mariadb-server => mariadb
This commit is contained in:
Emmanuel Garette
parent
550816dff2
commit
72dd2b4309
38 changed files with 87 additions and 150 deletions
|
|
@ -5,7 +5,7 @@ if [ -z "$HOST_NAME" ]; then
|
|||
echo "usage: $0 host name"
|
||||
exit 1
|
||||
fi
|
||||
apt install --yes systemd-container dnf jq debootstrap htop gettext
|
||||
apt install --yes systemd-container dnf jq debootstrap htop gettext patch
|
||||
systemd-tmpfiles --create --clean --remove $PWD/host/configurations/$HOST_NAME/tmpfiles.d/0asystemd-nspawn.conf
|
||||
systemd-tmpfiles --create --clean --remove $PWD/host/configurations/$HOST_NAME/tmpfiles.d/0rougail.conf
|
||||
systemctl daemon-reload
|
||||
|
|
|
|||
|
|
@ -103,6 +103,9 @@ if [ -n "$COPR" ]; then
|
|||
wget "$COPR"
|
||||
cd -
|
||||
fi
|
||||
if [ "$FUSION" = true ]; then
|
||||
dnf -y install "https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$RELEASEVER.noarch.rpm" --installroot="$IMAGE_NAME_RISOTTO_IMAGE_DIR"
|
||||
fi
|
||||
|
||||
# FIXME verifier s'il y a des modifs sur pre/post
|
||||
if [ -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR".base.pkgs ] && [ -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR".pkgs ]; then
|
||||
|
|
@ -125,12 +128,19 @@ if [ "$INSTALL" = true ]; then
|
|||
VERSION=0
|
||||
fi
|
||||
mkdir tmp
|
||||
ORI_DIR=$PWD
|
||||
cd tmp
|
||||
if [ ! "$VERSION" = 0 ]; then
|
||||
tar xf "$IMAGE_NAME_RISOTTO_IMAGE_NAME"
|
||||
if [ "$INSTALL_TOOL" = "apt" ]; then
|
||||
chown _apt "$IMAGE_NAME"
|
||||
fi
|
||||
../make_changelog "$IMAGE_NAME" "$VERSION" "$OS_NAME" "$RELEASEVER" > "$IMAGE_NAME_RISOTTO_IMAGE_DIR"_"$RELEASEVER"_"$VERSION"_changelog.md
|
||||
cd -
|
||||
else
|
||||
mkdir "$IMAGE_NAME"
|
||||
fi
|
||||
cd "$IMAGE_NAME"
|
||||
../../make_changelog "$IMAGE_NAME" "$VERSION" "$OS_NAME" "$RELEASEVER" > "$IMAGE_NAME_RISOTTO_IMAGE_DIR"_"$RELEASEVER"_"$VERSION"_changelog.md
|
||||
cd $ORI_DIR
|
||||
rm -rf tmp
|
||||
install_pkg
|
||||
sleep 2
|
||||
|
|
|
|||
|
|
@ -34,7 +34,6 @@ def read_dnf_pkg_file(os_name, filename1, filename2):
|
|||
for idx, pkg_line in enumerate(pkgs_fh.readlines()):
|
||||
if idx < header_idx[fidx]:
|
||||
# header
|
||||
print("béééé")
|
||||
continue
|
||||
sp_line = pkg_line.strip().split()
|
||||
if len(sp_line) < idx_version[fidx] + 1:
|
||||
|
|
@ -154,13 +153,17 @@ type = "installe"
|
|||
for package in ori_pkg & new_dict:
|
||||
if ori_dict[package] == new_dict[package]:
|
||||
continue
|
||||
run(['apt', 'download', package])
|
||||
info = run(['apt', 'download', package], capture_output=True)
|
||||
if info.returncode:
|
||||
raise Exception(f'cannot download {package}: {info}')
|
||||
packages = list(glob('*.deb'))
|
||||
packages.sort()
|
||||
for package in packages:
|
||||
info = run(['apt-listchanges', '--which', 'both', '-f', 'text', package], capture_output=True)
|
||||
info = run(['chroot', '.', 'apt-listchanges', '--which', 'both', '-f', 'text', package], capture_output=True)
|
||||
if info.returncode:
|
||||
raise Exception(f'cannot list changes for {package}: {info}')
|
||||
header = True
|
||||
for line in info.split('\n'):
|
||||
for line in info.stdout.decode().split('\n'):
|
||||
if not header:
|
||||
print(line)
|
||||
if line.startswith('-----------------------'):
|
||||
|
|
|
|||
|
|
@ -86,6 +86,9 @@
|
|||
<variable name="local_authentification_ip_" type="ip" provider="mail_ip"/>
|
||||
<variable name="local_authentification_password_" type="secret" auto_save="True" provider="mail_password"/>
|
||||
</family>
|
||||
</family>
|
||||
<family name="nginx">
|
||||
<variable name="nginx_default" redefine="True" remove_fill="True" mandatory="False"/>
|
||||
<variable name="revprox_ca_file" type="filename" description="Reverse proxy CA filename" hidden="True"/>
|
||||
<variable name="revprox_cert_file" type="filename" description="Reverse proxy certificate filename" hidden="True"/>
|
||||
<variable name="revprox_key_file" type="filename" description="Reverse proxy private key filename" hidden="True"/>
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ NAME = %%pg_client_database
|
|||
USER = %%pg_client_username
|
||||
PASSWD = %%pg_client_password
|
||||
SCHEMA =
|
||||
SSL_MODE = disable
|
||||
SSL_MODE = verify-full
|
||||
CHARSET = utf8
|
||||
LOG_SQL = false
|
||||
|
||||
|
|
|
|||
|
|
@ -11,6 +11,8 @@
|
|||
<file>/etc/systemd/system/systemd-nspawn@.service.d/systemd-nspawn@.conf</file>
|
||||
<file>/etc/distro.repos.d/boot.repo</file>
|
||||
<file>/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-35-x86_64</file>
|
||||
<file>/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-36-x86_64</file>
|
||||
<file>/etc/pki/rpm-gpg/RPM-GPG-KEY-rpmfusion-free-fedora-36</file>
|
||||
<file>/etc/sysctl.d/90-risotto.conf</file>
|
||||
<file file_type="variable" source="dhcp.network" variable="host_dhcp_interface">host_dhcp_filename</file>
|
||||
</service>
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
<file engine="none">/static/silique_email.png</file>
|
||||
<file engine="none">/static/silique_folder.png</file>
|
||||
<file engine="none">/static/silique_note.png</file>
|
||||
<file engine="none">/static/silique_video.png</file>
|
||||
<file engine="none">/static/risotto.css</file>
|
||||
<file>/var/lib/lemonldap-ng/conf/lmConf-1.json</file>
|
||||
<file engine="none">/etc/lemonldap-ng/lemonldap-ng.ini</file>
|
||||
|
|
@ -21,20 +22,10 @@
|
|||
</services>
|
||||
<variables>
|
||||
<family name="lemonldap" description="LemonLDAP" help="Configuration de la solution d'authentification unique LemonLDAP::NG">
|
||||
<variable name="lemon_domain" description="Nom DNS derrière LemonLDAP::NG"/>
|
||||
<variable name="lemon_reload_web_name" description="Nom DNS du service Reload de LemonLDAP-NG" mode="expert"/>
|
||||
<variable name="lemon_proc" type="number" description="Nombre de processus dédié à LemonLdap (équivalent au nombre de processeurs)" mandatory="True">
|
||||
<value>1</value>
|
||||
</variable>
|
||||
<variable name="lemon_mail_admin" type="mail" description="Courriel de l'administrateur" mandatory="True"/>
|
||||
</family>
|
||||
</variables>
|
||||
<constraints>
|
||||
<fill name="calc_value">
|
||||
<param>reload.</param>
|
||||
<param type="variable">lemon_domain</param>
|
||||
<param name="join"></param>
|
||||
<target>lemon_reload_web_name</target>
|
||||
</fill>
|
||||
</constraints>
|
||||
</rougail>
|
||||
|
|
|
|||
|
|
@ -57,12 +57,21 @@ commentStartToken = §
|
|||
"locationRules" : {
|
||||
"%%revprox_client_external_domainname" : {
|
||||
"default" : "accept"
|
||||
%set %%domains = []
|
||||
%for %%app in %%oauth2.remotes
|
||||
%set %%key = %%normalize_family(%%app)
|
||||
%set %%external = %%oauth2['oauth2_' + %%key]['external_' + %%key]
|
||||
§ external is somethink like https://domain/
|
||||
%if %%external
|
||||
%set %%domain = %%str(%%external).split('/', 3)[-2]
|
||||
%if %%domain not in %%domains
|
||||
},
|
||||
"%%lemon_domain" : {
|
||||
"%%domain" : {
|
||||
"^/logout" : "logout_sso",
|
||||
"default" : "accept"
|
||||
%%domains.append(%%domain)%slurp
|
||||
%end if
|
||||
%end if
|
||||
%end for
|
||||
}
|
||||
},
|
||||
|
|
@ -152,10 +161,6 @@ commentStartToken = §
|
|||
"portalDisplayRegister": 0,
|
||||
"portalDisplayResetPassword": 0,
|
||||
"portalMainLogo": "risotto/logo.png",
|
||||
"registerUrl" : "https://%%lemon_reload_web_name/register",
|
||||
"reloadUrls" : {
|
||||
"localhost" : "https://%%lemon_reload_web_name/reload"
|
||||
},
|
||||
"showLanguages": 0,
|
||||
"whatToTrace" : "_whatToTrace",
|
||||
%set %%remotes = {}
|
||||
|
|
|
|||
|
|
@ -24,8 +24,7 @@ layout: fhs
|
|||
#>GNUNUX
|
||||
[database]
|
||||
class: mailman.database.postgresql.PostgreSQLDatabase
|
||||
url: postgresql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database
|
||||
#FIXME ?sslmode=require
|
||||
url: postgresql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database?sslmode=verify-full
|
||||
|
||||
[mta]
|
||||
lmtp_host: %%ip_eth0
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ DATABASES = {
|
|||
'HOST': '%%pg_client_server_domainname', # Database server
|
||||
'PORT': '', # Database port (leave blank for default)
|
||||
'CONN_MAX_AGE': 300, # Max database connection age
|
||||
'OPTIONS': {'sslmode': 'verify-full'},
|
||||
}
|
||||
}
|
||||
ALLOWED_HOSTS = ['%%revprox_client_external_domainname']
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
PKG="$PKG mod_ssl nextcloud-postgresql php-intl php-bcmath php-opcache php-pecl-redis"
|
||||
PKG="$PKG nextcloud-postgresql php-intl php-bcmath php-opcache php-pecl-redis"
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@ $CONFIG = array (
|
|||
'dbtableprefix' => 'oc_',
|
||||
'dbuser' => '%%pg_client_username',
|
||||
'dbpassword' => '%%pg_client_password',
|
||||
'dbdriveroptions' => array('sslmode' => true),
|
||||
'dbdriveroptions' => array('sslmode' => 'verify-full'),
|
||||
'passwordsalt' => '{{SALT}}',
|
||||
'secret' => '{{SECRET}}',
|
||||
'instanceid' => '%%nextcloud_instance_id',
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
<service name='nginx' target='multi-user'>
|
||||
<file>/etc/nginx/nginx.conf</file>
|
||||
<file source="default">/etc/nginx/sites-available/default</file>
|
||||
<file source="default-nginx.conf">/etc/nginx/default.d/risotto.conf</file>
|
||||
<file filelist="nginx_default" source="default-nginx.conf">/etc/nginx/default.d/risotto.conf</file>
|
||||
<!--file source="default-nginx-ssl.conf">/etc/nginx/conf.d/risotto-ssl.conf</file-->
|
||||
<file source="nginx.index.html">/var/www/html/index.html</file>
|
||||
<file source="nginx-options.conf">/etc/nginx/conf.d/options.conf</file>
|
||||
|
|
@ -36,5 +36,9 @@
|
|||
<param>Fedora</param>
|
||||
<target type="filelist">nginx_fedora</target>
|
||||
</condition>
|
||||
<condition name="disabled_if_in" source="nginx_default">
|
||||
<param type="nil"/>
|
||||
<target type="filelist">nginx_default</target>
|
||||
</condition>
|
||||
</constraints>
|
||||
</rougail>
|
||||
|
|
|
|||
|
|
@ -9,8 +9,8 @@
|
|||
<variable name="revprox_location_" type="filename" description="Répertoire ou nom de la page à rediriger" help="URL relative (sans le nom de domaine) redirigée pour l'adresse définie dans la variable ci-dessus (exemple "/mail")" mandatory="True" multi="True" provider="revprox_location"/>
|
||||
<variable name="revprox_url_" type="web_address" description="Domaine de destination ou URI complète" mandatory="True" help="Nom de domaine ou IP de destination, par exemple "http://domainelocal" ou URI, par exemple "http://domainelocal/dir/"" provider="revprox_url"/>
|
||||
<variable name="revprox_is_websocket_" type="boolean" description="Le point d'entré est de types websocket" mandatory="True" provider="revprox_is_websocket"/>
|
||||
<variable name="revprox_max_body_size_" description="Taille maximum du corps" provider="revprox_max_body_size"/>
|
||||
</family>
|
||||
</family>
|
||||
</variables>
|
||||
</rougail>
|
||||
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
server {
|
||||
listen 80;
|
||||
server_name %%domainname;
|
||||
return 301 https://www.domain.com$request_uri;
|
||||
return 301 https://%%domainname$request_uri;
|
||||
}
|
||||
|
||||
# Configuration HTTPS %%domainname
|
||||
|
|
@ -25,6 +25,7 @@ server {
|
|||
location %%location {
|
||||
proxy_pass %%location['revprox_url_' + family];
|
||||
%if %%location['revprox_is_websocket_' + family]
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
%else
|
||||
|
|
@ -41,6 +42,10 @@ server {
|
|||
proxy_ssl_verify on;
|
||||
proxy_ssl_verify_depth 2;
|
||||
proxy_ssl_session_reuse on;
|
||||
%set %%maxbody = %%location['revprox_max_body_size_' + family]
|
||||
%if %%maxbody
|
||||
client_max_body_size %%maxbody;
|
||||
%end if
|
||||
set $dest $http_destination;
|
||||
index error.html;
|
||||
root /var/www/html;
|
||||
|
|
|
|||
|
|
@ -1,4 +1,2 @@
|
|||
format: '0.1'
|
||||
description: PHP configuration
|
||||
depends:
|
||||
- apache
|
||||
|
|
|
|||
|
|
@ -38,7 +38,6 @@
|
|||
<family name="postfix" description="Postfix mail server">
|
||||
<variable name="postfix_mail_hostname" type="domainname" description="Nom de domaine extérieur du serveur de courriel" mandatory="True"/>
|
||||
<variable name="postfix_relay_domains" type="domainname" description="Domaine de courriel généré localement" multi="True" mandatory="True" hidden="True"/>
|
||||
<variable name='postfix_ca_chain' description="CA certificate" hidden='True'/>
|
||||
<variable name='postfix_relay_authentifications' description="CA certificate" hidden='True' multi="True" provider="mail"/>
|
||||
<family name="local_authentification_" description="Local server authentification" dynamic='postfix_relay_authentifications'>
|
||||
<variable name="local_authentification_ip_" type="ip" provider="mail_ip"/>
|
||||
|
|
@ -51,11 +50,6 @@
|
|||
</family>
|
||||
</variables>
|
||||
<constraints>
|
||||
<fill name="get_chain">
|
||||
<param name="authority_cn" type="variable">domain_name_eth0</param>
|
||||
<param name="authority_name">MailServer</param>
|
||||
<target>postfix_ca_chain</target>
|
||||
</fill>
|
||||
<fill name="calc_value">
|
||||
<param>/etc/opendkim/keys/</param>
|
||||
<param type="variable">postfix_relay_domains</param>
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
%%postfix_ca_chain
|
||||
%%get_chain(authority_cn=%%domain_name_eth0, authority_name="MailServer")
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@
|
|||
<services>
|
||||
<service name="postgresqlclient" target="multi-user" engine="creole">
|
||||
<file mode="400">/secrets/postgresql.pass</file>
|
||||
<file>/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt</file>
|
||||
<file>/etc/pki/tls/certs/postgresql.crt</file>
|
||||
<file owner_type="variable" owner="pg_client_key_owner" mode="440">/etc/pki/tls/private/postgresql.key</file>
|
||||
</service>
|
||||
</services>
|
||||
<variables>
|
||||
|
|
@ -11,6 +14,9 @@
|
|||
<variable name="pg_client_username" description="Client username" mandatory="True" hidden="True"/>
|
||||
<variable name="pg_client_password" type="password" description="Client password" mandatory="True" hidden="True"/>
|
||||
<variable name="pg_client_database" description="Client database" mandatory="True" hidden="True"/>
|
||||
<variable name="pg_client_key_owner" type="unix_user" description="Key owner" mandatory="True">
|
||||
<value>root</value>
|
||||
</variable>
|
||||
</family>
|
||||
</variables>
|
||||
<constraints>
|
||||
|
|
|
|||
|
|
@ -6,4 +6,4 @@ Before=network.target
|
|||
Type=oneshot
|
||||
Environment=PGPASSFILE=/usr/local/lib/secrets/postgresql.pass
|
||||
ExecStart=/usr/bin/timeout 90 sh -c 'while ! 3<> /dev/tcp/%%pg_client_server_domainname/5432; do sleep 1; done; echo "POSTGRESQL STARTED"'
|
||||
ExecStart=/usr/bin/timeout 90 sh -c 'while ! /usr/bin/psql -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -c "\l"; do sleep 1; done; echo "POSTGRESQL READY"'
|
||||
ExecStart=/usr/bin/timeout 90 sh -c 'while ! /usr/bin/psql --set=sslmode=verify-full -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -c "\l"; do sleep 1; done; echo "POSTGRESQL READY"'
|
||||
|
|
|
|||
|
|
@ -10,6 +10,9 @@
|
|||
<file engine="none">/etc/postgresql/pg_ident.conf</file>
|
||||
<file engine="none" mode="755">/bin/postgresql_init</file>
|
||||
<file engine="none" source="sysuser-postgresql.conf">/sysusers.d/0postgresql.conf</file>
|
||||
<file>/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt</file>
|
||||
<file>/etc/pki/tls/certs/postgresql.crt</file>
|
||||
<file owner="root" group="postgres" mode="440">/etc/pki/tls/private/postgresql.key</file>
|
||||
</service>
|
||||
</services>
|
||||
<variables>
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
PKG="$PKG postgresql-server"
|
||||
PKG="$PKG postgresql-server postgresql-contrib"
|
||||
|
|
|
|||
|
|
@ -89,11 +89,11 @@ local all postgres ident map=pg_map
|
|||
#>GNUNUX
|
||||
# host all all 127.0.0.1/32 ident
|
||||
%for %%server in %%accounts.remotes
|
||||
host %%normalize_family(%%server) %%normalize_family(%%server) %%server md5
|
||||
hostssl %%normalize_family(%%server) %%normalize_family(%%server) %%server md5
|
||||
%end for
|
||||
#<GNUNUX
|
||||
# IPv6 local connections:
|
||||
host all all ::1/128 ident
|
||||
#host all all ::1/128 ident
|
||||
# Allow replication connections from localhost, by a user with the
|
||||
# replication privilege.
|
||||
#>GNUNUX
|
||||
|
|
|
|||
|
|
@ -138,13 +138,12 @@ authentication_timeout = §§{pg_authentication_timeout}s
|
|||
#ssl_dh_params_file = ''
|
||||
#ssl_passphrase_command = ''
|
||||
#ssl_passphrase_command_supports_reload = off
|
||||
#>FIXME
|
||||
#ssl = true # (change requires restart)
|
||||
#%import os
|
||||
#%set %%pg_server_cert_chain = os.path.splitext(§§pg_server_cert)[0] + '_ca-chain.crt'
|
||||
#ssl_cert_file = '%%pg_server_cert_chain' # (change requires restart)
|
||||
#ssl_key_file = '§§pg_server_key' # (change requires restart)
|
||||
#<FIXME
|
||||
#>GNUNUX
|
||||
ssl = true # (change requires restart)
|
||||
ssl_ca_file = '/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt'
|
||||
ssl_cert_file = '/etc/pki/tls/certs/postgresql.crt' # (change requires restart)
|
||||
ssl_key_file = '/etc/pki/tls/private/postgresql.key' # (change requires restart)
|
||||
#<GNUNUX
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# RESOURCE USAGE (except WAL)
|
||||
|
|
|
|||
|
|
@ -1,95 +0,0 @@
|
|||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
<rougail version="0.10">
|
||||
<services>
|
||||
<service name="nginx" manage="False">
|
||||
<file file_type="variable" source="ca_InternalReverseProxy.crt">revprox_ca_file</file>
|
||||
<file file_type="variable" source="revprox.crt">revprox_cert_file</file>
|
||||
<file file_type="variable" source="revprox.key" owner_type="variable" owner="revprox_client_cert_owner" group_type="variable" group="revprox_client_cert_group" mode="400">revprox_key_file</file>
|
||||
</service>
|
||||
</services>
|
||||
<variables>
|
||||
<family name="nginx" description="Reverse proxy">
|
||||
<variable name="revprox_client_server_domainname" type="domainname" description="Nom de domaine du serveur mandataire inverse" mandatory='True'/>
|
||||
<variable name="revprox_client_server_ip" type="ip" hidden='True'/>
|
||||
<variable name="revprox_client_external_domainname" type="domainname" description="Nom de domaine exterieur du serveur" mandatory='True' provider="external_domainname"/>
|
||||
<family name="revprox_client" description="Point d'entré des clients" leadership="True">
|
||||
<variable name="revprox_client_location" type="filename" description="Nom de l'arborescence racine du site" mandatory="True" multi="True">
|
||||
<value>/</value>
|
||||
</variable>
|
||||
<variable name="revprox_client_is_websocket" type="boolean" description="Le point d'entré est de types websocket" mandatory="True">
|
||||
<value>False</value>
|
||||
</variable>
|
||||
</family>
|
||||
<variable name="revprox_client_local_location" type="filename" description="Nom de l'arborescene racine du site localement" hidden='True'/>
|
||||
<variable name="revprox_client_web_address" type="web_address" description="Nom de domaine du client du mandataire inverse" hidden='True'/>
|
||||
<variable name="revprox_client_port" type="port" description="Port du client du mandataire inverse" hidden='True'>
|
||||
<value>443</value>
|
||||
</variable>
|
||||
<variable name="revprox_client_cert_owner" type="unix_user" description="Reverse proxy certificate owner">
|
||||
<value>root</value>
|
||||
</variable>
|
||||
<variable name="revprox_client_cert_group" type="unix_user" description="Reverse proxy certificate group">
|
||||
<value>root</value>
|
||||
</variable>
|
||||
<variable name="revprox_ca_file" type="filename" description="Reverse proxy CA filename" hidden="True"/>
|
||||
<variable name="revprox_cert_file" type="filename" description="Reverse proxy certificate filename" hidden="True"/>
|
||||
<variable name="revprox_key_file" type="filename" description="Reverse proxy private key filename" hidden="True"/>
|
||||
</family>
|
||||
</variables>
|
||||
<constraints>
|
||||
<fill name="calc_web_address">
|
||||
<param type="variable">domain_name_eth0</param>
|
||||
<param type="variable">revprox_client_port</param>
|
||||
<param type="variable">revprox_client_local_location</param>
|
||||
<target>revprox_client_web_address</target>
|
||||
</fill>
|
||||
<fill name="calc_value">
|
||||
<param type="variable">tls_ca_directory</param>
|
||||
<param>ca_InternalReverseProxy.crt</param>
|
||||
<param name="join">/</param>
|
||||
<target>revprox_ca_file</target>
|
||||
</fill>
|
||||
<fill name="calc_value">
|
||||
<param type="variable">tls_cert_directory</param>
|
||||
<param>revprox.crt</param>
|
||||
<param name="join">/</param>
|
||||
<target>revprox_cert_file</target>
|
||||
</fill>
|
||||
<fill name="calc_value">
|
||||
<param type="variable">tls_key_directory</param>
|
||||
<param>revprox.key</param>
|
||||
<param name="join">/</param>
|
||||
<target>revprox_key_file</target>
|
||||
</fill>
|
||||
<fill name="set_linked">
|
||||
<param name="linked_server" type="variable">revprox_client_server_domainname</param>
|
||||
<param name="linked_provider">revprox_clients</param>
|
||||
<param name="linked_value" type="variable">revprox_client_external_domainname</param>
|
||||
<param name="linked_returns">ip</param>
|
||||
<param name="dynamic">0</param>
|
||||
<target>revprox_client_server_ip</target>
|
||||
</fill>
|
||||
<check name="set_linked_configuration">
|
||||
<param name="linked_server" type="variable">revprox_client_server_domainname</param>
|
||||
<param name="linked_provider">revprox_location</param>
|
||||
<param name="dynamic" type="variable">revprox_client_external_domainname</param>
|
||||
<target>revprox_client_location</target>
|
||||
</check>
|
||||
<check name="set_linked_configuration">
|
||||
<param name="linked_server" type="variable">revprox_client_server_domainname</param>
|
||||
<param name="linked_provider">revprox_is_websocket</param>
|
||||
<param name="dynamic" type="variable">revprox_client_external_domainname</param>
|
||||
<param name="leader_provider">revprox_location</param>
|
||||
<param name="leader_value" type="variable">revprox_client_location</param>
|
||||
<target>revprox_client_is_websocket</target>
|
||||
</check>
|
||||
<check name="set_linked_configuration">
|
||||
<param name="linked_server" type="variable">revprox_client_server_domainname</param>
|
||||
<param name="linked_provider">revprox_url</param>
|
||||
<param name="leader_provider">revprox_location</param>
|
||||
<param name="leader_value" type="variable">revprox_client_location</param>
|
||||
<param name="dynamic" type="variable">revprox_client_external_domainname</param>
|
||||
<target>revprox_client_web_address</target>
|
||||
</check>
|
||||
</constraints>
|
||||
</rougail>
|
||||
|
|
@ -5,6 +5,8 @@
|
|||
<file owner="root" group="apache" mode="640">/etc/roundcubemail/config.inc.php</file>
|
||||
<file>/etc/httpd/conf.d/roundcubemail.conf</file>
|
||||
<file>/secrets/roundcube-init.php</file>
|
||||
<file engine="none">/static/silique_cloud.svg</file>
|
||||
<file engine="none">/static/watermark.html</file>
|
||||
<file>/etc/pki/ca-trust/source/anchors/ca_MailServer.crt</file>
|
||||
</service>
|
||||
</services>
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
PKG="$PKG mod_ssl roundcubemail php-cli php-pgsql php-pecl-redis5"
|
||||
PKG="$PKG roundcubemail php-cli php-pgsql php-pecl-redis5"
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ $config = [];
|
|||
// e.g. 'mysql://roundcube:@localhost/roundcubemail?verify_server_cert=false'
|
||||
// GNUNUX $config['db_dsnw'] = 'mysql://roundcube:@localhost/roundcubemail';
|
||||
//>GNUNUX
|
||||
$config['db_dsnw'] = 'pgsql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database';
|
||||
$config['db_dsnw'] = 'pgsql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database?sslmode=verify-full';
|
||||
//<GNUNUX
|
||||
|
||||
// Database DSN for read-only operations (if empty write database will be used)
|
||||
|
|
@ -532,7 +532,7 @@ $config['support_url'] = '';
|
|||
// file from the currently selected skin. Prepend name/path with a slash to use
|
||||
// current skin folder. Remove the slash to point to a file in the Roundcube
|
||||
// root directory. It can be also a full URL.
|
||||
$config['blankpage_url'] = '/watermark.html';
|
||||
$config['blankpage_url'] = '/risotto/watermark.html';
|
||||
|
||||
// Logo image replacement. Specifies location of the image as:
|
||||
// - URL relative to the document root of this Roundcube installation
|
||||
|
|
@ -566,7 +566,7 @@ $config['blankpage_url'] = '/watermark.html';
|
|||
"[print]" => "/images/logo_print.png",
|
||||
];
|
||||
*/
|
||||
$config['skin_logo'] = null;
|
||||
$config['skin_logo'] = '/risotto/silique_cloud.svg';
|
||||
|
||||
// Automatically register user in Roundcube database on successful (IMAP) logon.
|
||||
// Set to false if only registered users should be allowed to the webmail.
|
||||
|
|
|
|||
|
|
@ -2,6 +2,13 @@
|
|||
# Round Cube Webmail is a browser-based multilingual IMAP client
|
||||
#
|
||||
|
||||
|
||||
#>GNUNUX
|
||||
Alias /roundcube/skins/elastic/risotto/ /usr/local/lib/static/
|
||||
<Directory /usr/local/lib/static/>
|
||||
Require all granted
|
||||
</Directory>
|
||||
#<GNUNUX
|
||||
# GNUNUX Alias /roundcubemail /usr/share/roundcubemail
|
||||
Alias /roundcube /usr/share/roundcubemail
|
||||
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ DATA_FOLDER=/srv/vaultwarden
|
|||
## - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING
|
||||
# DATABASE_URL=postgresql://user:password@host[:port]/database_name
|
||||
#>GNUNUX
|
||||
DATABASE_URL=postgresql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database
|
||||
DATABASE_URL=postgresql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database?sslmode=verify-full
|
||||
#<GNUNUX
|
||||
|
||||
## Database max connections
|
||||
|
|
|
|||
Loading…
Reference in a new issue