improvements
This commit is contained in:
parent
8b39e07aa4
commit
b96c29e40e
100 changed files with 946 additions and 309 deletions
|
@ -19,7 +19,7 @@
|
|||
</variable>
|
||||
</family>
|
||||
<family name="apache" description="Apache" help="Paramètrage avancé du serveur web Apache">
|
||||
<variable name="apache_timeout" type="number" description="Temps en secondes pendant lequel le serveur va attendre des entrées/sorties avant de considérer qu'une requête a échoué">
|
||||
<variable name="apache_timeout" type="number" description="Temps d'attente des entrées/sorties avant de considérer qu'une requête a échoué" help="Temps en secondes">
|
||||
<value>300</value>
|
||||
</variable>
|
||||
<variable name="apache_keepalive" type="boolean" description="Autoriser les connexions persistantes"/>
|
||||
|
|
|
@ -1 +1 @@
|
|||
%%get_chain(authority_cn=%%revprox_client_server_domainname, authority_name="InternalReverseProxy", hide=%%hide_secret)
|
||||
%%get_chain(%%domain_name_eth0, authority_cn=%%revprox_client_server_domainname, authority_name="InternalReverseProxy", hide=%%hide_secret)
|
||||
|
|
|
@ -10,7 +10,9 @@
|
|||
<file engine="none" source="sysuser-debian.conf">/sysusers.d/debian.conf</file>
|
||||
</service>
|
||||
<service name='apt-daily' disabled="True"/>
|
||||
<service name='apt-daily' disabled="True" type="timer"/>
|
||||
<service name='apt-daily-upgrade' disabled="True"/>
|
||||
<service name='apt-daily-upgrade' disabled="True" type="timer"/>
|
||||
<service name='avahi-daemon' disabled="True"/>
|
||||
<service name='cron' disabled="True"/>
|
||||
</services>
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<rougail version="0.10">
|
||||
<services>
|
||||
<service name="update-ca-certificates" engine="creole" target="multi-user"/>
|
||||
<service name="update-ca-certificates" engine="cheetah" target="multi-user"/>
|
||||
</services>
|
||||
<variables>
|
||||
<variable name="tls_ca_directory" type="filename" description="Répertoire des autorités de certification" hidden="True">
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
rm -f $IMAGE_NAME_RISOTTO_IMAGE_DIR/etc/resolv.conf
|
||||
ln -s ../run/systemd/resolve/stub-resolv.conf $IMAGE_NAME_RISOTTO_IMAGE_DIR/etc/resolv.conf
|
||||
#mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants
|
||||
#chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants
|
||||
#ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
|
||||
#ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
|
||||
#ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
|
||||
#ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"
|
||||
rm -f $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/etc/resolv.conf
|
||||
ln -s ../run/systemd/resolve/stub-resolv.conf $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/etc/resolv.conf
|
||||
#mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
|
||||
#chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
|
||||
#ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
|
||||
#ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
|
||||
#ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
|
||||
#ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# ACTIVE NETWORKD
|
||||
mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants
|
||||
chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants
|
||||
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
|
||||
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
|
||||
ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
|
||||
ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"
|
||||
mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
|
||||
chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
|
||||
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
|
||||
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
|
||||
ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
|
||||
ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# ACTIVE NETWORKD
|
||||
mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants
|
||||
chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants
|
||||
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
|
||||
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
|
||||
ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
|
||||
ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"
|
||||
mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
|
||||
chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants
|
||||
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
|
||||
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
|
||||
ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
|
||||
ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<rougail version="0.10">
|
||||
<services>
|
||||
<service name="update-ca-trust" engine="creole" target="multi-user"/>
|
||||
<service name="update-ca-trust" engine="cheetah" target="multi-user"/>
|
||||
</services>
|
||||
<variables>
|
||||
<variable name="tls_ca_directory" type="filename" description="Nom du répertoire des autorités de certification" hidden="True">
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
BASE_PKG="systemd systemd-networkd systemd-resolved fedora-release-container lsof strace glibc-langpack-fr $BASE_PKG"
|
||||
INSTALL_TOOL="dnf"
|
||||
OS_NAME='fedora'
|
||||
REPO_DIR="$IMAGE_NAME_RISOTTO_IMAGE_DIR/etc/yum.repos.d/"
|
||||
REPO_DIR="$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/etc/yum.repos.d/"
|
||||
|
|
|
@ -6,25 +6,26 @@
|
|||
</service>
|
||||
</services>
|
||||
<variables>
|
||||
<variable name="hide_secret" type="boolean" description="Les secrets sont obscurcis" mode="expert" help="Obscurcir les secrets peut permettre de générer des configurations diffusable sans problème de confidentialité ou pour comparer deux configurations générés à des moments différents">
|
||||
<variable name="hide_secret" type="boolean" description="Les secrets sont obscurcis" mode="expert" help="Obscurcir les secrets peut permettre de générer des configurations diffusable sans problème de confidentialité ou pour comparer deux configurations générés à des moments différents" hidden="True">
|
||||
<value>False</value>
|
||||
</variable>
|
||||
<variable name="module_name" type="string" hidden="True" provider="global:module_name" mandatory="True"/>
|
||||
<family name="network" description="Réseau">
|
||||
<variable name="server_name" type="domainname" hidden="True" provider="global:server_name" mandatory="True"/>
|
||||
<variable name="server_name" description="Nom de domaine du serveur" type="domainname" hidden="True" provider="global:server_name" mandatory="True"/>
|
||||
<variable name="zones_list" type="string" multi="True" description="Liste de toutes les zones" mandatory="True" hidden="True" provider="global:zones_name"/>
|
||||
<variable name="interfaces_list" type="number" multi="True" description="Liste de tous les numéros d'interfaces" hidden="True" provider="global:zones_list"/>
|
||||
<family name="interface_" description="Interface " dynamic="interfaces_list">
|
||||
<variable name="zone_name_eth" type="string" description="Nom de la zone de l'interface " hidden="True" mandatory="True"/>
|
||||
<variable name="ip_eth" type="ip" description="Adresse IP pour l'interface " hidden="True" mandatory="True"/>
|
||||
<variable name="network_eth" type="network_cidr" description="Réseau de l'interface " hidden="True"/>
|
||||
<variable name="gateway_eth" type="ip" description="La route de l'interface "/>
|
||||
<variable name="gateway_eth" type="ip" description="La route de l'interface " hidden="True"/>
|
||||
<variable name="domain_name_eth" type="domainname" description="Nom de domaine pour l'interface " mandatory="True" hidden="True" provider="global:server_names"/>
|
||||
</family>
|
||||
</family>
|
||||
</variables>
|
||||
<constraints>
|
||||
<fill name="get_ip">
|
||||
<param type="information">zones</param>
|
||||
<param name="server_name" type="variable">domain_name_eth</param>
|
||||
<target>ip_eth</target>
|
||||
</fill>
|
||||
|
@ -33,14 +34,16 @@
|
|||
<param name="index" type="suffix"/>
|
||||
<target>zone_name_eth</target>
|
||||
</fill>
|
||||
<fill name="zone_information">
|
||||
<param type="variable">zone_name_eth</param>
|
||||
<fill name="get_zones_info">
|
||||
<param type="information">zones</param>
|
||||
<param>network</param>
|
||||
<param type="variable" name="zone_name">zone_name_eth</param>
|
||||
<target>network_eth</target>
|
||||
</fill>
|
||||
<fill name="zone_information">
|
||||
<param type="variable">zone_name_eth</param>
|
||||
<param>gateway</param>
|
||||
<fill name="get_zones_info">
|
||||
<param type="information">zones</param>
|
||||
<param>host_ip</param>
|
||||
<param type="variable" name="zone_name">zone_name_eth</param>
|
||||
<param name="index" type="suffix"/>
|
||||
<target>gateway_eth</target>
|
||||
</fill>
|
||||
|
|
|
@ -6,9 +6,6 @@ from os.path import join as _join, isfile as _isfile, isdir as _isdir
|
|||
from os import makedirs as _makedirs, environ as _environ
|
||||
|
||||
|
||||
#from risotto.utils import ZONES_SERVER
|
||||
|
||||
|
||||
_HERE = _environ['PWD']
|
||||
_PASSWORD_DIR = _join(_HERE, 'password')
|
||||
|
||||
|
|
|
@ -1,10 +1,11 @@
|
|||
from typing import List
|
||||
from risotto.utils import load_domains, DOMAINS
|
||||
from risotto.utils import multi_function as _multi_function
|
||||
from typing import List as _List
|
||||
|
||||
|
||||
@_multi_function
|
||||
def get_ip(server_name: str) -> str:
|
||||
def get_ip(zones: dict,
|
||||
server_name: str,
|
||||
) -> str:
|
||||
if server_name is None:
|
||||
return
|
||||
if isinstance(server_name, list):
|
||||
|
@ -15,12 +16,32 @@ def get_ip(server_name: str) -> str:
|
|||
lst = []
|
||||
for s_name in server_name:
|
||||
host_name, domain_name = s_name.split('.', 1)
|
||||
if not domain_name in DOMAINS:
|
||||
for zone in zones.values():
|
||||
if domain_name == zone['domain_name']:
|
||||
break
|
||||
else:
|
||||
raise ValueError(f'cannot find IP in domain name "{domain_name}" (for "{s_name}")')
|
||||
domain = DOMAINS[domain_name]
|
||||
ret = domain[1][domain[0].index(host_name)]
|
||||
ret = zone['hosts'][host_name]
|
||||
if not return_list:
|
||||
return ret
|
||||
if ret not in lst:
|
||||
lst.append(ret)
|
||||
return lst
|
||||
|
||||
|
||||
@_multi_function
|
||||
def get_zones_info(zones: dict,
|
||||
type: str,
|
||||
zone_names: _List[str]=None,
|
||||
zone_name: str=None,
|
||||
index: int=None,
|
||||
) -> str:
|
||||
if type == 'host_ip' and index != 0:
|
||||
return
|
||||
if zone_name:
|
||||
if zone_name not in zones:
|
||||
raise ValueError(f"cannot get zone informations in unknown zone '{zone_name}'")
|
||||
if type == 'cidr':
|
||||
return zones[zone_name]['host_ip'] + '/' + zones[zone_name]['network'].split('/')[-1]
|
||||
return zones[zone_name][type]
|
||||
return [data[type] for zone_name, data in zones.items() if not zone_names or zone_name in zone_names]
|
||||
|
|
|
@ -10,12 +10,13 @@
|
|||
<variable name="dns_is_only_local" type="boolean" description="DNS resolve only local address" hidden="True">
|
||||
<value>True</value>
|
||||
</variable>
|
||||
<variable name="dns_client_address" type="domainname" description="Nom de domaine du serveur DNS" supplier="LocalDNS"/>
|
||||
<variable name="dns_client_address" type="domainname" description="Nom de domaine du serveur DNS" supplier="LocalDNS" hidden="True"/>
|
||||
<variable name="ip_dns" type="ip" description="Adresse IP du serveur DNS" hidden="True"/>
|
||||
</family>
|
||||
</variables>
|
||||
<constraints>
|
||||
<fill name="get_ip">
|
||||
<param type="information">zones</param>
|
||||
<param name="server_name" type="variable">dns_client_address</param>
|
||||
<target>ip_dns</target>
|
||||
</fill>
|
||||
|
|
|
@ -6,15 +6,15 @@ addresses:
|
|||
%elif %%getVar('unbound_forward_address', None) is not None
|
||||
%for %%authority in %%unbound_forward_address
|
||||
- dns_address: %%authority
|
||||
dns_ip: %%get_ip(%%str(%%authority))
|
||||
dns_ip: %%authority.unbound_allowed_client
|
||||
%end for
|
||||
%else
|
||||
%elif %%getVar('nsd_zones', None)
|
||||
%for %%zone in %%nsd_zones
|
||||
%set %%suffix = %%normalize_family(%%zone)
|
||||
%set %%hostnames = %%nsd["nsd_zone_" + %%suffix]["hostname_" + %%suffix]["hostname_" + %%suffix]
|
||||
%for %%nsd in %%hostnames
|
||||
- dns_address: %%{nsd}.%%zone
|
||||
dns_ip: %%nsd["ip_" + %%suffix]
|
||||
%for %%hostname in %%hostnames
|
||||
- dns_address: %%{hostname}.%%zone
|
||||
dns_ip: %%hostname["ip_" + %%suffix]
|
||||
%end for
|
||||
%end for
|
||||
%end if
|
||||
|
|
|
@ -85,11 +85,13 @@
|
|||
<variable name='external_imap_crt' type="filename" hidden='True' multi='True'/>
|
||||
<variable name='external_imap_key' type="filename" hidden='True' multi='True'/>
|
||||
</family>
|
||||
<family name="nginx">
|
||||
<family name="revprox">
|
||||
<family name="revprox_client">
|
||||
<variable name="revprox_client_external_domainnames" redefine="True"/>
|
||||
<variable name="revprox_client_web_address" redefine="True"/>
|
||||
</family>
|
||||
</family>
|
||||
<family name="nginx">
|
||||
<variable name="nginx_root" redefine='True'>
|
||||
<value>/var/www/html</value>
|
||||
</variable>
|
||||
|
|
|
@ -1 +1 @@
|
|||
%%get_chain(%%domain_name_eth0, "IMAPServer", hide=%%hide_secret)
|
||||
%%get_chain(%%domain_name_eth0, %%domain_name_eth0, "IMAPServer", hide=%%hide_secret)
|
||||
|
|
|
@ -1 +1 @@
|
|||
%%get_chain(%%domain_name_eth0, "MailServer", hide=%%hide_secret)
|
||||
%%get_chain(%%domain_name_eth0, %%domain_name_eth0, "MailServer", hide=%%hide_secret)
|
||||
|
|
|
@ -8,5 +8,5 @@ password: %%get_password(server_name='test', username=%%username, description="t
|
|||
username_family: %%username_family
|
||||
password_family: %%get_password(server_name='test', username=%%username_family, description='test', type="cleartext", hide=%%hide_secret, temporary=True)
|
||||
name_family: %%name_family
|
||||
smtp: %%get_ip(%%smtp_relay_address)
|
||||
smtp: %%smtp_relay_ip
|
||||
ext_username: 'test@example.net'
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
<rougail version="0.10">
|
||||
<services>
|
||||
<service name="gitea" target="multi-user" engine="creole">
|
||||
<service name="gitea" target="multi-user" engine="cheetah">
|
||||
<file engine="none" source="sysuser-gitea.conf">/sysusers.d/0gitea.conf</file>
|
||||
<file engine="none" source="tmpfile-gitea.conf">/tmpfiles.d/0gitea.conf</file>
|
||||
<file>/etc/gitea/app.ini</file>
|
||||
|
@ -28,7 +28,7 @@
|
|||
<variable name="gitea_internal_token" type="password" hidden="True"/>
|
||||
<variable name="gitea_lfs_jwt_secret" type="password" hidden="True"/>
|
||||
</family>
|
||||
<family name="nginx">
|
||||
<family name="revprox">
|
||||
<family name="revprox_client">
|
||||
<variable name="revprox_client_local_location" redefine="True">
|
||||
<value>/</value>
|
||||
|
|
|
@ -9,9 +9,11 @@ VERS=$(wget https://dl.gitea.io/gitea/version.json -q -O - | jq -r '.latest.vers
|
|||
mkdir -p ~/gitea/
|
||||
|
||||
if [ ! -f ~/"gitea/gitea-$VERS-linux-amd64.xz" ]; then
|
||||
rm -rf ~/"gitea/gitea-*-linux-amd64.xz"
|
||||
wget "https://dl.gitea.io/gitea/$VERS/gitea-$VERS-linux-amd64.xz" -O ~/"gitea/gitea-$VERS-linux-amd64.xz"
|
||||
fi
|
||||
if [ ! -f ~/"gitea/gitea-$VERS-linux-amd64.xz.asc" ]; then
|
||||
rm -rf ~/"gitea/gitea-*-linux-amd64.xz.asc"
|
||||
wget "https://dl.gitea.io/gitea/$VERS/gitea-$VERS-linux-amd64.xz.asc" -O ~/"gitea/gitea-$VERS-linux-amd64.xz.asc"
|
||||
fi
|
||||
|
||||
|
@ -19,5 +21,5 @@ gpg --verify ~/"gitea/gitea-$VERS-linux-amd64.xz.asc" ~/"gitea/gitea-$VERS-linux
|
|||
|
||||
cp -a ~/"gitea/gitea-$VERS-linux-amd64.xz" .
|
||||
xz -d "gitea-$VERS-linux-amd64.xz"
|
||||
mv "gitea-$VERS-linux-amd64" "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/bin/gitea"
|
||||
chmod +x "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/bin/gitea"
|
||||
mv "gitea-$VERS-linux-amd64" "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/bin/gitea"
|
||||
chmod +x "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/bin/gitea"
|
||||
|
|
|
@ -6,12 +6,12 @@
|
|||
<file file_type="variable" source="70-container.network" variable="zone_name">systemd_zone_filename</file>
|
||||
<file file_type="variable" source="70-container.netdev" variable="zone_name">systemd_netzone_filename</file>
|
||||
</service>
|
||||
<service name="risotto-images" engine="creole" manage="False"/>
|
||||
<service name="risotto-images" engine="cheetah" manage="False"/>
|
||||
<service name="systemd-sysctl"/>
|
||||
<service name="systemd-networkd"/>
|
||||
<service name="systemd-resolved"/>
|
||||
<service name="risotto-images" type="timer" engine="creole"/>
|
||||
<service name="risottofirewall" engine="creole"/>
|
||||
<service name="risotto-images" type="timer" engine="cheetah"/>
|
||||
<service name="risottofirewall" engine="cheetah"/>
|
||||
<service name="systemd-nspawn@">
|
||||
<file>/usr/local/lib/risotto-tmpfiles.d/0asystemd-nspawn.conf</file>
|
||||
<file>/etc/systemd/system/systemd-nspawn@.service.d/systemd-nspawn@.conf</file>
|
||||
|
@ -20,12 +20,11 @@
|
|||
<file>/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-36-x86_64</file>
|
||||
<file>/etc/pki/rpm-gpg/RPM-GPG-KEY-rpmfusion-free-fedora-36</file>
|
||||
<file>/etc/sysctl.d/90-risotto.conf</file>
|
||||
<file file_type="variable" source="dhcp.network" variable="host_dhcp_interface">host_dhcp_filename</file>
|
||||
<file file_type="variable" source="dhcp.network" variable="interface_names">host_network_filename</file>
|
||||
</service>
|
||||
</services>
|
||||
<variables>
|
||||
<variable name="host_install_dir" type="filename" description="Nom du répertoire comprenant les descriptions d'installation" mandatory="True"/>
|
||||
<variable name="host_dhcp_filename" type="filename" hidden="True" multi="True"/>
|
||||
<variable name="host_install_dir" type="filename" description="Nom du répertoire comprenant les descriptions d'installation" mandatory="True" provider="global:host_install_dir"/>
|
||||
<variable name="host_name" type="domainname" hidden="True" provider="global:server_name" mandatory="True"/>
|
||||
<variable name="module_name" type="string" hidden="True" provider="global:module_name" mandatory="True"/>
|
||||
<variable name="systemd_zone_filename" type="filename" hidden="True" multi="True"/>
|
||||
|
@ -39,16 +38,34 @@
|
|||
<value>jq</value>
|
||||
<value>debootstrap</value>
|
||||
<value>htop</value>
|
||||
<value>iotop</value>
|
||||
<value>man</value>
|
||||
<value>gettext</value>
|
||||
<value>patch</value>
|
||||
<value>unzip</value>
|
||||
<value>mlocate</value>
|
||||
<value>xz-utils</value>
|
||||
<value>iptables</value>
|
||||
<value>curl</value>
|
||||
<value>tree</value>
|
||||
<value>tshark</value>
|
||||
<value>vim</value>
|
||||
</variable>
|
||||
<family name="network">
|
||||
<variable name="host_dhcp_interface" description="Carte réseau en DHCP" multi="True"/>
|
||||
<variable name="output_interface" description="Nom de l'interface de sortie" mandatory="True"/>
|
||||
<family name="interfaces" leadership="True">
|
||||
<variable name="interface_names" description="Nom de l'interface" multi="True" mandatory="True"/>
|
||||
<variable name="interface_type" type="choice" description="Type de la carte" mandatory="True">
|
||||
<choice>dhcp</choice>
|
||||
<choice>ipv4</choice>
|
||||
<value>dhcp</value>
|
||||
</variable>
|
||||
<variable name="interface_ip" type="cidr" description="IP au format CIDR de l'interface" mandatory="True"/>
|
||||
<variable name="interface_gateway" type="ip" description="IP de la route par défaut" mandatory="True"/>
|
||||
<variable name="interface_domain_name_servers" type="ip" description="IP des serveurs DNS" mandatory="True" multi="True"/>
|
||||
<variable name="first_interface" type="boolean" hidden="True"/>
|
||||
</family>
|
||||
<variable name="host_network_filename" type="filename" multi="True" hidden="True"/>
|
||||
</family>
|
||||
<family name="zones" leadership="True">
|
||||
<variable name="zone_name" type="string" hidden="True" multi="True"/>
|
||||
|
@ -57,6 +74,7 @@
|
|||
</variables>
|
||||
<constraints>
|
||||
<fill name="get_internal_zone_names">
|
||||
<param type="information">zones</param>
|
||||
<target>zone_name</target>
|
||||
</fill>
|
||||
<fill name="calc_value">
|
||||
|
@ -69,11 +87,11 @@
|
|||
</fill>
|
||||
<fill name="calc_value">
|
||||
<param>/etc/systemd/network/80-</param>
|
||||
<param type="variable">host_dhcp_interface</param>
|
||||
<param type="variable">interface_names</param>
|
||||
<param>.network</param>
|
||||
<param name="join"></param>
|
||||
<param name="multi" type="boolean">True</param>
|
||||
<target>host_dhcp_filename</target>
|
||||
<target>host_network_filename</target>
|
||||
</fill>
|
||||
<fill name="calc_value">
|
||||
<param>/etc/systemd/network/70-container-</param>
|
||||
|
@ -83,10 +101,26 @@
|
|||
<param name="multi" type="boolean">True</param>
|
||||
<target>systemd_netzone_filename</target>
|
||||
</fill>
|
||||
<fill name="get_internal_zone_information">
|
||||
<param type="variable">zone_name</param>
|
||||
<fill name="get_zones_info">
|
||||
<param type="information">zones</param>
|
||||
<param>cidr</param>
|
||||
<param type="variable" name="zone_name">zone_name</param>
|
||||
<target>zone_cidr</target>
|
||||
</fill>
|
||||
<fill name="is_first_interface">
|
||||
<param type="index"/>
|
||||
<target>first_interface</target>
|
||||
</fill>
|
||||
<condition name="disabled_if_not_in" source="interface_type">
|
||||
<param>ipv4</param>
|
||||
<target>interface_ip</target>
|
||||
<target>interface_gateway</target>
|
||||
<target>interface_domain_name_servers</target>
|
||||
</condition>
|
||||
<condition name="disabled_if_not_in" source="first_interface">
|
||||
<param>True</param>
|
||||
<target>interface_gateway</target>
|
||||
<target>interface_domain_name_servers</target>
|
||||
</condition>
|
||||
</constraints>
|
||||
</rougail>
|
||||
|
|
|
@ -15,6 +15,7 @@
|
|||
<variable name="journal_dir_" description="Directory with journal volume for " hidden="True" type="filename" provider="Host:machine_journal"/>
|
||||
<variable name="config_dir_" description="Directory with configuration volume for " hidden="True" type="filename" provider="Host:config_dir" mandatory="True"/>
|
||||
<variable name="zones_" description="Zones for " hidden="True" provider="Host:machine_zones" mandatory="True" multi="True"/>
|
||||
<variable name="ip_" description="IP for " type="ip" hidden="True"/>
|
||||
</family>
|
||||
<variable name="nspawn_zone_filename" type="filename" hidden="True" multi="True"/>
|
||||
<variable name="nspawn_script_filename" type="filename" hidden="True" multi="True"/>
|
||||
|
@ -35,6 +36,11 @@
|
|||
<param name="multi" type="boolean">True</param>
|
||||
<target>machined.nspawn_zone_filename</target>
|
||||
</fill>
|
||||
<fill name="get_ip">
|
||||
<param type="information">zones</param>
|
||||
<param type="suffix"/>
|
||||
<target>machined.machine_.ip_</target>
|
||||
</fill>
|
||||
</constraints>
|
||||
</rougail>
|
||||
|
||||
|
|
|
@ -2,4 +2,16 @@
|
|||
Name=%%rougail_variable
|
||||
|
||||
[Network]
|
||||
%set %%leader = %%interface_names[%%rougail_index]
|
||||
%if %%leader.interface_type == 'dhcp'
|
||||
DHCP=ipv4
|
||||
%else
|
||||
DHCP=no
|
||||
Address=%%leader.interface_ip
|
||||
%if %%leader.first_interface
|
||||
Gateway=%%leader.interface_gateway
|
||||
%for %%dns in %%leader.interface_domain_name_servers
|
||||
DNS=%%dns
|
||||
%end for
|
||||
%end if
|
||||
%end if
|
||||
|
|
|
@ -5,21 +5,27 @@ After=network.target
|
|||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
%set %%has_rules = False
|
||||
%for %%dns in %%machined.machines
|
||||
%set %%machine = %%normalize_family(%%dns)
|
||||
%set %%outgoing = %%machined['machine_' + %%machine]['outgoing_ports_' + %%machine]
|
||||
%set %%machine = %%normalize_family(%%dns)
|
||||
%set %%outgoing = %%machined['machine_' + %%machine]['outgoing_ports_' + %%machine]
|
||||
%if %%outgoing
|
||||
%set %%ip = %%machined['machine_' + %%machine]['ip_' + %%machine]
|
||||
%for %%port in %%outgoing
|
||||
%if ':' in %%port
|
||||
%set %%protocol, %%port = %%port.split(':')
|
||||
%set %%protocol, %%port = %%port.split(':')
|
||||
%else
|
||||
%set %%protocol = 'tcp'
|
||||
%set %%protocol = 'tcp'
|
||||
%end if
|
||||
ExecStart=/sbin/iptables -t nat -A POSTROUTING -s %%get_ip(%%dns) -p %%protocol -m %%protocol --dport %%port -o %%output_interface -j MASQUERADE
|
||||
ExecStop=-/sbin/iptables -t nat -D POSTROUTING -s %%get_ip(%%dns) -p %%protocol -m %%protocol --dport %%port -o %%output_interface -j MASQUERADE
|
||||
ExecStart=/sbin/iptables -t nat -A POSTROUTING -s %%ip -p %%protocol -m %%protocol --dport %%port -o %%output_interface -j MASQUERADE
|
||||
ExecStop=-/sbin/iptables -t nat -D POSTROUTING -s %%ip -p %%protocol -m %%protocol --dport %%port -o %%output_interface -j MASQUERADE
|
||||
%set %%has_rules = False
|
||||
%end for
|
||||
%end if
|
||||
%end for
|
||||
%if not %%has_rules
|
||||
ExecStart=/usr/bin/echo "No rule"
|
||||
%end if
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
|
@ -1 +1 @@
|
|||
%%get_chain(%%imap_address, 'IMAPServer', hide=%%hide_secret)
|
||||
%%get_chain(%%domain_name_eth0, %%imap_address, 'IMAPServer', hide=%%hide_secret)
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
<rougail version="0.10">
|
||||
<services>
|
||||
<service name="ldap-client" target="risotto" engine="creole">
|
||||
<service name="ldap-client" target="risotto" engine="cheetah">
|
||||
<file source="ldap.conf" file_type="variable">ldap_client_file</file>
|
||||
<file source="ca_LDAP.crt" file_type="variable">ldap_ca_file</file>
|
||||
<file source="ldap_client.crt" file_type="variable">ldap_cert_file</file>
|
||||
|
|
|
@ -1 +1 @@
|
|||
%%get_chain(%%ldap_server_address, 'LDAP', hide=%%hide_secret)
|
||||
%%get_chain(cn=%%domain_name_eth0, authority_cn=%%ldap_server_address, authority_name="LDAP", hide=%%hide_secret)
|
||||
|
|
|
@ -3,7 +3,7 @@ from subprocess import run as _run
|
|||
from os.path import join as _join, isfile as _isfile, isdir as _isdir
|
||||
from datetime import datetime as _datetime
|
||||
from shutil import copyfile as _copyfile
|
||||
from os import makedirs as _makedirs, environ as _environ
|
||||
from os import makedirs as _makedirs, environ as _environ, listdir as _listdir, unlink as _unlink
|
||||
|
||||
|
||||
_HERE = _environ['PWD']
|
||||
|
@ -54,25 +54,31 @@ def letsencrypt_certif(domain: str,
|
|||
'360',
|
||||
]
|
||||
ret = _run(cli_args, capture_output=True)
|
||||
if ret.returncode != 0:
|
||||
print("FIXME")
|
||||
#if ret.returncode != 0:
|
||||
# print("FIXME")
|
||||
#raise ValueError(ret.stderr.decode())
|
||||
# print("Done")
|
||||
with open(date_file, 'w') as fh:
|
||||
fh.write(today)
|
||||
rootdir = _join(_X509_DIR, f'{authority_name}+{authority_cn}')
|
||||
chaindir = _join(rootdir, 'ca')
|
||||
certdir = _join(rootdir, 'certificats', domain, 'server')
|
||||
chaindir = _join(rootdir, 'certificats', domain, 'ca')
|
||||
week_number = date.isocalendar().week
|
||||
for dirname in (chaindir, certdir):
|
||||
if not _isdir(dirname):
|
||||
_makedirs(dirname)
|
||||
certificate_name = f'certificate_{week_number}.crt'
|
||||
_copyfile(_join(_LE_DIR, domain, 'config/live', domain, 'chain.pem'),
|
||||
_join(chaindir, f'certificate_{week_number}.crt'),
|
||||
_join(chaindir, certificate_name),
|
||||
)
|
||||
_copyfile(_join(_LE_DIR, domain, 'config/live', domain, 'privkey.pem'),
|
||||
_join(certdir, 'private.key'),
|
||||
)
|
||||
_copyfile(_join(_LE_DIR, domain, 'config/live', domain, 'fullchain.pem'),
|
||||
_join(certdir, f'certificate_{week_number}.crt'),
|
||||
_join(certdir, certificate_name),
|
||||
)
|
||||
for dirname in (chaindir, certdir):
|
||||
for filename in _listdir(dirname):
|
||||
if not filename.endswith('.crt') or filename == certificate_name:
|
||||
continue
|
||||
_unlink(_join(dirname, filename))
|
||||
|
|
|
@ -1,24 +1,23 @@
|
|||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
<rougail version="0.10">
|
||||
<services>
|
||||
<service name="mailman3" target="multi-user">
|
||||
<override/>
|
||||
<file owner="root" group="mailman" mode="640">/etc/mailman.cfg</file>
|
||||
<file owner="root" group="mailman" mode="640">/etc/mailman3.d/postfix.cfg</file>
|
||||
<file engine="none" source="sysuser-mailman.conf">/sysusers.d/0mailman.conf</file>
|
||||
<service name="mailman3"> <!-- target="multi-user">-->
|
||||
<!--override/-->
|
||||
<file owner="root" group="list" mode="640">/etc/mailman3/mailman.cfg</file>
|
||||
<file engine="none" source="tmpfile-mailman.conf">/tmpfiles.d/0mailman.conf</file>
|
||||
</service>
|
||||
<service name="postorius" target="multi-user" engine="creole">
|
||||
<file engine="none">/etc/postorius/gunicorn_config.py</file>
|
||||
<file engine="none" source="sysuser-postorius.conf">/sysusers.d/0postorius.conf</file>
|
||||
<file source="config-nginx.conf">/etc/nginx/default.d/postorius.conf</file>
|
||||
<file source="postorius-settings.py">/etc/mailman3.d/postorius.py</file>
|
||||
<file>/tests/mailman.yml</file>
|
||||
<!--file owner="root" group="mailman" mode="640">/etc/mailman3.d/postfix.cfg</file-->
|
||||
</service>
|
||||
<service name="postgresqlclient" target="multi-user" engine="creole">
|
||||
<service name="mailman3-web"> <!-- target="multi-user" engine="cheetah">-->
|
||||
<!--file engine="none">/etc/postorius/gunicorn_config.py</file>
|
||||
<file engine="none" source="sysuser-postorius.conf">/sysusers.d/0postorius.conf</file>
|
||||
<file source="config-nginx.conf">/etc/nginx/default.d/postorius.conf</file-->
|
||||
<file>/etc/mailman3/mailman-web.py</file>
|
||||
</service>
|
||||
<!--service name="postgresqlclient" target="multi-user" engine="cheetah"-->
|
||||
<!-- mailman and postorius have differents username -->
|
||||
<file owner="postorius" mode="400" source="postgresql.key">/etc/pki/tls/private/postgresql_postorius.key</file>
|
||||
</service>
|
||||
<!--file owner="postorius" mode="400" source="postgresql.key">/etc/pki/tls/private/postgresql_postorius.key</file-->
|
||||
<!--/service-->
|
||||
</services>
|
||||
<variables>
|
||||
<family name="mailman" description="Gestionnaire de liste">
|
||||
|
@ -56,7 +55,7 @@
|
|||
</family>
|
||||
<family name="postgresql">
|
||||
<variable name="pg_client_key_owner" redefine="True">
|
||||
<value>mailman</value>
|
||||
<value>list</value>
|
||||
</variable>
|
||||
</family>
|
||||
</variables>
|
||||
|
|
|
@ -1,12 +1,12 @@
|
|||
PYTHON="usr/lib/python3.10/site-packages"
|
||||
cp -a "$IMAGE_DIR_RECIPIENT_IMAGE/postinstall/lemonldap" "$IMAGE_NAME_RISOTTO_IMAGE_DIR/$PYTHON/allauth/socialaccount/providers/"
|
||||
cp -a "$IMAGE_DIR_RECIPIENT_IMAGE/postinstall/risotto" "$IMAGE_NAME_RISOTTO_IMAGE_DIR/$PYTHON/allauth/socialaccount/providers/"
|
||||
cp -a "$IMAGE_DIR_RECIPIENT_IMAGE/postinstall/postorius" "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/share/postorius"
|
||||
chmod +x "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/share/postorius/manage.py"
|
||||
ln -s /etc/mailman3.d/postorius.py "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/share/postorius/m_postorius/settings_local.py"
|
||||
ln -s ../../django_mailman3/static/django-mailman3 "$IMAGE_NAME_RISOTTO_IMAGE_DIR/$PYTHON/postorius/static/"
|
||||
ln -s ../../django/contrib/admin/static/admin "$IMAGE_NAME_RISOTTO_IMAGE_DIR/$PYTHON/postorius/static/"
|
||||
#translation
|
||||
msgfmt $IMAGE_NAME_RISOTTO_IMAGE_DIR/$PYTHON/postorius/locale/fr/LC_MESSAGES/django.po -o $IMAGE_NAME_RISOTTO_IMAGE_DIR/$PYTHON/postorius/locale/fr/LC_MESSAGES/django.mo
|
||||
sed -i 's/$event.mlist.fqdn_listname\./$event.mlist.fqdn_listname/g' $IMAGE_NAME_RISOTTO_IMAGE_DIR/$PYTHON/mailman/messages/fr/LC_MESSAGES/mailman.po
|
||||
msgfmt $IMAGE_NAME_RISOTTO_IMAGE_DIR/$PYTHON/mailman/messages/fr/LC_MESSAGES/mailman.po -o $IMAGE_NAME_RISOTTO_IMAGE_DIR/$PYTHON/mailman/messages/fr/LC_MESSAGES/mailman.mo
|
||||
#PYTHON="usr/lib/python3/site-packages"
|
||||
#cp -a "$IMAGE_DIR_RECIPIENT_IMAGE/postinstall/lemonldap" "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/$PYTHON/allauth/socialaccount/providers/"
|
||||
#cp -a "$IMAGE_DIR_RECIPIENT_IMAGE/postinstall/risotto" "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/$PYTHON/allauth/socialaccount/providers/"
|
||||
#cp -a "$IMAGE_DIR_RECIPIENT_IMAGE/postinstall/postorius" "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/share/postorius"
|
||||
#chmod +x "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/share/postorius/manage.py"
|
||||
#ln -s /etc/mailman3.d/postorius.py "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/share/postorius/m_postorius/settings_local.py"
|
||||
#ln -s ../../django_mailman3/static/django-mailman3 "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/$PYTHON/postorius/static/"
|
||||
#ln -s ../../django/contrib/admin/static/admin "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/$PYTHON/postorius/static/"
|
||||
##translation
|
||||
#msgfmt $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/$PYTHON/postorius/locale/fr/LC_MESSAGES/django.po -o $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/$PYTHON/postorius/locale/fr/LC_MESSAGES/django.mo
|
||||
#sed -i 's/$event.mlist.fqdn_listname\./$event.mlist.fqdn_listname/g' $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/$PYTHON/mailman/messages/fr/LC_MESSAGES/mailman.po
|
||||
#msgfmt $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/$PYTHON/mailman/messages/fr/LC_MESSAGES/mailman.po -o $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/$PYTHON/mailman/messages/fr/LC_MESSAGES/mailman.mo
|
||||
|
|
|
@ -1 +1,3 @@
|
|||
PKG="$PKG mailman3 postorius python3-psycopg2 python-unversioned-command python3-django-cors-headers"
|
||||
#PKG="$PKG mailman3 postorius python3-psycopg2 python-unversioned-command python3-django-cors-headers"
|
||||
PKG="$PKG mailman3-full"
|
||||
#python3-xapian-haystack
|
||||
|
|
|
@ -1,37 +1,239 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
# This file is imported by the Mailman Suite. It is used to override
|
||||
# the default settings from /usr/share/mailman3-web/settings.py.
|
||||
|
||||
# SECURITY WARNING: keep the secret key used in production secret!
|
||||
#>GNUNUX
|
||||
SECRET_KEY = '%%postorius_secret_key'
|
||||
#FIXME same database has mailman?
|
||||
#<GNUNUX
|
||||
|
||||
|
||||
#FIXME
|
||||
#ADMINS = (
|
||||
# ('Mailman Suite Admin', 'root@localhost'),
|
||||
#)
|
||||
|
||||
# Hosts/domain names that are valid for this site; required if DEBUG is False
|
||||
# See https://docs.djangoproject.com/en/1.8/ref/settings/#allowed-hosts
|
||||
# Set to '*' per default in the Deian package to allow all hostnames. Mailman3
|
||||
# is meant to run behind a webserver reverse proxy anyway.
|
||||
ALLOWED_HOSTS = [
|
||||
#"localhost", # Archiving API from Mailman, keep it.
|
||||
# "lists.your-domain.org",
|
||||
# Add here all production URLs you may have.
|
||||
#>GNUNUX
|
||||
#'*'
|
||||
'%%{revprox_client_external_domainnames[0]}'
|
||||
#<GNUNUX
|
||||
]
|
||||
|
||||
#>GNUNUX
|
||||
# Mailman API credentials
|
||||
#MAILMAN_REST_API_URL = 'http://localhost:8001'
|
||||
#MAILMAN_REST_API_USER = 'restadmin'
|
||||
#MAILMAN_REST_API_PASS = 'T0zVrLFZBJrftkW9Sjs660sEr/P3zehYGYPuo93LSGZT1KHd'
|
||||
#MAILMAN_ARCHIVER_KEY = 'BzzgFI+QbeFOsGFy0Q6wfD5cp9fQvk1o'
|
||||
#MAILMAN_ARCHIVER_FROM = ('127.0.0.1', '::1')
|
||||
#<GNUNUX
|
||||
|
||||
# Application definition
|
||||
|
||||
#FIXME
|
||||
INSTALLED_APPS = (
|
||||
'hyperkitty',
|
||||
'postorius',
|
||||
'django_mailman3',
|
||||
# Uncomment the next line to enable the admin:
|
||||
'django.contrib.admin',
|
||||
# Uncomment the next line to enable admin documentation:
|
||||
# 'django.contrib.admindocs',
|
||||
'django.contrib.auth',
|
||||
'django.contrib.contenttypes',
|
||||
'django.contrib.sessions',
|
||||
'django.contrib.sites',
|
||||
'django.contrib.messages',
|
||||
'django.contrib.staticfiles',
|
||||
'rest_framework',
|
||||
'django_gravatar',
|
||||
'compressor',
|
||||
'haystack',
|
||||
'django_extensions',
|
||||
'django_q',
|
||||
'allauth',
|
||||
'allauth.account',
|
||||
'allauth.socialaccount',
|
||||
'django_mailman3.lib.auth.fedora',
|
||||
#'allauth.socialaccount.providers.openid',
|
||||
#'allauth.socialaccount.providers.github',
|
||||
#'allauth.socialaccount.providers.gitlab',
|
||||
#'allauth.socialaccount.providers.google',
|
||||
#'allauth.socialaccount.providers.facebook',
|
||||
#'allauth.socialaccount.providers.twitter',
|
||||
#'allauth.socialaccount.providers.stackexchange',
|
||||
)
|
||||
|
||||
|
||||
# Database
|
||||
# https://docs.djangoproject.com/en/1.8/ref/settings/#databases
|
||||
|
||||
DATABASES = {
|
||||
'default' : {
|
||||
'default': {
|
||||
# Use 'sqlite3', 'postgresql_psycopg2', 'mysql', 'sqlite3' or 'oracle'.
|
||||
#>GNUNUX
|
||||
#'ENGINE': 'django.db.backends.sqlite3',
|
||||
#<GNUNUX
|
||||
#'ENGINE': 'django.db.backends.postgresql_psycopg2',
|
||||
#'ENGINE': 'django.db.backends.mysql',
|
||||
# DB name or path to database file if using sqlite3.
|
||||
#>GNUNUX
|
||||
#'NAME': '/var/lib/mailman3/web/mailman3web.db',
|
||||
#<GNUNUX
|
||||
# The following settings are not used with sqlite3:
|
||||
#>GNUNUX
|
||||
#'USER': '',
|
||||
#'PASSWORD': '',
|
||||
#<GNUNUX
|
||||
# HOST: empty for localhost through domain sockets or '127.0.0.1' for
|
||||
# localhost through TCP.
|
||||
#>GNUNUX
|
||||
#'HOST': '',
|
||||
'ENGINE': 'django.db.backends.postgresql_psycopg2',
|
||||
'NAME': '%%pg_client_database', # Database name
|
||||
#FIXME same database has mailman?
|
||||
'NAME': '%%pg_client_database',
|
||||
'USER': '%%pg_client_username', # PostgreSQL username
|
||||
'PASSWORD': '%%pg_client_password', # PostgreSQL password
|
||||
'HOST': '%%pg_client_server_domainname', # Database server
|
||||
'PORT': '', # Database port (leave blank for default)
|
||||
'CONN_MAX_AGE': 300, # Max database connection age
|
||||
'OPTIONS': {'sslmode': 'verify-full', 'sslcert': '%%pg_client_crt_file', 'sslkey': '/etc/pki/tls/private/postgresql_postorius.key', 'sslrootcert': '%%pg_client_ca_file'},
|
||||
'CONN_MAX_AGE': 300,
|
||||
#>GNUNUX
|
||||
# PORT: set to empty string for default.
|
||||
'PORT': '',
|
||||
# OPTIONS: Extra parameters to use when connecting to the database.
|
||||
'OPTIONS': {
|
||||
# Set sql_mode to 'STRICT_TRANS_TABLES' for MySQL. See
|
||||
# https://docs.djangoproject.com/en/1.11/ref/
|
||||
# databases/#setting-sql-mode
|
||||
#'init_command': "SET sql_mode='STRICT_TRANS_TABLES'",
|
||||
#>GNUNUX
|
||||
'sslmode': 'verify-full',
|
||||
'sslcert': '%%pg_client_crt_file',
|
||||
'sslkey': '/etc/pki/tls/private/postgresql_postorius.key',
|
||||
'sslrootcert': '%%pg_client_ca_file',
|
||||
#<GNUNUX
|
||||
},
|
||||
}
|
||||
}
|
||||
ALLOWED_HOSTS = ['%%{revprox_client_external_domainnames[0]}']
|
||||
POSTORIUS_TEMPLATE_BASE_URL = 'https://%%{revprox_client_external_domainnames[0]}'
|
||||
CSRF_TRUSTED_ORIGINS = ['%%{revprox_client_external_domainnames[0]}']
|
||||
USE_X_FORWARDED_HOST = True
|
||||
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
|
||||
LANGUAGE_CODE = 'fr'
|
||||
STATIC_URL = '/mailman/postorius_static/'
|
||||
FORCE_SCRIPT_NAME = '/mailman'
|
||||
|
||||
|
||||
# If you're behind a proxy, use the X-Forwarded-Host header
|
||||
# See https://docs.djangoproject.com/en/1.8/ref/settings/#use-x-forwarded-host
|
||||
USE_X_FORWARDED_HOST = True
|
||||
|
||||
# And if your proxy does your SSL encoding for you, set SECURE_PROXY_SSL_HEADER
|
||||
# https://docs.djangoproject.com/en/1.8/ref/settings/#secure-proxy-ssl-header
|
||||
# SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
|
||||
# SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_SCHEME', 'https')
|
||||
#>GNUNUX
|
||||
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
|
||||
#<GNUNUX
|
||||
|
||||
# Other security settings
|
||||
# SECURE_SSL_REDIRECT = True
|
||||
# If you set SECURE_SSL_REDIRECT to True, make sure the SECURE_REDIRECT_EXEMPT
|
||||
# contains at least this line:
|
||||
# SECURE_REDIRECT_EXEMPT = [
|
||||
# "archives/api/mailman/.*", # Request from Mailman.
|
||||
# ]
|
||||
# SESSION_COOKIE_SECURE = True
|
||||
# SECURE_CONTENT_TYPE_NOSNIFF = True
|
||||
# SECURE_BROWSER_XSS_FILTER = True
|
||||
# CSRF_COOKIE_SECURE = True
|
||||
# CSRF_COOKIE_HTTPONLY = True
|
||||
# X_FRAME_OPTIONS = 'DENY'
|
||||
#>GNUNUX
|
||||
CSRF_TRUSTED_ORIGINS = ['%%{revprox_client_external_domainnames[0]}']
|
||||
#<GNUNUX
|
||||
|
||||
# Internationalization
|
||||
# https://docs.djangoproject.com/en/1.8/topics/i18n/
|
||||
|
||||
#>GNUNUX
|
||||
#LANGUAGE_CODE = 'en-us'
|
||||
LANGUAGE_CODE = 'fr'
|
||||
#<GNUNUX
|
||||
|
||||
TIME_ZONE = 'UTC'
|
||||
|
||||
USE_I18N = True
|
||||
USE_L10N = True
|
||||
USE_TZ = True
|
||||
|
||||
|
||||
# Set default domain for email addresses.
|
||||
#FIXME
|
||||
EMAILNAME = 'localhost.local'
|
||||
|
||||
# If you enable internal authentication, this is the address that the emails
|
||||
# will appear to be coming from. Make sure you set a valid domain name,
|
||||
# otherwise the emails may get rejected.
|
||||
# https://docs.djangoproject.com/en/1.8/ref/settings/#default-from-email
|
||||
# DEFAULT_FROM_EMAIL = "mailing-lists@you-domain.org"
|
||||
#>GNUNUX
|
||||
#DEFAULT_FROM_EMAIL = 'postorius@{}'.format(EMAILNAME)
|
||||
DEFAULT_FROM_EMAIL = '%%mailman_mail_owner'
|
||||
#<GNUNUX
|
||||
|
||||
# If you enable email reporting for error messages, this is where those emails
|
||||
# will appear to be coming from. Make sure you set a valid domain name,
|
||||
# otherwise the emails may get rejected.
|
||||
# https://docs.djangoproject.com/en/1.8/ref/settings/#std:setting-SERVER_EMAIL
|
||||
# SERVER_EMAIL = 'root@your-domain.org'
|
||||
#>GNUNUX
|
||||
#SERVER_EMAIL = 'root@{}'.format(EMAILNAME)
|
||||
SERVER_EMAIL = '%%mailman_mail_owner'
|
||||
EMAIL_HOST = "%%smtp_relay_address"
|
||||
EMAIL_PORT = 25
|
||||
EMAIL_HOST_USER = "%%smtp_relay_user@%%ip_eth0"
|
||||
EMAIL_HOST_PASSWORD = "%%smtp_relay_password"
|
||||
EMAIL_USE_TLS = True
|
||||
DEFAULT_FROM_EMAIL = '%%mailman_mail_owner'
|
||||
#FIXME
|
||||
EMAIL_SUBJECT_PREFIX = '[Django] '
|
||||
SERVER_EMAIL = '%%mailman_mail_owner'
|
||||
SOCIALACCOUNT_EMAIL_VERIFICATION = 'none'
|
||||
|
||||
|
||||
STATIC_URL = '/mailman/postorius_static/'
|
||||
FORCE_SCRIPT_NAME = '/mailman'
|
||||
#<GNUNUX
|
||||
|
||||
# Django Allauth
|
||||
ACCOUNT_DEFAULT_HTTP_PROTOCOL = "https"
|
||||
|
||||
|
||||
#
|
||||
# Social auth
|
||||
#
|
||||
SOCIALACCOUNT_PROVIDERS = {
|
||||
#'openid': {
|
||||
# 'SERVERS': [
|
||||
# dict(id='yahoo',
|
||||
# name='Yahoo',
|
||||
# openid_url='http://me.yahoo.com'),
|
||||
# ],
|
||||
#},
|
||||
#'google': {
|
||||
# 'SCOPE': ['profile', 'email'],
|
||||
# 'AUTH_PARAMS': {'access_type': 'online'},
|
||||
#},
|
||||
#'facebook': {
|
||||
# 'METHOD': 'oauth2',
|
||||
# 'SCOPE': ['email'],
|
||||
# 'FIELDS': [
|
||||
# 'email',
|
||||
# 'name',
|
||||
# 'first_name',
|
||||
# 'last_name',
|
||||
# 'locale',
|
||||
# 'timezone',
|
||||
# ],
|
||||
# 'VERSION': 'v2.4',
|
||||
#},
|
||||
'risotto': {
|
||||
'LEMONLDAP_NAME': 'Authentification centralisée',
|
||||
'LEMONLDAP_URL': 'https://%%oauth2_server_domainname',
|
||||
|
@ -44,13 +246,18 @@ SOCIALACCOUNT_PROVIDERS = {
|
|||
'VERIFIED_EMAIL': True,
|
||||
},
|
||||
}
|
||||
#FIXME
|
||||
## This goes in /etc/cron.d/mailman
|
||||
#
|
||||
#@hourly mailman /opt/mailman/venv/bin/mailman-web runjobs hourly
|
||||
#@daily mailman /opt/mailman/venv/bin/mailman-web runjobs daily
|
||||
#@weekly mailman /opt/mailman/venv/bin/mailman-web runjobs weekly
|
||||
#@monthly mailman /opt/mailman/venv/bin/mailman-web runjobs monthly
|
||||
#@yearly mailman /opt/mailman/venv/bin/mailman-web runjobs yearly
|
||||
#* * * * * mailman /opt/mailman/venv/bin/mailman-web runjobs minutely
|
||||
#2,17,32,47 * * * * mailman /opt/mailman/venv/bin/mailman-web runjobs quarter_hourly
|
||||
#>GNUNUX
|
||||
SOCIALACCOUNT_EMAIL_VERIFICATION = 'none'
|
||||
#<GNUNUX
|
||||
|
||||
# On a production setup, setting COMPRESS_OFFLINE to True will bring a
|
||||
# significant performance improvement, as CSS files will not need to be
|
||||
# recompiled on each requests. It means running an additional "compress"
|
||||
# management command after each code upgrade.
|
||||
# http://django-compressor.readthedocs.io/en/latest/usage/#offline-compression
|
||||
COMPRESS_OFFLINE = True
|
||||
|
||||
#>GNUNUX
|
||||
#POSTORIUS_TEMPLATE_BASE_URL = 'http://localhost/mailman3/'
|
||||
POSTORIUS_TEMPLATE_BASE_URL = 'https://%%{revprox_client_external_domainnames[0]}'
|
||||
#<GNUNUX
|
||||
|
|
|
@ -1,53 +1,331 @@
|
|||
# This is the absolute bare minimum base configuration file. User supplied
|
||||
# configurations are pushed onto this.
|
||||
# Copyright (C) 2008-2017 by the Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is part of GNU Mailman.
|
||||
#
|
||||
# GNU Mailman is free software: you can redistribute it and/or modify it under
|
||||
# the terms of the GNU General Public License as published by the Free
|
||||
# Software Foundation, either version 3 of the License, or (at your option)
|
||||
# any later version.
|
||||
#
|
||||
# GNU Mailman is distributed in the hope that it will be useful, but WITHOUT
|
||||
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
|
||||
# more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License along with
|
||||
# GNU Mailman. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
# This file contains the Debian configuration for mailman. It uses ini-style
|
||||
# formats under the lazr.config regime to define all system configuration
|
||||
# options. See <https://launchpad.net/lazr.config> for details.
|
||||
|
||||
|
||||
[mailman]
|
||||
# GNUNUX default_language: en
|
||||
#>GNUNUX
|
||||
default_language: fr
|
||||
#<GNUNUX
|
||||
# This address is the "site owner" address. Certain messages which must be
|
||||
# delivered to a human, but which can't be delivered to a list owner (e.g. a
|
||||
# bounce from a list owner), will be sent to this address. It should point to
|
||||
# a human.
|
||||
# GNUNUX site_owner: root@localhost
|
||||
#>GNUNUX
|
||||
#site_owner: changeme@example.com
|
||||
site_owner: %%mailman_mail_owner
|
||||
#<GNUNUX
|
||||
|
||||
# This is the local-part of an email address used in the From field whenever a
|
||||
# message comes from some entity to which there is no natural reply recipient.
|
||||
# Mailman will append '@' and the host name of the list involved. This
|
||||
# address must not bounce and it must not point to a Mailman process.
|
||||
noreply_address: noreply
|
||||
|
||||
# The default language for this server.
|
||||
#>GNUNUX
|
||||
#default_language: en
|
||||
default_language: fr
|
||||
#<GNUNUX
|
||||
|
||||
# Membership tests for posting purposes are usually performed by looking at a
|
||||
# set of headers, passing the test if any of their values match a member of
|
||||
# the list. Headers are checked in the order given in this variable. The
|
||||
# value From_ means to use the envelope sender. Field names are case
|
||||
# insensitive. This is a space separate list of headers.
|
||||
sender_headers: from from_ reply-to sender
|
||||
|
||||
# The local URL part to the administration interface (Postorius).
|
||||
# The full URL will be constructed by prepending the domain URL set in the
|
||||
# list's domain properties.
|
||||
#listinfo_url = /postorius/
|
||||
|
||||
# Set the paths to be Fedora-compliant
|
||||
layout: fhs
|
||||
# Mail command processor will ignore mail command lines after designated max.
|
||||
email_commands_max_lines: 10
|
||||
|
||||
# Default length of time a pending request is live before it is evicted from
|
||||
# the pending database.
|
||||
pending_request_life: 3d
|
||||
|
||||
# How long should files be saved before they are evicted from the cache?
|
||||
cache_life: 7d
|
||||
|
||||
# A callable to run with no arguments early in the initialization process.
|
||||
# This runs before database initialization.
|
||||
pre_hook:
|
||||
|
||||
# A callable to run with no arguments late in the initialization process.
|
||||
# This runs after adapters are initialized.
|
||||
post_hook:
|
||||
|
||||
# Which paths.* file system layout to use.
|
||||
# You should not change this variable.
|
||||
layout: debian
|
||||
|
||||
# Can MIME filtered messages be preserved by list owners?
|
||||
filtered_messages_are_preservable: no
|
||||
|
||||
# How should text/html parts be converted to text/plain when the mailing list
|
||||
# is set to convert HTML to plaintext? This names a command to be called,
|
||||
# where the substitution variable $filename is filled in by Mailman, and
|
||||
# contains the path to the temporary file that the command should read from.
|
||||
# The command should print the converted text to stdout.
|
||||
html_to_plain_text_command: /usr/bin/lynx -dump $filename
|
||||
|
||||
# Specify what characters are allowed in list names. Characters outside of
|
||||
# the class [-_.+=!$*{}~0-9a-z] matched case insensitively are never allowed,
|
||||
# but this specifies a subset as the only allowable characters. This must be
|
||||
# a valid character class regexp or the effect on list creation is
|
||||
# unpredictable.
|
||||
listname_chars: [-_.0-9a-z]
|
||||
|
||||
|
||||
[shell]
|
||||
# `mailman shell` (also `withlist`) gives you an interactive prompt that you
|
||||
# can use to interact with an initialized and configured Mailman system. Use
|
||||
# --help for more information. This section allows you to configure certain
|
||||
# aspects of this interactive shell.
|
||||
|
||||
# Customize the interpreter prompt.
|
||||
prompt: >>>
|
||||
|
||||
# Banner to show on startup.
|
||||
banner: Welcome to the GNU Mailman shell
|
||||
|
||||
# Use IPython as the shell, which must be found on the system. Valid values
|
||||
# are `no`, `yes`, and `debug` where the latter is equivalent to `yes` except
|
||||
# that any import errors will be displayed to stderr.
|
||||
use_ipython: no
|
||||
|
||||
# Set this to allow for command line history if readline is available. This
|
||||
# can be as simple as $var_dir/history.py to put the file in the var directory.
|
||||
history_file:
|
||||
|
||||
|
||||
[paths.debian]
|
||||
# Important directories for Mailman operation. These are defined here so that
|
||||
# different layouts can be supported. For example, a developer layout would
|
||||
# be different from a FHS layout. Most paths are based off the var_dir, and
|
||||
# often just setting that will do the right thing for all the other paths.
|
||||
# You might also have to set spool_dir though.
|
||||
#
|
||||
# Substitutions are allowed, but must be of the form $var where 'var' names a
|
||||
# configuration variable in the paths.* section. Substitutions are expanded
|
||||
# recursively until no more $-variables are present. Beware of infinite
|
||||
# expansion loops!
|
||||
#
|
||||
# This is the root of the directory structure that Mailman will use to store
|
||||
# its run-time data.
|
||||
#>GNUNUX
|
||||
#var_dir: /var/lib/mailman3
|
||||
var_dir: /srv/mailman/
|
||||
#<GNUNUX
|
||||
# This is where the Mailman queue files directories will be created.
|
||||
queue_dir: $var_dir/queue
|
||||
# This is the directory containing the Mailman 'runner' and 'master' commands
|
||||
# if set to the string '$argv', it will be taken as the directory containing
|
||||
# the 'mailman' command.
|
||||
bin_dir: /usr/lib/mailman3/bin
|
||||
# All list-specific data.
|
||||
list_data_dir: $var_dir/lists
|
||||
# Directory where log files go.
|
||||
#>GNUNUX
|
||||
#log_dir: /var/log/mailman3
|
||||
log_dir: /srv/mailman/log
|
||||
#<GNUNUX
|
||||
# Directory for system-wide locks.
|
||||
lock_dir: $var_dir/locks
|
||||
# Directory for system-wide data.
|
||||
data_dir: $var_dir/data
|
||||
# Cache files.
|
||||
cache_dir: $var_dir/cache
|
||||
# Directory for configuration files and such.
|
||||
etc_dir: /etc/mailman3
|
||||
# Directory containing Mailman plugins.
|
||||
ext_dir: $var_dir/ext
|
||||
# Directory where the default IMessageStore puts its messages.
|
||||
messages_dir: $var_dir/messages
|
||||
# Directory for archive backends to store their messages in. Archivers should
|
||||
# create a subdirectory in here to store their files.
|
||||
archive_dir: $var_dir/archives
|
||||
# Root directory for site-specific template override files.
|
||||
template_dir: $var_dir/templates
|
||||
# There are also a number of paths to specific file locations that can be
|
||||
# defined. For these, the directory containing the file must already exist,
|
||||
# or be one of the directories created by Mailman as per above.
|
||||
#
|
||||
# This is where PID file for the master runner is stored.
|
||||
pid_file: /run/mailman3/master.pid
|
||||
# Lock file.
|
||||
lock_file: $lock_dir/master.lck
|
||||
|
||||
|
||||
[database]
|
||||
# The class implementing the IDatabase.
|
||||
#GNUNUX class: mailman.database.sqlite.SQLiteDatabase
|
||||
#class: mailman.database.mysql.MySQLDatabase
|
||||
#class: mailman.database.postgresql.PostgreSQLDatabase
|
||||
#>GNUNUX
|
||||
[database]
|
||||
class: mailman.database.postgresql.PostgreSQLDatabase
|
||||
#<GNUNUX
|
||||
|
||||
# Use this to set the Storm database engine URL. You generally have one
|
||||
# primary database connection for all of Mailman. List data and most rosters
|
||||
# will store their data in this database, although external rosters may access
|
||||
# other databases in their own way. This string supports standard
|
||||
# 'configuration' substitutions.
|
||||
#GNUNUX url: sqlite:///$DATA_DIR/mailman.db
|
||||
#url: mysql+pymysql://mailman3:mmpass@localhost/mailman3?charset=utf8&use_unicode=1
|
||||
#url: postgres://mailman3:mmpass@localhost/mailman3
|
||||
#>GNUNUX
|
||||
url: postgresql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database?sslmode=verify-full&sslcert=%%pg_client_crt_file&sslkey=%%pg_client_key_file&sslrootcert=%%pg_client_ca_file
|
||||
#<GNUNUX
|
||||
|
||||
debug: no
|
||||
|
||||
|
||||
[logging.debian]
|
||||
# This defines various log settings. The options available are:
|
||||
#
|
||||
# - level -- Overrides the default level; this may be any of the
|
||||
# standard Python logging levels, case insensitive.
|
||||
# - format -- Overrides the default format string
|
||||
# - datefmt -- Overrides the default date format string
|
||||
# - path -- Overrides the default logger path. This may be a relative
|
||||
# path name, in which case it is relative to Mailman's LOG_DIR,
|
||||
# or it may be an absolute path name. You cannot change the
|
||||
# handler class that will be used.
|
||||
# - propagate -- Boolean specifying whether to propagate log message from this
|
||||
# logger to the root "mailman" logger. You cannot override
|
||||
# settings for the root logger.
|
||||
#
|
||||
# In this section, you can define defaults for all loggers, which will be
|
||||
# prefixed by 'mailman.'. Use subsections to override settings for specific
|
||||
# loggers. The names of the available loggers are:
|
||||
#
|
||||
# - archiver -- All archiver output
|
||||
# - bounce -- All bounce processing logs go here
|
||||
# - config -- Configuration issues
|
||||
# - database -- Database logging (SQLAlchemy and Alembic)
|
||||
# - debug -- Only used for development
|
||||
# - error -- All exceptions go to this log
|
||||
# - fromusenet -- Information related to the Usenet to Mailman gateway
|
||||
# - http -- Internal wsgi-based web interface
|
||||
# - locks -- Lock state changes
|
||||
# - mischief -- Various types of hostile activity
|
||||
# - runner -- Runner process start/stops
|
||||
# - smtp -- Successful SMTP activity
|
||||
# - smtp-failure -- Unsuccessful SMTP activity
|
||||
# - subscribe -- Information about leaves/joins
|
||||
# - vette -- Message vetting information
|
||||
#>GNUNUX
|
||||
#FIXME format: %(asctime)s (%(process)d) %(message)s
|
||||
#FIXME datefmt: %b %d %H:%M:%S %Y
|
||||
#FIXME propagate: no
|
||||
#FIXME level: info
|
||||
#FIXME path: mailman.log
|
||||
#<GNUNUX
|
||||
|
||||
[webservice]
|
||||
# The hostname at which admin web service resources are exposed.
|
||||
#>GNUNUX
|
||||
#hostname: localhost
|
||||
hostname: %%mailman_domains
|
||||
#<GNUNUX
|
||||
|
||||
# The port at which the admin web service resources are exposed.
|
||||
#>GNUNUX
|
||||
#port: 8001
|
||||
port: 443
|
||||
#<GNUNUX
|
||||
|
||||
# Whether or not requests to the web service are secured through SSL.
|
||||
#>GNUNUX
|
||||
#use_https: no
|
||||
use_https: yes
|
||||
#<GNUNUX
|
||||
|
||||
# Whether or not to show tracebacks in an HTTP response for a request that
|
||||
# raised an exception.
|
||||
show_tracebacks: yes
|
||||
|
||||
# The API version number for the current (highest) API.
|
||||
api_version: 3.1
|
||||
|
||||
# The administrative username.
|
||||
admin_user: restadmin
|
||||
|
||||
# The administrative password.
|
||||
admin_pass: T0zVrLFZBJrftkW9Sjs660sEr/P3zehYGYPuo93LSGZT1KHd
|
||||
|
||||
[mta]
|
||||
lmtp_host: %%ip_eth0
|
||||
configuration: /etc/mailman3.d/postfix.cfg
|
||||
# The class defining the interface to the incoming mail transport agent.
|
||||
#incoming: mailman.mta.exim4.LMTP
|
||||
incoming: mailman.mta.postfix.LMTP
|
||||
|
||||
# The callable implementing delivery to the outgoing mail transport agent.
|
||||
# This must accept three arguments, the mailing list, the message, and the
|
||||
# message metadata dictionary.
|
||||
outgoing: mailman.mta.deliver.deliver
|
||||
|
||||
# How to connect to the outgoing MTA. If smtp_user and smtp_pass is given,
|
||||
# then Mailman will attempt to log into the MTA when making a new connection.
|
||||
#>GNUNUX
|
||||
#smtp_host: localhost
|
||||
smtp_host: %%smtp_relay_address
|
||||
smtp_user: %%smtp_relay_user@%%ip_eth0
|
||||
smtp_pass: %%smtp_relay_password
|
||||
smtp_port: 25
|
||||
#smtp_user:
|
||||
smtp_user: %%smtp_relay_user@%%ip_eth0
|
||||
#smtp_pass:
|
||||
smtp_pass: %%smtp_relay_password
|
||||
smtp_secure_mode: starttls
|
||||
smtp_verify_cert: yes
|
||||
smtp_verify_hostname: yes
|
||||
#<GNUNUX
|
||||
|
||||
[paths.fhs]
|
||||
bin_dir: /usr/libexec/mailman3
|
||||
# GNUNUX var_dir: /var/lib/mailman3
|
||||
# GNUNUX queue_dir: /var/spool/mailman3
|
||||
# GNUNUX log_dir: /var/log/mailman3
|
||||
# Where the LMTP server listens for connections. Use 127.0.0.1 instead of
|
||||
# localhost for Postfix integration, because Postfix only consults DNS
|
||||
# (e.g. not /etc/hosts).
|
||||
#>GNUNUX
|
||||
var_dir: /srv/mailman/lib
|
||||
queue_dir: /srv/mailman/spool
|
||||
log_dir: /var/log/mailman
|
||||
#lmtp_host: 127.0.0.1
|
||||
lmtp_host: %%ip_eth0
|
||||
#<GNUNUX
|
||||
lock_dir: /run/lock/mailman3
|
||||
ext_dir: /etc/mailman3.d
|
||||
pid_file: /run/mailman3/master.pid
|
||||
lmtp_port: 8024
|
||||
|
||||
# Where can we find the mail server specific configuration file? The path can
|
||||
# be either a file system path or a Python import path. If the value starts
|
||||
# with python: then it is a Python import path, otherwise it is a file system
|
||||
# path. File system paths must be absolute since no guarantees are made about
|
||||
# the current working directory. Python paths should not include the trailing
|
||||
# .cfg, which the file must end with.
|
||||
#configuration: python:mailman.config.exim4
|
||||
configuration: python:mailman.config.postfix
|
||||
|
||||
# see /usr/lib/python3.10/site-packages/mailman/config/postfix.cfg
|
||||
[postfix]
|
||||
# Additional configuration variables for the postfix MTA.
|
||||
|
||||
# This variable describe the program to use for regenerating the transport map
|
||||
# db file, from the associated plain text files. The file being updated will
|
||||
# be appended to this string (with a separating space), so it must be
|
||||
# appropriate for os.system().
|
||||
postmap_command: /usr/sbin/postmap
|
||||
|
||||
# This variable describes the type of transport maps that will be generated by
|
||||
# mailman to be used with postfix for LMTP transport. By default, it is set to
|
||||
# hash, but mailman also supports `regex` tables.
|
||||
transport_file_type: regex
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
d /srv/mailman 750 mailman mailman - -
|
||||
d /var/log/mailman 755 mailman mailman - -
|
||||
f /var/log/mailman/postorius.log 644 postorius postorius - -
|
||||
d /srv/mailman 750 list list - -
|
||||
d /var/log/mailman 755 list list - -
|
||||
#f /var/log/mailman/postorius.log 644 postorius postorius - -
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
<rougail version="0.10">
|
||||
<services>
|
||||
<service name="mariadbclient" target="risotto" engine="creole"/>
|
||||
<service name="mariadbclient" target="risotto" engine="cheetah"/>
|
||||
</services>
|
||||
<variables>
|
||||
<family name="mariadb" description="MariaDB">
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<file>/etc/my.cnf.d/risotto.cnf</file>
|
||||
<file engine="none" source="tmpfile-mariadb.conf">/tmpfiles.d/0mariadb.conf</file>
|
||||
<file mode="600" owner="mysql" group="mysql">/etc/mariadb.sql</file>
|
||||
<file>/tests/mariadb.yml</file>
|
||||
<file>/tests/mariadb.yml</file>
|
||||
</service>
|
||||
</services>
|
||||
<variables>
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
<services>
|
||||
<service name="nextcloudcron" engine="none"/>
|
||||
<service name="nextcloudcron" type="timer" engine="none" target="timers"/>
|
||||
<service name="nextcloud" engine="creole" target="multi-user">
|
||||
<service name="nextcloud" engine="cheetah" target="multi-user">
|
||||
<file owner="apache" group="apache" mode="440" source="nextcloud-config.php">/etc/nextcloud/config.php</file>
|
||||
<file owner="root" group="root" mode="755">/sbin/nextcloud.init</file>
|
||||
<file>/etc/httpd/conf.d/a-nextcloud-access.conf</file>
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
ln -s "$IMAGE_NAME_RISOTTO_IMAGE_DIR/srv/nextcloud/data" "/var/lib/risotto/images/nextcloud//usr/share/nextcloud/data"
|
||||
mkdir -p "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/local/share/nextcloud/apps"
|
||||
cd "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/local/share/nextcloud/apps"
|
||||
CALENDAR="3.5.2"
|
||||
ln -s "/srv/nextcloud/data" "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/share/nextcloud/data"
|
||||
mkdir -p "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/local/share/nextcloud/apps"
|
||||
cd "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/local/share/nextcloud/apps"
|
||||
#user_saml=$(wget https://api.github.com/repos/nextcloud/user_saml/releases/latest -q -O - | jq -r '.assets[0].browser_download_url')
|
||||
app=$(wget https://api.github.com/repos/pulsejet/nextcloud-oidc-login/releases/latest -q -O - | jq -r '.assets[0].browser_download_url')
|
||||
wget -q $app
|
||||
|
@ -8,20 +9,21 @@ tar xf *tar.gz
|
|||
rm -f *tar.gz
|
||||
chown -R root: oidc_login
|
||||
#
|
||||
app=$(wget https://api.github.com/repos/nextcloud-releases/calendar/releases/latest -q -O - | jq -r '.assets[0].browser_download_url')
|
||||
#app=$(wget https://api.github.com/repos/nextcloud-releases/calendar/releases/latest -q -O - | jq -r '.assets[0].browser_download_url')
|
||||
app="https://github.com/nextcloud-releases/calendar/releases/download/v${CALENDAR}/calendar-v${CALENDAR}.tar.gz"
|
||||
wget -q $app -O app.tar.gz
|
||||
tar xf app.tar.gz
|
||||
rm -f app.tar.gz
|
||||
chown -R root: calendar
|
||||
#
|
||||
app=$(wget https://api.github.com/repos/nextcloud-releases/contacts/releases/latest -q -O - | jq -r '.assets[0].browser_download_url')
|
||||
#app=$(wget https://api.github.com/repos/nextcloud-releases/contacts/releases/latest -q -O - | jq -r '.assets[0].browser_download_url')
|
||||
app=https://github.com/nextcloud-releases/contacts/releases/download/v4.2.2/contacts-v4.2.2.tar.gz
|
||||
wget -q $app -O app.tar.gz
|
||||
tar xf app.tar.gz
|
||||
rm -f app.tar.gz
|
||||
chown -R root: contacts
|
||||
#
|
||||
app=$(wget https://api.github.com/repos/nextcloud/notes/releases/latest -q -O - | jq -r '.assets[0].browser_download_url')
|
||||
#app=$(wget https://api.github.com/repos/nextcloud/notes/releases/latest -q -O - | jq -r '.assets[0].browser_download_url')
|
||||
app=https://github.com/nextcloud/notes/releases/download/v4.5.1/notes.tar.gz
|
||||
wget -q $app -O app.tar.gz
|
||||
tar xf app.tar.gz
|
||||
|
|
|
@ -24,7 +24,7 @@
|
|||
<value>False</value>
|
||||
</variable>
|
||||
<variable name="nginx_default" type="domainname" description="Nom de domaine du serveur mandataire inverse par défaut" help="Si un client accède au serveur avec un nom de domaine non déclaré, le flux est redirigé vers ce domaine" mandatory='False'/>
|
||||
<variable name="nginx_root" type="filename" mandatory='False'>
|
||||
<variable name="nginx_root" type="filename" mandatory='False' hidden="True">
|
||||
<value>/usr/share/nginx/html</value>
|
||||
</variable>
|
||||
<variable name="nginx_hash_bucket_size" description="Longueur maximum pour un nom de domaine" mode="expert" type="choice">
|
||||
|
|
|
@ -1,2 +1,3 @@
|
|||
%set %%chain = %%get_chain(%%domain_name_eth0, %%revprox_client_server_domainname, 'InternalReverseProxy', hide=%%hide_secret)
|
||||
%%get_certificate(%%domain_name_eth0, authority_cn=%%revprox_client_server_domainname, authority_name='InternalReverseProxy', type="server", hide=%%hide_secret)
|
||||
%%get_chain(%%revprox_client_server_domainname, 'InternalReverseProxy', hide=%%hide_secret)
|
||||
%%chain
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
<rougail version="0.10">
|
||||
<services>
|
||||
<service name='nginx'>
|
||||
<override engine="creole"/>
|
||||
<override engine="cheetah"/>
|
||||
<file source="nginx-options-rp.conf">/etc/nginx/conf.d/options-rp.conf</file>
|
||||
<file source="revprox-nginx.conf">/etc/nginx/sites-enabled/risotto.conf</file>
|
||||
<file source="certificate.crt" file_type="variable" mode="600" variable="nginx.revprox_domainnames">nginx.nginx_certificate_filename</file>
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
<variable name="revprox_domainnames_" type="domainname" description="Nom des domaines auto-configurés dans le serveur mandataire inverse" multi="True" provider="ReverseProxy:external" hidden="True"/>
|
||||
<variable name="revprox_location_" type="filename" description="Répertoire ou nom de la page à rediriger pour " help="URL relative (sans le nom de domaine) redirigée pour l'adresse définie dans la variable ci-dessus (exemple "/mail")" mandatory="True" multi="True" provider="ReverseProxy:location"/>
|
||||
<variable name="revprox_url_" type="web_address" description="Domaine de destination ou URI complète pour " mandatory="True" help="Nom de domaine ou IP de destination, par exemple "http://domainelocal" ou URI, par exemple "http://domainelocal/dir/"" provider="ReverseProxy:url"/>
|
||||
<variable name="revprox_is_websocket_" type="boolean" description="Le point d'entré est de types websocket pour " mandatory="True" multi="True" provider="ReverseProxy:websocket"/>
|
||||
<variable name="revprox_is_websocket_" type="boolean" description="Le point d'entrée est de types websocket pour " mandatory="True" multi="True" provider="ReverseProxy:websocket"/>
|
||||
<variable name="revprox_max_body_size_" description="Taille maximum du corps pour " provider="ReverseProxy:max_body_size"/>
|
||||
</family>
|
||||
</family>
|
||||
|
@ -36,5 +36,9 @@
|
|||
<param name="multi" type="boolean">True</param>
|
||||
<target>nginx.nginx_private_key_filename</target>
|
||||
</fill>
|
||||
<fill name="get_first_value">
|
||||
<param type="variable">nginx.remotes</param>
|
||||
<target>nginx_default</target>
|
||||
</fill>
|
||||
</constraints>
|
||||
</rougail>
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
%for %%idx in %%range(%%len(%%zones_list))
|
||||
%%get_chain(authority_cn=%%getVar('domain_name_eth' + %%str(%%idx)), authority_name="HTTP", hide=%%hide_secret)
|
||||
%%get_chain(cn=%%getVar('domain_name_eth' + %%str(%%idx)), authority_cn=%%getVar('domain_name_eth' + %%str(%%idx)), authority_name="HTTP", hide=%%hide_secret)
|
||||
%end for
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
%for %%idx in %%range(%%len(%%zones_list))
|
||||
%%get_chain(authority_cn=%%getVar('domain_name_eth' + %%str(%%idx)), authority_name="InternalReverseProxy", hide=%%hide_secret)
|
||||
%%get_chain(cn=%%getVar('domain_name_eth' + %%str(%%idx)), authority_cn=%%getVar('domain_name_eth' + %%str(%%idx)), authority_name="InternalReverseProxy", hide=%%hide_secret)
|
||||
%end for
|
||||
|
|
|
@ -1 +1,2 @@
|
|||
%set %%chain=%%get_chain(cn=%%rougail_variable, authority_cn=%%domain_name_eth0, authority_name="External", hide=%%hide_secret)
|
||||
%%get_certificate(cn=%%rougail_variable, authority_cn=%%domain_name_eth0, authority_name='External', hide=%%hide_secret)
|
||||
|
|
|
@ -1,2 +1,3 @@
|
|||
%set %%chain = %%get_chain(cn=%%nginx_default, authority_cn=%%domain_name_eth0, authority_name='HTTP', hide=%%hide_secret)
|
||||
%%get_certificate(%%nginx_default, authority_cn=%%domain_name_eth0, authority_name='HTTP', type="server", hide=%%hide_secret)
|
||||
%%get_chain(%%nginx_default, 'HTTP', hide=%%hide_secret)
|
||||
%%chain
|
||||
|
|
|
@ -45,6 +45,8 @@ server {
|
|||
proxy_ssl_verify on;
|
||||
proxy_ssl_verify_depth 2;
|
||||
proxy_ssl_session_reuse on;
|
||||
# SNI support
|
||||
proxy_ssl_server_name on;
|
||||
%set %%maxbody = %%rp_domainname['revprox_max_body_size_' + %%family]
|
||||
%if %%maxbody
|
||||
client_max_body_size %%maxbody;
|
||||
|
|
|
@ -45,6 +45,7 @@
|
|||
<target>ip_dns</target>
|
||||
</fill>
|
||||
<fill name="get_ip">
|
||||
<param type="information">zones</param>
|
||||
<param type="variable">nsd_allowed_client</param>
|
||||
<target>nsd_allowed_client_ip</target>
|
||||
</fill>
|
||||
|
@ -60,10 +61,13 @@
|
|||
<target>nsd_allowed_all_client</target>
|
||||
</fill>
|
||||
<fill name="get_ip">
|
||||
<param type="information">zones</param>
|
||||
<param type="variable">nsd_resolver</param>
|
||||
<target>nsd_resolve_ip</target>
|
||||
</fill>
|
||||
<fill name="get_internal_zones">
|
||||
<param type="variable">zones_list</param>
|
||||
<param type="information">zones</param>
|
||||
<target>nsd_zones</target>
|
||||
</fill>
|
||||
<fill name="get_reverse_name">
|
||||
|
@ -101,7 +105,9 @@
|
|||
<target>nsd_reverse_filenames_signed</target>
|
||||
</fill>
|
||||
<fill name="get_zones_info">
|
||||
<param type="information">zones</param>
|
||||
<param>network</param>
|
||||
<param type="variable" name="zone_names">zones_list</param>
|
||||
<target>nsd_reverse_network</target>
|
||||
</fill>
|
||||
</constraints>
|
||||
|
|
|
@ -16,11 +16,13 @@
|
|||
</variables>
|
||||
<constraints>
|
||||
<fill name="get_internal_info_in_zone">
|
||||
<param type="information">zones</param>
|
||||
<param type="suffix"/>
|
||||
<param>host</param>
|
||||
<target>nsd.nsd_zone_.hostname_.hostname_</target>
|
||||
</fill>
|
||||
<fill name="get_internal_info_in_zone">
|
||||
<param type="information">zones</param>
|
||||
<param type="suffix"/>
|
||||
<param>ip</param>
|
||||
<param type="index"/>
|
||||
|
|
|
@ -8,8 +8,6 @@ from shutil import rmtree as _rmtree, copy2 as _copy2
|
|||
from glob import glob as _glob
|
||||
from filecmp import cmp as _cmp
|
||||
|
||||
from risotto.utils import DOMAINS as _DOMAINS
|
||||
|
||||
|
||||
_PKI_DIR = _abspath('pki/dnssec')
|
||||
_ALGO = 'ECDSAP256SHA256'
|
||||
|
@ -106,8 +104,8 @@ def sign(zone_filename: str,
|
|||
copy_file = _join(_PKI_DIR, cn, authority_cn, _basename(zone_filename))
|
||||
signed_filename = f'{copy_file}.signed'
|
||||
if not _isfile(copy_file) or not _cmp(zone_filename, copy_file):
|
||||
_copy2(zone_filename, copy_file)
|
||||
zsk, ksk = _gen_keys(cn, authority_cn)
|
||||
_copy2(zone_filename, copy_file)
|
||||
cmd = ['ldns-signzone', '-n', zone_filename, zsk, ksk]
|
||||
proc = _run(cmd, capture_output=True)
|
||||
if proc.returncode != 0:
|
||||
|
@ -123,12 +121,20 @@ def sign(zone_filename: str,
|
|||
return content
|
||||
|
||||
|
||||
def get_internal_info_in_zone(zone: str,
|
||||
def get_internal_info_in_zone(zones: list,
|
||||
domain_name: str,
|
||||
type: str,
|
||||
index: int=None,
|
||||
) -> _List[str]:
|
||||
if zone not in _DOMAINS:
|
||||
for zone in zones.values():
|
||||
if domain_name == zone['domain_name']:
|
||||
break
|
||||
else:
|
||||
return []
|
||||
if type == 'host':
|
||||
return list(_DOMAINS[zone][0])
|
||||
return _DOMAINS[zone][1][index]
|
||||
return list(zone['hosts'])
|
||||
return list(zone['hosts'].values())[index]
|
||||
|
||||
|
||||
def get_internal_zones(zones_name, zones) -> _List[str]:
|
||||
return [zone['domain_name'] for zone_name, zone in zones.items() if zone_name in zones_name]
|
||||
|
|
|
@ -3,10 +3,10 @@ records:
|
|||
%for %%domain in %%nsd_zones
|
||||
%set %%suffix = %%normalize_family(%%domain)
|
||||
%set %%hostnames = %%nsd["nsd_zone_" + %%suffix]["hostname_" + %%suffix]["hostname_" + %%suffix]
|
||||
%for %%nsd in %%hostnames
|
||||
%set %%type = %%nsd['type_' + %%suffix]
|
||||
%for %%hostname in %%hostnames
|
||||
%set %%type = %%hostname['type_' + %%suffix]
|
||||
%if %%type == 'A'
|
||||
%%{nsd}.%%domain: '%%nsd['ip_' + %%suffix]'
|
||||
%%{hostname}.%%domain: '%%hostname['ip_' + %%suffix]'
|
||||
%end if
|
||||
%end for
|
||||
%end for
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
<rougail version="0.10">
|
||||
<services>
|
||||
<service name="oauth2-client" target="risotto" engine="creole"/>
|
||||
<service name="oauth2-client" target="risotto" engine="cheetah"/>
|
||||
</services>
|
||||
<variables>
|
||||
<family name="oauth2_client" description="OAuth2 client">
|
||||
|
|
|
@ -4,4 +4,4 @@ Before=risotto.target
|
|||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/usr/bin/timeout 90 bash -c 'while ! [ "$(/usr/bin/curl --write-out '%{http_code}' --silent --output /dev/null https://%%oauth2_client_server_domainname/.well-known/openid-configuration)" = 200 ]; do sleep 1; done;'
|
||||
ExecStart=/usr/bin/timeout 90 bash -c 'while ! [ "$(/usr/bin/curl --write-out '%{http_code}' --silent --output /dev/null https://%%oauth2_client_server_domainname/.well-known/openid-configuration)" = 200 ]; do /usr/bin/curl https://%%oauth2_client_server_domainname/.well-known/openid-configuration; sleep 1; done;'
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
<service name="odoo" target="multi-user">
|
||||
<override/>
|
||||
<file engine="none" source="sysuser-odoo.conf">/sysusers.d/1odoo.conf</file>
|
||||
<file source="tmpfile-odoo.conf">/tmpfiles.d/0odoo.conf</file>
|
||||
<file engine="none" source="tmpfile-odoo.conf">/tmpfiles.d/0odoo.conf</file>
|
||||
<file mode="700">/sbin/config_odoo.py</file>
|
||||
<file mode="400" owner="odoo">/etc/odoo/odoo.conf</file>
|
||||
<file mode="400" owner="odoo">/etc/odoo/postgresql.pass</file>
|
||||
|
|
|
@ -2,16 +2,16 @@ set -e
|
|||
ODOO_VERSION="16.0"
|
||||
WKHTML_VERSION="0.12.6.1-2"
|
||||
#curl http://nightly.odoo.com/${ODOO_VERSION}/nightly/rpm/odoo_${ODOO_VERSION}.latest.rpm -o odoo_${ODOO_VERSION}.latest.rpm
|
||||
#OPT=$(dnf_opt_base "$IMAGE_NAME_RISOTTO_IMAGE_DIR")
|
||||
#OPT=$(dnf_opt_base "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP")
|
||||
#dnf --assumeyes $OPT localinstall odoo_${ODOO_VERSION}.latest.rpm
|
||||
#rm -f odoo_${ODOO_VERSION}.latest.rpm
|
||||
mv $IMAGE_NAME_RISOTTO_IMAGE_DIR/etc/resolv.conf /tmp
|
||||
echo "nameserver 9.9.9.9" > $IMAGE_NAME_RISOTTO_IMAGE_DIR/etc/resolv.conf
|
||||
mv $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/etc/resolv.conf /tmp
|
||||
echo "nameserver 9.9.9.9" > $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/etc/resolv.conf
|
||||
|
||||
WKHTML_PKG=wkhtmltox_$WKHTML_VERSION.bullseye_amd64.deb
|
||||
|
||||
curl https://nightly.odoo.com/odoo.key -o "$IMAGE_NAME_RISOTTO_IMAGE_DIR/odoo.key"
|
||||
curl -L "https://github.com/wkhtmltopdf/packaging/releases/download/$WKHTML_VERSION/$WKHTML_PKG" -o "$IMAGE_NAME_RISOTTO_IMAGE_DIR/$WKHTML_PKG"
|
||||
curl https://nightly.odoo.com/odoo.key -o "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/odoo.key"
|
||||
curl -L "https://github.com/wkhtmltopdf/packaging/releases/download/$WKHTML_VERSION/$WKHTML_PKG" -o "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/$WKHTML_PKG"
|
||||
echo """#!/bin/bash -xe
|
||||
cat /odoo.key | apt-key add -
|
||||
rm /odoo.key
|
||||
|
@ -21,16 +21,16 @@ apt install --no-install-recommends -y odoo
|
|||
dpkg -i /"$WKHTML_PKG" || true
|
||||
rm -f /"$WKHTML_PKG"
|
||||
apt -f install -y
|
||||
""" > $IMAGE_NAME_RISOTTO_IMAGE_DIR/install.sh
|
||||
chmod 755 $IMAGE_NAME_RISOTTO_IMAGE_DIR/install.sh
|
||||
chroot $IMAGE_NAME_RISOTTO_IMAGE_DIR /install.sh
|
||||
""" > $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/install.sh
|
||||
chmod 755 $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/install.sh
|
||||
chroot $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP /install.sh
|
||||
|
||||
|
||||
|
||||
sed -i "s/'postgres'/odoo.tools.config['db_name']/g" $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/python3/dist-packages/odoo/service/server.py
|
||||
sed -i "s/'postgres'/odoo.tools.config['db_name']/g" $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/python3/dist-packages/odoo/service/db.py
|
||||
sed -i "s/'postgres'/odoo.tools.config['db_name']/g" $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/python3/dist-packages/odoo/addons/bus/models/bus.py
|
||||
sed -i "s/'postgres'/odoo.tools.config['db_name']/g" $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/python3/dist-packages/odoo/addons/base/models/ir_cron.py
|
||||
sed -i "s@ldap://@ldaps://@g" $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/python3/dist-packages/odoo/addons/auth_ldap/models/res_company_ldap.py
|
||||
mv -f /tmp/resolv.conf $IMAGE_NAME_RISOTTO_IMAGE_DIR/etc/resolv.conf
|
||||
sed -i "s/'postgres'/odoo.tools.config['db_name']/g" $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/python3/dist-packages/odoo/service/server.py
|
||||
sed -i "s/'postgres'/odoo.tools.config['db_name']/g" $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/python3/dist-packages/odoo/service/db.py
|
||||
sed -i "s/'postgres'/odoo.tools.config['db_name']/g" $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/python3/dist-packages/odoo/addons/bus/models/bus.py
|
||||
sed -i "s/'postgres'/odoo.tools.config['db_name']/g" $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/python3/dist-packages/odoo/addons/base/models/ir_cron.py
|
||||
sed -i "s@ldap://@ldaps://@g" $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/python3/dist-packages/odoo/addons/auth_ldap/models/res_company_ldap.py
|
||||
mv -f /tmp/resolv.conf $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/etc/resolv.conf
|
||||
set +e
|
||||
|
|
|
@ -9,8 +9,8 @@
|
|||
<file owner="ldap">/var/lib/ldap/DB_CONFIG</file>
|
||||
<file>/secrets/users.ldif</file>
|
||||
<file>/secrets/users_mod.ldif</file>
|
||||
<file>/secrets/config.ldif</file>
|
||||
<file>/secrets/config_acl.ldif</file>
|
||||
<file owner="ldap" mode="400">/etc/ldap/secrets/config.ldif</file>
|
||||
<file owner="ldap" mode="400">/etc/ldap/secrets/config_acl.ldif</file>
|
||||
<file>/secrets/admin_ldap.pwd</file>
|
||||
<file engine="none">/sysusers.d/risotto-openldap.conf</file>
|
||||
<file source="tmpfile-openldap-server.conf">/tmpfiles.d/0openldap-server.conf</file>
|
||||
|
|
|
@ -1 +1 @@
|
|||
rm -rf "$IMAGE_NAME_RISOTTO_IMAGE_DIR/etc/openldap/slapd.d/"
|
||||
rm -rf "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/etc/openldap/slapd.d/"
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
[Service]
|
||||
ExecStartPre=
|
||||
ExecStartPre=-/usr/sbin/slapadd -F /etc/openldap/slapd.d -v -b cn=config -l /usr/local/lib/secrets/config.ldif
|
||||
ExecStartPre=-/usr/sbin/slapadd -F /etc/openldap/slapd.d -v -b cn=config -l /etc/ldap/secrets/config.ldif
|
||||
%for %%schema in %%ldap_schemas
|
||||
ExecStartPre=-/usr/sbin/slapadd -F /etc/openldap/slapd.d -v -b cn=config -l %%schema
|
||||
%end for
|
||||
ExecStartPre=-/usr/sbin/slapadd -F /etc/openldap/slapd.d -c -v -l /usr/local/lib/secrets/users.ldif
|
||||
ExecStartPre=-/usr/sbin/slapadd -F /etc/openldap/slapd.d -c -v -l /etc/ldap/secrets/users.ldif
|
||||
User=ldap
|
||||
Group=ldap
|
||||
ExecStart=
|
||||
|
@ -12,5 +12,5 @@ ExecStart=
|
|||
ExecStart=+/usr/sbin/slapd -u ldap -h ldaps:///
|
||||
#waiting for ldap server...
|
||||
ExecStartPost=/usr/bin/timeout 90 bash -c 'while ! 3<> /dev/tcp/localhost/%%ldap_port; do sleep 1; done'
|
||||
ExecStartPost=-/usr/bin/ldapmodify -D %%ldapclient_user -y /usr/local/lib/secrets/admin_ldap.pwd -v -f /usr/local/lib/secrets/config_acl.ldif
|
||||
ExecStartPost=-/usr/bin/ldapmodify -D %%ldapclient_user -y /usr/local/lib/secrets/admin_ldap.pwd -v -f /usr/local/lib/secrets/users_mod.ldif
|
||||
ExecStartPost=+-/usr/bin/ldapmodify -D %%ldapclient_user -y /usr/local/lib/secrets/admin_ldap.pwd -v -f /usr/local/lib/secrets/config_acl.ldif
|
||||
ExecStartPost=+-/usr/bin/ldapmodify -D %%ldapclient_user -y /usr/local/lib/secrets/admin_ldap.pwd -v -f /usr/local/lib/secrets/users_mod.ldif
|
||||
|
|
|
@ -49,6 +49,8 @@
|
|||
<variable name="nginx_root" redefine='True'>
|
||||
<value>/usr/share/peertube</value>
|
||||
</variable>
|
||||
</family>
|
||||
<family name="revprox">
|
||||
<family name="revprox_client">
|
||||
<variable name="revprox_client_location" redefine="True">
|
||||
<value>/</value>
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
mkdir -p "$IMAGE_NAME_RISOTTO_IMAGE_DIR/proc/self/"
|
||||
cat /proc/self/stat > "$IMAGE_NAME_RISOTTO_IMAGE_DIR/proc/self/stat"
|
||||
mkdir -p "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/proc/self/"
|
||||
cat /proc/self/stat > "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/proc/self/stat"
|
||||
PLUGINS_DIR=/usr/share/peertube_plugins
|
||||
echo """#!/bin/bash
|
||||
set -ex
|
||||
|
@ -15,13 +15,13 @@ chown peertube: "\$PLUGINS_DIR/data/peertube-plugin-auth-openid-connect"
|
|||
|
||||
rm -f /etc/resolv.conf
|
||||
mv /tmp/resolv.conf /etc
|
||||
""" > "$IMAGE_NAME_RISOTTO_IMAGE_DIR/install.sh"
|
||||
chmod +x "$IMAGE_NAME_RISOTTO_IMAGE_DIR/install.sh"
|
||||
chroot "$IMAGE_NAME_RISOTTO_IMAGE_DIR" /install.sh
|
||||
rm "$IMAGE_NAME_RISOTTO_IMAGE_DIR/proc/self/stat"
|
||||
rmdir "$IMAGE_NAME_RISOTTO_IMAGE_DIR/proc/self/"
|
||||
""" > "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/install.sh"
|
||||
chmod +x "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/install.sh"
|
||||
chroot "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP" /install.sh
|
||||
rm "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/proc/self/stat"
|
||||
rmdir "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/proc/self/"
|
||||
|
||||
rm -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR/install.sh"
|
||||
cd "$IMAGE_NAME_RISOTTO_IMAGE_DIR$PLUGINS_DIR/.."
|
||||
rm -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/install.sh"
|
||||
cd "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP$PLUGINS_DIR/.."
|
||||
#patch -p0 < "$IMAGE_DIR_RECIPIENT_IMAGE/postinstall/peertube.patch"
|
||||
cd -
|
||||
|
|
|
@ -137,3 +137,4 @@ daemonize = yes
|
|||
; FPM can handle. Your system will tell you anyway :)
|
||||
|
||||
; See /etc/php-fpm.d/*.conf
|
||||
|
||||
|
|
|
@ -448,10 +448,13 @@ php_admin_flag[log_errors] = on
|
|||
; See warning about choosing the location of these directories on your system
|
||||
; at http://php.net/session.save-path
|
||||
;<GNUNUX
|
||||
;php_value[session.save_handler] = files
|
||||
;php_value[session.save_path] = /var/lib/php/session
|
||||
%if not %%getVar('redis_client_server_domainname', None)
|
||||
php_value[session.save_handler] = files
|
||||
php_value[session.save_path] = /var/lib/php/session
|
||||
%else
|
||||
php_value[session.save_handler] = redis
|
||||
;php_value[session.save_path] = "tcp://%%redis_client_server_domainname:6379?auth[user]=%%redis_client_username&auth[pass]=%%redis_client_password"
|
||||
%end if
|
||||
;>GNUNUX
|
||||
php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache
|
||||
;php_value[opcache.file_cache] = /var/lib/php/opcache
|
||||
|
|
|
@ -7,25 +7,25 @@
|
|||
</services>
|
||||
<variables>
|
||||
<family name="php" description="PHP" mode="expert" help="Paramètrage avancé de PHP">
|
||||
<variable name="php_post_max_size" type="number" description="Taille maximale des données reçues par la méthode POST (en Mo)">
|
||||
<variable name="php_post_max_size" type="number" description="Taille maximale des données reçues par la méthode POST" help="Valeur en Mo">
|
||||
<value>32</value>
|
||||
</variable>
|
||||
<variable name="php_upload_max_filesize" type="number" description="Taille maximale d'un fichier à charger (en Mo)">
|
||||
<variable name="php_upload_max_filesize" type="number" description="Taille maximale d'un fichier à charger" help="Valeur en Mo">
|
||||
<value>16</value>
|
||||
</variable>
|
||||
<variable name="php_max_execution_time" type="number" description="Temps maximal d'exécution d'un script (en secondes)">
|
||||
<variable name="php_max_execution_time" type="number" description="Temps maximal d'exécution d'un script" help="Valeur en secondes">
|
||||
<value>30</value>
|
||||
</variable>
|
||||
<variable name="php_max_input_time" type="number" description="Durée maximale pour analyser les données d'entrée (en secondes)">
|
||||
<variable name="php_max_input_time" type="number" description="Durée maximale pour analyser les données d'entrée" help="Valeur en secondes">
|
||||
<value>60</value>
|
||||
</variable>
|
||||
<variable name="php_memory_limit" type="number" description="Taille mémoire maximale qu'un script est autorisé à allouer (en Mo)">
|
||||
<variable name="php_memory_limit" type="number" description="Taille mémoire maximale qu'un script est autorisé à allouer" help="Valeur en Mo">
|
||||
<value>512</value>
|
||||
</variable>
|
||||
<variable name="php_display_errors" type="boolean" description="Affichage des erreurs à l'écran">
|
||||
<value>False</value>
|
||||
</variable>
|
||||
<variable name="php_session_gc_maxlifetime" type="number" description="Durée de vie des données sur le serveur (en secondes)">
|
||||
<variable name="php_session_gc_maxlifetime" type="number" description="Durée de vie des données sur le serveur" help="Valeur en secondes">
|
||||
<value>3600</value>
|
||||
</variable>
|
||||
<variable name="php_browscap" type="boolean" description="Activer la directive de configuration browscap" help="La directive de configuration browscap permet d'obtenir plus d'information sur les capacités du navigateur client grâce à la fonction get_browser()">
|
||||
|
|
|
@ -1266,11 +1266,14 @@ browscap = /etc/php/extra/browscap.ini
|
|||
; Handler used to store/retrieve data.
|
||||
; https://php.net/session.save-handler
|
||||
;>GNUNUX
|
||||
; session.save_handler = files
|
||||
%if not %%getVar('redis_client_server_domainname', None)
|
||||
session.save_handler = files
|
||||
%else
|
||||
session.save_handler = redis
|
||||
session.save_path = "tcp://%%redis_client_server_domainname:6379?auth[user]=%%redis_client_username&auth[pass]=%%redis_client_password"
|
||||
;GNUNUX https://github.com/phpredis/phpredis/issues/2062
|
||||
;session.save_path = "tls://%%redis_client_server_domainname:6379?auth[user]=%%redis_client_username&auth[pass]=%%redis_client_password&stream[verify_peer]=1&stream[cafile]=/etc/pki/ca-trust/source/anchors/ca_Redis.crt&stream[local_cert]=/etc/pki/tls/certs/redis.crt&stream[local_pk]=/etc/pki/tls/private/redis.key"
|
||||
%end if
|
||||
;<GNUNUX
|
||||
|
||||
; Argument passed to save_handler. In the case of files, this is the path
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
<rougail version="0.10">
|
||||
<services>
|
||||
<service name="piwigo" engine="creole" target="multi-user">
|
||||
<service name="piwigo" engine="cheetah" target="multi-user">
|
||||
<file source="tmpfile-piwigo.conf">/tmpfiles.d/0piwigo.conf</file>
|
||||
<file>/etc/piwigo/config.inc.php</file>
|
||||
<file>/etc/piwigo/database.inc.php</file>
|
||||
|
@ -13,11 +13,11 @@
|
|||
<variables>
|
||||
<variable name="piwigo_admin_email" type="mail" description="Adresse courriel de l'administrateur Piwigo" mandatory="True"/>
|
||||
<variable name="piwigo_admin_password" type="password" auto_save="False" hidden="True"/>
|
||||
<variable name="piwigo_locations" type="filename" multi="True" mandatory="True"/>
|
||||
<variable name="piwigo_locations" type="filename" multi="True" mandatory="True" hidden="True"/>
|
||||
<variable name="piwigo_title" type="string" description="Titre de l'album" mandatory="True">
|
||||
<value>Album photographique</value>
|
||||
</variable>
|
||||
<family name="users" leadership="True">
|
||||
<family name="users" description="Piwigo users" leadership="True">
|
||||
<variable name="piwigo_users" type="unix_user" description="Utilisateur ayant un album" multi="True" mandatory="True"/>
|
||||
<variable name="piwigo_email" type="mail" description="Adresse courriel" mandatory="True"/>
|
||||
</family>
|
||||
|
|
|
@ -1,7 +1,15 @@
|
|||
set -e
|
||||
|
||||
gdthumb=7848
|
||||
rv_tscroller=8014
|
||||
openidconnect=7744
|
||||
community=8160 # FIXME translation already needed?
|
||||
embedded_videos=7924
|
||||
bootstrap_darkroom=8261
|
||||
|
||||
ORIPWD=$PWD
|
||||
mkdir -p "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/local/share"
|
||||
cd "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/local/share"
|
||||
mkdir -p "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/local/share"
|
||||
cd "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/local/share"
|
||||
app=$(wget https://api.github.com/repos/Piwigo/Piwigo/releases/latest -q -O - | jq -r '.tag_name')
|
||||
wget -q "https://github.com/Piwigo/Piwigo/archive/refs/tags/$app.tar.gz"
|
||||
tar xf *tar.gz
|
||||
|
@ -20,11 +28,11 @@ patch -p0 < $IMAGE_DIR_RECIPIENT_IMAGE/postinstall/piwigo.patch
|
|||
cp $IMAGE_DIR_RECIPIENT_IMAGE/postinstall/piwigo_cli.php piwigo/
|
||||
# Plugins
|
||||
cd piwigo/plugins
|
||||
wget https://piwigo.org/ext/download.php?rid=7848 -O plugin.zip
|
||||
wget https://piwigo.org/ext/download.php?rid=$gdthumb -O plugin.zip
|
||||
unzip plugin.zip
|
||||
rm -f plugin.zip
|
||||
#
|
||||
wget https://piwigo.org/ext/download.php?rid=8014 -O plugin.zip
|
||||
wget https://piwigo.org/ext/download.php?rid=$rv_tscroller -O plugin.zip
|
||||
unzip plugin.zip
|
||||
rm -f plugin.zip
|
||||
#
|
||||
|
@ -34,15 +42,14 @@ tar xf *tar.gz
|
|||
rm -f *tar.gz
|
||||
mv piwigo-openstreetmap-* piwigo-openstreetmap
|
||||
#
|
||||
wget https://piwigo.org/ext/download.php?rid=7744 -O plugin.zip
|
||||
wget https://piwigo.org/ext/download.php?rid=$openidconnect -O plugin.zip
|
||||
unzip plugin.zip
|
||||
rm -f plugin.zip
|
||||
# community
|
||||
wget https://piwigo.org/ext/download.php?rid=8160 -O plugin.zip
|
||||
wget https://piwigo.org/ext/download.php?rid=$community -O plugin.zip
|
||||
unzip plugin.zip
|
||||
rm -f plugin.zip
|
||||
echo """<?php
|
||||
\$lang['Edit photos'] = 'Editer les photos';
|
||||
\$lang['Edit Photos'] = 'Editer les photos';
|
||||
\$lang['Edit your photos'] = 'Editer vos photos';
|
||||
\$lang['Photos posted by %s'] = 'Photos postées par %s';
|
||||
|
@ -55,7 +62,7 @@ echo """<?php
|
|||
?>
|
||||
""" >> community/language/fr_FR/plugin.lang.php
|
||||
# embedded
|
||||
wget https://fr.piwigo.org/ext/download.php?rid=7924 -O plugin.zip
|
||||
wget https://fr.piwigo.org/ext/download.php?rid=$embedded_videos -O plugin.zip
|
||||
unzip plugin.zip
|
||||
rm -f plugin.zip
|
||||
# user delete photo
|
||||
|
@ -64,7 +71,7 @@ rm -f plugin.zip
|
|||
#rm -f plugin.zip
|
||||
# Theme
|
||||
cd ../themes/
|
||||
wget https://piwigo.org/ext/download.php?rid=8163 -O plugin.zip
|
||||
wget https://piwigo.org/ext/download.php?rid=$bootstrap_darkroom -O plugin.zip
|
||||
unzip plugin.zip
|
||||
rm -f plugin.zip
|
||||
ln -s /srv/piwigo/bootstrap_darkroom ../local/bootstrap_darkroom
|
||||
|
|
|
@ -46,6 +46,7 @@
|
|||
<variable name='postfix_relay_authentifications' description="Authentification sur le relai SMTP" multi="True" provider="SMTP"/>
|
||||
<family name="local_authentification_" description="Local server authentification" dynamic='postfix_relay_authentifications'>
|
||||
<variable name="local_authentification_password_" type="secret" auto_save="False" provider="SMTP:password"/>
|
||||
<variable name="postfix_relay_ip_" type="ip" hidden="True"/>
|
||||
</family>
|
||||
<variable name='postfix_pem_files' type="filename" hidden='True' multi='True'/>
|
||||
</family>
|
||||
|
@ -70,5 +71,10 @@
|
|||
<param name="multi" type="boolean">True</param>
|
||||
<target>postfix_pem_files</target>
|
||||
</fill>
|
||||
<fill name="get_ip">
|
||||
<param type="information">zones</param>
|
||||
<param type="suffix"/>
|
||||
<target>postfix_relay_ip_</target>
|
||||
</fill>
|
||||
</constraints>
|
||||
</rougail>
|
||||
|
|
|
@ -1 +1 @@
|
|||
%%get_chain(authority_cn=%%domain_name_eth0, authority_name="MailServer", hide=%%hide_secret)
|
||||
%%get_chain(cn=%%domain_name_eth0, authority_cn=%%domain_name_eth0, authority_name="MailServer", hide=%%hide_secret)
|
||||
|
|
|
@ -4,7 +4,7 @@ ExecStartPre=/usr/sbin/postmap -F /etc/postfix/sni
|
|||
%for %%local in %%postfix_relay_authentifications
|
||||
%set %%user = %%normalize_family(%%local)
|
||||
%set %%password = %%getVar('local_authentification_password_' + %%user)
|
||||
%set %%ip = %%get_ip(%%local)
|
||||
%set %%ip = %%getVar('postfix_relay_ip_' + %%user)
|
||||
ExecStartPre=-/usr/bin/bash -c "echo %%password | /usr/sbin/saslpasswd2 -u %%ip %%user -p"
|
||||
%end for
|
||||
ExecStartPre=/usr/bin/chown postfix: /etc/sasl2/sasldb2
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
%set %%chain = %%get_chain(authority_cn=%%rougail_variable, authority_name="MailRelay", hide=%%hide_secret)
|
||||
%set %%chain = %%get_chain(cn=%%rougail_variable, authority_cn=%%rougail_variable, authority_name="MailRelay", hide=%%hide_secret)
|
||||
%set %%cert = %%get_certificate(cn=%%rougail_variable, authority_name='MailRelay', hide=%%hide_secret)
|
||||
%%get_private_key(cn=%%rougail_variable, authority_name='MailRelay', hide=%%hide_secret)
|
||||
%%cert
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
<rougail version="0.10">
|
||||
<services>
|
||||
<service name="postgresqlclient" target="risotto" engine="creole">
|
||||
<service name="postgresqlclient" target="risotto" engine="cheetah">
|
||||
<file mode="400">/secrets/postgresql.pass</file>
|
||||
<file file_type="variable" source="ca_PostgreSQL.crt">pg_client_ca_file</file>
|
||||
<file file_type="variable" owner_type="variable" owner="pg_client_key_owner" mode="444" source="postgresql.crt">pg_client_crt_file</file>
|
||||
|
@ -11,11 +11,11 @@
|
|||
</services>
|
||||
<variables>
|
||||
<family name="postgresql" description="PostgreSQL">
|
||||
<variable name="pg_client_server_domainname" type="domainname" description="Nom de domaine du serveur PostgreSQL" mandatory="True" supplier="Postgresql"/>
|
||||
<variable name="pg_client_server_domainname" type="domainname" description="Nom de domaine du serveur PostgreSQL" mandatory="True" supplier="Postgresql" hidden="True"/>
|
||||
<variable name="pg_client_username" description="Client username" mandatory="True" hidden="True"/>
|
||||
<variable name="pg_client_password" type="password" description="Client password" mandatory="True" hidden="True" supplier="Postgresql:password"/>
|
||||
<variable name="pg_client_database" description="Client database" mandatory="True" hidden="True"/>
|
||||
<variable name="pg_client_key_owner" type="unix_user" description="Key owner" mandatory="True">
|
||||
<variable name="pg_client_key_owner" type="unix_user" description="Key owner" mandatory="True" hidden="True">
|
||||
<value>apache</value>
|
||||
</variable>
|
||||
<variable name="pg_client_ca_file" type="filename" description="Postgresql CA filename" hidden="True"/>
|
||||
|
|
|
@ -1,2 +1,2 @@
|
|||
%%get_chain(authority_cn=%%pg_client_server_domainname, authority_name="PostgreSQL", hide=%%hide_secret)
|
||||
%%get_chain(cn=%%domain_name_eth0, authority_cn=%%pg_client_server_domainname, authority_name="PostgreSQL", hide=%%hide_secret)
|
||||
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
<file>/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt</file>
|
||||
<file>/etc/pki/tls/certs/postgresql.crt</file>
|
||||
<file owner="root" group="postgres" mode="440">/etc/pki/tls/private/postgresql.key</file>
|
||||
<file>/tests/postgresql.yml</file>
|
||||
<file>/tests/postgresql.yml</file>
|
||||
</service>
|
||||
</services>
|
||||
<variables>
|
||||
|
@ -68,7 +68,7 @@
|
|||
<choice type="string">MB</choice>
|
||||
<choice type="string">kB</choice>
|
||||
</variable>
|
||||
<variable name="pg_effective_cache_size" type="number" description="Taille du cache (blocs de 8ko)" mandatory="True" help="Initialise l'estimation faite par le planificateur de la taille réelle du cache disque disponible pour une requête">
|
||||
<variable name="pg_effective_cache_size" type="number" description="Taille du cache" mandatory="True" help="Initialise l'estimation faite par le planificateur pour le nombre de bloc de 8ko réelle du cache disque disponible pour une requête">
|
||||
<value>4</value>
|
||||
</variable>
|
||||
<variable name="pg_effective_cache_size_unit" description="Unité de la taille du cache" type="choice">
|
||||
|
|
|
@ -9,6 +9,7 @@
|
|||
</variables>
|
||||
<constraints>
|
||||
<fill name="get_ip">
|
||||
<param type="information">zones</param>
|
||||
<param type="suffix"/>
|
||||
<target>accounts.remote_.remote_ip_</target>
|
||||
</fill>
|
||||
|
|
|
@ -1 +1 @@
|
|||
%%get_chain(authority_cn=%%domain_name_eth0, authority_name="PostgreSQL", hide=%%hide_secret)
|
||||
%%get_chain(cn=%%domain_name_eth0, authority_cn=%%domain_name_eth0, authority_name="PostgreSQL", hide=%%hide_secret)
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<rougail version="0.10">
|
||||
<variables>
|
||||
<variable name="host" type="domainname" description="Machine où est démarré le conteneur" mandatory="True" supplier="Host"/>
|
||||
<variable name="host" type="domainname" description="Machine où est démarré le conteneur" mandatory="True" provider="global:host_name" supplier="Host" hidden="True"/>
|
||||
</variables>
|
||||
</rougail>
|
||||
|
||||
|
|
|
@ -27,8 +27,8 @@
|
|||
<value>False</value>
|
||||
</variable>
|
||||
<family name="network">
|
||||
<variable name="incoming_ports" type="port" description="Ports exposés depuis l'extérieur" multi="True" supplier="Host:incoming_ports"/>
|
||||
<variable name="outgoing_ports" type="port" description="Ports autorisés vers l'extérieur" multi="True" supplier="Host:outgoing_ports"/>
|
||||
<variable name="incoming_ports" type="port" description="Ports exposés depuis l'extérieur" multi="True" supplier="Host:incoming_ports" hidden="True"/>
|
||||
<variable name="outgoing_ports" type="port" description="Ports autorisés vers l'extérieur" multi="True" supplier="Host:outgoing_ports" hidden="True"/>
|
||||
<variable name="netwokd_interface_name_type" redefine="True">
|
||||
<value>host</value>
|
||||
</variable>
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
<rougail version="0.10">
|
||||
<services>
|
||||
<service name="redis-client" target="risotto" engine="creole">
|
||||
<service name="redis-client" target="risotto" engine="cheetah">
|
||||
<file>/etc/pki/ca-trust/source/anchors/ca_Redis.crt</file>
|
||||
<file>/etc/pki/tls/certs/redis.crt</file>
|
||||
<file owner_type="variable" owner="redis_client_key_owner" mode="400">/etc/pki/tls/private/redis.key</file>
|
||||
|
|
|
@ -1 +1 @@
|
|||
%%get_chain(authority_cn=%%redis_client_server_domainname, authority_name="Redis", hide=%%hide_secret)
|
||||
%%get_chain(cn=%%domain_name_eth0, authority_cn=%%redis_client_server_domainname, authority_name="Redis", hide=%%hide_secret)
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
%set %%ca_chain = %%get_chain(authority_cn=%%redis_client_server_domainname, authority_name="Redis", hide=%%hide_secret)
|
||||
%set %%ca_chain = %%get_chain(cn=%%domain_name_eth0, authority_cn=%%redis_client_server_domainname, authority_name="Redis", hide=%%hide_secret)
|
||||
%set %%cert = %%get_certificate(cn=%%domain_name_eth0, authority_cn=%%redis_client_server_domainname, authority_name='Redis', type="client", hide=%%hide_secret)
|
||||
%%get_private_key(cn=%%domain_name_eth0, authority_cn=%%redis_client_server_domainname, authority_name='Redis', type="client", hide=%%hide_secret)
|
||||
%%cert
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
</services>
|
||||
<variables>
|
||||
<family name="redis" description="Redis" help="Configuration du service de cache Redis">
|
||||
<variable name="redis_instance_name" description="Nom de l'instance"/>
|
||||
<variable name="redis_instance_name" description="Nom de l'instance" mandatory="True"/>
|
||||
<variable name="redis_save" description="Activer la persistence des données">
|
||||
<value>False</value>
|
||||
</variable>
|
||||
|
|
|
@ -7,6 +7,7 @@
|
|||
</variables>
|
||||
<constraints>
|
||||
<fill name="get_ip">
|
||||
<param type="information">zones</param>
|
||||
<param type="variable">account.remote</param>
|
||||
<target>account.remote_ip</target>
|
||||
</fill>
|
||||
|
|
|
@ -1 +1 @@
|
|||
%%get_chain(authority_cn=%%domain_name_eth0, authority_name="Redis", hide=%%hide_secret)
|
||||
%%get_chain(cn=%%domain_name_eth0, authority_cn=%%domain_name_eth0, authority_name="Redis", hide=%%hide_secret)
|
||||
|
|
|
@ -8,6 +8,7 @@
|
|||
<variables>
|
||||
<family name="smtp" description="Client SMTP">
|
||||
<variable name="smtp_relay_address" type="domainname" description="Nom de domaine du serveur SMTP" mandatory="True" supplier="SMTP"/>
|
||||
<variable name="smtp_relay_ip" type="ip" hidden="True"/>
|
||||
<variable name="smtp_relay_user" type="unix_user" description="Relay username" mandatory="True" hidden="True"/>
|
||||
<variable name="smtp_relay_password" type="secret" description="Relay password" mandatory="True" hidden="True" supplier="SMTP:password"/>
|
||||
<variable name="smtp_ca_file" type="filename" description="SMTP CA filename" hidden="True"/>
|
||||
|
@ -32,5 +33,10 @@
|
|||
<param name="join">/</param>
|
||||
<target>smtp_ca_file</target>
|
||||
</fill>
|
||||
<fill name="get_ip">
|
||||
<param type="information">zones</param>
|
||||
<param type="variable">smtp_relay_address</param>
|
||||
<target>smtp_relay_ip</target>
|
||||
</fill>
|
||||
</constraints>
|
||||
</rougail>
|
||||
|
|
|
@ -1 +1 @@
|
|||
%%get_chain(%%smtp_relay_address, authority_name='MailRelay', hide=%%hide_secret)
|
||||
%%get_chain(%%domain_name_eth0, %%smtp_relay_address, authority_name='MailRelay', hide=%%hide_secret)
|
||||
|
|
|
@ -1,22 +1,22 @@
|
|||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
<rougail version="0.10">
|
||||
<services>
|
||||
<service name="nginx" manage="False">
|
||||
<service name="revprox" manage="False">
|
||||
<file file_type="variable" source="revprox.crt">revprox_client_cert_file</file>
|
||||
<file file_type="variable" source="revprox.key" owner_type="variable" owner="revprox_client_cert_owner" group_type="variable" group="revprox_client_cert_group" mode="400">revprox_client_key_file</file>
|
||||
<file file_type="variable" source="ca_InternalReverseProxy.crt">revprox_client_ca_file</file>
|
||||
</service>
|
||||
</services>
|
||||
<variables>
|
||||
<family name="nginx" description="Reverse proxy">
|
||||
<variable name="revprox_client_server_domainname" type="domainname" description="Nom de domaine du serveur mandataire inverse" mandatory='True' supplier="ReverseProxy"/>
|
||||
<family name="revprox" description="Reverse proxy">
|
||||
<variable name="revprox_client_server_domainname" type="domainname" description="Nom de domaine du serveur mandataire inverse" mandatory='True' supplier="ReverseProxy" hidden="True"/>
|
||||
<variable name="revprox_client_server_ip" type="ip" hidden='True'/>
|
||||
<family name="revprox_client" description="Point d'entré des clients" leadership="True">
|
||||
<family name="revprox_client" description="Point d'entrée des clients" leadership="True">
|
||||
<variable name="revprox_client_external_domainnames" type="domainname" description="Nom de domaine exterieur du serveur" mandatory='True' multi="True" unique="False" supplier="ReverseProxy:external"/>
|
||||
<variable name="revprox_client_location" type="filename" description="Nom de l'arborescence racine du site" mandatory="True" supplier="ReverseProxy:location">
|
||||
<value>/</value>
|
||||
</variable>
|
||||
<variable name="revprox_client_is_websocket" type="boolean" description="Le point d'entré est de types websocket" mandatory="True" supplier="ReverseProxy:websocket">
|
||||
<variable name="revprox_client_is_websocket" type="boolean" description="Le point d'entrée est de types websocket" mandatory="True" supplier="ReverseProxy:websocket" hidden="True">
|
||||
<value>False</value>
|
||||
</variable>
|
||||
<variable name="revprox_client_max_body_size" description="Taille maximum du corps" supplier="ReverseProxy:max_body_size"/>
|
||||
|
@ -26,10 +26,10 @@
|
|||
<variable name="revprox_client_port" type="port" description="Port du client du mandataire inverse" hidden='True'>
|
||||
<value>443</value>
|
||||
</variable>
|
||||
<variable name="revprox_client_cert_owner" type="unix_user" description="Reverse proxy certificate owner">
|
||||
<variable name="revprox_client_cert_owner" type="unix_user" description="Reverse proxy certificate owner" hidden="True">
|
||||
<value>root</value>
|
||||
</variable>
|
||||
<variable name="revprox_client_cert_group" type="unix_user" description="Reverse proxy certificate group">
|
||||
<variable name="revprox_client_cert_group" type="unix_user" description="Reverse proxy certificate group" hidden="True">
|
||||
<value>root</value>
|
||||
</variable>
|
||||
<variable name="revprox_client_cert_file" type="filename" description="Reverse proxy certificate filename" hidden="True"/>
|
||||
|
@ -39,6 +39,7 @@
|
|||
</variables>
|
||||
<constraints>
|
||||
<fill name="get_ip">
|
||||
<param type="information">zones</param>
|
||||
<param type="variable">revprox_client_server_domainname</param>
|
||||
<target>revprox_client_server_ip</target>
|
||||
</fill>
|
||||
|
|
|
@ -1 +1 @@
|
|||
%%get_chain(%%revprox_client_server_domainname, authority_name='InternalReverseProxy', hide=%%hide_secret)
|
||||
%%get_chain(%%domain_name_eth0, %%revprox_client_server_domainname, authority_name='InternalReverseProxy', hide=%%hide_secret)
|
||||
|
|
|
@ -1,2 +1,2 @@
|
|||
%%get_certificate(%%domain_name_eth0, authority_cn=%%revprox_client_server_domainname, authority_name='InternalReverseProxy', type="server", hide=%%hide_secret)
|
||||
%%get_chain(%%revprox_client_server_domainname, 'InternalReverseProxy', hide=%%hide_secret)
|
||||
%%get_chain(%%domain_name_eth0, %%revprox_client_server_domainname, 'InternalReverseProxy', hide=%%hide_secret)
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
<rougail version="0.10">
|
||||
<services>
|
||||
<service name="roundcube" engine="creole" target="multi-user">
|
||||
<service name="roundcube" engine="cheetah" target="multi-user">
|
||||
<file owner="root" group="nginx" mode="640">/etc/roundcubemail/config.inc.php</file>
|
||||
<file>/etc/nginx/default.d/roundcubemail.conf</file>
|
||||
<file source="domain.inc.php" file_type="variable" variable="roundcube_domains">roundcube_config</file>
|
||||
|
@ -45,6 +45,8 @@
|
|||
<variable name="nginx_root" redefine="True">
|
||||
<value>/usr/share/roundcubemail/</value>
|
||||
</variable>
|
||||
</family>
|
||||
<family name="revprox">
|
||||
<family name="revprox_client">
|
||||
<variable name="revprox_client_external_domainnames" redefine="True" hidden="True"/>
|
||||
<variable name="revprox_client_local_location" redefine="True">
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
echo """#!/bin/bash -e
|
||||
/usr/bin/chgrp nginx /etc/roundcubemail/*
|
||||
""" > "$IMAGE_NAME_RISOTTO_IMAGE_DIR/install.sh"
|
||||
chmod +x "$IMAGE_NAME_RISOTTO_IMAGE_DIR/install.sh"
|
||||
chroot "$IMAGE_NAME_RISOTTO_IMAGE_DIR" /install.sh
|
||||
rm -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR/install.sh"
|
||||
""" > "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/install.sh"
|
||||
chmod +x "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/install.sh"
|
||||
chroot "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP" /install.sh
|
||||
rm -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/install.sh"
|
||||
|
|
|
@ -1 +1 @@
|
|||
%%get_chain(%%imap_address, 'MailServer', hide=%%hide_secret)
|
||||
%%get_chain(%%imap_address, %%imap_address, 'MailServer', hide=%%hide_secret)
|
||||
|
|
|
@ -9,8 +9,8 @@
|
|||
</service>
|
||||
</services>
|
||||
<variables>
|
||||
<family name="nginx">
|
||||
<variable name="revprox_client_cert_owner" redefine="True" hidden="True">
|
||||
<family name="revprox">
|
||||
<variable name="revprox_client_cert_owner" redefine="True">
|
||||
<value>speedtest</value>
|
||||
</variable>
|
||||
</family>
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
rm "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/share/speedtest-rs/index.html"
|
||||
cp "$IMAGE_DIR_RECIPIENT_IMAGE/postinstall/index.html" "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/share/speedtest-rs/index.html"
|
||||
ln -s ../../../var/lib/speedtest-rs/speedtest-rs.css "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/share/speedtest-rs/"
|
||||
ln -s ../../../var/lib/speedtest-rs/logo.png "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/share/speedtest-rs/"
|
||||
rm "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/share/speedtest-rs/index.html"
|
||||
cp "$IMAGE_DIR_RECIPIENT_IMAGE/postinstall/index.html" "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/share/speedtest-rs/index.html"
|
||||
ln -s ../../../var/lib/speedtest-rs/speedtest-rs.css "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/share/speedtest-rs/"
|
||||
ln -s ../../../var/lib/speedtest-rs/logo.png "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/share/speedtest-rs/"
|
||||
|
|
|
@ -8,21 +8,21 @@
|
|||
<service name="systemd-repart" servicelist='systemd_repart' undisable="True">
|
||||
<override/>
|
||||
</service>
|
||||
<service name="systemd-makefs@dev-disk-by\x2dpartlabel-var" engine="creole" target="multi-user" servicelist='systemd_repart' undisable='True'>
|
||||
<service name="systemd-makefs@dev-disk-by\x2dpartlabel-var" engine="cheetah" target="multi-user" servicelist='systemd_repart' undisable='True'>
|
||||
<file>/repart.d/50-var.conf</file>
|
||||
</service>
|
||||
<service name="systemd-makefs@dev-disk-by\x2dpartlabel-var-tmp" engine="creole" target="multi-user" servicelist="add_tmp" undisable='True'>
|
||||
<service name="systemd-makefs@dev-disk-by\x2dpartlabel-var-tmp" engine="cheetah" target="multi-user" servicelist="add_tmp" undisable='True'>
|
||||
<file>/repart.d/40-tmp.conf</file>
|
||||
</service>
|
||||
<service name="systemd-makefs@dev-disk-by\x2dpartlabel-srv" engine="creole" target="multi-user" servicelist="add_srv" undisable='True'>
|
||||
<service name="systemd-makefs@dev-disk-by\x2dpartlabel-srv" engine="cheetah" target="multi-user" servicelist="add_srv" undisable='True'>
|
||||
<file>/repart.d/60-srv.conf</file>
|
||||
</service>
|
||||
<service name="systemd-makefs@dev-disk-by\x2dpartlabel-swap" engine="creole" target="multi-user" servicelist="add_swap" undisable='True'>
|
||||
<service name="systemd-makefs@dev-disk-by\x2dpartlabel-swap" engine="cheetah" target="multi-user" servicelist="add_swap" undisable='True'>
|
||||
<file>/repart.d/30-swap.conf</file>
|
||||
</service>
|
||||
<service name="var" engine="creole" target="multi-user" type="mount" servicelist='systemd_repart' undisable='True'/>
|
||||
<service name="var-tmp" engine="creole" target="multi-user" type="mount" servicelist="add_tmp" undisable='True'/>
|
||||
<service name="srv" engine="creole" target="multi-user" type="mount" servicelist="add_srv" undisable='True'/>
|
||||
<service name="var" engine="cheetah" target="multi-user" type="mount" servicelist='systemd_repart' undisable='True'/>
|
||||
<service name="var-tmp" engine="cheetah" target="multi-user" type="mount" servicelist="add_tmp" undisable='True'/>
|
||||
<service name="srv" engine="cheetah" target="multi-user" type="mount" servicelist="add_srv" undisable='True'/>
|
||||
<service name="dev-disk-by\x2dpartlabel-swap" engine="none" target="multi-user" type="swap" servicelist="add_swap" undisable='True'/>
|
||||
<service name="systemd-firstboot">
|
||||
<override/>
|
||||
|
@ -32,7 +32,7 @@
|
|||
<service name="risotto" target="multi-user" type="target" engine="none"/>
|
||||
</services>
|
||||
<variables>
|
||||
<variable name='root_password' type="password" description="Mot de passe de l'administrateur système root" auto_save='False' mandatory="True"/>
|
||||
<variable name='root_password' type="password" description="Mot de passe de l'administrateur système root" mandatory="True" hidden="True"/>
|
||||
<variable name="link_configurations" description='Nom des fichiers "link" networkd' type="filename" multi="True" hidden="True"/>
|
||||
<variable name="use_systemd_repart" description='Activer le partitionnement systemd' type="boolean" hidden="True"/>
|
||||
<family name="network">
|
||||
|
|
|
@ -1,19 +1,19 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<rougail version="0.10">
|
||||
<variables>
|
||||
<variable name="var_size" type="number" description="Variable directory size">
|
||||
<variable name="var_size" type="number" description="Variable directory size" hidden="True">
|
||||
<value>1024</value>
|
||||
</variable>
|
||||
<variable name="add_tmp" type="boolean" description="Add a temporary directory"/>
|
||||
<variable name="var_tmp_size" type="number" description="Temporary directory size">
|
||||
<variable name="add_tmp" type="boolean" description="Add a temporary directory" hidden="True"/>
|
||||
<variable name="var_tmp_size" type="number" description="Temporary directory size" hidden="True">
|
||||
<value>1024</value>
|
||||
</variable>
|
||||
<variable name="add_srv" type="boolean" description="Add a persistent directory"/>
|
||||
<variable name="srv_size" type="number" description="Persistent directory size">
|
||||
<variable name="add_srv" type="boolean" description="Add a persistent directory" hidden="True"/>
|
||||
<variable name="srv_size" type="number" description="Persistent directory size" hidden="True">
|
||||
<value>1024</value>
|
||||
</variable>
|
||||
<variable name="add_swap" type="boolean" description="Add a SWAP partition"/>
|
||||
<variable name="swap_size" type="number" description="SWAP size">
|
||||
<variable name="add_swap" type="boolean" description="Add a SWAP partition" hidden="True"/>
|
||||
<variable name="swap_size" type="number" description="SWAP size" hidden="True">
|
||||
<value>512</value>
|
||||
</variable>
|
||||
</variables>
|
||||
|
|
|
@ -1 +1 @@
|
|||
rm -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/network/80-container-host0.network"
|
||||
rm -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/systemd/network/80-container-host0.network"
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
<variable name="unbound_forward_address" description="Adresse du serveur faisant autorité" provider="ExternalDNS" multi="True"/>
|
||||
<variable name="unbound_forward_zones" type="domainname" description="Nom de domaine de la zone" multi="True" provider="ExternalDNS:authority_zones"/>
|
||||
<variable name="unbound_forward_reverse_zones" type="domainname" description="Nom de domaine de la zone" multi="True" provider="ExternalDNS:reverse_authority_zones"/>
|
||||
<variable name="unbound_allowed_client" type="ip" hidden="True"/>
|
||||
</family>
|
||||
<variable name="unbound_allowed_client" type="ip" description="IP des clients autorisés à faire des requêtes DNS" multi="True" mandatory="True"/>
|
||||
<variable name="unbound_default_forwards" description="Serveur résolveur DNS par défaut" multi="True" mandatory="True"/>
|
||||
</family>
|
||||
</variables>
|
||||
|
@ -40,6 +40,7 @@
|
|||
<target>ip_dns</target>
|
||||
</fill>
|
||||
<fill name="get_ip">
|
||||
<param type="information">zones</param>
|
||||
<param type="variable">unbound_forward_address</param>
|
||||
<target>unbound_allowed_client</target>
|
||||
</fill>
|
||||
|
|
|
@ -8,8 +8,8 @@ server:
|
|||
%for %%interface in %%range(%%len(%%zones_list))
|
||||
access-control: %%getVar('ip_eth' + %%str(%%interface)) allow
|
||||
%end for
|
||||
%for %%allowed in %%unbound_allowed_client
|
||||
access-control: %%allowed allow
|
||||
%for %%authority in %%unbound_forward_address
|
||||
access-control: %%authority.unbound_allowed_client allow
|
||||
%end for
|
||||
do-not-query-localhost: no
|
||||
auto-trust-anchor-file: "/srv/unbound/root.key"
|
||||
|
@ -21,7 +21,7 @@ remote-control:
|
|||
%for %%zone in %%authority.unbound_forward_zones
|
||||
forward-zone:
|
||||
name: "%%zone"
|
||||
forward-addr: %%get_ip(%%str(%%authority))
|
||||
forward-addr: %%authority.unbound_allowed_client
|
||||
|
||||
%end for
|
||||
%end for
|
||||
|
|
|
@ -9,11 +9,11 @@
|
|||
</service>
|
||||
</services>
|
||||
<variables>
|
||||
<family name="nginx">
|
||||
<family name="revprox">
|
||||
<family name="revprox_client">
|
||||
<variable name="revprox_client_external_domainnames" redefine="True" hidden="True"/>
|
||||
</family>
|
||||
<variable name="revprox_client_cert_owner" redefine="True" hidden="True">
|
||||
<variable name="revprox_client_cert_owner" redefine="True">
|
||||
<value>vaultwarden</value>
|
||||
</variable>
|
||||
</family>
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
# locale in jslib/common/src/models/domain/globalState.ts is "en" by default, change it to "fr"
|
||||
# this information is store in browser local storage
|
||||
sed -i 's/this.locale="en",/this.locale="fr",/g' $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/share/vaultwarden/app/main.*.js
|
||||
sed -i 's/this.locale="en",/this.locale="fr",/g' $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/share/vaultwarden/app/main.*.js
|
||||
|
|
Loading…
Reference in a new issue