Les orgas + qques changements pour getpasswords.sh

This commit is contained in:
2025-07-31 05:04:29 +02:00
parent 99779a70ff
commit 1f9ccff5b6
23 changed files with 200 additions and 195 deletions

View File

@@ -6,8 +6,6 @@ setKazVars
RUN_PASS_DIR="secret" RUN_PASS_DIR="secret"
TMPL_PASS_DIR="secret.tmpl" TMPL_PASS_DIR="secret.tmpl"
RUN_PASS_FILE="${RUN_PASS_DIR}/SetAllPass.sh"
TMPL_PASS_FILE="${TMPL_PASS_DIR}/SetAllPass.sh"
NEED_GEN= NEED_GEN=
######################################## ########################################
@@ -48,7 +46,12 @@ getVars () {
# get lvalues in script # get lvalues in script
getSettedVars () { getSettedVars () {
# $1 : filename # $1 : filename
grep "^[^#]*=..*" $1 | grep -v '^[^#]*=".*--clean_val--.*"' | grep -v '^[^#]*="${' | sort -u grep -E "^[^=#]*(USER|PASS|TOKEN|DATABASE|ACCOUNT|LOGIN|KEY)[^#]*=..*" ./* | grep -vE '^[^#=]*=.*@@(user|pass|db|token|gv|cv)@@.*' | sort -u
}
getUnsettedVars () {
# $1 : filename
grep -vE '^[^#=]*=.*@@(user|pass|db|token|gv|cv)@@.*' ./* | sort -u
} }
getVarFormVal () { getVarFormVal () {
@@ -57,60 +60,6 @@ getVarFormVal () {
grep "^[^#]*=$1" $2 | sed 's/\s*\([^=]*\).*/\1/' grep "^[^#]*=$1" $2 | sed 's/\s*\([^=]*\).*/\1/'
} }
########################################
# synchronized SetAllPass.sh (find missing lvalues)
updatePassFile () {
# $1 : ref filename
# $2 : target filename
REF_FILE="$1"
TARGET_FILE="$2"
NEED_UPDATE=
while : ; do
declare -a listRef listTarget missing
listRef=($(getVars "${REF_FILE}"))
listTarget=($(getVars "${TARGET_FILE}"))
missing=($(comm -23 <(printf "%s\n" ${listRef[@]}) <(printf "%s\n" ${listTarget[@]})))
if [ -n "${missing}" ]; then
echo "missing vars in ${YELLOW}${BOLD}${TARGET_FILE}${NC}:${RED}${BOLD}" ${missing[@]} "${NC}"
read -p "Do you want to add them? [y/n]: " yn
case $yn in
""|[Yy]*)
emacs "${REF_FILE}" "${TARGET_FILE}"
NEED_UPDATE=true
break
;;
[Nn]*)
break
;;
esac
else
break
fi
done
}
updatePassFile "${TMPL_PASS_FILE}" "${RUN_PASS_FILE}"
[ -n "${NEED_UPDATE}" ] && NEED_GEN=true
updatePassFile "${RUN_PASS_FILE}" "${TMPL_PASS_FILE}"
########################################
# check empty pass in TMPL_PASS_FILE
declare -a settedVars
settedVars=($(getSettedVars "${TMPL_PASS_FILE}"))
if [ -n "${settedVars}" ]; then
echo "unclear password in ${YELLOW}${BOLD}${TMPL_PASS_FILE}${NC}:${BLUE}${BOLD}"
for var in ${settedVars[@]}; do
echo -e "\t${var}"
done
echo "${NC}"
read -p "Do you want to clear them? [y/n]: " yn
case $yn in
""|[Yy]*)
emacs "${TMPL_PASS_FILE}"
;;
esac
fi
######################################## ########################################
# check new files env-* # check new files env-*
@@ -146,7 +95,7 @@ createMissingEnv "${TMPL_PASS_DIR}" "${RUN_PASS_DIR}"
declare -a listTmpl listRun listCommonFiles declare -a listTmpl listRun listCommonFiles
listTmplFiles=($(cd "${TMPL_PASS_DIR}"; ls -1 env-* | grep -v '~$')) listTmplFiles=($(cd "${TMPL_PASS_DIR}"; ls -1 env-* | grep -v '~$'))
listRunFiles=($(cd "${RUN_PASS_DIR}"; ls -1 env-* | grep -v '~$')) listRunFiles=($(cd "${RUN_PASS_DIR}"; ls -1 env-* | grep -v '~$'))
listCommonFiles=($(comm -3 <(printf "%s\n" ${listTmplFiles[@]}) <(printf "%s\n" ${listRunFiles[@]}))) listCommonFiles=($(comm -12 <(printf "%s\n" ${listTmplFiles[@]}) <(printf "%s\n" ${listRunFiles[@]})))
for envFile in ${listCommonFiles[@]}; do for envFile in ${listCommonFiles[@]}; do
while : ; do while : ; do
TMPL_FILE="${TMPL_PASS_DIR}/${envFile}" TMPL_FILE="${TMPL_PASS_DIR}/${envFile}"
@@ -224,21 +173,19 @@ if [ -n "${missing}" ]; then
fi fi
######################################## ########################################
# check env-* in updateDockerPassword.sh # check extention in dockers.env
missing=($(for DIR in "${RUN_PASS_DIR}" "${TMPL_PASS_DIR}"; do declare -a missing
unsetted=($(for DIR in "${RUN_PASS_DIR}"; do
for envFile in $(ls -1 "${DIR}/"env-* | grep -v '~$'); do for envFile in $(ls -1 "${DIR}/"env-* | grep -v '~$'); do
val="${envFile#*env-}" val="${envFile#*env-}"
varName=$(getVarFormVal "${val}" "${DOCKERS_ENV}") varName=$(getVarFormVal "${val}" "${DOCKERS_ENV}")
[ -z "${varName}" ] && continue if [ -z "${varName}" ]; then
prefixe=$(grep "^\s*updateEnv.*${varName}" "${KAZ_BIN_DIR}/updateDockerPassword.sh" | echo "${val}"
sed 's/\s*updateEnv[^"]*"\([^"]*\)".*/\1/' | sort -u)
if [ -z "${prefixe}" ]; then
echo "${envFile#*/}_(\${KAZ_KEY_DIR}/env-\${"${varName}"})"
fi fi
done done
done | sort -u)) done | sort -u))
if [ -n "${missing}" ]; then if [ -n "${missing}" ]; then
echo "missing update in ${GREEN}${BOLD}${KAZ_BIN_DIR}/updateDockerPassword.sh${NC}:${BLUE}${BOLD}" echo "missing def in ${GREEN}${BOLD}${DOCKERS_ENV}${NC}:${BLUE}${BOLD}"
for var in ${missing[@]}; do for var in ${missing[@]}; do
echo -e "\t${var}" echo -e "\t${var}"
done done
@@ -246,53 +193,17 @@ if [ -n "${missing}" ]; then
read -p "Do you want to add them? [y/n]: " yn read -p "Do you want to add them? [y/n]: " yn
case $yn in case $yn in
""|[Yy]*) ""|[Yy]*)
emacs "${KAZ_BIN_DIR}/updateDockerPassword.sh" emacs "${DOCKERS_ENV}"
;; ;;
esac esac
fi fi
########################################
# synchronized SetAllPass.sh and env-*
updateEnvFiles () {
# $1 secret dir
DIR=$1
listRef=($(getVars "${DIR}/SetAllPass.sh"))
missing=($(for envFile in $(ls -1 "${DIR}/"env-* | grep -v '~$'); do
val="${envFile#*env-}"
varName=$(getVarFormVal "${val}" "${DOCKERS_ENV}")
[ -z "${varName}" ] && continue
prefixe=$(grep "^\s*updateEnv.*${varName}" "${KAZ_BIN_DIR}/updateDockerPassword.sh" |
sed 's/\s*updateEnv[^"]*"\([^"]*\)".*/\1/' | sort -u)
[ -z "${prefixe}" ] && continue
listVarsInEnv=($(getVars "${envFile}"))
for var in ${listVarsInEnv[@]}; do
[[ ! " ${listRef[@]} " =~ " ${prefixe}_${var} " ]] && echo "${prefixe}_${var}"
done
# XXX doit exister dans SetAllPass.sh avec le prefixe
done))
if [ -n "${missing}" ]; then
echo "missing update in ${GREEN}${BOLD}${DIR}/SetAllPass.sh${NC}:${BLUE}${BOLD}"
for var in ${missing[@]}; do
echo -e "\t${var}"
done
echo "${NC}"
read -p "Do you want to add them? [y/n]: " yn
case $yn in
""|[Yy]*)
emacs "${DIR}/SetAllPass.sh"
;;
esac
fi
}
updateEnvFiles "${RUN_PASS_DIR}"
updateEnvFiles "${TMPL_PASS_DIR}"
# XXX chercher les variables non utilisées dans les SetAllPass.sh
if [ -n "${NEED_GEN}" ]; then if [ -n "${NEED_GEN}" ]; then
while : ; do while : ; do
read -p "Do you want to generate blank values? [y/n]: " yn read -p "Do you want to generate missing values? [y/n]: " yn
case $yn in case $yn in
""|[Yy]*) ""|[Yy]*)
"${KAZ_BIN_DIR}/secretGen.sh" "${KAZ_BIN_DIR}/secretGen.sh"

View File

@@ -255,6 +255,11 @@ saveComposes () {
. $KAZ_KEY_DIR/orgas/$ORGA/env-wpDB . $KAZ_KEY_DIR/orgas/$ORGA/env-wpDB
saveDB "${ORGA}-DB" "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" "${ORGA}-wordpress" mysql saveDB "${ORGA}-DB" "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" "${ORGA}-wordpress" mysql
fi fi
if grep -q "spip:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then
echo " => spip"
. $KAZ_KEY_DIR/orgas/$ORGA/env-spipDB
saveDB "${ORGA}-DB" "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" "${ORGA}-spip" mysql
fi
;; ;;
esac esac
done done

View File

@@ -12,18 +12,12 @@ setKazVars
# - pour les DB si on déclare un nouveau login, alors les privilèges sont créé mais les anciens pas révoqués # - pour les DB si on déclare un nouveau login, alors les privilèges sont créé mais les anciens pas révoqués
. "${DOCKERS_ENV}" . "${DOCKERS_ENV}"
. "${KAZ_KEY_DIR}/SetAllPass.sh"
createMysqlUser(){ createMysqlUser(){
# $1 = envName # $1 = envName
# $2 = containerName of DB # $2 = containerName of DB
. $KAZ_BIN_DIR/getPasswords.sh $1 . $KAZ_KEY_DIR/env-$1
rootPass="$1_MYSQL_ROOT_PASSWORD"
dbName="$1_MYSQL_DATABASE"
userName="$1_MYSQL_USER"
userPass="$1_MYSQL_PASSWORD"
# seulement si pas de mdp pour root # seulement si pas de mdp pour root
# pb oeuf et poule (il faudrait les anciennes valeurs) : # pb oeuf et poule (il faudrait les anciennes valeurs) :
@@ -31,8 +25,8 @@ createMysqlUser(){
# * si dbName change, faire à la main # * si dbName change, faire à la main
checkDockerRunning "$2" "$2" || return checkDockerRunning "$2" "$2" || return
echo "change DB pass on docker $2" echo "change DB pass on docker $2"
echo "grant all privileges on ${!dbName}.* to '${!userName}' identified by '${!userPass}';" | \ echo "grant all privileges on ${MYSQL_DATABASE}.* to '${MYSQL_USER}' identified by '${MYSQL_PASSWORD}';" | \
docker exec -i $2 bash -c "mysql --user=root --password=${!rootPass}" docker exec -i $2 bash -c "mysql --user=root --password=${MYSQL_ROOT_PASSWORD}"
} }

View File

@@ -1,12 +1,15 @@
#!/bin/bash #!/bin/bash
#Ki: Gael
#Kan: 2025
#Koi: gestion mots de passe
KAZ_ROOT=/kaz
KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh" . "${KAZ_ROOT}/bin/.commonFunctions.sh"
PRG=$(basename $0)
QUIET=1 QUIET=1
usage() { usage() {
echo "${PRG} [OPTIONS] [envname ...] echo "getPasswords.sh [OPTIONS] [envname ...]
Récupère les variables d'environnement présentes dans /kaz/secret/env-envname et crée des variables à partir de ces noms là. Récupère les variables d'environnement présentes dans /kaz/secret/env-envname et crée des variables à partir de ces noms là.
Les variables sont du type envname_NOMVARIABLE=valeur Les variables sont du type envname_NOMVARIABLE=valeur
On peut passer plusieurs fichiers env, à partir du moment ou ils sont tous dans le même répertoire ! On peut passer plusieurs fichiers env, à partir du moment ou ils sont tous dans le même répertoire !
@@ -19,13 +22,17 @@ OPTIONS
" "
} }
if [ ! -d "${KAZ_KEY_DIR}/tmp" ]; then
mkdir "${KAZ_KEY_DIR}/tmp"
fi
for ARG in "$@"; do for ARG in "$@"; do
if [ -n "${DIRECTORYARG}" ]; then # après un -d if [ -n "${DIRECTORYARG}" ]; then # après un -d
SUBDIRECTORY="${ARG}" SUBDIRECTORY="${ARG}"
DIRECTORYARG= unset DIRECTORYARG
elif [ -n "${ECHOVARARG}" ]; then # après un -e elif [ -n "${ECHOVARARG}" ]; then # après un -e
VARTOECHO="${ARG}" VARTOECHO="${ARG}"
ECHOVARARG= unset ECHOVARARG
QUIET="/dev/null" # pour ne pas avoir d'autres bruits ... QUIET="/dev/null" # pour ne pas avoir d'autres bruits ...
else else
@@ -46,6 +53,11 @@ for ARG in "$@"; do
fi fi
done done
getVars () {
# $1 : filename
grep "^[^#]*=" $1 | sed 's/\([^=]*\).*/\1/' | sort -u
}
NB_FILES=$(echo "${ENVFILES}" | wc -w ) NB_FILES=$(echo "${ENVFILES}" | wc -w )
if [[ $NB_FILES = 0 ]]; then if [[ $NB_FILES = 0 ]]; then
@@ -55,10 +67,10 @@ fi
for ENVFILE in $ENVFILES; do for ENVFILE in $ENVFILES; do
FILENAME="$KAZ_KEY_DIR/env-$ENVFILE" FILENAME="$KAZ_KEY_DIR/env-$ENVFILE"
VARNAME="$ENVFILE"_ VARSUFFIX="$ENVFILE"_
if [ -n "${SUBDIRECTORY}" ]; then if [ -n "${SUBDIRECTORY}" ]; then
FILENAME="$KAZ_KEY_DIR/orgas/$SUBDIRECTORY/env-$ENVFILE" FILENAME="$KAZ_KEY_DIR/orgas/$SUBDIRECTORY/env-$ENVFILE"
VARNAME="${SUBDIRECTORY}-${ENVFILE}_" VARSUFFIX="${SUBDIRECTORY}-${ENVFILE}_"
fi fi
if ! [ -f "$FILENAME" ]; then if ! [ -f "$FILENAME" ]; then
@@ -66,11 +78,17 @@ for ENVFILE in $ENVFILES; do
continue continue
fi fi
# formule magique qui crée des variables envname_NOMVARIABLE=la valeur trouvé (le sed vire les commentaires et les lignes vides) . $FILENAME # on récupère les variables
# on pourrait se contenter d'un "source env-file", mais avec un prefix dans les variables pour savoir ce qu'on manipule c'est bien aussi ... vars=$(getVars $FILENAME)
$SIMU export $(sed -e 's/#.*//' -e '/^\s*$/d' "$FILENAME" | awk -F= -v ENV="$VARNAME" '{output=output" "ENV$1"="$2} END {print output}') for var in $vars; do
$SIMU declare $VARSUFFIX$var=${!var}
unset $var
done
unset FILENAME VARSUFFIX vars
done done
if [ -n "$VARTOECHO" ]; then if [ -n "$VARTOECHO" ]; then
echo ${!VARTOECHO} echo ${!VARTOECHO}
fi fi
unset ENVFILES KAZ_ROOT SUBDIRECTORY SIMU QUIET NB_FILES VARTOECHO

View File

@@ -4,7 +4,7 @@ services:
#{{db #{{db
db: db:
image: mariadb:11.4 image: mariadb:11.4
container_name: ${orga}DB container_name: ${orga}-DB
#disk_quota: 10G #disk_quota: 10G
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
restart: ${restartPolicy} restart: ${restartPolicy}
@@ -16,9 +16,9 @@ services:
environment: environment:
- MARIADB_AUTO_UPGRADE=1 - MARIADB_AUTO_UPGRADE=1
env_file: env_file:
- ../../secret/env-${nextcloudDBName} - ../../secret/orgas/${orga}/env-${nextcloudDBName}
# - ../../secret/env-${mattermostDBName} # - ../../secret/orgas/${orga}/env-${mattermostDBName}
- ../../secret/env-${wordpressDBName} - ../../secret/orgas/${orga}/env-${wordpressDBName}
networks: networks:
- orgaNet - orgaNet
healthcheck: # utilisé par init-db.sh pour la créa d'orga healthcheck: # utilisé par init-db.sh pour la créa d'orga
@@ -34,7 +34,7 @@ services:
#{{cloud #{{cloud
cloud: cloud:
image: nextcloud image: nextcloud
container_name: ${orga}${nextcloudServName} container_name: ${orga}-${nextcloudServName}
#disk_quota: 10G #disk_quota: 10G
restart: ${restartPolicy} restart: ${restartPolicy}
networks: networks:
@@ -50,8 +50,8 @@ services:
- ${smtpServName}:${smtpHost} - ${smtpServName}:${smtpHost}
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.${orga}${nextcloudServName}.rule=Host(`${orga}${cloudHost}.${domain}`){{FOREIGN_NC}}" - "traefik.http.routers.${orga}-${nextcloudServName}.rule=Host(`${orga}-${cloudHost}.${domain}`){{FOREIGN_NC}}"
- "traefik.http.routers.${orga}${nextcloudServName}.middlewares=nextcloud-redirectregex1@file,nextcloud-redirectregex2@file" - "traefik.http.routers.${orga}-${nextcloudServName}.middlewares=nextcloud-redirectregex1@file,nextcloud-redirectregex2@file"
volumes: volumes:
- cloudMain:/var/www/html - cloudMain:/var/www/html
- cloudData:/var/www/html/data - cloudData:/var/www/html/data
@@ -63,10 +63,10 @@ services:
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro
env_file: env_file:
- ../../secret/env-${nextcloudServName} - ../../secret/orgas/${orga}/env-${nextcloudServName}
- ../../secret/env-${nextcloudDBName} - ../../secret/orgas/${orga}/env-${nextcloudDBName}
environment: environment:
- NEXTCLOUD_TRUSTED_DOMAINS=${orga}${cloudHost}.${domain} - NEXTCLOUD_TRUSTED_DOMAINS=${orga}-${cloudHost}.${domain}
- SMTP_HOST=${smtpHost} - SMTP_HOST=${smtpHost}
- SMTP_PORT=25 - SMTP_PORT=25
- MAIL_DOMAIN=${domain} - MAIL_DOMAIN=${domain}
@@ -80,7 +80,7 @@ services:
- edition=team - edition=team
- PUID=1000 - PUID=1000
- PGID=1000 - PGID=1000
container_name: ${orga}${mattermostServName} container_name: ${orga}-${mattermostServName}
#disk_quota: 10G #disk_quota: 10G
restart: ${restartPolicy} restart: ${restartPolicy}
# memory: 1G # memory: 1G
@@ -109,20 +109,20 @@ services:
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro
- /etc/environment:/etc/environment:ro - /etc/environment:/etc/environment:ro
env_file: env_file:
- ../../secret/env-${mattermostServName} - ../../secret/orgas/${orga}/env-${mattermostServName}
environment: environment:
- VIRTUAL_HOST=${orga}${matterHost}.${domain} - VIRTUAL_HOST=${orga}-${matterHost}.${domain}
# in case your config is not in default location # in case your config is not in default location
#- MM_CONFIG=/mattermost/config/config.json #- MM_CONFIG=/mattermost/config/config.json
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.${orga}${mattermostServName}.rule=Host(`${orga}${matterHost}.${domain}`)" - "traefik.http.routers.${orga}-${mattermostServName}.rule=Host(`${orga}-${matterHost}.${domain}`)"
#}} #}}
#{{wp #{{wp
wordpress: wordpress:
image: wordpress image: wordpress
container_name: ${orga}${wordpressServName} container_name: ${orga}-${wordpressServName}
restart: ${restartPolicy} restart: ${restartPolicy}
networks: networks:
- orgaNet - orgaNet
@@ -136,17 +136,17 @@ services:
external_links: external_links:
- ${smtpServName}:${smtpHost}.${domain} - ${smtpServName}:${smtpHost}.${domain}
env_file: env_file:
- ../../secret/env-${wordpressServName} - ../../secret/orgas/${orga}/env-${wordpressServName}
environment: environment:
- WORDPRESS_SMTP_HOST=${smtpHost}.${domain} - WORDPRESS_SMTP_HOST=${smtpHost}.${domain}
- WORDPRESS_SMTP_PORT=25 - WORDPRESS_SMTP_PORT=25
# - WORDPRESS_SMTP_USERNAME # - WORDPRESS_SMTP_USERNAME
# - WORDPRESS_SMTP_PASSWORD # - WORDPRESS_SMTP_PASSWORD
# - WORDPRESS_SMTP_FROM=${orga} # - WORDPRESS_SMTP_FROM=${orga}-
- WORDPRESS_SMTP_FROM_NAME=${orga} - WORDPRESS_SMTP_FROM_NAME=${orga}-
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.${orga}${wordpressServName}.rule=Host(`${orga}${wordpressHost}.${domain}`){{FOREIGN_WP}}" - "traefik.http.routers.${orga}-${wordpressServName}.rule=Host(`${orga}-${wordpressHost}.${domain}`){{FOREIGN_WP}}"
volumes: volumes:
- wordpress:/var/www/html - wordpress:/var/www/html
# - ../../config/orgaTmpl/wp:/usr/local/bin/wp:ro # - ../../config/orgaTmpl/wp:/usr/local/bin/wp:ro
@@ -154,12 +154,12 @@ services:
#{{wiki #{{wiki
dokuwiki: dokuwiki:
image: mprasil/dokuwiki image: mprasil/dokuwiki
container_name: ${orga}${dokuwikiServName} container_name: ${orga}-${dokuwikiServName}
#disk_quota: 10G #disk_quota: 10G
restart: ${restartPolicy} restart: ${restartPolicy}
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.${orga}${dokuwikiServName}.rule=Host(`${orga}${dokuwikiHost}.${domain}`){{FOREIGN_DW}}" - "traefik.http.routers.${orga}-${dokuwikiServName}.rule=Host(`${orga}-${dokuwikiHost}.${domain}`){{FOREIGN_DW}}"
volumes: volumes:
- wikiData:/dokuwiki/data - wikiData:/dokuwiki/data
- wikiConf:/dokuwiki/conf - wikiConf:/dokuwiki/conf
@@ -175,7 +175,7 @@ services:
#{{castopod #{{castopod
castopod: castopod:
image: castopod/castopod:latest image: castopod/castopod:latest
container_name: ${orga}${castopodServName} container_name: ${orga}-${castopodServName}
#disk_quota: 10G #disk_quota: 10G
restart: ${restartPolicy} restart: ${restartPolicy}
# memory: 1G # memory: 1G
@@ -193,27 +193,27 @@ services:
volumes: volumes:
- castopodMedia:/var/www/castopod/public/media - castopodMedia:/var/www/castopod/public/media
environment: environment:
CP_BASEURL: "https://${orga}${castopodHost}.${domain}" CP_BASEURL: "https://${orga}-${castopodHost}.${domain}"
CP_ANALYTICS_SALT: qldsgfliuzrbhgmkjbdbmkvb CP_ANALYTICS_SALT: qldsgfliuzrbhgmkjbdbmkvb
VIRTUAL_PORT: 8000 VIRTUAL_PORT: 8000
CP_CACHE_HANDLER: redis CP_CACHE_HANDLER: redis
CP_REDIS_HOST: redis CP_REDIS_HOST: redis
CP_DATABASE_HOSTNAME: db CP_DATABASE_HOSTNAME: db
env_file: env_file:
- ../../secret/env-${castopodServName} - ../../secret/orgas/${orga}/env-${castopodServName}
- ../../secret/env-${castopodDBName} - ../../secret/orgas/${orga}/env-${castopodDBName}
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.${orga}${castopodServName}.rule=Host(`${orga}${castopodHost}.${domain}`){{FOREIGN_POD}}" - "traefik.http.routers.${orga}-${castopodServName}.rule=Host(`${orga}-${castopodHost}.${domain}`){{FOREIGN_POD}}"
redis: redis:
image: redis:7.0-alpine image: redis:7.0-alpine
container_name: ${orga}castopodCache container_name: ${orga}-castopodCache
volumes: volumes:
- castopodCache:/data - castopodCache:/data
networks: networks:
- orgaNet - orgaNet
env_file: env_file:
- ../../secret/env-${castopodServName} - ../../secret/orgas/${orga}/env-${castopodServName}
command: --requirepass ${castopodRedisPassword} command: --requirepass ${castopodRedisPassword}
#}} #}}
#{{spip #{{spip
@@ -225,16 +225,16 @@ services:
links: links:
- db - db
env_file: env_file:
- ../../secret/env-${spipServName} - ../../secret/orgas/${orga}/env-${spipServName}
environment: environment:
- SPIP_AUTO_INSTALL=1 - SPIP_AUTO_INSTALL=1
- SPIP_DB_HOST=db - SPIP_DB_HOST=db
- SPIP_SITE_ADDRESS=https://${orga}${spipHost}.${domain} - SPIP_SITE_ADDRESS=https://${orga}-${spipHost}.${domain}
expose: expose:
- 80 - 80
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.${orga}${spipServName}.rule=Host(`${orga}${spipHost}.${domain}`){{FOREIGN_SPIP}}" - "traefik.http.routers.${orga}-${spipServName}.rule=Host(`${orga}-${spipHost}.${domain}`){{FOREIGN_SPIP}}"
networks: networks:
- orgaNet - orgaNet
volumes: volumes:
@@ -250,84 +250,84 @@ volumes:
#{{db #{{db
orgaDB: orgaDB:
external: true external: true
name: orga_${orga}orgaDB name: orga_${orga}-orgaDB
#}} #}}
#{{agora #{{agora
matterConfig: matterConfig:
external: true external: true
name: orga_${orga}matterConfig name: orga_${orga}-matterConfig
matterData: matterData:
external: true external: true
name: orga_${orga}matterData name: orga_${orga}-matterData
matterLogs: matterLogs:
external: true external: true
name: orga_${orga}matterLogs name: orga_${orga}-matterLogs
matterPlugins: matterPlugins:
external: true external: true
name: orga_${orga}matterPlugins name: orga_${orga}-matterPlugins
matterClientPlugins: matterClientPlugins:
external: true external: true
name: orga_${orga}matterClientPlugins name: orga_${orga}-matterClientPlugins
matterIcons: matterIcons:
external: true external: true
name: matterIcons name: matterIcons
#{{cloud #{{cloud
cloudMain: cloudMain:
external: true external: true
name: orga_${orga}cloudMain name: orga_${orga}-cloudMain
cloudData: cloudData:
external: true external: true
name: orga_${orga}cloudData name: orga_${orga}-cloudData
cloudConfig: cloudConfig:
external: true external: true
name: orga_${orga}cloudConfig name: orga_${orga}-cloudConfig
cloudApps: cloudApps:
external: true external: true
name: orga_${orga}cloudApps name: orga_${orga}-cloudApps
cloudCustomApps: cloudCustomApps:
external: true external: true
name: orga_${orga}cloudCustomApps name: orga_${orga}-cloudCustomApps
cloudThemes: cloudThemes:
external: true external: true
name: orga_${orga}cloudThemes name: orga_${orga}-cloudThemes
cloudPhp: cloudPhp:
external: true external: true
name: orga_${orga}cloudPhp name: orga_${orga}-cloudPhp
#}} #}}
#{{wiki #{{wiki
wikiData: wikiData:
external: true external: true
name: orga_${orga}wikiData name: orga_${orga}-wikiData
wikiConf: wikiConf:
external: true external: true
name: orga_${orga}wikiConf name: orga_${orga}-wikiConf
wikiPlugins: wikiPlugins:
external: true external: true
name: orga_${orga}wikiPlugins name: orga_${orga}-wikiPlugins
wikiLibtpl: wikiLibtpl:
external: true external: true
name: orga_${orga}wikiLibtpl name: orga_${orga}-wikiLibtpl
wikiLogs: wikiLogs:
external: true external: true
name: orga_${orga}wikiLogs name: orga_${orga}-wikiLogs
#}} #}}
#{{wp #{{wp
wordpress: wordpress:
external: true external: true
name: orga_${orga}wordpress name: orga_${orga}-wordpress
#}} #}}
#{{castopod #{{castopod
castopodMedia: castopodMedia:
external: true external: true
name: orga_${orga}castopodMedia name: orga_${orga}-castopodMedia
castopodCache: castopodCache:
external: true external: true
name: orga_${orga}castopodCache name: orga_${orga}-castopodCache
#}} #}}
#{{spip #{{spip
spip: spip:
external: true external: true
name: orga_${orga}spip name: orga_${orga}-spip
#}} #}}
@@ -335,7 +335,7 @@ volumes:
networks: networks:
orgaNet: orgaNet:
external: true external: true
name: ${orga}orgaNet name: ${orga}-orgaNet
# postfixNet: # postfixNet:
# external: # external:
# name: postfixNet # name: postfixNet

View File

@@ -4,7 +4,6 @@ KAZ_ROOT=$(cd $(dirname $0)/../..; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh" . "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars setKazVars
. "${DOCKERS_ENV}" . "${DOCKERS_ENV}"
. "${KAZ_KEY_DIR}/SetAllPass.sh"
cd $(dirname $0) cd $(dirname $0)
ORGA_DIR="$(basename "$(pwd)")" ORGA_DIR="$(basename "$(pwd)")"

View File

@@ -389,7 +389,7 @@ update() {
-e "s/{{FOREIGN_DW}}/${FOREIGN_DW}/"\ -e "s/{{FOREIGN_DW}}/${FOREIGN_DW}/"\
-e "s/{{FOREIGN_POD}}/${FOREIGN_POD}/"\ -e "s/{{FOREIGN_POD}}/${FOREIGN_POD}/"\
-e "s/{{FOREIGN_SPIP}}/${FOREIGN_SPIP}/"\ -e "s/{{FOREIGN_SPIP}}/${FOREIGN_SPIP}/"\
-e "s|\${orga}|${ORGA}-|g" -e "s|\${orga}|${ORGA}|g"
) > "$2" ) > "$2"
sed "s/storage_opt:.*/storage_opt: ${quota}/g" -i "$2" sed "s/storage_opt:.*/storage_opt: ${quota}/g" -i "$2"
} }
@@ -419,6 +419,11 @@ if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then
ln -sf ../../config/orgaTmpl/init-db.sh ln -sf ../../config/orgaTmpl/init-db.sh
fi fi
if [ ! -d "${KAZ_KEY_DIR}/orgas/$ORGA/" ]; then
rsync -a "${KAZ_CONF_DIR}/orgaTmpl/secret.tmpl/" "${KAZ_KEY_DIR}/orgas/$ORGA/"
${KAZ_BIN_DIR}/secretGen.sh -d $ORGA
fi
if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then
# ########## update ${DOCKERS_ENV} # ########## update ${DOCKERS_ENV}
if ! grep -q "proxy_orga=" .env 2> /dev/null if ! grep -q "proxy_orga=" .env 2> /dev/null

View File

@@ -40,6 +40,8 @@ remove () {
sed -i -e "/proxy_${ORGA_FLAG}=/d" "${DOCKERS_ENV}" sed -i -e "/proxy_${ORGA_FLAG}=/d" "${DOCKERS_ENV}"
sed -i -e "/^${ORGA}-orga$/d" "${ORGA_LIST}" sed -i -e "/^${ORGA}-orga$/d" "${ORGA_LIST}"
rm -fr "${KAZ_COMP_DIR}/${ORGA}-orga" rm -fr "${KAZ_COMP_DIR}/${ORGA}-orga"
rm -fr "${KAZ_KEY_DIR}/orgas/${ORGA}"
exit;; exit;;
[Nn]* ) [Nn]* )

View File

@@ -0,0 +1,3 @@
ADMIN_USER=@@pass@@castopod2@@p@@
ADMIN_MAIL=admin@@@globalvar@@domain@@gv@@
ADMIN_PASSWORD=@@pass@@castopod3@@p@@

View File

@@ -0,0 +1,4 @@
MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
MYSQL_USER=@@user@@castopod1@@u@@
MYSQL_PASSWORD=@@pass@@castopod1@@p@@
MYSQL_DATABASE=@@db@@castopod1@@d@@

View File

@@ -0,0 +1,7 @@
CP_EMAIL_SMTP_HOST=
CP_EMAIL_FROM=
CP_EMAIL_SMTP_USERNAME=
CP_EMAIL_SMTP_PASSWORD=
CP_EMAIL_SMTP_PORT=
CP_EMAIL_SMTP_CRYPTO=
CP_REDIS_PASSWORD=

View File

@@ -0,0 +1,9 @@
MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
MYSQL_DATABASE=@@db@@mattermost@@d@@
MYSQL_USER=@@user@@mattermost@@u@@
MYSQL_PASSWORD=@@pass@@mattermost@@p@@
POSTGRES_USER=@@user@@mattermost@@u@@
POSTGRES_PASSWORD=@@pass@@mattermost@@p@@
POSTGRES_DB=@@db@@mattermost@@d@@

View File

@@ -0,0 +1,9 @@
MM_ADMIN_EMAIL=@@globalvar@@matterHost@@gv@@@@@globalvar@@domain@@gv@@
MM_ADMIN_USER=@@user@@mattermost2@@u@@
MM_ADMIN_PASSWORD=@@pass@@mattermost2@@p@@
MM_SQLSETTINGS_DRIVERNAME=postgres
MM_SQLSETTINGS_DATASOURCE=postgres://@@user@@mattermost@@u@@:@@pass@@mattermost@@p@@@postgres:5432/@@db@@mattermost@@d@@?sslmode=disable&connect_timeout=10

View File

@@ -0,0 +1,8 @@
MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
MYSQL_DATABASE=@@db@@nextcloud@@d@@
MYSQL_USER=@@user@@nextcloud@@u@@
MYSQL_PASSWORD=@@pass@@nextcloud@@p@@
#NC_MYSQL_USER=
#NC_MYSQL_PASSWORD=

View File

@@ -0,0 +1,5 @@
NEXTCLOUD_ADMIN_USER=@@user@@nextcloudadmin@@u@@
NEXTCLOUD_ADMIN_PASSWORD=@@pass@@nextcloudadmin@@p@@
MYSQL_HOST=db
RAIN_LOOP=@@pass@@rainloop@@p@@

View File

@@ -0,0 +1,4 @@
MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
MYSQL_DATABASE=@@db@@spip@@d@@
MYSQL_USER=@@user@@spip@@u@@
MYSQL_PASSWORD=@@pass@@spip@@p@@

View File

@@ -0,0 +1,10 @@
SPIP_AUTO_INSTALL=1
SPIP_DB_SERVER=mysql
SPIP_DB_NAME=@@db@@spip@@d@@
SPIP_DB_LOGIN=@@user@@spip@@u@@
SPIP_DB_PASS=@@pass@@spip@@p@@
SPIP_ADMIN_NAME=admin
SPIP_ADMIN_LOGIN=@@user@@spipadmin@@u@@
SPIP_ADMIN_EMAIL=admin@@@globalvar@@domain@@gv@@
SPIP_ADMIN_PASS=@@pass@@spipadmin@@p@@
PHP_TIMEZONE=Europe/Paris

View File

@@ -0,0 +1,4 @@
MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
MYSQL_DATABASE=@@db@@wp@@d@@
MYSQL_USER=@@user@@wp@@u@@
MYSQL_PASSWORD=@@pass@@wp@@p@@

View File

@@ -0,0 +1,8 @@
# share with wpDB
WORDPRESS_DB_HOST=db:3306
WORDPRESS_ADMIN_USER=@@user@@adminwp@@u@@
WORDPRESS_ADMIN_PASSWORD=@@pass@@adminwp@@p@@
WORDPRESS_DB_NAME=@@db@@wp@@d@@
WORDPRESS_DB_USER=@@user@@wp@@u@@
WORDPRESS_DB_PASSWORD=@@pass@@wp@@p@@

View File

@@ -1,9 +1,9 @@
LDAP_ADMIN_USERNAME="@@user@@ldap@@u@@" LDAP_ADMIN_USERNAME=@@user@@ldap@@u@@
LDAP_ADMIN_PASSWORD="@@pass@@ldap@@p@@" LDAP_ADMIN_PASSWORD=@@pass@@ldap@@p@@
LDAP_CONFIG_ADMIN_USERNAME="@@user@@ldapconfig@@u@@" LDAP_CONFIG_ADMIN_USERNAME=@@user@@ldapconfig@@u@@
LDAP_CONFIG_ADMIN_PASSWORD="@@pass@@ldapconfig@@p@@" LDAP_CONFIG_ADMIN_PASSWORD=@@pass@@ldapconfig@@p@@
LDAP_POSTFIX_PASSWORD="@@pass@@ldappostfix@@p@@" LDAP_POSTFIX_PASSWORD=@@pass@@ldappostfix@@p@@
LDAP_LDAPUI_PASSWORD="@@pass@@ldapui@@p@@" LDAP_LDAPUI_PASSWORD=@@pass@@ldapui@@p@@
LDAP_MATTERMOST_PASSWORD="@@pass@@ldapmm@@p@@" LDAP_MATTERMOST_PASSWORD=@@pass@@ldapmm@@p@@
LDAP_CLOUD_PASSWORD="@@pass@@ldapcloud@@p@@" LDAP_CLOUD_PASSWORD=@@pass@@ldapcloud@@p@@
LDAP_MOBILIZON_PASSWORD="@@pass@@ldapmobilizon@@p@@" LDAP_MOBILIZON_PASSWORD=@@pass@@ldapmobilizon@@p@@

View File

@@ -1,9 +1,9 @@
LDAPUI_URI=ldap://ldap LDAPUI_URI=ldap://ldap
LDAPUI_BASE_DN="@@globalvar@@ldap_root@@gv@@" LDAPUI_BASE_DN=@@globalvar@@ldap_root@@gv@@
LDAPUI_REQUIRE_STARTTLS=FALSE LDAPUI_REQUIRE_STARTTLS=FALSE
LDAPUI_ADMINS_GROUP=admins LDAPUI_ADMINS_GROUP=admins
LDAPUI_ADMIN_BIND_DN=cn=ldapui,ou=applications,@@globalvar@@ldap_root@@gv@@ LDAPUI_ADMIN_BIND_DN=cn=ldapui,ou=applications,@@globalvar@@ldap_root@@gv@@
LDAPUI_ADMIN_BIND_PWD="@@pass@@ldapui@@p@@" LDAPUI_ADMIN_BIND_PWD=@@pass@@ldapui@@p@@
LDAPUI_IGNORE_CERT_ERRORS=TRUE LDAPUI_IGNORE_CERT_ERRORS=TRUE
LDAPUI_PASSWORD="@@pass@@ldapuipass@@p@@" LDAPUI_PASSWORD=@@pass@@ldapuipass@@p@@
LDAPUI_MM_ADMIN_TOKEN="@@crossvar@@mattermostAdmin_mattermost_token@@cv@@" LDAPUI_MM_ADMIN_TOKEN=@@crossvar@@mattermostAdmin_mattermost_token@@cv@@

View File

@@ -1,2 +1,2 @@
service_mail=admin@@@globalvar@@domain@@gv@@ service_mail=admin@@@globalvar@@domain@@gv@@
service_password="@@pass@@servicemail@@p@@" service_password=@@pass@@servicemail@@p@@

View File

@@ -3,7 +3,7 @@ OTP_SECRET=@@token@@masto-otp@@t@@
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY= ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT= ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY= ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=
VAPID_PRIVATE_KEY== VAPID_PRIVATE_KEY=
VAPID_PUBLIC_KEY= VAPID_PUBLIC_KEY=
SMTP_PASSWORD= SMTP_PASSWORD=
EMAIL_DOMAIN_ALLOWLIST= EMAIL_DOMAIN_ALLOWLIST=