SetAllPass a disparu ! Reste le secretgen à refaire + revoir les valeurs "liées" par setallpass. Rien n'est testé pour le moment.

config/dockers.tmpl.env

@@ -159,3 +159,8 @@ apikazServName=apikazServ
 # services activés par container.sh
 # variables d'environneements utilisées
 # pour le tmpl du mandataire (proxy)
+
+
+##################
+#qui on envoi le mail d'inscription ?
+EMAIL_CONTACT="toto@kaz.bzh"

config/orgaTmpl/app/Dockerfile

@@ -1,58 +0,0 @@
-FROM alpine:3.17
-
-# Some ENV variables
-ENV PATH="/mattermost/bin:${PATH}"
-#ENV MM_VERSION=5.32.0
-ENV MM_VERSION=6.1.0
-ENV MM_INSTALL_TYPE=docker
-
-# Build argument to set Mattermost edition
-ARG edition=enterprise
-ARG PUID=2000
-ARG PGID=2000
-ARG MM_BINARY=
-
-
-# Install some needed packages
-RUN apk add --no-cache \
-	ca-certificates \
-	curl \
-	jq \
-	libc6-compat \
-	libffi-dev \
-	libcap \
-	linux-headers \
-	mailcap \
-	netcat-openbsd \
-	xmlsec-dev \
-	tzdata \
-	&& rm -rf /tmp/*
-
-# Get Mattermost
-RUN mkdir -p /mattermost/data /mattermost/plugins /mattermost/client/plugins \
-	&& if [ ! -z "$MM_BINARY" ]; then curl $MM_BINARY | tar -xvz ; \
-		elif [ "$edition" = "team" ] ; then curl https://releases.mattermost.com/$MM_VERSION/mattermost-team-$MM_VERSION-linux-amd64.tar.gz?src=docker-app | tar -xvz ; \
-		else curl https://releases.mattermost.com/$MM_VERSION/mattermost-$MM_VERSION-linux-amd64.tar.gz?src=docker-app | tar -xvz ; fi \
-	&& cp /mattermost/config/config.json /config.json.save \
-	&& rm -rf /mattermost/config/config.json \
-	&& addgroup -g ${PGID} mattermost \
-	&& adduser -D -u ${PUID} -G mattermost -h /mattermost -D mattermost \
-	&& chown -R mattermost:mattermost /mattermost /config.json.save /mattermost/plugins /mattermost/client/plugins \
-	&& setcap cap_net_bind_service=+ep /mattermost/bin/mattermost
-
-USER mattermost
-
-#Healthcheck to make sure container is ready
-HEALTHCHECK CMD curl --fail http://localhost:8000 || exit 1
-
-# Configure entrypoint and command
-COPY entrypoint.sh /
-ENTRYPOINT ["/entrypoint.sh"]
-WORKDIR /mattermost
-CMD ["mattermost"]
-
-# Expose port 8000 of the container
-EXPOSE 8000
-
-# Declare volumes for mount point directories
-VOLUME ["/mattermost/data", "/mattermost/logs", "/mattermost/config", "/mattermost/plugins", "/mattermost/client/plugins"]

config/orgaTmpl/app/entrypoint.sh

@@ -1,82 +0,0 @@
-#!/bin/sh
-
-# Function to generate a random salt
-generate_salt() {
-	tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 48 | head -n 1
-}
-
-# Read environment variables or set default values
-DB_HOST=${DB_HOST:-db}
-DB_PORT_NUMBER=${DB_PORT_NUMBER:-5432}
-# see https://www.postgresql.org/docs/current/libpq-ssl.html
-# for usage when database connection requires encryption
-# filenames should be escaped if they contain spaces
-#  i.e. $(printf %s ${MY_ENV_VAR:-''}  | jq -s -R -r @uri)
-# the location of the CA file can be set using environment var PGSSLROOTCERT
-# the location of the CRL file can be set using PGSSLCRL
-# The URL syntax for connection string does not support the parameters
-# sslrootcert and sslcrl reliably, so use these PostgreSQL-specified variables
-# to set names if using a location other than default
-DB_USE_SSL=${DB_USE_SSL:-disable}
-MM_DBNAME=${MM_DBNAME:-mattermost}
-MM_CONFIG=${MM_CONFIG:-/mattermost/config/config.json}
-
-_1=$(echo "$1" | awk  '{ s=substr($0, 0, 1); print s; }' )
-if [ "$_1" = '-' ]; then
-	set -- mattermost "$@"
-fi
-
-if [ "$1" = 'mattermost' ]; then
-	# Check CLI args for a -config option
-	for ARG in "$@"; do
-		case "$ARG" in
-			-config=*) MM_CONFIG=${ARG#*=};;
-		esac
-	done
-
-	if [ ! -f "$MM_CONFIG" ]; then
-		# If there is no configuration file, create it with some default values
-		echo "No configuration file $MM_CONFIG"
-		echo "Creating a new one"
-		# Copy default configuration file
-		cp /config.json.save "$MM_CONFIG"
-		# Substitute some parameters with jq
-		jq '.ServiceSettings.ListenAddress = ":8000"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
-		jq '.LogSettings.EnableConsole = true' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
-		jq '.LogSettings.ConsoleLevel = "ERROR"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
-		jq '.FileSettings.Directory = "/mattermost/data/"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
-		jq '.FileSettings.EnablePublicLink = true' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
-		jq ".FileSettings.PublicLinkSalt = \"$(generate_salt)\"" "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
-		jq '.EmailSettings.SendEmailNotifications = false' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
-		jq '.EmailSettings.FeedbackEmail = ""' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
-		jq '.EmailSettings.SMTPServer = ""' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
-		jq '.EmailSettings.SMTPPort = ""' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
-		jq ".EmailSettings.InviteSalt = \"$(generate_salt)\"" "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
-		jq ".EmailSettings.PasswordResetSalt = \"$(generate_salt)\"" "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
-		jq '.RateLimitSettings.Enable = true' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
-		jq '.SqlSettings.DriverName = "postgres"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
-		jq ".SqlSettings.AtRestEncryptKey = \"$(generate_salt)\"" "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
-		jq '.PluginSettings.Directory = "/mattermost/plugins/"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
-	else
-		echo "Using existing config file $MM_CONFIG"
-	fi
-
-	# Configure database access
-	if [ -z "$MM_SQLSETTINGS_DATASOURCE" ] && [ -n "$MM_USERNAME" ] && [ -n "$MM_PASSWORD" ]; then
-		echo "Configure database connection..."
-		# URLEncode the password, allowing for special characters
-		ENCODED_PASSWORD=$(printf %s "$MM_PASSWORD" | jq -s -R -r @uri)
-		export MM_SQLSETTINGS_DATASOURCE="postgres://$MM_USERNAME:$ENCODED_PASSWORD@$DB_HOST:$DB_PORT_NUMBER/$MM_DBNAME?sslmode=$DB_USE_SSL&connect_timeout=10"
-		echo "OK"
-	else
-		echo "Using existing database connection"
-	fi
-
-	# Wait another second for the database to be properly started.
-	# Necessary to avoid "panic: Failed to open sql connection pq: the database system is starting up"
-	sleep 1
-
-	echo "Starting mattermost"
-fi
-
-exec "$@"

config/orgaTmpl/init-db.sh

@@ -25,57 +25,66 @@ SQL=""
 for ARG in "$@"; do
     case "${ARG}" in
 	'cloud' )
+		. $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudDB
 	    SQL="$SQL
-CREATE DATABASE IF NOT EXISTS ${nextcloud_MYSQL_DATABASE};
+CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE};
 
-DROP USER IF EXISTS '${nextcloud_MYSQL_USER}';
-CREATE USER '${nextcloud_MYSQL_USER}'@'%';
+DROP USER IF EXISTS '${MYSQL_USER}';
+CREATE USER '${MYSQL_USER}'@'%';
 
-GRANT ALL ON ${nextcloud_MYSQL_DATABASE}.* TO '${nextcloud_MYSQL_USER}'@'%' IDENTIFIED BY '${nextcloud_MYSQL_PASSWORD}';
+GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';
 
 FLUSH PRIVILEGES;"
         ;;
 	'agora' )
+	
+		. $KAZ_KEY_DIR/orgas/$ORGA/env-mattermostDB
 	    SQL="$SQL
-CREATE DATABASE IF NOT EXISTS ${mattermost_MYSQL_DATABASE};
+CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE};
 
-DROP USER IF EXISTS '${mattermost_MYSQL_USER}';
-CREATE USER '${mattermost_MYSQL_USER}'@'%';
+DROP USER IF EXISTS '${MYSQL_USER}';
+CREATE USER '${MYSQL_USER}'@'%';
 
-GRANT ALL ON ${mattermost_MYSQL_DATABASE}.* TO '${mattermost_MYSQL_USER}'@'%' IDENTIFIED BY '${mattermost_MYSQL_PASSWORD}';
+GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';
 
 FLUSH PRIVILEGES;"
 	    ;;
 	'wp' )
+	
+		. $KAZ_KEY_DIR/orgas/$ORGA/env-wpDB
 	    SQL="$SQL
-CREATE DATABASE IF NOT EXISTS ${wp_MYSQL_DATABASE};
+CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE};
 
-DROP USER IF EXISTS '${wp_MYSQL_USER}';
-CREATE USER '${wp_MYSQL_USER}'@'%';
+DROP USER IF EXISTS '${MYSQL_USER}';
+CREATE USER '${MYSQL_USER}'@'%';
 
-GRANT ALL ON ${wp_MYSQL_DATABASE}.* TO '${wp_MYSQL_USER}'@'%' IDENTIFIED BY '${wp_MYSQL_PASSWORD}';
+GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';
 
 FLUSH PRIVILEGES;"
 	    ;;
 	'castopod' )
+	
+		. $KAZ_KEY_DIR/orgas/$ORGA/env-castopodDB
 	    SQL="$SQL
-CREATE DATABASE IF NOT EXISTS ${castopod_MYSQL_DATABASE};
+CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE};
 
-DROP USER IF EXISTS '${castopod_MYSQL_USER}';
-CREATE USER '${castopod_MYSQL_USER}'@'%';
+DROP USER IF EXISTS '${MYSQL_USER}';
+CREATE USER '${MYSQL_USER}'@'%';
 
-GRANT ALL ON ${castopod_MYSQL_DATABASE}.* TO '${castopod_MYSQL_USER}'@'%' IDENTIFIED BY '${castopod_MYSQL_PASSWORD}';
+GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';
 
 FLUSH PRIVILEGES;"
 	    ;;
 	'spip' )
+	
+		. $KAZ_KEY_DIR/orgas/$ORGA/env-spipDB
            SQL="$SQL
-CREATE DATABASE IF NOT EXISTS ${spip_MYSQL_DATABASE};
+CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE};
 
-DROP USER IF EXISTS '${spip_MYSQL_USER}';
-CREATE USER '${spip_MYSQL_USER}'@'%';
+DROP USER IF EXISTS '${MYSQL_USER}';
+CREATE USER '${MYSQL_USER}'@'%';
 
-GRANT ALL ON ${spip_MYSQL_DATABASE}.* TO '${spip_MYSQL_USER}'@'%' IDENTIFIED BY '${spip_MYSQL_PASSWORD}';
+GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';
 
 FLUSH PRIVILEGES;"
 	    ;;
@@ -84,4 +93,4 @@ FLUSH PRIVILEGES;"
     esac
 done
 
-echo $SQL | docker exec -i ${ORGA}-DB bash -c "mariadb --user=root --password=${wp_MYSQL_ROOT_PASSWORD}"
+echo $SQL | docker exec -i ${ORGA}-DB bash -c "mariadb --user=root --password=${MYSQL_ROOT_PASSWORD}"

config/orgaTmpl/initdb.d/orga.sql

@@ -1,3 +0,0 @@
-CREATE DATABASE IF NOT EXISTS nextcloud;
-CREATE DATABASE IF NOT EXISTS mattermost;
-CREATE DATABASE IF NOT EXISTS wpdb;

config/orgaTmpl/wiki-conf/acl.auth.php

@@ -1,10 +0,0 @@
-# acl.auth.php
-# <?php exit()?>
-# Don't modify the lines above
-#
-# Access Control Lists
-#
-# Auto-generated by install script
-# Date: Sat, 13 Feb 2021 17:42:28 +0000
-*	@ALL	1
-*	@user	8

config/orgaTmpl/wiki-conf/local.php

@@ -1,26 +0,0 @@
-<?php
-/*
- * Dokuwiki's Main Configuration File - Local Settings
- * Auto-generated by config plugin
- * Run for user: felix
- * Date: Sun, 28 Feb 2021 15:56:13 +0000
- */
-
-$conf['title'] = 'Kaz';
-$conf['template'] = 'docnavwiki';
-$conf['license'] = 'cc-by-sa';
-$conf['useacl'] = 1;
-$conf['superuser'] = '@admin';
-$conf['manager'] = '@manager';
-$conf['disableactions'] = 'register';
-$conf['remoteuser'] = '';
-$conf['mailfrom'] = 'dokuwiki@kaz.bzh';
-$conf['updatecheck'] = 0;
-$conf['userewrite'] = '1';
-$conf['useslash'] = 1;
-$conf['plugin']['ckgedit']['scayt_auto'] = 'on';
-$conf['plugin']['ckgedit']['scayt_lang'] = 'French/fr_FR';
-$conf['plugin']['ckgedit']['other_lang'] = 'fr';
-$conf['plugin']['smtp']['smtp_host'] = 'smtp.kaz.bzh';
-$conf['plugin']['todo']['CheckboxText'] = 0;
-$conf['plugin']['wrap']['restrictionType'] = '1';

config/orgaTmpl/wiki-conf/users.auth.php

@@ -1,13 +0,0 @@
-# users.auth.php
-# <?php exit()?>
-# Don't modify the lines above
-#
-# Userfile
-#
-# Auto-generated by install script
-# Date: Sat, 13 Feb 2021 17:42:28 +0000
-#
-# Format:
-# login:passwordhash:Real Name:email:groups,comma,separated
-
-admin:$2y$10$GYvFgViXeEUmDViplHEs7eoYV8tmbfsS8wA1vfHQ.tWgW14o9aTjy:admin:contact@kaz.bzh:admin,user

config/proxy/proxy_params

@@ -1,21 +0,0 @@
-
-#proxy_buffering off;
-#proxy_set_header X-Forwarded-Host $host:$server_port;
-#proxy_set_header X-Forwarded-Server $host;
-#XXX pb proxy_set_header Connection $proxy_connection;
-
-proxy_buffers 256 16k;
-proxy_buffer_size 16k;
-
-# mattermost
-http2_push_preload on; # Enable HTTP/2 Server Push
-add_header Strict-Transport-Security max-age=15768000;
-proxy_set_header Host $http_host;
-proxy_set_header X-Real-IP $remote_addr;
-#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-proxy_set_header X-Forwarded-Proto $scheme;
-
-#proxy_hide_header 'x-frame-options';
-#proxy_set_header x-frame-options allowall;
-proxy_set_header X-Frame-Options SAMEORIGIN;
-