diff --git a/bin/container.sh b/bin/container.sh index 928cc19..57bb016 100755 --- a/bin/container.sh +++ b/bin/container.sh @@ -180,59 +180,59 @@ saveComposes () { ;; sympa) echo "save sympa" - . $KAZ_BIN_DIR/getPasswords.sh sympaDB - saveDB ${sympaDBName} "${sympaDB_MYSQL_USER}" "${sympaDB_MYSQL_PASSWORD}" "${sympaDB_MYSQL_DATABASE}" sympa mysql + . $KAZ_KEY_DIR/env-sympaDB + saveDB ${sympaDBName} "${DB_MYSQL_USER}" "${DB_MYSQL_PASSWORD}" "${DB_MYSQL_DATABASE}" sympa mysql ;; web) # rien à faire (fichiers) ;; etherpad) echo "save pad" - . $KAZ_BIN_DIR/getPasswords.sh etherpadDB - saveDB ${etherpadDBName} "${etherpadDB_MYSQL_USER}" "${etherpadDB_MYSQL_PASSWORD}" "${etherpadDB_MYSQL_DATABASE}" etherpad mysql + . $KAZ_KEY_DIR/env-etherpadDB + saveDB ${etherpadDBName} "${DB_MYSQL_USER}" "${DB_MYSQL_PASSWORD}" "${DB_MYSQL_DATABASE}" etherpad mysql ;; framadate) echo "save date" - . $KAZ_BIN_DIR/getPasswords.sh framadateDB - saveDB ${framadateDBName} "${framadateDB_MYSQL_USER}" "${framadateDB_MYSQL_PASSWORD}" "${framadateDB_MYSQL_DATABASE}" framadate mysql + . $KAZ_KEY_DIR/env-framadateDB + saveDB ${framadateDBName} "${DB_MYSQL_USER}" "${DB_MYSQL_PASSWORD}" "${DB_MYSQL_DATABASE}" framadate mysql ;; cloud) echo "save cloud" - . $KAZ_BIN_DIR/getPasswords.sh nextcloudDB - saveDB ${nextcloudDBName} "${nextcloudDB_MYSQL_USER}" "${nextcloudDB_MYSQL_PASSWORD}" "${nextcloudDB_MYSQL_DATABASE}" nextcloud mysql + . $KAZ_KEY_DIR/env-nextcloudDB + saveDB ${nextcloudDBName} "${DB_MYSQL_USER}" "${DB_MYSQL_PASSWORD}" "${DB_MYSQL_DATABASE}" nextcloud mysql ;; paheko) # rien à faire (fichiers) ;; mattermost) echo "save mattermost" - . $KAZ_BIN_DIR/getPasswords.sh mattermostDB - saveDB matterPG "${mattermostDB_POSTGRES_USER}" "${mattermostDB_POSTGRES_PASSWORD}" "${mattermostDB_POSTGRES_DB}" mattermost postgres + . $KAZ_KEY_DIR/env-mattermostDB + saveDB matterPG "${DB_POSTGRES_USER}" "${DB_POSTGRES_PASSWORD}" "${DB_POSTGRES_DB}" mattermost postgres ;; mobilizon) echo "save mobilizon" - . $KAZ_BIN_DIR/getPasswords.sh mobilizonDB - saveDB ${mobilizonDBName} "${mobilizonDB_POSTGRES_USER}" "${mobilizonDB_POSTGRES_PASSWORD}" "${mobilizonDB_POSTGRES_DB}" mobilizon postgres + . $KAZ_KEY_DIR/env-mobilizonDB + saveDB ${mobilizonDBName} "${DB_POSTGRES_USER}" "${DB_POSTGRES_PASSWORD}" "${DB_POSTGRES_DB}" mobilizon postgres ;; peertube) echo "save peertube" - . $KAZ_BIN_DIR/getPasswords.sh peertubeDB - saveDB ${peertubeDBName} "${peertubeDB_POSTGRES_USER}" "${peertubeDB_POSTGRES_PASSWORD}" "${peertubeDB_PEERTUBE_DB_HOSTNAME}" peertube postgres + . $KAZ_KEY_DIR/env-peertubeDB + saveDB ${peertubeDBName} "${DB_POSTGRES_USER}" "${DB_POSTGRES_PASSWORD}" "${DB_PEERTUBE_DB_HOSTNAME}" peertube postgres ;; mastodon) echo "save mastodon" - . $KAZ_BIN_DIR/getPasswords.sh mastodonDB - saveDB ${mastodonDBName} "${mastodonDB_POSTGRES_USER}" "${mastodonDB_POSTGRES_PASSWORD}" "${mastodonDB_POSTGRES_DB}" mastodon postgres + . $KAZ_KEY_DIR/env-mastodonDB + saveDB ${mastodonDBName} "${DB_POSTGRES_USER}" "${DB_POSTGRES_PASSWORD}" "${DB_POSTGRES_DB}" mastodon postgres ;; roundcube) echo "save roundcube" - . $KAZ_BIN_DIR/getPasswords.sh roundcubeDB - saveDB ${roundcubeDBName} "${roundcubeDB_MYSQL_USER}" "${roundcubeDB_MYSQL_PASSWORD}" "${roundcubeDB_MYSQL_DATABASE}" roundcube mysql + . $KAZ_KEY_DIR/env-roundcubeDB + saveDB ${roundcubeDBName} "${DB_MYSQL_USER}" "${DB_MYSQL_PASSWORD}" "${DB_MYSQL_DATABASE}" roundcube mysql ;; vaultwarden) echo "save vaultwarden" - . $KAZ_BIN_DIR/getPasswords.sh vaultwardenDB - saveDB ${vaultwardenDBName} "${vaultwardenDB_MYSQL_USER}" "${vaultwardenDB_MYSQL_PASSWORD}" "${vaultwardenDB_MYSQL_DATABASE}" vaultwarden mysql + . $KAZ_KEY_DIR/env-vaultwardenDB + saveDB ${vaultwardenDBName} "${DB_MYSQL_USER}" "${DB_MYSQL_PASSWORD}" "${DB_MYSQL_DATABASE}" vaultwarden mysql ;; dokuwiki) # rien à faire (fichiers) diff --git a/bin/createDBUsers.sh b/bin/createDBUsers.sh index 8157bd9..9583d6d 100755 --- a/bin/createDBUsers.sh +++ b/bin/createDBUsers.sh @@ -36,13 +36,14 @@ framadateUpdate(){ if [ ! -f "${DOCK_LIB}/volumes/framadate_dateConfig/_data/config.php" ]; then return 0 fi - .$KAZ_BIN_DIR/getPasswords.sh framadateDB framadateServ + . $KAZ_KEY_DIR/env-framadateDB + . $KAZ_KEY_DIR/env-framadateServ checkDockerRunning "${framadateServName}" "Framadate" && - ${SIMU} docker exec -ti "${framadateServName}" bash -c -i "htpasswd -bc /var/framadate/admin/.htpasswd ${framadateServ_HTTPD_USER} ${framadateServ_HTTPD_PASSWORD}" + ${SIMU} docker exec -ti "${framadateServName}" bash -c -i "htpasswd -bc /var/framadate/admin/.htpasswd ${HTTPD_USER} ${HTTPD_PASSWORD}" ${SIMU} sed -i \ - -e "s/^#*const DB_USER[ ]*=.*$/const DB_USER= '${framadateDB_MYSQL_USER}';/g" \ - -e "s/^#*const DB_PASSWORD[ ]*=.*$/const DB_PASSWORD= '${framadateDB_MYSQL_PASSWORD}';/g" \ + -e "s/^#*const DB_USER[ ]*=.*$/const DB_USER= '${DB_MYSQL_USER}';/g" \ + -e "s/^#*const DB_PASSWORD[ ]*=.*$/const DB_PASSWORD= '${DB_MYSQL_PASSWORD}';/g" \ "${DOCK_LIB}/volumes/framadate_dateConfig/_data/config.php" } @@ -51,8 +52,8 @@ jirafeauUpdate(){ if [ ! -f "${DOCK_LIB}/volumes/jirafeau_fileConfig/_data/config.local.php" ]; then return 0 fi - . $KAZ_BIN_DIR/getPasswords.sh jirafeauServ - SHA=$(echo -n "${jirafeauServ_HTTPD_PASSWORD}" | sha256sum | cut -d \ -f 1) + . $KAZ_KEY_DIR/env-jirafeauServ + SHA=$(echo -n "${_HTTPD_PASSWORD}" | sha256sum | cut -d \ -f 1) ${SIMU} sed -i \ -e "s/'admin_password'[ ]*=>[ ]*'[^']*'/'admin_password' => '${SHA}'/g" \ "${DOCK_LIB}/volumes/jirafeau_fileConfig/_data/config.local.php" diff --git a/bin/createUser.sh b/bin/createUser.sh index b55841c..87f7302 100755 --- a/bin/createUser.sh +++ b/bin/createUser.sh @@ -39,7 +39,9 @@ cd "${KAZ_ROOT}" . "${DOCKERS_ENV}" -. $KAZ_BIN_DIR/getPasswords.sh ldapServ sympaServ paheko +. $KAZ_KEY_DIR/env-ldapServ +. $KAZ_KEY_DIR/env-sympaServ +. $KAZ_KEY_DIR/env-paheko # DOCK_DIR="${KAZ_COMP_DIR}" # ??? @@ -73,7 +75,7 @@ URL_LISTE="${sympaHost}.${domain}" URL_AGORA="${matterHost}.${domain}" URL_MDP="${ldapUIHost}.${domain}" # URL_PAHEKO="kaz-${pahekoHost}.${domain}" -URL_PAHEKO="${httpProto}://${paheko_API_USER}:${paheko_API_PASSWORD}@kaz-paheko.${domain}" +URL_PAHEKO="${httpProto}://${API_USER}:${API_PASSWORD}@kaz-paheko.${domain}" availableProxyComposes=($(getList "${KAZ_CONF_DIR}/container-proxy.list")) @@ -208,7 +210,7 @@ for i in "${CMD_LOGIN}" "${CMD_SYMPA}" "${CMD_ORGA}" "${CMD_PROXY}" "${CMD_FIRST done echo "numero,nom,quota_disque,action_auto" > "${TEMP_PAHEKO}" -echo "curl \"https://${paheko_API_USER}:${paheko_API_PASSWORD}@kaz-paheko.kaz.bzh/api/user/import\" -T \"${TEMP_PAHEKO}\"" >> "${CMD_PAHEKO}" +echo "curl \"https://${API_USER}:${API_PASSWORD}@kaz-paheko.kaz.bzh/api/user/import\" -T \"${TEMP_PAHEKO}\"" >> "${CMD_PAHEKO}" echo "on récupère tous les emails (secours/alias/kaz) sur le ldap" FILE_LDIF=/home/sauve/ldap.ldif @@ -396,9 +398,9 @@ nextcloudEnabled: TRUE\n\ nextcloudQuota: ${QUOTA} GB\n\ mobilizonEnabled: TRUE\n\ agoraEnabled: TRUE\n\ -userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}" | tee -a "${CMD_LOGIN}" +userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${LDAP_ADMIN_USERNAME},${ldap_root}\" -x -w ${LDAP_ADMIN_PASSWORD}" | tee -a "${CMD_LOGIN}" fi -#userPassword: {CRYPT}\$6\$${pass}\n\n\" | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldapServ_LDAP_CONFIG_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldapServ_LDAP_CONFIG_ADMIN_PASSWORD}" | tee -a "${CMD_LOGIN}" +#userPassword: {CRYPT}\$6\$${pass}\n\n\" | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${LDAP_CONFIG_ADMIN_USERNAME},${ldap_root}\" -x -w ${LDAP_CONFIG_ADMIN_PASSWORD}" | tee -a "${CMD_LOGIN}" CREATE_ORGA_SERVICES="" @@ -490,8 +492,8 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$ # TODO : vérif existance user # # le user existe t-il déjà sur le wp ? - # . $KAZ_BIN_DIR/getPasswords.sh wpServ - # curl -o "${TEMP_USER_WP}" -X GET "${httpProto}://${wpServ_WORDPRESS_ADMIN_USER}:${wpServ_WORDPRESS_ADMIN_PASSWORD}@${URL_WP_ORGA}/ocs/v1.php/cloud/users?search=${IDENT_KAZ}" + # . $KAZ_KEY_DIR/env-wpServ + # curl -o "${TEMP_USER_WP}" -X GET "${httpProto}://${WORDPRESS_ADMIN_USER}:${WORDPRESS_ADMIN_PASSWORD}@${URL_WP_ORGA}/ocs/v1.php/cloud/users?search=${IDENT_KAZ}" # nb_user_wp_orga=$(grep "${IDENT_KAZ}" "${TEMP_USER_WP}" | wc -l) # if [ "${nb_user_wp_orga}" != "0" ];then # ( @@ -627,13 +629,13 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$ # docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=https://listes.kaz.sns/sympasoap --trusted_application=SOAP_USER --trusted_application_password=SOAP_PASSWORD --proxy_vars="USER_EMAIL=contact1@kaz.sns" --service=which if [[ "${mode}" = "dev" ]]; then echo "# DEV, on teste l'inscription à sympa"| tee -a "${CMD_SYMPA}" - LISTMASTER=$(echo ${sympaServ_LISTMASTERS} | cut -d',' -f1) - echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\"" | tee -a "${CMD_SYMPA}" + LISTMASTER=$(echo ${LISTMASTERS} | cut -d',' -f1) + echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${SOAP_USER} --trusted_application_password=${SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\"" | tee -a "${CMD_SYMPA}" else echo "# PROD, on inscrit à sympa"| tee -a "${CMD_SYMPA}" - LISTMASTER=$(echo ${sympaServ_LISTMASTERS} | cut -d',' -f1) - echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\"" | tee -a "${CMD_SYMPA}" - echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SECOURS}\"" | tee -a "${CMD_SYMPA}" + LISTMASTER=$(echo ${LISTMASTERS} | cut -d',' -f1) + echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${SOAP_USER} --trusted_application_password=${SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\"" | tee -a "${CMD_SYMPA}" + echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${SOAP_USER} --trusted_application_password=${SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SECOURS}\"" | tee -a "${CMD_SYMPA}" fi if [ "${service[ADMIN_ORGA]}" == "O" ]; then @@ -645,7 +647,7 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$ ################### # TODO : problème si 2 comptes partagent le même email souhaité (cela ne devrait pas arriver) - curl -s "https://${paheko_API_USER}:${paheko_API_PASSWORD}@kaz-paheko.kaz.bzh/api/sql" -d "SELECT numero,nom,quota_disque from users WHERE email='${EMAIL_SOUHAITE}'" | jq '.results[] | .numero,.nom,.quota_disque ' | tr \\n ',' | sed 's/,$/,Aucune\n/' >> "${TEMP_PAHEKO}" + curl -s "https://${API_USER}:${API_PASSWORD}@kaz-paheko.kaz.bzh/api/sql" -d "SELECT numero,nom,quota_disque from users WHERE email='${EMAIL_SOUHAITE}'" | jq '.results[] | .numero,.nom,.quota_disque ' | tr \\n ',' | sed 's/,$/,Aucune\n/' >> "${TEMP_PAHEKO}" #################### # Inscription MAIL # diff --git a/bin/gestUsers.sh b/bin/gestUsers.sh index 7b348c9..5d12433 100755 --- a/bin/gestUsers.sh +++ b/bin/gestUsers.sh @@ -8,7 +8,10 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd) setKazVars . $DOCKERS_ENV -. $KAZ_BIN_DIR/getPasswords.sh ldapServ nextcloudServ sympaServ paheko +. $KAZ_KEY_DIR/env-ldapServ +. $KAZ_KEY_DIR/env-nextcloudServ +. $KAZ_KEY_DIR/env-sympaServ +. $KAZ_KEY_DIR/env-paheko VERSION="18-05-2025" PRG=$(basename $0) @@ -20,11 +23,11 @@ LOG=$RACINE".log" URL_NC=$(echo $cloudHost).$(echo $domain) URL_AGORA=$(echo $matterHost).$(echo $domain) URL_LISTE=$(echo $sympaHost).$(echo $domain) -URL_PAHEKO="$httpProto://${paheko_API_USER}:${paheko_API_PASSWORD}@kaz-paheko.$(echo $domain)" +URL_PAHEKO="$httpProto://${API_USER}:${API_PASSWORD}@kaz-paheko.$(echo $domain)" NL_LIST=infos@listes.kaz.bzh URL_AGORA_API=${URL_AGORA}/api/v4 EQUIPE=kaz -LISTMASTER=$(echo ${sympaServ_LISTMASTERS} | cut -d',' -f1) +LISTMASTER=$(echo ${LISTMASTERS} | cut -d',' -f1) #### Test du serveur sur lequel s' execute le script #### @@ -94,8 +97,8 @@ searchEmail() { fi done ldapsearch -H ldap://${LDAP_IP} \ - -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \ - -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \ + -x -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" \ + -w "${LDAP_ADMIN_PASSWORD}" \ -b "${ldap_root}" "(&(objectclass=${SEARCH_OBJECT_CLASS})(cn=*${RMAIL}*))" cn | grep ^cn | sed -e 's/^cn: //' >$TFILE_EMAILS COMPTEUR_LIGNE=0 while read LIGNE @@ -186,12 +189,12 @@ infoEmail() { printKazMsg " DETAILS DU COMPTE DANS NEXTCLOUD PRINCIPAL" echo -e "" #TEMP_USER_NC=$(mktemp /tmp/$RACINE.XXXXXXXXX.TEMP_USER_NC) - #curl -s -o $TEMP_USER_NC -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=$CHOIX_MAIL + #curl -s -o $TEMP_USER_NC -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=$CHOIX_MAIL #cat $TEMP_USER_NC | grep -i "element" | sed -e s/[\<\>\/]//g | sed -e s/element//g echo -ne "${NC}" echo -ne " - Nextcloud enable : " echo -ne "${GREEN}" - ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i nextcloudEnabled | cut -c 18-30 + ldapsearch -H ldap://${LDAP_IP} -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i nextcloudEnabled | cut -c 18-30 echo -ne "${NC}" echo -e "${NC} ------------------------------------------------" printKazMsg " DETAILS DU COMPTE DANS LDAP ET PAHEKO" @@ -207,11 +210,11 @@ infoEmail() { echo -ne "${NC}" echo -n " - Quota Mail (Ldap) : " echo -ne "${GREEN}" - ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i mailquota | cut -c 11-60 + ldapsearch -H ldap://${LDAP_IP} -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i mailquota | cut -c 11-60 echo -ne "${NC}" echo -n " - Quota Nextcloud (Ldap) : " echo -ne "${GREEN}" - ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i nextcloudquota | cut -c 17-60 + ldapsearch -H ldap://${LDAP_IP} -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i nextcloudquota | cut -c 17-60 echo -ne "${NC}" echo -n " - Mail de secours (Paheko ): " echo -ne "${GREEN}" @@ -219,11 +222,11 @@ infoEmail() { echo -ne "${NC}" echo -n " - Mail de secours (Ldap): " echo -ne "${GREEN}" - ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i maildeSecours | sed -e 's/mailDeSecours://' + ldapsearch -H ldap://${LDAP_IP} -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i maildeSecours | sed -e 's/mailDeSecours://' echo -ne "${NC}" echo -n " - Alias (Ldap) : " echo -ne "${GREEN}" - LDAP_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i alias | cut -c 11-60) + LDAP_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i alias | cut -c 11-60) echo -ne "${NC}" echo -ne "${GREEN}" for ldap_alias in ${LDAP_ALIAS} @@ -243,8 +246,8 @@ infoEmail() { echo "------------------------------------------------" echo " Alias : ${CHOIX_MAIL} " echo "" - for INFOALIAS in $(ldapsearch -H ldap://${LDAP_IP} -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \ - -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${CHOIX_MAIL}*))" mail \ + for INFOALIAS in $(ldapsearch -H ldap://${LDAP_IP} -x -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" \ + -w "${LDAP_ADMIN_PASSWORD}" -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${CHOIX_MAIL}*))" mail \ | grep ^mail: | sed -e 's/^mail://') do echo -ne "=====> ${GREEN} " @@ -311,12 +314,12 @@ searchDestroy() { fi echo -e "${NC}" echo -e "Recherche de ${GREEN} ${REP_SEARCH_DESTROY} ${NC} dans nextcloud" - USER_NEXTCLOUD_SUPPR=$(curl -s -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=${REP_SEARCH_DESTROY} | grep element | sed -s 's/[ \<\>\/]//g' | sed 's/element//g') + USER_NEXTCLOUD_SUPPR=$(curl -s -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=${REP_SEARCH_DESTROY} | grep element | sed -s 's/[ \<\>\/]//g' | sed 's/element//g') if [ ! -z ${USER_NEXTCLOUD_SUPPR} ] then printKazMsg "le user trouvé est : ${USER_NEXTCLOUD_SUPPR}" echo -e "${RED} Suppresion de ${USER_NEXTCLOUD_SUPPR}" - curl -H 'OCS-APIREQUEST: true' -X DELETE $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users/${USER_NEXTCLOUD_SUPPR} >/dev/null 2>&1 + curl -H 'OCS-APIREQUEST: true' -X DELETE $httpProto://admin:$NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users/${USER_NEXTCLOUD_SUPPR} >/dev/null 2>&1 if [ "$?" -eq "0" ] then printKazMsg "Suppresion ok" @@ -331,7 +334,7 @@ searchDestroy() { echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans la liste info de sympa" echo -e "${NC}" echo "" - docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${REP_SEARCH_DESTROY}" + docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${SOAP_USER} --trusted_application_password=${SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${REP_SEARCH_DESTROY}" echo -e "${NC}" echo "" echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans le serveur de mail" @@ -348,7 +351,7 @@ searchDestroy() { echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans le ldap" echo -e "${NC}" echo "" - ldapdelete -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" "cn=${REP_SEARCH_DESTROY},ou=users,${ldap_root}" + ldapdelete -H ldap://${LDAP_IP} -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${LDAP_ADMIN_PASSWORD}" "cn=${REP_SEARCH_DESTROY},ou=users,${ldap_root}" if [ "$?" -eq "0" ] then printKazMsg "Suppresion ok" @@ -381,8 +384,8 @@ gestPassword() { # MAIL_SECOURS=$(jq .results[].email_secours $FICMAILSECOURS | sed -e 's/\"//g') MAIL_SECOURS=$(ldapsearch -H ldap://${LDAP_IP} \ - -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \ - -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \ + -x -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" \ + -w "${LDAP_ADMIN_PASSWORD}" \ -b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=*${CHOIX_MAIL}*))" | grep ^mailDeSecours | sed -e 's/^mailDeSecours: //') if [ "$MAIL_SECOURS" = "" ] then @@ -409,19 +412,19 @@ gestPassword() { fi if [ "$SEARCH_RESET_INPUT" = "o" ] || [ "$SEARCH_RESET_INPUT" = "O" ] then - USER_NEXTCLOUD_MODIF=$(curl -s -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=${COMPTE_A_MODIFIER} | grep element | sed -e 's/[ \<\>\/]//g' -e 's/element//g') + USER_NEXTCLOUD_MODIF=$(curl -s -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=${COMPTE_A_MODIFIER} | grep element | sed -e 's/[ \<\>\/]//g' -e 's/element//g') echo -e "$GREEN Compte à modifier = $RED ${COMPTE_A_MODIFIER} ${NC}" echo -e "$GREEN Mail de secours = $RED ${MAIL_SECOURS} ${NC}" echo -e "$GREEN Compte $RED $(searchMattermost $COMPTE_A_MODIFIER) ${NC}" echo -e "$GREEN Compte Nextcloud $RED ${USER_NEXTCLOUD_MODIF} ${NC}" echo -e "$GREEN Le mot de passe sera = $RED ${PASSWORD} ${NC}" docker exec -ti mattermostServ bin/mmctl user change-password $(searchMattermost $COMPTE_A_MODIFIER) -p $PASSWORD >/dev/null 2>&1 - curl -H 'OCS-APIREQUEST: true' -X PUT $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users/${USER_NEXTCLOUD_MODIF} -d key=password -d value=${PASSWORD} >/dev/null 2>&1 + curl -H 'OCS-APIREQUEST: true' -X PUT $httpProto://admin:$NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users/${USER_NEXTCLOUD_MODIF} -d key=password -d value=${PASSWORD} >/dev/null 2>&1 pass=$(mkpasswd -m sha512crypt ${PASSWORD}) echo -e "\n\ndn: cn=${COMPTE_A_MODIFIER},ou=users,${ldap_root}\n\ changeType: modify\n\ replace: userPassword\n\ -userPassword: {CRYPT}${pass}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" +userPassword: {CRYPT}${pass}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${LDAP_ADMIN_PASSWORD}" echo -e "Envoi d'un message dans mattermost pour la modification du mot de passe" docker exec -ti mattermostServ bin/mmctl post create kaz:Creation-Comptes --message "Le mot de passe du compte ${COMPTE_A_MODIFIER} a été modifié" >/dev/null 2>&1 if [ $ADRESSE_SEC == "OUI" ] @@ -469,8 +472,8 @@ createMail() { if [[ ${EMAIL_SOUHAITE} =~ ${regexMail} ]] then ldapsearch -H ldap://${LDAP_IP} \ - -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \ - -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \ + -x -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" \ + -w "${LDAP_ADMIN_PASSWORD}" \ -b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=${EMAIL_SOUHAITE}))" cn | grep ^cn | sed -e 's/^cn: //' >$TFILE_EMAILS if grep -q "^${EMAIL_SOUHAITE}$" "${TFILE_EMAILS}" then @@ -568,7 +571,7 @@ nextcloudEnabled: ${TRUE_KAZ}\n\ nextcloudQuota: ${QUOTA} GB\n\ mobilizonEnabled: ${TRUE_KAZ}\n\ agoraEnabled: ${TRUE_KAZ}\n\ -userPassword: {CRYPT}${LDAPPASS}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}" >${TFILE_CREATE_MAIL} +userPassword: {CRYPT}${LDAPPASS}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${LDAP_ADMIN_USERNAME},${ldap_root}\" -x -w ${LDAP_ADMIN_PASSWORD}" >${TFILE_CREATE_MAIL} # on execute le fichier avec les données ldap pour créer l' entrée dans l' annuaire bash ${TFILE_CREATE_MAIL} >/dev/null # on colle le compte et le mot de passe dans le fichier @@ -614,12 +617,12 @@ createAlias() { if [[ ${AMAIL} =~ ${regexMail} ]] then RESU_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} \ - -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \ - -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \ + -x -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" \ + -w "${LDAP_ADMIN_PASSWORD}" \ -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${AMAIL}*))" | grep ^cn | sed -e 's/^cn: //') RESU_ALIAS_IS_MAIL=$(ldapsearch -H ldap://${LDAP_IP} \ - -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \ - -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \ + -x -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" \ + -w "${LDAP_ADMIN_PASSWORD}" \ -b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=*${AMAIL}*))" cn | grep ^cn | sed -e 's/^cn: //') if echo ${RESU_ALIAS} | grep -q "^${AMAIL}$" || echo ${RESU_ALIAS_IS_MAIL} | grep -q "^${AMAIL}$" @@ -694,7 +697,7 @@ changeType: add\n\ objectClass: organizationalRole\n\ objectClass: PostfixBookMailForward\n\ mailAlias: ${AMAIL}\n\ -${LDAPALAISMAIL}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD} +${LDAPALAISMAIL}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${LDAP_ADMIN_PASSWORD} fait=1 printKazMsg "Création de ${AMAIL}" sleep 3 @@ -726,8 +729,8 @@ delAlias() { if [[ ${RALIAS} =~ ${regexMail} ]] then RESU_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} \ - -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \ - -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \ + -x -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" \ + -w "${LDAP_ADMIN_PASSWORD}" \ -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=${RALIAS}))" cn | grep ^cn | sed -e 's/^cn: //') if [ ! -z ${RESU_ALIAS} ] then @@ -737,7 +740,7 @@ delAlias() { read -p "suppression de ${RESU_ALIAS} ? (o/n): " REPDELALIAS case "${REPDELALIAS}" in o | O ) - ldapdelete -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" "cn=${RESU_ALIAS},ou=mailForwardings,${ldap_root}" + ldapdelete -H ldap://${LDAP_IP} -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${LDAP_ADMIN_PASSWORD}" "cn=${RESU_ALIAS},ou=mailForwardings,${ldap_root}" printKazMsg "suppression ${RESU_ALIAS} effectuée" sleep 2 faitdel=1 @@ -773,8 +776,8 @@ modifyAlias() ACHANGE=0 searchEmail alias LISTE_MAIL_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} \ - -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \ - -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \ + -x -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" \ + -w "${LDAP_ADMIN_PASSWORD}" \ -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${CHOIX_MAIL}*))" \ | grep -i ^mail: | sed -e 's/^mail: /_/' | tr -d [:space:] | sed -s 's/_/ /g') echo "-------------------------------------------------------------------" @@ -849,8 +852,8 @@ modifyAlias() echo "mail: ${key}" >>${FIC_MODIF_LDIF} done echo "-" >>${FIC_MODIF_LDIF} - ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \ - -x -w ${ldapServ_LDAP_ADMIN_PASSWORD} \ + ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" \ + -x -w ${LDAP_ADMIN_PASSWORD} \ -f ${FIC_MODIF_LDIF} >/dev/null else printKazMsg "Pas de changement" @@ -876,8 +879,8 @@ updateUser() { for attribut in mailDeSecours mailAlias mailQuota nextcloudQuota do ATTRIB+=([${attribut}]=$(ldapsearch -H ldap://${LDAP_IP} \ - -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \ - -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \ + -x -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" \ + -w "${LDAP_ADMIN_PASSWORD}" \ -b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=*${CHOIX_MAIL}*))" \ | grep ^"${attribut}": | sed -e 's/^'${attribut}': //' | tr -s '[:space:]' ' ' )) # si l' attribut est mailDesecours on l' attrape et on on le stocke pour pouvoir l' enlever de sympa @@ -1060,15 +1063,15 @@ updateUser() { done cat ${FIC_MODIF_LDIF} sleep 3 - ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \ - -x -w ${ldapServ_LDAP_ADMIN_PASSWORD} \ + ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" \ + -x -w ${LDAP_ADMIN_PASSWORD} \ -f ${FIC_MODIF_LDIF} if [ ! -z ${MAILDESECOURS} ] then # suppression du mail de secours de la liste infos - docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${MAILDESECOURSACTUEL}" + docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${SOAP_USER} --trusted_application_password=${SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${MAILDESECOURSACTUEL}" # ajout de l' adresse de la nouvelle adresse de secours - docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=add --service_parameters="${NL_LIST},${MAILDESECOURS}" + docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${SOAP_USER} --trusted_application_password=${SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=add --service_parameters="${NL_LIST},${MAILDESECOURS}" fi updateUser fi diff --git a/bin/getPasswords.sh b/bin/getPasswords.sh deleted file mode 100755 index 067122a..0000000 --- a/bin/getPasswords.sh +++ /dev/null @@ -1,94 +0,0 @@ -#!/bin/bash -#Ki: Gael -#Kan: 2025 -#Koi: gestion mots de passe - -KAZ_ROOT=/kaz - -. "${KAZ_ROOT}/bin/.commonFunctions.sh" -QUIET=1 - -usage() { -echo "getPasswords.sh [OPTIONS] [envname ...] -Récupère les variables d'environnement présentes dans /kaz/secret/env-envname et crée des variables à partir de ces noms là. -Les variables sont du type envname_NOMVARIABLE=valeur -On peut passer plusieurs fichiers env, à partir du moment ou ils sont tous dans le même répertoire ! -OPTIONS - -h|--help Cette aide :-) - -n|--simu SIMULATION - -d foldername prend les envfiles dans un sous dossier /kaz/secret/foldername/ (pour les orgas !) - Les variables seront du type foldername-envname_NOMVARIABLE=valeur - -e varname Affiche le contenu d'une variable en particulier -" -} - -if [ ! -d "${KAZ_KEY_DIR}/tmp" ]; then - mkdir "${KAZ_KEY_DIR}/tmp" -fi - -for ARG in "$@"; do - if [ -n "${DIRECTORYARG}" ]; then # après un -d - SUBDIRECTORY="${ARG}" - unset DIRECTORYARG - elif [ -n "${ECHOVARARG}" ]; then # après un -e - VARTOECHO="${ARG}" - unset ECHOVARARG - QUIET="/dev/null" # pour ne pas avoir d'autres bruits ... - else - - case "${ARG}" in - '-d' | '--directory' | '-f' | '--folder' | '--foldername') - DIRECTORYARG="ON ATTEND UN REPERTOIRE APRES CA" ;; - '-h' | '--help' ) - usage && exit ;; - '-n' | '--simu') - SIMU="echo" ;; - '-e' | '--echo') - ECHOVARARG="ON ATTEND UNE UN NOM DE VARIABLE APRES CA" ;; - '-q' ) - QUIET="/dev/null" ;; - *) - ENVFILES="${ENVFILES} ${ARG%}";; - esac - fi -done - -getVars () { - # $1 : filename - grep "^[^#]*=" $1 | sed 's/\([^=]*\).*/\1/' | sort -u -} - -NB_FILES=$(echo "${ENVFILES}" | wc -w ) - -if [[ $NB_FILES = 0 ]]; then - usage - exit 1 -fi - -for ENVFILE in $ENVFILES; do - FILENAME="$KAZ_KEY_DIR/env-$ENVFILE" - VARSUFFIX="$ENVFILE"_ - if [ -n "${SUBDIRECTORY}" ]; then - FILENAME="$KAZ_KEY_DIR/orgas/$SUBDIRECTORY/env-$ENVFILE" - VARSUFFIX="${SUBDIRECTORY}-${ENVFILE}_" - fi - - if ! [ -f "$FILENAME" ]; then - echo "$FILENAME does not exist." >& $QUIET - continue - fi - - . $FILENAME # on récupère les variables - vars=$(getVars $FILENAME) - for var in $vars; do - $SIMU declare $VARSUFFIX$var=${!var} - unset $var - done - unset FILENAME VARSUFFIX vars -done - -if [ -n "$VARTOECHO" ]; then - echo ${!VARTOECHO} -fi - -unset ENVFILES KAZ_ROOT SUBDIRECTORY SIMU QUIET NB_FILES VARTOECHO \ No newline at end of file diff --git a/bin/interoPaheko.sh b/bin/interoPaheko.sh index ba50fc4..3013306 100755 --- a/bin/interoPaheko.sh +++ b/bin/interoPaheko.sh @@ -7,9 +7,9 @@ setKazVars . $DOCKERS_ENV -. $KAZ_BIN_DIR/getPasswords.sh paheko +. $KAZ_KEY_DIR/env-paheko -URL_PAHEKO="$httpProto://${paheko_API_USER}:${paheko_API_PASSWORD}@kaz-paheko.$(echo $domain)" +URL_PAHEKO="$httpProto://${API_USER}:${API_PASSWORD}@kaz-paheko.$(echo $domain)" PRG=$(basename $0) RACINE=$(echo $PRG | awk '{print $1}') diff --git a/bin/ldap/ldapvi.sh b/bin/ldap/ldapvi.sh index 10b05b5..c694c52 100755 --- a/bin/ldap/ldapvi.sh +++ b/bin/ldap/ldapvi.sh @@ -5,7 +5,7 @@ KAZ_ROOT=/kaz setKazVars . $DOCKERS_ENV -. $KAZ_BIN_DIR/getPasswords.sh ldapServ +. $KAZ_KEY_DIR/env-ldapServ LDAP_IP=$(docker inspect -f '{{.NetworkSettings.Networks.ldapNet.IPAddress}}' ldapServ) @@ -20,4 +20,4 @@ EDITOR=${EDITOR:-vi} EDITOR=${EDITOR:-vi} export EDITOR=${EDITOR} -ldapvi -h $LDAP_IP -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -w ${ldapServ_LDAP_ADMIN_PASSWORD} --discover +ldapvi -h $LDAP_IP -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" -w ${LDAP_ADMIN_PASSWORD} --discover diff --git a/bin/ldap/migrate_to_ldap.sh b/bin/ldap/migrate_to_ldap.sh index 55807e5..ebb3e97 100755 --- a/bin/ldap/migrate_to_ldap.sh +++ b/bin/ldap/migrate_to_ldap.sh @@ -8,12 +8,13 @@ KAZ_ROOT=/kaz setKazVars . $DOCKERS_ENV -. $KAZ_BIN_DIR/getPasswords.sh ldapServ paheko +. $KAZ_KEY_DIR/env-ldapServ +. $KAZ_KEY_DIR/env-paheko ACCOUNTS=/kaz/dockers/postfix/config/postfix-accounts.cf LDAP_IP=$(docker inspect -f '{{.NetworkSettings.Networks.ldapNet.IPAddress}}' ldapServ) -URL_GARRADIN="$httpProto://${paheko_API_USER}:${paheko_API_PASSWORD}@kaz-paheko.$(echo $domain)" +URL_GARRADIN="$httpProto://${API_USER}:${API_PASSWORD}@kaz-paheko.$(echo $domain)" # docker exec -i nextcloudDB mysql --user=${nextcloud_MYSQL_USER} --password=${nextcloud_MYSQL_PASSWORD} ${nextcloud_MYSQL_DATABASE} <<< "select * from oc_accounts;" > /tmp/oc_accounts ERRORS="/tmp/ldap-errors.log" @@ -126,7 +127,7 @@ replace: agoraEnabled\n\ agoraEnabled: TRUE\n\ -\n\ replace: mobilizonEnabled\n\ -mobilizonEnabled: TRUE\n\n" | tee /tmp/ldap/${mail}.ldif | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD} +mobilizonEnabled: TRUE\n\n" | tee /tmp/ldap/${mail}.ldif | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${LDAP_ADMIN_PASSWORD} done #replace: nextcloudEnabled\n\ @@ -164,7 +165,7 @@ do echo -e "dn: cn=${mail},ou=users,${ldap_root}\n\ changeType: modify replace: mailAlias\n\ -$LIST\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD} +$LIST\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${LDAP_ADMIN_PASSWORD} else echo "Alias vers un mail externe, go fichier" echo $line >> ${ALIASES_WITHLDAP} @@ -185,7 +186,7 @@ replace: mailAlias\n\ mailAlias: ${src}\n\ -\n\ replace: mail\n\ -mail: ${dst}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD} +mail: ${dst}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${LDAP_ADMIN_PASSWORD} fi else echo "Forward vers plusieurs adresses, on met dans le fichier" @@ -215,7 +216,7 @@ replace: mailAlias\n\ mailAlias: ${src}\n\ -\n\ replace: mail\n\ -${LIST}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD} +${LIST}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${LDAP_ADMIN_PASSWORD} fi done diff --git a/bin/ldap/tests/nc_orphans.sh b/bin/ldap/tests/nc_orphans.sh index ece655e..fd5f1a9 100755 --- a/bin/ldap/tests/nc_orphans.sh +++ b/bin/ldap/tests/nc_orphans.sh @@ -5,16 +5,17 @@ KAZ_ROOT=/kaz setKazVars . $DOCKERS_ENV -. $KAZ_BIN_DIR/getPasswords.sh ldapServ nextcloudDB +. $KAZ_KEY_DIR/env-ldapServ +. $KAZ_KEY_DIR/env-nextcloudDB LDAP_IP=$(docker inspect -f '{{.NetworkSettings.Networks.ldapNet.IPAddress}}' ldapServ) -docker exec -i nextcloudDB mysql --user=${nextcloudDB_MYSQL_USER} --password=${nextcloudDB_MYSQL_PASSWORD} ${nextcloudDB_MYSQL_DATABASE} <<< "select uid from oc_users;" > /tmp/nc_users.txt +docker exec -i nextcloudDB mysql --user=${MYSQL_USER} --password=${MYSQL_PASSWORD} ${MYSQL_DATABASE} <<< "select uid from oc_users;" > /tmp/nc_users.txt OLDIFS=${IFS} IFS=$'\n' for line in `cat /tmp/nc_users.txt`; do - result=$(ldapsearch -h $LDAP_IP -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -w ${ldapServ_LDAP_ADMIN_PASSWORD} -b $ldap_root -x "(identifiantKaz=${line})" | grep numEntries) + result=$(ldapsearch -h $LDAP_IP -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" -w ${LDAP_ADMIN_PASSWORD} -b $ldap_root -x "(identifiantKaz=${line})" | grep numEntries) echo "${line} ${result}" | grep -v "numEntries: 1" | grep -v "^uid" done IFS=${OLDIFS} diff --git a/bin/manageAgora.sh b/bin/manageAgora.sh index 6d5af9c..f77633c 100755 --- a/bin/manageAgora.sh +++ b/bin/manageAgora.sh @@ -83,7 +83,7 @@ Init(){ # creation compte admin _getPasswords - ${SIMU} curl -i -d "{\"email\":\"${mattermostServ_MM_ADMIN_EMAIL}\",\"username\":\"${mattermost_user}\",\"password\":\"${mattermost_pass}\",\"allow_marketing\":true}" "${MATTER_URL}/api/v4/users" + ${SIMU} curl -i -d "{\"email\":\"${MM_ADMIN_EMAIL}\",\"username\":\"${mattermost_user}\",\"password\":\"${mattermost_pass}\",\"allow_marketing\":true}" "${MATTER_URL}/api/v4/users" MM_TOKEN=$(_getMMToken ${MATTER_URL}) @@ -118,10 +118,10 @@ _getPasswords(){ # récupération des infos du compte admin if [ -n "$AGORACOMMUN" ] ; then . $KAZ_KEY_DIR/env-mattermostAdmin - . $KAZ_BIN_DIR/getPasswords.sh mattermostServ + . $KAZ_KEY_DIR/env-mattermostServ else . $KAZ_KEY_DIR/orgas/${ORGA}/env-mattermostAdmin - . $KAZ_BIN_DIR/getPasswords.sh -d ${ORGA} mattermostServ + . $KAZ_KEY_DIR/orgas/$ORGA/env-mattermostServ fi } diff --git a/bin/manageCloud.sh b/bin/manageCloud.sh index ea173b6..15d18f4 100755 --- a/bin/manageCloud.sh +++ b/bin/manageCloud.sh @@ -143,14 +143,14 @@ setOfficeUrl(){ } initLdap(){ - . $KAZ_BIN_DIR/getPasswords.sh ldapServ + . $KAZ_KEY_DIR/env-ldapServ # $1 Nom du cloud echo "${CYAN} *** Installation LDAP pour $1${NC}" >& $QUIET occCommand "app:enable user_ldap" "${DockerServName}" occCommand "ldap:delete-config s01" "${DockerServName}" occCommand "ldap:create-empty-config" "${DockerServName}" occCommand "ldap:set-config s01 ldapAgentName cn=cloud,ou=applications,${ldap_root}" "${DockerServName}" - occCommand "ldap:set-config s01 ldapAgentPassword ${ldapServ_LDAP_CLOUD_PASSWORD}" "${DockerServName}" + occCommand "ldap:set-config s01 ldapAgentPassword ${LDAP_CLOUD_PASSWORD}" "${DockerServName}" occCommand "ldap:set-config s01 ldapBase ${ldap_root}" "${DockerServName}" occCommand "ldap:set-config s01 ldapBaseGroups ${ldap_root}" "${DockerServName}" occCommand "ldap:set-config s01 ldapBaseUsers ou=users,${ldap_root}" "${DockerServName}" diff --git a/bin/manageWiki.sh b/bin/manageWiki.sh index ada5a9e..133d843 100755 --- a/bin/manageWiki.sh +++ b/bin/manageWiki.sh @@ -55,9 +55,9 @@ Init(){ CONF_DIR="${VOL_PREFIX}wikiConf/_data" if [ -n "$WIKICOMMUN" ]; then - . $KAZ_BIN_DIR/getPasswords.sh dokuwiki + . $KAZ_KEY_DIR/env-dokuwiki else - . $KAZ_BIN_DIR/getPasswords.sh -d ${ORGA} dokuwiki + . $KAZ_KEY_DIR/orgas/$ORGA/env-dokuwiki fi ${SIMU} checkDockerRunning "${DockerServName}" "${NOM}" || exit @@ -72,11 +72,11 @@ Init(){ -d "l=fr" \ -d "d[title]=${NOM}" \ -d "d[acl]=true" \ - -d "d[superuser]=${dokuwiki_WIKI_ROOT}" \ + -d "d[superuser]=${WIKI_ROOT}" \ -d "d[fullname]=Admin"\ - -d "d[email]=${dokuwiki_WIKI_EMAIL}" \ - -d "d[password]=${dokuwiki_WIKI_PASSWORD}" \ - -d "d[confirm]=${dokuwiki_WIKI_PASSWORD}" \ + -d "d[email]=${WIKI_EMAIL}" \ + -d "d[password]=${WIKI_PASSWORD}" \ + -d "d[confirm]=${WIKI_PASSWORD}" \ -d "d[policy]=1" \ -d "d[allowreg]=false" \ -d "d[license]=0" \ diff --git a/bin/manageWp.sh b/bin/manageWp.sh index c6858be..f2c6b89 100755 --- a/bin/manageWp.sh +++ b/bin/manageWp.sh @@ -63,15 +63,15 @@ Init(){ if [ -n "$WIKICOMMUN" ]; then - . $KAZ_BIN_DIR/getPasswords.sh wpServ + . $KAZ_KEY_DIR/env-wpServ else - . $KAZ_BIN_DIR/getPasswords.sh -d ${ORGA} wpServ + . $KAZ_KEY_DIR/orgas/$ORGA/env-wpServ fi ${SIMU} curl -X POST \ - -d "user_name=${wpServ_WORDPRESS_ADMIN_USER}" \ - -d "admin_password=${wpServ_WORDPRESS_ADMIN_PASSWORD}" \ - -d "admin_password2=${wpServ_WORDPRESS_ADMIN_PASSWORD}" \ + -d "user_name=${WORDPRESS_ADMIN_USER}" \ + -d "admin_password=${WORDPRESS_ADMIN_PASSWORD}" \ + -d "admin_password2=${WORDPRESS_ADMIN_PASSWORD}" \ -d "pw_weak=true" \ -d "admin_email=admin@kaz.bzh" \ -d "blog_public=0" \ diff --git a/bin/secretGen.sh b/bin/secretGen.sh index 4a209b8..7a81d39 100755 --- a/bin/secretGen.sh +++ b/bin/secretGen.sh @@ -114,11 +114,12 @@ crossVarComplete(){ else echo "Remplissage $FILENAME" >& $SORTIESTANDARD + . $$DIR/env-$envname + varnames=$(grep -Eo '@@crossvar@@[^@]*@@cv@@' $FILENAME | sed -e 's/@@crossvar@@//' -e 's/@@cv@@//') for varname in $varnames; do envname=${varname%%_*} - value=$(/$KAZ_BIN_DIR/getPasswords.sh -e $varname $envname -d $ORGA) - $SIMU sed -i "s/@@crossvar@@$varname@@cv@@/${value}/" $DIR/*; + $SIMU sed -i "s/@@crossvar@@$varname@@cv@@/${!varname}/" $DIR/*; done diff --git a/config/orgaTmpl/orga-gen.sh b/config/orgaTmpl/orga-gen.sh index ef4ca34..89f1020 100755 --- a/config/orgaTmpl/orga-gen.sh +++ b/config/orgaTmpl/orga-gen.sh @@ -413,7 +413,7 @@ if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then ln -sf ../../config/orgaTmpl/orga-rm.sh ln -sf ../../config/orgaTmpl/init-paheko.sh #ln -sf ../../config/orgaTmpl/initdb.d/ - ln -sf ../../config/orgaTmpl/app/ + #ln -sf ../../config/orgaTmpl/app/ ln -sf ../../config/orgaTmpl/wiki-conf/ ln -sf ../../config/orgaTmpl/reload.sh ln -sf ../../config/orgaTmpl/init-db.sh diff --git a/dockers/traefik/proxy-gen.sh b/dockers/traefik/proxy-gen.sh index cfc0f10..71461ce 100755 --- a/dockers/traefik/proxy-gen.sh +++ b/dockers/traefik/proxy-gen.sh @@ -4,7 +4,7 @@ KAZ_ROOT=$(cd "$(dirname $0)/../.."; pwd) . "${KAZ_ROOT}/bin/.commonFunctions.sh" setKazVars . "${DOCKERS_ENV}" -. $KAZ_BIN_DIR/getPasswords.sh traefik +. $KAZ_KEY_DIR/env-traefik printKazMsg "\n *** Proxy update config" @@ -16,5 +16,5 @@ PASSFILE=conf/passfile cd $(dirname $0) [[ -f "${DOCKER_TMPL}" ]] || cp "${DOCKER_DIST}" "${DOCKER_TMPL}" -[[ -f "${PASSFILE}" ]] || printf "${traefik_DASHBOARD_USER}:$( echo ${traefik_DASHBOARD_PASSWORD} | openssl passwd -apr1 -stdin)\n" >> ${PASSFILE} +[[ -f "${PASSFILE}" ]] || printf "${DASHBOARD_USER}:$( echo ${DASHBOARD_PASSWORD} | openssl passwd -apr1 -stdin)\n" >> ${PASSFILE} "${APPLY_TMPL}" -time "${DOCKER_TMPL}" "${DOCKER_CONF}"