diff --git a/seed/base-machine/dictionaries/12-base.xml b/seed/base-machine/dictionaries/12-base.xml
index 168801c2..f2dbdf3e 100644
--- a/seed/base-machine/dictionaries/12-base.xml
+++ b/seed/base-machine/dictionaries/12-base.xml
@@ -10,39 +10,25 @@
False
-
-
+
+
+
-
-
+
+
-
+
-
- zones_name
- zones_list
-
-
- zones_name
- interfaces_list
-
- server_name
+ domain_name_eth
ip_eth
-
-
- server_name
- extra_domainnames
-
- domain_name_eth
-
- zones_name
+ zones_list
zone_name_eth
diff --git a/seed/base-machine/funcs/funcs.py b/seed/base-machine/funcs/funcs.py
index 848abfaf..8e67ffdc 100644
--- a/seed/base-machine/funcs/funcs.py
+++ b/seed/base-machine/funcs/funcs.py
@@ -6,7 +6,7 @@ from os.path import dirname as _dirname, abspath as _abspath, join as _join, isf
from os import makedirs as _makedirs
-from risotto.utils import ZONES_SERVER
+#from risotto.utils import ZONES_SERVER
_HERE = _dirname(_abspath(__main__.__file__))
@@ -81,30 +81,8 @@ def _set_password(server_name: str,
return file_content
-def get_range(lst):
- return list(range(max(1, len(lst))))
-
-
def get_zone_name(zones: list,
index: str,
):
if zones is not None:
return zones[int(index)]
-
-
-def get_domain_name(server_name: str,
- extra_domainnames: list,
- suffix: str,
- ) -> str:
- index = int(suffix)
- if index == 0:
- return server_name
- return extra_domainnames[index - 1]
-
-
-def get_provider_name(network_name: str,
- provider: str,
- ) -> str:
- if network_name not in ZONES_SERVER['providers'] or provider not in ZONES_SERVER['providers'][network_name]:
- return
- return ZONES_SERVER['providers'][network_name][provider][0]
diff --git a/seed/base/funcs/base.py b/seed/base/funcs/base.py
index 10a4031f..6e3dde36 100644
--- a/seed/base/funcs/base.py
+++ b/seed/base/funcs/base.py
@@ -1,9 +1,26 @@
from typing import List
from risotto.utils import load_domains, DOMAINS
+from risotto.utils import multi_function as _multi_function
+@_multi_function
def get_ip(server_name: str) -> str:
- load_domains()
- host_name, domain_name = server_name.split('.', 1)
- domain = DOMAINS[domain_name]
- return domain[1][domain[0].index(host_name)]
+ if server_name is None:
+ return
+ if isinstance(server_name, list):
+ return_list = True
+ else:
+ return_list = False
+ server_name = [server_name]
+ lst = []
+ for s_name in server_name:
+ host_name, domain_name = s_name.split('.', 1)
+ if not domain_name in DOMAINS:
+ raise ValueError(f'cannot find IP in domain name "{domain_name}" (for "{s_name}")')
+ domain = DOMAINS[domain_name]
+ ret = domain[1][domain[0].index(host_name)]
+ if not return_list:
+ return ret
+ if ret not in lst:
+ lst.append(ret)
+ return lst
diff --git a/seed/dns-external/dictionaries/14-dns-external.xml b/seed/dns-external/dictionaries/14-dns-external.xml
index 9cdb18b2..06f3b086 100644
--- a/seed/dns-external/dictionaries/14-dns-external.xml
+++ b/seed/dns-external/dictionaries/14-dns-external.xml
@@ -5,14 +5,7 @@
False
-
+
-
-
- zone_name_eth0
- ExternalDNS
- dns_client_address
-
-
diff --git a/seed/dns-local/dictionaries/13-dns-local.xml b/seed/dns-local/dictionaries/13-dns-local.xml
index 129bfc85..fb58cb48 100644
--- a/seed/dns-local/dictionaries/13-dns-local.xml
+++ b/seed/dns-local/dictionaries/13-dns-local.xml
@@ -10,21 +10,13 @@
True
-
+
-
- zone_name_eth0
- LocalDNS
- dns_client_address
-
-
- dns_client_address
- dns
- ip_eth0
- ip
+
+ dns_client_address
ip_dns
diff --git a/seed/dns-local/templates/dns-local.yml b/seed/dns-local/templates/dns-local.yml
index 10e01013..1f5b1cef 100644
--- a/seed/dns-local/templates/dns-local.yml
+++ b/seed/dns-local/templates/dns-local.yml
@@ -3,13 +3,13 @@ addresses:
%if %%getVar('dns_client_address', None)
- dns_address: '%%dns_client_address'
dns_ip: '%%ip_dns'
-%elif %%getVar('unbound_forward_address', None)
+%elif %%getVar('unbound_forward_address', None) is not None
%for %%authority in %%unbound_forward_address
- dns_address: %%authority
dns_ip: %%get_ip(%%str(%%authority))
%end for
%else
- %for %%zone in %%nsd_zones_auto
+ %for %%zone in %%nsd_zones
%set %%suffix = %%normalize_family(%%zone)
%set %%hostnames = %%nsd["nsd_zone_" + %%suffix]["hostname_" + %%suffix]["hostname_" + %%suffix]
%for %%nsd in %%hostnames
diff --git a/seed/dovecot/applicationservice.yml b/seed/dovecot/applicationservice.yml
index 5f39c6dd..8237e8e8 100644
--- a/seed/dovecot/applicationservice.yml
+++ b/seed/dovecot/applicationservice.yml
@@ -2,8 +2,7 @@ format: '0.1'
description: Postfix et Dovecot
depends:
- base-fedora-36
- - relay-mail-client
+ - relay-lmtp-client
- ldap-client-fedora
- oauth2-client
- nginx-https
-provider: IMAP
diff --git a/seed/dovecot/dictionaries/26_dovecot.xml b/seed/dovecot/dictionaries/26_dovecot.xml
index 084e5e43..05e555eb 100644
--- a/seed/dovecot/dictionaries/26_dovecot.xml
+++ b/seed/dovecot/dictionaries/26_dovecot.xml
@@ -47,7 +47,7 @@
/etc/pki/tls/private/dovecot.key
external_imap_crt
external_imap_key
- /tests/imap.yml
+ /tests/imap.yml
@@ -71,9 +71,8 @@
-
+
-
@@ -81,36 +80,22 @@
-
+
+
+
+
+
False
-
-
-
-
-
-
-
- smtp_relay_address
- lmtp_server
- domain_name_eth0
- mail_domains
-
-
- smtp_relay_address
- lmtp_criteria
- domain_name_eth0
- mail_domains
-
/etc/pki/tls/certs/imap_
imap_domainname
@@ -136,14 +121,12 @@
postfix_pem_files
- mail_domains
- mail_domains_calc
+ domain_name_eth0
+ imap_internal_address
- autoconfig
mail_domains
- .
- mail_domains_calc_autoconfig
+ mail_domains_calc
/var/www/html/mail/
@@ -154,49 +137,20 @@
True
well_known_filenames
-
- revprox_client_server_domainname
- revprox_clients
- revprox_location
- /mail/config-v1.1.xml
- revprox_is_websocket
- False
- revprox_url
- well_knowns
- True
-
- mail_domains_calc_autoconfig
-
-
- revprox_client_server_domainname
- revprox_clients
- revprox_location
- /.well-known/autoconfig/mail/config-v1.1.xml
- revprox_is_websocket
- False
- revprox_url
- well_knowns
- True
-
- mail_domains_calc
-
-
- revprox_client_server_domainname
- revprox_clients
- revprox_location
- /autodiscover/autodiscover.xml
- revprox_is_websocket
- False
- revprox_url
- well_knowns
- True
-
- mail_domains_calc
-
+
domain_name_eth0
mail_domains
- well_knowns
+ revprox_client_web_address
+
+
+ mail_domains
+ revprox_client_external_domainnames
+
+
+ revprox_client_external_domainnames
+
+ revprox_client_location
diff --git a/seed/dovecot/funcs/dovecot.py b/seed/dovecot/funcs/dovecot.py
index 415c5277..ea3be207 100644
--- a/seed/dovecot/funcs/dovecot.py
+++ b/seed/dovecot/funcs/dovecot.py
@@ -11,10 +11,29 @@ def sha512_crypt(password):
@_multi_function
-def calc_well_known(*args):
- if None in args:
- return
+def calc_domains(domains):
ret = []
- for dom in args[1]:
- ret.append(f'https://{args[0]}/mail/{dom}/autodiscover/autodiscover.xml')
+ for domain in domains:
+ ret.append(domain)
+ ret.append(domain)
+ ret.append(f'autoconfig.{domain}')
return ret
+
+
+@_multi_function
+def calc_locations(domain, index):
+ i = index//3
+ if 3 * i == index:
+ # divisible by three
+ return '/autodiscover/autodiscover.xml'
+ elif 3 * i + 1 == index:
+ return '/.well-known/autoconfig/mail/config-v1.1.xml'
+ return '/mail/config-v1.1.xml'
+
+
+@_multi_function
+def calc_well_known(index, dns, doms):
+ if None in (dns, doms):
+ return None
+ i = index//3
+ return f'https://{dns}/mail/{doms[i]}/autodiscover/autodiscover.xml'
diff --git a/seed/dovecot/templates/dovecot-ldap.conf.ext b/seed/dovecot/templates/dovecot-ldap.conf.ext
index 4e3bf82d..168da383 100644
--- a/seed/dovecot/templates/dovecot-ldap.conf.ext
+++ b/seed/dovecot/templates/dovecot-ldap.conf.ext
@@ -107,7 +107,7 @@ auth_bind = yes
# LDAP base. %variables can be used here.
# For example: dc=mail, dc=example, dc=org
# GNUNUX base =
-base = %%ldapclient_base_dn
+base = %%ldapclient_search_dn
# Dereference: never, searching, finding, always
#deref = never
diff --git a/seed/dovecot/templates/ldapsource.cf b/seed/dovecot/templates/ldapsource.cf
index 56068014..38555927 100644
--- a/seed/dovecot/templates/ldapsource.cf
+++ b/seed/dovecot/templates/ldapsource.cf
@@ -8,6 +8,6 @@ version = 3
bind = yes
bind_dn = %%ldapclient_user
bind_pw = %%ldapclient_user_password
-search_base = %%ldapclient_base_dn
+search_base = %%ldapclient_search_dn
query_filter = (mailLocalAddress=%s)
result_attribute = cn
diff --git a/seed/gitea/dictionaries/31_gitea.xml b/seed/gitea/dictionaries/31_gitea.xml
index f8ed6109..094c691e 100644
--- a/seed/gitea/dictionaries/31_gitea.xml
+++ b/seed/gitea/dictionaries/31_gitea.xml
@@ -25,9 +25,11 @@
-
- /
-
+
+
+ /
+
+
3000
diff --git a/seed/gitea/templates/app.ini b/seed/gitea/templates/app.ini
index 5d12cdf3..a031250f 100644
--- a/seed/gitea/templates/app.ini
+++ b/seed/gitea/templates/app.ini
@@ -19,10 +19,10 @@ ROOT = /srv/gitea/lib/data/gitea-repositories
DEFAULT_BRANCH = main
[server]
-SSH_DOMAIN = %%revprox_client_external_domainname
-DOMAIN = %%revprox_client_external_domainname
+SSH_DOMAIN = %%revprox_client_external_domainnames[0]
+DOMAIN = %%revprox_client_external_domainnames[0]
HTTP_PORT = 3000
-ROOT_URL = https://%%revprox_client_external_domainname/gitea/
+ROOT_URL = https://%%revprox_client_external_domainnames[0]/gitea/
LOCAL_ROOT_URL = https://%%domain_name_eth0:3000/
DISABLE_SSH = false
START_SSH_SERVER = true
diff --git a/seed/gitea/templates/gitea.yml b/seed/gitea/templates/gitea.yml
index fcd66717..ab40fd56 100644
--- a/seed/gitea/templates/gitea.yml
+++ b/seed/gitea/templates/gitea.yml
@@ -1,7 +1,8 @@
%set %%username="rougail_test@silique.fr"
ip: %%ip_eth0
revprox_ip: %%revprox_client_server_ip
-base_url: https://%%revprox_client_external_domainname%%revprox_client_location[0]
+%set %%domain = %%revprox_client_external_domainnames[0]
+base_url: https://%%domain%%domain.revprox_client_location
auth_url: %%oauth2_client_external[0]
auth_server: %%oauth2_server_domainname
username: %%username
diff --git a/seed/host-systemd-machined/dictionaries/21-machined.xml b/seed/host-systemd-machined/dictionaries/21-machined.xml
index 3e9636f0..219d9f8f 100644
--- a/seed/host-systemd-machined/dictionaries/21-machined.xml
+++ b/seed/host-systemd-machined/dictionaries/21-machined.xml
@@ -24,7 +24,7 @@
-
+
@@ -64,10 +64,6 @@
True
systemd_netzone_filename
-
- server_name
- host_name
-
zone_name
cidr
diff --git a/seed/host-systemd-machined/extras/machined/00-machined.xml b/seed/host-systemd-machined/extras/machined/00-machined.xml
index c75f73d9..4f31f93c 100644
--- a/seed/host-systemd-machined/extras/machined/00-machined.xml
+++ b/seed/host-systemd-machined/extras/machined/00-machined.xml
@@ -7,14 +7,14 @@
-
+
-
-
-
-
-
-
+
+
+
+
+
+
diff --git a/seed/imap-client/dictionaries/21_imap_client.xml b/seed/imap-client/dictionaries/21_imap_client.xml
index 50e7392b..065ec0ea 100644
--- a/seed/imap-client/dictionaries/21_imap_client.xml
+++ b/seed/imap-client/dictionaries/21_imap_client.xml
@@ -7,14 +7,7 @@
-
+
-
-
- zone_name_eth0
- IMAP
- imap_address
-
-
diff --git a/seed/ldap-client/dictionaries/21_ldap-client.xml b/seed/ldap-client/dictionaries/21_ldap-client.xml
index 362e6f9b..ac1ce2f4 100644
--- a/seed/ldap-client/dictionaries/21_ldap-client.xml
+++ b/seed/ldap-client/dictionaries/21_ldap-client.xml
@@ -12,16 +12,19 @@
-
+
636
-
-
-
-
+
+
+
+
+
+
+
@@ -38,10 +41,23 @@
ldapclient_base_dn
-
- zone_name_eth0
- LDAP
- ldap_server_address
+
+ ldap_server_address
+ ldapclient_base_dn
+
+
+ ou=accounts
+ ldapclient_base_dn
+ ,
+ ldapclient_search_dn
+
+
+ cn=
+ domain_name_eth0
+ ,
+ ldapclient_base_dn
+
+ ldapclient_user
tls_ca_directory
@@ -61,16 +77,6 @@
/
ldap_key_file
-
- ldap_server_address
- clients
- domain_name_eth0
- client_family
- ldapclient_family
- True
- dn
- ldapclient_user
-
ldap_server_address
ldapclient_user
@@ -80,13 +86,14 @@
True
ldapclient_user_password
-
- ldap_server_address
- client_password
- ldapclient_user_password
- base_dn
- domain_name_eth0
- ldapclient_base_dn
+
+ ldapclient_base_dn
+ True
+ ldapclient_group_dn
+
+
+ ldapclient_base_dn
+ ldapclient_user_dn
diff --git a/seed/ldap-client/funcs/openldap_client.py b/seed/ldap-client/funcs/openldap_client.py
index 59789164..e67591b7 100644
--- a/seed/ldap-client/funcs/openldap_client.py
+++ b/seed/ldap-client/funcs/openldap_client.py
@@ -11,6 +11,8 @@ def calc_ldapclient_base_dn(ldap_base_dn: str,
base: bool=False,
group: bool=False,
) -> str:
+ if ldap_base_dn is None:
+ return
if family_name == 'all':
family_name = None
base = True
@@ -28,3 +30,23 @@ def calc_ldapclient_base_dn(ldap_base_dn: str,
if family_name != '-':
base_name = f'ou={family_name},{base_name}'
return base_name
+
+
+class _Undefined:
+ pass
+
+
+_undefined = _Undefined()
+
+
+def get_default_base_dn(server_name: str) -> str:
+ if not server_name or '.' not in server_name:
+ return None
+ values = server_name.split('.')
+ # cannot calculated base dn should be server.domain.tld
+ # remove 'server' in dn
+ if len(values) < 3:
+ return None
+ domain = ['ou=' + domain for domain in values[1:-2]]
+ domain.append(f'o={values[-2]},o={values[-1]}')
+ return ','.join(domain)
diff --git a/seed/ldap-client/templates/ldap.conf b/seed/ldap-client/templates/ldap.conf
index 7c40a7f5..3a65745d 100644
--- a/seed/ldap-client/templates/ldap.conf
+++ b/seed/ldap-client/templates/ldap.conf
@@ -6,7 +6,7 @@
# This file should be world readable but not world writable.
#BASE dc=example,dc=com
-BASE %%ldapclient_base_dn
+BASE %%ldapclient_search_dn
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
URI ldaps://%%ldap_server_address:%%ldap_port
diff --git a/seed/lemonldap/applicationservice.yml b/seed/lemonldap/applicationservice.yml
index f715b6a0..723261ea 100644
--- a/seed/lemonldap/applicationservice.yml
+++ b/seed/lemonldap/applicationservice.yml
@@ -6,4 +6,3 @@ depends:
- reverse-proxy-client
- relay-mail-client
- nginx-common
-provider: OAuth2
diff --git a/seed/lemonldap/dictionaries/70_lemonldap_ng.xml b/seed/lemonldap/dictionaries/70_lemonldap_ng.xml
index bf229ac1..37b7de86 100644
--- a/seed/lemonldap/dictionaries/70_lemonldap_ng.xml
+++ b/seed/lemonldap/dictionaries/70_lemonldap_ng.xml
@@ -28,6 +28,7 @@
False
+
@@ -40,15 +41,13 @@
all
-
-
- ldap_server_address
- ldap_group
- ldapclient_group_dn
+
+ revprox_client_external_domainnames
+ oauth2_client_external_domain
diff --git a/seed/lemonldap/extras/oauth2/00_oauth2.xml b/seed/lemonldap/extras/oauth2/00_oauth2.xml
index 924ef09e..2f4a1c92 100644
--- a/seed/lemonldap/extras/oauth2/00_oauth2.xml
+++ b/seed/lemonldap/extras/oauth2/00_oauth2.xml
@@ -1,23 +1,30 @@
-
+
-
-
-
-
-
+
+
+
+
+
-
-
+
+
-
-
+
+
HS512
RS256
+
+
+
+ oauth2.remotes
+ oauth2.clients
+
+
diff --git a/seed/lemonldap/templates/lemonldap-ng-fastcgi-server.service b/seed/lemonldap/templates/lemonldap-ng-fastcgi-server.service
index 984b4f0e..f61277e7 100644
--- a/seed/lemonldap/templates/lemonldap-ng-fastcgi-server.service
+++ b/seed/lemonldap/templates/lemonldap-ng-fastcgi-server.service
@@ -3,5 +3,5 @@ After=nginx.service
[Service]
ExecStartPre=/usr/bin/timeout 90 bash -c 'while ! 3<> /dev/tcp/%%ldap_server_address/%%ldap_port; do sleep 1; done'
-ExecStartPost=-/usr/bin/timeout 10 bash -c 'while ! /usr/local/lib/sbin/interne_well_known.pl > /var/www/html/.well-known/openid-configuration/int; do sleep 5; done'
+ExecStartPost=-/usr/bin/timeout 10 bash -c 'while ! /usr/local/lib/sbin/interne_well_known.pl > /var/www/html/.well-known/openid-configuration/int; do sleep 1; done'
ExecStartPost=-/bin/bash -c '/usr/local/lib/sbin/interne_well_known.pl no > /var/www/html/.well-known/openid-configuration/ext'
diff --git a/seed/lemonldap/templates/lemonldap.yml b/seed/lemonldap/templates/lemonldap.yml
index 73fcfdbc..07bd77a4 100644
--- a/seed/lemonldap/templates/lemonldap.yml
+++ b/seed/lemonldap/templates/lemonldap.yml
@@ -1,3 +1,3 @@
-address: %%revprox_client_external_domainname
+address: %%revprox_client_external_domainnames[0]
internal_address: %%domain_name_eth0
ip: %%ip_eth0
diff --git a/seed/lemonldap/templates/lmConf-1.json b/seed/lemonldap/templates/lmConf-1.json
index 38b37315..2a084980 100644
--- a/seed/lemonldap/templates/lmConf-1.json
+++ b/seed/lemonldap/templates/lmConf-1.json
@@ -13,7 +13,7 @@ commentStartToken = §
"ldapPpolicyControl" : 1,
"ldapAllowResetExpiredPassword" : 1,
"ldapChangePasswordAsUser" : 1,
- "ldapBase" : "%%ldapclient_base_dn",
+ "ldapBase" : "%%ldapclient_search_dn",
"ldapExportedVars" : {
"uid" : "uid",
"cn" : "cn",
@@ -41,7 +41,7 @@ commentStartToken = §
"mail" : "mail",
"uid" : "uid"
},
- "domain" : "%%revprox_client_external_domainname",
+ "domain" : "%%revprox_client_external_domainnames[0]",
"exportedVars" : {
"UA" : "HTTP_USER_AGENT",
"cn" : "cn",
@@ -60,21 +60,21 @@ commentStartToken = §
"namespace" : "lemonldap-ng-sessions"
},
"locationRules" : {
- "%%revprox_client_external_domainname" : {
+ "%%revprox_client_external_domainnames[0]" : {
"default" : "accept"
%set %%domains = []
%for %%app in %%oauth2.remotes
%set %%key = %%normalize_family(%%app)
§ somethink like ['https://domain/']
%for %%external in %%oauth2['oauth2_' + %%key]['external_' + %%key]['hosts_' + %%key]
- %set %%domain = %%str(%%external).split('/', 3)[-2]
- %if %%domain not in %%domains
+ %set %%domain = %%str(%%external).split('/', 3)[-2]
+ %if %%domain not in %%domains
},
"%%domain" : {
"^/logout" : "logout_sso",
"default" : "$groups eq \"%%external['family_' + %%key]\""
%%domains.append(%%domain)%slurp
- %end if
+ %end if
%end for
%end for
}
@@ -84,7 +84,7 @@ commentStartToken = §
"UA" : "$ENV{HTTP_USER_AGENT}",
"_whatToTrace" : "$_auth eq 'SAML' ? lc($_user.'@'.$_idpConfKey) : $_auth eq 'OpenIDConnect' ? lc($_user.'@'.$_oidc_OP) : lc($_user)"
},
- "mailUrl" : "https://%%revprox_client_external_domainname/resetpwd",
+ "mailUrl" : "https://%%revprox_client_external_domainnames[0]/resetpwd",
"mySessionAuthorizedRWKeys" : [
"_appsListOrder",
"_oidcConnectedRP",
@@ -161,7 +161,7 @@ commentStartToken = §
"Directory": "/srv/lemonldap-ng/psessions",
"LockDirectory": "/srv/lemonldap-ng/psessions/lock"
},
- "portal" : "https://%%revprox_client_external_domainname/",
+ "portal" : "https://%%revprox_client_external_domainnames[0]/",
"portalCheckLogins": 0,
"portalDisplayRegister": 0,
"portalDisplayResetPassword": 0,
diff --git a/seed/lemonldap/templates/portal-nginx.conf b/seed/lemonldap/templates/portal-nginx.conf
index 54087f9c..45ad1591 100644
--- a/seed/lemonldap/templates/portal-nginx.conf
+++ b/seed/lemonldap/templates/portal-nginx.conf
@@ -48,7 +48,7 @@ server {
# GNUNUX server_name auth.example.com;
#>GNUNUX
listen 443 ssl;
- server_name %%revprox_client_external_domainname;
+ server_name %%{revprox_client_external_domainnames[0]};
ssl_certificate %%revprox_cert_file;
ssl_certificate_key %%revprox_key_file;
ssl_client_certificate %%revprox_ca_file;
diff --git a/seed/letsencrypt/funcs/letsencrypt.py b/seed/letsencrypt/funcs/letsencrypt.py
index 170ca950..9a2ba330 100644
--- a/seed/letsencrypt/funcs/letsencrypt.py
+++ b/seed/letsencrypt/funcs/letsencrypt.py
@@ -56,7 +56,8 @@ def letsencrypt_certif(domain: str,
]
ret = _run(cli_args, capture_output=True)
if ret.returncode != 0:
- raise ValueError(ret.stderr.decode())
+ print("FIXME")
+ #raise ValueError(ret.stderr.decode())
print("Done")
with open(date_file, 'w') as fh:
fh.write(today)
diff --git a/seed/mailman/applicationservice.yml b/seed/mailman/applicationservice.yml
index 7ade44c6..769c5867 100644
--- a/seed/mailman/applicationservice.yml
+++ b/seed/mailman/applicationservice.yml
@@ -3,7 +3,7 @@ description: Gestionnaire de liste de diffusion Mailman
depends:
- base-fedora-35
- postgresql-client
- - relay-mail-client
+ - relay-lmtp-client
- reverse-proxy-client
- nginx-common
- oauth2-client
diff --git a/seed/mailman/extras/mailman/20_mailman.xml b/seed/mailman/extras/mailman/20_mailman.xml
index 4811ffed..97066c77 100644
--- a/seed/mailman/extras/mailman/20_mailman.xml
+++ b/seed/mailman/extras/mailman/20_mailman.xml
@@ -5,7 +5,7 @@
-
+
@@ -17,18 +17,6 @@
mailman.list_.names_
mailman.names_
-
- smtp_relay_address
- lmtp_server
- domain_name_eth0
- mailman.names_
-
-
- smtp_relay_address
- lmtp_criteria
- domain_name_eth0
- mailman.names_
-
diff --git a/seed/mailman/templates/postorius-settings.py b/seed/mailman/templates/postorius-settings.py
index 7d26767b..64cf818b 100644
--- a/seed/mailman/templates/postorius-settings.py
+++ b/seed/mailman/templates/postorius-settings.py
@@ -13,9 +13,9 @@ DATABASES = {
'OPTIONS': {'sslmode': 'verify-full', 'sslcert': '/etc/pki/tls/certs/postgresql.crt', 'sslkey': '/etc/pki/tls/private/postgresql_postorius.key', 'sslrootcert': '/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt'},
}
}
-ALLOWED_HOSTS = ['%%revprox_client_external_domainname']
-POSTORIUS_TEMPLATE_BASE_URL = 'https://%%revprox_client_external_domainname'
-CSRF_TRUSTED_ORIGINS = ['%%revprox_client_external_domainname']
+ALLOWED_HOSTS = ['%%{revprox_client_external_domainnames[0]}']
+POSTORIUS_TEMPLATE_BASE_URL = 'https://%%{revprox_client_external_domainnames[0]}'
+CSRF_TRUSTED_ORIGINS = ['%%{revprox_client_external_domainnames[0]}']
USE_X_FORWARDED_HOST = True
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
LANGUAGE_CODE = 'fr'
diff --git a/seed/mailman/templates/postorius.service b/seed/mailman/templates/postorius.service
index 484c26fa..1f29c6c4 100644
--- a/seed/mailman/templates/postorius.service
+++ b/seed/mailman/templates/postorius.service
@@ -19,7 +19,7 @@ RestrictRealtime=yes
PrivateMounts=yes
Environment="MAILMAN_WEB_CONFIG=/usr/share/postorius/m_postorius/settings.py"
ExecStartPre=/usr/share/postorius/manage.py migrate
-ExecStartPre=/usr/share/postorius/manage.py shell -c 'from django.contrib.sites.models import Site; site=Site.objects.first(); site.name="%%revprox_client_external_domainname"; site.domain="%%revprox_client_external_domainname"; site.save()'
+ExecStartPre=/usr/share/postorius/manage.py shell -c 'from django.contrib.sites.models import Site; site=Site.objects.first(); site.name="%%{revprox_client_external_domainnames[0]}"; site.domain="%%{revprox_client_external_domainnames[0]}"; site.save()'
ExecStartPre=/usr/share/postorius/manage.py shell -c 'from allauth.socialaccount.models import SocialApp; SocialApp.objects.create() if SocialApp.objects.count() == 0 else print("social app already exists"); a=SocialApp.objects.first(); a.name = "%%domain_name_eth0"; a.provider = "risotto"; a.client_id = "%%oauth2_client_id"; a.secret = "%%oauth2_client_secret"; a.sites.set([1]); a.save()'
ExecStartPre=-/usr/share/postorius/manage.py createsuperuser --username "%%mailman_mail_owner" --email "%%mailman_mail_owner" --noinput
ExecStart=/usr/bin/gunicorn --config /etc/postorius/gunicorn_config.py m_postorius.wsgi
diff --git a/seed/mariadb-client/dictionaries/20_mariadb.xml b/seed/mariadb-client/dictionaries/20_mariadb.xml
index 23fbd224..39ac585e 100644
--- a/seed/mariadb-client/dictionaries/20_mariadb.xml
+++ b/seed/mariadb-client/dictionaries/20_mariadb.xml
@@ -5,33 +5,28 @@
-
+
-
+
-
- zone_name_eth0
- MariaDB
- mariadb_client_server_domainname
-
-
- mariadb_client_server_domainname
- clients
- domain_name_eth0
+
+ domain_name_eth0
mariadb_client_username
-
- mariadb_client_server_domainname
- client_password
- mariadb_client_username
- mariadb_client_password
-
mariadb_client_username
mariadb_client_database
+
+ mariadb_client_server_domainname
+ domain_name_eth0
+ remote
+ cleartext
+ hide_secret
+ mariadb_client_password
+
diff --git a/seed/mariadb/applicationservice.yml b/seed/mariadb/applicationservice.yml
index 5b07270d..a0d982e3 100644
--- a/seed/mariadb/applicationservice.yml
+++ b/seed/mariadb/applicationservice.yml
@@ -1,6 +1,4 @@
format: '0.1'
description: Mariadb
depends:
- - server
- base-fedora-36
-provider: MariaDB
diff --git a/seed/mariadb/extras/accounts/00_accounts.xml b/seed/mariadb/extras/accounts/00_accounts.xml
new file mode 100644
index 00000000..63f1451d
--- /dev/null
+++ b/seed/mariadb/extras/accounts/00_accounts.xml
@@ -0,0 +1,10 @@
+
+
+
+
+
+
+
+
+
+
diff --git a/seed/nextcloud/dictionaries/31_nextcloud.xml b/seed/nextcloud/dictionaries/31_nextcloud.xml
index ef6a93e2..26e5a2e7 100644
--- a/seed/nextcloud/dictionaries/31_nextcloud.xml
+++ b/seed/nextcloud/dictionaries/31_nextcloud.xml
@@ -5,7 +5,7 @@
/etc/nextcloud/config.php
- /etc/nextcloud/nextcloud.init
+ /sbin/nextcloud.init
/etc/httpd/conf.d/a-nextcloud-access.conf
/etc/httpd/conf.d/z-nextcloud-access.conf
/etc/php.d/20-pgsql.ini
@@ -66,38 +66,12 @@
hide_secret
nextcloud_instance_id
-
- revprox_client_external_domainnames
- nextcloud_well_known_server
-
-
domain_name_eth0
revprox_client_port
/.well-known/caldav
nextcloud_well_known_caldav
-
domain_name_eth0
revprox_client_port
diff --git a/seed/nextcloud/templates/nextcloud-config.php b/seed/nextcloud/templates/nextcloud-config.php
index ceb39df0..05569b4b 100644
--- a/seed/nextcloud/templates/nextcloud-config.php
+++ b/seed/nextcloud/templates/nextcloud-config.php
@@ -11,7 +11,7 @@ $CONFIG = array (
'trusted_domains' =>
array (
0 => 'localhost',
- 1 => '%%revprox_client_external_domainname',
+ 1 => '%%revprox_client_external_domainnames[0]',
),
'apps_paths' =>
array (
@@ -49,7 +49,7 @@ $CONFIG = array (
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'trusted_proxies' => '%%revprox_client_server_ip',
- 'overwritehost' => '%%revprox_client_external_domainname',
+ 'overwritehost' => '%%revprox_client_external_domainnames[0]',
'filelocking.enabled' => true,
'redis' => [
'host' => '%%redis_client_server_domainname',
diff --git a/seed/nextcloud/templates/nextcloud.init b/seed/nextcloud/templates/nextcloud.init
index f68c9595..81293361 100644
--- a/seed/nextcloud/templates/nextcloud.init
+++ b/seed/nextcloud/templates/nextcloud.init
@@ -29,9 +29,9 @@ fi
/usr/bin/php /usr/share/nextcloud/occ ldap:set-config s01 ldapPort "%%ldap_port"
/usr/bin/php /usr/share/nextcloud/occ ldap:set-config s01 ldapAgentName "%%ldapclient_user"
/usr/bin/php /usr/share/nextcloud/occ ldap:set-config s01 ldapAgentPassword "%%ldapclient_user_password"
-/usr/bin/php /usr/share/nextcloud/occ ldap:set-config s01 ldapBase "%%ldapclient_base_dn"
-/usr/bin/php /usr/share/nextcloud/occ ldap:set-config s01 ldapBaseUsers "%%ldapclient_base_dn"
-/usr/bin/php /usr/share/nextcloud/occ ldap:set-config s01 ldapBaseGroups "%%ldapclient_base_dn"
+/usr/bin/php /usr/share/nextcloud/occ ldap:set-config s01 ldapBase "%%ldapclient_search_dn"
+/usr/bin/php /usr/share/nextcloud/occ ldap:set-config s01 ldapBaseUsers "%%ldapclient_user_dn"
+/usr/bin/php /usr/share/nextcloud/occ ldap:set-config s01 ldapBaseGroups "%%ldapclient_group_dn"
/usr/bin/php /usr/share/nextcloud/occ ldap:set-config s01 ldapExperiencedAdmin "0"
/usr/bin/php /usr/share/nextcloud/occ ldap:set-config s01 ldapExpertUUIDUserAttr "cn"
/usr/bin/php /usr/share/nextcloud/occ ldap:set-config s01 ldapLoginFilter "(&(cn=%uid)(ObjectClass=inetOrgPerson))"
diff --git a/seed/nextcloud/templates/nextcloud.service b/seed/nextcloud/templates/nextcloud.service
index 052de7a3..0a9339fe 100644
--- a/seed/nextcloud/templates/nextcloud.service
+++ b/seed/nextcloud/templates/nextcloud.service
@@ -8,7 +8,7 @@ Type=oneshot
WorkingDirectory=/usr/share/nextcloud
#FIXME
ExecStart=+/usr/bin/chmod +w /etc/nextcloud/config.php
-ExecStart=/etc/nextcloud/nextcloud.init
+ExecStart=/usr/local/lib/sbin/nextcloud.init
ExecStart=+/usr/bin/chmod -w /etc/nextcloud/config.php
User=apache
Group=apache
diff --git a/seed/nginx-reverse-proxy/applicationservice.yml b/seed/nginx-reverse-proxy/applicationservice.yml
index b8c2c665..486d2385 100644
--- a/seed/nginx-reverse-proxy/applicationservice.yml
+++ b/seed/nginx-reverse-proxy/applicationservice.yml
@@ -3,4 +3,3 @@ description: Nginx as reverse proxy
depends:
- base-fedora-36
- nginx-common
-provider: ReverseProxy
diff --git a/seed/nginx-reverse-proxy/dictionaries/25_nginx.xml b/seed/nginx-reverse-proxy/dictionaries/25_nginx.xml
index 3572c6fe..3ed3d35b 100644
--- a/seed/nginx-reverse-proxy/dictionaries/25_nginx.xml
+++ b/seed/nginx-reverse-proxy/dictionaries/25_nginx.xml
@@ -5,8 +5,8 @@
/etc/nginx/conf.d/options-rp.conf
/etc/nginx/conf.d/risotto.conf
- nginx_certificate_filename
- nginx_private_key_filename
+ nginx.nginx_certificate_filename
+ nginx.nginx_private_key_filename
/tests/reverse-proxy.yml
@@ -22,34 +22,6 @@
True
-
-
-
-
-
-
-
- revprox_domainnames
- revprox_domainnames_auto
- revprox_domainnames_all
-
-
- /etc/pki/tls/certs/
- revprox_domainnames_all
- .crt
-
- True
- nginx_certificate_filename
-
-
- /etc/pki/tls/private/
- revprox_domainnames_all
- .key
-
- True
- nginx_private_key_filename
-
-
diff --git a/seed/nginx-reverse-proxy/extras/nginx/00-nginx.xml b/seed/nginx-reverse-proxy/extras/nginx/00-nginx.xml
index 8c37ebb0..c80da867 100644
--- a/seed/nginx-reverse-proxy/extras/nginx/00-nginx.xml
+++ b/seed/nginx-reverse-proxy/extras/nginx/00-nginx.xml
@@ -1,16 +1,40 @@
-
-
- False
-
+
+
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+ nginx.reverse_proxy_for_.reverse_proxy_.revprox_domainnames_
+ nginx.revprox_domainnames
+
+
+ /etc/pki/tls/certs/
+ nginx.revprox_domainnames
+ .crt
+
+ True
+ nginx.nginx_certificate_filename
+
+
+ /etc/pki/tls/private/
+ nginx.revprox_domainnames
+ .key
+
+ True
+ nginx.nginx_private_key_filename
+
+
diff --git a/seed/nginx-reverse-proxy/funcs/nginx.py b/seed/nginx-reverse-proxy/funcs/nginx.py
index 6f84a4ef..6496b443 100644
--- a/seed/nginx-reverse-proxy/funcs/nginx.py
+++ b/seed/nginx-reverse-proxy/funcs/nginx.py
@@ -1,9 +1,11 @@
-from typing import List as _List
-from risotto.utils import multi_function
+from risotto.utils import multi_function as _multi_function
-@multi_function
-def nginx_concat_lists(list1: _List[str],
- list2: _List[str],
- ) -> _List[str]:
- return list1 + list2
+@_multi_function
+def nginx_list(lst):
+ ret = []
+ for l in lst:
+ ret.extend(l)
+ ret = list(set(ret))
+ ret.sort()
+ return ret
diff --git a/seed/nginx-reverse-proxy/templates/nginx.service b/seed/nginx-reverse-proxy/templates/nginx.service
index db75ec16..7a327997 100644
--- a/seed/nginx-reverse-proxy/templates/nginx.service
+++ b/seed/nginx-reverse-proxy/templates/nginx.service
@@ -1,9 +1,9 @@
%set %%domains = set()
-%for %%domainname in %%revprox_domainnames_all
+%for %%domainname in %%nginx.remotes
%set %%family = %%normalize_family(%%domainname)
%set %%revprox = %%nginx['reverse_proxy_for_' + family]['reverse_proxy_' + family]
- %for %%location in %%revprox['revprox_location_' + family]
- %set %%domain = %%location['revprox_url_' + family].split('/', 3)[2].split(':')[0]
+ %for %%domain in %%revprox['revprox_domainnames_' + family]
+ %set %%domain = %%domain['revprox_url_' + family].split('/', 3)[2].split(':')[0]
%%domains.add(%%domain)%slurp
%end for
%end for
diff --git a/seed/nginx-reverse-proxy/templates/reverse-proxy.yml b/seed/nginx-reverse-proxy/templates/reverse-proxy.yml
index c4dbdcec..2c856d76 100644
--- a/seed/nginx-reverse-proxy/templates/reverse-proxy.yml
+++ b/seed/nginx-reverse-proxy/templates/reverse-proxy.yml
@@ -1,10 +1,12 @@
address: %%ip_eth0
urls:
-%for %%domain in %%revprox_domainnames_all
+%for %%domain in %%nginx.remotes
%set %%suffix = %%normalize_family(%%domain)
- %for %%location in %%nginx['reverse_proxy_for_' + %%suffix]['reverse_proxy_' + %%suffix]['revprox_location_' + %%suffix]
- %if not %%location['revprox_is_websocket_' + %%suffix]
-- %%domain%%location
- %end if
+ %for %%revprox in %%nginx['reverse_proxy_for_' + %%suffix]['reverse_proxy_' + %%suffix]['revprox_domainnames_' + %%suffix]
+ %for %%loc_idx, %%location in %%enumerate(%%revprox['revprox_location_' + %%suffix])
+ %if not %%revprox['revprox_is_websocket_' + %%suffix][%%loc_idx]
+- %%revprox%%location
+ %end if
+ %end for
%end for
%end for
diff --git a/seed/nginx-reverse-proxy/templates/revprox-nginx.conf b/seed/nginx-reverse-proxy/templates/revprox-nginx.conf
index f0763ac1..c1c7ff68 100644
--- a/seed/nginx-reverse-proxy/templates/revprox-nginx.conf
+++ b/seed/nginx-reverse-proxy/templates/revprox-nginx.conf
@@ -1,7 +1,4 @@
-%for %%idx, %%domainname in %%enumerate(%%revprox_domainnames_all)
- %set %%family = %%normalize_family(%%domainname)
- %set %%revprox = %%nginx['reverse_proxy_for_' + family]['reverse_proxy_' + family]
- %set %%wildcard = %%nginx['reverse_proxy_for_' + family]['revprox_domain_wildcard_' + family]
+%for %%idx, %%domainname in %%enumerate(%%nginx.revprox_domainnames)
# Configuration HTTP %%domainname
server {
listen 80;
@@ -12,23 +9,29 @@ server {
# Configuration HTTPS %%domainname
server {
listen 443 ssl http2;
- ssl_certificate %%nginx_certificate_filename[%%idx];
- ssl_certificate_key %%nginx_private_key_filename[%%idx];
+ ssl_certificate %%nginx.nginx_certificate_filename[%%idx];
+ ssl_certificate_key %%nginx.nginx_private_key_filename[%%idx];
server_name %%domainname;
error_page 403 404 502 503 504 /error.html;
location = /error.html{
root /var/www/html;
}
- %for %%location in %%revprox['revprox_location_' + family]
- %set %%location_str = %%str(%%location)
+ %for %%remote in %%nginx.remotes
+ %set %%family = %%normalize_family(%%remote)
+ %set %%revprox = %%nginx['reverse_proxy_for_' + %%family]['reverse_proxy_' + %%family]
+ %for %%rp_domainname in %%revprox['revprox_domainnames_' + %%family]
+ %if %%domainname != %%str(%%rp_domainname)
+ %continue
+ %end if
+ %for %%loc_idx, %%location in %%enumerate(%%rp_domainname['revprox_location_' + %%family])
location %%location {
- proxy_pass %%location['revprox_url_' + family];
- %if %%location['revprox_is_websocket_' + family]
+ proxy_pass %%rp_domainname['revprox_url_' + %%family];
+ %if %%rp_domainname['revprox_is_websocket_' + %%family][%%loc_idx]
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
- %else
+ %else
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
@@ -37,25 +40,28 @@ server {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Destination $dest;
- %end if
+ %end if
proxy_ssl_trusted_certificate /etc/pki/ca-trust/source/anchors/ca_InternalReverseProxy.crt;
proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
proxy_ssl_session_reuse on;
- %set %%maxbody = %%location['revprox_max_body_size_' + family]
- %if %%maxbody
+ %set %%maxbody = %%rp_domainname['revprox_max_body_size_' + %%family]
+ %if %%maxbody
client_max_body_size %%maxbody;
- %end if
+ %end if
set $dest $http_destination;
index error.html;
root /var/www/html;
}
# If user missing '/'
- %if %%location_str != '/' and %%location_str.endswith('/')
- location %%location_str[:-1] {
- rewrite ^(%%location_str[:-1])$ $1/ permanent;
+ %if %%location != '/' and %%location.endswith('/')
+ location %%location[:-1] {
+ rewrite ^(%%location[:-1])$ $1/ permanent;
}
- %end if
+ %end if
+ %end for
+ %end for
%end for
}
+
%end for
diff --git a/seed/nsd/applicationservice.yml b/seed/nsd/applicationservice.yml
index 8637ef57..c2b20d80 100644
--- a/seed/nsd/applicationservice.yml
+++ b/seed/nsd/applicationservice.yml
@@ -3,4 +3,3 @@ description: Configuration du serveur faisant autorité NSD
service: true
depends:
- base-fedora-36
-provider: LocalDNS
diff --git a/seed/nsd/dictionaries/20_nsd.xml b/seed/nsd/dictionaries/20_nsd.xml
index 19ee6222..eb7c213f 100644
--- a/seed/nsd/dictionaries/20_nsd.xml
+++ b/seed/nsd/dictionaries/20_nsd.xml
@@ -5,9 +5,9 @@
nsd_allowed_all_client
/etc/nsd/conf.d/risotto.conf
- nsd_zone_filenames
+ nsd_zone_filenames
nsd_zone_filenames_signed
- nsd_reverse_filenames
+ nsd_reverse_filenames
nsd_reverse_filenames_signed
/sysusers.d/0nsd.conf
/tmpfiles.d/0nsd.conf
@@ -20,78 +20,59 @@
-
-
+
+
+
-
-
-
+
+
-
- zone_name_eth0
- ExternalDNS
- nsd_resolver
-
ip_eth0
ip_dns
-
- ip_eth
+
nsd_allowed_client
- nsd_resolve_ip
- nsd_allowed_all_client
-
-
- nsd_resolver
- authorities
- domain_name_eth0
- ip
- 0
- nsd_resolve_ip
-
-
- nsd_resolver
- authorities
- domain_name_eth0
- authority_zones
- nsd_zones_all
-
-
- nsd_resolver
- authorities
- domain_name_eth0
- authority_zones
- nsd_reverse_reverse_name
-
-
- nsd_zones_auto
+ nsd_allowed_client_ip
nsd_zones
- nsd_zones_auto
+ nsd_reverse_name
nsd_zones_all
+
+ ip_eth
+ nsd_allowed_client_ip
+ nsd_resolve_ip
+ nsd_allowed_all_client
+
+
+ nsd_resolver
+ nsd_resolve_ip
+
+
+ nsd_zones
+
nsd_reverse_network
- nsd_reverse_reverse_name
+ nsd_reverse_name
/etc/nsd/
- nsd_zones_all
+ nsd_zones
.zone
True
@@ -106,7 +87,7 @@
/etc/nsd/
- nsd_reverse_reverse_name
+ nsd_reverse_name
reverse
True
diff --git a/seed/nsd/extras/nsd/00_nsd.xml b/seed/nsd/extras/nsd/00_nsd.xml
index 2db2f9d0..16228bad 100644
--- a/seed/nsd/extras/nsd/00_nsd.xml
+++ b/seed/nsd/extras/nsd/00_nsd.xml
@@ -1,8 +1,7 @@
-
-
+
@@ -16,20 +15,13 @@
-
-
- nsd_zones_auto
- nsd.nsd_zone_.is_auto_
-
- nsd.nsd_zone_.is_auto_
host
nsd.nsd_zone_.hostname_.hostname_
- nsd.nsd_zone_.is_auto_
ip
nsd.nsd_zone_.hostname_.ip_
@@ -42,9 +34,5 @@
CNAME
nsd.nsd_zone_.hostname_.ip_
-
- True
- nsd.nsd_zone_.hostname_
-
diff --git a/seed/nsd/funcs/funcs.py b/seed/nsd/funcs/funcs.py
index ca521b1e..387743a6 100644
--- a/seed/nsd/funcs/funcs.py
+++ b/seed/nsd/funcs/funcs.py
@@ -8,6 +8,8 @@ from shutil import rmtree as _rmtree, copy2 as _copy2
from glob import glob as _glob
from filecmp import cmp as _cmp
+from risotto.utils import DOMAINS as _DOMAINS
+
_PKI_DIR = _abspath('pki/dnssec')
_ALGO = 'ECDSAP256SHA256'
@@ -32,9 +34,11 @@ def nsd_concat_lists(list1: _List[str],
list2: _List[str],
str1: str=None,
) -> _List[str]:
- ret = list1 + list2
+ ret = set(list1 + list2)
if str1:
- ret.append(str1)
+ ret.add(str1)
+ ret = list(ret)
+ ret.sort()
return ret
@@ -117,3 +121,14 @@ def sign(zone_filename: str,
with open(signed_filename) as fh:
content = fh.read().strip()
return content
+
+
+def get_internal_info_in_zone(zone: str,
+ type: str,
+ index: int=None,
+ ) -> _List[str]:
+ if zone not in _DOMAINS:
+ return []
+ if type == 'host':
+ return list(_DOMAINS[zone][0])
+ return _DOMAINS[zone][1][index]
diff --git a/seed/nsd/templates/nsd.reverse b/seed/nsd/templates/nsd.reverse
index 48d50761..7ac9f94c 100644
--- a/seed/nsd/templates/nsd.reverse
+++ b/seed/nsd/templates/nsd.reverse
@@ -1,6 +1,6 @@
%set %%name = None
%set %%network = %%ip_network(%%nsd_reverse_network[%%rougail_index])
-%for %%zone in %%nsd_zones_all
+%for %%zone in %%nsd_zones
%set %%suffix = %%normalize_family(%%zone)
%set %%hostnames = %%nsd["nsd_zone_" + %%suffix]["hostname_" + %%suffix]["hostname_" + %%suffix]
%for %%hostname in %%hostnames
diff --git a/seed/nsd/templates/nsd.yml b/seed/nsd/templates/nsd.yml
index c0809d03..8da8c983 100644
--- a/seed/nsd/templates/nsd.yml
+++ b/seed/nsd/templates/nsd.yml
@@ -1,6 +1,6 @@
address: '%%ip_eth0'
records:
-%for %%domain in %%nsd_zones_all
+%for %%domain in %%nsd_zones
%set %%suffix = %%normalize_family(%%domain)
%set %%hostnames = %%nsd["nsd_zone_" + %%suffix]["hostname_" + %%suffix]["hostname_" + %%suffix]
%for %%nsd in %%hostnames
diff --git a/seed/nsd/templates/risotto.conf b/seed/nsd/templates/risotto.conf
index 9a40a9a2..05346121 100644
--- a/seed/nsd/templates/risotto.conf
+++ b/seed/nsd/templates/risotto.conf
@@ -10,7 +10,7 @@ server:
remote-control:
control-enable: no
-%for %%zone in %%nsd_zones_all
+%for %%zone in %%nsd_zones
zone:
name: "%%zone"
@@ -19,6 +19,6 @@ zone:
%for %%reverse in %%nsd_reverse_network
zone:
- name: "%%reverse.nsd_reverse_reverse_name"
- zonefile: "%%{reverse.nsd_reverse_reverse_name}reverse.signed"
+ name: "%%reverse.nsd_reverse_name"
+ zonefile: "%%{reverse.nsd_reverse_name}reverse.signed"
%end for
diff --git a/seed/oauth2-client/dictionaries/30_oauth2_client.xml b/seed/oauth2-client/dictionaries/30_oauth2_client.xml
index 9d3d0bcb..cc6e415c 100644
--- a/seed/oauth2-client/dictionaries/30_oauth2_client.xml
+++ b/seed/oauth2-client/dictionaries/30_oauth2_client.xml
@@ -2,41 +2,37 @@
-
+
False
-
-
-
+
+
+
-
-
+
+
users
-
+
Défaut
-
+
demo.png
-
-
+
+
HS512
HS512
RS256
-
+
+
-
- zone_name_eth0
- OAuth2
- oauth2_client_server_domainname
-
domain_name_eth0
oauth2_client_id
@@ -49,32 +45,6 @@
hide_secret
oauth2_client_secret
-
- oauth2_client_server_domainname
- domain_name_eth0
- oauth2
- oauth2_client_secret
- oauth2_secret
- oauth2_client_name
- oauth2_name
- oauth2_client_description
- oauth2_description
- oauth2_client_external
- oauth2_external
- oauth2_client_family
- oauth2_family
- oauth2_client_category
- oauth2_category
- oauth2_client_logo
- oauth2_logo
- oauth2_client_login
- oauth2_login
- True
- oauth2_client_token_signature_algo
- oauth2_token_signature_algo
- external_domainname
- oauth2_server_domainname
-
revprox_client_external_domainnames
revprox_client_location
diff --git a/seed/oauth2-client/funcs/oauth2_client.py b/seed/oauth2-client/funcs/oauth2_client.py
index 47647fed..7329157d 100644
--- a/seed/oauth2-client/funcs/oauth2_client.py
+++ b/seed/oauth2-client/funcs/oauth2_client.py
@@ -4,6 +4,8 @@ from risotto.utils import multi_function as _multi_function
@_multi_function
def calc_oauth2_client_external(external, location, *extras):
if not external or not location or None in extras:
+ if isinstance(external, list):
+ return []
return
if isinstance(external, list):
return [f'https://{exter}{location[0]}' + ''.join(extras) for exter in external]
diff --git a/seed/openldap/applicationservice.yml b/seed/openldap/applicationservice.yml
index bc4841db..d6ae0dd4 100644
--- a/seed/openldap/applicationservice.yml
+++ b/seed/openldap/applicationservice.yml
@@ -3,4 +3,3 @@ description: OpenLDAP server
depends:
- ldap-client-fedora
- base-fedora-36
-provider: LDAP
diff --git a/seed/openldap/dictionaries/21_openldap-server.xml b/seed/openldap/dictionaries/21_openldap-server.xml
index c23a7629..29dfa490 100644
--- a/seed/openldap/dictionaries/21_openldap-server.xml
+++ b/seed/openldap/dictionaries/21_openldap-server.xml
@@ -14,7 +14,7 @@
/secrets/admin_ldap.pwd
/sysusers.d/risotto-openldap.conf
/tmpfiles.d/0openldap-server.conf
- /tests/openldap.yml
+ /tests/openldap.yml
@@ -76,10 +76,9 @@
-
+
-
-
+
@@ -89,29 +88,20 @@
domain_name_eth0
ldap_server_address
-
- domain_name_eth0
- ldapclient_base_dn
-
ldapclient_base_dn
True
ldap_account_dn
-
- ldapclient_base_dn
- True
- ldap_group_dn
-
-
- ldapclient_base_dn
- ldap_user_dn
-
cn=admin
ldapclient_base_dn
,
ldapclient_user
+
+ ldapclient_base_dn
+ ldapclient_search_dn
+
diff --git a/seed/openldap/extras/accounts/00_account.xml b/seed/openldap/extras/accounts/00_account.xml
index 63691336..aea85549 100644
--- a/seed/openldap/extras/accounts/00_account.xml
+++ b/seed/openldap/extras/accounts/00_account.xml
@@ -1,13 +1,12 @@
-
+
-
-
-
-
-
+
+
+
+
@@ -30,19 +29,6 @@
-
- ldapclient_base_dn
- accounts.remote_.family_
- accounts.remote_.base_dn_
-
-
- cn=
-
- ,
- ldapclient_base_dn
-
- accounts.remote_.dn_
-
domain_name_eth0
accounts.users.ldap_user_mail
diff --git a/seed/openldap/funcs/ldap.py b/seed/openldap/funcs/ldap.py
index 597d26cb..e0059c78 100644
--- a/seed/openldap/funcs/ldap.py
+++ b/seed/openldap/funcs/ldap.py
@@ -29,16 +29,3 @@ def ssha_encode(password):
with open(_SSHA_PASSWORD_DIR, 'w') as fh:
_dump(passwords, fh)
return ret
-
-
-def get_default_base_dn(server_name: str) -> str:
- if not server_name or '.' not in server_name:
- return None
- values = server_name.split('.')
- # cannot calculated base dn should be server.domain.tld
- # remove 'server' in dn
- if len(values) < 3:
- return None
- domain = ['ou=' + domain for domain in values[1:-2]]
- domain.append(f'o={values[-2]},o={values[-1]}')
- return ','.join(domain)
diff --git a/seed/openldap/templates/config_acl.ldif b/seed/openldap/templates/config_acl.ldif
index e26b4f68..5a6dcec4 100644
--- a/seed/openldap/templates/config_acl.ldif
+++ b/seed/openldap/templates/config_acl.ldif
@@ -11,11 +11,12 @@
%set %%name = %%normalize_family(%%remote)
%set %%family = %%accounts['remote_' + %%name]['family_' + %%name]
%%groups.append(%%accounts['remote_' + %%name]['dn_' + %%name])%slurp
- %if %%accounts['remote_' + %%name]['read_only_' + %%name]
- %set %%right = 'read'
- %else
- %set %%right = 'write'
- %end if
+%set %%right = 'read'
+# %if %%accounts['remote_' + %%name]['read_only_' + %%name]
+# %set %%right = 'read'
+# %else
+# %set %%right = 'write'
+# %end if
%%dns.setdefault(%%family, []).append((%%accounts['remote_' + %%name]['dn_' + %%name], %%right))%slurp
%end for
dn: olcDatabase={2}mdb,cn=config
@@ -25,7 +26,7 @@ olcAccess: {0}to attrs=userPassword
by self write
by anonymous auth
by * none
-olcAccess: {1}to dn.subtree="%%ldap_group_dn"
+olcAccess: {1}to dn.subtree="%%ldapclient_group_dn"
%for group in %%groups
by dn="%%group" read
%end for
diff --git a/seed/openldap/templates/openldap.yml b/seed/openldap/templates/openldap.yml
index 50ef8b5d..e8c68279 100644
--- a/seed/openldap/templates/openldap.yml
+++ b/seed/openldap/templates/openldap.yml
@@ -12,9 +12,9 @@ user_password: %%get_password(server_name='test', username=%%username, descripti
user_family_dn: %%userfamilydn
user_family_password: %%get_password(server_name='test', username=%%username_family, description="test", type="cleartext", hide=%%hide_secret, temporary=True)
base_account_dn: %%ldap_account_dn
-base_user_dn: %%ldap_user_dn
+base_user_dn: %%ldapclient_user_dn
base_family_dn: %%familydn
-base_group_dn: %%ldap_group_dn
+base_group_dn: %%ldapclient_group_dn
%for %%idx in %%range(3)
%set %%name = 'remote_test' + %%str(%%idx)
remote%%idx: cn=%%name,%%ldapclient_base_dn
@@ -24,7 +24,7 @@ users:
%%username: %%userdn
%%username_family: %%userfamilydn
%for %%user in %%accounts.users.ldap_user_mail
- %%user: cn=%%user,%%ldap_user_dn
+ %%user: cn=%%user,%%ldapclient_user_dn
%end for
%for %%family in %%accounts.families
%set %%families = %%calc_ldapclient_base_dn(%%ldapclient_base_dn, %%family)
@@ -36,7 +36,7 @@ groups:
users:
- %%userdn
%for %%user in %%accounts.users.ldap_user_mail
- - cn=%%user,%%ldap_user_dn
+ - cn=%%user,%%ldapclient_user_dn
%end for
%for %%family in %%accounts.families
%%family:
diff --git a/seed/openldap/templates/users.ldif b/seed/openldap/templates/users.ldif
index ad6d0b8a..bae187ec 100644
--- a/seed/openldap/templates/users.ldif
+++ b/seed/openldap/templates/users.ldif
@@ -40,7 +40,7 @@ objectClass: top
objectClass: organizationalUnit
## Accounts users
-%set %%users = %%ldap_user_dn
+%set %%users = %%ldapclient_user_dn
dn: %%users
ou: users
objectClass: top
@@ -129,7 +129,7 @@ objectClass: inetLocalMailRecipient
%end for
## Groups
-%set %%groupdn = %%ldap_group_dn
+%set %%groupdn = %%ldapclient_group_dn
dn: %%groupdn
ou: groups
objectClass: top
diff --git a/seed/openldap/templates/users_mod.ldif b/seed/openldap/templates/users_mod.ldif
index e85ada38..1bdcdb45 100644
--- a/seed/openldap/templates/users_mod.ldif
+++ b/seed/openldap/templates/users_mod.ldif
@@ -27,7 +27,7 @@ userPassword:: %%ssha_encode(%%password)
%set groups = {'users': [%%userdn],
%%name_family: [%%userfamilydn],
}
-%set %%users = %%ldap_user_dn
+%set %%users = %%ldapclient_user_dn
%for %%user in %%accounts.users.ldap_user_mail
%set %%userdn = 'cn=' + %%user + ',' + %%users
%%groups['users'].append(%%userdn)%slurp
@@ -57,7 +57,7 @@ mailLocalAddress: %%alias
%end for
# Groups
-%set %%groupdn = %%ldap_group_dn
+%set %%groupdn = %%ldapclient_group_dn
%for %%group, %%members in %%groups.items()
dn: cn=%%group,%%groupdn
changetype: modify
diff --git a/seed/peertube/templates/nginx.peertube.conf b/seed/peertube/templates/nginx.peertube.conf
index 9ee5b7eb..145eee6f 100644
--- a/seed/peertube/templates/nginx.peertube.conf
+++ b/seed/peertube/templates/nginx.peertube.conf
@@ -68,7 +68,7 @@ server {
location @api {
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header Host %%revprox_client_external_domainname;
+ proxy_set_header Host %%revprox_client_external_domainnames[0];
# proxy_set_header X-Real-IP $remote_addr;
client_max_body_size 100k; # default is 1M
@@ -119,7 +119,7 @@ server {
location @api_websocket {
proxy_http_version 1.1;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header Host %%revprox_client_external_domainname;
+ proxy_set_header Host %%revprox_client_external_domainnames[0];
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
diff --git a/seed/peertube/templates/production.yaml b/seed/peertube/templates/production.yaml
index d9b1e315..95ca2bc5 100644
--- a/seed/peertube/templates/production.yaml
+++ b/seed/peertube/templates/production.yaml
@@ -8,7 +8,7 @@ listen:
# Correspond to your reverse proxy server_name/listen configuration (i.e., your public PeerTube instance URL)
webserver:
https: true
- hostname: '%%revprox_client_external_domainname'
+ hostname: '%%revprox_client_external_domainnames[0]'
port: 443
rates_limit:
diff --git a/seed/piwigo/dictionaries/31_piwigo.xml b/seed/piwigo/dictionaries/31_piwigo.xml
index 9274b5ad..58659e1c 100644
--- a/seed/piwigo/dictionaries/31_piwigo.xml
+++ b/seed/piwigo/dictionaries/31_piwigo.xml
@@ -5,7 +5,7 @@
/tmpfiles.d/0piwigo.conf
/etc/piwigo/config.inc.php
/etc/piwigo/database.inc.php
- /bin/piwigo.sh
+ /sbin/piwigo.sh
/etc/php-fpm.d/piwigo.conf
diff --git a/seed/piwigo/funcs/piwigo.sh b/seed/piwigo/funcs/piwigo.py
similarity index 100%
rename from seed/piwigo/funcs/piwigo.sh
rename to seed/piwigo/funcs/piwigo.py
diff --git a/seed/piwigo/templates/piwigo.service b/seed/piwigo/templates/piwigo.service
index 3afd3384..e75c1c11 100644
--- a/seed/piwigo/templates/piwigo.service
+++ b/seed/piwigo/templates/piwigo.service
@@ -5,7 +5,7 @@ Before=nginx.service php-fpm.service
[Service]
Type=oneshot
-ExecStart=/usr/local/lib/bin/piwigo.sh
+ExecStart=/usr/local/lib/sbin/piwigo.sh
User=nginx
Group=nginx
diff --git a/seed/postfix-lmtp-relay/applicationservice.yml b/seed/postfix-lmtp-relay/applicationservice.yml
new file mode 100644
index 00000000..0a719101
--- /dev/null
+++ b/seed/postfix-lmtp-relay/applicationservice.yml
@@ -0,0 +1,2 @@
+format: '0.1'
+description: Postfix as LMTP relay
diff --git a/seed/postfix-relay/extras/lmtp/00-lmtp.xml b/seed/postfix-lmtp-relay/extras/lmtp/00-lmtp.xml
similarity index 87%
rename from seed/postfix-relay/extras/lmtp/00-lmtp.xml
rename to seed/postfix-lmtp-relay/extras/lmtp/00-lmtp.xml
index 93479ab2..ca50b309 100644
--- a/seed/postfix-relay/extras/lmtp/00-lmtp.xml
+++ b/seed/postfix-lmtp-relay/extras/lmtp/00-lmtp.xml
@@ -1,9 +1,9 @@
-
+
-
+
diff --git a/seed/postfix-relay/DEBUG.md b/seed/postfix-relay/DEBUG.md
index 324683b4..4e7d1b65 100644
--- a/seed/postfix-relay/DEBUG.md
+++ b/seed/postfix-relay/DEBUG.md
@@ -49,3 +49,9 @@ postconf maillog_file=/dev/stdout
https://www.mail-tester.com/
https://dkimvalidator.com/
+
+# debug mail :
+
+journalctl -m -u postfix -g address mail
+# get date
+journalctl -m -u postfix --since "2022-07-31 23:14:04"
diff --git a/seed/postfix-relay/applicationservice.yml b/seed/postfix-relay/applicationservice.yml
index 88aa4724..c004d5ba 100644
--- a/seed/postfix-relay/applicationservice.yml
+++ b/seed/postfix-relay/applicationservice.yml
@@ -1,6 +1,6 @@
format: '0.1'
-description: Postfix has relay
+description: Postfix as relay
depends:
- base-fedora-35
- dns-external
-provider: SMTP
+ - postfix-lmtp-relay
diff --git a/seed/postfix-relay/dictionaries/30_postfix.xml b/seed/postfix-relay/dictionaries/30_postfix.xml
index 57230e0b..eb8258b1 100644
--- a/seed/postfix-relay/dictionaries/30_postfix.xml
+++ b/seed/postfix-relay/dictionaries/30_postfix.xml
@@ -43,10 +43,9 @@
-
+
-
-
+
@@ -63,14 +62,6 @@
True
opendkim_keys
-
- domain_name_eth0
-
- local authentification
- cleartext
- hide_secret
- local_authentification_password_
-
/etc/postfix/certs/
domain_name_eth
diff --git a/seed/postfix-relay/templates/main.cf b/seed/postfix-relay/templates/main.cf
index b7ec3e8a..8810003c 100644
--- a/seed/postfix-relay/templates/main.cf
+++ b/seed/postfix-relay/templates/main.cf
@@ -318,7 +318,7 @@ smtpd_recipient_restrictions =
#mynetworks = 168.100.3.0/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table
-mynetworks = 172.0.0.0/8
+mynetworks = 127.0.0.0/8
# The relay_domains parameter restricts what destinations this system will
# relay mail to. See the smtpd_recipient_restrictions description in
diff --git a/seed/postfix-relay/templates/postfix.service b/seed/postfix-relay/templates/postfix.service
index 7e33496e..bf6a4ede 100644
--- a/seed/postfix-relay/templates/postfix.service
+++ b/seed/postfix-relay/templates/postfix.service
@@ -4,7 +4,7 @@ ExecStartPre=/usr/sbin/postmap -F /etc/postfix/sni
%for %%local in %%postfix_relay_authentifications
%set %%user = %%normalize_family(%%local)
%set %%password = %%getVar('local_authentification_password_' + %%user)
- %set %%ip = %%getVar('local_authentification_ip_' + %%user)
+ %set %%ip = %%get_ip(%%local)
ExecStartPre=-/usr/bin/bash -c "echo %%password | /usr/sbin/saslpasswd2 -u %%ip %%user -p"
%end for
ExecStartPre=/usr/bin/chown postfix: /etc/sasl2/sasldb2
diff --git a/seed/postgresql-client/dictionaries/23_postgresql.xml b/seed/postgresql-client/dictionaries/23_postgresql.xml
index 9a64f739..138f7d3f 100644
--- a/seed/postgresql-client/dictionaries/23_postgresql.xml
+++ b/seed/postgresql-client/dictionaries/23_postgresql.xml
@@ -10,9 +10,9 @@
-
+
-
+
apache
@@ -24,18 +24,17 @@
domain_name_eth0
pg_client_username
-
+
+
+ pg_client_server_domainname
+ domain_name_eth0
+ remote
+ cleartext
+ hide_secret
pg_client_password
diff --git a/seed/postgresql/applicationservice.yml b/seed/postgresql/applicationservice.yml
index e445853c..e1055d6f 100644
--- a/seed/postgresql/applicationservice.yml
+++ b/seed/postgresql/applicationservice.yml
@@ -1,6 +1,4 @@
format: '0.1'
description: Postgresql
depends:
- - server
- base-fedora-36
-provider: Postgresql
diff --git a/seed/postgresql/dictionaries/22_postgresql.xml b/seed/postgresql/dictionaries/22_postgresql.xml
index 2fa2ef75..b9a67c8f 100644
--- a/seed/postgresql/dictionaries/22_postgresql.xml
+++ b/seed/postgresql/dictionaries/22_postgresql.xml
@@ -8,7 +8,7 @@
/etc/postgresql/pg_hba.conf
/etc/postgresql/postgresql.sql
/etc/postgresql/pg_ident.conf
- /bin/postgresql_init
+ /sbin/postgresql_init
/sysusers.d/0postgresql.conf
/tmpfiles.d/0postgresql.conf
/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt
diff --git a/seed/server/extras/accounts/00_accounts.xml b/seed/postgresql/extras/accounts/00_accounts.xml
similarity index 50%
rename from seed/server/extras/accounts/00_accounts.xml
rename to seed/postgresql/extras/accounts/00_accounts.xml
index 7f8a1f01..66111a88 100644
--- a/seed/server/extras/accounts/00_accounts.xml
+++ b/seed/postgresql/extras/accounts/00_accounts.xml
@@ -1,20 +1,16 @@
-
+
-
-
+
+
-
- domain_name_eth0
-
- remote
- cleartext
- hide_secret
- accounts.remote_.password_
+
+
+ accounts.remote_.remote_ip_
diff --git a/seed/postgresql/templates/postgresql.service b/seed/postgresql/templates/postgresql.service
index a65b4c5d..4bae4c9b 100644
--- a/seed/postgresql/templates/postgresql.service
+++ b/seed/postgresql/templates/postgresql.service
@@ -5,7 +5,7 @@ Environment=PG_HBA=/etc/postgresql/pg_hba.conf
Environment=PG_IDENT=/etc/postgresql/pg_ident.conf
Environment=LC_ALL=fr_FR.UTF-8
ExecStartPre=
-ExecStartPre=+/usr/local/lib/bin/postgresql_init
+ExecStartPre=+/usr/local/lib/sbin/postgresql_init
# if upgrade needed, do it
ExecStartPre=/bin/bash -c '%slurp
/usr/libexec/postgresql-check-db-dir %N || (%slurp
diff --git a/seed/provider-systemd-machined/dictionaries/10-machined.xml b/seed/provider-systemd-machined/dictionaries/10-machined.xml
index 16d589e1..0519f9be 100644
--- a/seed/provider-systemd-machined/dictionaries/10-machined.xml
+++ b/seed/provider-systemd-machined/dictionaries/10-machined.xml
@@ -1,7 +1,7 @@
-
+
diff --git a/seed/provider-systemd-machined/dictionaries/16-machined.xml b/seed/provider-systemd-machined/dictionaries/16-machined.xml
index 0e08e934..877b4343 100644
--- a/seed/provider-systemd-machined/dictionaries/16-machined.xml
+++ b/seed/provider-systemd-machined/dictionaries/16-machined.xml
@@ -13,24 +13,25 @@
/var/lib/risotto/srv
-
+
/var/lib/risotto/configurations
-
+
/var/lib/risotto/journals
-
+
False
-
-
+
+
host
+
@@ -41,65 +42,24 @@
container_srv_path
/
- domain_name_eth0
+ server_name
srv_dir
container_journal_path
/
- domain_name_eth0
+ server_name
journal_dir
container_config_path
/
- domain_name_eth0
+ server_name
config_dir
-
- machines
- domain_name_eth0
- host
-
-
- host
- incoming_ports
- domain_name_eth0
- incoming_ports
-
-
- host
- outgoing_ports
- domain_name_eth0
- outgoing_ports
-
-
- host
- machine_srv
- domain_name_eth0
- srv_dir
-
-
- host
- machine_journal
- domain_name_eth0
- journal_dir
-
-
- host
- machine_config
- domain_name_eth0
- config_dir
-
-
- host
- machine_zones
- domain_name_eth0
- zones_list
-
diff --git a/seed/redis-client/dictionaries/23_redis.xml b/seed/redis-client/dictionaries/23_redis.xml
index 0a1d32ca..04b405c2 100644
--- a/seed/redis-client/dictionaries/23_redis.xml
+++ b/seed/redis-client/dictionaries/23_redis.xml
@@ -10,38 +10,26 @@
-
-
-
+
+
+
apache
-
- zone_name_eth0
- Redis
- redis_client_server_domainname
-
-
- redis_client_server_domainname
- redis_client
- domain_name_eth0
+
+ domain_name_eth0
redis_client_username
-
- redis_client_server_domainname
- redis_client_password
- redis_client_username
+
+ redis_client_server_domainname
+ domain_name_eth0
+ redis
+ cleartext
+ hide_secret
redis_client_password
-
- redis_client_server_domainname
- redis_client_ip
- ip_eth0
- redis_client_username
- redis_client_password
-
diff --git a/seed/redis/applicationservice.yml b/seed/redis/applicationservice.yml
index b923a7e4..ad2c0918 100644
--- a/seed/redis/applicationservice.yml
+++ b/seed/redis/applicationservice.yml
@@ -2,4 +2,3 @@ format: '0.1'
description: Redis
depends:
- base-fedora-36
-provider: Redis
diff --git a/seed/redis/extras/account/00_account.xml b/seed/redis/extras/account/00_account.xml
index 3202ce19..5de6542c 100644
--- a/seed/redis/extras/account/00_account.xml
+++ b/seed/redis/extras/account/00_account.xml
@@ -1,18 +1,14 @@
-
-
-
+
+
+
-
- domain_name_eth0
- account.remote
- redis
- cleartext
- hide_secret
- account.password
+
+ account.remote
+ account.remote_ip
diff --git a/seed/relay-lmtp-client/applicationservice.yml b/seed/relay-lmtp-client/applicationservice.yml
new file mode 100644
index 00000000..e7411404
--- /dev/null
+++ b/seed/relay-lmtp-client/applicationservice.yml
@@ -0,0 +1,4 @@
+format: '0.1'
+description: Client LMTP
+depends:
+ - relay-mail-client
diff --git a/seed/relay-lmtp-client/dictionaries/30_lmtp.xml b/seed/relay-lmtp-client/dictionaries/30_lmtp.xml
new file mode 100644
index 00000000..888424ff
--- /dev/null
+++ b/seed/relay-lmtp-client/dictionaries/30_lmtp.xml
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+ smtp_relay_address
+ lmtp_relay_address
+
+
+
diff --git a/seed/relay-mail-client/dictionaries/20_smtp_client.xml b/seed/relay-mail-client/dictionaries/20_smtp_client.xml
index 75d6cd12..f04bfc3f 100644
--- a/seed/relay-mail-client/dictionaries/20_smtp_client.xml
+++ b/seed/relay-mail-client/dictionaries/20_smtp_client.xml
@@ -7,35 +7,23 @@
-
+
-
+
-
- zone_name_eth0
- SMTP
- smtp_relay_address
-
-
- smtp_relay_address
- mail
- domain_name_eth0
+
+ domain_name_eth0
smtp_relay_user
-
- smtp_relay_address
- mail_password
- smtp_relay_user
+
+ smtp_relay_address
+ domain_name_eth0
+ local authentification
+ cleartext
+ hide_secret
smtp_relay_password
-
- smtp_relay_address
- mail_ip
- ip_eth0
- smtp_relay_user
- smtp_relay_password
-
diff --git a/seed/reverse-proxy-client/dictionaries/21_nginx_client.xml b/seed/reverse-proxy-client/dictionaries/21_nginx_client.xml
index f937e143..a8e419e0 100644
--- a/seed/reverse-proxy-client/dictionaries/21_nginx_client.xml
+++ b/seed/reverse-proxy-client/dictionaries/21_nginx_client.xml
@@ -8,21 +8,20 @@
-
+
-
-
-
+
+
/
-
+
False
-
+
+
+
-
-
443
@@ -37,14 +36,9 @@
-
- zone_name_eth0
- ReverseProxy
- revprox_client_server_domainname
-
-
- revprox_client_external_domainnames
- revprox_client_external_domainname
+
+ revprox_client_server_domainname
+ revprox_client_server_ip
domain_name_eth0
@@ -64,23 +58,5 @@
/
revprox_key_file
-
- revprox_client_server_domainname
- revprox_clients
- revprox_client_external_domainnames
- revprox_location
- revprox_client_location
- revprox_is_websocket
- revprox_client_is_websocket
- revprox_max_body_size
- revprox_client_max_body_size
- revprox_url
- revprox_client_web_address
- revprox_client_server_ip
-
-
diff --git a/seed/roundcube/dictionaries/31_roundcube.xml b/seed/roundcube/dictionaries/31_roundcube.xml
index a5afc3d7..2ea5416a 100644
--- a/seed/roundcube/dictionaries/31_roundcube.xml
+++ b/seed/roundcube/dictionaries/31_roundcube.xml
@@ -46,10 +46,12 @@
/usr/share/roundcubemail/
-
- /
-
-
+
+
+
+ /
+
+
diff --git a/seed/server/applicationservice.yml b/seed/server/applicationservice.yml
deleted file mode 100644
index 70c73671..00000000
--- a/seed/server/applicationservice.yml
+++ /dev/null
@@ -1,2 +0,0 @@
-format: '0.1'
-description: Extra files to allowed easily Server-Client configuration
diff --git a/seed/server/doc.md b/seed/server/doc.md
deleted file mode 100644
index 5b941fc7..00000000
--- a/seed/server/doc.md
+++ /dev/null
@@ -1,6 +0,0 @@
-Providers
-=========
-
-- clients : nom de domaine des clients (générique)
-- client_password : mot de passe des clients
-- client_ip : adresse IP des clients
diff --git a/seed/unbound/applicationservice.yml b/seed/unbound/applicationservice.yml
index 1e21e9af..3b22bdc1 100644
--- a/seed/unbound/applicationservice.yml
+++ b/seed/unbound/applicationservice.yml
@@ -4,4 +4,3 @@ service: true
depends:
- base-fedora-36
- dns-external
-provider: ExternalDNS
diff --git a/seed/unbound/dictionaries/20_unbound.xml b/seed/unbound/dictionaries/20_unbound.xml
index aba7c4bf..120779a9 100644
--- a/seed/unbound/dictionaries/20_unbound.xml
+++ b/seed/unbound/dictionaries/20_unbound.xml
@@ -25,13 +25,13 @@
-
-
-
-
-
+
+
+
+
+
@@ -39,5 +39,9 @@
ip_eth0
ip_dns
+
+ unbound_forward_address
+ unbound_allowed_client
+
diff --git a/seed/vaultwarden/dictionaries/40_vaultwarden.xml b/seed/vaultwarden/dictionaries/40_vaultwarden.xml
index 71ea3d0f..53562f04 100644
--- a/seed/vaultwarden/dictionaries/40_vaultwarden.xml
+++ b/seed/vaultwarden/dictionaries/40_vaultwarden.xml
@@ -12,17 +12,14 @@
-
- /
- /notifications/hub
-
-
+
vaultwarden
+
risotto
@@ -55,6 +52,16 @@
domain_name_eth0
vaultwarden_test_device_identifier
+
+ vaultwarden_domainname
+ vaultwarden_domainname
+ True
+ revprox_client_external_domainnames
+
+
+
+ revprox_client_location
+
True
False
diff --git a/seed/vaultwarden/funcs/vaultwarden.py b/seed/vaultwarden/funcs/vaultwarden.py
index 2b711125..12f4263b 100644
--- a/seed/vaultwarden/funcs/vaultwarden.py
+++ b/seed/vaultwarden/funcs/vaultwarden.py
@@ -9,6 +9,8 @@ _PASSWORD_DIR = _join(_HERE, 'password')
def get_uuid(server_name: str) -> str:
+ if not server_name:
+ return
dir_name = _join(_PASSWORD_DIR, server_name)
if not _isdir(dir_name):
_makedirs(dir_name)
@@ -20,3 +22,9 @@ def get_uuid(server_name: str) -> str:
with open(file_name, 'r') as fh:
file_content = fh.read().strip()
return file_content
+
+
+def calc_vaulwarden_location(index):
+ if not index:
+ return '/'
+ return '/notifications/hub'
diff --git a/seed/vaultwarden/templates/vaultwarden.yml b/seed/vaultwarden/templates/vaultwarden.yml
index 2a901d4e..06c489b0 100644
--- a/seed/vaultwarden/templates/vaultwarden.yml
+++ b/seed/vaultwarden/templates/vaultwarden.yml
@@ -1,4 +1,5 @@
-url: https://%%revprox_client_external_domainname%%{revprox_client_location[0]}
+%set %%domain = %%revprox_client_external_domainnames[0]
+url: https://%%domain%%domain.revprox_client_location
%set %%username='rougail_test@silique.fr'
username: %%username
password: %%get_password(server_name=%%domain_name_eth0, username=%%username, description='test', type="cleartext", hide=%%hide_secret, temporary=False)
diff --git a/seed/vaultwarden/templates/vaultwarden_config.env b/seed/vaultwarden/templates/vaultwarden_config.env
index e87abe1c..69a3fdda 100644
--- a/seed/vaultwarden/templates/vaultwarden_config.env
+++ b/seed/vaultwarden/templates/vaultwarden_config.env
@@ -256,11 +256,11 @@ INVITATION_ORG_NAME=%%vaultwarden_org_name
## For U2F to work, the server must use HTTPS, you can use Let's Encrypt for free certs
# DOMAIN=https://bw.domain.tld:8443
#>GNUNUX
-%set %%location = %%str(%%revprox_client_location[0])
+%set %%location = %%revprox_client_external_domainnames[0].revprox_client_location
%if %%location.endswith('/')
%set %%location = %%location[:-1]
%end if
-DOMAIN=https://%%revprox_client_external_domainname%%location
+DOMAIN=https://%%{revprox_client_external_domainnames[0]}%%location
#