certificate for lemonldap

This commit is contained in:
Emmanuel Garette 2022-10-01 19:13:56 +02:00
parent 3316ae70d3
commit 1a3d562829
6 changed files with 30 additions and 19 deletions

View file

@ -2,16 +2,18 @@
<rougail version="0.10"> <rougail version="0.10">
<services> <services>
<service name="systemd-machined"> <service name="systemd-machined">
<file>/etc/systemd/system/risotto-images.service</file>
<file>/etc/systemd/system/risotto-images.timer</file>
<file>/etc/systemd/network/80-container-vz.network</file> <file>/etc/systemd/network/80-container-vz.network</file>
<file file_type="variable" source="70-container.network" variable="zone_name">systemd_zone_filename</file> <file file_type="variable" source="70-container.network" variable="zone_name">systemd_zone_filename</file>
<file file_type="variable" source="70-container.netdev" variable="zone_name">systemd_netzone_filename</file> <file file_type="variable" source="70-container.netdev" variable="zone_name">systemd_netzone_filename</file>
</service> </service>
<service name="risottofirewall" engine="creole" target="multi-user"> <service name="risotto-images" engine="creole" manage="False"/>
</service> <service name="systemd-sysctl"/>
<service name="systemd-networkd"/>
<service name="systemd-resolved"/>
<service name="risotto-images" type="timer" engine="creole"/>
<service name="risottofirewall" engine="creole"/>
<service name="systemd-nspawn@"> <service name="systemd-nspawn@">
<file>/tmpfiles.d/0asystemd-nspawn.conf</file> <file>/usr/local/lib/risotto-tmpfiles.d/0asystemd-nspawn.conf</file>
<file>/etc/systemd/system/systemd-nspawn@.service.d/systemd-nspawn@.conf</file> <file>/etc/systemd/system/systemd-nspawn@.service.d/systemd-nspawn@.conf</file>
<file>/etc/distro.repos.d/boot.repo</file> <file>/etc/distro.repos.d/boot.repo</file>
<file>/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-35-x86_64</file> <file>/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-35-x86_64</file>
@ -25,8 +27,25 @@
<variable name="host_install_dir" type="filename" description="Nom du répertoire comprenant les descriptions d'installation" mandatory="True"/> <variable name="host_install_dir" type="filename" description="Nom du répertoire comprenant les descriptions d'installation" mandatory="True"/>
<variable name="host_dhcp_filename" type="filename" hidden="True" multi="True"/> <variable name="host_dhcp_filename" type="filename" hidden="True" multi="True"/>
<variable name="host_name" type="domainname" hidden="True" provider="global:server_name" mandatory="True"/> <variable name="host_name" type="domainname" hidden="True" provider="global:server_name" mandatory="True"/>
<variable name="module_name" type="string" hidden="True" provider="global:module_name" mandatory="True"/>
<variable name="systemd_zone_filename" type="filename" hidden="True" multi="True"/> <variable name="systemd_zone_filename" type="filename" hidden="True" multi="True"/>
<variable name="systemd_netzone_filename" type="filename" hidden="True" multi="True"/> <variable name="systemd_netzone_filename" type="filename" hidden="True" multi="True"/>
<variable name="vm_swappiness" type="number" description="Ajustement de la mémoire virtuelle" mandatory="True">
<value>60</value>
</variable>
<variable name="host_packages" multi="True" hidden="True">
<value>systemd-container</value>
<value>dnf</value>
<value>jq</value>
<value>debootstrap</value>
<value>htop</value>
<value>gettext</value>
<value>patch</value>
<value>unzip</value>
<value>mlocate</value>
<value>xz-utils</value>
<value>iptables</value>
</variable>
<family name="network"> <family name="network">
<variable name="host_dhcp_interface" description="Carte réseau en DHCP" multi="True"/> <variable name="host_dhcp_interface" description="Carte réseau en DHCP" multi="True"/>
<variable name="output_interface" description="Nom de l'interface de sortie" mandatory="True"/> <variable name="output_interface" description="Nom de l'interface de sortie" mandatory="True"/>

View file

@ -4,12 +4,3 @@ D /etc/systemd/network/ 0755 root root - -
D /usr/local/lib/systemd/system/ 0755 root root - - D /usr/local/lib/systemd/system/ 0755 root root - -
d /var/lib/risotto/configurations/ 0755 root root - - d /var/lib/risotto/configurations/ 0755 root root - -
r /etc/network/interfaces - - - - - r /etc/network/interfaces - - - - -
%for %%filename in %%machined.nspawn_script_filename
C %%filename 0755 root root - %%host_install_dir/host/configurations/%%host_name%%filename
%end for
%for %%service in %%services
%if %%service.engine != 'none'
%set %%filename = '/usr/local/lib/systemd/system/' + %%service.doc
C %%filename 0755 root root - %%host_install_dir/host/configurations/%%host_name%%filename
%end if
%end for

View file

@ -1,2 +1,3 @@
net.ipv4.ip_forward = 1 net.ipv4.ip_forward = 1
fs.inotify.max_user_instances = 1024 fs.inotify.max_user_instances = 1024
vm.swappiness = %%vm_swappiness

View file

@ -5,7 +5,7 @@ After=network.target local-fs.target systemd-logind.service
[Service] [Service]
Type=oneshot Type=oneshot
WorkingDirectory=%%host_install_dir WorkingDirectory=%%host_install_dir
ExecStart=%%host_install_dir/install_images %%host_name ExecStart=/usr/local/sbin/build_images
ExecStart=%%host_install_dir/backup %%host_name no ExecStart=%%host_install_dir/backup %%host_name no
ExecStart=%%host_install_dir/install_machines %%host_name ExecStart=%%host_install_dir/install_machines %%host_name

View file

@ -22,8 +22,8 @@ server {
#>GNUNUX #>GNUNUX
listen 443 ssl; listen 443 ssl;
server_name %%lemon_reload_web_name; server_name %%lemon_reload_web_name;
ssl_certificate %%revprox_cert_file; ssl_certificate %%revprox_client_cert_file;
ssl_certificate_key %%revprox_key_file; ssl_certificate_key %%revprox_client_key_file;
ssl_client_certificate %%revprox_ca_file; ssl_client_certificate %%revprox_ca_file;
#<GNUNUX #<GNUNUX
root /var/www/html; root /var/www/html;

View file

@ -49,8 +49,8 @@ server {
#>GNUNUX #>GNUNUX
listen 443 ssl; listen 443 ssl;
server_name %%{revprox_client_external_domainnames[0]}; server_name %%{revprox_client_external_domainnames[0]};
ssl_certificate %%revprox_cert_file; ssl_certificate %%revprox_client_cert_file;
ssl_certificate_key %%revprox_key_file; ssl_certificate_key %%revprox_client_key_file;
ssl_client_certificate %%revprox_ca_file; ssl_client_certificate %%revprox_ca_file;
ssl_session_cache shared:SSL:10m; ssl_session_cache shared:SSL:10m;
#<GNUNUX #<GNUNUX