diff --git a/bin/checkEnvFiles.sh b/bin/checkEnvFiles.sh index 382d390..1393582 100755 --- a/bin/checkEnvFiles.sh +++ b/bin/checkEnvFiles.sh @@ -6,8 +6,6 @@ setKazVars RUN_PASS_DIR="secret" TMPL_PASS_DIR="secret.tmpl" -RUN_PASS_FILE="${RUN_PASS_DIR}/SetAllPass.sh" -TMPL_PASS_FILE="${TMPL_PASS_DIR}/SetAllPass.sh" NEED_GEN= ######################################## @@ -48,7 +46,12 @@ getVars () { # get lvalues in script getSettedVars () { # $1 : filename - grep "^[^#]*=..*" $1 | grep -v '^[^#]*=".*--clean_val--.*"' | grep -v '^[^#]*="${' | sort -u + grep -E "^[^=#]*(USER|PASS|TOKEN|DATABASE|ACCOUNT|LOGIN|KEY)[^#]*=..*" ./* | grep -vE '^[^#=]*=.*@@(user|pass|db|token|gv|cv)@@.*' | sort -u +} + +getUnsettedVars () { + # $1 : filename + grep -vE '^[^#=]*=.*@@(user|pass|db|token|gv|cv)@@.*' ./* | sort -u } getVarFormVal () { @@ -57,60 +60,6 @@ getVarFormVal () { grep "^[^#]*=$1" $2 | sed 's/\s*\([^=]*\).*/\1/' } -######################################## -# synchronized SetAllPass.sh (find missing lvalues) -updatePassFile () { - # $1 : ref filename - # $2 : target filename - - REF_FILE="$1" - TARGET_FILE="$2" - NEED_UPDATE= - while : ; do - declare -a listRef listTarget missing - listRef=($(getVars "${REF_FILE}")) - listTarget=($(getVars "${TARGET_FILE}")) - missing=($(comm -23 <(printf "%s\n" ${listRef[@]}) <(printf "%s\n" ${listTarget[@]}))) - if [ -n "${missing}" ]; then - echo "missing vars in ${YELLOW}${BOLD}${TARGET_FILE}${NC}:${RED}${BOLD}" ${missing[@]} "${NC}" - read -p "Do you want to add them? [y/n]: " yn - case $yn in - ""|[Yy]*) - emacs "${REF_FILE}" "${TARGET_FILE}" - NEED_UPDATE=true - break - ;; - [Nn]*) - break - ;; - esac - else - break - fi - done -} - -updatePassFile "${TMPL_PASS_FILE}" "${RUN_PASS_FILE}" -[ -n "${NEED_UPDATE}" ] && NEED_GEN=true -updatePassFile "${RUN_PASS_FILE}" "${TMPL_PASS_FILE}" - -######################################## -# check empty pass in TMPL_PASS_FILE -declare -a settedVars -settedVars=($(getSettedVars "${TMPL_PASS_FILE}")) -if [ -n "${settedVars}" ]; then - echo "unclear password in ${YELLOW}${BOLD}${TMPL_PASS_FILE}${NC}:${BLUE}${BOLD}" - for var in ${settedVars[@]}; do - echo -e "\t${var}" - done - echo "${NC}" - read -p "Do you want to clear them? [y/n]: " yn - case $yn in - ""|[Yy]*) - emacs "${TMPL_PASS_FILE}" - ;; - esac -fi ######################################## # check new files env-* @@ -146,7 +95,7 @@ createMissingEnv "${TMPL_PASS_DIR}" "${RUN_PASS_DIR}" declare -a listTmpl listRun listCommonFiles listTmplFiles=($(cd "${TMPL_PASS_DIR}"; ls -1 env-* | grep -v '~$')) listRunFiles=($(cd "${RUN_PASS_DIR}"; ls -1 env-* | grep -v '~$')) -listCommonFiles=($(comm -3 <(printf "%s\n" ${listTmplFiles[@]}) <(printf "%s\n" ${listRunFiles[@]}))) +listCommonFiles=($(comm -12 <(printf "%s\n" ${listTmplFiles[@]}) <(printf "%s\n" ${listRunFiles[@]}))) for envFile in ${listCommonFiles[@]}; do while : ; do TMPL_FILE="${TMPL_PASS_DIR}/${envFile}" @@ -224,21 +173,19 @@ if [ -n "${missing}" ]; then fi ######################################## -# check env-* in updateDockerPassword.sh -missing=($(for DIR in "${RUN_PASS_DIR}" "${TMPL_PASS_DIR}"; do +# check extention in dockers.env +declare -a missing +unsetted=($(for DIR in "${RUN_PASS_DIR}"; do for envFile in $(ls -1 "${DIR}/"env-* | grep -v '~$'); do val="${envFile#*env-}" varName=$(getVarFormVal "${val}" "${DOCKERS_ENV}") - [ -z "${varName}" ] && continue - prefixe=$(grep "^\s*updateEnv.*${varName}" "${KAZ_BIN_DIR}/updateDockerPassword.sh" | - sed 's/\s*updateEnv[^"]*"\([^"]*\)".*/\1/' | sort -u) - if [ -z "${prefixe}" ]; then - echo "${envFile#*/}_(\${KAZ_KEY_DIR}/env-\${"${varName}"})" + if [ -z "${varName}" ]; then + echo "${val}" fi done done | sort -u)) if [ -n "${missing}" ]; then - echo "missing update in ${GREEN}${BOLD}${KAZ_BIN_DIR}/updateDockerPassword.sh${NC}:${BLUE}${BOLD}" + echo "missing def in ${GREEN}${BOLD}${DOCKERS_ENV}${NC}:${BLUE}${BOLD}" for var in ${missing[@]}; do echo -e "\t${var}" done @@ -246,53 +193,17 @@ if [ -n "${missing}" ]; then read -p "Do you want to add them? [y/n]: " yn case $yn in ""|[Yy]*) - emacs "${KAZ_BIN_DIR}/updateDockerPassword.sh" + emacs "${DOCKERS_ENV}" ;; esac fi -######################################## -# synchronized SetAllPass.sh and env-* -updateEnvFiles () { - # $1 secret dir - DIR=$1 - listRef=($(getVars "${DIR}/SetAllPass.sh")) - missing=($(for envFile in $(ls -1 "${DIR}/"env-* | grep -v '~$'); do - val="${envFile#*env-}" - varName=$(getVarFormVal "${val}" "${DOCKERS_ENV}") - [ -z "${varName}" ] && continue - prefixe=$(grep "^\s*updateEnv.*${varName}" "${KAZ_BIN_DIR}/updateDockerPassword.sh" | - sed 's/\s*updateEnv[^"]*"\([^"]*\)".*/\1/' | sort -u) - [ -z "${prefixe}" ] && continue - listVarsInEnv=($(getVars "${envFile}")) - for var in ${listVarsInEnv[@]}; do - [[ ! " ${listRef[@]} " =~ " ${prefixe}_${var} " ]] && echo "${prefixe}_${var}" - done - # XXX doit exister dans SetAllPass.sh avec le prefixe - done)) - if [ -n "${missing}" ]; then - echo "missing update in ${GREEN}${BOLD}${DIR}/SetAllPass.sh${NC}:${BLUE}${BOLD}" - for var in ${missing[@]}; do - echo -e "\t${var}" - done - echo "${NC}" - read -p "Do you want to add them? [y/n]: " yn - case $yn in - ""|[Yy]*) - emacs "${DIR}/SetAllPass.sh" - ;; - esac - fi -} -updateEnvFiles "${RUN_PASS_DIR}" -updateEnvFiles "${TMPL_PASS_DIR}" -# XXX chercher les variables non utilisées dans les SetAllPass.sh if [ -n "${NEED_GEN}" ]; then while : ; do - read -p "Do you want to generate blank values? [y/n]: " yn + read -p "Do you want to generate missing values? [y/n]: " yn case $yn in ""|[Yy]*) "${KAZ_BIN_DIR}/secretGen.sh" diff --git a/bin/container.sh b/bin/container.sh index 0eea1b9..928cc19 100755 --- a/bin/container.sh +++ b/bin/container.sh @@ -192,7 +192,7 @@ saveComposes () { saveDB ${etherpadDBName} "${etherpadDB_MYSQL_USER}" "${etherpadDB_MYSQL_PASSWORD}" "${etherpadDB_MYSQL_DATABASE}" etherpad mysql ;; framadate) - echo "save date" + echo "save date" . $KAZ_BIN_DIR/getPasswords.sh framadateDB saveDB ${framadateDBName} "${framadateDB_MYSQL_USER}" "${framadateDB_MYSQL_PASSWORD}" "${framadateDB_MYSQL_DATABASE}" framadate mysql ;; @@ -255,6 +255,11 @@ saveComposes () { . $KAZ_KEY_DIR/orgas/$ORGA/env-wpDB saveDB "${ORGA}-DB" "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" "${ORGA}-wordpress" mysql fi + if grep -q "spip:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then + echo " => spip" + . $KAZ_KEY_DIR/orgas/$ORGA/env-spipDB + saveDB "${ORGA}-DB" "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" "${ORGA}-spip" mysql + fi ;; esac done diff --git a/bin/createDBUsers.sh b/bin/createDBUsers.sh index 9bdac1b..8157bd9 100644 --- a/bin/createDBUsers.sh +++ b/bin/createDBUsers.sh @@ -12,27 +12,21 @@ setKazVars # - pour les DB si on déclare un nouveau login, alors les privilèges sont créé mais les anciens pas révoqués . "${DOCKERS_ENV}" -. "${KAZ_KEY_DIR}/SetAllPass.sh" createMysqlUser(){ # $1 = envName # $2 = containerName of DB - . $KAZ_BIN_DIR/getPasswords.sh $1 + . $KAZ_KEY_DIR/env-$1 - rootPass="$1_MYSQL_ROOT_PASSWORD" - dbName="$1_MYSQL_DATABASE" - userName="$1_MYSQL_USER" - userPass="$1_MYSQL_PASSWORD" - # seulement si pas de mdp pour root # pb oeuf et poule (il faudrait les anciennes valeurs) : # * si rootPass change, faire à la main # * si dbName change, faire à la main checkDockerRunning "$2" "$2" || return echo "change DB pass on docker $2" - echo "grant all privileges on ${!dbName}.* to '${!userName}' identified by '${!userPass}';" | \ - docker exec -i $2 bash -c "mysql --user=root --password=${!rootPass}" + echo "grant all privileges on ${MYSQL_DATABASE}.* to '${MYSQL_USER}' identified by '${MYSQL_PASSWORD}';" | \ + docker exec -i $2 bash -c "mysql --user=root --password=${MYSQL_ROOT_PASSWORD}" } diff --git a/bin/getPasswords.sh b/bin/getPasswords.sh index d6ee20f..067122a 100644 --- a/bin/getPasswords.sh +++ b/bin/getPasswords.sh @@ -1,12 +1,15 @@ #!/bin/bash +#Ki: Gael +#Kan: 2025 +#Koi: gestion mots de passe + +KAZ_ROOT=/kaz -KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd) . "${KAZ_ROOT}/bin/.commonFunctions.sh" -PRG=$(basename $0) QUIET=1 usage() { -echo "${PRG} [OPTIONS] [envname ...] +echo "getPasswords.sh [OPTIONS] [envname ...] Récupère les variables d'environnement présentes dans /kaz/secret/env-envname et crée des variables à partir de ces noms là. Les variables sont du type envname_NOMVARIABLE=valeur On peut passer plusieurs fichiers env, à partir du moment ou ils sont tous dans le même répertoire ! @@ -19,13 +22,17 @@ OPTIONS " } +if [ ! -d "${KAZ_KEY_DIR}/tmp" ]; then + mkdir "${KAZ_KEY_DIR}/tmp" +fi + for ARG in "$@"; do if [ -n "${DIRECTORYARG}" ]; then # après un -d SUBDIRECTORY="${ARG}" - DIRECTORYARG= + unset DIRECTORYARG elif [ -n "${ECHOVARARG}" ]; then # après un -e VARTOECHO="${ARG}" - ECHOVARARG= + unset ECHOVARARG QUIET="/dev/null" # pour ne pas avoir d'autres bruits ... else @@ -46,6 +53,11 @@ for ARG in "$@"; do fi done +getVars () { + # $1 : filename + grep "^[^#]*=" $1 | sed 's/\([^=]*\).*/\1/' | sort -u +} + NB_FILES=$(echo "${ENVFILES}" | wc -w ) if [[ $NB_FILES = 0 ]]; then @@ -55,10 +67,10 @@ fi for ENVFILE in $ENVFILES; do FILENAME="$KAZ_KEY_DIR/env-$ENVFILE" - VARNAME="$ENVFILE"_ + VARSUFFIX="$ENVFILE"_ if [ -n "${SUBDIRECTORY}" ]; then FILENAME="$KAZ_KEY_DIR/orgas/$SUBDIRECTORY/env-$ENVFILE" - VARNAME="${SUBDIRECTORY}-${ENVFILE}_" + VARSUFFIX="${SUBDIRECTORY}-${ENVFILE}_" fi if ! [ -f "$FILENAME" ]; then @@ -66,11 +78,17 @@ for ENVFILE in $ENVFILES; do continue fi - # formule magique qui crée des variables envname_NOMVARIABLE=la valeur trouvé (le sed vire les commentaires et les lignes vides) - # on pourrait se contenter d'un "source env-file", mais avec un prefix dans les variables pour savoir ce qu'on manipule c'est bien aussi ... - $SIMU export $(sed -e 's/#.*//' -e '/^\s*$/d' "$FILENAME" | awk -F= -v ENV="$VARNAME" '{output=output" "ENV$1"="$2} END {print output}') + . $FILENAME # on récupère les variables + vars=$(getVars $FILENAME) + for var in $vars; do + $SIMU declare $VARSUFFIX$var=${!var} + unset $var + done + unset FILENAME VARSUFFIX vars done if [ -n "$VARTOECHO" ]; then echo ${!VARTOECHO} fi + +unset ENVFILES KAZ_ROOT SUBDIRECTORY SIMU QUIET NB_FILES VARTOECHO \ No newline at end of file diff --git a/config/orgaTmpl/docker-compose.yml b/config/orgaTmpl/docker-compose.yml index 75c9758..35371b4 100644 --- a/config/orgaTmpl/docker-compose.yml +++ b/config/orgaTmpl/docker-compose.yml @@ -4,7 +4,7 @@ services: #{{db db: image: mariadb:11.4 - container_name: ${orga}DB + container_name: ${orga}-DB #disk_quota: 10G command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW restart: ${restartPolicy} @@ -16,9 +16,9 @@ services: environment: - MARIADB_AUTO_UPGRADE=1 env_file: - - ../../secret/env-${nextcloudDBName} -# - ../../secret/env-${mattermostDBName} - - ../../secret/env-${wordpressDBName} + - ../../secret/orgas/${orga}/env-${nextcloudDBName} +# - ../../secret/orgas/${orga}/env-${mattermostDBName} + - ../../secret/orgas/${orga}/env-${wordpressDBName} networks: - orgaNet healthcheck: # utilisé par init-db.sh pour la créa d'orga @@ -34,7 +34,7 @@ services: #{{cloud cloud: image: nextcloud - container_name: ${orga}${nextcloudServName} + container_name: ${orga}-${nextcloudServName} #disk_quota: 10G restart: ${restartPolicy} networks: @@ -50,8 +50,8 @@ services: - ${smtpServName}:${smtpHost} labels: - "traefik.enable=true" - - "traefik.http.routers.${orga}${nextcloudServName}.rule=Host(`${orga}${cloudHost}.${domain}`){{FOREIGN_NC}}" - - "traefik.http.routers.${orga}${nextcloudServName}.middlewares=nextcloud-redirectregex1@file,nextcloud-redirectregex2@file" + - "traefik.http.routers.${orga}-${nextcloudServName}.rule=Host(`${orga}-${cloudHost}.${domain}`){{FOREIGN_NC}}" + - "traefik.http.routers.${orga}-${nextcloudServName}.middlewares=nextcloud-redirectregex1@file,nextcloud-redirectregex2@file" volumes: - cloudMain:/var/www/html - cloudData:/var/www/html/data @@ -63,10 +63,10 @@ services: - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro env_file: - - ../../secret/env-${nextcloudServName} - - ../../secret/env-${nextcloudDBName} + - ../../secret/orgas/${orga}/env-${nextcloudServName} + - ../../secret/orgas/${orga}/env-${nextcloudDBName} environment: - - NEXTCLOUD_TRUSTED_DOMAINS=${orga}${cloudHost}.${domain} + - NEXTCLOUD_TRUSTED_DOMAINS=${orga}-${cloudHost}.${domain} - SMTP_HOST=${smtpHost} - SMTP_PORT=25 - MAIL_DOMAIN=${domain} @@ -80,7 +80,7 @@ services: - edition=team - PUID=1000 - PGID=1000 - container_name: ${orga}${mattermostServName} + container_name: ${orga}-${mattermostServName} #disk_quota: 10G restart: ${restartPolicy} # memory: 1G @@ -109,20 +109,20 @@ services: - /etc/timezone:/etc/timezone:ro - /etc/environment:/etc/environment:ro env_file: - - ../../secret/env-${mattermostServName} + - ../../secret/orgas/${orga}/env-${mattermostServName} environment: - - VIRTUAL_HOST=${orga}${matterHost}.${domain} + - VIRTUAL_HOST=${orga}-${matterHost}.${domain} # in case your config is not in default location #- MM_CONFIG=/mattermost/config/config.json labels: - "traefik.enable=true" - - "traefik.http.routers.${orga}${mattermostServName}.rule=Host(`${orga}${matterHost}.${domain}`)" + - "traefik.http.routers.${orga}-${mattermostServName}.rule=Host(`${orga}-${matterHost}.${domain}`)" #}} #{{wp wordpress: image: wordpress - container_name: ${orga}${wordpressServName} + container_name: ${orga}-${wordpressServName} restart: ${restartPolicy} networks: - orgaNet @@ -136,17 +136,17 @@ services: external_links: - ${smtpServName}:${smtpHost}.${domain} env_file: - - ../../secret/env-${wordpressServName} + - ../../secret/orgas/${orga}/env-${wordpressServName} environment: - WORDPRESS_SMTP_HOST=${smtpHost}.${domain} - WORDPRESS_SMTP_PORT=25 # - WORDPRESS_SMTP_USERNAME # - WORDPRESS_SMTP_PASSWORD - # - WORDPRESS_SMTP_FROM=${orga} - - WORDPRESS_SMTP_FROM_NAME=${orga} + # - WORDPRESS_SMTP_FROM=${orga}- + - WORDPRESS_SMTP_FROM_NAME=${orga}- labels: - "traefik.enable=true" - - "traefik.http.routers.${orga}${wordpressServName}.rule=Host(`${orga}${wordpressHost}.${domain}`){{FOREIGN_WP}}" + - "traefik.http.routers.${orga}-${wordpressServName}.rule=Host(`${orga}-${wordpressHost}.${domain}`){{FOREIGN_WP}}" volumes: - wordpress:/var/www/html # - ../../config/orgaTmpl/wp:/usr/local/bin/wp:ro @@ -154,12 +154,12 @@ services: #{{wiki dokuwiki: image: mprasil/dokuwiki - container_name: ${orga}${dokuwikiServName} + container_name: ${orga}-${dokuwikiServName} #disk_quota: 10G restart: ${restartPolicy} labels: - "traefik.enable=true" - - "traefik.http.routers.${orga}${dokuwikiServName}.rule=Host(`${orga}${dokuwikiHost}.${domain}`){{FOREIGN_DW}}" + - "traefik.http.routers.${orga}-${dokuwikiServName}.rule=Host(`${orga}-${dokuwikiHost}.${domain}`){{FOREIGN_DW}}" volumes: - wikiData:/dokuwiki/data - wikiConf:/dokuwiki/conf @@ -175,7 +175,7 @@ services: #{{castopod castopod: image: castopod/castopod:latest - container_name: ${orga}${castopodServName} + container_name: ${orga}-${castopodServName} #disk_quota: 10G restart: ${restartPolicy} # memory: 1G @@ -193,27 +193,27 @@ services: volumes: - castopodMedia:/var/www/castopod/public/media environment: - CP_BASEURL: "https://${orga}${castopodHost}.${domain}" + CP_BASEURL: "https://${orga}-${castopodHost}.${domain}" CP_ANALYTICS_SALT: qldsgfliuzrbhgmkjbdbmkvb VIRTUAL_PORT: 8000 CP_CACHE_HANDLER: redis CP_REDIS_HOST: redis CP_DATABASE_HOSTNAME: db env_file: - - ../../secret/env-${castopodServName} - - ../../secret/env-${castopodDBName} + - ../../secret/orgas/${orga}/env-${castopodServName} + - ../../secret/orgas/${orga}/env-${castopodDBName} labels: - "traefik.enable=true" - - "traefik.http.routers.${orga}${castopodServName}.rule=Host(`${orga}${castopodHost}.${domain}`){{FOREIGN_POD}}" + - "traefik.http.routers.${orga}-${castopodServName}.rule=Host(`${orga}-${castopodHost}.${domain}`){{FOREIGN_POD}}" redis: image: redis:7.0-alpine - container_name: ${orga}castopodCache + container_name: ${orga}-castopodCache volumes: - castopodCache:/data networks: - orgaNet env_file: - - ../../secret/env-${castopodServName} + - ../../secret/orgas/${orga}/env-${castopodServName} command: --requirepass ${castopodRedisPassword} #}} #{{spip @@ -225,16 +225,16 @@ services: links: - db env_file: - - ../../secret/env-${spipServName} + - ../../secret/orgas/${orga}/env-${spipServName} environment: - SPIP_AUTO_INSTALL=1 - SPIP_DB_HOST=db - - SPIP_SITE_ADDRESS=https://${orga}${spipHost}.${domain} + - SPIP_SITE_ADDRESS=https://${orga}-${spipHost}.${domain} expose: - 80 labels: - "traefik.enable=true" - - "traefik.http.routers.${orga}${spipServName}.rule=Host(`${orga}${spipHost}.${domain}`){{FOREIGN_SPIP}}" + - "traefik.http.routers.${orga}-${spipServName}.rule=Host(`${orga}-${spipHost}.${domain}`){{FOREIGN_SPIP}}" networks: - orgaNet volumes: @@ -250,84 +250,84 @@ volumes: #{{db orgaDB: external: true - name: orga_${orga}orgaDB + name: orga_${orga}-orgaDB #}} #{{agora matterConfig: external: true - name: orga_${orga}matterConfig + name: orga_${orga}-matterConfig matterData: external: true - name: orga_${orga}matterData + name: orga_${orga}-matterData matterLogs: external: true - name: orga_${orga}matterLogs + name: orga_${orga}-matterLogs matterPlugins: external: true - name: orga_${orga}matterPlugins + name: orga_${orga}-matterPlugins matterClientPlugins: external: true - name: orga_${orga}matterClientPlugins + name: orga_${orga}-matterClientPlugins matterIcons: external: true name: matterIcons #{{cloud cloudMain: external: true - name: orga_${orga}cloudMain + name: orga_${orga}-cloudMain cloudData: external: true - name: orga_${orga}cloudData + name: orga_${orga}-cloudData cloudConfig: external: true - name: orga_${orga}cloudConfig + name: orga_${orga}-cloudConfig cloudApps: external: true - name: orga_${orga}cloudApps + name: orga_${orga}-cloudApps cloudCustomApps: external: true - name: orga_${orga}cloudCustomApps + name: orga_${orga}-cloudCustomApps cloudThemes: external: true - name: orga_${orga}cloudThemes + name: orga_${orga}-cloudThemes cloudPhp: external: true - name: orga_${orga}cloudPhp + name: orga_${orga}-cloudPhp #}} #{{wiki wikiData: external: true - name: orga_${orga}wikiData + name: orga_${orga}-wikiData wikiConf: external: true - name: orga_${orga}wikiConf + name: orga_${orga}-wikiConf wikiPlugins: external: true - name: orga_${orga}wikiPlugins + name: orga_${orga}-wikiPlugins wikiLibtpl: external: true - name: orga_${orga}wikiLibtpl + name: orga_${orga}-wikiLibtpl wikiLogs: external: true - name: orga_${orga}wikiLogs + name: orga_${orga}-wikiLogs #}} #{{wp wordpress: external: true - name: orga_${orga}wordpress + name: orga_${orga}-wordpress #}} #{{castopod castopodMedia: external: true - name: orga_${orga}castopodMedia + name: orga_${orga}-castopodMedia castopodCache: external: true - name: orga_${orga}castopodCache + name: orga_${orga}-castopodCache #}} #{{spip spip: external: true - name: orga_${orga}spip + name: orga_${orga}-spip #}} @@ -335,7 +335,7 @@ volumes: networks: orgaNet: external: true - name: ${orga}orgaNet + name: ${orga}-orgaNet # postfixNet: # external: # name: postfixNet diff --git a/config/orgaTmpl/init-db.sh b/config/orgaTmpl/init-db.sh index c86ff96..c180c74 100755 --- a/config/orgaTmpl/init-db.sh +++ b/config/orgaTmpl/init-db.sh @@ -4,7 +4,6 @@ KAZ_ROOT=$(cd $(dirname $0)/../..; pwd) . "${KAZ_ROOT}/bin/.commonFunctions.sh" setKazVars . "${DOCKERS_ENV}" -. "${KAZ_KEY_DIR}/SetAllPass.sh" cd $(dirname $0) ORGA_DIR="$(basename "$(pwd)")" diff --git a/config/orgaTmpl/orga-gen.sh b/config/orgaTmpl/orga-gen.sh index 3759a52..ca78f4b 100755 --- a/config/orgaTmpl/orga-gen.sh +++ b/config/orgaTmpl/orga-gen.sh @@ -389,7 +389,7 @@ update() { -e "s/{{FOREIGN_DW}}/${FOREIGN_DW}/"\ -e "s/{{FOREIGN_POD}}/${FOREIGN_POD}/"\ -e "s/{{FOREIGN_SPIP}}/${FOREIGN_SPIP}/"\ - -e "s|\${orga}|${ORGA}-|g" + -e "s|\${orga}|${ORGA}|g" ) > "$2" sed "s/storage_opt:.*/storage_opt: ${quota}/g" -i "$2" } @@ -419,6 +419,11 @@ if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then ln -sf ../../config/orgaTmpl/init-db.sh fi +if [ ! -d "${KAZ_KEY_DIR}/orgas/$ORGA/" ]; then + rsync -a "${KAZ_CONF_DIR}/orgaTmpl/secret.tmpl/" "${KAZ_KEY_DIR}/orgas/$ORGA/" + ${KAZ_BIN_DIR}/secretGen.sh -d $ORGA +fi + if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then # ########## update ${DOCKERS_ENV} if ! grep -q "proxy_orga=" .env 2> /dev/null diff --git a/config/orgaTmpl/orga-rm.sh b/config/orgaTmpl/orga-rm.sh index df11806..35a5924 100755 --- a/config/orgaTmpl/orga-rm.sh +++ b/config/orgaTmpl/orga-rm.sh @@ -40,6 +40,8 @@ remove () { sed -i -e "/proxy_${ORGA_FLAG}=/d" "${DOCKERS_ENV}" sed -i -e "/^${ORGA}-orga$/d" "${ORGA_LIST}" rm -fr "${KAZ_COMP_DIR}/${ORGA}-orga" + + rm -fr "${KAZ_KEY_DIR}/orgas/${ORGA}" exit;; [Nn]* ) diff --git a/config/orgaTmpl/secret.tmpl/env-castopodAdmin b/config/orgaTmpl/secret.tmpl/env-castopodAdmin new file mode 100644 index 0000000..1b822a4 --- /dev/null +++ b/config/orgaTmpl/secret.tmpl/env-castopodAdmin @@ -0,0 +1,3 @@ +ADMIN_USER=@@pass@@castopod2@@p@@ +ADMIN_MAIL=admin@@@globalvar@@domain@@gv@@ +ADMIN_PASSWORD=@@pass@@castopod3@@p@@ \ No newline at end of file diff --git a/config/orgaTmpl/secret.tmpl/env-castopodDB b/config/orgaTmpl/secret.tmpl/env-castopodDB new file mode 100644 index 0000000..013e682 --- /dev/null +++ b/config/orgaTmpl/secret.tmpl/env-castopodDB @@ -0,0 +1,4 @@ +MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@ +MYSQL_USER=@@user@@castopod1@@u@@ +MYSQL_PASSWORD=@@pass@@castopod1@@p@@ +MYSQL_DATABASE=@@db@@castopod1@@d@@ \ No newline at end of file diff --git a/config/orgaTmpl/secret.tmpl/env-castopodServ b/config/orgaTmpl/secret.tmpl/env-castopodServ new file mode 100644 index 0000000..52aafc4 --- /dev/null +++ b/config/orgaTmpl/secret.tmpl/env-castopodServ @@ -0,0 +1,7 @@ +CP_EMAIL_SMTP_HOST= +CP_EMAIL_FROM= +CP_EMAIL_SMTP_USERNAME= +CP_EMAIL_SMTP_PASSWORD= +CP_EMAIL_SMTP_PORT= +CP_EMAIL_SMTP_CRYPTO= +CP_REDIS_PASSWORD= diff --git a/config/orgaTmpl/secret.tmpl/env-mattermostDB b/config/orgaTmpl/secret.tmpl/env-mattermostDB new file mode 100644 index 0000000..944893b --- /dev/null +++ b/config/orgaTmpl/secret.tmpl/env-mattermostDB @@ -0,0 +1,9 @@ + +MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@ +MYSQL_DATABASE=@@db@@mattermost@@d@@ +MYSQL_USER=@@user@@mattermost@@u@@ +MYSQL_PASSWORD=@@pass@@mattermost@@p@@ + +POSTGRES_USER=@@user@@mattermost@@u@@ +POSTGRES_PASSWORD=@@pass@@mattermost@@p@@ +POSTGRES_DB=@@db@@mattermost@@d@@ diff --git a/config/orgaTmpl/secret.tmpl/env-mattermostServ b/config/orgaTmpl/secret.tmpl/env-mattermostServ new file mode 100644 index 0000000..76c6b44 --- /dev/null +++ b/config/orgaTmpl/secret.tmpl/env-mattermostServ @@ -0,0 +1,9 @@ + +MM_ADMIN_EMAIL=@@globalvar@@matterHost@@gv@@@@@globalvar@@domain@@gv@@ +MM_ADMIN_USER=@@user@@mattermost2@@u@@ +MM_ADMIN_PASSWORD=@@pass@@mattermost2@@p@@ + + +MM_SQLSETTINGS_DRIVERNAME=postgres +MM_SQLSETTINGS_DATASOURCE=postgres://@@user@@mattermost@@u@@:@@pass@@mattermost@@p@@@postgres:5432/@@db@@mattermost@@d@@?sslmode=disable&connect_timeout=10 + diff --git a/config/orgaTmpl/secret.tmpl/env-nextcloudDB b/config/orgaTmpl/secret.tmpl/env-nextcloudDB new file mode 100644 index 0000000..0084487 --- /dev/null +++ b/config/orgaTmpl/secret.tmpl/env-nextcloudDB @@ -0,0 +1,8 @@ + +MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@ +MYSQL_DATABASE=@@db@@nextcloud@@d@@ +MYSQL_USER=@@user@@nextcloud@@u@@ +MYSQL_PASSWORD=@@pass@@nextcloud@@p@@ + +#NC_MYSQL_USER= +#NC_MYSQL_PASSWORD= diff --git a/config/orgaTmpl/secret.tmpl/env-nextcloudServ b/config/orgaTmpl/secret.tmpl/env-nextcloudServ new file mode 100644 index 0000000..8f8e255 --- /dev/null +++ b/config/orgaTmpl/secret.tmpl/env-nextcloudServ @@ -0,0 +1,5 @@ + +NEXTCLOUD_ADMIN_USER=@@user@@nextcloudadmin@@u@@ +NEXTCLOUD_ADMIN_PASSWORD=@@pass@@nextcloudadmin@@p@@ +MYSQL_HOST=db +RAIN_LOOP=@@pass@@rainloop@@p@@ diff --git a/config/orgaTmpl/secret.tmpl/env-spipDB b/config/orgaTmpl/secret.tmpl/env-spipDB new file mode 100644 index 0000000..9fb0767 --- /dev/null +++ b/config/orgaTmpl/secret.tmpl/env-spipDB @@ -0,0 +1,4 @@ +MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@ +MYSQL_DATABASE=@@db@@spip@@d@@ +MYSQL_USER=@@user@@spip@@u@@ +MYSQL_PASSWORD=@@pass@@spip@@p@@ \ No newline at end of file diff --git a/config/orgaTmpl/secret.tmpl/env-spipServ b/config/orgaTmpl/secret.tmpl/env-spipServ new file mode 100644 index 0000000..2df5105 --- /dev/null +++ b/config/orgaTmpl/secret.tmpl/env-spipServ @@ -0,0 +1,10 @@ +SPIP_AUTO_INSTALL=1 +SPIP_DB_SERVER=mysql +SPIP_DB_NAME=@@db@@spip@@d@@ +SPIP_DB_LOGIN=@@user@@spip@@u@@ +SPIP_DB_PASS=@@pass@@spip@@p@@ +SPIP_ADMIN_NAME=admin +SPIP_ADMIN_LOGIN=@@user@@spipadmin@@u@@ +SPIP_ADMIN_EMAIL=admin@@@globalvar@@domain@@gv@@ +SPIP_ADMIN_PASS=@@pass@@spipadmin@@p@@ +PHP_TIMEZONE=Europe/Paris diff --git a/config/orgaTmpl/secret.tmpl/env-wpDB b/config/orgaTmpl/secret.tmpl/env-wpDB new file mode 100644 index 0000000..83e7c81 --- /dev/null +++ b/config/orgaTmpl/secret.tmpl/env-wpDB @@ -0,0 +1,4 @@ +MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@ +MYSQL_DATABASE=@@db@@wp@@d@@ +MYSQL_USER=@@user@@wp@@u@@ +MYSQL_PASSWORD=@@pass@@wp@@p@@ diff --git a/config/orgaTmpl/secret.tmpl/env-wpServ b/config/orgaTmpl/secret.tmpl/env-wpServ new file mode 100644 index 0000000..6400c9c --- /dev/null +++ b/config/orgaTmpl/secret.tmpl/env-wpServ @@ -0,0 +1,8 @@ +# share with wpDB + +WORDPRESS_DB_HOST=db:3306 +WORDPRESS_ADMIN_USER=@@user@@adminwp@@u@@ +WORDPRESS_ADMIN_PASSWORD=@@pass@@adminwp@@p@@ +WORDPRESS_DB_NAME=@@db@@wp@@d@@ +WORDPRESS_DB_USER=@@user@@wp@@u@@ +WORDPRESS_DB_PASSWORD=@@pass@@wp@@p@@ \ No newline at end of file diff --git a/secret.tmpl/env-ldapServ b/secret.tmpl/env-ldapServ index 8ae6ece..a27058a 100644 --- a/secret.tmpl/env-ldapServ +++ b/secret.tmpl/env-ldapServ @@ -1,9 +1,9 @@ -LDAP_ADMIN_USERNAME="@@user@@ldap@@u@@" -LDAP_ADMIN_PASSWORD="@@pass@@ldap@@p@@" -LDAP_CONFIG_ADMIN_USERNAME="@@user@@ldapconfig@@u@@" -LDAP_CONFIG_ADMIN_PASSWORD="@@pass@@ldapconfig@@p@@" -LDAP_POSTFIX_PASSWORD="@@pass@@ldappostfix@@p@@" -LDAP_LDAPUI_PASSWORD="@@pass@@ldapui@@p@@" -LDAP_MATTERMOST_PASSWORD="@@pass@@ldapmm@@p@@" -LDAP_CLOUD_PASSWORD="@@pass@@ldapcloud@@p@@" -LDAP_MOBILIZON_PASSWORD="@@pass@@ldapmobilizon@@p@@" +LDAP_ADMIN_USERNAME=@@user@@ldap@@u@@ +LDAP_ADMIN_PASSWORD=@@pass@@ldap@@p@@ +LDAP_CONFIG_ADMIN_USERNAME=@@user@@ldapconfig@@u@@ +LDAP_CONFIG_ADMIN_PASSWORD=@@pass@@ldapconfig@@p@@ +LDAP_POSTFIX_PASSWORD=@@pass@@ldappostfix@@p@@ +LDAP_LDAPUI_PASSWORD=@@pass@@ldapui@@p@@ +LDAP_MATTERMOST_PASSWORD=@@pass@@ldapmm@@p@@ +LDAP_CLOUD_PASSWORD=@@pass@@ldapcloud@@p@@ +LDAP_MOBILIZON_PASSWORD=@@pass@@ldapmobilizon@@p@@ diff --git a/secret.tmpl/env-ldapUI b/secret.tmpl/env-ldapUI index 2d68af7..0fdee78 100644 --- a/secret.tmpl/env-ldapUI +++ b/secret.tmpl/env-ldapUI @@ -1,9 +1,9 @@ LDAPUI_URI=ldap://ldap -LDAPUI_BASE_DN="@@globalvar@@ldap_root@@gv@@" +LDAPUI_BASE_DN=@@globalvar@@ldap_root@@gv@@ LDAPUI_REQUIRE_STARTTLS=FALSE LDAPUI_ADMINS_GROUP=admins LDAPUI_ADMIN_BIND_DN=cn=ldapui,ou=applications,@@globalvar@@ldap_root@@gv@@ -LDAPUI_ADMIN_BIND_PWD="@@pass@@ldapui@@p@@" +LDAPUI_ADMIN_BIND_PWD=@@pass@@ldapui@@p@@ LDAPUI_IGNORE_CERT_ERRORS=TRUE -LDAPUI_PASSWORD="@@pass@@ldapuipass@@p@@" -LDAPUI_MM_ADMIN_TOKEN="@@crossvar@@mattermostAdmin_mattermost_token@@cv@@" +LDAPUI_PASSWORD=@@pass@@ldapuipass@@p@@ +LDAPUI_MM_ADMIN_TOKEN=@@crossvar@@mattermostAdmin_mattermost_token@@cv@@ diff --git a/secret.tmpl/env-mail b/secret.tmpl/env-mail index 08a019f..5ce464e 100644 --- a/secret.tmpl/env-mail +++ b/secret.tmpl/env-mail @@ -1,2 +1,2 @@ service_mail=admin@@@globalvar@@domain@@gv@@ -service_password="@@pass@@servicemail@@p@@" \ No newline at end of file +service_password=@@pass@@servicemail@@p@@ \ No newline at end of file diff --git a/secret.tmpl/env-mastodonServ b/secret.tmpl/env-mastodonServ index 7a2763e..7d10624 100644 --- a/secret.tmpl/env-mastodonServ +++ b/secret.tmpl/env-mastodonServ @@ -3,7 +3,7 @@ OTP_SECRET=@@token@@masto-otp@@t@@ ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY= ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT= ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY= -VAPID_PRIVATE_KEY== +VAPID_PRIVATE_KEY= VAPID_PUBLIC_KEY= SMTP_PASSWORD= EMAIL_DOMAIN_ALLOWLIST=