fix
This commit is contained in:
parent
c9162a5042
commit
0df0c1e80b
10 changed files with 26 additions and 17 deletions
|
@ -9,6 +9,9 @@
|
||||||
<variable name="hide_secret" type="boolean" description="Les secrets sont obscurcis" mode="expert" help="Obscurcir les secrets peut permettre de générer des configurations diffusable sans problème de confidentialité ou pour comparer deux configurations générés à des moments différents" hidden="True">
|
<variable name="hide_secret" type="boolean" description="Les secrets sont obscurcis" mode="expert" help="Obscurcir les secrets peut permettre de générer des configurations diffusable sans problème de confidentialité ou pour comparer deux configurations générés à des moments différents" hidden="True">
|
||||||
<value>False</value>
|
<value>False</value>
|
||||||
</variable>
|
</variable>
|
||||||
|
<family name="base">
|
||||||
|
<variable name="time_zone" provider="Host:time_zone" hidden="True"/>
|
||||||
|
</family>
|
||||||
<variable name="module_name" type="string" hidden="True" provider="global:module_name" mandatory="True"/>
|
<variable name="module_name" type="string" hidden="True" provider="global:module_name" mandatory="True"/>
|
||||||
<family name="network" description="Réseau">
|
<family name="network" description="Réseau">
|
||||||
<variable name="server_name" description="Nom de domaine du serveur" type="domainname" hidden="True" provider="global:server_name" mandatory="True"/>
|
<variable name="server_name" description="Nom de domaine du serveur" type="domainname" hidden="True" provider="global:server_name" mandatory="True"/>
|
||||||
|
|
|
@ -2,9 +2,6 @@
|
||||||
<rougail version="0.10">
|
<rougail version="0.10">
|
||||||
<variables>
|
<variables>
|
||||||
<variable name="copy_tests" type="boolean" mandatory="True" hidden="True"/>
|
<variable name="copy_tests" type="boolean" mandatory="True" hidden="True"/>
|
||||||
<family name="base">
|
|
||||||
<variable name="time_zone" supplier="Host:time_zone" hidden="True"/>
|
|
||||||
</family>
|
|
||||||
</variables>
|
</variables>
|
||||||
<constraints>
|
<constraints>
|
||||||
<fill name="calc_value">
|
<fill name="calc_value">
|
||||||
|
|
|
@ -7,7 +7,7 @@ chown vmail: $BACKUP_DIR
|
||||||
|
|
||||||
rm -f $BACKUP_DIR/*.done
|
rm -f $BACKUP_DIR/*.done
|
||||||
find /srv/home/ -name *@* -type d -printf "%f\n" | while read user; do
|
find /srv/home/ -name *@* -type d -printf "%f\n" | while read user; do
|
||||||
doveadm backup -u $user maildir:$BACKUP_DIR/$user
|
doveadm -o mail_fsync=never backup -u $user maildir:$BACKUP_DIR/$user
|
||||||
touch $BACKUP_DIR/$user.done
|
touch $BACKUP_DIR/$user.done
|
||||||
done
|
done
|
||||||
|
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
{% set username="rougail_test@silique.fr" %}
|
{% set username="rougail_test@silique.fr" %}
|
||||||
ip: {{ general.network.interface_0.ip_eth0 }}
|
ip: {{ general.network.interface_0.ip_eth0 }}
|
||||||
revprox_ip: {{ general.revprox.revprox_client_server_ip }}
|
revprox_ip: {{ general.revprox.revprox_client_server_ip }}
|
||||||
{% set domain = {{ general.revprox.revprox_client_external_domainnames[0] }}
|
{% set domain = general.revprox.revprox_client.revprox_client_external_domainnames[0] %}
|
||||||
base_url: https://{{ domain }}{{domain.revprox_client_location }}
|
base_url: https://{{ domain }}{{domain.revprox_client_location }}
|
||||||
auth_url: {{ general.oauth2_client.oauth2_client_external[0] }}
|
auth_url: {{ general.oauth2_client.external.oauth2_client_external[0] }}
|
||||||
auth_server: {{ general.oauth2_client.oauth2_server_domainname }}
|
auth_server: {{ general.oauth2_client.oauth2_server_domainname }}
|
||||||
username: {{ username }}
|
username: {{ username }}
|
||||||
password: {{ username|get_password(server_name='test', description='test', type="cleartext", hide=hide_secret, temporary=True) }}
|
password: {{ username|get_password(server_name='test', description='test', type="cleartext", hide=hide_secret, temporary=True) }}
|
||||||
forgejo_title: "{{ general.forgejo.forgejo_title }}"
|
forgejo_title: "{{ general.forgejo.forgejo_title }}"
|
||||||
git_url: "[{{ domain] }}:{{ general.network.incoming_ports[0] }}"
|
git_url: "{{ domain }}:{{ general.network.incoming_ports[0] }}"
|
||||||
|
|
|
@ -26,7 +26,7 @@
|
||||||
<file engine="ansible" file_type="variable" source="dhcp.network" variable="interface_names">host_network_filename</file>
|
<file engine="ansible" file_type="variable" source="dhcp.network" variable="interface_names">host_network_filename</file>
|
||||||
</service>
|
</service>
|
||||||
<service name="modprobe@">
|
<service name="modprobe@">
|
||||||
<override/>
|
<override engine="none"/>
|
||||||
</service>
|
</service>
|
||||||
<service name="vector" servicelist="vector">
|
<service name="vector" servicelist="vector">
|
||||||
<file engine="ansible">/etc/vector/vector.toml</file>
|
<file engine="ansible">/etc/vector/vector.toml</file>
|
||||||
|
@ -74,7 +74,7 @@
|
||||||
<value>resolvconf</value>
|
<value>resolvconf</value>
|
||||||
</variable>
|
</variable>
|
||||||
<family name="base">
|
<family name="base">
|
||||||
<variable name="time_zone" type="string" description="Time zone" provider="Host:time_zone">
|
<variable name="time_zone" type="string" description="Time zone" supplier="Host:time_zone">
|
||||||
<value>Europe/Paris</value>
|
<value>Europe/Paris</value>
|
||||||
</variable>
|
</variable>
|
||||||
</family>
|
</family>
|
||||||
|
|
|
@ -2,9 +2,10 @@
|
||||||
ExecStartPre=/usr/sbin/postmap /etc/postfix/lmtp
|
ExecStartPre=/usr/sbin/postmap /etc/postfix/lmtp
|
||||||
ExecStartPre=/usr/sbin/postmap -F /etc/postfix/sni
|
ExecStartPre=/usr/sbin/postmap -F /etc/postfix/sni
|
||||||
{% for local in general.postfix.postfix_relay_authentifications %}
|
{% for local in general.postfix.postfix_relay_authentifications %}
|
||||||
{% set user = general.postfix['local_authentification_' + user]['local_authentification_username_' + user] %}
|
{% set local_norm = local|normalize_family %}
|
||||||
{% set password = general.postfix['local_authentification_' + user]['local_authentification_password_' + user] %}
|
{% set user = general.postfix['local_authentification_' + local_norm]['local_authentification_username_' + local_norm] %}
|
||||||
{% set ip = general.postfix['local_authentification_' + user]['postfix_relay_ip_' + user] %}
|
{% set password = general.postfix['local_authentification_' + local_norm]['local_authentification_password_' + local_norm] %}
|
||||||
|
{% set ip = general.postfix['local_authentification_' + local_norm]['postfix_relay_ip_' + local_norm] %}
|
||||||
ExecStartPre=-/usr/bin/bash -c "echo {{ password }} | /usr/sbin/saslpasswd2 -u {{ ip }} {{ user }} -p"
|
ExecStartPre=-/usr/bin/bash -c "echo {{ password }} | /usr/sbin/saslpasswd2 -u {{ ip }} {{ user }} -p"
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
ExecStartPre=/usr/bin/chown postfix: /etc/sasl2/sasldb2
|
ExecStartPre=/usr/bin/chown postfix: /etc/sasl2/sasldb2
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
<rougail version="0.10">
|
<rougail version="0.10">
|
||||||
<services>
|
<services>
|
||||||
<service name="prometheus" target="multi-user">
|
<service name="prometheus" target="multi-user">
|
||||||
<override/>
|
<override engine="none"/>
|
||||||
<file engine="none" source="sysuser-prometheus.conf">/sysusers.d/prometheus.conf</file>
|
<file engine="none" source="sysuser-prometheus.conf">/sysusers.d/prometheus.conf</file>
|
||||||
<file engine="none" source="tmpfile-prometheus.conf">/tmpfiles.d/0prometheus.conf</file>
|
<file engine="none" source="tmpfile-prometheus.conf">/tmpfiles.d/0prometheus.conf</file>
|
||||||
<file engine="ansible">/etc/prometheus/prometheus.yml</file>
|
<file engine="ansible">/etc/prometheus/prometheus.yml</file>
|
||||||
|
|
|
@ -37,9 +37,7 @@
|
||||||
</variable>
|
</variable>
|
||||||
<variable name="zones_list" redefine="True" supplier="Host:machine_zones" hidden="True"/>
|
<variable name="zones_list" redefine="True" supplier="Host:machine_zones" hidden="True"/>
|
||||||
</family>
|
</family>
|
||||||
<variable name="do_backup" type="boolean" description="Do backup for this machine" hidden="True">
|
<variable name="do_backup" type="boolean" description="Do backup for this machine" mode="expert"/>
|
||||||
<value>True</value>
|
|
||||||
</variable>
|
|
||||||
<variable name="backup_dir" type="filename" hidden="True">
|
<variable name="backup_dir" type="filename" hidden="True">
|
||||||
<value>/srv/backup</value>
|
<value>/srv/backup</value>
|
||||||
</variable>
|
</variable>
|
||||||
|
@ -53,6 +51,10 @@
|
||||||
<param>False</param>
|
<param>False</param>
|
||||||
<target type="variable">srv_dir</target>
|
<target type="variable">srv_dir</target>
|
||||||
</condition>
|
</condition>
|
||||||
|
<condition name="hidden_if_in" source="machine.add_srv">
|
||||||
|
<param>False</param>
|
||||||
|
<target type="variable">do_backup</target>
|
||||||
|
</condition>
|
||||||
<fill name="calc_value">
|
<fill name="calc_value">
|
||||||
<param type="variable">container_srv_path</param>
|
<param type="variable">container_srv_path</param>
|
||||||
<param>/</param>
|
<param>/</param>
|
||||||
|
|
|
@ -9,5 +9,11 @@
|
||||||
<variable name="add_swap" disabled="True" redefine="True"/>
|
<variable name="add_swap" disabled="True" redefine="True"/>
|
||||||
<variable name="swap_size" disabled="True" redefine="True"/>
|
<variable name="swap_size" disabled="True" redefine="True"/>
|
||||||
</variables>
|
</variables>
|
||||||
|
<constraints>
|
||||||
|
<fill name="calc_value">
|
||||||
|
<param type="variable">machine.add_srv</param>
|
||||||
|
<target>do_backup</target>
|
||||||
|
</fill>
|
||||||
|
</constraints>
|
||||||
</rougail>
|
</rougail>
|
||||||
|
|
||||||
|
|
|
@ -25,7 +25,7 @@
|
||||||
<service name="srv" engine="ansible" target="multi-user" type="mount" servicelist="add_srv" undisable='True'/>
|
<service name="srv" engine="ansible" target="multi-user" type="mount" servicelist="add_srv" undisable='True'/>
|
||||||
<service name="dev-disk-by\x2dpartlabel-swap" engine="none" target="multi-user" type="swap" servicelist="add_swap" undisable='True'/>
|
<service name="dev-disk-by\x2dpartlabel-swap" engine="none" target="multi-user" type="swap" servicelist="add_swap" undisable='True'/>
|
||||||
<service name="systemd-firstboot">
|
<service name="systemd-firstboot">
|
||||||
<override/>
|
<override engine="ansible"/>
|
||||||
<file engine="ansible">/secrets/root.pwd</file>
|
<file engine="ansible">/secrets/root.pwd</file>
|
||||||
<file engine="none">/tmpfiles.d/risotto-volatile.conf</file>
|
<file engine="none">/tmpfiles.d/risotto-volatile.conf</file>
|
||||||
</service>
|
</service>
|
||||||
|
|
Loading…
Reference in a new issue