stove/dataset
3
0
Fork 1
Code Issues 2 Pull requests Projects Releases Wiki Activity

fix

Browse source
This commit is contained in:
egarette@silique.fr 2024-09-10 13:41:03 +02:00
parent c9162a5042
commit 0df0c1e80b
10 changed files with 26 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
seed/base-machine/dictionaries/12_base.xml
View file

@ -9,6 +9,9 @@
<variable name="hide_secret" type="boolean" description="Les secrets sont obscurcis" mode="expert" help="Obscurcir les secrets peut permettre de générer des configurations diffusable sans problème de confidentialité ou pour comparer deux configurations générés à des moments différents" hidden="True"> <variable name="hide_secret" type="boolean" description="Les secrets sont obscurcis" mode="expert" help="Obscurcir les secrets peut permettre de générer des configurations diffusable sans problème de confidentialité ou pour comparer deux configurations générés à des moments différents" hidden="True">
<value>False</value> <value>False</value>
</variable> </variable>
<family name="base">
<variable name="time_zone" provider="Host:time_zone" hidden="True"/>
</family>
<variable name="module_name" type="string" hidden="True" provider="global:module_name" mandatory="True"/> <variable name="module_name" type="string" hidden="True" provider="global:module_name" mandatory="True"/>
<family name="network" description="Réseau"> <family name="network" description="Réseau">
<variable name="server_name" description="Nom de domaine du serveur" type="domainname" hidden="True" provider="global:server_name" mandatory="True"/> <variable name="server_name" description="Nom de domaine du serveur" type="domainname" hidden="True" provider="global:server_name" mandatory="True"/>

3
seed/base/dictionaries/00_base.xml
View file

@ -2,9 +2,6 @@
<rougail version="0.10"> <rougail version="0.10">
<variables> <variables>
<variable name="copy_tests" type="boolean" mandatory="True" hidden="True"/> <variable name="copy_tests" type="boolean" mandatory="True" hidden="True"/>
<family name="base">
<variable name="time_zone" supplier="Host:time_zone" hidden="True"/>
</family>
</variables> </variables>
<constraints> <constraints>
<fill name="calc_value"> <fill name="calc_value">

2
seed/dovecot/templates/risotto_backup
View file

@ -7,7 +7,7 @@ chown vmail: $BACKUP_DIR
rm -f $BACKUP_DIR/*.done rm -f $BACKUP_DIR/*.done
find /srv/home/ -name *@* -type d -printf "%f\n" | while read user; do find /srv/home/ -name *@* -type d -printf "%f\n" | while read user; do
doveadm backup -u $user maildir:$BACKUP_DIR/$user doveadm -o mail_fsync=never backup -u $user maildir:$BACKUP_DIR/$user
touch $BACKUP_DIR/$user.done touch $BACKUP_DIR/$user.done
done done

6
seed/forgejo/templates/forgejo.yml
View file

@ -1,11 +1,11 @@
{% set username="rougail_test@silique.fr" %} {% set username="rougail_test@silique.fr" %}
ip: {{ general.network.interface_0.ip_eth0 }} ip: {{ general.network.interface_0.ip_eth0 }}
revprox_ip: {{ general.revprox.revprox_client_server_ip }} revprox_ip: {{ general.revprox.revprox_client_server_ip }}
{% set domain = {{ general.revprox.revprox_client_external_domainnames[0] }} {% set domain = general.revprox.revprox_client.revprox_client_external_domainnames[0] %}
base_url: https://{{ domain }}{{domain.revprox_client_location }} base_url: https://{{ domain }}{{domain.revprox_client_location }}
auth_url: {{ general.oauth2_client.oauth2_client_external[0] }} auth_url: {{ general.oauth2_client.external.oauth2_client_external[0] }}
auth_server: {{ general.oauth2_client.oauth2_server_domainname }} auth_server: {{ general.oauth2_client.oauth2_server_domainname }}
username: {{ username }} username: {{ username }}
password: {{ username|get_password(server_name='test', description='test', type="cleartext", hide=hide_secret, temporary=True) }} password: {{ username|get_password(server_name='test', description='test', type="cleartext", hide=hide_secret, temporary=True) }}
forgejo_title: "{{ general.forgejo.forgejo_title }}" forgejo_title: "{{ general.forgejo.forgejo_title }}"
git_url: "[{{ domain] }}:{{ general.network.incoming_ports[0] }}" git_url: "{{ domain }}:{{ general.network.incoming_ports[0] }}"

4
seed/host-systemd-machined/dictionaries/21_machined.xml
View file

@ -26,7 +26,7 @@
<file engine="ansible" file_type="variable" source="dhcp.network" variable="interface_names">host_network_filename</file> <file engine="ansible" file_type="variable" source="dhcp.network" variable="interface_names">host_network_filename</file>
</service> </service>
<service name="modprobe@"> <service name="modprobe@">
<override/> <override engine="none"/>
</service> </service>
<service name="vector" servicelist="vector"> <service name="vector" servicelist="vector">
<file engine="ansible">/etc/vector/vector.toml</file> <file engine="ansible">/etc/vector/vector.toml</file>
@ -74,7 +74,7 @@
<value>resolvconf</value> <value>resolvconf</value>
</variable> </variable>
<family name="base"> <family name="base">
<variable name="time_zone" type="string" description="Time zone" provider="Host:time_zone"> <variable name="time_zone" type="string" description="Time zone" supplier="Host:time_zone">
<value>Europe/Paris</value> <value>Europe/Paris</value>
</variable> </variable>
</family> </family>

7
seed/postfix-relay/templates/postfix.service
View file

@ -2,9 +2,10 @@
ExecStartPre=/usr/sbin/postmap /etc/postfix/lmtp ExecStartPre=/usr/sbin/postmap /etc/postfix/lmtp
ExecStartPre=/usr/sbin/postmap -F /etc/postfix/sni ExecStartPre=/usr/sbin/postmap -F /etc/postfix/sni
{% for local in general.postfix.postfix_relay_authentifications %} {% for local in general.postfix.postfix_relay_authentifications %}
{% set user = general.postfix['local_authentification_' + user]['local_authentification_username_' + user] %} {% set local_norm = local|normalize_family %}
{% set password = general.postfix['local_authentification_' + user]['local_authentification_password_' + user] %} {% set user = general.postfix['local_authentification_' + local_norm]['local_authentification_username_' + local_norm] %}
{% set ip = general.postfix['local_authentification_' + user]['postfix_relay_ip_' + user] %} {% set password = general.postfix['local_authentification_' + local_norm]['local_authentification_password_' + local_norm] %}
{% set ip = general.postfix['local_authentification_' + local_norm]['postfix_relay_ip_' + local_norm] %}
ExecStartPre=-/usr/bin/bash -c "echo {{ password }} | /usr/sbin/saslpasswd2 -u {{ ip }} {{ user }} -p" ExecStartPre=-/usr/bin/bash -c "echo {{ password }} | /usr/sbin/saslpasswd2 -u {{ ip }} {{ user }} -p"
{% endfor %} {% endfor %}
ExecStartPre=/usr/bin/chown postfix: /etc/sasl2/sasldb2 ExecStartPre=/usr/bin/chown postfix: /etc/sasl2/sasldb2

2
seed/prometheus/dictionaries/20_prometheus.xml
View file

@ -2,7 +2,7 @@
<rougail version="0.10"> <rougail version="0.10">
<services> <services>
<service name="prometheus" target="multi-user"> <service name="prometheus" target="multi-user">
<override/> <override engine="none"/>
<file engine="none" source="sysuser-prometheus.conf">/sysusers.d/prometheus.conf</file> <file engine="none" source="sysuser-prometheus.conf">/sysusers.d/prometheus.conf</file>
<file engine="none" source="tmpfile-prometheus.conf">/tmpfiles.d/0prometheus.conf</file> <file engine="none" source="tmpfile-prometheus.conf">/tmpfiles.d/0prometheus.conf</file>
<file engine="ansible">/etc/prometheus/prometheus.yml</file> <file engine="ansible">/etc/prometheus/prometheus.yml</file>

8
seed/provider-systemd-machined/dictionaries/16_machined.xml
View file

@ -37,9 +37,7 @@
</variable> </variable>
<variable name="zones_list" redefine="True" supplier="Host:machine_zones" hidden="True"/> <variable name="zones_list" redefine="True" supplier="Host:machine_zones" hidden="True"/>
</family> </family>
<variable name="do_backup" type="boolean" description="Do backup for this machine" hidden="True"> <variable name="do_backup" type="boolean" description="Do backup for this machine" mode="expert"/>
<value>True</value>
</variable>
<variable name="backup_dir" type="filename" hidden="True"> <variable name="backup_dir" type="filename" hidden="True">
<value>/srv/backup</value> <value>/srv/backup</value>
</variable> </variable>
@ -53,6 +51,10 @@
<param>False</param> <param>False</param>
<target type="variable">srv_dir</target> <target type="variable">srv_dir</target>
</condition> </condition>
<condition name="hidden_if_in" source="machine.add_srv">
<param>False</param>
<target type="variable">do_backup</target>
</condition>
<fill name="calc_value"> <fill name="calc_value">
<param type="variable">container_srv_path</param> <param type="variable">container_srv_path</param>
<param>/</param> <param>/</param>

6
seed/provider-systemd-machined/extras/machine/11_systemd.xml
View file

@ -9,5 +9,11 @@
<variable name="add_swap" disabled="True" redefine="True"/> <variable name="add_swap" disabled="True" redefine="True"/>
<variable name="swap_size" disabled="True" redefine="True"/> <variable name="swap_size" disabled="True" redefine="True"/>
</variables> </variables>
<constraints>
<fill name="calc_value">
<param type="variable">machine.add_srv</param>
<target>do_backup</target>
</fill>
</constraints>
</rougail> </rougail>

2
seed/systemd/dictionaries/15_systemd.xml
View file

@ -25,7 +25,7 @@
<service name="srv" engine="ansible" target="multi-user" type="mount" servicelist="add_srv" undisable='True'/> <service name="srv" engine="ansible" target="multi-user" type="mount" servicelist="add_srv" undisable='True'/>
<service name="dev-disk-by\x2dpartlabel-swap" engine="none" target="multi-user" type="swap" servicelist="add_swap" undisable='True'/> <service name="dev-disk-by\x2dpartlabel-swap" engine="none" target="multi-user" type="swap" servicelist="add_swap" undisable='True'/>
<service name="systemd-firstboot"> <service name="systemd-firstboot">
<override/> <override engine="ansible"/>
<file engine="ansible">/secrets/root.pwd</file> <file engine="ansible">/secrets/root.pwd</file>
<file engine="none">/tmpfiles.d/risotto-volatile.conf</file> <file engine="none">/tmpfiles.d/risotto-volatile.conf</file>
</service> </service>