mariadb-server => mariadb

This commit is contained in:
Emmanuel Garette 2022-04-08 18:52:43 +02:00
parent 550816dff2
commit 72dd2b4309
38 changed files with 87 additions and 150 deletions

View file

@ -5,7 +5,7 @@ if [ -z "$HOST_NAME" ]; then
echo "usage: $0 host name" echo "usage: $0 host name"
exit 1 exit 1
fi fi
apt install --yes systemd-container dnf jq debootstrap htop gettext apt install --yes systemd-container dnf jq debootstrap htop gettext patch
systemd-tmpfiles --create --clean --remove $PWD/host/configurations/$HOST_NAME/tmpfiles.d/0asystemd-nspawn.conf systemd-tmpfiles --create --clean --remove $PWD/host/configurations/$HOST_NAME/tmpfiles.d/0asystemd-nspawn.conf
systemd-tmpfiles --create --clean --remove $PWD/host/configurations/$HOST_NAME/tmpfiles.d/0rougail.conf systemd-tmpfiles --create --clean --remove $PWD/host/configurations/$HOST_NAME/tmpfiles.d/0rougail.conf
systemctl daemon-reload systemctl daemon-reload

View file

@ -103,6 +103,9 @@ if [ -n "$COPR" ]; then
wget "$COPR" wget "$COPR"
cd - cd -
fi fi
if [ "$FUSION" = true ]; then
dnf -y install "https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$RELEASEVER.noarch.rpm" --installroot="$IMAGE_NAME_RISOTTO_IMAGE_DIR"
fi
# FIXME verifier s'il y a des modifs sur pre/post # FIXME verifier s'il y a des modifs sur pre/post
if [ -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR".base.pkgs ] && [ -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR".pkgs ]; then if [ -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR".base.pkgs ] && [ -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR".pkgs ]; then
@ -125,12 +128,19 @@ if [ "$INSTALL" = true ]; then
VERSION=0 VERSION=0
fi fi
mkdir tmp mkdir tmp
ORI_DIR=$PWD
cd tmp cd tmp
if [ ! "$VERSION" = 0 ]; then if [ ! "$VERSION" = 0 ]; then
tar xf "$IMAGE_NAME_RISOTTO_IMAGE_NAME" tar xf "$IMAGE_NAME_RISOTTO_IMAGE_NAME"
if [ "$INSTALL_TOOL" = "apt" ]; then
chown _apt "$IMAGE_NAME"
fi
else
mkdir "$IMAGE_NAME"
fi fi
../make_changelog "$IMAGE_NAME" "$VERSION" "$OS_NAME" "$RELEASEVER" > "$IMAGE_NAME_RISOTTO_IMAGE_DIR"_"$RELEASEVER"_"$VERSION"_changelog.md cd "$IMAGE_NAME"
cd - ../../make_changelog "$IMAGE_NAME" "$VERSION" "$OS_NAME" "$RELEASEVER" > "$IMAGE_NAME_RISOTTO_IMAGE_DIR"_"$RELEASEVER"_"$VERSION"_changelog.md
cd $ORI_DIR
rm -rf tmp rm -rf tmp
install_pkg install_pkg
sleep 2 sleep 2

View file

@ -34,7 +34,6 @@ def read_dnf_pkg_file(os_name, filename1, filename2):
for idx, pkg_line in enumerate(pkgs_fh.readlines()): for idx, pkg_line in enumerate(pkgs_fh.readlines()):
if idx < header_idx[fidx]: if idx < header_idx[fidx]:
# header # header
print("béééé")
continue continue
sp_line = pkg_line.strip().split() sp_line = pkg_line.strip().split()
if len(sp_line) < idx_version[fidx] + 1: if len(sp_line) < idx_version[fidx] + 1:
@ -154,13 +153,17 @@ type = "installe"
for package in ori_pkg & new_dict: for package in ori_pkg & new_dict:
if ori_dict[package] == new_dict[package]: if ori_dict[package] == new_dict[package]:
continue continue
run(['apt', 'download', package]) info = run(['apt', 'download', package], capture_output=True)
if info.returncode:
raise Exception(f'cannot download {package}: {info}')
packages = list(glob('*.deb')) packages = list(glob('*.deb'))
packages.sort() packages.sort()
for package in packages: for package in packages:
info = run(['apt-listchanges', '--which', 'both', '-f', 'text', package], capture_output=True) info = run(['chroot', '.', 'apt-listchanges', '--which', 'both', '-f', 'text', package], capture_output=True)
if info.returncode:
raise Exception(f'cannot list changes for {package}: {info}')
header = True header = True
for line in info.split('\n'): for line in info.stdout.decode().split('\n'):
if not header: if not header:
print(line) print(line)
if line.startswith('-----------------------'): if line.startswith('-----------------------'):

View file

@ -86,6 +86,9 @@
<variable name="local_authentification_ip_" type="ip" provider="mail_ip"/> <variable name="local_authentification_ip_" type="ip" provider="mail_ip"/>
<variable name="local_authentification_password_" type="secret" auto_save="True" provider="mail_password"/> <variable name="local_authentification_password_" type="secret" auto_save="True" provider="mail_password"/>
</family> </family>
</family>
<family name="nginx">
<variable name="nginx_default" redefine="True" remove_fill="True" mandatory="False"/>
<variable name="revprox_ca_file" type="filename" description="Reverse proxy CA filename" hidden="True"/> <variable name="revprox_ca_file" type="filename" description="Reverse proxy CA filename" hidden="True"/>
<variable name="revprox_cert_file" type="filename" description="Reverse proxy certificate filename" hidden="True"/> <variable name="revprox_cert_file" type="filename" description="Reverse proxy certificate filename" hidden="True"/>
<variable name="revprox_key_file" type="filename" description="Reverse proxy private key filename" hidden="True"/> <variable name="revprox_key_file" type="filename" description="Reverse proxy private key filename" hidden="True"/>

View file

@ -10,7 +10,7 @@ NAME = %%pg_client_database
USER = %%pg_client_username USER = %%pg_client_username
PASSWD = %%pg_client_password PASSWD = %%pg_client_password
SCHEMA = SCHEMA =
SSL_MODE = disable SSL_MODE = verify-full
CHARSET = utf8 CHARSET = utf8
LOG_SQL = false LOG_SQL = false

View file

@ -11,6 +11,8 @@
<file>/etc/systemd/system/systemd-nspawn@.service.d/systemd-nspawn@.conf</file> <file>/etc/systemd/system/systemd-nspawn@.service.d/systemd-nspawn@.conf</file>
<file>/etc/distro.repos.d/boot.repo</file> <file>/etc/distro.repos.d/boot.repo</file>
<file>/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-35-x86_64</file> <file>/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-35-x86_64</file>
<file>/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-36-x86_64</file>
<file>/etc/pki/rpm-gpg/RPM-GPG-KEY-rpmfusion-free-fedora-36</file>
<file>/etc/sysctl.d/90-risotto.conf</file> <file>/etc/sysctl.d/90-risotto.conf</file>
<file file_type="variable" source="dhcp.network" variable="host_dhcp_interface">host_dhcp_filename</file> <file file_type="variable" source="dhcp.network" variable="host_dhcp_interface">host_dhcp_filename</file>
</service> </service>

View file

@ -8,6 +8,7 @@
<file engine="none">/static/silique_email.png</file> <file engine="none">/static/silique_email.png</file>
<file engine="none">/static/silique_folder.png</file> <file engine="none">/static/silique_folder.png</file>
<file engine="none">/static/silique_note.png</file> <file engine="none">/static/silique_note.png</file>
<file engine="none">/static/silique_video.png</file>
<file engine="none">/static/risotto.css</file> <file engine="none">/static/risotto.css</file>
<file>/var/lib/lemonldap-ng/conf/lmConf-1.json</file> <file>/var/lib/lemonldap-ng/conf/lmConf-1.json</file>
<file engine="none">/etc/lemonldap-ng/lemonldap-ng.ini</file> <file engine="none">/etc/lemonldap-ng/lemonldap-ng.ini</file>
@ -21,20 +22,10 @@
</services> </services>
<variables> <variables>
<family name="lemonldap" description="LemonLDAP" help="Configuration de la solution d'authentification unique LemonLDAP::NG"> <family name="lemonldap" description="LemonLDAP" help="Configuration de la solution d'authentification unique LemonLDAP::NG">
<variable name="lemon_domain" description="Nom DNS derrière LemonLDAP::NG"/>
<variable name="lemon_reload_web_name" description="Nom DNS du service Reload de LemonLDAP-NG" mode="expert"/>
<variable name="lemon_proc" type="number" description="Nombre de processus dédié à LemonLdap (équivalent au nombre de processeurs)" mandatory="True"> <variable name="lemon_proc" type="number" description="Nombre de processus dédié à LemonLdap (équivalent au nombre de processeurs)" mandatory="True">
<value>1</value> <value>1</value>
</variable> </variable>
<variable name="lemon_mail_admin" type="mail" description="Courriel de l'administrateur" mandatory="True"/> <variable name="lemon_mail_admin" type="mail" description="Courriel de l'administrateur" mandatory="True"/>
</family> </family>
</variables> </variables>
<constraints>
<fill name="calc_value">
<param>reload.</param>
<param type="variable">lemon_domain</param>
<param name="join"></param>
<target>lemon_reload_web_name</target>
</fill>
</constraints>
</rougail> </rougail>

View file

@ -57,12 +57,21 @@ commentStartToken = §
"locationRules" : { "locationRules" : {
"%%revprox_client_external_domainname" : { "%%revprox_client_external_domainname" : {
"default" : "accept" "default" : "accept"
%set %%domains = []
%for %%app in %%oauth2.remotes %for %%app in %%oauth2.remotes
%set %%key = %%normalize_family(%%app) %set %%key = %%normalize_family(%%app)
%set %%external = %%oauth2['oauth2_' + %%key]['external_' + %%key]
§ external is somethink like https://domain/
%if %%external
%set %%domain = %%str(%%external).split('/', 3)[-2]
%if %%domain not in %%domains
}, },
"%%lemon_domain" : { "%%domain" : {
"^/logout" : "logout_sso", "^/logout" : "logout_sso",
"default" : "accept" "default" : "accept"
%%domains.append(%%domain)%slurp
%end if
%end if
%end for %end for
} }
}, },
@ -152,10 +161,6 @@ commentStartToken = §
"portalDisplayRegister": 0, "portalDisplayRegister": 0,
"portalDisplayResetPassword": 0, "portalDisplayResetPassword": 0,
"portalMainLogo": "risotto/logo.png", "portalMainLogo": "risotto/logo.png",
"registerUrl" : "https://%%lemon_reload_web_name/register",
"reloadUrls" : {
"localhost" : "https://%%lemon_reload_web_name/reload"
},
"showLanguages": 0, "showLanguages": 0,
"whatToTrace" : "_whatToTrace", "whatToTrace" : "_whatToTrace",
%set %%remotes = {} %set %%remotes = {}

View file

@ -24,8 +24,7 @@ layout: fhs
#>GNUNUX #>GNUNUX
[database] [database]
class: mailman.database.postgresql.PostgreSQLDatabase class: mailman.database.postgresql.PostgreSQLDatabase
url: postgresql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database url: postgresql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database?sslmode=verify-full
#FIXME ?sslmode=require
[mta] [mta]
lmtp_host: %%ip_eth0 lmtp_host: %%ip_eth0

View file

@ -10,6 +10,7 @@ DATABASES = {
'HOST': '%%pg_client_server_domainname', # Database server 'HOST': '%%pg_client_server_domainname', # Database server
'PORT': '', # Database port (leave blank for default) 'PORT': '', # Database port (leave blank for default)
'CONN_MAX_AGE': 300, # Max database connection age 'CONN_MAX_AGE': 300, # Max database connection age
'OPTIONS': {'sslmode': 'verify-full'},
} }
} }
ALLOWED_HOSTS = ['%%revprox_client_external_domainname'] ALLOWED_HOSTS = ['%%revprox_client_external_domainname']

View file

@ -1 +1 @@
PKG="$PKG mod_ssl nextcloud-postgresql php-intl php-bcmath php-opcache php-pecl-redis" PKG="$PKG nextcloud-postgresql php-intl php-bcmath php-opcache php-pecl-redis"

View file

@ -37,7 +37,7 @@ $CONFIG = array (
'dbtableprefix' => 'oc_', 'dbtableprefix' => 'oc_',
'dbuser' => '%%pg_client_username', 'dbuser' => '%%pg_client_username',
'dbpassword' => '%%pg_client_password', 'dbpassword' => '%%pg_client_password',
'dbdriveroptions' => array('sslmode' => true), 'dbdriveroptions' => array('sslmode' => 'verify-full'),
'passwordsalt' => '{{SALT}}', 'passwordsalt' => '{{SALT}}',
'secret' => '{{SECRET}}', 'secret' => '{{SECRET}}',
'instanceid' => '%%nextcloud_instance_id', 'instanceid' => '%%nextcloud_instance_id',

View file

@ -4,7 +4,7 @@
<service name='nginx' target='multi-user'> <service name='nginx' target='multi-user'>
<file>/etc/nginx/nginx.conf</file> <file>/etc/nginx/nginx.conf</file>
<file source="default">/etc/nginx/sites-available/default</file> <file source="default">/etc/nginx/sites-available/default</file>
<file source="default-nginx.conf">/etc/nginx/default.d/risotto.conf</file> <file filelist="nginx_default" source="default-nginx.conf">/etc/nginx/default.d/risotto.conf</file>
<!--file source="default-nginx-ssl.conf">/etc/nginx/conf.d/risotto-ssl.conf</file--> <!--file source="default-nginx-ssl.conf">/etc/nginx/conf.d/risotto-ssl.conf</file-->
<file source="nginx.index.html">/var/www/html/index.html</file> <file source="nginx.index.html">/var/www/html/index.html</file>
<file source="nginx-options.conf">/etc/nginx/conf.d/options.conf</file> <file source="nginx-options.conf">/etc/nginx/conf.d/options.conf</file>
@ -36,5 +36,9 @@
<param>Fedora</param> <param>Fedora</param>
<target type="filelist">nginx_fedora</target> <target type="filelist">nginx_fedora</target>
</condition> </condition>
<condition name="disabled_if_in" source="nginx_default">
<param type="nil"/>
<target type="filelist">nginx_default</target>
</condition>
</constraints> </constraints>
</rougail> </rougail>

View file

@ -9,8 +9,8 @@
<variable name="revprox_location_" type="filename" description="Répertoire ou nom de la page à rediriger" help="URL relative (sans le nom de domaine) redirigée pour l'adresse définie dans la variable ci-dessus (exemple &quot;/mail&quot;)" mandatory="True" multi="True" provider="revprox_location"/> <variable name="revprox_location_" type="filename" description="Répertoire ou nom de la page à rediriger" help="URL relative (sans le nom de domaine) redirigée pour l'adresse définie dans la variable ci-dessus (exemple &quot;/mail&quot;)" mandatory="True" multi="True" provider="revprox_location"/>
<variable name="revprox_url_" type="web_address" description="Domaine de destination ou URI complète" mandatory="True" help="Nom de domaine ou IP de destination, par exemple &quot;http://domainelocal&quot; ou URI, par exemple &quot;http://domainelocal/dir/&quot;" provider="revprox_url"/> <variable name="revprox_url_" type="web_address" description="Domaine de destination ou URI complète" mandatory="True" help="Nom de domaine ou IP de destination, par exemple &quot;http://domainelocal&quot; ou URI, par exemple &quot;http://domainelocal/dir/&quot;" provider="revprox_url"/>
<variable name="revprox_is_websocket_" type="boolean" description="Le point d'entré est de types websocket" mandatory="True" provider="revprox_is_websocket"/> <variable name="revprox_is_websocket_" type="boolean" description="Le point d'entré est de types websocket" mandatory="True" provider="revprox_is_websocket"/>
<variable name="revprox_max_body_size_" description="Taille maximum du corps" provider="revprox_max_body_size"/>
</family> </family>
</family> </family>
</variables> </variables>
</rougail> </rougail>

View file

@ -6,7 +6,7 @@
server { server {
listen 80; listen 80;
server_name %%domainname; server_name %%domainname;
return 301 https://www.domain.com$request_uri; return 301 https://%%domainname$request_uri;
} }
# Configuration HTTPS %%domainname # Configuration HTTPS %%domainname
@ -25,6 +25,7 @@ server {
location %%location { location %%location {
proxy_pass %%location['revprox_url_' + family]; proxy_pass %%location['revprox_url_' + family];
%if %%location['revprox_is_websocket_' + family] %if %%location['revprox_is_websocket_' + family]
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade"; proxy_set_header Connection "upgrade";
%else %else
@ -41,6 +42,10 @@ server {
proxy_ssl_verify on; proxy_ssl_verify on;
proxy_ssl_verify_depth 2; proxy_ssl_verify_depth 2;
proxy_ssl_session_reuse on; proxy_ssl_session_reuse on;
%set %%maxbody = %%location['revprox_max_body_size_' + family]
%if %%maxbody
client_max_body_size %%maxbody;
%end if
set $dest $http_destination; set $dest $http_destination;
index error.html; index error.html;
root /var/www/html; root /var/www/html;

View file

@ -1,4 +1,2 @@
format: '0.1' format: '0.1'
description: PHP configuration description: PHP configuration
depends:
- apache

View file

@ -38,7 +38,6 @@
<family name="postfix" description="Postfix mail server"> <family name="postfix" description="Postfix mail server">
<variable name="postfix_mail_hostname" type="domainname" description="Nom de domaine extérieur du serveur de courriel" mandatory="True"/> <variable name="postfix_mail_hostname" type="domainname" description="Nom de domaine extérieur du serveur de courriel" mandatory="True"/>
<variable name="postfix_relay_domains" type="domainname" description="Domaine de courriel généré localement" multi="True" mandatory="True" hidden="True"/> <variable name="postfix_relay_domains" type="domainname" description="Domaine de courriel généré localement" multi="True" mandatory="True" hidden="True"/>
<variable name='postfix_ca_chain' description="CA certificate" hidden='True'/>
<variable name='postfix_relay_authentifications' description="CA certificate" hidden='True' multi="True" provider="mail"/> <variable name='postfix_relay_authentifications' description="CA certificate" hidden='True' multi="True" provider="mail"/>
<family name="local_authentification_" description="Local server authentification" dynamic='postfix_relay_authentifications'> <family name="local_authentification_" description="Local server authentification" dynamic='postfix_relay_authentifications'>
<variable name="local_authentification_ip_" type="ip" provider="mail_ip"/> <variable name="local_authentification_ip_" type="ip" provider="mail_ip"/>
@ -51,11 +50,6 @@
</family> </family>
</variables> </variables>
<constraints> <constraints>
<fill name="get_chain">
<param name="authority_cn" type="variable">domain_name_eth0</param>
<param name="authority_name">MailServer</param>
<target>postfix_ca_chain</target>
</fill>
<fill name="calc_value"> <fill name="calc_value">
<param>/etc/opendkim/keys/</param> <param>/etc/opendkim/keys/</param>
<param type="variable">postfix_relay_domains</param> <param type="variable">postfix_relay_domains</param>

View file

@ -1 +1 @@
%%postfix_ca_chain %%get_chain(authority_cn=%%domain_name_eth0, authority_name="MailServer")

View file

@ -3,6 +3,9 @@
<services> <services>
<service name="postgresqlclient" target="multi-user" engine="creole"> <service name="postgresqlclient" target="multi-user" engine="creole">
<file mode="400">/secrets/postgresql.pass</file> <file mode="400">/secrets/postgresql.pass</file>
<file>/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt</file>
<file>/etc/pki/tls/certs/postgresql.crt</file>
<file owner_type="variable" owner="pg_client_key_owner" mode="440">/etc/pki/tls/private/postgresql.key</file>
</service> </service>
</services> </services>
<variables> <variables>
@ -11,6 +14,9 @@
<variable name="pg_client_username" description="Client username" mandatory="True" hidden="True"/> <variable name="pg_client_username" description="Client username" mandatory="True" hidden="True"/>
<variable name="pg_client_password" type="password" description="Client password" mandatory="True" hidden="True"/> <variable name="pg_client_password" type="password" description="Client password" mandatory="True" hidden="True"/>
<variable name="pg_client_database" description="Client database" mandatory="True" hidden="True"/> <variable name="pg_client_database" description="Client database" mandatory="True" hidden="True"/>
<variable name="pg_client_key_owner" type="unix_user" description="Key owner" mandatory="True">
<value>root</value>
</variable>
</family> </family>
</variables> </variables>
<constraints> <constraints>

View file

@ -6,4 +6,4 @@ Before=network.target
Type=oneshot Type=oneshot
Environment=PGPASSFILE=/usr/local/lib/secrets/postgresql.pass Environment=PGPASSFILE=/usr/local/lib/secrets/postgresql.pass
ExecStart=/usr/bin/timeout 90 sh -c 'while ! 3<> /dev/tcp/%%pg_client_server_domainname/5432; do sleep 1; done; echo "POSTGRESQL STARTED"' ExecStart=/usr/bin/timeout 90 sh -c 'while ! 3<> /dev/tcp/%%pg_client_server_domainname/5432; do sleep 1; done; echo "POSTGRESQL STARTED"'
ExecStart=/usr/bin/timeout 90 sh -c 'while ! /usr/bin/psql -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -c "\l"; do sleep 1; done; echo "POSTGRESQL READY"' ExecStart=/usr/bin/timeout 90 sh -c 'while ! /usr/bin/psql --set=sslmode=verify-full -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -c "\l"; do sleep 1; done; echo "POSTGRESQL READY"'

View file

@ -10,6 +10,9 @@
<file engine="none">/etc/postgresql/pg_ident.conf</file> <file engine="none">/etc/postgresql/pg_ident.conf</file>
<file engine="none" mode="755">/bin/postgresql_init</file> <file engine="none" mode="755">/bin/postgresql_init</file>
<file engine="none" source="sysuser-postgresql.conf">/sysusers.d/0postgresql.conf</file> <file engine="none" source="sysuser-postgresql.conf">/sysusers.d/0postgresql.conf</file>
<file>/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt</file>
<file>/etc/pki/tls/certs/postgresql.crt</file>
<file owner="root" group="postgres" mode="440">/etc/pki/tls/private/postgresql.key</file>
</service> </service>
</services> </services>
<variables> <variables>

View file

@ -1 +1 @@
PKG="$PKG postgresql-server" PKG="$PKG postgresql-server postgresql-contrib"

View file

@ -89,11 +89,11 @@ local all postgres ident map=pg_map
#>GNUNUX #>GNUNUX
# host all all 127.0.0.1/32 ident # host all all 127.0.0.1/32 ident
%for %%server in %%accounts.remotes %for %%server in %%accounts.remotes
host %%normalize_family(%%server) %%normalize_family(%%server) %%server md5 hostssl %%normalize_family(%%server) %%normalize_family(%%server) %%server md5
%end for %end for
#<GNUNUX #<GNUNUX
# IPv6 local connections: # IPv6 local connections:
host all all ::1/128 ident #host all all ::1/128 ident
# Allow replication connections from localhost, by a user with the # Allow replication connections from localhost, by a user with the
# replication privilege. # replication privilege.
#>GNUNUX #>GNUNUX

View file

@ -138,13 +138,12 @@ authentication_timeout = §§{pg_authentication_timeout}s
#ssl_dh_params_file = '' #ssl_dh_params_file = ''
#ssl_passphrase_command = '' #ssl_passphrase_command = ''
#ssl_passphrase_command_supports_reload = off #ssl_passphrase_command_supports_reload = off
#>FIXME #>GNUNUX
#ssl = true # (change requires restart) ssl = true # (change requires restart)
#%import os ssl_ca_file = '/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt'
#%set %%pg_server_cert_chain = os.path.splitext(§§pg_server_cert)[0] + '_ca-chain.crt' ssl_cert_file = '/etc/pki/tls/certs/postgresql.crt' # (change requires restart)
#ssl_cert_file = '%%pg_server_cert_chain' # (change requires restart) ssl_key_file = '/etc/pki/tls/private/postgresql.key' # (change requires restart)
#ssl_key_file = '§§pg_server_key' # (change requires restart) #<GNUNUX
#<FIXME
#------------------------------------------------------------------------------ #------------------------------------------------------------------------------
# RESOURCE USAGE (except WAL) # RESOURCE USAGE (except WAL)

View file

@ -1,95 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<rougail version="0.10">
<services>
<service name="nginx" manage="False">
<file file_type="variable" source="ca_InternalReverseProxy.crt">revprox_ca_file</file>
<file file_type="variable" source="revprox.crt">revprox_cert_file</file>
<file file_type="variable" source="revprox.key" owner_type="variable" owner="revprox_client_cert_owner" group_type="variable" group="revprox_client_cert_group" mode="400">revprox_key_file</file>
</service>
</services>
<variables>
<family name="nginx" description="Reverse proxy">
<variable name="revprox_client_server_domainname" type="domainname" description="Nom de domaine du serveur mandataire inverse" mandatory='True'/>
<variable name="revprox_client_server_ip" type="ip" hidden='True'/>
<variable name="revprox_client_external_domainname" type="domainname" description="Nom de domaine exterieur du serveur" mandatory='True' provider="external_domainname"/>
<family name="revprox_client" description="Point d'entré des clients" leadership="True">
<variable name="revprox_client_location" type="filename" description="Nom de l'arborescence racine du site" mandatory="True" multi="True">
<value>/</value>
</variable>
<variable name="revprox_client_is_websocket" type="boolean" description="Le point d'entré est de types websocket" mandatory="True">
<value>False</value>
</variable>
</family>
<variable name="revprox_client_local_location" type="filename" description="Nom de l'arborescene racine du site localement" hidden='True'/>
<variable name="revprox_client_web_address" type="web_address" description="Nom de domaine du client du mandataire inverse" hidden='True'/>
<variable name="revprox_client_port" type="port" description="Port du client du mandataire inverse" hidden='True'>
<value>443</value>
</variable>
<variable name="revprox_client_cert_owner" type="unix_user" description="Reverse proxy certificate owner">
<value>root</value>
</variable>
<variable name="revprox_client_cert_group" type="unix_user" description="Reverse proxy certificate group">
<value>root</value>
</variable>
<variable name="revprox_ca_file" type="filename" description="Reverse proxy CA filename" hidden="True"/>
<variable name="revprox_cert_file" type="filename" description="Reverse proxy certificate filename" hidden="True"/>
<variable name="revprox_key_file" type="filename" description="Reverse proxy private key filename" hidden="True"/>
</family>
</variables>
<constraints>
<fill name="calc_web_address">
<param type="variable">domain_name_eth0</param>
<param type="variable">revprox_client_port</param>
<param type="variable">revprox_client_local_location</param>
<target>revprox_client_web_address</target>
</fill>
<fill name="calc_value">
<param type="variable">tls_ca_directory</param>
<param>ca_InternalReverseProxy.crt</param>
<param name="join">/</param>
<target>revprox_ca_file</target>
</fill>
<fill name="calc_value">
<param type="variable">tls_cert_directory</param>
<param>revprox.crt</param>
<param name="join">/</param>
<target>revprox_cert_file</target>
</fill>
<fill name="calc_value">
<param type="variable">tls_key_directory</param>
<param>revprox.key</param>
<param name="join">/</param>
<target>revprox_key_file</target>
</fill>
<fill name="set_linked">
<param name="linked_server" type="variable">revprox_client_server_domainname</param>
<param name="linked_provider">revprox_clients</param>
<param name="linked_value" type="variable">revprox_client_external_domainname</param>
<param name="linked_returns">ip</param>
<param name="dynamic">0</param>
<target>revprox_client_server_ip</target>
</fill>
<check name="set_linked_configuration">
<param name="linked_server" type="variable">revprox_client_server_domainname</param>
<param name="linked_provider">revprox_location</param>
<param name="dynamic" type="variable">revprox_client_external_domainname</param>
<target>revprox_client_location</target>
</check>
<check name="set_linked_configuration">
<param name="linked_server" type="variable">revprox_client_server_domainname</param>
<param name="linked_provider">revprox_is_websocket</param>
<param name="dynamic" type="variable">revprox_client_external_domainname</param>
<param name="leader_provider">revprox_location</param>
<param name="leader_value" type="variable">revprox_client_location</param>
<target>revprox_client_is_websocket</target>
</check>
<check name="set_linked_configuration">
<param name="linked_server" type="variable">revprox_client_server_domainname</param>
<param name="linked_provider">revprox_url</param>
<param name="leader_provider">revprox_location</param>
<param name="leader_value" type="variable">revprox_client_location</param>
<param name="dynamic" type="variable">revprox_client_external_domainname</param>
<target>revprox_client_web_address</target>
</check>
</constraints>
</rougail>

View file

@ -5,6 +5,8 @@
<file owner="root" group="apache" mode="640">/etc/roundcubemail/config.inc.php</file> <file owner="root" group="apache" mode="640">/etc/roundcubemail/config.inc.php</file>
<file>/etc/httpd/conf.d/roundcubemail.conf</file> <file>/etc/httpd/conf.d/roundcubemail.conf</file>
<file>/secrets/roundcube-init.php</file> <file>/secrets/roundcube-init.php</file>
<file engine="none">/static/silique_cloud.svg</file>
<file engine="none">/static/watermark.html</file>
<file>/etc/pki/ca-trust/source/anchors/ca_MailServer.crt</file> <file>/etc/pki/ca-trust/source/anchors/ca_MailServer.crt</file>
</service> </service>
</services> </services>

View file

@ -1 +1 @@
PKG="$PKG mod_ssl roundcubemail php-cli php-pgsql php-pecl-redis5" PKG="$PKG roundcubemail php-cli php-pgsql php-pecl-redis5"

View file

@ -31,7 +31,7 @@ $config = [];
// e.g. 'mysql://roundcube:@localhost/roundcubemail?verify_server_cert=false' // e.g. 'mysql://roundcube:@localhost/roundcubemail?verify_server_cert=false'
// GNUNUX $config['db_dsnw'] = 'mysql://roundcube:@localhost/roundcubemail'; // GNUNUX $config['db_dsnw'] = 'mysql://roundcube:@localhost/roundcubemail';
//>GNUNUX //>GNUNUX
$config['db_dsnw'] = 'pgsql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database'; $config['db_dsnw'] = 'pgsql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database?sslmode=verify-full';
//<GNUNUX //<GNUNUX
// Database DSN for read-only operations (if empty write database will be used) // Database DSN for read-only operations (if empty write database will be used)
@ -532,7 +532,7 @@ $config['support_url'] = '';
// file from the currently selected skin. Prepend name/path with a slash to use // file from the currently selected skin. Prepend name/path with a slash to use
// current skin folder. Remove the slash to point to a file in the Roundcube // current skin folder. Remove the slash to point to a file in the Roundcube
// root directory. It can be also a full URL. // root directory. It can be also a full URL.
$config['blankpage_url'] = '/watermark.html'; $config['blankpage_url'] = '/risotto/watermark.html';
// Logo image replacement. Specifies location of the image as: // Logo image replacement. Specifies location of the image as:
// - URL relative to the document root of this Roundcube installation // - URL relative to the document root of this Roundcube installation
@ -566,7 +566,7 @@ $config['blankpage_url'] = '/watermark.html';
"[print]" => "/images/logo_print.png", "[print]" => "/images/logo_print.png",
]; ];
*/ */
$config['skin_logo'] = null; $config['skin_logo'] = '/risotto/silique_cloud.svg';
// Automatically register user in Roundcube database on successful (IMAP) logon. // Automatically register user in Roundcube database on successful (IMAP) logon.
// Set to false if only registered users should be allowed to the webmail. // Set to false if only registered users should be allowed to the webmail.

View file

@ -2,6 +2,13 @@
# Round Cube Webmail is a browser-based multilingual IMAP client # Round Cube Webmail is a browser-based multilingual IMAP client
# #
#>GNUNUX
Alias /roundcube/skins/elastic/risotto/ /usr/local/lib/static/
<Directory /usr/local/lib/static/>
Require all granted
</Directory>
#<GNUNUX
# GNUNUX Alias /roundcubemail /usr/share/roundcubemail # GNUNUX Alias /roundcubemail /usr/share/roundcubemail
Alias /roundcube /usr/share/roundcubemail Alias /roundcube /usr/share/roundcubemail

View file

@ -20,7 +20,7 @@ DATA_FOLDER=/srv/vaultwarden
## - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING ## - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING
# DATABASE_URL=postgresql://user:password@host[:port]/database_name # DATABASE_URL=postgresql://user:password@host[:port]/database_name
#>GNUNUX #>GNUNUX
DATABASE_URL=postgresql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database DATABASE_URL=postgresql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database?sslmode=verify-full
#<GNUNUX #<GNUNUX
## Database max connections ## Database max connections