diff --git a/seed/README.md b/seed/README.md index 8f7c5d85..2cac2c83 100644 --- a/seed/README.md +++ b/seed/README.md @@ -13,16 +13,13 @@ - dns: - [dns-external](dns-external/README.md): DNS client with resolution on all zones (especially outside) - [dns-local](dns-local/README.md): DNS client with access to local zones -- [dotclear](dotclear/README.md): Dotclear an open-source web publishing software - [dovecot](dovecot/README.md): Postfix and Dovecot as mail servers (Submission and IMAP) - [forgejo](forgejo/README.md): Forgejo, a community managed lightweight code hosting solution -- [galette](galette/README.md): Galette, a membership management web application towards non profit organizations - [gitea](gitea/README.md): Transitional package for Gitea to Forgejo - [host-systemd-machined](host-systemd-machined/README.md): Host with machine started in Systemd Machined environment - [imap-client](imap-client/README.md): Application service needs interact with an IMAP server - [ldap-client](ldap-client/README.md): Application service needs interact with a LDAP server - [lemonldap](lemonldap/README.md): LemonLDAP, a Web Single Sign On and Access Management -- [letsencrypt](letsencrypt/README.md): Let's encrypt, a nonprofit Certificate Authority providing TLS certificates - [mailman](mailman/README.md): GNU Mailman, managing electronic mail discussion and e-newsletter lists - mariadb: - [mariadb](mariadb/README.md): MariaDB, a relational database @@ -42,6 +39,7 @@ - [php](php/README.md): PHP, a popular general-purpose scripting language - [php-fpm](php-fpm/README.md): PHP FPM - [piwigo](piwigo/README.md): Piwigo, a photo management software +- [pki-tls](pki-tls/README.md): Autosign PKI or Let's encrypt support for TLS certificates - postfix: - [postfix-lmtp-relay](postfix-lmtp-relay/README.md): Postfix, the mail server, as LMTP relay - [postfix-relay](postfix-relay/README.md): Postfix, the mail server, as relay @@ -57,7 +55,6 @@ - [relay-mail-client](relay-mail-client/README.md): Client SMTP - [reverse-proxy-client](reverse-proxy-client/README.md): Application service needs interact with a a reverse proxy server - [roundcube](roundcube/README.md): Roundcube, a webmail -- [sensmotdire](sensmotdire/README.md): Sens Mot Dire, a french conjugaison service - [speedtest-rs](speedtest-rs/README.md): Speedtest-rs, a very lightweight Speedtest - [systemd](systemd/README.md): Systemd, a system and service manager - [unbound](unbound/README.md): Unbound, a validating, recursive, caching DNS resolver diff --git a/seed/apache/README.md b/seed/apache/README.md index 0a0093d5..f69d0a0b 100644 --- a/seed/apache/README.md +++ b/seed/apache/README.md @@ -27,8 +27,8 @@ Paramètrage avancé du serveur web Apache | Description | Help | Type | Values | |-----------------------------------------------------------------------------------------------------------------------------------|-------------------|-------------------------------------------------------------------------------------------------------------------------|----------| -| **Temps d'attente des entrées/sorties avant de considérer qu'une requête a échoué** (*[apache_timeout](dictionaries/20_web.xml)*) | Temps en secondes | [number](https://cloud.silique.fr/gitea/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | 300 | -| **Autoriser les connexions persistantes** (*[apache_keepalive](dictionaries/20_web.xml)*) | | [boolean](https://cloud.silique.fr/gitea/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | True | +| **Temps d'attente des entrées/sorties avant de considérer qu'une requête a échoué** (*[apache_timeout](dictionaries/20_web.xml)*) | Temps en secondes | [number](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | 300 | +| **Autoriser les connexions persistantes** (*[apache_keepalive](dictionaries/20_web.xml)*) | | [boolean](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | True | - [+]: variable is multiple diff --git a/seed/apache/dictionaries/20_web.xml b/seed/apache/dictionaries/20_web.xml index 1cdf9127..afd56df9 100644 --- a/seed/apache/dictionaries/20_web.xml +++ b/seed/apache/dictionaries/20_web.xml @@ -5,9 +5,6 @@ /etc/httpd/conf/httpd.conf /etc/httpd/conf.d/risotto.conf /etc/httpd/conf.d/ssl.conf - /etc/httpd/ssl/server.ca - /etc/httpd/ssl/server.crt - /etc/httpd/ssl/server.key /sysusers.d/httpd.conf /tmpfiles.d/0httpd.conf diff --git a/seed/apache/manual/image/preinstall/apache.sh b/seed/apache/manual/image/preinstall/apache.sh index c8ac0407..9c9e8c36 100644 --- a/seed/apache/manual/image/preinstall/apache.sh +++ b/seed/apache/manual/image/preinstall/apache.sh @@ -1 +1 @@ -PKG="$PKG mod_ssl" +PKG="$PKG httpd mod_ssl" diff --git a/seed/apache/templates/server.ca b/seed/apache/templates/server.ca deleted file mode 100644 index 91ed66dd..00000000 --- a/seed/apache/templates/server.ca +++ /dev/null @@ -1 +0,0 @@ -%%get_chain(%%domain_name_eth0, authority_cn=%%revprox_client_server_domainname, authority_name="InternalReverseProxy", hide=%%hide_secret) diff --git a/seed/apache/templates/server.crt b/seed/apache/templates/server.crt deleted file mode 100644 index da844246..00000000 --- a/seed/apache/templates/server.crt +++ /dev/null @@ -1 +0,0 @@ -%%get_certificate(%%domain_name_eth0, authority_cn=%%revprox_client_server_domainname, authority_name="InternalReverseProxy", hide=%%hide_secret) diff --git a/seed/apache/templates/server.key b/seed/apache/templates/server.key deleted file mode 100644 index e8593618..00000000 --- a/seed/apache/templates/server.key +++ /dev/null @@ -1 +0,0 @@ -%%get_private_key(%%domain_name_eth0, authority_cn=%%revprox_client_server_domainname, authority_name="InternalReverseProxy", hide=%%hide_secret) diff --git a/seed/apache/templates/ssl.conf b/seed/apache/templates/ssl.conf index 0067b4a1..d2ee87c5 100644 --- a/seed/apache/templates/ssl.conf +++ b/seed/apache/templates/ssl.conf @@ -100,7 +100,7 @@ SSLProxyCipherSuite PROFILE=SYSTEM # require an ECC certificate which can also be configured in # parallel. # GNUNUX SSLCertificateFile /etc/pki/tls/certs/localhost.crt -SSLCertificateFile /etc/httpd/ssl/server.crt +SSLCertificateFile %%tls_cert_directory/revprox.crt # Server Private Key: # If the key is not combined with the certificate, use this @@ -109,7 +109,7 @@ SSLCertificateFile /etc/httpd/ssl/server.crt # both in parallel (to also allow the use of DSA ciphers, etc.) # ECC keys, when in use, can also be configured in parallel # GNUNUX SSLCertificateKeyFile /etc/pki/tls/private/localhost.key -SSLCertificateKeyFile /etc/httpd/ssl/server.key +SSLCertificateKeyFile %%tls_key_directory/revprox.key # Server Certificate Chain: # Point SSLCertificateChainFile at a file containing the @@ -126,7 +126,7 @@ SSLCertificateKeyFile /etc/httpd/ssl/server.key # huge file containing all of them (file must be PEM encoded) #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt #>GNUNUX -SSLCACertificateFile /etc/httpd/ssl/server.ca +SSLCACertificateFile %%tls_ca_directory/InternalReverseProxy.crt # - domain_name_eth0 + server_name machine.name diff --git a/seed/base-machine/funcs/funcs.py b/seed/base-machine/funcs/funcs.py index 1784d5a3..54fe475c 100644 --- a/seed/base-machine/funcs/funcs.py +++ b/seed/base-machine/funcs/funcs.py @@ -10,11 +10,11 @@ _HERE = _environ['PWD'] _PASSWORD_DIR = _join(_HERE, 'password') -def get_password(server_name: str, - username: str, +def get_password(username: str, description: str, type: str, hide: bool, + server_name: str='none', length: int=20, temporary: bool=True, ) -> str: diff --git a/seed/base/dictionaries/00-base.xml b/seed/base/dictionaries/00_base.xml similarity index 100% rename from seed/base/dictionaries/00-base.xml rename to seed/base/dictionaries/00_base.xml diff --git a/seed/base/funcs/base.py b/seed/base/funcs/base.py index c4fe7125..3017cd1c 100644 --- a/seed/base/funcs/base.py +++ b/seed/base/funcs/base.py @@ -21,12 +21,15 @@ def get_ip(zones: dict, break else: raise ValueError(f'cannot find IP in domain name "{domain_name}" (for "{s_name}")') + if not host_name in zone['hosts']: + continue ret = zone['hosts'][host_name] if not return_list: return ret if ret not in lst: lst.append(ret) - return lst + if return_list: + return lst @_multi_function diff --git a/seed/dns-external/README.md b/seed/dns-external/README.md index 2db1e1b2..7a82a85e 100644 --- a/seed/dns-external/README.md +++ b/seed/dns-external/README.md @@ -19,8 +19,8 @@ DNS client with resolution on all zones (especially outside). | Description | Values | Supplier | |-------------------------------------------------------------|----------|-------------| -| *[**dns_is_only_local**](dictionaries/14-dns-external.xml)* | False | | -| *[dns_client_address](dictionaries/14-dns-external.xml)* | | ExternalDNS | +| *[**dns_is_only_local**](dictionaries/14_dns-external.xml)* | False | | +| *[dns_client_address](dictionaries/14_dns-external.xml)* | | ExternalDNS | - [+]: variable is multiple diff --git a/seed/dns-external/dictionaries/14-dns-external.xml b/seed/dns-external/dictionaries/14_dns-external.xml similarity index 100% rename from seed/dns-external/dictionaries/14-dns-external.xml rename to seed/dns-external/dictionaries/14_dns-external.xml diff --git a/seed/dns-local/dictionaries/13-dns-local.xml b/seed/dns-local/dictionaries/13_dns-local.xml similarity index 100% rename from seed/dns-local/dictionaries/13-dns-local.xml rename to seed/dns-local/dictionaries/13_dns-local.xml diff --git a/seed/dotclear/README.md b/seed/dotclear/README.md deleted file mode 100644 index dccce365..00000000 --- a/seed/dotclear/README.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -gitea: none -include_toc: true ---- - -# dotclear - -[All applications services for this dataset.](../README.md) - -## Description - -Dotclear an open-source web publishing software. - -[For more informations](https://dotclear.org) - -## Dependances - -- [base-fedora-36](../base-fedora-36/README.md) - - [base-fedora](../base-fedora/README.md) - - [systemd](../systemd/README.md) - - [base-machine](../base-machine/README.md) - - [base](../base/README.md) - - [dns-local](../dns-local/README.md) -- [postgresql-client](../postgresql-client/README.md) -- [nginx-https](../nginx-https/README.md) - - [nginx-common](../nginx-common/README.md) - - [reverse-proxy-client](../reverse-proxy-client/README.md) -- [php-fpm](../php-fpm/README.md) - - [php](../php/README.md) - -## Variables - -### Général (*general*) - -#### Dotclear (*general.dotclear*) - -| Description | Type | -|----------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------| -| **Adresse courriel de l'administrateur** (*[admin_mail_from](dictionaries/40_dotclear.xml)*) | [mail](https://cloud.silique.fr/gitea/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | - - -- [+]: variable is multiple -- **bold**: variable is mandatory diff --git a/seed/dotclear/applicationservice.yml b/seed/dotclear/applicationservice.yml deleted file mode 100644 index 33dd1403..00000000 --- a/seed/dotclear/applicationservice.yml +++ /dev/null @@ -1,8 +0,0 @@ -format: '0.1' -description: Dotclear an open-source web publishing software -website: https://dotclear.org -depends: - - base-fedora-36 - - postgresql-client - - nginx-https - - php-fpm diff --git a/seed/dotclear/dictionaries/40_dotclear.xml b/seed/dotclear/dictionaries/40_dotclear.xml deleted file mode 100644 index 924fc9b4..00000000 --- a/seed/dotclear/dictionaries/40_dotclear.xml +++ /dev/null @@ -1,26 +0,0 @@ - - - - - /etc/dotclear/config.php - /etc/nginx/default.d/dotclear.conf - /tmpfiles.d/0dotclear.conf - - - - - - - - - - domain_name_eth0 - secret_key - dotclear - cleartext - hide_secret - dotclear_secret_key - - - diff --git a/seed/dotclear/manual/image/postinstall/dotclear.sh b/seed/dotclear/manual/image/postinstall/dotclear.sh deleted file mode 100644 index 3beb06fd..00000000 --- a/seed/dotclear/manual/image/postinstall/dotclear.sh +++ /dev/null @@ -1,16 +0,0 @@ -set -e - -ORIPWD=$PWD -mkdir -p "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/local/share" -cd "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/local/share" -wget -q "https://download.dotclear.net/latest.tar.gz" -tar xf *tar.gz -rm -f *tar.gz -chown -R root: dotclear -cd dotclear -rmdir public -ln -s /srv/dotclear/public public -cd inc -ln -s /etc/dotclear/config.php config.php - -cd $ORIPWD diff --git a/seed/dotclear/manual/image/preinstall/dotclear.sh b/seed/dotclear/manual/image/preinstall/dotclear.sh deleted file mode 100644 index c29a6cdc..00000000 --- a/seed/dotclear/manual/image/preinstall/dotclear.sh +++ /dev/null @@ -1 +0,0 @@ -PKG="$PKG php-pgsql php-mbstring php-xml" diff --git a/seed/dotclear/templates/config.php b/seed/dotclear/templates/config.php deleted file mode 100644 index 1380766a..00000000 --- a/seed/dotclear/templates/config.php +++ /dev/null @@ -1,108 +0,0 @@ -GNUNUX -//define('DC_TPL_CACHE', path::real(__DIR__ . '/..') . '/cache'); -define('DC_TPL_CACHE', '/srv/dotclear/cache'); -//GNUNUX -define('DC_NOT_UPDATE', false); -//GNUNUX -define('DC_REVERSE_PROXY',true); -//