diff --git a/bin/applyTemplate.sh b/bin/applyTemplate.sh index 82bf275..8128c04 100755 --- a/bin/applyTemplate.sh +++ b/bin/applyTemplate.sh @@ -16,7 +16,6 @@ KAZ_ROOT=$(cd "$(dirname $0)/.."; pwd) setKazVars . "${DOCKERS_ENV}" -. "${KAZ_KEY_DIR}/SetAllPass.sh" usage () { echo $(basename "$0") " [-h] [-help] [-timestamp] template dst" @@ -64,8 +63,8 @@ done -e "s|__DOKUWIKI_HOST__|${dokuwikiHost}|g"\ -e "s|__DOMAIN__|${domain}|g"\ -e "s|__FILE_HOST__|${fileHost}|g"\ - -e "s|__PAHEKO_API_PASSWORD__|${paheko_API_PASSWORD}|g"\ - -e "s|__PAHEKO_API_USER__|${paheko_API_USER}|g"\ +# -e "s|__PAHEKO_API_PASSWORD__|${paheko_API_PASSWORD}|g"\ +# -e "s|__PAHEKO_API_USER__|${paheko_API_USER}|g"\ -e "s|__PAHEKO_HOST__|${pahekoHost}|g"\ -e "s|__GIT_HOST__|${gitHost}|g"\ -e "s|__GRAV_HOST__|${gravHost}|g"\ @@ -79,9 +78,9 @@ done -e "s|__SMTP_HOST__|${smtpHost}|g"\ -e "s|__SYMPADB__|${sympaDBName}|g"\ -e "s|__SYMPA_HOST__|${sympaHost}|g"\ - -e "s|__SYMPA_MYSQL_DATABASE__|${sympa_MYSQL_DATABASE}|g"\ - -e "s|__SYMPA_MYSQL_PASSWORD__|${sympa_MYSQL_PASSWORD}|g"\ - -e "s|__SYMPA_MYSQL_USER__|${sympa_MYSQL_USER}|g"\ +# -e "s|__SYMPA_MYSQL_DATABASE__|${sympa_MYSQL_DATABASE}|g"\ +# -e "s|__SYMPA_MYSQL_PASSWORD__|${sympa_MYSQL_PASSWORD}|g"\ +# -e "s|__SYMPA_MYSQL_USER__|${sympa_MYSQL_USER}|g"\ -e "s|__VIGILO_HOST__|${vigiloHost}|g"\ -e "s|__WEBMAIL_HOST__|${webmailHost}|g"\ -e "s|__CASTOPOD_HOST__|${castopodHost}|g"\ diff --git a/bin/certbot-dns-alwaysdata.sh b/bin/certbot-dns-alwaysdata.sh old mode 100644 new mode 100755 index c09d11c..e93179f --- a/bin/certbot-dns-alwaysdata.sh +++ b/bin/certbot-dns-alwaysdata.sh @@ -2,9 +2,10 @@ # certbot certonly --manual --preferred-challenges=dns --manual-auth-hook certbot-dns-alwaysdata.sh --manual-cleanup-hook certbot-dns-alwaysdata.sh -d "*.kaz.bzh" -d "kaz.bzh" -ALWAYSDATA_TOKEN="TOKEN" -ALWAYSDATA_ACCOUNT="ACCOUNT" -ALWAYSDATA_API="https://api.alwaysdata.com/v1/" +export KAZ_ROOT=$(cd "$(dirname $0)/.."; pwd) +. "${KAZ_ROOT}/bin/.commonFunctions.sh" +setKazVars +. $KAZ_KEY_DIR/env-alwaysdata DOMAIN_ID=$(curl -s -X GET --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" ${ALWAYSDATA_API}/domain/?name=${CERTBOT_DOMAIN} | jq '.[0].id') diff --git a/bin/checkEnvFiles.sh b/bin/checkEnvFiles.sh index 382d390..1393582 100755 --- a/bin/checkEnvFiles.sh +++ b/bin/checkEnvFiles.sh @@ -6,8 +6,6 @@ setKazVars RUN_PASS_DIR="secret" TMPL_PASS_DIR="secret.tmpl" -RUN_PASS_FILE="${RUN_PASS_DIR}/SetAllPass.sh" -TMPL_PASS_FILE="${TMPL_PASS_DIR}/SetAllPass.sh" NEED_GEN= ######################################## @@ -48,7 +46,12 @@ getVars () { # get lvalues in script getSettedVars () { # $1 : filename - grep "^[^#]*=..*" $1 | grep -v '^[^#]*=".*--clean_val--.*"' | grep -v '^[^#]*="${' | sort -u + grep -E "^[^=#]*(USER|PASS|TOKEN|DATABASE|ACCOUNT|LOGIN|KEY)[^#]*=..*" ./* | grep -vE '^[^#=]*=.*@@(user|pass|db|token|gv|cv)@@.*' | sort -u +} + +getUnsettedVars () { + # $1 : filename + grep -vE '^[^#=]*=.*@@(user|pass|db|token|gv|cv)@@.*' ./* | sort -u } getVarFormVal () { @@ -57,60 +60,6 @@ getVarFormVal () { grep "^[^#]*=$1" $2 | sed 's/\s*\([^=]*\).*/\1/' } -######################################## -# synchronized SetAllPass.sh (find missing lvalues) -updatePassFile () { - # $1 : ref filename - # $2 : target filename - - REF_FILE="$1" - TARGET_FILE="$2" - NEED_UPDATE= - while : ; do - declare -a listRef listTarget missing - listRef=($(getVars "${REF_FILE}")) - listTarget=($(getVars "${TARGET_FILE}")) - missing=($(comm -23 <(printf "%s\n" ${listRef[@]}) <(printf "%s\n" ${listTarget[@]}))) - if [ -n "${missing}" ]; then - echo "missing vars in ${YELLOW}${BOLD}${TARGET_FILE}${NC}:${RED}${BOLD}" ${missing[@]} "${NC}" - read -p "Do you want to add them? [y/n]: " yn - case $yn in - ""|[Yy]*) - emacs "${REF_FILE}" "${TARGET_FILE}" - NEED_UPDATE=true - break - ;; - [Nn]*) - break - ;; - esac - else - break - fi - done -} - -updatePassFile "${TMPL_PASS_FILE}" "${RUN_PASS_FILE}" -[ -n "${NEED_UPDATE}" ] && NEED_GEN=true -updatePassFile "${RUN_PASS_FILE}" "${TMPL_PASS_FILE}" - -######################################## -# check empty pass in TMPL_PASS_FILE -declare -a settedVars -settedVars=($(getSettedVars "${TMPL_PASS_FILE}")) -if [ -n "${settedVars}" ]; then - echo "unclear password in ${YELLOW}${BOLD}${TMPL_PASS_FILE}${NC}:${BLUE}${BOLD}" - for var in ${settedVars[@]}; do - echo -e "\t${var}" - done - echo "${NC}" - read -p "Do you want to clear them? [y/n]: " yn - case $yn in - ""|[Yy]*) - emacs "${TMPL_PASS_FILE}" - ;; - esac -fi ######################################## # check new files env-* @@ -146,7 +95,7 @@ createMissingEnv "${TMPL_PASS_DIR}" "${RUN_PASS_DIR}" declare -a listTmpl listRun listCommonFiles listTmplFiles=($(cd "${TMPL_PASS_DIR}"; ls -1 env-* | grep -v '~$')) listRunFiles=($(cd "${RUN_PASS_DIR}"; ls -1 env-* | grep -v '~$')) -listCommonFiles=($(comm -3 <(printf "%s\n" ${listTmplFiles[@]}) <(printf "%s\n" ${listRunFiles[@]}))) +listCommonFiles=($(comm -12 <(printf "%s\n" ${listTmplFiles[@]}) <(printf "%s\n" ${listRunFiles[@]}))) for envFile in ${listCommonFiles[@]}; do while : ; do TMPL_FILE="${TMPL_PASS_DIR}/${envFile}" @@ -224,21 +173,19 @@ if [ -n "${missing}" ]; then fi ######################################## -# check env-* in updateDockerPassword.sh -missing=($(for DIR in "${RUN_PASS_DIR}" "${TMPL_PASS_DIR}"; do +# check extention in dockers.env +declare -a missing +unsetted=($(for DIR in "${RUN_PASS_DIR}"; do for envFile in $(ls -1 "${DIR}/"env-* | grep -v '~$'); do val="${envFile#*env-}" varName=$(getVarFormVal "${val}" "${DOCKERS_ENV}") - [ -z "${varName}" ] && continue - prefixe=$(grep "^\s*updateEnv.*${varName}" "${KAZ_BIN_DIR}/updateDockerPassword.sh" | - sed 's/\s*updateEnv[^"]*"\([^"]*\)".*/\1/' | sort -u) - if [ -z "${prefixe}" ]; then - echo "${envFile#*/}_(\${KAZ_KEY_DIR}/env-\${"${varName}"})" + if [ -z "${varName}" ]; then + echo "${val}" fi done done | sort -u)) if [ -n "${missing}" ]; then - echo "missing update in ${GREEN}${BOLD}${KAZ_BIN_DIR}/updateDockerPassword.sh${NC}:${BLUE}${BOLD}" + echo "missing def in ${GREEN}${BOLD}${DOCKERS_ENV}${NC}:${BLUE}${BOLD}" for var in ${missing[@]}; do echo -e "\t${var}" done @@ -246,53 +193,17 @@ if [ -n "${missing}" ]; then read -p "Do you want to add them? [y/n]: " yn case $yn in ""|[Yy]*) - emacs "${KAZ_BIN_DIR}/updateDockerPassword.sh" + emacs "${DOCKERS_ENV}" ;; esac fi -######################################## -# synchronized SetAllPass.sh and env-* -updateEnvFiles () { - # $1 secret dir - DIR=$1 - listRef=($(getVars "${DIR}/SetAllPass.sh")) - missing=($(for envFile in $(ls -1 "${DIR}/"env-* | grep -v '~$'); do - val="${envFile#*env-}" - varName=$(getVarFormVal "${val}" "${DOCKERS_ENV}") - [ -z "${varName}" ] && continue - prefixe=$(grep "^\s*updateEnv.*${varName}" "${KAZ_BIN_DIR}/updateDockerPassword.sh" | - sed 's/\s*updateEnv[^"]*"\([^"]*\)".*/\1/' | sort -u) - [ -z "${prefixe}" ] && continue - listVarsInEnv=($(getVars "${envFile}")) - for var in ${listVarsInEnv[@]}; do - [[ ! " ${listRef[@]} " =~ " ${prefixe}_${var} " ]] && echo "${prefixe}_${var}" - done - # XXX doit exister dans SetAllPass.sh avec le prefixe - done)) - if [ -n "${missing}" ]; then - echo "missing update in ${GREEN}${BOLD}${DIR}/SetAllPass.sh${NC}:${BLUE}${BOLD}" - for var in ${missing[@]}; do - echo -e "\t${var}" - done - echo "${NC}" - read -p "Do you want to add them? [y/n]: " yn - case $yn in - ""|[Yy]*) - emacs "${DIR}/SetAllPass.sh" - ;; - esac - fi -} -updateEnvFiles "${RUN_PASS_DIR}" -updateEnvFiles "${TMPL_PASS_DIR}" -# XXX chercher les variables non utilisées dans les SetAllPass.sh if [ -n "${NEED_GEN}" ]; then while : ; do - read -p "Do you want to generate blank values? [y/n]: " yn + read -p "Do you want to generate missing values? [y/n]: " yn case $yn in ""|[Yy]*) "${KAZ_BIN_DIR}/secretGen.sh" diff --git a/bin/checkEnvPassword.sh b/bin/checkEnvPassword.sh deleted file mode 100755 index 0a3f5f5..0000000 --- a/bin/checkEnvPassword.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -KAZ_ROOT=$(cd $(dirname $0)/..; pwd) -. "${KAZ_ROOT}/bin/.commonFunctions.sh" -setKazVars - -for filename in "${KAZ_KEY_DIR}/"env-*Serv "${KAZ_KEY_DIR}/"env-*DB; do - if grep -q "^[^#=]*=\s*$" "${filename}" 2>/dev/null; then - echo "${filename}" - fi -done diff --git a/bin/container.sh b/bin/container.sh index b27ccc3..928cc19 100755 --- a/bin/container.sh +++ b/bin/container.sh @@ -61,20 +61,6 @@ doCompose () { ${SIMU} ln -fs ../../config/dockers.env .env fi ${SIMU} docker-compose $1 - - if [ "$2" = "cachet" ] && [ "$1" != "down" ]; then - NEW_KEY=$(cd "${KAZ_COMP_DIR}/$2" ; docker-compose logs | grep APP_KEY=base64: | sed "s/^.*'APP_KEY=\(base64:[^']*\)'.*$/\1/" | tail -1) - if [ -n "${NEW_KEY}" ]; then - printKazMsg "cachet key change" - # change key - ${SIMU} sed -i \ - -e 's%^\(\s*cachet_APP_KEY=\).*$%\1"'"${NEW_KEY}"'"%' \ - "${KAZ_KEY_DIR}/SetAllPass.sh" - ${SIMU} "${KAZ_BIN_DIR}/secretGen.sh" - # restart - ${SIMU} docker-compose $1 - fi - fi } doComposes () { @@ -177,7 +163,6 @@ statusComposes () { saveComposes () { . "${DOCKERS_ENV}" - . "${KAZ_ROOT}/secret/SetAllPass.sh" savedComposes+=( ${enableMailComposes[@]} ) savedComposes+=( ${enableProxyComposes[@]} ) @@ -195,67 +180,85 @@ saveComposes () { ;; sympa) echo "save sympa" - saveDB ${sympaDBName} "${sympa_MYSQL_USER}" "${sympa_MYSQL_PASSWORD}" "${sympa_MYSQL_DATABASE}" sympa mysql + . $KAZ_BIN_DIR/getPasswords.sh sympaDB + saveDB ${sympaDBName} "${sympaDB_MYSQL_USER}" "${sympaDB_MYSQL_PASSWORD}" "${sympaDB_MYSQL_DATABASE}" sympa mysql ;; web) # rien à faire (fichiers) ;; etherpad) echo "save pad" - saveDB ${etherpadDBName} "${etherpad_MYSQL_USER}" "${etherpad_MYSQL_PASSWORD}" "${etherpad_MYSQL_DATABASE}" etherpad mysql + . $KAZ_BIN_DIR/getPasswords.sh etherpadDB + saveDB ${etherpadDBName} "${etherpadDB_MYSQL_USER}" "${etherpadDB_MYSQL_PASSWORD}" "${etherpadDB_MYSQL_DATABASE}" etherpad mysql ;; framadate) echo "save date" - saveDB ${framadateDBName} "${framadate_MYSQL_USER}" "${framadate_MYSQL_PASSWORD}" "${framadate_MYSQL_DATABASE}" framadate mysql + . $KAZ_BIN_DIR/getPasswords.sh framadateDB + saveDB ${framadateDBName} "${framadateDB_MYSQL_USER}" "${framadateDB_MYSQL_PASSWORD}" "${framadateDB_MYSQL_DATABASE}" framadate mysql ;; cloud) echo "save cloud" - saveDB ${nextcloudDBName} "${nextcloud_MYSQL_USER}" "${nextcloud_MYSQL_PASSWORD}" "${nextcloud_MYSQL_DATABASE}" nextcloud mysql + . $KAZ_BIN_DIR/getPasswords.sh nextcloudDB + saveDB ${nextcloudDBName} "${nextcloudDB_MYSQL_USER}" "${nextcloudDB_MYSQL_PASSWORD}" "${nextcloudDB_MYSQL_DATABASE}" nextcloud mysql ;; paheko) # rien à faire (fichiers) ;; mattermost) echo "save mattermost" - saveDB matterPG "${mattermost_POSTGRES_USER}" "${mattermost_POSTGRES_PASSWORD}" "${mattermost_POSTGRES_DB}" mattermost postgres + . $KAZ_BIN_DIR/getPasswords.sh mattermostDB + saveDB matterPG "${mattermostDB_POSTGRES_USER}" "${mattermostDB_POSTGRES_PASSWORD}" "${mattermostDB_POSTGRES_DB}" mattermost postgres ;; mobilizon) echo "save mobilizon" - saveDB ${mobilizonDBName} "${mobilizon_POSTGRES_USER}" "${mobilizon_POSTGRES_PASSWORD}" "${mobilizon_POSTGRES_DB}" mobilizon postgres + . $KAZ_BIN_DIR/getPasswords.sh mobilizonDB + saveDB ${mobilizonDBName} "${mobilizonDB_POSTGRES_USER}" "${mobilizonDB_POSTGRES_PASSWORD}" "${mobilizonDB_POSTGRES_DB}" mobilizon postgres ;; peertube) echo "save peertube" - saveDB ${peertubeDBName} "${peertube_POSTGRES_USER}" "${peertube_POSTGRES_PASSWORD}" "${PEERTUBE_DB_HOSTNAME}" peertube postgres + . $KAZ_BIN_DIR/getPasswords.sh peertubeDB + saveDB ${peertubeDBName} "${peertubeDB_POSTGRES_USER}" "${peertubeDB_POSTGRES_PASSWORD}" "${peertubeDB_PEERTUBE_DB_HOSTNAME}" peertube postgres ;; mastodon) echo "save mastodon" - saveDB ${mastodonDBName} "${mastodon_POSTGRES_USER}" "${mastodon_POSTGRES_PASSWORD}" "${mastodon_POSTGRES_DB}" mastodon postgres + . $KAZ_BIN_DIR/getPasswords.sh mastodonDB + saveDB ${mastodonDBName} "${mastodonDB_POSTGRES_USER}" "${mastodonDB_POSTGRES_PASSWORD}" "${mastodonDB_POSTGRES_DB}" mastodon postgres ;; roundcube) echo "save roundcube" - saveDB ${roundcubeDBName} "${roundcube_MYSQL_USER}" "${roundcube_MYSQL_PASSWORD}" "${roundcube_MYSQL_DATABASE}" roundcube mysql + . $KAZ_BIN_DIR/getPasswords.sh roundcubeDB + saveDB ${roundcubeDBName} "${roundcubeDB_MYSQL_USER}" "${roundcubeDB_MYSQL_PASSWORD}" "${roundcubeDB_MYSQL_DATABASE}" roundcube mysql ;; vaultwarden) echo "save vaultwarden" - saveDB ${vaultwardenDBName} "${vaultwarden_MYSQL_USER}" "${vaultwarden_MYSQL_PASSWORD}" "${vaultwarden_MYSQL_DATABASE}" vaultwarden mysql + . $KAZ_BIN_DIR/getPasswords.sh vaultwardenDB + saveDB ${vaultwardenDBName} "${vaultwardenDB_MYSQL_USER}" "${vaultwardenDB_MYSQL_PASSWORD}" "${vaultwardenDB_MYSQL_DATABASE}" vaultwarden mysql ;; dokuwiki) # rien à faire (fichiers) ;; *-orga) ORGA=${compose%-orga} - echo "save ${ORGA}" + echo "save ${ORGA}" if grep -q "cloud:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then echo " => cloud" - saveDB "${ORGA}-DB" "${nextcloud_MYSQL_USER}" "${nextcloud_MYSQL_PASSWORD}" "${nextcloud_MYSQL_DATABASE}" "${ORGA}-cloud" mysql + . $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudDB + saveDB "${ORGA}-DB" "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" "${ORGA}-cloud" mysql fi if grep -q "agora:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then echo " => mattermost" - saveDB "${ORGA}-DB" "${mattermost_MYSQL_USER}" "${mattermost_MYSQL_PASSWORD}" "${mattermost_MYSQL_DATABASE}" "${ORGA}-mattermost" mysql + . $KAZ_KEY_DIR/orgas/$ORGA/env-mattermostDB + saveDB "${ORGA}-DB" "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" "${ORGA}-mattermost" mysql fi if grep -q "wordpress:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then echo " => wordpress" - saveDB "${ORGA}-DB" "${wp_MYSQL_USER}" "${wp_MYSQL_PASSWORD}" "${wp_MYSQL_DATABASE}" "${ORGA}-wordpress" mysql + . $KAZ_KEY_DIR/orgas/$ORGA/env-wpDB + saveDB "${ORGA}-DB" "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" "${ORGA}-wordpress" mysql + fi + if grep -q "spip:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then + echo " => spip" + . $KAZ_KEY_DIR/orgas/$ORGA/env-spipDB + saveDB "${ORGA}-DB" "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" "${ORGA}-spip" mysql fi ;; esac diff --git a/bin/createDBUsers.sh b/bin/createDBUsers.sh new file mode 100755 index 0000000..8157bd9 --- /dev/null +++ b/bin/createDBUsers.sh @@ -0,0 +1,81 @@ +#!/bin/bash + +KAZ_ROOT=$(cd $(dirname $0)/..; pwd) +. "${KAZ_ROOT}/bin/.commonFunctions.sh" +setKazVars + +# pour mise au point +# SIMU=echo + +# Améliorations à prévoir +# - donner en paramètre les services concernés (pour limité les modifications) +# - pour les DB si on déclare un nouveau login, alors les privilèges sont créé mais les anciens pas révoqués + +. "${DOCKERS_ENV}" + +createMysqlUser(){ + # $1 = envName + # $2 = containerName of DB + + . $KAZ_KEY_DIR/env-$1 + + # seulement si pas de mdp pour root + # pb oeuf et poule (il faudrait les anciennes valeurs) : + # * si rootPass change, faire à la main + # * si dbName change, faire à la main + checkDockerRunning "$2" "$2" || return + echo "change DB pass on docker $2" + echo "grant all privileges on ${MYSQL_DATABASE}.* to '${MYSQL_USER}' identified by '${MYSQL_PASSWORD}';" | \ + docker exec -i $2 bash -c "mysql --user=root --password=${MYSQL_ROOT_PASSWORD}" +} + + + +framadateUpdate(){ + [[ "${COMP_ENABLE}" =~ " framadate " ]] || return + if [ ! -f "${DOCK_LIB}/volumes/framadate_dateConfig/_data/config.php" ]; then + return 0 + fi + .$KAZ_BIN_DIR/getPasswords.sh framadateDB framadateServ + + checkDockerRunning "${framadateServName}" "Framadate" && + ${SIMU} docker exec -ti "${framadateServName}" bash -c -i "htpasswd -bc /var/framadate/admin/.htpasswd ${framadateServ_HTTPD_USER} ${framadateServ_HTTPD_PASSWORD}" + ${SIMU} sed -i \ + -e "s/^#*const DB_USER[ ]*=.*$/const DB_USER= '${framadateDB_MYSQL_USER}';/g" \ + -e "s/^#*const DB_PASSWORD[ ]*=.*$/const DB_PASSWORD= '${framadateDB_MYSQL_PASSWORD}';/g" \ + "${DOCK_LIB}/volumes/framadate_dateConfig/_data/config.php" +} + +jirafeauUpdate(){ + [[ "${COMP_ENABLE}" =~ " jirafeau " ]] || return + if [ ! -f "${DOCK_LIB}/volumes/jirafeau_fileConfig/_data/config.local.php" ]; then + return 0 + fi + . $KAZ_BIN_DIR/getPasswords.sh jirafeauServ + SHA=$(echo -n "${jirafeauServ_HTTPD_PASSWORD}" | sha256sum | cut -d \ -f 1) + ${SIMU} sed -i \ + -e "s/'admin_password'[ ]*=>[ ]*'[^']*'/'admin_password' => '${SHA}'/g" \ + "${DOCK_LIB}/volumes/jirafeau_fileConfig/_data/config.local.php" +} + +#################### +# main + +createMysqlUser "etherpadDB" "${etherpadDBName}" +createMysqlUser "framadateDB" "${framadateDBName}" +createMysqlUser "giteaDB" "${gitDBName}" +createMysqlUser "mattermostDB" "${mattermostDBName}" +createMysqlUser "nextcloudDB" "${nextcloudDBName}" +createMysqlUser "roundcubeDB" "${roundcubeDBName}" +createMysqlUser "sympaDB" "${sympaDBName}" +createMysqlUser "vigiloDB" "${vigiloDBName}" +createMysqlUser "wpDB" "${wordpressDBName}" +createMysqlUser "vaultwardenDB" "${vaultwardenDBName}" +createMysqlUser "castopodDB" "${castopodDBName}" +createMysqlUser "spipDB" "${spipDBName}" +createMysqlUser "mastodonDB" "${mastodonDBName}" + + +framadateUpdate +jirafeauUpdate +exit 0 diff --git a/bin/createEmptyPasswd.sh b/bin/createEmptyPasswd.sh deleted file mode 100755 index cb8e694..0000000 --- a/bin/createEmptyPasswd.sh +++ /dev/null @@ -1,104 +0,0 @@ -#!/bin/bash - -cd $(dirname $0)/.. - -mkdir -p emptySecret -rsync -aHAX --info=progress2 --delete secret/ emptySecret/ - -cd emptySecret/ - -. ../config/dockers.env -. ./SetAllPass.sh - -# pour mise au point -# SIMU=echo - -cleanEnvDB(){ - # $1 = prefix - # $2 = envName - # $3 = containerName of DB - rootPass="--root_password--" - dbName="--database_name--" - userName="--user_name--" - userPass="--user_password--" - - ${SIMU} sed -i \ - -e "s/MYSQL_ROOT_PASSWORD=.*/MYSQL_ROOT_PASSWORD=${rootPass}/g" \ - -e "s/MYSQL_DATABASE=.*/MYSQL_DATABASE=${dbName}/g" \ - -e "s/MYSQL_USER=.*/MYSQL_USER=${userName}/g" \ - -e "s/MYSQL_PASSWORD=.*/MYSQL_PASSWORD=${userPass}/g" \ - "$2" -} - -cleanEnv(){ - # $1 = prefix - # $2 = envName - for varName in $(grep "^[a-zA-Z_]*=" $2 | sed "s/^\([^=]*\)=.*/\1/g") - do - srcName="$1_${varName}" - srcVal="--clean_val--" - ${SIMU} sed -i \ - -e "s~^[ ]*${varName}=.*$~${varName}=${srcVal}~" \ - "$2" - done -} - -cleanPasswd(){ - ${SIMU} sed -i \ - -e 's/^\([# ]*[^#= ]*\)=".[^{][^"]*"/\1="--clean_val--"/g' \ - ./SetAllPass.sh -} - -#################### -# main - -# read -r -p "Do you want to remove all password? [Y/n] " input - -# case $input in -# [yY][eE][sS]|[yY]) -# echo "Remove all password" -# ;; -# [nN][oO]|[nN]) -# echo "Abort" -# ;; -# *) -# echo "Invalid input..." -# exit 1 -# ;; -# esac - -cleanPasswd - -cleanEnvDB "etherpad" "./env-${etherpadDBName}" "${etherpadDBName}" -cleanEnvDB "framadate" "./env-${framadateDBName}" "${framadateDBName}" -cleanEnvDB "git" "./env-${gitDBName}" "${gitDBName}" -cleanEnvDB "mattermost" "./env-${mattermostDBName}" "${mattermostDBName}" -cleanEnvDB "nextcloud" "./env-${nextcloudDBName}" "${nextcloudDBName}" -cleanEnvDB "roundcube" "./env-${roundcubeDBName}" "${roundcubeDBName}" -cleanEnvDB "sso" "./env-${ssoDBName}" "${ssoDBName}" -cleanEnvDB "sympa" "./env-${sympaDBName}" "${sympaDBName}" -cleanEnvDB "vigilo" "./env-${vigiloDBName}" "${vigiloDBName}" -cleanEnvDB "wp" "./env-${wordpressDBName}" "${wordpressDBName}" - -cleanEnv "etherpad" "./env-${etherpadServName}" -cleanEnv "gandi" "./env-gandi" -cleanEnv "jirafeau" "./env-${jirafeauServName}" -cleanEnv "mattermost" "./env-${mattermostServName}" -cleanEnv "nextcloud" "./env-${nextcloudServName}" -cleanEnv "office" "./env-${officeServName}" -cleanEnv "roundcube" "./env-${roundcubeServName}" -cleanEnv "sso" "./env-${ssoServName}" -cleanEnv "vigilo" "./env-${vigiloServName}" -cleanEnv "wp" "./env-${wordpressServName}" - -cat > allow_admin_ip <${IDENT_KAZ}" "${TEMP_USER_NC}"; then echo "${IDENT_KAZ} existe déjà sur ${URL_NC}" | tee -a "${LOG}" else # on créé l'utilisateur sur NC sauf si c'est le NC général, on ne créé jamais l'utilisateur7 if [ ${URL_NC} != "${cloudHost}.${domain}" ]; then - - echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users \ + . $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudServ + echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users \ -d userid='${IDENT_KAZ}' \ -d displayName='${PRENOM} ${NOM}' \ -d password='${PASSWORD}' \ @@ -445,19 +449,22 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$ # s'il est admin de son orga, on le met admin if [ "${service[ADMIN_ORGA]}" == "O" -a "${ORGA}" != "" -a "${service[NC_ORGA]}" == "O" ]; then - echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://${nextcloud_NEXTCLOUD_ADMIN_USER}:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users/${IDENT_KAZ}/groups -d groupid='admin'" | tee -a "${CMD_INIT}" + . $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudServ + echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users/${IDENT_KAZ}/groups -d groupid='admin'" | tee -a "${CMD_INIT}" fi # faut-il mettre le user NC dans un groupe particulier sur le NC de base ? if [ "${GROUPE_NC_BASE}" != "" -a "${service[NC_BASE]}" == "O" ]; then + # ici on travaille à nouveau sur le NC commun, donc on rechoppe les bons mdp + . $KAZ_KEY_DIR/env-nextcloudServ # le groupe existe t-il déjà ? - curl -o "${TEMP_GROUP_NC}" -X GET -H 'OCS-APIRequest:true' "${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/groups?search=${GROUPE_NC_BASE}" + curl -o "${TEMP_GROUP_NC}" -X GET -H 'OCS-APIRequest:true' "${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/groups?search=${GROUPE_NC_BASE}" nb=$(grep "${GROUPE_NC_BASE}" "${TEMP_GROUP_NC}" | wc -l) if [ "${nb}" == "0" ];then - echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/groups -d groupid=${GROUPE_NC_BASE}" | tee -a "${CMD_INIT}" + echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/groups -d groupid=${GROUPE_NC_BASE}" | tee -a "${CMD_INIT}" fi # puis attacher le user au groupe - echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users/${IDENT_KAZ}/groups -d groupid=${GROUPE_NC_BASE}" | tee -a "${CMD_INIT}" + echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users/${IDENT_KAZ}/groups -d groupid=${GROUPE_NC_BASE}" | tee -a "${CMD_INIT}" fi fi @@ -483,7 +490,8 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$ # TODO : vérif existance user # # le user existe t-il déjà sur le wp ? - # curl -o "${TEMP_USER_WP}" -X GET "${httpProto}://${wp_WORDPRESS_ADMIN_USER}:${wp_WORDPRESS_ADMIN_PASSWORD}@${URL_WP_ORGA}/ocs/v1.php/cloud/users?search=${IDENT_KAZ}" + # . $KAZ_BIN_DIR/getPasswords.sh wpServ + # curl -o "${TEMP_USER_WP}" -X GET "${httpProto}://${wpServ_WORDPRESS_ADMIN_USER}:${wpServ_WORDPRESS_ADMIN_PASSWORD}@${URL_WP_ORGA}/ocs/v1.php/cloud/users?search=${IDENT_KAZ}" # nb_user_wp_orga=$(grep "${IDENT_KAZ}" "${TEMP_USER_WP}" | wc -l) # if [ "${nb_user_wp_orga}" != "0" ];then # ( @@ -501,7 +509,7 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$ # ) | tee -a "${LOG}" # # # on supprime l'utilisateur sur NC. - # echo "curl -X DELETE -H 'OCS-APIRequest:true' ${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users \ + # echo "curl -X DELETE -H 'OCS-APIRequest:true' ${httpProto}://admin:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users \ # -d userid='${IDENT_KAZ}' \ # " | tee -a "${CMD_INIT}" # fi @@ -619,13 +627,13 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$ # docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=https://listes.kaz.sns/sympasoap --trusted_application=SOAP_USER --trusted_application_password=SOAP_PASSWORD --proxy_vars="USER_EMAIL=contact1@kaz.sns" --service=which if [[ "${mode}" = "dev" ]]; then echo "# DEV, on teste l'inscription à sympa"| tee -a "${CMD_SYMPA}" - LISTMASTER=$(echo ${sympa_LISTMASTERS} | cut -d',' -f1) - echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\"" | tee -a "${CMD_SYMPA}" + LISTMASTER=$(echo ${sympaServ_LISTMASTERS} | cut -d',' -f1) + echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\"" | tee -a "${CMD_SYMPA}" else echo "# PROD, on inscrit à sympa"| tee -a "${CMD_SYMPA}" - LISTMASTER=$(echo ${sympa_LISTMASTERS} | cut -d',' -f1) - echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\"" | tee -a "${CMD_SYMPA}" - echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SECOURS}\"" | tee -a "${CMD_SYMPA}" + LISTMASTER=$(echo ${sympaServ_LISTMASTERS} | cut -d',' -f1) + echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\"" | tee -a "${CMD_SYMPA}" + echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SECOURS}\"" | tee -a "${CMD_SYMPA}" fi if [ "${service[ADMIN_ORGA]}" == "O" ]; then diff --git a/bin/gestContainers.sh b/bin/gestContainers.sh index 6848e84..2599c86 100755 --- a/bin/gestContainers.sh +++ b/bin/gestContainers.sh @@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd) . $KAZ_ROOT/bin/.commonFunctions.sh setKazVars . $DOCKERS_ENV -. $KAZ_ROOT/secret/SetAllPass.sh . $KAZ_ROOT/secret/env-kaz PRG=$(basename $0) diff --git a/bin/gestContainers_v2.sh b/bin/gestContainers_v2.sh index 840ab8d..f542afc 100755 --- a/bin/gestContainers_v2.sh +++ b/bin/gestContainers_v2.sh @@ -7,7 +7,7 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd) . $KAZ_ROOT/bin/.commonFunctions.sh setKazVars . $DOCKERS_ENV -. $KAZ_ROOT/secret/SetAllPass.sh + PRG=$(basename $0) diff --git a/bin/gestUsers.sh b/bin/gestUsers.sh index ff8c9c0..7b348c9 100755 --- a/bin/gestUsers.sh +++ b/bin/gestUsers.sh @@ -8,7 +8,7 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd) setKazVars . $DOCKERS_ENV -. $KAZ_ROOT/secret/SetAllPass.sh +. $KAZ_BIN_DIR/getPasswords.sh ldapServ nextcloudServ sympaServ paheko VERSION="18-05-2025" PRG=$(basename $0) @@ -24,7 +24,7 @@ URL_PAHEKO="$httpProto://${paheko_API_USER}:${paheko_API_PASSWORD}@kaz-paheko.$( NL_LIST=infos@listes.kaz.bzh URL_AGORA_API=${URL_AGORA}/api/v4 EQUIPE=kaz -LISTMASTER=$(echo ${sympa_LISTMASTERS} | cut -d',' -f1) +LISTMASTER=$(echo ${sympaServ_LISTMASTERS} | cut -d',' -f1) #### Test du serveur sur lequel s' execute le script #### @@ -47,6 +47,8 @@ rm -rf /tmp/*.json ############################################ Fonctions ####################################################### ExpMail() { + + . $KAZ_KEY_DIR/env-mail MAIL_DEST=$1 MAIL_SUJET=$2 MAIL_TEXTE=$3 @@ -58,6 +60,7 @@ ExpMail() { } PostMattermost() { + . $KAZ_KEY_DIR/env-mattermostAdmin PostM=$1 CHANNEL=$2 TEAMID=$(curl -s -H "Authorization: Bearer ${mattermost_token}" "${URL_AGORA_API}/teams/name/${EQUIPE}" | jq .id | sed -e 's/"//g') @@ -91,8 +94,8 @@ searchEmail() { fi done ldapsearch -H ldap://${LDAP_IP} \ - -x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ - -w "${ldap_LDAP_ADMIN_PASSWORD}" \ + -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \ + -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \ -b "${ldap_root}" "(&(objectclass=${SEARCH_OBJECT_CLASS})(cn=*${RMAIL}*))" cn | grep ^cn | sed -e 's/^cn: //' >$TFILE_EMAILS COMPTEUR_LIGNE=0 while read LIGNE @@ -136,7 +139,8 @@ searchEmail() { searchMattermost() { #Ici $1 est une adresse email - docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings auth login $httpProto://$URL_AGORA --name local-server --username $mattermost_user --password $mattermost_pass >/dev/null 2>&1 + . $KAZ_KEY_DIR/env-mattermostAdmin + docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings auth login $httpProto://$URL_AGORA --name local-server --username $mattermost_user --password $mattermost_pass >/dev/null 2>&1 docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings config set ServiceSettings.EnableAPIUserDeletion "true" >/dev/null 2>&1 #on créé la list des mails dans mattermost docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings user list --all >${TFILE_MAILS_MATTERMOST} 2>/dev/null @@ -182,12 +186,12 @@ infoEmail() { printKazMsg " DETAILS DU COMPTE DANS NEXTCLOUD PRINCIPAL" echo -e "" #TEMP_USER_NC=$(mktemp /tmp/$RACINE.XXXXXXXXX.TEMP_USER_NC) - #curl -s -o $TEMP_USER_NC -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloud_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=$CHOIX_MAIL + #curl -s -o $TEMP_USER_NC -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=$CHOIX_MAIL #cat $TEMP_USER_NC | grep -i "element" | sed -e s/[\<\>\/]//g | sed -e s/element//g echo -ne "${NC}" echo -ne " - Nextcloud enable : " echo -ne "${GREEN}" - ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i nextcloudEnabled | cut -c 18-30 + ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i nextcloudEnabled | cut -c 18-30 echo -ne "${NC}" echo -e "${NC} ------------------------------------------------" printKazMsg " DETAILS DU COMPTE DANS LDAP ET PAHEKO" @@ -203,11 +207,11 @@ infoEmail() { echo -ne "${NC}" echo -n " - Quota Mail (Ldap) : " echo -ne "${GREEN}" - ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i mailquota | cut -c 11-60 + ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i mailquota | cut -c 11-60 echo -ne "${NC}" echo -n " - Quota Nextcloud (Ldap) : " echo -ne "${GREEN}" - ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i nextcloudquota | cut -c 17-60 + ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i nextcloudquota | cut -c 17-60 echo -ne "${NC}" echo -n " - Mail de secours (Paheko ): " echo -ne "${GREEN}" @@ -215,11 +219,11 @@ infoEmail() { echo -ne "${NC}" echo -n " - Mail de secours (Ldap): " echo -ne "${GREEN}" - ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i maildeSecours | sed -e 's/mailDeSecours://' + ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i maildeSecours | sed -e 's/mailDeSecours://' echo -ne "${NC}" echo -n " - Alias (Ldap) : " echo -ne "${GREEN}" - LDAP_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i alias | cut -c 11-60) + LDAP_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i alias | cut -c 11-60) echo -ne "${NC}" echo -ne "${GREEN}" for ldap_alias in ${LDAP_ALIAS} @@ -239,8 +243,8 @@ infoEmail() { echo "------------------------------------------------" echo " Alias : ${CHOIX_MAIL} " echo "" - for INFOALIAS in $(ldapsearch -H ldap://${LDAP_IP} -x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ - -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${CHOIX_MAIL}*))" mail \ + for INFOALIAS in $(ldapsearch -H ldap://${LDAP_IP} -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \ + -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${CHOIX_MAIL}*))" mail \ | grep ^mail: | sed -e 's/^mail://') do echo -ne "=====> ${GREEN} " @@ -307,12 +311,12 @@ searchDestroy() { fi echo -e "${NC}" echo -e "Recherche de ${GREEN} ${REP_SEARCH_DESTROY} ${NC} dans nextcloud" - USER_NEXTCLOUD_SUPPR=$(curl -s -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloud_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=${REP_SEARCH_DESTROY} | grep element | sed -s 's/[ \<\>\/]//g' | sed 's/element//g') + USER_NEXTCLOUD_SUPPR=$(curl -s -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=${REP_SEARCH_DESTROY} | grep element | sed -s 's/[ \<\>\/]//g' | sed 's/element//g') if [ ! -z ${USER_NEXTCLOUD_SUPPR} ] then printKazMsg "le user trouvé est : ${USER_NEXTCLOUD_SUPPR}" echo -e "${RED} Suppresion de ${USER_NEXTCLOUD_SUPPR}" - curl -H 'OCS-APIREQUEST: true' -X DELETE $httpProto://admin:$nextcloud_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users/${USER_NEXTCLOUD_SUPPR} >/dev/null 2>&1 + curl -H 'OCS-APIREQUEST: true' -X DELETE $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users/${USER_NEXTCLOUD_SUPPR} >/dev/null 2>&1 if [ "$?" -eq "0" ] then printKazMsg "Suppresion ok" @@ -327,7 +331,7 @@ searchDestroy() { echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans la liste info de sympa" echo -e "${NC}" echo "" - docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${REP_SEARCH_DESTROY}" + docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${REP_SEARCH_DESTROY}" echo -e "${NC}" echo "" echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans le serveur de mail" @@ -344,7 +348,7 @@ searchDestroy() { echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans le ldap" echo -e "${NC}" echo "" - ldapdelete -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" "cn=${REP_SEARCH_DESTROY},ou=users,${ldap_root}" + ldapdelete -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" "cn=${REP_SEARCH_DESTROY},ou=users,${ldap_root}" if [ "$?" -eq "0" ] then printKazMsg "Suppresion ok" @@ -377,8 +381,8 @@ gestPassword() { # MAIL_SECOURS=$(jq .results[].email_secours $FICMAILSECOURS | sed -e 's/\"//g') MAIL_SECOURS=$(ldapsearch -H ldap://${LDAP_IP} \ - -x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ - -w "${ldap_LDAP_ADMIN_PASSWORD}" \ + -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \ + -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \ -b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=*${CHOIX_MAIL}*))" | grep ^mailDeSecours | sed -e 's/^mailDeSecours: //') if [ "$MAIL_SECOURS" = "" ] then @@ -405,19 +409,19 @@ gestPassword() { fi if [ "$SEARCH_RESET_INPUT" = "o" ] || [ "$SEARCH_RESET_INPUT" = "O" ] then - USER_NEXTCLOUD_MODIF=$(curl -s -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloud_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=${COMPTE_A_MODIFIER} | grep element | sed -e 's/[ \<\>\/]//g' -e 's/element//g') + USER_NEXTCLOUD_MODIF=$(curl -s -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=${COMPTE_A_MODIFIER} | grep element | sed -e 's/[ \<\>\/]//g' -e 's/element//g') echo -e "$GREEN Compte à modifier = $RED ${COMPTE_A_MODIFIER} ${NC}" echo -e "$GREEN Mail de secours = $RED ${MAIL_SECOURS} ${NC}" echo -e "$GREEN Compte $RED $(searchMattermost $COMPTE_A_MODIFIER) ${NC}" echo -e "$GREEN Compte Nextcloud $RED ${USER_NEXTCLOUD_MODIF} ${NC}" echo -e "$GREEN Le mot de passe sera = $RED ${PASSWORD} ${NC}" docker exec -ti mattermostServ bin/mmctl user change-password $(searchMattermost $COMPTE_A_MODIFIER) -p $PASSWORD >/dev/null 2>&1 - curl -H 'OCS-APIREQUEST: true' -X PUT $httpProto://admin:$nextcloud_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users/${USER_NEXTCLOUD_MODIF} -d key=password -d value=${PASSWORD} >/dev/null 2>&1 + curl -H 'OCS-APIREQUEST: true' -X PUT $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users/${USER_NEXTCLOUD_MODIF} -d key=password -d value=${PASSWORD} >/dev/null 2>&1 pass=$(mkpasswd -m sha512crypt ${PASSWORD}) echo -e "\n\ndn: cn=${COMPTE_A_MODIFIER},ou=users,${ldap_root}\n\ changeType: modify\n\ replace: userPassword\n\ -userPassword: {CRYPT}${pass}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" +userPassword: {CRYPT}${pass}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" echo -e "Envoi d'un message dans mattermost pour la modification du mot de passe" docker exec -ti mattermostServ bin/mmctl post create kaz:Creation-Comptes --message "Le mot de passe du compte ${COMPTE_A_MODIFIER} a été modifié" >/dev/null 2>&1 if [ $ADRESSE_SEC == "OUI" ] @@ -465,8 +469,8 @@ createMail() { if [[ ${EMAIL_SOUHAITE} =~ ${regexMail} ]] then ldapsearch -H ldap://${LDAP_IP} \ - -x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ - -w "${ldap_LDAP_ADMIN_PASSWORD}" \ + -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \ + -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \ -b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=${EMAIL_SOUHAITE}))" cn | grep ^cn | sed -e 's/^cn: //' >$TFILE_EMAILS if grep -q "^${EMAIL_SOUHAITE}$" "${TFILE_EMAILS}" then @@ -564,7 +568,7 @@ nextcloudEnabled: ${TRUE_KAZ}\n\ nextcloudQuota: ${QUOTA} GB\n\ mobilizonEnabled: ${TRUE_KAZ}\n\ agoraEnabled: ${TRUE_KAZ}\n\ -userPassword: {CRYPT}${LDAPPASS}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldap_LDAP_ADMIN_PASSWORD}" >${TFILE_CREATE_MAIL} +userPassword: {CRYPT}${LDAPPASS}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}" >${TFILE_CREATE_MAIL} # on execute le fichier avec les données ldap pour créer l' entrée dans l' annuaire bash ${TFILE_CREATE_MAIL} >/dev/null # on colle le compte et le mot de passe dans le fichier @@ -610,12 +614,12 @@ createAlias() { if [[ ${AMAIL} =~ ${regexMail} ]] then RESU_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} \ - -x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ - -w "${ldap_LDAP_ADMIN_PASSWORD}" \ + -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \ + -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \ -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${AMAIL}*))" | grep ^cn | sed -e 's/^cn: //') RESU_ALIAS_IS_MAIL=$(ldapsearch -H ldap://${LDAP_IP} \ - -x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ - -w "${ldap_LDAP_ADMIN_PASSWORD}" \ + -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \ + -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \ -b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=*${AMAIL}*))" cn | grep ^cn | sed -e 's/^cn: //') if echo ${RESU_ALIAS} | grep -q "^${AMAIL}$" || echo ${RESU_ALIAS_IS_MAIL} | grep -q "^${AMAIL}$" @@ -690,7 +694,7 @@ changeType: add\n\ objectClass: organizationalRole\n\ objectClass: PostfixBookMailForward\n\ mailAlias: ${AMAIL}\n\ -${LDAPALAISMAIL}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldap_LDAP_ADMIN_PASSWORD} +${LDAPALAISMAIL}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD} fait=1 printKazMsg "Création de ${AMAIL}" sleep 3 @@ -722,8 +726,8 @@ delAlias() { if [[ ${RALIAS} =~ ${regexMail} ]] then RESU_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} \ - -x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ - -w "${ldap_LDAP_ADMIN_PASSWORD}" \ + -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \ + -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \ -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=${RALIAS}))" cn | grep ^cn | sed -e 's/^cn: //') if [ ! -z ${RESU_ALIAS} ] then @@ -733,7 +737,7 @@ delAlias() { read -p "suppression de ${RESU_ALIAS} ? (o/n): " REPDELALIAS case "${REPDELALIAS}" in o | O ) - ldapdelete -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" "cn=${RESU_ALIAS},ou=mailForwardings,${ldap_root}" + ldapdelete -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" "cn=${RESU_ALIAS},ou=mailForwardings,${ldap_root}" printKazMsg "suppression ${RESU_ALIAS} effectuée" sleep 2 faitdel=1 @@ -769,8 +773,8 @@ modifyAlias() ACHANGE=0 searchEmail alias LISTE_MAIL_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} \ - -x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ - -w "${ldap_LDAP_ADMIN_PASSWORD}" \ + -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \ + -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \ -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${CHOIX_MAIL}*))" \ | grep -i ^mail: | sed -e 's/^mail: /_/' | tr -d [:space:] | sed -s 's/_/ /g') echo "-------------------------------------------------------------------" @@ -845,8 +849,8 @@ modifyAlias() echo "mail: ${key}" >>${FIC_MODIF_LDIF} done echo "-" >>${FIC_MODIF_LDIF} - ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ - -x -w ${ldap_LDAP_ADMIN_PASSWORD} \ + ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \ + -x -w ${ldapServ_LDAP_ADMIN_PASSWORD} \ -f ${FIC_MODIF_LDIF} >/dev/null else printKazMsg "Pas de changement" @@ -872,8 +876,8 @@ updateUser() { for attribut in mailDeSecours mailAlias mailQuota nextcloudQuota do ATTRIB+=([${attribut}]=$(ldapsearch -H ldap://${LDAP_IP} \ - -x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ - -w "${ldap_LDAP_ADMIN_PASSWORD}" \ + -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \ + -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \ -b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=*${CHOIX_MAIL}*))" \ | grep ^"${attribut}": | sed -e 's/^'${attribut}': //' | tr -s '[:space:]' ' ' )) # si l' attribut est mailDesecours on l' attrape et on on le stocke pour pouvoir l' enlever de sympa @@ -1056,15 +1060,15 @@ updateUser() { done cat ${FIC_MODIF_LDIF} sleep 3 - ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ - -x -w ${ldap_LDAP_ADMIN_PASSWORD} \ + ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \ + -x -w ${ldapServ_LDAP_ADMIN_PASSWORD} \ -f ${FIC_MODIF_LDIF} if [ ! -z ${MAILDESECOURS} ] then # suppression du mail de secours de la liste infos - docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${MAILDESECOURSACTUEL}" + docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${MAILDESECOURSACTUEL}" # ajout de l' adresse de la nouvelle adresse de secours - docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=add --service_parameters="${NL_LIST},${MAILDESECOURS}" + docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=add --service_parameters="${NL_LIST},${MAILDESECOURS}" fi updateUser fi diff --git a/bin/getPasswords.sh b/bin/getPasswords.sh new file mode 100755 index 0000000..067122a --- /dev/null +++ b/bin/getPasswords.sh @@ -0,0 +1,94 @@ +#!/bin/bash +#Ki: Gael +#Kan: 2025 +#Koi: gestion mots de passe + +KAZ_ROOT=/kaz + +. "${KAZ_ROOT}/bin/.commonFunctions.sh" +QUIET=1 + +usage() { +echo "getPasswords.sh [OPTIONS] [envname ...] +Récupère les variables d'environnement présentes dans /kaz/secret/env-envname et crée des variables à partir de ces noms là. +Les variables sont du type envname_NOMVARIABLE=valeur +On peut passer plusieurs fichiers env, à partir du moment ou ils sont tous dans le même répertoire ! +OPTIONS + -h|--help Cette aide :-) + -n|--simu SIMULATION + -d foldername prend les envfiles dans un sous dossier /kaz/secret/foldername/ (pour les orgas !) + Les variables seront du type foldername-envname_NOMVARIABLE=valeur + -e varname Affiche le contenu d'une variable en particulier +" +} + +if [ ! -d "${KAZ_KEY_DIR}/tmp" ]; then + mkdir "${KAZ_KEY_DIR}/tmp" +fi + +for ARG in "$@"; do + if [ -n "${DIRECTORYARG}" ]; then # après un -d + SUBDIRECTORY="${ARG}" + unset DIRECTORYARG + elif [ -n "${ECHOVARARG}" ]; then # après un -e + VARTOECHO="${ARG}" + unset ECHOVARARG + QUIET="/dev/null" # pour ne pas avoir d'autres bruits ... + else + + case "${ARG}" in + '-d' | '--directory' | '-f' | '--folder' | '--foldername') + DIRECTORYARG="ON ATTEND UN REPERTOIRE APRES CA" ;; + '-h' | '--help' ) + usage && exit ;; + '-n' | '--simu') + SIMU="echo" ;; + '-e' | '--echo') + ECHOVARARG="ON ATTEND UNE UN NOM DE VARIABLE APRES CA" ;; + '-q' ) + QUIET="/dev/null" ;; + *) + ENVFILES="${ENVFILES} ${ARG%}";; + esac + fi +done + +getVars () { + # $1 : filename + grep "^[^#]*=" $1 | sed 's/\([^=]*\).*/\1/' | sort -u +} + +NB_FILES=$(echo "${ENVFILES}" | wc -w ) + +if [[ $NB_FILES = 0 ]]; then + usage + exit 1 +fi + +for ENVFILE in $ENVFILES; do + FILENAME="$KAZ_KEY_DIR/env-$ENVFILE" + VARSUFFIX="$ENVFILE"_ + if [ -n "${SUBDIRECTORY}" ]; then + FILENAME="$KAZ_KEY_DIR/orgas/$SUBDIRECTORY/env-$ENVFILE" + VARSUFFIX="${SUBDIRECTORY}-${ENVFILE}_" + fi + + if ! [ -f "$FILENAME" ]; then + echo "$FILENAME does not exist." >& $QUIET + continue + fi + + . $FILENAME # on récupère les variables + vars=$(getVars $FILENAME) + for var in $vars; do + $SIMU declare $VARSUFFIX$var=${!var} + unset $var + done + unset FILENAME VARSUFFIX vars +done + +if [ -n "$VARTOECHO" ]; then + echo ${!VARTOECHO} +fi + +unset ENVFILES KAZ_ROOT SUBDIRECTORY SIMU QUIET NB_FILES VARTOECHO \ No newline at end of file diff --git a/bin/init.sh b/bin/init.sh index e0e395e..f993485 100755 --- a/bin/init.sh +++ b/bin/init.sh @@ -214,7 +214,6 @@ fi if [ ! -d "${KAZ_ROOT}/secret" ]; then rsync -a "${KAZ_ROOT}/secret.tmpl/" "${KAZ_ROOT}/secret/" - . "${KAZ_ROOT}/secret/SetAllPass.sh" "${KAZ_BIN_DIR}/secretGen.sh" - "${KAZ_BIN_DIR}/updateDockerPassword.sh" + "${KAZ_BIN_DIR}/createDBUsers.sh" fi diff --git a/bin/interoPaheko.sh b/bin/interoPaheko.sh index 2e33dca..ba50fc4 100755 --- a/bin/interoPaheko.sh +++ b/bin/interoPaheko.sh @@ -6,7 +6,8 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd) setKazVars . $DOCKERS_ENV -. $KAZ_ROOT/secret/SetAllPass.sh + +. $KAZ_BIN_DIR/getPasswords.sh paheko URL_PAHEKO="$httpProto://${paheko_API_USER}:${paheko_API_PASSWORD}@kaz-paheko.$(echo $domain)" diff --git a/bin/ldap/ldap_sauve.sh b/bin/ldap/ldap_sauve.sh index ca138be..9c63893 100755 --- a/bin/ldap/ldap_sauve.sh +++ b/bin/ldap/ldap_sauve.sh @@ -7,6 +7,5 @@ setKazVars FILE_LDIF=/home/sauve/ldap.ldif . $DOCKERS_ENV -. $KAZ_ROOT/secret/SetAllPass.sh docker exec -u 0 -i ${ldapServName} slapcat -F /opt/bitnami/openldap/etc/slapd.d -b ${ldap_root} | gzip >${FILE_LDIF}.gz diff --git a/bin/ldap/ldapvi.sh b/bin/ldap/ldapvi.sh index d557b0b..10b05b5 100755 --- a/bin/ldap/ldapvi.sh +++ b/bin/ldap/ldapvi.sh @@ -5,7 +5,7 @@ KAZ_ROOT=/kaz setKazVars . $DOCKERS_ENV -. $KAZ_ROOT/secret/SetAllPass.sh +. $KAZ_BIN_DIR/getPasswords.sh ldapServ LDAP_IP=$(docker inspect -f '{{.NetworkSettings.Networks.ldapNet.IPAddress}}' ldapServ) @@ -20,4 +20,4 @@ EDITOR=${EDITOR:-vi} EDITOR=${EDITOR:-vi} export EDITOR=${EDITOR} -ldapvi -h $LDAP_IP -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -w ${ldap_LDAP_ADMIN_PASSWORD} --discover +ldapvi -h $LDAP_IP -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -w ${ldapServ_LDAP_ADMIN_PASSWORD} --discover diff --git a/bin/ldap/migrate_to_ldap.sh b/bin/ldap/migrate_to_ldap.sh index ff339e7..55807e5 100755 --- a/bin/ldap/migrate_to_ldap.sh +++ b/bin/ldap/migrate_to_ldap.sh @@ -8,7 +8,7 @@ KAZ_ROOT=/kaz setKazVars . $DOCKERS_ENV -. $KAZ_ROOT/secret/SetAllPass.sh +. $KAZ_BIN_DIR/getPasswords.sh ldapServ paheko ACCOUNTS=/kaz/dockers/postfix/config/postfix-accounts.cf @@ -126,7 +126,7 @@ replace: agoraEnabled\n\ agoraEnabled: TRUE\n\ -\n\ replace: mobilizonEnabled\n\ -mobilizonEnabled: TRUE\n\n" | tee /tmp/ldap/${mail}.ldif | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldap_LDAP_ADMIN_PASSWORD} +mobilizonEnabled: TRUE\n\n" | tee /tmp/ldap/${mail}.ldif | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD} done #replace: nextcloudEnabled\n\ @@ -164,7 +164,7 @@ do echo -e "dn: cn=${mail},ou=users,${ldap_root}\n\ changeType: modify replace: mailAlias\n\ -$LIST\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldap_LDAP_ADMIN_PASSWORD} +$LIST\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD} else echo "Alias vers un mail externe, go fichier" echo $line >> ${ALIASES_WITHLDAP} @@ -185,7 +185,7 @@ replace: mailAlias\n\ mailAlias: ${src}\n\ -\n\ replace: mail\n\ -mail: ${dst}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldap_LDAP_ADMIN_PASSWORD} +mail: ${dst}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD} fi else echo "Forward vers plusieurs adresses, on met dans le fichier" @@ -215,7 +215,7 @@ replace: mailAlias\n\ mailAlias: ${src}\n\ -\n\ replace: mail\n\ -${LIST}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldap_LDAP_ADMIN_PASSWORD} +${LIST}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD} fi done diff --git a/bin/ldap/tests/nc_orphans.sh b/bin/ldap/tests/nc_orphans.sh index c4e97d6..ece655e 100755 --- a/bin/ldap/tests/nc_orphans.sh +++ b/bin/ldap/tests/nc_orphans.sh @@ -5,16 +5,16 @@ KAZ_ROOT=/kaz setKazVars . $DOCKERS_ENV -. $KAZ_ROOT/secret/SetAllPass.sh +. $KAZ_BIN_DIR/getPasswords.sh ldapServ nextcloudDB LDAP_IP=$(docker inspect -f '{{.NetworkSettings.Networks.ldapNet.IPAddress}}' ldapServ) -docker exec -i nextcloudDB mysql --user=${nextcloud_MYSQL_USER} --password=${nextcloud_MYSQL_PASSWORD} ${nextcloud_MYSQL_DATABASE} <<< "select uid from oc_users;" > /tmp/nc_users.txt +docker exec -i nextcloudDB mysql --user=${nextcloudDB_MYSQL_USER} --password=${nextcloudDB_MYSQL_PASSWORD} ${nextcloudDB_MYSQL_DATABASE} <<< "select uid from oc_users;" > /tmp/nc_users.txt OLDIFS=${IFS} IFS=$'\n' for line in `cat /tmp/nc_users.txt`; do - result=$(ldapsearch -h $LDAP_IP -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -w ${ldap_LDAP_ADMIN_PASSWORD} -b $ldap_root -x "(identifiantKaz=${line})" | grep numEntries) + result=$(ldapsearch -h $LDAP_IP -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -w ${ldapServ_LDAP_ADMIN_PASSWORD} -b $ldap_root -x "(identifiantKaz=${line})" | grep numEntries) echo "${line} ${result}" | grep -v "numEntries: 1" | grep -v "^uid" done IFS=${OLDIFS} diff --git a/bin/manageAgora.sh b/bin/manageAgora.sh index 5505802..6d5af9c 100755 --- a/bin/manageAgora.sh +++ b/bin/manageAgora.sh @@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd) . $KAZ_ROOT/bin/.commonFunctions.sh setKazVars . $DOCKERS_ENV -. $KAZ_ROOT/secret/SetAllPass.sh #GLOBAL VARS PRG=$(basename $0) @@ -83,7 +82,8 @@ Init(){ [ $? -ne 0 ] && printKazError "$DockerServName ne parvient pas à démarrer correctement : impossible de terminer l'install" && return 1 >& $QUIET # creation compte admin - ${SIMU} curl -i -d "{\"email\":\"${mattermost_MM_ADMIN_EMAIL}\",\"username\":\"${mattermost_user}\",\"password\":\"${mattermost_pass}\",\"allow_marketing\":true}" "${MATTER_URL}/api/v4/users" + _getPasswords + ${SIMU} curl -i -d "{\"email\":\"${mattermostServ_MM_ADMIN_EMAIL}\",\"username\":\"${mattermost_user}\",\"password\":\"${mattermost_pass}\",\"allow_marketing\":true}" "${MATTER_URL}/api/v4/users" MM_TOKEN=$(_getMMToken ${MATTER_URL}) @@ -98,12 +98,13 @@ Version(){ _getMMToken(){ #$1 MATTER_URL + _getPasswords ${SIMU} curl -i -s -d "{\"login_id\":\"${mattermost_user}\",\"password\":\"${mattermost_pass}\"}" "${1}/api/v4/users/login" | grep 'token' | sed 's/token:\s*\(.*\)\s*/\1/' | tr -d '\r' } PostMessage(){ printKazMsg "Envoi à $TEAM : $MESSAGE" >& $QUIET - + _getPasswords ${SIMU} docker exec -ti "${DockerServName}" bin/mmctl auth login "${MATTER_URL}" --name local-server --username ${mattermost_user} --password ${mattermost_pass} ${SIMU} docker exec -ti "${DockerServName}" bin/mmctl post create "${TEAM}" --message "${MESSAGE}" } @@ -113,6 +114,16 @@ MmctlCommand(){ ${SIMU} docker exec -u 33 "$DockerServName" bin/mmctl $1 } +_getPasswords(){ + # récupération des infos du compte admin + if [ -n "$AGORACOMMUN" ] ; then + . $KAZ_KEY_DIR/env-mattermostAdmin + . $KAZ_BIN_DIR/getPasswords.sh mattermostServ + else + . $KAZ_KEY_DIR/orgas/${ORGA}/env-mattermostAdmin + . $KAZ_BIN_DIR/getPasswords.sh -d ${ORGA} mattermostServ + fi +} ########## Main ################# for ARG in "$@"; do diff --git a/bin/manageCastopod.sh b/bin/manageCastopod.sh index a7e0f58..dce9ba8 100755 --- a/bin/manageCastopod.sh +++ b/bin/manageCastopod.sh @@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd) . $KAZ_ROOT/bin/.commonFunctions.sh setKazVars . $DOCKERS_ENV -. $KAZ_ROOT/secret/SetAllPass.sh #GLOBAL VARS PRG=$(basename $0) @@ -63,11 +62,12 @@ Init(){ cookies=$(curl -c - ${POD_URL}) CSRF_TOKEN=$(curl --cookie <(echo "$cookies") ${POD_URL}/cp-install | grep "csrf_test_name" | sed "s/.*value=.//" | sed "s/.>//") + _getPasswords #echo ${CSRF_TOKEN} ${SIMU} curl --cookie <(echo "$cookies") -X POST \ - -d "username=${castopod_ADMIN_USER}" \ - -d "password=${castopod_ADMIN_PASSWORD}" \ - -d "email=${castopod_ADMIN_MAIL}" \ + -d "username=${ADMIN_USER}" \ + -d "password=${ADMIN_PASSWORD}" \ + -d "email=${ADMIN_MAIL}" \ -d "csrf_test_name=${CSRF_TOKEN}" \ "${POD_URL}/cp-install/create-superadmin" @@ -78,7 +78,13 @@ Version(){ echo "Version $DockerServName : ${GREEN}${VERSION}${NC}" } - +_getPasswords(){ + if [ -n "$CASTOPOD_COMMUN" ]; then + . $KAZ_KEY_DIR/env-castopodAdmin + else + . $KAZ_KEY_DIR/orgas/$ORGA/env-castopodAdmin + fi +} ########## Main ################# for ARG in "$@"; do diff --git a/bin/manageCloud.sh b/bin/manageCloud.sh index 6c7e861..ea173b6 100755 --- a/bin/manageCloud.sh +++ b/bin/manageCloud.sh @@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd) . $KAZ_ROOT/bin/.commonFunctions.sh setKazVars . $DOCKERS_ENV -. $KAZ_ROOT/secret/SetAllPass.sh #GLOBAL VARS PRG=$(basename $0) @@ -32,7 +31,7 @@ OPTIONS -n|--simu SIMULATION -q|--quiet On ne parle pas (utile avec le -n pour avoir que les commandes) --nas L'orga se trouve sur le NAS ! - + COMMANDES (on peut en mettre plusieurs dans l'ordre souhaité) -I|--install L'initialisation du cloud -v|--version Donne la version du cloud et signale les MàJ @@ -75,7 +74,7 @@ Init(){ CONF_FILE="${NAS_VOL}/orga_${ORGA}-cloudConfig/_data/config.php" fi - firstInstall "$CLOUD_URL" "$CONF_FILE" " NextCloud de $NOM" + firstInstall "$CLOUD_URL" "$CONF_FILE" "$NOM" updatePhpConf "$CONF_FILE" InstallApplis echo "${CYAN} *** Paramétrage richdocuments pour $ORGA${NC}" >& $QUIET @@ -100,25 +99,38 @@ firstInstall(){ # $2 phpConfFile # $3 orga if ! grep -q "'installed' => true," "$2" 2> /dev/null; then - printKazMsg "\n *** Premier lancement de $3" >& $QUIET + + printKazMsg "\n *** Premier lancement nextcloud $3" >& $QUIET + _getPasswords ${SIMU} waitUrl "$1" ${SIMU} curl -X POST \ -d "install=true" \ - -d "adminlogin=${nextcloud_NEXTCLOUD_ADMIN_USER}" \ - -d "adminpass=${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}" \ + -d "adminlogin=${NEXTCLOUD_ADMIN_USER}" \ + -d "adminpass=${NEXTCLOUD_ADMIN_PASSWORD}" \ -d "directory=/var/www/html/data" \ -d "dbtype=mysql" \ - -d "dbuser=${nextcloud_MYSQL_USER}" \ - -d "dbpass=${nextcloud_MYSQL_PASSWORD}" \ - -d "dbname=${nextcloud_MYSQL_DATABASE}" \ - -d "dbhost=${nextcloud_MYSQL_HOST}" \ + -d "dbuser=${MYSQL_USER}" \ + -d "dbpass=${MYSQL_PASSWORD}" \ + -d "dbname=${MYSQL_DATABASE}" \ + -d "dbhost=${MYSQL_HOST}" \ -d "install-recommended-apps=true" \ "$1" fi } +_getPasswords(){ + if [ -n "$CLOUDCOMMUN" ]; then + . $KAZ_KEY_DIR/env-nextcloudServ + . $KAZ_KEY_DIR/env-nextcloudDB + else + . $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudServ + . $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudDB + fi +} + + setOfficeUrl(){ # Did le 25 mars les offices sont tous normalisé sur les serveurs https://${site}-${officeHost}.${domain} #OFFICE_URL="https://${officeHost}.${domain}" @@ -131,13 +143,14 @@ setOfficeUrl(){ } initLdap(){ + . $KAZ_BIN_DIR/getPasswords.sh ldapServ # $1 Nom du cloud echo "${CYAN} *** Installation LDAP pour $1${NC}" >& $QUIET occCommand "app:enable user_ldap" "${DockerServName}" occCommand "ldap:delete-config s01" "${DockerServName}" occCommand "ldap:create-empty-config" "${DockerServName}" occCommand "ldap:set-config s01 ldapAgentName cn=cloud,ou=applications,${ldap_root}" "${DockerServName}" - occCommand "ldap:set-config s01 ldapAgentPassword ${ldap_LDAP_CLOUD_PASSWORD}" "${DockerServName}" + occCommand "ldap:set-config s01 ldapAgentPassword ${ldapServ_LDAP_CLOUD_PASSWORD}" "${DockerServName}" occCommand "ldap:set-config s01 ldapBase ${ldap_root}" "${DockerServName}" occCommand "ldap:set-config s01 ldapBaseGroups ${ldap_root}" "${DockerServName}" occCommand "ldap:set-config s01 ldapBaseUsers ou=users,${ldap_root}" "${DockerServName}" diff --git a/bin/manageWiki.sh b/bin/manageWiki.sh index f17ca81..3f7d693 100755 --- a/bin/manageWiki.sh +++ b/bin/manageWiki.sh @@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd) . $KAZ_ROOT/bin/.commonFunctions.sh setKazVars . $DOCKERS_ENV -. $KAZ_ROOT/secret/SetAllPass.sh #GLOBAL VARS PRG=$(basename $0) @@ -55,15 +54,7 @@ Init(){ PLG_DIR="${VOL_PREFIX}wikiPlugins/_data" CONF_DIR="${VOL_PREFIX}wikiConf/_data" - # Gael, j'avais ajouté ça mais j'ai pas test alors je laisse comme avant ... - # A charge au prochain qui monte un wiki de faire qque chose - #WIKI_ROOT="${dokuwiki_WIKI_ROOT}" - #WIKI_EMAIL="${dokuwiki_WIKI_EMAIL}" - #WIKI_PASS="${dokuwiki_WIKI_PASSWORD}" - - WIKI_ROOT=Kaz - WIKI_EMAIL=wiki@kaz.local - WIKI_PASS=azerty + . $KAZ_BIN_DIR/getPasswords.sh dokuwiki ${SIMU} checkDockerRunning "${DockerServName}" "${NOM}" || exit @@ -77,11 +68,11 @@ Init(){ -d "l=fr" \ -d "d[title]=${NOM}" \ -d "d[acl]=true" \ - -d "d[superuser]=${WIKI_ROOT}" \ + -d "d[superuser]=${dokuwiki_WIKI_ROOT}" \ -d "d[fullname]=Admin"\ - -d "d[email]=${WIKI_EMAIL}" \ - -d "d[password]=${WIKI_PASS}" \ - -d "d[confirm]=${WIKI_PASS}" \ + -d "d[email]=${dokuwiki_WIKI_EMAIL}" \ + -d "d[password]=${dokuwiki_WIKI_PASSWORD}" \ + -d "d[confirm]=${dokuwiki_WIKI_PASSWORD}" \ -d "d[policy]=1" \ -d "d[allowreg]=false" \ -d "d[license]=0" \ diff --git a/bin/manageWp.sh b/bin/manageWp.sh index ba016f7..b404a2c 100755 --- a/bin/manageWp.sh +++ b/bin/manageWp.sh @@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd) . $KAZ_ROOT/bin/.commonFunctions.sh setKazVars . $DOCKERS_ENV -. $KAZ_ROOT/secret/SetAllPass.sh #GLOBAL VARS PRG=$(basename $0) @@ -61,11 +60,11 @@ Init(){ echo "\n *** Premier lancement de WP" >& $QUIET ${SIMU} waitUrl "${WP_URL}" - + . $KAZ_BIN_DIR/getPasswords.sh wpServ ${SIMU} curl -X POST \ - -d "user_name=${wp_WORDPRESS_ADMIN_USER}" \ - -d "admin_password=${wp_WORDPRESS_ADMIN_PASSWORD}" \ - -d "admin_password2=${wp_WORDPRESS_ADMIN_PASSWORD}" \ + -d "user_name=${wpServ_WORDPRESS_ADMIN_USER}" \ + -d "admin_password=${wpServ_WORDPRESS_ADMIN_PASSWORD}" \ + -d "admin_password2=${wpServ_WORDPRESS_ADMIN_PASSWORD}" \ -d "pw_weak=true" \ -d "admin_email=admin@kaz.bzh" \ -d "blog_public=0" \ diff --git a/bin/migGestionMotsDePasse.sh b/bin/migGestionMotsDePasse.sh new file mode 100644 index 0000000..dd84bfa --- /dev/null +++ b/bin/migGestionMotsDePasse.sh @@ -0,0 +1,68 @@ +#!/bin/bash + +KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd) +. $KAZ_ROOT/bin/.commonFunctions.sh +setKazVars +. $DOCKERS_ENV +. $KAZ_ROOT/secret/SetAllPass.sh + +newenvfile=$KAZ_KEY_DIR/env-mattermostAdmin +touch $newenvfile +echo "mattermost_user=$mattermost_user" >> $newenvfile +echo "mattermost_pass=$mattermost_pass" >> $newenvfile +echo "mattermost_token=$mattermost_token" >> $newenvfile + + +echo "EMAIL_CONTACT=$EMAIL_CONTACT" >> $DOCKERS_ENV + + +newenvfile=$KAZ_KEY_DIR/env-paheko +touch $newenvfile +echo "API_USER=$paheko_API_USER" >> $newenvfile +echo "API_PASSWORD=$paheko_API_PASSWORD" >> $newenvfile + + + +newenvfile=$KAZ_KEY_DIR/env-mail +touch $newenvfile +echo "service_mail=$service_mail" >> $newenvfile +echo "service_password=$service_password" >> $newenvfile + + +newenvfile=$KAZ_KEY_DIR/env-borg +# touch $newenvfile à priori il existe déjà +echo "BORG_REPO=$BORG_REPO" >> $newenvfile +echo "BORG_PASSPHRASE=$BORG_PASSPHRASE" >> $newenvfile +echo "VOLUME_SAUVEGARDES=$VOLUME_SAUVEGARDES" >> $newenvfile +echo "MAIL_RAPPORT=$MAIL_RAPPORT" >> $newenvfile +echo "BORGMOUNT=$BORGMOUNT" >> $newenvfile + + +newenvfile=$KAZ_KEY_DIR/env-traefik +touch $newenvfile +echo "DASHBOARD_USER=$traefik_DASHBOARD_USER" >> $newenvfile +echo "DASHBOARD_PASSWORD=$traefik_DASHBOARD_PASSWORD" >> $newenvfile + + + +##################### +# Castopod +# A COPIER DANS UN FICHIER DE CONF !! castopodAdmin + +newenvfile=$KAZ_KEY_DIR/env-castopodAdmin +touch $newenvfile +echo "ADMIN_USER=$castopod_ADMIN_USER" >> $newenvfile +echo "ADMIN_MAIL=$castopod_ADMIN_MAIL" >> $newenvfile +echo "ADMIN_PASSWORD=$castopod_ADMIN_PASSWORD" >> $newenvfile + + +# creation dossier pour les env des orgas +mkdir $KAZ_KEY_DIR/orgas +orgasLong=($(getList "${KAZ_CONF_DIR}/container-orga.list")) +ORGAS=${orgasLong[*]//-orga/} +for orga in ${ORGAS};do + mkdir $KAZ_KEY_DIR/orgas/$orga + cp $KAZ_KEY_DIR/env-{castopod{Admin,DB,Serv},mattermost{DB,Serv},nextcloud{DB,Serv},spip{DB,Serv},wp{DB,Serv}} $KAZ_KEY_DIR/orgas/$orga +done + +echo "C'est parfait, vous pouvez git pull puis supprimer SetAllPass.sh" \ No newline at end of file diff --git a/bin/migVersProdX.sh b/bin/migVersProdX.sh index a85ca32..340b23f 100755 --- a/bin/migVersProdX.sh +++ b/bin/migVersProdX.sh @@ -9,7 +9,6 @@ KAZ_ROOT=$(cd "$(dirname $0)/.."; pwd) setKazVars . $DOCKERS_ENV -. $KAZ_ROOT/secret/SetAllPass.sh . $KAZ_ROOT/secret/env-kaz @@ -133,6 +132,7 @@ for orgaLong in ${Orgas}; do ${SIMU} rsync -aAhHX --info=progress2 --delete "${DOCK_VOL_PAHEKO_ORGA}/${orgaCourt}" -e "ssh -p 2201" root@${SITE_DST}.${domain}:"${DOCK_VOL_PAHEKO_ORGA}/" fi ${SIMU} rsync -aAhHX --info=progress2 --delete ${KAZ_COMP_DIR}/${orgaLong} -e "ssh -p 2201" root@${SITE_DST}.${domain}:${KAZ_COMP_DIR}/ + ${SIMU} rsync -aAhHX --info=progress2 --delete ${KAZ_KEY_DIR}/orgas/${orgaCourt} -e "ssh -p 2201" root@${SITE_DST}.${domain}:${KAZ_KEY_DIR}/orgas/${orgaCourt} ${SIMU} ssh -p 2201 root@${SITE_DST}.${domain} "grep -q '^${orgaLong}\$' /kaz/config/container-orga.list || echo ${orgaLong} >> /kaz/config/container-orga.list" ${SIMU} ssh -p 2201 root@${SITE_DST}.${domain} ${KAZ_COMP_DIR}/${orgaLong}/init-volume.sh diff --git a/bin/migration.sh b/bin/migration.sh index 8e48f76..3b90d22 100755 --- a/bin/migration.sh +++ b/bin/migration.sh @@ -20,8 +20,7 @@ ${SIMU} "${CV1}" stop orga ${SIMU} "${CV1}" stop ${SIMU} rsync "${EV1}/dockers.env" "${EV2}/" -${SIMU} rsync "${SV1}/SetAllPass.sh" "${SV2}/" -${SIMU} "${BV2}/updateDockerPassword.sh" +${SIMU} rsync "${SV1}/" "${SV2}/" # XXX ? rsync /kaz/secret/allow_admin_ip /kaz-git/secret/allow_admin_ip diff --git a/bin/nextcloud_maintenance.sh b/bin/nextcloud_maintenance.sh index 0823fbb..3e3561f 100755 --- a/bin/nextcloud_maintenance.sh +++ b/bin/nextcloud_maintenance.sh @@ -4,12 +4,12 @@ KAZ_ROOT=/kaz . $KAZ_ROOT/bin/.commonFunctions.sh setKazVars . $DOCKERS_ENV -. $KAZ_ROOT/secret/SetAllPass.sh URL_AGORA=https://$matterHost.$domain/api/v4 EQUIPE=kaz PostMattermost() { + . $KAZ_KEY_DIR/env-mattermostAdmin PostM=$1 CHANNEL=$2 TEAMID=$(curl -s -H "Authorization: Bearer ${mattermost_token}" "${URL_AGORA}/teams/name/${EQUIPE}" | jq .id | sed -e 's/"//g') diff --git a/bin/postfix-superviz.sh b/bin/postfix-superviz.sh index 1ce6191..39f6efa 100755 --- a/bin/postfix-superviz.sh +++ b/bin/postfix-superviz.sh @@ -6,7 +6,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd) setKazVars . $DOCKERS_ENV -. $KAZ_ROOT/secret/SetAllPass.sh URL_AGORA=$(echo $matterHost).$(echo $domain) MAX_QUEUE=50 @@ -15,6 +14,8 @@ OLDIFS=$IFS IFS=" " COUNT_MAILQ=$(docker exec -t mailServ mailq | tail -n1 | gawk '{print $5}') +# récupération mots de passes +. $KAZ_KEY_DIR/env-mattermostAdmin docker exec ${mattermostServName} bin/mmctl --suppress-warnings auth login $httpProto://$URL_AGORA --name local-server --username $mattermost_user --password $mattermost_pass >/dev/null 2>&1 if [ "${COUNT_MAILQ}" -gt "${MAX_QUEUE}" ]; then diff --git a/bin/secretGen.sh b/bin/secretGen.sh index b5f0252..4a209b8 100755 --- a/bin/secretGen.sh +++ b/bin/secretGen.sh @@ -3,70 +3,137 @@ KAZ_ROOT=$(cd "$(dirname $0)/.."; pwd) . "${KAZ_ROOT}/bin/.commonFunctions.sh" setKazVars +. $DOCKERS_ENV cd "${KAZ_ROOT}" NEW_DIR="secret" TMPL_DIR="secret.tmpl" +SORTIESTANDARD=1 +DIR=$KAZ_KEY_DIR +ORGA= if [ ! -d "${NEW_DIR}/" ]; then rsync -a "${TMPL_DIR}/" "${NEW_DIR}/" fi -NEW_FILE="${NEW_DIR}/SetAllPass-new.sh" -TMPL_FILE="${NEW_DIR}/SetAllPass.sh" +usage() { +echo "${PRG} [OPTIONS] [filename ...] + # PARCOURE LES ENV FILE ET REMPLIT LES --clean_val-- qui n'ont pas été complétés. + on cherche des + @@pass@@***@@p@@ -> on génère un mot de passe 16car (les *** permettent d'identifier le mot de passe, s'il doit être utilisé ailleurs) + @@db@@***@@d@@ -> on génère une base de données (pareil identifié par ***) + @@user@@***@@u@@ -> on génère un user + @@token@@***@@t@@ -> on génère un token + @@globalvar@@***@@gv@@ -> on cherche la variable globale *** + @@crossvar@@envname_varname@@cv@@ -> on retrouve la variable dans les envfiles -while read line ; do - if [[ "${line}" =~ ^# ]] || [ -z "${line}" ] ; then - echo "${line}" - continue - fi - if [[ "${line}" =~ "--clean_val--" ]] ; then - case "${line}" in - *jirafeau_DATA_DIR*) - JIRAFEAU_DIR=$(getValInFile "${DOCKERS_ENV}" "jirafeauDir") - [ -z "${JIRAFEAU_DIR}" ] && - echo "${line}" || - sed "s%\(.*\)--clean_val--\(.*\)%\1${JIRAFEAU_DIR}\2%" <<< ${line} - continue - ;; - *DATABASE*|*DB_NAME*) - dbName="$(sed "s/\([^_]*\)_.*/\1/" <<< ${line})_$(apg -n 1 -m 2 -M NCL | cut -c 1-2)" - sed "s/\(.*\)--clean_val--\(.*\)/\1${dbName}\2/" <<< ${line} - continue - ;; - *ROOT_PASSWORD*|*PASSWORD*|*SECRET*) - pass="$(apg -n 1 -m 16 -M NCL)" - sed "s/\(.*\)--clean_val--\(.*\)/\1${pass}\2/" <<< ${line} - continue - ;; - *USER*) - user="$(sed "s/\([^_]*\)_.*/\1/" <<< ${line})_$(apg -n 1 -m 2 -M NCL | cut -c 1-2)" - sed "s/\(.*\)--clean_val--\(.*\)/\1${user}\2/" <<< ${line} - continue - ;; - *RAIN_LOOP*|*office_password*|*mattermost_*|*sympa_*|*gitea_*) - pass="$(apg -n 1 -m 16 -M NCL)" - sed "s/\(.*\)--clean_val--\(.*\)/\1${pass}\2/" <<< ${line} - continue - ;; - *vaultwarden_ADMIN_TOKEN*) - pass="$(apg -n 1 -m 32 -M NCL)" - sed "s/\(.*\)--clean_val--\(.*\)/\1${pass}\2/" <<< ${line} - continue - ;; - esac + Si on précise des fichiers, alors il ne remplace que dans ceux là (et on "lie" les clean-val ensemble !!!) +OPTIONS + -h|--help Cette aide :-) + -n|--simu SIMULATION + -q|--quiet Sans bruits de fond + -d foldername prend les envfiles dans un sous dossier /kaz/secret/orgas/foldername/ (pour les orgas !) + - + +" +} + +for ARG in "$@"; do + if [ -n "${DIRECTORYARG}" ]; then # après un -d + DIR=$KAZ_KEY_DIR/orgas/${ARG} + ORGA=${ARG} + DIRECTORYARG= else - echo "${line}" - continue + + case "${ARG}" in + '-d' | '--directory' | '-f' | '--folder' | '--foldername') + DIRECTORYARG="ON ATTEND UN REPERTOIRE APRES CA" ;; + '-h' | '--help' ) + usage && exit ;; + '-n' | '--simu') + SIMU="echo" ;; + '-q' | '--quiet') + SORTIESTANDARD="/dev/null" ;; + *) + ENVFILES="${ENVFILES} ${ARG%}";; + esac fi - printKazError "${line}" >&2 -done < "${TMPL_FILE}" > "${NEW_FILE}" +done -mv "${NEW_FILE}" "${TMPL_FILE}" +NB_FILES=$(echo "${ENVFILES}" | wc -w ) -chmod a+x "${TMPL_FILE}" -. "${TMPL_FILE}" -"${KAZ_BIN_DIR}/updateDockerPassword.sh" +if [[ $NB_FILES = 0 ]]; then + ENVFILES=$(grep -lE '@@pass@@|@@db@@|@@user@@|@@token@@|@@globalvar@@|@@crossvar@@' $DIR/* | sed 's/.*\///') # +fi + + + +secretGen(){ + # $1 Le env-file à compléter + + FILENAME=$DIR/$1 + + NBMATCH=$(grep -lE '@@pass@@|@@db@@|@@user@@|@@token@@|@@globalvar@@' $FILENAME | wc -l) # est ce qu'il y a des choses à génrérer + if [[ $NBMATCH = 0 ]]; then + true + # rien à faire dans ce fichier, on passe + else + echo "Remplissage $FILENAME" >& $SORTIESTANDARD + db="$(apg -n 1 -m 2 -M NCL | cut -c 1-2)" + pass="$(apg -n 1 -m 16 -M NCL)" + token="$(apg -n 1 -m 32 -M NCL)" + user="$(apg -n 1 -m 2 -M NCL | cut -c 1-2)" + + dbs=$(grep -Eo '@@db@@[^@]*@@d@@' $FILENAME | sed -e 's/@@db@@//' -e 's/@@d@@//') + passwords=$(grep -Eo '@@pass@@[^@]*@@p@@' $FILENAME | sed -e 's/@@pass@@//' -e 's/@@p@@//') + tokens=$(grep -Eo '@@token@@[^@]*@@t@@' $FILENAME | sed -e 's/@@token@@//' -e 's/@@t@@//') + users=$(grep -Eo '@@user@@[^@]*@@u@@' $FILENAME | sed -e 's/@@user@@//' -e 's/@@u@@//') + globalvars=$(grep -Eo '@@globalvar@@[^@]*@@gv@@' $FILENAME | sed -e 's/@@globalvar@@//' -e 's/@@gv@@//') + + for dbName in $dbs; do $SIMU sed -i "s/@@db@@$dbName@@d@@/${dbName}_$db/" $DIR/*; done + for pw in $passwords; do $SIMU sed -i "s/@@pass@@$pw@@p@@/${pass}/" $DIR/*; done + for tk in $tokens; do $SIMU sed -i "s/@@token@@$tk@@t@@/${token}/" $DIR/*; done + for u in $users; do $SIMU sed -i "s/@@user@@$u@@u@@/${u}_$user/" $DIR/*; done + for var in $globalvars; do $SIMU sed -i "s/@@globalvar@@$var@@gv@@/${!var}/" $DIR/*; done + fi + +} + + + +crossVarComplete(){ + # $1 Le env-file à compléter + + FILENAME=$DIR/$1 + + NBMATCH=$(grep -lE '@@crossvar@@' $FILENAME | wc -l) # est ce qu'il y a des cross-var à récupérer + if [[ $NBMATCH = 0 ]]; then + true + # rien à faire dans ce fichier, on passe + else + echo "Remplissage $FILENAME" >& $SORTIESTANDARD + + varnames=$(grep -Eo '@@crossvar@@[^@]*@@cv@@' $FILENAME | sed -e 's/@@crossvar@@//' -e 's/@@cv@@//') + for varname in $varnames; do + envname=${varname%%_*} + value=$(/$KAZ_BIN_DIR/getPasswords.sh -e $varname $envname -d $ORGA) + $SIMU sed -i "s/@@crossvar@@$varname@@cv@@/${value}/" $DIR/*; + + done + + fi + +} + + +for ENVFILE in $ENVFILES; do + secretGen "$ENVFILE" +done + + +for ENVFILE in $ENVFILES; do + crossVarComplete "$ENVFILE" +done exit 0 diff --git a/bin/updateDockerPassword.sh b/bin/updateDockerPassword.sh deleted file mode 100755 index fb4f201..0000000 --- a/bin/updateDockerPassword.sh +++ /dev/null @@ -1,127 +0,0 @@ -#!/bin/bash - -KAZ_ROOT=$(cd $(dirname $0)/..; pwd) -. "${KAZ_ROOT}/bin/.commonFunctions.sh" -setKazVars - -# pour mise au point -# SIMU=echo - -# Améliorations à prévoir -# - donner en paramètre les services concernés (pour limité les modifications) -# - pour les DB si on déclare un nouveau login, alors les privilèges sont créé mais les anciens pas révoqués - -. "${DOCKERS_ENV}" -. "${KAZ_KEY_DIR}/SetAllPass.sh" - -updateEnvDB(){ - # $1 = prefix - # $2 = envName - # $3 = containerName of DB - rootPass="$1_MYSQL_ROOT_PASSWORD" - dbName="$1_MYSQL_DATABASE" - userName="$1_MYSQL_USER" - userPass="$1_MYSQL_PASSWORD" - - ${SIMU} sed -i \ - -e "s/MYSQL_ROOT_PASSWORD=.*/MYSQL_ROOT_PASSWORD=${!rootPass}/g" \ - -e "s/MYSQL_DATABASE=.*/MYSQL_DATABASE=${!dbName}/g" \ - -e "s/MYSQL_USER=.*/MYSQL_USER=${!userName}/g" \ - -e "s/MYSQL_PASSWORD=.*/MYSQL_PASSWORD=${!userPass}/g" \ - "$2" - - # seulement si pas de mdp pour root - # pb oeuf et poule (il faudrait les anciennes valeurs) : - # * si rootPass change, faire à la main - # * si dbName change, faire à la main - checkDockerRunning "$3" "$3" || return - echo "change DB pass on docker $3" - echo "grant all privileges on ${!dbName}.* to '${!userName}' identified by '${!userPass}';" | \ - docker exec -i $3 bash -c "mysql --user=root --password=${!rootPass}" -} - -updateEnv(){ - # $1 = prefix - # $2 = envName - - for varName in $(grep "^[a-zA-Z_]*=" $2 | sed "s/^\([^=]*\)=.*/\1/g") - do - srcName="$1_${varName}" - srcVal=$(echo "${!srcName}" | sed -e "s/[&]/\\\&/g") - ${SIMU} sed -i \ - -e "s%^[ ]*${varName}=.*\$%${varName}=${srcVal}%" \ - "$2" - done -} - -framadateUpdate(){ - [[ "${COMP_ENABLE}" =~ " framadate " ]] || return - if [ ! -f "${DOCK_LIB}/volumes/framadate_dateConfig/_data/config.php" ]; then - return 0 - fi - checkDockerRunning "${framadateServName}" "Framadate" && - ${SIMU} docker exec -ti "${framadateServName}" bash -c -i "htpasswd -bc /var/framadate/admin/.htpasswd ${framadate_HTTPD_USER} ${framadate_HTTPD_PASSWORD}" - ${SIMU} sed -i \ - -e "s/^#*const DB_USER[ ]*=.*$/const DB_USER= '${framadate_MYSQL_USER}';/g" \ - -e "s/^#*const DB_PASSWORD[ ]*=.*$/const DB_PASSWORD= '${framadate_MYSQL_PASSWORD}';/g" \ - "${DOCK_LIB}/volumes/framadate_dateConfig/_data/config.php" -} - -jirafeauUpdate(){ - [[ "${COMP_ENABLE}" =~ " jirafeau " ]] || return - if [ ! -f "${DOCK_LIB}/volumes/jirafeau_fileConfig/_data/config.local.php" ]; then - return 0 - fi - SHA=$(echo -n "${jirafeau_HTTPD_PASSWORD}" | sha256sum | cut -d \ -f 1) - ${SIMU} sed -i \ - -e "s/'admin_password'[ ]*=>[ ]*'[^']*'/'admin_password' => '${SHA}'/g" \ - "${DOCK_LIB}/volumes/jirafeau_fileConfig/_data/config.local.php" -} - -#################### -# main - -updateEnvDB "etherpad" "${KAZ_KEY_DIR}/env-${etherpadDBName}" "${etherpadDBName}" -updateEnvDB "framadate" "${KAZ_KEY_DIR}/env-${framadateDBName}" "${framadateDBName}" -updateEnvDB "gitea" "${KAZ_KEY_DIR}/env-${gitDBName}" "${gitDBName}" -updateEnvDB "nextcloud" "${KAZ_KEY_DIR}/env-${nextcloudDBName}" "${nextcloudDBName}" -updateEnvDB "roundcube" "${KAZ_KEY_DIR}/env-${roundcubeDBName}" "${roundcubeDBName}" -updateEnvDB "sympa" "${KAZ_KEY_DIR}/env-${sympaDBName}" "${sympaDBName}" -updateEnvDB "vigilo" "${KAZ_KEY_DIR}/env-${vigiloDBName}" "${vigiloDBName}" -updateEnvDB "wp" "${KAZ_KEY_DIR}/env-${wordpressDBName}" "${wordpressDBName}" -updateEnvDB "vaultwarden" "${KAZ_KEY_DIR}/env-${vaultwardenDBName}" "${vaultwardenDBName}" -updateEnvDB "castopod" "${KAZ_KEY_DIR}/env-${castopodDBName}" "${castopodDBName}" -updateEnvDB "spip" "${KAZ_KEY_DIR}/env-${spipDBName}" "${spipDBName}" -updateEnvDB "mastodon" "${KAZ_KEY_DIR}/env-${mastodonDBName}" "${mastodonDBName}" - -updateEnv "apikaz" "${KAZ_KEY_DIR}/env-${apikazServName}" -updateEnv "ethercalc" "${KAZ_KEY_DIR}/env-${ethercalcServName}" -updateEnv "etherpad" "${KAZ_KEY_DIR}/env-${etherpadServName}" -updateEnv "framadate" "${KAZ_KEY_DIR}/env-${framadateServName}" -updateEnv "gandi" "${KAZ_KEY_DIR}/env-gandi" -updateEnv "gitea" "${KAZ_KEY_DIR}/env-${gitServName}" -updateEnv "jirafeau" "${KAZ_KEY_DIR}/env-${jirafeauServName}" -updateEnv "mattermost" "${KAZ_KEY_DIR}/env-${mattermostServName}" -updateEnv "mattermost" "${KAZ_KEY_DIR}/env-${mattermostDBName}" -updateEnv "nextcloud" "${KAZ_KEY_DIR}/env-${nextcloudServName}" -updateEnv "office" "${KAZ_KEY_DIR}/env-${officeServName}" -updateEnv "roundcube" "${KAZ_KEY_DIR}/env-${roundcubeServName}" -updateEnv "vigilo" "${KAZ_KEY_DIR}/env-${vigiloServName}" -updateEnv "wp" "${KAZ_KEY_DIR}/env-${wordpressServName}" -updateEnv "ldap" "${KAZ_KEY_DIR}/env-${ldapServName}" -updateEnv "sympa" "${KAZ_KEY_DIR}/env-${sympaServName}" -updateEnv "mail" "${KAZ_KEY_DIR}/env-${smtpServName}" -updateEnv "mobilizon" "${KAZ_KEY_DIR}/env-${mobilizonServName}" -updateEnv "mobilizon" "${KAZ_KEY_DIR}/env-${mobilizonDBName}" -updateEnv "vaultwarden" "${KAZ_KEY_DIR}/env-${vaultwardenServName}" -updateEnv "castopod" "${KAZ_KEY_DIR}/env-${castopodServName}" -updateEnv "spip" "${KAZ_KEY_DIR}/env-${spipServName}" -updateEnv "ldap" "${KAZ_KEY_DIR}/env-${ldapUIName}" -updateEnv "peertube" "${KAZ_KEY_DIR}/env-${peertubeServName}" -updateEnv "peertube" "${KAZ_KEY_DIR}/env-${peertubeDBName}" "${peertubeDBName}" -updateEnv "mastodon" "${KAZ_KEY_DIR}/env-${mastodonServName}" - - -framadateUpdate -jirafeauUpdate -exit 0 diff --git a/bin/verifExistenceMails.sh b/bin/verifExistenceMails.sh index d87ff63..52adb2d 100755 --- a/bin/verifExistenceMails.sh +++ b/bin/verifExistenceMails.sh @@ -12,7 +12,6 @@ setKazVars cd $(dirname $0)/.. . "${DOCKERS_ENV}" -. "${KAZ_KEY_DIR}/SetAllPass.sh" DOCK_DIR=$KAZ_COMP_DIR diff --git a/config/dockers.tmpl.env b/config/dockers.tmpl.env index 6061f4e..3a47c30 100644 --- a/config/dockers.tmpl.env +++ b/config/dockers.tmpl.env @@ -159,3 +159,8 @@ apikazServName=apikazServ # services activés par container.sh # variables d'environneements utilisées # pour le tmpl du mandataire (proxy) + + +################## +#qui on envoi le mail d'inscription ? +EMAIL_CONTACT="toto@kaz.bzh" \ No newline at end of file diff --git a/config/orgaTmpl/app/Dockerfile b/config/orgaTmpl/app/Dockerfile deleted file mode 100644 index 539d978..0000000 --- a/config/orgaTmpl/app/Dockerfile +++ /dev/null @@ -1,58 +0,0 @@ -FROM alpine:3.17 - -# Some ENV variables -ENV PATH="/mattermost/bin:${PATH}" -#ENV MM_VERSION=5.32.0 -ENV MM_VERSION=6.1.0 -ENV MM_INSTALL_TYPE=docker - -# Build argument to set Mattermost edition -ARG edition=enterprise -ARG PUID=2000 -ARG PGID=2000 -ARG MM_BINARY= - - -# Install some needed packages -RUN apk add --no-cache \ - ca-certificates \ - curl \ - jq \ - libc6-compat \ - libffi-dev \ - libcap \ - linux-headers \ - mailcap \ - netcat-openbsd \ - xmlsec-dev \ - tzdata \ - && rm -rf /tmp/* - -# Get Mattermost -RUN mkdir -p /mattermost/data /mattermost/plugins /mattermost/client/plugins \ - && if [ ! -z "$MM_BINARY" ]; then curl $MM_BINARY | tar -xvz ; \ - elif [ "$edition" = "team" ] ; then curl https://releases.mattermost.com/$MM_VERSION/mattermost-team-$MM_VERSION-linux-amd64.tar.gz?src=docker-app | tar -xvz ; \ - else curl https://releases.mattermost.com/$MM_VERSION/mattermost-$MM_VERSION-linux-amd64.tar.gz?src=docker-app | tar -xvz ; fi \ - && cp /mattermost/config/config.json /config.json.save \ - && rm -rf /mattermost/config/config.json \ - && addgroup -g ${PGID} mattermost \ - && adduser -D -u ${PUID} -G mattermost -h /mattermost -D mattermost \ - && chown -R mattermost:mattermost /mattermost /config.json.save /mattermost/plugins /mattermost/client/plugins \ - && setcap cap_net_bind_service=+ep /mattermost/bin/mattermost - -USER mattermost - -#Healthcheck to make sure container is ready -HEALTHCHECK CMD curl --fail http://localhost:8000 || exit 1 - -# Configure entrypoint and command -COPY entrypoint.sh / -ENTRYPOINT ["/entrypoint.sh"] -WORKDIR /mattermost -CMD ["mattermost"] - -# Expose port 8000 of the container -EXPOSE 8000 - -# Declare volumes for mount point directories -VOLUME ["/mattermost/data", "/mattermost/logs", "/mattermost/config", "/mattermost/plugins", "/mattermost/client/plugins"] diff --git a/config/orgaTmpl/app/entrypoint.sh b/config/orgaTmpl/app/entrypoint.sh deleted file mode 100755 index f58bc71..0000000 --- a/config/orgaTmpl/app/entrypoint.sh +++ /dev/null @@ -1,82 +0,0 @@ -#!/bin/sh - -# Function to generate a random salt -generate_salt() { - tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 48 | head -n 1 -} - -# Read environment variables or set default values -DB_HOST=${DB_HOST:-db} -DB_PORT_NUMBER=${DB_PORT_NUMBER:-5432} -# see https://www.postgresql.org/docs/current/libpq-ssl.html -# for usage when database connection requires encryption -# filenames should be escaped if they contain spaces -# i.e. $(printf %s ${MY_ENV_VAR:-''} | jq -s -R -r @uri) -# the location of the CA file can be set using environment var PGSSLROOTCERT -# the location of the CRL file can be set using PGSSLCRL -# The URL syntax for connection string does not support the parameters -# sslrootcert and sslcrl reliably, so use these PostgreSQL-specified variables -# to set names if using a location other than default -DB_USE_SSL=${DB_USE_SSL:-disable} -MM_DBNAME=${MM_DBNAME:-mattermost} -MM_CONFIG=${MM_CONFIG:-/mattermost/config/config.json} - -_1=$(echo "$1" | awk '{ s=substr($0, 0, 1); print s; }' ) -if [ "$_1" = '-' ]; then - set -- mattermost "$@" -fi - -if [ "$1" = 'mattermost' ]; then - # Check CLI args for a -config option - for ARG in "$@"; do - case "$ARG" in - -config=*) MM_CONFIG=${ARG#*=};; - esac - done - - if [ ! -f "$MM_CONFIG" ]; then - # If there is no configuration file, create it with some default values - echo "No configuration file $MM_CONFIG" - echo "Creating a new one" - # Copy default configuration file - cp /config.json.save "$MM_CONFIG" - # Substitute some parameters with jq - jq '.ServiceSettings.ListenAddress = ":8000"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq '.LogSettings.EnableConsole = true' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq '.LogSettings.ConsoleLevel = "ERROR"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq '.FileSettings.Directory = "/mattermost/data/"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq '.FileSettings.EnablePublicLink = true' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq ".FileSettings.PublicLinkSalt = \"$(generate_salt)\"" "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq '.EmailSettings.SendEmailNotifications = false' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq '.EmailSettings.FeedbackEmail = ""' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq '.EmailSettings.SMTPServer = ""' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq '.EmailSettings.SMTPPort = ""' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq ".EmailSettings.InviteSalt = \"$(generate_salt)\"" "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq ".EmailSettings.PasswordResetSalt = \"$(generate_salt)\"" "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq '.RateLimitSettings.Enable = true' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq '.SqlSettings.DriverName = "postgres"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq ".SqlSettings.AtRestEncryptKey = \"$(generate_salt)\"" "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq '.PluginSettings.Directory = "/mattermost/plugins/"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - else - echo "Using existing config file $MM_CONFIG" - fi - - # Configure database access - if [ -z "$MM_SQLSETTINGS_DATASOURCE" ] && [ -n "$MM_USERNAME" ] && [ -n "$MM_PASSWORD" ]; then - echo "Configure database connection..." - # URLEncode the password, allowing for special characters - ENCODED_PASSWORD=$(printf %s "$MM_PASSWORD" | jq -s -R -r @uri) - export MM_SQLSETTINGS_DATASOURCE="postgres://$MM_USERNAME:$ENCODED_PASSWORD@$DB_HOST:$DB_PORT_NUMBER/$MM_DBNAME?sslmode=$DB_USE_SSL&connect_timeout=10" - echo "OK" - else - echo "Using existing database connection" - fi - - # Wait another second for the database to be properly started. - # Necessary to avoid "panic: Failed to open sql connection pq: the database system is starting up" - sleep 1 - - echo "Starting mattermost" -fi - -exec "$@" diff --git a/config/orgaTmpl/docker-compose.yml b/config/orgaTmpl/docker-compose.yml index 75c9758..a596b1c 100644 --- a/config/orgaTmpl/docker-compose.yml +++ b/config/orgaTmpl/docker-compose.yml @@ -4,21 +4,21 @@ services: #{{db db: image: mariadb:11.4 - container_name: ${orga}DB + container_name: ${orga}-DB #disk_quota: 10G command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW restart: ${restartPolicy} volumes: - - ./initdb.d:/docker-entrypoint-initdb.d:ro +# - ./initdb.d:/docker-entrypoint-initdb.d:ro - orgaDB:/var/lib/mysql - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro environment: - MARIADB_AUTO_UPGRADE=1 env_file: - - ../../secret/env-${nextcloudDBName} -# - ../../secret/env-${mattermostDBName} - - ../../secret/env-${wordpressDBName} + - ../../secret/orgas/${orga}/env-${nextcloudDBName} +# - ../../secret/orgas/${orga}/env-${mattermostDBName} + - ../../secret/orgas/${orga}/env-${wordpressDBName} networks: - orgaNet healthcheck: # utilisé par init-db.sh pour la créa d'orga @@ -34,7 +34,7 @@ services: #{{cloud cloud: image: nextcloud - container_name: ${orga}${nextcloudServName} + container_name: ${orga}-${nextcloudServName} #disk_quota: 10G restart: ${restartPolicy} networks: @@ -50,8 +50,8 @@ services: - ${smtpServName}:${smtpHost} labels: - "traefik.enable=true" - - "traefik.http.routers.${orga}${nextcloudServName}.rule=Host(`${orga}${cloudHost}.${domain}`){{FOREIGN_NC}}" - - "traefik.http.routers.${orga}${nextcloudServName}.middlewares=nextcloud-redirectregex1@file,nextcloud-redirectregex2@file" + - "traefik.http.routers.${orga}-${nextcloudServName}.rule=Host(`${orga}-${cloudHost}.${domain}`){{FOREIGN_NC}}" + - "traefik.http.routers.${orga}-${nextcloudServName}.middlewares=nextcloud-redirectregex1@file,nextcloud-redirectregex2@file" volumes: - cloudMain:/var/www/html - cloudData:/var/www/html/data @@ -63,10 +63,10 @@ services: - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro env_file: - - ../../secret/env-${nextcloudServName} - - ../../secret/env-${nextcloudDBName} + - ../../secret/orgas/${orga}/env-${nextcloudServName} + - ../../secret/orgas/${orga}/env-${nextcloudDBName} environment: - - NEXTCLOUD_TRUSTED_DOMAINS=${orga}${cloudHost}.${domain} + - NEXTCLOUD_TRUSTED_DOMAINS=${orga}-${cloudHost}.${domain} - SMTP_HOST=${smtpHost} - SMTP_PORT=25 - MAIL_DOMAIN=${domain} @@ -80,7 +80,7 @@ services: - edition=team - PUID=1000 - PGID=1000 - container_name: ${orga}${mattermostServName} + container_name: ${orga}-${mattermostServName} #disk_quota: 10G restart: ${restartPolicy} # memory: 1G @@ -109,20 +109,20 @@ services: - /etc/timezone:/etc/timezone:ro - /etc/environment:/etc/environment:ro env_file: - - ../../secret/env-${mattermostServName} + - ../../secret/orgas/${orga}/env-${mattermostServName} environment: - - VIRTUAL_HOST=${orga}${matterHost}.${domain} + - VIRTUAL_HOST=${orga}-${matterHost}.${domain} # in case your config is not in default location #- MM_CONFIG=/mattermost/config/config.json labels: - "traefik.enable=true" - - "traefik.http.routers.${orga}${mattermostServName}.rule=Host(`${orga}${matterHost}.${domain}`)" + - "traefik.http.routers.${orga}-${mattermostServName}.rule=Host(`${orga}-${matterHost}.${domain}`)" #}} #{{wp wordpress: image: wordpress - container_name: ${orga}${wordpressServName} + container_name: ${orga}-${wordpressServName} restart: ${restartPolicy} networks: - orgaNet @@ -136,17 +136,17 @@ services: external_links: - ${smtpServName}:${smtpHost}.${domain} env_file: - - ../../secret/env-${wordpressServName} + - ../../secret/orgas/${orga}/env-${wordpressServName} environment: - WORDPRESS_SMTP_HOST=${smtpHost}.${domain} - WORDPRESS_SMTP_PORT=25 # - WORDPRESS_SMTP_USERNAME # - WORDPRESS_SMTP_PASSWORD - # - WORDPRESS_SMTP_FROM=${orga} - - WORDPRESS_SMTP_FROM_NAME=${orga} + # - WORDPRESS_SMTP_FROM=${orga}- + - WORDPRESS_SMTP_FROM_NAME=${orga}- labels: - "traefik.enable=true" - - "traefik.http.routers.${orga}${wordpressServName}.rule=Host(`${orga}${wordpressHost}.${domain}`){{FOREIGN_WP}}" + - "traefik.http.routers.${orga}-${wordpressServName}.rule=Host(`${orga}-${wordpressHost}.${domain}`){{FOREIGN_WP}}" volumes: - wordpress:/var/www/html # - ../../config/orgaTmpl/wp:/usr/local/bin/wp:ro @@ -154,12 +154,12 @@ services: #{{wiki dokuwiki: image: mprasil/dokuwiki - container_name: ${orga}${dokuwikiServName} + container_name: ${orga}-${dokuwikiServName} #disk_quota: 10G restart: ${restartPolicy} labels: - "traefik.enable=true" - - "traefik.http.routers.${orga}${dokuwikiServName}.rule=Host(`${orga}${dokuwikiHost}.${domain}`){{FOREIGN_DW}}" + - "traefik.http.routers.${orga}-${dokuwikiServName}.rule=Host(`${orga}-${dokuwikiHost}.${domain}`){{FOREIGN_DW}}" volumes: - wikiData:/dokuwiki/data - wikiConf:/dokuwiki/conf @@ -175,7 +175,7 @@ services: #{{castopod castopod: image: castopod/castopod:latest - container_name: ${orga}${castopodServName} + container_name: ${orga}-${castopodServName} #disk_quota: 10G restart: ${restartPolicy} # memory: 1G @@ -193,27 +193,27 @@ services: volumes: - castopodMedia:/var/www/castopod/public/media environment: - CP_BASEURL: "https://${orga}${castopodHost}.${domain}" + CP_BASEURL: "https://${orga}-${castopodHost}.${domain}" CP_ANALYTICS_SALT: qldsgfliuzrbhgmkjbdbmkvb VIRTUAL_PORT: 8000 CP_CACHE_HANDLER: redis CP_REDIS_HOST: redis CP_DATABASE_HOSTNAME: db env_file: - - ../../secret/env-${castopodServName} - - ../../secret/env-${castopodDBName} + - ../../secret/orgas/${orga}/env-${castopodServName} + - ../../secret/orgas/${orga}/env-${castopodDBName} labels: - "traefik.enable=true" - - "traefik.http.routers.${orga}${castopodServName}.rule=Host(`${orga}${castopodHost}.${domain}`){{FOREIGN_POD}}" + - "traefik.http.routers.${orga}-${castopodServName}.rule=Host(`${orga}-${castopodHost}.${domain}`){{FOREIGN_POD}}" redis: image: redis:7.0-alpine - container_name: ${orga}castopodCache + container_name: ${orga}-castopodCache volumes: - castopodCache:/data networks: - orgaNet env_file: - - ../../secret/env-${castopodServName} + - ../../secret/orgas/${orga}/env-${castopodServName} command: --requirepass ${castopodRedisPassword} #}} #{{spip @@ -225,16 +225,16 @@ services: links: - db env_file: - - ../../secret/env-${spipServName} + - ../../secret/orgas/${orga}/env-${spipServName} environment: - SPIP_AUTO_INSTALL=1 - SPIP_DB_HOST=db - - SPIP_SITE_ADDRESS=https://${orga}${spipHost}.${domain} + - SPIP_SITE_ADDRESS=https://${orga}-${spipHost}.${domain} expose: - 80 labels: - "traefik.enable=true" - - "traefik.http.routers.${orga}${spipServName}.rule=Host(`${orga}${spipHost}.${domain}`){{FOREIGN_SPIP}}" + - "traefik.http.routers.${orga}-${spipServName}.rule=Host(`${orga}-${spipHost}.${domain}`){{FOREIGN_SPIP}}" networks: - orgaNet volumes: @@ -250,84 +250,84 @@ volumes: #{{db orgaDB: external: true - name: orga_${orga}orgaDB + name: orga_${orga}-orgaDB #}} #{{agora matterConfig: external: true - name: orga_${orga}matterConfig + name: orga_${orga}-matterConfig matterData: external: true - name: orga_${orga}matterData + name: orga_${orga}-matterData matterLogs: external: true - name: orga_${orga}matterLogs + name: orga_${orga}-matterLogs matterPlugins: external: true - name: orga_${orga}matterPlugins + name: orga_${orga}-matterPlugins matterClientPlugins: external: true - name: orga_${orga}matterClientPlugins + name: orga_${orga}-matterClientPlugins matterIcons: external: true name: matterIcons #{{cloud cloudMain: external: true - name: orga_${orga}cloudMain + name: orga_${orga}-cloudMain cloudData: external: true - name: orga_${orga}cloudData + name: orga_${orga}-cloudData cloudConfig: external: true - name: orga_${orga}cloudConfig + name: orga_${orga}-cloudConfig cloudApps: external: true - name: orga_${orga}cloudApps + name: orga_${orga}-cloudApps cloudCustomApps: external: true - name: orga_${orga}cloudCustomApps + name: orga_${orga}-cloudCustomApps cloudThemes: external: true - name: orga_${orga}cloudThemes + name: orga_${orga}-cloudThemes cloudPhp: external: true - name: orga_${orga}cloudPhp + name: orga_${orga}-cloudPhp #}} #{{wiki wikiData: external: true - name: orga_${orga}wikiData + name: orga_${orga}-wikiData wikiConf: external: true - name: orga_${orga}wikiConf + name: orga_${orga}-wikiConf wikiPlugins: external: true - name: orga_${orga}wikiPlugins + name: orga_${orga}-wikiPlugins wikiLibtpl: external: true - name: orga_${orga}wikiLibtpl + name: orga_${orga}-wikiLibtpl wikiLogs: external: true - name: orga_${orga}wikiLogs + name: orga_${orga}-wikiLogs #}} #{{wp wordpress: external: true - name: orga_${orga}wordpress + name: orga_${orga}-wordpress #}} #{{castopod castopodMedia: external: true - name: orga_${orga}castopodMedia + name: orga_${orga}-castopodMedia castopodCache: external: true - name: orga_${orga}castopodCache + name: orga_${orga}-castopodCache #}} #{{spip spip: external: true - name: orga_${orga}spip + name: orga_${orga}-spip #}} @@ -335,7 +335,7 @@ volumes: networks: orgaNet: external: true - name: ${orga}orgaNet + name: ${orga}-orgaNet # postfixNet: # external: # name: postfixNet diff --git a/config/orgaTmpl/init-db.sh b/config/orgaTmpl/init-db.sh index 1188fa5..c180c74 100755 --- a/config/orgaTmpl/init-db.sh +++ b/config/orgaTmpl/init-db.sh @@ -4,7 +4,6 @@ KAZ_ROOT=$(cd $(dirname $0)/../..; pwd) . "${KAZ_ROOT}/bin/.commonFunctions.sh" setKazVars . "${DOCKERS_ENV}" -. "${KAZ_KEY_DIR}/SetAllPass.sh" cd $(dirname $0) ORGA_DIR="$(basename "$(pwd)")" @@ -25,57 +24,66 @@ SQL="" for ARG in "$@"; do case "${ARG}" in 'cloud' ) + . $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudDB SQL="$SQL -CREATE DATABASE IF NOT EXISTS ${nextcloud_MYSQL_DATABASE}; +CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE}; -DROP USER IF EXISTS '${nextcloud_MYSQL_USER}'; -CREATE USER '${nextcloud_MYSQL_USER}'@'%'; +DROP USER IF EXISTS '${MYSQL_USER}'; +CREATE USER '${MYSQL_USER}'@'%'; -GRANT ALL ON ${nextcloud_MYSQL_DATABASE}.* TO '${nextcloud_MYSQL_USER}'@'%' IDENTIFIED BY '${nextcloud_MYSQL_PASSWORD}'; +GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}'; FLUSH PRIVILEGES;" ;; 'agora' ) + + . $KAZ_KEY_DIR/orgas/$ORGA/env-mattermostDB SQL="$SQL -CREATE DATABASE IF NOT EXISTS ${mattermost_MYSQL_DATABASE}; +CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE}; -DROP USER IF EXISTS '${mattermost_MYSQL_USER}'; -CREATE USER '${mattermost_MYSQL_USER}'@'%'; +DROP USER IF EXISTS '${MYSQL_USER}'; +CREATE USER '${MYSQL_USER}'@'%'; -GRANT ALL ON ${mattermost_MYSQL_DATABASE}.* TO '${mattermost_MYSQL_USER}'@'%' IDENTIFIED BY '${mattermost_MYSQL_PASSWORD}'; +GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}'; FLUSH PRIVILEGES;" ;; 'wp' ) + + . $KAZ_KEY_DIR/orgas/$ORGA/env-wpDB SQL="$SQL -CREATE DATABASE IF NOT EXISTS ${wp_MYSQL_DATABASE}; +CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE}; -DROP USER IF EXISTS '${wp_MYSQL_USER}'; -CREATE USER '${wp_MYSQL_USER}'@'%'; +DROP USER IF EXISTS '${MYSQL_USER}'; +CREATE USER '${MYSQL_USER}'@'%'; -GRANT ALL ON ${wp_MYSQL_DATABASE}.* TO '${wp_MYSQL_USER}'@'%' IDENTIFIED BY '${wp_MYSQL_PASSWORD}'; +GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}'; FLUSH PRIVILEGES;" ;; 'castopod' ) + + . $KAZ_KEY_DIR/orgas/$ORGA/env-castopodDB SQL="$SQL -CREATE DATABASE IF NOT EXISTS ${castopod_MYSQL_DATABASE}; +CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE}; -DROP USER IF EXISTS '${castopod_MYSQL_USER}'; -CREATE USER '${castopod_MYSQL_USER}'@'%'; +DROP USER IF EXISTS '${MYSQL_USER}'; +CREATE USER '${MYSQL_USER}'@'%'; -GRANT ALL ON ${castopod_MYSQL_DATABASE}.* TO '${castopod_MYSQL_USER}'@'%' IDENTIFIED BY '${castopod_MYSQL_PASSWORD}'; +GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}'; FLUSH PRIVILEGES;" ;; 'spip' ) + + . $KAZ_KEY_DIR/orgas/$ORGA/env-spipDB SQL="$SQL -CREATE DATABASE IF NOT EXISTS ${spip_MYSQL_DATABASE}; +CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE}; -DROP USER IF EXISTS '${spip_MYSQL_USER}'; -CREATE USER '${spip_MYSQL_USER}'@'%'; +DROP USER IF EXISTS '${MYSQL_USER}'; +CREATE USER '${MYSQL_USER}'@'%'; -GRANT ALL ON ${spip_MYSQL_DATABASE}.* TO '${spip_MYSQL_USER}'@'%' IDENTIFIED BY '${spip_MYSQL_PASSWORD}'; +GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}'; FLUSH PRIVILEGES;" ;; @@ -84,4 +92,4 @@ FLUSH PRIVILEGES;" esac done -echo $SQL | docker exec -i ${ORGA}-DB bash -c "mariadb --user=root --password=${wp_MYSQL_ROOT_PASSWORD}" +echo $SQL | docker exec -i ${ORGA}-DB bash -c "mariadb --user=root --password=${MYSQL_ROOT_PASSWORD}" diff --git a/config/orgaTmpl/init-volume.sh b/config/orgaTmpl/init-volume.sh index 5fe1b5e..c2f5c50 100755 --- a/config/orgaTmpl/init-volume.sh +++ b/config/orgaTmpl/init-volume.sh @@ -3,41 +3,41 @@ #docker network create postfix_mailNet #{{db -docker volume create --name=orga_${orga}orgaDB +docker volume create --name=orga_${orga}-orgaDB #}} #{{agora -docker volume create --name=orga_${orga}matterConfig -docker volume create --name=orga_${orga}matterData -docker volume create --name=orga_${orga}matterLogs -docker volume create --name=orga_${orga}matterPlugins -docker volume create --name=orga_${orga}matterClientPlugins +docker volume create --name=orga_${orga}-matterConfig +docker volume create --name=orga_${orga}-matterData +docker volume create --name=orga_${orga}-matterLogs +docker volume create --name=orga_${orga}-matterPlugins +docker volume create --name=orga_${orga}-matterClientPlugins docker volume create --name=matterIcons #}} #{{cloud -docker volume create --name=orga_${orga}cloudMain -docker volume create --name=orga_${orga}cloudData -docker volume create --name=orga_${orga}cloudConfig -docker volume create --name=orga_${orga}cloudApps -docker volume create --name=orga_${orga}cloudCustomApps -docker volume create --name=orga_${orga}cloudThemes -docker volume create --name=orga_${orga}cloudPhp -chown 33:33 /var/lib/docker/volumes/orga_${orga}cloud*/_data +docker volume create --name=orga_${orga}-cloudMain +docker volume create --name=orga_${orga}-cloudData +docker volume create --name=orga_${orga}-cloudConfig +docker volume create --name=orga_${orga}-cloudApps +docker volume create --name=orga_${orga}-cloudCustomApps +docker volume create --name=orga_${orga}-cloudThemes +docker volume create --name=orga_${orga}-cloudPhp +chown 33:33 /var/lib/docker/volumes/orga_${orga}-cloud*/_data #}} #{{wiki -docker volume create --name=orga_${orga}wikiData -docker volume create --name=orga_${orga}wikiConf -docker volume create --name=orga_${orga}wikiPlugins -docker volume create --name=orga_${orga}wikiLibtpl -docker volume create --name=orga_${orga}wikiLogs +docker volume create --name=orga_${orga}-wikiData +docker volume create --name=orga_${orga}-wikiConf +docker volume create --name=orga_${orga}-wikiPlugins +docker volume create --name=orga_${orga}-wikiLibtpl +docker volume create --name=orga_${orga}-wikiLogs #}} #{{wp -docker volume create --name=orga_${orga}wordpress +docker volume create --name=orga_${orga}-wordpress #}} #{{castopod -docker volume create --name=orga_${orga}castopodCache -docker volume create --name=orga_${orga}castopodMedia +docker volume create --name=orga_${orga}-castopodCache +docker volume create --name=orga_${orga}-castopodMedia #}} #{{spip -docker volume create --name=orga_${orga}spip +docker volume create --name=orga_${orga}-spip #}} diff --git a/config/orgaTmpl/initdb.d/orga.sql b/config/orgaTmpl/initdb.d/orga.sql deleted file mode 100644 index 6fc5ea0..0000000 --- a/config/orgaTmpl/initdb.d/orga.sql +++ /dev/null @@ -1,3 +0,0 @@ -CREATE DATABASE IF NOT EXISTS nextcloud; -CREATE DATABASE IF NOT EXISTS mattermost; -CREATE DATABASE IF NOT EXISTS wpdb; diff --git a/config/orgaTmpl/orga-gen.sh b/config/orgaTmpl/orga-gen.sh index 3759a52..ef4ca34 100755 --- a/config/orgaTmpl/orga-gen.sh +++ b/config/orgaTmpl/orga-gen.sh @@ -389,7 +389,7 @@ update() { -e "s/{{FOREIGN_DW}}/${FOREIGN_DW}/"\ -e "s/{{FOREIGN_POD}}/${FOREIGN_POD}/"\ -e "s/{{FOREIGN_SPIP}}/${FOREIGN_SPIP}/"\ - -e "s|\${orga}|${ORGA}-|g" + -e "s|\${orga}|${ORGA}|g" ) > "$2" sed "s/storage_opt:.*/storage_opt: ${quota}/g" -i "$2" } @@ -412,13 +412,18 @@ if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then ln -sf ../../config/orgaTmpl/orga-gen.sh ln -sf ../../config/orgaTmpl/orga-rm.sh ln -sf ../../config/orgaTmpl/init-paheko.sh - ln -sf ../../config/orgaTmpl/initdb.d/ + #ln -sf ../../config/orgaTmpl/initdb.d/ ln -sf ../../config/orgaTmpl/app/ ln -sf ../../config/orgaTmpl/wiki-conf/ ln -sf ../../config/orgaTmpl/reload.sh ln -sf ../../config/orgaTmpl/init-db.sh fi +if [ ! -d "${KAZ_KEY_DIR}/orgas/$ORGA/" ]; then + rsync -a "${KAZ_CONF_DIR}/orgaTmpl/secret.tmpl/" "${KAZ_KEY_DIR}/orgas/$ORGA/" + ${KAZ_BIN_DIR}/secretGen.sh -d $ORGA +fi + if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then # ########## update ${DOCKERS_ENV} if ! grep -q "proxy_orga=" .env 2> /dev/null @@ -438,6 +443,12 @@ if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then fi if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then + + + # ########## create network + ## GAEL bizarre, je pense que c'est déjà fait qque part, mais chez moi ça veut pas ... + docker network create "${ORGA}-orgaNet" + # ########## create volume ./init-volume.sh fi diff --git a/config/orgaTmpl/orga-rm.sh b/config/orgaTmpl/orga-rm.sh index df11806..35a5924 100755 --- a/config/orgaTmpl/orga-rm.sh +++ b/config/orgaTmpl/orga-rm.sh @@ -40,6 +40,8 @@ remove () { sed -i -e "/proxy_${ORGA_FLAG}=/d" "${DOCKERS_ENV}" sed -i -e "/^${ORGA}-orga$/d" "${ORGA_LIST}" rm -fr "${KAZ_COMP_DIR}/${ORGA}-orga" + + rm -fr "${KAZ_KEY_DIR}/orgas/${ORGA}" exit;; [Nn]* ) diff --git a/config/orgaTmpl/secret.tmpl/env-castopodAdmin b/config/orgaTmpl/secret.tmpl/env-castopodAdmin new file mode 100644 index 0000000..1b822a4 --- /dev/null +++ b/config/orgaTmpl/secret.tmpl/env-castopodAdmin @@ -0,0 +1,3 @@ +ADMIN_USER=@@pass@@castopod2@@p@@ +ADMIN_MAIL=admin@@@globalvar@@domain@@gv@@ +ADMIN_PASSWORD=@@pass@@castopod3@@p@@ \ No newline at end of file diff --git a/config/orgaTmpl/secret.tmpl/env-castopodDB b/config/orgaTmpl/secret.tmpl/env-castopodDB new file mode 100644 index 0000000..013e682 --- /dev/null +++ b/config/orgaTmpl/secret.tmpl/env-castopodDB @@ -0,0 +1,4 @@ +MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@ +MYSQL_USER=@@user@@castopod1@@u@@ +MYSQL_PASSWORD=@@pass@@castopod1@@p@@ +MYSQL_DATABASE=@@db@@castopod1@@d@@ \ No newline at end of file diff --git a/config/orgaTmpl/secret.tmpl/env-castopodServ b/config/orgaTmpl/secret.tmpl/env-castopodServ new file mode 100644 index 0000000..52aafc4 --- /dev/null +++ b/config/orgaTmpl/secret.tmpl/env-castopodServ @@ -0,0 +1,7 @@ +CP_EMAIL_SMTP_HOST= +CP_EMAIL_FROM= +CP_EMAIL_SMTP_USERNAME= +CP_EMAIL_SMTP_PASSWORD= +CP_EMAIL_SMTP_PORT= +CP_EMAIL_SMTP_CRYPTO= +CP_REDIS_PASSWORD= diff --git a/config/orgaTmpl/secret.tmpl/env-mattermostDB b/config/orgaTmpl/secret.tmpl/env-mattermostDB new file mode 100644 index 0000000..944893b --- /dev/null +++ b/config/orgaTmpl/secret.tmpl/env-mattermostDB @@ -0,0 +1,9 @@ + +MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@ +MYSQL_DATABASE=@@db@@mattermost@@d@@ +MYSQL_USER=@@user@@mattermost@@u@@ +MYSQL_PASSWORD=@@pass@@mattermost@@p@@ + +POSTGRES_USER=@@user@@mattermost@@u@@ +POSTGRES_PASSWORD=@@pass@@mattermost@@p@@ +POSTGRES_DB=@@db@@mattermost@@d@@ diff --git a/config/orgaTmpl/secret.tmpl/env-mattermostServ b/config/orgaTmpl/secret.tmpl/env-mattermostServ new file mode 100644 index 0000000..2a236b0 --- /dev/null +++ b/config/orgaTmpl/secret.tmpl/env-mattermostServ @@ -0,0 +1,5 @@ +MM_ADMIN_EMAIL=@@globalvar@@matterHost@@gv@@@@@globalvar@@domain@@gv@@ +MM_ADMIN_USER=@@user@@mattermost2@@u@@ +MM_ADMIN_PASSWORD=@@pass@@mattermost2@@p@@ +MM_SQLSETTINGS_DATASOURCE=postgres://@@user@@mattermost@@u@@:@@pass@@mattermost@@p@@@postgres:5432/@@db@@mattermost@@d@@?sslmode=disable&connect_timeout=10 + diff --git a/config/orgaTmpl/secret.tmpl/env-nextcloudDB b/config/orgaTmpl/secret.tmpl/env-nextcloudDB new file mode 100644 index 0000000..0084487 --- /dev/null +++ b/config/orgaTmpl/secret.tmpl/env-nextcloudDB @@ -0,0 +1,8 @@ + +MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@ +MYSQL_DATABASE=@@db@@nextcloud@@d@@ +MYSQL_USER=@@user@@nextcloud@@u@@ +MYSQL_PASSWORD=@@pass@@nextcloud@@p@@ + +#NC_MYSQL_USER= +#NC_MYSQL_PASSWORD= diff --git a/config/orgaTmpl/secret.tmpl/env-nextcloudServ b/config/orgaTmpl/secret.tmpl/env-nextcloudServ new file mode 100644 index 0000000..8f8e255 --- /dev/null +++ b/config/orgaTmpl/secret.tmpl/env-nextcloudServ @@ -0,0 +1,5 @@ + +NEXTCLOUD_ADMIN_USER=@@user@@nextcloudadmin@@u@@ +NEXTCLOUD_ADMIN_PASSWORD=@@pass@@nextcloudadmin@@p@@ +MYSQL_HOST=db +RAIN_LOOP=@@pass@@rainloop@@p@@ diff --git a/config/orgaTmpl/secret.tmpl/env-spipDB b/config/orgaTmpl/secret.tmpl/env-spipDB new file mode 100644 index 0000000..9fb0767 --- /dev/null +++ b/config/orgaTmpl/secret.tmpl/env-spipDB @@ -0,0 +1,4 @@ +MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@ +MYSQL_DATABASE=@@db@@spip@@d@@ +MYSQL_USER=@@user@@spip@@u@@ +MYSQL_PASSWORD=@@pass@@spip@@p@@ \ No newline at end of file diff --git a/config/orgaTmpl/secret.tmpl/env-spipServ b/config/orgaTmpl/secret.tmpl/env-spipServ new file mode 100644 index 0000000..2df5105 --- /dev/null +++ b/config/orgaTmpl/secret.tmpl/env-spipServ @@ -0,0 +1,10 @@ +SPIP_AUTO_INSTALL=1 +SPIP_DB_SERVER=mysql +SPIP_DB_NAME=@@db@@spip@@d@@ +SPIP_DB_LOGIN=@@user@@spip@@u@@ +SPIP_DB_PASS=@@pass@@spip@@p@@ +SPIP_ADMIN_NAME=admin +SPIP_ADMIN_LOGIN=@@user@@spipadmin@@u@@ +SPIP_ADMIN_EMAIL=admin@@@globalvar@@domain@@gv@@ +SPIP_ADMIN_PASS=@@pass@@spipadmin@@p@@ +PHP_TIMEZONE=Europe/Paris diff --git a/config/orgaTmpl/secret.tmpl/env-wpDB b/config/orgaTmpl/secret.tmpl/env-wpDB new file mode 100644 index 0000000..83e7c81 --- /dev/null +++ b/config/orgaTmpl/secret.tmpl/env-wpDB @@ -0,0 +1,4 @@ +MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@ +MYSQL_DATABASE=@@db@@wp@@d@@ +MYSQL_USER=@@user@@wp@@u@@ +MYSQL_PASSWORD=@@pass@@wp@@p@@ diff --git a/config/orgaTmpl/secret.tmpl/env-wpServ b/config/orgaTmpl/secret.tmpl/env-wpServ new file mode 100644 index 0000000..6400c9c --- /dev/null +++ b/config/orgaTmpl/secret.tmpl/env-wpServ @@ -0,0 +1,8 @@ +# share with wpDB + +WORDPRESS_DB_HOST=db:3306 +WORDPRESS_ADMIN_USER=@@user@@adminwp@@u@@ +WORDPRESS_ADMIN_PASSWORD=@@pass@@adminwp@@p@@ +WORDPRESS_DB_NAME=@@db@@wp@@d@@ +WORDPRESS_DB_USER=@@user@@wp@@u@@ +WORDPRESS_DB_PASSWORD=@@pass@@wp@@p@@ \ No newline at end of file diff --git a/config/orgaTmpl/wiki-conf/acl.auth.php b/config/orgaTmpl/wiki-conf/acl.auth.php deleted file mode 100644 index 11b3b5d..0000000 --- a/config/orgaTmpl/wiki-conf/acl.auth.php +++ /dev/null @@ -1,10 +0,0 @@ -# acl.auth.php -# -# Don't modify the lines above -# -# Access Control Lists -# -# Auto-generated by install script -# Date: Sat, 13 Feb 2021 17:42:28 +0000 -* @ALL 1 -* @user 8 diff --git a/config/orgaTmpl/wiki-conf/local.php b/config/orgaTmpl/wiki-conf/local.php deleted file mode 100644 index 117c4d9..0000000 --- a/config/orgaTmpl/wiki-conf/local.php +++ /dev/null @@ -1,26 +0,0 @@ - -# Don't modify the lines above -# -# Userfile -# -# Auto-generated by install script -# Date: Sat, 13 Feb 2021 17:42:28 +0000 -# -# Format: -# login:passwordhash:Real Name:email:groups,comma,separated - -admin:$2y$10$GYvFgViXeEUmDViplHEs7eoYV8tmbfsS8wA1vfHQ.tWgW14o9aTjy:admin:contact@kaz.bzh:admin,user diff --git a/config/proxy/proxy_params b/config/proxy/proxy_params deleted file mode 100644 index 073a27e..0000000 --- a/config/proxy/proxy_params +++ /dev/null @@ -1,21 +0,0 @@ - -#proxy_buffering off; -#proxy_set_header X-Forwarded-Host $host:$server_port; -#proxy_set_header X-Forwarded-Server $host; -#XXX pb proxy_set_header Connection $proxy_connection; - -proxy_buffers 256 16k; -proxy_buffer_size 16k; - -# mattermost -http2_push_preload on; # Enable HTTP/2 Server Push -add_header Strict-Transport-Security max-age=15768000; -proxy_set_header Host $http_host; -proxy_set_header X-Real-IP $remote_addr; -#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -proxy_set_header X-Forwarded-Proto $scheme; - -#proxy_hide_header 'x-frame-options'; -#proxy_set_header x-frame-options allowall; -proxy_set_header X-Frame-Options SAMEORIGIN; - diff --git a/dockers/castopod/first.sh b/dockers/castopod/first.sh index 4e8a6a0..09fd422 100755 --- a/dockers/castopod/first.sh +++ b/dockers/castopod/first.sh @@ -6,7 +6,6 @@ setKazVars cd $(dirname $0) . "${DOCKERS_ENV}" -. "${KAZ_KEY_DIR}/SetAllPass.sh" "${KAZ_BIN_DIR}/gestContainers.sh" --install -M -castopod diff --git a/dockers/cloud/first.sh b/dockers/cloud/first.sh index cab49a8..2a6a38f 100755 --- a/dockers/cloud/first.sh +++ b/dockers/cloud/first.sh @@ -4,7 +4,6 @@ KAZ_ROOT=$(cd $(dirname $0)/../..; pwd) . "${KAZ_ROOT}/bin/.commonFunctions.sh" setKazVars . "${DOCKERS_ENV}" -. $KAZ_ROOT/secret/SetAllPass.sh ${KAZ_BIN_DIR}/gestContainers.sh --install -M -cloud diff --git a/dockers/cloud/up.sh b/dockers/cloud/up.sh deleted file mode 100644 index 88cbf09..0000000 --- a/dockers/cloud/up.sh +++ /dev/null @@ -1,102 +0,0 @@ -#!/bin/bash - -KAZ_ROOT=$(cd $(dirname $0)/../..; pwd) -. "${KAZ_ROOT}/bin/.commonFunctions.sh" -setKazVars -. "${DOCKERS_ENV}" -. $KAZ_ROOT/secret/SetAllPass.sh - - -#"${KAZ_BIN_DIR}/initCloud.sh" - -docker exec -ti -u 33 nextcloudServ /var/www/html/occ app:enable user_ldap -docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:delete-config s01 -docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:create-empty-config -docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapAgentName cn=cloud,ou=applications,${ldap_root} -docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapAgentPassword ${ldap_LDAP_CLOUD_PASSWORD} -docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapAgentPassword ${ldap_LDAP_CLOUD_PASSWORD} -docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapBase ${ldap_root} -docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapBaseGroups ${ldap_root} -docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapBaseUsers ou=users,${ldap_root} -docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapExpertUsernameAttr identifiantKaz -docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapHost ${ldapServName} -docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapPort 389 -docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapTLS 0 -docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapLoginFilter "(&(objectclass=nextcloudAccount)(|(cn=%uid)(identifiantKaz=%uid)))" -docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapQuotaAttribute nextcloudQuota -docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapUserFilter "(&(objectclass=nextcloudAccount)(nextcloudEnabled=TRUE))" -docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapUserFilterObjectclass nextcloudAccount -docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapEmailAttribute mail -docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapUserDisplayName cn -docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapUserFilterMode 1 -docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapConfigurationActive 1 - -# Dans le mariadb, pour permettre au ldap de reprendre la main : delete from oc_users where uid<>'admin'; -# docker exec -i nextcloudDB mysql --user= --password= <<< "delete from oc_users where uid<>'admin';" - -# Doc : https://help.nextcloud.com/t/migration-to-ldap-keeping-users-and-data/13205 - -# Exemple de table/clés : -# +-------------------------------+----------------------------------------------------------+ -# | Configuration | s01 | -# +-------------------------------+----------------------------------------------------------+ -# | hasMemberOfFilterSupport | 0 | -# | homeFolderNamingRule | | -# | lastJpegPhotoLookup | 0 | -# | ldapAgentName | cn=cloud,ou=applications,dc=kaz,dc=sns | -# | ldapAgentPassword | *** | -# | ldapAttributesForGroupSearch | | -# | ldapAttributesForUserSearch | | -# | ldapBackgroundHost | | -# | ldapBackgroundPort | | -# | ldapBackupHost | | -# | ldapBackupPort | | -# | ldapBase | ou=users,dc=kaz,dc=sns | -# | ldapBaseGroups | ou=users,dc=kaz,dc=sns | -# | ldapBaseUsers | ou=users,dc=kaz,dc=sns | -# | ldapCacheTTL | 600 | -# | ldapConfigurationActive | 1 | -# | ldapConnectionTimeout | 15 | -# | ldapDefaultPPolicyDN | | -# | ldapDynamicGroupMemberURL | | -# | ldapEmailAttribute | mail | -# | ldapExperiencedAdmin | 0 | -# | ldapExpertUUIDGroupAttr | | -# | ldapExpertUUIDUserAttr | | -# | ldapExpertUsernameAttr | uid | -# | ldapExtStorageHomeAttribute | | -# | ldapGidNumber | gidNumber | -# | ldapGroupDisplayName | cn | -# | ldapGroupFilter | | -# | ldapGroupFilterGroups | | -# | ldapGroupFilterMode | 0 | -# | ldapGroupFilterObjectclass | | -# | ldapGroupMemberAssocAttr | | -# | ldapHost | ldap | -# | ldapIgnoreNamingRules | | -# | ldapLoginFilter | (&(|(objectclass=nextcloudAccount))(cn=%uid)) | -# | ldapLoginFilterAttributes | | -# | ldapLoginFilterEmail | 0 | -# | ldapLoginFilterMode | 0 | -# | ldapLoginFilterUsername | 1 | -# | ldapMatchingRuleInChainState | unknown | -# | ldapNestedGroups | 0 | -# | ldapOverrideMainServer | | -# | ldapPagingSize | 500 | -# | ldapPort | 389 | -# | ldapQuotaAttribute | nextcloudQuota | -# | ldapQuotaDefault | | -# | ldapTLS | 0 | -# | ldapUserAvatarRule | default | -# | ldapUserDisplayName | cn | -# | ldapUserDisplayName2 | | -# | ldapUserFilter | (&(objectclass=nextcloudAccount)(nextcloudEnabled=TRUE)) | -# | ldapUserFilterGroups | | -# | ldapUserFilterMode | 1 | -# | ldapUserFilterObjectclass | nextcloudAccount | -# | ldapUuidGroupAttribute | auto | -# | ldapUuidUserAttribute | auto | -# | turnOffCertCheck | 0 | -# | turnOnPasswordChange | 0 | -# | useMemberOfToDetectMembership | 1 | -# +-------------------------------+----------------------------------------------------------+ diff --git a/dockers/ldap/UIHooks/post-hook.sh b/dockers/ldap/UIHooks/post-hook.sh index 26819bb..76fb5bc 100755 --- a/dockers/ldap/UIHooks/post-hook.sh +++ b/dockers/ldap/UIHooks/post-hook.sh @@ -5,7 +5,9 @@ NEWPASSWORD=$(base64 -d <<< $2) OLDPASSWORD=$(base64 -d <<< $3) URL_AGORA="https://${matterHost}.${domain}" -mattermost_token=${LDAPUI_MM_ADMIN_TOKEN} + +#mattermost_token=${LDAPUI_MM_ADMIN_TOKEN} +. $KAZ_KEY_DIR/env-mattermostAdmin IDUSER=$(curl -s -H "Authorization: Bearer ${mattermost_token}" "${URL_AGORA}/api/v4/users/email/${EMAIL}" | awk -F "," '{print $1}' | sed -e 's/{"id"://g' -e 's/"//g') if [ ${IDUSER} == 'app.user.missing_account.const' ] diff --git a/dockers/mattermost/first.sh b/dockers/mattermost/first.sh index b9c79fb..abeda38 100755 --- a/dockers/mattermost/first.sh +++ b/dockers/mattermost/first.sh @@ -6,7 +6,6 @@ setKazVars cd $(dirname $0) . "${DOCKERS_ENV}" -. "${KAZ_KEY_DIR}/SetAllPass.sh" "${KAZ_BIN_DIR}/gestContainers.sh" --install -M -agora diff --git a/dockers/peertube/.env b/dockers/peertube/.env new file mode 120000 index 0000000..406acd1 --- /dev/null +++ b/dockers/peertube/.env @@ -0,0 +1 @@ +../../config/dockers.env \ No newline at end of file diff --git a/dockers/spip/.env b/dockers/spip/.env new file mode 120000 index 0000000..406acd1 --- /dev/null +++ b/dockers/spip/.env @@ -0,0 +1 @@ +../../config/dockers.env \ No newline at end of file diff --git a/dockers/sympa/alerting/sympa.sh b/dockers/sympa/alerting/sympa.sh index e6a7761..d1e3af5 100755 --- a/dockers/sympa/alerting/sympa.sh +++ b/dockers/sympa/alerting/sympa.sh @@ -6,7 +6,7 @@ KAZ_ROOT=/kaz setKazVars . $DOCKERS_ENV -. $KAZ_ROOT/secret/SetAllPass.sh +. $KAZ_KEY_DIR/env-mattermostAdmin DOCKER_CMD="docker exec sympaServ" URL_AGORA=$(echo $matterHost).$(echo $domain) diff --git a/dockers/sympa/first.sh b/dockers/sympa/first.sh index 8d97699..3ec056c 100755 --- a/dockers/sympa/first.sh +++ b/dockers/sympa/first.sh @@ -6,7 +6,6 @@ setKazVars cd $(dirname $0) . "${DOCKERS_ENV}" -. "${KAZ_KEY_DIR}/SetAllPass.sh" DockerServName="${sympaServName}" diff --git a/dockers/traefik/proxy-gen.sh b/dockers/traefik/proxy-gen.sh index 920a01b..cfc0f10 100755 --- a/dockers/traefik/proxy-gen.sh +++ b/dockers/traefik/proxy-gen.sh @@ -4,7 +4,7 @@ KAZ_ROOT=$(cd "$(dirname $0)/../.."; pwd) . "${KAZ_ROOT}/bin/.commonFunctions.sh" setKazVars . "${DOCKERS_ENV}" -. "${KAZ_ROOT}/secret/SetAllPass.sh" +. $KAZ_BIN_DIR/getPasswords.sh traefik printKazMsg "\n *** Proxy update config" diff --git a/secret.tmpl/Readme.txt b/secret.tmpl/Readme.txt deleted file mode 100644 index 4ab7f8c..0000000 --- a/secret.tmpl/Readme.txt +++ /dev/null @@ -1,11 +0,0 @@ -Mise à jour des mots de passe - -L'idée c'est d'extraire la gestion des mots de passe de l'installation. - -Tous les mots de passe sont dans un fichier "SetAllPass.sh" que des scripts vont chercher. - -updateDockerPassword.sh met à jours les fichiers d'environnement de mots de passe utilisé par docker-compose. - -(Il y a un problème pour mettre à jour le mot de passe d'une BD si son conteneur n'est pas en route) - -Les modifications sont prises en compte que lors de la création de nouveaux conteneurs (les données permanentes (mot de passe) dans les volumes ne sont pas changées) diff --git a/secret.tmpl/SetAllPass.sh b/secret.tmpl/SetAllPass.sh deleted file mode 100755 index 46908b1..0000000 --- a/secret.tmpl/SetAllPass.sh +++ /dev/null @@ -1,365 +0,0 @@ -#!/bin/bash - -# Attention à cause des scripts pas de ["'/] dans les mot de passe - -#################### -# ethercalc -ethercalc_REDIS_PORT_6379_TCP_ADDR="redis" -ethercalc_REDIS_PORT_6379_TCP_PORT="6379" - -#################### -# etherpad -etherpad_MYSQL_ROOT_PASSWORD="--clean_val--" -etherpad_MYSQL_DATABASE="--clean_val--" -etherpad_MYSQL_USER="--clean_val--" -etherpad_MYSQL_PASSWORD="--clean_val--" - -# Share with etherpadDB -etherpad_DB_NAME="${etherpad_MYSQL_DATABASE}" -etherpad_DB_USER="${etherpad_MYSQL_USER}" -etherpad_DB_PASS="${etherpad_MYSQL_PASSWORD}" - -etherpad_DB_TYPE="mysql" -etherpad_DB_HOST="padDB" -etherpad_DB_PORT="3306" -#etherpad_DB_CHARSET="utf8" -#user: admin -etherpad_ADMIN_PASSWORD="--clean_val--" -etherpad_PAD_OPTIONS_LANG="fr" -etherpad_TITLE="KazPad" -etherpad_TRUST_PROXY="true" - -#################### -# framadate -framadate_MYSQL_ROOT_PASSWORD="--clean_val--" -framadate_MYSQL_DATABASE="--clean_val--" -framadate_MYSQL_USER="--clean_val--" -framadate_MYSQL_PASSWORD="--clean_val--" - -framadate_HTTPD_USER="--clean_val--" -framadate_HTTPD_PASSWORD="--clean_val--" - -################## -# Gandi -# à supprimer et à replacer par dns_gandi_api_key -gandi_GANDI_KEY="xxx" -gandi_GANDI_API="https://api.gandi.net/v5/livedns/domains/${domain}" -gandi_dns_gandi_api_key="${gandi_GANDI_KEY}" - -#################### -# mattermost -mattermost_POSTGRES_USER="mattermost" -mattermost_POSTGRES_PASSWORD="--clean_val--" -mattermost_POSTGRES_DB="mattermost" - -mattermost_MM_ADMIN_EMAIL="${matterHost}@${domain}" -mattermost_MM_ADMIN_USER="admin-mattermost" -mattermost_MM_ADMIN_PASSWORD="--clean_val--@" -mattermost_MM_SQLSETTINGS_DATASOURCE="postgres://${mattermost_POSTGRES_USER}:${mattermost_POSTGRES_PASSWORD}@postgres:5432/${mattermost_POSTGRES_DB}?sslmode=disable&connect_timeout=10" - -# pour envoyer des messages sur l'agora avec mmctl -mattermost_user="${mattermost_MM_ADMIN_USER}" -mattermost_pass="${mattermost_MM_ADMIN_PASSWORD}" -mattermost_token="xxx-private" - -################## -# Openldap -ldap_LDAP_ADMIN_USERNAME="--clean_val--" -ldap_LDAP_ADMIN_PASSWORD="--clean_val--" -ldap_LDAP_CONFIG_ADMIN_USERNAME="--clean_val--" -ldap_LDAP_CONFIG_ADMIN_PASSWORD="--clean_val--" -ldap_LDAP_POSTFIX_PASSWORD="--clean_val--" -ldap_LDAP_LDAPUI_PASSWORD="--clean_val--" -ldap_LDAP_MATTERMOST_PASSWORD="--clean_val--" -ldap_LDAP_CLOUD_PASSWORD="--clean_val--" -ldap_LDAP_MOBILIZON_PASSWORD="--clean_val--" - -ldap_LDAPUI_URI=ldap://ldap -ldap_LDAPUI_BASE_DN=${ldap_root} -ldap_LDAPUI_REQUIRE_STARTTLS=FALSE -ldap_LDAPUI_ADMINS_GROUP=admins -ldap_LDAPUI_ADMIN_BIND_DN=cn=ldapui,ou=applications,${ldap_root} -ldap_LDAPUI_ADMIN_BIND_PWD=${ldap_LDAP_LDAPUI_PASSWORD} -ldap_LDAPUI_IGNORE_CERT_ERRORS=TRUE -ldap_LDAPUI_PASSWORD="--clean_val--" -ldap_LDAPUI_MM_ADMIN_TOKEN=${mattermost_token} - -################### -# gitea -gitea_MYSQL_ROOT_PASSWORD="--clean_val--" -gitea_MYSQL_DATABASE="--clean_val--" -gitea_MYSQL_USER="--clean_val--" -gitea_MYSQL_PASSWORD="--clean_val--" - -# on ne peut pas utiliser le login "admin" -gitea_user_admin="admin_gitea" -gitea_pass_admin="--clean_val--" -gitea_admin_email="admin@kaz.bzh" - -#################### -# jirafeau -jirafeau_HTTPD_PASSWORD="--clean_val--" -jirafeau_DATA_DIR="--clean_val--" - - -#################### -# nexcloud -nextcloud_MYSQL_ROOT_PASSWORD="${mattermost_MYSQL_ROOT_PASSWORD}" -nextcloud_MYSQL_DATABASE="--clean_val--" -nextcloud_MYSQL_USER="--clean_val--" -nextcloud_MYSQL_PASSWORD="--clean_val--" - -nextcloud_NEXTCLOUD_ADMIN_USER="admin" -nextcloud_NEXTCLOUD_ADMIN_PASSWORD="--clean_val--" -nextcloud_MYSQL_HOST="db" - -#user: admin -nextcloud_RAIN_LOOP="--clean_val--" - -#################### -# collabora -office_username="admin" -office_password="--clean_val--" - -#################### -# roundcube -roundcube_MYSQL_ROOT_PASSWORD="--clean_val--" -roundcube_MYSQL_DATABASE="--clean_val--" -roundcube_MYSQL_USER="--clean_val--" -roundcube_MYSQL_PASSWORD="--clean_val--" - -# Share with roundcubeDB -roundcube_ROUNDCUBEMAIL_DB_TYPE="mysql" -roundcube_ROUNDCUBEMAIL_DB_NAME="${roundcube_MYSQL_DATABASE}" -roundcube_ROUNDCUBEMAIL_DB_USER="${roundcube_MYSQL_USER}" -roundcube_ROUNDCUBEMAIL_DB_PASSWORD="${roundcube_MYSQL_PASSWORD}" -roundcube_ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE="1G" - -#################### -# postfix LDAP -mail_LDAP_BIND_DN=cn=postfix,ou=applications,${ldap_root} -mail_LDAP_BIND_PW=${ldap_LDAP_POSTFIX_PASSWORD} - -#################### -# sympa -sympa_MYSQL_ROOT_PASSWORD="--clean_val--" -sympa_MYSQL_DATABASE="sympa" -sympa_MYSQL_USER="sympa" -sympa_MYSQL_PASSWORD="--clean_val--" - -sympa_KEY="/etc/ssl/private/listes.key" -sympa_CERT="/etc/ssl/certs/listes.pem" -sympa_LISTMASTERS="listmaster@${domain_sympa}" -sympa_ADMINEMAIL="listmaster@${domain_sympa}" -sympa_SOAP_USER="sympa" -sympa_SOAP_PASSWORD="--clean_val--" - -# pour inscrire des users sur des listes sympa avec soap -#il faut que le user soit admin de sympa -sympa_user="a@${domain}" -sympa_pass="--clean_val--" - -################## -# vigilo -vigilo_MYSQL_ROOT_PASSWORD="--clean_val--" -vigilo_MYSQL_USER="--clean_val--" -vigilo_MYSQL_PASSWORD="--clean_val--" -vigilo_MYSQL_DATABASE="--clean_val--" -vigilo_MYSQL_HOST="db" -#vigilo_BIND= - -#################### -# wordpress -wp_MYSQL_ROOT_PASSWORD="${mattermost_MYSQL_ROOT_PASSWORD}" -wp_MYSQL_DATABASE="--clean_val--" -wp_MYSQL_USER="--clean_val--" -wp_MYSQL_PASSWORD="--clean_val--" - -# Share with wpDB -wp_WORDPRESS_DB_HOST="db:3306" -wp_WORDPRESS_DB_NAME="${wp_MYSQL_DATABASE}" -wp_WORDPRESS_DB_USER="${wp_MYSQL_USER}" -wp_WORDPRESS_DB_PASSWORD="${wp_MYSQL_PASSWORD}" - -wp_WORDPRESS_ADMIN_USER="admin" -wp_WORDPRESS_ADMIN_PASSWORD="--clean_val--" - -################## -#qui envoi le mail d'inscription ? -EMAIL_CONTACT="toto@kaz.bzh" - - -################## -# Paheko -paheko_API_USER="admin-api" -paheko_API_PASSWORD="--clean_val--" - -################## -# La nas de Kaz chez Grifon -nas_admin1="admin" -nas_password1="--clean_val--" -nas_admin2="kaz" -nas_password1="--clean_val--" -# compte mail pour les notifications du nas -nas_email_account="admin-nas@${domain}" -nas_email_password="--clean_val--" - -################## -#Compte sur outlook.com -outlook_user="kaz-user@outlook.fr" -outlook_pass="--clean_val--" - -################## -#Borg -BORG_REPO="/mnt/backup-nas1/BorgRepo" -BORG_PASSPHRASE="--clean_val--" -VOLUME_SAUVEGARDES="/mnt/backup-nas1" -MAIL_RAPPORT="a@${domain};b@${domain};c@${domain}" -BORGMOUNT="/mnt/disk-nas1/tmp/repo_mount" - - -################### -# mobilizon -mobilizon_POSTGRES_USER="--clean_val--" -mobilizon_POSTGRES_PASSWORD="--clean_val--" -mobilizon_POSTGRES_DB=mobilizon -mobilizon_MOBILIZON_DATABASE_USERNAME="${mobilizon_POSTGRES_USER}" -mobilizon_MOBILIZON_DATABASE_PASSWORD="${mobilizon_POSTGRES_PASSWORD}" -mobilizon_MOBILIZON_DATABASE_DBNAME=mobilizon - -mobilizon_MOBILIZON_INSTANCE_REGISTRATIONS_OPEN=false -mobilizon_MOBILIZON_INSTANCE_NAME="Mobilizon" -mobilizon_MOBILIZON_INSTANCE_HOST="${mobilizonHost}.${domain}" - -mobilizon_MOBILIZON_INSTANCE_SECRET_KEY_BASE=changeme -mobilizon_MOBILIZON_INSTANCE_SECRET_KEY=changeme - -mobilizon_MOBILIZON_INSTANCE_EMAIL=noreply@${domain} -mobilizon_MOBILIZON_REPLY_EMAIL=contact@${domain_sympa} -mobilizon_MOBILIZON_ADMIN_EMAIL=admin@${domain_sympa} - -mobilizon_MOBILIZON_SMTP_SERVER="${smtpHost}.${domain}" -mobilizon_MOBILIZON_SMTP_PORT=25 -mobilizon_MOBILIZON_SMTP_HOSTNAME="${smtpHost}.${domain}" -mobilizon_MOBILIZON_SMTP_USERNAME=noreply@${domain} -mobilizon_MOBILIZON_SMTP_PASSWORD= -mobilizon_MOBILIZON_SMTP_SSL=false - -mobilizon_MOBILIZON_LDAP_BINDUID=cn=mobilizon,ou=applications,${ldap_root} -mobilizon_MOBILIZON_LDAP_BINDPASSWORD=${ldap_LDAP_MOBILIZON_PASSWORD} - - -##################### -# Vaultwarden - -vaultwarden_MYSQL_ROOT_PASSWORD="--clean_val--" -vaultwarden_MYSQL_DATABASE="vaultwarden" -vaultwarden_MYSQL_USER="vaultwarden" -vaultwarden_MYSQL_PASSWORD="--clean_val--" - -vaultwarden_DATABASE_URL="mysql://${vaultwarden_MYSQL_USER}:${vaultwarden_MYSQL_PASSWORD}@db/${vaultwarden_MYSQL_DATABASE}" -vaultwarden_ADMIN_TOKEN="--clean_val--" - -##################### -#Traefik - -traefik_DASHBOARD_USER="admin" -traefik_DASHBOARD_PASSWORD="--clean_val--" - - -##################### -# dokuwiki - -dokuwiki_WIKI_ROOT=Kaz -dokuwiki_WIKI_EMAIL=wiki@kaz.local -dokuwiki_WIKI_PASSWORD="--clean_val--" - -##################### -# Castopod -castopod_MYSQL_ROOT_PASSWORD="--clean_val--" -castopod_MYSQL_DATABASE="--clean_val--" -castopod_MYSQL_USER="--clean_val--" -castopod_MYSQL_PASSWORD="--clean_val--" -castopod_CP_REDIS_PASSWORD="${castopodRedisPassword}" -castopod_ADMIN_USER=adminKaz -castopod_ADMIN_MAIL=admin@${domain} -castopod_ADMIN_PASSWORD="--clean_val--" -castopod_CP_EMAIL_SMTP_HOST="${smtpHost}.${domain}" -castopod_CP_EMAIL_SMTP_PORT=25 -castopod_CP_EMAIL_SMTP_USERNAME=noreply@${domain} -castopod_CP_EMAIL_SMTP_PASSWORD= -castopod_CP_EMAIL_FROM=noreply@${domain} -castopod_CP_EMAIL_SMTP_CRYPTO=tls - - -##################### -# Spip -spip_MYSQL_ROOT_PASSWORD="--clean_val--" -spip_MYSQL_DATABASE="--clean_val--" -spip_MYSQL_USER="--clean_val--" -spip_MYSQL_PASSWORD="--clean_val--" -spip_SPIP_AUTO_INSTALL=1 -spip_SPIP_DB_SERVER=mysql -spip_SPIP_DB_LOGIN="${spip_MYSQL_USER}" -spip_SPIP_DB_PASS="${spip_MYSQL_PASSWORD}" -spip_SPIP_DB_NAME="${spip_MYSQL_DATABASE}" -spip_SPIP_ADMIN_NAME=admin -spip_SPIP_ADMIN_LOGIN=admin -spip_SPIP_ADMIN_EMAIL=admin@${domain} -spip_SPIP_ADMIN_PASS="--clean_val--" -spip_PHP_TIMEZONE="Europe/Paris" - -##################### -# Peertube -peertube_POSTGRES_USER="--clean_val--" -peertube_POSTGRES_PASSWORD="--clean_val--" -peertube_PEERTUBE_DB_NAME="--clean_val--" - -peertube_PEERTUBE_DB_USERNAME="${peertube_POSTGRES_USER}" -peertube_PEERTUBE_DB_PASSWORD="${peertube_POSTGRES_PASSWORD}" -peertube_PEERTUBE_DB_SSL=false -peertube_PEERTUBE_DB_HOSTNAME="${peertubeDBName}" -peertube_PEERTUBE_WEBSERVER_HOSTNAME="${peertubeHost}.${domain}" -peertube_PEERTUBE_TRUST_PROXY="['10.0.0.0/8', '127.0.0.1', 'loopback', '172.18.0.0/16']" - -peertube_PEERTUBE_SECRET="--clean_val--" -peertube_PT_INITIAL_ROOT_PASSWORD="--clean_val--" - -#peertube_PEERTUBE_SMTP_USERNAME= -#peertube_PEERTUBE_SMTP_PASSWORD= -# Default to Postfix service name "postfix" in docker-compose.yml -# May be the hostname of your Custom SMTP server -peertube_PEERTUBE_SMTP_HOSTNAME= -peertube_PEERTUBE_SMTP_PORT=25 -peertube_PEERTUBE_SMTP_FROM= -peertube_PEERTUBE_SMTP_TLS=false -peertube_PEERTUBE_SMTP_DISABLE_STARTTLS=false -peertube_PEERTUBE_ADMIN_EMAIL= -peertube_POSTFIX_myhostname= -#peertube_OPENDKIM_DOMAINS=peertube -peertube_OPENDKIM_RequireSafeKeys=no - -peertube_PEERTUBE_OBJECT_STORAGE_UPLOAD_ACL_PUBLIC="public-read" -peertube_PEERTUBE_OBJECT_STORAGE_UPLOAD_ACL_PRIVATE="private" - -###################### -peertube_POSTGRES_DB="${peertube_PEERTUBE_DB_NAME}" - -###################### -# SNAPPYMAIL -# Url https://snappymail.${domain}/?admin -# au premier lancement un mot de passe est généré en aut par l' appli dans le -# volume Data : /var/lib/docker/volumes/snappymail_data/_data/_data_/_default_ -# le fichier s' appelle admin_password.txt -# une fois le mot de passe changé dans le Gui de l' admin, ce fichier est automatiquement supprimé -snappymail_TZ="Europe/Paris" -snappymail_UPLOAD_MAX_SIZE="100M" - -#################### -# mastodon -mastodon_POSTGRES_USER="--clean_val--" -mastodon_POSTGRES_PASSWORD="--clean_val--" -mastodon_POSTGRES_DB=mastodon -mastodon_DB_USER="${mastodon_POSTGRES_USER}" -mastodon_DB_PASS="${mastodon_POSTGRES_PASSWORD}" -mastodon_DB_NAME=mastodon diff --git a/secret.tmpl/env-apikazServ b/secret.tmpl/env-apikazServ index efeddb0..b64b27c 100644 --- a/secret.tmpl/env-apikazServ +++ b/secret.tmpl/env-apikazServ @@ -1,22 +1,24 @@ -paheko_API_USER= -paheko_API_PASSWORD= -paheko_url= -mattermost_user= -mattermost_pass= -mattermost_url= +paheko_url=https://kaz-@@globalvar@@pahekoHost@@gv@@.@@globalvar@@domain@@gv@@ +paheko_API_USER="@@user@@pahekoapi@@u@@" +paheko_API_PASSWORD="@@pass@@pahekoapi@@p@@" -ldap_LDAP_ADMIN_USERNAME= -ldap_LDAP_ADMIN_PASSWORD= -ldap_root= +mattermost_user="@@user@@mattermost2@@u@@" +mattermost_pass="@@pass@@mattermost2@@p@@" +mattermost_token="@@token@@mattermost@@t@@" -nextcloud_NEXTCLOUD_ADMIN_USER= -nextcloud_NEXTCLOUD_ADMIN_PASSWORD= -cloud_url= +ldap_LDAP_ADMIN_USERNAME="@@user@@ldap@@u@@" +ldap_LDAP_ADMIN_PASSWORD="@@pass@@ldap@@p@@" +ldap_root=@@globalvar@@ldap_root@@gv@@ -sympa_SOAP_USER= -sympa_SOAP_PASSWORD= -sympa_url= +nextcloud_NEXTCLOUD_ADMIN_USER="@@user@@nextcloudadmin@@u@@" +nextcloud_NEXTCLOUD_ADMIN_PASSWORD="@@pass@@nextcloudadmin@@p@@" +cloud_url=https://@@globalvar@@cloudHost@@gv@@.@@globalvar@@domain@@gv@@ + + +sympa_SOAP_USER="@@user@@sympasoap@@u@@" +sympa_SOAP_PASSWORD="@@pass@@sympasoap@@p@@" +sympa_url=https://@@globalvar@@sympaHost@@gv@@.@@globalvar@@domain@@gv@@ gandi_GANDI_KEY= gandi_GANDI_API= diff --git a/secret.tmpl/env-borg b/secret.tmpl/env-borg new file mode 100644 index 0000000..71acae0 --- /dev/null +++ b/secret.tmpl/env-borg @@ -0,0 +1,17 @@ +borg_VOLUME_SAUVEGARDES= +borg_BORG_REPO= +borg_BORG_PASSPHRASE=@@token@@borg@@t@@ +borg_BORGLOG="/var/log/borg" +borg_BORG_FIC_DEL="/tmp/sauvegarde_supp.txt" +borg_BORG_EXCLUDE_BACKUP= +borg_MAIL_RAPPORT=a@@@globalvar@@domain@@gv@@;b@@@globalvar@@domain@@gv@@;c@@@globalvar@@domain@@gv@@ +borg_LISTREPSAUV= +borg_BORGMOUNT="/mnt/repo_borg" +borg_MAILOK= +borg_MAILWARNING= +borg_MAILDETAIL= +borg_BACKUPS_KEEP="4m" +borg_NB_BACKUPS_JOUR=90 +borg_NB_BACKUPS_SEM=30 +borg_NB_BACKUPS_MOIS=12 +borg_BORGSCRIPTS=/root/borgscripts \ No newline at end of file diff --git a/secret.tmpl/env-castopodAdmin b/secret.tmpl/env-castopodAdmin new file mode 100644 index 0000000..1b822a4 --- /dev/null +++ b/secret.tmpl/env-castopodAdmin @@ -0,0 +1,3 @@ +ADMIN_USER=@@pass@@castopod2@@p@@ +ADMIN_MAIL=admin@@@globalvar@@domain@@gv@@ +ADMIN_PASSWORD=@@pass@@castopod3@@p@@ \ No newline at end of file diff --git a/secret.tmpl/env-castopodDB b/secret.tmpl/env-castopodDB index 6e2de9c..d812df6 100644 --- a/secret.tmpl/env-castopodDB +++ b/secret.tmpl/env-castopodDB @@ -1,4 +1,4 @@ -MYSQL_ROOT_PASSWORD= -MYSQL_DATABASE= -MYSQL_USER= -MYSQL_PASSWORD= +MYSQL_ROOT_PASSWORD=@@pass@@castopod@@p@@ +MYSQL_USER=@@user@@castopod1@@u@@ +MYSQL_PASSWORD=@@pass@@castopod1@@p@@ +MYSQL_DATABASE=@@db@@castopod1@@d@@ \ No newline at end of file diff --git a/secret.tmpl/env-dokuwikiServ b/secret.tmpl/env-dokuwikiServ index 35e8c91..b91e012 100644 --- a/secret.tmpl/env-dokuwikiServ +++ b/secret.tmpl/env-dokuwikiServ @@ -1,4 +1,4 @@ -WIKI_ROOT= -WIKI_EMAIL= -WIKI_PASSWORD= \ No newline at end of file +WIKI_ROOT=Kaz +WIKI_EMAIL=wiki@@@globalvar@@domain@@gv@@ +WIKI_PASSWORD=@@pass@@dokuwiki@@p@@ \ No newline at end of file diff --git a/secret.tmpl/env-etherpadDB b/secret.tmpl/env-etherpadDB index 60f2779..ded3f91 100644 --- a/secret.tmpl/env-etherpadDB +++ b/secret.tmpl/env-etherpadDB @@ -1,5 +1,5 @@ -MYSQL_ROOT_PASSWORD= -MYSQL_DATABASE= -MYSQL_USER= -MYSQL_PASSWORD= +MYSQL_ROOT_PASSWORD=@@pass@@etherpadroot@@p@@ +MYSQL_DATABASE=@@db@@etherpad@@d@@ +MYSQL_USER=@@user@@etherpad@@u@@ +MYSQL_PASSWORD=@@pass@@etherpad@@p@@ diff --git a/secret.tmpl/env-etherpadServ b/secret.tmpl/env-etherpadServ index e56486b..488b111 100644 --- a/secret.tmpl/env-etherpadServ +++ b/secret.tmpl/env-etherpadServ @@ -1,16 +1,17 @@ # share with padDB -DB_NAME= -DB_USER= -DB_PASS= +DB_NAME=@@db@@etherpad@@d@@ +DB_USER=@@user@@etherpad@@u@@ +DB_PASS=@@pass@@etherpad@@p@@ -DB_TYPE= -DB_HOST= -DB_PORT= + +DB_TYPE=mysql +DB_HOST=padDB +DB_PORT=3306 #DB_CHARSET= -ADMIN_PASSWORD= +ADMIN_PASSWORD=@@pass@@etherpadadmin@@p@@ -TITLE= -PAD_OPTIONS_LANG= -TRUST_PROXY= -#DEFAULT_PAD_TEXT="––––– Ce texte est à effacer (après lecture si c’est votre première visite) ou à conserver en bas de votre pad –––––\n\nBienvenue sur notre PAD !\n\n➡ Comment commencer ?\n• Renseignez votre nom ou pseudo, en cliquant sur l’icône « utilisateur » en haut à droite.\n• Choisissez votre couleur d'écriture au même endroit.\n• Lancez-vous : écrivez sur votre pad !\n• Les contributions de chacun se synchronisent « en temps réel » sous leur propre couleur.\n\n➡ Comment partager / collaborer ?\n• Sélectionnez et copiez l'URL (l'adresse web dans la grande barre en haut à gauche du navigateur)\n• Partagez-là à vos collaborateurs et collaboratrices (email, messagerie, etc.)\n• Attention : toute personne ayant cette adresse d'accès peut modifier le pad à sa convenance.\n• Utilisez l'onglet chat (en bas à droite) pour séparer les discussions du texte sur lequel vous travaillez.\n\n➡ Comment sauvegarder ?\n• Il n'y a rien à faire : le texte est automatiquement sauvegardé, à chaque caractère tapé.\n• Marquez une version (un état du pad) en cliquant sur l’icône « étoile ».\n• Retrouvez toute l'évolution du pad et vos versions marquées d'une étoile dans l’historique (icône « horloge »).\n• Importez et exportez votre texte avec l'icône « double flèche » (formats HTML, texte brut, PDF, ODF…) ou avec un copier/coller.\n\nImportant ! N’oubliez pas de conserver quelque part l’adresse web (URL) de votre pad.\n\nBon travail collaboratif :)\n\n––––– Ce texte est à effacer (après lecture si c’est votre première visite) –––––\n\n**ATTENTION**\nCETTE INSTANCE PROPOSE DES PADS À EFFACEMENT AUTOMATIQUE !\n\nVOS PADS SERONT AUTOMATIQUEMENT SUPPRIMÉS AU BOUT DE 62 JOURS (2 MOIS) SANS ÉDITION !\n\nSi le contenu de votre pad bimestriel a été effacé, c'est qu'il n'avait pas été modifié depuis plus de 62 jours consécutifs.\n" +TITLE=KazPad +PAD_OPTIONS_LANG=fr +TRUST_PROXY=true +DEFAULT_PAD_TEXT="––––– Ce texte est à effacer (après lecture si c’est votre première visite) ou à conserver en bas de votre pad –––––\n\nBienvenue sur notre PAD !\n\n➡ Comment commencer ?\n• Renseignez votre nom ou pseudo, en cliquant sur l’icône « utilisateur » en haut à droite.\n• Choisissez votre couleur d'écriture au même endroit.\n• Lancez-vous : écrivez sur votre pad !\n• Les contributions de chacun se synchronisent « en temps réel » sous leur propre couleur.\n\n➡ Comment partager / collaborer ?\n• Sélectionnez et copiez l'URL (l'adresse web dans la grande barre en haut à gauche du navigateur)\n• Partagez-là à vos collaborateurs et collaboratrices (email, messagerie, etc.)\n• Attention : toute personne ayant cette adresse d'accès peut modifier le pad à sa convenance.\n• Utilisez l'onglet chat (en bas à droite) pour séparer les discussions du texte sur lequel vous travaillez.\n\n➡ Comment sauvegarder ?\n• Il n'y a rien à faire : le texte est automatiquement sauvegardé, à chaque caractère tapé.\n• Marquez une version (un état du pad) en cliquant sur l’icône « étoile ».\n• Retrouvez toute l'évolution du pad et vos versions marquées d'une étoile dans l’historique (icône « horloge »).\n• Importez et exportez votre texte avec l'icône « double flèche » (formats HTML, texte brut, PDF, ODF…) ou avec un copier/coller.\n\nImportant ! N’oubliez pas de conserver quelque part l’adresse web (URL) de votre pad.\n\nBon travail collaboratif :)\n\n––––– Ce texte est à effacer (après lecture si c’est votre première visite) –––––\n\n**ATTENTION**\nCETTE INSTANCE PROPOSE DES PADS À EFFACEMENT AUTOMATIQUE !\n\nVOS PADS SERONT AUTOMATIQUEMENT SUPPRIMÉS AU BOUT DE 62 JOURS (2 MOIS) SANS ÉDITION !\n\nSi le contenu de votre pad bimestriel a été effacé, c'est qu'il n'avait pas été modifié depuis plus de 62 jours consécutifs.\n" diff --git a/secret.tmpl/env-framadateDB b/secret.tmpl/env-framadateDB index 60f2779..7505a23 100644 --- a/secret.tmpl/env-framadateDB +++ b/secret.tmpl/env-framadateDB @@ -1,5 +1,5 @@ -MYSQL_ROOT_PASSWORD= -MYSQL_DATABASE= -MYSQL_USER= -MYSQL_PASSWORD= +MYSQL_ROOT_PASSWORD=@@pass@@framadateroot@@p@@ +MYSQL_DATABASE=@@db@@framadatedb@@d@@ +MYSQL_USER=@@user@@framadatedb@@u@@ +MYSQL_PASSWORD=@@pass@@framadatedb@@p@@ diff --git a/secret.tmpl/env-framadateServ b/secret.tmpl/env-framadateServ index ba956eb..067998e 100644 --- a/secret.tmpl/env-framadateServ +++ b/secret.tmpl/env-framadateServ @@ -1,3 +1,3 @@ -HTTPD_USER= -HTTPD_PASSWORD= +HTTPD_USER=@@user@@framadate@@u@@ +HTTPD_PASSWORD=@@pass@@framadate2@@p@@ diff --git a/secret.tmpl/env-gitDB b/secret.tmpl/env-gitDB index 60f2779..541864e 100644 --- a/secret.tmpl/env-gitDB +++ b/secret.tmpl/env-gitDB @@ -1,5 +1,5 @@ -MYSQL_ROOT_PASSWORD= -MYSQL_DATABASE= -MYSQL_USER= -MYSQL_PASSWORD= +MYSQL_ROOT_PASSWORD=@@pass@@gitroot@@p@@ +MYSQL_DATABASE=@@db@@gitdb@@d@@ +MYSQL_USER=@@user@@gitdb@@u@@ +MYSQL_PASSWORD=@@pass@@gitdb@@p@@ \ No newline at end of file diff --git a/secret.tmpl/env-gitServ b/secret.tmpl/env-gitServ index 90c5c1d..b5bb048 100644 --- a/secret.tmpl/env-gitServ +++ b/secret.tmpl/env-gitServ @@ -1,3 +1,3 @@ -user_admin= -pass_admin= -admin_email= \ No newline at end of file +user_admin=@@user@@git@@u@@ +pass_admin=@@pass@@git@@p@@ +admin_email=admin@@@globalvar@@domain@@gv@@ \ No newline at end of file diff --git a/secret.tmpl/env-jirafeauServ b/secret.tmpl/env-jirafeauServ index 27ee028..7278fb8 100644 --- a/secret.tmpl/env-jirafeauServ +++ b/secret.tmpl/env-jirafeauServ @@ -1,2 +1,2 @@ -HTTPD_PASSWORD= +HTTPD_PASSWORD=@@pass@@jirafeau@@pass@@ diff --git a/secret.tmpl/env-kaz b/secret.tmpl/env-kaz new file mode 100644 index 0000000..330188f --- /dev/null +++ b/secret.tmpl/env-kaz @@ -0,0 +1,11 @@ +# tout est dans le env_kaz +# utilisé par gest containers +NAS_VOL= +OPERATE_ON_MAIN= # par defaut NON on ne traite que des orgas +OPERATE_ON_NAS_ORGA= # par defaut NON, on va aussi sur les orgas du NAS +OPERATE_LOCAL_ORGA="OUI" # par defaut oui +TEMPO_ACTION_STOP=2 # Lors de redémarrage avec tempo, on attend après le stop +TEMPO_ACTION_START=60 # Lors de redémarrage avec tempo, avant de reload le proxy +DEFAULTCONTAINERS="cloud agora wp wiki office paheko castopod spip" +APPLIS_PAR_DEFAUT="tasks calendar contacts bookmarks mail richdocuments external drawio snappymail ransomware_protection" #rainloop richdocumentscode +QUIET="1" # redirection des echo \ No newline at end of file diff --git a/secret.tmpl/env-ldapServ b/secret.tmpl/env-ldapServ index e3a50f4..a27058a 100644 --- a/secret.tmpl/env-ldapServ +++ b/secret.tmpl/env-ldapServ @@ -1,9 +1,9 @@ -LDAP_ADMIN_USERNAME= -LDAP_ADMIN_PASSWORD= -LDAP_CONFIG_ADMIN_USERNAME= -LDAP_CONFIG_ADMIN_PASSWORD= -LDAP_POSTFIX_PASSWORD= -LDAP_LDAPUI_PASSWORD= -LDAP_MATTERMOST_PASSWORD= -LDAP_CLOUD_PASSWORD= -LDAP_MOBILIZON_PASSWORD= +LDAP_ADMIN_USERNAME=@@user@@ldap@@u@@ +LDAP_ADMIN_PASSWORD=@@pass@@ldap@@p@@ +LDAP_CONFIG_ADMIN_USERNAME=@@user@@ldapconfig@@u@@ +LDAP_CONFIG_ADMIN_PASSWORD=@@pass@@ldapconfig@@p@@ +LDAP_POSTFIX_PASSWORD=@@pass@@ldappostfix@@p@@ +LDAP_LDAPUI_PASSWORD=@@pass@@ldapui@@p@@ +LDAP_MATTERMOST_PASSWORD=@@pass@@ldapmm@@p@@ +LDAP_CLOUD_PASSWORD=@@pass@@ldapcloud@@p@@ +LDAP_MOBILIZON_PASSWORD=@@pass@@ldapmobilizon@@p@@ diff --git a/secret.tmpl/env-ldapUI b/secret.tmpl/env-ldapUI index af9c9e0..0fdee78 100644 --- a/secret.tmpl/env-ldapUI +++ b/secret.tmpl/env-ldapUI @@ -1,9 +1,9 @@ -LDAPUI_URI= -LDAPUI_BASE_DN= -LDAPUI_REQUIRE_STARTTLS= -LDAPUI_ADMINS_GROUP= -LDAPUI_ADMIN_BIND_DN= -LDAPUI_ADMIN_BIND_PWD= -LDAPUI_IGNORE_CERT_ERRORS= -LDAPUI_PASSWORD= -LDAPUI_MM_ADMIN_TOKEN= +LDAPUI_URI=ldap://ldap +LDAPUI_BASE_DN=@@globalvar@@ldap_root@@gv@@ +LDAPUI_REQUIRE_STARTTLS=FALSE +LDAPUI_ADMINS_GROUP=admins +LDAPUI_ADMIN_BIND_DN=cn=ldapui,ou=applications,@@globalvar@@ldap_root@@gv@@ +LDAPUI_ADMIN_BIND_PWD=@@pass@@ldapui@@p@@ +LDAPUI_IGNORE_CERT_ERRORS=TRUE +LDAPUI_PASSWORD=@@pass@@ldapuipass@@p@@ +LDAPUI_MM_ADMIN_TOKEN=@@crossvar@@mattermostAdmin_mattermost_token@@cv@@ diff --git a/secret.tmpl/env-mail b/secret.tmpl/env-mail new file mode 100644 index 0000000..5ce464e --- /dev/null +++ b/secret.tmpl/env-mail @@ -0,0 +1,2 @@ +service_mail=admin@@@globalvar@@domain@@gv@@ +service_password=@@pass@@servicemail@@p@@ \ No newline at end of file diff --git a/secret.tmpl/env-mastodonDB b/secret.tmpl/env-mastodonDB index 4c96a89..8cba203 100644 --- a/secret.tmpl/env-mastodonDB +++ b/secret.tmpl/env-mastodonDB @@ -1,6 +1,6 @@ -DB_USER= -DB_NAME= -DB_PASS= -POSTGRES_USER= -POSTGRES_PASSWORD= -POSTGRES_DB=postgres +DB_USER=@@user@@mastodon@@u@@ +DB_NAME=@@db@@mastodon@@d@@ +DB_PASS=@@pass@@mastodon@@p@@ +POSTGRES_USER=@@user@@postgresmasto@@u@@ +POSTGRES_PASSWORD=@@pass@@postgresmasto@@p@@ +POSTGRES_DB=@@db@@mastodon@@d@@ diff --git a/secret.tmpl/env-mastodonServ b/secret.tmpl/env-mastodonServ index ccaf794..7d10624 100644 --- a/secret.tmpl/env-mastodonServ +++ b/secret.tmpl/env-mastodonServ @@ -1,9 +1,9 @@ SECRET_KEY_BASE= -OTP_SECRET= +OTP_SECRET=@@token@@masto-otp@@t@@ ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY= ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT= ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY= -VAPID_PRIVATE_KEY== +VAPID_PRIVATE_KEY= VAPID_PUBLIC_KEY= SMTP_PASSWORD= EMAIL_DOMAIN_ALLOWLIST= diff --git a/secret.tmpl/env-mattermostAdmin b/secret.tmpl/env-mattermostAdmin new file mode 100644 index 0000000..5c41c36 --- /dev/null +++ b/secret.tmpl/env-mattermostAdmin @@ -0,0 +1,4 @@ + +mattermost_user=@@user@@mattermost2@@u@@ +mattermost_pass=@@pass@@mattermost2@@p@@ +mattermost_token=@@token@@mattermost@@t@@ \ No newline at end of file diff --git a/secret.tmpl/env-mattermostDB b/secret.tmpl/env-mattermostDB index 8b2a930..8be0cfe 100644 --- a/secret.tmpl/env-mattermostDB +++ b/secret.tmpl/env-mattermostDB @@ -1,3 +1,4 @@ -POSTGRES_USER= -POSTGRES_PASSWORD= -POSTGRES_DB= +POSTGRES_USER=@@user@@mattermost@@u@@ +POSTGRES_PASSWORD=@@pass@@mattermost@@p@@ +POSTGRES_DB=@@db@@mattermost@@d@@ + diff --git a/secret.tmpl/env-mattermostServ b/secret.tmpl/env-mattermostServ index 8db419b..2a236b0 100644 --- a/secret.tmpl/env-mattermostServ +++ b/secret.tmpl/env-mattermostServ @@ -1,4 +1,5 @@ -MM_SQLSETTINGS_DATASOURCE= -MM_ADMIN_EMAIL= -MM_ADMIN_USER= -MM_ADMIN_PASSWORD= \ No newline at end of file +MM_ADMIN_EMAIL=@@globalvar@@matterHost@@gv@@@@@globalvar@@domain@@gv@@ +MM_ADMIN_USER=@@user@@mattermost2@@u@@ +MM_ADMIN_PASSWORD=@@pass@@mattermost2@@p@@ +MM_SQLSETTINGS_DATASOURCE=postgres://@@user@@mattermost@@u@@:@@pass@@mattermost@@p@@@postgres:5432/@@db@@mattermost@@d@@?sslmode=disable&connect_timeout=10 + diff --git a/secret.tmpl/env-mobilizonDB b/secret.tmpl/env-mobilizonDB index 59259d0..ae800e7 100644 --- a/secret.tmpl/env-mobilizonDB +++ b/secret.tmpl/env-mobilizonDB @@ -1,4 +1,4 @@ # Database settings -POSTGRES_USER= -POSTGRES_PASSWORD= -POSTGRES_DB= +POSTGRES_USER=@@user@@mobilizon@@u@@ +POSTGRES_PASSWORD=@@pass@@mobilizon@@p@@ +POSTGRES_DB=@@db@@mobilizon@@d@@ diff --git a/secret.tmpl/env-mobilizonServ b/secret.tmpl/env-mobilizonServ index 040e994..36d1282 100644 --- a/secret.tmpl/env-mobilizonServ +++ b/secret.tmpl/env-mobilizonServ @@ -18,9 +18,9 @@ MOBILIZON_SMTP_USERNAME= MOBILIZON_SMTP_PASSWORD= MOBILIZON_SMTP_SSL= -MOBILIZON_DATABASE_USERNAME= -MOBILIZON_DATABASE_PASSWORD= -MOBILIZON_DATABASE_DBNAME= +MOBILIZON_DATABASE_USERNAME=@@user@@mobilizon@@u@@ +MOBILIZON_DATABASE_PASSWORD=@@pass@@mobilizon@@p@@ +MOBILIZON_DATABASE_DBNAME=@@db@@mobilizon@@d@@ # LDAP MOBILIZON_LDAP_BINDUID= diff --git a/secret.tmpl/env-nextcloudDB b/secret.tmpl/env-nextcloudDB index 4d40dff..909ec7f 100644 --- a/secret.tmpl/env-nextcloudDB +++ b/secret.tmpl/env-nextcloudDB @@ -1,8 +1,8 @@ -MYSQL_ROOT_PASSWORD= -MYSQL_DATABASE= -MYSQL_USER= -MYSQL_PASSWORD= +MYSQL_ROOT_PASSWORD=@@pass@@nextcloudroot@@p@@ +MYSQL_DATABASE=@@db@@nextcloud@@d@@ +MYSQL_USER=@@user@@nextcloud@@u@@ +MYSQL_PASSWORD=@@pass@@nextcloud@@p@@ -NC_MYSQL_USER= -NC_MYSQL_PASSWORD= +#NC_MYSQL_USER= +#NC_MYSQL_PASSWORD= diff --git a/secret.tmpl/env-nextcloudServ b/secret.tmpl/env-nextcloudServ index 22de296..8f8e255 100644 --- a/secret.tmpl/env-nextcloudServ +++ b/secret.tmpl/env-nextcloudServ @@ -1,5 +1,5 @@ -NEXTCLOUD_ADMIN_USER= -NEXTCLOUD_ADMIN_PASSWORD= -MYSQL_HOST= -RAIN_LOOP= +NEXTCLOUD_ADMIN_USER=@@user@@nextcloudadmin@@u@@ +NEXTCLOUD_ADMIN_PASSWORD=@@pass@@nextcloudadmin@@p@@ +MYSQL_HOST=db +RAIN_LOOP=@@pass@@rainloop@@p@@ diff --git a/secret.tmpl/env-officeServ b/secret.tmpl/env-officeServ index 0324caa..ef7c768 100644 --- a/secret.tmpl/env-officeServ +++ b/secret.tmpl/env-officeServ @@ -1,3 +1,3 @@ -username= -password= +username=@@user@@office@@u@@ +password=@@pass@@office@@p@@ diff --git a/secret.tmpl/env-paheko b/secret.tmpl/env-paheko new file mode 100644 index 0000000..5594214 --- /dev/null +++ b/secret.tmpl/env-paheko @@ -0,0 +1,2 @@ +API_USER=@@user@@pahekoapi@@u@@ +API_PASSWORD=@@pass@@pahekoapi@@p@@ \ No newline at end of file diff --git a/secret.tmpl/env-peertubeDB b/secret.tmpl/env-peertubeDB new file mode 100644 index 0000000..8aaeb43 --- /dev/null +++ b/secret.tmpl/env-peertubeDB @@ -0,0 +1,8 @@ +POSTGRES_USER=@@user@@peertube@@u@@ +POSTGRES_PASSWORD=@@pass@@peertube@@p@@ +POSTGRES_DB=@@db@@peertube@@d@@ + +PEERTUBE_DB_USERNAME=@@user@@peertube@@u@@ +PEERTUBE_DB_PASSWORD=@@pass@@peertube@@p@@ +PEERTUBE_DB_SSL=false +PEERTUBE_DB_HOSTNAME=peertubeDB \ No newline at end of file diff --git a/secret.tmpl/env-peertubeServ b/secret.tmpl/env-peertubeServ new file mode 100644 index 0000000..ed16e7b --- /dev/null +++ b/secret.tmpl/env-peertubeServ @@ -0,0 +1,32 @@ +POSTGRES_USER=@@user@@peertube@@u@@ +POSTGRES_PASSWORD=@@pass@@peertube@@p@@ +POSTGRES_DB=@@db@@peertube@@d@@ + +PEERTUBE_DB_USERNAME=@@user@@peertube@@u@@ +PEERTUBE_DB_PASSWORD=@@pass@@peertube@@p@@ +PEERTUBE_DB_SSL=false +PEERTUBE_DB_HOSTNAME=peertubeDB + +PEERTUBE_WEBSERVER_HOSTNAME=@@globalvar@@peertubeHost@@gv@@.@@globalvar@@domain@@gv@@ +PEERTUBE_TRUST_PROXY=['10.0.0.0/8', '127.0.0.1', 'loopback', '172.18.0.0/16'] + +PEERTUBE_SECRET=@@token@@peertube@@t@@ +PT_INITIAL_ROOT_PASSWORD=@@pass@@peertubeinitialroot@@p@@ + +#PEERTUBE_SMTP_USERNAME= +#PEERTUBE_SMTP_PASSWORD= +# Default to Postfix service name "postfix" in docker-compose.yml +# May be the hostname of your Custom SMTP server +PEERTUBE_SMTP_HOSTNAME=smtp.kaz.bzh +PEERTUBE_SMTP_PORT=25 +PEERTUBE_SMTP_FROM= +PEERTUBE_SMTP_TLS=false +PEERTUBE_SMTP_DISABLE_STARTTLS=false +PEERTUBE_ADMIN_EMAIL= + +POSTFIX_myhostname= +#OPENDKIM_DOMAINS=peertube +OPENDKIM_RequireSafeKeys=no + +PEERTUBE_OBJECT_STORAGE_UPLOAD_ACL_PUBLIC=public-read +PEERTUBE_OBJECT_STORAGE_UPLOAD_ACL_PRIVATE=private \ No newline at end of file diff --git a/secret.tmpl/env-roundcubeDB b/secret.tmpl/env-roundcubeDB index 6e2de9c..9bcb74f 100644 --- a/secret.tmpl/env-roundcubeDB +++ b/secret.tmpl/env-roundcubeDB @@ -1,4 +1,4 @@ -MYSQL_ROOT_PASSWORD= -MYSQL_DATABASE= -MYSQL_USER= -MYSQL_PASSWORD= +MYSQL_ROOT_PASSWORD=@@pass@@roudcuberoot@@p@@ +MYSQL_DATABASE=@@db@@roudcube@@d@@ +MYSQL_USER=@@user@@roudcube@@u@@ +MYSQL_PASSWORD=@@pass@@roudcube@@p@@ \ No newline at end of file diff --git a/secret.tmpl/env-roundcubeServ b/secret.tmpl/env-roundcubeServ index 3f3cf66..d434d64 100644 --- a/secret.tmpl/env-roundcubeServ +++ b/secret.tmpl/env-roundcubeServ @@ -1,6 +1,6 @@ -ROUNDCUBEMAIL_DB_TYPE= -ROUNDCUBEMAIL_DB_NAME= -ROUNDCUBEMAIL_DB_USER= -ROUNDCUBEMAIL_DB_PASSWORD= -ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE= +ROUNDCUBEMAIL_DB_TYPE=mysql +ROUNDCUBEMAIL_DB_NAME=@@db@@roudcube@@d@@ +ROUNDCUBEMAIL_DB_USER=@@user@@roudcube@@u@@ +ROUNDCUBEMAIL_DB_PASSWORD=@@pass@@roudcube@@p@@ +ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE=1G diff --git a/secret.tmpl/env-spipDB b/secret.tmpl/env-spipDB index c77309b..9c75bc5 100644 --- a/secret.tmpl/env-spipDB +++ b/secret.tmpl/env-spipDB @@ -1,4 +1,4 @@ -MYSQL_ROOT_PASSWORD= -MYSQL_DATABASE= -MYSQL_USER= -MYSQL_PASSWORD= \ No newline at end of file +MYSQL_ROOT_PASSWORD=@@pass@@spiproot@@p@@ +MYSQL_DATABASE=@@db@@spip@@d@@ +MYSQL_USER=@@user@@spip@@u@@ +MYSQL_PASSWORD=@@pass@@spip@@p@@ \ No newline at end of file diff --git a/secret.tmpl/env-spipServ b/secret.tmpl/env-spipServ index b84a236..2df5105 100644 --- a/secret.tmpl/env-spipServ +++ b/secret.tmpl/env-spipServ @@ -1,10 +1,10 @@ SPIP_AUTO_INSTALL=1 SPIP_DB_SERVER=mysql -SPIP_DB_LOGIN= -SPIP_DB_PASS= -SPIP_DB_NAME= -SPIP_ADMIN_NAME= -SPIP_ADMIN_LOGIN= -SPIP_ADMIN_EMAIL= -SPIP_ADMIN_PASS= -PHP_TIMEZONE= +SPIP_DB_NAME=@@db@@spip@@d@@ +SPIP_DB_LOGIN=@@user@@spip@@u@@ +SPIP_DB_PASS=@@pass@@spip@@p@@ +SPIP_ADMIN_NAME=admin +SPIP_ADMIN_LOGIN=@@user@@spipadmin@@u@@ +SPIP_ADMIN_EMAIL=admin@@@globalvar@@domain@@gv@@ +SPIP_ADMIN_PASS=@@pass@@spipadmin@@p@@ +PHP_TIMEZONE=Europe/Paris diff --git a/secret.tmpl/env-sympaDB b/secret.tmpl/env-sympaDB index 6e2de9c..4e51ccb 100644 --- a/secret.tmpl/env-sympaDB +++ b/secret.tmpl/env-sympaDB @@ -1,4 +1,4 @@ -MYSQL_ROOT_PASSWORD= -MYSQL_DATABASE= -MYSQL_USER= -MYSQL_PASSWORD= +MYSQL_ROOT_PASSWORD=@@pass@@symparoot@@p@@ +MYSQL_DATABASE=@@db@@sympa@@d@@ +MYSQL_USER=@@user@@sympa@@u@@ +MYSQL_PASSWORD=@@pass@@sympa@@p@@ diff --git a/secret.tmpl/env-sympaServ b/secret.tmpl/env-sympaServ index 87d5c8b..7110bb6 100644 --- a/secret.tmpl/env-sympaServ +++ b/secret.tmpl/env-sympaServ @@ -1,10 +1,10 @@ -KEY= -CERT= -LISTMASTERS= -ADMINEMAIL= -SOAP_USER= -SOAP_PASSWORD= +KEY=/etc/ssl/private/listes.key +CERT=/etc/ssl/certs/listes.pem +LISTMASTERS=listmaster@@@globalvar@@domain_sympa@@gv@@ +ADMINEMAIL=listmaster@@@globalvar@@domain_sympa@@gv@@ +SOAP_USER=@@user@@sympasoap@@u@@ +SOAP_PASSWORD=@@pass@@sympasoap@@p@@ -MYSQL_DATABASE= -MYSQL_USER= -MYSQL_PASSWORD= +MYSQL_DATABASE=@@db@@sympa@@d@@ +MYSQL_USER=@@user@@sympa@@u@@ +MYSQL_PASSWORD=@@pass@@sympa@@p@@ diff --git a/secret.tmpl/env-traefik b/secret.tmpl/env-traefik new file mode 100644 index 0000000..552baf6 --- /dev/null +++ b/secret.tmpl/env-traefik @@ -0,0 +1,2 @@ +DASHBOARD_USER=@@user@@traefikdashboard@@u@@ +DASHBOARD_PASSWORD=@@pass@@traefikdashboard@@p@@ \ No newline at end of file diff --git a/secret.tmpl/env-vaultwardenDB b/secret.tmpl/env-vaultwardenDB index 6e2de9c..03a1e30 100644 --- a/secret.tmpl/env-vaultwardenDB +++ b/secret.tmpl/env-vaultwardenDB @@ -1,4 +1,4 @@ -MYSQL_ROOT_PASSWORD= -MYSQL_DATABASE= -MYSQL_USER= -MYSQL_PASSWORD= +MYSQL_ROOT_PASSWORD=@@pass@@koffreroot@@p@@ +MYSQL_DATABASE=@@db@@koffre@@d@@ +MYSQL_USER=@@user@@koffre@@u@@ +MYSQL_PASSWORD=@@pass@@koffre@@p@@ \ No newline at end of file diff --git a/secret.tmpl/env-vaultwardenServ b/secret.tmpl/env-vaultwardenServ index 2152006..d65fae2 100644 --- a/secret.tmpl/env-vaultwardenServ +++ b/secret.tmpl/env-vaultwardenServ @@ -1,3 +1,4 @@ -DATABASE_URL= -ADMIN_TOKEN= +ADMIN_TOKEN=@@token@@koffre@@t@@ +DATABASE_URL=mysql://@@user@@koffre@@u@@:@@pass@@koffre@@p@@@db/@@db@@koffre@@d@@ + SIGNUPS_DOMAINS_WHITELIST= diff --git a/secret.tmpl/env-vigiloDB b/secret.tmpl/env-vigiloDB index 45f98a0..9353f5d 100644 --- a/secret.tmpl/env-vigiloDB +++ b/secret.tmpl/env-vigiloDB @@ -1,4 +1,4 @@ -MYSQL_ROOT_PASSWORD= -MYSQL_USER= -MYSQL_PASSWORD= -MYSQL_DATABASE= +MYSQL_ROOT_PASSWORD=@@pass@@vigiloroot@@p@@ +MYSQL_DATABASE=@@db@@vigilo@@d@@ +MYSQL_USER=@@user@@vigilo@@u@@ +MYSQL_PASSWORD=@@pass@@vigilo@@p@@ \ No newline at end of file diff --git a/secret.tmpl/env-vigiloServ b/secret.tmpl/env-vigiloServ index d39005b..b96f289 100644 --- a/secret.tmpl/env-vigiloServ +++ b/secret.tmpl/env-vigiloServ @@ -1,7 +1,7 @@ -BIND= +#BIND= -MYSQL_ROOT_PASSWORD= -MYSQL_USER= -MYSQL_PASSWORD= -MYSQL_DATABASE= -MYSQL_HOST= +MYSQL_ROOT_PASSWORD=@@pass@@vigiloroot@@p@@ +MYSQL_DATABASE=@@db@@vigilo@@d@@ +MYSQL_USER=@@user@@vigilo@@u@@ +MYSQL_PASSWORD=@@pass@@vigilo@@p@@ +MYSQL_HOST=db diff --git a/secret.tmpl/env-wpDB b/secret.tmpl/env-wpDB index ede646e..7b1cdb1 100644 --- a/secret.tmpl/env-wpDB +++ b/secret.tmpl/env-wpDB @@ -1,8 +1,8 @@ +MYSQL_ROOT_PASSWORD=@@pass@@wproot@@p@@ +MYSQL_DATABASE=@@db@@wp@@d@@ +MYSQL_USER=@@user@@wp@@u@@ +MYSQL_PASSWORD=@@pass@@wp@@p@@ -MYSQL_ROOT_PASSWORD= -MYSQL_DATABASE= -MYSQL_USER= -MYSQL_PASSWORD= -WP_MYSQL_USER= -WP_MYSQL_PASSWORD= +#WP_MYSQL_USER= +#WP_MYSQL_PASSWORD= diff --git a/secret.tmpl/env-wpServ b/secret.tmpl/env-wpServ index a6770be..6400c9c 100644 --- a/secret.tmpl/env-wpServ +++ b/secret.tmpl/env-wpServ @@ -1,6 +1,8 @@ # share with wpDB -WORDPRESS_DB_HOST= -WORDPRESS_DB_USER= -WORDPRESS_DB_PASSWORD= -WORDPRESS_DB_NAME= +WORDPRESS_DB_HOST=db:3306 +WORDPRESS_ADMIN_USER=@@user@@adminwp@@u@@ +WORDPRESS_ADMIN_PASSWORD=@@pass@@adminwp@@p@@ +WORDPRESS_DB_NAME=@@db@@wp@@d@@ +WORDPRESS_DB_USER=@@user@@wp@@u@@ +WORDPRESS_DB_PASSWORD=@@pass@@wp@@p@@ \ No newline at end of file