From 44ff3980f9ab8225a5daed0061dfb95f3d47915f Mon Sep 17 00:00:00 2001 From: Gael Date: Wed, 23 Jul 2025 03:19:27 +0200 Subject: [PATCH] =?UTF-8?q?SetAllPass=20a=20disparu=20!=20Reste=20le=20sec?= =?UTF-8?q?retgen=20=C3=A0=20refaire=20+=20revoir=20les=20valeurs=20"li?= =?UTF-8?q?=C3=A9es"=20par=20setallpass.=20Rien=20n'est=20test=C3=A9=20pou?= =?UTF-8?q?r=20le=20moment.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bin/applyTemplate.sh | 11 +- bin/container.sh | 58 ++-- bin/createDBUsers.sh | 87 ++++++ bin/createEmptyPasswd.sh | 104 ------- bin/createSrcDocker.sh | 7 +- bin/createUser.sh | 42 +-- bin/gestContainers.sh | 1 - bin/gestContainers_v2.sh | 2 +- bin/gestUsers.sh | 90 +++--- bin/getPasswords.sh | 63 +++++ bin/init.sh | 3 +- bin/interoPaheko.sh | 3 +- bin/ldap/ldapvi.sh | 4 +- bin/ldap/migrate_to_ldap.sh | 10 +- bin/ldap/tests/nc_orphans.sh | 5 +- bin/manageAgora.sh | 16 +- bin/manageCastopod.sh | 15 +- bin/manageCloud.sh | 34 ++- bin/manageWiki.sh | 18 +- bin/manageWp.sh | 8 +- bin/migration.sh | 3 +- bin/nextcloud_maintenance.sh | 1 + bin/postfix-superviz.sh | 2 + bin/scriptBorg.sh | 2 +- bin/updateDockerPassword.sh | 127 --------- config/dockers.tmpl.env | 5 + config/orgaTmpl/app/Dockerfile | 58 ---- config/orgaTmpl/app/entrypoint.sh | 82 ------ config/orgaTmpl/init-db.sh | 51 ++-- config/orgaTmpl/initdb.d/orga.sql | 3 - config/orgaTmpl/wiki-conf/acl.auth.php | 10 - config/orgaTmpl/wiki-conf/local.php | 26 -- config/orgaTmpl/wiki-conf/users.auth.php | 13 - config/proxy/proxy_params | 21 -- dockers/ldap/UIHooks/post-hook.sh | 4 +- dockers/sympa/alerting/sympa.sh | 2 +- dockers/traefik/proxy-gen.sh | 2 +- secret.tmpl/SetAllPass.sh | 341 +---------------------- secret.tmpl/env-borg | 17 ++ secret.tmpl/env-castopodAdmin | 3 + secret.tmpl/env-mail | 2 + secret.tmpl/env-mattermostAdmin | 3 + secret.tmpl/env-paheko | 2 + secret.tmpl/env-traefik | 2 + secret.tmpl/env-wpServ | 2 + 45 files changed, 421 insertions(+), 944 deletions(-) create mode 100644 bin/createDBUsers.sh delete mode 100755 bin/createEmptyPasswd.sh create mode 100644 bin/getPasswords.sh delete mode 100755 bin/updateDockerPassword.sh delete mode 100644 config/orgaTmpl/app/Dockerfile delete mode 100755 config/orgaTmpl/app/entrypoint.sh delete mode 100644 config/orgaTmpl/initdb.d/orga.sql delete mode 100644 config/orgaTmpl/wiki-conf/acl.auth.php delete mode 100644 config/orgaTmpl/wiki-conf/local.php delete mode 100644 config/orgaTmpl/wiki-conf/users.auth.php delete mode 100644 config/proxy/proxy_params create mode 100644 secret.tmpl/env-borg create mode 100644 secret.tmpl/env-castopodAdmin create mode 100644 secret.tmpl/env-mail create mode 100644 secret.tmpl/env-mattermostAdmin create mode 100644 secret.tmpl/env-paheko create mode 100644 secret.tmpl/env-traefik diff --git a/bin/applyTemplate.sh b/bin/applyTemplate.sh index 82bf275..8128c04 100755 --- a/bin/applyTemplate.sh +++ b/bin/applyTemplate.sh @@ -16,7 +16,6 @@ KAZ_ROOT=$(cd "$(dirname $0)/.."; pwd) setKazVars . "${DOCKERS_ENV}" -. "${KAZ_KEY_DIR}/SetAllPass.sh" usage () { echo $(basename "$0") " [-h] [-help] [-timestamp] template dst" @@ -64,8 +63,8 @@ done -e "s|__DOKUWIKI_HOST__|${dokuwikiHost}|g"\ -e "s|__DOMAIN__|${domain}|g"\ -e "s|__FILE_HOST__|${fileHost}|g"\ - -e "s|__PAHEKO_API_PASSWORD__|${paheko_API_PASSWORD}|g"\ - -e "s|__PAHEKO_API_USER__|${paheko_API_USER}|g"\ +# -e "s|__PAHEKO_API_PASSWORD__|${paheko_API_PASSWORD}|g"\ +# -e "s|__PAHEKO_API_USER__|${paheko_API_USER}|g"\ -e "s|__PAHEKO_HOST__|${pahekoHost}|g"\ -e "s|__GIT_HOST__|${gitHost}|g"\ -e "s|__GRAV_HOST__|${gravHost}|g"\ @@ -79,9 +78,9 @@ done -e "s|__SMTP_HOST__|${smtpHost}|g"\ -e "s|__SYMPADB__|${sympaDBName}|g"\ -e "s|__SYMPA_HOST__|${sympaHost}|g"\ - -e "s|__SYMPA_MYSQL_DATABASE__|${sympa_MYSQL_DATABASE}|g"\ - -e "s|__SYMPA_MYSQL_PASSWORD__|${sympa_MYSQL_PASSWORD}|g"\ - -e "s|__SYMPA_MYSQL_USER__|${sympa_MYSQL_USER}|g"\ +# -e "s|__SYMPA_MYSQL_DATABASE__|${sympa_MYSQL_DATABASE}|g"\ +# -e "s|__SYMPA_MYSQL_PASSWORD__|${sympa_MYSQL_PASSWORD}|g"\ +# -e "s|__SYMPA_MYSQL_USER__|${sympa_MYSQL_USER}|g"\ -e "s|__VIGILO_HOST__|${vigiloHost}|g"\ -e "s|__WEBMAIL_HOST__|${webmailHost}|g"\ -e "s|__CASTOPOD_HOST__|${castopodHost}|g"\ diff --git a/bin/container.sh b/bin/container.sh index b27ccc3..0eea1b9 100755 --- a/bin/container.sh +++ b/bin/container.sh @@ -61,20 +61,6 @@ doCompose () { ${SIMU} ln -fs ../../config/dockers.env .env fi ${SIMU} docker-compose $1 - - if [ "$2" = "cachet" ] && [ "$1" != "down" ]; then - NEW_KEY=$(cd "${KAZ_COMP_DIR}/$2" ; docker-compose logs | grep APP_KEY=base64: | sed "s/^.*'APP_KEY=\(base64:[^']*\)'.*$/\1/" | tail -1) - if [ -n "${NEW_KEY}" ]; then - printKazMsg "cachet key change" - # change key - ${SIMU} sed -i \ - -e 's%^\(\s*cachet_APP_KEY=\).*$%\1"'"${NEW_KEY}"'"%' \ - "${KAZ_KEY_DIR}/SetAllPass.sh" - ${SIMU} "${KAZ_BIN_DIR}/secretGen.sh" - # restart - ${SIMU} docker-compose $1 - fi - fi } doComposes () { @@ -177,7 +163,6 @@ statusComposes () { saveComposes () { . "${DOCKERS_ENV}" - . "${KAZ_ROOT}/secret/SetAllPass.sh" savedComposes+=( ${enableMailComposes[@]} ) savedComposes+=( ${enableProxyComposes[@]} ) @@ -195,67 +180,80 @@ saveComposes () { ;; sympa) echo "save sympa" - saveDB ${sympaDBName} "${sympa_MYSQL_USER}" "${sympa_MYSQL_PASSWORD}" "${sympa_MYSQL_DATABASE}" sympa mysql + . $KAZ_BIN_DIR/getPasswords.sh sympaDB + saveDB ${sympaDBName} "${sympaDB_MYSQL_USER}" "${sympaDB_MYSQL_PASSWORD}" "${sympaDB_MYSQL_DATABASE}" sympa mysql ;; web) # rien à faire (fichiers) ;; etherpad) echo "save pad" - saveDB ${etherpadDBName} "${etherpad_MYSQL_USER}" "${etherpad_MYSQL_PASSWORD}" "${etherpad_MYSQL_DATABASE}" etherpad mysql + . $KAZ_BIN_DIR/getPasswords.sh etherpadDB + saveDB ${etherpadDBName} "${etherpadDB_MYSQL_USER}" "${etherpadDB_MYSQL_PASSWORD}" "${etherpadDB_MYSQL_DATABASE}" etherpad mysql ;; framadate) - echo "save date" - saveDB ${framadateDBName} "${framadate_MYSQL_USER}" "${framadate_MYSQL_PASSWORD}" "${framadate_MYSQL_DATABASE}" framadate mysql + echo "save date" + . $KAZ_BIN_DIR/getPasswords.sh framadateDB + saveDB ${framadateDBName} "${framadateDB_MYSQL_USER}" "${framadateDB_MYSQL_PASSWORD}" "${framadateDB_MYSQL_DATABASE}" framadate mysql ;; cloud) echo "save cloud" - saveDB ${nextcloudDBName} "${nextcloud_MYSQL_USER}" "${nextcloud_MYSQL_PASSWORD}" "${nextcloud_MYSQL_DATABASE}" nextcloud mysql + . $KAZ_BIN_DIR/getPasswords.sh nextcloudDB + saveDB ${nextcloudDBName} "${nextcloudDB_MYSQL_USER}" "${nextcloudDB_MYSQL_PASSWORD}" "${nextcloudDB_MYSQL_DATABASE}" nextcloud mysql ;; paheko) # rien à faire (fichiers) ;; mattermost) echo "save mattermost" - saveDB matterPG "${mattermost_POSTGRES_USER}" "${mattermost_POSTGRES_PASSWORD}" "${mattermost_POSTGRES_DB}" mattermost postgres + . $KAZ_BIN_DIR/getPasswords.sh mattermostDB + saveDB matterPG "${mattermostDB_POSTGRES_USER}" "${mattermostDB_POSTGRES_PASSWORD}" "${mattermostDB_POSTGRES_DB}" mattermost postgres ;; mobilizon) echo "save mobilizon" - saveDB ${mobilizonDBName} "${mobilizon_POSTGRES_USER}" "${mobilizon_POSTGRES_PASSWORD}" "${mobilizon_POSTGRES_DB}" mobilizon postgres + . $KAZ_BIN_DIR/getPasswords.sh mobilizonDB + saveDB ${mobilizonDBName} "${mobilizonDB_POSTGRES_USER}" "${mobilizonDB_POSTGRES_PASSWORD}" "${mobilizonDB_POSTGRES_DB}" mobilizon postgres ;; peertube) echo "save peertube" - saveDB ${peertubeDBName} "${peertube_POSTGRES_USER}" "${peertube_POSTGRES_PASSWORD}" "${PEERTUBE_DB_HOSTNAME}" peertube postgres + . $KAZ_BIN_DIR/getPasswords.sh peertubeDB + saveDB ${peertubeDBName} "${peertubeDB_POSTGRES_USER}" "${peertubeDB_POSTGRES_PASSWORD}" "${peertubeDB_PEERTUBE_DB_HOSTNAME}" peertube postgres ;; mastodon) echo "save mastodon" - saveDB ${mastodonDBName} "${mastodon_POSTGRES_USER}" "${mastodon_POSTGRES_PASSWORD}" "${mastodon_POSTGRES_DB}" mastodon postgres + . $KAZ_BIN_DIR/getPasswords.sh mastodonDB + saveDB ${mastodonDBName} "${mastodonDB_POSTGRES_USER}" "${mastodonDB_POSTGRES_PASSWORD}" "${mastodonDB_POSTGRES_DB}" mastodon postgres ;; roundcube) echo "save roundcube" - saveDB ${roundcubeDBName} "${roundcube_MYSQL_USER}" "${roundcube_MYSQL_PASSWORD}" "${roundcube_MYSQL_DATABASE}" roundcube mysql + . $KAZ_BIN_DIR/getPasswords.sh roundcubeDB + saveDB ${roundcubeDBName} "${roundcubeDB_MYSQL_USER}" "${roundcubeDB_MYSQL_PASSWORD}" "${roundcubeDB_MYSQL_DATABASE}" roundcube mysql ;; vaultwarden) echo "save vaultwarden" - saveDB ${vaultwardenDBName} "${vaultwarden_MYSQL_USER}" "${vaultwarden_MYSQL_PASSWORD}" "${vaultwarden_MYSQL_DATABASE}" vaultwarden mysql + . $KAZ_BIN_DIR/getPasswords.sh vaultwardenDB + saveDB ${vaultwardenDBName} "${vaultwardenDB_MYSQL_USER}" "${vaultwardenDB_MYSQL_PASSWORD}" "${vaultwardenDB_MYSQL_DATABASE}" vaultwarden mysql ;; dokuwiki) # rien à faire (fichiers) ;; *-orga) ORGA=${compose%-orga} - echo "save ${ORGA}" + echo "save ${ORGA}" if grep -q "cloud:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then echo " => cloud" - saveDB "${ORGA}-DB" "${nextcloud_MYSQL_USER}" "${nextcloud_MYSQL_PASSWORD}" "${nextcloud_MYSQL_DATABASE}" "${ORGA}-cloud" mysql + . $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudDB + saveDB "${ORGA}-DB" "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" "${ORGA}-cloud" mysql fi if grep -q "agora:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then echo " => mattermost" - saveDB "${ORGA}-DB" "${mattermost_MYSQL_USER}" "${mattermost_MYSQL_PASSWORD}" "${mattermost_MYSQL_DATABASE}" "${ORGA}-mattermost" mysql + . $KAZ_KEY_DIR/orgas/$ORGA/env-mattermostDB + saveDB "${ORGA}-DB" "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" "${ORGA}-mattermost" mysql fi if grep -q "wordpress:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then echo " => wordpress" - saveDB "${ORGA}-DB" "${wp_MYSQL_USER}" "${wp_MYSQL_PASSWORD}" "${wp_MYSQL_DATABASE}" "${ORGA}-wordpress" mysql + . $KAZ_KEY_DIR/orgas/$ORGA/env-wpDB + saveDB "${ORGA}-DB" "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" "${ORGA}-wordpress" mysql fi ;; esac diff --git a/bin/createDBUsers.sh b/bin/createDBUsers.sh new file mode 100644 index 0000000..9bdac1b --- /dev/null +++ b/bin/createDBUsers.sh @@ -0,0 +1,87 @@ +#!/bin/bash + +KAZ_ROOT=$(cd $(dirname $0)/..; pwd) +. "${KAZ_ROOT}/bin/.commonFunctions.sh" +setKazVars + +# pour mise au point +# SIMU=echo + +# Améliorations à prévoir +# - donner en paramètre les services concernés (pour limité les modifications) +# - pour les DB si on déclare un nouveau login, alors les privilèges sont créé mais les anciens pas révoqués + +. "${DOCKERS_ENV}" +. "${KAZ_KEY_DIR}/SetAllPass.sh" + +createMysqlUser(){ + # $1 = envName + # $2 = containerName of DB + + . $KAZ_BIN_DIR/getPasswords.sh $1 + + rootPass="$1_MYSQL_ROOT_PASSWORD" + dbName="$1_MYSQL_DATABASE" + userName="$1_MYSQL_USER" + userPass="$1_MYSQL_PASSWORD" + + # seulement si pas de mdp pour root + # pb oeuf et poule (il faudrait les anciennes valeurs) : + # * si rootPass change, faire à la main + # * si dbName change, faire à la main + checkDockerRunning "$2" "$2" || return + echo "change DB pass on docker $2" + echo "grant all privileges on ${!dbName}.* to '${!userName}' identified by '${!userPass}';" | \ + docker exec -i $2 bash -c "mysql --user=root --password=${!rootPass}" +} + + + +framadateUpdate(){ + [[ "${COMP_ENABLE}" =~ " framadate " ]] || return + if [ ! -f "${DOCK_LIB}/volumes/framadate_dateConfig/_data/config.php" ]; then + return 0 + fi + .$KAZ_BIN_DIR/getPasswords.sh framadateDB framadateServ + + checkDockerRunning "${framadateServName}" "Framadate" && + ${SIMU} docker exec -ti "${framadateServName}" bash -c -i "htpasswd -bc /var/framadate/admin/.htpasswd ${framadateServ_HTTPD_USER} ${framadateServ_HTTPD_PASSWORD}" + ${SIMU} sed -i \ + -e "s/^#*const DB_USER[ ]*=.*$/const DB_USER= '${framadateDB_MYSQL_USER}';/g" \ + -e "s/^#*const DB_PASSWORD[ ]*=.*$/const DB_PASSWORD= '${framadateDB_MYSQL_PASSWORD}';/g" \ + "${DOCK_LIB}/volumes/framadate_dateConfig/_data/config.php" +} + +jirafeauUpdate(){ + [[ "${COMP_ENABLE}" =~ " jirafeau " ]] || return + if [ ! -f "${DOCK_LIB}/volumes/jirafeau_fileConfig/_data/config.local.php" ]; then + return 0 + fi + . $KAZ_BIN_DIR/getPasswords.sh jirafeauServ + SHA=$(echo -n "${jirafeauServ_HTTPD_PASSWORD}" | sha256sum | cut -d \ -f 1) + ${SIMU} sed -i \ + -e "s/'admin_password'[ ]*=>[ ]*'[^']*'/'admin_password' => '${SHA}'/g" \ + "${DOCK_LIB}/volumes/jirafeau_fileConfig/_data/config.local.php" +} + +#################### +# main + +createMysqlUser "etherpadDB" "${etherpadDBName}" +createMysqlUser "framadateDB" "${framadateDBName}" +createMysqlUser "giteaDB" "${gitDBName}" +createMysqlUser "mattermostDB" "${mattermostDBName}" +createMysqlUser "nextcloudDB" "${nextcloudDBName}" +createMysqlUser "roundcubeDB" "${roundcubeDBName}" +createMysqlUser "sympaDB" "${sympaDBName}" +createMysqlUser "vigiloDB" "${vigiloDBName}" +createMysqlUser "wpDB" "${wordpressDBName}" +createMysqlUser "vaultwardenDB" "${vaultwardenDBName}" +createMysqlUser "castopodDB" "${castopodDBName}" +createMysqlUser "spipDB" "${spipDBName}" +createMysqlUser "mastodonDB" "${mastodonDBName}" + + +framadateUpdate +jirafeauUpdate +exit 0 diff --git a/bin/createEmptyPasswd.sh b/bin/createEmptyPasswd.sh deleted file mode 100755 index cb8e694..0000000 --- a/bin/createEmptyPasswd.sh +++ /dev/null @@ -1,104 +0,0 @@ -#!/bin/bash - -cd $(dirname $0)/.. - -mkdir -p emptySecret -rsync -aHAX --info=progress2 --delete secret/ emptySecret/ - -cd emptySecret/ - -. ../config/dockers.env -. ./SetAllPass.sh - -# pour mise au point -# SIMU=echo - -cleanEnvDB(){ - # $1 = prefix - # $2 = envName - # $3 = containerName of DB - rootPass="--root_password--" - dbName="--database_name--" - userName="--user_name--" - userPass="--user_password--" - - ${SIMU} sed -i \ - -e "s/MYSQL_ROOT_PASSWORD=.*/MYSQL_ROOT_PASSWORD=${rootPass}/g" \ - -e "s/MYSQL_DATABASE=.*/MYSQL_DATABASE=${dbName}/g" \ - -e "s/MYSQL_USER=.*/MYSQL_USER=${userName}/g" \ - -e "s/MYSQL_PASSWORD=.*/MYSQL_PASSWORD=${userPass}/g" \ - "$2" -} - -cleanEnv(){ - # $1 = prefix - # $2 = envName - for varName in $(grep "^[a-zA-Z_]*=" $2 | sed "s/^\([^=]*\)=.*/\1/g") - do - srcName="$1_${varName}" - srcVal="--clean_val--" - ${SIMU} sed -i \ - -e "s~^[ ]*${varName}=.*$~${varName}=${srcVal}~" \ - "$2" - done -} - -cleanPasswd(){ - ${SIMU} sed -i \ - -e 's/^\([# ]*[^#= ]*\)=".[^{][^"]*"/\1="--clean_val--"/g' \ - ./SetAllPass.sh -} - -#################### -# main - -# read -r -p "Do you want to remove all password? [Y/n] " input - -# case $input in -# [yY][eE][sS]|[yY]) -# echo "Remove all password" -# ;; -# [nN][oO]|[nN]) -# echo "Abort" -# ;; -# *) -# echo "Invalid input..." -# exit 1 -# ;; -# esac - -cleanPasswd - -cleanEnvDB "etherpad" "./env-${etherpadDBName}" "${etherpadDBName}" -cleanEnvDB "framadate" "./env-${framadateDBName}" "${framadateDBName}" -cleanEnvDB "git" "./env-${gitDBName}" "${gitDBName}" -cleanEnvDB "mattermost" "./env-${mattermostDBName}" "${mattermostDBName}" -cleanEnvDB "nextcloud" "./env-${nextcloudDBName}" "${nextcloudDBName}" -cleanEnvDB "roundcube" "./env-${roundcubeDBName}" "${roundcubeDBName}" -cleanEnvDB "sso" "./env-${ssoDBName}" "${ssoDBName}" -cleanEnvDB "sympa" "./env-${sympaDBName}" "${sympaDBName}" -cleanEnvDB "vigilo" "./env-${vigiloDBName}" "${vigiloDBName}" -cleanEnvDB "wp" "./env-${wordpressDBName}" "${wordpressDBName}" - -cleanEnv "etherpad" "./env-${etherpadServName}" -cleanEnv "gandi" "./env-gandi" -cleanEnv "jirafeau" "./env-${jirafeauServName}" -cleanEnv "mattermost" "./env-${mattermostServName}" -cleanEnv "nextcloud" "./env-${nextcloudServName}" -cleanEnv "office" "./env-${officeServName}" -cleanEnv "roundcube" "./env-${roundcubeServName}" -cleanEnv "sso" "./env-${ssoServName}" -cleanEnv "vigilo" "./env-${vigiloServName}" -cleanEnv "wp" "./env-${wordpressServName}" - -cat > allow_admin_ip <${IDENT_KAZ}" "${TEMP_USER_NC}"; then echo "${IDENT_KAZ} existe déjà sur ${URL_NC}" | tee -a "${LOG}" else # on créé l'utilisateur sur NC sauf si c'est le NC général, on ne créé jamais l'utilisateur7 if [ ${URL_NC} != "${cloudHost}.${domain}" ]; then - - echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users \ + . $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudServ + echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users \ -d userid='${IDENT_KAZ}' \ -d displayName='${PRENOM} ${NOM}' \ -d password='${PASSWORD}' \ @@ -445,19 +449,22 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$ # s'il est admin de son orga, on le met admin if [ "${service[ADMIN_ORGA]}" == "O" -a "${ORGA}" != "" -a "${service[NC_ORGA]}" == "O" ]; then - echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://${nextcloud_NEXTCLOUD_ADMIN_USER}:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users/${IDENT_KAZ}/groups -d groupid='admin'" | tee -a "${CMD_INIT}" + . $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudServ + echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users/${IDENT_KAZ}/groups -d groupid='admin'" | tee -a "${CMD_INIT}" fi # faut-il mettre le user NC dans un groupe particulier sur le NC de base ? if [ "${GROUPE_NC_BASE}" != "" -a "${service[NC_BASE]}" == "O" ]; then + # ici on travaille à nouveau sur le NC commun, donc on rechoppe les bons mdp + . $KAZ_KEY_DIR/env-nextcloudServ # le groupe existe t-il déjà ? - curl -o "${TEMP_GROUP_NC}" -X GET -H 'OCS-APIRequest:true' "${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/groups?search=${GROUPE_NC_BASE}" + curl -o "${TEMP_GROUP_NC}" -X GET -H 'OCS-APIRequest:true' "${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/groups?search=${GROUPE_NC_BASE}" nb=$(grep "${GROUPE_NC_BASE}" "${TEMP_GROUP_NC}" | wc -l) if [ "${nb}" == "0" ];then - echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/groups -d groupid=${GROUPE_NC_BASE}" | tee -a "${CMD_INIT}" + echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/groups -d groupid=${GROUPE_NC_BASE}" | tee -a "${CMD_INIT}" fi # puis attacher le user au groupe - echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users/${IDENT_KAZ}/groups -d groupid=${GROUPE_NC_BASE}" | tee -a "${CMD_INIT}" + echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users/${IDENT_KAZ}/groups -d groupid=${GROUPE_NC_BASE}" | tee -a "${CMD_INIT}" fi fi @@ -483,7 +490,8 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$ # TODO : vérif existance user # # le user existe t-il déjà sur le wp ? - # curl -o "${TEMP_USER_WP}" -X GET "${httpProto}://${wp_WORDPRESS_ADMIN_USER}:${wp_WORDPRESS_ADMIN_PASSWORD}@${URL_WP_ORGA}/ocs/v1.php/cloud/users?search=${IDENT_KAZ}" + # . $KAZ_BIN_DIR/getPasswords.sh wpServ + # curl -o "${TEMP_USER_WP}" -X GET "${httpProto}://${wpServ_WORDPRESS_ADMIN_USER}:${wpServ_WORDPRESS_ADMIN_PASSWORD}@${URL_WP_ORGA}/ocs/v1.php/cloud/users?search=${IDENT_KAZ}" # nb_user_wp_orga=$(grep "${IDENT_KAZ}" "${TEMP_USER_WP}" | wc -l) # if [ "${nb_user_wp_orga}" != "0" ];then # ( @@ -501,7 +509,7 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$ # ) | tee -a "${LOG}" # # # on supprime l'utilisateur sur NC. - # echo "curl -X DELETE -H 'OCS-APIRequest:true' ${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users \ + # echo "curl -X DELETE -H 'OCS-APIRequest:true' ${httpProto}://admin:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users \ # -d userid='${IDENT_KAZ}' \ # " | tee -a "${CMD_INIT}" # fi @@ -619,13 +627,13 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$ # docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=https://listes.kaz.sns/sympasoap --trusted_application=SOAP_USER --trusted_application_password=SOAP_PASSWORD --proxy_vars="USER_EMAIL=contact1@kaz.sns" --service=which if [[ "${mode}" = "dev" ]]; then echo "# DEV, on teste l'inscription à sympa"| tee -a "${CMD_SYMPA}" - LISTMASTER=$(echo ${sympa_LISTMASTERS} | cut -d',' -f1) - echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\"" | tee -a "${CMD_SYMPA}" + LISTMASTER=$(echo ${sympaServ_LISTMASTERS} | cut -d',' -f1) + echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\"" | tee -a "${CMD_SYMPA}" else echo "# PROD, on inscrit à sympa"| tee -a "${CMD_SYMPA}" - LISTMASTER=$(echo ${sympa_LISTMASTERS} | cut -d',' -f1) - echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\"" | tee -a "${CMD_SYMPA}" - echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SECOURS}\"" | tee -a "${CMD_SYMPA}" + LISTMASTER=$(echo ${sympaServ_LISTMASTERS} | cut -d',' -f1) + echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\"" | tee -a "${CMD_SYMPA}" + echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SECOURS}\"" | tee -a "${CMD_SYMPA}" fi if [ "${service[ADMIN_ORGA]}" == "O" ]; then diff --git a/bin/gestContainers.sh b/bin/gestContainers.sh index 6848e84..2599c86 100755 --- a/bin/gestContainers.sh +++ b/bin/gestContainers.sh @@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd) . $KAZ_ROOT/bin/.commonFunctions.sh setKazVars . $DOCKERS_ENV -. $KAZ_ROOT/secret/SetAllPass.sh . $KAZ_ROOT/secret/env-kaz PRG=$(basename $0) diff --git a/bin/gestContainers_v2.sh b/bin/gestContainers_v2.sh index 840ab8d..f542afc 100755 --- a/bin/gestContainers_v2.sh +++ b/bin/gestContainers_v2.sh @@ -7,7 +7,7 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd) . $KAZ_ROOT/bin/.commonFunctions.sh setKazVars . $DOCKERS_ENV -. $KAZ_ROOT/secret/SetAllPass.sh + PRG=$(basename $0) diff --git a/bin/gestUsers.sh b/bin/gestUsers.sh index ff8c9c0..7b348c9 100755 --- a/bin/gestUsers.sh +++ b/bin/gestUsers.sh @@ -8,7 +8,7 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd) setKazVars . $DOCKERS_ENV -. $KAZ_ROOT/secret/SetAllPass.sh +. $KAZ_BIN_DIR/getPasswords.sh ldapServ nextcloudServ sympaServ paheko VERSION="18-05-2025" PRG=$(basename $0) @@ -24,7 +24,7 @@ URL_PAHEKO="$httpProto://${paheko_API_USER}:${paheko_API_PASSWORD}@kaz-paheko.$( NL_LIST=infos@listes.kaz.bzh URL_AGORA_API=${URL_AGORA}/api/v4 EQUIPE=kaz -LISTMASTER=$(echo ${sympa_LISTMASTERS} | cut -d',' -f1) +LISTMASTER=$(echo ${sympaServ_LISTMASTERS} | cut -d',' -f1) #### Test du serveur sur lequel s' execute le script #### @@ -47,6 +47,8 @@ rm -rf /tmp/*.json ############################################ Fonctions ####################################################### ExpMail() { + + . $KAZ_KEY_DIR/env-mail MAIL_DEST=$1 MAIL_SUJET=$2 MAIL_TEXTE=$3 @@ -58,6 +60,7 @@ ExpMail() { } PostMattermost() { + . $KAZ_KEY_DIR/env-mattermostAdmin PostM=$1 CHANNEL=$2 TEAMID=$(curl -s -H "Authorization: Bearer ${mattermost_token}" "${URL_AGORA_API}/teams/name/${EQUIPE}" | jq .id | sed -e 's/"//g') @@ -91,8 +94,8 @@ searchEmail() { fi done ldapsearch -H ldap://${LDAP_IP} \ - -x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ - -w "${ldap_LDAP_ADMIN_PASSWORD}" \ + -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \ + -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \ -b "${ldap_root}" "(&(objectclass=${SEARCH_OBJECT_CLASS})(cn=*${RMAIL}*))" cn | grep ^cn | sed -e 's/^cn: //' >$TFILE_EMAILS COMPTEUR_LIGNE=0 while read LIGNE @@ -136,7 +139,8 @@ searchEmail() { searchMattermost() { #Ici $1 est une adresse email - docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings auth login $httpProto://$URL_AGORA --name local-server --username $mattermost_user --password $mattermost_pass >/dev/null 2>&1 + . $KAZ_KEY_DIR/env-mattermostAdmin + docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings auth login $httpProto://$URL_AGORA --name local-server --username $mattermost_user --password $mattermost_pass >/dev/null 2>&1 docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings config set ServiceSettings.EnableAPIUserDeletion "true" >/dev/null 2>&1 #on créé la list des mails dans mattermost docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings user list --all >${TFILE_MAILS_MATTERMOST} 2>/dev/null @@ -182,12 +186,12 @@ infoEmail() { printKazMsg " DETAILS DU COMPTE DANS NEXTCLOUD PRINCIPAL" echo -e "" #TEMP_USER_NC=$(mktemp /tmp/$RACINE.XXXXXXXXX.TEMP_USER_NC) - #curl -s -o $TEMP_USER_NC -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloud_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=$CHOIX_MAIL + #curl -s -o $TEMP_USER_NC -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=$CHOIX_MAIL #cat $TEMP_USER_NC | grep -i "element" | sed -e s/[\<\>\/]//g | sed -e s/element//g echo -ne "${NC}" echo -ne " - Nextcloud enable : " echo -ne "${GREEN}" - ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i nextcloudEnabled | cut -c 18-30 + ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i nextcloudEnabled | cut -c 18-30 echo -ne "${NC}" echo -e "${NC} ------------------------------------------------" printKazMsg " DETAILS DU COMPTE DANS LDAP ET PAHEKO" @@ -203,11 +207,11 @@ infoEmail() { echo -ne "${NC}" echo -n " - Quota Mail (Ldap) : " echo -ne "${GREEN}" - ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i mailquota | cut -c 11-60 + ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i mailquota | cut -c 11-60 echo -ne "${NC}" echo -n " - Quota Nextcloud (Ldap) : " echo -ne "${GREEN}" - ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i nextcloudquota | cut -c 17-60 + ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i nextcloudquota | cut -c 17-60 echo -ne "${NC}" echo -n " - Mail de secours (Paheko ): " echo -ne "${GREEN}" @@ -215,11 +219,11 @@ infoEmail() { echo -ne "${NC}" echo -n " - Mail de secours (Ldap): " echo -ne "${GREEN}" - ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i maildeSecours | sed -e 's/mailDeSecours://' + ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i maildeSecours | sed -e 's/mailDeSecours://' echo -ne "${NC}" echo -n " - Alias (Ldap) : " echo -ne "${GREEN}" - LDAP_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i alias | cut -c 11-60) + LDAP_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i alias | cut -c 11-60) echo -ne "${NC}" echo -ne "${GREEN}" for ldap_alias in ${LDAP_ALIAS} @@ -239,8 +243,8 @@ infoEmail() { echo "------------------------------------------------" echo " Alias : ${CHOIX_MAIL} " echo "" - for INFOALIAS in $(ldapsearch -H ldap://${LDAP_IP} -x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ - -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${CHOIX_MAIL}*))" mail \ + for INFOALIAS in $(ldapsearch -H ldap://${LDAP_IP} -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \ + -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${CHOIX_MAIL}*))" mail \ | grep ^mail: | sed -e 's/^mail://') do echo -ne "=====> ${GREEN} " @@ -307,12 +311,12 @@ searchDestroy() { fi echo -e "${NC}" echo -e "Recherche de ${GREEN} ${REP_SEARCH_DESTROY} ${NC} dans nextcloud" - USER_NEXTCLOUD_SUPPR=$(curl -s -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloud_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=${REP_SEARCH_DESTROY} | grep element | sed -s 's/[ \<\>\/]//g' | sed 's/element//g') + USER_NEXTCLOUD_SUPPR=$(curl -s -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=${REP_SEARCH_DESTROY} | grep element | sed -s 's/[ \<\>\/]//g' | sed 's/element//g') if [ ! -z ${USER_NEXTCLOUD_SUPPR} ] then printKazMsg "le user trouvé est : ${USER_NEXTCLOUD_SUPPR}" echo -e "${RED} Suppresion de ${USER_NEXTCLOUD_SUPPR}" - curl -H 'OCS-APIREQUEST: true' -X DELETE $httpProto://admin:$nextcloud_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users/${USER_NEXTCLOUD_SUPPR} >/dev/null 2>&1 + curl -H 'OCS-APIREQUEST: true' -X DELETE $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users/${USER_NEXTCLOUD_SUPPR} >/dev/null 2>&1 if [ "$?" -eq "0" ] then printKazMsg "Suppresion ok" @@ -327,7 +331,7 @@ searchDestroy() { echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans la liste info de sympa" echo -e "${NC}" echo "" - docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${REP_SEARCH_DESTROY}" + docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${REP_SEARCH_DESTROY}" echo -e "${NC}" echo "" echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans le serveur de mail" @@ -344,7 +348,7 @@ searchDestroy() { echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans le ldap" echo -e "${NC}" echo "" - ldapdelete -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" "cn=${REP_SEARCH_DESTROY},ou=users,${ldap_root}" + ldapdelete -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" "cn=${REP_SEARCH_DESTROY},ou=users,${ldap_root}" if [ "$?" -eq "0" ] then printKazMsg "Suppresion ok" @@ -377,8 +381,8 @@ gestPassword() { # MAIL_SECOURS=$(jq .results[].email_secours $FICMAILSECOURS | sed -e 's/\"//g') MAIL_SECOURS=$(ldapsearch -H ldap://${LDAP_IP} \ - -x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ - -w "${ldap_LDAP_ADMIN_PASSWORD}" \ + -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \ + -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \ -b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=*${CHOIX_MAIL}*))" | grep ^mailDeSecours | sed -e 's/^mailDeSecours: //') if [ "$MAIL_SECOURS" = "" ] then @@ -405,19 +409,19 @@ gestPassword() { fi if [ "$SEARCH_RESET_INPUT" = "o" ] || [ "$SEARCH_RESET_INPUT" = "O" ] then - USER_NEXTCLOUD_MODIF=$(curl -s -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloud_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=${COMPTE_A_MODIFIER} | grep element | sed -e 's/[ \<\>\/]//g' -e 's/element//g') + USER_NEXTCLOUD_MODIF=$(curl -s -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=${COMPTE_A_MODIFIER} | grep element | sed -e 's/[ \<\>\/]//g' -e 's/element//g') echo -e "$GREEN Compte à modifier = $RED ${COMPTE_A_MODIFIER} ${NC}" echo -e "$GREEN Mail de secours = $RED ${MAIL_SECOURS} ${NC}" echo -e "$GREEN Compte $RED $(searchMattermost $COMPTE_A_MODIFIER) ${NC}" echo -e "$GREEN Compte Nextcloud $RED ${USER_NEXTCLOUD_MODIF} ${NC}" echo -e "$GREEN Le mot de passe sera = $RED ${PASSWORD} ${NC}" docker exec -ti mattermostServ bin/mmctl user change-password $(searchMattermost $COMPTE_A_MODIFIER) -p $PASSWORD >/dev/null 2>&1 - curl -H 'OCS-APIREQUEST: true' -X PUT $httpProto://admin:$nextcloud_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users/${USER_NEXTCLOUD_MODIF} -d key=password -d value=${PASSWORD} >/dev/null 2>&1 + curl -H 'OCS-APIREQUEST: true' -X PUT $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users/${USER_NEXTCLOUD_MODIF} -d key=password -d value=${PASSWORD} >/dev/null 2>&1 pass=$(mkpasswd -m sha512crypt ${PASSWORD}) echo -e "\n\ndn: cn=${COMPTE_A_MODIFIER},ou=users,${ldap_root}\n\ changeType: modify\n\ replace: userPassword\n\ -userPassword: {CRYPT}${pass}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" +userPassword: {CRYPT}${pass}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" echo -e "Envoi d'un message dans mattermost pour la modification du mot de passe" docker exec -ti mattermostServ bin/mmctl post create kaz:Creation-Comptes --message "Le mot de passe du compte ${COMPTE_A_MODIFIER} a été modifié" >/dev/null 2>&1 if [ $ADRESSE_SEC == "OUI" ] @@ -465,8 +469,8 @@ createMail() { if [[ ${EMAIL_SOUHAITE} =~ ${regexMail} ]] then ldapsearch -H ldap://${LDAP_IP} \ - -x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ - -w "${ldap_LDAP_ADMIN_PASSWORD}" \ + -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \ + -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \ -b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=${EMAIL_SOUHAITE}))" cn | grep ^cn | sed -e 's/^cn: //' >$TFILE_EMAILS if grep -q "^${EMAIL_SOUHAITE}$" "${TFILE_EMAILS}" then @@ -564,7 +568,7 @@ nextcloudEnabled: ${TRUE_KAZ}\n\ nextcloudQuota: ${QUOTA} GB\n\ mobilizonEnabled: ${TRUE_KAZ}\n\ agoraEnabled: ${TRUE_KAZ}\n\ -userPassword: {CRYPT}${LDAPPASS}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldap_LDAP_ADMIN_PASSWORD}" >${TFILE_CREATE_MAIL} +userPassword: {CRYPT}${LDAPPASS}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}" >${TFILE_CREATE_MAIL} # on execute le fichier avec les données ldap pour créer l' entrée dans l' annuaire bash ${TFILE_CREATE_MAIL} >/dev/null # on colle le compte et le mot de passe dans le fichier @@ -610,12 +614,12 @@ createAlias() { if [[ ${AMAIL} =~ ${regexMail} ]] then RESU_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} \ - -x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ - -w "${ldap_LDAP_ADMIN_PASSWORD}" \ + -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \ + -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \ -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${AMAIL}*))" | grep ^cn | sed -e 's/^cn: //') RESU_ALIAS_IS_MAIL=$(ldapsearch -H ldap://${LDAP_IP} \ - -x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ - -w "${ldap_LDAP_ADMIN_PASSWORD}" \ + -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \ + -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \ -b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=*${AMAIL}*))" cn | grep ^cn | sed -e 's/^cn: //') if echo ${RESU_ALIAS} | grep -q "^${AMAIL}$" || echo ${RESU_ALIAS_IS_MAIL} | grep -q "^${AMAIL}$" @@ -690,7 +694,7 @@ changeType: add\n\ objectClass: organizationalRole\n\ objectClass: PostfixBookMailForward\n\ mailAlias: ${AMAIL}\n\ -${LDAPALAISMAIL}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldap_LDAP_ADMIN_PASSWORD} +${LDAPALAISMAIL}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD} fait=1 printKazMsg "Création de ${AMAIL}" sleep 3 @@ -722,8 +726,8 @@ delAlias() { if [[ ${RALIAS} =~ ${regexMail} ]] then RESU_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} \ - -x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ - -w "${ldap_LDAP_ADMIN_PASSWORD}" \ + -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \ + -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \ -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=${RALIAS}))" cn | grep ^cn | sed -e 's/^cn: //') if [ ! -z ${RESU_ALIAS} ] then @@ -733,7 +737,7 @@ delAlias() { read -p "suppression de ${RESU_ALIAS} ? (o/n): " REPDELALIAS case "${REPDELALIAS}" in o | O ) - ldapdelete -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" "cn=${RESU_ALIAS},ou=mailForwardings,${ldap_root}" + ldapdelete -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" "cn=${RESU_ALIAS},ou=mailForwardings,${ldap_root}" printKazMsg "suppression ${RESU_ALIAS} effectuée" sleep 2 faitdel=1 @@ -769,8 +773,8 @@ modifyAlias() ACHANGE=0 searchEmail alias LISTE_MAIL_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} \ - -x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ - -w "${ldap_LDAP_ADMIN_PASSWORD}" \ + -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \ + -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \ -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${CHOIX_MAIL}*))" \ | grep -i ^mail: | sed -e 's/^mail: /_/' | tr -d [:space:] | sed -s 's/_/ /g') echo "-------------------------------------------------------------------" @@ -845,8 +849,8 @@ modifyAlias() echo "mail: ${key}" >>${FIC_MODIF_LDIF} done echo "-" >>${FIC_MODIF_LDIF} - ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ - -x -w ${ldap_LDAP_ADMIN_PASSWORD} \ + ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \ + -x -w ${ldapServ_LDAP_ADMIN_PASSWORD} \ -f ${FIC_MODIF_LDIF} >/dev/null else printKazMsg "Pas de changement" @@ -872,8 +876,8 @@ updateUser() { for attribut in mailDeSecours mailAlias mailQuota nextcloudQuota do ATTRIB+=([${attribut}]=$(ldapsearch -H ldap://${LDAP_IP} \ - -x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ - -w "${ldap_LDAP_ADMIN_PASSWORD}" \ + -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \ + -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \ -b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=*${CHOIX_MAIL}*))" \ | grep ^"${attribut}": | sed -e 's/^'${attribut}': //' | tr -s '[:space:]' ' ' )) # si l' attribut est mailDesecours on l' attrape et on on le stocke pour pouvoir l' enlever de sympa @@ -1056,15 +1060,15 @@ updateUser() { done cat ${FIC_MODIF_LDIF} sleep 3 - ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ - -x -w ${ldap_LDAP_ADMIN_PASSWORD} \ + ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \ + -x -w ${ldapServ_LDAP_ADMIN_PASSWORD} \ -f ${FIC_MODIF_LDIF} if [ ! -z ${MAILDESECOURS} ] then # suppression du mail de secours de la liste infos - docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${MAILDESECOURSACTUEL}" + docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${MAILDESECOURSACTUEL}" # ajout de l' adresse de la nouvelle adresse de secours - docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=add --service_parameters="${NL_LIST},${MAILDESECOURS}" + docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=add --service_parameters="${NL_LIST},${MAILDESECOURS}" fi updateUser fi diff --git a/bin/getPasswords.sh b/bin/getPasswords.sh new file mode 100644 index 0000000..b0902c2 --- /dev/null +++ b/bin/getPasswords.sh @@ -0,0 +1,63 @@ +#!/bin/bash +KAZ_ROOT=$(cd "$(dirname $0)/.."; pwd) +. "${KAZ_ROOT}/bin/.commonFunctions.sh" +PRG=$(basename $0) + +usage() { +echo "${PRG} [OPTIONS] [envname ...] +Récupère les variables d'environnement présentes dans /kaz/secret/env-envname et crée des variables à partir de ces noms là. +Les variables sont du type envname_NOMVARIABLE=valeur +On peut passer plusieurs fichiers env, à partir du moment ou ils sont tous dans le même répertoire ! +OPTIONS + -h|--help Cette aide :-) + -n|--simu SIMULATION + -d foldername prend les envfiles dans un sous dossier /kaz/secret/foldername/ (pour les orgas !) + Les variables seront du type foldername-envname_NOMVARIABLE=valeur +" +} + + +for ARG in "$@"; do + if [ -n "${DIRECTORYARG}" ]; then # après un -d + SUBDIRECTORY="${ARG}" + DIRECTORYARG= + else + + case "${ARG}" in + '-d' | '--directory' | '-f' | '--folder' | '--foldername') + DIRECTORYARG="ON ATTEND UN REPERTOIRE APRES CA" ;; + '-h' | '--help' ) + usage && exit ;; + '-n' | '--simu') + SIMU="echo" ;; + *) + ENVFILES="${ENVFILES} ${ARG%}";; + esac + fi +done + +NB_FILES=$(echo "${ENVFILES}" | wc -w ) + +if [[ $NB_FILES = 0 ]]; then + usage + exit 1 +fi + +for ENVFILE in $ENVFILES; do + FILENAME="$KAZ_KEY_DIR/env-$ENVFILE" + VARNAME="$ENVFILE"_ + if [ -n "${SUBDIRECTORY}" ]; then + FILENAME="$KAZ_KEY_DIR/orgas/$SUBDIRECTORY/env-$ENVFILE" + VARNAME="${SUBDIRECTORY}-${ENVFILE}_" + fi + + if ! [ -f "$FILENAME" ]; then + echo "$FILENAME does not exist." + continue + fi + + + # formule magique qui crée des variables envname_NOMVARIABLE=la valeur trouvé (le sed vire les commentaires et les lignes vides) + # on pourrait se contenter d'un "source env-file", mais avec un prefix dans les variables pour savoir ce qu'on manipule c'est bien aussi ... + $SIMU export $(sed -e 's/#.*//' -e '/^\s*$/d' "$FILENAME" | awk -F= -v ENV="$VARNAME" '{output=output" "ENV$1"="$2} END {print output}') +done diff --git a/bin/init.sh b/bin/init.sh index e0e395e..f993485 100755 --- a/bin/init.sh +++ b/bin/init.sh @@ -214,7 +214,6 @@ fi if [ ! -d "${KAZ_ROOT}/secret" ]; then rsync -a "${KAZ_ROOT}/secret.tmpl/" "${KAZ_ROOT}/secret/" - . "${KAZ_ROOT}/secret/SetAllPass.sh" "${KAZ_BIN_DIR}/secretGen.sh" - "${KAZ_BIN_DIR}/updateDockerPassword.sh" + "${KAZ_BIN_DIR}/createDBUsers.sh" fi diff --git a/bin/interoPaheko.sh b/bin/interoPaheko.sh index 2e33dca..ba50fc4 100755 --- a/bin/interoPaheko.sh +++ b/bin/interoPaheko.sh @@ -6,7 +6,8 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd) setKazVars . $DOCKERS_ENV -. $KAZ_ROOT/secret/SetAllPass.sh + +. $KAZ_BIN_DIR/getPasswords.sh paheko URL_PAHEKO="$httpProto://${paheko_API_USER}:${paheko_API_PASSWORD}@kaz-paheko.$(echo $domain)" diff --git a/bin/ldap/ldapvi.sh b/bin/ldap/ldapvi.sh index d557b0b..10b05b5 100755 --- a/bin/ldap/ldapvi.sh +++ b/bin/ldap/ldapvi.sh @@ -5,7 +5,7 @@ KAZ_ROOT=/kaz setKazVars . $DOCKERS_ENV -. $KAZ_ROOT/secret/SetAllPass.sh +. $KAZ_BIN_DIR/getPasswords.sh ldapServ LDAP_IP=$(docker inspect -f '{{.NetworkSettings.Networks.ldapNet.IPAddress}}' ldapServ) @@ -20,4 +20,4 @@ EDITOR=${EDITOR:-vi} EDITOR=${EDITOR:-vi} export EDITOR=${EDITOR} -ldapvi -h $LDAP_IP -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -w ${ldap_LDAP_ADMIN_PASSWORD} --discover +ldapvi -h $LDAP_IP -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -w ${ldapServ_LDAP_ADMIN_PASSWORD} --discover diff --git a/bin/ldap/migrate_to_ldap.sh b/bin/ldap/migrate_to_ldap.sh index ff339e7..55807e5 100755 --- a/bin/ldap/migrate_to_ldap.sh +++ b/bin/ldap/migrate_to_ldap.sh @@ -8,7 +8,7 @@ KAZ_ROOT=/kaz setKazVars . $DOCKERS_ENV -. $KAZ_ROOT/secret/SetAllPass.sh +. $KAZ_BIN_DIR/getPasswords.sh ldapServ paheko ACCOUNTS=/kaz/dockers/postfix/config/postfix-accounts.cf @@ -126,7 +126,7 @@ replace: agoraEnabled\n\ agoraEnabled: TRUE\n\ -\n\ replace: mobilizonEnabled\n\ -mobilizonEnabled: TRUE\n\n" | tee /tmp/ldap/${mail}.ldif | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldap_LDAP_ADMIN_PASSWORD} +mobilizonEnabled: TRUE\n\n" | tee /tmp/ldap/${mail}.ldif | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD} done #replace: nextcloudEnabled\n\ @@ -164,7 +164,7 @@ do echo -e "dn: cn=${mail},ou=users,${ldap_root}\n\ changeType: modify replace: mailAlias\n\ -$LIST\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldap_LDAP_ADMIN_PASSWORD} +$LIST\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD} else echo "Alias vers un mail externe, go fichier" echo $line >> ${ALIASES_WITHLDAP} @@ -185,7 +185,7 @@ replace: mailAlias\n\ mailAlias: ${src}\n\ -\n\ replace: mail\n\ -mail: ${dst}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldap_LDAP_ADMIN_PASSWORD} +mail: ${dst}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD} fi else echo "Forward vers plusieurs adresses, on met dans le fichier" @@ -215,7 +215,7 @@ replace: mailAlias\n\ mailAlias: ${src}\n\ -\n\ replace: mail\n\ -${LIST}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldap_LDAP_ADMIN_PASSWORD} +${LIST}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD} fi done diff --git a/bin/ldap/tests/nc_orphans.sh b/bin/ldap/tests/nc_orphans.sh index c4e97d6..3881502 100755 --- a/bin/ldap/tests/nc_orphans.sh +++ b/bin/ldap/tests/nc_orphans.sh @@ -6,15 +6,16 @@ setKazVars . $DOCKERS_ENV . $KAZ_ROOT/secret/SetAllPass.sh +. $KAZ_BIN_DIR/getPasswords.sh ldapServ nextcloudDB LDAP_IP=$(docker inspect -f '{{.NetworkSettings.Networks.ldapNet.IPAddress}}' ldapServ) -docker exec -i nextcloudDB mysql --user=${nextcloud_MYSQL_USER} --password=${nextcloud_MYSQL_PASSWORD} ${nextcloud_MYSQL_DATABASE} <<< "select uid from oc_users;" > /tmp/nc_users.txt +docker exec -i nextcloudDB mysql --user=${nextcloudDB_MYSQL_USER} --password=${nextcloudDB_MYSQL_PASSWORD} ${nextcloudDB_MYSQL_DATABASE} <<< "select uid from oc_users;" > /tmp/nc_users.txt OLDIFS=${IFS} IFS=$'\n' for line in `cat /tmp/nc_users.txt`; do - result=$(ldapsearch -h $LDAP_IP -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -w ${ldap_LDAP_ADMIN_PASSWORD} -b $ldap_root -x "(identifiantKaz=${line})" | grep numEntries) + result=$(ldapsearch -h $LDAP_IP -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -w ${ldapServ_LDAP_ADMIN_PASSWORD} -b $ldap_root -x "(identifiantKaz=${line})" | grep numEntries) echo "${line} ${result}" | grep -v "numEntries: 1" | grep -v "^uid" done IFS=${OLDIFS} diff --git a/bin/manageAgora.sh b/bin/manageAgora.sh index 5505802..3e4c5ec 100755 --- a/bin/manageAgora.sh +++ b/bin/manageAgora.sh @@ -83,7 +83,8 @@ Init(){ [ $? -ne 0 ] && printKazError "$DockerServName ne parvient pas à démarrer correctement : impossible de terminer l'install" && return 1 >& $QUIET # creation compte admin - ${SIMU} curl -i -d "{\"email\":\"${mattermost_MM_ADMIN_EMAIL}\",\"username\":\"${mattermost_user}\",\"password\":\"${mattermost_pass}\",\"allow_marketing\":true}" "${MATTER_URL}/api/v4/users" + _getPasswords + ${SIMU} curl -i -d "{\"email\":\"${mattermostServ_MM_ADMIN_EMAIL}\",\"username\":\"${mattermost_user}\",\"password\":\"${mattermost_pass}\",\"allow_marketing\":true}" "${MATTER_URL}/api/v4/users" MM_TOKEN=$(_getMMToken ${MATTER_URL}) @@ -98,12 +99,13 @@ Version(){ _getMMToken(){ #$1 MATTER_URL + _getPasswords ${SIMU} curl -i -s -d "{\"login_id\":\"${mattermost_user}\",\"password\":\"${mattermost_pass}\"}" "${1}/api/v4/users/login" | grep 'token' | sed 's/token:\s*\(.*\)\s*/\1/' | tr -d '\r' } PostMessage(){ printKazMsg "Envoi à $TEAM : $MESSAGE" >& $QUIET - + _getPasswords ${SIMU} docker exec -ti "${DockerServName}" bin/mmctl auth login "${MATTER_URL}" --name local-server --username ${mattermost_user} --password ${mattermost_pass} ${SIMU} docker exec -ti "${DockerServName}" bin/mmctl post create "${TEAM}" --message "${MESSAGE}" } @@ -113,6 +115,16 @@ MmctlCommand(){ ${SIMU} docker exec -u 33 "$DockerServName" bin/mmctl $1 } +_getPasswords(){ + # récupération des infos du compte admin + if [ -n "$AGORACOMMUN" ] ; then + . $KAZ_KEY_DIR/env-mattermostAdmin + . $KAZ_BIN_DIR/getPasswords.sh mattermostServ + else + . $KAZ_KEY_DIR/orgas/${ORGA}/env-mattermostAdmin + . $KAZ_BIN_DIR/getPasswords.sh -d ${ORGA} mattermostServ + fi +} ########## Main ################# for ARG in "$@"; do diff --git a/bin/manageCastopod.sh b/bin/manageCastopod.sh index a7e0f58..5464d2a 100755 --- a/bin/manageCastopod.sh +++ b/bin/manageCastopod.sh @@ -63,11 +63,12 @@ Init(){ cookies=$(curl -c - ${POD_URL}) CSRF_TOKEN=$(curl --cookie <(echo "$cookies") ${POD_URL}/cp-install | grep "csrf_test_name" | sed "s/.*value=.//" | sed "s/.>//") + _getPasswords #echo ${CSRF_TOKEN} ${SIMU} curl --cookie <(echo "$cookies") -X POST \ - -d "username=${castopod_ADMIN_USER}" \ - -d "password=${castopod_ADMIN_PASSWORD}" \ - -d "email=${castopod_ADMIN_MAIL}" \ + -d "username=${ADMIN_USER}" \ + -d "password=${ADMIN_PASSWORD}" \ + -d "email=${ADMIN_MAIL}" \ -d "csrf_test_name=${CSRF_TOKEN}" \ "${POD_URL}/cp-install/create-superadmin" @@ -78,7 +79,13 @@ Version(){ echo "Version $DockerServName : ${GREEN}${VERSION}${NC}" } - +_getPasswords(){ + if [ -n "$CASTOPOD_COMMUN" ]; then + . $KAZ_KEY_DIR/env-castopodAdmin + else + . $KAZ_KEY_DIR/orgas/$ORGA/env-castopodAdmin + fi +} ########## Main ################# for ARG in "$@"; do diff --git a/bin/manageCloud.sh b/bin/manageCloud.sh index 6c7e861..32bbd40 100755 --- a/bin/manageCloud.sh +++ b/bin/manageCloud.sh @@ -32,7 +32,7 @@ OPTIONS -n|--simu SIMULATION -q|--quiet On ne parle pas (utile avec le -n pour avoir que les commandes) --nas L'orga se trouve sur le NAS ! - + COMMANDES (on peut en mettre plusieurs dans l'ordre souhaité) -I|--install L'initialisation du cloud -v|--version Donne la version du cloud et signale les MàJ @@ -75,7 +75,7 @@ Init(){ CONF_FILE="${NAS_VOL}/orga_${ORGA}-cloudConfig/_data/config.php" fi - firstInstall "$CLOUD_URL" "$CONF_FILE" " NextCloud de $NOM" + firstInstall "$CLOUD_URL" "$CONF_FILE" "$NOM" updatePhpConf "$CONF_FILE" InstallApplis echo "${CYAN} *** Paramétrage richdocuments pour $ORGA${NC}" >& $QUIET @@ -100,25 +100,38 @@ firstInstall(){ # $2 phpConfFile # $3 orga if ! grep -q "'installed' => true," "$2" 2> /dev/null; then - printKazMsg "\n *** Premier lancement de $3" >& $QUIET + + printKazMsg "\n *** Premier lancement nextcloud $3" >& $QUIET + _getPasswords ${SIMU} waitUrl "$1" ${SIMU} curl -X POST \ -d "install=true" \ - -d "adminlogin=${nextcloud_NEXTCLOUD_ADMIN_USER}" \ - -d "adminpass=${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}" \ + -d "adminlogin=${NEXTCLOUD_ADMIN_USER}" \ + -d "adminpass=${NEXTCLOUD_ADMIN_PASSWORD}" \ -d "directory=/var/www/html/data" \ -d "dbtype=mysql" \ - -d "dbuser=${nextcloud_MYSQL_USER}" \ - -d "dbpass=${nextcloud_MYSQL_PASSWORD}" \ - -d "dbname=${nextcloud_MYSQL_DATABASE}" \ - -d "dbhost=${nextcloud_MYSQL_HOST}" \ + -d "dbuser=${MYSQL_USER}" \ + -d "dbpass=${MYSQL_PASSWORD}" \ + -d "dbname=${MYSQL_DATABASE}" \ + -d "dbhost=${MYSQL_HOST}" \ -d "install-recommended-apps=true" \ "$1" fi } +_getPasswords(){ + if [ -n "$CLOUDCOMMUN" ]; then + . $KAZ_KEY_DIR/env-nextcloudServ + . $KAZ_KEY_DIR/env-nextcloudDB + else + . $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudServ + . $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudDB + fi +} + + setOfficeUrl(){ # Did le 25 mars les offices sont tous normalisé sur les serveurs https://${site}-${officeHost}.${domain} #OFFICE_URL="https://${officeHost}.${domain}" @@ -131,13 +144,14 @@ setOfficeUrl(){ } initLdap(){ + . $KAZ_BIN_DIR/getPasswords.sh ldapServ # $1 Nom du cloud echo "${CYAN} *** Installation LDAP pour $1${NC}" >& $QUIET occCommand "app:enable user_ldap" "${DockerServName}" occCommand "ldap:delete-config s01" "${DockerServName}" occCommand "ldap:create-empty-config" "${DockerServName}" occCommand "ldap:set-config s01 ldapAgentName cn=cloud,ou=applications,${ldap_root}" "${DockerServName}" - occCommand "ldap:set-config s01 ldapAgentPassword ${ldap_LDAP_CLOUD_PASSWORD}" "${DockerServName}" + occCommand "ldap:set-config s01 ldapAgentPassword ${ldapServ_LDAP_CLOUD_PASSWORD}" "${DockerServName}" occCommand "ldap:set-config s01 ldapBase ${ldap_root}" "${DockerServName}" occCommand "ldap:set-config s01 ldapBaseGroups ${ldap_root}" "${DockerServName}" occCommand "ldap:set-config s01 ldapBaseUsers ou=users,${ldap_root}" "${DockerServName}" diff --git a/bin/manageWiki.sh b/bin/manageWiki.sh index f17ca81..69c0bf6 100755 --- a/bin/manageWiki.sh +++ b/bin/manageWiki.sh @@ -55,15 +55,7 @@ Init(){ PLG_DIR="${VOL_PREFIX}wikiPlugins/_data" CONF_DIR="${VOL_PREFIX}wikiConf/_data" - # Gael, j'avais ajouté ça mais j'ai pas test alors je laisse comme avant ... - # A charge au prochain qui monte un wiki de faire qque chose - #WIKI_ROOT="${dokuwiki_WIKI_ROOT}" - #WIKI_EMAIL="${dokuwiki_WIKI_EMAIL}" - #WIKI_PASS="${dokuwiki_WIKI_PASSWORD}" - - WIKI_ROOT=Kaz - WIKI_EMAIL=wiki@kaz.local - WIKI_PASS=azerty + . $KAZ_BIN_DIR/getPasswords.sh dokuwiki ${SIMU} checkDockerRunning "${DockerServName}" "${NOM}" || exit @@ -77,11 +69,11 @@ Init(){ -d "l=fr" \ -d "d[title]=${NOM}" \ -d "d[acl]=true" \ - -d "d[superuser]=${WIKI_ROOT}" \ + -d "d[superuser]=${dokuwiki_WIKI_ROOT}" \ -d "d[fullname]=Admin"\ - -d "d[email]=${WIKI_EMAIL}" \ - -d "d[password]=${WIKI_PASS}" \ - -d "d[confirm]=${WIKI_PASS}" \ + -d "d[email]=${dokuwiki_WIKI_EMAIL}" \ + -d "d[password]=${dokuwiki_WIKI_PASSWORD}" \ + -d "d[confirm]=${dokuwiki_WIKI_PASSWORD}" \ -d "d[policy]=1" \ -d "d[allowreg]=false" \ -d "d[license]=0" \ diff --git a/bin/manageWp.sh b/bin/manageWp.sh index ba016f7..155466b 100755 --- a/bin/manageWp.sh +++ b/bin/manageWp.sh @@ -61,11 +61,11 @@ Init(){ echo "\n *** Premier lancement de WP" >& $QUIET ${SIMU} waitUrl "${WP_URL}" - + . $KAZ_BIN_DIR/getPasswords.sh wpServ ${SIMU} curl -X POST \ - -d "user_name=${wp_WORDPRESS_ADMIN_USER}" \ - -d "admin_password=${wp_WORDPRESS_ADMIN_PASSWORD}" \ - -d "admin_password2=${wp_WORDPRESS_ADMIN_PASSWORD}" \ + -d "user_name=${wpServ_WORDPRESS_ADMIN_USER}" \ + -d "admin_password=${wpServ_WORDPRESS_ADMIN_PASSWORD}" \ + -d "admin_password2=${wpServ_WORDPRESS_ADMIN_PASSWORD}" \ -d "pw_weak=true" \ -d "admin_email=admin@kaz.bzh" \ -d "blog_public=0" \ diff --git a/bin/migration.sh b/bin/migration.sh index 8e48f76..3b90d22 100755 --- a/bin/migration.sh +++ b/bin/migration.sh @@ -20,8 +20,7 @@ ${SIMU} "${CV1}" stop orga ${SIMU} "${CV1}" stop ${SIMU} rsync "${EV1}/dockers.env" "${EV2}/" -${SIMU} rsync "${SV1}/SetAllPass.sh" "${SV2}/" -${SIMU} "${BV2}/updateDockerPassword.sh" +${SIMU} rsync "${SV1}/" "${SV2}/" # XXX ? rsync /kaz/secret/allow_admin_ip /kaz-git/secret/allow_admin_ip diff --git a/bin/nextcloud_maintenance.sh b/bin/nextcloud_maintenance.sh index 0823fbb..6c940b4 100755 --- a/bin/nextcloud_maintenance.sh +++ b/bin/nextcloud_maintenance.sh @@ -10,6 +10,7 @@ URL_AGORA=https://$matterHost.$domain/api/v4 EQUIPE=kaz PostMattermost() { + . $KAZ_KEY_DIR/env-mattermostAdmin PostM=$1 CHANNEL=$2 TEAMID=$(curl -s -H "Authorization: Bearer ${mattermost_token}" "${URL_AGORA}/teams/name/${EQUIPE}" | jq .id | sed -e 's/"//g') diff --git a/bin/postfix-superviz.sh b/bin/postfix-superviz.sh index 1ce6191..4b7b952 100755 --- a/bin/postfix-superviz.sh +++ b/bin/postfix-superviz.sh @@ -15,6 +15,8 @@ OLDIFS=$IFS IFS=" " COUNT_MAILQ=$(docker exec -t mailServ mailq | tail -n1 | gawk '{print $5}') +# récupération mots de passes +. $KAZ_KEY_DIR/env-mattermostAdmin docker exec ${mattermostServName} bin/mmctl --suppress-warnings auth login $httpProto://$URL_AGORA --name local-server --username $mattermost_user --password $mattermost_pass >/dev/null 2>&1 if [ "${COUNT_MAILQ}" -gt "${MAX_QUEUE}" ]; then diff --git a/bin/scriptBorg.sh b/bin/scriptBorg.sh index 7549f0e..ccb1895 100755 --- a/bin/scriptBorg.sh +++ b/bin/scriptBorg.sh @@ -17,7 +17,7 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd) . $KAZ_ROOT/bin/.commonFunctions.sh setKazVars . $DOCKERS_ENV -. $KAZ_ROOT/secret/SetAllPass.sh +. $KAZ_BIN_DIR/getPasswords.sh borg VERSION="V-10-03-2025" PRG=$(basename $0) diff --git a/bin/updateDockerPassword.sh b/bin/updateDockerPassword.sh deleted file mode 100755 index 8818f06..0000000 --- a/bin/updateDockerPassword.sh +++ /dev/null @@ -1,127 +0,0 @@ -#!/bin/bash - -KAZ_ROOT=$(cd $(dirname $0)/..; pwd) -. "${KAZ_ROOT}/bin/.commonFunctions.sh" -setKazVars - -# pour mise au point -# SIMU=echo - -# Améliorations à prévoir -# - donner en paramètre les services concernés (pour limité les modifications) -# - pour les DB si on déclare un nouveau login, alors les privilèges sont créé mais les anciens pas révoqués - -. "${DOCKERS_ENV}" -. "${KAZ_KEY_DIR}/SetAllPass.sh" - -updateEnvDB(){ - # $1 = prefix - # $2 = envName - # $3 = containerName of DB - rootPass="$1_MYSQL_ROOT_PASSWORD" - dbName="$1_MYSQL_DATABASE" - userName="$1_MYSQL_USER" - userPass="$1_MYSQL_PASSWORD" - - ${SIMU} sed -i \ - -e "s/MYSQL_ROOT_PASSWORD=.*/MYSQL_ROOT_PASSWORD=${!rootPass}/g" \ - -e "s/MYSQL_DATABASE=.*/MYSQL_DATABASE=${!dbName}/g" \ - -e "s/MYSQL_USER=.*/MYSQL_USER=${!userName}/g" \ - -e "s/MYSQL_PASSWORD=.*/MYSQL_PASSWORD=${!userPass}/g" \ - "$2" - - # seulement si pas de mdp pour root - # pb oeuf et poule (il faudrait les anciennes valeurs) : - # * si rootPass change, faire à la main - # * si dbName change, faire à la main - checkDockerRunning "$3" "$3" || return - echo "change DB pass on docker $3" - echo "grant all privileges on ${!dbName}.* to '${!userName}' identified by '${!userPass}';" | \ - docker exec -i $3 bash -c "mysql --user=root --password=${!rootPass}" -} - -updateEnv(){ - # $1 = prefix - # $2 = envName - - for varName in $(grep "^[a-zA-Z_]*=" $2 | sed "s/^\([^=]*\)=.*/\1/g") - do - srcName="$1_${varName}" - srcVal=$(echo "${!srcName}" | sed -e "s/[&]/\\\&/g") - ${SIMU} sed -i \ - -e "s%^[ ]*${varName}=.*\$%${varName}=${srcVal}%" \ - "$2" - done -} - -framadateUpdate(){ - [[ "${COMP_ENABLE}" =~ " framadate " ]] || return - if [ ! -f "${DOCK_LIB}/volumes/framadate_dateConfig/_data/config.php" ]; then - return 0 - fi - checkDockerRunning "${framadateServName}" "Framadate" && - ${SIMU} docker exec -ti "${framadateServName}" bash -c -i "htpasswd -bc /var/framadate/admin/.htpasswd ${framadate_HTTPD_USER} ${framadate_HTTPD_PASSWORD}" - ${SIMU} sed -i \ - -e "s/^#*const DB_USER[ ]*=.*$/const DB_USER= '${framadate_MYSQL_USER}';/g" \ - -e "s/^#*const DB_PASSWORD[ ]*=.*$/const DB_PASSWORD= '${framadate_MYSQL_PASSWORD}';/g" \ - "${DOCK_LIB}/volumes/framadate_dateConfig/_data/config.php" -} - -jirafeauUpdate(){ - [[ "${COMP_ENABLE}" =~ " jirafeau " ]] || return - if [ ! -f "${DOCK_LIB}/volumes/jirafeau_fileConfig/_data/config.local.php" ]; then - return 0 - fi - SHA=$(echo -n "${jirafeau_HTTPD_PASSWORD}" | sha256sum | cut -d \ -f 1) - ${SIMU} sed -i \ - -e "s/'admin_password'[ ]*=>[ ]*'[^']*'/'admin_password' => '${SHA}'/g" \ - "${DOCK_LIB}/volumes/jirafeau_fileConfig/_data/config.local.php" -} - -#################### -# main - -updateEnvDB "etherpad" "${KAZ_KEY_DIR}/env-${etherpadDBName}" "${etherpadDBName}" -updateEnvDB "framadate" "${KAZ_KEY_DIR}/env-${framadateDBName}" "${framadateDBName}" -updateEnvDB "gitea" "${KAZ_KEY_DIR}/env-${gitDBName}" "${gitDBName}" -updateEnvDB "mattermost" "${KAZ_KEY_DIR}/env-${mattermostDBName}" "${mattermostDBName}" -updateEnvDB "nextcloud" "${KAZ_KEY_DIR}/env-${nextcloudDBName}" "${nextcloudDBName}" -updateEnvDB "roundcube" "${KAZ_KEY_DIR}/env-${roundcubeDBName}" "${roundcubeDBName}" -updateEnvDB "sympa" "${KAZ_KEY_DIR}/env-${sympaDBName}" "${sympaDBName}" -updateEnvDB "vigilo" "${KAZ_KEY_DIR}/env-${vigiloDBName}" "${vigiloDBName}" -updateEnvDB "wp" "${KAZ_KEY_DIR}/env-${wordpressDBName}" "${wordpressDBName}" -updateEnvDB "vaultwarden" "${KAZ_KEY_DIR}/env-${vaultwardenDBName}" "${vaultwardenDBName}" -updateEnvDB "castopod" "${KAZ_KEY_DIR}/env-${castopodDBName}" "${castopodDBName}" -updateEnvDB "spip" "${KAZ_KEY_DIR}/env-${spipDBName}" "${spipDBName}" -updateEnvDB "mastodon" "${KAZ_KEY_DIR}/env-${mastodonDBName}" "${mastodonDBName}" - -updateEnv "apikaz" "${KAZ_KEY_DIR}/env-${apikazServName}" -updateEnv "ethercalc" "${KAZ_KEY_DIR}/env-${ethercalcServName}" -updateEnv "etherpad" "${KAZ_KEY_DIR}/env-${etherpadServName}" -updateEnv "framadate" "${KAZ_KEY_DIR}/env-${framadateServName}" -updateEnv "gandi" "${KAZ_KEY_DIR}/env-gandi" -updateEnv "gitea" "${KAZ_KEY_DIR}/env-${gitServName}" -updateEnv "jirafeau" "${KAZ_KEY_DIR}/env-${jirafeauServName}" -updateEnv "mattermost" "${KAZ_KEY_DIR}/env-${mattermostServName}" -updateEnv "nextcloud" "${KAZ_KEY_DIR}/env-${nextcloudServName}" -updateEnv "office" "${KAZ_KEY_DIR}/env-${officeServName}" -updateEnv "roundcube" "${KAZ_KEY_DIR}/env-${roundcubeServName}" -updateEnv "vigilo" "${KAZ_KEY_DIR}/env-${vigiloServName}" -updateEnv "wp" "${KAZ_KEY_DIR}/env-${wordpressServName}" -updateEnv "ldap" "${KAZ_KEY_DIR}/env-${ldapServName}" -updateEnv "sympa" "${KAZ_KEY_DIR}/env-${sympaServName}" -updateEnv "mail" "${KAZ_KEY_DIR}/env-${smtpServName}" -updateEnv "mobilizon" "${KAZ_KEY_DIR}/env-${mobilizonServName}" -updateEnv "mobilizon" "${KAZ_KEY_DIR}/env-${mobilizonDBName}" -updateEnv "vaultwarden" "${KAZ_KEY_DIR}/env-${vaultwardenServName}" -updateEnv "castopod" "${KAZ_KEY_DIR}/env-${castopodServName}" -updateEnv "spip" "${KAZ_KEY_DIR}/env-${spipServName}" -updateEnv "ldap" "${KAZ_KEY_DIR}/env-${ldapUIName}" -updateEnv "peertube" "${KAZ_KEY_DIR}/env-${peertubeServName}" -updateEnv "peertube" "${KAZ_KEY_DIR}/env-${peertubeDBName}" "${peertubeDBName}" -updateEnv "mastodon" "${KAZ_KEY_DIR}/env-${mastodonServName}" - - -framadateUpdate -jirafeauUpdate -exit 0 diff --git a/config/dockers.tmpl.env b/config/dockers.tmpl.env index 2a4cb85..c5e3765 100644 --- a/config/dockers.tmpl.env +++ b/config/dockers.tmpl.env @@ -159,3 +159,8 @@ apikazServName=apikazServ # services activés par container.sh # variables d'environneements utilisées # pour le tmpl du mandataire (proxy) + + +################## +#qui on envoi le mail d'inscription ? +EMAIL_CONTACT="toto@kaz.bzh" \ No newline at end of file diff --git a/config/orgaTmpl/app/Dockerfile b/config/orgaTmpl/app/Dockerfile deleted file mode 100644 index 539d978..0000000 --- a/config/orgaTmpl/app/Dockerfile +++ /dev/null @@ -1,58 +0,0 @@ -FROM alpine:3.17 - -# Some ENV variables -ENV PATH="/mattermost/bin:${PATH}" -#ENV MM_VERSION=5.32.0 -ENV MM_VERSION=6.1.0 -ENV MM_INSTALL_TYPE=docker - -# Build argument to set Mattermost edition -ARG edition=enterprise -ARG PUID=2000 -ARG PGID=2000 -ARG MM_BINARY= - - -# Install some needed packages -RUN apk add --no-cache \ - ca-certificates \ - curl \ - jq \ - libc6-compat \ - libffi-dev \ - libcap \ - linux-headers \ - mailcap \ - netcat-openbsd \ - xmlsec-dev \ - tzdata \ - && rm -rf /tmp/* - -# Get Mattermost -RUN mkdir -p /mattermost/data /mattermost/plugins /mattermost/client/plugins \ - && if [ ! -z "$MM_BINARY" ]; then curl $MM_BINARY | tar -xvz ; \ - elif [ "$edition" = "team" ] ; then curl https://releases.mattermost.com/$MM_VERSION/mattermost-team-$MM_VERSION-linux-amd64.tar.gz?src=docker-app | tar -xvz ; \ - else curl https://releases.mattermost.com/$MM_VERSION/mattermost-$MM_VERSION-linux-amd64.tar.gz?src=docker-app | tar -xvz ; fi \ - && cp /mattermost/config/config.json /config.json.save \ - && rm -rf /mattermost/config/config.json \ - && addgroup -g ${PGID} mattermost \ - && adduser -D -u ${PUID} -G mattermost -h /mattermost -D mattermost \ - && chown -R mattermost:mattermost /mattermost /config.json.save /mattermost/plugins /mattermost/client/plugins \ - && setcap cap_net_bind_service=+ep /mattermost/bin/mattermost - -USER mattermost - -#Healthcheck to make sure container is ready -HEALTHCHECK CMD curl --fail http://localhost:8000 || exit 1 - -# Configure entrypoint and command -COPY entrypoint.sh / -ENTRYPOINT ["/entrypoint.sh"] -WORKDIR /mattermost -CMD ["mattermost"] - -# Expose port 8000 of the container -EXPOSE 8000 - -# Declare volumes for mount point directories -VOLUME ["/mattermost/data", "/mattermost/logs", "/mattermost/config", "/mattermost/plugins", "/mattermost/client/plugins"] diff --git a/config/orgaTmpl/app/entrypoint.sh b/config/orgaTmpl/app/entrypoint.sh deleted file mode 100755 index f58bc71..0000000 --- a/config/orgaTmpl/app/entrypoint.sh +++ /dev/null @@ -1,82 +0,0 @@ -#!/bin/sh - -# Function to generate a random salt -generate_salt() { - tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 48 | head -n 1 -} - -# Read environment variables or set default values -DB_HOST=${DB_HOST:-db} -DB_PORT_NUMBER=${DB_PORT_NUMBER:-5432} -# see https://www.postgresql.org/docs/current/libpq-ssl.html -# for usage when database connection requires encryption -# filenames should be escaped if they contain spaces -# i.e. $(printf %s ${MY_ENV_VAR:-''} | jq -s -R -r @uri) -# the location of the CA file can be set using environment var PGSSLROOTCERT -# the location of the CRL file can be set using PGSSLCRL -# The URL syntax for connection string does not support the parameters -# sslrootcert and sslcrl reliably, so use these PostgreSQL-specified variables -# to set names if using a location other than default -DB_USE_SSL=${DB_USE_SSL:-disable} -MM_DBNAME=${MM_DBNAME:-mattermost} -MM_CONFIG=${MM_CONFIG:-/mattermost/config/config.json} - -_1=$(echo "$1" | awk '{ s=substr($0, 0, 1); print s; }' ) -if [ "$_1" = '-' ]; then - set -- mattermost "$@" -fi - -if [ "$1" = 'mattermost' ]; then - # Check CLI args for a -config option - for ARG in "$@"; do - case "$ARG" in - -config=*) MM_CONFIG=${ARG#*=};; - esac - done - - if [ ! -f "$MM_CONFIG" ]; then - # If there is no configuration file, create it with some default values - echo "No configuration file $MM_CONFIG" - echo "Creating a new one" - # Copy default configuration file - cp /config.json.save "$MM_CONFIG" - # Substitute some parameters with jq - jq '.ServiceSettings.ListenAddress = ":8000"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq '.LogSettings.EnableConsole = true' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq '.LogSettings.ConsoleLevel = "ERROR"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq '.FileSettings.Directory = "/mattermost/data/"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq '.FileSettings.EnablePublicLink = true' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq ".FileSettings.PublicLinkSalt = \"$(generate_salt)\"" "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq '.EmailSettings.SendEmailNotifications = false' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq '.EmailSettings.FeedbackEmail = ""' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq '.EmailSettings.SMTPServer = ""' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq '.EmailSettings.SMTPPort = ""' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq ".EmailSettings.InviteSalt = \"$(generate_salt)\"" "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq ".EmailSettings.PasswordResetSalt = \"$(generate_salt)\"" "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq '.RateLimitSettings.Enable = true' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq '.SqlSettings.DriverName = "postgres"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq ".SqlSettings.AtRestEncryptKey = \"$(generate_salt)\"" "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq '.PluginSettings.Directory = "/mattermost/plugins/"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - else - echo "Using existing config file $MM_CONFIG" - fi - - # Configure database access - if [ -z "$MM_SQLSETTINGS_DATASOURCE" ] && [ -n "$MM_USERNAME" ] && [ -n "$MM_PASSWORD" ]; then - echo "Configure database connection..." - # URLEncode the password, allowing for special characters - ENCODED_PASSWORD=$(printf %s "$MM_PASSWORD" | jq -s -R -r @uri) - export MM_SQLSETTINGS_DATASOURCE="postgres://$MM_USERNAME:$ENCODED_PASSWORD@$DB_HOST:$DB_PORT_NUMBER/$MM_DBNAME?sslmode=$DB_USE_SSL&connect_timeout=10" - echo "OK" - else - echo "Using existing database connection" - fi - - # Wait another second for the database to be properly started. - # Necessary to avoid "panic: Failed to open sql connection pq: the database system is starting up" - sleep 1 - - echo "Starting mattermost" -fi - -exec "$@" diff --git a/config/orgaTmpl/init-db.sh b/config/orgaTmpl/init-db.sh index 1188fa5..c86ff96 100755 --- a/config/orgaTmpl/init-db.sh +++ b/config/orgaTmpl/init-db.sh @@ -25,57 +25,66 @@ SQL="" for ARG in "$@"; do case "${ARG}" in 'cloud' ) + . $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudDB SQL="$SQL -CREATE DATABASE IF NOT EXISTS ${nextcloud_MYSQL_DATABASE}; +CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE}; -DROP USER IF EXISTS '${nextcloud_MYSQL_USER}'; -CREATE USER '${nextcloud_MYSQL_USER}'@'%'; +DROP USER IF EXISTS '${MYSQL_USER}'; +CREATE USER '${MYSQL_USER}'@'%'; -GRANT ALL ON ${nextcloud_MYSQL_DATABASE}.* TO '${nextcloud_MYSQL_USER}'@'%' IDENTIFIED BY '${nextcloud_MYSQL_PASSWORD}'; +GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}'; FLUSH PRIVILEGES;" ;; 'agora' ) + + . $KAZ_KEY_DIR/orgas/$ORGA/env-mattermostDB SQL="$SQL -CREATE DATABASE IF NOT EXISTS ${mattermost_MYSQL_DATABASE}; +CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE}; -DROP USER IF EXISTS '${mattermost_MYSQL_USER}'; -CREATE USER '${mattermost_MYSQL_USER}'@'%'; +DROP USER IF EXISTS '${MYSQL_USER}'; +CREATE USER '${MYSQL_USER}'@'%'; -GRANT ALL ON ${mattermost_MYSQL_DATABASE}.* TO '${mattermost_MYSQL_USER}'@'%' IDENTIFIED BY '${mattermost_MYSQL_PASSWORD}'; +GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}'; FLUSH PRIVILEGES;" ;; 'wp' ) + + . $KAZ_KEY_DIR/orgas/$ORGA/env-wpDB SQL="$SQL -CREATE DATABASE IF NOT EXISTS ${wp_MYSQL_DATABASE}; +CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE}; -DROP USER IF EXISTS '${wp_MYSQL_USER}'; -CREATE USER '${wp_MYSQL_USER}'@'%'; +DROP USER IF EXISTS '${MYSQL_USER}'; +CREATE USER '${MYSQL_USER}'@'%'; -GRANT ALL ON ${wp_MYSQL_DATABASE}.* TO '${wp_MYSQL_USER}'@'%' IDENTIFIED BY '${wp_MYSQL_PASSWORD}'; +GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}'; FLUSH PRIVILEGES;" ;; 'castopod' ) + + . $KAZ_KEY_DIR/orgas/$ORGA/env-castopodDB SQL="$SQL -CREATE DATABASE IF NOT EXISTS ${castopod_MYSQL_DATABASE}; +CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE}; -DROP USER IF EXISTS '${castopod_MYSQL_USER}'; -CREATE USER '${castopod_MYSQL_USER}'@'%'; +DROP USER IF EXISTS '${MYSQL_USER}'; +CREATE USER '${MYSQL_USER}'@'%'; -GRANT ALL ON ${castopod_MYSQL_DATABASE}.* TO '${castopod_MYSQL_USER}'@'%' IDENTIFIED BY '${castopod_MYSQL_PASSWORD}'; +GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}'; FLUSH PRIVILEGES;" ;; 'spip' ) + + . $KAZ_KEY_DIR/orgas/$ORGA/env-spipDB SQL="$SQL -CREATE DATABASE IF NOT EXISTS ${spip_MYSQL_DATABASE}; +CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE}; -DROP USER IF EXISTS '${spip_MYSQL_USER}'; -CREATE USER '${spip_MYSQL_USER}'@'%'; +DROP USER IF EXISTS '${MYSQL_USER}'; +CREATE USER '${MYSQL_USER}'@'%'; -GRANT ALL ON ${spip_MYSQL_DATABASE}.* TO '${spip_MYSQL_USER}'@'%' IDENTIFIED BY '${spip_MYSQL_PASSWORD}'; +GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}'; FLUSH PRIVILEGES;" ;; @@ -84,4 +93,4 @@ FLUSH PRIVILEGES;" esac done -echo $SQL | docker exec -i ${ORGA}-DB bash -c "mariadb --user=root --password=${wp_MYSQL_ROOT_PASSWORD}" +echo $SQL | docker exec -i ${ORGA}-DB bash -c "mariadb --user=root --password=${MYSQL_ROOT_PASSWORD}" diff --git a/config/orgaTmpl/initdb.d/orga.sql b/config/orgaTmpl/initdb.d/orga.sql deleted file mode 100644 index 6fc5ea0..0000000 --- a/config/orgaTmpl/initdb.d/orga.sql +++ /dev/null @@ -1,3 +0,0 @@ -CREATE DATABASE IF NOT EXISTS nextcloud; -CREATE DATABASE IF NOT EXISTS mattermost; -CREATE DATABASE IF NOT EXISTS wpdb; diff --git a/config/orgaTmpl/wiki-conf/acl.auth.php b/config/orgaTmpl/wiki-conf/acl.auth.php deleted file mode 100644 index 11b3b5d..0000000 --- a/config/orgaTmpl/wiki-conf/acl.auth.php +++ /dev/null @@ -1,10 +0,0 @@ -# acl.auth.php -# -# Don't modify the lines above -# -# Access Control Lists -# -# Auto-generated by install script -# Date: Sat, 13 Feb 2021 17:42:28 +0000 -* @ALL 1 -* @user 8 diff --git a/config/orgaTmpl/wiki-conf/local.php b/config/orgaTmpl/wiki-conf/local.php deleted file mode 100644 index 117c4d9..0000000 --- a/config/orgaTmpl/wiki-conf/local.php +++ /dev/null @@ -1,26 +0,0 @@ - -# Don't modify the lines above -# -# Userfile -# -# Auto-generated by install script -# Date: Sat, 13 Feb 2021 17:42:28 +0000 -# -# Format: -# login:passwordhash:Real Name:email:groups,comma,separated - -admin:$2y$10$GYvFgViXeEUmDViplHEs7eoYV8tmbfsS8wA1vfHQ.tWgW14o9aTjy:admin:contact@kaz.bzh:admin,user diff --git a/config/proxy/proxy_params b/config/proxy/proxy_params deleted file mode 100644 index 073a27e..0000000 --- a/config/proxy/proxy_params +++ /dev/null @@ -1,21 +0,0 @@ - -#proxy_buffering off; -#proxy_set_header X-Forwarded-Host $host:$server_port; -#proxy_set_header X-Forwarded-Server $host; -#XXX pb proxy_set_header Connection $proxy_connection; - -proxy_buffers 256 16k; -proxy_buffer_size 16k; - -# mattermost -http2_push_preload on; # Enable HTTP/2 Server Push -add_header Strict-Transport-Security max-age=15768000; -proxy_set_header Host $http_host; -proxy_set_header X-Real-IP $remote_addr; -#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -proxy_set_header X-Forwarded-Proto $scheme; - -#proxy_hide_header 'x-frame-options'; -#proxy_set_header x-frame-options allowall; -proxy_set_header X-Frame-Options SAMEORIGIN; - diff --git a/dockers/ldap/UIHooks/post-hook.sh b/dockers/ldap/UIHooks/post-hook.sh index 26819bb..76fb5bc 100755 --- a/dockers/ldap/UIHooks/post-hook.sh +++ b/dockers/ldap/UIHooks/post-hook.sh @@ -5,7 +5,9 @@ NEWPASSWORD=$(base64 -d <<< $2) OLDPASSWORD=$(base64 -d <<< $3) URL_AGORA="https://${matterHost}.${domain}" -mattermost_token=${LDAPUI_MM_ADMIN_TOKEN} + +#mattermost_token=${LDAPUI_MM_ADMIN_TOKEN} +. $KAZ_KEY_DIR/env-mattermostAdmin IDUSER=$(curl -s -H "Authorization: Bearer ${mattermost_token}" "${URL_AGORA}/api/v4/users/email/${EMAIL}" | awk -F "," '{print $1}' | sed -e 's/{"id"://g' -e 's/"//g') if [ ${IDUSER} == 'app.user.missing_account.const' ] diff --git a/dockers/sympa/alerting/sympa.sh b/dockers/sympa/alerting/sympa.sh index e6a7761..d1e3af5 100755 --- a/dockers/sympa/alerting/sympa.sh +++ b/dockers/sympa/alerting/sympa.sh @@ -6,7 +6,7 @@ KAZ_ROOT=/kaz setKazVars . $DOCKERS_ENV -. $KAZ_ROOT/secret/SetAllPass.sh +. $KAZ_KEY_DIR/env-mattermostAdmin DOCKER_CMD="docker exec sympaServ" URL_AGORA=$(echo $matterHost).$(echo $domain) diff --git a/dockers/traefik/proxy-gen.sh b/dockers/traefik/proxy-gen.sh index 920a01b..cfc0f10 100755 --- a/dockers/traefik/proxy-gen.sh +++ b/dockers/traefik/proxy-gen.sh @@ -4,7 +4,7 @@ KAZ_ROOT=$(cd "$(dirname $0)/../.."; pwd) . "${KAZ_ROOT}/bin/.commonFunctions.sh" setKazVars . "${DOCKERS_ENV}" -. "${KAZ_ROOT}/secret/SetAllPass.sh" +. $KAZ_BIN_DIR/getPasswords.sh traefik printKazMsg "\n *** Proxy update config" diff --git a/secret.tmpl/SetAllPass.sh b/secret.tmpl/SetAllPass.sh index bda9768..8ea95fb 100755 --- a/secret.tmpl/SetAllPass.sh +++ b/secret.tmpl/SetAllPass.sh @@ -2,227 +2,43 @@ # Attention à cause des scripts pas de ["'/] dans les mot de passe -#################### -# ethercalc -ethercalc_REDIS_PORT_6379_TCP_ADDR="redis" -ethercalc_REDIS_PORT_6379_TCP_PORT="6379" - -#################### -# etherpad -etherpad_MYSQL_ROOT_PASSWORD="--clean_val--" -etherpad_MYSQL_DATABASE="--clean_val--" -etherpad_MYSQL_USER="--clean_val--" -etherpad_MYSQL_PASSWORD="--clean_val--" - -# Share with etherpadDB -etherpad_DB_NAME="${etherpad_MYSQL_DATABASE}" -etherpad_DB_USER="${etherpad_MYSQL_USER}" -etherpad_DB_PASS="${etherpad_MYSQL_PASSWORD}" - -etherpad_DB_TYPE="mysql" -etherpad_DB_HOST="padDB" -etherpad_DB_PORT="3306" -#etherpad_DB_CHARSET="utf8" -#user: admin -etherpad_ADMIN_PASSWORD="--clean_val--" -etherpad_PAD_OPTIONS_LANG="fr" -etherpad_TITLE="KazPad" -etherpad_TRUST_PROXY="true" - -#################### -# framadate -framadate_MYSQL_ROOT_PASSWORD="--clean_val--" -framadate_MYSQL_DATABASE="--clean_val--" -framadate_MYSQL_USER="--clean_val--" -framadate_MYSQL_PASSWORD="--clean_val--" - -framadate_HTTPD_USER="--clean_val--" -framadate_HTTPD_PASSWORD="--clean_val--" - -################## -# Gandi -# à supprimer et à replacer par dns_gandi_api_key -gandi_GANDI_KEY="xxx" -gandi_GANDI_API="https://api.gandi.net/v5/livedns/domains/${domain}" -gandi_dns_gandi_api_key="${gandi_GANDI_KEY}" - -#################### -# mattermost -mattermost_MYSQL_ROOT_PASSWORD="--clean_val--" -mattermost_MYSQL_DATABASE="--clean_val--" -mattermost_MYSQL_USER="--clean_val--" -mattermost_MYSQL_PASSWORD="--clean_val--" - -# Share with mattermostDB -mattermost_MM_DBNAME="${mattermost_MYSQL_DATABASE}" -mattermost_MM_USERNAME="${mattermost_MYSQL_USER}" -mattermost_MM_PASSWORD="${mattermost_MYSQL_PASSWORD}" - -mattermost_DB_PORT_NUMBER="3306" -mattermost_DB_HOST="db" -mattermost_MM_SQLSETTINGS_DRIVERNAME="mysql" -mattermost_MM_ADMIN_EMAIL="admin@kaz.bzh" - -# mattermost_MM_SQLSETTINGS_DATASOURCE = "MM_USERNAME:MM_PASSWORD@tcp(DB_HOST:DB_PORT_NUMBER)/MM_DBNAME?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s" -# Don't forget to replace all entries (beginning by MM_ and DB_) in MM_SQLSETTINGS_DATASOURCE with the real variables values. -mattermost_MM_SQLSETTINGS_DATASOURCE="${mattermost_MYSQL_USER}:${mattermost_MYSQL_PASSWORD}@tcp(${mattermost_DB_HOST}:${mattermost_DB_PORT_NUMBER})/${mattermost_MM_DBNAME}?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s" -# sinon avec postgres -# mattermost_MM_SQLSETTINGS_DATASOURCE = "postgres://${MM_USERNAME}:${MM_PASSWORD}@db:5432/${MM_DBNAME}?sslmode=disable&connect_timeout=10" +# A COPIER DANS UN FICHIER DE CONF !! -> mattermostAdmin # pour envoyer des messages sur l'agora avec mmctl mattermost_user="admin-mattermost" mattermost_pass="--clean_val--" mattermost_token="xxx-private" -################## -# Openldap -ldap_LDAP_ADMIN_USERNAME="--clean_val--" -ldap_LDAP_ADMIN_PASSWORD="--clean_val--" -ldap_LDAP_CONFIG_ADMIN_USERNAME="--clean_val--" -ldap_LDAP_CONFIG_ADMIN_PASSWORD="--clean_val--" -ldap_LDAP_POSTFIX_PASSWORD="--clean_val--" -ldap_LDAP_LDAPUI_PASSWORD="--clean_val--" -ldap_LDAP_MATTERMOST_PASSWORD="--clean_val--" -ldap_LDAP_CLOUD_PASSWORD="--clean_val--" -ldap_LDAP_MOBILIZON_PASSWORD="--clean_val--" - -ldap_LDAPUI_URI=ldap://ldap -ldap_LDAPUI_BASE_DN=${ldap_root} -ldap_LDAPUI_REQUIRE_STARTTLS=FALSE -ldap_LDAPUI_ADMINS_GROUP=admins -ldap_LDAPUI_ADMIN_BIND_DN=cn=ldapui,ou=applications,${ldap_root} -ldap_LDAPUI_ADMIN_BIND_PWD=${ldap_LDAP_LDAPUI_PASSWORD} -ldap_LDAPUI_IGNORE_CERT_ERRORS=TRUE -ldap_LDAPUI_PASSWORD="--clean_val--" -ldap_LDAPUI_MM_ADMIN_TOKEN=${mattermost_token} - -################### -# gitea -gitea_MYSQL_ROOT_PASSWORD="--clean_val--" -gitea_MYSQL_DATABASE="--clean_val--" -gitea_MYSQL_USER="--clean_val--" -gitea_MYSQL_PASSWORD="--clean_val--" - -# on ne peut pas utiliser le login "admin" -gitea_user_admin="admin_gitea" -gitea_pass_admin="--clean_val--" -gitea_admin_email="admin@kaz.bzh" - -#################### -# jirafeau -jirafeau_HTTPD_PASSWORD="--clean_val--" -jirafeau_DATA_DIR="--clean_val--" - - -#################### -# nexcloud -nextcloud_MYSQL_ROOT_PASSWORD="${mattermost_MYSQL_ROOT_PASSWORD}" -nextcloud_MYSQL_DATABASE="--clean_val--" -nextcloud_MYSQL_USER="--clean_val--" -nextcloud_MYSQL_PASSWORD="--clean_val--" - -nextcloud_NEXTCLOUD_ADMIN_USER="admin" -nextcloud_NEXTCLOUD_ADMIN_PASSWORD="--clean_val--" -nextcloud_MYSQL_HOST="db" - -#user: admin -nextcloud_RAIN_LOOP="--clean_val--" - -#################### -# collabora -office_username="admin" -office_password="--clean_val--" - -#################### -# roundcube -roundcube_MYSQL_ROOT_PASSWORD="--clean_val--" -roundcube_MYSQL_DATABASE="--clean_val--" -roundcube_MYSQL_USER="--clean_val--" -roundcube_MYSQL_PASSWORD="--clean_val--" - -# Share with roundcubeDB -roundcube_ROUNDCUBEMAIL_DB_TYPE="mysql" -roundcube_ROUNDCUBEMAIL_DB_NAME="${roundcube_MYSQL_DATABASE}" -roundcube_ROUNDCUBEMAIL_DB_USER="${roundcube_MYSQL_USER}" -roundcube_ROUNDCUBEMAIL_DB_PASSWORD="${roundcube_MYSQL_PASSWORD}" -roundcube_ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE="1G" - -#################### -# postfix LDAP -mail_LDAP_BIND_DN=cn=postfix,ou=applications,${ldap_root} -mail_LDAP_BIND_PW=${ldap_LDAP_POSTFIX_PASSWORD} - -#################### -# sympa -sympa_MYSQL_ROOT_PASSWORD="--clean_val--" -sympa_MYSQL_DATABASE="sympa" -sympa_MYSQL_USER="sympa" -sympa_MYSQL_PASSWORD="--clean_val--" - -sympa_KEY="/etc/letsencrypt/live/${domain}/privkey.pem" -sympa_CERT="/etc/letsencrypt/live/${domain}/fullchain.pem" -sympa_LISTMASTERS="listmaster@${domain_sympa}" -sympa_ADMINEMAIL="listmaster@${domain_sympa}" -sympa_SOAP_USER="sympa" -sympa_SOAP_PASSWORD="--clean_val--" - -# pour inscrire des users sur des listes sympa avec soap -#il faut que le user soit admin de sympa -sympa_user="a@${domain}" -sympa_pass="--clean_val--" - -################## -# vigilo -vigilo_MYSQL_ROOT_PASSWORD="--clean_val--" -vigilo_MYSQL_USER="--clean_val--" -vigilo_MYSQL_PASSWORD="--clean_val--" -vigilo_MYSQL_DATABASE="--clean_val--" -vigilo_MYSQL_HOST="db" -#vigilo_BIND= - -#################### -# wordpress -wp_MYSQL_ROOT_PASSWORD="${mattermost_MYSQL_ROOT_PASSWORD}" -wp_MYSQL_DATABASE="--clean_val--" -wp_MYSQL_USER="--clean_val--" -wp_MYSQL_PASSWORD="--clean_val--" - -# Share with wpDB -wp_WORDPRESS_DB_HOST="db:3306" -wp_WORDPRESS_DB_NAME="${wp_MYSQL_DATABASE}" -wp_WORDPRESS_DB_USER="${wp_MYSQL_USER}" -wp_WORDPRESS_DB_PASSWORD="${wp_MYSQL_PASSWORD}" - -wp_WORDPRESS_ADMIN_USER="admin" -wp_WORDPRESS_ADMIN_PASSWORD="--clean_val--" ################## +# A DEPLACER DANS DOCKER ENV #qui envoi le mail d'inscription ? EMAIL_CONTACT="toto@kaz.bzh" +# A COPIER DANS UN FICHIER DE CONF !! -> paheko ################## # Paheko paheko_API_USER="admin-api" paheko_API_PASSWORD="--clean_val--" -################## -# La nas de Kaz chez Grifon -nas_admin1="admin" -nas_password1="--clean_val--" -nas_admin2="kaz" -nas_password1="--clean_val--" -# compte mail pour les notifications du nas -nas_email_account="admin-nas@${domain}" -nas_email_password="--clean_val--" + +# A virer dans koffre ################## #Compte sur outlook.com outlook_user="kaz-user@outlook.fr" outlook_pass="--clean_val--" + +# A COPIER DANS UN FICHIER DE CONF !! -> mail +service_mail=admin-kaz@kaz.bzh +service_password=_bif2OkFaid_ + ################## #Borg + +# A COPIER DANS UN FICHIER DE CONF !! -> borg BORG_REPO="/mnt/backup-nas1/BorgRepo" BORG_PASSPHRASE="--clean_val--" VOLUME_SAUVEGARDES="/mnt/backup-nas1" @@ -230,148 +46,21 @@ MAIL_RAPPORT="a@${domain};b@${domain};c@${domain}" BORGMOUNT="/mnt/disk-nas1/tmp/repo_mount" -################### -# mobilizon -mobilizon_POSTGRES_USER="--clean_val--" -mobilizon_POSTGRES_PASSWORD="--clean_val--" -mobilizon_POSTGRES_DB=mobilizon -mobilizon_MOBILIZON_DATABASE_USERNAME="${mobilizon_POSTGRES_USER}" -mobilizon_MOBILIZON_DATABASE_PASSWORD="${mobilizon_POSTGRES_PASSWORD}" -mobilizon_MOBILIZON_DATABASE_DBNAME=mobilizon - -mobilizon_MOBILIZON_INSTANCE_REGISTRATIONS_OPEN=false -mobilizon_MOBILIZON_INSTANCE_NAME="Mobilizon" -mobilizon_MOBILIZON_INSTANCE_HOST="${mobilizonHost}.${domain}" - -mobilizon_MOBILIZON_INSTANCE_SECRET_KEY_BASE=changeme -mobilizon_MOBILIZON_INSTANCE_SECRET_KEY=changeme - -mobilizon_MOBILIZON_INSTANCE_EMAIL=noreply@${domain} -mobilizon_MOBILIZON_REPLY_EMAIL=contact@${domain_sympa} -mobilizon_MOBILIZON_ADMIN_EMAIL=admin@${domain_sympa} - -mobilizon_MOBILIZON_SMTP_SERVER="${smtpHost}.${domain}" -mobilizon_MOBILIZON_SMTP_PORT=25 -mobilizon_MOBILIZON_SMTP_HOSTNAME="${smtpHost}.${domain}" -mobilizon_MOBILIZON_SMTP_USERNAME=noreply@${domain} -mobilizon_MOBILIZON_SMTP_PASSWORD= -mobilizon_MOBILIZON_SMTP_SSL=false - -mobilizon_MOBILIZON_LDAP_BINDUID=cn=mobilizon,ou=applications,${ldap_root} -mobilizon_MOBILIZON_LDAP_BINDPASSWORD=${ldap_LDAP_MOBILIZON_PASSWORD} - - -##################### -# Vaultwarden - -vaultwarden_MYSQL_ROOT_PASSWORD="--clean_val--" -vaultwarden_MYSQL_DATABASE="vaultwarden" -vaultwarden_MYSQL_USER="vaultwarden" -vaultwarden_MYSQL_PASSWORD="--clean_val--" - -vaultwarden_DATABASE_URL="mysql://${vaultwarden_MYSQL_USER}:${vaultwarden_MYSQL_PASSWORD}@db/${vaultwarden_MYSQL_DATABASE}" -vaultwarden_ADMIN_TOKEN="--clean_val--" - ##################### #Traefik +# A COPIER DANS UN FICHIER DE CONF !! -> traefik traefik_DASHBOARD_USER="admin" traefik_DASHBOARD_PASSWORD="--clean_val--" -##################### -# dokuwiki - -dokuwiki_WIKI_ROOT=Kaz -dokuwiki_WIKI_EMAIL=wiki@kaz.local -dokuwiki_WIKI_PASSWORD="--clean_val--" ##################### # Castopod -castopod_MYSQL_ROOT_PASSWORD="--clean_val--" -castopod_MYSQL_DATABASE="--clean_val--" -castopod_MYSQL_USER="--clean_val--" -castopod_MYSQL_PASSWORD="--clean_val--" -castopod_CP_REDIS_PASSWORD="${castopodRedisPassword}" +# A COPIER DANS UN FICHIER DE CONF !! castopodAdmin + castopod_ADMIN_USER=adminKaz castopod_ADMIN_MAIL=admin@${domain} castopod_ADMIN_PASSWORD="--clean_val--" -castopod_CP_EMAIL_SMTP_HOST="${smtpHost}.${domain}" -castopod_CP_EMAIL_SMTP_PORT=25 -castopod_CP_EMAIL_SMTP_USERNAME=noreply@${domain} -castopod_CP_EMAIL_SMTP_PASSWORD= -castopod_CP_EMAIL_FROM=noreply@${domain} -castopod_CP_EMAIL_SMTP_CRYPTO=tls -##################### -# Spip -spip_MYSQL_ROOT_PASSWORD="--clean_val--" -spip_MYSQL_DATABASE="--clean_val--" -spip_MYSQL_USER="--clean_val--" -spip_MYSQL_PASSWORD="--clean_val--" -spip_SPIP_AUTO_INSTALL=1 -spip_SPIP_DB_SERVER=mysql -spip_SPIP_DB_LOGIN="${spip_MYSQL_USER}" -spip_SPIP_DB_PASS="${spip_MYSQL_PASSWORD}" -spip_SPIP_DB_NAME="${spip_MYSQL_DATABASE}" -spip_SPIP_ADMIN_NAME=admin -spip_SPIP_ADMIN_LOGIN=admin -spip_SPIP_ADMIN_EMAIL=admin@${domain} -spip_SPIP_ADMIN_PASS="--clean_val--" -spip_PHP_TIMEZONE="Europe/Paris" - -##################### -# Peertube -peertube_POSTGRES_USER="--clean_val--" -peertube_POSTGRES_PASSWORD="--clean_val--" -peertube_PEERTUBE_DB_NAME="--clean_val--" - -peertube_PEERTUBE_DB_USERNAME="${peertube_POSTGRES_USER}" -peertube_PEERTUBE_DB_PASSWORD="${peertube_POSTGRES_PASSWORD}" -peertube_PEERTUBE_DB_SSL=false -peertube_PEERTUBE_DB_HOSTNAME="${peertubeDBName}" -peertube_PEERTUBE_WEBSERVER_HOSTNAME="${peertubeHost}.${domain}" -peertube_PEERTUBE_TRUST_PROXY="['10.0.0.0/8', '127.0.0.1', 'loopback', '172.18.0.0/16']" - -peertube_PEERTUBE_SECRET="--clean_val--" -peertube_PT_INITIAL_ROOT_PASSWORD="--clean_val--" - -#peertube_PEERTUBE_SMTP_USERNAME= -#peertube_PEERTUBE_SMTP_PASSWORD= -# Default to Postfix service name "postfix" in docker-compose.yml -# May be the hostname of your Custom SMTP server -peertube_PEERTUBE_SMTP_HOSTNAME= -peertube_PEERTUBE_SMTP_PORT=25 -peertube_PEERTUBE_SMTP_FROM= -peertube_PEERTUBE_SMTP_TLS=false -peertube_PEERTUBE_SMTP_DISABLE_STARTTLS=false -peertube_PEERTUBE_ADMIN_EMAIL= -peertube_POSTFIX_myhostname= -#peertube_OPENDKIM_DOMAINS=peertube -peertube_OPENDKIM_RequireSafeKeys=no - -peertube_PEERTUBE_OBJECT_STORAGE_UPLOAD_ACL_PUBLIC="public-read" -peertube_PEERTUBE_OBJECT_STORAGE_UPLOAD_ACL_PRIVATE="private" - -###################### -peertube_POSTGRES_DB="${peertube_PEERTUBE_DB_NAME}" - -###################### -# SNAPPYMAIL -# Url https://snappymail.${domain}/?admin -# au premier lancement un mot de passe est généré en aut par l' appli dans le -# volume Data : /var/lib/docker/volumes/snappymail_data/_data/_data_/_default_ -# le fichier s' appelle admin_password.txt -# une fois le mot de passe changé dans le Gui de l' admin, ce fichier est automatiquement supprimé -snappymail_TZ="Europe/Paris" -snappymail_UPLOAD_MAX_SIZE="100M" - -#################### -# mastodon -mastodon_POSTGRES_USER="--clean_val--" -mastodon_POSTGRES_PASSWORD="--clean_val--" -mastodon_POSTGRES_DB=mastodon -mastodon_DB_USER="${mastodon_POSTGRES_USER}" -mastodon_DB_PASS="${mastodon_POSTGRES_PASSWORD}" -mastodon_DB_NAME=mastodon diff --git a/secret.tmpl/env-borg b/secret.tmpl/env-borg new file mode 100644 index 0000000..81a290d --- /dev/null +++ b/secret.tmpl/env-borg @@ -0,0 +1,17 @@ +VOLUME_SAUVEGARDES= +BORG_REPO= +BORG_PASSPHRASE= +BORGLOG="/var/log/borg" +BORG_FIC_DEL="/tmp/sauvegarde_supp.txt" +BORG_EXCLUDE_BACKUP= +MAIL_RAPPORT= +LISTREPSAUV= +BORGMOUNT="/mnt/repo_borg" +MAILOK= +MAILWARNING= +MAILDETAIL= +BACKUPS_KEEP="4m" +NB_BACKUPS_JOUR=90 +NB_BACKUPS_SEM=30 +NB_BACKUPS_MOIS=12 +BORGSCRIPTS=/root/borgscripts \ No newline at end of file diff --git a/secret.tmpl/env-castopodAdmin b/secret.tmpl/env-castopodAdmin new file mode 100644 index 0000000..64ecec1 --- /dev/null +++ b/secret.tmpl/env-castopodAdmin @@ -0,0 +1,3 @@ +ADMIN_USER= +ADMIN_MAIL= +ADMIN_PASSWORD="--clean_val--" \ No newline at end of file diff --git a/secret.tmpl/env-mail b/secret.tmpl/env-mail new file mode 100644 index 0000000..c630b0c --- /dev/null +++ b/secret.tmpl/env-mail @@ -0,0 +1,2 @@ +service_mail= +service_password= \ No newline at end of file diff --git a/secret.tmpl/env-mattermostAdmin b/secret.tmpl/env-mattermostAdmin new file mode 100644 index 0000000..88c5c4a --- /dev/null +++ b/secret.tmpl/env-mattermostAdmin @@ -0,0 +1,3 @@ +mattermost_user= +mattermost_pass= +mattermost_token= \ No newline at end of file diff --git a/secret.tmpl/env-paheko b/secret.tmpl/env-paheko new file mode 100644 index 0000000..b485814 --- /dev/null +++ b/secret.tmpl/env-paheko @@ -0,0 +1,2 @@ +API_USER="admin-api" +API_PASSWORD="--clean_val--" \ No newline at end of file diff --git a/secret.tmpl/env-traefik b/secret.tmpl/env-traefik new file mode 100644 index 0000000..88b5b62 --- /dev/null +++ b/secret.tmpl/env-traefik @@ -0,0 +1,2 @@ +DASHBOARD_USER="admin" +DASHBOARD_PASSWORD="--clean_val--" \ No newline at end of file diff --git a/secret.tmpl/env-wpServ b/secret.tmpl/env-wpServ index a6770be..77a9243 100644 --- a/secret.tmpl/env-wpServ +++ b/secret.tmpl/env-wpServ @@ -4,3 +4,5 @@ WORDPRESS_DB_HOST= WORDPRESS_DB_USER= WORDPRESS_DB_PASSWORD= WORDPRESS_DB_NAME= +WORDPRESS_ADMIN_USER= +WORDPRESS_ADMIN_PASSWORD= \ No newline at end of file