feat: upgrate to format 1.1

This commit is contained in:
egarette@silique.fr 2024-10-01 13:18:45 +02:00
parent 0df0c1e80b
commit 43b00863ae
246 changed files with 4768 additions and 3926 deletions

View file

@ -1,3 +1,4 @@
---
format: '0.1' format: '0.1'
description: Apache as web server description: Apache as web server
website: https://httpd.apache.org/ website: https://httpd.apache.org/

View file

@ -1,25 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<rougail version="0.10">
<services>
<service name="httpd" target="multi-user">
<file engine="none">/etc/httpd/conf/httpd.conf</file>
<file engine="ansible">/etc/httpd/conf.d/risotto.conf</file>
<file engine="ansible">/etc/httpd/conf.d/ssl.conf</file>
<file engine="none" source="sysuser-httpd.conf">/sysusers.d/httpd.conf</file>
<file engine="none" source="tmpfile-httpd.conf">/tmpfiles.d/0httpd.conf</file>
</service>
</services>
<variables>
<family name="nginx">
<variable name="php_fpm_user" redefine="True" exists="True">
<value>apache</value>
</variable>
</family>
<family name="apache" description="Apache" help="Advance Apache web server settings" mode="expert">
<variable name="apache_timeout" type="number" description="Amount of time the server will wait for certain events before failing a request" help="Time in seconds">
<value>300</value>
</variable>
<variable name="apache_keepalive" type="boolean" description="Enables HTTP persistent connections" mode="expert"/>
</family>
</variables>
</rougail>

View file

@ -0,0 +1,23 @@
---
version: 1.1
nginx:
php_fpm_user:
redefine: true
exists: true
default: apache
apache:
description: Apache
help: Advance Apache web server settings
mode: advanced
apache_timeout:
description: >-
Amount of time the server will wait for certain events before failing a
request
help: Time in seconds
default: 300
apache_keepalive: true # Enables HTTP persistent connections

View file

@ -1,3 +1,4 @@
---
format: '0.1' format: '0.1'
description: Base information of a Debian Bulleye server description: Base information of a Debian Bulleye server
website: https://www.debian.org/ website: https://www.debian.org/

View file

@ -1,13 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<rougail version="0.10">
<services>
<service name="dnssec" manage="False">
<file engine="ansible">/etc/dnssec-trust-anchors.d/local.negative</file>
</service>
</services>
<variables>
<variable name="os_version" type="string" description="Version de l'OS" hidden="True">
<value>bullseye</value>
</variable>
</variables>
</rougail>

View file

@ -0,0 +1,7 @@
---
version: 1.1
os_version:
description: Version de l'OS
hidden: true
default: bullseye

View file

@ -1,3 +1,4 @@
---
format: '0.1' format: '0.1'
description: Base information of a Debian server description: Base information of a Debian server
website: https://www.debian.org/ website: https://www.debian.org/

View file

@ -1,26 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<rougail version="0.10">
<services>
<service name="systemd-networkd">
<override engine="none"/>
</service>
<service name='logrotate' disabled="True"/>
<service name="debian" manage="False">
<file engine="none" source="tmpfile-tmp.conf">/tmpfiles.d/0tmp.conf</file>
<file engine="none">/etc/default/locale</file>
<file engine="none" source="sysuser-debian.conf">/sysusers.d/debian.conf</file>
</service>
<service name='apt-daily' disabled="True"/>
<service name='apt-daily' disabled="True" type="timer"/>
<service name='apt-daily-upgrade' disabled="True"/>
<service name='apt-daily-upgrade' disabled="True" type="timer"/>
<service name='avahi-daemon' disabled="True"/>
<service name='cron' disabled="True"/>
</services>
<variables>
<variable name="os_name" type="string" description="Nom de l'OS" hidden="True">
<value>Debian</value>
</variable>
</variables>
</rougail>

View file

@ -0,0 +1,7 @@
---
version: 1.1
os_name:
description: Nom de l'OS
hidden: true
default: Debian

View file

@ -1,17 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<rougail version="0.10">
<services>
<service name="update-ca-certificates" engine="ansible" target="multi-user"/>
</services>
<variables>
<variable name="tls_ca_directory" type="filename" description="Répertoire des autorités de certification" hidden="True">
<value>/etc/ssl-localca</value>
</variable>
<variable name="tls_cert_directory" type="filename" description="Répertoire des certificats" hidden="True">
<value>/etc/ssl/certs</value>
</variable>
<variable name="tls_key_directory" type="filename" description="Répertoire des clefs privés" hidden="True">
<value>/etc/ssl/private</value>
</variable>
</variables>
</rougail>

View file

@ -0,0 +1,20 @@
---
version: 1.1
tls_ca_directory:
type: unix_filename
description: Répertoire des autorités de certification
hidden: true
default: /etc/ssl-localca
tls_cert_directory:
type: unix_filename
description: Répertoire des certificats
hidden: true
default: /etc/ssl/certs
tls_key_directory:
type: unix_filename
description: Répertoire des clefs privés
hidden: true
default: /etc/ssl/private

View file

@ -1,3 +1,4 @@
---
format: '0.1' format: '0.1'
description: Base information of a Fedora 35 description: Base information of a Fedora 35
website: https://getfedora.org/ website: https://getfedora.org/

View file

@ -1,8 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<rougail version="0.10">
<variables>
<variable name="os_version" type="string" description="Version de l'OS" hidden="True">
<value>35</value>
</variable>
</variables>
</rougail>

View file

@ -0,0 +1,7 @@
---
version: 1.1
os_version:
description: Version de l'OS
hidden: true
default: '35'

View file

@ -1,3 +1,4 @@
---
format: '0.1' format: '0.1'
description: Base information of a Fedora 36 description: Base information of a Fedora 36
website: https://getfedora.org/ website: https://getfedora.org/

View file

@ -1,13 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<rougail version="0.10">
<services>
<service name="base">
<file engine="none">/etc/pam.d/login</file>
</service>
</services>
<variables>
<variable name="os_version" type="string" description="Version de l'OS" hidden="True">
<value>36</value>
</variable>
</variables>
</rougail>

View file

@ -0,0 +1,7 @@
---
version: 1.1
os_version:
description: Version de l'OS
hidden: true
default: '36'

View file

@ -1,3 +1,4 @@
---
format: '0.1' format: '0.1'
description: Base information of a Fedora 37 description: Base information of a Fedora 37
website: https://getfedora.org/ website: https://getfedora.org/

View file

@ -1,13 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<rougail version="0.10">
<!--services>
<service name="base">
<file engine="none">/etc/pam.d/login</file>
</service>
</services-->
<variables>
<variable name="os_version" type="string" description="Version de l'OS" hidden="True">
<value>37</value>
</variable>
</variables>
</rougail>

View file

@ -0,0 +1,7 @@
---
version: 1.1
os_version:
description: Version de l'OS
hidden: true
default: '37'

View file

@ -1,3 +1,4 @@
---
format: '0.1' format: '0.1'
description: Base information of a Fedora 38 description: Base information of a Fedora 38
website: https://getfedora.org/ website: https://getfedora.org/

View file

@ -1,13 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<rougail version="0.10">
<!--services>
<service name="base">
<file engine="none">/etc/pam.d/login</file>
</service>
</services-->
<variables>
<variable name="os_version" type="string" description="Version de l'OS" hidden="True">
<value>38</value>
</variable>
</variables>
</rougail>

View file

@ -0,0 +1,7 @@
---
version: 1.1
os_version:
description: Version de l'OS
hidden: true
default: '38'

View file

@ -1,3 +1,4 @@
---
format: '0.1' format: '0.1'
description: Base information of a Fedora description: Base information of a Fedora
website: https://getfedora.org/ website: https://getfedora.org/

View file

@ -1,15 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<rougail version="0.10">
<services>
<service name="fedora-base" manage="False">
<file engine="none">/tmpfiles.d/fedora.conf</file>
</service>
<service name='logrotate' disabled="True"/>
<service name='logrotate' disabled="True" type="timer"/>
</services>
<variables>
<variable name="os_name" type="string" description="Nom de l'OS" hidden="True">
<value>Fedora</value>
</variable>
</variables>
</rougail>

View file

@ -0,0 +1,7 @@
---
version: 1.1
os_name:
description: Nom de l'OS
hidden: true
default: Fedora

View file

@ -1,17 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<rougail version="0.10">
<services>
<service name="update-ca-trust" engine="ansible" target="multi-user"/>
</services>
<variables>
<variable name="tls_ca_directory" type="filename" description="Nom du répertoire des autorités de certification" hidden="True">
<value>/etc/pki/ca-trust/source/anchors</value>
</variable>
<variable name="tls_cert_directory" type="filename" description="Nom du répertoire des certificats" hidden="True">
<value>/etc/pki/tls/certs</value>
</variable>
<variable name="tls_key_directory" type="filename" description="Nom du répertoire des clefs privés" hidden="True">
<value>/etc/pki/tls/private</value>
</variable>
</variables>
</rougail>

View file

@ -0,0 +1,20 @@
---
version: 1.1
tls_ca_directory:
type: unix_filename
description: Nom du répertoire des autorités de certification
hidden: true
default: /etc/pki/ca-trust/source/anchors
tls_cert_directory:
type: unix_filename
description: Nom du répertoire des certificats
hidden: true
default: /etc/pki/tls/certs
tls_key_directory:
type: unix_filename
description: Nom du répertoire des clefs privés
hidden: true
default: /etc/pki/tls/private

View file

@ -1,3 +1,4 @@
---
format: '0.1' format: '0.1'
description: Base information for a machine description: Base information for a machine
depends: depends:

View file

@ -1,60 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<rougail version="0.10">
<services>
<service name="base" manage="False">
<file engine="none">/etc/locale.conf</file>
</service>
</services>
<variables>
<variable name="hide_secret" type="boolean" description="Les secrets sont obscurcis" mode="expert" help="Obscurcir les secrets peut permettre de générer des configurations diffusable sans problème de confidentialité ou pour comparer deux configurations générés à des moments différents" hidden="True">
<value>False</value>
</variable>
<family name="base">
<variable name="time_zone" provider="Host:time_zone" hidden="True"/>
</family>
<variable name="module_name" type="string" hidden="True" provider="global:module_name" mandatory="True"/>
<family name="network" description="Réseau">
<variable name="server_name" description="Nom de domaine du serveur" type="domainname" hidden="True" provider="global:server_name" mandatory="True"/>
<variable name="last_server_name" type="domainname" hidden="True"/>
<variable name="zones_list" type="string" multi="True" description="Liste de toutes les zones" mandatory="True" hidden="True" provider="global:zones_name"/>
<variable name="interfaces_list" type="number" multi="True" description="Liste de tous les numéros d'interfaces" hidden="True" provider="global:zones_list"/>
<family name="interface_" description="Interface " dynamic="interfaces_list">
<variable name="zone_name_eth" type="string" description="Nom de la zone de l'interface " hidden="True" mandatory="True"/>
<variable name="ip_eth" type="ip" description="Adresse IP pour l'interface " hidden="True" mandatory="True"/>
<variable name="network_eth" type="network_cidr" description="Réseau de l'interface " hidden="True"/>
<variable name="gateway_eth" type="ip" description="La route de l'interface " hidden="True"/>
<variable name="domain_name_eth" type="domainname" description="Nom de domaine pour l'interface " mandatory="True" hidden="True" provider="global:server_names"/>
</family>
</family>
</variables>
<constraints>
<fill name="get_ip">
<param type="information">zones</param>
<param name="server_name" type="variable">domain_name_eth</param>
<target>ip_eth</target>
</fill>
<fill name="get_zone_name">
<param type="variable">zones_list</param>
<param name="index" type="suffix"/>
<target>zone_name_eth</target>
</fill>
<fill name="get_zones_info">
<param type="information">zones</param>
<param>network</param>
<param type="variable" name="zone_name">zone_name_eth</param>
<target>network_eth</target>
</fill>
<fill name="get_zones_info">
<param type="information">zones</param>
<param>host_ip</param>
<param type="variable" name="zone_name">zone_name_eth</param>
<param name="index" type="suffix"/>
<target>gateway_eth</target>
</fill>
<fill name="get_last_server_name">
<param type="variable">domain_name_eth</param>
<target>last_server_name</target>
</fill>
</constraints>
</rougail>

View file

@ -0,0 +1,129 @@
---
version: 1.1
hide_secret:
description: Les secrets sont obscurcis
mode: advanced
help: >-
Obscurcir les secrets peut permettre de générer des configurations
diffusable sans problème de confidentialité ou pour comparer deux
configurations générés à des moments différents
hidden: true
default: false
base:
time_zone:
provider: Host:time_zone
hidden: true
mandatory: false
module_name:
hidden: true
provider: global:module_name
network:
server_name:
description: Nom de domaine du serveur
type: domainname
hidden: true
provider: global:server_name
last_server_name:
type: domainname
hidden: true
default:
jinja: >-
{%- if domain_name -%}
{{ domain_name[-1] }}
{%- endif -%}
params:
domain_name:
variable: >-
_.interface_{{ suffix }}.domain_name
zones_list:
multi: true
description: Liste de toutes les zones
hidden: true
provider: global:zones_name
interfaces_list:
type: number
multi: true
description: Liste de tous les numéros d'interfaces
hidden: true
provider: global:zones_list
mandatory: false
"interface_{{ suffix }}":
description: 'Interface {{ suffix }}'
dynamic:
variable: general.network.interfaces_list
zone_name:
description: "Nom de la zone de l'interface {{ suffix }}"
hidden: true
default:
jinja: >-
{%- if __.zones_list -%}
{{ __.zones_list[index] }}
{%- endif -%}
params:
index:
type: suffix
ip:
type: ip
description: "Adresse IP pour l'interface {{ suffix }}"
hidden: true
default:
jinja: >-
{{ zones | get_ip(server_name=_.domain_name) }}
params:
zones:
information: zones
network:
type: network_cidr
description: "Réseau de l'interface {{ suffix }}"
hidden: true
default:
jinja: >-
{{ zones | get_zones_info("network", zone_name=_.zone_name) }}
params:
zones:
information: zones
gateway:
type: ip
description: "La route de l'interface {{ suffix }}"
hidden: true
default:
jinja: >-
{{ zones | get_zones_info("host_ip",
zone_name=_.zone_name,
index=index)
}}
params:
zones:
information: zones
index:
type: suffix
disabled:
jinja: >-
{%- if index == 0 -%}
false
{%- else -%}
true
{%- endif -%}
params:
index:
type: suffix
domain_name:
type: domainname
description: "Nom de domaine pour l'interface {{ suffix }}"
hidden: true
provider: global:server_names

View file

@ -1,14 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<rougail version="0.10">
<variables>
<variable name='name' description="Machine name" type="domainname" hidden="True"/>
<variable name='data_disk_size' description="Data disk size" type="number"/>
</variables>
<constraints>
<fill name="calc_value">
<param type="variable">server_name</param>
<target>machine.name</target>
</fill>
</constraints>
</rougail>

View file

@ -0,0 +1,14 @@
---
version: 1.1
name:
description: Machine name
type: domainname
hidden: true
default:
variable: general.network.server_name
data_disk_size:
description: Data disk size
type: number
mandatory: false

View file

@ -76,15 +76,3 @@ def _set_password(server_name: str,
with open(file_name, 'r') as fh: with open(file_name, 'r') as fh:
file_content = fh.read().strip() file_content = fh.read().strip()
return file_content return file_content
def get_zone_name(zones: list,
index: str,
):
if zones is not None:
return zones[int(index)]
def get_last_server_name(server_names):
if server_names:
return server_names[-1]

View file

@ -1,2 +1,3 @@
---
format: '0.1' format: '0.1'
description: Base of all application services description: Base of all application services

View file

@ -1,17 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<rougail version="0.10">
<variables>
<variable name="copy_tests" type="boolean" mandatory="True" hidden="True"/>
</variables>
<constraints>
<fill name="calc_value">
<param type="information">copy_tests</param>
<target>copy_tests</target>
</fill>
<condition name="disabled_if_in" source="copy_tests">
<param>False</param>
<target type="filelist" optional="True">copy_tests</target>
</condition>
</constraints>
</rougail>

View file

@ -0,0 +1,16 @@
---
version: 1.1
copy_tests:
type: boolean
hidden: true
default:
jinja: >-
{%- if copy_tests -%}
true
{%- else -%}
false
{%- endif -%}
params:
copy_tests:
information: copy_tests

View file

@ -60,12 +60,3 @@ def get_zones_info(zones: dict,
continue continue
ret.append(val) ret.append(val)
return ret return ret
def get_first_value(lst: list):
if lst:
if isinstance(lst[0], list):
if lst[0] and lst[0][0]:
return lst[0][0]
else:
return lst[0]

View file

@ -1,2 +1,3 @@
---
format: '0.1' format: '0.1'
description: DNS client with resolution on all zones (especially outside) description: DNS client with resolution on all zones (especially outside)

View file

@ -1,11 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<rougail version="0.10">
<variables>
<family name="network">
<variable name="dns_is_only_local" redefine="True" hidden="True">
<value>False</value>
</variable>
<variable name="dns_client_address" redefine="True" supplier="ExternalDNS" hidden="True"/>
</family>
</variables>
</rougail>

View file

@ -0,0 +1,14 @@
---
version: 1.1
network:
dns_is_only_local:
redefine: true
hidden: true
default: false
dns_client_address:
redefine: true
supplier: ExternalDNS
hidden: true

View file

@ -1,2 +1,3 @@
---
format: '0.1' format: '0.1'
description: DNS client with access to local zones description: DNS client with access to local zones

View file

@ -1,24 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<rougail version="0.10">
<services>
<service name="dns-local" manage="False">
<file engine="ansible" filelist="copy_tests">/tests/dns-local.yml</file>
</service>
</services>
<variables>
<family name="network">
<variable name="dns_is_only_local" type="boolean" description="DNS resolve only local address" hidden="True">
<value>True</value>
</variable>
<variable name="dns_client_address" type="domainname" supplier="LocalDNS" hidden="True" mandatory="True"/>
<variable name="ip_dns" type="ip" description="Adresse IP du serveur DNS" hidden="True"/>
</family>
</variables>
<constraints>
<fill name="get_ip">
<param type="information">zones</param>
<param name="server_name" type="variable">dns_client_address</param>
<target>ip_dns</target>
</fill>
</constraints>
</rougail>

View file

@ -0,0 +1,25 @@
---
version: 1.1
network:
dns_is_only_local:
description: DNS resolve only local address
hidden: true
default: true
dns_client_address:
type: domainname
supplier: LocalDNS
hidden: true
ip_dns:
type: ip
description: Adresse IP du serveur DNS
hidden: true
default:
jinja: >-
{{ zones | get_ip(server_name=general.network.dns_client_address) }}
params:
zones:
information: zones

View file

@ -1,6 +1,10 @@
---
format: '0.1' format: '0.1'
description: Postfix and Dovecot as mail servers (IMAP and submission) description: Postfix and Dovecot as mail servers (IMAP and submission)
help: "This application service provides email server. Two servers are used: Dovecot as IMAP server and Postfix as submission server. In addition, an auto-detection file of the email configuration is set up." help: |-
This application service provides email server. Two servers are used:
Dovecot as IMAP server and Postfix as submission server.
In addition, an auto-detection file of the email configuration is set up.
website: https://www.dovecot.org/ website: https://www.dovecot.org/
depends: depends:
- base-fedora-36 - base-fedora-36

View file

@ -1,131 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<rougail version="0.10">
<services>
<service name="postfix" target="multi-user">
<override engine="none"/>
<certificate format="pem" authority="External" type="server" domain="submission_domainname" provider="mail_crt_provider" certificate_type="variable">submission_domainname</certificate>
<certificate format="pem" server="last_server_name" domain="last_server_name" authority="InternalMail" owner="postfix" type="server">postfixlocal</certificate>
<certificate authority="Mail" owner="postfix" type="server">postfix</certificate>
<certificate authority="LDAP" owner="postfix" server="ldap_server_address">postfix_ldap_client</certificate>
<file engine="none" source="sysuser-postfix.conf">/sysusers.d/1postfix.conf</file>
<file engine="none" source="tmpfile-postfix.conf">/tmpfiles.d/0postfix.conf</file>
<file engine="ansible">/etc/postfix/main.cf</file>
<file engine="none">/etc/postfix/master.cf</file>
<file engine="ansible">/etc/postfix/relay_passwd</file>
<file engine="ansible">/etc/postfix/ldapsource.cf</file>
<file engine="ansible">/etc/postfix/sni</file>
<file engine="ansible" mode="700">/sbin/risotto_backup</file>
</service>
<service name='dovecot-init'>
<override engine="none"/>
<file engine="none">/etc/nginx/default.d/autoconfig.conf</file>
</service>
<service name='nginx'>
<file engine="ansible" source='config-v1.1.xml' file_type="variable" variable="mail_domains">well_known_filenames</file>
</service>
<service name="dovecot" target="multi-user">
<certificate authority="External" type="server" domain="imap_domainname" provider="mail_crt_provider" certificate_type="variable">imap_domainname</certificate>
<certificate authority="IMAP" domain="last_server_name" owner="dovecot" type="server">dovecot</certificate>
<file engine="none" source="sysuser-dovecot.conf">/sysusers.d/1dovecot.conf</file>
<file engine="none" source="tmpfile-dovecot.conf">/tmpfiles.d/0dovecot.conf</file>
<file engine='none'>/etc/dovecot/conf.d/10-logging.conf</file>
<file engine='none'>/etc/dovecot/conf.d/10-auth.conf</file>
<file engine='none'>/etc/dovecot/conf.d/10-mail.conf</file>
<file engine="ansible">/etc/dovecot/conf.d/10-master.conf</file>
<file engine="ansible">/etc/dovecot/conf.d/10-ssl.conf</file>
<file engine='none'>/etc/dovecot/conf.d/15-ldap.conf</file>
<file engine='none'>/etc/dovecot/conf.d/30-service-stats.conf</file>
<file engine='none'>/etc/dovecot/conf.d/00-risotto.conf</file>
<!--plain authentification-->
<file engine="none">/etc/dovecot/conf.d/auth-ldap.conf.ext</file>
<file engine="ansible">/etc/dovecot/dovecot-ldap.conf.ext</file>
<!--oauth2 authentification-->
<file engine="none">/etc/dovecot/conf.d/auth-oauth2.conf.ext</file>
<file engine="ansible">/etc/dovecot/dovecot-oauth2.conf.ext</file>
<!--internal authentification-->
<file engine="ansible" filelist="copy_tests">/tests/imap.yml</file>
</service>
</services>
<variables>
<family name="network">
<variable name="incoming_ports" redefine="True">
<value>587</value>
<value>993</value>
</variable>
</family>
<family name="ldap">
<family name="client">
<variable name='ldapclient_family' redefine="True">
<value>all</value>
</variable>
<variable name="ldap_key_file_owner" redefine="True">
<value>dovecot</value>
</variable>
</family>
</family>
<family name="mail" description="Mail configuration" help="Configure IMAP servers and submission to access email accounts and send emails">
<family name="domain" description="Mail domain" leadership="True">
<variable name="mail_domains" type="domainname" description="Final destination email address" mandatory="True" multi="True" supplier="LMTP:criteria" test="example.net" help="These domain names are the domain names for emails (user@*example.net*) and for auto configuration of email clients (https://*example.net*/.well-known/autoconfig/mail/config-v1.1.xml)"/>
<variable name="mail_domains_calc" type="domainname" hidden="True"/>
<variable name="imap_domainname" type="domainname" description="External IMAP server address" mandatory="True" test="imap.example.net" help='Matches TLS connections SNI name, if its sent by the client. For some email clients, use in DNS configuration a line like "_submissions._tcp IN SRV 1 587 *imap.example.net*."'/>
<variable name="submission_domainname" type="domainname" description="External submission server address" mandatory="True" test="submission.example.net" help='Matches TLS connections SNI name, if its sent by the client. For some email clients, add in DNS configuration a line like "_imaps._tcp IN SRV 0 1 993 *submission.example.net*."'/>
</family>
<variable name="mail_crt_provider" type="choice" description="Type of certificate autority signing external IMAP and submission domain certificates" mandatory="True" mode="basic" help="The certificate can be self-signed (therefore invalid by default for the client) or obtained via the Let's Encrypt service (generally valid for the client)">
<value>self-signed</value>
<choice>self-signed</choice>
<choice>letsencrypt</choice>
</variable>
</family>
<family name="dovecot" description="IMAP mail server">
<variable name="imap_internal_addresses" type="domainname" description="IMAP server connexion" mandatory="True" provider="IMAP" multi="True" hidden="True"/>
<variable name="well_known_filenames" type="filename" hidden='True' multi="True"/>
</family>
<family name="revprox">
<family name="revprox_client">
<variable name="revprox_client_external_domainnames" redefine="True" hidden="True"/>
<variable name="revprox_client_web_address" redefine="True" hidden="True"/>
</family>
</family>
<family name="nginx" hidden="True">
<variable name="nginx_root" redefine='True'>
<value>/var/www/html</value>
</variable>
</family>
<!-- just for doc ... -->
<family name="oauth2_client" hidden="True"/>
</variables>
<constraints>
<!--fill name="calc_value">
<param type="variable">domain_name_eth0</param>
<target>imap_internal_address</target>
</fill-->
<fill name="calc_value">
<param type="variable">mail_domains</param>
<target>mail_domains_calc</target>
</fill>
<fill name="calc_value">
<param>/var/www/html/mail/</param>
<param type="variable">mail_domains</param>
<param>/autodiscover/autodiscover.xml</param>
<!--param>/config-v1.1.xml</param-->
<param name="join"></param>
<param name="multi" type="boolean">True</param>
<target>well_known_filenames</target>
</fill>
<fill name="calc_well_known">
<param type="index"/>
<param type="variable">domain_name_eth0</param>
<param type="variable">mail_domains</param>
<target>revprox_client_web_address</target>
</fill>
<fill name="calc_domains">
<param type="variable">mail_domains</param>
<target>revprox_client_external_domainnames</target>
</fill>
<fill name="calc_locations">
<param type="variable">revprox_client_external_domainnames</param>
<param type="index"/>
<target>revprox_client_location</target>
</fill>
</constraints>
</rougail>

View file

@ -0,0 +1,142 @@
---
version: 1.1
network:
incoming_ports:
redefine: true
default:
- 587
- 993
ldap:
client:
family:
redefine: true
default: all
key_file_owner:
redefine: true
default: dovecot
revprox:
client:
external_domainnames:
redefine: true
hidden: true
default:
jinja: |-
{%- for domain in general.mail.domain.domains | calc_domains %}
{{ domain }}
{%- endfor -%}
web_address:
redefine: true
hidden: true
default:
jinja: >-
{{ __index |
calc_well_known(general.network.interface_0.domain_name,
general.mail.domain.domains)
}}
params:
__index:
type: index
location:
redefine: true
default:
jinja: >-
{{ _.external_domainnames | calc_locations(index) }}
params:
index:
type: index
mail:
description: Mail configuration
help: >-
Configure IMAP servers and submission to access email accounts and send
emails
domain:
description: Mail domain
type: leadership
domains:
type: domainname
description: Final destination email address
supplier: LMTP:criteria
examples:
- example.net
help: >-
These domain names are the domain names for emails (user@*example.net*)
and for auto configuration of email clients
(https://*example.net*/.well-known/autoconfig/mail/config-v1.1.xml)
imap_domainname:
type: domainname
description: External IMAP server address
examples:
- imap.example.net
help: >-
Matches TLS connections SNI name, if its sent by the client. For some
email clients, use in DNS configuration a line like "_submissions._tcp
IN SRV 1 587 *imap.example.net*."
submission_domainname:
type: domainname
description: External submission server address
examples:
- submission.example.net
help: >-
Matches TLS connections SNI name, if its sent by the client. For some
email clients, add in DNS configuration a line like "_imaps._tcp IN SRV
0 1 993 *submission.example.net*."
crt_provider:
description: >-
Type of certificate autority signing external IMAP and submission
domain certificates
mode: basic
help: >-
The certificate can be self-signed (therefore invalid by default for the
client) or obtained via the Let's Encrypt service (generally valid for
the client)
default: self-signed
choices:
- self-signed
- letsencrypt
dovecot: # IMAP mail server
internal_addresses:
type: domainname
description: IMAP server connexion
provider: IMAP
multi: true
hidden: true
well_known_filenames:
type: unix_filename
hidden: true
multi: true
default:
jinja: |-
{%- for domain in __.mail.domain.domains %}
/var/www/html/mail/{{ domain }}/autodiscover/autodiscover.xml
{%- endfor -%}
nginx:
redefine: true
hidden: true
root:
redefine: true
default: /var/www/html
oauth2:
redefine: true
hidden: true

View file

@ -1,3 +1,4 @@
---
format: '0.1' format: '0.1'
description: Forgejo, a community managed lightweight code hosting solution description: Forgejo, a community managed lightweight code hosting solution
website: https://forgejo.org/ website: https://forgejo.org/

View file

@ -1,127 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<rougail version="0.10">
<services>
<service name="forgejo" target="multi-user" engine="ansible">
<file engine="none" source="sysuser-forgejo.conf">/sysusers.d/0forgejo.conf</file>
<file engine="none" source="tmpfile-forgejo.conf">/tmpfiles.d/0forgejo.conf</file>
<file engine="ansible">/etc/forgejo/app.ini</file>
<file engine="ansible" filelist="copy_tests">/tests/forgejo.yml</file>
</service>
</services>
<variables>
<family name="network">
<variable name="incoming_ports" redefine="True">
<value>2222</value>
</variable>
</family>
<family name="redis" description="Redis">
<variable name="redis_client_key_owner" redefine="True">
<value>forgejo</value>
</variable>
</family>
<family name="forgejo" description="Forgejo" help="Git forge Forgejo">
<variable name="forgejo_title" mandatory="True" description="Titre de la forge" mode="basic">
<value>Forgejo : Au-delà du développement. Nous forgeons.</value>
</variable>
<variable name="forgejo_mail_sender" type="mail" description="Les courriels sont envoyés à partir de cet adresse" mandatory="True" test="admin@example.net"/>
<variable name="forgejo_secret_key" type="password" hidden="True"/>
<variable name="forgejo_internal_token" type="password" hidden="True"/>
<variable name="forgejo_lfs_jwt_secret" type="password" hidden="True"/>
<variable name="forgejo_jwt_secret" type="password" hidden="True"/>
</family>
<family name="revprox">
<family name="revprox_client">
<variable name="revprox_client_local_location" redefine="True">
<value>/</value>
</variable>
</family>
<variable name="revprox_client_port" redefine="True">
<value>3000</value>
</variable>
<variable name="revprox_client_cert_owner" redefine="True">
<value>forgejo</value>
</variable>
</family>
<family name="oauth2_client">
<variable name="oauth2_is_client_application" redefine='True'>
<value>True</value>
</variable>
<variable name="oauth2_client_name" redefine='True'>
<value>Forge</value>
</variable>
<variable name="oauth2_client_description" redefine='True'>
<value>Forge logiciel Forgejo</value>
</variable>
<variable name="oauth2_client_category" redefine='True'>
<value>Développement</value>
</variable>
<variable name="oauth2_client_logo" redefine='True'>
<value>silique_note.png</value>
</variable>
<variable name="oauth2_client_token_signature_algo" redefine="True">
<value>RS256</value>
</variable>
<family name="external">
<variable name="oauth2_client_external" redefine="True" remove_fill="True"/>
</family>
</family>
<family name="postgresql">
<variable name="pg_client_key_owner" redefine="True">
<value>forgejo</value>
</variable>
</family>
</variables>
<constraints>
<fill name="get_password">
<param name="server_name" type="variable">domain_name_eth0</param>
<param name="username">secret_key</param>
<param name="description">forgejo</param>
<param name="type">cleartext</param>
<param name="hide" type="variable">hide_secret</param>
<param name="length" type="number">105</param>
<target>forgejo_secret_key</target>
</fill>
<fill name="get_password">
<param name="server_name" type="variable">domain_name_eth0</param>
<param name="username">internal_token</param>
<param name="description">forgejo</param>
<param name="type">cleartext</param>
<param name="hide" type="variable">hide_secret</param>
<param name="length" type="number">105</param>
<target>forgejo_internal_token</target>
</fill>
<fill name="get_password">
<param name="server_name" type="variable">domain_name_eth0</param>
<param name="username">lfs_jwt_secret</param>
<param name="description">forgejo</param>
<param name="type">cleartext</param>
<param name="hide" type="variable">hide_secret</param>
<param name="length" type="number">43</param>
<target>forgejo_lfs_jwt_secret</target>
</fill>
<fill name="get_password">
<param name="server_name" type="variable">domain_name_eth0</param>
<param name="username">jwt_secret</param>
<param name="description">forgejo</param>
<param name="type">cleartext</param>
<param name="hide" type="variable">hide_secret</param>
<param name="length" type="number">43</param>
<target>forgejo_jwt_secret</target>
</fill>
<fill name="calc_oauth2_client_login">
<param type="variable" optional="True">revprox_client_external_domainnames</param>
<param type="variable" optional="True">revprox_client_location</param>
<param>user/oauth2/</param>
<param type="variable">domain_name_eth0</param>
<param>/callback</param>
<target>oauth2_client_login</target>
</fill>
<fill name="calc_oauth2_client_external">
<param type="variable">revprox_client_external_domainnames</param>
<param type="variable">revprox_client_location</param>
<param>user/oauth2/</param>
<param type="variable">domain_name_eth0</param>
<target>oauth2_client_external</target>
</fill>
</constraints>
</rougail>

View file

@ -0,0 +1,164 @@
---
version: 1.1
network:
incoming_ports:
redefine: true
default:
- 2222
forgejo:
description: Forgejo
help: Git forge Forgejo
title:
description: Titre de la forge
mode: basic
default: 'Forgejo : Au-delà du développement. Nous forgeons.'
mail_sender:
description: Les courriels sont envoyés à partir de cet adresse
examples:
- admin@example.net
type: mail
secret_key:
type: secret
default:
jinja: >-
{{ "secret_key" |
get_password(server_name=general.network.interface_0.domain_name,
description="forgejo",
type="cleartext",
hide=general.hide_secret,
length=105)
}}
hidden: true
internal_token:
type: secret
default:
jinja: >-
{{ "internal_token" |
get_password(server_name=general.network.interface_0.domain_name,
description="forgejo",
type="cleartext",
hide=general.hide_secret, length=105)
}}
hidden: true
lfs_jwt_secret:
type: secret
default:
jinja: >-
{{ "lfs_jwt_secret" |
get_password(server_name=general.network.interface_0.domain_name,
description="forgejo",
type="cleartext",
hide=general.hide_secret,
length=43)
}}
hidden: true
jwt_secret:
type: secret
default:
jinja: >-
{{ "jwt_secret" |
get_password(server_name=general.network.interface_0.domain_name,
description="forgejo",
type="cleartext",
hide=general.hide_secret,
length=43)
}}
hidden: true
revprox:
client:
local_location:
redefine: true
default: /
client_port:
redefine: true
default: 3000
client_cert_owner:
redefine: true
default: forgejo
redis:
client:
key_owner:
redefine: true
default: forgejo
oauth2:
client:
is_client_application:
redefine: true
default: true
name:
redefine: true
default: Forge
description:
redefine: true
default: Forge logiciel Forgejo
category:
redefine: true
default: Développement
logo:
redefine: true
default: silique_note.png
login:
redefine: true
default:
jinja: >-
{{ general.revprox.client.external_domainnames |
calc_oauth2_client_login(
general.revprox.client.location,
"user/oauth2/",
general.network.interface_0.domain_name,
"/callback"
)
}}
token_signature_algo:
redefine: true
default: RS256
external:
external:
redefine: true
default:
jinja: |-
{%- for domain in
general.revprox.client.external_domainnames |
calc_oauth2_client_external(
general.revprox.client.location,
"user/oauth2/",
general.network.interface_0.domain_name)
%}
{{ domain }}
{%- endfor -%}
postgresql:
client:
key_owner:
redefine: true
default: forgejo

View file

@ -1,139 +0,0 @@
---
gitea: none
include_toc: true
---
[Return to the list of application services.](../README.md)
# gitea
## Synopsis
Transitional package for Gitea to Forgejo.
## Example
Zone names are provided as examples. Think about adapting with the value of provider_zone in configuration file.
```
gitea:
applicationservice: gitea
zones_name:
- localdns
- oauth2
- postgresql
- redis
- reverseproxy
- smtp
values:
general.revprox.revprox_client.revprox_client_external_domainnames:
- service.example.net
```
## Basic variables
### General
#### Reverse proxy
##### Clients configuration
This family is a leadership.
| Parameter | Comment |
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------|
| **[general.revprox.revprox_client.revprox_client_external_domainnames](dictionaries/21_revprox_client.xml)**<br/>mandatory, multiple<br/>**Type:** [`domainname`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Service external domain name.<br/>**Example:** service.example.net |
| **[general.revprox.revprox_client.revprox_client_location](dictionaries/21_revprox_client.xml)**<br/>mandatory<br/>**Type:** [`filename`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | URI to route request to the correct service.<br/>**Default:** / |
#### Forgejo
Git forge Forgejo.
| Parameter | Comment |
|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------|
| **[general.forgejo.forgejo_title](dictionaries/31_forgejo.xml)**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Titre de la forge.<br/>**Default:** Forgejo : Au-delà du développement. Nous forgeons. |
## Variables
### General
#### Reverse proxy
##### Clients configuration
This family is a leadership.
| Parameter | Comment |
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------|
| **[general.revprox.revprox_client.revprox_client_max_body_size](dictionaries/21_revprox_client.xml)**<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | The maximum allowed size of the client request body. |
#### OAuth2 client
| Parameter | Comment |
|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------|
| **[general.oauth2_client.oauth2_client_name](dictionaries/31_forgejo.xml)**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | OAuth2 client name.<br/>**Default:** Forge<br/>**Example:** example |
| **[general.oauth2_client.oauth2_client_description](dictionaries/31_forgejo.xml)**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | OAuth2 client description.<br/>**Default:** Forge logiciel Forgejo<br/>**Example:** Example description |
| **[general.oauth2_client.oauth2_client_login](dictionaries/30_oauth2_client.xml)**<br/>**Type:** [`web_address`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | OAuth2 URL to valid login.<br/>**Default:** *calculated* |
##### external
| Parameter | Comments |
|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------|
| **[general.oauth2_client.external.oauth2_client_external](dictionaries/31_forgejo.xml)**<br/>mandatory, multiple<br/>**Type:** [`web_address`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | OAuth2 client external.<br/>**Default:** *calculated* |
| **[general.oauth2_client.external.oauth2_client_family](dictionaries/30_oauth2_client.xml)**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | OAuth2 family.<br/>**Default:** users |
| Parameter | Comment |
|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------|
| **[general.oauth2_client.oauth2_client_category](dictionaries/31_forgejo.xml)**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | OAuth2 category.<br/>**Default:** Développement |
| **[general.oauth2_client.oauth2_client_logo](dictionaries/31_forgejo.xml)**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | OAuth2 logo.<br/>**Default:** silique_note.png |
#### Forgejo
Git forge Forgejo.
| Parameter | Comment |
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------|
| **[general.forgejo.forgejo_mail_sender](dictionaries/31_forgejo.xml)**<br/>mandatory<br/>**Type:** [`mail`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Les courriels sont envoyés à partir de cet adresse.<br/>**Default:** *calculated*<br/>**Example:** admin@example.net |
#### Transitional family
| Parameter | Comments |
|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------|
| **[general.gitea.gitea_mail_sender](dictionaries/32_gitea.xml)**<br/>**Type:** [`mail`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Transitional variable, please do not use it. |
## Requirements services
### Mandatories
- [LocalDNS](../README.LocalDNS.md): DNS forwarder for local domain name.
- [SMTP](../README.SMTP.md): Create a SMTP relay account and authorize sending email.
- [ReverseProxy](../README.ReverseProxy.md): Register to service to a reverse proxy server.
- [Postgresql](../README.Postgresql.md): Create account and connexion to a PostgreSQL server.
- [OAuth2](../README.OAuth2.md): Remote clients needing to verify OAuth2 account.
- [Redis](../README.Redis.md): Create account and connexion to a Redis server.
### Optionals
- [Journald](../README.Journald.md): Concentrate journal messages on one host.
## Dependances
- [forgejo](../forgejo/README.md): Forgejo, a community managed lightweight code hosting solution.
- [base-fedora-38](../base-fedora-38/README.md): Base information of a Fedora 38.
- [base-fedora](../base-fedora/README.md): Base information of a Fedora.
- [systemd](../systemd/README.md): Systemd, a system and service manager.
- [base-machine](../base-machine/README.md): Base information for a machine.
- [base](../base/README.md): Base of all application services.
- [dns-local](../dns-local/README.md): DNS client with access to local zones.
- [pki-tls](../pki-tls/README.md): Autosign PKI or Let's encrypt support for TLS certificates.
- [journald](../journald/README.md): Journald.
- [resolved](../resolved/README.md): Resolved.
- [postgresql-client](../postgresql-client/README.md): Application service needs interact with a Postgresql server.
- [reverse-proxy-client](../reverse-proxy-client/README.md): Application service needs interact with a a reverse proxy server.
- [relay-mail-client](../relay-mail-client/README.md): Client SMTP.
- [redis-client](../redis-client/README.md): Application service needs interact with a Redis server.
- [redis-common](../redis-common/README.md): Redis, an in-memory data structure store.
- [oauth2-client](../oauth2-client/README.md): Application service needs interact with a Oauth2 server.

View file

@ -1,5 +0,0 @@
format: '0.1'
description: Transitional package for Gitea to Forgejo
depends:
- forgejo
service: true

View file

@ -1,17 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<rougail version="0.10">
<services>
<service name="gitea" target="risotto" engine="cheetah"/>
</services>
<variables>
<family name="gitea" description="Transitional family">
<variable name="gitea_mail_sender" type="mail" description="Transitional variable, please do not use it"/>
</family>
</variables>
<constraints>
<fill name="calc_value">
<param type="variable">gitea_mail_sender</param>
<target>forgejo_mail_sender</target>
</fill>
</constraints>
</rougail>

View file

@ -1,17 +0,0 @@
[Unit]
Description=Gitea transitional
Before=risotto.target
[Service]
Type=oneshot
ExecStart=/bin/bash -c '%slurp
[ -d /srv/gitea/lib/data/gitea-repositories ] && mv /srv/gitea/lib/data/gitea-repositories /srv/gitea/lib/data/forgejo-repositories; %slurp
[ -d /srv/gitea ] && (mv /srv/gitea/* /srv/forgejo; rmdir /srv/gitea); %slurp
find /srv/forgejo/lib/data/forgejo-repositories/*/*.git/hooks -name gitea | while read a; do b=$(dirname $a); mv $b/gitea $b/forgejo; done; %slurp
sed -i 's/gitea/forgejo/g' /srv/forgejo/lib/data/forgejo-repositories/*/*.git/hooks/proc-receive; %slurp
sed -i 's/gitea/forgejo/g' /srv/forgejo/lib/data/forgejo-repositories/*/*.git/hooks/pre-receive.d/forgejo; %slurp
sed -i 's/gitea/forgejo/g' /srv/forgejo/lib/data/forgejo-repositories/*/*.git/hooks/update.d/forgejo; %slurp
sed -i 's/gitea/forgejo/g' /srv/forgejo/lib/data/forgejo-repositories/*/*.git/hooks/post-receive.d/forgejo; %slurp
sed -i 's/gitea/forgejo/g' /srv/forgejo/lib/data/forgejo-repositories/*/*.git/config; %slurp
exit 0%slurp
'

View file

@ -1,5 +1,7 @@
---
format: '0.1' format: '0.1'
description: Grafana is an analytics and interactive visualization web application description: >
Grafana is an analytics and interactive visualization web application
website: https://grafana.com/ website: https://grafana.com/
depends: depends:
- base-fedora-38 - base-fedora-38

View file

@ -1,67 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<rougail version="0.10">
<services>
<service name="grafana-server" target="multi-user">
<override engine="none"/>
<file engine="ansible">/etc/grafana/grafana.ini</file>
<file engine="ansible">/etc/sysconfig/grafana-server</file>
<file engine="none" source="tmpfile-grafana.conf">/tmpfiles.d/0grafana.conf</file>
</service>
</services>
<variables>
<family name="grafana">
<variable name="admin_password" type="password" description="Mot de passe de l'administrateur" hidden="True"/>
</family>
<family name="revprox">
<family name="revprox_client">
<variable name="revprox_client_local_location" redefine="True">
<value>/</value>
</variable>
</family>
<variable name="revprox_client_port" redefine="True">
<value>3000</value>
</variable>
<variable name="revprox_client_cert_owner" redefine="True">
<value>grafana</value>
</variable>
</family>
<family name="oauth2_client">
<variable name="oauth2_is_client_application" redefine='True'>
<value>True</value>
</variable>
<variable name="oauth2_client_name" redefine='True'>
<value>Grafana</value>
</variable>
<variable name="oauth2_client_description" redefine='True'>
<value>Visualisation de données</value>
</variable>
<variable name="oauth2_client_category" redefine='True'>
<value>Administration</value>
</variable>
<variable name="oauth2_client_logo" redefine='True'>
<value>silique_note.png</value>
</variable>
<variable name="oauth2_client_token_signature_algo" redefine="True">
<value>RS256</value>
</variable>
<variable name="oauth2_email_domain" type="domainname" description="Domain name allowed to log on Grafana" mandatory="True" test="example.net"/>
</family>
<family name="postgresql">
<variable name="pg_client_key_owner" redefine="True">
<value>grafana</value>
</variable>
</family>
</variables>
<constraints>
<fill name="get_password">
<param name="server_name" type="variable">domain_name_eth0</param>
<param name="username">admin</param>
<param name="description">admin</param>
<param name="type">cleartext</param>
<param name="hide" type="variable">hide_secret</param>
<param name="temporary" type="boolean">True</param>
<target>admin_password</target>
</fill>
</constraints>
</rougail>

View file

@ -0,0 +1,76 @@
---
version: 1.1
grafana:
admin_password:
type: secret
description: Mot de passe de l'administrateur
hidden: true
default:
jinja: >-
{{ "admin" |
get_password(server_name=general.network.interface_0.domain_name,
description="admin",
type="cleartext",
hide=general.hide_secret,
temporary=true)
}}
revprox:
client:
local_location:
redefine: true
default: /
client_port:
redefine: true
default: 3000
client_cert_owner:
redefine: true
default: grafana
oauth2:
client:
is_client_application:
redefine: true
default: true
name:
redefine: true
default: Grafana
description:
redefine: true
default: Visualisation de données
category:
redefine: true
default: Administration
logo:
redefine: true
default: silique_note.png
token_signature_algo:
redefine: true
default: RS256
email_domain:
type: domainname
description: Domain name allowed to log on Grafana
examples:
- example.net
postgresql:
client:
key_owner:
redefine: true
default: grafana

View file

@ -1,5 +1,7 @@
---
format: '0.1' format: '0.1'
description: Host with machine started in Systemd Machined environment description: Host with machine started in Systemd Machined environment
website: https://www.freedesktop.org/wiki/Software/systemd/machined/ website: https://www.freedesktop.org/wiki/Software/systemd/machined/
depends: depends:
- base - base
host: true

View file

@ -1,176 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<rougail version="0.10">
<services>
<service name="systemd-machined">
<file engine="none">/etc/systemd/network/80-container-vz.network</file>
<file file_type="variable" source="70-container.network" variable="zone_name" engine="ansible">systemd_zone_filename</file>
<file file_type="variable" source="70-container.netdev" variable="zone_name" engine="ansible">systemd_netzone_filename</file>
</service>
<service name="risotto-images" engine="ansible" manage="False"/>
<service name="systemd-sysctl"/>
<service name="systemd-networkd"/>
<service name="systemd-resolved"/>
<service name="risotto-images" type="timer" engine="none"/>
<service name="risottofirewall" engine="ansible"/>
<service name="systemd-nspawn@">
<file engine="none">/tmpfiles.d/0asystemd-nspawn.conf</file>
<file engine="none">/etc/systemd/system/systemd-nspawn@.service.d/systemd-nspawn@.conf</file>
<file engine="none">/etc/distro.repos.d/boot.repo</file>
<file engine="none">/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-35-x86_64</file>
<file engine="none">/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-36-x86_64</file>
<file engine="none">/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-37-x86_64</file>
<file engine="none">/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-38-x86_64</file>
<file engine="none">/etc/pki/rpm-gpg/RPM-GPG-KEY-rpmfusion-free-fedora-36</file>
<file engine="none">/etc/pki/rpm-gpg/RPM-GPG-KEY-rpmfusion-free-fedora-38</file>
<file engine="ansible">/etc/sysctl.d/90-risotto.conf</file>
<file engine="ansible" file_type="variable" source="dhcp.network" variable="interface_names">host_network_filename</file>
</service>
<service name="modprobe@">
<override engine="none"/>
</service>
<service name="vector" servicelist="vector">
<file engine="ansible">/etc/vector/vector.toml</file>
</service>
</services>
<variables>
<variable name="host_install_dir" type="filename" mandatory="True" provider="global:host_install_dir" hidden="True"/>
<variable name="host_name" type="domainname" hidden="True" provider="global:server_name" mandatory="True"/>
<variable name="module_name" type="string" hidden="True" provider="global:module_name" mandatory="True"/>
<variable name="tls_server" type="domainname" mandatory="True" provider="global:tls_server" hidden="True"/>
<variable name="systemd_zone_filename" type="filename" hidden="True" multi="True"/>
<variable name="systemd_netzone_filename" type="filename" hidden="True" multi="True"/>
<variable name="vm_swappiness" type="number" description="Ajustement de la mémoire virtuelle" mandatory="True">
<value>60</value>
</variable>
<variable name="host_packages" multi="True" hidden="True">
<value>systemd-container</value>
<value>dnf</value>
<value>jq</value>
<value>debootstrap</value>
<value>htop</value>
<value>iotop</value>
<value>man</value>
<value>gettext</value>
<value>patch</value>
<value>unzip</value>
<value>mlocate</value>
<value>xz-utils</value>
<value>iptables</value>
<value>curl</value>
<value>tree</value>
<value>tshark</value>
<value>vim</value>
<value>python3-pytest</value>
<value>python3-yaml</value>
<value>python3-ldap</value>
<value>python3-dnspython</value>
<value>python3-dulwich</value>
<value>python3-psycopg2</value>
<value>python3-redis</value>
<value>python3-imaplib2</value>
<value>python3-pymysql</value>
</variable>
<variable name="host_removed_packages" multi="True" hidden="True">
<value>resolvconf</value>
</variable>
<family name="base">
<variable name="time_zone" type="string" description="Time zone" supplier="Host:time_zone">
<value>Europe/Paris</value>
</variable>
</family>
<family name="network">
<variable name="output_interface" description="Nom de l'interface de sortie" mandatory="True"/>
<family name="interfaces" leadership="True">
<variable name="interface_names" description="Nom de l'interface" multi="True" mandatory="True"/>
<variable name="interface_type" type="choice" description="Type de la carte" mandatory="True">
<choice>dhcp</choice>
<choice>ipv4</choice>
<value>dhcp</value>
</variable>
<variable name="interface_ip" type="cidr" description="IP au format CIDR de l'interface" mandatory="True"/>
<variable name="interface_gateway" type="ip" description="IP de la route par défaut" mandatory="True"/>
<variable name="interface_domain_name_servers" type="ip" description="IP des serveurs DNS" mandatory="True" multi="True"/>
<variable name="first_interface" type="boolean" hidden="True"/>
</family>
<variable name="host_network_filename" type="filename" multi="True" hidden="True"/>
</family>
<family name="zones" leadership="True">
<variable name="zone_name" type="string" hidden="True" multi="True"/>
<variable name="zone_cidr" type="cidr" hidden="True"/>
</family>
<family name="vector">
<variable name="server_address" type="domainname" hidden="True" supplier="Vector"/>
<variable name="ip_address" type="ip" hidden="True" supplier="Vector:address"/>
</family>
<family name="prometheus">
<variable name="prometheus_server_address" type="domainname" hidden="True" supplier="Prometheus"/>
<variable name="prometheus_ip_address" type="ip" hidden="True"/>
</family>
</variables>
<constraints>
<fill name="get_internal_zone_names">
<param type="information">zones</param>
<target>zone_name</target>
</fill>
<fill name="calc_value">
<param>/etc/systemd/network/70-container-</param>
<param type="variable">zone_name</param>
<param>.network</param>
<param name="join"></param>
<param name="multi" type="boolean">True</param>
<target>systemd_zone_filename</target>
</fill>
<fill name="calc_value">
<param>/etc/systemd/network/80-</param>
<param type="variable">interface_names</param>
<param>.network</param>
<param name="join"></param>
<param name="multi" type="boolean">True</param>
<target>host_network_filename</target>
</fill>
<fill name="calc_value">
<param>/etc/systemd/network/70-container-</param>
<param type="variable">zone_name</param>
<param>.netdev</param>
<param name="join"></param>
<param name="multi" type="boolean">True</param>
<target>systemd_netzone_filename</target>
</fill>
<fill name="get_zones_info">
<param type="information">zones</param>
<param>cidr</param>
<param type="variable" name="zone_name">zone_name</param>
<target>zone_cidr</target>
</fill>
<fill name="is_first_interface">
<param type="index"/>
<target>first_interface</target>
</fill>
<fill name="get_ip">
<param type="information">zones</param>
<param type="variable">server_address</param>
<target>ip_address</target>
</fill>
<fill name="get_ip">
<param type="information">zones</param>
<param type="variable">prometheus_server_address</param>
<target>prometheus_ip_address</target>
</fill>
<condition name="disabled_if_not_in" source="interface_type">
<param>ipv4</param>
<target>interface_ip</target>
<target>interface_gateway</target>
<target>interface_domain_name_servers</target>
</condition>
<condition name="disabled_if_not_in" source="first_interface">
<param>True</param>
<target>interface_gateway</target>
<target>interface_domain_name_servers</target>
</condition>
<condition name="disabled_if_in" source="server_address">
<param type="nil"/>
<target type="servicelist">vector</target>
<target type="variable">ip_address</target>
</condition>
</constraints>
</rougail>

View file

@ -0,0 +1,221 @@
---
version: 1.1
host_install_dir:
type: unix_filename
provider: global:host_install_dir
hidden: true
host_name:
type: domainname
hidden: true
provider: global:server_name
module_name:
hidden: true
provider: global:module_name
tls_server:
type: domainname
provider: global:tls_server
hidden: true
systemd_zone_filename:
type: unix_filename
hidden: true
multi: true
default:
jinja: |-
{%- for zone in general.zones.zone_name %}
/etc/systemd/network/70-container-{{ zone }}.network %}
{%- endfor -%}
systemd_netzone_filename:
type: unix_filename
hidden: true
multi: true
default:
jinja: |-
{%- for zone in general.zones.zone_name %}
/etc/systemd/network/70-container-{{ zone }}.netdev" %}
{%- endfor -%}
vm_swappiness: 60 # Ajustement de la mémoire virtuelle
host_packages:
hidden: true
default:
- systemd-container
- dnf
- jq
- debootstrap
- htop
- iotop
- man
- gettext
- patch
- unzip
- mlocate
- xz-utils
- iptables
- curl
- tree
- tshark
- vim
- python3-pytest
- python3-yaml
- python3-ldap
- python3-dnspython
- python3-dulwich
- python3-psycopg2
- python3-redis
- python3-imaplib2
- python3-pymysql
host_removed_packages:
hidden: true
default:
- resolvconf
base:
time_zone:
description: Time zone
supplier: Host:time_zone
default: Europe/Paris
network:
output_interface: null # Nom de l'interface de sortie
interfaces:
type: leadership
interface_names: [] # Nom de l'interface
interface_type:
description: Type de la carte
default: dhcp
choices:
- dhcp
- ipv4
interface_ip:
type: cidr
description: IP au format CIDR de l'interface
disabled:
variable: _.interface_type
when_not: ipv4
first_interface:
type: boolean
hidden: true
default:
jinja: >-
{%- if index == 0 -%}
true
{%- else -%}
false
{%- endif -%}
params:
index:
type: index
interface_gateway:
type: ip
description: IP de la route par défaut
disabled:
jinja: >-
{%- if _.interface_type != 'ipv4' or not _.first_interface -%}
disabled
{%- endif -%}
description: >-
if it's not the first interface or the address is automatcly
set via DHCP or not the first interface
interface_domain_name_servers:
type: ip
description: IP des serveurs DNS
multi: true
disabled:
jinja: >-
{%- if _.interface_type != 'ipv4' or not _.first_interface -%}
disabled
{%- endif -%}
description: >-
if it's not the first interface or the address is automatcly
set via DHCP or not the first interface
host_network_filename:
type: unix_filename
multi: true
hidden: true
default:
jinja: |-
{%- for interface in _.interfaces.interface_names %}
/etc/systemd/network/80-{{ interface }}.network
{% endfor %}
zones:
type: leadership
zone_name:
hidden: true
default:
jinja: |-
{%- for zone in zones %}
{{ zone }}
{%- endfor -%}
params:
zones:
information: zones
zone_cidr:
type: cidr
hidden: true
default:
jinja: >-
{{ zones | get_zones_info("cidr", zone_name=_.zone_name) }}
params:
zones:
information: zones
vector:
server_address:
type: domainname
hidden: true
supplier: Vector
mandatory: false
ip_address:
type: ip
hidden: true
supplier: Vector:address
disabled:
variable: _.server_address
when: null
default:
jinja: >-
{{ zones | get_ip(_.server_address) }}
params:
zones:
information: zones
prometheus:
server_address:
type: domainname
hidden: true
supplier: Prometheus
mandatory: false
ip_address:
type: ip
hidden: true
default:
jinja: >-
{{ zones | get_ip(_.server_address) }}
params:
zones:
information: zones

View file

@ -1,66 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<rougail version="0.10">
<services>
<service name="systemd-nspawn@">
<file engine="ansible" file_type="variable" source="nspawn" variable="machined.machines">machined.nspawn_zone_filename</file>
<file engine="ansible" file_type="variable" source="network-script" variable="machined.machines" mode="700">machined.nspawn_script_network</file>
<file engine="ansible" file_type="variable" source="tls-script" variable="machined.machines" mode="700">machined.nspawn_script_tls</file>
<file engine="ansible" file_type="variable" source="directory-script" variable="machined.machines" mode="700">machined.nspawn_script_directory</file>
</service>
</services>
<variables>
<variable name="machines" description="Machines started in this host" type="domainname" multi="True" provider="Host" hidden="True"/>
<family name="machine_" description="Machine " dynamic="machined.machines">
<variable name="incoming_ports_" description="Incomming external ports for " hidden="True" type="port" multi="True" provider="Host:incoming_ports"/>
<variable name="outgoing_ports_" description="Outcoming external ports for " hidden="True" type="port" multi="True" provider="Host:outgoing_ports"/>
<variable name="srv_dir_" description="Directory with srv volume for " hidden="True" type="filename" provider="Host:machine_srv"/>
<variable name="journal_dir_" description="Directory with journal volume for " hidden="True" type="filename" provider="Host:machine_journal"/>
<variable name="config_dir_" description="Directory with configuration volume for " hidden="True" type="filename" provider="Host:config_dir" mandatory="True"/>
<variable name="tls_dir_" hidden="True" type="filename" provider="Host:machine_tls"/>
<variable name="zones_" description="Zones for " hidden="True" provider="Host:machine_zones" multi="True"/>
<variable name="ip_" description="IP for " type="ip" hidden="True"/>
</family>
<variable name="nspawn_zone_filename" type="filename" hidden="True" multi="True"/>
<variable name="nspawn_script_network" type="filename" hidden="True" multi="True"/>
<variable name="nspawn_script_tls" type="filename" hidden="True" multi="True"/>
<variable name="nspawn_script_directory" type="filename" hidden="True" multi="True"/>
</variables>
<constraints>
<fill name="calc_value">
<param>/sbin/network-</param>
<param type="variable">machined.machines</param>
<param name="join"></param>
<param name="multi" type="boolean">True</param>
<target>machined.nspawn_script_network</target>
</fill>
<fill name="calc_value">
<param>/sbin/tls-</param>
<param type="variable">machined.machines</param>
<param name="join"></param>
<param name="multi" type="boolean">True</param>
<target>machined.nspawn_script_tls</target>
</fill>
<fill name="calc_value">
<param>/sbin/directory-</param>
<param type="variable">machined.machines</param>
<param name="join"></param>
<param name="multi" type="boolean">True</param>
<target>machined.nspawn_script_directory</target>
</fill>
<fill name="calc_value">
<param>/etc/systemd/nspawn/</param>
<param type="variable">machined.machines</param>
<param>.nspawn</param>
<param name="join"></param>
<param name="multi" type="boolean">True</param>
<target>machined.nspawn_zone_filename</target>
</fill>
<fill name="get_ip">
<param type="information">zones</param>
<param type="suffix"/>
<target>machined.machine_.ip_</target>
</fill>
</constraints>
</rougail>

View file

@ -0,0 +1,119 @@
---
version: 1.1
machines:
description: Machines started in this host
type: domainname
multi: true
provider: Host
hidden: true
mandatory: false
"machine_{{ suffix }}":
description: 'Machine {{ suffix }}'
dynamic:
variable: machined.machines
incoming_ports:
description: 'Incomming external ports for {{ suffix }}'
hidden: true
type: port
multi: true
provider: Host:incoming_ports
mandatory: false
outgoing_ports:
description: 'Outcoming external ports for {{ suffix }}'
hidden: true
type: port
params:
allow_protocol: true
multi: true
provider: Host:outgoing_ports
mandatory: false
srv_dir:
description: 'Directory with srv volume for {{ suffix }}'
hidden: true
type: unix_filename
provider: Host:machine_srv
mandatory: false
journal_dir:
description: 'Directory with journal volume for {{ suffix }}'
hidden: true
type: unix_filename
provider: Host:machine_journal
mandatory: false
config_dir:
description: 'Directory with configuration volume for {{ suffix }}'
hidden: true
type: unix_filename
provider: Host:config_dir
tls_dir:
hidden: true
type: unix_filename
provider: Host:machine_tls
mandatory: false
zones:
description: 'Zones for {{ suffix }}'
hidden: true
provider: Host:machine_zones
multi: true
mandatory: false
ip:
description: 'IP for {{ suffix }}'
type: ip
hidden: true
default:
jinja: >-
{{ zones | get_ip(suffix) }}
params:
zones:
information: zones
suffix:
type: suffix
nspawn_zone_filename:
type: unix_filename
hidden: true
multi: true
default:
jinja: |-
{%- for machine in machined.machines %}
/etc/systemd/nspawn/{{ machine }}.nspawn
{%- endfor -%}
nspawn_script_network:
type: unix_filename
hidden: true
multi: true
default:
jinja: |-
{%- for machine in machined.machines %}
/sbin/network-{{ machine }}
{%- endfor -%}
nspawn_script_tls:
type: unix_filename
hidden: true
multi: true
default:
jinja: |-
{%- for machine in machined.machines %}
/sbin/tls-{{ machine }}
{%- endfor -%}
nspawn_script_directory:
type: unix_filename
hidden: true
multi: true
default:
jinja: |-
{%- for machine in machined.machines %}
/sbin/directory-{{ machine }}
{%- endfor -%}

View file

@ -2,15 +2,6 @@ from risotto.utils import multi_function as _multi_function
from typing import List as _List from typing import List as _List
@_multi_function
def get_internal_zone_names(zones) -> _List[str]:
return list(zones)
def is_first_interface(index) -> bool:
return index == 0
@_multi_function @_multi_function
def get_host_ip(zones: dict, def get_host_ip(zones: dict,
server_name: str, server_name: str,

View file

@ -1,2 +1,3 @@
---
format: '0.1' format: '0.1'
description: Application service needs interact with an IMAP server description: Application service needs interact with an IMAP server

View file

@ -1,16 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<rougail version="0.10">
<services>
<service name="imap" manage="False">
<certificate authority="IMAP" server="imap_address" owner="imap_cert_owner" owner_type="variable">imap</certificate>
</service>
</services>
<variables>
<family name="imap" description="Client SMTP">
<variable name="imap_address" type="domainname" mandatory="True" supplier="IMAP" hidden="True"/>
<variable name="imap_cert_owner" type="unix_user" mandatory="True" hidden="True">
<value>root</value>
</variable>
</family>
</variables>
</rougail>

View file

@ -0,0 +1,14 @@
---
version: 1.1
imap:
description: Client SMTP
hidden: true
address:
type: domainname
supplier: IMAP
cert_owner:
type: unix_user
default: root

View file

@ -1,3 +1,4 @@
---
format: '0.1' format: '0.1'
description: Journald description: Journald
website: https://systemd.io/ website: https://systemd.io/

View file

@ -1,21 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<rougail version="0.10">
<services>
<service name="systemd-journal-upload" target="multi-user" servicelist="journald">
<override engine="none"/>
<certificate authority="Journald" server="journal_client_server_domainname" group="systemd-journal">journald</certificate>
<file engine="ansible">/etc/systemd/journal-upload.conf</file>
</service>
</services>
<variables>
<family name="journald" description="systemd-journald">
<variable name="journal_client_server_domainname" type="domainname" supplier="Journald" hidden="True"/>
</family>
</variables>
<constraints>
<condition name="disabled_if_in" source="journal_client_server_domainname">
<param type="nil"/>
<target type="servicelist">journald</target>
</condition>
</constraints>
</rougail>

View file

@ -0,0 +1,10 @@
---
version: 1.1
journald:
journal_client_server_domainname:
type: domainname
supplier: Journald
hidden: true
mandatory: false

View file

@ -1,3 +1,4 @@
---
format: '0.1' format: '0.1'
description: Journald remote description: Journald remote
website: https://systemd.io/ website: https://systemd.io/

View file

@ -1,11 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<rougail version="0.10">
<services>
<service name="systemd-journal-remote" target="multi-user">
<override engine="none"/>
<certificate certificatelist="journald" authority="Journald" type="server" owner="systemd-journal-remote">journald</certificate>
<file engine="ansible" filelist="journald">/etc/systemd/journal-remote.conf</file>
</service>
</services>
</rougail>

View file

@ -1,20 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<rougail version="0.10">
<variables>
<variable name="remotes" description="Concentrate journal messages on one host" type="domainname" provider="Journald" mandatory="True" multi="True" hidden="True"/>
<family name="remote_" description="Account for " dynamic="accounts.remotes" hidden="True">
<variable name="services_" description="Log from this service to exclude for " multi="True" provider="Journald:service" unique="False"/>
<variable name="functions_" description="Function use to compare message (if not defined, exlude same message) for " multi="True" provider="Journald:function" mandatory="False" unique="False"/>
<variable name="messages_" description="Message to exclude for " multi="True" provider="Journald:message" unique="False"/>
</family>
<variable name="vector_conditions" hidden="True"/>
</variables>
<constraints>
<fill name="calc_vector_conditions">
<param type="variable">accounts.remote_.messages_</param>
<param type="variable">accounts.remote_.services_</param>
<param type="variable">accounts.remote_.functions_</param>
<target>accounts.vector_conditions</target>
</fill>
</constraints>
</rougail>

View file

@ -0,0 +1,52 @@
---
version: 1.1
remotes:
description: Concentrate journal messages on one host
type: domainname
multi: true
hidden: true
provider: Journald
"remote_{{ suffix }}":
description: 'Account for {{ suffix }}'
dynamic:
variable: accounts.remotes
hidden: true
services:
description: 'Log from this service to exclude for {{ suffix }}'
multi: true
unique: false
mandatory: false
provider: Journald:service
functions:
description: >-
Function use to compare message (if not defined, exlude same message)
for {{ suffix }}
multi: true
mandatory: false
empty: false
unique: false
provider: Journald:function
messages:
description: 'Message to exclude for {{ suffix }}'
multi: true
unique: false
mandatory: false
provider: Journald:message
vector_conditions:
default:
jinja: >-
{{ messages | calc_vector_conditions(services, functions) }}
params:
messages:
variable: accounts.remote_{{ suffix }}.messages
services:
variable: accounts.remote_{{ suffix }}.services
functions:
variable: accounts.remote_{{ suffix }}.functions
hidden: true

View file

@ -1,2 +1,3 @@
---
format: '0.1' format: '0.1'
description: Application service needs interact with a LDAP server description: Application service needs interact with a LDAP server

View file

@ -1,94 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<rougail version="0.10">
<services>
<service name="ldap-client" target="risotto" engine="ansible">
<certificate authority="LDAP" owner="ldap_key_file_owner" owner_type="variable" server="ldap_server_address">ldap_client</certificate>
<file engine="ansible" source="ldap.conf" file_type="variable">ldap_client_file</file>
</service>
</services>
<variables>
<family name="ldap" description="OpenLDAP directory">
<family name="server" description="Server">
<variable name='ldap_server_address' type='domainname' hidden="True" mandatory='True' supplier="LDAP"/>
<variable name="ldap_server_ip" type="ip" hidden="True"/>
<variable name='ldap_port' type='port' hidden="True">
<value>636</value>
</variable>
<variable name='prefix_domain_name' hidden="True" mandatory="True" provider="global:prefix_domain_name"/>
</family>
<family name="client" description="Client">
<variable name='ldapclient_family' type='unix_user' description="Restrict service configuration for a LDAP family" help='"all" for all families.' supplier="LDAP:family"/>
<variable name='ldapclient_user' type='string' mandatory='False' hidden="True" supplier="LDAP:dn"/>
<variable name='ldapclient_address' hidden="True"/>
<variable name='ldapclient_user_password' type='password' mandatory='True' hidden="True" supplier="LDAP:password"/>
<variable name='ldapclient_base_dn' type='string' mandatory="True" supplier="LDAP:base_dn" hidden="True"/>
<variable name='ldapclient_search_dn' type='string' mandatory="True" hidden="True"/>
<variable name='ldapclient_group_dn' type='string' mandatory="True" hidden="True"/>
<variable name='ldapclient_user_dn' type='string' mandatory="True" hidden="True"/>
<variable name="ldap_key_file_owner" type="unix_user" hidden="True">
<value>root</value>
</variable>
<variable name="ldap_client_file" type="filename" hidden="True"/>
</family>
</family>
</variables>
<constraints>
<check name='valid_base_dn'>
<target>ldapclient_base_dn</target>
</check>
<fill name="get_ip">
<param type="information">zones</param>
<param type="variable">ldap_server_address</param>
<target>ldap_server_ip</target>
</fill>
<fill name='get_default_base_dn'>
<param type="variable">prefix_domain_name</param>
<target>ldapclient_base_dn</target>
</fill>
<fill name='calc_value'>
<param>ou=accounts</param>
<param type="variable">ldapclient_base_dn</param>
<param name="join">,</param>
<target>ldapclient_search_dn</target>
</fill>
<fill name='calc_value'>
<param>cn=</param>
<param type='variable'>ldapclient_address</param>
<param>,</param>
<param type='variable'>ldapclient_base_dn</param>
<param name="join"></param>
<target>ldapclient_user</target>
</fill>
<fill name="get_client_address">
<param type='variable'>ldap_server_ip</param>
<param type='variable'>domain_name_eth</param>
<param type='variable'>network_eth</param>
<target>ldapclient_address</target>
</fill>
<fill name="get_password">
<param name="server_name" type="variable">ldap_server_address</param>
<param name="username" type="variable">ldapclient_user</param>
<param name="description">remote account</param>
<param name="type">cleartext</param>
<param name="hide" type="variable">hide_secret</param>
<param name="temporary" type="boolean">True</param>
<target>ldapclient_user_password</target>
</fill>
<fill name="calc_ldapclient_base_dn">
<param type="variable">ldapclient_base_dn</param>
<param name="group" type="boolean">True</param>
<target>ldapclient_group_dn</target>
</fill>
<fill name="calc_ldapclient_base_dn">
<param type="variable">ldapclient_base_dn</param>
<target>ldapclient_user_dn</target>
</fill>
<fill name="calc_value">
<param>/etc/ldap/ldap.conf</param>
<param name="condition" type="variable">os_name</param>
<param name="expected">Debian</param>
<param name="default">/etc/openldap/ldap.conf</param>
<target>ldap_client_file</target>
</fill>
</constraints>
</rougail>

View file

@ -0,0 +1,135 @@
---
version: 1.1
ldap: # OpenLDAP directory
server: # Server
address:
type: domainname
hidden: true
supplier: LDAP
ip:
type: ip
default:
jinja: >-
{{ zones | get_ip(_.address) }}
params:
zones:
information: zones
hidden: true
port:
type: port
default: 636
hidden: true
prefix_domain_name:
hidden: true
provider: global:prefix_domain_name
client: # Client
family:
description: Restrict service configuration for a LDAP family
help: '"all" for all families.'
type: unix_user
mandatory: false
supplier: LDAP:family
user:
type: string
default:
jinja: |-
cn={{ _.address }},{{ _.base_dn }}
hidden: true
supplier: LDAP:dn
address:
default:
jinja: >-
{{ __.server.ip |
get_client_address(domain_name, network) }}
params:
network:
variable: >-
general.network.interface_{{ suffix }}.network
domain_name:
variable: >-
general.network.interface_{{ suffix }}.domain_name
hidden: true
user_password:
type: secret
default:
jinja: >-
{{ _.user | get_password(server_name=__.server.address,
description="remote account",
type="cleartext",
hide=general.hide_secret,
temporary=true)
}}
hidden: true
supplier: LDAP:password
base_dn:
type: string
validators:
- jinja: >-
{%- set var = {'ok': false} -%}
{%- for att in ['o', 'dc', 'ou'] -%}
{%- if _.base_dn.startswith(att + '=') -%}
{%- set var = var.update({'ok': true}) -%}
{%- endif -%}
{%- endfor -%}
{%- if not var.ok -%}
{%- set e = "the root LDAP base DN must starts with an " -%}
{%- set e = e + "organisation (o=), a domain componant (dc=) " -%}
{%- set e = e + "or an organizational unit (ou=)" -%}
{{ e }}
{%- endif -%}
description: >-
if LDAP base DN starts with an organisation (o=), a domain componant
(dc=) or an organizational unit (ou=)
default:
jinja: >-
{{ __.server.prefix_domain_name | get_default_base_dn }}
hidden: true
supplier: LDAP:base_dn
search_dn:
default:
jinja: >-
ou=accounts,{{ _.base_dn }}
hidden: true
group_dn:
type: string
default:
jinja: >-
{{ _.base_dn | calc_ldapclient_base_dn(group=true) }}
hidden: true
user_dn:
type: string
default:
jinja: >-
{{ _.base_dn | calc_ldapclient_base_dn }}
hidden: true
key_file_owner:
type: unix_user
default: root
hidden: true
file:
type: unix_filename
default:
jinja: >-
{%- if general.os_name == 'Debian' -%}
/etc/ldap/ldap.conf
{%- else -%}
/etc/openldap/ldap.conf
{%- endif -%}
hidden: true

View file

@ -1,3 +1,4 @@
---
format: '0.1' format: '0.1'
description: LemonLDAP, a Web Single Sign On and Access Management description: LemonLDAP, a Web Single Sign On and Access Management
website: https://lemonldap-ng.org/ website: https://lemonldap-ng.org/

View file

@ -1,45 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<rougail version="0.10">
<services>
<service name="lemonldap-ng-fastcgi-server">
<override engine="none"/>
<file engine="none">/static/logo.png</file>
<file engine="none">/static/demo.png</file>
<file engine="none">/static/silique_email.png</file>
<file engine="none">/static/silique_folder.png</file>
<file engine="none">/static/silique_note.png</file>
<file engine="none">/static/silique_video.png</file>
<file engine="none">/static/silique_image.png</file>
<file engine="none">/static/risotto.css</file>
<file engine="ansible">/var/lib/lemonldap-ng/conf/lmConf-1.json</file>
<file engine="none">/etc/lemonldap-ng/lemonldap-ng.ini</file>
<file engine="ansible">/etc/lemonldap-ng/portal-nginx.conf</file>
<file engine="none">/etc/lemonldap-ng/nginx-lmlog.conf</file>
<file engine="ansible">/etc/default/lemonldap-ng-fastcgi-server</file>
<file engine="ansible" mode="750">/sbin/interne_well_known.pl</file>
<file engine="ansible" mode="750">/sbin/wget.pl</file>
<file engine="none" source="tmpfile-lemonldap.conf">/tmpfiles.d/0lemonldap.conf</file>
<file engine="ansible" filelist="copy_tests">/tests/lemonldap.yml</file>
</service>
</services>
<variables>
<family name="nginx">
<variable name="nginx_default_https" redefine="True">
<value>False</value>
</variable>
</family>
<family name="lemonldap" description="LemonLDAP" help="Configuration de la solution d'authentification unique LemonLDAP::NG">
<variable name="lemon_proc" type="number" description="Nombre de processus dédié à LemonLdap (équivalent au nombre de processeurs)" mandatory="True" mode="expert">
<value>1</value>
</variable>
<variable name="lemon_mail_admin" type="mail" description="Courriel de l'administrateur" mandatory="True" test="admin@example.net"/>
</family>
<family name="ldap">
<family name="client">
<variable name='ldapclient_family' redefine="True">
<value>all</value>
</variable>
</family>
</family>
</variables>
</rougail>

View file

@ -0,0 +1,32 @@
---
version: 1.1
nginx:
default_https:
redefine: true
default: false
lemonldap:
description: LemonLDAP
help: Configuration de la solution d'authentification unique LemonLDAP::NG
proc:
description: Nombre de processus dédié à LemonLdap
help: Équivalent au nombre de processeurs
mode: advanced
default: 1
mail_admin:
type: mail
description: Courriel de l'administrateur
examples:
- admin@example.net
ldap:
client:
family:
redefine: true
default: all

View file

@ -1,31 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<rougail version="0.10">
<variables>
<variable name="remotes" description="Remote clients needing to verify OAuth2 account" type="domainname" multi="True" provider="OAuth2" hidden="True"/>
<family name="oauth2_" description="OAuth2 for " dynamic="oauth2.remotes">
<variable name="client_id_" description="Remote client id for " mandatory="True" hidden="True" provider="OAuth2:client_id"/>
<variable name="secret_" description="Remote secret for " type="password" mandatory="True" hidden="True" provider="OAuth2:secret"/>
<variable name="name_" description="Remote name for " hidden="True" provider="OAuth2:name"/>
<variable name="description_" description="Remote description for " hidden="True" provider="OAuth2:description"/>
<variable name="category_" description="Remode category for " hidden="True" provider="OAuth2:category"/>
<variable name="login_" description="Remote URL to login for " hidden="True" provider="OAuth2:login"/>
<family name="external_" leadership="True">
<variable name="hosts_" description="Remote external for " provider="OAuth2:external" multi="True" hidden="True"/>
<variable name="family_" description="Remote family for " provider="OAuth2:family"/>
</family>
<variable name="logo_" description="Logo for " hidden="True" provider="OAuth2:logo"/>
<variable name="token_signature_algo_" type="choice" description="OAuth2 token signature algorithm for " mandatory='True' hidden="True" provider="OAuth2:token_signature_algo">
<choice>HS512</choice>
<choice>RS256</choice>
</variable>
<variable name="oauth2_client_external_domain_" description="External domain for " type="domainname" hidden="True" supplier="OAuth2:external_domain"/>
</family>
</variables>
<constraints>
<fill name="get_first_value">
<param type="variable">revprox_client_external_domainnames</param>
<target>oauth2.oauth2_.oauth2_client_external_domain_</target>
</fill>
</constraints>
</rougail>

View file

@ -0,0 +1,90 @@
---
version: 1.1
remotes:
description: Remote clients needing to verify OAuth2 account
type: domainname
multi: true
provider: OAuth2
hidden: true
mandatory: false
"oauth2_{{ suffix }}":
_description: 'OAuth2 for {{ suffix }}'
dynamic:
variable: oauth2.remotes
client_id:
description: 'Remote client id for {{ suffix }}'
hidden: true
provider: OAuth2:client_id
secret:
description: 'Remote secret for {{ suffix }}'
type: secret
hidden: true
provider: OAuth2:secret
name:
description: 'Remote name for {{ suffix }}'
hidden: true
provider: OAuth2:name
mandatory: false
description:
description: 'Remote description for {{ suffix }}'
hidden: true
provider: OAuth2:description
mandatory: false
category:
description: 'Remote category for {{ suffix }}'
hidden: true
provider: OAuth2:category
mandatory: false
login:
description: 'Remote URL to login for {{ suffix }}'
hidden: true
provider: OAuth2:login
mandatory: false
external:
type: leadership
hosts:
description: 'Remote external for {{ suffix }}'
provider: OAuth2:external
hidden: true
mandatory: false
family:
description: 'Remote family for {{ suffix }}'
provider: OAuth2:family
mandatory: false
logo:
description: 'Logo for {{ suffix }}'
hidden: true
provider: OAuth2:logo
mandatory: false
token_signature_algo:
description: 'OAuth2 token signature algorithm for {{ suffix }}'
hidden: true
provider: OAuth2:token_signature_algo
choices:
- HS512
- RS256
oauth2_client_external_domain:
description: 'External domain for {{ suffix }}'
type: domainname
hidden: true
supplier: OAuth2:external_domain
default:
jinja: >-
{% set domains = general.revprox.client.external_domainnames %}
{%- if domains -%}
{{ domains[0] }}
{%- endif -%}

View file

@ -1,3 +1,4 @@
---
format: '0.1' format: '0.1'
description: Loki, a log aggregation platform description: Loki, a log aggregation platform
website: https://grafana.com/ website: https://grafana.com/

View file

@ -1,16 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<rougail version="0.10">
<services>
<service name="loki" target="multi-user" engine="ansible">
<file engine="ansible" source="loki-local-config.yaml">/etc/loki/loki.yaml</file>
<file engine="none" source="sysuser-loki.conf">/sysusers.d/loki.conf</file>
<file engine="none" source="tmpfile-loki.conf">/tmpfiles.d/0loki.conf</file>
</service>
</services>
<variables>
<family name="loki" description="Loki">
<variable name="remotes" description="Concentrate log messages" type="domainname" provider="Loki" mandatory="True" multi="True" hidden="True"/>
</family>
</variables>
</rougail>

View file

@ -0,0 +1,11 @@
---
version: 1.1
loki: # Loki
remotes:
description: Concentrate log messages
type: domainname
provider: Loki
multi: true
hidden: true

View file

@ -1,5 +1,7 @@
---
format: '0.1' format: '0.1'
description: GNU Mailman, managing electronic mail discussion and e-newsletter lists description: >
GNU Mailman, managing electronic mail discussion and e-newsletter lists
website: https://www.list.org website: https://www.list.org
depends: depends:
- base-debian-bullseye - base-debian-bullseye

View file

@ -1,80 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<rougail version="0.10">
<services>
<service name="mailman3"> <!-- target="multi-user">-->
<override engine="ansible"/>
<file engine="ansible" owner="root" group="list" mode="640">/etc/mailman3/mailman.cfg</file>
<file engine="none" source="tmpfile-mailman.conf">/tmpfiles.d/0mailman.conf</file>
<file engine="ansible" filelist="copy_tests">/tests/mailman.yml</file>
<!--file owner="root" group="mailman" mode="640">/etc/mailman3.d/postfix.cfg</file-->
</service>
<service name="mailman3-web"> <!-- target="multi-user" engine="cheetah">-->
<override engine="ansible"/>
<certificate authority="PostgreSQL" owner="www-data" server="pg_client_server_domainname">postgresql_postorius</certificate>
<!--file engine="none">/etc/postorius/gunicorn_config.py</file>
<file engine="none" source="sysuser-postorius.conf">/sysusers.d/0postorius.conf</file-->
<file engine="ansible" source="config-nginx.conf">/etc/mailman3/nginx.conf</file>
<file engine="ansible">/etc/mailman3/mailman-web.py</file>
<file engine="none">/etc/mailman3/uwsgi.ini</file>
</service>
</services>
<variables>
<family name="mailman" description="Gestionnaire de liste">
<variable name="mailman_mail_owner" type="mail" description="Courriel du gestionnaire de liste du site" mandatory="True" test="admin@example.net"/>
<variable name="mailman_domains" type="domainname" description="Nom de domaine des listes" multi="True" mandatory="True" test="list.example.net"/>
<variable name="postorius_secret_key" type="password" description="Internal secret key" mandatory="True" hidden="True" auto_save="False"/>
</family>
<family name="oauth2_client">
<variable name="oauth2_is_client_application" redefine='True'>
<value>True</value>
</variable>
<variable name="oauth2_client_name" redefine='True'>
<value>Liste de distribution</value>
</variable>
<variable name="oauth2_client_description" redefine='True'>
<value>Liste de distribution Mailman</value>
</variable>
<variable name="oauth2_client_category" redefine='True'>
<value>Développement</value>
</variable>
<variable name="oauth2_client_logo" redefine='True'>
<value>silique_email.png</value>
</variable>
<variable name="oauth2_client_token_signature_algo" redefine="True">
<value>RS256</value>
</variable>
<family name="external">
<variable name="oauth2_client_external" redefine="True" remove_fill="True"/>
</family>
</family>
<family name="nginx">
<variable name="nginx_default_https" redefine="True">
<value>False</value>
</variable>
<variable name="nginx_root" redefine="True">
<value>/usr/share/webapps/postorius</value>
</variable>
</family>
<family name="postgresql">
<variable name="pg_client_key_owner" redefine="True">
<value>list</value>
</variable>
</family>
</variables>
<constraints>
<fill name="get_password">
<param name="server_name" type="variable">domain_name_eth0</param>
<param name="username">postorius</param>
<param name="description">secret_key</param>
<param name="type">cleartext</param>
<param name="hide" type="variable">hide_secret</param>
<target>postorius_secret_key</target>
</fill>
<fill name="calc_oauth2_client_external">
<param type="variable">revprox_client_external_domainnames</param>
<param type="variable">revprox_client_location</param>
<param>accounts/risotto/login/</param>
<target>oauth2_client_external</target>
</fill>
</constraints>
</rougail>

View file

@ -0,0 +1,92 @@
---
version: 1.1
mailman: # Gestionnaire de liste
mail_owner:
type: mail
description: Courriel du gestionnaire de liste du site
examples:
- admin@example.net
domains:
type: domainname
description: Nom de domaine des listes
multi: true
examples:
- list.example.net
postorius_secret_key:
type: secret
description: Internal secret key
hidden: true
auto_save: false
default:
jinja: >-
{{ "postorius" |
get_password(server_name=general.network.interface_0.domain_name,
description="secret_key",
type="cleartext",
hide=general.hide_secret)
}}
oauth2:
client:
is_client_application:
redefine: true
default: true
name:
redefine: true
default: Liste de distribution
description:
redefine: true
default: Liste de distribution Mailman
category:
redefine: true
default: Développement
logo:
redefine: true
default: silique_email.png
token_signature_algo:
redefine: true
default: RS256
external:
external:
redefine: true
default:
jinja: |-
{%- for val in
general.revprox.client.external_domainnames |
calc_oauth2_client_external(
general.revprox.client.location,
"accounts/risotto/login/")
%}
{{ val }}
{%- endfor -%}
nginx:
default_https:
redefine: true
default: false
root:
redefine: true
default: /usr/share/webapps/postorius
postgresql:
client:
key_owner:
redefine: true
default: list

View file

@ -1,17 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<rougail version="0.10">
<variables>
<variable name="var_size" redefine="True">
<value>256</value>
</variable>
<variable name="add_tmp" redefine="True">
<value>False</value>
</variable>
<variable name="add_swap" redefine="True">
<value>False</value>
</variable>
<variable name='memory' redefine="True" exists="True">
<value>512</value>
</variable>
</variables>
</rougail>

View file

@ -0,0 +1,19 @@
---
version: 1.1
var_size:
redefine: true
default: '256'
add_tmp:
redefine: true
default: 'False'
add_swap:
redefine: true
default: 'False'
memory:
redefine: true
exists: true
default: '512'

View file

@ -1,23 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<rougail version="0.10">
<variables>
<family name="list_" description="Listes du domaine " dynamic="mailman_domains">
<variable name="name_" description="Nom des listes " type="unix_user" multi="True" mandatory="True"/>
<variable name="names_" description="Address names " type="string" mandatory="True" hidden="True"/>
</family>
<variable name="names_" description="All address names " type="string" multi="True" mandatory="True" hidden="True" supplier="LMTP:criteria"/>
</variables>
<constraints>
<fill name="mailman_emails">
<param type="variable">mailman.list_.name_</param>
<param type="suffix"/>
<target>mailman.list_.names_</target>
</fill>
<fill name="mailman_concat">
<param type="variable">mailman.list_.names_</param>
<target>mailman.names_</target>
</fill>
</constraints>
</rougail>

View file

@ -0,0 +1,38 @@
---
version: 1.1
"list_{{ suffix }}":
description: 'Listes du domaine {{ suffix }}'
dynamic:
variable: general.mailman.domains
name:
description: 'Nom des listes {{ suffix }}'
type: unix_user
multi: true
names:
description: 'Address names {{ suffix }}'
type: string
hidden: true
default:
jinja: >-
{{ _.name | mailman_emails(suffix) }}
params:
suffix:
type: suffix
names:
description: 'All address names'
type: string
multi: true
hidden: true
supplier: LMTP:criteria
default:
jinja: |-
{%- for name in names | mailman_concat %}
{{ name }}
{%- endfor -%}
params:
names:
variable: _.list_{{ suffix }}.names

View file

@ -1,3 +1,4 @@
---
format: '0.1' format: '0.1'
description: Application service needs interact with a MariaDB server description: Application service needs interact with a MariaDB server
website: https://mariadb.org/ website: https://mariadb.org/

View file

@ -1,45 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<rougail version="0.10">
<services>
<service name="mariadbclient" target="risotto" engine="ansible"/>
</services>
<variables>
<family name="mariadb" description="MariaDB">
<variable name="mariadb_client_server_domainname" type="domainname" mandatory="True" supplier="MariaDB" hidden="True"/>
<variable name="mariadb_client_server_ip" type="ip" hidden="True"/>
<variable name="mariadb_client_username" description="Database username" mandatory="True" supplier="MariaDB:username" hidden="True"/>
<variable name="mariadb_client_password" type="secret" description="Database password" mandatory="True" hidden="True" supplier="MariaDB:password"/>
<variable name="mariadb_client_database" description="Database name" mandatory="True" hidden="True" supplier="MariaDB:database"/>
<variable name='mariadb_client_address' hidden="True"/>
</family>
</variables>
<constraints>
<fill name="get_ip">
<param type="information">zones</param>
<param type="variable">mariadb_client_server_domainname</param>
<target>mariadb_client_server_ip</target>
</fill>
<fill name="get_client_address">
<param type='variable'>mariadb_client_server_ip</param>
<param type='variable'>domain_name_eth</param>
<param type='variable'>network_eth</param>
<target>mariadb_client_address</target>
</fill>
<fill name="normalize_family">
<param type="variable">server_name</param>
<target>mariadb_client_username</target>
</fill>
<fill name="calc_value">
<param type="variable">mariadb_client_username</param>
<target>mariadb_client_database</target>
</fill>
<fill name="get_password">
<param name="server_name" type="variable">mariadb_client_server_domainname</param>
<param name="username" type="variable">mariadb_client_address</param>
<param name="description">remote</param>
<param name="type">cleartext</param>
<param name="hide" type="variable">hide_secret</param>
<target>mariadb_client_password</target>
</fill>
</constraints>
</rougail>

View file

@ -0,0 +1,63 @@
---
version: 1.1
mariadb: # MariaDB
client: # MariaDB client
server_domainname:
type: domainname
supplier: MariaDB
hidden: true
server_ip:
type: ip
hidden: true
default:
jinja: >-
{{ zones | get_ip(_.server_domainname) }}
params:
zones:
information: zones
username:
description: Database username
supplier: MariaDB:username
hidden: true
default:
jinja: >-
{{ general.network.server_name | normalize_family }}
password:
type: secret
description: Database password
hidden: true
supplier: MariaDB:password
default:
jinja: >-
{% set server_name=_.server_domainname %}
{{ _.address | get_password(server_name=server_name,
description="remote",
type="cleartext",
hide=general.hide_secret)
}}
database:
description: Database name
hidden: true
supplier: MariaDB:database
default:
variable: _.username
address:
hidden: true
default:
jinja: >-
{{ _.server_ip | get_client_address(domain_name, network) }}
params:
network:
variable: >-
general.network.interface_{{ suffix }}.network
domain_name:
variable: >-
general.network.interface_{{ suffix }}.domain_name

View file

@ -1,3 +1,4 @@
---
format: '0.1' format: '0.1'
description: MariaDB, a relational database description: MariaDB, a relational database
website: https://mariadb.org/ website: https://mariadb.org/

View file

@ -1,29 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<rougail version="0.10">
<services>
<service name="mariadb" target="multi-user">
<override engine="ansible"/>
<file engine="none">/etc/my.cnf.d/risotto.cnf</file>
<file engine="none" source="tmpfile-mariadb.conf">/tmpfiles.d/0mariadb.conf</file>
<file engine="ansible" mode="600" owner="mysql" group="mysql">/etc/mariadb.sql</file>
<file engine="ansible" filelist="copy_tests">/tests/mariadb.yml</file>
<file engine="ansible" mode="700">/sbin/risotto_backup</file>
</service>
</services>
<variables>
<family name="mariadb" description="MariaDB" help="Paramétrage du serveur de gestion de bases de données MariaDB">
<variable name="mariadb_root_password" type="password" hidden="True"/>
</family>
</variables>
<constraints>
<fill name="get_password">
<param name="server_name" type="variable">domain_name_eth0</param>
<param name="username">root_password</param>
<param name="description">mariadb</param>
<param name="type">cleartext</param>
<param name="hide" type="variable">hide_secret</param>
<param name="length" type="number">50</param>
<target>mariadb_root_password</target>
</fill>
</constraints>
</rougail>

View file

@ -0,0 +1,18 @@
---
version: 1.1
mariadb:
description: MariaDB
help: Paramétrage du serveur de gestion de bases de données MariaDB
mariadb_root_password:
type: secret
hidden: true
default:
jinja: >-
{{ "root_password" |
get_password(server_name=general.network.interface_0.domain_name,
description="mariadb",
type="cleartext",
hide=general.hide_secret, length=50)
}}

View file

@ -1,12 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<rougail version="0.10">
<variables>
<variable name="remotes" description="Create account and connexion to a MariaDB server." type="domainname" multi="True" provider="MariaDB" hidden="True"/>
<family name="remote_" description="Account for " dynamic="accounts.remotes" hidden="True">
<variable name="database_" description="MariaDB database name for " mandatory="True" provider="MariaDB:database"/>
<variable name="username_" description="MariaDB user name for " mandatory="True" provider="MariaDB:username"/>
<variable name="password_" description="MariaDB password for " type="password" mandatory="True" provider="MariaDB:password"/>
</family>
</variables>
</rougail>

View file

@ -0,0 +1,29 @@
---
version: 1.1
remotes:
description: Create account and connexion to a MariaDB server.
type: domainname
multi: true
mandatory: false
hidden: true
provider: MariaDB
"remote_{{ suffix }}":
description: 'Account for {{ suffix }}'
dynamic:
variable: accounts.remotes
hidden: true
database:
description: 'MariaDB database name for {{ suffix }}'
provider: MariaDB:database
username:
description: 'MariaDB user name for {{ suffix }}'
provider: MariaDB:username
password:
description: 'MariaDB password for {{ suffix }}'
type: secret
provider: MariaDB:password

View file

@ -1,3 +1,4 @@
---
format: '0.1' format: '0.1'
description: Nextcloud, Online collaboration platform description: Nextcloud, Online collaboration platform
website: https://nextcloud.com/ website: https://nextcloud.com/

Some files were not shown because too many files have changed in this diff Show more