Les orgas + qques changements pour getpasswords.sh

bin/checkEnvFiles.sh

@@ -6,8 +6,6 @@ setKazVars
 
 RUN_PASS_DIR="secret"
 TMPL_PASS_DIR="secret.tmpl"
-RUN_PASS_FILE="${RUN_PASS_DIR}/SetAllPass.sh"
-TMPL_PASS_FILE="${TMPL_PASS_DIR}/SetAllPass.sh"
 NEED_GEN=
 
 ########################################
@@ -48,7 +46,12 @@ getVars () {
 # get lvalues in script
 getSettedVars () {
     # $1 : filename
-    grep "^[^#]*=..*" $1 | grep -v '^[^#]*=".*--clean_val--.*"' | grep -v '^[^#]*="${' | sort -u
+	grep -E "^[^=#]*(USER|PASS|TOKEN|DATABASE|ACCOUNT|LOGIN|KEY)[^#]*=..*" ./* |  grep -vE '^[^#=]*=.*@@(user|pass|db|token|gv|cv)@@.*' | sort -u
+}
+
+getUnsettedVars () {
+    # $1 : filename
+	grep -vE '^[^#=]*=.*@@(user|pass|db|token|gv|cv)@@.*' ./* | sort -u
 }
 
 getVarFormVal () {
@@ -57,60 +60,6 @@ getVarFormVal () {
     grep "^[^#]*=$1" $2 | sed 's/\s*\([^=]*\).*/\1/'
 }
 
-########################################
-# synchronized SetAllPass.sh (find missing lvalues)
-updatePassFile () {
-    # $1 : ref filename
-    # $2 : target filename
-
-    REF_FILE="$1"
-    TARGET_FILE="$2"
-    NEED_UPDATE=
-    while : ; do
-	declare -a listRef listTarget missing
-	listRef=($(getVars "${REF_FILE}"))
-	listTarget=($(getVars "${TARGET_FILE}"))
-	missing=($(comm -23 <(printf "%s\n" ${listRef[@]}) <(printf "%s\n" ${listTarget[@]})))
-	if [ -n "${missing}" ]; then
-	    echo "missing vars in  ${YELLOW}${BOLD}${TARGET_FILE}${NC}:${RED}${BOLD}" ${missing[@]} "${NC}"
-	    read -p "Do you want to add them? [y/n]: " yn
-            case $yn in
-		""|[Yy]*)
-		    emacs "${REF_FILE}" "${TARGET_FILE}"
-		    NEED_UPDATE=true
-		    break
-		    ;;
-		[Nn]*)
-		    break
-		    ;;
-	    esac
-	else
-	    break
-	fi
-    done
-}
-
-updatePassFile "${TMPL_PASS_FILE}" "${RUN_PASS_FILE}"
-[ -n "${NEED_UPDATE}" ] && NEED_GEN=true
-updatePassFile "${RUN_PASS_FILE}" "${TMPL_PASS_FILE}"
-
-########################################
-# check empty pass in TMPL_PASS_FILE
-declare -a settedVars
-settedVars=($(getSettedVars "${TMPL_PASS_FILE}"))
-if [ -n "${settedVars}" ]; then
-    echo "unclear password in  ${YELLOW}${BOLD}${TMPL_PASS_FILE}${NC}:${BLUE}${BOLD}"
-    for var in ${settedVars[@]}; do
-	echo -e "\t${var}"
-    done
-    echo "${NC}"
-    read -p "Do you want to clear them? [y/n]: " yn
-    case $yn in
-	""|[Yy]*)
-	    emacs "${TMPL_PASS_FILE}"
-	    ;;
-    esac
-fi
 
 ########################################
 # check new files env-*
@@ -146,7 +95,7 @@ createMissingEnv "${TMPL_PASS_DIR}" "${RUN_PASS_DIR}"
 declare -a listTmpl listRun listCommonFiles
 listTmplFiles=($(cd "${TMPL_PASS_DIR}"; ls -1 env-* | grep -v '~$'))
 listRunFiles=($(cd "${RUN_PASS_DIR}"; ls -1 env-* | grep -v '~$'))
-listCommonFiles=($(comm -3 <(printf "%s\n" ${listTmplFiles[@]}) <(printf "%s\n" ${listRunFiles[@]})))
+listCommonFiles=($(comm -12 <(printf "%s\n" ${listTmplFiles[@]}) <(printf "%s\n" ${listRunFiles[@]})))
 for envFile in ${listCommonFiles[@]}; do
     while : ; do
 	TMPL_FILE="${TMPL_PASS_DIR}/${envFile}"
@@ -224,21 +173,19 @@ if [ -n "${missing}" ]; then
 fi
 
 ########################################
-# check env-* in updateDockerPassword.sh
+# check extention in dockers.env
-missing=($(for DIR in "${RUN_PASS_DIR}" "${TMPL_PASS_DIR}"; do
+declare -a missing
+unsetted=($(for DIR in "${RUN_PASS_DIR}"; do
 	       for envFile in $(ls -1 "${DIR}/"env-* | grep -v '~$'); do
 		   val="${envFile#*env-}"
 		   varName=$(getVarFormVal "${val}" "${DOCKERS_ENV}")
-		   [ -z "${varName}" ] && continue
+		   if [ -z "${varName}" ]; then
-		   prefixe=$(grep "^\s*updateEnv.*${varName}" "${KAZ_BIN_DIR}/updateDockerPassword.sh" |
+		       echo "${val}"
-				 sed 's/\s*updateEnv[^"]*"\([^"]*\)".*/\1/' | sort -u)
-		   if [ -z "${prefixe}" ]; then
-		       echo "${envFile#*/}_(\${KAZ_KEY_DIR}/env-\${"${varName}"})"
 		   fi
 	       done
 	   done | sort -u))
 if [ -n "${missing}" ]; then
-    echo "missing update in  ${GREEN}${BOLD}${KAZ_BIN_DIR}/updateDockerPassword.sh${NC}:${BLUE}${BOLD}"
+    echo "missing def in  ${GREEN}${BOLD}${DOCKERS_ENV}${NC}:${BLUE}${BOLD}"
     for var in ${missing[@]}; do
 	echo -e "\t${var}"
     done
@@ -246,53 +193,17 @@ if [ -n "${missing}" ]; then
     read -p "Do you want to add them? [y/n]: " yn
     case $yn in
 	""|[Yy]*)
-	    emacs "${KAZ_BIN_DIR}/updateDockerPassword.sh"
+	    emacs "${DOCKERS_ENV}"
 	    ;;
     esac
 fi
 
-########################################
-# synchronized SetAllPass.sh and env-*
-updateEnvFiles () {
-    # $1 secret dir
-    DIR=$1
-    listRef=($(getVars "${DIR}/SetAllPass.sh"))
-    missing=($(for envFile in $(ls -1 "${DIR}/"env-* | grep -v '~$'); do
-		   val="${envFile#*env-}"
-		   varName=$(getVarFormVal "${val}" "${DOCKERS_ENV}")
-		   [ -z "${varName}" ] && continue
-		   prefixe=$(grep "^\s*updateEnv.*${varName}" "${KAZ_BIN_DIR}/updateDockerPassword.sh" |
-				 sed 's/\s*updateEnv[^"]*"\([^"]*\)".*/\1/' | sort -u)
-		   [ -z "${prefixe}" ] && continue
-		   listVarsInEnv=($(getVars "${envFile}"))
-		   for var in ${listVarsInEnv[@]}; do
-		       [[ ! " ${listRef[@]} " =~ " ${prefixe}_${var} " ]] && echo "${prefixe}_${var}"
-		   done
-		   # XXX doit exister dans SetAllPass.sh avec le prefixe
-	       done))
-    if [ -n "${missing}" ]; then
-	echo "missing update in  ${GREEN}${BOLD}${DIR}/SetAllPass.sh${NC}:${BLUE}${BOLD}"
-	for var in ${missing[@]}; do
-	    echo -e "\t${var}"
-	done
-	echo "${NC}"
-	read -p "Do you want to add them? [y/n]: " yn
-	case $yn in
-	    ""|[Yy]*)
-		emacs "${DIR}/SetAllPass.sh"
-		;;
-	esac
-    fi
-}
 
-updateEnvFiles "${RUN_PASS_DIR}"
-updateEnvFiles "${TMPL_PASS_DIR}"
 
-# XXX chercher les variables non utilisées dans les SetAllPass.sh
 
 if [ -n "${NEED_GEN}" ]; then
     while : ; do
-	read -p "Do you want to generate blank values? [y/n]: " yn
+	read -p "Do you want to generate missing values? [y/n]: " yn
 	case $yn in
 	    ""|[Yy]*)
 	    	"${KAZ_BIN_DIR}/secretGen.sh"

bin/container.sh

@@ -192,7 +192,7 @@ saveComposes () {
 		saveDB ${etherpadDBName} "${etherpadDB_MYSQL_USER}" "${etherpadDB_MYSQL_PASSWORD}" "${etherpadDB_MYSQL_DATABASE}" etherpad mysql
 		;;
 	    framadate)
-		echo "save date"		
+		echo "save date"
 		. $KAZ_BIN_DIR/getPasswords.sh framadateDB
 		saveDB ${framadateDBName} "${framadateDB_MYSQL_USER}" "${framadateDB_MYSQL_PASSWORD}" "${framadateDB_MYSQL_DATABASE}" framadate mysql
 		;;
@@ -255,6 +255,11 @@ saveComposes () {
 			. $KAZ_KEY_DIR/orgas/$ORGA/env-wpDB
 		    saveDB "${ORGA}-DB" "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" "${ORGA}-wordpress" mysql
 		fi
+		if grep -q "spip:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then
+		    echo "    => spip"
+			. $KAZ_KEY_DIR/orgas/$ORGA/env-spipDB
+		    saveDB "${ORGA}-DB" "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" "${ORGA}-spip" mysql
+		fi
 		;;
 	esac
     done

bin/createDBUsers.sh

@@ -12,27 +12,21 @@ setKazVars
 # - pour les DB si on déclare un nouveau login, alors les privilèges sont créé mais les anciens pas révoqués
 
 . "${DOCKERS_ENV}"
-. "${KAZ_KEY_DIR}/SetAllPass.sh"
 
 createMysqlUser(){
     # $1 = envName
     # $2 = containerName of DB
 
-	. $KAZ_BIN_DIR/getPasswords.sh $1
+	. $KAZ_KEY_DIR/env-$1
     
-    rootPass="$1_MYSQL_ROOT_PASSWORD"
-    dbName="$1_MYSQL_DATABASE"
-    userName="$1_MYSQL_USER"
-    userPass="$1_MYSQL_PASSWORD"
-
     # seulement si pas de mdp pour root
     # pb oeuf et poule (il faudrait les anciennes valeurs) :
     # * si rootPass change, faire à la main
     # * si dbName change, faire à la main
     checkDockerRunning "$2" "$2" || return
     echo "change DB pass on docker $2"
-    echo "grant all privileges on ${!dbName}.* to '${!userName}' identified by '${!userPass}';" | \
+    echo "grant all privileges on ${MYSQL_DATABASE}.* to '${MYSQL_USER}' identified by '${MYSQL_PASSWORD}';" | \
-	docker exec -i $2 bash -c "mysql --user=root --password=${!rootPass}"
+	docker exec -i $2 bash -c "mysql --user=root --password=${MYSQL_ROOT_PASSWORD}"
 }
 
 

bin/getPasswords.sh

@@ -1,12 +1,15 @@
 #!/bin/bash
+#Ki: Gael
+#Kan: 2025
+#Koi: gestion mots de passe
+
+KAZ_ROOT=/kaz
 
-KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
 . "${KAZ_ROOT}/bin/.commonFunctions.sh"
-PRG=$(basename $0)
 QUIET=1
 
 usage() {
-echo "${PRG} [OPTIONS] [envname ...] 
+echo "getPasswords.sh [OPTIONS] [envname ...] 
 Récupère les variables d'environnement présentes dans /kaz/secret/env-envname et crée des variables à partir de ces noms là.
 Les variables sont du type envname_NOMVARIABLE=valeur
 On peut passer plusieurs fichiers env, à partir du moment ou ils sont tous dans le même répertoire !
@@ -19,13 +22,17 @@ OPTIONS
 "
 }
 
+if [ ! -d "${KAZ_KEY_DIR}/tmp" ]; then
+    mkdir "${KAZ_KEY_DIR}/tmp"
+fi
+
 for ARG in "$@"; do
     if [ -n "${DIRECTORYARG}" ]; then # après un -d
         SUBDIRECTORY="${ARG}"
-        DIRECTORYARG=
+        unset DIRECTORYARG
     elif  [ -n "${ECHOVARARG}" ]; then # après un -e
         VARTOECHO="${ARG}"
-        ECHOVARARG=
+        unset ECHOVARARG
         QUIET="/dev/null"  # pour ne pas avoir d'autres bruits ...
     else
 
@@ -46,6 +53,11 @@ for ARG in "$@"; do
     fi
 done
 
+getVars () {
+    # $1 : filename
+    grep "^[^#]*=" $1 | sed 's/\([^=]*\).*/\1/' | sort -u
+}
+
 NB_FILES=$(echo "${ENVFILES}" | wc -w )
 
 if [[ $NB_FILES = 0 ]]; then
@@ -55,10 +67,10 @@ fi
 
 for ENVFILE in $ENVFILES; do
     FILENAME="$KAZ_KEY_DIR/env-$ENVFILE"
-    VARNAME="$ENVFILE"_
+    VARSUFFIX="$ENVFILE"_
     if [ -n "${SUBDIRECTORY}" ]; then
       FILENAME="$KAZ_KEY_DIR/orgas/$SUBDIRECTORY/env-$ENVFILE"
-      VARNAME="${SUBDIRECTORY}-${ENVFILE}_"
+      VARSUFFIX="${SUBDIRECTORY}-${ENVFILE}_"
     fi
 
     if ! [ -f "$FILENAME" ]; then
@@ -66,11 +78,17 @@ for ENVFILE in $ENVFILES; do
       continue
     fi
 
-    # formule magique qui crée des variables envname_NOMVARIABLE=la valeur trouvé (le sed vire les commentaires et les lignes vides)
+    . $FILENAME # on récupère les variables
-    # on pourrait se contenter d'un "source env-file", mais avec un prefix dans les variables pour savoir ce qu'on manipule c'est bien aussi ...
+    vars=$(getVars $FILENAME)
-    $SIMU export $(sed -e 's/#.*//' -e '/^\s*$/d' "$FILENAME" | awk -F= -v ENV="$VARNAME" '{output=output" "ENV$1"="$2} END {print output}')
+    for var in $vars; do
+      $SIMU declare $VARSUFFIX$var=${!var}
+      unset $var
+    done
+    unset FILENAME VARSUFFIX vars
 done
 
 if [ -n "$VARTOECHO" ]; then
   echo ${!VARTOECHO}
 fi
+
+unset ENVFILES KAZ_ROOT SUBDIRECTORY SIMU QUIET NB_FILES VARTOECHO

config/orgaTmpl/docker-compose.yml

@@ -4,7 +4,7 @@ services:
 #{{db
   db:
     image: mariadb:11.4
-    container_name: ${orga}DB
+    container_name: ${orga}-DB
     #disk_quota: 10G
     command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
     restart: ${restartPolicy}
@@ -16,9 +16,9 @@ services:
     environment:
       - MARIADB_AUTO_UPGRADE=1      
     env_file:
-      - ../../secret/env-${nextcloudDBName}
+      - ../../secret/orgas/${orga}/env-${nextcloudDBName}
-#      - ../../secret/env-${mattermostDBName}
+#      - ../../secret/orgas/${orga}/env-${mattermostDBName}
-      - ../../secret/env-${wordpressDBName}
+      - ../../secret/orgas/${orga}/env-${wordpressDBName}
     networks:
       - orgaNet
     healthcheck: # utilisé par init-db.sh pour la créa d'orga
@@ -34,7 +34,7 @@ services:
 #{{cloud
   cloud:
     image: nextcloud
-    container_name: ${orga}${nextcloudServName}
+    container_name: ${orga}-${nextcloudServName}
     #disk_quota: 10G
     restart: ${restartPolicy}
     networks:
@@ -50,8 +50,8 @@ services:
       - ${smtpServName}:${smtpHost}
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.${orga}${nextcloudServName}.rule=Host(`${orga}${cloudHost}.${domain}`){{FOREIGN_NC}}"
+      - "traefik.http.routers.${orga}-${nextcloudServName}.rule=Host(`${orga}-${cloudHost}.${domain}`){{FOREIGN_NC}}"
-      - "traefik.http.routers.${orga}${nextcloudServName}.middlewares=nextcloud-redirectregex1@file,nextcloud-redirectregex2@file"
+      - "traefik.http.routers.${orga}-${nextcloudServName}.middlewares=nextcloud-redirectregex1@file,nextcloud-redirectregex2@file"
     volumes:
       - cloudMain:/var/www/html
       - cloudData:/var/www/html/data
@@ -63,10 +63,10 @@ services:
       - /etc/localtime:/etc/localtime:ro
       - /etc/timezone:/etc/timezone:ro
     env_file:
-      - ../../secret/env-${nextcloudServName}
+      - ../../secret/orgas/${orga}/env-${nextcloudServName}
-      - ../../secret/env-${nextcloudDBName}
+      - ../../secret/orgas/${orga}/env-${nextcloudDBName}
     environment:
-      - NEXTCLOUD_TRUSTED_DOMAINS=${orga}${cloudHost}.${domain}
+      - NEXTCLOUD_TRUSTED_DOMAINS=${orga}-${cloudHost}.${domain}
       - SMTP_HOST=${smtpHost}
       - SMTP_PORT=25
       - MAIL_DOMAIN=${domain}
@@ -80,7 +80,7 @@ services:
         - edition=team
         - PUID=1000
         - PGID=1000
-    container_name: ${orga}${mattermostServName}
+    container_name: ${orga}-${mattermostServName}
     #disk_quota: 10G
     restart: ${restartPolicy}
     # memory: 1G
@@ -109,20 +109,20 @@ services:
       - /etc/timezone:/etc/timezone:ro
       - /etc/environment:/etc/environment:ro
     env_file:
-      - ../../secret/env-${mattermostServName}
+      - ../../secret/orgas/${orga}/env-${mattermostServName}
     environment:
-      - VIRTUAL_HOST=${orga}${matterHost}.${domain}
+      - VIRTUAL_HOST=${orga}-${matterHost}.${domain}
       # in case your config is not in default location
       #- MM_CONFIG=/mattermost/config/config.json
 
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.${orga}${mattermostServName}.rule=Host(`${orga}${matterHost}.${domain}`)"
+      - "traefik.http.routers.${orga}-${mattermostServName}.rule=Host(`${orga}-${matterHost}.${domain}`)"
 #}}
 #{{wp
   wordpress:
     image: wordpress
-    container_name: ${orga}${wordpressServName}
+    container_name: ${orga}-${wordpressServName}
     restart: ${restartPolicy}
     networks:
       - orgaNet
@@ -136,17 +136,17 @@ services:
     external_links:
       - ${smtpServName}:${smtpHost}.${domain}
     env_file:
-      - ../../secret/env-${wordpressServName}
+      - ../../secret/orgas/${orga}/env-${wordpressServName}
     environment:
       - WORDPRESS_SMTP_HOST=${smtpHost}.${domain}
       - WORDPRESS_SMTP_PORT=25
       # - WORDPRESS_SMTP_USERNAME
       # - WORDPRESS_SMTP_PASSWORD
-      # - WORDPRESS_SMTP_FROM=${orga}
+      # - WORDPRESS_SMTP_FROM=${orga}-
-      - WORDPRESS_SMTP_FROM_NAME=${orga}
+      - WORDPRESS_SMTP_FROM_NAME=${orga}-
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.${orga}${wordpressServName}.rule=Host(`${orga}${wordpressHost}.${domain}`){{FOREIGN_WP}}"
+      - "traefik.http.routers.${orga}-${wordpressServName}.rule=Host(`${orga}-${wordpressHost}.${domain}`){{FOREIGN_WP}}"
     volumes:
       - wordpress:/var/www/html
 #      - ../../config/orgaTmpl/wp:/usr/local/bin/wp:ro
@@ -154,12 +154,12 @@ services:
 #{{wiki
   dokuwiki:
     image: mprasil/dokuwiki
-    container_name: ${orga}${dokuwikiServName}
+    container_name: ${orga}-${dokuwikiServName}
     #disk_quota: 10G
     restart: ${restartPolicy}
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.${orga}${dokuwikiServName}.rule=Host(`${orga}${dokuwikiHost}.${domain}`){{FOREIGN_DW}}"
+      - "traefik.http.routers.${orga}-${dokuwikiServName}.rule=Host(`${orga}-${dokuwikiHost}.${domain}`){{FOREIGN_DW}}"
     volumes:
       - wikiData:/dokuwiki/data
       - wikiConf:/dokuwiki/conf
@@ -175,7 +175,7 @@ services:
 #{{castopod
   castopod:
     image: castopod/castopod:latest
-    container_name: ${orga}${castopodServName}
+    container_name: ${orga}-${castopodServName}
     #disk_quota: 10G
     restart: ${restartPolicy}
     # memory: 1G
@@ -193,27 +193,27 @@ services:
     volumes:
       - castopodMedia:/var/www/castopod/public/media
     environment:
-      CP_BASEURL: "https://${orga}${castopodHost}.${domain}"
+      CP_BASEURL: "https://${orga}-${castopodHost}.${domain}"
       CP_ANALYTICS_SALT: qldsgfliuzrbhgmkjbdbmkvb
       VIRTUAL_PORT: 8000
       CP_CACHE_HANDLER: redis
       CP_REDIS_HOST: redis
       CP_DATABASE_HOSTNAME: db
     env_file:
-      - ../../secret/env-${castopodServName}
+      - ../../secret/orgas/${orga}/env-${castopodServName}
-      - ../../secret/env-${castopodDBName}
+      - ../../secret/orgas/${orga}/env-${castopodDBName}
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.${orga}${castopodServName}.rule=Host(`${orga}${castopodHost}.${domain}`){{FOREIGN_POD}}"
+      - "traefik.http.routers.${orga}-${castopodServName}.rule=Host(`${orga}-${castopodHost}.${domain}`){{FOREIGN_POD}}"
   redis:
     image: redis:7.0-alpine
-    container_name: ${orga}castopodCache
+    container_name: ${orga}-castopodCache
     volumes:
       - castopodCache:/data
     networks:
       - orgaNet
     env_file:
-      - ../../secret/env-${castopodServName}
+      - ../../secret/orgas/${orga}/env-${castopodServName}
     command: --requirepass ${castopodRedisPassword} 
 #}}
 #{{spip
@@ -225,16 +225,16 @@ services:
     links:
       - db
     env_file:
-      - ../../secret/env-${spipServName}
+      - ../../secret/orgas/${orga}/env-${spipServName}
     environment:
       - SPIP_AUTO_INSTALL=1
       - SPIP_DB_HOST=db
-      - SPIP_SITE_ADDRESS=https://${orga}${spipHost}.${domain}
+      - SPIP_SITE_ADDRESS=https://${orga}-${spipHost}.${domain}
     expose:
       - 80
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.${orga}${spipServName}.rule=Host(`${orga}${spipHost}.${domain}`){{FOREIGN_SPIP}}"
+      - "traefik.http.routers.${orga}-${spipServName}.rule=Host(`${orga}-${spipHost}.${domain}`){{FOREIGN_SPIP}}"
     networks:
       - orgaNet
     volumes:
@@ -250,84 +250,84 @@ volumes:
 #{{db
   orgaDB:
     external: true
-    name: orga_${orga}orgaDB
+    name: orga_${orga}-orgaDB
 #}}
 #{{agora
   matterConfig:
     external: true
-    name: orga_${orga}matterConfig
+    name: orga_${orga}-matterConfig
   matterData:
     external: true
-    name: orga_${orga}matterData
+    name: orga_${orga}-matterData
   matterLogs:
     external: true
-    name: orga_${orga}matterLogs
+    name: orga_${orga}-matterLogs
   matterPlugins:
     external: true
-    name: orga_${orga}matterPlugins
+    name: orga_${orga}-matterPlugins
   matterClientPlugins:
     external: true
-    name: orga_${orga}matterClientPlugins
+    name: orga_${orga}-matterClientPlugins
   matterIcons:
     external: true
     name: matterIcons
 #{{cloud
   cloudMain:
     external: true
-    name: orga_${orga}cloudMain
+    name: orga_${orga}-cloudMain
   cloudData:
     external: true
-    name: orga_${orga}cloudData
+    name: orga_${orga}-cloudData
   cloudConfig:
     external: true
-    name: orga_${orga}cloudConfig
+    name: orga_${orga}-cloudConfig
   cloudApps:
     external: true
-    name: orga_${orga}cloudApps
+    name: orga_${orga}-cloudApps
   cloudCustomApps:
     external: true
-    name: orga_${orga}cloudCustomApps
+    name: orga_${orga}-cloudCustomApps
   cloudThemes:
     external: true
-    name: orga_${orga}cloudThemes
+    name: orga_${orga}-cloudThemes
   cloudPhp:
     external: true
-    name: orga_${orga}cloudPhp
+    name: orga_${orga}-cloudPhp
 #}}
 #{{wiki
   wikiData:
     external: true
-    name: orga_${orga}wikiData
+    name: orga_${orga}-wikiData
   wikiConf:
     external: true
-    name: orga_${orga}wikiConf
+    name: orga_${orga}-wikiConf
   wikiPlugins:
     external: true
-    name: orga_${orga}wikiPlugins
+    name: orga_${orga}-wikiPlugins
   wikiLibtpl:
     external: true
-    name: orga_${orga}wikiLibtpl
+    name: orga_${orga}-wikiLibtpl
   wikiLogs:
     external: true
-    name: orga_${orga}wikiLogs
+    name: orga_${orga}-wikiLogs
 #}}
 #{{wp
   wordpress:
     external: true
-    name: orga_${orga}wordpress
+    name: orga_${orga}-wordpress
 #}}
 #{{castopod
   castopodMedia:
     external: true
-    name: orga_${orga}castopodMedia
+    name: orga_${orga}-castopodMedia
   castopodCache:
     external: true
-    name: orga_${orga}castopodCache
+    name: orga_${orga}-castopodCache
 #}}
 #{{spip
   spip:
     external: true
-    name: orga_${orga}spip
+    name: orga_${orga}-spip
 #}}
 
 
@@ -335,7 +335,7 @@ volumes:
 networks:
   orgaNet:
     external: true
-    name: ${orga}orgaNet
+    name: ${orga}-orgaNet
   # postfixNet:
   #   external:
   #     name: postfixNet

config/orgaTmpl/init-db.sh

@@ -4,7 +4,6 @@ KAZ_ROOT=$(cd $(dirname $0)/../..; pwd)
 . "${KAZ_ROOT}/bin/.commonFunctions.sh"
 setKazVars
 . "${DOCKERS_ENV}"
-. "${KAZ_KEY_DIR}/SetAllPass.sh"
 
 cd $(dirname $0)
 ORGA_DIR="$(basename "$(pwd)")"

config/orgaTmpl/orga-gen.sh

@@ -389,7 +389,7 @@ update() {
 					       -e "s/{{FOREIGN_DW}}/${FOREIGN_DW}/"\
 					       -e "s/{{FOREIGN_POD}}/${FOREIGN_POD}/"\
 						   -e "s/{{FOREIGN_SPIP}}/${FOREIGN_SPIP}/"\
-					       -e "s|\${orga}|${ORGA}-|g"
+					       -e "s|\${orga}|${ORGA}|g"
     ) > "$2"
     sed "s/storage_opt:.*/storage_opt: ${quota}/g" -i "$2"
 }
@@ -419,6 +419,11 @@ if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then
     ln -sf ../../config/orgaTmpl/init-db.sh
 fi
 
+if [ ! -d "${KAZ_KEY_DIR}/orgas/$ORGA/" ]; then
+    rsync -a "${KAZ_CONF_DIR}/orgaTmpl/secret.tmpl/" "${KAZ_KEY_DIR}/orgas/$ORGA/"
+	${KAZ_BIN_DIR}/secretGen.sh -d $ORGA
+fi
+
 if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then
     # ########## update ${DOCKERS_ENV}
     if ! grep -q "proxy_orga=" .env 2> /dev/null

config/orgaTmpl/orga-rm.sh

@@ -40,6 +40,8 @@ remove () {
 	    sed -i -e "/proxy_${ORGA_FLAG}=/d" "${DOCKERS_ENV}"
 	    sed -i -e "/^${ORGA}-orga$/d" "${ORGA_LIST}"
 	    rm -fr "${KAZ_COMP_DIR}/${ORGA}-orga"
+		
+	    rm -fr "${KAZ_KEY_DIR}/orgas/${ORGA}"
 	    exit;;
 	    [Nn]* )
 

config/orgaTmpl/secret.tmpl/env-castopodAdmin

@@ -0,0 +1,3 @@
+ADMIN_USER=@@pass@@castopod2@@p@@
+ADMIN_MAIL=admin@@@globalvar@@domain@@gv@@
+ADMIN_PASSWORD=@@pass@@castopod3@@p@@

config/orgaTmpl/secret.tmpl/env-castopodDB

@@ -0,0 +1,4 @@
+MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
+MYSQL_USER=@@user@@castopod1@@u@@
+MYSQL_PASSWORD=@@pass@@castopod1@@p@@
+MYSQL_DATABASE=@@db@@castopod1@@d@@

config/orgaTmpl/secret.tmpl/env-castopodServ

@@ -0,0 +1,7 @@
+CP_EMAIL_SMTP_HOST= 
+CP_EMAIL_FROM=	
+CP_EMAIL_SMTP_USERNAME=
+CP_EMAIL_SMTP_PASSWORD=
+CP_EMAIL_SMTP_PORT=
+CP_EMAIL_SMTP_CRYPTO=
+CP_REDIS_PASSWORD=

config/orgaTmpl/secret.tmpl/env-mattermostDB

@@ -0,0 +1,9 @@
+
+MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
+MYSQL_DATABASE=@@db@@mattermost@@d@@
+MYSQL_USER=@@user@@mattermost@@u@@
+MYSQL_PASSWORD=@@pass@@mattermost@@p@@
+
+POSTGRES_USER=@@user@@mattermost@@u@@
+POSTGRES_PASSWORD=@@pass@@mattermost@@p@@
+POSTGRES_DB=@@db@@mattermost@@d@@

config/orgaTmpl/secret.tmpl/env-mattermostServ

@@ -0,0 +1,9 @@
+
+MM_ADMIN_EMAIL=@@globalvar@@matterHost@@gv@@@@@globalvar@@domain@@gv@@
+MM_ADMIN_USER=@@user@@mattermost2@@u@@
+MM_ADMIN_PASSWORD=@@pass@@mattermost2@@p@@
+
+
+MM_SQLSETTINGS_DRIVERNAME=postgres
+MM_SQLSETTINGS_DATASOURCE=postgres://@@user@@mattermost@@u@@:@@pass@@mattermost@@p@@@postgres:5432/@@db@@mattermost@@d@@?sslmode=disable&connect_timeout=10
+

config/orgaTmpl/secret.tmpl/env-nextcloudDB

@@ -0,0 +1,8 @@
+
+MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
+MYSQL_DATABASE=@@db@@nextcloud@@d@@
+MYSQL_USER=@@user@@nextcloud@@u@@
+MYSQL_PASSWORD=@@pass@@nextcloud@@p@@
+
+#NC_MYSQL_USER=
+#NC_MYSQL_PASSWORD=

config/orgaTmpl/secret.tmpl/env-nextcloudServ

@@ -0,0 +1,5 @@
+
+NEXTCLOUD_ADMIN_USER=@@user@@nextcloudadmin@@u@@
+NEXTCLOUD_ADMIN_PASSWORD=@@pass@@nextcloudadmin@@p@@
+MYSQL_HOST=db
+RAIN_LOOP=@@pass@@rainloop@@p@@

config/orgaTmpl/secret.tmpl/env-spipDB

@@ -0,0 +1,4 @@
+MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
+MYSQL_DATABASE=@@db@@spip@@d@@
+MYSQL_USER=@@user@@spip@@u@@
+MYSQL_PASSWORD=@@pass@@spip@@p@@

config/orgaTmpl/secret.tmpl/env-spipServ

@@ -0,0 +1,10 @@
+SPIP_AUTO_INSTALL=1
+SPIP_DB_SERVER=mysql
+SPIP_DB_NAME=@@db@@spip@@d@@
+SPIP_DB_LOGIN=@@user@@spip@@u@@
+SPIP_DB_PASS=@@pass@@spip@@p@@
+SPIP_ADMIN_NAME=admin
+SPIP_ADMIN_LOGIN=@@user@@spipadmin@@u@@
+SPIP_ADMIN_EMAIL=admin@@@globalvar@@domain@@gv@@
+SPIP_ADMIN_PASS=@@pass@@spipadmin@@p@@
+PHP_TIMEZONE=Europe/Paris

config/orgaTmpl/secret.tmpl/env-wpDB

@@ -0,0 +1,4 @@
+MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
+MYSQL_DATABASE=@@db@@wp@@d@@
+MYSQL_USER=@@user@@wp@@u@@
+MYSQL_PASSWORD=@@pass@@wp@@p@@

config/orgaTmpl/secret.tmpl/env-wpServ

@@ -0,0 +1,8 @@
+# share with wpDB
+
+WORDPRESS_DB_HOST=db:3306
+WORDPRESS_ADMIN_USER=@@user@@adminwp@@u@@
+WORDPRESS_ADMIN_PASSWORD=@@pass@@adminwp@@p@@
+WORDPRESS_DB_NAME=@@db@@wp@@d@@
+WORDPRESS_DB_USER=@@user@@wp@@u@@
+WORDPRESS_DB_PASSWORD=@@pass@@wp@@p@@

secret.tmpl/env-ldapServ

@@ -1,9 +1,9 @@
-LDAP_ADMIN_USERNAME="@@user@@ldap@@u@@"
+LDAP_ADMIN_USERNAME=@@user@@ldap@@u@@
-LDAP_ADMIN_PASSWORD="@@pass@@ldap@@p@@"
+LDAP_ADMIN_PASSWORD=@@pass@@ldap@@p@@
-LDAP_CONFIG_ADMIN_USERNAME="@@user@@ldapconfig@@u@@"
+LDAP_CONFIG_ADMIN_USERNAME=@@user@@ldapconfig@@u@@
-LDAP_CONFIG_ADMIN_PASSWORD="@@pass@@ldapconfig@@p@@"
+LDAP_CONFIG_ADMIN_PASSWORD=@@pass@@ldapconfig@@p@@
-LDAP_POSTFIX_PASSWORD="@@pass@@ldappostfix@@p@@"
+LDAP_POSTFIX_PASSWORD=@@pass@@ldappostfix@@p@@
-LDAP_LDAPUI_PASSWORD="@@pass@@ldapui@@p@@"
+LDAP_LDAPUI_PASSWORD=@@pass@@ldapui@@p@@
-LDAP_MATTERMOST_PASSWORD="@@pass@@ldapmm@@p@@"
+LDAP_MATTERMOST_PASSWORD=@@pass@@ldapmm@@p@@
-LDAP_CLOUD_PASSWORD="@@pass@@ldapcloud@@p@@"
+LDAP_CLOUD_PASSWORD=@@pass@@ldapcloud@@p@@
-LDAP_MOBILIZON_PASSWORD="@@pass@@ldapmobilizon@@p@@"
+LDAP_MOBILIZON_PASSWORD=@@pass@@ldapmobilizon@@p@@

secret.tmpl/env-ldapUI

@@ -1,9 +1,9 @@
 LDAPUI_URI=ldap://ldap
-LDAPUI_BASE_DN="@@globalvar@@ldap_root@@gv@@"
+LDAPUI_BASE_DN=@@globalvar@@ldap_root@@gv@@
 LDAPUI_REQUIRE_STARTTLS=FALSE
 LDAPUI_ADMINS_GROUP=admins
 LDAPUI_ADMIN_BIND_DN=cn=ldapui,ou=applications,@@globalvar@@ldap_root@@gv@@
-LDAPUI_ADMIN_BIND_PWD="@@pass@@ldapui@@p@@"
+LDAPUI_ADMIN_BIND_PWD=@@pass@@ldapui@@p@@
 LDAPUI_IGNORE_CERT_ERRORS=TRUE
-LDAPUI_PASSWORD="@@pass@@ldapuipass@@p@@"
+LDAPUI_PASSWORD=@@pass@@ldapuipass@@p@@
-LDAPUI_MM_ADMIN_TOKEN="@@crossvar@@mattermostAdmin_mattermost_token@@cv@@"
+LDAPUI_MM_ADMIN_TOKEN=@@crossvar@@mattermostAdmin_mattermost_token@@cv@@

secret.tmpl/env-mail

@@ -1,2 +1,2 @@
 service_mail=admin@@@globalvar@@domain@@gv@@
-service_password="@@pass@@servicemail@@p@@"
+service_password=@@pass@@servicemail@@p@@

secret.tmpl/env-mastodonServ

@@ -3,7 +3,7 @@ OTP_SECRET=@@token@@masto-otp@@t@@
 ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=
 ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=
 ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=
-VAPID_PRIVATE_KEY==
+VAPID_PRIVATE_KEY=
 VAPID_PUBLIC_KEY=
 SMTP_PASSWORD=
 EMAIL_DOMAIN_ALLOWLIST=