From f49ecd419f2bbefe3e43b30b6f87c2964306c239 Mon Sep 17 00:00:00 2001 From: Emmanuel Garette Date: Fri, 11 Mar 2022 18:41:49 +0100 Subject: [PATCH] remove old file and add missing one --- .../base-fedora-35/applicationservice.yml | 4 + .../dictionaries/00-fedora-35.xml | 10 ++ .../image/postinstall/base_fedora_35.sh | 7 + .../manual/image/preinstall/base_fedora_35.sh | 1 + .../manual/image/preinstall/base_fedora.sh | 2 +- .../base-fedora/packer/image/preprocessors | 11 -- .../base-fedora/packer/image/recipe.json | 63 ------- .../base-fedora/packer/image/recipe.json.ext2 | 63 ------- .../packer/image/scripts/10-update | 8 - .../packer/image/scripts/40-remove_microdnf | 9 - .../packer/image/scripts/50-rpm_vaccum | 29 --- .../packer/image/scripts/60-tmpfiles | 11 -- .../packer/image/scripts/70-locale | 15 -- .../base-fedora/packer/image/scripts/80-log | 7 - .../packer/image/scripts/90-initrd | 10 -- .../packer/image/scripts/99-reduce | 11 -- .../base-fedora/packer/os/bin/make_volatile | 63 ------- .../packer/os/bin/risotto-run-parts | 24 --- .../base-fedora/packer/os/http/ks-34.cfg | 169 ------------------ .../base-fedora/packer/os/preprocessors | 13 -- .../base-fedora/packer/os/recipe.json | 71 -------- .../packer/os/scripts/30-rpm_vaccum | 7 - .../base-fedora/packer/os/scripts/40-locale | 19 -- .../2022.03.08/base/dictionaries/00-base.xml | 5 + .../gitea/dictionaries/31_gitea.xml | 11 +- .../gitea/manual/image/postinstall/gitea.sh | 19 +- .../image/preinstall/{mailman.sh => gitea.sh} | 0 .../dictionaries/21-machined.xml | 2 +- .../mailman/dictionaries/31_mailman.xml | 9 +- .../2022.03.08/mailman/funcs/mailman.py | 2 +- .../nextcloud/dictionaries/31_nextcloud.xml | 5 - .../nextcloud/templates/nextcloud.init | 8 +- .../nextcloud/templates/nextcloud.service | 2 - .../nginx-reverse-proxy-server/DEBUG | 2 + .../dictionaries/25_nginx.xml | 2 +- .../extras/nginx/00-nginx.xml | 5 +- .../nginx-reverse-proxy-server/funcs/nginx.py | 2 +- .../templates/revprox-nginx.conf | 14 +- .../nsd/packer/image/scripts/20-nsd | 9 - .../dictionaries/30_oauth2_client.xml | 4 +- .../packer/image/scripts/20-openldap-server | 7 - .../image/preinstall/postgresql_server.sh | 2 +- .../dictionaries/21-machined.xml | 2 +- .../dictionaries/20_nginx_client.xml | 26 ++- .../roundcube/dictionaries/31_roundcube.xml | 9 +- .../unbound/packer/image/scripts/20-unbound | 9 - .../2022.03.08/unbound/templates/unbound.conf | 7 + .../dictionaries/20_vaultwarden.xml | 19 +- .../manual/image/postinstall/vaultwarden.sh | 3 + .../templates/vaultwarden_config.env | 12 +- 50 files changed, 119 insertions(+), 705 deletions(-) create mode 100644 seed/applicationservice/2022.03.08/base-fedora-35/applicationservice.yml create mode 100644 seed/applicationservice/2022.03.08/base-fedora-35/dictionaries/00-fedora-35.xml create mode 100644 seed/applicationservice/2022.03.08/base-fedora-35/manual/image/postinstall/base_fedora_35.sh create mode 100644 seed/applicationservice/2022.03.08/base-fedora-35/manual/image/preinstall/base_fedora_35.sh delete mode 100755 seed/applicationservice/2022.03.08/base-fedora/packer/image/preprocessors delete mode 100644 seed/applicationservice/2022.03.08/base-fedora/packer/image/recipe.json delete mode 100644 seed/applicationservice/2022.03.08/base-fedora/packer/image/recipe.json.ext2 delete mode 100644 seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/10-update delete mode 100644 seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/40-remove_microdnf delete mode 100644 seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/50-rpm_vaccum delete mode 100644 seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/60-tmpfiles delete mode 100644 seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/70-locale delete mode 100644 seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/80-log delete mode 100644 seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/90-initrd delete mode 100644 seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/99-reduce delete mode 100644 seed/applicationservice/2022.03.08/base-fedora/packer/os/bin/make_volatile delete mode 100644 seed/applicationservice/2022.03.08/base-fedora/packer/os/bin/risotto-run-parts delete mode 100644 seed/applicationservice/2022.03.08/base-fedora/packer/os/http/ks-34.cfg delete mode 100755 seed/applicationservice/2022.03.08/base-fedora/packer/os/preprocessors delete mode 100644 seed/applicationservice/2022.03.08/base-fedora/packer/os/recipe.json delete mode 100644 seed/applicationservice/2022.03.08/base-fedora/packer/os/scripts/30-rpm_vaccum delete mode 100644 seed/applicationservice/2022.03.08/base-fedora/packer/os/scripts/40-locale rename seed/applicationservice/2022.03.08/gitea/manual/image/preinstall/{mailman.sh => gitea.sh} (100%) create mode 100644 seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/DEBUG delete mode 100644 seed/applicationservice/2022.03.08/nsd/packer/image/scripts/20-nsd delete mode 100644 seed/applicationservice/2022.03.08/openldap-server/packer/image/scripts/20-openldap-server delete mode 100644 seed/applicationservice/2022.03.08/unbound/packer/image/scripts/20-unbound create mode 100644 seed/applicationservice/2022.03.08/vaultwarden/manual/image/postinstall/vaultwarden.sh diff --git a/seed/applicationservice/2022.03.08/base-fedora-35/applicationservice.yml b/seed/applicationservice/2022.03.08/base-fedora-35/applicationservice.yml new file mode 100644 index 00000000..95843bc3 --- /dev/null +++ b/seed/applicationservice/2022.03.08/base-fedora-35/applicationservice.yml @@ -0,0 +1,4 @@ +format: '0.1' +description: Information de base d'un serveur fedora version 35 +depends: + - base-fedora diff --git a/seed/applicationservice/2022.03.08/base-fedora-35/dictionaries/00-fedora-35.xml b/seed/applicationservice/2022.03.08/base-fedora-35/dictionaries/00-fedora-35.xml new file mode 100644 index 00000000..038e8cb9 --- /dev/null +++ b/seed/applicationservice/2022.03.08/base-fedora-35/dictionaries/00-fedora-35.xml @@ -0,0 +1,10 @@ + + + + + + + + diff --git a/seed/applicationservice/2022.03.08/base-fedora-35/manual/image/postinstall/base_fedora_35.sh b/seed/applicationservice/2022.03.08/base-fedora-35/manual/image/postinstall/base_fedora_35.sh new file mode 100644 index 00000000..219e52e7 --- /dev/null +++ b/seed/applicationservice/2022.03.08/base-fedora-35/manual/image/postinstall/base_fedora_35.sh @@ -0,0 +1,7 @@ +# ACTIVE NETWORKD +mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants +chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants +ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/dbus-org.freedesktop.network1.service" +ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service" +ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service" +ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket" diff --git a/seed/applicationservice/2022.03.08/base-fedora-35/manual/image/preinstall/base_fedora_35.sh b/seed/applicationservice/2022.03.08/base-fedora-35/manual/image/preinstall/base_fedora_35.sh new file mode 100644 index 00000000..7f1c6694 --- /dev/null +++ b/seed/applicationservice/2022.03.08/base-fedora-35/manual/image/preinstall/base_fedora_35.sh @@ -0,0 +1 @@ +RELEASEVER=35 diff --git a/seed/applicationservice/2022.03.08/base-fedora/manual/image/preinstall/base_fedora.sh b/seed/applicationservice/2022.03.08/base-fedora/manual/image/preinstall/base_fedora.sh index 260e7404..8ed111aa 100644 --- a/seed/applicationservice/2022.03.08/base-fedora/manual/image/preinstall/base_fedora.sh +++ b/seed/applicationservice/2022.03.08/base-fedora/manual/image/preinstall/base_fedora.sh @@ -1,4 +1,4 @@ -BASE_PKG="systemd systemd-networkd systemd-resolved fedora-release-container lsof strace" +BASE_PKG="systemd systemd-networkd systemd-resolved fedora-release-container lsof strace glibc-langpack-fr" INSTALL_TOOL="dnf" OS_NAME='fedora' REPO_DIR="$IMAGE_NAME_RISOTTO_IMAGE_DIR/etc/yum.repos.d/" diff --git a/seed/applicationservice/2022.03.08/base-fedora/packer/image/preprocessors b/seed/applicationservice/2022.03.08/base-fedora/packer/image/preprocessors deleted file mode 100755 index 24363887..00000000 --- a/seed/applicationservice/2022.03.08/base-fedora/packer/image/preprocessors +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -set -xe - -echo "Preprocessors" - -if [ ! -z $https_proxy ]; then - echo "echo 'export https_proxy=$https_proxy' > /tmp/proxy.sh" > scripts/00-proxy -fi - -exit 0 diff --git a/seed/applicationservice/2022.03.08/base-fedora/packer/image/recipe.json b/seed/applicationservice/2022.03.08/base-fedora/packer/image/recipe.json deleted file mode 100644 index c8f1838e..00000000 --- a/seed/applicationservice/2022.03.08/base-fedora/packer/image/recipe.json +++ /dev/null @@ -1,63 +0,0 @@ -{ - "builders": [ - { - "format": "qcow2", - "headless": true, - "output_directory": "{{user `tmp_directory`}}/output", - "shutdown_command": "echo packer | sudo -S shutdown -P now", - "ssh_password": "qemubuild", - "ssh_username": "qemubuild", - "ssh_wait_timeout": "120m", - "type": "qemu", - "disk_interface": "virtio", - "vm_name": "image.img", - "qemuargs": [ - ["-drive", "file=output/image.img,if=virtio,cache=writeback,discard=ignore,format=qcow2"], - ["-drive", "if=pflash,format=raw,readonly=on,file=/usr/share/OVMF/OVMF_CODE.fd"] - ], - "memory": "2048", - "vnc_bind_address": "0.0.0.0", - "disk_image": true, - "iso_checksum": "{{user `iso_checksum` }}", - "iso_url": "{{user `iso_url` }}", - "iso_checksum_type": "sha256" - } - ], - "provisioners": [ - { - "type": "file", - "source": "{{user `tmp_directory`}}/scripts", - "destination": "/tmp/scripts" - }, - { - "type": "shell", - "inline": [ - "sudo chown root: /tmp/scripts/*", - "sudo chmod +x /tmp/scripts/*", - "sudo risotto-run-parts /tmp/scripts/" - ] - } - ], - "post-processors": [ - { - "type": "shell-local", - "inline": [ - "sleep 5", - "mkdir -p {{user `tmp_directory`}}/tmp", - "echo 'Syst Prep'", - "LIBGUESTFS_BACKEND=direct virt-sysprep --delete \"/var/*\" --delete \"/home/*\" -a {{user `tmp_directory`}}/output/image.img", - "echo 'Sparsify before shink'", - "LIBGUESTFS_BACKEND=direct virt-sparsify --check-tmpdir=ignore --tmp {{user `tmp_directory`}}/tmp/ {{user `tmp_directory`}}/output/image.img {{user `tmp_directory`}}/output/sparse.img", - "echo 'Shink'", - "guestfish add {{user `tmp_directory`}}/output/sparse.img : run : resize2fs-M /dev/sda2", - "truncate -s $(virt-df {{user `tmp_directory`}}/output/sparse.img --csv|tail -n +2|awk -F, '{x+=$3}END{print x + 16012}')K {{user `tmp_directory`}}/output/shrink.img", - "virt-resize --shrink /dev/sda2 {{user `tmp_directory`}}/output/sparse.img {{user `tmp_directory`}}/output/shrink.img", - "echo 'Sparsify and convert to qcow2'", - "LIBGUESTFS_BACKEND=direct virt-sparsify --check-tmpdir=ignore --tmp {{user `tmp_directory`}}/tmp/ --compress --convert qcow2 {{user `tmp_directory`}}/output/shrink.img {{user `tmp_directory`}}/image.img", - "echo 'SHASUM'", - "sha256sum {{user `tmp_directory`}}/image.img > {{user `tmp_directory`}}/image.sha256", - "rm -rf {{user `tmp_directory`}}/tmp {{user `tmp_directory`}}/output" - ] - } - ] -} diff --git a/seed/applicationservice/2022.03.08/base-fedora/packer/image/recipe.json.ext2 b/seed/applicationservice/2022.03.08/base-fedora/packer/image/recipe.json.ext2 deleted file mode 100644 index e5c962ab..00000000 --- a/seed/applicationservice/2022.03.08/base-fedora/packer/image/recipe.json.ext2 +++ /dev/null @@ -1,63 +0,0 @@ -{ - "builders": [ - { - "format": "qcow2", - "headless": true, - "output_directory": "{{user `tmp_directory`}}/output", - "shutdown_command": "echo packer | sudo -S shutdown -P now", - "ssh_password": "qemubuild", - "ssh_username": "qemubuild", - "ssh_wait_timeout": "120m", - "type": "qemu", - "disk_interface": "virtio", - "vm_name": "image.img", - "qemuargs": [ - ["-drive", "file=output/image.img,if=virtio,cache=writeback,discard=ignore,format=qcow2"], - ["-drive", "if=pflash,format=raw,readonly=on,file=/usr/share/OVMF/OVMF_CODE.fd"] - ], - "memory": "2048", - "vnc_bind_address": "0.0.0.0", - "disk_image": true, - "iso_checksum": "{{user `iso_checksum` }}", - "iso_url": "{{user `iso_url` }}", - "iso_checksum_type": "sha256" - } - ], - "provisioners": [ - { - "type": "file", - "source": "{{user `tmp_directory`}}/scripts", - "destination": "/tmp/scripts" - }, - { - "type": "shell", - "inline": [ - "sudo chown root: /tmp/scripts/*", - "sudo chmod +x /tmp/scripts/*", - "sudo risotto-run-parts /tmp/scripts/" - ] - } - ], - "post-processors": [ - { - "type": "shell-local", - "inline": [ - "sleep 5", - "mkdir -p {{user `tmp_directory`}}/tmp", - "echo 'Syst Prep'", - "LIBGUESTFS_BACKEND=direct virt-sysprep --delete \"/var/*\" --delete \"/home/*\" -a {{user `tmp_directory`}}/output/image.img", - "echo 'Sparsify before shink'", - "LIBGUESTFS_BACKEND=direct virt-sparsify --check-tmpdir=ignore --tmp {{user `tmp_directory`}}/tmp/ {{user `tmp_directory`}}/output/image.img {{user `tmp_directory`}}/output/sparse.img", - "echo 'Shink'", - "guestfish add {{user `tmp_directory`}}/output/sparse.img : run : resize2fs-M /dev/sda2", - "truncate -s $(virt-df {{user `tmp_directory`}}/output/sparse.img --csv|tail -n +2|awk -F, '{x+=$3}END{print x + 16384}')K {{user `tmp_directory`}}/output/shrink.img", - "virt-resize --shrink /dev/sda2 {{user `tmp_directory`}}/output/sparse.img {{user `tmp_directory`}}/output/shrink.img", - "echo 'Sparsify and convert to qcow2'", - "LIBGUESTFS_BACKEND=direct virt-sparsify --check-tmpdir=ignore --tmp {{user `tmp_directory`}}/tmp/ --compress --convert qcow2 {{user `tmp_directory`}}/output/shrink.img {{user `tmp_directory`}}/image.img", - "echo 'SHASUM'", - "sha256sum {{user `tmp_directory`}}/image.img > {{user `tmp_directory`}}/image.sha256", - "rm -rf {{user `tmp_directory`}}/tmp {{user `tmp_directory`}}/output" - ] - } - ] -} diff --git a/seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/10-update b/seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/10-update deleted file mode 100644 index b63561f7..00000000 --- a/seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/10-update +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -set -xe - -[ -e /tmp/proxy.sh ] && . /tmp/proxy.sh -microdnf update - -exit 0 diff --git a/seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/40-remove_microdnf b/seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/40-remove_microdnf deleted file mode 100644 index ec980845..00000000 --- a/seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/40-remove_microdnf +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash -set -xe - -microdnf clean all -for package in microdnf libdnf libpeas libstdc++ gobject-introspection libsolv librepo libmodulemd file-libs zchunk-libs libyaml gpgme gnupg2 libassuan libksba libusbx npth; do - rpm -e $package || true -done -rm -rf /var/lib/dnf -exit 0 diff --git a/seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/50-rpm_vaccum b/seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/50-rpm_vaccum deleted file mode 100644 index a3015ae7..00000000 --- a/seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/50-rpm_vaccum +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -set -xe - -rpm -qa | sort > /tmp/rpm.txt -# try to remove this packages -PKG=" rpm rpm-libs curl libcurl lua-libs libarchive sqlite-libs libnghttp2 libssh libbrotli libpsl publicsuffix-list-dafsa libxml2 libssh-config elfutils-libs dbus-broker " -# exclude package -PKG2="" -while read -r a; do - pkg="$(echo "$a" | awk '{ print $1 }' | awk -F'(' '{ print $1 }')" - [ -n "$PKG2" ] && PKG2="$PKG2\n" - PKG2="$PKG2$pkg" -done <<< "$( rpm --test -ev $PKG 2>&1 | grep -v ^'erreur' )" - -while read -r b; do - pkg=$(rpm -q $b --quiet && echo $b || rpm -qf $(find / -name $b -print -quit) --query --queryformat "%{NAME}\n";) - echo "Ne pas désinstaller $pkg" - PKG=${PKG// $pkg / } -done <<< "$(echo -e $PKG2 | sort -u)" - -echo "Suppression de $PKG" -rpm -e $PKG - -echo "Remove rpm database" -rm -rf /var/lib/rpm/* -rm -rf /usr/lib/rpm -mv /tmp/rpm.txt /var/lib/rpm/rpm.txt - -exit 0 diff --git a/seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/60-tmpfiles b/seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/60-tmpfiles deleted file mode 100644 index 50940431..00000000 --- a/seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/60-tmpfiles +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -set -xe - -rm -rf /etc/X11 /etc/firewalld /etc/pki/rpm-gpg /etc/yum.repos.d /etc/dconf -make_volatile /etc -# -make_volatile /var/lib/rpm - -sed -i 's/ ro$/ ro systemd.volatile=yes selinux=1 net.ifnames=0/g' /boot/efi/loader/entries/fedora.conf -exit 0 diff --git a/seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/70-locale b/seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/70-locale deleted file mode 100644 index d8cbf03f..00000000 --- a/seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/70-locale +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash - -set -xe - -find /usr/share/locale/ -mindepth 1 -maxdepth 1 ! -name fr ! -name fr_FR -exec rm -rf '{}' \; -find /usr/lib/locale/ -mindepth 1 -maxdepth 1 ! -name fr_FR.utf8 ! -name C.utf8 -exec rm -rf '{}' \; -find /usr/lib/kbd/keymaps/xkb/ -type f ! -name fr-oss.map.gz -delete -find /usr/lib/kbd/consolefonts/ -type f ! -name eurlatgr.psfu.gz -delete -rm -rf /usr/share/bash-completion -rm -rf /usr/share/pkgconfig -rm -rf /usr/share/licenses/ -rm -rf /usr/share/zsh -rm -rf /usr/lib/.build-id -rm -rf /usr/lib/debug -exit 0 diff --git a/seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/80-log b/seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/80-log deleted file mode 100644 index be3836fa..00000000 --- a/seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/80-log +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash - -set -xe - -rm -rf /var/cache/* /var/log/* - -exit 0 diff --git a/seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/90-initrd b/seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/90-initrd deleted file mode 100644 index 8586e421..00000000 --- a/seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/90-initrd +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -set -xe - -KERNELVERSION=$(ls /lib/modules) -if [ -f "/boot/efi/$KERNELVERSION/initrd.cdrom" ]; then - mv "/boot/efi/$KERNELVERSION/initrd.cdrom" "/boot/efi/$KERNELVERSION/initrd" -fi - -exit 0 diff --git a/seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/99-reduce b/seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/99-reduce deleted file mode 100644 index 2ba994bd..00000000 --- a/seed/applicationservice/2022.03.08/base-fedora/packer/image/scripts/99-reduce +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -set -ex -# -#duperemove -rd / -# -#for size in 1000000000 100000000 10000000 1000000 100000 10000 1000 100 10 1; do -# echo "========================= $size =========================" -# while btrfs filesystem resize -$size /; do :; done -#done -exit 0 diff --git a/seed/applicationservice/2022.03.08/base-fedora/packer/os/bin/make_volatile b/seed/applicationservice/2022.03.08/base-fedora/packer/os/bin/make_volatile deleted file mode 100644 index feae040b..00000000 --- a/seed/applicationservice/2022.03.08/base-fedora/packer/os/bin/make_volatile +++ /dev/null @@ -1,63 +0,0 @@ -#!/bin/bash -set -e -DESTDIR='/usr/lib/tmpfiles.d' -CONF_DST='/usr/share/factory' -EXCLUDES="^(/etc/passwd|/etc/group|/etc/.updated|/etc/.pwd.lock|/etc/pam.d|/etc/systemd/network/dhcp.network|/etc/sudoers.d/qemubuild)$" -ONLY_COPY="^(/etc/localtime)$" -FORCE_LINKS="^(/etc/udev/hwdb.bin)$" - -function file_dir_in_tmpfiles() { - letter=$1 - directory=$2 - mode=$(stat --format "%a" "$directory") - user=$(stat --format "%U" "$directory") - group=$(stat --format "%G" "$directory") - echo "$letter $directory $mode $user $group - -" -} - -function calc_symlink_in_tmpfiles() { - dest_name=$1 - src_file=$(readlink "$dest_name") - symlink_in_tmpfiles "$dest_name" "$src_file" -} - -function symlink_in_tmpfiles() { - dest_name=$1 - src_file=$2 - echo "L+ $dest_name - - - - $src_file" -} - -function main() { - dir_config_orig=$1 - - mkdir -p "$DESTDIR" - mkdir -p "$CONF_DST$dir_config_orig" - name="${dir_config_orig//\//-}" - systemd_conf="$DESTDIR/risotto$name.conf" - echo "" > $systemd_conf - while IFS= read -r -d '' src_file; do - dest_file="$CONF_DST$src_file" - echo $src_file - if [[ "$src_file" =~ $EXCLUDES ]]; then - echo "$src_file: exclude" >&2 - elif [[ -L "$src_file" ]]; then - calc_symlink_in_tmpfiles "$src_file" >> $systemd_conf - elif [[ "$src_file" =~ $FORCE_LINKS ]]; then - symlink_in_tmpfiles "$src_file" "$dest_file" >> $systemd_conf - elif [[ -d "$src_file" ]]; then - file_dir_in_tmpfiles 'd' "$src_file" >> $systemd_conf - [[ ! -d "$dest_file" ]] && mkdir -p "$dest_file" - #echo "$src_file: directory ok" - else - if [[ ! "$src_file" =~ $ONLY_COPY ]]; then - file_dir_in_tmpfiles "C" "$src_file" >> $systemd_conf - fi - [[ -e "$dest_file" ]] && rm -f "$dest_file" - # not a symlink... an hardlink - ln "$src_file" "$dest_file" - #echo "$src_file: file ok" - fi - done < <(find "$dir_config_orig" -print0) -} -main "$1" -exit 0 diff --git a/seed/applicationservice/2022.03.08/base-fedora/packer/os/bin/risotto-run-parts b/seed/applicationservice/2022.03.08/base-fedora/packer/os/bin/risotto-run-parts deleted file mode 100644 index 10a4bb05..00000000 --- a/seed/applicationservice/2022.03.08/base-fedora/packer/os/bin/risotto-run-parts +++ /dev/null @@ -1,24 +0,0 @@ -#!/usr/bin/bash -# run-parts - concept taken from Debian - -set +xe - -if [ $# -lt 1 ]; then - echo "Usage: risotto-run-parts " - exit 1 -fi - -if [ ! -d $1 ]; then - echo "Not a directory: $1" - exit 1 -fi - -# Ignore *~ and *, scripts -for i in $(LC_ALL=C; echo ${1%/}/*[^~,]) ; do - [ -d $i ] && continue - [ ! -x $i ] && continue - echo "execute $i" - $i 2>&1 -done - -exit 0 diff --git a/seed/applicationservice/2022.03.08/base-fedora/packer/os/http/ks-34.cfg b/seed/applicationservice/2022.03.08/base-fedora/packer/os/http/ks-34.cfg deleted file mode 100644 index 0090bf86..00000000 --- a/seed/applicationservice/2022.03.08/base-fedora/packer/os/http/ks-34.cfg +++ /dev/null @@ -1,169 +0,0 @@ -# Keyboard layouts -keyboard --xlayouts='fr (oss)' -# System language -lang fr_FR.UTF-8 -# Required settings -rootpw qemubuild -user --name=qemubuild --password=qemubuild --groups=wheel -authconfig --enableshadow --enablemd5 - -# System timezone -timezone Europe/Paris --utc -repo --name=fedora --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-$releasever&arch=$basearch -repo --name=updates --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f$releasever&arch=$basearch -url --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-\$releasever&arch=\$basearch%%EXTRA_URL%% - -# Optional settings -#bootloader --location=mbr -bootloader --disabled -clearpart --all --initlabel -firstboot --enable -#install -network --bootproto=dhcp -reboot -selinux --enforcing -#services --enabled=sshd,zram-swap,systemd-networkd,systemd-resolved -services --enabled=sshd --disabled=systemd-vconsole-setup -skipx -text -zerombr - -# Disk partition -part / --fstype="ext2" --ondisk=vda --grow -# btrfs : part btrfs.50 --fstype="btrfs" --ondisk=vda --grow -part /boot/efi --fstype="efi" --ondisk=vda --size=30 --fsoptions="umask=0077,shortname=winnt" - -#btrfs none --label=fedora_fedora btrfs.50 -#btrfs / --subvol --name=root LABEL=fedora_fedora - -# Packages -%packages --excludedocs --instLangs=fr --nocore --exclude-weakdeps -#@core --nodefaults -audit -bash -coreutils -#dracut-config-generic -# btrfs duperemove -#glibc-langpack-fr -kbd -kernel-core -microdnf -openssh-server -openssh-clients -qemu-guest-agent -systemd-networkd -#rpm -#shadow-utils -screen -sudo -systemd -#util-linux --zram -# --kernel -%end - -# Post -%post - -# for microdnf -touch /etc/dnf/dnf.conf - -# add qemubuild to sudo -echo "qemubuild ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/qemubuild - -# remove unecessary directories -rm -rf /usr/share/doc -rm -rf /usr/share/licenses -#rm -rfv /usr/share/icons/* -# remove some random help txt files -rm -fv /usr/share/gnupg/help*.txt -# Pruning random things -rm usr/lib/rpm/rpm.daily -#some random not-that-useful binaries -rm -fv /usr/bin/pinky - -# if you want to change the timezone, bind-mount it from the host or reinstall tzdata -localzone=$(readlink /etc/localtime) -mv $localzone /tmp -rm -rfv /usr/share/zoneinfo -mkdir -p $(dirname $localzone) -mv /tmp/$(basename $localzone) $localzone - -# configure systemd-networkd -echo """[Match] -Name=* - -[Network] -DHCP=yes""" > /etc/systemd/network/dhcp.network -SYSTEMDDIR=/usr/lib/systemd/system -MULTI=$SYSTEMDDIR/multi-user.target.wants -ln -sf ../systemd-networkd.service $MULTI/systemd-networkd.service -ln -sf ../systemd-resolved.service $MULTI/systemd-resolved.service - -# initramfs have to mount iso9660 partition -# install bootload -SYSDISK="/dev/vda2" -MACHINEID=`cat /etc/machine-id` -KERNELVERSION=`ls /lib/modules` -DISK=`lsblk -n $SYSDISK -o uuid` -mkdir /boot/$MACHINEID -# btrfs : echo "root=UUID=$DISK ro rootflags=subvol=root" > /etc/kernel/cmdline -echo "root=UUID=$DISK ro" > /etc/kernel/cmdline -# add CDROM driver -echo 'add_drivers+=" iso9660 "' > /etc/dracut.conf.d/cdrom.conf -kernel-install add $KERNELVERSION /lib/modules/$KERNELVERSION/vmlinuz -mv /boot/$MACHINEID/$KERNELVERSION /boot/efi -# // ADD MOUNT INSTRUCTION IN INITRAMFS -# build second initrd file that mount cdrom to /usr -#echo 'add_fstab+=/tmp/fstab' >> /etc/dracut.conf.d/cdrom.conf -#echo "/dev/sr0 /sysroot/usr/local/lib iso9660 ro,relatime,x-systemd.after=sysroot.mount,x-systemd.before=systemd-volatile-root.service 0 0" > /tmp/fstab -#echo "/dev/sr0 /sysroot/usr/local/lib iso9660 ro,x-initrd.mount,nosuid,noexec,uid=0,gid=0,mode=400 0 0" > /tmp/fstab -echo "[Unit] -DefaultDependencies=no -After=sysroot.mount -Before=initrd-udevadm-cleanup-db.service -#Before=systemd-volatile-root.service -After=blockdev@dev-sr0.target - -[Service] -Type=oneshot -ExecStart=mount /dev/sr0 /sysroot/usr/local/lib -t iso9660 -o defaults,ro,nosuid,noexec,uid=0,gid=0,mode=400 -" > /usr/lib/systemd/system/sysroot-usr-local-lib.service - -# // VERSION .mount -#[Mount] -#Where=/sysroot/usr/local/lib -#What=/dev/sr0 -#Type=iso9660 -#Options=defaults,ro,nosuid,noexec,uid=0,gid=0,mode=400" > /usr/lib/systemd/system/sysroot-usr-local-lib.mount -mkdir -p /usr/lib/systemd/system/initrd-root-fs.target.requires -cd /usr/lib/systemd/system/initrd-root-fs.target.requires -#ln -sf ../sysroot-usr-local-lib.mount . -ln -sf ../sysroot-usr-local-lib.service . -#echo 'install_items+=" /usr/lib/systemd/system/sysroot-usr-local-lib.mount /usr/lib/systemd/system/initrd-root-fs.target.requires/sysroot-usr-local-lib.mount "' >> /etc/dracut.conf.d/cdrom.conf -echo 'install_items+=" /usr/lib/systemd/system/sysroot-usr-local-lib.service /usr/lib/systemd/system/initrd-root-fs.target.requires/sysroot-usr-local-lib.service "' >> /etc/dracut.conf.d/cdrom.conf -kernel-install add $KERNELVERSION /lib/modules/$KERNELVERSION/vmlinuz -mv /boot/$MACHINEID/$KERNELVERSION/initrd /boot/efi/$KERNELVERSION/initrd.cdrom -rm -f /etc/dracut.conf.d/cdrom.conf - // END INITRAMFS -# rename entry file without machine ID -mv /boot/loader/entries/$MACHINEID-$KERNELVERSION.conf /boot/loader/entries/fedora.conf -sed -i "/^machine-id /d" /boot/loader/entries/fedora.conf -sed -i "s@/boot/$MACHINEID/$KERNELVERSION/@/$KERNELVERSION/@g" /boot/loader/entries/fedora.conf -# move it in EFI directory for systemd-boot -mv /boot/loader /boot/efi -# remove unused file -rm -rf /lib/modules/$KERNELVERSION/vmlinuz /boot/initramfs* /boot/$MACHINEID -# install systemd-boot -bootctl install - -# remove authselect and dracut -microdnf -y remove dracut xz acl authselect authselect-compat authselect-libs chrony cpio libkcapi-hmaccalc libkcapi linux-firmware linux-firmware-whence -# remove python3 -microdnf -y remove python3 python3-libs python-pip-wheel python-setuptools-wheel gdbm-libs -# remove langpacks fr -microdnf -y remove langpacks-fr langpacks-core-fr langpacks-core-font-fr dejavu-sans-fonts fonts-filesystem -rm -f /var/lib/systemd/random-seed -rm -rfv /var/lib/authselect -%end diff --git a/seed/applicationservice/2022.03.08/base-fedora/packer/os/preprocessors b/seed/applicationservice/2022.03.08/base-fedora/packer/os/preprocessors deleted file mode 100755 index 66a9da61..00000000 --- a/seed/applicationservice/2022.03.08/base-fedora/packer/os/preprocessors +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -set -xe - -echo "Preprocessors" - -if [ ! -z $https_proxy ]; then - sed -i "s@%%EXTRA_URL%%@ --proxy=$https_proxy@g" http/ks-34.cfg -else - sed -i "s@%%EXTRA_URL%%@@g" http/ks-34.cfg -fi - -exit 0 diff --git a/seed/applicationservice/2022.03.08/base-fedora/packer/os/recipe.json b/seed/applicationservice/2022.03.08/base-fedora/packer/os/recipe.json deleted file mode 100644 index 03e6ac77..00000000 --- a/seed/applicationservice/2022.03.08/base-fedora/packer/os/recipe.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "builders": [ - { - "format": "qcow2", - "headless": true, - "output_directory": "{{user `tmp_directory`}}/output", - "shutdown_command": "echo packer | sudo -S shutdown -P now", - "ssh_password": "qemubuild", - "ssh_username": "qemubuild", - "ssh_wait_timeout": "120m", - "type": "qemu", - "disk_interface": "virtio", - "vm_name": "image.img", - "qemuargs": [ - ["-drive", "file=output/image.img,if=virtio,cache=writeback,discard=ignore,format=qcow2"], - ["-drive", "if=pflash,format=raw,readonly=on,file=/usr/share/OVMF/OVMF_CODE.fd"] - ], - "memory": "2048", - "vnc_bind_address": "0.0.0.0", - "boot_command": [ - "e inst.text inst.gpt inst.ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/ks-34.cfg x " - ], - "disk_size": "4096", - "iso_checksum_type": "sha256", - "iso_checksum": "e1a38b9faa62f793ad4561b308c31f32876cfaaee94457a7a9108aaddaeec406", - "iso_url": "https://download.fedoraproject.org/pub/fedora/linux/releases/34/Server/x86_64/iso/Fedora-Server-netinst-x86_64-34-1.2.iso", - "http_directory": "{{user `tmp_directory`}}/http" - } - ], - "provisioners": [ - { - "type": "file", - "source": "{{user `tmp_directory`}}/bin", - "destination": "/tmp/bin" - }, - { - "type": "shell", - "inline": [ - "sudo mv /tmp/bin/* /usr/local/bin", - "sudo chown root: /usr/local/bin/*", - "sudo chmod +x /usr/local/bin/*" - ] - }, - { - "type": "file", - "source": "{{user `tmp_directory`}}/scripts", - "destination": "/tmp/scripts" - }, - { - "type": "shell", - "inline": [ - "sudo chown root: /tmp/scripts/*", - "sudo chmod +x /tmp/scripts/*", - "sudo risotto-run-parts /tmp/scripts/" - ] - } - ], - "post-processors": [ - { - "type": "shell-local", - "inline": [ - "sleep 5", - "mkdir -p {{user `tmp_directory`}}/tmp", - "LIBGUESTFS_BACKEND=direct virt-sysprep -a {{user `tmp_directory`}}/output/image.img", - "LIBGUESTFS_BACKEND=direct virt-sparsify --check-tmpdir=ignore --tmp {{user `tmp_directory`}}/tmp/ --compress {{user `tmp_directory`}}/output/image.img {{user `tmp_directory`}}/image.img", - "sha256sum {{user `tmp_directory`}}/image.img > {{user `tmp_directory`}}/image.sha256", - "rm -rf {{user `tmp_directory`}}/tmp {{user `tmp_directory`}}/output" - ] - } - ] -} diff --git a/seed/applicationservice/2022.03.08/base-fedora/packer/os/scripts/30-rpm_vaccum b/seed/applicationservice/2022.03.08/base-fedora/packer/os/scripts/30-rpm_vaccum deleted file mode 100644 index ff1d4f0c..00000000 --- a/seed/applicationservice/2022.03.08/base-fedora/packer/os/scripts/30-rpm_vaccum +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash -set -xe - -echo VACUUM |sqlite3 /var/lib/rpm/rpmdb.sqlite - -exit 0 - diff --git a/seed/applicationservice/2022.03.08/base-fedora/packer/os/scripts/40-locale b/seed/applicationservice/2022.03.08/base-fedora/packer/os/scripts/40-locale deleted file mode 100644 index 85a77799..00000000 --- a/seed/applicationservice/2022.03.08/base-fedora/packer/os/scripts/40-locale +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash - -set -xe - -find /usr/share/locale/ -mindepth 1 -maxdepth 1 ! -name fr ! -name fr_FR -exec rm -rf '{}' \; -find /usr/lib/locale/ -mindepth 1 -maxdepth 1 ! -name fr_FR.utf8 ! -name C.utf8 -exec rm -rf '{}' \; -find /usr/share/terminfo -mindepth 1 -maxdepth 1 ! -name l ! -name d ! -name s -exec rm -rf '{}' \; -find /usr/share/terminfo/s/screen -type f ! -name screen-256color -delete -find /usr/lib/kbd/keymaps/xkb/ -type f ! -name fr-oss.map.gz -delete -find /usr/lib/kbd/consolefonts/ -type f ! -name eurlatgr.psfu.gz -delete -rm -rf /usr/lib/kbd/consoletrans -rm -rf /usr/lib/kbd/unimaps -rm -rf /usr/lib/kernel -rm -rf /usr/lib/systemd/boot -rm -rf /usr/share/bash-completion -rm -rf /usr/share/pkgconfig -rm -rf /usr/share/licenses/ -rm -rf /usr/lib/debug -exit 0 diff --git a/seed/applicationservice/2022.03.08/base/dictionaries/00-base.xml b/seed/applicationservice/2022.03.08/base/dictionaries/00-base.xml index 71039c37..a8e25115 100644 --- a/seed/applicationservice/2022.03.08/base/dictionaries/00-base.xml +++ b/seed/applicationservice/2022.03.08/base/dictionaries/00-base.xml @@ -1,5 +1,10 @@ + + + /etc/locale.conf + + - - /gitea/ - / @@ -82,23 +79,19 @@ 43 gitea_lfs_jwt_secret - - https:// + revprox_client_external_domainname revprox_client_location user/oauth2/ domain_name_eth0 /callback - oauth2_client_login - - https:// + revprox_client_external_domainname revprox_client_location user/oauth2/ domain_name_eth0 - oauth2_client_external diff --git a/seed/applicationservice/2022.03.08/gitea/manual/image/postinstall/gitea.sh b/seed/applicationservice/2022.03.08/gitea/manual/image/postinstall/gitea.sh index 5a10d1a0..8de3db79 100644 --- a/seed/applicationservice/2022.03.08/gitea/manual/image/postinstall/gitea.sh +++ b/seed/applicationservice/2022.03.08/gitea/manual/image/postinstall/gitea.sh @@ -8,17 +8,16 @@ VERSION=$(wget https://dl.gitea.io/gitea/version.json -q -O - | jq -r '.latest.v mkdir -p ~/gitea/ -if [ ! -f "~/gitea/gitea-$VERSION-linux-amd64.xz" ]; then - wget https://dl.gitea.io/gitea/$VERSION/gitea-$VERSION-linux-amd64.xz -O ~/gitea/gitea-$VERSION-linux-amd64.xz +if [ ! -f ~/"gitea/gitea-$VERSION-linux-amd64.xz" ]; then + wget "https://dl.gitea.io/gitea/$VERSION/gitea-$VERSION-linux-amd64.xz" -O ~/"gitea/gitea-$VERSION-linux-amd64.xz" fi -if [ ! -f "~/gitea/gitea-$VERSION-linux-amd64.xz.asc" ]; then - wget https://dl.gitea.io/gitea/$VERSION/gitea-$VERSION-linux-amd64.xz.asc -O ~/gitea/gitea-$VERSION-linux-amd64.xz.asc +if [ ! -f ~/"gitea/gitea-$VERSION-linux-amd64.xz.asc" ]; then + wget "https://dl.gitea.io/gitea/$VERSION/gitea-$VERSION-linux-amd64.xz.asc" -O ~/"gitea/gitea-$VERSION-linux-amd64.xz.asc" fi -gpg --verify ~/gitea/gitea-$VERSION-linux-amd64.xz.asc ~/gitea/gitea-$VERSION-linux-amd64.xz - -cp -a ~/gitea/gitea-$VERSION-linux-amd64.xz . -xz -d gitea-$VERSION-linux-amd64.xz -mv gitea-$VERSION-linux-amd64 $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/bin/gitea -chmod +x $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/bin/gitea +gpg --verify ~/"gitea/gitea-$VERSION-linux-amd64.xz.asc" ~/"gitea/gitea-$VERSION-linux-amd64.xz" +cp -a ~/"gitea/gitea-$VERSION-linux-amd64.xz" . +xz -d "gitea-$VERSION-linux-amd64.xz" +mv "gitea-$VERSION-linux-amd64" "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/bin/gitea" +chmod +x "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/bin/gitea" diff --git a/seed/applicationservice/2022.03.08/gitea/manual/image/preinstall/mailman.sh b/seed/applicationservice/2022.03.08/gitea/manual/image/preinstall/gitea.sh similarity index 100% rename from seed/applicationservice/2022.03.08/gitea/manual/image/preinstall/mailman.sh rename to seed/applicationservice/2022.03.08/gitea/manual/image/preinstall/gitea.sh diff --git a/seed/applicationservice/2022.03.08/host-systemd-machined/dictionaries/21-machined.xml b/seed/applicationservice/2022.03.08/host-systemd-machined/dictionaries/21-machined.xml index 4ea85412..98d32b0e 100644 --- a/seed/applicationservice/2022.03.08/host-systemd-machined/dictionaries/21-machined.xml +++ b/seed/applicationservice/2022.03.08/host-systemd-machined/dictionaries/21-machined.xml @@ -19,7 +19,7 @@ - - https:// + revprox_client_external_domainname revprox_client_location /accounts/risotto/login/ - oauth2_client_external diff --git a/seed/applicationservice/2022.03.08/mailman/funcs/mailman.py b/seed/applicationservice/2022.03.08/mailman/funcs/mailman.py index ff94fd26..8e72ae1a 100644 --- a/seed/applicationservice/2022.03.08/mailman/funcs/mailman.py +++ b/seed/applicationservice/2022.03.08/mailman/funcs/mailman.py @@ -1,4 +1,4 @@ -from utils import multi_function as _multi_function +from risotto.utils import multi_function as _multi_function from itertools import chain diff --git a/seed/applicationservice/2022.03.08/nextcloud/dictionaries/31_nextcloud.xml b/seed/applicationservice/2022.03.08/nextcloud/dictionaries/31_nextcloud.xml index f548a847..4bff5373 100644 --- a/seed/applicationservice/2022.03.08/nextcloud/dictionaries/31_nextcloud.xml +++ b/seed/applicationservice/2022.03.08/nextcloud/dictionaries/31_nextcloud.xml @@ -18,11 +18,6 @@ - - - /nextcloud - - True diff --git a/seed/applicationservice/2022.03.08/nextcloud/templates/nextcloud.init b/seed/applicationservice/2022.03.08/nextcloud/templates/nextcloud.init index b1e0f0fe..db827d6d 100644 --- a/seed/applicationservice/2022.03.08/nextcloud/templates/nextcloud.init +++ b/seed/applicationservice/2022.03.08/nextcloud/templates/nextcloud.init @@ -44,9 +44,13 @@ fi /usr/bin/php /usr/share/nextcloud/occ ldap:set-config s01 ldapUserDisplayName "sn" /usr/bin/php /usr/share/nextcloud/occ ldap:set-config s01 ldapConfigurationActive "1" #/usr/bin/php /usr/share/nextcloud/occ ldap:set-config s01 ldapTLS "1" -# cron +# Cron /usr/bin/php /usr/share/nextcloud/occ config:app:set core backgroundjobs_mode --value=cron -# need network +# Need network /usr/bin/php /usr/share/nextcloud/occ app:disable weather_status +# Maintenance +/usr/bin/php /usr/share/nextcloud/occ upgrade +/usr/bin/php /usr/share/nextcloud/occ files:scan --all -q +/usr/bin/php /usr/share/nextcloud/occ maintenance:repair -q exit 0 diff --git a/seed/applicationservice/2022.03.08/nextcloud/templates/nextcloud.service b/seed/applicationservice/2022.03.08/nextcloud/templates/nextcloud.service index a5611330..052de7a3 100644 --- a/seed/applicationservice/2022.03.08/nextcloud/templates/nextcloud.service +++ b/seed/applicationservice/2022.03.08/nextcloud/templates/nextcloud.service @@ -9,8 +9,6 @@ WorkingDirectory=/usr/share/nextcloud #FIXME ExecStart=+/usr/bin/chmod +w /etc/nextcloud/config.php ExecStart=/etc/nextcloud/nextcloud.init -ExecStart=/usr/bin/php occ files:scan --all -q -ExecStart=/usr/bin/php occ maintenance:repair -q ExecStart=+/usr/bin/chmod -w /etc/nextcloud/config.php User=apache Group=apache diff --git a/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/DEBUG b/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/DEBUG new file mode 100644 index 00000000..8dc5dae1 --- /dev/null +++ b/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/DEBUG @@ -0,0 +1,2 @@ +sed -i 's@error_log syslog:server=unix:/dev/log;@error_log syslog:server=unix:/dev/log debug;@g' /etc/nginx/nginx.conf +systemctl restart nginx diff --git a/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/dictionaries/25_nginx.xml b/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/dictionaries/25_nginx.xml index fbeefb00..328d849b 100644 --- a/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/dictionaries/25_nginx.xml +++ b/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/dictionaries/25_nginx.xml @@ -22,7 +22,7 @@ - diff --git a/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/funcs/nginx.py b/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/funcs/nginx.py index d4b6ef56..6f84a4ef 100644 --- a/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/funcs/nginx.py +++ b/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/funcs/nginx.py @@ -1,5 +1,5 @@ from typing import List as _List -from utils import multi_function +from risotto.utils import multi_function @multi_function diff --git a/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/templates/revprox-nginx.conf b/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/templates/revprox-nginx.conf index 7e7c55e8..3105fed1 100644 --- a/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/templates/revprox-nginx.conf +++ b/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/templates/revprox-nginx.conf @@ -39,7 +39,7 @@ server { # Configuration HTTPS %%domainname server { - listen 443 ssl; + listen 443 ssl http2; ssl_certificate %%nginx_certificate_filename[%%idx]; ssl_certificate_key %%nginx_private_key_filename[%%idx]; ssl_client_certificate %%nginx_chain_filename[%%idx]; @@ -51,12 +51,12 @@ server { %for %%location in %%revprox['revprox_location_' + family] location %%location { - # FIXME proxy_bind A.A.A.A; - %set %%location_str = %%str(%%location) - %if %%location_str != '/' and not %%location_str.endswith('/') - rewrite ^(%%location_str)$ $1/ permanent; - %end if + # FIXME proxy_bind A.A.A.A; proxy_pass %%location['revprox_url_' + family]; +# %if %%location['revprox_is_websocket_' + family] +# proxy_set_header Upgrade $http_upgrade; +# proxy_set_header Connection "upgrade"; +# %else proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Host $host; @@ -65,6 +65,7 @@ server { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Destination $dest; +# %end if proxy_ssl_trusted_certificate /etc/pki/ca-trust/source/anchors/ca_ReverseProxy.crt; proxy_ssl_verify on; proxy_ssl_verify_depth 2; @@ -73,6 +74,7 @@ server { index error.html; root /var/www/html; } +# If user missing '/' %if %%location_str != '/' and %%location_str.endswith('/') location %%location_str[:-1] { rewrite ^(%%location_str[:-1])$ $1/ permanent; diff --git a/seed/applicationservice/2022.03.08/nsd/packer/image/scripts/20-nsd b/seed/applicationservice/2022.03.08/nsd/packer/image/scripts/20-nsd deleted file mode 100644 index 1f22a348..00000000 --- a/seed/applicationservice/2022.03.08/nsd/packer/image/scripts/20-nsd +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash - -set -xe - -[ -e /tmp/proxy.sh ] && . /tmp/proxy.sh -microdnf -y --nodocs --noplugins install nsd -# make_volatile /var/lib/nsd - -exit 0 diff --git a/seed/applicationservice/2022.03.08/oauth2-client/dictionaries/30_oauth2_client.xml b/seed/applicationservice/2022.03.08/oauth2-client/dictionaries/30_oauth2_client.xml index 47152535..a025e4dc 100644 --- a/seed/applicationservice/2022.03.08/oauth2-client/dictionaries/30_oauth2_client.xml +++ b/seed/applicationservice/2022.03.08/oauth2-client/dictionaries/30_oauth2_client.xml @@ -68,11 +68,9 @@ oauth2_client_id oauth2_client_token_signature_algo - - https:// + revprox_client_external_domainname revprox_client_location - oauth2_client_external diff --git a/seed/applicationservice/2022.03.08/openldap-server/packer/image/scripts/20-openldap-server b/seed/applicationservice/2022.03.08/openldap-server/packer/image/scripts/20-openldap-server deleted file mode 100644 index fad86719..00000000 --- a/seed/applicationservice/2022.03.08/openldap-server/packer/image/scripts/20-openldap-server +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash - -set -xe - -microdnf -y --nodocs --noplugins install openldap-servers - -exit 0 diff --git a/seed/applicationservice/2022.03.08/postgresql-server/manual/image/preinstall/postgresql_server.sh b/seed/applicationservice/2022.03.08/postgresql-server/manual/image/preinstall/postgresql_server.sh index a533301e..6ddfa5cc 100644 --- a/seed/applicationservice/2022.03.08/postgresql-server/manual/image/preinstall/postgresql_server.sh +++ b/seed/applicationservice/2022.03.08/postgresql-server/manual/image/preinstall/postgresql_server.sh @@ -1 +1 @@ -PKG="$PKG postgresql-server glibc-langpack-fr" +PKG="$PKG postgresql-server" diff --git a/seed/applicationservice/2022.03.08/provider-systemd-machined/dictionaries/21-machined.xml b/seed/applicationservice/2022.03.08/provider-systemd-machined/dictionaries/21-machined.xml index 96757310..7c072855 100644 --- a/seed/applicationservice/2022.03.08/provider-systemd-machined/dictionaries/21-machined.xml +++ b/seed/applicationservice/2022.03.08/provider-systemd-machined/dictionaries/21-machined.xml @@ -15,7 +15,7 @@ /var/lib/risotto/configurations - + revprox_client_server_domainname - clients + revprox_clients revprox_client_external_domainname ip 0 @@ -66,15 +71,22 @@ revprox_client_server_domainname - location + revprox_location revprox_client_external_domainname revprox_client_location revprox_client_server_domainname - location + revprox_is_websocket + revprox_client_external_domainname + + revprox_client_is_websocket + + + revprox_client_server_domainname + revprox_url + revprox_location revprox_client_location - url revprox_client_external_domainname revprox_client_web_address diff --git a/seed/applicationservice/2022.03.08/roundcube/dictionaries/31_roundcube.xml b/seed/applicationservice/2022.03.08/roundcube/dictionaries/31_roundcube.xml index cf390962..7304b841 100644 --- a/seed/applicationservice/2022.03.08/roundcube/dictionaries/31_roundcube.xml +++ b/seed/applicationservice/2022.03.08/roundcube/dictionaries/31_roundcube.xml @@ -12,11 +12,6 @@ - - - /roundcube - - True @@ -37,12 +32,10 @@ cleartext roundcube_des_key - - https:// + revprox_client_external_domainname revprox_client_location /index.php/login/oauth - oauth2_client_login diff --git a/seed/applicationservice/2022.03.08/unbound/packer/image/scripts/20-unbound b/seed/applicationservice/2022.03.08/unbound/packer/image/scripts/20-unbound deleted file mode 100644 index 21f743d4..00000000 --- a/seed/applicationservice/2022.03.08/unbound/packer/image/scripts/20-unbound +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash - -set -xe - -[ -e /tmp/proxy.sh ] && . /tmp/proxy.sh -microdnf -y --nodocs --noplugins install unbound -make_volatile /var/lib/unbound - -exit 0 diff --git a/seed/applicationservice/2022.03.08/unbound/templates/unbound.conf b/seed/applicationservice/2022.03.08/unbound/templates/unbound.conf index f1587904..503d8b06 100644 --- a/seed/applicationservice/2022.03.08/unbound/templates/unbound.conf +++ b/seed/applicationservice/2022.03.08/unbound/templates/unbound.conf @@ -578,6 +578,13 @@ server: # Ignore chain of trust. Domain is treated as insecure. # domain-insecure: "example.com" + #>GNUNUX +%for %%authority in %%unbound_forward_address + %for %%zone in %%authority.unbound_forward_zones + domain-insecure: "%%zone" + %end for +%end for + # - - /vaultwarden - - @@ -42,5 +46,12 @@ vaultwarden_device_identifier + + True + False + revprox_client_location + /notifications/hub + revprox_client_is_websocket + diff --git a/seed/applicationservice/2022.03.08/vaultwarden/manual/image/postinstall/vaultwarden.sh b/seed/applicationservice/2022.03.08/vaultwarden/manual/image/postinstall/vaultwarden.sh new file mode 100644 index 00000000..6771d087 --- /dev/null +++ b/seed/applicationservice/2022.03.08/vaultwarden/manual/image/postinstall/vaultwarden.sh @@ -0,0 +1,3 @@ +# locale in jslib/common/src/models/domain/globalState.ts is "en" by default, change it to "fr" +# this information is store in browser local storage +sed -i 's/this.locale="en",/this.locale="fr",/g' $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/share/vaultwarden/app/main.*.js diff --git a/seed/applicationservice/2022.03.08/vaultwarden/templates/vaultwarden_config.env b/seed/applicationservice/2022.03.08/vaultwarden/templates/vaultwarden_config.env index 7515fc4b..731bc089 100644 --- a/seed/applicationservice/2022.03.08/vaultwarden/templates/vaultwarden_config.env +++ b/seed/applicationservice/2022.03.08/vaultwarden/templates/vaultwarden_config.env @@ -256,7 +256,11 @@ INVITATION_ORG_NAME=%%vaultwarden_org_name ## For U2F to work, the server must use HTTPS, you can use Let's Encrypt for free certs # DOMAIN=https://bw.domain.tld:8443 #>GNUNUX -DOMAIN=https://%%revprox_client_external_domainname%%revprox_client_location +%set %%location = %%str(%%revprox_client_location[0]) +%if %%location.endswith('/') + %set %%location = %%location[:-1] +%end if +DOMAIN=https://%%revprox_client_external_domainname%%location #GNUNUX ROCKET_PORT=443 -ROCKET_TLS='{certs="/etc/pki/tls/certs/revproxy.crt",key="/etc/pki/tls/private/revproxy.key"}' +ROCKET_TLS='{certs="/etc/pki/tls/certs/revprox.crt",key="/etc/pki/tls/private/revprox.key"}' #