remove old file and add missing one
This commit is contained in:
parent
a093f49780
commit
f49ecd419f
50 changed files with 119 additions and 705 deletions
|
@ -0,0 +1,4 @@
|
|||
format: '0.1'
|
||||
description: Information de base d'un serveur fedora version 35
|
||||
depends:
|
||||
- base-fedora
|
|
@ -0,0 +1,10 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<rougail version="0.10">
|
||||
<variables>
|
||||
<family name="general">
|
||||
<variable name="os_version" type="string" description="OS Version" hidden="True">
|
||||
<value>35</value>
|
||||
</variable>
|
||||
</family>
|
||||
</variables>
|
||||
</rougail>
|
|
@ -0,0 +1,7 @@
|
|||
# ACTIVE NETWORKD
|
||||
mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants
|
||||
chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants
|
||||
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
|
||||
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
|
||||
ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
|
||||
ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"
|
|
@ -0,0 +1 @@
|
|||
RELEASEVER=35
|
|
@ -1,4 +1,4 @@
|
|||
BASE_PKG="systemd systemd-networkd systemd-resolved fedora-release-container lsof strace"
|
||||
BASE_PKG="systemd systemd-networkd systemd-resolved fedora-release-container lsof strace glibc-langpack-fr"
|
||||
INSTALL_TOOL="dnf"
|
||||
OS_NAME='fedora'
|
||||
REPO_DIR="$IMAGE_NAME_RISOTTO_IMAGE_DIR/etc/yum.repos.d/"
|
||||
|
|
|
@ -1,11 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -xe
|
||||
|
||||
echo "Preprocessors"
|
||||
|
||||
if [ ! -z $https_proxy ]; then
|
||||
echo "echo 'export https_proxy=$https_proxy' > /tmp/proxy.sh" > scripts/00-proxy
|
||||
fi
|
||||
|
||||
exit 0
|
|
@ -1,63 +0,0 @@
|
|||
{
|
||||
"builders": [
|
||||
{
|
||||
"format": "qcow2",
|
||||
"headless": true,
|
||||
"output_directory": "{{user `tmp_directory`}}/output",
|
||||
"shutdown_command": "echo packer | sudo -S shutdown -P now",
|
||||
"ssh_password": "qemubuild",
|
||||
"ssh_username": "qemubuild",
|
||||
"ssh_wait_timeout": "120m",
|
||||
"type": "qemu",
|
||||
"disk_interface": "virtio",
|
||||
"vm_name": "image.img",
|
||||
"qemuargs": [
|
||||
["-drive", "file=output/image.img,if=virtio,cache=writeback,discard=ignore,format=qcow2"],
|
||||
["-drive", "if=pflash,format=raw,readonly=on,file=/usr/share/OVMF/OVMF_CODE.fd"]
|
||||
],
|
||||
"memory": "2048",
|
||||
"vnc_bind_address": "0.0.0.0",
|
||||
"disk_image": true,
|
||||
"iso_checksum": "{{user `iso_checksum` }}",
|
||||
"iso_url": "{{user `iso_url` }}",
|
||||
"iso_checksum_type": "sha256"
|
||||
}
|
||||
],
|
||||
"provisioners": [
|
||||
{
|
||||
"type": "file",
|
||||
"source": "{{user `tmp_directory`}}/scripts",
|
||||
"destination": "/tmp/scripts"
|
||||
},
|
||||
{
|
||||
"type": "shell",
|
||||
"inline": [
|
||||
"sudo chown root: /tmp/scripts/*",
|
||||
"sudo chmod +x /tmp/scripts/*",
|
||||
"sudo risotto-run-parts /tmp/scripts/"
|
||||
]
|
||||
}
|
||||
],
|
||||
"post-processors": [
|
||||
{
|
||||
"type": "shell-local",
|
||||
"inline": [
|
||||
"sleep 5",
|
||||
"mkdir -p {{user `tmp_directory`}}/tmp",
|
||||
"echo 'Syst Prep'",
|
||||
"LIBGUESTFS_BACKEND=direct virt-sysprep --delete \"/var/*\" --delete \"/home/*\" -a {{user `tmp_directory`}}/output/image.img",
|
||||
"echo 'Sparsify before shink'",
|
||||
"LIBGUESTFS_BACKEND=direct virt-sparsify --check-tmpdir=ignore --tmp {{user `tmp_directory`}}/tmp/ {{user `tmp_directory`}}/output/image.img {{user `tmp_directory`}}/output/sparse.img",
|
||||
"echo 'Shink'",
|
||||
"guestfish add {{user `tmp_directory`}}/output/sparse.img : run : resize2fs-M /dev/sda2",
|
||||
"truncate -s $(virt-df {{user `tmp_directory`}}/output/sparse.img --csv|tail -n +2|awk -F, '{x+=$3}END{print x + 16012}')K {{user `tmp_directory`}}/output/shrink.img",
|
||||
"virt-resize --shrink /dev/sda2 {{user `tmp_directory`}}/output/sparse.img {{user `tmp_directory`}}/output/shrink.img",
|
||||
"echo 'Sparsify and convert to qcow2'",
|
||||
"LIBGUESTFS_BACKEND=direct virt-sparsify --check-tmpdir=ignore --tmp {{user `tmp_directory`}}/tmp/ --compress --convert qcow2 {{user `tmp_directory`}}/output/shrink.img {{user `tmp_directory`}}/image.img",
|
||||
"echo 'SHASUM'",
|
||||
"sha256sum {{user `tmp_directory`}}/image.img > {{user `tmp_directory`}}/image.sha256",
|
||||
"rm -rf {{user `tmp_directory`}}/tmp {{user `tmp_directory`}}/output"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
|
@ -1,63 +0,0 @@
|
|||
{
|
||||
"builders": [
|
||||
{
|
||||
"format": "qcow2",
|
||||
"headless": true,
|
||||
"output_directory": "{{user `tmp_directory`}}/output",
|
||||
"shutdown_command": "echo packer | sudo -S shutdown -P now",
|
||||
"ssh_password": "qemubuild",
|
||||
"ssh_username": "qemubuild",
|
||||
"ssh_wait_timeout": "120m",
|
||||
"type": "qemu",
|
||||
"disk_interface": "virtio",
|
||||
"vm_name": "image.img",
|
||||
"qemuargs": [
|
||||
["-drive", "file=output/image.img,if=virtio,cache=writeback,discard=ignore,format=qcow2"],
|
||||
["-drive", "if=pflash,format=raw,readonly=on,file=/usr/share/OVMF/OVMF_CODE.fd"]
|
||||
],
|
||||
"memory": "2048",
|
||||
"vnc_bind_address": "0.0.0.0",
|
||||
"disk_image": true,
|
||||
"iso_checksum": "{{user `iso_checksum` }}",
|
||||
"iso_url": "{{user `iso_url` }}",
|
||||
"iso_checksum_type": "sha256"
|
||||
}
|
||||
],
|
||||
"provisioners": [
|
||||
{
|
||||
"type": "file",
|
||||
"source": "{{user `tmp_directory`}}/scripts",
|
||||
"destination": "/tmp/scripts"
|
||||
},
|
||||
{
|
||||
"type": "shell",
|
||||
"inline": [
|
||||
"sudo chown root: /tmp/scripts/*",
|
||||
"sudo chmod +x /tmp/scripts/*",
|
||||
"sudo risotto-run-parts /tmp/scripts/"
|
||||
]
|
||||
}
|
||||
],
|
||||
"post-processors": [
|
||||
{
|
||||
"type": "shell-local",
|
||||
"inline": [
|
||||
"sleep 5",
|
||||
"mkdir -p {{user `tmp_directory`}}/tmp",
|
||||
"echo 'Syst Prep'",
|
||||
"LIBGUESTFS_BACKEND=direct virt-sysprep --delete \"/var/*\" --delete \"/home/*\" -a {{user `tmp_directory`}}/output/image.img",
|
||||
"echo 'Sparsify before shink'",
|
||||
"LIBGUESTFS_BACKEND=direct virt-sparsify --check-tmpdir=ignore --tmp {{user `tmp_directory`}}/tmp/ {{user `tmp_directory`}}/output/image.img {{user `tmp_directory`}}/output/sparse.img",
|
||||
"echo 'Shink'",
|
||||
"guestfish add {{user `tmp_directory`}}/output/sparse.img : run : resize2fs-M /dev/sda2",
|
||||
"truncate -s $(virt-df {{user `tmp_directory`}}/output/sparse.img --csv|tail -n +2|awk -F, '{x+=$3}END{print x + 16384}')K {{user `tmp_directory`}}/output/shrink.img",
|
||||
"virt-resize --shrink /dev/sda2 {{user `tmp_directory`}}/output/sparse.img {{user `tmp_directory`}}/output/shrink.img",
|
||||
"echo 'Sparsify and convert to qcow2'",
|
||||
"LIBGUESTFS_BACKEND=direct virt-sparsify --check-tmpdir=ignore --tmp {{user `tmp_directory`}}/tmp/ --compress --convert qcow2 {{user `tmp_directory`}}/output/shrink.img {{user `tmp_directory`}}/image.img",
|
||||
"echo 'SHASUM'",
|
||||
"sha256sum {{user `tmp_directory`}}/image.img > {{user `tmp_directory`}}/image.sha256",
|
||||
"rm -rf {{user `tmp_directory`}}/tmp {{user `tmp_directory`}}/output"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
|
@ -1,8 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -xe
|
||||
|
||||
[ -e /tmp/proxy.sh ] && . /tmp/proxy.sh
|
||||
microdnf update
|
||||
|
||||
exit 0
|
|
@ -1,9 +0,0 @@
|
|||
#!/bin/bash
|
||||
set -xe
|
||||
|
||||
microdnf clean all
|
||||
for package in microdnf libdnf libpeas libstdc++ gobject-introspection libsolv librepo libmodulemd file-libs zchunk-libs libyaml gpgme gnupg2 libassuan libksba libusbx npth; do
|
||||
rpm -e $package || true
|
||||
done
|
||||
rm -rf /var/lib/dnf
|
||||
exit 0
|
|
@ -1,29 +0,0 @@
|
|||
#!/bin/bash
|
||||
set -xe
|
||||
|
||||
rpm -qa | sort > /tmp/rpm.txt
|
||||
# try to remove this packages
|
||||
PKG=" rpm rpm-libs curl libcurl lua-libs libarchive sqlite-libs libnghttp2 libssh libbrotli libpsl publicsuffix-list-dafsa libxml2 libssh-config elfutils-libs dbus-broker "
|
||||
# exclude package
|
||||
PKG2=""
|
||||
while read -r a; do
|
||||
pkg="$(echo "$a" | awk '{ print $1 }' | awk -F'(' '{ print $1 }')"
|
||||
[ -n "$PKG2" ] && PKG2="$PKG2\n"
|
||||
PKG2="$PKG2$pkg"
|
||||
done <<< "$( rpm --test -ev $PKG 2>&1 | grep -v ^'erreur' )"
|
||||
|
||||
while read -r b; do
|
||||
pkg=$(rpm -q $b --quiet && echo $b || rpm -qf $(find / -name $b -print -quit) --query --queryformat "%{NAME}\n";)
|
||||
echo "Ne pas désinstaller $pkg"
|
||||
PKG=${PKG// $pkg / }
|
||||
done <<< "$(echo -e $PKG2 | sort -u)"
|
||||
|
||||
echo "Suppression de $PKG"
|
||||
rpm -e $PKG
|
||||
|
||||
echo "Remove rpm database"
|
||||
rm -rf /var/lib/rpm/*
|
||||
rm -rf /usr/lib/rpm
|
||||
mv /tmp/rpm.txt /var/lib/rpm/rpm.txt
|
||||
|
||||
exit 0
|
|
@ -1,11 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -xe
|
||||
|
||||
rm -rf /etc/X11 /etc/firewalld /etc/pki/rpm-gpg /etc/yum.repos.d /etc/dconf
|
||||
make_volatile /etc
|
||||
#
|
||||
make_volatile /var/lib/rpm
|
||||
|
||||
sed -i 's/ ro$/ ro systemd.volatile=yes selinux=1 net.ifnames=0/g' /boot/efi/loader/entries/fedora.conf
|
||||
exit 0
|
|
@ -1,15 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -xe
|
||||
|
||||
find /usr/share/locale/ -mindepth 1 -maxdepth 1 ! -name fr ! -name fr_FR -exec rm -rf '{}' \;
|
||||
find /usr/lib/locale/ -mindepth 1 -maxdepth 1 ! -name fr_FR.utf8 ! -name C.utf8 -exec rm -rf '{}' \;
|
||||
find /usr/lib/kbd/keymaps/xkb/ -type f ! -name fr-oss.map.gz -delete
|
||||
find /usr/lib/kbd/consolefonts/ -type f ! -name eurlatgr.psfu.gz -delete
|
||||
rm -rf /usr/share/bash-completion
|
||||
rm -rf /usr/share/pkgconfig
|
||||
rm -rf /usr/share/licenses/
|
||||
rm -rf /usr/share/zsh
|
||||
rm -rf /usr/lib/.build-id
|
||||
rm -rf /usr/lib/debug
|
||||
exit 0
|
|
@ -1,7 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -xe
|
||||
|
||||
rm -rf /var/cache/* /var/log/*
|
||||
|
||||
exit 0
|
|
@ -1,10 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -xe
|
||||
|
||||
KERNELVERSION=$(ls /lib/modules)
|
||||
if [ -f "/boot/efi/$KERNELVERSION/initrd.cdrom" ]; then
|
||||
mv "/boot/efi/$KERNELVERSION/initrd.cdrom" "/boot/efi/$KERNELVERSION/initrd"
|
||||
fi
|
||||
|
||||
exit 0
|
|
@ -1,11 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -ex
|
||||
#
|
||||
#duperemove -rd /
|
||||
#
|
||||
#for size in 1000000000 100000000 10000000 1000000 100000 10000 1000 100 10 1; do
|
||||
# echo "========================= $size ========================="
|
||||
# while btrfs filesystem resize -$size /; do :; done
|
||||
#done
|
||||
exit 0
|
|
@ -1,63 +0,0 @@
|
|||
#!/bin/bash
|
||||
set -e
|
||||
DESTDIR='/usr/lib/tmpfiles.d'
|
||||
CONF_DST='/usr/share/factory'
|
||||
EXCLUDES="^(/etc/passwd|/etc/group|/etc/.updated|/etc/.pwd.lock|/etc/pam.d|/etc/systemd/network/dhcp.network|/etc/sudoers.d/qemubuild)$"
|
||||
ONLY_COPY="^(/etc/localtime)$"
|
||||
FORCE_LINKS="^(/etc/udev/hwdb.bin)$"
|
||||
|
||||
function file_dir_in_tmpfiles() {
|
||||
letter=$1
|
||||
directory=$2
|
||||
mode=$(stat --format "%a" "$directory")
|
||||
user=$(stat --format "%U" "$directory")
|
||||
group=$(stat --format "%G" "$directory")
|
||||
echo "$letter $directory $mode $user $group - -"
|
||||
}
|
||||
|
||||
function calc_symlink_in_tmpfiles() {
|
||||
dest_name=$1
|
||||
src_file=$(readlink "$dest_name")
|
||||
symlink_in_tmpfiles "$dest_name" "$src_file"
|
||||
}
|
||||
|
||||
function symlink_in_tmpfiles() {
|
||||
dest_name=$1
|
||||
src_file=$2
|
||||
echo "L+ $dest_name - - - - $src_file"
|
||||
}
|
||||
|
||||
function main() {
|
||||
dir_config_orig=$1
|
||||
|
||||
mkdir -p "$DESTDIR"
|
||||
mkdir -p "$CONF_DST$dir_config_orig"
|
||||
name="${dir_config_orig//\//-}"
|
||||
systemd_conf="$DESTDIR/risotto$name.conf"
|
||||
echo "" > $systemd_conf
|
||||
while IFS= read -r -d '' src_file; do
|
||||
dest_file="$CONF_DST$src_file"
|
||||
echo $src_file
|
||||
if [[ "$src_file" =~ $EXCLUDES ]]; then
|
||||
echo "$src_file: exclude" >&2
|
||||
elif [[ -L "$src_file" ]]; then
|
||||
calc_symlink_in_tmpfiles "$src_file" >> $systemd_conf
|
||||
elif [[ "$src_file" =~ $FORCE_LINKS ]]; then
|
||||
symlink_in_tmpfiles "$src_file" "$dest_file" >> $systemd_conf
|
||||
elif [[ -d "$src_file" ]]; then
|
||||
file_dir_in_tmpfiles 'd' "$src_file" >> $systemd_conf
|
||||
[[ ! -d "$dest_file" ]] && mkdir -p "$dest_file"
|
||||
#echo "$src_file: directory ok"
|
||||
else
|
||||
if [[ ! "$src_file" =~ $ONLY_COPY ]]; then
|
||||
file_dir_in_tmpfiles "C" "$src_file" >> $systemd_conf
|
||||
fi
|
||||
[[ -e "$dest_file" ]] && rm -f "$dest_file"
|
||||
# not a symlink... an hardlink
|
||||
ln "$src_file" "$dest_file"
|
||||
#echo "$src_file: file ok"
|
||||
fi
|
||||
done < <(find "$dir_config_orig" -print0)
|
||||
}
|
||||
main "$1"
|
||||
exit 0
|
|
@ -1,24 +0,0 @@
|
|||
#!/usr/bin/bash
|
||||
# run-parts - concept taken from Debian
|
||||
|
||||
set +xe
|
||||
|
||||
if [ $# -lt 1 ]; then
|
||||
echo "Usage: risotto-run-parts <dir>"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ ! -d $1 ]; then
|
||||
echo "Not a directory: $1"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Ignore *~ and *, scripts
|
||||
for i in $(LC_ALL=C; echo ${1%/}/*[^~,]) ; do
|
||||
[ -d $i ] && continue
|
||||
[ ! -x $i ] && continue
|
||||
echo "execute $i"
|
||||
$i 2>&1
|
||||
done
|
||||
|
||||
exit 0
|
|
@ -1,169 +0,0 @@
|
|||
# Keyboard layouts
|
||||
keyboard --xlayouts='fr (oss)'
|
||||
# System language
|
||||
lang fr_FR.UTF-8
|
||||
# Required settings
|
||||
rootpw qemubuild
|
||||
user --name=qemubuild --password=qemubuild --groups=wheel
|
||||
authconfig --enableshadow --enablemd5
|
||||
|
||||
# System timezone
|
||||
timezone Europe/Paris --utc
|
||||
repo --name=fedora --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-$releasever&arch=$basearch
|
||||
repo --name=updates --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f$releasever&arch=$basearch
|
||||
url --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-\$releasever&arch=\$basearch%%EXTRA_URL%%
|
||||
|
||||
# Optional settings
|
||||
#bootloader --location=mbr
|
||||
bootloader --disabled
|
||||
clearpart --all --initlabel
|
||||
firstboot --enable
|
||||
#install
|
||||
network --bootproto=dhcp
|
||||
reboot
|
||||
selinux --enforcing
|
||||
#services --enabled=sshd,zram-swap,systemd-networkd,systemd-resolved
|
||||
services --enabled=sshd --disabled=systemd-vconsole-setup
|
||||
skipx
|
||||
text
|
||||
zerombr
|
||||
|
||||
# Disk partition
|
||||
part / --fstype="ext2" --ondisk=vda --grow
|
||||
# btrfs : part btrfs.50 --fstype="btrfs" --ondisk=vda --grow
|
||||
part /boot/efi --fstype="efi" --ondisk=vda --size=30 --fsoptions="umask=0077,shortname=winnt"
|
||||
|
||||
#btrfs none --label=fedora_fedora btrfs.50
|
||||
#btrfs / --subvol --name=root LABEL=fedora_fedora
|
||||
|
||||
# Packages
|
||||
%packages --excludedocs --instLangs=fr --nocore --exclude-weakdeps
|
||||
#@core --nodefaults
|
||||
audit
|
||||
bash
|
||||
coreutils
|
||||
#dracut-config-generic
|
||||
# btrfs duperemove
|
||||
#glibc-langpack-fr
|
||||
kbd
|
||||
kernel-core
|
||||
microdnf
|
||||
openssh-server
|
||||
openssh-clients
|
||||
qemu-guest-agent
|
||||
systemd-networkd
|
||||
#rpm
|
||||
#shadow-utils
|
||||
screen
|
||||
sudo
|
||||
systemd
|
||||
#util-linux
|
||||
-zram
|
||||
#
|
||||
-kernel
|
||||
%end
|
||||
|
||||
# Post
|
||||
%post
|
||||
|
||||
# for microdnf
|
||||
touch /etc/dnf/dnf.conf
|
||||
|
||||
# add qemubuild to sudo
|
||||
echo "qemubuild ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/qemubuild
|
||||
|
||||
# remove unecessary directories
|
||||
rm -rf /usr/share/doc
|
||||
rm -rf /usr/share/licenses
|
||||
#rm -rfv /usr/share/icons/*
|
||||
# remove some random help txt files
|
||||
rm -fv /usr/share/gnupg/help*.txt
|
||||
# Pruning random things
|
||||
rm usr/lib/rpm/rpm.daily
|
||||
#some random not-that-useful binaries
|
||||
rm -fv /usr/bin/pinky
|
||||
|
||||
# if you want to change the timezone, bind-mount it from the host or reinstall tzdata
|
||||
localzone=$(readlink /etc/localtime)
|
||||
mv $localzone /tmp
|
||||
rm -rfv /usr/share/zoneinfo
|
||||
mkdir -p $(dirname $localzone)
|
||||
mv /tmp/$(basename $localzone) $localzone
|
||||
|
||||
# configure systemd-networkd
|
||||
echo """[Match]
|
||||
Name=*
|
||||
|
||||
[Network]
|
||||
DHCP=yes""" > /etc/systemd/network/dhcp.network
|
||||
SYSTEMDDIR=/usr/lib/systemd/system
|
||||
MULTI=$SYSTEMDDIR/multi-user.target.wants
|
||||
ln -sf ../systemd-networkd.service $MULTI/systemd-networkd.service
|
||||
ln -sf ../systemd-resolved.service $MULTI/systemd-resolved.service
|
||||
|
||||
# initramfs have to mount iso9660 partition
|
||||
# install bootload
|
||||
SYSDISK="/dev/vda2"
|
||||
MACHINEID=`cat /etc/machine-id`
|
||||
KERNELVERSION=`ls /lib/modules`
|
||||
DISK=`lsblk -n $SYSDISK -o uuid`
|
||||
mkdir /boot/$MACHINEID
|
||||
# btrfs : echo "root=UUID=$DISK ro rootflags=subvol=root" > /etc/kernel/cmdline
|
||||
echo "root=UUID=$DISK ro" > /etc/kernel/cmdline
|
||||
# add CDROM driver
|
||||
echo 'add_drivers+=" iso9660 "' > /etc/dracut.conf.d/cdrom.conf
|
||||
kernel-install add $KERNELVERSION /lib/modules/$KERNELVERSION/vmlinuz
|
||||
mv /boot/$MACHINEID/$KERNELVERSION /boot/efi
|
||||
# // ADD MOUNT INSTRUCTION IN INITRAMFS
|
||||
# build second initrd file that mount cdrom to /usr
|
||||
#echo 'add_fstab+=/tmp/fstab' >> /etc/dracut.conf.d/cdrom.conf
|
||||
#echo "/dev/sr0 /sysroot/usr/local/lib iso9660 ro,relatime,x-systemd.after=sysroot.mount,x-systemd.before=systemd-volatile-root.service 0 0" > /tmp/fstab
|
||||
#echo "/dev/sr0 /sysroot/usr/local/lib iso9660 ro,x-initrd.mount,nosuid,noexec,uid=0,gid=0,mode=400 0 0" > /tmp/fstab
|
||||
echo "[Unit]
|
||||
DefaultDependencies=no
|
||||
After=sysroot.mount
|
||||
Before=initrd-udevadm-cleanup-db.service
|
||||
#Before=systemd-volatile-root.service
|
||||
After=blockdev@dev-sr0.target
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=mount /dev/sr0 /sysroot/usr/local/lib -t iso9660 -o defaults,ro,nosuid,noexec,uid=0,gid=0,mode=400
|
||||
" > /usr/lib/systemd/system/sysroot-usr-local-lib.service
|
||||
|
||||
# // VERSION .mount
|
||||
#[Mount]
|
||||
#Where=/sysroot/usr/local/lib
|
||||
#What=/dev/sr0
|
||||
#Type=iso9660
|
||||
#Options=defaults,ro,nosuid,noexec,uid=0,gid=0,mode=400" > /usr/lib/systemd/system/sysroot-usr-local-lib.mount
|
||||
mkdir -p /usr/lib/systemd/system/initrd-root-fs.target.requires
|
||||
cd /usr/lib/systemd/system/initrd-root-fs.target.requires
|
||||
#ln -sf ../sysroot-usr-local-lib.mount .
|
||||
ln -sf ../sysroot-usr-local-lib.service .
|
||||
#echo 'install_items+=" /usr/lib/systemd/system/sysroot-usr-local-lib.mount /usr/lib/systemd/system/initrd-root-fs.target.requires/sysroot-usr-local-lib.mount "' >> /etc/dracut.conf.d/cdrom.conf
|
||||
echo 'install_items+=" /usr/lib/systemd/system/sysroot-usr-local-lib.service /usr/lib/systemd/system/initrd-root-fs.target.requires/sysroot-usr-local-lib.service "' >> /etc/dracut.conf.d/cdrom.conf
|
||||
kernel-install add $KERNELVERSION /lib/modules/$KERNELVERSION/vmlinuz
|
||||
mv /boot/$MACHINEID/$KERNELVERSION/initrd /boot/efi/$KERNELVERSION/initrd.cdrom
|
||||
rm -f /etc/dracut.conf.d/cdrom.conf
|
||||
// END INITRAMFS
|
||||
# rename entry file without machine ID
|
||||
mv /boot/loader/entries/$MACHINEID-$KERNELVERSION.conf /boot/loader/entries/fedora.conf
|
||||
sed -i "/^machine-id /d" /boot/loader/entries/fedora.conf
|
||||
sed -i "s@/boot/$MACHINEID/$KERNELVERSION/@/$KERNELVERSION/@g" /boot/loader/entries/fedora.conf
|
||||
# move it in EFI directory for systemd-boot
|
||||
mv /boot/loader /boot/efi
|
||||
# remove unused file
|
||||
rm -rf /lib/modules/$KERNELVERSION/vmlinuz /boot/initramfs* /boot/$MACHINEID
|
||||
# install systemd-boot
|
||||
bootctl install
|
||||
|
||||
# remove authselect and dracut
|
||||
microdnf -y remove dracut xz acl authselect authselect-compat authselect-libs chrony cpio libkcapi-hmaccalc libkcapi linux-firmware linux-firmware-whence
|
||||
# remove python3
|
||||
microdnf -y remove python3 python3-libs python-pip-wheel python-setuptools-wheel gdbm-libs
|
||||
# remove langpacks fr
|
||||
microdnf -y remove langpacks-fr langpacks-core-fr langpacks-core-font-fr dejavu-sans-fonts fonts-filesystem
|
||||
rm -f /var/lib/systemd/random-seed
|
||||
rm -rfv /var/lib/authselect
|
||||
%end
|
|
@ -1,13 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -xe
|
||||
|
||||
echo "Preprocessors"
|
||||
|
||||
if [ ! -z $https_proxy ]; then
|
||||
sed -i "s@%%EXTRA_URL%%@ --proxy=$https_proxy@g" http/ks-34.cfg
|
||||
else
|
||||
sed -i "s@%%EXTRA_URL%%@@g" http/ks-34.cfg
|
||||
fi
|
||||
|
||||
exit 0
|
|
@ -1,71 +0,0 @@
|
|||
{
|
||||
"builders": [
|
||||
{
|
||||
"format": "qcow2",
|
||||
"headless": true,
|
||||
"output_directory": "{{user `tmp_directory`}}/output",
|
||||
"shutdown_command": "echo packer | sudo -S shutdown -P now",
|
||||
"ssh_password": "qemubuild",
|
||||
"ssh_username": "qemubuild",
|
||||
"ssh_wait_timeout": "120m",
|
||||
"type": "qemu",
|
||||
"disk_interface": "virtio",
|
||||
"vm_name": "image.img",
|
||||
"qemuargs": [
|
||||
["-drive", "file=output/image.img,if=virtio,cache=writeback,discard=ignore,format=qcow2"],
|
||||
["-drive", "if=pflash,format=raw,readonly=on,file=/usr/share/OVMF/OVMF_CODE.fd"]
|
||||
],
|
||||
"memory": "2048",
|
||||
"vnc_bind_address": "0.0.0.0",
|
||||
"boot_command": [
|
||||
"<up>e<down><down><end> inst.text inst.gpt inst.ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/ks-34.cfg <leftCtrlOn>x<leftCtrlOff> <wait>"
|
||||
],
|
||||
"disk_size": "4096",
|
||||
"iso_checksum_type": "sha256",
|
||||
"iso_checksum": "e1a38b9faa62f793ad4561b308c31f32876cfaaee94457a7a9108aaddaeec406",
|
||||
"iso_url": "https://download.fedoraproject.org/pub/fedora/linux/releases/34/Server/x86_64/iso/Fedora-Server-netinst-x86_64-34-1.2.iso",
|
||||
"http_directory": "{{user `tmp_directory`}}/http"
|
||||
}
|
||||
],
|
||||
"provisioners": [
|
||||
{
|
||||
"type": "file",
|
||||
"source": "{{user `tmp_directory`}}/bin",
|
||||
"destination": "/tmp/bin"
|
||||
},
|
||||
{
|
||||
"type": "shell",
|
||||
"inline": [
|
||||
"sudo mv /tmp/bin/* /usr/local/bin",
|
||||
"sudo chown root: /usr/local/bin/*",
|
||||
"sudo chmod +x /usr/local/bin/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"type": "file",
|
||||
"source": "{{user `tmp_directory`}}/scripts",
|
||||
"destination": "/tmp/scripts"
|
||||
},
|
||||
{
|
||||
"type": "shell",
|
||||
"inline": [
|
||||
"sudo chown root: /tmp/scripts/*",
|
||||
"sudo chmod +x /tmp/scripts/*",
|
||||
"sudo risotto-run-parts /tmp/scripts/"
|
||||
]
|
||||
}
|
||||
],
|
||||
"post-processors": [
|
||||
{
|
||||
"type": "shell-local",
|
||||
"inline": [
|
||||
"sleep 5",
|
||||
"mkdir -p {{user `tmp_directory`}}/tmp",
|
||||
"LIBGUESTFS_BACKEND=direct virt-sysprep -a {{user `tmp_directory`}}/output/image.img",
|
||||
"LIBGUESTFS_BACKEND=direct virt-sparsify --check-tmpdir=ignore --tmp {{user `tmp_directory`}}/tmp/ --compress {{user `tmp_directory`}}/output/image.img {{user `tmp_directory`}}/image.img",
|
||||
"sha256sum {{user `tmp_directory`}}/image.img > {{user `tmp_directory`}}/image.sha256",
|
||||
"rm -rf {{user `tmp_directory`}}/tmp {{user `tmp_directory`}}/output"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
|
@ -1,7 +0,0 @@
|
|||
#!/bin/bash
|
||||
set -xe
|
||||
|
||||
echo VACUUM |sqlite3 /var/lib/rpm/rpmdb.sqlite
|
||||
|
||||
exit 0
|
||||
|
|
@ -1,19 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -xe
|
||||
|
||||
find /usr/share/locale/ -mindepth 1 -maxdepth 1 ! -name fr ! -name fr_FR -exec rm -rf '{}' \;
|
||||
find /usr/lib/locale/ -mindepth 1 -maxdepth 1 ! -name fr_FR.utf8 ! -name C.utf8 -exec rm -rf '{}' \;
|
||||
find /usr/share/terminfo -mindepth 1 -maxdepth 1 ! -name l ! -name d ! -name s -exec rm -rf '{}' \;
|
||||
find /usr/share/terminfo/s/screen -type f ! -name screen-256color -delete
|
||||
find /usr/lib/kbd/keymaps/xkb/ -type f ! -name fr-oss.map.gz -delete
|
||||
find /usr/lib/kbd/consolefonts/ -type f ! -name eurlatgr.psfu.gz -delete
|
||||
rm -rf /usr/lib/kbd/consoletrans
|
||||
rm -rf /usr/lib/kbd/unimaps
|
||||
rm -rf /usr/lib/kernel
|
||||
rm -rf /usr/lib/systemd/boot
|
||||
rm -rf /usr/share/bash-completion
|
||||
rm -rf /usr/share/pkgconfig
|
||||
rm -rf /usr/share/licenses/
|
||||
rm -rf /usr/lib/debug
|
||||
exit 0
|
|
@ -1,5 +1,10 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<rougail version="0.10">
|
||||
<services>
|
||||
<service name="base" manage="False">
|
||||
<file engine="none">/etc/locale.conf</file>
|
||||
</service>
|
||||
</services>
|
||||
<variables>
|
||||
<family name='general' description="Général">
|
||||
<variable name="zones_list" type="string" multi="True" description="Liste de toutes les zones" hidden="True"/>
|
||||
|
|
|
@ -19,9 +19,6 @@
|
|||
<variable name="gitea_lfs_jwt_secret" type="password" hidden="True"/>
|
||||
</family>
|
||||
<family name="nginx">
|
||||
<variable name="revprox_client_location" redefine="True">
|
||||
<value>/gitea/</value>
|
||||
</variable>
|
||||
<variable name="revprox_client_local_location" redefine="True">
|
||||
<value>/</value>
|
||||
</variable>
|
||||
|
@ -82,23 +79,19 @@
|
|||
<param name="length" type="number">43</param>
|
||||
<target>gitea_lfs_jwt_secret</target>
|
||||
</fill>
|
||||
<fill name="calc_value">
|
||||
<param>https://</param>
|
||||
<fill name="calc_oauth2_client_external">
|
||||
<param type="variable" optional="True">revprox_client_external_domainname</param>
|
||||
<param type="variable" optional="True">revprox_client_location</param>
|
||||
<param>user/oauth2/</param>
|
||||
<param type="variable">domain_name_eth0</param>
|
||||
<param>/callback</param>
|
||||
<param name="join"></param>
|
||||
<target>oauth2_client_login</target>
|
||||
</fill>
|
||||
<fill name="calc_value">
|
||||
<param>https://</param>
|
||||
<fill name="calc_oauth2_client_external">
|
||||
<param type="variable">revprox_client_external_domainname</param>
|
||||
<param type="variable">revprox_client_location</param>
|
||||
<param>user/oauth2/</param>
|
||||
<param type="variable">domain_name_eth0</param>
|
||||
<param name="join"></param>
|
||||
<target>oauth2_client_external</target>
|
||||
</fill>
|
||||
</constraints>
|
||||
|
|
|
@ -8,17 +8,16 @@ VERSION=$(wget https://dl.gitea.io/gitea/version.json -q -O - | jq -r '.latest.v
|
|||
|
||||
mkdir -p ~/gitea/
|
||||
|
||||
if [ ! -f "~/gitea/gitea-$VERSION-linux-amd64.xz" ]; then
|
||||
wget https://dl.gitea.io/gitea/$VERSION/gitea-$VERSION-linux-amd64.xz -O ~/gitea/gitea-$VERSION-linux-amd64.xz
|
||||
if [ ! -f ~/"gitea/gitea-$VERSION-linux-amd64.xz" ]; then
|
||||
wget "https://dl.gitea.io/gitea/$VERSION/gitea-$VERSION-linux-amd64.xz" -O ~/"gitea/gitea-$VERSION-linux-amd64.xz"
|
||||
fi
|
||||
if [ ! -f "~/gitea/gitea-$VERSION-linux-amd64.xz.asc" ]; then
|
||||
wget https://dl.gitea.io/gitea/$VERSION/gitea-$VERSION-linux-amd64.xz.asc -O ~/gitea/gitea-$VERSION-linux-amd64.xz.asc
|
||||
if [ ! -f ~/"gitea/gitea-$VERSION-linux-amd64.xz.asc" ]; then
|
||||
wget "https://dl.gitea.io/gitea/$VERSION/gitea-$VERSION-linux-amd64.xz.asc" -O ~/"gitea/gitea-$VERSION-linux-amd64.xz.asc"
|
||||
fi
|
||||
|
||||
gpg --verify ~/gitea/gitea-$VERSION-linux-amd64.xz.asc ~/gitea/gitea-$VERSION-linux-amd64.xz
|
||||
|
||||
cp -a ~/gitea/gitea-$VERSION-linux-amd64.xz .
|
||||
xz -d gitea-$VERSION-linux-amd64.xz
|
||||
mv gitea-$VERSION-linux-amd64 $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/bin/gitea
|
||||
chmod +x $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/bin/gitea
|
||||
gpg --verify ~/"gitea/gitea-$VERSION-linux-amd64.xz.asc" ~/"gitea/gitea-$VERSION-linux-amd64.xz"
|
||||
|
||||
cp -a ~/"gitea/gitea-$VERSION-linux-amd64.xz" .
|
||||
xz -d "gitea-$VERSION-linux-amd64.xz"
|
||||
mv "gitea-$VERSION-linux-amd64" "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/bin/gitea"
|
||||
chmod +x "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/bin/gitea"
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
<variable name="host_install_dir" type="filename" description="Nom du répertoire comprenant les descriptions d'installation" mandatory="True"/>
|
||||
<variable name="host_dhcp_interface" description="Carte réseau en DHCP" multi="True"/>
|
||||
<variable name="host_dhcp_filename" type="filename" hidden="True" multi="True"/>
|
||||
<variable name="host_name" type="hostname" hidden="True"/>
|
||||
<variable name="host_name" type="domainname" hidden="True"/>
|
||||
<variable name="systemd_zone_filename" type="filename" hidden="True" multi="True"/>
|
||||
<variable name="systemd_netzone_filename" type="filename" hidden="True" multi="True"/>
|
||||
<family name="zones" leadership="True">
|
||||
|
|
|
@ -21,11 +21,6 @@
|
|||
<variable name="mailman_domains" type="domainname" description="Nom de domaine des listes" multi="True" mandatory="True" provider="domain_list"/>
|
||||
<variable name="postorius_secret_key" type="password" description="Internal secret key" mandatory="True" hidden="True" auto_save="True"/>
|
||||
</family>
|
||||
<family name="nginx">
|
||||
<variable name="revprox_client_location" redefine="True">
|
||||
<value>/mailman</value>
|
||||
</variable>
|
||||
</family>
|
||||
<family name="oauth2_client">
|
||||
<variable name="oauth2_is_client_application" redefine='True'>
|
||||
<value>True</value>
|
||||
|
@ -50,12 +45,10 @@
|
|||
<param name="type">cleartext</param>
|
||||
<target>postorius_secret_key</target>
|
||||
</fill>
|
||||
<fill name="calc_value">
|
||||
<param>https://</param>
|
||||
<fill name="calc_oauth2_client_external">
|
||||
<param type="variable">revprox_client_external_domainname</param>
|
||||
<param type="variable">revprox_client_location</param>
|
||||
<param>/accounts/risotto/login/</param>
|
||||
<param name="join"></param>
|
||||
<target>oauth2_client_external</target>
|
||||
</fill>
|
||||
</constraints>
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
from utils import multi_function as _multi_function
|
||||
from risotto.utils import multi_function as _multi_function
|
||||
from itertools import chain
|
||||
|
||||
|
||||
|
|
|
@ -18,11 +18,6 @@
|
|||
<variable name="nextcloud_mail_admin" type="mail" mandatory="True"/>
|
||||
<variable name="nextcloud_instance_id" type="password" auto_freeze="True" hidden="True"/>
|
||||
</family>
|
||||
<family name="nginx">
|
||||
<variable name="revprox_client_location" redefine="True">
|
||||
<value>/nextcloud</value>
|
||||
</variable>
|
||||
</family>
|
||||
<family name="oauth2_client">
|
||||
<variable name="oauth2_is_client_application" redefine='True'>
|
||||
<value>True</value>
|
||||
|
|
|
@ -44,9 +44,13 @@ fi
|
|||
/usr/bin/php /usr/share/nextcloud/occ ldap:set-config s01 ldapUserDisplayName "sn"
|
||||
/usr/bin/php /usr/share/nextcloud/occ ldap:set-config s01 ldapConfigurationActive "1"
|
||||
#/usr/bin/php /usr/share/nextcloud/occ ldap:set-config s01 ldapTLS "1"
|
||||
# cron
|
||||
# Cron
|
||||
/usr/bin/php /usr/share/nextcloud/occ config:app:set core backgroundjobs_mode --value=cron
|
||||
# need network
|
||||
# Need network
|
||||
/usr/bin/php /usr/share/nextcloud/occ app:disable weather_status
|
||||
# Maintenance
|
||||
/usr/bin/php /usr/share/nextcloud/occ upgrade
|
||||
/usr/bin/php /usr/share/nextcloud/occ files:scan --all -q
|
||||
/usr/bin/php /usr/share/nextcloud/occ maintenance:repair -q
|
||||
|
||||
exit 0
|
||||
|
|
|
@ -9,8 +9,6 @@ WorkingDirectory=/usr/share/nextcloud
|
|||
#FIXME
|
||||
ExecStart=+/usr/bin/chmod +w /etc/nextcloud/config.php
|
||||
ExecStart=/etc/nextcloud/nextcloud.init
|
||||
ExecStart=/usr/bin/php occ files:scan --all -q
|
||||
ExecStart=/usr/bin/php occ maintenance:repair -q
|
||||
ExecStart=+/usr/bin/chmod -w /etc/nextcloud/config.php
|
||||
User=apache
|
||||
Group=apache
|
||||
|
|
|
@ -0,0 +1,2 @@
|
|||
sed -i 's@error_log syslog:server=unix:/dev/log;@error_log syslog:server=unix:/dev/log debug;@g' /etc/nginx/nginx.conf
|
||||
systemctl restart nginx
|
|
@ -22,7 +22,7 @@
|
|||
<family name="nginx" description="NGINX" help="Paramétrage global de NGINX">
|
||||
<variable name="nginx_default" redefine="True" remove_fill="True"/>
|
||||
<variable name="revprox_domainnames" type="domainname" description="Nom des domaines à configurer dans le serveur mandataire inverse" help="Liste des domaines gérés par le serveur mandataire inverse" multi="True"/>
|
||||
<variable name="revprox_domainnames_auto" type="domainname" description="Nom des domaines auto-configurés dans le serveur mandataire inverse" multi="True" provider="clients" hidden="True"/>
|
||||
<variable name="revprox_domainnames_auto" type="domainname" description="Nom des domaines auto-configurés dans le serveur mandataire inverse" multi="True" provider="revprox_clients" hidden="True"/>
|
||||
<variable name="revprox_domainnames_all" type="domainname" description="Tous les noms de domaines" multi="True" hidden="True"/>
|
||||
<variable name='nginx_private_key_filename' type="filename" description="Private key filename" hidden='True' multi='True'/>
|
||||
<variable name='nginx_certificate_filename' type="filename" description="Certificate filename" hidden='True' multi='True'/>
|
||||
|
|
|
@ -6,8 +6,9 @@
|
|||
<value>False</value>
|
||||
</variable>
|
||||
<family name="reverse_proxy_" description="Reverse proxy" help="Paramètrage du proxy inverse" leadership="True">
|
||||
<variable name="revprox_location_" type="filename" description="Répertoire ou nom de la page à rediriger" help="URL relative (sans le nom de domaine) redirigée pour l'adresse définie dans la variable ci-dessus (exemple "/mail")" mandatory="True" multi="True" provider="location"/>
|
||||
<variable name="revprox_url_" type="web_address" description="Domaine de destination ou URI complète" mandatory="True" help="Nom de domaine ou IP de destination, par exemple "http://domainelocal" ou URI, par exemple "http://domainelocal/dir/"" provider="url"/>
|
||||
<variable name="revprox_location_" type="filename" description="Répertoire ou nom de la page à rediriger" help="URL relative (sans le nom de domaine) redirigée pour l'adresse définie dans la variable ci-dessus (exemple "/mail")" mandatory="True" multi="True" provider="revprox_location"/>
|
||||
<variable name="revprox_url_" type="web_address" description="Domaine de destination ou URI complète" mandatory="True" help="Nom de domaine ou IP de destination, par exemple "http://domainelocal" ou URI, par exemple "http://domainelocal/dir/"" provider="revprox_url"/>
|
||||
<variable name="revprox_is_websocket_" type="boolean" description="Le point d'entré est de types websocket" mandatory="True" provider="revprox_is_websocket"/>
|
||||
</family>
|
||||
</family>
|
||||
</variables>
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
from typing import List as _List
|
||||
from utils import multi_function
|
||||
from risotto.utils import multi_function
|
||||
|
||||
|
||||
@multi_function
|
||||
|
|
|
@ -39,7 +39,7 @@ server {
|
|||
|
||||
# Configuration HTTPS %%domainname
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen 443 ssl http2;
|
||||
ssl_certificate %%nginx_certificate_filename[%%idx];
|
||||
ssl_certificate_key %%nginx_private_key_filename[%%idx];
|
||||
ssl_client_certificate %%nginx_chain_filename[%%idx];
|
||||
|
@ -52,11 +52,11 @@ server {
|
|||
%for %%location in %%revprox['revprox_location_' + family]
|
||||
location %%location {
|
||||
# FIXME proxy_bind A.A.A.A;
|
||||
%set %%location_str = %%str(%%location)
|
||||
%if %%location_str != '/' and not %%location_str.endswith('/')
|
||||
rewrite ^(%%location_str)$ $1/ permanent;
|
||||
%end if
|
||||
proxy_pass %%location['revprox_url_' + family];
|
||||
# %if %%location['revprox_is_websocket_' + family]
|
||||
# proxy_set_header Upgrade $http_upgrade;
|
||||
# proxy_set_header Connection "upgrade";
|
||||
# %else
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
|
@ -65,6 +65,7 @@ server {
|
|||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Destination $dest;
|
||||
# %end if
|
||||
proxy_ssl_trusted_certificate /etc/pki/ca-trust/source/anchors/ca_ReverseProxy.crt;
|
||||
proxy_ssl_verify on;
|
||||
proxy_ssl_verify_depth 2;
|
||||
|
@ -73,6 +74,7 @@ server {
|
|||
index error.html;
|
||||
root /var/www/html;
|
||||
}
|
||||
# If user missing '/'
|
||||
%if %%location_str != '/' and %%location_str.endswith('/')
|
||||
location %%location_str[:-1] {
|
||||
rewrite ^(%%location_str[:-1])$ $1/ permanent;
|
||||
|
|
|
@ -1,9 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -xe
|
||||
|
||||
[ -e /tmp/proxy.sh ] && . /tmp/proxy.sh
|
||||
microdnf -y --nodocs --noplugins install nsd
|
||||
# make_volatile /var/lib/nsd
|
||||
|
||||
exit 0
|
|
@ -68,11 +68,9 @@
|
|||
<param name="dynamic" type="variable">oauth2_client_id</param>
|
||||
<target>oauth2_client_token_signature_algo</target>
|
||||
</check>
|
||||
<fill name="calc_value">
|
||||
<param>https://</param>
|
||||
<fill name="calc_oauth2_client_external">
|
||||
<param type="variable" optional="True">revprox_client_external_domainname</param>
|
||||
<param type="variable" optional="True">revprox_client_location</param>
|
||||
<param name="join"></param>
|
||||
<target>oauth2_client_external</target>
|
||||
</fill>
|
||||
<condition name="disabled_if_in" source="oauth2_is_client_application">
|
||||
|
|
|
@ -1,7 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -xe
|
||||
|
||||
microdnf -y --nodocs --noplugins install openldap-servers
|
||||
|
||||
exit 0
|
|
@ -1 +1 @@
|
|||
PKG="$PKG postgresql-server glibc-langpack-fr"
|
||||
PKG="$PKG postgresql-server"
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
<variable name="container_config_path" type="filename" description="Nom du répertoire racine des configurations">
|
||||
<value>/var/lib/risotto/configurations</value>
|
||||
</variable>
|
||||
<variable name="host" type="hostname" description="Machine où est démarrer le conteneur" mandatory="True"/>
|
||||
<variable name="host" type="domainname" description="Machine où est démarrer le conteneur" mandatory="True"/>
|
||||
<variable name="external_ports" type="port" description="Port exposé depuis l'extérieur" multi="True"/>
|
||||
<variable name="srv_dir" type="filename" hidden="True"/>
|
||||
<variable name="config_dir" type="filename" hidden="True" mandatory="True"/>
|
||||
|
|
|
@ -12,9 +12,14 @@
|
|||
<variable name="revprox_client_server_domainname" type="domainname" description="Nom de domaine du serveur mandataire inverse" mandatory='True'/>
|
||||
<variable name="revprox_client_server_ip" type="ip" hidden='True'/>
|
||||
<variable name="revprox_client_external_domainname" type="domainname" description="Nom de domaine exterieur du serveur" mandatory='True' provider="external_domainname"/>
|
||||
<variable name="revprox_client_location" type="filename" description="Nom de l'arborescence racine du site" mandatory="True">
|
||||
<family name="revprox_client" description="Point d'entré des clients" leadership="True">
|
||||
<variable name="revprox_client_location" type="filename" description="Nom de l'arborescence racine du site" mandatory="True" multi="True">
|
||||
<value>/</value>
|
||||
</variable>
|
||||
<variable name="revprox_client_is_websocket" type="boolean" description="Le point d'entré est de types websocket" mandatory="True">
|
||||
<value>False</value>
|
||||
</variable>
|
||||
</family>
|
||||
<variable name="revprox_client_local_location" type="filename" description="Nom de l'arborescene racine du site localement" hidden='True'/>
|
||||
<variable name="revprox_client_web_address" type="web_address" description="Nom de domaine du client du mandataire inverse" hidden='True'/>
|
||||
<variable name="revprox_client_port" type="port" description="Port du client du mandataire inverse" hidden='True'>
|
||||
|
@ -58,7 +63,7 @@
|
|||
</fill>
|
||||
<fill name="set_linked">
|
||||
<param name="linked_server" type="variable">revprox_client_server_domainname</param>
|
||||
<param name="linked_provider">clients</param>
|
||||
<param name="linked_provider">revprox_clients</param>
|
||||
<param name="linked_value" type="variable">revprox_client_external_domainname</param>
|
||||
<param name="linked_returns">ip</param>
|
||||
<param name="dynamic">0</param>
|
||||
|
@ -66,15 +71,22 @@
|
|||
</fill>
|
||||
<check name="set_linked_configuration">
|
||||
<param name="linked_server" type="variable">revprox_client_server_domainname</param>
|
||||
<param name="linked_provider">location</param>
|
||||
<param name="linked_provider">revprox_location</param>
|
||||
<param name="dynamic" type="variable">revprox_client_external_domainname</param>
|
||||
<target>revprox_client_location</target>
|
||||
</check>
|
||||
<check name="set_linked_configuration">
|
||||
<param name="linked_server" type="variable">revprox_client_server_domainname</param>
|
||||
<param name="leader_provider">location</param>
|
||||
<param name="linked_provider">revprox_is_websocket</param>
|
||||
<param name="dynamic" type="variable">revprox_client_external_domainname</param>
|
||||
<param name="leader_index" type="index"/>
|
||||
<target>revprox_client_is_websocket</target>
|
||||
</check>
|
||||
<check name="set_linked_configuration">
|
||||
<param name="linked_server" type="variable">revprox_client_server_domainname</param>
|
||||
<param name="linked_provider">revprox_url</param>
|
||||
<param name="leader_provider">revprox_location</param>
|
||||
<param name="leader_value" type="variable">revprox_client_location</param>
|
||||
<param name="linked_provider">url</param>
|
||||
<param name="dynamic" type="variable">revprox_client_external_domainname</param>
|
||||
<target>revprox_client_web_address</target>
|
||||
</check>
|
||||
|
|
|
@ -12,11 +12,6 @@
|
|||
<family name="roundcube" description="Interface web de consultation des courriels Roundcube">
|
||||
<variable name="roundcube_des_key" type="secret" auto_freeze="True" hidden="True"/>
|
||||
</family>
|
||||
<family name="nginx">
|
||||
<variable name="revprox_client_location" redefine="True">
|
||||
<value>/roundcube</value>
|
||||
</variable>
|
||||
</family>
|
||||
<family name="oauth2_client">
|
||||
<variable name="oauth2_is_client_application" redefine='True'>
|
||||
<value>True</value>
|
||||
|
@ -37,12 +32,10 @@
|
|||
<param name="type">cleartext</param>
|
||||
<target>roundcube_des_key</target>
|
||||
</fill>
|
||||
<fill name="calc_value">
|
||||
<param>https://</param>
|
||||
<fill name="calc_oauth2_client_external">
|
||||
<param type="variable" optional="True">revprox_client_external_domainname</param>
|
||||
<param type="variable" optional="True">revprox_client_location</param>
|
||||
<param>/index.php/login/oauth</param>
|
||||
<param name="join"></param>
|
||||
<target>oauth2_client_login</target>
|
||||
</fill>
|
||||
</constraints>
|
||||
|
|
|
@ -1,9 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -xe
|
||||
|
||||
[ -e /tmp/proxy.sh ] && . /tmp/proxy.sh
|
||||
microdnf -y --nodocs --noplugins install unbound
|
||||
make_volatile /var/lib/unbound
|
||||
|
||||
exit 0
|
|
@ -578,6 +578,13 @@ server:
|
|||
|
||||
# Ignore chain of trust. Domain is treated as insecure.
|
||||
# domain-insecure: "example.com"
|
||||
#>GNUNUX
|
||||
%for %%authority in %%unbound_forward_address
|
||||
%for %%zone in %%authority.unbound_forward_zones
|
||||
domain-insecure: "%%zone"
|
||||
%end for
|
||||
%end for
|
||||
#<GNUNUX
|
||||
|
||||
# Override the date for validation with a specific fixed date.
|
||||
# Do not set this unless you are debugging signature inception
|
||||
|
|
|
@ -9,10 +9,14 @@
|
|||
</services>
|
||||
<variables>
|
||||
<family name="nginx">
|
||||
<family name="revprox_client">
|
||||
<variable name="revprox_client_location" redefine="True">
|
||||
<value>/vaultwarden</value>
|
||||
<value>/</value>
|
||||
<value>/notifications/hub</value>
|
||||
<value>/notifications/hub/negotiate</value>
|
||||
</variable>
|
||||
<variable name="revprox_client_cert_group" redefine="True" hidden="True">
|
||||
</family>
|
||||
<variable name="revprox_client_cert_owner" redefine="True" hidden="True">
|
||||
<value>vaultwarden</value>
|
||||
</variable>
|
||||
</family>
|
||||
|
@ -42,5 +46,12 @@
|
|||
<fill name="gen_uuid">
|
||||
<target>vaultwarden_device_identifier</target>
|
||||
</fill>
|
||||
<fill name="calc_value">
|
||||
<param type="boolean">True</param>
|
||||
<param name="default" type="boolean">False</param>
|
||||
<param name="condition" type="variable">revprox_client_location</param>
|
||||
<param name="expected">/notifications/hub</param>
|
||||
<target>revprox_client_is_websocket</target>
|
||||
</fill>
|
||||
</constraints>
|
||||
</rougail>
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
# locale in jslib/common/src/models/domain/globalState.ts is "en" by default, change it to "fr"
|
||||
# this information is store in browser local storage
|
||||
sed -i 's/this.locale="en",/this.locale="fr",/g' $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/share/vaultwarden/app/main.*.js
|
|
@ -256,7 +256,11 @@ INVITATION_ORG_NAME=%%vaultwarden_org_name
|
|||
## For U2F to work, the server must use HTTPS, you can use Let's Encrypt for free certs
|
||||
# DOMAIN=https://bw.domain.tld:8443
|
||||
#>GNUNUX
|
||||
DOMAIN=https://%%revprox_client_external_domainname%%revprox_client_location
|
||||
%set %%location = %%str(%%revprox_client_location[0])
|
||||
%if %%location.endswith('/')
|
||||
%set %%location = %%location[:-1]
|
||||
%end if
|
||||
DOMAIN=https://%%revprox_client_external_domainname%%location
|
||||
#<GNUNUX
|
||||
|
||||
## Allowed iframe ancestors (Know the risks!)
|
||||
|
@ -305,7 +309,7 @@ DOMAIN=https://%%revprox_client_external_domainname%%revprox_client_location
|
|||
# ROCKET_TLS={certs="/path/to/certs.pem",key="/path/to/key.pem"}
|
||||
#>GNUNUX
|
||||
ROCKET_PORT=443
|
||||
ROCKET_TLS='{certs="/etc/pki/tls/certs/revproxy.crt",key="/etc/pki/tls/private/revproxy.key"}'
|
||||
ROCKET_TLS='{certs="/etc/pki/tls/certs/revprox.crt",key="/etc/pki/tls/private/revprox.key"}'
|
||||
#<GNUNUX
|
||||
|
||||
## Mail specific settings, set SMTP_HOST and SMTP_FROM to enable the mail service.
|
||||
|
@ -322,9 +326,9 @@ ROCKET_TLS='{certs="/etc/pki/tls/certs/revproxy.crt",key="/etc/pki/tls/private/r
|
|||
# SMTP_TIMEOUT=15
|
||||
#>GNUNUX
|
||||
SMTP_HOST=%%smtp_relay_address
|
||||
SMTP_FROM=root@%%domain_name_eth0
|
||||
SMTP_FROM=%%vaultwarden_admin_email
|
||||
SMTP_FROM_NAME=%%domain_name_eth0
|
||||
SMTP_PORT=587
|
||||
SMTP_PORT=25
|
||||
SMTP_SSL=true
|
||||
#SMTP_EXPLICIT_TLS=true
|
||||
SMTP_TIMEOUT=15
|
||||
|
|
Loading…
Reference in a new issue