asystemd-nspawn.conf
systemd-tmpfiles --create --clean --remove $PWD/host/configurations/$HOST_NAME/tmpfiles.d/0rougail.conf
systemctl daemon-reload
systemctl restart systemd-sysctl.service
systemctl enable systemd-networkd
systemctl restart systemd-networkd
systemctl enable systemd-resolved
systemctl restart systemd-resolved
# systemctl mask dev-hugepages.mount
systemctl enable risotto-images.timer
systemctl restart risotto-images.timer
systemctl enable risottofirewall.service
systemctl start risottofirewall.service
#nft add table nat
#nft flush table nat;
#nft 'add chain nat prerouting { type nat hook prerouting priority -100; }'
#nft 'add rule nat prerouting iif enp0s3 tcp dport { 80, 443 } dnat to 192.168.45.12'
#nft 'add chain nat postrouting { type nat hook postrouting priority -100; }'
#nft 'add rule nat postrouting ip saddr 192.168.45.10 oif enp0s8 tcp dport 53 snat to 10.0.3.15'
#nft 'add rule nat postrouting ip saddr 192.168.45.10 oif enp0s8 udp dport 53 snat to 10.0.3.15'
echo "install host OK"
exit 0

View file

@ -1,177 +0,0 @@
#!/bin/bash -e
HOST_NAME=$1
IMAGE_NAME=$2
if [ -z "$IMAGE_NAME" ]; then
echo "PAS DE NOM DE MODULE"
exit 1
fi
. config.sh
rm -rf "$IMAGE_NAME_RISOTTO_IMAGE_DIR" tmp
mkdir -p "$RISOTTO_IMAGE_DIR"
PKG=""
BASE_DIR=""
for script in $(ls $IMAGE_NAME/manual/preinstall/*.sh 2> /dev/null); do
. "$script"
done
if [ -z "$OS_NAME" ]; then
echo "NO OS NAME DEFINED"
exit 0
fi
if [ -z "$RELEASEVER" ]; then
echo "NO RELEASEVER DEFINED"
exit 0
fi
if [ -z "$INSTALL_TOOL" ]; then
echo "NO INSTALL TOOL DEFINED"
exit 0
fi
BASE_NAME="$OS_NAME-$RELEASEVER"
BASE_DIR="$IMAGE_BASE_RISOTTO_BASE_DIR/$BASE_NAME"
BASE_TAR="$IMAGE_BASE_RISOTTO_BASE_DIR-$BASE_NAME".tar
BASE_PKGS_FILE="$IMAGE_BASE_RISOTTO_BASE_DIR-$BASE_NAME.pkgs"
BASE_LOCK="$IMAGE_BASE_RISOTTO_BASE_DIR-$BASE_NAME.build"
function dnf_opt() {
INSTALL_DIR=$1
INSTALL_PKG=$2
echo "--setopt=install_weak_deps=False --nodocs --noplugins --installroot=$INSTALL_DIR --releasever $RELEASEVER install $INSTALL_PKG"
}
function new_package_base() {
if [ "$INSTALL_TOOL" = "dnf" ]; then
OPT=$(dnf_opt "$BASE_DIR" "$BASE_PKG")
dnf --assumeno $OPT | grep ^" " > "$BASE_PKGS_FILE".new
else
debootstrap --include="$BASE_PKG" --variant=minbase "$RELEASEVER" "$BASE_DIR" > /dev/null
chroot "$BASE_DIR" dpkg-query -f '${binary:Package} ${source:Version}\n' -W > "$BASE_PKGS_FILE".new
fi
}
function install_base() {
if [ "$INSTALL_TOOL" = "dnf" ]; then
OPT=$(dnf_opt "$BASE_DIR" "$BASE_PKG")
dnf --assumeyes $OPT
fi
}
function new_package() {
if [ "$INSTALL_TOOL" = "dnf" ]; then
OPT=$(dnf_opt "$IMAGE_NAME_RISOTTO_IMAGE_DIR" "$PKG")
dnf --assumeno $OPT | grep ^" " > "$IMAGE_NAME_RISOTTO_IMAGE_DIR".pkgs.new
else
chroot "$IMAGE_NAME_RISOTTO_IMAGE_DIR" apt install --no-install-recommends --yes $PKG -s 2>/dev/null|grep ^"Inst " > "$IMAGE_NAME_RISOTTO_IMAGE_DIR".pkgs.new
fi
}
function install_pkg() {
if [ "$INSTALL_TOOL" = "dnf" ]; then
OPT=$(dnf_opt "$IMAGE_NAME_RISOTTO_IMAGE_DIR" "$PKG")
dnf --assumeyes $OPT
else
chroot "$IMAGE_NAME_RISOTTO_IMAGE_DIR" apt install --no-install-recommends --yes $PKG
fi
}
if [ ! -f "$BASE_LOCK" ]; then
echo " - reinstallation de l'image de base"
rm -rf "$BASE_DIR"
new_package_base
diff -u "$BASE_PKGS_FILE" "$BASE_PKGS_FILE".new && NEW_BASE=false || NEW_BASE=true
if [ ! -f "$BASE_TAR" ] || [ "$NEW_BASE" = true ]; then
mkdir -p "$IMAGE_BASE_RISOTTO_BASE_DIR"
install_base
cd "$IMAGE_BASE_RISOTTO_BASE_DIR"
tar cf "$BASE_TAR" "$BASE_NAME"
cd - > /dev/null
if [ -f "$BASE_PKGS_FILE" ]; then
mv "$BASE_PKGS_FILE" "$BASE_PKGS_FILE".old
fi
mv "$BASE_PKGS_FILE".new "$BASE_PKGS_FILE"
rm -rf "$IMAGE_BASE_RISOTTO_BASE_DIR"
fi
rm -rf "$BASE_DIR"
touch "$BASE_LOCK"
fi
tar xf "$BASE_TAR"
mv "$BASE_NAME" "$IMAGE_NAME_RISOTTO_IMAGE_DIR"
if [ -n "$COPR" ]; then
#FIXME signature...
mkdir -p "$REPO_DIR"
cd "$REPO_DIR"
wget -q "$COPR"
cd - > /dev/null
fi
if [ "$FUSION" = true ]; then
dnf -y install "https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$RELEASEVER.noarch.rpm" --installroot="$IMAGE_NAME_RISOTTO_IMAGE_DIR" > /dev/null
fi
# FIXME verifier s'il y a des modifs sur pre/post
if [ -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR".base.pkgs ] && [ -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR".pkgs ]; then
echo " - différence(s) avec les paquets de base"
diff -u "$IMAGE_NAME_RISOTTO_IMAGE_DIR".base.pkgs "$BASE_PKGS_FILE" && INSTALL=false || INSTALL=true
else
INSTALL=true
fi
new_package
if [ "$INSTALL" = false ]; then
echo " - différence(s) avec les paquets de l'image"
diff -u "$IMAGE_NAME_RISOTTO_IMAGE_DIR".pkgs "$IMAGE_NAME_RISOTTO_IMAGE_DIR".pkgs.new && INSTALL=false || INSTALL=true
fi
find $IMAGE_NAME/manual -type f -exec md5sum '{}' \; > "$IMAGE_NAME_RISOTTO_IMAGE_DIR".md5sum.new
if [ "$INSTALL" = false ]; then
diff -u "$IMAGE_NAME_RISOTTO_IMAGE_DIR".md5sum "$IMAGE_NAME_RISOTTO_IMAGE_DIR".md5sum.new && INSTALL=false || INSTALL=true
fi
if [ "$INSTALL" = true ]; then
echo " - installation"
if [ -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR"_"$RELEASEVER".version ]; then
VERSION=$(cat "$IMAGE_NAME_RISOTTO_IMAGE_DIR"_"$RELEASEVER".version)
else
VERSION=0
fi
mkdir tmp
ORI_DIR=$PWD
cd tmp
if [ ! "$VERSION" = 0 ]; then
tar xf "$IMAGE_NAME_RISOTTO_IMAGE_NAME"
if [ "$INSTALL_TOOL" = "apt" ]; then
chown _apt "$IMAGE_NAME"
fi
else
mkdir "$IMAGE_NAME"
fi
cd "$IMAGE_NAME"
../../make_changelog "$IMAGE_NAME" "$VERSION" "$OS_NAME" "$RELEASEVER" > "$IMAGE_NAME_RISOTTO_IMAGE_DIR"_"$RELEASEVER"_"$VERSION"_changelog.md
cd $ORI_DIR
rm -rf tmp
install_pkg
sleep 2
for script in $(ls $IMAGE_NAME/manual/postinstall/*.sh 2> /dev/null); do
. "$script"
done
CONTAINER=$IMAGE_NAME ./make_volatile /etc
if [ ! "$?" = 0 ]; then
echo "make_volatile failed"
exit 1
fi
cd "$RISOTTO_IMAGE_DIR"
#7zr a "$IMAGE_NAME".7z "$IMAGE_NAME"
if [ -f "$IMAGE_NAME_RISOTTO_IMAGE_NAME" ]; then
mv -f "$IMAGE_NAME_RISOTTO_IMAGE_NAME" "$IMAGE_NAME_RISOTTO_IMAGE_NAME".old
fi
tar cf "$IMAGE_NAME_RISOTTO_IMAGE_NAME" "$IMAGE_NAME"
sha256sum "$IMAGE_NAME_RISOTTO_IMAGE_NAME" > "$IMAGE_NAME_RISOTTO_IMAGE_NAME".sha
cd - > /dev/null
cp -f "$BASE_PKGS_FILE" "$IMAGE_NAME_RISOTTO_IMAGE_DIR".base.pkgs
mv -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR".pkgs.new "$IMAGE_NAME_RISOTTO_IMAGE_DIR".pkgs
mv -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR".md5sum.new "$IMAGE_NAME_RISOTTO_IMAGE_DIR".md5sum
VERSION=$((VERSION + 1))
echo "$VERSION" > "$IMAGE_NAME_RISOTTO_IMAGE_DIR"_"$RELEASEVER".version
fi
rm -rf "$IMAGE_NAME_RISOTTO_IMAGE_DIR"
echo " => OK"
exit 0

View file

@ -1,17 +0,0 @@
#!/bin/bash -e
HOST_NAME=$1
if [ -z "$HOST_NAME" ]; then
echo "usage: $0 host name"
exit 1
fi
. config.sh
rm -f $IMAGE_BASE_RISOTTO_BASE_DIR*.build
for image in *; do
if [ -d "$image" ]; then
echo
echo "Install image $image"
./install_image "$HOST_NAME" "$image"
fi
done
rm -f $IMAGE_BASE_RISOTTO_BASE_DIR*.build
exit 0

View file

@ -2,6 +2,7 @@
HOST_NAME=$1 HOST_NAME=$1
IMAGE_NAME=$2 IMAGE_NAME=$2
MACHINE=$3 MACHINE=$3
exit 0
. config.sh . config.sh
. config_machine.sh . config_machine.sh
if [ -z "$MACHINE" ]; then if [ -z "$MACHINE" ]; then
@ -40,24 +41,25 @@ fi
if [ "$NEW_CONF" = true ]; then if [ "$NEW_CONF" = true ]; then
echo " - delete old settings" echo " - delete old settings"
./diff.py "$MACHINE" "$MACHINE_RISOTTO_CONFIG_DIR" "$MACHINE_RISOTTO_CONFIG_DIR_LOCAL" > "$MACHINE_RISOTTO_CONFIG_DIR"_changelog.md ./diff.py "$MACHINE" "$MACHINE_RISOTTO_CONFIG_DIR" "$MACHINE_RISOTTO_CONFIG_DIR_LOCAL" > "$MACHINE_RISOTTO_CONFIG_DIR"_changelog.md
rm -rf "$MACHINE_RISOTTO_CONFIG_DIR" # rm -rf "$MACHINE_RISOTTO_CONFIG_DIR"
fi fi
cp -a "$MACHINE_NAME_NSPAWN_LOCAL" "$MACHINE_NAME_NSPAWN" #cp -a "$MACHINE_NAME_NSPAWN_LOCAL" "$MACHINE_NAME_NSPAWN"
cp -a "$MACHINE_NAME_SCRIPT_LOCAL" "$MACHINE_NAME_SCRIPT" #cp -a "$MACHINE_NAME_SCRIPT_LOCAL" "$MACHINE_NAME_SCRIPT"
if [ ! -d "$MACHINE_RISOTTO_CONFIG_DIR" ]; then #if [ ! -d "$MACHINE_RISOTTO_CONFIG_DIR" ]; then
cp -a "$MACHINE_RISOTTO_CONFIG_DIR_LOCAL" "$MACHINE_RISOTTO_CONFIG_DIR" # cp -a "$MACHINE_RISOTTO_CONFIG_DIR_LOCAL" "$MACHINE_RISOTTO_CONFIG_DIR"
fi #fi
if [ ! -d "$MACHINE_RISOTTO_SRV_DIR" ] && [ -d "$MACHINE_RISOTTO_SRV_DIR_LOCAL" ]; then #if [ ! -d "$MACHINE_RISOTTO_SRV_DIR" ] && [ -d "$MACHINE_RISOTTO_SRV_DIR_LOCAL" ]; then
mkdir -p "$MACHINE_RISOTTO_SRV_DIR" # mkdir -p "$MACHINE_RISOTTO_SRV_DIR"
fi #fi
mkdir -p "$RISOTTO_JOURNALD_DIR" #mkdir -p "$RISOTTO_JOURNALD_DIR"
if [ ! -d "$MACHINE_MACHINES_DIR" ]; then if [ ! -d "$MACHINE_MACHINES_DIR" ]; then
cd "$MACHINES_DIR" cd "$MACHINES_DIR"
mkdir "$IMAGE_NAME"
cd "$IMAGE_NAME"
tar xf "$IMAGE_NAME_RISOTTO_IMAGE_NAME" tar xf "$IMAGE_NAME_RISOTTO_IMAGE_NAME"
mkdir -p "$SHA_MACHINE_DIR" mkdir -p "$SHA_MACHINE_DIR"
cp -a "$IMAGE_NAME_RISOTTO_IMAGE_NAME".sha "$SHA_MACHINE" cp -a "$IMAGE_NAME_RISOTTO_IMAGE_NAME".sha "$SHA_MACHINE"
mv "$IMAGE_NAME" "$MACHINE_MACHINES_DIR"
cd - > /dev/null cd - > /dev/null
fi fi

View file

@ -1 +1,6 @@
# This is the fallback locale configuration provided by systemd.
#>GNUNUX
#LANG="C.UTF-8"
LANG=fr_FR.UTF-8 LANG=fr_FR.UTF-8
#<GNUNUX

17
seed/base/README.md Normal file
View file

@ -0,0 +1,17 @@
---
gitea: none
include_toc: true
---
[Return to the list of application services.](../README.md)
# base
## Synopsis
Base of all application services.
## Used by
- [host-systemd-machined](../host-systemd-machined/README.md)
- [base-machine](../base-machine/README.md)

View file

@ -1,2 +1,3 @@
---
format: '0.1' format: '0.1'
description: Base description: Base of all application services

View file

@ -0,0 +1,16 @@
---
version: 1.1
copy_tests:
type: boolean
hidden: true
default:
jinja: >-
{%- if copy_tests -%}
true
{%- else -%}
false
{%- endif -%}
params:
copy_tests:
information: copy_tests

View file

@ -1,10 +1,11 @@
from typing import List
from risotto.utils import load_domains, DOMAINS
from risotto.utils import multi_function as _multi_function from risotto.utils import multi_function as _multi_function
from typing import List as _List
@_multi_function @_multi_function
def get_ip(server_name: str) -> str: def get_ip(zones: dict,
server_name: str,
) -> str:
if server_name is None: if server_name is None:
return return
if isinstance(server_name, list): if isinstance(server_name, list):
@ -15,12 +16,47 @@ def get_ip(server_name: str) -> str:
lst = [] lst = []
for s_name in server_name: for s_name in server_name:
host_name, domain_name = s_name.split('.', 1) host_name, domain_name = s_name.split('.', 1)
if not domain_name in DOMAINS: for zone in zones.values():
if domain_name == zone['domain_name']:
break
else:
raise ValueError(f'cannot find IP in domain name "{domain_name}" (for "{s_name}")') raise ValueError(f'cannot find IP in domain name "{domain_name}" (for "{s_name}")')
domain = DOMAINS[domain_name] if host_name == zone['host_name']:
ret = domain[1][domain[0].index(host_name)] ret = zone['host_ip']
else:
if not host_name in zone['hosts']:
continue
ret = zone['hosts'][host_name]
if not return_list: if not return_list:
return ret return ret
if ret not in lst: if ret not in lst:
lst.append(ret) lst.append(ret)
if return_list:
return lst return lst
@_multi_function
def get_zones_info(zones: dict,
type: str,
zone_names: _List[str]=None,
zone_name: str=None,
index: int=None,
uniq: bool=False,
) -> str:
if type == 'host_ip' and index != 0:
return
if zone_name:
if zone_name not in zones:
raise ValueError(f"cannot get zone informations in unknown zone '{zone_name}'")
if type == 'cidr':
return zones[zone_name]['host_ip'] + '/' + zones[zone_name]['network'].split('/')[-1]
return zones[zone_name][type]
ret = []
for zone_name, data in zones.items():
if zone_names and zone_name not in zone_names:
continue
val = data[type]
if uniq and val in ret:
continue
ret.append(val)
return ret

View file

@ -0,0 +1,19 @@
---
gitea: none
include_toc: true
---
[Return to the list of application services.](../README.md)
# dns-external
## Synopsis
DNS client with resolution on all zones (especially outside).
## Used by
- [postfix-relay](../postfix-relay/README.md)
- [peertube](../peertube/README.md)
- [unbound](../unbound/README.md)
- [znc](../znc/README.md)

View file

@ -1,2 +1,3 @@
---
format: '0.1' format: '0.1'
description: Configuration du client DNS externe description: DNS client with resolution on all zones (especially outside)

View file

@ -1,11 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<rougail version="0.10">
<variables>
<family name="network">
<variable name="dns_is_only_local" redefine="True">
<value>False</value>
</variable>
<variable name="dns_client_address" redefine="True" supplier="ExternalDNS"/>
</family>
</variables>
</rougail>

View file

@ -0,0 +1,14 @@
---
version: 1.1
network:
dns_is_only_local:
redefine: true
hidden: true
default: false
dns_client_address:
redefine: true
supplier: ExternalDNS
hidden: true

16
seed/dns-local/README.md Normal file
View file

@ -0,0 +1,16 @@
---
gitea: none
include_toc: true
---
[Return to the list of application services.](../README.md)
# dns-local
## Synopsis
DNS client with access to local zones.
## Used by
[base-machine](../base-machine/README.md)

Some files were not shown because too many files have changed in this diff Show more