diff --git a/seed/applicationservice/2022.03.08/base/manual/install/install_host b/seed/applicationservice/2022.03.08/base/manual/install/install_host index f63b5cd6..f6cb4aec 100755 --- a/seed/applicationservice/2022.03.08/base/manual/install/install_host +++ b/seed/applicationservice/2022.03.08/base/manual/install/install_host @@ -5,7 +5,7 @@ if [ -z "$HOST_NAME" ]; then echo "usage: $0 host name" exit 1 fi -apt install --yes systemd-container dnf jq debootstrap htop gettext +apt install --yes systemd-container dnf jq debootstrap htop gettext patch systemd-tmpfiles --create --clean --remove $PWD/host/configurations/$HOST_NAME/tmpfiles.d/0asystemd-nspawn.conf systemd-tmpfiles --create --clean --remove $PWD/host/configurations/$HOST_NAME/tmpfiles.d/0rougail.conf systemctl daemon-reload diff --git a/seed/applicationservice/2022.03.08/base/manual/install/install_image b/seed/applicationservice/2022.03.08/base/manual/install/install_image index b63231c0..36a3b5db 100755 --- a/seed/applicationservice/2022.03.08/base/manual/install/install_image +++ b/seed/applicationservice/2022.03.08/base/manual/install/install_image @@ -103,6 +103,9 @@ if [ -n "$COPR" ]; then wget "$COPR" cd - fi +if [ "$FUSION" = true ]; then + dnf -y install "https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$RELEASEVER.noarch.rpm" --installroot="$IMAGE_NAME_RISOTTO_IMAGE_DIR" +fi # FIXME verifier s'il y a des modifs sur pre/post if [ -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR".base.pkgs ] && [ -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR".pkgs ]; then @@ -125,12 +128,19 @@ if [ "$INSTALL" = true ]; then VERSION=0 fi mkdir tmp + ORI_DIR=$PWD cd tmp if [ ! "$VERSION" = 0 ]; then tar xf "$IMAGE_NAME_RISOTTO_IMAGE_NAME" + if [ "$INSTALL_TOOL" = "apt" ]; then + chown _apt "$IMAGE_NAME" + fi + else + mkdir "$IMAGE_NAME" fi - ../make_changelog "$IMAGE_NAME" "$VERSION" "$OS_NAME" "$RELEASEVER" > "$IMAGE_NAME_RISOTTO_IMAGE_DIR"_"$RELEASEVER"_"$VERSION"_changelog.md - cd - + cd "$IMAGE_NAME" + ../../make_changelog "$IMAGE_NAME" "$VERSION" "$OS_NAME" "$RELEASEVER" > "$IMAGE_NAME_RISOTTO_IMAGE_DIR"_"$RELEASEVER"_"$VERSION"_changelog.md + cd $ORI_DIR rm -rf tmp install_pkg sleep 2 diff --git a/seed/applicationservice/2022.03.08/base/manual/install/make_changelog b/seed/applicationservice/2022.03.08/base/manual/install/make_changelog index fcc0967d..c2da6ea9 100755 --- a/seed/applicationservice/2022.03.08/base/manual/install/make_changelog +++ b/seed/applicationservice/2022.03.08/base/manual/install/make_changelog @@ -34,7 +34,6 @@ def read_dnf_pkg_file(os_name, filename1, filename2): for idx, pkg_line in enumerate(pkgs_fh.readlines()): if idx < header_idx[fidx]: # header - print("béééé") continue sp_line = pkg_line.strip().split() if len(sp_line) < idx_version[fidx] + 1: @@ -154,13 +153,17 @@ type = "installe" for package in ori_pkg & new_dict: if ori_dict[package] == new_dict[package]: continue - run(['apt', 'download', package]) + info = run(['apt', 'download', package], capture_output=True) + if info.returncode: + raise Exception(f'cannot download {package}: {info}') packages = list(glob('*.deb')) packages.sort() for package in packages: - info = run(['apt-listchanges', '--which', 'both', '-f', 'text', package], capture_output=True) + info = run(['chroot', '.', 'apt-listchanges', '--which', 'both', '-f', 'text', package], capture_output=True) + if info.returncode: + raise Exception(f'cannot list changes for {package}: {info}') header = True - for line in info.split('\n'): + for line in info.stdout.decode().split('\n'): if not header: print(line) if line.startswith('-----------------------'): diff --git a/seed/applicationservice/2022.03.08/dovecot/dictionaries/22_dovecot.xml b/seed/applicationservice/2022.03.08/dovecot/dictionaries/22_dovecot.xml index 1348cb72..9a4717e2 100644 --- a/seed/applicationservice/2022.03.08/dovecot/dictionaries/22_dovecot.xml +++ b/seed/applicationservice/2022.03.08/dovecot/dictionaries/22_dovecot.xml @@ -86,6 +86,9 @@ + + + - diff --git a/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/templates/revprox-nginx.conf b/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/templates/revprox-nginx.conf index 72a00b24..f0763ac1 100644 --- a/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/templates/revprox-nginx.conf +++ b/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/templates/revprox-nginx.conf @@ -6,7 +6,7 @@ server { listen 80; server_name %%domainname; - return 301 https://www.domain.com$request_uri; + return 301 https://%%domainname$request_uri; } # Configuration HTTPS %%domainname @@ -25,6 +25,7 @@ server { location %%location { proxy_pass %%location['revprox_url_' + family]; %if %%location['revprox_is_websocket_' + family] + proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; %else @@ -41,6 +42,10 @@ server { proxy_ssl_verify on; proxy_ssl_verify_depth 2; proxy_ssl_session_reuse on; + %set %%maxbody = %%location['revprox_max_body_size_' + family] + %if %%maxbody + client_max_body_size %%maxbody; + %end if set $dest $http_destination; index error.html; root /var/www/html; diff --git a/seed/applicationservice/2022.03.08/php/applicationservice.yml b/seed/applicationservice/2022.03.08/php/applicationservice.yml index b097efd4..60a43167 100644 --- a/seed/applicationservice/2022.03.08/php/applicationservice.yml +++ b/seed/applicationservice/2022.03.08/php/applicationservice.yml @@ -1,4 +1,2 @@ format: '0.1' description: PHP configuration -depends: - - apache diff --git a/seed/applicationservice/2022.03.08/postfix-relay/dictionaries/30_postfix.xml b/seed/applicationservice/2022.03.08/postfix-relay/dictionaries/30_postfix.xml index 7926827a..37d0f69e 100644 --- a/seed/applicationservice/2022.03.08/postfix-relay/dictionaries/30_postfix.xml +++ b/seed/applicationservice/2022.03.08/postfix-relay/dictionaries/30_postfix.xml @@ -38,7 +38,6 @@ diff --git a/seed/applicationservice/2022.03.08/postgresql-client/templates/postgresqlclient.service b/seed/applicationservice/2022.03.08/postgresql-client/templates/postgresqlclient.service index 6ae07e07..c25764ad 100644 --- a/seed/applicationservice/2022.03.08/postgresql-client/templates/postgresqlclient.service +++ b/seed/applicationservice/2022.03.08/postgresql-client/templates/postgresqlclient.service @@ -6,4 +6,4 @@ Before=network.target Type=oneshot Environment=PGPASSFILE=/usr/local/lib/secrets/postgresql.pass ExecStart=/usr/bin/timeout 90 sh -c 'while ! 3<> /dev/tcp/%%pg_client_server_domainname/5432; do sleep 1; done; echo "POSTGRESQL STARTED"' -ExecStart=/usr/bin/timeout 90 sh -c 'while ! /usr/bin/psql -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -c "\l"; do sleep 1; done; echo "POSTGRESQL READY"' +ExecStart=/usr/bin/timeout 90 sh -c 'while ! /usr/bin/psql --set=sslmode=verify-full -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -c "\l"; do sleep 1; done; echo "POSTGRESQL READY"' diff --git a/seed/applicationservice/2022.03.08/postgresql-server/dictionaries/22_postgresql.xml b/seed/applicationservice/2022.03.08/postgresql-server/dictionaries/22_postgresql.xml index bed1dbdb..4cb925ff 100644 --- a/seed/applicationservice/2022.03.08/postgresql-server/dictionaries/22_postgresql.xml +++ b/seed/applicationservice/2022.03.08/postgresql-server/dictionaries/22_postgresql.xml @@ -10,6 +10,9 @@ /etc/postgresql/pg_ident.conf /bin/postgresql_init /sysusers.d/0postgresql.conf + /etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt + /etc/pki/tls/certs/postgresql.crt + /etc/pki/tls/private/postgresql.key diff --git a/seed/applicationservice/2022.03.08/postgresql-server/manual/image/preinstall/postgresql_server.sh b/seed/applicationservice/2022.03.08/postgresql-server/manual/image/preinstall/postgresql_server.sh index 6ddfa5cc..4bdeb8e7 100644 --- a/seed/applicationservice/2022.03.08/postgresql-server/manual/image/preinstall/postgresql_server.sh +++ b/seed/applicationservice/2022.03.08/postgresql-server/manual/image/preinstall/postgresql_server.sh @@ -1 +1 @@ -PKG="$PKG postgresql-server" +PKG="$PKG postgresql-server postgresql-contrib" diff --git a/seed/applicationservice/2022.03.08/postgresql-server/templates/pg_hba.conf b/seed/applicationservice/2022.03.08/postgresql-server/templates/pg_hba.conf index 75c3d46b..7a48fb3d 100644 --- a/seed/applicationservice/2022.03.08/postgresql-server/templates/pg_hba.conf +++ b/seed/applicationservice/2022.03.08/postgresql-server/templates/pg_hba.conf @@ -89,11 +89,11 @@ local all postgres ident map=pg_map #>GNUNUX # host all all 127.0.0.1/32 ident %for %%server in %%accounts.remotes -host %%normalize_family(%%server) %%normalize_family(%%server) %%server md5 +hostssl %%normalize_family(%%server) %%normalize_family(%%server) %%server md5 %end for #GNUNUX diff --git a/seed/applicationservice/2022.03.08/postgresql-server/templates/postgresql.conf b/seed/applicationservice/2022.03.08/postgresql-server/templates/postgresql.conf index 625df371..8849422a 100644 --- a/seed/applicationservice/2022.03.08/postgresql-server/templates/postgresql.conf +++ b/seed/applicationservice/2022.03.08/postgresql-server/templates/postgresql.conf @@ -138,13 +138,12 @@ authentication_timeout = §§{pg_authentication_timeout}s #ssl_dh_params_file = '' #ssl_passphrase_command = '' #ssl_passphrase_command_supports_reload = off -#>FIXME -#ssl = true # (change requires restart) -#%import os -#%set %%pg_server_cert_chain = os.path.splitext(§§pg_server_cert)[0] + '_ca-chain.crt' -#ssl_cert_file = '%%pg_server_cert_chain' # (change requires restart) -#ssl_key_file = '§§pg_server_key' # (change requires restart) -#GNUNUX +ssl = true # (change requires restart) +ssl_ca_file = '/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt' +ssl_cert_file = '/etc/pki/tls/certs/postgresql.crt' # (change requires restart) +ssl_key_file = '/etc/pki/tls/private/postgresql.key' # (change requires restart) +# - - - - revprox_ca_file - revprox_cert_file - revprox_key_file - - - - - - - - - - domain_name_eth0 - revprox_client_port - revprox_client_local_location - revprox_client_web_address - - - tls_ca_directory - ca_InternalReverseProxy.crt - / - revprox_ca_file - - - tls_cert_directory - revprox.crt - / - revprox_cert_file - - - tls_key_directory - revprox.key - / - revprox_key_file - - - revprox_client_server_domainname - revprox_clients - revprox_client_external_domainname - ip - 0 - revprox_client_server_ip - - - revprox_client_server_domainname - revprox_location - revprox_client_external_domainname - revprox_client_location - - - revprox_client_server_domainname - revprox_is_websocket - revprox_client_external_domainname - revprox_location - revprox_client_location - revprox_client_is_websocket - - - revprox_client_server_domainname - revprox_url - revprox_location - revprox_client_location - revprox_client_external_domainname - revprox_client_web_address - - - diff --git a/seed/applicationservice/2022.03.08/roundcube/dictionaries/31_roundcube.xml b/seed/applicationservice/2022.03.08/roundcube/dictionaries/31_roundcube.xml index b6584516..96dbd002 100644 --- a/seed/applicationservice/2022.03.08/roundcube/dictionaries/31_roundcube.xml +++ b/seed/applicationservice/2022.03.08/roundcube/dictionaries/31_roundcube.xml @@ -5,6 +5,8 @@ /etc/roundcubemail/config.inc.php /etc/httpd/conf.d/roundcubemail.conf /secrets/roundcube-init.php + /static/silique_cloud.svg + /static/watermark.html /etc/pki/ca-trust/source/anchors/ca_MailServer.crt diff --git a/seed/applicationservice/2022.03.08/roundcube/manual/image/preinstall/roundcube.sh b/seed/applicationservice/2022.03.08/roundcube/manual/image/preinstall/roundcube.sh index 276c0520..b8cca879 100644 --- a/seed/applicationservice/2022.03.08/roundcube/manual/image/preinstall/roundcube.sh +++ b/seed/applicationservice/2022.03.08/roundcube/manual/image/preinstall/roundcube.sh @@ -1 +1 @@ -PKG="$PKG mod_ssl roundcubemail php-cli php-pgsql php-pecl-redis5" +PKG="$PKG roundcubemail php-cli php-pgsql php-pecl-redis5" diff --git a/seed/applicationservice/2022.03.08/roundcube/templates/config.inc.php b/seed/applicationservice/2022.03.08/roundcube/templates/config.inc.php index 9c95668e..6c081cbe 100644 --- a/seed/applicationservice/2022.03.08/roundcube/templates/config.inc.php +++ b/seed/applicationservice/2022.03.08/roundcube/templates/config.inc.php @@ -31,7 +31,7 @@ $config = []; // e.g. 'mysql://roundcube:@localhost/roundcubemail?verify_server_cert=false' // GNUNUX $config['db_dsnw'] = 'mysql://roundcube:@localhost/roundcubemail'; //>GNUNUX -$config['db_dsnw'] = 'pgsql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database'; +$config['db_dsnw'] = 'pgsql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database?sslmode=verify-full'; // "/images/logo_print.png", ]; */ -$config['skin_logo'] = null; +$config['skin_logo'] = '/risotto/silique_cloud.svg'; // Automatically register user in Roundcube database on successful (IMAP) logon. // Set to false if only registered users should be allowed to the webmail. diff --git a/seed/applicationservice/2022.03.08/roundcube/templates/roundcubemail.conf b/seed/applicationservice/2022.03.08/roundcube/templates/roundcubemail.conf index 5cc2fceb..63f39d67 100644 --- a/seed/applicationservice/2022.03.08/roundcube/templates/roundcubemail.conf +++ b/seed/applicationservice/2022.03.08/roundcube/templates/roundcubemail.conf @@ -2,6 +2,13 @@ # Round Cube Webmail is a browser-based multilingual IMAP client # + +#>GNUNUX +Alias /roundcube/skins/elastic/risotto/ /usr/local/lib/static/ + + Require all granted + +#GNUNUX -DATABASE_URL=postgresql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database +DATABASE_URL=postgresql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database?sslmode=verify-full #