diff --git a/seed/apache/applicationservice.yml b/seed/apache/applicationservice.yml index 6ba1732c..57b34308 100644 --- a/seed/apache/applicationservice.yml +++ b/seed/apache/applicationservice.yml @@ -1,3 +1,4 @@ +--- format: '0.1' description: Apache as web server website: https://httpd.apache.org/ diff --git a/seed/apache/dictionaries/20_web.xml b/seed/apache/dictionaries/20_web.xml deleted file mode 100644 index c885b4c4..00000000 --- a/seed/apache/dictionaries/20_web.xml +++ /dev/null @@ -1,25 +0,0 @@ - - - - - /etc/httpd/conf/httpd.conf - /etc/httpd/conf.d/risotto.conf - /etc/httpd/conf.d/ssl.conf - /sysusers.d/httpd.conf - /tmpfiles.d/0httpd.conf - - - - - - apache - - - - - 300 - - - - - diff --git a/seed/apache/dictionaries/20_web.yml b/seed/apache/dictionaries/20_web.yml new file mode 100644 index 00000000..f09d3162 --- /dev/null +++ b/seed/apache/dictionaries/20_web.yml @@ -0,0 +1,23 @@ +--- +version: 1.1 + +nginx: + + php_fpm_user: + redefine: true + exists: true + default: apache + +apache: + description: Apache + help: Advance Apache web server settings + mode: advanced + + apache_timeout: + description: >- + Amount of time the server will wait for certain events before failing a + request + help: Time in seconds + default: 300 + + apache_keepalive: true # Enables HTTP persistent connections diff --git a/seed/base-debian-bullseye/applicationservice.yml b/seed/base-debian-bullseye/applicationservice.yml index 04522d68..3fa1351f 100644 --- a/seed/base-debian-bullseye/applicationservice.yml +++ b/seed/base-debian-bullseye/applicationservice.yml @@ -1,3 +1,4 @@ +--- format: '0.1' description: Base information of a Debian Bulleye server website: https://www.debian.org/ diff --git a/seed/base-debian-bullseye/dictionaries/00_debian-bullseye.xml b/seed/base-debian-bullseye/dictionaries/00_debian-bullseye.xml deleted file mode 100644 index db8615ff..00000000 --- a/seed/base-debian-bullseye/dictionaries/00_debian-bullseye.xml +++ /dev/null @@ -1,13 +0,0 @@ - - - - - /etc/dnssec-trust-anchors.d/local.negative - - - - - - diff --git a/seed/base-debian-bullseye/dictionaries/00_debian-bullseye.yml b/seed/base-debian-bullseye/dictionaries/00_debian-bullseye.yml new file mode 100644 index 00000000..091e3cdd --- /dev/null +++ b/seed/base-debian-bullseye/dictionaries/00_debian-bullseye.yml @@ -0,0 +1,7 @@ +--- +version: 1.1 + +os_version: + description: Version de l'OS + hidden: true + default: bullseye diff --git a/seed/base-debian/applicationservice.yml b/seed/base-debian/applicationservice.yml index b0c3a56c..10a20370 100644 --- a/seed/base-debian/applicationservice.yml +++ b/seed/base-debian/applicationservice.yml @@ -1,3 +1,4 @@ +--- format: '0.1' description: Base information of a Debian server website: https://www.debian.org/ diff --git a/seed/base-debian/dictionaries/11_debian-base.xml b/seed/base-debian/dictionaries/11_debian-base.xml deleted file mode 100644 index d664df6b..00000000 --- a/seed/base-debian/dictionaries/11_debian-base.xml +++ /dev/null @@ -1,26 +0,0 @@ - - - - - - - - - /tmpfiles.d/0tmp.conf - /etc/default/locale - /sysusers.d/debian.conf - - - - - - - - - - - - - diff --git a/seed/base-debian/dictionaries/11_debian-base.yml b/seed/base-debian/dictionaries/11_debian-base.yml new file mode 100644 index 00000000..c281fc20 --- /dev/null +++ b/seed/base-debian/dictionaries/11_debian-base.yml @@ -0,0 +1,7 @@ +--- +version: 1.1 + +os_name: + description: Nom de l'OS + hidden: true + default: Debian diff --git a/seed/base-debian/dictionaries/17_debian-base.xml b/seed/base-debian/dictionaries/17_debian-base.xml deleted file mode 100644 index b1754b8f..00000000 --- a/seed/base-debian/dictionaries/17_debian-base.xml +++ /dev/null @@ -1,17 +0,0 @@ - - - - - - - - - - - diff --git a/seed/base-debian/dictionaries/17_debian-base.yml b/seed/base-debian/dictionaries/17_debian-base.yml new file mode 100644 index 00000000..3b780fee --- /dev/null +++ b/seed/base-debian/dictionaries/17_debian-base.yml @@ -0,0 +1,20 @@ +--- +version: 1.1 + +tls_ca_directory: + type: unix_filename + description: Répertoire des autorités de certification + hidden: true + default: /etc/ssl-localca + +tls_cert_directory: + type: unix_filename + description: Répertoire des certificats + hidden: true + default: /etc/ssl/certs + +tls_key_directory: + type: unix_filename + description: Répertoire des clefs privés + hidden: true + default: /etc/ssl/private diff --git a/seed/base-fedora-35/applicationservice.yml b/seed/base-fedora-35/applicationservice.yml index f77d4354..73638d18 100644 --- a/seed/base-fedora-35/applicationservice.yml +++ b/seed/base-fedora-35/applicationservice.yml @@ -1,3 +1,4 @@ +--- format: '0.1' description: Base information of a Fedora 35 website: https://getfedora.org/ diff --git a/seed/base-fedora-35/dictionaries/11_fedora-35.xml b/seed/base-fedora-35/dictionaries/11_fedora-35.xml deleted file mode 100644 index ef17a8e5..00000000 --- a/seed/base-fedora-35/dictionaries/11_fedora-35.xml +++ /dev/null @@ -1,8 +0,0 @@ - - - - - - diff --git a/seed/base-fedora-35/dictionaries/11_fedora-35.yml b/seed/base-fedora-35/dictionaries/11_fedora-35.yml new file mode 100644 index 00000000..f32c16a1 --- /dev/null +++ b/seed/base-fedora-35/dictionaries/11_fedora-35.yml @@ -0,0 +1,7 @@ +--- +version: 1.1 + +os_version: + description: Version de l'OS + hidden: true + default: '35' diff --git a/seed/base-fedora-36/applicationservice.yml b/seed/base-fedora-36/applicationservice.yml index 1f67b779..12e4c782 100644 --- a/seed/base-fedora-36/applicationservice.yml +++ b/seed/base-fedora-36/applicationservice.yml @@ -1,3 +1,4 @@ +--- format: '0.1' description: Base information of a Fedora 36 website: https://getfedora.org/ diff --git a/seed/base-fedora-36/dictionaries/11_fedora-version.xml b/seed/base-fedora-36/dictionaries/11_fedora-version.xml deleted file mode 100644 index 24ace668..00000000 --- a/seed/base-fedora-36/dictionaries/11_fedora-version.xml +++ /dev/null @@ -1,13 +0,0 @@ - - - - - /etc/pam.d/login - - - - - - diff --git a/seed/base-fedora-36/dictionaries/11_fedora-version.yml b/seed/base-fedora-36/dictionaries/11_fedora-version.yml new file mode 100644 index 00000000..d5978817 --- /dev/null +++ b/seed/base-fedora-36/dictionaries/11_fedora-version.yml @@ -0,0 +1,7 @@ +--- +version: 1.1 + +os_version: + description: Version de l'OS + hidden: true + default: '36' diff --git a/seed/base-fedora-37/applicationservice.yml b/seed/base-fedora-37/applicationservice.yml index 27803c3d..d56e5cc0 100644 --- a/seed/base-fedora-37/applicationservice.yml +++ b/seed/base-fedora-37/applicationservice.yml @@ -1,3 +1,4 @@ +--- format: '0.1' description: Base information of a Fedora 37 website: https://getfedora.org/ diff --git a/seed/base-fedora-37/dictionaries/11_fedora-version.xml b/seed/base-fedora-37/dictionaries/11_fedora-version.xml deleted file mode 100644 index 8449d3e0..00000000 --- a/seed/base-fedora-37/dictionaries/11_fedora-version.xml +++ /dev/null @@ -1,13 +0,0 @@ - - - - - - - diff --git a/seed/base-fedora-37/dictionaries/11_fedora-version.yml b/seed/base-fedora-37/dictionaries/11_fedora-version.yml new file mode 100644 index 00000000..a962f8d0 --- /dev/null +++ b/seed/base-fedora-37/dictionaries/11_fedora-version.yml @@ -0,0 +1,7 @@ +--- +version: 1.1 + +os_version: + description: Version de l'OS + hidden: true + default: '37' diff --git a/seed/base-fedora-38/applicationservice.yml b/seed/base-fedora-38/applicationservice.yml index 83bdbc3e..fe915e58 100644 --- a/seed/base-fedora-38/applicationservice.yml +++ b/seed/base-fedora-38/applicationservice.yml @@ -1,3 +1,4 @@ +--- format: '0.1' description: Base information of a Fedora 38 website: https://getfedora.org/ diff --git a/seed/base-fedora-38/dictionaries/11_fedora-version.xml b/seed/base-fedora-38/dictionaries/11_fedora-version.xml deleted file mode 100644 index 9ba13460..00000000 --- a/seed/base-fedora-38/dictionaries/11_fedora-version.xml +++ /dev/null @@ -1,13 +0,0 @@ - - - - - - - diff --git a/seed/base-fedora-38/dictionaries/11_fedora-version.yml b/seed/base-fedora-38/dictionaries/11_fedora-version.yml new file mode 100644 index 00000000..43c10257 --- /dev/null +++ b/seed/base-fedora-38/dictionaries/11_fedora-version.yml @@ -0,0 +1,7 @@ +--- +version: 1.1 + +os_version: + description: Version de l'OS + hidden: true + default: '38' diff --git a/seed/base-fedora/applicationservice.yml b/seed/base-fedora/applicationservice.yml index 712b7590..f19f6123 100644 --- a/seed/base-fedora/applicationservice.yml +++ b/seed/base-fedora/applicationservice.yml @@ -1,3 +1,4 @@ +--- format: '0.1' description: Base information of a Fedora website: https://getfedora.org/ diff --git a/seed/base-fedora/dictionaries/11_fedora-base.xml b/seed/base-fedora/dictionaries/11_fedora-base.xml deleted file mode 100644 index 011eb792..00000000 --- a/seed/base-fedora/dictionaries/11_fedora-base.xml +++ /dev/null @@ -1,15 +0,0 @@ - - - - - /tmpfiles.d/fedora.conf - - - - - - - - diff --git a/seed/base-fedora/dictionaries/11_fedora-base.yml b/seed/base-fedora/dictionaries/11_fedora-base.yml new file mode 100644 index 00000000..39b28d4d --- /dev/null +++ b/seed/base-fedora/dictionaries/11_fedora-base.yml @@ -0,0 +1,7 @@ +--- +version: 1.1 + +os_name: + description: Nom de l'OS + hidden: true + default: Fedora diff --git a/seed/base-fedora/dictionaries/17_fedora-base.xml b/seed/base-fedora/dictionaries/17_fedora-base.xml deleted file mode 100644 index f2df6f92..00000000 --- a/seed/base-fedora/dictionaries/17_fedora-base.xml +++ /dev/null @@ -1,17 +0,0 @@ - - - - - - - - - - - diff --git a/seed/base-fedora/dictionaries/17_fedora-base.yml b/seed/base-fedora/dictionaries/17_fedora-base.yml new file mode 100644 index 00000000..8e98ae4e --- /dev/null +++ b/seed/base-fedora/dictionaries/17_fedora-base.yml @@ -0,0 +1,20 @@ +--- +version: 1.1 + +tls_ca_directory: + type: unix_filename + description: Nom du répertoire des autorités de certification + hidden: true + default: /etc/pki/ca-trust/source/anchors + +tls_cert_directory: + type: unix_filename + description: Nom du répertoire des certificats + hidden: true + default: /etc/pki/tls/certs + +tls_key_directory: + type: unix_filename + description: Nom du répertoire des clefs privés + hidden: true + default: /etc/pki/tls/private diff --git a/seed/base-machine/applicationservice.yml b/seed/base-machine/applicationservice.yml index 7f5c7ade..bfe8c7c3 100644 --- a/seed/base-machine/applicationservice.yml +++ b/seed/base-machine/applicationservice.yml @@ -1,3 +1,4 @@ +--- format: '0.1' description: Base information for a machine depends: diff --git a/seed/base-machine/dictionaries/12_base.xml b/seed/base-machine/dictionaries/12_base.xml deleted file mode 100644 index 065bf5b0..00000000 --- a/seed/base-machine/dictionaries/12_base.xml +++ /dev/null @@ -1,60 +0,0 @@ - - - - - /etc/locale.conf - - - - - - - - - - zones - domain_name_eth - ip_eth - - - zones_list - - zone_name_eth - - - zones - network - zone_name_eth - network_eth - - - zones - host_ip - zone_name_eth - - gateway_eth - - - domain_name_eth - last_server_name - - - - diff --git a/seed/base-machine/dictionaries/12_base.yml b/seed/base-machine/dictionaries/12_base.yml new file mode 100644 index 00000000..311af87b --- /dev/null +++ b/seed/base-machine/dictionaries/12_base.yml @@ -0,0 +1,129 @@ +--- +version: 1.1 + +hide_secret: + description: Les secrets sont obscurcis + mode: advanced + help: >- + Obscurcir les secrets peut permettre de générer des configurations + diffusable sans problème de confidentialité ou pour comparer deux + configurations générés à des moments différents + hidden: true + default: false + +base: + + time_zone: + provider: Host:time_zone + hidden: true + mandatory: false + +module_name: + hidden: true + provider: global:module_name + +network: + + server_name: + description: Nom de domaine du serveur + type: domainname + hidden: true + provider: global:server_name + + last_server_name: + type: domainname + hidden: true + default: + jinja: >- + {%- if domain_name -%} + {{ domain_name[-1] }} + {%- endif -%} + params: + domain_name: + variable: >- + _.interface_{{ suffix }}.domain_name + + zones_list: + multi: true + description: Liste de toutes les zones + hidden: true + provider: global:zones_name + + interfaces_list: + type: number + multi: true + description: Liste de tous les numéros d'interfaces + hidden: true + provider: global:zones_list + mandatory: false + + "interface_{{ suffix }}": + description: 'Interface {{ suffix }}' + dynamic: + variable: general.network.interfaces_list + + zone_name: + description: "Nom de la zone de l'interface {{ suffix }}" + hidden: true + default: + jinja: >- + {%- if __.zones_list -%} + {{ __.zones_list[index] }} + {%- endif -%} + params: + index: + type: suffix + + ip: + type: ip + description: "Adresse IP pour l'interface {{ suffix }}" + hidden: true + default: + jinja: >- + {{ zones | get_ip(server_name=_.domain_name) }} + params: + zones: + information: zones + + network: + type: network_cidr + description: "Réseau de l'interface {{ suffix }}" + hidden: true + default: + jinja: >- + {{ zones | get_zones_info("network", zone_name=_.zone_name) }} + params: + zones: + information: zones + + gateway: + type: ip + description: "La route de l'interface {{ suffix }}" + hidden: true + default: + jinja: >- + {{ zones | get_zones_info("host_ip", + zone_name=_.zone_name, + index=index) + }} + params: + zones: + information: zones + index: + type: suffix + disabled: + jinja: >- + {%- if index == 0 -%} + false + {%- else -%} + true + {%- endif -%} + params: + index: + type: suffix + + domain_name: + type: domainname + description: "Nom de domaine pour l'interface {{ suffix }}" + hidden: true + provider: global:server_names diff --git a/seed/base-machine/extras/machine/00_base.xml b/seed/base-machine/extras/machine/00_base.xml deleted file mode 100644 index cb49a5b8..00000000 --- a/seed/base-machine/extras/machine/00_base.xml +++ /dev/null @@ -1,14 +0,0 @@ - - - - - - - server_name - machine.name - - - - diff --git a/seed/base-machine/extras/machine/00_base.yml b/seed/base-machine/extras/machine/00_base.yml new file mode 100644 index 00000000..3cbcc933 --- /dev/null +++ b/seed/base-machine/extras/machine/00_base.yml @@ -0,0 +1,14 @@ +--- +version: 1.1 + +name: + description: Machine name + type: domainname + hidden: true + default: + variable: general.network.server_name + +data_disk_size: + description: Data disk size + type: number + mandatory: false diff --git a/seed/base-machine/funcs/funcs.py b/seed/base-machine/funcs/funcs.py index 8e545b0d..41288639 100644 --- a/seed/base-machine/funcs/funcs.py +++ b/seed/base-machine/funcs/funcs.py @@ -76,15 +76,3 @@ def _set_password(server_name: str, with open(file_name, 'r') as fh: file_content = fh.read().strip() return file_content - - -def get_zone_name(zones: list, - index: str, - ): - if zones is not None: - return zones[int(index)] - - -def get_last_server_name(server_names): - if server_names: - return server_names[-1] diff --git a/seed/base/applicationservice.yml b/seed/base/applicationservice.yml index a6c3577d..07a7cd66 100644 --- a/seed/base/applicationservice.yml +++ b/seed/base/applicationservice.yml @@ -1,2 +1,3 @@ +--- format: '0.1' description: Base of all application services diff --git a/seed/base/dictionaries/00_base.xml b/seed/base/dictionaries/00_base.xml deleted file mode 100644 index dd9f34d8..00000000 --- a/seed/base/dictionaries/00_base.xml +++ /dev/null @@ -1,17 +0,0 @@ - - - - - - - copy_tests - copy_tests - - - False - copy_tests - - - - diff --git a/seed/base/dictionaries/00_base.yml b/seed/base/dictionaries/00_base.yml new file mode 100644 index 00000000..6fd05374 --- /dev/null +++ b/seed/base/dictionaries/00_base.yml @@ -0,0 +1,16 @@ +--- +version: 1.1 + +copy_tests: + type: boolean + hidden: true + default: + jinja: >- + {%- if copy_tests -%} + true + {%- else -%} + false + {%- endif -%} + params: + copy_tests: + information: copy_tests diff --git a/seed/base/funcs/base.py b/seed/base/funcs/base.py index 95f02e44..acbeed06 100644 --- a/seed/base/funcs/base.py +++ b/seed/base/funcs/base.py @@ -60,12 +60,3 @@ def get_zones_info(zones: dict, continue ret.append(val) return ret - - -def get_first_value(lst: list): - if lst: - if isinstance(lst[0], list): - if lst[0] and lst[0][0]: - return lst[0][0] - else: - return lst[0] diff --git a/seed/dns-external/applicationservice.yml b/seed/dns-external/applicationservice.yml index 31b118ba..157266e8 100644 --- a/seed/dns-external/applicationservice.yml +++ b/seed/dns-external/applicationservice.yml @@ -1,2 +1,3 @@ +--- format: '0.1' description: DNS client with resolution on all zones (especially outside) diff --git a/seed/dns-external/dictionaries/14_dns-external.xml b/seed/dns-external/dictionaries/14_dns-external.xml deleted file mode 100644 index 2758fb93..00000000 --- a/seed/dns-external/dictionaries/14_dns-external.xml +++ /dev/null @@ -1,11 +0,0 @@ - - - - - - - - diff --git a/seed/dns-external/dictionaries/14_dns-external.yml b/seed/dns-external/dictionaries/14_dns-external.yml new file mode 100644 index 00000000..67f6d53f --- /dev/null +++ b/seed/dns-external/dictionaries/14_dns-external.yml @@ -0,0 +1,14 @@ +--- +version: 1.1 + +network: + + dns_is_only_local: + redefine: true + hidden: true + default: false + + dns_client_address: + redefine: true + supplier: ExternalDNS + hidden: true diff --git a/seed/dns-local/applicationservice.yml b/seed/dns-local/applicationservice.yml index 710f4c5c..3a23d24a 100644 --- a/seed/dns-local/applicationservice.yml +++ b/seed/dns-local/applicationservice.yml @@ -1,2 +1,3 @@ +--- format: '0.1' description: DNS client with access to local zones diff --git a/seed/dns-local/dictionaries/13_dns-local.xml b/seed/dns-local/dictionaries/13_dns-local.xml deleted file mode 100644 index f3fd6284..00000000 --- a/seed/dns-local/dictionaries/13_dns-local.xml +++ /dev/null @@ -1,24 +0,0 @@ - - - - - /tests/dns-local.yml - - - - - - - - - - zones - dns_client_address - ip_dns - - - diff --git a/seed/dns-local/dictionaries/13_dns-local.yml b/seed/dns-local/dictionaries/13_dns-local.yml new file mode 100644 index 00000000..6a1e5c79 --- /dev/null +++ b/seed/dns-local/dictionaries/13_dns-local.yml @@ -0,0 +1,25 @@ +--- +version: 1.1 + +network: + + dns_is_only_local: + description: DNS resolve only local address + hidden: true + default: true + + dns_client_address: + type: domainname + supplier: LocalDNS + hidden: true + + ip_dns: + type: ip + description: Adresse IP du serveur DNS + hidden: true + default: + jinja: >- + {{ zones | get_ip(server_name=general.network.dns_client_address) }} + params: + zones: + information: zones diff --git a/seed/dovecot/applicationservice.yml b/seed/dovecot/applicationservice.yml index 9c6d8123..2c4f7982 100644 --- a/seed/dovecot/applicationservice.yml +++ b/seed/dovecot/applicationservice.yml @@ -1,6 +1,10 @@ +--- format: '0.1' description: Postfix and Dovecot as mail servers (IMAP and submission) -help: "This application service provides email server. Two servers are used: Dovecot as IMAP server and Postfix as submission server. In addition, an auto-detection file of the email configuration is set up." +help: |- + This application service provides email server. Two servers are used: + Dovecot as IMAP server and Postfix as submission server. + In addition, an auto-detection file of the email configuration is set up. website: https://www.dovecot.org/ depends: - base-fedora-36 diff --git a/seed/dovecot/dictionaries/31_dovecot.xml b/seed/dovecot/dictionaries/31_dovecot.xml deleted file mode 100644 index 06d5381f..00000000 --- a/seed/dovecot/dictionaries/31_dovecot.xml +++ /dev/null @@ -1,131 +0,0 @@ - - - - - - submission_domainname - postfixlocal - postfix - postfix_ldap_client - /sysusers.d/1postfix.conf - /tmpfiles.d/0postfix.conf - /etc/postfix/main.cf - /etc/postfix/master.cf - /etc/postfix/relay_passwd - /etc/postfix/ldapsource.cf - /etc/postfix/sni - /sbin/risotto_backup - - - - /etc/nginx/default.d/autoconfig.conf - - - well_known_filenames - - - imap_domainname - dovecot - /sysusers.d/1dovecot.conf - /tmpfiles.d/0dovecot.conf - /etc/dovecot/conf.d/10-logging.conf - /etc/dovecot/conf.d/10-auth.conf - /etc/dovecot/conf.d/10-mail.conf - /etc/dovecot/conf.d/10-master.conf - /etc/dovecot/conf.d/10-ssl.conf - /etc/dovecot/conf.d/15-ldap.conf - /etc/dovecot/conf.d/30-service-stats.conf - /etc/dovecot/conf.d/00-risotto.conf - - /etc/dovecot/conf.d/auth-ldap.conf.ext - /etc/dovecot/dovecot-ldap.conf.ext - - /etc/dovecot/conf.d/auth-oauth2.conf.ext - /etc/dovecot/dovecot-oauth2.conf.ext - - /tests/imap.yml - - - - - - 587 - 993 - - - - - - all - - - dovecot - - - - - - - - - self-signed - self-signed - letsencrypt - - - - - - - - - - - - - - - mail_domains - mail_domains_calc - - - /var/www/html/mail/ - mail_domains - /autodiscover/autodiscover.xml - - - True - well_known_filenames - - - - domain_name_eth0 - mail_domains - revprox_client_web_address - - - mail_domains - revprox_client_external_domainnames - - - revprox_client_external_domainnames - - revprox_client_location - - - diff --git a/seed/dovecot/dictionaries/31_dovecot.yml b/seed/dovecot/dictionaries/31_dovecot.yml new file mode 100644 index 00000000..b58949bb --- /dev/null +++ b/seed/dovecot/dictionaries/31_dovecot.yml @@ -0,0 +1,142 @@ +--- +version: 1.1 + +network: + incoming_ports: + redefine: true + default: + - 587 + - 993 + +ldap: + + client: + + family: + redefine: true + default: all + + key_file_owner: + redefine: true + default: dovecot + +revprox: + + client: + + external_domainnames: + redefine: true + hidden: true + default: + jinja: |- + {%- for domain in general.mail.domain.domains | calc_domains %} + {{ domain }} + {%- endfor -%} + + web_address: + redefine: true + hidden: true + default: + jinja: >- + {{ __index | + calc_well_known(general.network.interface_0.domain_name, + general.mail.domain.domains) + }} + params: + __index: + type: index + + location: + redefine: true + default: + jinja: >- + {{ _.external_domainnames | calc_locations(index) }} + params: + index: + type: index + +mail: + description: Mail configuration + help: >- + Configure IMAP servers and submission to access email accounts and send + emails + + domain: + description: Mail domain + type: leadership + + domains: + type: domainname + description: Final destination email address + supplier: LMTP:criteria + examples: + - example.net + help: >- + These domain names are the domain names for emails (user@*example.net*) + and for auto configuration of email clients + (https://*example.net*/.well-known/autoconfig/mail/config-v1.1.xml) + + imap_domainname: + type: domainname + description: External IMAP server address + examples: + - imap.example.net + help: >- + Matches TLS connection’s SNI name, if it’s sent by the client. For some + email clients, use in DNS configuration a line like "_submissions._tcp + IN SRV 1 587 *imap.example.net*." + + submission_domainname: + type: domainname + description: External submission server address + examples: + - submission.example.net + help: >- + Matches TLS connection’s SNI name, if it’s sent by the client. For some + email clients, add in DNS configuration a line like "_imaps._tcp IN SRV + 0 1 993 *submission.example.net*." + + crt_provider: + description: >- + Type of certificate autority signing external IMAP and submission + domain certificates + mode: basic + help: >- + The certificate can be self-signed (therefore invalid by default for the + client) or obtained via the Let's Encrypt service (generally valid for + the client) + default: self-signed + choices: + - self-signed + - letsencrypt + +dovecot: # IMAP mail server + + internal_addresses: + type: domainname + description: IMAP server connexion + provider: IMAP + multi: true + hidden: true + + well_known_filenames: + type: unix_filename + hidden: true + multi: true + default: + jinja: |- + {%- for domain in __.mail.domain.domains %} + /var/www/html/mail/{{ domain }}/autodiscover/autodiscover.xml + {%- endfor -%} + +nginx: + redefine: true + hidden: true + + root: + redefine: true + default: /var/www/html + +oauth2: + redefine: true + hidden: true diff --git a/seed/forgejo/applicationservice.yml b/seed/forgejo/applicationservice.yml index 5bc593f6..7f774a7c 100644 --- a/seed/forgejo/applicationservice.yml +++ b/seed/forgejo/applicationservice.yml @@ -1,3 +1,4 @@ +--- format: '0.1' description: Forgejo, a community managed lightweight code hosting solution website: https://forgejo.org/ diff --git a/seed/forgejo/dictionaries/31_forgejo.xml b/seed/forgejo/dictionaries/31_forgejo.xml deleted file mode 100644 index 06922543..00000000 --- a/seed/forgejo/dictionaries/31_forgejo.xml +++ /dev/null @@ -1,127 +0,0 @@ - - - - - /sysusers.d/0forgejo.conf - /tmpfiles.d/0forgejo.conf - /etc/forgejo/app.ini - /tests/forgejo.yml - - - - - - 2222 - - - - - forgejo - - - - - Forgejo : Au-delà du développement. Nous forgeons. - - - - - - - / - - - - 3000 - - - forgejo - - - - - True - - - Forge - - - Forge logiciel Forgejo - - - Développement - - - silique_note.png - - - RS256 - - - - - - - - forgejo - - - - - - domain_name_eth0 - secret_key - forgejo - cleartext - hide_secret - 105 - forgejo_secret_key - - - domain_name_eth0 - internal_token - forgejo - cleartext - hide_secret - 105 - forgejo_internal_token - - - domain_name_eth0 - lfs_jwt_secret - forgejo - cleartext - hide_secret - 43 - forgejo_lfs_jwt_secret - - - domain_name_eth0 - jwt_secret - forgejo - cleartext - hide_secret - 43 - forgejo_jwt_secret - - - revprox_client_external_domainnames - revprox_client_location - user/oauth2/ - domain_name_eth0 - /callback - oauth2_client_login - - - revprox_client_external_domainnames - revprox_client_location - user/oauth2/ - domain_name_eth0 - oauth2_client_external - - - diff --git a/seed/forgejo/dictionaries/31_forgejo.yml b/seed/forgejo/dictionaries/31_forgejo.yml new file mode 100644 index 00000000..8fd2e59a --- /dev/null +++ b/seed/forgejo/dictionaries/31_forgejo.yml @@ -0,0 +1,164 @@ +--- +version: 1.1 + +network: + + incoming_ports: + redefine: true + default: + - 2222 + +forgejo: + description: Forgejo + help: Git forge Forgejo + + title: + description: Titre de la forge + mode: basic + default: 'Forgejo : Au-delà du développement. Nous forgeons.' + + mail_sender: + description: Les courriels sont envoyés à partir de cet adresse + examples: + - admin@example.net + type: mail + + secret_key: + type: secret + default: + jinja: >- + {{ "secret_key" | + get_password(server_name=general.network.interface_0.domain_name, + description="forgejo", + type="cleartext", + hide=general.hide_secret, + length=105) + }} + hidden: true + + internal_token: + type: secret + default: + jinja: >- + {{ "internal_token" | + get_password(server_name=general.network.interface_0.domain_name, + description="forgejo", + type="cleartext", + hide=general.hide_secret, length=105) + }} + hidden: true + + lfs_jwt_secret: + type: secret + default: + jinja: >- + {{ "lfs_jwt_secret" | + get_password(server_name=general.network.interface_0.domain_name, + description="forgejo", + type="cleartext", + hide=general.hide_secret, + length=43) + }} + hidden: true + + jwt_secret: + type: secret + default: + jinja: >- + {{ "jwt_secret" | + get_password(server_name=general.network.interface_0.domain_name, + description="forgejo", + type="cleartext", + hide=general.hide_secret, + length=43) + }} + hidden: true + +revprox: + + client: + + local_location: + redefine: true + default: / + + client_port: + redefine: true + default: 3000 + + client_cert_owner: + redefine: true + default: forgejo + +redis: + + client: + + key_owner: + redefine: true + default: forgejo + +oauth2: + + client: + + is_client_application: + redefine: true + default: true + + name: + redefine: true + default: Forge + + description: + redefine: true + default: Forge logiciel Forgejo + + category: + redefine: true + default: Développement + + logo: + redefine: true + default: silique_note.png + + login: + redefine: true + default: + jinja: >- + {{ general.revprox.client.external_domainnames | + calc_oauth2_client_login( + general.revprox.client.location, + "user/oauth2/", + general.network.interface_0.domain_name, + "/callback" + ) + }} + + token_signature_algo: + redefine: true + default: RS256 + + external: + + external: + redefine: true + default: + jinja: |- + {%- for domain in + general.revprox.client.external_domainnames | + calc_oauth2_client_external( + general.revprox.client.location, + "user/oauth2/", + general.network.interface_0.domain_name) + %} + {{ domain }} + {%- endfor -%} + +postgresql: + + client: + + key_owner: + redefine: true + default: forgejo diff --git a/seed/gitea/README.md b/seed/gitea/README.md deleted file mode 100644 index 954dd139..00000000 --- a/seed/gitea/README.md +++ /dev/null @@ -1,139 +0,0 @@ ---- -gitea: none -include_toc: true ---- - - -[Return to the list of application services.](../README.md) -# gitea - -## Synopsis - -Transitional package for Gitea to Forgejo. - -## Example - -Zone names are provided as examples. Think about adapting with the value of provider_zone in configuration file. - -``` -gitea: - applicationservice: gitea - zones_name: - - localdns - - oauth2 - - postgresql - - redis - - reverseproxy - - smtp - values: - general.revprox.revprox_client.revprox_client_external_domainnames: - - service.example.net -``` - -## Basic variables - -### General - -#### Reverse proxy - -##### Clients configuration - -This family is a leadership. - -| Parameter | Comment | -|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------| -| **[general.revprox.revprox_client.revprox_client_external_domainnames](dictionaries/21_revprox_client.xml)**
mandatory, multiple
**Type:** [`domainname`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Service external domain name.
**Example:** service.example.net | -| **[general.revprox.revprox_client.revprox_client_location](dictionaries/21_revprox_client.xml)**
mandatory
**Type:** [`filename`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | URI to route request to the correct service.
**Default:** / | - -#### Forgejo - -Git forge Forgejo. - -| Parameter | Comment | -|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------| -| **[general.forgejo.forgejo_title](dictionaries/31_forgejo.xml)**
mandatory
**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Titre de la forge.
**Default:** Forgejo : Au-delà du développement. Nous forgeons. | - - - -## Variables - -### General - -#### Reverse proxy - -##### Clients configuration - -This family is a leadership. - -| Parameter | Comment | -|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------| -| **[general.revprox.revprox_client.revprox_client_max_body_size](dictionaries/21_revprox_client.xml)**
**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | The maximum allowed size of the client request body. | - -#### OAuth2 client - -| Parameter | Comment | -|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------| -| **[general.oauth2_client.oauth2_client_name](dictionaries/31_forgejo.xml)**
mandatory
**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | OAuth2 client name.
**Default:** Forge
**Example:** example | -| **[general.oauth2_client.oauth2_client_description](dictionaries/31_forgejo.xml)**
mandatory
**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | OAuth2 client description.
**Default:** Forge logiciel Forgejo
**Example:** Example description | -| **[general.oauth2_client.oauth2_client_login](dictionaries/30_oauth2_client.xml)**
**Type:** [`web_address`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | OAuth2 URL to valid login.
**Default:** *calculated* | - -##### external - -| Parameter | Comments | -|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------| -| **[general.oauth2_client.external.oauth2_client_external](dictionaries/31_forgejo.xml)**
mandatory, multiple
**Type:** [`web_address`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | OAuth2 client external.
**Default:** *calculated* | -| **[general.oauth2_client.external.oauth2_client_family](dictionaries/30_oauth2_client.xml)**
mandatory
**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | OAuth2 family.
**Default:** users | - -| Parameter | Comment | -|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------| -| **[general.oauth2_client.oauth2_client_category](dictionaries/31_forgejo.xml)**
mandatory
**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | OAuth2 category.
**Default:** Développement | -| **[general.oauth2_client.oauth2_client_logo](dictionaries/31_forgejo.xml)**
mandatory
**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | OAuth2 logo.
**Default:** silique_note.png | - -#### Forgejo - -Git forge Forgejo. - -| Parameter | Comment | -|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------| -| **[general.forgejo.forgejo_mail_sender](dictionaries/31_forgejo.xml)**
mandatory
**Type:** [`mail`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Les courriels sont envoyés à partir de cet adresse.
**Default:** *calculated*
**Example:** admin@example.net | - -#### Transitional family - -| Parameter | Comments | -|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------| -| **[general.gitea.gitea_mail_sender](dictionaries/32_gitea.xml)**
**Type:** [`mail`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Transitional variable, please do not use it. | - - -## Requirements services - -### Mandatories - -- [LocalDNS](../README.LocalDNS.md): DNS forwarder for local domain name. -- [SMTP](../README.SMTP.md): Create a SMTP relay account and authorize sending email. -- [ReverseProxy](../README.ReverseProxy.md): Register to service to a reverse proxy server. -- [Postgresql](../README.Postgresql.md): Create account and connexion to a PostgreSQL server. -- [OAuth2](../README.OAuth2.md): Remote clients needing to verify OAuth2 account. -- [Redis](../README.Redis.md): Create account and connexion to a Redis server. - -### Optionals - -- [Journald](../README.Journald.md): Concentrate journal messages on one host. - -## Dependances - -- [forgejo](../forgejo/README.md): Forgejo, a community managed lightweight code hosting solution. - - [base-fedora-38](../base-fedora-38/README.md): Base information of a Fedora 38. - - [base-fedora](../base-fedora/README.md): Base information of a Fedora. - - [systemd](../systemd/README.md): Systemd, a system and service manager. - - [base-machine](../base-machine/README.md): Base information for a machine. - - [base](../base/README.md): Base of all application services. - - [dns-local](../dns-local/README.md): DNS client with access to local zones. - - [pki-tls](../pki-tls/README.md): Autosign PKI or Let's encrypt support for TLS certificates. - - [journald](../journald/README.md): Journald. - - [resolved](../resolved/README.md): Resolved. - - [postgresql-client](../postgresql-client/README.md): Application service needs interact with a Postgresql server. - - [reverse-proxy-client](../reverse-proxy-client/README.md): Application service needs interact with a a reverse proxy server. - - [relay-mail-client](../relay-mail-client/README.md): Client SMTP. - - [redis-client](../redis-client/README.md): Application service needs interact with a Redis server. - - [redis-common](../redis-common/README.md): Redis, an in-memory data structure store. - - [oauth2-client](../oauth2-client/README.md): Application service needs interact with a Oauth2 server. diff --git a/seed/gitea/applicationservice.yml b/seed/gitea/applicationservice.yml deleted file mode 100644 index 5fe006d4..00000000 --- a/seed/gitea/applicationservice.yml +++ /dev/null @@ -1,5 +0,0 @@ -format: '0.1' -description: Transitional package for Gitea to Forgejo -depends: - - forgejo -service: true diff --git a/seed/gitea/dictionaries/32_gitea.xml b/seed/gitea/dictionaries/32_gitea.xml deleted file mode 100644 index 7cf6116d..00000000 --- a/seed/gitea/dictionaries/32_gitea.xml +++ /dev/null @@ -1,17 +0,0 @@ - - - - - - - - - - - - - gitea_mail_sender - forgejo_mail_sender - - - diff --git a/seed/gitea/templates/gitea.service b/seed/gitea/templates/gitea.service deleted file mode 100644 index cec11ce4..00000000 --- a/seed/gitea/templates/gitea.service +++ /dev/null @@ -1,17 +0,0 @@ -[Unit] -Description=Gitea transitional -Before=risotto.target - -[Service] -Type=oneshot -ExecStart=/bin/bash -c '%slurp -[ -d /srv/gitea/lib/data/gitea-repositories ] && mv /srv/gitea/lib/data/gitea-repositories /srv/gitea/lib/data/forgejo-repositories; %slurp -[ -d /srv/gitea ] && (mv /srv/gitea/* /srv/forgejo; rmdir /srv/gitea); %slurp -find /srv/forgejo/lib/data/forgejo-repositories/*/*.git/hooks -name gitea | while read a; do b=$(dirname $a); mv $b/gitea $b/forgejo; done; %slurp -sed -i 's/gitea/forgejo/g' /srv/forgejo/lib/data/forgejo-repositories/*/*.git/hooks/proc-receive; %slurp -sed -i 's/gitea/forgejo/g' /srv/forgejo/lib/data/forgejo-repositories/*/*.git/hooks/pre-receive.d/forgejo; %slurp -sed -i 's/gitea/forgejo/g' /srv/forgejo/lib/data/forgejo-repositories/*/*.git/hooks/update.d/forgejo; %slurp -sed -i 's/gitea/forgejo/g' /srv/forgejo/lib/data/forgejo-repositories/*/*.git/hooks/post-receive.d/forgejo; %slurp -sed -i 's/gitea/forgejo/g' /srv/forgejo/lib/data/forgejo-repositories/*/*.git/config; %slurp -exit 0%slurp -' diff --git a/seed/grafana/applicationservice.yml b/seed/grafana/applicationservice.yml index f90c179a..050d6642 100644 --- a/seed/grafana/applicationservice.yml +++ b/seed/grafana/applicationservice.yml @@ -1,5 +1,7 @@ +--- format: '0.1' -description: Grafana is an analytics and interactive visualization web application +description: > + Grafana is an analytics and interactive visualization web application website: https://grafana.com/ depends: - base-fedora-38 diff --git a/seed/grafana/dictionaries/31_grafana.xml b/seed/grafana/dictionaries/31_grafana.xml deleted file mode 100644 index b1530587..00000000 --- a/seed/grafana/dictionaries/31_grafana.xml +++ /dev/null @@ -1,67 +0,0 @@ - - - - - - /etc/grafana/grafana.ini - /etc/sysconfig/grafana-server - /tmpfiles.d/0grafana.conf - - - - - - - - - / - - - - 3000 - - - grafana - - - - - True - - - Grafana - - - Visualisation de données - - - Administration - - - silique_note.png - - - RS256 - - - - - - grafana - - - - - - domain_name_eth0 - admin - admin - cleartext - hide_secret - True - admin_password - - - - diff --git a/seed/grafana/dictionaries/31_grafana.yml b/seed/grafana/dictionaries/31_grafana.yml new file mode 100644 index 00000000..436f60f2 --- /dev/null +++ b/seed/grafana/dictionaries/31_grafana.yml @@ -0,0 +1,76 @@ +--- +version: 1.1 + +grafana: + + admin_password: + type: secret + description: Mot de passe de l'administrateur + hidden: true + default: + jinja: >- + {{ "admin" | + get_password(server_name=general.network.interface_0.domain_name, + description="admin", + type="cleartext", + hide=general.hide_secret, + temporary=true) + }} + +revprox: + + client: + + local_location: + redefine: true + default: / + + client_port: + redefine: true + default: 3000 + + client_cert_owner: + redefine: true + default: grafana + +oauth2: + + client: + + is_client_application: + redefine: true + default: true + + name: + redefine: true + default: Grafana + + description: + redefine: true + default: Visualisation de données + + category: + redefine: true + default: Administration + + logo: + redefine: true + default: silique_note.png + + token_signature_algo: + redefine: true + default: RS256 + + email_domain: + type: domainname + description: Domain name allowed to log on Grafana + examples: + - example.net + +postgresql: + + client: + + key_owner: + redefine: true + default: grafana diff --git a/seed/host-systemd-machined/applicationservice.yml b/seed/host-systemd-machined/applicationservice.yml index 50b2813d..348ba53c 100644 --- a/seed/host-systemd-machined/applicationservice.yml +++ b/seed/host-systemd-machined/applicationservice.yml @@ -1,5 +1,7 @@ +--- format: '0.1' description: Host with machine started in Systemd Machined environment website: https://www.freedesktop.org/wiki/Software/systemd/machined/ depends: - base +host: true diff --git a/seed/host-systemd-machined/dictionaries/21_machined.xml b/seed/host-systemd-machined/dictionaries/21_machined.xml deleted file mode 100644 index f2323a2b..00000000 --- a/seed/host-systemd-machined/dictionaries/21_machined.xml +++ /dev/null @@ -1,176 +0,0 @@ - - - - - /etc/systemd/network/80-container-vz.network - systemd_zone_filename - systemd_netzone_filename - - - - - - - - - /tmpfiles.d/0asystemd-nspawn.conf - /etc/systemd/system/systemd-nspawn@.service.d/systemd-nspawn@.conf - /etc/distro.repos.d/boot.repo - /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-35-x86_64 - /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-36-x86_64 - /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-37-x86_64 - /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-38-x86_64 - /etc/pki/rpm-gpg/RPM-GPG-KEY-rpmfusion-free-fedora-36 - /etc/pki/rpm-gpg/RPM-GPG-KEY-rpmfusion-free-fedora-38 - /etc/sysctl.d/90-risotto.conf - host_network_filename - - - - - - /etc/vector/vector.toml - - - - - - - zones - zone_name - - - /etc/systemd/network/70-container- - zone_name - .network - - True - systemd_zone_filename - - - /etc/systemd/network/80- - interface_names - .network - - True - host_network_filename - - - /etc/systemd/network/70-container- - zone_name - .netdev - - True - systemd_netzone_filename - - - zones - cidr - zone_name - zone_cidr - - - - first_interface - - - zones - server_address - ip_address - - - zones - prometheus_server_address - prometheus_ip_address - - - ipv4 - interface_ip - interface_gateway - interface_domain_name_servers - - - True - interface_gateway - interface_domain_name_servers - - - - vector - ip_address - - - diff --git a/seed/host-systemd-machined/dictionaries/21_machined.yml b/seed/host-systemd-machined/dictionaries/21_machined.yml new file mode 100644 index 00000000..191a66f9 --- /dev/null +++ b/seed/host-systemd-machined/dictionaries/21_machined.yml @@ -0,0 +1,221 @@ +--- +version: 1.1 + +host_install_dir: + type: unix_filename + provider: global:host_install_dir + hidden: true + +host_name: + type: domainname + hidden: true + provider: global:server_name + +module_name: + hidden: true + provider: global:module_name + +tls_server: + type: domainname + provider: global:tls_server + hidden: true + +systemd_zone_filename: + type: unix_filename + hidden: true + multi: true + default: + jinja: |- + {%- for zone in general.zones.zone_name %} + /etc/systemd/network/70-container-{{ zone }}.network %} + {%- endfor -%} + +systemd_netzone_filename: + type: unix_filename + hidden: true + multi: true + default: + jinja: |- + {%- for zone in general.zones.zone_name %} + /etc/systemd/network/70-container-{{ zone }}.netdev" %} + {%- endfor -%} + +vm_swappiness: 60 # Ajustement de la mémoire virtuelle + +host_packages: + hidden: true + default: + - systemd-container + - dnf + - jq + - debootstrap + - htop + - iotop + - man + - gettext + - patch + - unzip + - mlocate + - xz-utils + - iptables + - curl + - tree + - tshark + - vim + - python3-pytest + - python3-yaml + - python3-ldap + - python3-dnspython + - python3-dulwich + - python3-psycopg2 + - python3-redis + - python3-imaplib2 + - python3-pymysql + +host_removed_packages: + hidden: true + default: + - resolvconf + +base: + + time_zone: + description: Time zone + supplier: Host:time_zone + default: Europe/Paris + +network: + + output_interface: null # Nom de l'interface de sortie + + interfaces: + type: leadership + + interface_names: [] # Nom de l'interface + + interface_type: + description: Type de la carte + default: dhcp + choices: + - dhcp + - ipv4 + + interface_ip: + type: cidr + description: IP au format CIDR de l'interface + disabled: + variable: _.interface_type + when_not: ipv4 + + first_interface: + type: boolean + hidden: true + default: + jinja: >- + {%- if index == 0 -%} + true + {%- else -%} + false + {%- endif -%} + params: + index: + type: index + + interface_gateway: + type: ip + description: IP de la route par défaut + disabled: + jinja: >- + {%- if _.interface_type != 'ipv4' or not _.first_interface -%} + disabled + {%- endif -%} + description: >- + if it's not the first interface or the address is automatcly + set via DHCP or not the first interface + + interface_domain_name_servers: + type: ip + description: IP des serveurs DNS + multi: true + disabled: + jinja: >- + {%- if _.interface_type != 'ipv4' or not _.first_interface -%} + disabled + {%- endif -%} + description: >- + if it's not the first interface or the address is automatcly + set via DHCP or not the first interface + + host_network_filename: + type: unix_filename + multi: true + hidden: true + default: + jinja: |- + {%- for interface in _.interfaces.interface_names %} + /etc/systemd/network/80-{{ interface }}.network + {% endfor %} + +zones: + type: leadership + + zone_name: + hidden: true + default: + jinja: |- + {%- for zone in zones %} + {{ zone }} + {%- endfor -%} + params: + zones: + information: zones + + zone_cidr: + type: cidr + hidden: true + default: + jinja: >- + {{ zones | get_zones_info("cidr", zone_name=_.zone_name) }} + params: + zones: + information: zones + +vector: + + server_address: + type: domainname + hidden: true + supplier: Vector + mandatory: false + + ip_address: + type: ip + hidden: true + supplier: Vector:address + disabled: + variable: _.server_address + when: null + default: + jinja: >- + {{ zones | get_ip(_.server_address) }} + params: + zones: + information: zones + +prometheus: + + server_address: + type: domainname + hidden: true + supplier: Prometheus + mandatory: false + + ip_address: + type: ip + hidden: true + default: + jinja: >- + {{ zones | get_ip(_.server_address) }} + params: + zones: + information: zones diff --git a/seed/host-systemd-machined/extras/machined/00_machined.xml b/seed/host-systemd-machined/extras/machined/00_machined.xml deleted file mode 100644 index 708ac6e2..00000000 --- a/seed/host-systemd-machined/extras/machined/00_machined.xml +++ /dev/null @@ -1,66 +0,0 @@ - - - - - machined.nspawn_zone_filename - machined.nspawn_script_network - machined.nspawn_script_tls - machined.nspawn_script_directory - - - - - - - /sbin/network- - machined.machines - - True - machined.nspawn_script_network - - - /sbin/tls- - machined.machines - - True - machined.nspawn_script_tls - - - /sbin/directory- - machined.machines - - True - machined.nspawn_script_directory - - - /etc/systemd/nspawn/ - machined.machines - .nspawn - - True - machined.nspawn_zone_filename - - - zones - - machined.machine_.ip_ - - - - - diff --git a/seed/host-systemd-machined/extras/machined/00_machined.yml b/seed/host-systemd-machined/extras/machined/00_machined.yml new file mode 100644 index 00000000..aa74c312 --- /dev/null +++ b/seed/host-systemd-machined/extras/machined/00_machined.yml @@ -0,0 +1,119 @@ +--- +version: 1.1 + +machines: + description: Machines started in this host + type: domainname + multi: true + provider: Host + hidden: true + mandatory: false + +"machine_{{ suffix }}": + description: 'Machine {{ suffix }}' + dynamic: + variable: machined.machines + + incoming_ports: + description: 'Incomming external ports for {{ suffix }}' + hidden: true + type: port + multi: true + provider: Host:incoming_ports + mandatory: false + + outgoing_ports: + description: 'Outcoming external ports for {{ suffix }}' + hidden: true + type: port + params: + allow_protocol: true + multi: true + provider: Host:outgoing_ports + mandatory: false + + srv_dir: + description: 'Directory with srv volume for {{ suffix }}' + hidden: true + type: unix_filename + provider: Host:machine_srv + mandatory: false + + journal_dir: + description: 'Directory with journal volume for {{ suffix }}' + hidden: true + type: unix_filename + provider: Host:machine_journal + mandatory: false + + config_dir: + description: 'Directory with configuration volume for {{ suffix }}' + hidden: true + type: unix_filename + provider: Host:config_dir + + tls_dir: + hidden: true + type: unix_filename + provider: Host:machine_tls + mandatory: false + + zones: + description: 'Zones for {{ suffix }}' + hidden: true + provider: Host:machine_zones + multi: true + mandatory: false + + ip: + description: 'IP for {{ suffix }}' + type: ip + hidden: true + default: + jinja: >- + {{ zones | get_ip(suffix) }} + params: + zones: + information: zones + suffix: + type: suffix + +nspawn_zone_filename: + type: unix_filename + hidden: true + multi: true + default: + jinja: |- + {%- for machine in machined.machines %} + /etc/systemd/nspawn/{{ machine }}.nspawn + {%- endfor -%} + +nspawn_script_network: + type: unix_filename + hidden: true + multi: true + default: + jinja: |- + {%- for machine in machined.machines %} + /sbin/network-{{ machine }} + {%- endfor -%} + +nspawn_script_tls: + type: unix_filename + hidden: true + multi: true + default: + jinja: |- + {%- for machine in machined.machines %} + /sbin/tls-{{ machine }} + {%- endfor -%} + +nspawn_script_directory: + type: unix_filename + hidden: true + multi: true + default: + jinja: |- + {%- for machine in machined.machines %} + /sbin/directory-{{ machine }} + {%- endfor -%} diff --git a/seed/host-systemd-machined/funcs/machined.py b/seed/host-systemd-machined/funcs/machined.py index 4b0bc6c2..d9912a06 100644 --- a/seed/host-systemd-machined/funcs/machined.py +++ b/seed/host-systemd-machined/funcs/machined.py @@ -2,15 +2,6 @@ from risotto.utils import multi_function as _multi_function from typing import List as _List -@_multi_function -def get_internal_zone_names(zones) -> _List[str]: - return list(zones) - - -def is_first_interface(index) -> bool: - return index == 0 - - @_multi_function def get_host_ip(zones: dict, server_name: str, diff --git a/seed/imap-client/applicationservice.yml b/seed/imap-client/applicationservice.yml index 6a6ec258..f43a982c 100644 --- a/seed/imap-client/applicationservice.yml +++ b/seed/imap-client/applicationservice.yml @@ -1,2 +1,3 @@ +--- format: '0.1' description: Application service needs interact with an IMAP server diff --git a/seed/imap-client/dictionaries/21_imap_client.xml b/seed/imap-client/dictionaries/21_imap_client.xml deleted file mode 100644 index 8b11b2d7..00000000 --- a/seed/imap-client/dictionaries/21_imap_client.xml +++ /dev/null @@ -1,16 +0,0 @@ - - - - - imap - - - - - - - diff --git a/seed/imap-client/dictionaries/21_imap_client.yml b/seed/imap-client/dictionaries/21_imap_client.yml new file mode 100644 index 00000000..6c5dfe64 --- /dev/null +++ b/seed/imap-client/dictionaries/21_imap_client.yml @@ -0,0 +1,14 @@ +--- +version: 1.1 + +imap: + description: Client SMTP + hidden: true + + address: + type: domainname + supplier: IMAP + + cert_owner: + type: unix_user + default: root diff --git a/seed/journald/applicationservice.yml b/seed/journald/applicationservice.yml index 0a1e96f1..8bd9aa55 100644 --- a/seed/journald/applicationservice.yml +++ b/seed/journald/applicationservice.yml @@ -1,3 +1,4 @@ +--- format: '0.1' description: Journald website: https://systemd.io/ diff --git a/seed/journald/dictionaries/20_journald.xml b/seed/journald/dictionaries/20_journald.xml deleted file mode 100644 index c035cf15..00000000 --- a/seed/journald/dictionaries/20_journald.xml +++ /dev/null @@ -1,21 +0,0 @@ - - - - - - journald - /etc/systemd/journal-upload.conf - - - - - - - - - - journald - - - diff --git a/seed/journald/dictionaries/20_journald.yml b/seed/journald/dictionaries/20_journald.yml new file mode 100644 index 00000000..d8418b55 --- /dev/null +++ b/seed/journald/dictionaries/20_journald.yml @@ -0,0 +1,10 @@ +--- +version: 1.1 + +journald: + + journal_client_server_domainname: + type: domainname + supplier: Journald + hidden: true + mandatory: false diff --git a/seed/journald_remote/applicationservice.yml b/seed/journald_remote/applicationservice.yml index 4b6acfba..e751a7d6 100644 --- a/seed/journald_remote/applicationservice.yml +++ b/seed/journald_remote/applicationservice.yml @@ -1,3 +1,4 @@ +--- format: '0.1' description: Journald remote website: https://systemd.io/ diff --git a/seed/journald_remote/dictionaries/21_journald.xml b/seed/journald_remote/dictionaries/21_journald.xml deleted file mode 100644 index d3afbb54..00000000 --- a/seed/journald_remote/dictionaries/21_journald.xml +++ /dev/null @@ -1,11 +0,0 @@ - - - - - - journald - /etc/systemd/journal-remote.conf - - - - diff --git a/seed/journald_remote/extras/accounts/00_accounts.xml b/seed/journald_remote/extras/accounts/00_accounts.xml deleted file mode 100644 index 38982d74..00000000 --- a/seed/journald_remote/extras/accounts/00_accounts.xml +++ /dev/null @@ -1,20 +0,0 @@ - - - - - - - accounts.remote_.messages_ - accounts.remote_.services_ - accounts.remote_.functions_ - accounts.vector_conditions - - - diff --git a/seed/journald_remote/extras/accounts/00_accounts.yml b/seed/journald_remote/extras/accounts/00_accounts.yml new file mode 100644 index 00000000..71f14d54 --- /dev/null +++ b/seed/journald_remote/extras/accounts/00_accounts.yml @@ -0,0 +1,52 @@ +--- +version: 1.1 + +remotes: + description: Concentrate journal messages on one host + type: domainname + multi: true + hidden: true + provider: Journald + +"remote_{{ suffix }}": + description: 'Account for {{ suffix }}' + dynamic: + variable: accounts.remotes + hidden: true + + services: + description: 'Log from this service to exclude for {{ suffix }}' + multi: true + unique: false + mandatory: false + provider: Journald:service + + functions: + description: >- + Function use to compare message (if not defined, exlude same message) + for {{ suffix }} + multi: true + mandatory: false + empty: false + unique: false + provider: Journald:function + + messages: + description: 'Message to exclude for {{ suffix }}' + multi: true + unique: false + mandatory: false + provider: Journald:message + +vector_conditions: + default: + jinja: >- + {{ messages | calc_vector_conditions(services, functions) }} + params: + messages: + variable: accounts.remote_{{ suffix }}.messages + services: + variable: accounts.remote_{{ suffix }}.services + functions: + variable: accounts.remote_{{ suffix }}.functions + hidden: true diff --git a/seed/ldap-client/applicationservice.yml b/seed/ldap-client/applicationservice.yml index 98817f8c..664f069e 100644 --- a/seed/ldap-client/applicationservice.yml +++ b/seed/ldap-client/applicationservice.yml @@ -1,2 +1,3 @@ +--- format: '0.1' description: Application service needs interact with a LDAP server diff --git a/seed/ldap-client/dictionaries/21_ldap-client.xml b/seed/ldap-client/dictionaries/21_ldap-client.xml deleted file mode 100644 index 79a2c294..00000000 --- a/seed/ldap-client/dictionaries/21_ldap-client.xml +++ /dev/null @@ -1,94 +0,0 @@ - - - - - ldap_client - ldap_client_file - - - - - - - - - - - - - - ldapclient_base_dn - - - zones - ldap_server_address - ldap_server_ip - - - prefix_domain_name - ldapclient_base_dn - - - ou=accounts - ldapclient_base_dn - , - ldapclient_search_dn - - - cn= - ldapclient_address - , - ldapclient_base_dn - - ldapclient_user - - - ldap_server_ip - domain_name_eth - network_eth - ldapclient_address - - - ldap_server_address - ldapclient_user - remote account - cleartext - hide_secret - True - ldapclient_user_password - - - ldapclient_base_dn - True - ldapclient_group_dn - - - ldapclient_base_dn - ldapclient_user_dn - - - /etc/ldap/ldap.conf - os_name - Debian - /etc/openldap/ldap.conf - ldap_client_file - - - diff --git a/seed/ldap-client/dictionaries/21_ldap-client.yml b/seed/ldap-client/dictionaries/21_ldap-client.yml new file mode 100644 index 00000000..79aebb18 --- /dev/null +++ b/seed/ldap-client/dictionaries/21_ldap-client.yml @@ -0,0 +1,135 @@ +--- +version: 1.1 + +ldap: # OpenLDAP directory + + server: # Server + + address: + type: domainname + hidden: true + supplier: LDAP + + ip: + type: ip + default: + jinja: >- + {{ zones | get_ip(_.address) }} + params: + zones: + information: zones + hidden: true + + port: + type: port + default: 636 + hidden: true + + prefix_domain_name: + hidden: true + provider: global:prefix_domain_name + + client: # Client + + family: + description: Restrict service configuration for a LDAP family + help: '"all" for all families.' + type: unix_user + mandatory: false + supplier: LDAP:family + + user: + type: string + default: + jinja: |- + cn={{ _.address }},{{ _.base_dn }} + hidden: true + supplier: LDAP:dn + + address: + default: + jinja: >- + {{ __.server.ip | + get_client_address(domain_name, network) }} + params: + network: + variable: >- + general.network.interface_{{ suffix }}.network + domain_name: + variable: >- + general.network.interface_{{ suffix }}.domain_name + hidden: true + + user_password: + type: secret + default: + jinja: >- + {{ _.user | get_password(server_name=__.server.address, + description="remote account", + type="cleartext", + hide=general.hide_secret, + temporary=true) + }} + hidden: true + supplier: LDAP:password + + base_dn: + type: string + validators: + - jinja: >- + {%- set var = {'ok': false} -%} + {%- for att in ['o', 'dc', 'ou'] -%} + {%- if _.base_dn.startswith(att + '=') -%} + {%- set var = var.update({'ok': true}) -%} + {%- endif -%} + {%- endfor -%} + {%- if not var.ok -%} + {%- set e = "the root LDAP base DN must starts with an " -%} + {%- set e = e + "organisation (o=), a domain componant (dc=) " -%} + {%- set e = e + "or an organizational unit (ou=)" -%} + {{ e }} + {%- endif -%} + description: >- + if LDAP base DN starts with an organisation (o=), a domain componant + (dc=) or an organizational unit (ou=) + default: + jinja: >- + {{ __.server.prefix_domain_name | get_default_base_dn }} + hidden: true + supplier: LDAP:base_dn + + search_dn: + default: + jinja: >- + ou=accounts,{{ _.base_dn }} + hidden: true + + group_dn: + type: string + default: + jinja: >- + {{ _.base_dn | calc_ldapclient_base_dn(group=true) }} + hidden: true + + user_dn: + type: string + default: + jinja: >- + {{ _.base_dn | calc_ldapclient_base_dn }} + hidden: true + + key_file_owner: + type: unix_user + default: root + hidden: true + + file: + type: unix_filename + default: + jinja: >- + {%- if general.os_name == 'Debian' -%} + /etc/ldap/ldap.conf + {%- else -%} + /etc/openldap/ldap.conf + {%- endif -%} + hidden: true diff --git a/seed/lemonldap/applicationservice.yml b/seed/lemonldap/applicationservice.yml index 9348a6d9..d5b76ec8 100644 --- a/seed/lemonldap/applicationservice.yml +++ b/seed/lemonldap/applicationservice.yml @@ -1,3 +1,4 @@ +--- format: '0.1' description: LemonLDAP, a Web Single Sign On and Access Management website: https://lemonldap-ng.org/ diff --git a/seed/lemonldap/dictionaries/70_lemonldap_ng.xml b/seed/lemonldap/dictionaries/70_lemonldap_ng.xml deleted file mode 100644 index 9dbb88b1..00000000 --- a/seed/lemonldap/dictionaries/70_lemonldap_ng.xml +++ /dev/null @@ -1,45 +0,0 @@ - - - - - - /static/logo.png - /static/demo.png - /static/silique_email.png - /static/silique_folder.png - /static/silique_note.png - /static/silique_video.png - /static/silique_image.png - /static/risotto.css - /var/lib/lemonldap-ng/conf/lmConf-1.json - /etc/lemonldap-ng/lemonldap-ng.ini - /etc/lemonldap-ng/portal-nginx.conf - /etc/lemonldap-ng/nginx-lmlog.conf - /etc/default/lemonldap-ng-fastcgi-server - /sbin/interne_well_known.pl - /sbin/wget.pl - /tmpfiles.d/0lemonldap.conf - /tests/lemonldap.yml - - - - - - False - - - - - 1 - - - - - - - all - - - - - diff --git a/seed/lemonldap/dictionaries/70_lemonldap_ng.yml b/seed/lemonldap/dictionaries/70_lemonldap_ng.yml new file mode 100644 index 00000000..1f303062 --- /dev/null +++ b/seed/lemonldap/dictionaries/70_lemonldap_ng.yml @@ -0,0 +1,32 @@ +--- +version: 1.1 + +nginx: + + default_https: + redefine: true + default: false + +lemonldap: + description: LemonLDAP + help: Configuration de la solution d'authentification unique LemonLDAP::NG + + proc: + description: Nombre de processus dédié à LemonLdap + help: Équivalent au nombre de processeurs + mode: advanced + default: 1 + + mail_admin: + type: mail + description: Courriel de l'administrateur + examples: + - admin@example.net + +ldap: + + client: + + family: + redefine: true + default: all diff --git a/seed/lemonldap/extras/oauth2/00_oauth2.xml b/seed/lemonldap/extras/oauth2/00_oauth2.xml deleted file mode 100644 index b9b9285a..00000000 --- a/seed/lemonldap/extras/oauth2/00_oauth2.xml +++ /dev/null @@ -1,31 +0,0 @@ - - - - - - - revprox_client_external_domainnames - oauth2.oauth2_.oauth2_client_external_domain_ - - - - diff --git a/seed/lemonldap/extras/oauth2/00_oauth2.yml b/seed/lemonldap/extras/oauth2/00_oauth2.yml new file mode 100644 index 00000000..48b96974 --- /dev/null +++ b/seed/lemonldap/extras/oauth2/00_oauth2.yml @@ -0,0 +1,90 @@ +--- +version: 1.1 + +remotes: + description: Remote clients needing to verify OAuth2 account + type: domainname + multi: true + provider: OAuth2 + hidden: true + mandatory: false + +"oauth2_{{ suffix }}": + _description: 'OAuth2 for {{ suffix }}' + dynamic: + variable: oauth2.remotes + + client_id: + description: 'Remote client id for {{ suffix }}' + hidden: true + provider: OAuth2:client_id + + secret: + description: 'Remote secret for {{ suffix }}' + type: secret + hidden: true + provider: OAuth2:secret + + name: + description: 'Remote name for {{ suffix }}' + hidden: true + provider: OAuth2:name + mandatory: false + + description: + description: 'Remote description for {{ suffix }}' + hidden: true + provider: OAuth2:description + mandatory: false + + category: + description: 'Remote category for {{ suffix }}' + hidden: true + provider: OAuth2:category + mandatory: false + + login: + description: 'Remote URL to login for {{ suffix }}' + hidden: true + provider: OAuth2:login + mandatory: false + + external: + type: leadership + + hosts: + description: 'Remote external for {{ suffix }}' + provider: OAuth2:external + hidden: true + mandatory: false + + family: + description: 'Remote family for {{ suffix }}' + provider: OAuth2:family + mandatory: false + + logo: + description: 'Logo for {{ suffix }}' + hidden: true + provider: OAuth2:logo + mandatory: false + + token_signature_algo: + description: 'OAuth2 token signature algorithm for {{ suffix }}' + hidden: true + provider: OAuth2:token_signature_algo + choices: + - HS512 + - RS256 + + oauth2_client_external_domain: + description: 'External domain for {{ suffix }}' + type: domainname + hidden: true + supplier: OAuth2:external_domain + default: + jinja: >- + {% set domains = general.revprox.client.external_domainnames %} + {%- if domains -%} + {{ domains[0] }} + {%- endif -%} diff --git a/seed/loki/applicationservice.yml b/seed/loki/applicationservice.yml index 81f5763d..283d649b 100644 --- a/seed/loki/applicationservice.yml +++ b/seed/loki/applicationservice.yml @@ -1,3 +1,4 @@ +--- format: '0.1' description: Loki, a log aggregation platform website: https://grafana.com/ diff --git a/seed/loki/dictionaries/20_loki.xml b/seed/loki/dictionaries/20_loki.xml deleted file mode 100644 index 3e3d6643..00000000 --- a/seed/loki/dictionaries/20_loki.xml +++ /dev/null @@ -1,16 +0,0 @@ - - - - - /etc/loki/loki.yaml - /sysusers.d/loki.conf - /tmpfiles.d/0loki.conf - - - - - - - - diff --git a/seed/loki/dictionaries/20_loki.yml b/seed/loki/dictionaries/20_loki.yml new file mode 100644 index 00000000..5e8177ef --- /dev/null +++ b/seed/loki/dictionaries/20_loki.yml @@ -0,0 +1,11 @@ +--- +version: 1.1 + +loki: # Loki + + remotes: + description: Concentrate log messages + type: domainname + provider: Loki + multi: true + hidden: true diff --git a/seed/mailman/applicationservice.yml b/seed/mailman/applicationservice.yml index 20ed537c..31b4441f 100644 --- a/seed/mailman/applicationservice.yml +++ b/seed/mailman/applicationservice.yml @@ -1,5 +1,7 @@ +--- format: '0.1' -description: GNU Mailman, managing electronic mail discussion and e-newsletter lists +description: > + GNU Mailman, managing electronic mail discussion and e-newsletter lists website: https://www.list.org depends: - base-debian-bullseye diff --git a/seed/mailman/dictionaries/31_mailman.xml b/seed/mailman/dictionaries/31_mailman.xml deleted file mode 100644 index 9ce073e4..00000000 --- a/seed/mailman/dictionaries/31_mailman.xml +++ /dev/null @@ -1,80 +0,0 @@ - - - - - - /etc/mailman3/mailman.cfg - /tmpfiles.d/0mailman.conf - /tests/mailman.yml - - - - - postgresql_postorius - - /etc/mailman3/nginx.conf - /etc/mailman3/mailman-web.py - /etc/mailman3/uwsgi.ini - - - - - - - - - - True - - - Liste de distribution - - - Liste de distribution Mailman - - - Développement - - - silique_email.png - - - RS256 - - - - - - - - False - - - /usr/share/webapps/postorius - - - - - list - - - - - - domain_name_eth0 - postorius - secret_key - cleartext - hide_secret - postorius_secret_key - - - revprox_client_external_domainnames - revprox_client_location - accounts/risotto/login/ - oauth2_client_external - - - diff --git a/seed/mailman/dictionaries/31_mailman.yml b/seed/mailman/dictionaries/31_mailman.yml new file mode 100644 index 00000000..1168a29a --- /dev/null +++ b/seed/mailman/dictionaries/31_mailman.yml @@ -0,0 +1,92 @@ +--- +version: 1.1 + +mailman: # Gestionnaire de liste + + mail_owner: + type: mail + description: Courriel du gestionnaire de liste du site + examples: + - admin@example.net + + domains: + type: domainname + description: Nom de domaine des listes + multi: true + examples: + - list.example.net + + postorius_secret_key: + type: secret + description: Internal secret key + hidden: true + auto_save: false + default: + jinja: >- + {{ "postorius" | + get_password(server_name=general.network.interface_0.domain_name, + description="secret_key", + type="cleartext", + hide=general.hide_secret) + }} + +oauth2: + + client: + + is_client_application: + redefine: true + default: true + + name: + redefine: true + default: Liste de distribution + + description: + redefine: true + default: Liste de distribution Mailman + + category: + redefine: true + default: Développement + + logo: + redefine: true + default: silique_email.png + + token_signature_algo: + redefine: true + default: RS256 + + external: + + external: + redefine: true + default: + jinja: |- + {%- for val in + general.revprox.client.external_domainnames | + calc_oauth2_client_external( + general.revprox.client.location, + "accounts/risotto/login/") + %} + {{ val }} + {%- endfor -%} + +nginx: + + default_https: + redefine: true + default: false + + root: + redefine: true + default: /usr/share/webapps/postorius + +postgresql: + + client: + + key_owner: + redefine: true + default: list diff --git a/seed/mailman/extras/machine/20_mailman.xml b/seed/mailman/extras/machine/20_mailman.xml deleted file mode 100644 index c8842485..00000000 --- a/seed/mailman/extras/machine/20_mailman.xml +++ /dev/null @@ -1,17 +0,0 @@ - - - - - 256 - - - False - - - False - - - 512 - - - diff --git a/seed/mailman/extras/machine/20_mailman.yml b/seed/mailman/extras/machine/20_mailman.yml new file mode 100644 index 00000000..ae6b614c --- /dev/null +++ b/seed/mailman/extras/machine/20_mailman.yml @@ -0,0 +1,19 @@ +--- +version: 1.1 + +var_size: + redefine: true + default: '256' + +add_tmp: + redefine: true + default: 'False' + +add_swap: + redefine: true + default: 'False' + +memory: + redefine: true + exists: true + default: '512' diff --git a/seed/mailman/extras/mailman/20_mailman.xml b/seed/mailman/extras/mailman/20_mailman.xml deleted file mode 100644 index e356b1a7..00000000 --- a/seed/mailman/extras/mailman/20_mailman.xml +++ /dev/null @@ -1,23 +0,0 @@ - - - - - - - - - - mailman.list_.name_ - - mailman.list_.names_ - - - mailman.list_.names_ - mailman.names_ - - - - - diff --git a/seed/mailman/extras/mailman/20_mailman.yml b/seed/mailman/extras/mailman/20_mailman.yml new file mode 100644 index 00000000..d88c9c38 --- /dev/null +++ b/seed/mailman/extras/mailman/20_mailman.yml @@ -0,0 +1,38 @@ +--- +version: 1.1 + +"list_{{ suffix }}": + description: 'Listes du domaine {{ suffix }}' + dynamic: + variable: general.mailman.domains + + name: + description: 'Nom des listes {{ suffix }}' + type: unix_user + multi: true + + names: + description: 'Address names {{ suffix }}' + type: string + hidden: true + default: + jinja: >- + {{ _.name | mailman_emails(suffix) }} + params: + suffix: + type: suffix + +names: + description: 'All address names' + type: string + multi: true + hidden: true + supplier: LMTP:criteria + default: + jinja: |- + {%- for name in names | mailman_concat %} + {{ name }} + {%- endfor -%} + params: + names: + variable: _.list_{{ suffix }}.names diff --git a/seed/mariadb-client/applicationservice.yml b/seed/mariadb-client/applicationservice.yml index 9c519da6..08284549 100644 --- a/seed/mariadb-client/applicationservice.yml +++ b/seed/mariadb-client/applicationservice.yml @@ -1,3 +1,4 @@ +--- format: '0.1' description: Application service needs interact with a MariaDB server website: https://mariadb.org/ diff --git a/seed/mariadb-client/dictionaries/20_mariadb.xml b/seed/mariadb-client/dictionaries/20_mariadb.xml deleted file mode 100644 index 83144041..00000000 --- a/seed/mariadb-client/dictionaries/20_mariadb.xml +++ /dev/null @@ -1,45 +0,0 @@ - - - - - - - - - - - - zones - mariadb_client_server_domainname - mariadb_client_server_ip - - - mariadb_client_server_ip - domain_name_eth - network_eth - mariadb_client_address - - - server_name - mariadb_client_username - - - mariadb_client_username - mariadb_client_database - - - mariadb_client_server_domainname - mariadb_client_address - remote - cleartext - hide_secret - mariadb_client_password - - - diff --git a/seed/mariadb-client/dictionaries/20_mariadb.yml b/seed/mariadb-client/dictionaries/20_mariadb.yml new file mode 100644 index 00000000..71760b9e --- /dev/null +++ b/seed/mariadb-client/dictionaries/20_mariadb.yml @@ -0,0 +1,63 @@ +--- +version: 1.1 + +mariadb: # MariaDB + + client: # MariaDB client + + server_domainname: + type: domainname + supplier: MariaDB + hidden: true + + server_ip: + type: ip + hidden: true + default: + jinja: >- + {{ zones | get_ip(_.server_domainname) }} + params: + zones: + information: zones + + username: + description: Database username + supplier: MariaDB:username + hidden: true + default: + jinja: >- + {{ general.network.server_name | normalize_family }} + + password: + type: secret + description: Database password + hidden: true + supplier: MariaDB:password + default: + jinja: >- + {% set server_name=_.server_domainname %} + {{ _.address | get_password(server_name=server_name, + description="remote", + type="cleartext", + hide=general.hide_secret) + }} + + database: + description: Database name + hidden: true + supplier: MariaDB:database + default: + variable: _.username + + address: + hidden: true + default: + jinja: >- + {{ _.server_ip | get_client_address(domain_name, network) }} + params: + network: + variable: >- + general.network.interface_{{ suffix }}.network + domain_name: + variable: >- + general.network.interface_{{ suffix }}.domain_name diff --git a/seed/mariadb/applicationservice.yml b/seed/mariadb/applicationservice.yml index c2e948b1..02f66471 100644 --- a/seed/mariadb/applicationservice.yml +++ b/seed/mariadb/applicationservice.yml @@ -1,3 +1,4 @@ +--- format: '0.1' description: MariaDB, a relational database website: https://mariadb.org/ diff --git a/seed/mariadb/dictionaries/20_mariadb.xml b/seed/mariadb/dictionaries/20_mariadb.xml deleted file mode 100644 index 346f98a9..00000000 --- a/seed/mariadb/dictionaries/20_mariadb.xml +++ /dev/null @@ -1,29 +0,0 @@ - - - - - - /etc/my.cnf.d/risotto.cnf - /tmpfiles.d/0mariadb.conf - /etc/mariadb.sql - /tests/mariadb.yml - /sbin/risotto_backup - - - - - - - - - domain_name_eth0 - root_password - mariadb - cleartext - hide_secret - 50 - mariadb_root_password - - - diff --git a/seed/mariadb/dictionaries/20_mariadb.yml b/seed/mariadb/dictionaries/20_mariadb.yml new file mode 100644 index 00000000..c95ab260 --- /dev/null +++ b/seed/mariadb/dictionaries/20_mariadb.yml @@ -0,0 +1,18 @@ +--- +version: 1.1 + +mariadb: + description: MariaDB + help: Paramétrage du serveur de gestion de bases de données MariaDB + + mariadb_root_password: + type: secret + hidden: true + default: + jinja: >- + {{ "root_password" | + get_password(server_name=general.network.interface_0.domain_name, + description="mariadb", + type="cleartext", + hide=general.hide_secret, length=50) + }} diff --git a/seed/mariadb/extras/accounts/00_accounts.xml b/seed/mariadb/extras/accounts/00_accounts.xml deleted file mode 100644 index 5a688d63..00000000 --- a/seed/mariadb/extras/accounts/00_accounts.xml +++ /dev/null @@ -1,12 +0,0 @@ - - - - - - diff --git a/seed/mariadb/extras/accounts/00_accounts.yml b/seed/mariadb/extras/accounts/00_accounts.yml new file mode 100644 index 00000000..98399211 --- /dev/null +++ b/seed/mariadb/extras/accounts/00_accounts.yml @@ -0,0 +1,29 @@ +--- +version: 1.1 + +remotes: + description: Create account and connexion to a MariaDB server. + type: domainname + multi: true + mandatory: false + hidden: true + provider: MariaDB + +"remote_{{ suffix }}": + description: 'Account for {{ suffix }}' + dynamic: + variable: accounts.remotes + hidden: true + + database: + description: 'MariaDB database name for {{ suffix }}' + provider: MariaDB:database + + username: + description: 'MariaDB user name for {{ suffix }}' + provider: MariaDB:username + + password: + description: 'MariaDB password for {{ suffix }}' + type: secret + provider: MariaDB:password diff --git a/seed/nextcloud/applicationservice.yml b/seed/nextcloud/applicationservice.yml index 1a82fdcf..4571bdad 100644 --- a/seed/nextcloud/applicationservice.yml +++ b/seed/nextcloud/applicationservice.yml @@ -1,3 +1,4 @@ +--- format: '0.1' description: Nextcloud, Online collaboration platform website: https://nextcloud.com/ diff --git a/seed/nextcloud/dictionaries/31_nextcloud.xml b/seed/nextcloud/dictionaries/31_nextcloud.xml deleted file mode 100644 index fb5ed8a4..00000000 --- a/seed/nextcloud/dictionaries/31_nextcloud.xml +++ /dev/null @@ -1,67 +0,0 @@ - - - - - - - /etc/nextcloud/config.php - /sbin/nextcloud.init - /etc/httpd/conf.d/a-nextcloud-access.conf - /etc/httpd/conf.d/z-nextcloud-access.conf - /etc/php.d/20-pgsql.ini - /tmpfiles.d/0nextcloud.conf - - - - - - - - True - - - Collaboration - - - Plateforme de collaboration Nextcloud - - - Diffusion - - - silique_folder.png - - - - - False - - - False - - - - - - domain_name_eth0 - admin_password - nextcloud - cleartext - hide_secret - nextcloud_admin_password - - - - domain_name_eth0 - instance_id - nextcloud - 10 - True - hide_secret - nextcloud_instance_id - - - diff --git a/seed/nextcloud/dictionaries/31_nextcloud.yml b/seed/nextcloud/dictionaries/31_nextcloud.yml new file mode 100644 index 00000000..b3f55d9b --- /dev/null +++ b/seed/nextcloud/dictionaries/31_nextcloud.yml @@ -0,0 +1,71 @@ +--- +version: 1.1 + +nextcloud: # Nextcloud + + admin_password: + type: secret + auto_save: false + hidden: true + default: + jinja: >- + {{ "admin_password" | + get_password(server_name=general.network.interface_0.domain_name, + description="nextcloud", + type="cleartext", + hide=general.hide_secret) + }} + + mail_admin: + type: mail + description: The administrator email + examples: + - admin@example.net + + instance_id: + type: secret + auto_save: false + hidden: true + default: + jinja: >- + {{ general.network.interface_0.domain_name| + get_password_alpha_num(username="instance_id", + description="nextcloud", + length=10, + starts_with_char=true, + hide=general.hide_secret) + }} + +oauth2: + + client: + + is_client_application: + redefine: true + default: true + + name: + redefine: true + default: Collaboration + + description: + redefine: true + default: Plateforme de collaboration Nextcloud + + category: + redefine: true + default: Diffusion + + logo: + redefine: true + default: silique_folder.png + +php: + + enable_output_buffering: + redefine: true + default: 'False' + + disable_pcntl: + redefine: true + default: 'False' diff --git a/seed/nginx-common/applicationservice.yml b/seed/nginx-common/applicationservice.yml index 09835368..98537466 100644 --- a/seed/nginx-common/applicationservice.yml +++ b/seed/nginx-common/applicationservice.yml @@ -1,3 +1,4 @@ +--- format: '0.1' description: Nginx common configuration website: https://nginx.org/ diff --git a/seed/nginx-common/dictionaries/21_nginx.xml b/seed/nginx-common/dictionaries/21_nginx.xml deleted file mode 100644 index 15fdfd50..00000000 --- a/seed/nginx-common/dictionaries/21_nginx.xml +++ /dev/null @@ -1,75 +0,0 @@ - - - - - /etc/nginx/nginx.conf - /etc/nginx/sites-available/default - /etc/nginx/default.d/default.conf - /etc/nginx/conf.d/options.conf - /sysusers.d/nginx.conf - /tmpfiles.d/nginx.conf - /tests/nginx-common.yml - - - - - - - - - - - Fedora - nginx_fedora - nginx_default - - - Debian - nginx_debian - - - - nginx_default - - - nginx - www-data - os_name - Fedora - nginx_owner - - - nginx - adm - os_name - Fedora - nginx_group - - - nginx.conf - os_name - . - nginx_source_conf - - - diff --git a/seed/nginx-common/dictionaries/21_nginx.yml b/seed/nginx-common/dictionaries/21_nginx.yml new file mode 100644 index 00000000..05627434 --- /dev/null +++ b/seed/nginx-common/dictionaries/21_nginx.yml @@ -0,0 +1,72 @@ +--- +version: 1.1 + +nginx: + + default_http: + hidden: true + default: false + + default_https: + description: Support the default.d directory for HTTPS connexion + hidden: true + default: false + + default: + type: domainname + mandatory: false + hidden: true + disabled: + variable: general.os_name + when_not: Fedora + + root: + type: unix_filename + mandatory: false + hidden: true + default: /usr/share/nginx/html + + hash_bucket_size: + description: The bucket size for the server names hash tables + mode: advanced + default: '128' + choices: + - '128' + - '64' + - '32' + + post_max_size: + description: The maximum allowed size of the client request body + help: This value is in Mb + mode: advanced + default: 32 + + owner: + type: unix_user + description: Nginx process owner + hidden: true + default: + jinja: >- + {%- if general.os_name == "Fedora" -%} + nginx + {%- else -%} + www-data + {%- endif -%} + + group: + type: unix_user + description: Nginx process group + hidden: true + default: + jinja: >- + {%- if general.os_name == "Fedora" -%} + nginx + {%- else -%} + adm + {%- endif -%} + + source_conf: + hidden: true + default: + jinja: >- + nginx.conf.{{ general.os_name }} diff --git a/seed/nginx-https/applicationservice.yml b/seed/nginx-https/applicationservice.yml index 2f09cf44..789917f7 100644 --- a/seed/nginx-https/applicationservice.yml +++ b/seed/nginx-https/applicationservice.yml @@ -1,3 +1,4 @@ +--- format: '0.1' description: Nginx as HTTPS web site website: https://nginx.org/ diff --git a/seed/nginx-https/dictionaries/25_nginx.xml b/seed/nginx-https/dictionaries/25_nginx.xml deleted file mode 100644 index 1f24bfaf..00000000 --- a/seed/nginx-https/dictionaries/25_nginx.xml +++ /dev/null @@ -1,26 +0,0 @@ - - - - - - - - nginx - - - - - nginx - - - - - nginx - - - - diff --git a/seed/nginx-https/dictionaries/25_nginx.yml b/seed/nginx-https/dictionaries/25_nginx.yml new file mode 100644 index 00000000..58506f06 --- /dev/null +++ b/seed/nginx-https/dictionaries/25_nginx.yml @@ -0,0 +1,33 @@ +--- +version: 1.1 + +nginx: + + default_http: + redefine: true + hidden: true + default: false + + default_https: + redefine: true + hidden: true + default: true + + php_fpm_user: + redefine: true + exists: true + default: nginx + +redis: + + client_key_owner: + redefine: true + exists: true + default: nginx + +postgresql: + + client_key_owner: + redefine: true + exists: true + default: nginx diff --git a/seed/nginx-reverse-proxy/applicationservice.yml b/seed/nginx-reverse-proxy/applicationservice.yml index b55a580c..135df13d 100644 --- a/seed/nginx-reverse-proxy/applicationservice.yml +++ b/seed/nginx-reverse-proxy/applicationservice.yml @@ -1,6 +1,7 @@ +--- format: '0.1' description: Nginx as reverse proxy -help: | +help: |- The reverse proxy provides access to internal services. These internal services are integrated automatically. website: https://nginx.org/ diff --git a/seed/nginx-reverse-proxy/dictionaries/25_nginx.xml b/seed/nginx-reverse-proxy/dictionaries/25_nginx.xml deleted file mode 100644 index 9c72f362..00000000 --- a/seed/nginx-reverse-proxy/dictionaries/25_nginx.xml +++ /dev/null @@ -1,37 +0,0 @@ - - - - - - - nginx.revprox_domainnames - revprox - /etc/nginx/conf.d/options-rp.conf - /etc/nginx/conf.d/risotto.conf - /tests/reverse-proxy.yml - /var/www/html/error.html - - - - - - 80 - 443 - - - - - - diff --git a/seed/nginx-reverse-proxy/dictionaries/25_nginx.yml b/seed/nginx-reverse-proxy/dictionaries/25_nginx.yml new file mode 100644 index 00000000..79b04d79 --- /dev/null +++ b/seed/nginx-reverse-proxy/dictionaries/25_nginx.yml @@ -0,0 +1,41 @@ +--- +version: 1.1 + +network: + incoming_ports: + redefine: true + default: + - 80 + - 443 + +nginx: + + default: + redefine: true + hidden: false + description: Default reverse proxy domaine name + help: >- + If a client access to reverse proxy with an unknown domain name, the + connexion is redirect to this domain name. By default this variable is + the first associated service to this reverse proxy + mode: basic + + default_http: + redefine: true + default: false + + default_https: + redefine: true + default: false + + certificates_provider: + description: Type of certificate autority signing external certificates + mode: basic + help: >- + The certificate can be self-signed (therefore invalid by default for the + client) or obtained via the Let's Encrypt service (generally valid for + the client) + default: self-signed + choices: + - self-signed + - letsencrypt diff --git a/seed/nginx-reverse-proxy/extras/machine/20_reverse_proxy.xml b/seed/nginx-reverse-proxy/extras/machine/20_reverse_proxy.xml deleted file mode 100644 index ac4f5b31..00000000 --- a/seed/nginx-reverse-proxy/extras/machine/20_reverse_proxy.xml +++ /dev/null @@ -1,20 +0,0 @@ - - - - - 256 - - - False - - - False - - - False - - - 512 - - - diff --git a/seed/nginx-reverse-proxy/extras/machine/20_reverse_proxy.yml b/seed/nginx-reverse-proxy/extras/machine/20_reverse_proxy.yml new file mode 100644 index 00000000..2a5318b8 --- /dev/null +++ b/seed/nginx-reverse-proxy/extras/machine/20_reverse_proxy.yml @@ -0,0 +1,23 @@ +--- +version: 1.1 + +var_size: + redefine: true + default: '256' + +add_tmp: + redefine: true + default: 'False' + +add_srv: + redefine: true + default: 'False' + +add_swap: + redefine: true + default: 'False' + +memory: + redefine: true + exists: true + default: '512' diff --git a/seed/nginx-reverse-proxy/extras/nginx/00_nginx.xml b/seed/nginx-reverse-proxy/extras/nginx/00_nginx.xml deleted file mode 100644 index 26151f99..00000000 --- a/seed/nginx-reverse-proxy/extras/nginx/00_nginx.xml +++ /dev/null @@ -1,27 +0,0 @@ - - - - - - - nginx.reverse_proxy_for_.reverse_proxy_.revprox_domainnames_ - nginx.revprox_domainnames - - - nginx.reverse_proxy_for_.reverse_proxy_.revprox_domainnames_ - nginx_default - - - diff --git a/seed/nginx-reverse-proxy/extras/nginx/00_nginx.yml b/seed/nginx-reverse-proxy/extras/nginx/00_nginx.yml new file mode 100644 index 00000000..589a6bb8 --- /dev/null +++ b/seed/nginx-reverse-proxy/extras/nginx/00_nginx.yml @@ -0,0 +1,78 @@ +--- +version: 1.1 + +remotes: + description: Register to service to a reverse proxy server + type: domainname + multi: true + hidden: true + mandatory: false + provider: ReverseProxy + +"reverse_proxy_for_{{ suffix }}": + description: 'Serveur mandataire inverse pour {{ suffix }}' + dynamic: + variable: nginx.remotes + + reverse_proxy: + description: 'Reverse proxy {{ suffix }}' + help: Paramètrage du proxy inverse + type: leadership + + domainnames: + description: 'External domain name for {{ suffix }}' + type: domainname + hidden: true + mandatory: false + provider: ReverseProxy:external + + location: + description: 'URI to redirect for {{ suffix }}' + help: Relative redirected URI (without domaine name) + examples: + - /mail + type: unix_filename + multi: true + unique: false + provider: ReverseProxy:location + + url: + description: 'Internal URL for {{ suffix }}' + type: web_address + unique: false + provider: ReverseProxy:url + + is_websocket: + description: 'The entry point is a websocket for {{ suffix }}' + type: boolean + multi: true + unique: false + provider: ReverseProxy:websocket + + max_body_size: + description: 'Body size max for {{ suffix }}' + unique: false + mandatory: false + provider: ReverseProxy:max_body_size + + http: + type: boolean + description: 'The website is in HTTP for {{ suffix }}' + unique: false + provider: ReverseProxy:http + +revprox_domainnames: + description: >- + Nom des domaines auto-configurés dans le serveur mandataire inverse + type: domainname + multi: true + default: + jinja: |- + {%- for domain in domainnames | nginx_list %} + {{ domain }} + {%- endfor -%} + params: + domainnames: + variable: "nginx.reverse_proxy_for_{{ suffix }}.\ + reverse_proxy.domainnames" + hidden: true diff --git a/seed/nginx-static/applicationservice.yml b/seed/nginx-static/applicationservice.yml index 7d302da8..b91f82fe 100644 --- a/seed/nginx-static/applicationservice.yml +++ b/seed/nginx-static/applicationservice.yml @@ -1,3 +1,4 @@ +--- format: '0.1' description: Nginx as static web site website: https://nginx.org/ diff --git a/seed/nginx-static/dictionaries/22_nginx_static.xml b/seed/nginx-static/dictionaries/22_nginx_static.xml deleted file mode 100644 index 5ed613df..00000000 --- a/seed/nginx-static/dictionaries/22_nginx_static.xml +++ /dev/null @@ -1,25 +0,0 @@ - - - - - /tmpfiles.d/0static.conf - nginx_index_file - - - - - - - - - - nginx_root - index.html - / - nginx_index_file - - - diff --git a/seed/nginx-static/dictionaries/22_nginx_static.yml b/seed/nginx-static/dictionaries/22_nginx_static.yml new file mode 100644 index 00000000..ca564e74 --- /dev/null +++ b/seed/nginx-static/dictionaries/22_nginx_static.yml @@ -0,0 +1,17 @@ +--- +version: 1.1 + +nginx: + + root: + description: Adresse racine du site web + redefine: true + hidden: false + default: /srv/static + + index_file: + type: unix_filename + hidden: true + default: + jinja: >- + {{ _.root }}/index.html diff --git a/seed/nsd-local/applicationservice.yml b/seed/nsd-local/applicationservice.yml index 78d8efd5..661be70c 100644 --- a/seed/nsd-local/applicationservice.yml +++ b/seed/nsd-local/applicationservice.yml @@ -1,3 +1,4 @@ +--- format: '0.1' description: NSD, an authoritative DNS name server for local resolution website: https://www.nlnetlabs.nl/projects/nsd/about/ diff --git a/seed/nsd-local/dictionaries/21_nsd-local.xml b/seed/nsd-local/dictionaries/21_nsd-local.xml deleted file mode 100644 index 071af5e2..00000000 --- a/seed/nsd-local/dictionaries/21_nsd-local.xml +++ /dev/null @@ -1,48 +0,0 @@ - - - - - - - - - - - - - zones - nsd_allowed_clients - nsd_allowed_client_ip - - - zones - nsd_resolver - nsd_resolve_ip - - - zones - nsd_zones - - - zones - network - True - nsd_reverse_network - - - domain_name_eth0 - nsd_zones_all - nsd_dnssec_ds_ - - - diff --git a/seed/nsd-local/dictionaries/21_nsd-local.yml b/seed/nsd-local/dictionaries/21_nsd-local.yml new file mode 100644 index 00000000..a1ee67a5 --- /dev/null +++ b/seed/nsd-local/dictionaries/21_nsd-local.yml @@ -0,0 +1,89 @@ +--- +version: 1.1 + +dns_server: + + nsd_allowed_client_cidr: + redefine: true + hidden: true + + nsd_allowed_clients: + type: domainname + description: DNS forwarder for local domain name + multi: true + hidden: true + provider: LocalDNS + mandatory: false + + "nsd_client_{{ suffix }}": + dynamic: + variable: _.nsd_allowed_clients + + nsd_dnssec_ds: + supplier: LocalDNS:DNSSEC_DS + hidden: true + multi: true + default: + jinja: |- + {%- for variable in general.network.interface_0.domain_name | + get_dnssec_ds(general.nsd_zones_all) %} + {{ variable }} + {%- endfor -%} + + nsd_allowed_client_ip: + type: ip + description: Clients + multi: true + hidden: true + default: + jinja: |- + {%- for client in zones | get_ip(_.nsd_allowed_clients) %} + {{ client }} + {%- endfor -%} + params: + zones: + information: zones + + nsd_resolver: + redefine: true + supplier: ExternalDNS + hidden: true + + nsd_resolve_ip: + type: ip + hidden: true + default: + jinja: >- + {{ zones | get_ip(general.dns_server.nsd_resolver) }} + params: + zones: + information: zones + +dns_zone: + + nsd_zones: + redefine: true + hidden: true + multi: true + default: + jinja: |- + {%- for zone in zones | get_internal_zones %} + {{ zone }} + {%- endfor -%} + params: + zones: + information: zones + +dns_reverses: + + nsd_reverse_network: + redefine: true + hidden: true + default: + jinja: |- + {%- for zone in zones | get_zones_info("network", uniq=true) %} + {{ zone }} + {%- endfor -%} + params: + zones: + information: zones diff --git a/seed/nsd-local/extras/nsd/01_nsd-local.xml b/seed/nsd-local/extras/nsd/01_nsd-local.xml deleted file mode 100644 index c38a13cf..00000000 --- a/seed/nsd-local/extras/nsd/01_nsd-local.xml +++ /dev/null @@ -1,25 +0,0 @@ - - - - - - - domain_name_eth - nsd.nsd_zone_.ns_ - - - zones - - host - nsd.nsd_zone_.hostname_.hostname_ - - - zones - - ip - - nsd.nsd_zone_.hostname_.ip_ - - - diff --git a/seed/nsd-local/extras/nsd/01_nsd-local.yml b/seed/nsd-local/extras/nsd/01_nsd-local.yml new file mode 100644 index 00000000..db42a830 --- /dev/null +++ b/seed/nsd-local/extras/nsd/01_nsd-local.yml @@ -0,0 +1,34 @@ +--- +version: 1.1 + +"nsd_zone_{{ suffix }}": + hidden: true + redefine: true + + hosts: + + hostname: + redefine: true + default: + jinja: |- + {%- for zone in zones | get_internal_info_in_zone(suffix, "host") %} + {{ zone }} + {%- endfor %} + params: + zones: + information: zones + suffix: + type: suffix + + ip: + redefine: true + default: + jinja: >- + {{ zones | get_internal_info_in_zone(suffix, "ip", index) }} + params: + zones: + information: zones + suffix: + type: suffix + index: + type: index diff --git a/seed/nsd/applicationservice.yml b/seed/nsd/applicationservice.yml index 1ff6b639..090d0342 100644 --- a/seed/nsd/applicationservice.yml +++ b/seed/nsd/applicationservice.yml @@ -1,3 +1,4 @@ +--- format: '0.1' description: NSD, an authoritative DNS name server website: https://www.nlnetlabs.nl/projects/nsd/about/ diff --git a/seed/nsd/dictionaries/20_nsd.xml b/seed/nsd/dictionaries/20_nsd.xml deleted file mode 100644 index 9c956c8f..00000000 --- a/seed/nsd/dictionaries/20_nsd.xml +++ /dev/null @@ -1,104 +0,0 @@ - - - - - - nsd_allowed_all_client - /etc/nsd/conf.d/risotto.conf - nsd_zone_filenames - nsd_zone_filenames_signed - nsd_reverse_filenames - nsd_reverse_filenames_signed - /sysusers.d/0nsd.conf - /tmpfiles.d/0nsd.conf - /tests/nsd.yml - - - - - - - - - - - - - - - - - - - - - ip_eth0 - ip_dns - - - nsd_zones - nsd_reverse_name - nsd_zones_all - - - ip_eth - nsd_allowed_client_cidr - nsd_allowed_client_ip - nsd_resolve_ip - True - nsd_allowed_all_client - - - nsd_reverse_network - nsd_reverse_name - - - nsd_reverse_network - nsd_reverse_networks - - - nsd_reverse_name - nsd_reverse_names - - - /etc/nsd/ - nsd_zones - .zone - - True - nsd_zone_filenames - - - nsd_zone_filenames - .signed - - True - nsd_zone_filenames_signed - - - /etc/nsd/ - nsd_reverse_name - reverse - True - - True - nsd_reverse_filenames - - - nsd_reverse_filenames - .signed - - True - nsd_reverse_filenames_signed - - - diff --git a/seed/nsd/dictionaries/20_nsd.yml b/seed/nsd/dictionaries/20_nsd.yml new file mode 100644 index 00000000..2d08c3ec --- /dev/null +++ b/seed/nsd/dictionaries/20_nsd.yml @@ -0,0 +1,165 @@ +--- +version: 1.1 + +network: + + dns_client_address: + redefine: true + disabled: true + + ip_dns: + redefine: true + default: + variable: _.interface_0.ip + +dns_server: # Serveur DNS + + nsd_allowed_client_cidr: + type: network_cidr + description: Clients autorisés à interroger le serveur DNS + multi: true + mode: basic + mandatory: false + + nsd_resolver: + type: domainname + description: Nom de domaine du résolveur DNS associé + mode: basic + mandatory: false + + nsd_allowed_all_client: + type: network_cidr + description: All autorised IP + multi: true + hidden: true + default: + jinja: |- + {%- if _.nsd_allowed_client_ip is defined -%} + {%- set nsd_allowed_client_ip = _.nsd_allowed_client_ip -%} + {%- set nsd_resolve_ip = _.nsd_resolve_ip -%} + {%- else -%} + {%- set nsd_allowed_client_ip = none -%} + {%- set nsd_resolve_ip = none -%} + {%- endif -%} + {%- for network in ip_eth | nsd_concat_lists(_.nsd_allowed_client_cidr, + nsd_allowed_client_ip, + ip=nsd_resolve_ip, + cidr=true) + %} + {{ network }} + {%- endfor -%} + params: + ip_eth: + variable: general.network.interface_{{ suffix }}.ip + +dns_zone: # Zone DNS + + nsd_zones: + type: domainname + description: Zones DNS + multi: true + examples: + - subdomain.example.net + mode: basic + +dns_reverses: + description: Zone DNS reverse + type: leadership + + nsd_reverse_network: + description: Réseau pour la résolution reverse + type: network_cidr + mode: basic + mandatory: false + + nsd_reverse_name: + description: Nom de la zone + hidden: true + default: + jinja: >- + {{ _.nsd_reverse_network | get_reverse_name }} + +nsd_reverse_networks: + description: Réseaux pour la résolution inverse + hidden: true + multi: true + mandatory: false + default: + jinja: |- + {%- for n in _.dns_reverses.nsd_reverse_network|calc_reverse_networks %} + {{ n }} + {%- endfor -%} + +nsd_reverse_names: + description: Nom des zones + hidden: true + multi: true + mandatory: false + default: + jinja: |- + {%- for zone in _.dns_reverses.nsd_reverse_name | calc_reverse_names %} + {{ zone }} + {%- endfor -%} + +nsd_zones_all: + type: domainname + multi: true + supplier: ExternalDNS:authority_zones + hidden: true + default: + jinja: |- + {%- for zone in _.dns_zone.nsd_zones | + nsd_concat_lists(_.dns_reverses.nsd_reverse_name) %} + {{ zone }} + {%- endfor -%} + +nsd_zone_filenames: + type: unix_filename + description: Nom des fichiers de zone + multi: true + hidden: true + default: + jinja: |- + {%- for zone in _.dns_zone.nsd_zones %} + /etc/nsd/{{ zone }}.zone + {%- endfor -%} + +nsd_zone_filenames_signed: + type: unix_filename + description: Nom des fichiers de zone signé + multi: true + hidden: true + default: + jinja: |- + {%- for filename in _.nsd_zone_filenames %} + {{ filename }}.signed + {%- endfor -%} + +nsd_reverse_filenames: + type: unix_filename + description: Nom des fichiers de zone reverse + multi: true + hidden: true + mandatory: false + default: + jinja: |- + {% set filenames = [] %} + {%- for name in _.dns_reverses.nsd_reverse_name %} + {% set filename = "/etc/nsd/" + name + "reverse" %} + {%- if filename not in filenames -%} + {% set tmp = filenames.append(filename) %} + {{ filename }} + {%- endif -%} + {%- endfor -%} + +nsd_reverse_filenames_signed: + type: unix_filename + description: Nom des fichiers de zone reverse signé + multi: true + hidden: true + mandatory: false + default: + jinja: |- + {%- for filename in _.nsd_reverse_filenames %} + {{ filename }}.signed + {%- endfor -%} diff --git a/seed/nsd/extras/machine/20_nsd.xml b/seed/nsd/extras/machine/20_nsd.xml deleted file mode 100644 index ac4f5b31..00000000 --- a/seed/nsd/extras/machine/20_nsd.xml +++ /dev/null @@ -1,20 +0,0 @@ - - - - - 256 - - - False - - - False - - - False - - - 512 - - - diff --git a/seed/nsd/extras/machine/20_nsd.yml b/seed/nsd/extras/machine/20_nsd.yml new file mode 100644 index 00000000..b628a69e --- /dev/null +++ b/seed/nsd/extras/machine/20_nsd.yml @@ -0,0 +1,23 @@ +--- +version: 1.1 + +var_size: + redefine: true + default: 256 + +add_tmp: + redefine: true + default: false + +add_srv: + redefine: true + default: false + +add_swap: + redefine: true + default: false + +memory: + redefine: true + exists: true + default: 512 diff --git a/seed/nsd/extras/nsd/00_nsd.xml b/seed/nsd/extras/nsd/00_nsd.xml deleted file mode 100644 index 5b2e33ca..00000000 --- a/seed/nsd/extras/nsd/00_nsd.xml +++ /dev/null @@ -1,33 +0,0 @@ - - - - - - - - A - CNAME - A - - - - - - - - - - A - nsd.nsd_zone_.hostname_.cname_ - - - CNAME - nsd.nsd_zone_.hostname_.ip_ - - - - nsd_zones_all - nsd.nsd_zone_.hostname_.hostname_ - - - diff --git a/seed/nsd/extras/nsd/00_nsd.yml b/seed/nsd/extras/nsd/00_nsd.yml new file mode 100644 index 00000000..83acdd8c --- /dev/null +++ b/seed/nsd/extras/nsd/00_nsd.yml @@ -0,0 +1,50 @@ +--- +version: 1.1 + +"nsd_zone_{{ suffix }}": + description: 'Zone {{ suffix }}' + dynamic: + variable: general.dns_zone.nsd_zones + + "hosts": + description: "Hôtes pour {{ suffix }}" + _type: leadership + + hostname: + description: "Nom d'hôte pour {{ suffix }}" + validators: + - jinja: >- + {{ _.hostname | + valid_dns_hostname(suffix, general.nsd_zones_all) }} + params: + suffix: + type: suffix + + type: + description: 'Type pour {{ suffix }}' + mode: basic + default: A + choices: + - A + - CNAME + + ip: + description: 'Adresse IP a renvoyer pour {{ suffix }}' + type: ip + disabled: + variable: _.type + when: CNAME + + cname: + description: 'Nom de domaine a renvoyer pour {{ suffix }}' + type: domainname + disabled: + variable: _.type + when: A + + ns: + description: 'Nom des serveurs de nom de la zone {{ suffix }}' + type: domainname + multi: true + default: + variable: general.network.interface_{{ suffix }}.domain_name diff --git a/seed/nsd/funcs/funcs.py b/seed/nsd/funcs/funcs.py index dcae4f81..f6cf5414 100644 --- a/seed/nsd/funcs/funcs.py +++ b/seed/nsd/funcs/funcs.py @@ -37,6 +37,8 @@ def nsd_concat_lists(*args, ) -> _List[str]: ret = set() for lst in args: + if lst is None: + continue if cidr: for l in lst: if '/' not in l: @@ -185,9 +187,9 @@ def valid_dns_hostname(hostname, DomainnameOption('a', '', hostname, type='hostname', allow_ip=False) except ValueError as err: err.prefix = '' - raise err from err + return err if hostname + '.' + domainname in zone_names: - raise ValueError(f'"{hostname}.{domainname}" is also a zone name') + return f'"{hostname}.{domainname}" is also a zone name' @_multi_function diff --git a/seed/oauth2-client/applicationservice.yml b/seed/oauth2-client/applicationservice.yml index ea3b43d0..005870b6 100644 --- a/seed/oauth2-client/applicationservice.yml +++ b/seed/oauth2-client/applicationservice.yml @@ -1,2 +1,3 @@ +--- format: '0.1' description: Application service needs interact with a Oauth2 server diff --git a/seed/oauth2-client/dictionaries/30_oauth2_client.xml b/seed/oauth2-client/dictionaries/30_oauth2_client.xml deleted file mode 100644 index e829a151..00000000 --- a/seed/oauth2-client/dictionaries/30_oauth2_client.xml +++ /dev/null @@ -1,63 +0,0 @@ - - - - - - - - - - - - domain_name_eth0 - oauth2_client_id - - - domain_name_eth0 - oauth2_client_id - remote - cleartext - hide_secret - oauth2_client_secret - - - revprox_client_external_domainnames - revprox_client_location - oauth2_client_external - - - False - oauth2_client_name - oauth2_client_description - oauth2_client_external - oauth2_client_family - - - diff --git a/seed/oauth2-client/dictionaries/30_oauth2_client.yml b/seed/oauth2-client/dictionaries/30_oauth2_client.yml new file mode 100644 index 00000000..2247610d --- /dev/null +++ b/seed/oauth2-client/dictionaries/30_oauth2_client.yml @@ -0,0 +1,108 @@ +--- +version: 1.1 + +oauth2: # OAuth2 + + client: # OAuth2 client + + server_domainname: + type: domainname + supplier: OAuth2 + hidden: true + + is_client_application: + hidden: true + default: false + + name: + description: OAuth2 client name + supplier: OAuth2:name + examples: + - example + disabled: &id001 + variable: _.is_client_application + when: false + + description: + description: OAuth2 client description + supplier: OAuth2:description + examples: + - Example description + disabled: *id001 + + login: + type: web_address + description: OAuth2 URL to valid login + supplier: OAuth2:login + mandatory: false + + external: + + external: + type: web_address + description: OAuth2 client external + multi: true + supplier: OAuth2:external + disabled: &id002 + variable: __.is_client_application + when: false + default: + jinja: |- + {%- for domain in general.revprox.client.external_domainnames + | calc_oauth2_client_external(general.revprox.client.location) + %} + {{ domain }} + {%- endfor -%} + + family: + description: OAuth2 family + supplier: OAuth2:family + default: users + disabled: *id002 + + category: + description: OAuth2 category + supplier: OAuth2:category + default: Défaut + + logo: + description: OAuth2 logo + supplier: OAuth2:logo + default: demo.png + + id: + description: OAuth2 ID + hidden: true + supplier: OAuth2:client_id + default: + jinja: >- + {{ general.network.interface_0.domain_name | normalize_family }} + + secret: + type: secret + description: OAuth2 secret + hidden: true + supplier: OAuth2:secret + default: + jinja: >- + {{ _.id | + get_password(server_name=general.network.interface_0.domain_name, + description="remote", + type="cleartext", + hide=general.hide_secret) + }} + + token_signature_algo: + description: OAuth2 token signature algorithm + hidden: true + supplier: OAuth2:token_signature_algo + default: HS512 + choices: + - HS512 + - RS256 + + domainname: + description: OAuth2 server domain name + type: domainname + provider: OAuth2:external_domain + hidden: true diff --git a/seed/odoo/applicationservice.yml b/seed/odoo/applicationservice.yml index b95f5450..d422eba7 100644 --- a/seed/odoo/applicationservice.yml +++ b/seed/odoo/applicationservice.yml @@ -1,3 +1,4 @@ +--- format: '0.1' description: Odoo, an ERP and CRM website: https://www.odoo.com/fr diff --git a/seed/odoo/dictionaries/40_odoo.xml b/seed/odoo/dictionaries/40_odoo.xml deleted file mode 100644 index 8f483702..00000000 --- a/seed/odoo/dictionaries/40_odoo.xml +++ /dev/null @@ -1,98 +0,0 @@ - - - - - - /sysusers.d/1odoo.conf - /tmpfiles.d/0odoo.conf - /sbin/config_odoo.py - /etc/odoo/odoo.conf - /etc/odoo/postgresql.pass - /etc/hosts - /etc/nginx/sites-enabled/odoo.conf - - - - - - - - odoo - - - - - True - - - ERP - - - ERP Odoo - - - Entreprise - - - silique_note.png - - - - - - - - - - odoo - - - - - - False - - - - - - domain_name_eth0 - admin - admin - cleartext - hide_secret - True - odoo_admin_password - - - diff --git a/seed/odoo/dictionaries/40_odoo.yml b/seed/odoo/dictionaries/40_odoo.yml new file mode 100644 index 00000000..0fc46165 --- /dev/null +++ b/seed/odoo/dictionaries/40_odoo.yml @@ -0,0 +1,160 @@ +--- +version: 1.1 + +odoo: # Odoo + + admin_password: + type: secret + description: Mot de passe de l'administrateur + hidden: true + default: + jinja: >- + {{ "admin" | + get_password(server_name=general.network.interface_0.domain_name, + description="admin", + type="cleartext", + hide=general.hide_secret, + temporary=true) + }} + + admin_email: + type: mail + description: Adresse courriel de l'administrateur + examples: + - johndoe@example.net + + company_name: + description: Nom + examples: + - ACME + + company_street: + description: Adresse + examples: + - John Doe Street + + company_city: + description: Ville + examples: + - Dijon + + company_zip: + description: Code postal + examples: + - '21000' + + company_vat: + description: Numéro TVA + examples: + - FR 99999999999 + + company_registry: + description: Registre de la société + examples: + - 999 999 999 00099 + + company_phone: + description: Numéro de téléphone + mode: basic + mandatory: false + + company_mobile: + description: Numéro de téléphone mobile + mode: basic + mandatory: false + + company_email: + description: Adresse courriel + examples: + - johndoe@example.net + + company_website: + description: Site internet + examples: + - https://example.net + + company_logo: + type: unix_filename + description: Chemin du logo + examples: + - /home/jdoe/logo.png + + company_footer: + description: Pied de page des documents + examples: + - foot + + company_layout: + description: Agencement des documents + mode: basic + default: standard + choices: + - standard + - bold + - boxed + - striped + + addons: + description: Liste des applications à activer + mode: advanced + default: + - base + - l10n_fr + - l10n_fr_fec + - account + - hr + - hr_contract + - sale_management + +postgresql: + + client: + + key_owner: + redefine: true + default: odoo + +oauth2: + + client: + + is_client_application: + redefine: true + default: true + + name: + redefine: true + default: ERP + + description: + redefine: true + default: ERP Odoo + + category: + redefine: true + default: Entreprise + + logo: + redefine: true + default: silique_note.png + + external: + + family: + redefine: true + default: + - users + +ldap: + + client: + + key_file_owner: + redefine: true + default: odoo + +nginx: + + default_https: + redefine: true + default: false diff --git a/seed/openldap/applicationservice.yml b/seed/openldap/applicationservice.yml index 5b16eb20..129d64eb 100644 --- a/seed/openldap/applicationservice.yml +++ b/seed/openldap/applicationservice.yml @@ -1,6 +1,7 @@ +--- format: '0.1' description: OpenLDAP, the LDAP server -help: | +help: |- This service provides a LDAP server. It is possible to request the creation of users. Those users can be mixed or diff --git a/seed/openldap/dictionaries/21_openldap-server.xml b/seed/openldap/dictionaries/21_openldap-server.xml deleted file mode 100644 index 0a37c37e..00000000 --- a/seed/openldap/dictionaries/21_openldap-server.xml +++ /dev/null @@ -1,128 +0,0 @@ - - - - - - openldap - /var/lib/ldap/DB_CONFIG - /etc/ldap/secrets/config.ldif - /etc/ldap/secrets/users.ldif - /secrets/users_mod.ldif - /secrets/config_acl.ldif - /secrets/admin_ldap.pwd - /sysusers.d/risotto-openldap.conf - /etc/openldap/ldap.conf - /tmpfiles.d/0openldap-server.conf - /tests/openldap.yml - - - - - - - - - - - ldap_base_dn - - - prefix_domain_name - ldap_base_dn - - - domain_name_eth0 - ldap_user - remote account - cleartext - hide_secret - True - ldap_user_password - - - ldap_base_dn - True - ldap_account_dn - - - cn=admin - ldap_base_dn - , - ldap_user - - - - ldap_base_dn - ldap_user_dn - - - ldap_base_dn - True - ldap_group_dn - - - diff --git a/seed/openldap/dictionaries/21_openldap-server.yml b/seed/openldap/dictionaries/21_openldap-server.yml new file mode 100644 index 00000000..d12c9b2f --- /dev/null +++ b/seed/openldap/dictionaries/21_openldap-server.yml @@ -0,0 +1,141 @@ +--- +version: 1.1 + +ldap: # LDAP + + prefix_domain_name: + hidden: true + provider: global:prefix_domain_name + + ldap_schemas: + description: Additional LDAP schemas + mode: advanced + type: unix_filename + default: + - /etc/openldap/schema/cosine.ldif + - /etc/openldap/schema/inetorgperson.ldif + - /etc/openldap/schema/nis.ldif + - /etc/openldap/schema/misc.ldif + + limits: + description: Limits + mode: advanced + + ldap_loglevel: 0 # Log level + + ldap_sizelimit: + description: Nombre maximum d'entrées à retourner lors d'une requête + default: 5000 + + ldap_timelimit: + description: Temps de réponse maximum à une requête (en secondes) + default: 3600 + + db_environment: + description: DB environment + mode: advanced + + db_cache_size_g: 0 # Quantité de Giga-octets à utiliser pour le cache HDB + + db_cache_size_o: 268435456 # Quantité d'octets à utiliser pour le cache HDB + + db_cache_chunks: 1 # Nombre de fichiers ou écrire le cache HDB + + db_log_region_max: + description: Quantité de fichier de cache mis en cache mémoire + default: 262144 + + db_log_max: + description: >- + Quantité d'informations de journalisation conservé jusqu'à rotation + default: 10485760 + + db_log_bsize: + description: >- + Quantité d'informations de journalisation du cache reporté sur + le disque + default: 2097152 + + db_log_directory: + description: Répertoire de conservation des informations de journalisation + type: unix_filename + default: /srv/openldap/log + + db_lk_max_objects: + description: "Nombre d'objet qui peuvent être verrouillés simultanément " + default: 5000 + + db_lk_max: 5000 # Nombre de verrous maximal + + db_lk_max_lockers: 5000 # Nombre de verroulleur maximal + + openldap_key_file: + type: unix_filename + mandatory: false + hidden: true + + ldap_user: + default: + jinja: >- + cn=admin,{{ general.ldap.ldap_base_dn }} + hidden: true + + ldap_user_password: + description: Mot de passe de l'utilisateur LDAP + type: secret + default: + jinja: >- + {{ general.ldap.ldap_user | + get_password(server_name=general.network.interface_0.domain_name, + description="remote account", + type="cleartext", + hide=general.hide_secret, + temporary=true) + }} + hidden: true + + ldap_base_dn: + description: Base DN + validators: + - jinja: >- + {%- set var = {'ok': false} -%} + {%- for att in ['o', 'dc', 'ou'] -%} + {%- if _.ldap_base_dn.startswith(att + '=') -%} + {%- set var = var.update({'ok': true}) -%} + {%- endif -%} + {%- endfor -%} + {%- if not var.ok -%} + {%- set e = "the LDAP base DN must starts with an " -%} + {%- set e = e + "organisation (o=), a domain componant (dc=) " -%} + {%- set e = e + "or an organizational unit (ou=)" -%} + {{ e }} + {%- endif -%} + description: >- + if LDAP base DN starts with an organisation (o=), a domain componant + (dc=) or an organizational unit (ou=) + default: + jinja: >- + {{ general.ldap.prefix_domain_name | get_default_base_dn }} + hidden: true + + ldap_account_dn: + description: Base DN de l'annuaire des utilisateurs + default: + jinja: >- + {{ general.ldap.ldap_base_dn | calc_ldapclient_base_dn(base=true) }} + hidden: true + + ldap_user_dn: + description: >- + Base DN de l'annuaire des utilisateurs n'appartenant à une famille + default: + jinja: >- + {{ general.ldap.ldap_base_dn | calc_ldapclient_base_dn }} + hidden: true + + ldap_group_dn: + description: Base DN de l'annuaire des groupes + default: + jinja: >- + {{ general.ldap.ldap_base_dn | calc_ldapclient_base_dn(group=true) }} + hidden: true diff --git a/seed/openldap/extras/accounts/00_account.xml b/seed/openldap/extras/accounts/00_account.xml deleted file mode 100644 index 8f4a1022..00000000 --- a/seed/openldap/extras/accounts/00_account.xml +++ /dev/null @@ -1,51 +0,0 @@ - - - - - - - domain_name_eth0 - accounts.users.ldap_user_mail - ldap user - cleartext - hide_secret - True - accounts.users.ldap_user_password - - - domain_name_eth0 - accounts.family_.users_.ldap_user_mail_ - ldap family user - cleartext - hide_secret - True - accounts.family_.users_.ldap_user_password_ - - - diff --git a/seed/openldap/extras/accounts/00_account.yml b/seed/openldap/extras/accounts/00_account.yml new file mode 100644 index 00000000..d548bda0 --- /dev/null +++ b/seed/openldap/extras/accounts/00_account.yml @@ -0,0 +1,157 @@ +--- +version: 1.1 + +remotes: + description: Create account and connexion to a LDAP server + type: domainname + multi: true + mandatory: false + hidden: true + provider: LDAP + +"remote_{{ suffix }}": + dynamic: + variable: accounts.remotes + hidden: true + + family: + description: 'LDAP family name for {{ suffix }}' + mandatory: false + provider: LDAP:family + + dn: + description: 'LDAP account DN for {{ suffix }}' + mandatory: false + provider: LDAP:dn + + password: + description: 'LDAP passowrd for {{ suffix }}' + type: secret + mandatory: false + provider: LDAP:password + + base_dn: + description: 'LDAP base DN for {{ suffix }}' + mandatory: false + provider: LDAP:base_dn + +users: + description: Users management + help: >- + Management of manually created local users. Those users are not classified + type: leadership + + ldap_user_mail: + description: Email address + examples: + - johndoe@example.net + help: An user is identify by his email address. + type: mail + mandatory: false + + ldap_user_aliases: + description: Emails aliases + multi: true + examples: + - jdoe@example.net + type: mail + mandatory: false + + ldap_user_uid: + description: Account name + examples: + - jdoe + type: unix_user + + ldap_user_gn: + description: Given name + examples: + - John + type: string + + ldap_user_sn: + description: Surname + examples: + - Doe + type: string + + ldap_user_password: + type: secret + default: + jinja: >- + {{ accounts.users.ldap_user_mail | + get_password(server_name=general.network.interface_0.domain_name, + description="ldap user", + type="cleartext", + hide=general.hide_secret, + temporary=true) + }} + hidden: true + +families: + description: Families to create + type: unix_user + multi: true + help: >- + Users can be classified into families. This variable contains all the names + of the families to be created. + mandatory: false + +"family_{{ suffix }}": + description: 'Management of family {{ suffix }}' + dynamic: + variable: accounts.families + + users: + description: 'Users management for the family {{ suffix }}' + help: >- + Management of manually created users. Those users are classified in a + family. + type: leadership + + ldap_user_mail: + description: 'Email address for the family {{ suffix }}' + examples: + - johndoe@family.net + help: An user is identify by his email address. + type: mail + mandatory: false + + ldap_user_aliases: + description: 'Emails aliases for the family {{ suffix }}' + examples: + - jdoe@family.net + type: mail + multi: true + mandatory: false + + ldap_user_uid: + description: 'Account name for the family {{ suffix }}' + examples: + - jdoe + type: unix_user + + ldap_user_gn: + description: 'Given name for the family {{ suffix }}' + examples: + - John + type: string + + ldap_user_sn: + description: 'Surname for the family {{ suffix }}' + examples: + - Doe + type: string + + ldap_user_password: + type: secret + default: + jinja: >- + {{ _.ldap_user_mail | + get_password(server_name=general.network.interface_0.domain_name, + description="ldap family user", + type="cleartext", + hide=general.hide_secret, + temporary=true) + }} + hidden: true diff --git a/seed/openldap/extras/machine/20_openldap.xml b/seed/openldap/extras/machine/20_openldap.xml deleted file mode 100644 index c8842485..00000000 --- a/seed/openldap/extras/machine/20_openldap.xml +++ /dev/null @@ -1,17 +0,0 @@ - - - - - 256 - - - False - - - False - - - 512 - - - diff --git a/seed/openldap/extras/machine/20_openldap.yml b/seed/openldap/extras/machine/20_openldap.yml new file mode 100644 index 00000000..789bb984 --- /dev/null +++ b/seed/openldap/extras/machine/20_openldap.yml @@ -0,0 +1,19 @@ +--- +version: 1.1 + +var_size: + redefine: true + default: 256 + +add_tmp: + redefine: true + default: false + +add_swap: + redefine: true + default: false + +memory: + redefine: true + exists: true + default: 512 diff --git a/seed/openldap/funcs/ldap.py b/seed/openldap/funcs/ldap.py index 14f65b84..12cdfd3b 100644 --- a/seed/openldap/funcs/ldap.py +++ b/seed/openldap/funcs/ldap.py @@ -70,12 +70,3 @@ def get_default_base_dn(prefix: str) -> str: domain = ['ou=' + domain for domain in values[0:-2]] domain.append(f'o={values[-2]},o={values[-1]}') return ','.join(domain) - - -def valid_base_dn(base_dn: str) -> None: - # copied from ldap-client - for att in ['o', 'dc', 'ou']: - if base_dn.startswith(att + '='): - break - else: - raise ValueError('La racine doit débuter par une organisation (o=), une composante du domaine (dc=) ou une unité organisationnelle (ou=)') diff --git a/seed/peertube/applicationservice.yml b/seed/peertube/applicationservice.yml index 590bb35d..c2aca12a 100644 --- a/seed/peertube/applicationservice.yml +++ b/seed/peertube/applicationservice.yml @@ -1,3 +1,4 @@ +--- format: '0.1' description: Peertube, a federated (ActivityPub) video streaming platform website: https://www.openldap.org/ diff --git a/seed/peertube/dictionaries/30_peertube.xml b/seed/peertube/dictionaries/30_peertube.xml deleted file mode 100644 index 716950ab..00000000 --- a/seed/peertube/dictionaries/30_peertube.xml +++ /dev/null @@ -1,80 +0,0 @@ - - - - - - /sysusers.d/0peertube.conf - /tmpfiles.d/0peertube.conf - /etc/peertube/production.yaml - /etc/nginx/default.d/peertube.conf - /etc/nginx/conf.d/peertube.conf - - - - - - 443 - - - - - - PeerTube, an ActivityPub-federated video streaming platform using P2P directly in your web browser. - - - Welcome to this PeerTube instance! - - - - - True - - - Vidéo - - - Plateforme de partage de vidéo Peertube - - - Réseaux sociaux - - - silique_video.png - - - - - - - - /usr/share/peertube - - - - - - / - - - 12G - - - - - - - revprox_client_external_domainnames - revprox_client_location - plugins/auth-openid-connect/0.1.0/auth/openid-connect - oauth2_client_external - - - True - False - revprox_client_location - /socket.io - revprox_client_is_websocket - - - - diff --git a/seed/peertube/dictionaries/30_peertube.yml b/seed/peertube/dictionaries/30_peertube.yml new file mode 100644 index 00000000..9d4716f4 --- /dev/null +++ b/seed/peertube/dictionaries/30_peertube.yml @@ -0,0 +1,96 @@ +--- +version: 1.1 + +network: + + outgoing_ports: + redefine: true + default: + - 443 + +peertube: + + admin_email: + description: Adresse courriel de l'administrateur Peertube + examples: + - john.doe@example.net + type: mail + + short_description: + description: Description courte de l'instance + default: >- + PeerTube, an ActivityPub-federated video streaming platform using P2P + directly in your web browser. + + description: + description: Description de l'instance + default: Welcome to this PeerTube instance! + +oauth2: + + client: + + is_client_application: + redefine: true + default: true + + name: + redefine: true + default: Vidéo + + description: + redefine: true + default: Plateforme de partage de vidéo Peertube + + category: + redefine: true + default: Réseaux sociaux + + logo: + redefine: true + default: silique_video.png + + external: + + external: + redefine: true + default: + jinja: |- + {%- for val in + general.revprox.client.external_domainnames | + calc_oauth2_client_external( + general.revprox.client.location, + "plugins/auth-openid-connect/0.1.0/auth/openid-connect" + ) + %} + {{ val }} + {%- endfor -%} + +nginx: + + root: + redefine: true + default: /usr/share/peertube + +revprox: + + client: + + location: + redefine: true + default: / + + max_body_size: + redefine: true + default: 12G + + is_websocket: + redefine: true + type: boolean + default: + jinja: >- + {%- if _.location == "/socket.io" -%} + true + {%- else -%} + false + {%- endif -%} diff --git a/seed/php-fpm/applicationservice.yml b/seed/php-fpm/applicationservice.yml index 6e8bc5fd..02ce36b3 100644 --- a/seed/php-fpm/applicationservice.yml +++ b/seed/php-fpm/applicationservice.yml @@ -1,3 +1,4 @@ +--- format: '0.1' description: PHP FPM depends: diff --git a/seed/php-fpm/dictionaries/20_phpfpm.xml b/seed/php-fpm/dictionaries/20_phpfpm.xml deleted file mode 100644 index d1cdfe5f..00000000 --- a/seed/php-fpm/dictionaries/20_phpfpm.xml +++ /dev/null @@ -1,18 +0,0 @@ - - - - - /etc/php-fpm.conf - /etc/php-fpm.d/www.conf - /sysusers.d/phpfpm.conf - /tmpfiles.d/0phpfpm.conf - - - - - - - - diff --git a/seed/php-fpm/dictionaries/20_phpfpm.yml b/seed/php-fpm/dictionaries/20_phpfpm.yml new file mode 100644 index 00000000..a7067dab --- /dev/null +++ b/seed/php-fpm/dictionaries/20_phpfpm.yml @@ -0,0 +1,9 @@ +--- +version: 1.1 + +nginx: + + php_fpm_user: + type: unix_user + hidden: true + default: root diff --git a/seed/php/applicationservice.yml b/seed/php/applicationservice.yml index 5ddef7e3..07372eea 100644 --- a/seed/php/applicationservice.yml +++ b/seed/php/applicationservice.yml @@ -1,3 +1,4 @@ +--- format: '0.1' description: PHP, a popular general-purpose scripting language website: https://secure.php.net/ diff --git a/seed/php/dictionaries/20_php.xml b/seed/php/dictionaries/20_php.xml deleted file mode 100644 index ed80b0f8..00000000 --- a/seed/php/dictionaries/20_php.xml +++ /dev/null @@ -1,36 +0,0 @@ - - - - - /etc/php.ini - - - - - - 32 - - - 16 - - - 30 - - - 60 - - - 512 - - - 3600 - - - - - - diff --git a/seed/php/dictionaries/20_php.yml b/seed/php/dictionaries/20_php.yml new file mode 100644 index 00000000..80fae8e8 --- /dev/null +++ b/seed/php/dictionaries/20_php.yml @@ -0,0 +1,49 @@ +--- +version: 1.1 + +php: + description: PHP + mode: advanced + help: Paramètrage avancé de PHP + + post_max_size: + description: Maximum size of POST data that PHP will accept + help: Value in Mb + default: 32 + + upload_max_filesize: + description: Maximum allowed size for uploaded files + help: Value in Mb + default: 16 + + max_execution_time: + description: >- + Maximum amount of time each script may spend parsing request data + help: Value in seconds + default: 30 + + max_input_time: + description: >- + Maximum amount of time each script may spend parsing request data + help: Value in seconds + default: 60 + + memory_limit: + description: Maximum amount of memory a script may consume + help: Value in Mb + default: 512 + + session_gc_maxlifetime: + description: >- + Data will be seen as 'garbage' and potentially cleaned up after this + delay + help: Value in seconds + default: 3600 + + enable_output_buffering: + hidden: true + default: true + + disable_pcntl: + hidden: true + default: true diff --git a/seed/piwigo/applicationservice.yml b/seed/piwigo/applicationservice.yml index 1e75689d..e393cb93 100644 --- a/seed/piwigo/applicationservice.yml +++ b/seed/piwigo/applicationservice.yml @@ -1,3 +1,4 @@ +--- format: '0.1' description: Piwigo, a photo management software website: http://piwigo.org/ diff --git a/seed/piwigo/dictionaries/31_piwigo.xml b/seed/piwigo/dictionaries/31_piwigo.xml deleted file mode 100644 index a8758b56..00000000 --- a/seed/piwigo/dictionaries/31_piwigo.xml +++ /dev/null @@ -1,58 +0,0 @@ - - - - - /tmpfiles.d/0piwigo.conf - /etc/piwigo/config.inc.php - /etc/piwigo/database.inc.php - /sbin/piwigo.sh - /etc/php-fpm.d/piwigo.conf - /etc/nginx/default.d/piwigo.conf - - - - - - - - - True - - - Album - - - Album photographique Piwigo - - - Diffusion - - - silique_image.png - - - - - - domain_name_eth0 - admin_password - piwigo - cleartext - hide_secret - piwigo_admin_password - - - piwigo_users - piwigo_locations - - - diff --git a/seed/piwigo/dictionaries/31_piwigo.yml b/seed/piwigo/dictionaries/31_piwigo.yml new file mode 100644 index 00000000..cb24ee84 --- /dev/null +++ b/seed/piwigo/dictionaries/31_piwigo.yml @@ -0,0 +1,76 @@ +--- +version: 1.1 + +piwigo: # Piwigo + + admin_email: + type: mail + description: Adresse courriel de l'administrateur Piwigo + examples: + - admin@example.net + + admin_password: + type: secret + auto_save: false + hidden: true + default: + jinja: >- + {{ "admin_password" | + get_password(server_name=general.network.interface_0.domain_name, + description="piwigo", + type="cleartext", + hide=general.hide_secret) + }} + + locations: + type: unix_filename + multi: true + hidden: true + default: + jinja: |- + / + {%- for user in _.users.users %} + /{{ user }} + {%- endfor -%} + + title: Album photographique # Titre de l'album + + users: + description: Piwigo users + type: leadership + + users: + type: unix_user + description: Utilisateur ayant un album + examples: + - jdoe + + email: + type: mail + description: Adresse courriel + examples: + - johndoe@example.net + +oauth2: + + client: + + is_client_application: + redefine: true + default: true + + name: + redefine: true + default: Album + + description: + redefine: true + default: Album photographique Piwigo + + category: + redefine: true + default: Diffusion + + logo: + redefine: true + default: silique_image.png diff --git a/seed/piwigo/funcs/piwigo.py b/seed/piwigo/funcs/piwigo.py deleted file mode 100644 index d177538c..00000000 --- a/seed/piwigo/funcs/piwigo.py +++ /dev/null @@ -1,6 +0,0 @@ -from risotto.utils import multi_function as _multi_function - - -@_multi_function -def get_locations(usernames): - return ['/'] + ['/' + user for user in usernames] diff --git a/seed/pki-tls/applicationservice.yml b/seed/pki-tls/applicationservice.yml index 2c29ca65..5fd40992 100644 --- a/seed/pki-tls/applicationservice.yml +++ b/seed/pki-tls/applicationservice.yml @@ -1,2 +1,3 @@ +--- format: '0.1' description: Autosign PKI or Let's encrypt support for TLS certificates diff --git a/seed/pki-tls/dictionaries/20_tls.xml b/seed/pki-tls/dictionaries/20_tls.xml deleted file mode 100644 index 0ed80832..00000000 --- a/seed/pki-tls/dictionaries/20_tls.xml +++ /dev/null @@ -1,10 +0,0 @@ - - - - - /tmpfiles.d/0certificate.conf - - - - - diff --git a/seed/postfix-lmtp-relay/applicationservice.yml b/seed/postfix-lmtp-relay/applicationservice.yml index 79a68c8a..bcb8d083 100644 --- a/seed/postfix-lmtp-relay/applicationservice.yml +++ b/seed/postfix-lmtp-relay/applicationservice.yml @@ -1,3 +1,4 @@ +--- format: '0.1' description: Postfix, the mail server, as LMTP relay website: http://www.postfix.org/ diff --git a/seed/postfix-lmtp-relay/extras/lmtp/00_lmtp.xml b/seed/postfix-lmtp-relay/extras/lmtp/00_lmtp.xml deleted file mode 100644 index 64662bf8..00000000 --- a/seed/postfix-lmtp-relay/extras/lmtp/00_lmtp.xml +++ /dev/null @@ -1,15 +0,0 @@ - - - - - - - lmtp.lmtp_.criteria_ - postfix_relay_domains - - - diff --git a/seed/postfix-relay/applicationservice.yml b/seed/postfix-relay/applicationservice.yml index 7e0789d1..ef1037df 100644 --- a/seed/postfix-relay/applicationservice.yml +++ b/seed/postfix-relay/applicationservice.yml @@ -1,7 +1,9 @@ +--- format: '0.1' description: Postfix, the mail server, as relay -help: | - The mail relay allows the various internal services to communicate with the other services. +help: |- + The mail relay allows the various internal services to communicate + with the other services. It is also possible to receive from outside or send emails to the outside. website: http://www.postfix.org/ depends: diff --git a/seed/postfix-relay/dictionaries/30_postfix.xml b/seed/postfix-relay/dictionaries/30_postfix.xml deleted file mode 100644 index 6ad01ddf..00000000 --- a/seed/postfix-relay/dictionaries/30_postfix.xml +++ /dev/null @@ -1,87 +0,0 @@ - - - - - - postfix - domain_name_eth - /sysusers.d/1postfix.conf - /tmpfiles.d/0postfix.conf - /etc/postfix/main.cf - /etc/postfix/lmtp - /etc/postfix/sni - /etc/postfix/master.cf - - - /etc/sasl2/smtpd.conf - - - /sysusers.d/0opendkim.conf - /etc/opendkim.conf - /etc/opendkim/KeyTable - /etc/opendkim/SigningTable - /etc/opendkim/TrustedHosts - opendkim_keys - - - /sysusers.d/0opendmarc.conf - /tmpfiles.d/0opendmarc.conf - /etc/opendmarc.conf - - - - - - - - - - - self-signed - self-signed - letsencrypt - - - - - - - - /etc/opendkim/keys/ - postfix_relay_domains - .key - - True - opendkim_keys - - - zones - - postfix_relay_ip_ - - - - 25 - postfix_mail_hostname - - True - incoming_ports - - - - 25 - postfix_mail_hostname - - True - outgoing_ports - - - diff --git a/seed/postfix-relay/dictionaries/30_postfix.yml b/seed/postfix-relay/dictionaries/30_postfix.yml new file mode 100644 index 00000000..8e17997f --- /dev/null +++ b/seed/postfix-relay/dictionaries/30_postfix.yml @@ -0,0 +1,98 @@ +--- +version: 1.1 + +network: + + outgoing_ports: + redefine: true + default: + jinja: >- + {%- if general.postfix.mail_hostname -%} + 25 + {%- endif -%} + + incoming_ports: + redefine: true + default: + variable: _.outgoing_ports + +postfix: + description: Postfix mail server + + mail_hostname: + description: External email server domain name + help: >- + This variable is mandatory if mail server needs to interact with external + area + mode: basic + type: domainname + mandatory: false + + crt_provider: + description: Type of certificate autority signing external certificate + mode: basic + help: >- + The certificate can be self-signed (therefore invalid by default for the + client) or obtained via the Let's Encrypt service (generally valid for + the client) + choices: + - self-signed + - letsencrypt + default: self-signed + + relay_domains: + type: domainname + multi: true + mandatory: false + hidden: true + + relay_authentifications: + description: Create a SMTP relay account and authorize sending email + help: >- + A service needs send email with SMTP protocol, so an account is created + and SMTP relay accept sending mail by this account + multi: true + mandatory: false + hidden: true + provider: SMTP + + "local_authentification_{{ suffix }}": + dynamic: + variable: _.relay_authentifications + hidden: true + + local_authentification_username: + description: 'User account to send email for {{ suffix }}' + type: unix_user + mandatory: false + provider: SMTP:username + + local_authentification_password: + description: 'Password to send email for {{ suffix }}' + type: secret + mandatory: false + provider: SMTP:password + + relay_ip: + type: ip + default: + jinja: >- + {{ zones | get_ip(suffix) }} + params: + zones: + information: zones + suffix: + type: suffix + +opendkim: + + opendkim_keys: + type: unix_filename + multi: true + default: + jinja: |- + {%- for domaine in general.postfix.relay_domains %} + /etc/opendkim/keys/{{ domain }}.key + {%- endfor -%} + mandatory: false + hidden: true diff --git a/seed/postgresql-client/applicationservice.yml b/seed/postgresql-client/applicationservice.yml index e529c920..167cd1df 100644 --- a/seed/postgresql-client/applicationservice.yml +++ b/seed/postgresql-client/applicationservice.yml @@ -1,3 +1,4 @@ +--- format: '0.1' description: Application service needs interact with a Postgresql server website: https://www.postgresql.org diff --git a/seed/postgresql-client/dictionaries/23_postgresql.xml b/seed/postgresql-client/dictionaries/23_postgresql.xml deleted file mode 100644 index 11d9604f..00000000 --- a/seed/postgresql-client/dictionaries/23_postgresql.xml +++ /dev/null @@ -1,49 +0,0 @@ - - - - - postgresql - /secrets/postgresql.pass - /secrets/postgresql.pass2 - /sysusers.d/0postgresqlclient.conf - - - - - - - - - domain_name_eth0 - pg_client_username - - - - pg_client_server_domainname - domain_name_eth0 - remote - cleartext - hide_secret - pg_client_password - - - pg_client_username - pg_client_database - - - Debian - postgresql_debian - - - diff --git a/seed/postgresql-client/dictionaries/23_postgresql.yml b/seed/postgresql-client/dictionaries/23_postgresql.yml new file mode 100644 index 00000000..1f866bf9 --- /dev/null +++ b/seed/postgresql-client/dictionaries/23_postgresql.yml @@ -0,0 +1,43 @@ +--- +version: 1.1 + +postgresql: # PostgreSQL + + client: # PostgreSQL as a client + + server_domainname: + type: domainname + supplier: Postgresql + hidden: true + + username: + supplier: Postgresql:username + hidden: true + default: + jinja: >- + {{ general.network.interface_0.domain_name | normalize_family }} + + password: + type: secret + supplier: Postgresql:password + hidden: true + default: + jinja: >- + {% set server_name = _.server_domainname %} + {{ general.network.interface_0.domain_name | + get_password(server_name=server_name, + description="remote", + type="cleartext", + hide=general.hide_secret) + }} + + database: + supplier: Postgresql:database + hidden: true + default: + variable: _.username + + key_owner: + type: unix_user + hidden: true + default: apache diff --git a/seed/postgresql/applicationservice.yml b/seed/postgresql/applicationservice.yml index 134ea81a..a841403c 100644 --- a/seed/postgresql/applicationservice.yml +++ b/seed/postgresql/applicationservice.yml @@ -1,3 +1,4 @@ +--- format: '0.1' description: Postgresql, a database website: https://www.postgresql.org diff --git a/seed/postgresql/dictionaries/22_postgresql.xml b/seed/postgresql/dictionaries/22_postgresql.xml deleted file mode 100644 index 73ea7a31..00000000 --- a/seed/postgresql/dictionaries/22_postgresql.xml +++ /dev/null @@ -1,83 +0,0 @@ - - - - - - postgresql - accounts.remote_.remote_ip_ - /etc/postgresql/postgresql.conf - /etc/postgresql/pg_hba.conf - /etc/postgresql/postgresql.sql - /etc/postgresql/pg_ident.conf - /sbin/postgresql_init - /sysusers.d/0postgresql.conf - /tmpfiles.d/0postgresql.conf - /tests/postgresql.yml - /sbin/risotto_backup - - - - - - 100 - - - 60 - - - /etc/postgresql/12/main/server.key - - - /etc/postgresql/12/main/server.crt - - - - 4 - - - MB - MB - kB - - - 64 - - - MB - MB - kB - - - -1 - - - 1 - - - GB - GB - MB - kB - - - 128 - - - MB - MB - kB - - - 4 - - - GB - MB - kB - GB - - - - - - diff --git a/seed/postgresql/dictionaries/22_postgresql.yml b/seed/postgresql/dictionaries/22_postgresql.yml new file mode 100644 index 00000000..80c53b91 --- /dev/null +++ b/seed/postgresql/dictionaries/22_postgresql.yml @@ -0,0 +1,110 @@ +--- +version: 1.1 + +postgresql: + description: PostgreSQL + help: Paramétrage du serveur de gestion de bases de données PostgreSQL + + pg_max_connections: + description: Nombre maximum de connexions + help: >- + Nombre maximum de connexions concurrentes au serveur de base de données + default: 100 + + pg_authentication_timeout: + description: Délai de connexion maximum (en secondes) + help: Temps maximum pour terminer l'authentification du client + default: 60 + + pg_server_key: + type: unix_filename + description: Emplacement de la clé SSL du serveur PostgreSQL + default: /etc/postgresql/12/main/server.key + + pg_server_cert: + type: unix_filename + description: Emplacement du certificat du serveur PostgreSQL + default: /etc/postgresql/12/main/server.crt + + pg_autovacuum: + type: boolean + description: Activer le VACUUM automatique + + pg_work_mem: + description: Mémoire tampon allouée aux opérations de tri et tables de hash + help: >- + Quantité de mémoire, en MB, allouée à chaque opération avant écriture + sur le disque + default: 4 + + pg_work_mem_unit: + description: Unité de la mémoire tampon + default: MB + choices: + - MB + - kB + + pg_maintenance_work_mem: + description: Mémoire tampon allouée pour les opérations de maintenance + help: >- + Quantité de mémoire allouée, en MB, à chaque opération avant + écriture sur le disque + default: 64 + params: + min_lentgh: 1 + + pg_maintenance_work_mem_unit: + description: Unité de la mémoire tampon + default: MB + choices: + - MB + - kB + + pg_wal_buffers: + description: Mémoire tampon allouée pour les journaux + help: >- + Quantité de mémoire allouée avant écriture sur le disque + (par défaut -1, soit 1/32ème de la valeur de shared_buffers) + default: -1 + + pg_max_wal_size: + description: Limite douce du Write Ahead Log + help: Limite douce pour le Write Ahead Log + default: 1 + + pg_max_wal_size_unit: + description: Unité de la limite douce du Write Ahead Log + default: GB + choices: + - GB + - MB + - kB + + pg_shared_buffers: + description: Quantité de mémoire pour les buffers partagés + help: >- + Quantité de mémoire que le serveur de bases de données utilise + comme mémoire partagée + default: 128 + + pg_shared_buffers_unit: + description: Unité de la quantité de mémoire pour les buffers partagés + default: MB + choices: + - MB + - kB + + pg_effective_cache_size: + description: Taille du cache + help: >- + Initialise l'estimation faite par le planificateur pour le nombre de bloc + de 8ko réelle du cache disque disponible pour une requête + default: 4 + + pg_effective_cache_size_unit: + description: Unité de la taille du cache + default: GB + choices: + - MB + - kB + - GB diff --git a/seed/postgresql/extras/accounts/00_accounts.xml b/seed/postgresql/extras/accounts/00_accounts.xml deleted file mode 100644 index 120d5627..00000000 --- a/seed/postgresql/extras/accounts/00_accounts.xml +++ /dev/null @@ -1,19 +0,0 @@ - - - - - - - zones - - accounts.remote_.remote_ip_ - - - diff --git a/seed/postgresql/extras/accounts/00_accounts.yml b/seed/postgresql/extras/accounts/00_accounts.yml new file mode 100644 index 00000000..30c69315 --- /dev/null +++ b/seed/postgresql/extras/accounts/00_accounts.yml @@ -0,0 +1,41 @@ +--- +version: 1.1 + +remotes: + description: Create account and connexion to a PostgreSQL server + type: domainname + multi: true + mandatory: false + hidden: true + provider: Postgresql + +"remote_{{ suffix }}": + description: 'Account for {{ suffix }}' + hidden: true + dynamic: + variable: accounts.remotes + + remote_ip: + description: 'Remote IP {{ suffix }}' + type: ip + default: + jinja: >- + {{ zones | get_ip(suffix) }} + params: + zones: + information: zones + suffix: + type: suffix + + database: + description: 'Postgresql database name for {{ suffix }}' + provider: Postgresql:database + + username: + description: 'Postgresql username for {{ suffix }}' + provider: Postgresql:username + + password: + description: 'Postgresql password for {{ suffix }}' + type: secret + provider: Postgresql:password diff --git a/seed/prometheus/applicationservice.yml b/seed/prometheus/applicationservice.yml index 0557debf..0a7a084d 100644 --- a/seed/prometheus/applicationservice.yml +++ b/seed/prometheus/applicationservice.yml @@ -1,3 +1,4 @@ +--- format: '0.1' description: Prometheus, an event monitoring website: https://prometheus.io/ diff --git a/seed/prometheus/dictionaries/20_prometheus.xml b/seed/prometheus/dictionaries/20_prometheus.xml deleted file mode 100644 index 03b30cd0..00000000 --- a/seed/prometheus/dictionaries/20_prometheus.xml +++ /dev/null @@ -1,25 +0,0 @@ - - - - - - /sysusers.d/prometheus.conf - /tmpfiles.d/0prometheus.conf - /etc/prometheus/prometheus.yml - /etc/default/prometheus - - - - - - - - - zones - client_addresses - listen_addresses - - - diff --git a/seed/prometheus/dictionaries/20_prometheus.yml b/seed/prometheus/dictionaries/20_prometheus.yml new file mode 100644 index 00000000..59f484f3 --- /dev/null +++ b/seed/prometheus/dictionaries/20_prometheus.yml @@ -0,0 +1,25 @@ +--- +version: 1.1 + +prometheus: + + client_addresses: + description: Configure Prometheus exporter + type: domainname + provider: Prometheus + multi: true + hidden: true + mandatory: false + + listen_addresses: + type: ip + hidden: true + multi: true + default: + jinja: |- + {%- for ip in zones | get_ip(_.client_addresses) %} + {{ ip }} + {%- endfor -%} + params: + zones: + information: zones diff --git a/seed/provider-systemd-machined/applicationservice.yml b/seed/provider-systemd-machined/applicationservice.yml index f39bf6d9..e32598b5 100644 --- a/seed/provider-systemd-machined/applicationservice.yml +++ b/seed/provider-systemd-machined/applicationservice.yml @@ -1,5 +1,7 @@ +--- format: '0.1' description: Machine started in Systemd Machined environment website: https://www.freedesktop.org/wiki/Software/systemd/machined/ depends: - systemd +provider: true diff --git a/seed/provider-systemd-machined/dictionaries/10_machined.xml b/seed/provider-systemd-machined/dictionaries/10_machined.xml deleted file mode 100644 index 267173a4..00000000 --- a/seed/provider-systemd-machined/dictionaries/10_machined.xml +++ /dev/null @@ -1,7 +0,0 @@ - - - - - - diff --git a/seed/provider-systemd-machined/dictionaries/10_machined.yml b/seed/provider-systemd-machined/dictionaries/10_machined.yml new file mode 100644 index 00000000..28236c15 --- /dev/null +++ b/seed/provider-systemd-machined/dictionaries/10_machined.yml @@ -0,0 +1,9 @@ +--- +version: 1.1 + +host: + type: domainname + description: Machine où est démarré le conteneur + provider: global:host_name + supplier: Host + hidden: true diff --git a/seed/provider-systemd-machined/dictionaries/16_machined.xml b/seed/provider-systemd-machined/dictionaries/16_machined.xml deleted file mode 100644 index 75ec713c..00000000 --- a/seed/provider-systemd-machined/dictionaries/16_machined.xml +++ /dev/null @@ -1,81 +0,0 @@ - - - - - - - - - link_configurations - - - /no_risotto_backup - - - - - - - - - True - no_backup - - - False - srv_dir - - - False - do_backup - - - container_srv_path - / - server_name - - srv_dir - - - container_journal_path - / - server_name - - journal_dir - - - container_config_path - / - server_name - - config_dir - - - - diff --git a/seed/provider-systemd-machined/dictionaries/16_machined.yml b/seed/provider-systemd-machined/dictionaries/16_machined.yml new file mode 100644 index 00000000..36215ca1 --- /dev/null +++ b/seed/provider-systemd-machined/dictionaries/16_machined.yml @@ -0,0 +1,104 @@ +--- +version: 1.1 + +link_configurations: + redefine: true + disabled: true + +container_srv_path: + type: unix_filename + description: Nom du répertoire racine des données + hidden: true + default: /var/lib/risotto/srv + +srv_dir: + description: Nom du répertoire des données + type: unix_filename + hidden: true + supplier: Host:machine_srv + disabled: + variable: machine.add_srv + when: false + default: + jinja: >- + {{ general.container_srv_path }}/{{ general.network.server_name }} + +container_config_path: + type: unix_filename + description: Nom du répertoire racine des configurations + hidden: true + default: /var/lib/risotto/configurations + +config_dir: + description: Nom du répertoire des configurations + type: unix_filename + hidden: true + supplier: Host:config_dir + default: + jinja: >- + {{ general.container_config_path }}/{{ general.network.server_name }} + +container_journal_path: + type: unix_filename + description: Nom du répertoire racine des journaux + hidden: true + default: /var/lib/risotto/journals + +journal_dir: + description: Nom du répertoire des journaux + type: unix_filename + hidden: true + supplier: Host:machine_journal + default: + jinja: >- + {{ general.container_journal_path }}/{{ general.network.server_name }} + +use_systemd_repart: + redefine: true + hidden: true + default: false + +network: + + incoming_ports: + type: port + description: Ports exposés depuis l'extérieur + multi: true + supplier: Host:incoming_ports + hidden: true + mandatory: false + + outgoing_ports: + type: port + params: + allow_protocol: true + description: Ports autorisés vers l'extérieur + multi: true + supplier: Host:outgoing_ports + hidden: true + mandatory: false + + netwokd_interface_name_type: + redefine: true + hidden: true + default: host + + zones_list: + redefine: true + supplier: Host:machine_zones + hidden: true + +do_backup: + type: boolean + description: Do backup for this machine + mode: advanced + hidden: + variable: machine.add_srv + when: false + default: + variable: machine.add_srv + +backup_dir: + type: unix_filename + hidden: true + default: /srv/backup diff --git a/seed/provider-systemd-machined/extras/machine/11_systemd.xml b/seed/provider-systemd-machined/extras/machine/11_systemd.xml deleted file mode 100644 index c8019976..00000000 --- a/seed/provider-systemd-machined/extras/machine/11_systemd.xml +++ /dev/null @@ -1,19 +0,0 @@ - - - - - - - - - - - - - - machine.add_srv - do_backup - - - - diff --git a/seed/provider-systemd-machined/extras/machine/11_systemd.yml b/seed/provider-systemd-machined/extras/machine/11_systemd.yml new file mode 100644 index 00000000..2b733986 --- /dev/null +++ b/seed/provider-systemd-machined/extras/machine/11_systemd.yml @@ -0,0 +1,30 @@ +--- +version: 1.1 + +var_size: + disabled: true + redefine: true + +srv_size: + disabled: true + redefine: true + +data_disk_size: + disabled: true + redefine: true + +add_tmp: + disabled: true + redefine: true + +var_tmp_size: + disabled: true + redefine: true + +add_swap: + disabled: true + redefine: true + +swap_size: + disabled: true + redefine: true diff --git a/seed/redis-client/applicationservice.yml b/seed/redis-client/applicationservice.yml index 7c180ed2..b968e8f2 100644 --- a/seed/redis-client/applicationservice.yml +++ b/seed/redis-client/applicationservice.yml @@ -1,3 +1,4 @@ +--- format: '0.1' description: Application service needs interact with a Redis server website: https://redis.io/ diff --git a/seed/redis-client/dictionaries/23_redis.xml b/seed/redis-client/dictionaries/23_redis.xml deleted file mode 100644 index 58b48b14..00000000 --- a/seed/redis-client/dictionaries/23_redis.xml +++ /dev/null @@ -1,33 +0,0 @@ - - - - - redis - - - - - - - - domain_name_eth0 - redis_client_username - - - redis_client_server_domainname - domain_name_eth0 - redis - cleartext - hide_secret - redis_client_password - - - diff --git a/seed/redis-client/dictionaries/23_redis.yml b/seed/redis-client/dictionaries/23_redis.yml new file mode 100644 index 00000000..30413ed6 --- /dev/null +++ b/seed/redis-client/dictionaries/23_redis.yml @@ -0,0 +1,43 @@ +--- +version: 1.1 + +redis: + description: Redis + hidden: true + + client: # Redis as a client + + server_domainname: + type: domainname + supplier: Redis + + username: + supplier: Redis:username + default: + jinja: >- + {{ general.network.interface_0.domain_name | normalize_family }} + + password: + type: secret + supplier: Redis:password + default: + jinja: >- + {{ general.network.interface_0.domain_name | + get_password(server_name=_.server_domainname, + description="redis", + type="cleartext", + hide=general.hide_secret) + }} + + index: + description: Redis database index + help: >- + Only index 0 is allowed, Redis project discourage to use + the server with several database + type: number + provider: Redis:index + + key_owner: + description: 'Redis client key owner' + type: unix_user + default: apache diff --git a/seed/redis-common/applicationservice.yml b/seed/redis-common/applicationservice.yml index 1ee4d42e..f8e5f9ae 100644 --- a/seed/redis-common/applicationservice.yml +++ b/seed/redis-common/applicationservice.yml @@ -1,3 +1,4 @@ +--- format: '0.1' description: Redis, an in-memory data structure store website: https://redis.io/ diff --git a/seed/redis-common/dictionaries/90_redis-common.xml b/seed/redis-common/dictionaries/90_redis-common.xml deleted file mode 100644 index e96340f9..00000000 --- a/seed/redis-common/dictionaries/90_redis-common.xml +++ /dev/null @@ -1,8 +0,0 @@ - - - - - /sysusers.d/0redis.conf - - - diff --git a/seed/redis/applicationservice.yml b/seed/redis/applicationservice.yml index 5a41b679..6c6171b7 100644 --- a/seed/redis/applicationservice.yml +++ b/seed/redis/applicationservice.yml @@ -1,3 +1,4 @@ +--- format: '0.1' description: Redis, an in-memory data structure store website: https://redis.io/ diff --git a/seed/redis/dictionaries/90_redis.xml b/seed/redis/dictionaries/90_redis.xml deleted file mode 100644 index 8b53046c..00000000 --- a/seed/redis/dictionaries/90_redis.xml +++ /dev/null @@ -1,46 +0,0 @@ - - - - - accounts.remote_.ip_ - redis - /etc/redis/redis.conf - /tmpfiles.d/0redis.conf - /tests/redis.yml - - - - - - - False - - - 512 - - - noeviction - volatile-lru - allkeys-lru - volatile-lfu - allkeys-lfu - volatile-random - allkeys-random - volatile-ttl - noeviction - - - 300 - - - 10000 - - - - - - domain_name_eth0 - redis_instance_name - - - diff --git a/seed/redis/dictionaries/90_redis.yml b/seed/redis/dictionaries/90_redis.yml new file mode 100644 index 00000000..7e3dc773 --- /dev/null +++ b/seed/redis/dictionaries/90_redis.yml @@ -0,0 +1,43 @@ +--- +version: 1.1 + +redis: + description: Redis + help: Configuration du service de cache Redis + + redis_instance_name: + description: Nom de l'instance + default: + variable: general.network.interface_0.domain_name + + redis_save: + description: Activer la persistence des données + default: false + + redis_max_memory: + description: Quantité de mémoire utilisable par Redis + help: La valeur est en Mo + default: 512 + + redis_memory_policy: + description: Méthode de libération de mémoire lorsque le maximum est atteint + default: noeviction + choices: + - volatile-lru + - allkeys-lru + - volatile-lfu + - allkeys-lfu + - volatile-random + - allkeys-random + - volatile-ttl + - noeviction + + redis_tcp_keepalive: + description: >- + Intervalle entre le dernier envoi de paquet TCP et la réponse ACK + help: La valeur est en seconde + default: 300 + + redis_max_clients: + description: Nombre de client maximum autorisé + default: 10000 diff --git a/seed/redis/extras/accounts/00_accounts.xml b/seed/redis/extras/accounts/00_accounts.xml deleted file mode 100644 index 36beb291..00000000 --- a/seed/redis/extras/accounts/00_accounts.xml +++ /dev/null @@ -1,27 +0,0 @@ - - - - - - - zones - - accounts.remote_.ip_ - - - accounts.remotes - - accounts.remote_.index_ - - - accounts.remote_.index_ - - - diff --git a/seed/redis/extras/accounts/00_accounts.yml b/seed/redis/extras/accounts/00_accounts.yml new file mode 100644 index 00000000..c2039947 --- /dev/null +++ b/seed/redis/extras/accounts/00_accounts.yml @@ -0,0 +1,51 @@ +--- +version: 1.1 + +remotes: + description: Create account and connexion to a Redis server + type: domainname + multi: true + hidden: true + provider: Redis + +"remote_{{ suffix }}": + dynamic: + variable: accounts.remotes + hidden: true + + ip: + type: ip + default: + jinja: >- + {{ zones | get_ip(suffix) }} + params: + zones: + information: zones + suffix: + type: suffix + + username: + description: 'Redis user name for ' + provider: Redis:username + + password: + description: 'Redis password for ' + type: secret + provider: Redis:password + + index: + type: number + validators: + # see https://github.com/redis/redis/issues/8099#issuecomment-741868975 + - jinja: >- + {%- if _.index -%} + Redis only works for one service + {%- endif -%} + default: + jinja: >- + {{ accounts.remotes.index(suffix) }} + params: + suffix: + type: suffix + description: get current index + supplier: Redis:index diff --git a/seed/redis/funcs/redis.py b/seed/redis/funcs/redis.py deleted file mode 100644 index 3672b132..00000000 --- a/seed/redis/funcs/redis.py +++ /dev/null @@ -1,8 +0,0 @@ -def redis_index_of(remotes, suffix): - return remotes.index(suffix) - - -def redis_only_one(idx): - if idx: - # see https://github.com/redis/redis/issues/8099#issuecomment-741868975 - raise Exception('Redis only works for one service') diff --git a/seed/relay-lmtp-client/applicationservice.yml b/seed/relay-lmtp-client/applicationservice.yml index 32c6b751..797cf060 100644 --- a/seed/relay-lmtp-client/applicationservice.yml +++ b/seed/relay-lmtp-client/applicationservice.yml @@ -1,4 +1,6 @@ +--- format: '0.1' -description: Application service needs interact with a Postfix server with LMTP protocol +description: > + Application service needs interact with a Postfix server with LMTP protocol depends: - relay-mail-client diff --git a/seed/relay-lmtp-client/dictionaries/30_lmtp.xml b/seed/relay-lmtp-client/dictionaries/30_lmtp.xml deleted file mode 100644 index 8bc2d79a..00000000 --- a/seed/relay-lmtp-client/dictionaries/30_lmtp.xml +++ /dev/null @@ -1,12 +0,0 @@ - - - - - - - smtp_relay_address - lmtp_relay_address - - - diff --git a/seed/relay-lmtp-client/dictionaries/30_lmtp.yml b/seed/relay-lmtp-client/dictionaries/30_lmtp.yml new file mode 100644 index 00000000..76bda930 --- /dev/null +++ b/seed/relay-lmtp-client/dictionaries/30_lmtp.yml @@ -0,0 +1,9 @@ +--- +version: 1.1 + +lmtp_relay_address: + type: domainname + supplier: LMTP + hidden: true + default: + variable: general.smtp.smtp_relay_address diff --git a/seed/relay-mail-client/applicationservice.yml b/seed/relay-mail-client/applicationservice.yml index 17207496..48188eed 100644 --- a/seed/relay-mail-client/applicationservice.yml +++ b/seed/relay-mail-client/applicationservice.yml @@ -1,2 +1,3 @@ +--- format: '0.1' description: Client SMTP diff --git a/seed/relay-mail-client/dictionaries/20_smtp_client.xml b/seed/relay-mail-client/dictionaries/20_smtp_client.xml deleted file mode 100644 index 014d08e5..00000000 --- a/seed/relay-mail-client/dictionaries/20_smtp_client.xml +++ /dev/null @@ -1,45 +0,0 @@ - - - - - smtp - - - - - - - - - smtp_relay_ip - domain_name_eth - network_eth - True - smtp_relay_user - - - smtp_relay_address - domain_name_eth0 - local authentification - cleartext - hide_secret - smtp_relay_password - - - zones - smtp_relay_address - smtp_relay_ip - - - smtp_relay_ip - ip_eth - network_eth - smtp_client_ip - - - diff --git a/seed/relay-mail-client/dictionaries/20_smtp_client.yml b/seed/relay-mail-client/dictionaries/20_smtp_client.yml new file mode 100644 index 00000000..fd4ae9ac --- /dev/null +++ b/seed/relay-mail-client/dictionaries/20_smtp_client.yml @@ -0,0 +1,62 @@ +--- +version: 1.1 + +smtp: # Client SMTP + + smtp_relay_address: + type: domainname + supplier: SMTP + hidden: true + + smtp_relay_ip: + type: ip + hidden: true + default: + jinja: >- + {{ zones | get_ip(_.smtp_relay_address) }} + params: + zones: + information: zones + + smtp_client_ip: + type: ip + hidden: true + default: + jinja: >- + {{ _.smtp_relay_ip | get_local_smtp_info(ip_eth, network_eth) }} + params: + ip_eth: + variable: general.network.interface_{{ suffix }}.ip + network_eth: + variable: >- + general.network.interface_{{ suffix }}.network + + smtp_relay_user: + hidden: true + supplier: SMTP:username + default: + jinja: >- + {{ _.smtp_relay_ip | get_local_smtp_info(domain_name, + network_eth, + normalize=true) + }} + params: + network_eth: + variable: >- + general.network.interface_{{ suffix }}.network + domain_name: + variable: >- + general.network.interface_{{ suffix }}.domain_name + + smtp_relay_password: + type: secret + hidden: true + supplier: SMTP:password + default: + jinja: >- + {{ general.network.interface_0.domain_name | + get_password(server_name=_.smtp_relay_address, + description="local authentification", + type="cleartext", + hide=general.hide_secret) + }} diff --git a/seed/resolved/applicationservice.yml b/seed/resolved/applicationservice.yml index 7db20f8a..463a63c0 100644 --- a/seed/resolved/applicationservice.yml +++ b/seed/resolved/applicationservice.yml @@ -1,3 +1,4 @@ +--- format: '0.1' description: Resolved website: https://systemd.io/ diff --git a/seed/resolved/dictionaries/20_resolved.xml b/seed/resolved/dictionaries/20_resolved.xml deleted file mode 100644 index e31c17ef..00000000 --- a/seed/resolved/dictionaries/20_resolved.xml +++ /dev/null @@ -1,15 +0,0 @@ - - - - - /etc/systemd/resolved.conf - /etc/dnssec-trust-anchors.d/risotto.positive - /etc/dnssec-trust-anchors.d/risotto.negative - - - - - - - diff --git a/seed/resolved/dictionaries/20_resolved.yml b/seed/resolved/dictionaries/20_resolved.yml new file mode 100644 index 00000000..4818fca3 --- /dev/null +++ b/seed/resolved/dictionaries/20_resolved.yml @@ -0,0 +1,11 @@ +--- +version: 1.1 + +network: + + dnssec_ds: + description: DNSSEC DS informations + provider: LocalDNS:DNSSEC_DS + hidden: true + multi: true + mandatory: false diff --git a/seed/reverse-proxy-client/applicationservice.yml b/seed/reverse-proxy-client/applicationservice.yml index ae274999..b33e399b 100644 --- a/seed/reverse-proxy-client/applicationservice.yml +++ b/seed/reverse-proxy-client/applicationservice.yml @@ -1,3 +1,3 @@ +--- format: '0.1' -description: Web site behind Nginx reverse proxy description: Application service needs interact with a a reverse proxy server diff --git a/seed/reverse-proxy-client/dictionaries/21_revprox_client.xml b/seed/reverse-proxy-client/dictionaries/21_revprox_client.xml deleted file mode 100644 index afc1746e..00000000 --- a/seed/reverse-proxy-client/dictionaries/21_revprox_client.xml +++ /dev/null @@ -1,53 +0,0 @@ - - - - - revprox - /tests/reverse-proxy-client.yml - - - - - - - - - zones - revprox_client_server_domainname - revprox_client_server_ip - - - domain_name_eth0 - revprox_client_port - revprox_client_local_location - revprox_client_http - revprox_client_web_address - - - diff --git a/seed/reverse-proxy-client/dictionaries/21_revprox_client.yml b/seed/reverse-proxy-client/dictionaries/21_revprox_client.yml new file mode 100644 index 00000000..75a0b677 --- /dev/null +++ b/seed/reverse-proxy-client/dictionaries/21_revprox_client.yml @@ -0,0 +1,99 @@ +--- +version: 1.1 + +revprox: # Reverse proxy + + client_server_domainname: + type: domainname + hidden: true + supplier: ReverseProxy + + client_server_ip: + type: ip + default: + jinja: >- + {{ zones | get_ip(general.revprox.client_server_domainname) }} + params: + zones: + information: zones + hidden: true + + client_http: + default: false + hidden: true + + client_port: + type: port + default: '443' + hidden: true + + client_cert_owner: + type: unix_user + default: root + hidden: true + + client: + description: Clients configuration + type: leadership + + external_domainnames: + description: Service external domain name + examples: + - service.example.net + type: domainname + unique: false + supplier: ReverseProxy:external + + location: + description: URI to route request to the correct service + mode: basic + type: unix_filename + default: / + supplier: ReverseProxy:location + + max_body_size: + description: The maximum allowed size of the client request body + mandatory: false + supplier: ReverseProxy:max_body_size + + is_websocket: + type: boolean + default: false + hidden: true + supplier: ReverseProxy:websocket + + local_location: + type: unix_filename + mandatory: false + hidden: true + + web_address: + type: web_address + default: + jinja: >- + {%- set domain_name = general.network.interface_0.domain_name -%} + {%- if domain_name and __.client_port -%} + {%- set web_address = 'http' %} + {%- if not __.client_http -%} + {%- set web_address = web_address + 's' %} + {%- endif -%} + {%- set web_address = web_address + '://' + domain_name -%} + {%- if (__.client_http and __.client_port != '80' ) or + (not __.client_http and __.client_port != '443') -%} + {%- set web_address = web_address + ':' + __.client_port -%} + {%- endif -%} + {%- if _.local_location -%} + {%- set web_address = web_address + _.local_location -%} + {%- endif -%} + {{ web_address }} + {%- endif -%} + description: >- + calculating web_address with domain_name, client_port and + local_location + hidden: true + supplier: ReverseProxy:url + + http: + default: false + hidden: true + supplier: ReverseProxy:http diff --git a/seed/reverse-proxy-client/funcs/revprox_client.py b/seed/reverse-proxy-client/funcs/revprox_client.py deleted file mode 100644 index 1d56324c..00000000 --- a/seed/reverse-proxy-client/funcs/revprox_client.py +++ /dev/null @@ -1,18 +0,0 @@ -def calc_web_address(domain_name: str=None, - port: str=None, - local_location: str=None, - http: bool=None, - ) -> str: - if not domain_name or not port: - return - if http: - web_address = f'http://{domain_name}' - test_port = '80' - else: - web_address = f'https://{domain_name}' - test_port = '443' - if port != test_port: - web_address += f':{port}' - if local_location: - web_address += local_location - return web_address diff --git a/seed/roundcube/applicationservice.yml b/seed/roundcube/applicationservice.yml index a2a56f79..61d5ead3 100644 --- a/seed/roundcube/applicationservice.yml +++ b/seed/roundcube/applicationservice.yml @@ -1,3 +1,4 @@ +--- format: '0.1' description: Roundcube, a webmail website: https://roundcube.net/ diff --git a/seed/roundcube/dictionaries/31_roundcube.xml b/seed/roundcube/dictionaries/31_roundcube.xml deleted file mode 100644 index f6ab4945..00000000 --- a/seed/roundcube/dictionaries/31_roundcube.xml +++ /dev/null @@ -1,98 +0,0 @@ - - - - - roundcube - /etc/roundcubemail/config.inc.php - /etc/nginx/default.d/roundcubemail.conf - roundcube_config - /static/silique_cloud.svg - /static/watermark.html - - - - - - - - True - - - Courriel - - - Consulter ces courriels avec Roundcube - - - Diffusion - - - silique_email.png - - - - - - - - - /usr/share/roundcubemail/ - - - - - - - - - nginx - - - - - - - - - - domain_name_eth0 - roundcube - des_key - cleartext - hide_secret - roundcube_des_key - - - /etc/roundcubemail/ - roundcube_domains - .inc.php - - True - roundcube_config - - - roundcube_domains - revprox_client_external_domainnames - - - roundcube_family - oauth2_client_family - - - roundcube_family - ldapclient_family - - - diff --git a/seed/roundcube/dictionaries/31_roundcube.yml b/seed/roundcube/dictionaries/31_roundcube.yml new file mode 100644 index 00000000..77dc209f --- /dev/null +++ b/seed/roundcube/dictionaries/31_roundcube.yml @@ -0,0 +1,128 @@ +--- +version: 1.1 + +roundcube: # Interface web de consultation des courriels Roundcube + + des_key: + type: secret + default: + jinja: >- + {{ "roundcube" | + get_password(server_name=general.network.interface_0.domain_name, + description="des_key", + type="cleartext", + hide=general.hide_secret) + }} + auto_save: false + hidden: true + + config: + type: unix_filename + multi: true + default: + jinja: |- + {%- for domain in _.domain.domains %} + /etc/roundcubemail/{{ domain }}.inc.php + {%- endfor -%} + hidden: true + + domain: + type: leadership + + domains: + description: Nom de domaines d'accès à Roundcube + examples: + - webmail.example.net + type: domainname + multi: true + + mail_domain: + description: Nom de domaines des courriels + examples: + - mail.example.net + type: domainname + + family: + description: Nom de la famille + type: unix_user + mandatory: false + +oauth2: + + client: + + is_client_application: + redefine: true + default: true + + name: + redefine: true + default: Courriel + + description: + redefine: true + default: Consulter ces courriels avec Roundcube + + category: + redefine: true + default: Diffusion + + logo: + redefine: true + default: silique_email.png + + external: + + family: + redefine: true + multi: true + default: + jinja: |- + {%- for family in general.roundcube.domain.family + | calc_oauth2_families %} + {{ family }} + {%- endfor -%} + +nginx: + + root: + redefine: true + default: /usr/share/roundcubemail/ + +revprox: + + client: + + external_domainnames: + redefine: true + default: + variable: general.roundcube.domain.domains + hidden: true + + local_location: + redefine: true + default: / + +imap: + + cert_owner: + redefine: true + default: nginx + +ldap: + + client: + + family: + redefine: true + default: + jinja: >- + {%- if general.roundcube.domain.family -%} + {%- if general.roundcube.domain.family | unique | list | length > 1 -%} + all + {%- else -%} + {{ general.roundcube.domain.family[0] }} + pouet + {%- endif -%} + {%- endif -%} + hidden: true diff --git a/seed/roundcube/extras/machine/20_roundcube.xml b/seed/roundcube/extras/machine/20_roundcube.xml deleted file mode 100644 index ac4f5b31..00000000 --- a/seed/roundcube/extras/machine/20_roundcube.xml +++ /dev/null @@ -1,20 +0,0 @@ - - - - - 256 - - - False - - - False - - - False - - - 512 - - - diff --git a/seed/roundcube/extras/machine/20_roundcube.yml b/seed/roundcube/extras/machine/20_roundcube.yml new file mode 100644 index 00000000..2a5318b8 --- /dev/null +++ b/seed/roundcube/extras/machine/20_roundcube.yml @@ -0,0 +1,23 @@ +--- +version: 1.1 + +var_size: + redefine: true + default: '256' + +add_tmp: + redefine: true + default: 'False' + +add_srv: + redefine: true + default: 'False' + +add_swap: + redefine: true + default: 'False' + +memory: + redefine: true + exists: true + default: '512' diff --git a/seed/roundcube/funcs/roundcube.py b/seed/roundcube/funcs/roundcube.py deleted file mode 100644 index a4a90a75..00000000 --- a/seed/roundcube/funcs/roundcube.py +++ /dev/null @@ -1,9 +0,0 @@ -def calc_roundcube_family(families): - if not families: - return - uniq_fam = set(families) - if len(set(families)) > 1: - return 'all' - if not uniq_fam[0]: - return - return uniq_fam[0] diff --git a/seed/speedtest-rs/applicationservice.yml b/seed/speedtest-rs/applicationservice.yml index 86139da4..c09945d3 100644 --- a/seed/speedtest-rs/applicationservice.yml +++ b/seed/speedtest-rs/applicationservice.yml @@ -1,3 +1,4 @@ +--- format: '0.1' description: Speedtest-rs, a very lightweight Speedtest website: https://cloud.silique.fr/gitea/Silique/speedtest-rs diff --git a/seed/speedtest-rs/dictionaries/40_speedtest-rs.xml b/seed/speedtest-rs/dictionaries/40_speedtest-rs.xml deleted file mode 100644 index d973c1cc..00000000 --- a/seed/speedtest-rs/dictionaries/40_speedtest-rs.xml +++ /dev/null @@ -1,18 +0,0 @@ - - - - - - /etc/speedtest-rs/config.env - /var/lib/speedtest-rs/speedtest-rs.css - /var/lib/speedtest-rs/logo.png - - - - - - speedtest - - - - diff --git a/seed/speedtest-rs/dictionaries/40_speedtest-rs.yml b/seed/speedtest-rs/dictionaries/40_speedtest-rs.yml new file mode 100644 index 00000000..10be6925 --- /dev/null +++ b/seed/speedtest-rs/dictionaries/40_speedtest-rs.yml @@ -0,0 +1,8 @@ +--- +version: 1.1 + +revprox: + + client_cert_owner: + redefine: true + default: speedtest diff --git a/seed/speedtest-rs/extras/machine/20_speedtest-rs.xml b/seed/speedtest-rs/extras/machine/20_speedtest-rs.xml deleted file mode 100644 index ac4f5b31..00000000 --- a/seed/speedtest-rs/extras/machine/20_speedtest-rs.xml +++ /dev/null @@ -1,20 +0,0 @@ - - - - - 256 - - - False - - - False - - - False - - - 512 - - - diff --git a/seed/speedtest-rs/extras/machine/20_speedtest-rs.yml b/seed/speedtest-rs/extras/machine/20_speedtest-rs.yml new file mode 100644 index 00000000..b628a69e --- /dev/null +++ b/seed/speedtest-rs/extras/machine/20_speedtest-rs.yml @@ -0,0 +1,23 @@ +--- +version: 1.1 + +var_size: + redefine: true + default: 256 + +add_tmp: + redefine: true + default: false + +add_srv: + redefine: true + default: false + +add_swap: + redefine: true + default: false + +memory: + redefine: true + exists: true + default: 512 diff --git a/seed/systemd/applicationservice.yml b/seed/systemd/applicationservice.yml index 9ca71206..f42b5415 100644 --- a/seed/systemd/applicationservice.yml +++ b/seed/systemd/applicationservice.yml @@ -1,3 +1,4 @@ +--- format: '0.1' description: Systemd, a system and service manager website: https://systemd.io/ diff --git a/seed/systemd/dictionaries/15_systemd.xml b/seed/systemd/dictionaries/15_systemd.xml deleted file mode 100644 index 35b69c59..00000000 --- a/seed/systemd/dictionaries/15_systemd.xml +++ /dev/null @@ -1,130 +0,0 @@ - - - - - netwokd_configurations - link_configurations - - - - - - /repart.d/50-var.conf - - - /repart.d/40-tmp.conf - - - /repart.d/60-srv.conf - - - /repart.d/30-swap.conf - - - - - - - - /secrets/root.pwd - /tmpfiles.d/risotto-volatile.conf - - - - - - - - domain_name_eth0 - root - local connection - cleartext - True - hide_secret - root_password - - - /etc/systemd/network/10 - zones_list - risotto.network - - - True - netwokd_configurations - - - /systemd/network/10 - zones_list - risotto.link - - - True - link_configurations - - - False - systemd_repart - add_tmp - add_srv - add_swap - - - diff --git a/seed/systemd/dictionaries/15_systemd.yml b/seed/systemd/dictionaries/15_systemd.yml new file mode 100644 index 00000000..09006705 --- /dev/null +++ b/seed/systemd/dictionaries/15_systemd.yml @@ -0,0 +1,125 @@ +--- +version: 1.1 + +root_password: + type: secret + description: Mot de passe de l'administrateur système root + hidden: true + default: + jinja: >- + {{ "root" | + get_password(server_name=general.network.interface_0.domain_name, + description="local connection", + type="cleartext", + temporary=true, + hide=general.hide_secret) + }} + +link_configurations: + description: Nom des fichiers "link" networkd + type: unix_filename + multi: true + hidden: true + default: + jinja: |- + {%- for zone in general.network.zones_list %} + /systemd/network/10-{{ zone }}-risotto.link + {%- endfor -%} + +use_systemd_repart: + description: Activer le partitionnement systemd + type: boolean + hidden: true + +network: + + networkd_configurations: + description: Nom des fichiers de configuration du réseau networkd + type: unix_filename + multi: true + hidden: true + default: + jinja: |- + {%- for zone in general.network.zones_list %} + /etc/systemd/network/10-{{ zone}}-risotto.network + {%- endfor -%} + + netwokd_interface_name_type: + description: Type de réseau networkd + hidden: true + default: zone_name + choices: + - zone_name + - host + +journald: + + conditions: + hidden: true + + vector_messages: + supplier: Journald:message + unique: false + default: + - 'PAM adding faulty module: /usr/lib64/security/pam_sss.so' + - 'PAM adding faulty module: /usr/lib64/security/pam_sss.so' + - 'PAM adding faulty module: /usr/lib64/security/pam_sss.so' + - 'PAM adding faulty module: /usr/lib64/security/pam_sss.so' + - 'PAM adding faulty module: /usr/lib64/security/pam_sss.so' + - "PAM unable to dlopen(/usr/lib64/security/pam_sss.so): \ + /usr/lib64/security/pam_sss.so: cannot open shared object file: \ + No such file or directory" + - "PAM unable to dlopen(/usr/lib64/security/pam_sss.so): \ + /usr/lib64/security/pam_sss.so: cannot open shared object file: \ + No such file or directory" + - "PAM unable to dlopen(/usr/lib64/security/pam_sss.so): \ + /usr/lib64/security/pam_sss.so: cannot open shared object file: \ + No such file or directory" + - "PAM unable to dlopen(/usr/lib64/security/pam_sss.so): \ + /usr/lib64/security/pam_sss.so: cannot open shared object file: \ + No such file or directory" + - "PAM unable to dlopen(/usr/lib64/security/pam_sss.so): \ + /usr/lib64/security/pam_sss.so: cannot open shared object file: \ + No such file or directory" + - "Failed to open libbpf, cgroup BPF features disabled: Operation \ + not supported" + - "rm(/var/log): Directory not empty" + - ': Duplicate line for path' + + vector_services: + supplier: Journald:service + unique: false + default: + - systemd + - (systemd) + - (ystemctl) + - (sh) + - su + - systemd + - (systemd) + - (ystemctl) + - (sh) + - su + - systemd + - systemd-tmpfiles + - systemd-tmpfiles + + vector_functions: + supplier: Journald:function + mandatory: false + empty: false + unique: false + default: + - null + - null + - null + - null + - null + - null + - null + - null + - null + - null + - null + - null + - contains diff --git a/seed/systemd/extras/machine/10_systemd.xml b/seed/systemd/extras/machine/10_systemd.xml deleted file mode 100644 index e6af7beb..00000000 --- a/seed/systemd/extras/machine/10_systemd.xml +++ /dev/null @@ -1,47 +0,0 @@ - - - - - - - - False - machine.var_tmp_size - add_tmp - - - False - machine.srv_size - add_srv - - - False - machine.swap_size - add_swap - - - machine.var_size - machine.var_tmp_size - machine.srv_size - machine.swap_size - 16 - add - machine.data_disk_size - - - - diff --git a/seed/systemd/extras/machine/10_systemd.yml b/seed/systemd/extras/machine/10_systemd.yml new file mode 100644 index 00000000..656a0830 --- /dev/null +++ b/seed/systemd/extras/machine/10_systemd.yml @@ -0,0 +1,57 @@ +--- +version: 1.1 + +var_size: + description: Variable directory size + hidden: true + default: 1024 + +add_tmp: + type: boolean + description: Add a temporary directory + hidden: true + +var_tmp_size: + description: Temporary directory size + hidden: true + default: 1024 + disabled: + variable: machine.add_tmp + when: false + +add_srv: + type: boolean + description: Add a persistent directory + hidden: true + +srv_size: + description: Persistent directory size + hidden: true + default: 1024 + disabled: + variable: machine.add_srv + when: false + +add_swap: + type: boolean + description: Add a SWAP partition + hidden: true + +swap_size: + description: SWAP size + hidden: true + default: 512 + disabled: + variable: machine.add_swap + when: false + +data_disk_size: + redefine: true + default: + jinja: >- + {% set total = machine.var_size + + machine.var_tmp_size + + machine.srv_size + + machine.swap_size + 16 + %} + {{ total }} diff --git a/seed/tls/applicationservice.yml b/seed/tls/applicationservice.yml index 81365cda..28c129fd 100644 --- a/seed/tls/applicationservice.yml +++ b/seed/tls/applicationservice.yml @@ -1,5 +1,6 @@ +--- format: '0.1' -description: PLEASE DO NOT USE THIS APPLICATION SERVICE, use for manage tls certificates +description: Manage tls certificates documentation: false depends: - base-fedora-38 diff --git a/seed/tls/dictionaries/26_tls.xml b/seed/tls/dictionaries/26_tls.xml deleted file mode 100644 index 88f2b6d0..00000000 --- a/seed/tls/dictionaries/26_tls.xml +++ /dev/null @@ -1,57 +0,0 @@ - - - - - /sysusers.d/tls.conf - /tmpfiles.d/0tls.conf - /etc/risotto/configuration.yml - /etc/risotto/certificates.yml - - - - - - - - - - - - - - - /.well-known/acme-challenge - - - True - - - - - True - - - 8080 - - - - - - domain_name_eth0 - - True - first_zone_name - - - - 443 - first_zone_name - - True - outgoing_ports - - - diff --git a/seed/tls/dictionaries/26_tls.yml b/seed/tls/dictionaries/26_tls.yml new file mode 100644 index 00000000..0cd44036 --- /dev/null +++ b/seed/tls/dictionaries/26_tls.yml @@ -0,0 +1,58 @@ +--- +version: 1.1 + +network: # Réseau + + zones_list: + redefine: true + mandatory: false + + first_zone_name: + default: + variable: general.network.interface_0.domain_name + hidden: true + + outgoing_ports: + redefine: true + default: + jinja: >- + {%- if general.network.first_zone_name -%} + 443 + {%- endif -%} + + dns_client_address: + redefine: true + mandatory: false + +revprox: + + client_server_domainname: + redefine: true + mandatory: false + + client: + + external_domainnames: + redefine: true + default: null + mandatory: false + + location: + redefine: true + default: /.well-known/acme-challenge + + http: + redefine: true + default: true + + web_address: + redefine: true + mandatory: false + + client_http: + redefine: true + default: true + + client_port: + redefine: true + default: 8080 diff --git a/seed/tls/extras/machine/20_tls.xml b/seed/tls/extras/machine/20_tls.xml deleted file mode 100644 index 0cab45bb..00000000 --- a/seed/tls/extras/machine/20_tls.xml +++ /dev/null @@ -1,23 +0,0 @@ - - - - - 256 - - - False - - - False - - - 512 - - - False - - - - diff --git a/seed/tls/extras/machine/20_tls.yml b/seed/tls/extras/machine/20_tls.yml new file mode 100644 index 00000000..4b17fd2e --- /dev/null +++ b/seed/tls/extras/machine/20_tls.yml @@ -0,0 +1,29 @@ +--- +version: 1.1 + +var_size: + redefine: true + default: 256 + +add_tmp: + redefine: true + default: false + +add_swap: + redefine: true + default: false + +memory: + redefine: true + exists: true + default: 512 + +add_srv: + redefine: true + default: false + +tls_dir: + hidden: true + type: unix_filename + supplier: Host:machine_tls + default: /var/lib/risotto/tls diff --git a/seed/unbound/applicationservice.yml b/seed/unbound/applicationservice.yml index 149a6b91..6be8d86c 100644 --- a/seed/unbound/applicationservice.yml +++ b/seed/unbound/applicationservice.yml @@ -1,3 +1,4 @@ +--- format: '0.1' description: Unbound, a validating, recursive, caching DNS resolver website: https://www.nlnetlabs.nl/projects/unbound/about/ diff --git a/seed/unbound/dictionaries/20_unbound.xml b/seed/unbound/dictionaries/20_unbound.xml deleted file mode 100644 index 92106e52..00000000 --- a/seed/unbound/dictionaries/20_unbound.xml +++ /dev/null @@ -1,47 +0,0 @@ - - - - - - unbound_allowed_client - - /etc/unbound/conf.d/risotto.conf - /etc/unbound/unbound.conf - /sysusers.d/0unbound.conf - /tmpfiles.d/0unbound.conf - - - - - - - - - - - - udp:53 - 53 - - - - - - - - - - ip_eth0 - ip_dns - - - zones - unbound_forward_address - unbound_allowed_client - - - diff --git a/seed/unbound/dictionaries/20_unbound.yml b/seed/unbound/dictionaries/20_unbound.yml new file mode 100644 index 00000000..0cdd2543 --- /dev/null +++ b/seed/unbound/dictionaries/20_unbound.yml @@ -0,0 +1,62 @@ +--- +version: 1.1 + +network: + + dns_client_address: + redefine: true + disabled: true + supplier: '' + + ip_dns: + redefine: true + default: + variable: _.interface_0.ip + + outgoing_ports: + redefine: true + default: + - udp:53 + - 53 + +dns_resolver: # Résolveur DNS + + forward_zones: + description: Serveur DNS faisant autorité sur une zone particulière + hidden: true + type: leadership + + unbound_forward_address: + description: DNS forwarder for all DNS zones + help: >- + This provider is able to answer query for external and internal domain + name + provider: ExternalDNS + hidden: true + mandatory: false + + unbound_forward_zones: + description: Local DNS server can export own authority zones + type: domainname + multi: true + provider: ExternalDNS:authority_zones + hidden: true + mandatory: false + + unbound_allowed_client: + type: ip + hidden: true + default: + jinja: >- + {{ zones | + get_ip(general.dns_resolver.forward_zones.unbound_forward_address) + }} + params: + zones: + information: zones + + unbound_default_forwards: + description: Serveur résolveur DNS par défaut + multi: true + examples: + - 9.9.9.9 diff --git a/seed/unbound/extras/machine/20_unbound.xml b/seed/unbound/extras/machine/20_unbound.xml deleted file mode 100644 index c8842485..00000000 --- a/seed/unbound/extras/machine/20_unbound.xml +++ /dev/null @@ -1,17 +0,0 @@ - - - - - 256 - - - False - - - False - - - 512 - - - diff --git a/seed/unbound/extras/machine/20_unbound.yml b/seed/unbound/extras/machine/20_unbound.yml new file mode 100644 index 00000000..789bb984 --- /dev/null +++ b/seed/unbound/extras/machine/20_unbound.yml @@ -0,0 +1,19 @@ +--- +version: 1.1 + +var_size: + redefine: true + default: 256 + +add_tmp: + redefine: true + default: false + +add_swap: + redefine: true + default: false + +memory: + redefine: true + exists: true + default: 512 diff --git a/seed/unbound/funcs/funcs.py b/seed/unbound/funcs/funcs.py index cac5dd45..a34ab752 100644 --- a/seed/unbound/funcs/funcs.py +++ b/seed/unbound/funcs/funcs.py @@ -1,17 +1,5 @@ -from typing import List -from ipaddress import ip_interface -from os.path import join from datetime import datetime -def unbound_filename(dirname: str, - variables: List[str], - extension: str) -> List[str]: - ret = [] - for variable in variables: - ret.append(join(dirname, f'{variable}{extension}')) - return ret - - def unbound_serial() -> str: return datetime.now().strftime('%Y%m%d%H%M%S') diff --git a/seed/vaultwarden/applicationservice.yml b/seed/vaultwarden/applicationservice.yml index a602de7f..08aa67b4 100644 --- a/seed/vaultwarden/applicationservice.yml +++ b/seed/vaultwarden/applicationservice.yml @@ -1,3 +1,4 @@ +--- format: '0.1' description: Vaultwarden, a password manager website: https://github.com/dani-garcia/vaultwarden diff --git a/seed/vaultwarden/dictionaries/40_vaultwarden.xml b/seed/vaultwarden/dictionaries/40_vaultwarden.xml deleted file mode 100644 index 7daa77c1..00000000 --- a/seed/vaultwarden/dictionaries/40_vaultwarden.xml +++ /dev/null @@ -1,72 +0,0 @@ - - - - - - /tmpfiles.d/0vaultwarden.conf - /etc/vaultwarden/config.env - /tests/vaultwarden.yml - - - - - - - - vaultwarden - - - - - - risotto - - - - - - vaultwarden - - - - - - domain_name_eth0 - admin_password - vaultwarden - cleartext - vaultwarden_admin_password - hide_secret - - - domain_name_eth0 - vaultwarden_test_device_identifier - - - vaultwarden_domainname - vaultwarden_domainname - True - revprox_client_external_domainnames - - - - revprox_client_location - - - True - False - revprox_client_location - /notifications/hub - revprox_client_is_websocket - - - diff --git a/seed/vaultwarden/dictionaries/40_vaultwarden.yml b/seed/vaultwarden/dictionaries/40_vaultwarden.yml new file mode 100644 index 00000000..1bda7d9e --- /dev/null +++ b/seed/vaultwarden/dictionaries/40_vaultwarden.yml @@ -0,0 +1,93 @@ +--- +version: 1.1 + +revprox: + + client: + + external_domainnames: + redefine: true + default: + - variable: general.vaultwarden.domainname + hidden: true + + location: + redefine: true + default: + jinja: >- + {%- if index -%} + /notifications/hub + {%- else -%} + / + {%- endif -%} + params: + index: + type: index + description: first location is for "/" + + is_websocket: + redefine: true + type: boolean + default: + jinja: >- + {%- if _.location == "/" -%} + false + {%- else -%} + true + {%- endif -%} + description: / is not a websocket + + client_cert_owner: + redefine: true + default: vaultwarden + +vaultwarden: # Vaultwarden + + domainname: + description: Nom de domaine d'accès à Vaultwarden + examples: + - vault.example.net + type: domainname + + password_admin_username: risotto # Nom de l'utilisateur Risotto + + admin_email: + description: Adresse courriel de l'utilisateur Risotto + examples: + - admin@example.net + type: mail + + admin_password: + description: Mot de passe de l'utilisateur Risotto + type: secret + default: + jinja: >- + {{ "admin_password" | + get_password( + server_name=general.network.interface_0.domain_name, + description="vaultwarden", + type="cleartext", + hide=general.hide_secret) + }} + hidden: true + + length: 20 # Taille par défaut du mot de passe + + org_name: + description: Nom de l'organisation lors de l'envoi des invitations + default: Vaultwarden + + test_device_identifier: + description: Identifiant de test de l'appareil se connectant + default: + jinja: |- + {{ general.network.interface_0.domain_name | get_uuid }} + hidden: true + +postgresql: + + client: + + key_owner: + redefine: true + default: vaultwarden diff --git a/seed/vaultwarden/funcs/vaultwarden.py b/seed/vaultwarden/funcs/vaultwarden.py index f3c3a5f4..ed531dcb 100644 --- a/seed/vaultwarden/funcs/vaultwarden.py +++ b/seed/vaultwarden/funcs/vaultwarden.py @@ -22,9 +22,3 @@ def get_uuid(server_name: str) -> str: with open(file_name, 'r') as fh: file_content = fh.read().strip() return file_content - - -def calc_vaulwarden_location(index): - if not index: - return '/' - return '/notifications/hub' diff --git a/seed/vector/applicationservice.yml b/seed/vector/applicationservice.yml index 6be108b6..10924a08 100644 --- a/seed/vector/applicationservice.yml +++ b/seed/vector/applicationservice.yml @@ -1,5 +1,7 @@ +--- format: '0.1' -description: Vector, a lightweight, ultra-fast tool for building observability pipelines +description: > + Vector, a lightweight, ultra-fast tool for building observability pipelines website: https://vector.dev/ depends: - base-fedora-38 diff --git a/seed/vector/dictionaries/20_vector.xml b/seed/vector/dictionaries/20_vector.xml deleted file mode 100644 index 35ca2586..00000000 --- a/seed/vector/dictionaries/20_vector.xml +++ /dev/null @@ -1,21 +0,0 @@ - - - - - /sysusers.d/vector.conf - /tmpfiles.d/0vector.conf - /etc/vector/vector.toml - /sbin/vector_journalctl - - - - - - - - diff --git a/seed/vector/dictionaries/20_vector.yml b/seed/vector/dictionaries/20_vector.yml new file mode 100644 index 00000000..d3c81a5b --- /dev/null +++ b/seed/vector/dictionaries/20_vector.yml @@ -0,0 +1,31 @@ +--- +version: 1.1 + +vector: + description: loki + hidden: true + + client_addresses: + description: Collect observability data from another Vector instance + type: domainname + provider: Vector + multi: true + mandatory: false + + listen_addresses: + description: Send Journal on this IP address + help: >- + Vector must listen on this address, clients are configured to use this + destination IP + type: ip + multi: true + provider: Vector:address + mandatory: false + +loki: + description: loki + hidden: true + + server_domainname: + type: domainname + supplier: Loki diff --git a/seed/znc/applicationservice.yml b/seed/znc/applicationservice.yml index 6901ae95..7c1c3cff 100644 --- a/seed/znc/applicationservice.yml +++ b/seed/znc/applicationservice.yml @@ -1,6 +1,9 @@ +--- format: '0.1' description: ZNC, a bouncer IRC -help: The IRC network bouncer or BNC can detach the client from the actual IRC server, and also from selected channels +help: |- + The IRC network bouncer or BNC can detach the client from the actual IRC + server, and also from selected channels website: https://wiki.znc.in/ depends: - base-fedora-36 diff --git a/seed/znc/dictionaries/40_znc.xml b/seed/znc/dictionaries/40_znc.xml deleted file mode 100644 index 8bb76112..00000000 --- a/seed/znc/dictionaries/40_znc.xml +++ /dev/null @@ -1,46 +0,0 @@ - - - - - - znc - /secrets/znc_passwords - /sysusers.d/1znc.conf - /tmpfiles.d/0znc.conf - /etc/znc/znc.conf - - - - - - 5535 - - - - - - self-signed - self-signed - letsencrypt - - - - - - - - - - - - - - - port - True - outgoing_ports - - - diff --git a/seed/znc/dictionaries/40_znc.yml b/seed/znc/dictionaries/40_znc.yml new file mode 100644 index 00000000..763866b1 --- /dev/null +++ b/seed/znc/dictionaries/40_znc.yml @@ -0,0 +1,81 @@ +--- +version: 1.1 + +network: + + incoming_ports: + redefine: true + default: + - 5535 + outgoing_ports: + redefine: true + default: + jinja: |- + {%- for port in general.znc.servers.port | unique %} + {{ port }} + {%- endfor -%} + +znc: # IRC Bouncer ZNC + + external_domain_name: + description: External domain name + examples: + - irc.example.net + type: domainname + + crt_provider: + description: Type of certificate autority signing external certificate + help: >- + The certificate can be self-signed (therefore invalid by default for the + client) or obtained via the Let's Encrypt service (generally valid for + the client) + mode: basic + choices: + - self-signed + - letsencrypt + default: self-signed + + user_name: + description: IRC and ZNC username + examples: + - jdoe + type: unix_user + + user_password: + description: ZNC user password + examples: + - JD0eP@ss + type: secret + + real_name: + description: Real IRC user name + examples: + - John Doe + + servers: + description: Serveurs IRC + type: leadership + + server_names: + description: IRC domain name + examples: + - irc.oftc.net + type: domainname + + password: + description: IR user passwordC + examples: + - p@ssw0rd + type: secret + + port: + description: TLS port of server IRC + type: port + default: 6697 + hidden: true + + channels: + description: IRC channels + examples: + - example + multi: true diff --git a/seed/znc/extras/machine/20_unbound.xml b/seed/znc/extras/machine/20_unbound.xml deleted file mode 100644 index c8842485..00000000 --- a/seed/znc/extras/machine/20_unbound.xml +++ /dev/null @@ -1,17 +0,0 @@ - - - - - 256 - - - False - - - False - - - 512 - - - diff --git a/seed/znc/extras/machine/20_unbound.yml b/seed/znc/extras/machine/20_unbound.yml new file mode 100644 index 00000000..789bb984 --- /dev/null +++ b/seed/znc/extras/machine/20_unbound.yml @@ -0,0 +1,19 @@ +--- +version: 1.1 + +var_size: + redefine: true + default: 256 + +add_tmp: + redefine: true + default: false + +add_swap: + redefine: true + default: false + +memory: + redefine: true + exists: true + default: 512