KAZ/KazV2
11
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

Compare commits

base: KAZ:1b80be7826520fcae856e730418016146ad5d2e1
Branches Tags
KAZ:master KAZ:feat/python KAZ:gestionSecrets
...
compare: KAZ:gestionSecrets
Branches Tags
KAZ:master KAZ:feat/python KAZ:gestionSecrets

157 Commits
1b80be7826 ... gestionSec

Author SHA1 Message Date
Gael
d10fb08f71 Merge branch 'gestionSecrets' of git+ssh://git.kaz.bzh:2202/KAZ/KazV2 into gestionSecrets 2025-08-05 23:31:01 +02:00
Gael
b9e605a359 Pb init volumes 2025-08-05 23:28:46 +02:00
Gael
a3f448b457 missing .env 2025-07-31 14:33:47 +02:00
Gael
77a3819beb Il faut créer le dossier secret pour chaque orga ! (cas de maj du docker-compose après ajout de service) 2025-07-31 14:18:57 +02:00
Gael
ec16cdfe92 Quelques appels restants + script de migration 2025-07-31 06:16:36 +02:00
Gael
6877a5f872 Le init db est fait dans le initdb.sh plutôt ... 2025-07-31 05:36:32 +02:00
Gael
3a8bd9ec1a Merge branch 'gestionSecrets' of git+ssh://git.kaz.bzh:2202/KAZ/KazV2 into gestionSecrets 2025-07-31 05:05:13 +02:00
Gael
1f9ccff5b6 Les orgas + qques changements pour getpasswords.sh 2025-07-31 05:04:29 +02:00
Gael
ff69724f86 droits d'execution sur les scripts 2025-07-31 01:55:59 +02:00
Gael
99779a70ff Récupération des valeurs du docker.env ! 2025-07-30 23:08:48 +02:00
Gael
400775bf41 removing double quotes + divers petits bugs 2025-07-30 02:57:38 +02:00
Gael
8baf9fc492 Merge branch 'gestionSecrets' of git+ssh://git.kaz.bzh:2202/KAZ/KazV2 into gestionSecrets 2025-07-29 16:37:45 +02:00
Gael
8d26a57b6b A tester : la génération des mots de passe ! 2025-07-29 16:33:17 +02:00
HPL
5fbc804edd Actualiser secret.tmpl/SetAllPass.sh 2025-07-23 06:34:30 +02:00
Gael
44ff3980f9 SetAllPass a disparu ! Reste le secretgen à refaire + revoir les valeurs "liées" par setallpass. Rien n'est testé pour le moment. 2025-07-23 03:19:27 +02:00
Gael
bce3b9eff5 Nouveau service spip ! 2025-07-05 00:36:43 +02:00
Samuel Gauthier
d506f000a3 grafana: save current dashboards 
Add custom dashboards, remove unused ones.
 2025-06-25 22:57:36 +02:00
nom
8906974a83 upgrade MM en 10.9.1 2025-06-23 17:23:16 +02:00
nom
c12cafc277 empêche les écho dans interoPahko (pour éviter les mails) 2025-06-20 09:33:55 +02:00
nom
f268f5f5f4 corrige tty sur createUser sur les docker exec maintenenat qu'on est en cron 2025-06-20 09:22:55 +02:00
nom
d8bc48ec3a vire echo "Rien à créer" 2025-06-20 07:01:42 +02:00
didier
3940c3801d fin de la commande Setup 2025-06-19 23:43:58 +02:00
didier
00f9e3ee5f ajout de laposte.net 2025-06-19 21:18:18 +02:00
nom
1bacfd307c vire snappymail de NC car plus supporté actuellemment 2025-06-18 08:10:08 +02:00
nom
8f6913565c rollback, il faut mariadb 11.4 pour les version de NC en cours 2025-06-15 09:57:41 +02:00
nom
62b34e4ac0 mariadb = mariaddb:latest 2025-06-15 09:55:01 +02:00
nom
70c32de959 tente une image mariadb latest sur docker-compose de wp et cloud ! 
rejoute MARIADB_AUTO_UPGRADE=1 dans docker-compose
 2025-06-15 09:52:49 +02:00
nom
3eedd4293b je tente un mariadb:latest pour gitea, pas taper :-p 2025-06-15 09:09:24 +02:00
nom
a2f737eb46 upgrade la base mariadb en auto 2025-06-15 09:03:54 +02:00
nom
82a3440d5a upgrade mariadb to 11.8.2 2025-06-15 08:58:51 +02:00
Fanch
a3e86ac6ac dmarc sympa 2025-06-11 09:38:19 +02:00
Fanch
556471d321 doc certbot 2025-06-10 09:45:52 +02:00
Fanch
9d666afab5 certbot dns chall pour alwaysdata 2025-06-10 09:43:17 +02:00
Fanch
5eb4ccb58e mastodon 2025-06-06 14:51:27 +02:00
nom
84849b71b1 mets les logs traefik dans un volume 
affiches les erreurs 4xx (pour utilisation d'un fail2ban sur le host)
 2025-06-06 09:59:41 +02:00
nom
316206140a suppr --no-pdf-header-footer du chromium headless pour impression pdf 2025-05-27 10:46:34 +02:00
nom
7cc7df6ac1 upgrade MM 2025-05-21 19:47:14 +02:00
nom
0d1c13d125 upgrade MM to 10.8 2025-05-20 07:07:34 +02:00
nom
cb9a449882 upgrade de séu sur paheko 2025-05-16 16:16:28 +02:00
nom
678388afaa maj paheko en 1.3.14 2025-05-13 14:13:25 +02:00
Samuel Gauthier
016b47774b prometheus: portainer ids pour grafana 
Ajout des ids portainer de chaque machine pour générer une url.
 2025-05-11 22:00:07 +02:00
nom
6db4d1a5a8 ajout les logs pour les erreurs 404 403 401 renvoyées par le reverse 2025-05-11 09:32:07 +02:00
François
f54de7a26c update css 2025-05-10 16:52:20 +02:00
nom
75678ca093 enlève l'url en dur 2025-05-10 10:00:42 +02:00
nom
554d7a5ddc upgrade mailServer en 15.0.2 2025-05-10 09:39:17 +02:00
Fanch
62e75a42f2 mastodon passwords WIP 2025-05-09 16:52:04 +02:00
nom
4a6b575ce0 maj traefik 3.4.0 2025-05-08 18:50:45 +02:00
didier
8d83a2716b correction du mail 2025-05-07 08:12:57 +02:00
nom
4807624dbc corrige url pour kazkouil 2025-05-02 13:05:42 +02:00
nom
b5aa7e9945 je remets sur le git la version de prod1 2025-05-02 11:55:40 +02:00
nom
8d0caad3c7 simplifie la conf prometheus 2025-05-02 11:47:09 +02:00
nom
87b007d4b9 ajout label pour cadvisor 2025-05-02 11:45:39 +02:00
Fanch
7852e82e74 env cadvisor 2025-04-30 15:23:17 +02:00
Fanch
9b92276fc1 settings cadvisor 2025-04-30 15:11:24 +02:00
nom
e39ce5518c corrige monitoring (cadvisor passe par traefik) 2025-04-29 23:36:14 +02:00
nom
ea6e48886d maj clean acme.json 2025-04-25 11:07:53 +02:00
Samuel Gauthier
4187f4b772 add cadvisor/prometheus/grafana + dashboards 2025-04-24 23:10:06 +02:00
nom
b00916ceba maj nettoye acme en prenant la bonne IP du srv 2025-04-24 14:35:44 +02:00
nom
f95b959bf2 maj nettoyement 2025-04-24 00:27:47 +02:00
nom
609b5c1d62 maj nettoyer_acme_json 2025-04-24 00:16:51 +02:00
nom
a6a20e0dea jq, c'est une tuerie ! 2025-04-24 00:03:30 +02:00
nom
821335e1ca init nettoyage acme.json des certifs LE pour traefik 2025-04-23 22:33:03 +02:00
nom
e31c75d8b1 upgrade MM en 10.7 2025-04-22 16:28:57 +02:00
nom
c041bac532 upgrade traefik 2025-04-21 09:05:18 +02:00
didier denoual
8eb33813d6 date du fichier 2025-04-20 17:57:31 +02:00
François
faf2e2bc8e add dyn DNS 2025-04-20 10:51:20 +02:00
didier
adc0528c81 peertube 2025-04-20 09:34:17 +02:00
François
1259857474 add peertube 2025-04-19 17:10:33 +02:00
Fanch
db684d4ebd sympa ssl 2025-04-19 16:59:09 +02:00
Fanch
df657bb035 challenge acme traefik 2025-04-19 16:56:03 +02:00
Fanch
5d8634c8df sympa traefik 2025-04-19 16:40:16 +02:00
Fanch
c55e984918 Merge branch 'master' of ssh://git.kaz.bzh:2202/KAZ/KazV2 2025-04-19 14:23:14 +02:00
Fanch
4b95553be0 certificats et webmail 2025-04-19 14:23:06 +02:00
didier denoual
1f8520db90 webmail 2025-04-19 13:49:22 +02:00
didier
9de98c4021 correction bug des alias 2025-04-18 15:16:55 +02:00
Fanch
85b8048aa9 certificats pour mail et listes 2025-04-18 13:36:44 +02:00
didier
0bf808f0cf mails en minuscule 2025-04-16 19:32:01 +02:00
nom
1609e7725f ajoute AD account 2025-04-11 09:27:46 +02:00
nom
6bd95d1056 on passe de gandi à alwaysdata pour les dns ! 2025-04-11 09:25:05 +02:00
nom
07f8ef8151 maj dns_alwaysdata.sh 2025-04-06 00:38:16 +02:00
nom
aad57eafae maj dns AD 2025-04-05 21:19:36 +02:00
didier
4370436c42 modif pour officeurl 2025-03-25 00:33:01 +01:00
didier
79c52c2067 ajout mastodon 2025-03-24 19:33:04 +01:00
nom
d341122676 init api pour alwaysdata 2025-03-19 19:05:37 +01:00
nom
93a929d291 upgrade mm en 10.6 2025-03-19 10:44:09 +01:00
didier
5d6e46bb37 volumes mastodon 2025-03-17 08:33:18 +01:00
didier
545ed42968 volume images mastodon 2025-03-17 08:31:21 +01:00
Fanch
53ba95b9d3 env mastodon 2025-03-15 10:26:57 +01:00
didier
61f4629d1f ajout backup mastodon 2025-03-14 22:47:36 +01:00
Fanch
b7bb45869a mastodon traefik streaming 2025-03-14 17:44:29 +01:00
Fanch
888c614bdd doc mastodon 2025-03-14 17:37:17 +01:00
Fanch
16683616c1 suite mastodon 2025-03-14 17:04:23 +01:00
Fanch
c613184594 bootstrap mastodon 2025-03-14 16:58:02 +01:00
Fanch
aaf3d9343e paheko fix gd/webp 2025-03-12 09:41:17 +01:00
nom
e8fdead666 workaround pour paheko install gd avec dompdf 2025-03-12 08:46:50 +01:00
didier
b28c04928b ajout webmail 2025-03-10 22:23:54 +01:00
nom
286b2fa144 maj Mailserver 2025-03-10 21:52:15 +01:00
nom
6a7fd829e5 maj Dockerfile pour install gd 2025-03-10 21:48:14 +01:00
nom
5f20548e21 upgrade 2025-03-10 21:05:01 +01:00
didier
b0dd373a00 date 2025-03-10 15:54:01 +01:00
didier
6eec84f2ab refonte exnvoi des mails 2025-03-10 15:53:10 +01:00
nom
ece04aa063 upgrade traefik 2025-03-04 20:24:31 +01:00
didier
1b9de25c4a ajout de l'alias rouncube 2025-03-03 13:24:35 +01:00
didier
de02375bb8 cosmetique 2025-03-03 10:28:42 +01:00
François
12469c9f2f Integration de la nouvelle version dans le build 2025-03-02 07:42:50 +01:00
didier
e26a1792af modif de la liste des sites possibles 2025-03-01 10:57:02 +01:00
didier
144c3f8dfa mattermost en 10.5 2025-02-26 08:11:21 +01:00
didier
8479756376 modif du heatlcheck 2025-02-25 13:02:41 +01:00
didier
879fb2bae0 ajout vaulwarden 2025-02-17 18:00:03 +01:00
didier
ec57edd77b modif matterPG 2025-02-16 09:32:29 +01:00
didier
8fceb7e6c8 test bodam.fr 2025-02-15 10:57:46 +01:00
didier
2cd446c6df nettoyage 2025-02-14 15:44:31 +01:00
didier
b127b04869 save mysql et postgres 2025-02-13 16:21:28 +01:00
hpl
97414214f8 permettre aux domaines hébergés chez kaz d'utiliser vaultwarden 2025-02-13 15:34:43 +01:00
didier
fa1d5ac349 correction mineure 2025-02-13 15:34:21 +01:00
didier
0843f04bab ajout de dump postgresql et nettoyage d'autres options 2025-02-13 15:22:06 +01:00
hpl
eaaa86ac64 rattrapage jirafeau sur git par rapport à prod 2025-02-13 09:47:12 +01:00
hpl
fb49f567e9 force l'email kaz en minuscule 2025-02-13 09:24:40 +01:00
didier
60a9cbf8fe modif liees au passage en 14.0.0 2025-02-11 13:20:48 +01:00
didier
2e5557e760 modif restart 2025-02-11 13:00:51 +01:00
hpl
ec510e670a suppr libellé du srv de DEV 2025-02-06 11:27:53 +01:00
hpl
34360d7b6e ajout fastapi 2025-02-04 08:24:26 +01:00
Fanch
0bb82bb51f ajout restartPolicy 2025-01-26 15:00:30 +01:00
François
d06989c4c6 clean jirafeau 2025-01-26 13:56:26 +01:00
hpl
a97d555362 fermer l'api de jirafeau pour les ip non admin !!!! de dious ! 2025-01-21 20:34:55 +01:00
hpl
c015378405 maj treafik 2025-01-20 16:34:39 +01:00
hpl
03300a9089 maj docker-compose 2025-01-20 01:11:51 +01:00
hpl
19c98e6a8b ajout path 2025-01-15 18:22:03 +01:00
hpl
5d727bd85b on ne restart plus le traefik en création d'orga 2025-01-15 14:29:22 +01:00
hpl
2a03d327a6 connecte le réseau de l'orga à traefik 2025-01-15 10:57:45 +01:00
hpl
5b02701090 fix proprio du répertoire de l'asso dans paheko 2025-01-15 10:24:32 +01:00
hpl
a0a9bdafec maj RC avec la bonne image ! 2025-01-14 14:00:19 +01:00
hpl
e4abafc6ee maj roundcube 2025-01-14 13:54:47 +01:00
hpl
d439fc1fcb plugin facturation : zip au lieu du tar.gz 2025-01-05 18:55:27 +01:00
hpl
658bcd0986 upgrade plugin facturation en 0.12 2025-01-05 18:50:08 +01:00
didier
ebe549f41f proxy 2024-12-27 20:30:13 +01:00
hpl
3089a0b38d upgrade facturation 0.8.7 2024-12-27 13:19:47 +01:00
hpl
7ddd793f29 fixe "export excel" en installanr le module calendar 2024-12-26 13:20:11 +01:00
Fanch
4652d72c1d fix init postfix 2024-12-24 11:08:06 +01:00
Fanch
f899570c9a fix init ldap 2024-12-24 10:34:55 +01:00
Fanch
b426782a59 fix init traefik 2024-12-24 10:22:15 +01:00
Fanch
3a074ca3c4 fix droit x 2024-12-23 15:16:33 +01:00
Fanch
4d22bfb766 fix vm vagrant 2024-12-23 14:51:48 +01:00
Fanch
b73f123b5f ajout .dummy 2024-12-18 21:17:44 +01:00
hpl
e9cf3275ea maj traefik en 3.2.3 2024-12-18 16:53:56 +01:00
hpl
95bf43adef update traefik 2024-12-14 13:10:10 +01:00
Fanch
cc9bb0e8ac commentaire config.local 2024-12-13 17:48:18 +01:00
Fanch
a997f06054 raccrochage prod 2024-12-13 17:47:26 +01:00
Fanch
e016e2ef14 Merge branch 'master' of ssh://git.kaz.bzh:2202/KAZ/KazV2 2024-12-13 17:32:55 +01:00
Fanch
53859eee4b update gitignore 2024-12-13 17:32:48 +01:00
Fanch
28284c151e snappymail env 2024-12-13 17:32:26 +01:00
hpl
8be89fa74a ajout logo.svg 2024-12-13 17:31:20 +01:00
Fanch
6715a03f1e conf sympa 2024-12-13 17:21:25 +01:00
Fanch
5433830a72 conf postfix 2024-12-13 17:15:02 +01:00
Fanch
dae1b98c54 confmobilizon 2024-12-13 17:09:53 +01:00
Fanch
62ff1d823e Merge branch 'master' of ssh://git.kaz.bzh:2202/KAZ/KazV2 2024-12-13 17:08:06 +01:00
Fanch
92f47e3c97 update docker compose 2024-12-13 17:07:55 +01:00
183 changed files with 33322 additions and 1601 deletions
Expand all files Collapse all files

0
.dummy Normal file
View File

5
.gitignore vendored
View File

@@ -31,6 +31,7 @@ DEADJOE
/config/skip-email.txt /config/skip-email.txt
/config/updateGit.conf /config/updateGit.conf
/config/autorized-domains.txt /config/autorized-domains.txt
/config/domains/
/dockers/*-orga /dockers/*-orga
/dockers/postfix/filter /dockers/postfix/filter
/dockers/proxy/config/nginx.conf /dockers/proxy/config/nginx.conf
@@ -51,3 +52,7 @@ DEADJOE
/state /state
/dockers/paheko/config/config.local.php /dockers/paheko/config/config.local.php
/dockers/traefik/conf/conf.local.yml /dockers/traefik/conf/conf.local.yml
/dockers/ldap/ldifs/
/dockers/web/autoconfig.yml
# contient un password il faudrait faire plus propre
/dockers/jirafeau/config/config.local.php

22
bin/.commonFunctions.sh
View File

@@ -1,10 +1,10 @@
# commun fonctions for KAZ # commun fonctions for KAZ
#TODO; toutes les fonctions ci-dessous devraient être commentées #TODO; toutes les fonctions ci-dessous devraient être commentées
#KI : françois #KI : françois
#KOI : tout un tas de trucs utiles pour la gestion de l'infra kaz (à mettre dans chaque script) #KOI : tout un tas de trucs utiles pour la gestion de l'infra kaz (à mettre dans chaque script)
#KAN : #KAN :
# maj le 27/01/2024 by FAB: recherche de tous les srv kaz dispo (via le DNS) # maj le 27/01/2024 by FAB: recherche de tous les srv kaz dispo (via le DNS)
# maj le 15/04/2024 by FAB: correction getPahekoOrgaList # maj le 15/04/2024 by FAB: correction getPahekoOrgaList
@@ -139,13 +139,13 @@ getAvailableOrgas () {
#en entrée #en entrée
SITE_DST="$1" SITE_DST="$1"
if [ -n "${SITE_DST}" ];then if [ -n "${SITE_DST}" ];then
ssh -p 2201 root@${SITE_DST}.${domain} "ls \"${KAZ_COMP_DIR}\" | grep -- \"^.*-orga$\"" ssh -p 2201 root@${SITE_DST}.${domain} "ls \"${KAZ_COMP_DIR}\" | grep -- \"^.*-orga$\""
else else
ls "${KAZ_COMP_DIR}" | grep -- "^.*-orga$" ls "${KAZ_COMP_DIR}" | grep -- "^.*-orga$"
fi fi
} }
getAvailableServices () { getAvailableServices () {
@@ -224,10 +224,10 @@ waitUrl () {
# $1 URL to waitfor # $1 URL to waitfor
# $2 timeout en secondes (optional) # $2 timeout en secondes (optional)
starttime=$(date +%s) starttime=$(date +%s)
if [[ $(curl --connect-timeout 2 -s -D - "$1" -o /dev/null 2>/dev/null | head -n1) != *[23]0[0-9]* ]]; then if [[ $(curl -k --connect-timeout 2 -s -D - "$1" -o /dev/null 2>/dev/null | head -n1) != *[23]0[0-9]* ]]; then
printKazMsg "service not available ($1). Please wait..." printKazMsg "service not available ($1). Please wait..."
echo curl --connect-timeout 2 -s -D - "$1" -o /dev/null \| head -n1 echo curl -k --connect-timeout 2 -s -D - "$1" -o /dev/null \| head -n1
while [[ $(curl --connect-timeout 2 -s -D - "$1" -o /dev/null 2>/dev/null | head -n1) != *[23]0[0-9]* ]] while [[ $(curl -k --connect-timeout 2 -s -D - "$1" -o /dev/null 2>/dev/null | head -n1) != *[23]0[0-9]* ]]
do do
sleep 5 sleep 5
if [ $# -gt 1 ]; then if [ $# -gt 1 ]; then
@@ -244,7 +244,7 @@ waitUrl () {
waitContainerHealthy () { waitContainerHealthy () {
# $1 ContainerName # $1 ContainerName
# $2 timeout en secondes (optional) # $2 timeout en secondes (optional)
healthy="false" healthy="false"
starttime=$(date +%s) starttime=$(date +%s)
running="false" running="false"
@@ -270,7 +270,7 @@ waitContainerHealthy () {
waitContainerRunning () { waitContainerRunning () {
# $1 ContainerName # $1 ContainerName
# $2 timeout en secondes (optional) # $2 timeout en secondes (optional)
starttime=$(date +%s) starttime=$(date +%s)
running="false" running="false"
[[ $(docker ps -f name="$1" | grep -w "$1") ]] && running="true" [[ $(docker ps -f name="$1" | grep -w "$1") ]] && running="true"

12
bin/applyTemplate.sh
View File

@@ -16,7 +16,6 @@ KAZ_ROOT=$(cd "$(dirname $0)/.."; pwd)
setKazVars setKazVars
. "${DOCKERS_ENV}" . "${DOCKERS_ENV}"
. "${KAZ_KEY_DIR}/SetAllPass.sh"
usage () { usage () {
echo $(basename "$0") " [-h] [-help] [-timestamp] template dst" echo $(basename "$0") " [-h] [-help] [-timestamp] template dst"
@@ -64,8 +63,8 @@ done
-e "s|__DOKUWIKI_HOST__|${dokuwikiHost}|g"\ -e "s|__DOKUWIKI_HOST__|${dokuwikiHost}|g"\
-e "s|__DOMAIN__|${domain}|g"\ -e "s|__DOMAIN__|${domain}|g"\
-e "s|__FILE_HOST__|${fileHost}|g"\ -e "s|__FILE_HOST__|${fileHost}|g"\
-e "s|__PAHEKO_API_PASSWORD__|${paheko_API_PASSWORD}|g"\ # -e "s|__PAHEKO_API_PASSWORD__|${paheko_API_PASSWORD}|g"\
-e "s|__PAHEKO_API_USER__|${paheko_API_USER}|g"\ # -e "s|__PAHEKO_API_USER__|${paheko_API_USER}|g"\
-e "s|__PAHEKO_HOST__|${pahekoHost}|g"\ -e "s|__PAHEKO_HOST__|${pahekoHost}|g"\
-e "s|__GIT_HOST__|${gitHost}|g"\ -e "s|__GIT_HOST__|${gitHost}|g"\
-e "s|__GRAV_HOST__|${gravHost}|g"\ -e "s|__GRAV_HOST__|${gravHost}|g"\
@@ -79,12 +78,13 @@ done
-e "s|__SMTP_HOST__|${smtpHost}|g"\ -e "s|__SMTP_HOST__|${smtpHost}|g"\
-e "s|__SYMPADB__|${sympaDBName}|g"\ -e "s|__SYMPADB__|${sympaDBName}|g"\
-e "s|__SYMPA_HOST__|${sympaHost}|g"\ -e "s|__SYMPA_HOST__|${sympaHost}|g"\
-e "s|__SYMPA_MYSQL_DATABASE__|${sympa_MYSQL_DATABASE}|g"\ # -e "s|__SYMPA_MYSQL_DATABASE__|${sympa_MYSQL_DATABASE}|g"\
-e "s|__SYMPA_MYSQL_PASSWORD__|${sympa_MYSQL_PASSWORD}|g"\ # -e "s|__SYMPA_MYSQL_PASSWORD__|${sympa_MYSQL_PASSWORD}|g"\
-e "s|__SYMPA_MYSQL_USER__|${sympa_MYSQL_USER}|g"\ # -e "s|__SYMPA_MYSQL_USER__|${sympa_MYSQL_USER}|g"\
-e "s|__VIGILO_HOST__|${vigiloHost}|g"\ -e "s|__VIGILO_HOST__|${vigiloHost}|g"\
-e "s|__WEBMAIL_HOST__|${webmailHost}|g"\ -e "s|__WEBMAIL_HOST__|${webmailHost}|g"\
-e "s|__CASTOPOD_HOST__|${castopodHost}|g"\ -e "s|__CASTOPOD_HOST__|${castopodHost}|g"\
-e "s|__SPIP_HOST__|${spipHost}|g"\
-e "s|__IMAPSYNC_HOST__|${imapsyncHost}|g"\ -e "s|__IMAPSYNC_HOST__|${imapsyncHost}|g"\
-e "s|__YAKFORMS_HOST__|${yakformsHost}|g"\ -e "s|__YAKFORMS_HOST__|${yakformsHost}|g"\
-e "s|__WORDPRESS_HOST__|${wordpressHost}|g"\ -e "s|__WORDPRESS_HOST__|${wordpressHost}|g"\

25
bin/certbot-dns-alwaysdata.sh Executable file
View File

@@ -0,0 +1,25 @@
#/bin/bash
# certbot certonly --manual --preferred-challenges=dns --manual-auth-hook certbot-dns-alwaysdata.sh --manual-cleanup-hook certbot-dns-alwaysdata.sh -d "*.kaz.bzh" -d "kaz.bzh"
export KAZ_ROOT=$(cd "$(dirname $0)/.."; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars
. $KAZ_KEY_DIR/env-alwaysdata
DOMAIN_ID=$(curl -s -X GET --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" ${ALWAYSDATA_API}/domain/?name=${CERTBOT_DOMAIN} | jq '.[0].id')
add_record(){
RECORD_ID=$(curl -s -X POST -d "{\"domain\":\"${DOMAIN_ID}\", \"type\":\"TXT\", \"name\":\"_acme-challenge\", \"value\":\"${CERTBOT_VALIDATION}\"}" --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" "${ALWAYSDATA_API}/record/")
}
del_record(){
RECORD_ID=$(curl -s -X GET --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" "${ALWAYSDATA_API}/record/?name=_acme-challenge&type=TXT&domain=${DOMAIN_ID}" | jq ".[0].id")
curl -s -X DELETE --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" "${ALWAYSDATA_API}/record/${RECORD_ID}/"
}
if [ -z ${CERTBOT_AUTH_OUTPUT} ]; then
add_record
else
del_record
fi

119
bin/checkEnvFiles.sh
View File

@@ -6,8 +6,6 @@ setKazVars
RUN_PASS_DIR="secret" RUN_PASS_DIR="secret"
TMPL_PASS_DIR="secret.tmpl" TMPL_PASS_DIR="secret.tmpl"
RUN_PASS_FILE="${RUN_PASS_DIR}/SetAllPass.sh"
TMPL_PASS_FILE="${TMPL_PASS_DIR}/SetAllPass.sh"
NEED_GEN= NEED_GEN=
######################################## ########################################
@@ -48,7 +46,12 @@ getVars () {
# get lvalues in script # get lvalues in script
getSettedVars () { getSettedVars () {
# $1 : filename # $1 : filename
grep "^[^#]*=..*" $1 | grep -v '^[^#]*=".*--clean_val--.*"' | grep -v '^[^#]*="${' | sort -u grep -E "^[^=#]*(USER|PASS|TOKEN|DATABASE|ACCOUNT|LOGIN|KEY)[^#]*=..*" ./* | grep -vE '^[^#=]*=.*@@(user|pass|db|token|gv|cv)@@.*' | sort -u
}
getUnsettedVars () {
# $1 : filename
grep -vE '^[^#=]*=.*@@(user|pass|db|token|gv|cv)@@.*' ./* | sort -u
} }
getVarFormVal () { getVarFormVal () {
@@ -57,60 +60,6 @@ getVarFormVal () {
grep "^[^#]*=$1" $2 | sed 's/\s*\([^=]*\).*/\1/' grep "^[^#]*=$1" $2 | sed 's/\s*\([^=]*\).*/\1/'
} }
########################################
# synchronized SetAllPass.sh (find missing lvalues)
updatePassFile () {
# $1 : ref filename
# $2 : target filename
REF_FILE="$1"
TARGET_FILE="$2"
NEED_UPDATE=
while : ; do
declare -a listRef listTarget missing
listRef=($(getVars "${REF_FILE}"))
listTarget=($(getVars "${TARGET_FILE}"))
missing=($(comm -23 <(printf "%s\n" ${listRef[@]}) <(printf "%s\n" ${listTarget[@]})))
if [ -n "${missing}" ]; then
echo "missing vars in ${YELLOW}${BOLD}${TARGET_FILE}${NC}:${RED}${BOLD}" ${missing[@]} "${NC}"
read -p "Do you want to add them? [y/n]: " yn
case $yn in
""|[Yy]*)
emacs "${REF_FILE}" "${TARGET_FILE}"
NEED_UPDATE=true
break
;;
[Nn]*)
break
;;
esac
else
break
fi
done
}
updatePassFile "${TMPL_PASS_FILE}" "${RUN_PASS_FILE}"
[ -n "${NEED_UPDATE}" ] && NEED_GEN=true
updatePassFile "${RUN_PASS_FILE}" "${TMPL_PASS_FILE}"
########################################
# check empty pass in TMPL_PASS_FILE
declare -a settedVars
settedVars=($(getSettedVars "${TMPL_PASS_FILE}"))
if [ -n "${settedVars}" ]; then
echo "unclear password in ${YELLOW}${BOLD}${TMPL_PASS_FILE}${NC}:${BLUE}${BOLD}"
for var in ${settedVars[@]}; do
echo -e "\t${var}"
done
echo "${NC}"
read -p "Do you want to clear them? [y/n]: " yn
case $yn in
""|[Yy]*)
emacs "${TMPL_PASS_FILE}"
;;
esac
fi
######################################## ########################################
# check new files env-* # check new files env-*
@@ -146,7 +95,7 @@ createMissingEnv "${TMPL_PASS_DIR}" "${RUN_PASS_DIR}"
declare -a listTmpl listRun listCommonFiles declare -a listTmpl listRun listCommonFiles
listTmplFiles=($(cd "${TMPL_PASS_DIR}"; ls -1 env-* | grep -v '~$')) listTmplFiles=($(cd "${TMPL_PASS_DIR}"; ls -1 env-* | grep -v '~$'))
listRunFiles=($(cd "${RUN_PASS_DIR}"; ls -1 env-* | grep -v '~$')) listRunFiles=($(cd "${RUN_PASS_DIR}"; ls -1 env-* | grep -v '~$'))
listCommonFiles=($(comm -3 <(printf "%s\n" ${listTmplFiles[@]}) <(printf "%s\n" ${listRunFiles[@]}))) listCommonFiles=($(comm -12 <(printf "%s\n" ${listTmplFiles[@]}) <(printf "%s\n" ${listRunFiles[@]})))
for envFile in ${listCommonFiles[@]}; do for envFile in ${listCommonFiles[@]}; do
while : ; do while : ; do
TMPL_FILE="${TMPL_PASS_DIR}/${envFile}" TMPL_FILE="${TMPL_PASS_DIR}/${envFile}"
@@ -224,21 +173,19 @@ if [ -n "${missing}" ]; then
fi fi
######################################## ########################################
# check env-* in updateDockerPassword.sh # check extention in dockers.env
missing=($(for DIR in "${RUN_PASS_DIR}" "${TMPL_PASS_DIR}"; do declare -a missing
unsetted=($(for DIR in "${RUN_PASS_DIR}"; do
for envFile in $(ls -1 "${DIR}/"env-* | grep -v '~$'); do for envFile in $(ls -1 "${DIR}/"env-* | grep -v '~$'); do
val="${envFile#*env-}" val="${envFile#*env-}"
varName=$(getVarFormVal "${val}" "${DOCKERS_ENV}") varName=$(getVarFormVal "${val}" "${DOCKERS_ENV}")
[ -z "${varName}" ] && continue if [ -z "${varName}" ]; then
prefixe=$(grep "^\s*updateEnv.*${varName}" "${KAZ_BIN_DIR}/updateDockerPassword.sh" | echo "${val}"
sed 's/\s*updateEnv[^"]*"\([^"]*\)".*/\1/' | sort -u)
if [ -z "${prefixe}" ]; then
echo "${envFile#*/}_(\${KAZ_KEY_DIR}/env-\${"${varName}"})"
fi fi
done done
done | sort -u)) done | sort -u))
if [ -n "${missing}" ]; then if [ -n "${missing}" ]; then
echo "missing update in ${GREEN}${BOLD}${KAZ_BIN_DIR}/updateDockerPassword.sh${NC}:${BLUE}${BOLD}" echo "missing def in ${GREEN}${BOLD}${DOCKERS_ENV}${NC}:${BLUE}${BOLD}"
for var in ${missing[@]}; do for var in ${missing[@]}; do
echo -e "\t${var}" echo -e "\t${var}"
done done
@@ -246,53 +193,17 @@ if [ -n "${missing}" ]; then
read -p "Do you want to add them? [y/n]: " yn read -p "Do you want to add them? [y/n]: " yn
case $yn in case $yn in
""|[Yy]*) ""|[Yy]*)
emacs "${KAZ_BIN_DIR}/updateDockerPassword.sh" emacs "${DOCKERS_ENV}"
;; ;;
esac esac
fi fi
########################################
# synchronized SetAllPass.sh and env-*
updateEnvFiles () {
# $1 secret dir
DIR=$1
listRef=($(getVars "${DIR}/SetAllPass.sh"))
missing=($(for envFile in $(ls -1 "${DIR}/"env-* | grep -v '~$'); do
val="${envFile#*env-}"
varName=$(getVarFormVal "${val}" "${DOCKERS_ENV}")
[ -z "${varName}" ] && continue
prefixe=$(grep "^\s*updateEnv.*${varName}" "${KAZ_BIN_DIR}/updateDockerPassword.sh" |
sed 's/\s*updateEnv[^"]*"\([^"]*\)".*/\1/' | sort -u)
[ -z "${prefixe}" ] && continue
listVarsInEnv=($(getVars "${envFile}"))
for var in ${listVarsInEnv[@]}; do
[[ ! " ${listRef[@]} " =~ " ${prefixe}_${var} " ]] && echo "${prefixe}_${var}"
done
# XXX doit exister dans SetAllPass.sh avec le prefixe
done))
if [ -n "${missing}" ]; then
echo "missing update in ${GREEN}${BOLD}${DIR}/SetAllPass.sh${NC}:${BLUE}${BOLD}"
for var in ${missing[@]}; do
echo -e "\t${var}"
done
echo "${NC}"
read -p "Do you want to add them? [y/n]: " yn
case $yn in
""|[Yy]*)
emacs "${DIR}/SetAllPass.sh"
;;
esac
fi
}
updateEnvFiles "${RUN_PASS_DIR}"
updateEnvFiles "${TMPL_PASS_DIR}"
# XXX chercher les variables non utilisées dans les SetAllPass.sh
if [ -n "${NEED_GEN}" ]; then if [ -n "${NEED_GEN}" ]; then
while : ; do while : ; do
read -p "Do you want to generate blank values? [y/n]: " yn read -p "Do you want to generate missing values? [y/n]: " yn
case $yn in case $yn in
""|[Yy]*) ""|[Yy]*)
"${KAZ_BIN_DIR}/secretGen.sh" "${KAZ_BIN_DIR}/secretGen.sh"

11
bin/checkEnvPassword.sh
View File

@@ -1,11 +0,0 @@
#!/bin/bash
KAZ_ROOT=$(cd $(dirname $0)/..; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars
for filename in "${KAZ_KEY_DIR}/"env-*Serv "${KAZ_KEY_DIR}/"env-*DB; do
if grep -q "^[^#=]*=\s*$" "${filename}" 2>/dev/null; then
echo "${filename}"
fi
done

30
bin/cleanDepot.sh Executable file
View File

@@ -0,0 +1,30 @@
#!/bin/bash
#SIMU=echo
cd /var/lib/docker/volumes/jirafeau_fileData/_data
find links/ -type f -print | while read link ; do
name=$(head -1 "${link}")
#if [[ -z $(head -1 "${link}" | grep "7z$") ]]; then
if [[ -z $(head -9 "${link}" | tail -1) ]]; then
# si c'est pas un 7z on continue
continue;
fi
# recherche le fichier de contenu
filename=$(head -6 "${link}" | tail -1)
l1=$(echo $filename | cut -c 1-8)
l2=$(echo $filename | cut -c 9-16)
l3=$(echo $filename | cut -c 17-24)
l4=$(echo $filename | cut -c 25-32)
# supprime le fichier de contenu
${SIMU} rm -f "files/${l1}/${l2}/${l3}/${l4}/${filename}"
# coupe les branches mortes
${SIMU} rmdir -p "files/${l1}/${l2}/${l3}/${l4}" 2>/dev/null
# supprime le lien
${SIMU} rm -f "${link}"
# log
echo "$(date +%d-%m-%Y-%H-%M-%S) Find ${link} <${name}>"
done

106
bin/container.sh
View File

@@ -1,5 +1,17 @@
#!/bin/bash #!/bin/bash
#Ki: François
#Kan: 2021
#Koi: gestion dockers
# 15/01/2025: Dernière modif by fab: ne pas redémarrer Traefik en cas de créaio d'orga
# Did : 13 fevrier 2025 modif des save en postgres et mysql
# Did : ajout des sauvegardes de mobilizon et mattermost en postgres
# 20/04/2025
# Did : Ajout des sauvegardes de peertube dans les services generaux
# En cas d'absence de postfix, il faut lancer : # En cas d'absence de postfix, il faut lancer :
# docker network create postfix_mailNet # docker network create postfix_mailNet
@@ -49,20 +61,6 @@ doCompose () {
${SIMU} ln -fs ../../config/dockers.env .env ${SIMU} ln -fs ../../config/dockers.env .env
fi fi
${SIMU} docker-compose $1 ${SIMU} docker-compose $1
if [ "$2" = "cachet" ] && [ "$1" != "down" ]; then
NEW_KEY=$(cd "${KAZ_COMP_DIR}/$2" ; docker-compose logs | grep APP_KEY=base64: | sed "s/^.*'APP_KEY=\(base64:[^']*\)'.*$/\1/" | tail -1)
if [ -n "${NEW_KEY}" ]; then
printKazMsg "cachet key change"
# change key
${SIMU} sed -i \
-e 's%^\(\s*cachet_APP_KEY=\).*$%\1"'"${NEW_KEY}"'"%' \
"${KAZ_KEY_DIR}/SetAllPass.sh"
${SIMU} "${KAZ_BIN_DIR}/secretGen.sh"
# restart
${SIMU} docker-compose $1
fi
fi
} }
doComposes () { doComposes () {
@@ -104,20 +102,22 @@ updateProxy () {
} }
saveDB () { saveDB () {
#attention, soucis avec l'option "-ti" qui ne semble pas rendre la main avec docker exec
containerName=$1 containerName=$1
userName=$2 userName=$2
userPass=$3 userPass=$3
dbName=$4 dbName=$4
backName=$5 backName=$5
#on utilise mysqldump (v=10.5) et mariadb-dump (v>=11.4) pour être certain d'avoir un dump. L'une des 2 lignes fera une erreur backDbType=$6
#on utilise mysqldump (v=10.5) et mariadb-dump (v>=11.4) et pgdump pour être certain d'avoir un dump. L'une des 3 lignes fera une erreur
# on teste si le backup est pour mysql ou postgres
if [[ -n "${SIMU}" ]] ; then if [[ -n "${SIMU}" ]] ; then
${SIMU} "docker exec ${containerName} mysqldump --user=${userName} --password=${userPass} ${dbName} | gzip > $PATH_SAUVE${backName}.sql.gz" ${SIMU} "[ ${backDbType} = mysql ] && docker exec ${containerName} mysqldump --user=${userName} --password=${userPass} ${dbName} | gzip > $PATH_SAUVE${backName}.sql.gz"
${SIMU} "docker exec ${containerName} mariadb-dump --user=${userName} --password=${userPass} ${dbName} | gzip > $PATH_SAUVE${backName}.sql.gz" ${SIMU} "[ ${backDbType} = mysql ] && docker exec ${containerName} mariadb-dump --user=${userName} --password=${userPass} ${dbName} | gzip > $PATH_SAUVE${backName}.sql.gz"
${SIMU} "[ ${backDbType} = postgres ] && docker exec ${containerName} pg_dumpall --username=${userName} | gzip >${PATH_SAUVE}/${backName}.pgdump.sql.gz"
else else
docker exec ${containerName} mysqldump --user=${userName} --password=${userPass} ${dbName} | gzip > $PATH_SAUVE${backName}.sql.gz [ ${backDbType} = mysql ] && docker exec ${containerName} mysqldump --user=${userName} --password=${userPass} ${dbName} | gzip > $PATH_SAUVE${backName}.sql.gz
docker exec ${containerName} mariadb-dump --user=${userName} --password=${userPass} ${dbName} | gzip > $PATH_SAUVE${backName}.sql.gz [ ${backDbType} = mysql ] && docker exec ${containerName} mariadb-dump --user=${userName} --password=${userPass} ${dbName} | gzip > $PATH_SAUVE${backName}.sql.gz
[ ${backDbType} = postgres ] && docker exec ${containerName} pg_dumpall --username=${userName} | gzip >${PATH_SAUVE}/${backName}.pgdump.sql.gz
fi fi
} }
@@ -136,7 +136,8 @@ startComposes () {
doComposes "up -d" ${enableMailComposes[@]} doComposes "up -d" ${enableMailComposes[@]}
doComposes "up -d" ${enableComposesNeedMail[@]} doComposes "up -d" ${enableComposesNeedMail[@]}
updateProxy "on" ${enableComposesNoNeedMail[@]} ${enableComposesNeedMail[@]} updateProxy "on" ${enableComposesNoNeedMail[@]} ${enableComposesNeedMail[@]}
doComposes "up -d" ${enableProxyComposes[@]} #fab le 15/01/25: on ne redémarre plus le proxy avec container.sh
#doComposes "up -d" ${enableProxyComposes[@]}
for item in "${enableProxyComposes[@]}"; do for item in "${enableProxyComposes[@]}"; do
[[ -x "${KAZ_COMP_DIR}/${item}/reload.sh" ]] && ${SIMU} "${KAZ_COMP_DIR}/${item}/reload.sh" [[ -x "${KAZ_COMP_DIR}/${item}/reload.sh" ]] && ${SIMU} "${KAZ_COMP_DIR}/${item}/reload.sh"
done done
@@ -162,7 +163,6 @@ statusComposes () {
saveComposes () { saveComposes () {
. "${DOCKERS_ENV}" . "${DOCKERS_ENV}"
. "${KAZ_ROOT}/secret/SetAllPass.sh"
savedComposes+=( ${enableMailComposes[@]} ) savedComposes+=( ${enableMailComposes[@]} )
savedComposes+=( ${enableProxyComposes[@]} ) savedComposes+=( ${enableProxyComposes[@]} )
@@ -178,53 +178,87 @@ saveComposes () {
ethercalc) ethercalc)
#inutile car le backup de /var/lib/docker/volumes/ethercalc_calcDB/_data/dump.rdb est suffisant #inutile car le backup de /var/lib/docker/volumes/ethercalc_calcDB/_data/dump.rdb est suffisant
;; ;;
#grav)
# ???
#;;
#postfix)
sympa) sympa)
echo "save sympa" echo "save sympa"
saveDB ${sympaDBName} "${sympa_MYSQL_USER}" "${sympa_MYSQL_PASSWORD}" "${sympa_MYSQL_DATABASE}" sympa . $KAZ_BIN_DIR/getPasswords.sh sympaDB
saveDB ${sympaDBName} "${sympaDB_MYSQL_USER}" "${sympaDB_MYSQL_PASSWORD}" "${sympaDB_MYSQL_DATABASE}" sympa mysql
;; ;;
web) web)
# rien à faire (fichiers) # rien à faire (fichiers)
;; ;;
etherpad) etherpad)
echo "save pad" echo "save pad"
saveDB ${etherpadDBName} "${etherpad_MYSQL_USER}" "${etherpad_MYSQL_PASSWORD}" "${etherpad_MYSQL_DATABASE}" etherpad . $KAZ_BIN_DIR/getPasswords.sh etherpadDB
saveDB ${etherpadDBName} "${etherpadDB_MYSQL_USER}" "${etherpadDB_MYSQL_PASSWORD}" "${etherpadDB_MYSQL_DATABASE}" etherpad mysql
;; ;;
framadate) framadate)
echo "save date" echo "save date"
saveDB ${framadateDBName} "${framadate_MYSQL_USER}" "${framadate_MYSQL_PASSWORD}" "${framadate_MYSQL_DATABASE}" framadate . $KAZ_BIN_DIR/getPasswords.sh framadateDB
saveDB ${framadateDBName} "${framadateDB_MYSQL_USER}" "${framadateDB_MYSQL_PASSWORD}" "${framadateDB_MYSQL_DATABASE}" framadate mysql
;; ;;
cloud) cloud)
echo "save cloud" echo "save cloud"
saveDB ${nextcloudDBName} "${nextcloud_MYSQL_USER}" "${nextcloud_MYSQL_PASSWORD}" "${nextcloud_MYSQL_DATABASE}" nextcloud . $KAZ_BIN_DIR/getPasswords.sh nextcloudDB
saveDB ${nextcloudDBName} "${nextcloudDB_MYSQL_USER}" "${nextcloudDB_MYSQL_PASSWORD}" "${nextcloudDB_MYSQL_DATABASE}" nextcloud mysql
;; ;;
paheko) paheko)
# rien à faire (fichiers) # rien à faire (fichiers)
;; ;;
mattermost) mattermost)
echo "save mattermost" echo "save mattermost"
saveDB ${mattermostDBName} "${mattermost_MYSQL_USER}" "${mattermost_MYSQL_PASSWORD}" "${mattermost_MYSQL_DATABASE}" mattermost . $KAZ_BIN_DIR/getPasswords.sh mattermostDB
saveDB matterPG "${mattermostDB_POSTGRES_USER}" "${mattermostDB_POSTGRES_PASSWORD}" "${mattermostDB_POSTGRES_DB}" mattermost postgres
;;
mobilizon)
echo "save mobilizon"
. $KAZ_BIN_DIR/getPasswords.sh mobilizonDB
saveDB ${mobilizonDBName} "${mobilizonDB_POSTGRES_USER}" "${mobilizonDB_POSTGRES_PASSWORD}" "${mobilizonDB_POSTGRES_DB}" mobilizon postgres
;;
peertube)
echo "save peertube"
. $KAZ_BIN_DIR/getPasswords.sh peertubeDB
saveDB ${peertubeDBName} "${peertubeDB_POSTGRES_USER}" "${peertubeDB_POSTGRES_PASSWORD}" "${peertubeDB_PEERTUBE_DB_HOSTNAME}" peertube postgres
;;
mastodon)
echo "save mastodon"
. $KAZ_BIN_DIR/getPasswords.sh mastodonDB
saveDB ${mastodonDBName} "${mastodonDB_POSTGRES_USER}" "${mastodonDB_POSTGRES_PASSWORD}" "${mastodonDB_POSTGRES_DB}" mastodon postgres
;;
roundcube)
echo "save roundcube"
. $KAZ_BIN_DIR/getPasswords.sh roundcubeDB
saveDB ${roundcubeDBName} "${roundcubeDB_MYSQL_USER}" "${roundcubeDB_MYSQL_PASSWORD}" "${roundcubeDB_MYSQL_DATABASE}" roundcube mysql
;;
vaultwarden)
echo "save vaultwarden"
. $KAZ_BIN_DIR/getPasswords.sh vaultwardenDB
saveDB ${vaultwardenDBName} "${vaultwardenDB_MYSQL_USER}" "${vaultwardenDB_MYSQL_PASSWORD}" "${vaultwardenDB_MYSQL_DATABASE}" vaultwarden mysql
;; ;;
dokuwiki) dokuwiki)
# rien à faire (fichiers) # rien à faire (fichiers)
;; ;;
*-orga) *-orga)
ORGA=${compose%-orga} ORGA=${compose%-orga}
echo "save ${ORGA}" echo "save ${ORGA}"
if grep -q "cloud:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then if grep -q "cloud:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then
echo " => cloud" echo " => cloud"
saveDB "${ORGA}-DB" "${nextcloud_MYSQL_USER}" "${nextcloud_MYSQL_PASSWORD}" "${nextcloud_MYSQL_DATABASE}" "${ORGA}-cloud" . $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudDB
saveDB "${ORGA}-DB" "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" "${ORGA}-cloud" mysql
fi fi
if grep -q "agora:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then if grep -q "agora:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then
echo " => mattermost" echo " => mattermost"
saveDB "${ORGA}-DB" "${mattermost_MYSQL_USER}" "${mattermost_MYSQL_PASSWORD}" "${mattermost_MYSQL_DATABASE}" "${ORGA}-mattermost" . $KAZ_KEY_DIR/orgas/$ORGA/env-mattermostDB
saveDB "${ORGA}-DB" "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" "${ORGA}-mattermost" mysql
fi fi
if grep -q "wordpress:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then if grep -q "wordpress:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then
echo " => wordpress" echo " => wordpress"
saveDB "${ORGA}-DB" "${wp_MYSQL_USER}" "${wp_MYSQL_PASSWORD}" "${wp_MYSQL_DATABASE}" "${ORGA}-wordpress" . $KAZ_KEY_DIR/orgas/$ORGA/env-wpDB
saveDB "${ORGA}-DB" "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" "${ORGA}-wordpress" mysql
fi
if grep -q "spip:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then
echo " => spip"
. $KAZ_KEY_DIR/orgas/$ORGA/env-spipDB
saveDB "${ORGA}-DB" "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" "${ORGA}-spip" mysql
fi fi
;; ;;
esac esac

81
bin/createDBUsers.sh Executable file
View File

@@ -0,0 +1,81 @@
#!/bin/bash
KAZ_ROOT=$(cd $(dirname $0)/..; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars
# pour mise au point
# SIMU=echo
# Améliorations à prévoir
# - donner en paramètre les services concernés (pour limité les modifications)
# - pour les DB si on déclare un nouveau login, alors les privilèges sont créé mais les anciens pas révoqués
. "${DOCKERS_ENV}"
createMysqlUser(){
# $1 = envName
# $2 = containerName of DB
. $KAZ_KEY_DIR/env-$1
# seulement si pas de mdp pour root
# pb oeuf et poule (il faudrait les anciennes valeurs) :
# * si rootPass change, faire à la main
# * si dbName change, faire à la main
checkDockerRunning "$2" "$2" || return
echo "change DB pass on docker $2"
echo "grant all privileges on ${MYSQL_DATABASE}.* to '${MYSQL_USER}' identified by '${MYSQL_PASSWORD}';" | \
docker exec -i $2 bash -c "mysql --user=root --password=${MYSQL_ROOT_PASSWORD}"
}
framadateUpdate(){
[[ "${COMP_ENABLE}" =~ " framadate " ]] || return
if [ ! -f "${DOCK_LIB}/volumes/framadate_dateConfig/_data/config.php" ]; then
return 0
fi
.$KAZ_BIN_DIR/getPasswords.sh framadateDB framadateServ
checkDockerRunning "${framadateServName}" "Framadate" &&
${SIMU} docker exec -ti "${framadateServName}" bash -c -i "htpasswd -bc /var/framadate/admin/.htpasswd ${framadateServ_HTTPD_USER} ${framadateServ_HTTPD_PASSWORD}"
${SIMU} sed -i \
-e "s/^#*const DB_USER[ ]*=.*$/const DB_USER= '${framadateDB_MYSQL_USER}';/g" \
-e "s/^#*const DB_PASSWORD[ ]*=.*$/const DB_PASSWORD= '${framadateDB_MYSQL_PASSWORD}';/g" \
"${DOCK_LIB}/volumes/framadate_dateConfig/_data/config.php"
}
jirafeauUpdate(){
[[ "${COMP_ENABLE}" =~ " jirafeau " ]] || return
if [ ! -f "${DOCK_LIB}/volumes/jirafeau_fileConfig/_data/config.local.php" ]; then
return 0
fi
. $KAZ_BIN_DIR/getPasswords.sh jirafeauServ
SHA=$(echo -n "${jirafeauServ_HTTPD_PASSWORD}" | sha256sum | cut -d \ -f 1)
${SIMU} sed -i \
-e "s/'admin_password'[ ]*=>[ ]*'[^']*'/'admin_password' => '${SHA}'/g" \
"${DOCK_LIB}/volumes/jirafeau_fileConfig/_data/config.local.php"
}
####################
# main
createMysqlUser "etherpadDB" "${etherpadDBName}"
createMysqlUser "framadateDB" "${framadateDBName}"
createMysqlUser "giteaDB" "${gitDBName}"
createMysqlUser "mattermostDB" "${mattermostDBName}"
createMysqlUser "nextcloudDB" "${nextcloudDBName}"
createMysqlUser "roundcubeDB" "${roundcubeDBName}"
createMysqlUser "sympaDB" "${sympaDBName}"
createMysqlUser "vigiloDB" "${vigiloDBName}"
createMysqlUser "wpDB" "${wordpressDBName}"
createMysqlUser "vaultwardenDB" "${vaultwardenDBName}"
createMysqlUser "castopodDB" "${castopodDBName}"
createMysqlUser "spipDB" "${spipDBName}"
createMysqlUser "mastodonDB" "${mastodonDBName}"
framadateUpdate
jirafeauUpdate
exit 0

104
bin/createEmptyPasswd.sh
View File

@@ -1,104 +0,0 @@
#!/bin/bash
cd $(dirname $0)/..
mkdir -p emptySecret
rsync -aHAX --info=progress2 --delete secret/ emptySecret/
cd emptySecret/
. ../config/dockers.env
. ./SetAllPass.sh
# pour mise au point
# SIMU=echo
cleanEnvDB(){
# $1 = prefix
# $2 = envName
# $3 = containerName of DB
rootPass="--root_password--"
dbName="--database_name--"
userName="--user_name--"
userPass="--user_password--"
${SIMU} sed -i \
-e "s/MYSQL_ROOT_PASSWORD=.*/MYSQL_ROOT_PASSWORD=${rootPass}/g" \
-e "s/MYSQL_DATABASE=.*/MYSQL_DATABASE=${dbName}/g" \
-e "s/MYSQL_USER=.*/MYSQL_USER=${userName}/g" \
-e "s/MYSQL_PASSWORD=.*/MYSQL_PASSWORD=${userPass}/g" \
"$2"
}
cleanEnv(){
# $1 = prefix
# $2 = envName
for varName in $(grep "^[a-zA-Z_]*=" $2 | sed "s/^\([^=]*\)=.*/\1/g")
do
srcName="$1_${varName}"
srcVal="--clean_val--"
${SIMU} sed -i \
-e "s~^[ ]*${varName}=.*$~${varName}=${srcVal}~" \
"$2"
done
}
cleanPasswd(){
${SIMU} sed -i \
-e 's/^\([# ]*[^#= ]*\)=".[^{][^"]*"/\1="--clean_val--"/g' \
./SetAllPass.sh
}
####################
# main
# read -r -p "Do you want to remove all password? [Y/n] " input
# case $input in
# [yY][eE][sS]|[yY])
# echo "Remove all password"
# ;;
# [nN][oO]|[nN])
# echo "Abort"
# ;;
# *)
# echo "Invalid input..."
# exit 1
# ;;
# esac
cleanPasswd
cleanEnvDB "etherpad" "./env-${etherpadDBName}" "${etherpadDBName}"
cleanEnvDB "framadate" "./env-${framadateDBName}" "${framadateDBName}"
cleanEnvDB "git" "./env-${gitDBName}" "${gitDBName}"
cleanEnvDB "mattermost" "./env-${mattermostDBName}" "${mattermostDBName}"
cleanEnvDB "nextcloud" "./env-${nextcloudDBName}" "${nextcloudDBName}"
cleanEnvDB "roundcube" "./env-${roundcubeDBName}" "${roundcubeDBName}"
cleanEnvDB "sso" "./env-${ssoDBName}" "${ssoDBName}"
cleanEnvDB "sympa" "./env-${sympaDBName}" "${sympaDBName}"
cleanEnvDB "vigilo" "./env-${vigiloDBName}" "${vigiloDBName}"
cleanEnvDB "wp" "./env-${wordpressDBName}" "${wordpressDBName}"
cleanEnv "etherpad" "./env-${etherpadServName}"
cleanEnv "gandi" "./env-gandi"
cleanEnv "jirafeau" "./env-${jirafeauServName}"
cleanEnv "mattermost" "./env-${mattermostServName}"
cleanEnv "nextcloud" "./env-${nextcloudServName}"
cleanEnv "office" "./env-${officeServName}"
cleanEnv "roundcube" "./env-${roundcubeServName}"
cleanEnv "sso" "./env-${ssoServName}"
cleanEnv "vigilo" "./env-${vigiloServName}"
cleanEnv "wp" "./env-${wordpressServName}"
cat > allow_admin_ip <<EOF
# ip for admin access only
# local test
allow 127.0.0.0/8;
allow 192.168.0.0/16;
EOF
chmod -R go= .
chmod -R +X .

7
bin/createSrcDocker.sh
View File

@@ -3,14 +3,13 @@
cd $(dirname $0) cd $(dirname $0)
./setOwner.sh ./setOwner.sh
./createEmptyPasswd.sh
cd ../.. cd ../..
FILE_NAME="/tmp/$(date +'%Y%M%d')-KAZ.tar.bz2" FILE_NAME="/tmp/$(date +'%Y%m%d')-KAZ.tar.bz2"
tar -cjf "${FILE_NAME}" --transform s/emptySecret/secret/ \ tar -cjf "${FILE_NAME}" --transform s/secret.tmpl/secret/ \
./kaz/emptySecret/ ./kaz/bin ./kaz/config ./kaz/dockers ./kaz/secret.tmpl/ ./kaz/bin ./kaz/config ./kaz/dockers
ls -l "${FILE_NAME}" ls -l "${FILE_NAME}"

78
bin/createUser.sh
View File

@@ -37,12 +37,12 @@ setKazVars
cd "${KAZ_ROOT}" cd "${KAZ_ROOT}"
. "${DOCKERS_ENV}" . "${DOCKERS_ENV}"
. "${KAZ_KEY_DIR}/SetAllPass.sh"
. $KAZ_BIN_DIR/getPasswords.sh ldapServ sympaServ paheko
# DOCK_DIR="${KAZ_COMP_DIR}" # ??? # DOCK_DIR="${KAZ_COMP_DIR}" # ???
SETUP_MAIL="docker exec -ti mailServ setup"
# on détermine le script appelant, le fichier log et le fichier source, tous issus de la même racine # on détermine le script appelant, le fichier log et le fichier source, tous issus de la même racine
PRG=$(basename $0) PRG=$(basename $0)
RACINE=${PRG%.sh} RACINE=${PRG%.sh}
@@ -210,15 +210,6 @@ done
echo "numero,nom,quota_disque,action_auto" > "${TEMP_PAHEKO}" echo "numero,nom,quota_disque,action_auto" > "${TEMP_PAHEKO}"
echo "curl \"https://${paheko_API_USER}:${paheko_API_PASSWORD}@kaz-paheko.kaz.bzh/api/user/import\" -T \"${TEMP_PAHEKO}\"" >> "${CMD_PAHEKO}" echo "curl \"https://${paheko_API_USER}:${paheko_API_PASSWORD}@kaz-paheko.kaz.bzh/api/user/import\" -T \"${TEMP_PAHEKO}\"" >> "${CMD_PAHEKO}"
#echo "récupération des login postfix... "
## on stocke les emails et les alias KAZ déjà créés
#(
# ${SETUP_MAIL} email list
# ${SETUP_MAIL} alias list
#) | cut -d ' ' -f 2 | grep @ | sort > "${TFILE_EMAIL}"
# did on supprime le ^M en fin de fichier pour pas faire planter les grep
#dos2unix "${TFILE_EMAIL}"
echo "on récupère tous les emails (secours/alias/kaz) sur le ldap" echo "on récupère tous les emails (secours/alias/kaz) sur le ldap"
FILE_LDIF=/home/sauve/ldap.ldif FILE_LDIF=/home/sauve/ldap.ldif
/kaz/bin/ldap/ldap_sauve.sh /kaz/bin/ldap/ldap_sauve.sh
@@ -226,13 +217,14 @@ gunzip ${FILE_LDIF}.gz -f
grep -aEiorh '([[:alnum:]]+([._-][[:alnum:]]+)*@[[:alnum:]]+([._-][[:alnum:]]+)*\.[[:alpha:]]{2,6})' ${FILE_LDIF} | sort -u > ${TFILE_EMAIL} grep -aEiorh '([[:alnum:]]+([._-][[:alnum:]]+)*@[[:alnum:]]+([._-][[:alnum:]]+)*\.[[:alpha:]]{2,6})' ${FILE_LDIF} | sort -u > ${TFILE_EMAIL}
echo "récupération des login mattermost... " echo "récupération des login mattermost... "
docker exec -ti mattermostServ bin/mmctl user list --all | grep ":.*(" | cut -d ':' -f 2 | cut -d ' ' -f 2 | sort > "${TFILE_MM}" docker exec -i mattermostServ bin/mmctl user list --all | grep ":.*(" | cut -d ':' -f 2 | cut -d ' ' -f 2 | sort > "${TFILE_MM}"
dos2unix "${TFILE_MM}" dos2unix "${TFILE_MM}"
echo "done" echo "done"
# se connecter à l'agora pour ensuite pouvoir passer toutes les commandes mmctl # se connecter à l'agora pour ensuite pouvoir passer toutes les commandes mmctl
echo "docker exec -ti mattermostServ bin/mmctl auth login ${httpProto}://${URL_AGORA} --name local-server --username ${mattermost_user} --password ${mattermost_pass}" | tee -a "${CMD_INIT}" . $KAZ_KEY_DIR/env-mattermostAdmin
echo "docker exec -i mattermostServ bin/mmctl auth login ${httpProto}://${URL_AGORA} --name local-server --username ${mattermost_user} --password ${mattermost_pass}" | tee -a "${CMD_INIT}"
# vérif des emails # vérif des emails
regex="^(([A-Za-z0-9]+((\.|\-|\_|\+)?[A-Za-z0-9]?)*[A-Za-z0-9]+)|[A-Za-z0-9]+)@(([A-Za-z0-9]+)+((\.|\-|\_)?([A-Za-z0-9]+)+)*)+\.([A-Za-z]{2,})+$" regex="^(([A-Za-z0-9]+((\.|\-|\_|\+)?[A-Za-z0-9]?)*[A-Za-z0-9]+)|[A-Za-z0-9]+)@(([A-Za-z0-9]+)+((\.|\-|\_)?([A-Za-z0-9]+)+)*)+\.([A-Za-z]{2,})+$"
@@ -287,7 +279,8 @@ while read ligne; do
PASSWORD=$(awk -F ";" '{print $16}' <<< "${ligne}" | xargs) PASSWORD=$(awk -F ";" '{print $16}' <<< "${ligne}" | xargs)
IDENT_KAZ=$(unaccent utf8 "${PRENOM,,}.${NOM,,}") IDENT_KAZ=$(unaccent utf8 "${PRENOM,,}.${NOM,,}")
EMAIL_SOUHAITE=${tab_email[EMAIL_SOUHAITE]} #email en minuscule
EMAIL_SOUHAITE=${tab_email[EMAIL_SOUHAITE],,}
EMAIL_SECOURS=${tab_email[EMAIL_SECOURS]} EMAIL_SECOURS=${tab_email[EMAIL_SECOURS]}
echo -e "${NL}***************************** traitement de ${ligne}" | tee -a "${LOG}" echo -e "${NL}***************************** traitement de ${ligne}" | tee -a "${LOG}"
@@ -378,8 +371,6 @@ while read ligne; do
else else
SEND_MSG_CREATE=true SEND_MSG_CREATE=true
echo "${EMAIL_SOUHAITE} n'existe pas" | tee -a "${LOG}" echo "${EMAIL_SOUHAITE} n'existe pas" | tee -a "${LOG}"
echo "${SETUP_MAIL} email add ${EMAIL_SOUHAITE} ${PASSWORD}" | tee -a "${CMD_LOGIN}"
echo "${SETUP_MAIL} quota set ${EMAIL_SOUHAITE} ${QUOTA}G" | tee -a "${CMD_LOGIN}"
# LDAP, à tester # LDAP, à tester
user=$(echo ${EMAIL_SOUHAITE} | awk -F '@' '{print $1}') user=$(echo ${EMAIL_SOUHAITE} | awk -F '@' '{print $1}')
domain=$(echo ${EMAIL_SOUHAITE} | awk -F '@' '{print $2}') domain=$(echo ${EMAIL_SOUHAITE} | awk -F '@' '{print $2}')
@@ -405,9 +396,9 @@ nextcloudEnabled: TRUE\n\
nextcloudQuota: ${QUOTA} GB\n\ nextcloudQuota: ${QUOTA} GB\n\
mobilizonEnabled: TRUE\n\ mobilizonEnabled: TRUE\n\
agoraEnabled: TRUE\n\ agoraEnabled: TRUE\n\
userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldap_LDAP_ADMIN_PASSWORD}" | tee -a "${CMD_LOGIN}" userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}" | tee -a "${CMD_LOGIN}"
fi fi
#userPassword: {CRYPT}\$6\$${pass}\n\n\" | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldap_LDAP_CONFIG_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldap_LDAP_CONFIG_ADMIN_PASSWORD}" | tee -a "${CMD_LOGIN}" #userPassword: {CRYPT}\$6\$${pass}\n\n\" | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldapServ_LDAP_CONFIG_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldapServ_LDAP_CONFIG_ADMIN_PASSWORD}" | tee -a "${CMD_LOGIN}"
CREATE_ORGA_SERVICES="" CREATE_ORGA_SERVICES=""
@@ -436,15 +427,16 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$
MESSAGE_MAIL_ORGA_1="${MESSAGE_MAIL_ORGA_1}${NL}* un bureau virtuel pour stocker des fichiers/calendriers/contacts et partager avec vos connaissances : ${httpProto}://${URL_NC}" MESSAGE_MAIL_ORGA_1="${MESSAGE_MAIL_ORGA_1}${NL}* un bureau virtuel pour stocker des fichiers/calendriers/contacts et partager avec vos connaissances : ${httpProto}://${URL_NC}"
# le user existe t-il déjà sur NC ? # le user existe t-il déjà sur NC ?
curl -o "${TEMP_USER_NC}" -X GET -H 'OCS-APIRequest:true' "${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users?search=${IDENT_KAZ}" . $KAZ_KEY_DIR/env-nextcloudServ
curl -o "${TEMP_USER_NC}" -X GET -H 'OCS-APIRequest:true' "${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users?search=${IDENT_KAZ}"
if grep -q "<element>${IDENT_KAZ}</element>" "${TEMP_USER_NC}"; then if grep -q "<element>${IDENT_KAZ}</element>" "${TEMP_USER_NC}"; then
echo "${IDENT_KAZ} existe déjà sur ${URL_NC}" | tee -a "${LOG}" echo "${IDENT_KAZ} existe déjà sur ${URL_NC}" | tee -a "${LOG}"
else else
# on créé l'utilisateur sur NC sauf si c'est le NC général, on ne créé jamais l'utilisateur7 # on créé l'utilisateur sur NC sauf si c'est le NC général, on ne créé jamais l'utilisateur7
if [ ${URL_NC} != "${cloudHost}.${domain}" ]; then if [ ${URL_NC} != "${cloudHost}.${domain}" ]; then
. $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudServ
echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users \ echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users \
-d userid='${IDENT_KAZ}' \ -d userid='${IDENT_KAZ}' \
-d displayName='${PRENOM} ${NOM}' \ -d displayName='${PRENOM} ${NOM}' \
-d password='${PASSWORD}' \ -d password='${PASSWORD}' \
@@ -457,19 +449,22 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$
# s'il est admin de son orga, on le met admin # s'il est admin de son orga, on le met admin
if [ "${service[ADMIN_ORGA]}" == "O" -a "${ORGA}" != "" -a "${service[NC_ORGA]}" == "O" ]; then if [ "${service[ADMIN_ORGA]}" == "O" -a "${ORGA}" != "" -a "${service[NC_ORGA]}" == "O" ]; then
echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://${nextcloud_NEXTCLOUD_ADMIN_USER}:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users/${IDENT_KAZ}/groups -d groupid='admin'" | tee -a "${CMD_INIT}" . $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudServ
echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users/${IDENT_KAZ}/groups -d groupid='admin'" | tee -a "${CMD_INIT}"
fi fi
# faut-il mettre le user NC dans un groupe particulier sur le NC de base ? # faut-il mettre le user NC dans un groupe particulier sur le NC de base ?
if [ "${GROUPE_NC_BASE}" != "" -a "${service[NC_BASE]}" == "O" ]; then if [ "${GROUPE_NC_BASE}" != "" -a "${service[NC_BASE]}" == "O" ]; then
# ici on travaille à nouveau sur le NC commun, donc on rechoppe les bons mdp
. $KAZ_KEY_DIR/env-nextcloudServ
# le groupe existe t-il déjà ? # le groupe existe t-il déjà ?
curl -o "${TEMP_GROUP_NC}" -X GET -H 'OCS-APIRequest:true' "${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/groups?search=${GROUPE_NC_BASE}" curl -o "${TEMP_GROUP_NC}" -X GET -H 'OCS-APIRequest:true' "${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/groups?search=${GROUPE_NC_BASE}"
nb=$(grep "<element>${GROUPE_NC_BASE}</element>" "${TEMP_GROUP_NC}" | wc -l) nb=$(grep "<element>${GROUPE_NC_BASE}</element>" "${TEMP_GROUP_NC}" | wc -l)
if [ "${nb}" == "0" ];then if [ "${nb}" == "0" ];then
echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/groups -d groupid=${GROUPE_NC_BASE}" | tee -a "${CMD_INIT}" echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/groups -d groupid=${GROUPE_NC_BASE}" | tee -a "${CMD_INIT}"
fi fi
# puis attacher le user au groupe # puis attacher le user au groupe
echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users/${IDENT_KAZ}/groups -d groupid=${GROUPE_NC_BASE}" | tee -a "${CMD_INIT}" echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users/${IDENT_KAZ}/groups -d groupid=${GROUPE_NC_BASE}" | tee -a "${CMD_INIT}"
fi fi
fi fi
@@ -495,7 +490,8 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$
# TODO : vérif existance user # TODO : vérif existance user
# # le user existe t-il déjà sur le wp ? # # le user existe t-il déjà sur le wp ?
# curl -o "${TEMP_USER_WP}" -X GET "${httpProto}://${wp_WORDPRESS_ADMIN_USER}:${wp_WORDPRESS_ADMIN_PASSWORD}@${URL_WP_ORGA}/ocs/v1.php/cloud/users?search=${IDENT_KAZ}" # . $KAZ_BIN_DIR/getPasswords.sh wpServ
# curl -o "${TEMP_USER_WP}" -X GET "${httpProto}://${wpServ_WORDPRESS_ADMIN_USER}:${wpServ_WORDPRESS_ADMIN_PASSWORD}@${URL_WP_ORGA}/ocs/v1.php/cloud/users?search=${IDENT_KAZ}"
# nb_user_wp_orga=$(grep "<element>${IDENT_KAZ}</element>" "${TEMP_USER_WP}" | wc -l) # nb_user_wp_orga=$(grep "<element>${IDENT_KAZ}</element>" "${TEMP_USER_WP}" | wc -l)
# if [ "${nb_user_wp_orga}" != "0" ];then # if [ "${nb_user_wp_orga}" != "0" ];then
# ( # (
@@ -513,7 +509,7 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$
# ) | tee -a "${LOG}" # ) | tee -a "${LOG}"
# #
# # on supprime l'utilisateur sur NC. # # on supprime l'utilisateur sur NC.
# echo "curl -X DELETE -H 'OCS-APIRequest:true' ${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users \ # echo "curl -X DELETE -H 'OCS-APIRequest:true' ${httpProto}://admin:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users \
# -d userid='${IDENT_KAZ}' \ # -d userid='${IDENT_KAZ}' \
# " | tee -a "${CMD_INIT}" # " | tee -a "${CMD_INIT}"
# fi # fi
@@ -596,11 +592,11 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$
echo "${IDENT_KAZ} existe déjà sur mattermost" | tee -a "${LOG}" echo "${IDENT_KAZ} existe déjà sur mattermost" | tee -a "${LOG}"
else else
# on créé le compte mattermost # on créé le compte mattermost
echo "docker exec -ti mattermostServ bin/mmctl user create --email ${EMAIL_SOUHAITE} --username ${IDENT_KAZ} --password ${PASSWORD}" | tee -a "${CMD_LOGIN}" echo "docker exec -i mattermostServ bin/mmctl user create --email ${EMAIL_SOUHAITE} --username ${IDENT_KAZ} --password ${PASSWORD}" | tee -a "${CMD_LOGIN}"
# et enfin on ajoute toujours le user à l'équipe KAZ et aux 2 channels publiques # et enfin on ajoute toujours le user à l'équipe KAZ et aux 2 channels publiques
echo "docker exec -ti mattermostServ bin/mmctl team users add kaz ${EMAIL_SOUHAITE}" | tee -a "${CMD_LOGIN}" echo "docker exec -i mattermostServ bin/mmctl team users add kaz ${EMAIL_SOUHAITE}" | tee -a "${CMD_LOGIN}"
echo "docker exec -ti mattermostServ bin/mmctl channel users add kaz:une-question--un-soucis ${EMAIL_SOUHAITE}" | tee -a "${CMD_LOGIN}" echo "docker exec -i mattermostServ bin/mmctl channel users add kaz:une-question--un-soucis ${EMAIL_SOUHAITE}" | tee -a "${CMD_LOGIN}"
echo "docker exec -ti mattermostServ bin/mmctl channel users add kaz:cafe-du-commerce--ouvert-2424h ${EMAIL_SOUHAITE}" | tee -a "${CMD_LOGIN}" echo "docker exec -i mattermostServ bin/mmctl channel users add kaz:cafe-du-commerce--ouvert-2424h ${EMAIL_SOUHAITE}" | tee -a "${CMD_LOGIN}"
NB_SERVICES_BASE=$((NB_SERVICES_BASE+1)) NB_SERVICES_BASE=$((NB_SERVICES_BASE+1))
fi fi
@@ -608,10 +604,10 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$
# l'équipe existe t-elle déjà ? # l'équipe existe t-elle déjà ?
nb=$(docker exec mattermostServ bin/mmctl team list | grep -w "${EQUIPE_AGORA}" | wc -l) nb=$(docker exec mattermostServ bin/mmctl team list | grep -w "${EQUIPE_AGORA}" | wc -l)
if [ "${nb}" == "0" ];then # non, on la créé en mettant le user en admin de l'équipe if [ "${nb}" == "0" ];then # non, on la créé en mettant le user en admin de l'équipe
echo "docker exec -ti mattermostServ bin/mmctl team create --name ${EQUIPE_AGORA} --display_name ${EQUIPE_AGORA} --email ${EMAIL_SOUHAITE}" --private | tee -a "${CMD_INIT}" echo "docker exec -i mattermostServ bin/mmctl team create --name ${EQUIPE_AGORA} --display_name ${EQUIPE_AGORA} --email ${EMAIL_SOUHAITE}" --private | tee -a "${CMD_INIT}"
fi fi
# puis ajouter le user à l'équipe # puis ajouter le user à l'équipe
echo "docker exec -ti mattermostServ bin/mmctl team users add ${EQUIPE_AGORA} ${EMAIL_SOUHAITE}" | tee -a "${CMD_INIT}" echo "docker exec -i mattermostServ bin/mmctl team users add ${EQUIPE_AGORA} ${EMAIL_SOUHAITE}" | tee -a "${CMD_INIT}"
fi fi
if [ -n "${CREATE_ORGA_SERVICES}" ]; then if [ -n "${CREATE_ORGA_SERVICES}" ]; then
@@ -628,16 +624,16 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$
# TODO : utiliser liste sur dev également # TODO : utiliser liste sur dev également
# on inscrit le user sur sympa, à la liste infos@${domain_sympa} # on inscrit le user sur sympa, à la liste infos@${domain_sympa}
# docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=https://listes.kaz.sns/sympasoap --trusted_application=SOAP_USER --trusted_application_password=SOAP_PASSWORD --proxy_vars="USER_EMAIL=contact1@kaz.sns" --service=which # docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=https://listes.kaz.sns/sympasoap --trusted_application=SOAP_USER --trusted_application_password=SOAP_PASSWORD --proxy_vars="USER_EMAIL=contact1@kaz.sns" --service=which
if [[ "${mode}" = "dev" ]]; then if [[ "${mode}" = "dev" ]]; then
echo "# DEV, on teste l'inscription à sympa"| tee -a "${CMD_SYMPA}" echo "# DEV, on teste l'inscription à sympa"| tee -a "${CMD_SYMPA}"
LISTMASTER=$(echo ${sympa_LISTMASTERS} | cut -d',' -f1) LISTMASTER=$(echo ${sympaServ_LISTMASTERS} | cut -d',' -f1)
echo "docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\"" | tee -a "${CMD_SYMPA}" echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\"" | tee -a "${CMD_SYMPA}"
else else
echo "# PROD, on inscrit à sympa"| tee -a "${CMD_SYMPA}" echo "# PROD, on inscrit à sympa"| tee -a "${CMD_SYMPA}"
LISTMASTER=$(echo ${sympa_LISTMASTERS} | cut -d',' -f1) LISTMASTER=$(echo ${sympaServ_LISTMASTERS} | cut -d',' -f1)
echo "docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\"" | tee -a "${CMD_SYMPA}" echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\"" | tee -a "${CMD_SYMPA}"
echo "docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SECOURS}\"" | tee -a "${CMD_SYMPA}" echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SECOURS}\"" | tee -a "${CMD_SYMPA}"
fi fi
if [ "${service[ADMIN_ORGA]}" == "O" ]; then if [ "${service[ADMIN_ORGA]}" == "O" ]; then
@@ -759,7 +755,7 @@ ${MAIL_KAZ}
EOF" | tee -a "${CMD_MSG}" EOF" | tee -a "${CMD_MSG}"
echo " # on envoie la confirmation d'inscription sur l'agora " | tee -a "${CMD_MSG}" echo " # on envoie la confirmation d'inscription sur l'agora " | tee -a "${CMD_MSG}"
echo "docker exec -ti mattermostServ bin/mmctl post create kaz:Creation-Comptes --message \"${MAIL_KAZ}\"" | tee -a "${CMD_MSG}" echo "docker exec -i mattermostServ bin/mmctl post create kaz:Creation-Comptes --message \"${MAIL_KAZ}\"" | tee -a "${CMD_MSG}"
# fin des inscriptions # fin des inscriptions
done <<< "${ALL_LINES}" done <<< "${ALL_LINES}"

128
bin/dns.sh
View File

@@ -1,6 +1,11 @@
#!/bin/bash #/bin/bash
# list/ajout/supprime/ un sous-domaine #koi: gestion des records dns sur AlwaysData
#ki: fanch&gaël&fab
#kan: 06/04/2025
#doc: https://api.alwaysdata.com/v1/record/doc/
#doc: https://help.alwaysdata.com/fr/api/
KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd) KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh" . "${KAZ_ROOT}/bin/.commonFunctions.sh"
@@ -15,6 +20,7 @@ export ETC_HOSTS="/etc/hosts"
# no more export in .env # no more export in .env
export $(set | grep "domain=") export $(set | grep "domain=")
#TODO: récupérer la liste des services kaz au lieu des les écrire en dur
declare -a forbidenName declare -a forbidenName
forbidenName=(${calcHost} calc ${cloudHost} bureau ${dateHost} date ${dokuwikiHost} dokuwiki ${fileHost} file ${ldapHost} ${pahekoHost} ${gitHost} ${gravHost} ${matterHost} ${officeHost} collabora ${padHost} ${sympaHost} listes ${webmailHost} ${wordpressHost} www ${vigiloHost} form) forbidenName=(${calcHost} calc ${cloudHost} bureau ${dateHost} date ${dokuwikiHost} dokuwiki ${fileHost} file ${ldapHost} ${pahekoHost} ${gitHost} ${gravHost} ${matterHost} ${officeHost} collabora ${padHost} ${sympaHost} listes ${webmailHost} ${wordpressHost} www ${vigiloHost} form)
@@ -31,6 +37,15 @@ usage(){
exit 1 exit 1
} }
. "${KAZ_KEY_DIR}/env-alwaysdata"
if [[ -z "${ALWAYSDATA_TOKEN}" ]] ; then
echo "no ALWAYSDATA_TOKEN set in ${KAZ_KEY_DIR}/env-alwaysdata"
usage
fi
DOMAIN_ID=$(curl -s -X GET --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" ${ALWAYSDATA_API}/domain/?name=${domain} | jq '.[0].id')
for ARG in $@ for ARG in $@
do do
case "${ARG}" in case "${ARG}" in
@@ -60,78 +75,15 @@ if [ -z "${CMD}" ]; then
usage usage
fi fi
. "${KAZ_KEY_DIR}/env-gandi"
if [[ -z "${GANDI_KEY}" ]] ; then
echo
echo "no GANDI_KEY set in ${KAZ_KEY_DIR}/env-gandi"
usage
fi
waitNet () {
if [[ "${domain}" = "kaz.local" ]]; then
return
fi
### wait when error code 503
if [[ $(curl -H "authorization: Apikey ${GANDI_KEY}" --connect-timeout 2 -s -D - "${GANDI_API}" -o /dev/null 2>/dev/null | head -n1) != *200* ]]; then
echo "DNS not available. Please wait..."
while [[ $(curl -H "authorization: Apikey ${GANDI_KEY}" --connect-timeout 2 -s -D - "${GANDI_API}" -o /dev/null 2>/dev/null | head -n1) != *200* ]]
do
sleep 5
done
exit
fi
}
list(){ list(){
if [[ "${domain}" = "kaz.local" ]]; then TARGET=$@
grep --perl-regex "^${IP}\s.*${domain}" "${ETC_HOSTS}" 2> /dev/null | sed -e "s|^${IP}\s*\([0-9a-z.-]${domain}\)$|\1|g" LISTE=$(curl -s -X GET --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" "${ALWAYSDATA_API}/record/?domain=${DOMAIN_ID}&type=CNAME&name=${TARGET}" | jq '.[] | "\(.name):\(.value)"')
return echo ${LISTE}
fi
waitNet
trap 'rm -f "${TMPFILE}"' EXIT
TMPFILE="$(mktemp)" || exit 1
if [[ -n "${SIMU}" ]] ; then
${SIMU} curl -X GET "${GANDI_API}/records" -H "authorization: Apikey ${GANDI_KEY}"
else
curl -X GET "${GANDI_API}/records" -H "authorization: Apikey ${GANDI_KEY}" 2>/dev/null | \
sed "s/,{/\n/g" | \
sed 's/.*rrset_name":"\([^"]*\)".*rrset_values":\["\([^"]*\)".*/\1:\2/g'| \
grep -v '^[_@]'| \
grep -e ":${domain}\.*$" -e ":prod[0-9]*$" > ${TMPFILE}
fi
if [ $# -lt 1 ]; then
cat ${TMPFILE}
else
for ARG in $@
do
cat ${TMPFILE} | grep "${ARG}.*:"
done
fi
} }
saveDns () { saveDns () {
for ARG in $@ ; do mkdir -p /root/dns
if [[ "${ARG}" =~ .local$ ]] ; then ${SIMU} curl -s -X GET --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" "${ALWAYSDATA_API}/record/?domain=${DOMAIN_ID}" -o /root/dns/dns_save_$(date +'%Y%m%d%H%M%S')
echo "${PRG}: old fasion style (remove .local at the end)"
usage;
fi
if [[ "${ARG}" =~ .bzh$ ]] ; then
echo "${PRG}: old fasion style (remove .bzh at the end)"
usage;
fi
if [[ "${ARG}" =~ .dev$ ]] ; then
echo "${PRG}: old fasion style (remove .dev at the end)"
usage;
fi
done
if [[ "${domain}" = "kaz.local" ]]; then
return
fi
waitNet
${SIMU} curl -X POST "${GANDI_API}/snapshots" -H "authorization: Apikey ${GANDI_KEY}" 2>/dev/null
} }
badName(){ badName(){
@@ -154,28 +106,14 @@ add(){
echo "can't manage '${ARG}'. Use -f option" echo "can't manage '${ARG}'. Use -f option"
continue continue
fi fi
case "${domain}" in ${SIMU} curl -s -X POST -d "{\"domain\":\"${DOMAIN_ID}\", \"type\":\"CNAME\", \"name\":\"${ARG}\", \"value\":\"${site}.${domain}\"}" --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" "${ALWAYSDATA_API}/record/"
kaz.local )
if grep -q --perl-regex "^${IP}.*[ \t]${ARG}.${domain}" "${ETC_HOSTS}" 2> /dev/null ; then
break
fi
if grep -q --perl-regex "^${IP}[ \t]" "${ETC_HOSTS}" 2> /dev/null ; then
${SIMU} sudo sed -i -e "0,/^${IP}[ \t]/s/^\(${IP}[ \t]\)/\1${ARG}.${domain} /g" "${ETC_HOSTS}"
else
${SIMU} sudo sed -i -e "$ a ${IP}\t${ARG}.${domain}" "${ETC_HOSTS}" 2> /dev/null
fi
;;
*)
${SIMU} curl -X POST "${GANDI_API}/records" -H "authorization: Apikey ${GANDI_KEY}" -H 'content-type: application/json' -d '{"rrset_type":"CNAME", "rrset_name":"'${ARG}'", "rrset_values":["'${site}'"]}'
echo
;;
esac
ADDED+=("${ARG}") ADDED+=("${ARG}")
done done
echo "Domains added to ${domain}: ${ADDED[@]}" echo "Domains added to ${domain}: ${ADDED[@]}"
} }
del(){ del(){
if [ $# -lt 1 ]; then if [ $# -lt 1 ]; then
exit exit
fi fi
@@ -187,23 +125,11 @@ del(){
echo "can't manage '${ARG}'. Use -f option" echo "can't manage '${ARG}'. Use -f option"
continue continue
fi fi
case "${domain}" in RECORD_ID=$(curl -s -X GET --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" "${ALWAYSDATA_API}/record/?name=${ARG}&type=CNAME&domain=${DOMAIN_ID}" | jq ".[] | select(.name==\"${ARG}\").id")
kaz.local ) ${SIMU} curl -s -X DELETE --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" "${ALWAYSDATA_API}/record/${RECORD_ID}/"
if !grep -q --perl-regex "^${IP}.*[ \t]${ARG}.${domain}" "${ETC_HOSTS}" 2> /dev/null ; then
break
fi
${SIMU} sudo sed -i -e "/^${IP}[ \t]*${ARG}.${domain}[ \t]*$/d" \
-e "s|^\(${IP}.*\)[ \t]${ARG}.${domain}|\1|g" "${ETC_HOSTS}"
;;
* )
${SIMU} curl -X DELETE "${GANDI_API}/records/${ARG}" -H "authorization: Apikey ${GANDI_KEY}"
echo
;;
esac
REMOVED+=("${ARG}") REMOVED+=("${ARG}")
done done
echo "Domains removed from ${domain}: ${REMOVED[@]}" echo "Domains removed from ${domain}: ${REMOVED[@]}"
} }
#echo "CMD: ${CMD} $*"
${CMD} $* ${CMD} $*

135
bin/dns_alwaysdata.sh Executable file
View File

@@ -0,0 +1,135 @@
#/bin/bash
#koi: gestion des records dns sur AlwaysData
#ki: fanch&gaël&fab
#kan: 06/04/2025
#doc: https://api.alwaysdata.com/v1/record/doc/
#doc: https://help.alwaysdata.com/fr/api/
KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars
. "${DOCKERS_ENV}"
cd "${KAZ_ROOT}"
export PRG="$0"
export IP="127.0.0.1"
export ETC_HOSTS="/etc/hosts"
# no more export in .env
export $(set | grep "domain=")
#TODO: récupérer la liste des services kaz au lieu des les écrire en dur
declare -a forbidenName
forbidenName=(${calcHost} calc ${cloudHost} bureau ${dateHost} date ${dokuwikiHost} dokuwiki ${fileHost} file ${ldapHost} ${pahekoHost} ${gitHost} ${gravHost} ${matterHost} ${officeHost} collabora ${padHost} ${sympaHost} listes ${webmailHost} ${wordpressHost} www ${vigiloHost} form)
export FORCE="NO"
export CMD=""
export SIMU=""
usage(){
echo "Usage: ${PRG} list [sub-domain...]"
echo " ${PRG} [-n] [-f] {add/del} sub-domain..."
echo " -h help"
echo " -n simulation"
echo " -f force protected domain"
exit 1
}
. "${KAZ_KEY_DIR}/env-alwaysdata"
if [[ -z "${ALWAYSDATA_TOKEN}" ]] ; then
echo "no ALWAYSDATA_TOKEN set in ${KAZ_KEY_DIR}/env-alwaysdata"
usage
fi
DOMAIN_ID=$(curl -s -X GET --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" ${ALWAYSDATA_API}/domain/?name=${domain} | jq '.[0].id')
for ARG in $@
do
case "${ARG}" in
'-h' | '-help' )
usage
;;
'-f' )
shift
export FORCE="YES"
;;
'-n' )
shift
export SIMU="echo"
;;
'list'|'add'|'del' )
shift
CMD="${ARG}"
break
;;
* )
usage
;;
esac
done
if [ -z "${CMD}" ]; then
usage
fi
list(){
TARGET=$@
LISTE=$(curl -s -X GET --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" "${ALWAYSDATA_API}/record/?domain=${DOMAIN_ID}&type=CNAME&name=${TARGET}" | jq '.[] | "\(.name):\(.value)"')
echo ${LISTE}
}
saveDns () {
mkdir -p /root/dns
${SIMU} curl -s -X GET --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" "${ALWAYSDATA_API}/record/?domain=${DOMAIN_ID}" -o /root/dns/dns_save_$(date +'%Y%m%d%H%M%S')
}
badName(){
[[ -z "$1" ]] && return 0;
for item in "${forbidenName[@]}"; do
[[ "${item}" == "$1" ]] && [[ "${FORCE}" == "NO" ]] && return 0
done
return 1
}
add(){
if [ $# -lt 1 ]; then
exit
fi
saveDns $@
declare -a ADDED
for ARG in $@
do
if badName "${ARG}" ; then
echo "can't manage '${ARG}'. Use -f option"
continue
fi
${SIMU} curl -s -X POST -d "{\"domain\":\"${DOMAIN_ID}\", \"type\":\"CNAME\", \"name\":\"${ARG}\", \"value\":\"${site}.${domain}\"}" --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" "${ALWAYSDATA_API}/record/"
ADDED+=("${ARG}")
done
echo "Domains added to ${domain}: ${ADDED[@]}"
}
del(){
if [ $# -lt 1 ]; then
exit
fi
saveDns $@
declare -a REMOVED
for ARG in $@
do
if badName "${ARG}" ; then
echo "can't manage '${ARG}'. Use -f option"
continue
fi
RECORD_ID=$(curl -s -X GET --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" "${ALWAYSDATA_API}/record/?name=${ARG}&type=CNAME&domain=${DOMAIN_ID}" | jq ".[] | select(.name==\"${ARG}\").id")
${SIMU} curl -s -X DELETE --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" "${ALWAYSDATA_API}/record/${RECORD_ID}/"
REMOVED+=("${ARG}")
done
echo "Domains removed from ${domain}: ${REMOVED[@]}"
}
${CMD} $*

209
bin/dns_gandi.sh Executable file
View File

@@ -0,0 +1,209 @@
#!/bin/bash
# list/ajout/supprime/ un sous-domaine
KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars
. "${DOCKERS_ENV}"
cd "${KAZ_ROOT}"
export PRG="$0"
export IP="127.0.0.1"
export ETC_HOSTS="/etc/hosts"
# no more export in .env
export $(set | grep "domain=")
declare -a forbidenName
forbidenName=(${calcHost} calc ${cloudHost} bureau ${dateHost} date ${dokuwikiHost} dokuwiki ${fileHost} file ${ldapHost} ${pahekoHost} ${gitHost} ${gravHost} ${matterHost} ${officeHost} collabora ${padHost} ${sympaHost} listes ${webmailHost} ${wordpressHost} www ${vigiloHost} form)
export FORCE="NO"
export CMD=""
export SIMU=""
usage(){
echo "Usage: ${PRG} list [sub-domain...]"
echo " ${PRG} [-n] [-f] {add/del} sub-domain..."
echo " -h help"
echo " -n simulation"
echo " -f force protected domain"
exit 1
}
for ARG in $@
do
case "${ARG}" in
'-h' | '-help' )
usage
;;
'-f' )
shift
export FORCE="YES"
;;
'-n' )
shift
export SIMU="echo"
;;
'list'|'add'|'del' )
shift
CMD="${ARG}"
break
;;
* )
usage
;;
esac
done
if [ -z "${CMD}" ]; then
usage
fi
. "${KAZ_KEY_DIR}/env-gandi"
if [[ -z "${GANDI_KEY}" ]] ; then
echo
echo "no GANDI_KEY set in ${KAZ_KEY_DIR}/env-gandi"
usage
fi
waitNet () {
if [[ "${domain}" = "kaz.local" ]]; then
return
fi
### wait when error code 503
if [[ $(curl -H "authorization: Apikey ${GANDI_KEY}" --connect-timeout 2 -s -D - "${GANDI_API}" -o /dev/null 2>/dev/null | head -n1) != *200* ]]; then
echo "DNS not available. Please wait..."
while [[ $(curl -H "authorization: Apikey ${GANDI_KEY}" --connect-timeout 2 -s -D - "${GANDI_API}" -o /dev/null 2>/dev/null | head -n1) != *200* ]]
do
sleep 5
done
exit
fi
}
list(){
if [[ "${domain}" = "kaz.local" ]]; then
grep --perl-regex "^${IP}\s.*${domain}" "${ETC_HOSTS}" 2> /dev/null | sed -e "s|^${IP}\s*\([0-9a-z.-]${domain}\)$|\1|g"
return
fi
waitNet
trap 'rm -f "${TMPFILE}"' EXIT
TMPFILE="$(mktemp)" || exit 1
if [[ -n "${SIMU}" ]] ; then
${SIMU} curl -X GET "${GANDI_API}/records" -H "authorization: Apikey ${GANDI_KEY}"
else
curl -X GET "${GANDI_API}/records" -H "authorization: Apikey ${GANDI_KEY}" 2>/dev/null | \
sed "s/,{/\n/g" | \
sed 's/.*rrset_name":"\([^"]*\)".*rrset_values":\["\([^"]*\)".*/\1:\2/g'| \
grep -v '^[_@]'| \
grep -e ":${domain}\.*$" -e ":prod[0-9]*$" > ${TMPFILE}
fi
if [ $# -lt 1 ]; then
cat ${TMPFILE}
else
for ARG in $@
do
cat ${TMPFILE} | grep "${ARG}.*:"
done
fi
}
saveDns () {
for ARG in $@ ; do
if [[ "${ARG}" =~ .local$ ]] ; then
echo "${PRG}: old fasion style (remove .local at the end)"
usage;
fi
if [[ "${ARG}" =~ .bzh$ ]] ; then
echo "${PRG}: old fasion style (remove .bzh at the end)"
usage;
fi
if [[ "${ARG}" =~ .dev$ ]] ; then
echo "${PRG}: old fasion style (remove .dev at the end)"
usage;
fi
done
if [[ "${domain}" = "kaz.local" ]]; then
return
fi
waitNet
${SIMU} curl -X POST "${GANDI_API}/snapshots" -H "authorization: Apikey ${GANDI_KEY}" 2>/dev/null
}
badName(){
[[ -z "$1" ]] && return 0;
for item in "${forbidenName[@]}"; do
[[ "${item}" == "$1" ]] && [[ "${FORCE}" == "NO" ]] && return 0
done
return 1
}
add(){
if [ $# -lt 1 ]; then
exit
fi
saveDns $@
declare -a ADDED
for ARG in $@
do
if badName "${ARG}" ; then
echo "can't manage '${ARG}'. Use -f option"
continue
fi
case "${domain}" in
kaz.local )
if grep -q --perl-regex "^${IP}.*[ \t]${ARG}.${domain}" "${ETC_HOSTS}" 2> /dev/null ; then
break
fi
if grep -q --perl-regex "^${IP}[ \t]" "${ETC_HOSTS}" 2> /dev/null ; then
${SIMU} sudo sed -i -e "0,/^${IP}[ \t]/s/^\(${IP}[ \t]\)/\1${ARG}.${domain} /g" "${ETC_HOSTS}"
else
${SIMU} sudo sed -i -e "$ a ${IP}\t${ARG}.${domain}" "${ETC_HOSTS}" 2> /dev/null
fi
;;
*)
${SIMU} curl -X POST "${GANDI_API}/records" -H "authorization: Apikey ${GANDI_KEY}" -H 'content-type: application/json' -d '{"rrset_type":"CNAME", "rrset_name":"'${ARG}'", "rrset_values":["'${site}'"]}'
echo
;;
esac
ADDED+=("${ARG}")
done
echo "Domains added to ${domain}: ${ADDED[@]}"
}
del(){
if [ $# -lt 1 ]; then
exit
fi
saveDns $@
declare -a REMOVED
for ARG in $@
do
if badName "${ARG}" ; then
echo "can't manage '${ARG}'. Use -f option"
continue
fi
case "${domain}" in
kaz.local )
if !grep -q --perl-regex "^${IP}.*[ \t]${ARG}.${domain}" "${ETC_HOSTS}" 2> /dev/null ; then
break
fi
${SIMU} sudo sed -i -e "/^${IP}[ \t]*${ARG}.${domain}[ \t]*$/d" \
-e "s|^\(${IP}.*\)[ \t]${ARG}.${domain}|\1|g" "${ETC_HOSTS}"
;;
* )
${SIMU} curl -X DELETE "${GANDI_API}/records/${ARG}" -H "authorization: Apikey ${GANDI_KEY}"
echo
;;
esac
REMOVED+=("${ARG}")
done
echo "Domains removed from ${domain}: ${REMOVED[@]}"
}
#echo "CMD: ${CMD} $*"
${CMD} $*

176
bin/dynDNS.sh Executable file
View File

@@ -0,0 +1,176 @@
#!/bin/bash
# nohup /kaz/bin/dynDNS.sh &
KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars
. "${DOCKERS_ENV}"
# no more export in .env
export $(set | grep "domain=")
cd "${KAZ_ROOT}"
export PRG="$0"
export MYHOST="${site}"
MYIP_URL="https://kaz.bzh/myip.php"
DNS_IP=""
DELAI_WAIT=10 # DNS occupé
DELAI_GET=5 # min entre 2 requêtes
DELAI_CHANGE=3600 # propagation 1h
DELAI_NO_CHANGE=300 # pas de changement 5 min
BOLD='\e[1m'
RED='\e[0;31m'
GREEN='\e[0;32m'
YELLOW='\e[0;33m'
BLUE='\e[0;34m'
MAGENTA='\e[0;35m'
CYAN='\e[0;36m'
NC='\e[0m' # No Color
NL='
'
export VERBOSE=""
export SIMU=""
usage(){
echo "Usage: ${PRG} list [sub-domain...]"
echo " -h help"
echo " -v verbose"
echo " -n simulation"
exit 1
}
#. "${KAZ_KEY_DIR}/env-gandi"
. "${KAZ_KEY_DIR}/env-alwaysdata"
if [[ -z "${ALWAYSDATA_TOKEN}" ]] ; then
echo "no ALWAYSDATA_TOKEN set in ${KAZ_KEY_DIR}/env-alwaysdata"
usage
fi
DOMAIN_ID=$(curl -s -X GET --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" ${ALWAYSDATA_API}/domain/?name=${domain} | jq '.[0].id')
if [[ -z "${DOMAIN_ID}" ]] ; then
echo "no DOMAIN_ID give by alwaysdata"
usage
fi
# if [[ -z "${GANDI_KEY}" ]] ; then
# echo
# echo "no GANDI_KEY set in ${KAZ_KEY_DIR}/env-gandi"
# usage
# exit
# fi
for ARG in $@
do
case "${ARG}" in
'-h' | '-help' )
usage
;;
'-v' )
shift
export VERBOSE=":"
;;
'-n' )
shift
export SIMU="echo"
;;
* )
usage
;;
esac
done
log () {
echo -e "${BLUE}$(date +%d-%m-%Y-%H-%M-%S)${NC} : $*"
}
simu () {
echo -e "${YELLOW}$(date +%d-%m-%Y-%H-%M-%S)${NC} : $*"
}
cmdWait () {
#ex gandi
#curl -H "authorization: Apikey ${GANDI_KEY}" --connect-timeout 2 -s -D - -o /dev/null "${GANDI_API}" 2>/dev/null
curl -s -X GET --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" --connect-timeout 2 -D - -o /dev/null "${ALWAYSDATA_API}/record/?domain=${DOMAIN_ID}&type=CNAME&name=${TARGET}" 2>/dev/null
}
waitNet () {
### wait when error code 503
if [[ $(cmdWait | head -n1) != *200* ]]; then
log "DNS not available. Please wait..."
while [[ $(cmdWait | head -n1) != *200* ]]; do
[[ -z "${VERBOSE}" ]] || simu curl -s -X GET --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" --connect-timeout 2 -D - -o /dev/null "${ALWAYSDATA_API}/record/?domain=${DOMAIN_ID}&type=CNAME&name=${TARGET}"
sleep "${DELAI_WAIT}"
done
exit
fi
}
getDNS () {
# curl -s -X GET "${GANDI_API}/records" -H "authorization: Apikey ${GANDI_KEY}"|
# sed "s/,{/\n/g"|
# sed 's/.*rrset_name":"\([^"]*\)".*rrset_values":\["\([^"]*\)".*/\1:\2/g'|
# grep -e "^${MYHOST}:"|
# sed "s/^${MYHOST}://g" |
# tr -d '\n\t\r '
${SIMU} curl -s -X GET --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" "${ALWAYSDATA_API}/record/?domain=${DOMAIN_ID}&type=A&name=${MYHOST}" | jq '.[] | "\(.value)"' | tr -d '"'
}
saveDns () {
mkdir -p /root/dns
${SIMU} curl -s -X GET --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" "${ALWAYSDATA_API}/record/?domain=${DOMAIN_ID}" -o /root/dns/dns_save_$(date +'%Y%m%d%H%M%S')
}
setDNS () {
saveDns
# curl -s -X POST "${GANDI_API}/records" -H "authorization: Apikey ${GANDI_KEY}" -H 'content-type: application/json' -d '{"rrset_type":"A", "rrset_name":"'${MYHOST}'", "rrset_values":["'${IP}'"]}'
${SIMU} curl -s -X POST -d "{\"domain\":\"${DOMAIN_ID}\", \"type\":\"A\", \"name\":\"${MYHOST}\", \"value\":\"${IP}\"}" --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" "${ALWAYSDATA_API}/record/"
}
while :; do
sleep "${DELAI_GET}"
IP=$(curl -s "${MYIP_URL}" | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' | tr -d '\n\t\r ')
if ! [[ ${IP} =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
log "BAB IP ${IP}" ; continue
fi
if [ -z "${DNS_IP}" ]; then
# Variable pas encore initialisée
waitNet
DNS_IP=$(getDNS)
if [ -z "${DNS_IP}" ]; then
# C'est la première fois que le site est en prod
log "set ${MYHOST} : ${IP}"
setDNS
DNS_IP=$(getDNS)
log "DNS set ${MYHOST}:${IP} (=${DNS_IP})"
sleep "${DELAI_CHANGE}"
continue
fi
fi
if [ "${DNS_IP}" != "${IP}" ]; then
log "${MYHOST} : ${DNS_IP} must change to ${IP}"
# Changement d'adresse
waitNet
#curl -s -X DELETE "${GANDI_API}/records/${MYHOST}" -H "authorization: Apikey ${GANDI_KEY}"
RECORD_ID=$(curl -s -X GET --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" "${ALWAYSDATA_API}/record/?name=${MYHOST}&type=A&domain=${DOMAIN_ID}" | jq ".[] | select(.name==\"${MYHOST}\").id")
${SIMU} curl -s -X DELETE --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" "${ALWAYSDATA_API}/record/${RECORD_ID}/"
setDNS
DNS_IP=$(getDNS)
log "DNS reset ${MYHOST}:${IP} (=${DNS_IP})"
sleep "${DELAI_CHANGE}"
else
log "OK ${MYHOST}:${DNS_IP} / ${IP}"
sleep ${DELAI_NO_CHANGE}
fi
done

16
bin/gestContainers.sh
View File

@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh . $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars setKazVars
. $DOCKERS_ENV . $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
. $KAZ_ROOT/secret/env-kaz . $KAZ_ROOT/secret/env-kaz
PRG=$(basename $0) PRG=$(basename $0)
@@ -23,7 +22,7 @@ PRG=$(basename $0)
# TEMPO_ACTION_STOP=2 # Lors de redémarrage avec tempo, on attend après le stop # TEMPO_ACTION_STOP=2 # Lors de redémarrage avec tempo, on attend après le stop
# TEMPO_ACTION_START=60 # Lors de redémarrage avec tempo, avant de reload le proxy # TEMPO_ACTION_START=60 # Lors de redémarrage avec tempo, avant de reload le proxy
# DEFAULTCONTAINERS="cloud agora wp wiki office paheko castopod" # DEFAULTCONTAINERS="cloud agora wp wiki office paheko castopod spip"
# APPLIS_PAR_DEFAUT="tasks calendar contacts bookmarks mail richdocuments external drawio snappymail ransomware_protection" #rainloop richdocumentscode # APPLIS_PAR_DEFAUT="tasks calendar contacts bookmarks mail richdocuments external drawio snappymail ransomware_protection" #rainloop richdocumentscode
@@ -42,16 +41,16 @@ CONTAINERS_TYPES=
declare -A DockerServNames # le nom des containers correspondant declare -A DockerServNames # le nom des containers correspondant
DockerServNames=( [cloud]="${nextcloudServName}" [agora]="${mattermostServName}" [wiki]="${dokuwikiServName}" [wp]="${wordpressServName}" [office]="${officeServName}" [paheko]="${pahekoServName}" [castopod]="${castopodServName}" ) DockerServNames=( [cloud]="${nextcloudServName}" [agora]="${mattermostServName}" [wiki]="${dokuwikiServName}" [wp]="${wordpressServName}" [office]="${officeServName}" [paheko]="${pahekoServName}" [castopod]="${castopodServName}" [spip]="${spipServName}" )
declare -A FilterLsVolume # Pour trouver quel volume appartient à quel container declare -A FilterLsVolume # Pour trouver quel volume appartient à quel container
FilterLsVolume=( [cloud]="cloudMain" [agora]="matterConfig" [wiki]="wikiConf" [wp]="wordpress" [castopod]="castopodMedia" ) FilterLsVolume=( [cloud]="cloudMain" [agora]="matterConfig" [wiki]="wikiConf" [wp]="wordpress" [castopod]="castopodMedia" [spip]="spip")
declare -A composeDirs # Le nom du repertoire compose pour le commun declare -A composeDirs # Le nom du repertoire compose pour le commun
composeDirs=( [cloud]="cloud" [agora]="mattermost" [wiki]="dokuwiki" [office]="collabora" [paheko]="paheko" [castopod]="castopod" ) composeDirs=( [cloud]="cloud" [agora]="mattermost" [wiki]="dokuwiki" [office]="collabora" [paheko]="paheko" [castopod]="castopod" [spip]="spip")
declare -A serviceNames # Le nom du du service dans le dockerfile d'orga declare -A serviceNames # Le nom du du service dans le dockerfile d'orga
serviceNames=( [cloud]="cloud" [agora]="agora" [wiki]="dokuwiki" [wp]="wordpress" [office]="collabora" [castopod]="castopod") serviceNames=( [cloud]="cloud" [agora]="agora" [wiki]="dokuwiki" [wp]="wordpress" [office]="collabora" [castopod]="castopod" [spip]="spip")
declare -A subScripts declare -A subScripts
subScripts=( [cloud]="manageCloud.sh" [agora]="manageAgora.sh" [wiki]="manageWiki.sh" [wp]="manageWp.sh" [castopod]="manageCastopod.sh" ) subScripts=( [cloud]="manageCloud.sh" [agora]="manageAgora.sh" [wiki]="manageWiki.sh" [wp]="manageWp.sh" [castopod]="manageCastopod.sh" )
@@ -93,6 +92,7 @@ CONTAINERS_TYPES
-office Les collabora -office Les collabora
-paheko Le paheko -paheko Le paheko
-castopod Les castopod -castopod Les castopod
-spip Les spip
COMMANDES (on peut en mettre plusieurs dans l'ordre souhaité) COMMANDES (on peut en mettre plusieurs dans l'ordre souhaité)
-I|--install L'initialisation du container -I|--install L'initialisation du container
@@ -322,7 +322,7 @@ _reloadProxy() {
availableProxyComposes=($(getList "${KAZ_CONF_DIR}/container-proxy.list")) availableProxyComposes=($(getList "${KAZ_CONF_DIR}/container-proxy.list"))
for item in "${availableProxyComposes[@]}"; do for item in "${availableProxyComposes[@]}"; do
${SIMU} ${KAZ_COMP_DIR}/${item}/reload.sh [ "${item}" = "proxy" ] && ${SIMU} ${KAZ_COMP_DIR}/${item}/reload.sh
done done
} }
@@ -551,6 +551,8 @@ for ARG in "$@"; do
CONTAINERS_TYPES="${CONTAINERS_TYPES} paheko" ;; CONTAINERS_TYPES="${CONTAINERS_TYPES} paheko" ;;
'-pod'|'--pod'|'-castopod'|'--castopod') '-pod'|'--pod'|'-castopod'|'--castopod')
CONTAINERS_TYPES="${CONTAINERS_TYPES} castopod" ;; CONTAINERS_TYPES="${CONTAINERS_TYPES} castopod" ;;
'-spip')
CONTAINERS_TYPES="${CONTAINERS_TYPES} spip" ;;
'-t' ) '-t' )
COMMANDS="${COMMANDS} RESTART-COMPOSE" ;; COMMANDS="${COMMANDS} RESTART-COMPOSE" ;;
'-r' ) '-r' )

2
bin/gestContainers_v2.sh
View File

@@ -7,7 +7,7 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh . $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars setKazVars
. $DOCKERS_ENV . $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
PRG=$(basename $0) PRG=$(basename $0)

102
bin/gestUsers.sh
View File

@@ -1,14 +1,16 @@
#!/bin/bash #!/bin/bash
# gestion des utilisateurs de kaz ( mail, cloud général, mattermost ) # gestion des utilisateurs de kaz ( mail, cloud général, mattermost )
# Ki : Did
# koi : gestion globale des users Kaz mais aussi les users d'autres domaines hébergés
KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd) KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh . $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars setKazVars
. $DOCKERS_ENV . $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh . $KAZ_BIN_DIR/getPasswords.sh ldapServ nextcloudServ sympaServ paheko
VERSION="5-12-2024" VERSION="18-05-2025"
PRG=$(basename $0) PRG=$(basename $0)
RACINE=$(echo $PRG | awk '{print $1}') RACINE=$(echo $PRG | awk '{print $1}')
IFS=' ' IFS=' '
@@ -22,11 +24,11 @@ URL_PAHEKO="$httpProto://${paheko_API_USER}:${paheko_API_PASSWORD}@kaz-paheko.$(
NL_LIST=infos@listes.kaz.bzh NL_LIST=infos@listes.kaz.bzh
URL_AGORA_API=${URL_AGORA}/api/v4 URL_AGORA_API=${URL_AGORA}/api/v4
EQUIPE=kaz EQUIPE=kaz
LISTMASTER=$(echo ${sympa_LISTMASTERS} | cut -d',' -f1) LISTMASTER=$(echo ${sympaServ_LISTMASTERS} | cut -d',' -f1)
#### Test du serveur sur lequel s' execute le script #### #### Test du serveur sur lequel s' execute le script ####
echo ${site} | grep -i prod2 && { echo "Le script ne fonctionne que sur Prod1 et Dev ";exit;} echo ${site} | grep -E 'prod1|dev' || { echo "Le script ne fonctionne que sur Prod1 et Dev ";exit;}
############################## ##############################
TFILE_EMAILS=$(mktemp /tmp/$RACINE.XXXXXXXXX.TFILE_EMAILS) TFILE_EMAILS=$(mktemp /tmp/$RACINE.XXXXXXXXX.TFILE_EMAILS)
@@ -45,6 +47,8 @@ rm -rf /tmp/*.json
############################################ Fonctions ####################################################### ############################################ Fonctions #######################################################
ExpMail() { ExpMail() {
. $KAZ_KEY_DIR/env-mail
MAIL_DEST=$1 MAIL_DEST=$1
MAIL_SUJET=$2 MAIL_SUJET=$2
MAIL_TEXTE=$3 MAIL_TEXTE=$3
@@ -56,6 +60,7 @@ ExpMail() {
} }
PostMattermost() { PostMattermost() {
. $KAZ_KEY_DIR/env-mattermostAdmin
PostM=$1 PostM=$1
CHANNEL=$2 CHANNEL=$2
TEAMID=$(curl -s -H "Authorization: Bearer ${mattermost_token}" "${URL_AGORA_API}/teams/name/${EQUIPE}" | jq .id | sed -e 's/"//g') TEAMID=$(curl -s -H "Authorization: Bearer ${mattermost_token}" "${URL_AGORA_API}/teams/name/${EQUIPE}" | jq .id | sed -e 's/"//g')
@@ -89,8 +94,8 @@ searchEmail() {
fi fi
done done
ldapsearch -H ldap://${LDAP_IP} \ ldapsearch -H ldap://${LDAP_IP} \
-x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${ldap_LDAP_ADMIN_PASSWORD}" \ -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
-b "${ldap_root}" "(&(objectclass=${SEARCH_OBJECT_CLASS})(cn=*${RMAIL}*))" cn | grep ^cn | sed -e 's/^cn: //' >$TFILE_EMAILS -b "${ldap_root}" "(&(objectclass=${SEARCH_OBJECT_CLASS})(cn=*${RMAIL}*))" cn | grep ^cn | sed -e 's/^cn: //' >$TFILE_EMAILS
COMPTEUR_LIGNE=0 COMPTEUR_LIGNE=0
while read LIGNE while read LIGNE
@@ -134,7 +139,8 @@ searchEmail() {
searchMattermost() { searchMattermost() {
#Ici $1 est une adresse email #Ici $1 est une adresse email
docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings auth login $httpProto://$URL_AGORA --name local-server --username $mattermost_user --password $mattermost_pass >/dev/null 2>&1 . $KAZ_KEY_DIR/env-mattermostAdmin
docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings auth login $httpProto://$URL_AGORA --name local-server --username $mattermost_user --password $mattermost_pass >/dev/null 2>&1
docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings config set ServiceSettings.EnableAPIUserDeletion "true" >/dev/null 2>&1 docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings config set ServiceSettings.EnableAPIUserDeletion "true" >/dev/null 2>&1
#on créé la list des mails dans mattermost #on créé la list des mails dans mattermost
docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings user list --all >${TFILE_MAILS_MATTERMOST} 2>/dev/null docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings user list --all >${TFILE_MAILS_MATTERMOST} 2>/dev/null
@@ -180,12 +186,12 @@ infoEmail() {
printKazMsg " DETAILS DU COMPTE DANS NEXTCLOUD PRINCIPAL" printKazMsg " DETAILS DU COMPTE DANS NEXTCLOUD PRINCIPAL"
echo -e "" echo -e ""
#TEMP_USER_NC=$(mktemp /tmp/$RACINE.XXXXXXXXX.TEMP_USER_NC) #TEMP_USER_NC=$(mktemp /tmp/$RACINE.XXXXXXXXX.TEMP_USER_NC)
#curl -s -o $TEMP_USER_NC -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloud_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=$CHOIX_MAIL #curl -s -o $TEMP_USER_NC -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=$CHOIX_MAIL
#cat $TEMP_USER_NC | grep -i "element" | sed -e s/[\<\>\/]//g | sed -e s/element//g #cat $TEMP_USER_NC | grep -i "element" | sed -e s/[\<\>\/]//g | sed -e s/element//g
echo -ne "${NC}" echo -ne "${NC}"
echo -ne " - Nextcloud enable : " echo -ne " - Nextcloud enable : "
echo -ne "${GREEN}" echo -ne "${GREEN}"
ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i nextcloudEnabled | cut -c 18-30 ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i nextcloudEnabled | cut -c 18-30
echo -ne "${NC}" echo -ne "${NC}"
echo -e "${NC} ------------------------------------------------" echo -e "${NC} ------------------------------------------------"
printKazMsg " DETAILS DU COMPTE DANS LDAP ET PAHEKO" printKazMsg " DETAILS DU COMPTE DANS LDAP ET PAHEKO"
@@ -201,11 +207,11 @@ infoEmail() {
echo -ne "${NC}" echo -ne "${NC}"
echo -n " - Quota Mail (Ldap) : " echo -n " - Quota Mail (Ldap) : "
echo -ne "${GREEN}" echo -ne "${GREEN}"
ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i mailquota | cut -c 11-60 ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i mailquota | cut -c 11-60
echo -ne "${NC}" echo -ne "${NC}"
echo -n " - Quota Nextcloud (Ldap) : " echo -n " - Quota Nextcloud (Ldap) : "
echo -ne "${GREEN}" echo -ne "${GREEN}"
ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i nextcloudquota | cut -c 17-60 ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i nextcloudquota | cut -c 17-60
echo -ne "${NC}" echo -ne "${NC}"
echo -n " - Mail de secours (Paheko ): " echo -n " - Mail de secours (Paheko ): "
echo -ne "${GREEN}" echo -ne "${GREEN}"
@@ -213,11 +219,11 @@ infoEmail() {
echo -ne "${NC}" echo -ne "${NC}"
echo -n " - Mail de secours (Ldap): " echo -n " - Mail de secours (Ldap): "
echo -ne "${GREEN}" echo -ne "${GREEN}"
ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i maildeSecours | sed -e 's/mailDeSecours://' ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i maildeSecours | sed -e 's/mailDeSecours://'
echo -ne "${NC}" echo -ne "${NC}"
echo -n " - Alias (Ldap) : " echo -n " - Alias (Ldap) : "
echo -ne "${GREEN}" echo -ne "${GREEN}"
LDAP_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i alias | cut -c 11-60) LDAP_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i alias | cut -c 11-60)
echo -ne "${NC}" echo -ne "${NC}"
echo -ne "${GREEN}" echo -ne "${GREEN}"
for ldap_alias in ${LDAP_ALIAS} for ldap_alias in ${LDAP_ALIAS}
@@ -237,8 +243,8 @@ infoEmail() {
echo "------------------------------------------------" echo "------------------------------------------------"
echo " Alias : ${CHOIX_MAIL} " echo " Alias : ${CHOIX_MAIL} "
echo "" echo ""
for INFOALIAS in $(ldapsearch -H ldap://${LDAP_IP} -x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ for INFOALIAS in $(ldapsearch -H ldap://${LDAP_IP} -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${ldap_LDAP_ADMIN_PASSWORD}" -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${CHOIX_MAIL}*))" mail \ -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${CHOIX_MAIL}*))" mail \
| grep ^mail: | sed -e 's/^mail://') | grep ^mail: | sed -e 's/^mail://')
do do
echo -ne "=====> ${GREEN} " echo -ne "=====> ${GREEN} "
@@ -305,12 +311,12 @@ searchDestroy() {
fi fi
echo -e "${NC}" echo -e "${NC}"
echo -e "Recherche de ${GREEN} ${REP_SEARCH_DESTROY} ${NC} dans nextcloud" echo -e "Recherche de ${GREEN} ${REP_SEARCH_DESTROY} ${NC} dans nextcloud"
USER_NEXTCLOUD_SUPPR=$(curl -s -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloud_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=${REP_SEARCH_DESTROY} | grep element | sed -s 's/[ \<\>\/]//g' | sed 's/element//g') USER_NEXTCLOUD_SUPPR=$(curl -s -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=${REP_SEARCH_DESTROY} | grep element | sed -s 's/[ \<\>\/]//g' | sed 's/element//g')
if [ ! -z ${USER_NEXTCLOUD_SUPPR} ] if [ ! -z ${USER_NEXTCLOUD_SUPPR} ]
then then
printKazMsg "le user trouvé est : ${USER_NEXTCLOUD_SUPPR}" printKazMsg "le user trouvé est : ${USER_NEXTCLOUD_SUPPR}"
echo -e "${RED} Suppresion de ${USER_NEXTCLOUD_SUPPR}" echo -e "${RED} Suppresion de ${USER_NEXTCLOUD_SUPPR}"
curl -H 'OCS-APIREQUEST: true' -X DELETE $httpProto://admin:$nextcloud_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users/${USER_NEXTCLOUD_SUPPR} >/dev/null 2>&1 curl -H 'OCS-APIREQUEST: true' -X DELETE $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users/${USER_NEXTCLOUD_SUPPR} >/dev/null 2>&1
if [ "$?" -eq "0" ] if [ "$?" -eq "0" ]
then then
printKazMsg "Suppresion ok" printKazMsg "Suppresion ok"
@@ -325,7 +331,7 @@ searchDestroy() {
echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans la liste info de sympa" echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans la liste info de sympa"
echo -e "${NC}" echo -e "${NC}"
echo "" echo ""
docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${REP_SEARCH_DESTROY}" docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${REP_SEARCH_DESTROY}"
echo -e "${NC}" echo -e "${NC}"
echo "" echo ""
echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans le serveur de mail" echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans le serveur de mail"
@@ -342,7 +348,7 @@ searchDestroy() {
echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans le ldap" echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans le ldap"
echo -e "${NC}" echo -e "${NC}"
echo "" echo ""
ldapdelete -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" "cn=${REP_SEARCH_DESTROY},ou=users,${ldap_root}" ldapdelete -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" "cn=${REP_SEARCH_DESTROY},ou=users,${ldap_root}"
if [ "$?" -eq "0" ] if [ "$?" -eq "0" ]
then then
printKazMsg "Suppresion ok" printKazMsg "Suppresion ok"
@@ -375,8 +381,8 @@ gestPassword() {
# MAIL_SECOURS=$(jq .results[].email_secours $FICMAILSECOURS | sed -e 's/\"//g') # MAIL_SECOURS=$(jq .results[].email_secours $FICMAILSECOURS | sed -e 's/\"//g')
MAIL_SECOURS=$(ldapsearch -H ldap://${LDAP_IP} \ MAIL_SECOURS=$(ldapsearch -H ldap://${LDAP_IP} \
-x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${ldap_LDAP_ADMIN_PASSWORD}" \ -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
-b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=*${CHOIX_MAIL}*))" | grep ^mailDeSecours | sed -e 's/^mailDeSecours: //') -b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=*${CHOIX_MAIL}*))" | grep ^mailDeSecours | sed -e 's/^mailDeSecours: //')
if [ "$MAIL_SECOURS" = "" ] if [ "$MAIL_SECOURS" = "" ]
then then
@@ -403,19 +409,19 @@ gestPassword() {
fi fi
if [ "$SEARCH_RESET_INPUT" = "o" ] || [ "$SEARCH_RESET_INPUT" = "O" ] if [ "$SEARCH_RESET_INPUT" = "o" ] || [ "$SEARCH_RESET_INPUT" = "O" ]
then then
USER_NEXTCLOUD_MODIF=$(curl -s -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloud_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=${COMPTE_A_MODIFIER} | grep element | sed -e 's/[ \<\>\/]//g' -e 's/element//g') USER_NEXTCLOUD_MODIF=$(curl -s -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=${COMPTE_A_MODIFIER} | grep element | sed -e 's/[ \<\>\/]//g' -e 's/element//g')
echo -e "$GREEN Compte à modifier = $RED ${COMPTE_A_MODIFIER} ${NC}" echo -e "$GREEN Compte à modifier = $RED ${COMPTE_A_MODIFIER} ${NC}"
echo -e "$GREEN Mail de secours = $RED ${MAIL_SECOURS} ${NC}" echo -e "$GREEN Mail de secours = $RED ${MAIL_SECOURS} ${NC}"
echo -e "$GREEN Compte $RED $(searchMattermost $COMPTE_A_MODIFIER) ${NC}" echo -e "$GREEN Compte $RED $(searchMattermost $COMPTE_A_MODIFIER) ${NC}"
echo -e "$GREEN Compte Nextcloud $RED ${USER_NEXTCLOUD_MODIF} ${NC}" echo -e "$GREEN Compte Nextcloud $RED ${USER_NEXTCLOUD_MODIF} ${NC}"
echo -e "$GREEN Le mot de passe sera = $RED ${PASSWORD} ${NC}" echo -e "$GREEN Le mot de passe sera = $RED ${PASSWORD} ${NC}"
docker exec -ti mattermostServ bin/mmctl user change-password $(searchMattermost $COMPTE_A_MODIFIER) -p $PASSWORD >/dev/null 2>&1 docker exec -ti mattermostServ bin/mmctl user change-password $(searchMattermost $COMPTE_A_MODIFIER) -p $PASSWORD >/dev/null 2>&1
curl -H 'OCS-APIREQUEST: true' -X PUT $httpProto://admin:$nextcloud_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users/${USER_NEXTCLOUD_MODIF} -d key=password -d value=${PASSWORD} >/dev/null 2>&1 curl -H 'OCS-APIREQUEST: true' -X PUT $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users/${USER_NEXTCLOUD_MODIF} -d key=password -d value=${PASSWORD} >/dev/null 2>&1
pass=$(mkpasswd -m sha512crypt ${PASSWORD}) pass=$(mkpasswd -m sha512crypt ${PASSWORD})
echo -e "\n\ndn: cn=${COMPTE_A_MODIFIER},ou=users,${ldap_root}\n\ echo -e "\n\ndn: cn=${COMPTE_A_MODIFIER},ou=users,${ldap_root}\n\
changeType: modify\n\ changeType: modify\n\
replace: userPassword\n\ replace: userPassword\n\
userPassword: {CRYPT}${pass}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" userPassword: {CRYPT}${pass}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}"
echo -e "Envoi d'un message dans mattermost pour la modification du mot de passe" echo -e "Envoi d'un message dans mattermost pour la modification du mot de passe"
docker exec -ti mattermostServ bin/mmctl post create kaz:Creation-Comptes --message "Le mot de passe du compte ${COMPTE_A_MODIFIER} a été modifié" >/dev/null 2>&1 docker exec -ti mattermostServ bin/mmctl post create kaz:Creation-Comptes --message "Le mot de passe du compte ${COMPTE_A_MODIFIER} a été modifié" >/dev/null 2>&1
if [ $ADRESSE_SEC == "OUI" ] if [ $ADRESSE_SEC == "OUI" ]
@@ -463,8 +469,8 @@ createMail() {
if [[ ${EMAIL_SOUHAITE} =~ ${regexMail} ]] if [[ ${EMAIL_SOUHAITE} =~ ${regexMail} ]]
then then
ldapsearch -H ldap://${LDAP_IP} \ ldapsearch -H ldap://${LDAP_IP} \
-x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${ldap_LDAP_ADMIN_PASSWORD}" \ -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
-b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=${EMAIL_SOUHAITE}))" cn | grep ^cn | sed -e 's/^cn: //' >$TFILE_EMAILS -b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=${EMAIL_SOUHAITE}))" cn | grep ^cn | sed -e 's/^cn: //' >$TFILE_EMAILS
if grep -q "^${EMAIL_SOUHAITE}$" "${TFILE_EMAILS}" if grep -q "^${EMAIL_SOUHAITE}$" "${TFILE_EMAILS}"
then then
@@ -562,7 +568,7 @@ nextcloudEnabled: ${TRUE_KAZ}\n\
nextcloudQuota: ${QUOTA} GB\n\ nextcloudQuota: ${QUOTA} GB\n\
mobilizonEnabled: ${TRUE_KAZ}\n\ mobilizonEnabled: ${TRUE_KAZ}\n\
agoraEnabled: ${TRUE_KAZ}\n\ agoraEnabled: ${TRUE_KAZ}\n\
userPassword: {CRYPT}${LDAPPASS}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldap_LDAP_ADMIN_PASSWORD}" >${TFILE_CREATE_MAIL} userPassword: {CRYPT}${LDAPPASS}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}" >${TFILE_CREATE_MAIL}
# on execute le fichier avec les données ldap pour créer l' entrée dans l' annuaire # on execute le fichier avec les données ldap pour créer l' entrée dans l' annuaire
bash ${TFILE_CREATE_MAIL} >/dev/null bash ${TFILE_CREATE_MAIL} >/dev/null
# on colle le compte et le mot de passe dans le fichier # on colle le compte et le mot de passe dans le fichier
@@ -608,12 +614,12 @@ createAlias() {
if [[ ${AMAIL} =~ ${regexMail} ]] if [[ ${AMAIL} =~ ${regexMail} ]]
then then
RESU_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} \ RESU_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} \
-x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${ldap_LDAP_ADMIN_PASSWORD}" \ -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
-b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${AMAIL}*))" | grep ^cn | sed -e 's/^cn: //') -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${AMAIL}*))" | grep ^cn | sed -e 's/^cn: //')
RESU_ALIAS_IS_MAIL=$(ldapsearch -H ldap://${LDAP_IP} \ RESU_ALIAS_IS_MAIL=$(ldapsearch -H ldap://${LDAP_IP} \
-x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${ldap_LDAP_ADMIN_PASSWORD}" \ -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
-b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=*${AMAIL}*))" cn | grep ^cn | sed -e 's/^cn: //') -b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=*${AMAIL}*))" cn | grep ^cn | sed -e 's/^cn: //')
if echo ${RESU_ALIAS} | grep -q "^${AMAIL}$" || echo ${RESU_ALIAS_IS_MAIL} | grep -q "^${AMAIL}$" if echo ${RESU_ALIAS} | grep -q "^${AMAIL}$" || echo ${RESU_ALIAS_IS_MAIL} | grep -q "^${AMAIL}$"
@@ -688,7 +694,7 @@ changeType: add\n\
objectClass: organizationalRole\n\ objectClass: organizationalRole\n\
objectClass: PostfixBookMailForward\n\ objectClass: PostfixBookMailForward\n\
mailAlias: ${AMAIL}\n\ mailAlias: ${AMAIL}\n\
${LDAPALAISMAIL}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldap_LDAP_ADMIN_PASSWORD} ${LDAPALAISMAIL}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}
fait=1 fait=1
printKazMsg "Création de ${AMAIL}" printKazMsg "Création de ${AMAIL}"
sleep 3 sleep 3
@@ -720,8 +726,8 @@ delAlias() {
if [[ ${RALIAS} =~ ${regexMail} ]] if [[ ${RALIAS} =~ ${regexMail} ]]
then then
RESU_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} \ RESU_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} \
-x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${ldap_LDAP_ADMIN_PASSWORD}" \ -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
-b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=${RALIAS}))" cn | grep ^cn | sed -e 's/^cn: //') -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=${RALIAS}))" cn | grep ^cn | sed -e 's/^cn: //')
if [ ! -z ${RESU_ALIAS} ] if [ ! -z ${RESU_ALIAS} ]
then then
@@ -731,7 +737,7 @@ delAlias() {
read -p "suppression de ${RESU_ALIAS} ? (o/n): " REPDELALIAS read -p "suppression de ${RESU_ALIAS} ? (o/n): " REPDELALIAS
case "${REPDELALIAS}" in case "${REPDELALIAS}" in
o | O ) o | O )
ldapdelete -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" "cn=${RESU_ALIAS},ou=mailForwardings,${ldap_root}" ldapdelete -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" "cn=${RESU_ALIAS},ou=mailForwardings,${ldap_root}"
printKazMsg "suppression ${RESU_ALIAS} effectuée" printKazMsg "suppression ${RESU_ALIAS} effectuée"
sleep 2 sleep 2
faitdel=1 faitdel=1
@@ -767,8 +773,8 @@ modifyAlias()
ACHANGE=0 ACHANGE=0
searchEmail alias searchEmail alias
LISTE_MAIL_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} \ LISTE_MAIL_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} \
-x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${ldap_LDAP_ADMIN_PASSWORD}" \ -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
-b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${CHOIX_MAIL}*))" \ -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${CHOIX_MAIL}*))" \
| grep -i ^mail: | sed -e 's/^mail: /_/' | tr -d [:space:] | sed -s 's/_/ /g') | grep -i ^mail: | sed -e 's/^mail: /_/' | tr -d [:space:] | sed -s 's/_/ /g')
echo "-------------------------------------------------------------------" echo "-------------------------------------------------------------------"
@@ -843,8 +849,8 @@ modifyAlias()
echo "mail: ${key}" >>${FIC_MODIF_LDIF} echo "mail: ${key}" >>${FIC_MODIF_LDIF}
done done
echo "-" >>${FIC_MODIF_LDIF} echo "-" >>${FIC_MODIF_LDIF}
ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-x -w ${ldap_LDAP_ADMIN_PASSWORD} \ -x -w ${ldapServ_LDAP_ADMIN_PASSWORD} \
-f ${FIC_MODIF_LDIF} >/dev/null -f ${FIC_MODIF_LDIF} >/dev/null
else else
printKazMsg "Pas de changement" printKazMsg "Pas de changement"
@@ -870,8 +876,8 @@ updateUser() {
for attribut in mailDeSecours mailAlias mailQuota nextcloudQuota for attribut in mailDeSecours mailAlias mailQuota nextcloudQuota
do do
ATTRIB+=([${attribut}]=$(ldapsearch -H ldap://${LDAP_IP} \ ATTRIB+=([${attribut}]=$(ldapsearch -H ldap://${LDAP_IP} \
-x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${ldap_LDAP_ADMIN_PASSWORD}" \ -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
-b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=*${CHOIX_MAIL}*))" \ -b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=*${CHOIX_MAIL}*))" \
| grep ^"${attribut}": | sed -e 's/^'${attribut}': //' | tr -s '[:space:]' ' ' )) | grep ^"${attribut}": | sed -e 's/^'${attribut}': //' | tr -s '[:space:]' ' ' ))
# si l' attribut est mailDesecours on l' attrape et on on le stocke pour pouvoir l' enlever de sympa # si l' attribut est mailDesecours on l' attrape et on on le stocke pour pouvoir l' enlever de sympa
@@ -968,9 +974,9 @@ updateUser() {
MAILALIAS_CHANGE=0 MAILALIAS_CHANGE=0
for VALMAIL in ${CONTENU_ATTRIBUT} for VALMAIL in ${CONTENU_ATTRIBUT}
do do
read -p " - On garde ${VALMAIL} (o/n) ? [o] : " READVALMAIL read -p " - On garde ${VALMAIL} (o/n) [o] ? : " READVALMAIL
case ${READVALMAIL} in case ${READVALMAIL} in
* | "" | o | O ) "" | o | O )
NEW_CONTENU_ATTRIBUT="${NEW_CONTENU_ATTRIBUT} ${VALMAIL}" NEW_CONTENU_ATTRIBUT="${NEW_CONTENU_ATTRIBUT} ${VALMAIL}"
;; ;;
n | N ) n | N )
@@ -1007,7 +1013,7 @@ updateUser() {
done done
;; ;;
"" | n | N ) "" | n | N )
#CHANGED+=([mailAlias]="${NEW_CONTENU_ATTRIBUT}") CHANGED+=([mailAlias]="${NEW_CONTENU_ATTRIBUT}")
;; ;;
* ) * )
printKazMsg "Erreur" printKazMsg "Erreur"
@@ -1054,15 +1060,15 @@ updateUser() {
done done
cat ${FIC_MODIF_LDIF} cat ${FIC_MODIF_LDIF}
sleep 3 sleep 3
ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-x -w ${ldap_LDAP_ADMIN_PASSWORD} \ -x -w ${ldapServ_LDAP_ADMIN_PASSWORD} \
-f ${FIC_MODIF_LDIF} -f ${FIC_MODIF_LDIF}
if [ ! -z ${MAILDESECOURS} ] if [ ! -z ${MAILDESECOURS} ]
then then
# suppression du mail de secours de la liste infos # suppression du mail de secours de la liste infos
docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${MAILDESECOURSACTUEL}" docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${MAILDESECOURSACTUEL}"
# ajout de l' adresse de la nouvelle adresse de secours # ajout de l' adresse de la nouvelle adresse de secours
docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=add --service_parameters="${NL_LIST},${MAILDESECOURS}" docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=add --service_parameters="${NL_LIST},${MAILDESECOURS}"
fi fi
updateUser updateUser
fi fi

94
bin/getPasswords.sh Executable file
View File

@@ -0,0 +1,94 @@
#!/bin/bash
#Ki: Gael
#Kan: 2025
#Koi: gestion mots de passe
KAZ_ROOT=/kaz
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
QUIET=1
usage() {
echo "getPasswords.sh [OPTIONS] [envname ...]
Récupère les variables d'environnement présentes dans /kaz/secret/env-envname et crée des variables à partir de ces noms là.
Les variables sont du type envname_NOMVARIABLE=valeur
On peut passer plusieurs fichiers env, à partir du moment ou ils sont tous dans le même répertoire !
OPTIONS
-h|--help Cette aide :-)
-n|--simu SIMULATION
-d foldername prend les envfiles dans un sous dossier /kaz/secret/foldername/ (pour les orgas !)
Les variables seront du type foldername-envname_NOMVARIABLE=valeur
-e varname Affiche le contenu d'une variable en particulier
"
}
if [ ! -d "${KAZ_KEY_DIR}/tmp" ]; then
mkdir "${KAZ_KEY_DIR}/tmp"
fi
for ARG in "$@"; do
if [ -n "${DIRECTORYARG}" ]; then # après un -d
SUBDIRECTORY="${ARG}"
unset DIRECTORYARG
elif [ -n "${ECHOVARARG}" ]; then # après un -e
VARTOECHO="${ARG}"
unset ECHOVARARG
QUIET="/dev/null" # pour ne pas avoir d'autres bruits ...
else
case "${ARG}" in
'-d' | '--directory' | '-f' | '--folder' | '--foldername')
DIRECTORYARG="ON ATTEND UN REPERTOIRE APRES CA" ;;
'-h' | '--help' )
usage && exit ;;
'-n' | '--simu')
SIMU="echo" ;;
'-e' | '--echo')
ECHOVARARG="ON ATTEND UNE UN NOM DE VARIABLE APRES CA" ;;
'-q' )
QUIET="/dev/null" ;;
*)
ENVFILES="${ENVFILES} ${ARG%}";;
esac
fi
done
getVars () {
# $1 : filename
grep "^[^#]*=" $1 | sed 's/\([^=]*\).*/\1/' | sort -u
}
NB_FILES=$(echo "${ENVFILES}" | wc -w )
if [[ $NB_FILES = 0 ]]; then
usage
exit 1
fi
for ENVFILE in $ENVFILES; do
FILENAME="$KAZ_KEY_DIR/env-$ENVFILE"
VARSUFFIX="$ENVFILE"_
if [ -n "${SUBDIRECTORY}" ]; then
FILENAME="$KAZ_KEY_DIR/orgas/$SUBDIRECTORY/env-$ENVFILE"
VARSUFFIX="${SUBDIRECTORY}-${ENVFILE}_"
fi
if ! [ -f "$FILENAME" ]; then
echo "$FILENAME does not exist." >& $QUIET
continue
fi
. $FILENAME # on récupère les variables
vars=$(getVars $FILENAME)
for var in $vars; do
$SIMU declare $VARSUFFIX$var=${!var}
unset $var
done
unset FILENAME VARSUFFIX vars
done
if [ -n "$VARTOECHO" ]; then
echo ${!VARTOECHO}
fi
unset ENVFILES KAZ_ROOT SUBDIRECTORY SIMU QUIET NB_FILES VARTOECHO

18
bin/getX509Certificates.sh Executable file
View File

@@ -0,0 +1,18 @@
#/bin/bash
#koi: récupération des certifs traefik vers x509 pour mail et listes
#ki: fanch
#kan: 18/04/2025
KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars
. "${DOCKERS_ENV}"
certificates="mail listes"
for i in ${certificates}; do
jq -r ".letsencrypt.Certificates[] | select(.domain.main==\"${i}.${domain}\") | .certificate" /var/lib/docker/volumes/traefik_letsencrypt/_data/acme.json | base64 -d > /etc/ssl/certs/${i}.pem
jq -r ".letsencrypt.Certificates[] | select(.domain.main==\"${i}.${domain}\") | .key" /var/lib/docker/volumes/traefik_letsencrypt/_data/acme.json | base64 -d > /etc/ssl/private/${i}.key
chmod 600 /etc/ssl/private/${i}.key
done

3
bin/init.sh
View File

@@ -214,7 +214,6 @@ fi
if [ ! -d "${KAZ_ROOT}/secret" ]; then if [ ! -d "${KAZ_ROOT}/secret" ]; then
rsync -a "${KAZ_ROOT}/secret.tmpl/" "${KAZ_ROOT}/secret/" rsync -a "${KAZ_ROOT}/secret.tmpl/" "${KAZ_ROOT}/secret/"
. "${KAZ_ROOT}/secret/SetAllPass.sh"
"${KAZ_BIN_DIR}/secretGen.sh" "${KAZ_BIN_DIR}/secretGen.sh"
"${KAZ_BIN_DIR}/updateDockerPassword.sh" "${KAZ_BIN_DIR}/createDBUsers.sh"
fi fi

7
bin/install.sh
View File

@@ -1,4 +1,4 @@
#!/bin/bash g#!/bin/bash
set -e set -e
# on pourra inclure le fichier dockers.env pour # on pourra inclure le fichier dockers.env pour
@@ -120,6 +120,11 @@ export DebugLog="${KAZ_ROOT}/log/log-install-$(date +%y-%m-%d-%T)-"
# "${KAZ_ROOT}/bin/container.sh" stop ${DOCKERS_LIST[*]} # "${KAZ_ROOT}/bin/container.sh" stop ${DOCKERS_LIST[*]}
"${KAZ_ROOT}/bin/container.sh" start ${DOCKERS_LIST[*]} "${KAZ_ROOT}/bin/container.sh" start ${DOCKERS_LIST[*]}
if [[ " ${DOCKERS_LIST[*]} " =~ " traefik " ]]; then
# on initialise traefik :-(
${KAZ_COMP_DIR}/traefik/first.sh
fi
if [[ " ${DOCKERS_LIST[*]} " =~ " etherpad " ]]; then if [[ " ${DOCKERS_LIST[*]} " =~ " etherpad " ]]; then
# pb avec la lanteur de démarrage du pad :-( # pb avec la lanteur de démarrage du pad :-(
sleep 5 sleep 5

17
bin/interoPaheko.sh
View File

@@ -1,11 +1,13 @@
#!/bin/bash #!/bin/bash
KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd) KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh . $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars setKazVars
. $DOCKERS_ENV . $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
. $KAZ_BIN_DIR/getPasswords.sh paheko
URL_PAHEKO="$httpProto://${paheko_API_USER}:${paheko_API_PASSWORD}@kaz-paheko.$(echo $domain)" URL_PAHEKO="$httpProto://${paheko_API_USER}:${paheko_API_PASSWORD}@kaz-paheko.$(echo $domain)"
@@ -76,6 +78,10 @@ Int_paheko_Action() {
do do
eval $VAL_GAR=$(jq .$VAL_GAR ${TFILE_INT_PAHEKO_IDFILE}) eval $VAL_GAR=$(jq .$VAL_GAR ${TFILE_INT_PAHEKO_IDFILE})
done done
################################
# test du mail valide en $domain
echo ${email} | grep -i "${domain}" || { echo "le mail ${email} n'est pas en ${domain}"; exit ;}
################################
#comme tout va bien on continue #comme tout va bien on continue
#on compte le nom de champs dans la zone nom pour gérer les noms et prénoms composés #on compte le nom de champs dans la zone nom pour gérer les noms et prénoms composés
# si il y a 3 champs, on associe les 2 premieres valeurs avec un - et on laisse le 3ème identique # si il y a 3 champs, on associe les 2 premieres valeurs avec un - et on laisse le 3ème identique
@@ -145,6 +151,9 @@ Int_paheko_Action() {
nc_base="N" nc_base="N"
admin_orga="O" admin_orga="O"
fi fi
#On met le mail et le mail de secours en minuscules
email=$(echo $email | tr [:upper:] [:lower:])
email_secours=$(echo $email_secours | tr [:upper:] [:lower:])
# Pour le reste on renomme les null en N ( non ) et les valeurs 1 en O ( Oui) # Pour le reste on renomme les null en N ( non ) et les valeurs 1 en O ( Oui)
cloud=$(echo $cloud | sed -e 's/0/N/g' | sed -e 's/1/O/g') cloud=$(echo $cloud | sed -e 's/0/N/g' | sed -e 's/1/O/g')
paheko=$(echo $garradin | sed -e 's/0/N/g' | sed -e 's/1/O/g') paheko=$(echo $garradin | sed -e 's/0/N/g' | sed -e 's/1/O/g')
@@ -155,11 +164,11 @@ Int_paheko_Action() {
echo "$nom_ok;$prenom_ok;$email;$email_secours;$nom_orga;$admin_orga;$cloud;$paheko;$wordpress;$agora;$docuwiki;$nc_base;$groupe_nc_base;$equipe_agora;$quota_disque">>${FILE_CREATEUSER} echo "$nom_ok;$prenom_ok;$email;$email_secours;$nom_orga;$admin_orga;$cloud;$paheko;$wordpress;$agora;$docuwiki;$nc_base;$groupe_nc_base;$equipe_agora;$quota_disque">>${FILE_CREATEUSER}
done done
else else
echo "Rien à créer" [ "$OPTION" = "silence" ] || echo "Rien à créer"
exit 2 exit 2
fi fi
} }
#Int_paheko_Action "A créer" "silence" # Main
Int_paheko_Action "A créer" Int_paheko_Action "A créer" "silence"
exit 0 exit 0

10
bin/kazDockerNet.sh
View File

@@ -1,5 +1,11 @@
#!/bin/bash #!/bin/bash
#Ki: François
#Kan: 2021
#Koi: gestion des réseaux docker
#15/01/2025: Dernière modif by fab: connecter le réseau de l'orga nouvellement créé au ocntainter Traefik
# faire un completion avec les composant dispo # faire un completion avec les composant dispo
PRG=$(basename $0) PRG=$(basename $0)
@@ -85,6 +91,10 @@ getNet() {
# the winner is... # the winner is...
echo "${netName} => ${subnet}/28" echo "${netName} => ${subnet}/28"
${SIMU} docker network create --subnet "${subnet}/28" "${netName}" ${SIMU} docker network create --subnet "${subnet}/28" "${netName}"
#maj du 15/01 by fab (pour éviter de restart le traefik)
${SIMU} docker network connect "${netName}" traefikServ
find="ok" find="ok"
done done
minD=0 minD=0

1
bin/ldap/ldap_sauve.sh
View File

@@ -7,6 +7,5 @@ setKazVars
FILE_LDIF=/home/sauve/ldap.ldif FILE_LDIF=/home/sauve/ldap.ldif
. $DOCKERS_ENV . $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
docker exec -u 0 -i ${ldapServName} slapcat -F /opt/bitnami/openldap/etc/slapd.d -b ${ldap_root} | gzip >${FILE_LDIF}.gz docker exec -u 0 -i ${ldapServName} slapcat -F /opt/bitnami/openldap/etc/slapd.d -b ${ldap_root} | gzip >${FILE_LDIF}.gz

4
bin/ldap/ldapvi.sh
View File

@@ -5,7 +5,7 @@ KAZ_ROOT=/kaz
setKazVars setKazVars
. $DOCKERS_ENV . $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh . $KAZ_BIN_DIR/getPasswords.sh ldapServ
LDAP_IP=$(docker inspect -f '{{.NetworkSettings.Networks.ldapNet.IPAddress}}' ldapServ) LDAP_IP=$(docker inspect -f '{{.NetworkSettings.Networks.ldapNet.IPAddress}}' ldapServ)
@@ -20,4 +20,4 @@ EDITOR=${EDITOR:-vi}
EDITOR=${EDITOR:-vi} EDITOR=${EDITOR:-vi}
export EDITOR=${EDITOR} export EDITOR=${EDITOR}
ldapvi -h $LDAP_IP -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -w ${ldap_LDAP_ADMIN_PASSWORD} --discover ldapvi -h $LDAP_IP -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -w ${ldapServ_LDAP_ADMIN_PASSWORD} --discover

10
bin/ldap/migrate_to_ldap.sh
View File

@@ -8,7 +8,7 @@ KAZ_ROOT=/kaz
setKazVars setKazVars
. $DOCKERS_ENV . $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh . $KAZ_BIN_DIR/getPasswords.sh ldapServ paheko
ACCOUNTS=/kaz/dockers/postfix/config/postfix-accounts.cf ACCOUNTS=/kaz/dockers/postfix/config/postfix-accounts.cf
@@ -126,7 +126,7 @@ replace: agoraEnabled\n\
agoraEnabled: TRUE\n\ agoraEnabled: TRUE\n\
-\n\ -\n\
replace: mobilizonEnabled\n\ replace: mobilizonEnabled\n\
mobilizonEnabled: TRUE\n\n" | tee /tmp/ldap/${mail}.ldif | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldap_LDAP_ADMIN_PASSWORD} mobilizonEnabled: TRUE\n\n" | tee /tmp/ldap/${mail}.ldif | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}
done done
#replace: nextcloudEnabled\n\ #replace: nextcloudEnabled\n\
@@ -164,7 +164,7 @@ do
echo -e "dn: cn=${mail},ou=users,${ldap_root}\n\ echo -e "dn: cn=${mail},ou=users,${ldap_root}\n\
changeType: modify changeType: modify
replace: mailAlias\n\ replace: mailAlias\n\
$LIST\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldap_LDAP_ADMIN_PASSWORD} $LIST\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}
else else
echo "Alias vers un mail externe, go fichier" echo "Alias vers un mail externe, go fichier"
echo $line >> ${ALIASES_WITHLDAP} echo $line >> ${ALIASES_WITHLDAP}
@@ -185,7 +185,7 @@ replace: mailAlias\n\
mailAlias: ${src}\n\ mailAlias: ${src}\n\
-\n\ -\n\
replace: mail\n\ replace: mail\n\
mail: ${dst}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldap_LDAP_ADMIN_PASSWORD} mail: ${dst}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}
fi fi
else else
echo "Forward vers plusieurs adresses, on met dans le fichier" echo "Forward vers plusieurs adresses, on met dans le fichier"
@@ -215,7 +215,7 @@ replace: mailAlias\n\
mailAlias: ${src}\n\ mailAlias: ${src}\n\
-\n\ -\n\
replace: mail\n\ replace: mail\n\
${LIST}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldap_LDAP_ADMIN_PASSWORD} ${LIST}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}
fi fi
done done

6
bin/ldap/tests/nc_orphans.sh
View File

@@ -5,16 +5,16 @@ KAZ_ROOT=/kaz
setKazVars setKazVars
. $DOCKERS_ENV . $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh . $KAZ_BIN_DIR/getPasswords.sh ldapServ nextcloudDB
LDAP_IP=$(docker inspect -f '{{.NetworkSettings.Networks.ldapNet.IPAddress}}' ldapServ) LDAP_IP=$(docker inspect -f '{{.NetworkSettings.Networks.ldapNet.IPAddress}}' ldapServ)
docker exec -i nextcloudDB mysql --user=${nextcloud_MYSQL_USER} --password=${nextcloud_MYSQL_PASSWORD} ${nextcloud_MYSQL_DATABASE} <<< "select uid from oc_users;" > /tmp/nc_users.txt docker exec -i nextcloudDB mysql --user=${nextcloudDB_MYSQL_USER} --password=${nextcloudDB_MYSQL_PASSWORD} ${nextcloudDB_MYSQL_DATABASE} <<< "select uid from oc_users;" > /tmp/nc_users.txt
OLDIFS=${IFS} OLDIFS=${IFS}
IFS=$'\n' IFS=$'\n'
for line in `cat /tmp/nc_users.txt`; do for line in `cat /tmp/nc_users.txt`; do
result=$(ldapsearch -h $LDAP_IP -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -w ${ldap_LDAP_ADMIN_PASSWORD} -b $ldap_root -x "(identifiantKaz=${line})" | grep numEntries) result=$(ldapsearch -h $LDAP_IP -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -w ${ldapServ_LDAP_ADMIN_PASSWORD} -b $ldap_root -x "(identifiantKaz=${line})" | grep numEntries)
echo "${line} ${result}" | grep -v "numEntries: 1" | grep -v "^uid" echo "${line} ${result}" | grep -v "numEntries: 1" | grep -v "^uid"
done done
IFS=${OLDIFS} IFS=${OLDIFS}

72
bin/look/feminin/logo.svg Normal file
View File

@@ -0,0 +1,72 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<svg
version="1.0"
width="640.000000pt"
height="1280.000000pt"
viewBox="0 0 640.000000 1280.000000"
preserveAspectRatio="xMidYMid meet"
id="svg18"
sodipodi:docname="logo.svg"
xml:space="preserve"
inkscape:version="1.2.2 (b0a8486541, 2022-12-01)"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns="http://www.w3.org/2000/svg"
xmlns:svg="http://www.w3.org/2000/svg"><defs
id="defs22" /><sodipodi:namedview
id="namedview20"
pagecolor="#ffffff"
bordercolor="#666666"
borderopacity="1.0"
inkscape:showpageshadow="2"
inkscape:pageopacity="0.0"
inkscape:pagecheckerboard="0"
inkscape:deskcolor="#d1d1d1"
inkscape:document-units="pt"
showgrid="false"
inkscape:zoom="0.36440298"
inkscape:cx="428.09749"
inkscape:cy="753.28693"
inkscape:window-width="1920"
inkscape:window-height="1032"
inkscape:window-x="0"
inkscape:window-y="0"
inkscape:window-maximized="1"
inkscape:current-layer="svg18" /><g
transform="translate(0.000000,1280.000000) scale(0.100000,-0.100000)"
fill="#000000"
stroke="none"
id="g16"><path
d="M1450 12780 c-28 -28 -38 -56 -65 -190 -70 -337 -103 -1013 -111 -2260 l-6 -785 69 -32 c218 -103 428 -212 520 -270 133 -84 182 -103 396 -159 350 -91 440 -127 536 -211 65 -57 94 -102 118 -184 l19 -64 274 0 274 0 17 60 c31 102 63 147 162 221 77 57 183 96 406 150 386 92 459 117 766 259 262 121 388 175 408 175 23 0 24 44 15 915 -13 1328 -47 1950 -124 2250 -35 134 -58 158 -129 130 -78 -29 -169 -147 -453 -587 -216 -333 -330 -485 -385 -512 -32 -15 -76 -19 -265 -27 -269 -10 -1017 -10 -1288 0 -176 6 -194 8 -240 32 -64 33 -95 73 -419 559 -272 408 -340 497 -406 530 -48 25 -64 25 -89 0z m197 -402 c50 -55 184 -325 220 -445 22 -76 23 -250 0 -309 -41 -108 -100 -164 -173 -164 -50 0 -67 17 -88 90 -24 80 -72 370 -92 549 -20 188 -16 257 16 283 32 26 91 24 117 -4z m3353 12 c29 -16 43 -84 36 -170 -20 -223 -80 -593 -112 -693 -18 -54 -36 -67 -93 -67 -53 0 -110 49 -148 128 -22 47 -28 75 -31 154 -7 150 13 217 125 437 52 102 102 194 110 204 18 19 83 23 113 7z m-2675 -1975 c22 -4 67 -21 99 -38 95 -51 142 -134 117 -209 -14 -41 -72 -103 -120 -127 -46 -23 -139 -47 -148 -38 -3 4 5 20 20 35 37 39 59 98 59 162 1 82 -17 134 -62 182 -45 46 -47 51 -22 45 9 -3 35 -8 57 -12z m-199 -36 c-48 -56 -59 -97 -54 -188 5 -78 19 -118 58 -159 12 -13 20 -25 18 -28 -7 -6 -108 26 -137 44 -75 46 -111 99 -111 162 0 49 17 84 63 128 36 35 136 81 175 82 23 0 22 -2 -12 -41z m1984 37 c0 -3 -13 -19 -30 -37 -79 -87 -79 -255 1 -340 16 -18 28 -33 26 -36 -2 -2 -34 6 -72 18 -79 24 -157 89 -176 146 -30 92 44 191 179 239 37 13 72 18 72 10z m223 -16 c60 -23 130 -78 152 -121 19 -36 19 -102 1 -138 -17 -32 -73 -84 -114 -105 -59 -30 -193 -45 -140 -15 10 5 29 30 44 54 54 94 39 240 -33 310 l-36 35 36 0 c20 0 60 -9 90 -20z m-1089 -306 c9 -3 59 -69 113 -146 53 -77 106 -146 118 -154 11 -7 39 -16 60 -19 52 -6 75 -34 75 -92 0 -67 -31 -93 -111 -93 -36 0 -75 7 -96 17 -34 16 -117 106 -170 186 -14 20 -29 37 -33 37 -4 0 -19 -17 -32 -37 -44 -66 -118 -147 -160 -175 -34 -23 -52 -28 -105 -28 -55 0 -68 4 -88 25 -20 19 -25 34 -25 73 0 60 17 78 84 91 57 10 72 26 186 193 44 64 85 119 92 121 19 8 74 8 92 1z"
id="path2" /><path
d="M1130 9411 c-340 -102 -544 -266 -581 -467 -34 -181 103 -365 345 -466 158 -65 303 -89 656 -108 569 -31 954 -31 1065 1 190 54 276 205 195 345 -73 128 -194 193 -509 274 -286 74 -348 98 -515 199 -188 114 -457 243 -515 248 -30 2 -79 -7 -141 -26z"
id="path4" /><path
d="M5105 9354 c-550 -254 -547 -253 -925 -345 -236 -57 -301 -77 -377 -114 -204 -100 -290 -244 -223 -374 39 -78 115 -129 232 -156 99 -23 629 -25 838 -4 52 5 187 14 300 19 292 14 442 43 596 116 222 105 340 285 304 461 -32 154 -131 268 -311 356 -111 54 -240 97 -290 97 -13 -1 -78 -26 -144 -56z"
id="path6" /><path
d="M1200 6430 l0 -1120 165 0 165 0 2 496 3 496 206 -494 207 -493 181 -3 181 -2 -6 27 c-4 16 -12 39 -20 53 -7 14 -116 264 -243 555 l-231 530 216 510 c118 281 220 518 225 527 19 37 13 38 -177 36 l-186 -3 -177 -463 -176 -462 -3 465 -2 465 -165 0 -165 0 0 -1120z"
id="path8" /><path
d="M3005 7528 c-3 -13 -97 -504 -210 -1093 -113 -588 -208 -1082 -211 -1097 l-6 -28 161 0 c89 0 161 3 162 8 0 4 15 97 32 207 l32 200 212 3 213 2 5 -22 c3 -13 16 -95 30 -183 14 -88 28 -172 31 -187 l6 -28 160 0 160 0 -5 23 c-3 12 -99 508 -212 1102 -113 594 -208 1088 -211 1098 -5 15 -22 17 -174 17 -168 0 -170 0 -175 -22z m258 -1010 c43 -266 78 -486 77 -490 0 -5 -75 -8 -166 -8 l-166 0 5 26 c2 14 38 234 78 490 42 263 78 464 84 464 6 0 44 -209 88 -482z"
id="path10" /><path
d="M4150 7399 l0 -150 290 3 c286 3 290 3 284 -17 -4 -11 -144 -402 -312 -870 l-305 -850 -5 -102 -4 -103 516 0 516 0 0 151 0 150 -315 -3 c-173 -2 -315 -2 -315 -1 0 1 120 334 266 740 380 1054 364 1004 364 1113 l0 90 -490 0 -490 0 0 -151z"
id="path12" /><path
d="M1251 4291 c-15 -4 -27 -17 -31 -31 -12 -46 -20 -984 -10 -1269 30 -885 107 -1328 426 -2460 109 -387 161 -468 329 -516 169 -50 310 55 370 275 26 92 31 634 14 1355 -7 308 -13 585 -14 615 l0 55 256 3 257 2 6 -142 c35 -740 202 -1240 531 -1587 69 -73 201 -179 262 -210 100 -50 231 -33 303 39 22 22 42 40 44 40 2 0 9 -37 16 -82 20 -144 63 -245 129 -306 111 -103 309 -85 415 39 68 80 92 145 196 525 282 1027 353 1413 390 2109 16 300 10 1519 -8 1537 -11 11 -373 13 -1935 14 -1057 0 -1933 -2 -1946 -5z m2775 -2093 c-14 -256 -26 -764 -26 -1055 0 -167 -4 -303 -8 -303 -5 0 -17 10 -28 21 -10 12 -47 41 -80 65 -128 92 -247 242 -324 408 -106 228 -160 493 -184 904 l-5 82 330 0 331 0 -6 -122z"
id="path14" /></g><image
width="156.53996"
height="217.31963"
preserveAspectRatio="none"
xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABgAAAAfCAYAAAD9cg1AAAAABHNCSVQICAgIfAhkiAAAAghJREFU
SIm1lrFrFFEQxn+bi/E0EAU7ESxsEgsJFyGNQuwVFEQQrC1S2tjnHxCEWFmlFC3Ezlo8rwmiqJfG
Iu2JqHARzO39LLIJu2/vdt8lOjDcze033/duHjOzUGPiBXFNbIs/xL74XtwQV8SkjmMc8XHxkfhH
tMI3xdak5HPimxrivO+I12PJE/HVBOT73hcvxQjcHZH8TrwjzmaYJXFdHAS4tzECH4Kk5+L0GOwN
cTfAX6kivxiAv4unag70OMhZzz+fCvBLQfwsIflZJQA8DeLLVQKng/hzDTnApyA+VyUwDOITEQIn
g3inSuBjEK9ECFwL4q9jkeJs1jT7FzYUx4qIzayT85f8sPI44pMg4Zt4dQRubkRD/hbP1gmcz4Za
PjEVX4oPxPvZjOqNaMi1SvKcyM2sPJOMitfisSiBTOSW+CuS/MX+GJnI3NsFG44f2V3xnjU7IQm+
l8DiGfFLQH47kpNd9hrM3GcKDLJnKTDs0CmcfpHFNHuWZnkFfMbjNHAwKROSpEULyg3ILMUSL7Aw
1aCR/6kBsM02PXpBBTJv0px0yZR8lVXznKWTHtWS4Ar/u0BhU6WkdOgwTXmBzTNfuIcuXfr0S7iw
/pCrV5W3aRdqvcxyVN6hSzRgEIWLFhAL8bC0m44oUCf4zwVibeT7zijbYosZZg7ineLqHWsJRP7X
Q9pfySZ/u3a+10wAAAAASUVORK5CYII=
"
id="image32"
x="233.91249"
y="24.324821" /></svg>
Side by Side

After

Width:  |  Height:  |  Size: 6.6 KiB

85
bin/look/greve/logo.svg Normal file
View File

@@ -0,0 +1,85 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<svg
version="1.0"
width="640.000000pt"
height="1280.000000pt"
viewBox="0 0 640.000000 1280.000000"
preserveAspectRatio="xMidYMid meet"
id="svg18"
sodipodi:docname="logo.svg"
inkscape:version="1.2.2 (b0a8486541, 2022-12-01)"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns="http://www.w3.org/2000/svg"
xmlns:svg="http://www.w3.org/2000/svg">
<defs
id="defs22">
<rect
x="179.93953"
y="196.11891"
width="517.72233"
height="120.71095"
id="rect248" />
<rect
x="144.39207"
y="193.77589"
width="604.30237"
height="115.55072"
id="rect182" />
</defs>
<sodipodi:namedview
id="namedview20"
pagecolor="#ffffff"
bordercolor="#666666"
borderopacity="1.0"
inkscape:showpageshadow="2"
inkscape:pageopacity="0.0"
inkscape:pagecheckerboard="0"
inkscape:deskcolor="#d1d1d1"
inkscape:document-units="pt"
showgrid="false"
inkscape:zoom="0.48229806"
inkscape:cx="427.12177"
inkscape:cy="902.9686"
inkscape:window-width="1920"
inkscape:window-height="1032"
inkscape:window-x="0"
inkscape:window-y="0"
inkscape:window-maximized="1"
inkscape:current-layer="svg18" />
<g
transform="translate(0.000000,1280.000000) scale(0.100000,-0.100000)"
fill="#000000"
stroke="none"
id="g16">
<path
d="M1450 12780 c-28 -28 -38 -56 -65 -190 -70 -337 -103 -1013 -111 -2260 l-6 -785 69 -32 c218 -103 428 -212 520 -270 133 -84 182 -103 396 -159 350 -91 440 -127 536 -211 65 -57 94 -102 118 -184 l19 -64 274 0 274 0 17 60 c31 102 63 147 162 221 77 57 183 96 406 150 386 92 459 117 766 259 262 121 388 175 408 175 23 0 24 44 15 915 -13 1328 -47 1950 -124 2250 -35 134 -58 158 -129 130 -78 -29 -169 -147 -453 -587 -216 -333 -330 -485 -385 -512 -32 -15 -76 -19 -265 -27 -269 -10 -1017 -10 -1288 0 -176 6 -194 8 -240 32 -64 33 -95 73 -419 559 -272 408 -340 497 -406 530 -48 25 -64 25 -89 0z m197 -402 c50 -55 184 -325 220 -445 22 -76 23 -250 0 -309 -41 -108 -100 -164 -173 -164 -50 0 -67 17 -88 90 -24 80 -72 370 -92 549 -20 188 -16 257 16 283 32 26 91 24 117 -4z m3353 12 c29 -16 43 -84 36 -170 -20 -223 -80 -593 -112 -693 -18 -54 -36 -67 -93 -67 -53 0 -110 49 -148 128 -22 47 -28 75 -31 154 -7 150 13 217 125 437 52 102 102 194 110 204 18 19 83 23 113 7z m-2675 -1975 c22 -4 67 -21 99 -38 95 -51 142 -134 117 -209 -14 -41 -72 -103 -120 -127 -46 -23 -139 -47 -148 -38 -3 4 5 20 20 35 37 39 59 98 59 162 1 82 -17 134 -62 182 -45 46 -47 51 -22 45 9 -3 35 -8 57 -12z m-199 -36 c-48 -56 -59 -97 -54 -188 5 -78 19 -118 58 -159 12 -13 20 -25 18 -28 -7 -6 -108 26 -137 44 -75 46 -111 99 -111 162 0 49 17 84 63 128 36 35 136 81 175 82 23 0 22 -2 -12 -41z m1984 37 c0 -3 -13 -19 -30 -37 -79 -87 -79 -255 1 -340 16 -18 28 -33 26 -36 -2 -2 -34 6 -72 18 -79 24 -157 89 -176 146 -30 92 44 191 179 239 37 13 72 18 72 10z m223 -16 c60 -23 130 -78 152 -121 19 -36 19 -102 1 -138 -17 -32 -73 -84 -114 -105 -59 -30 -193 -45 -140 -15 10 5 29 30 44 54 54 94 39 240 -33 310 l-36 35 36 0 c20 0 60 -9 90 -20z m-1089 -306 c9 -3 59 -69 113 -146 53 -77 106 -146 118 -154 11 -7 39 -16 60 -19 52 -6 75 -34 75 -92 0 -67 -31 -93 -111 -93 -36 0 -75 7 -96 17 -34 16 -117 106 -170 186 -14 20 -29 37 -33 37 -4 0 -19 -17 -32 -37 -44 -66 -118 -147 -160 -175 -34 -23 -52 -28 -105 -28 -55 0 -68 4 -88 25 -20 19 -25 34 -25 73 0 60 17 78 84 91 57 10 72 26 186 193 44 64 85 119 92 121 19 8 74 8 92 1z"
id="path2" />
<path
d="M1130 9411 c-340 -102 -544 -266 -581 -467 -34 -181 103 -365 345 -466 158 -65 303 -89 656 -108 569 -31 954 -31 1065 1 190 54 276 205 195 345 -73 128 -194 193 -509 274 -286 74 -348 98 -515 199 -188 114 -457 243 -515 248 -30 2 -79 -7 -141 -26z"
id="path4" />
<path
d="M5105 9354 c-550 -254 -547 -253 -925 -345 -236 -57 -301 -77 -377 -114 -204 -100 -290 -244 -223 -374 39 -78 115 -129 232 -156 99 -23 629 -25 838 -4 52 5 187 14 300 19 292 14 442 43 596 116 222 105 340 285 304 461 -32 154 -131 268 -311 356 -111 54 -240 97 -290 97 -13 -1 -78 -26 -144 -56z"
id="path6" />
<path
d="M1200 6430 l0 -1120 165 0 165 0 2 496 3 496 206 -494 207 -493 181 -3 181 -2 -6 27 c-4 16 -12 39 -20 53 -7 14 -116 264 -243 555 l-231 530 216 510 c118 281 220 518 225 527 19 37 13 38 -177 36 l-186 -3 -177 -463 -176 -462 -3 465 -2 465 -165 0 -165 0 0 -1120z"
id="path8" />
<path
d="M3005 7528 c-3 -13 -97 -504 -210 -1093 -113 -588 -208 -1082 -211 -1097 l-6 -28 161 0 c89 0 161 3 162 8 0 4 15 97 32 207 l32 200 212 3 213 2 5 -22 c3 -13 16 -95 30 -183 14 -88 28 -172 31 -187 l6 -28 160 0 160 0 -5 23 c-3 12 -99 508 -212 1102 -113 594 -208 1088 -211 1098 -5 15 -22 17 -174 17 -168 0 -170 0 -175 -22z m258 -1010 c43 -266 78 -486 77 -490 0 -5 -75 -8 -166 -8 l-166 0 5 26 c2 14 38 234 78 490 42 263 78 464 84 464 6 0 44 -209 88 -482z"
id="path10" />
<path
d="M4150 7399 l0 -150 290 3 c286 3 290 3 284 -17 -4 -11 -144 -402 -312 -870 l-305 -850 -5 -102 -4 -103 516 0 516 0 0 151 0 150 -315 -3 c-173 -2 -315 -2 -315 -1 0 1 120 334 266 740 380 1054 364 1004 364 1113 l0 90 -490 0 -490 0 0 -151z"
id="path12" />
<path
d="M1251 4291 c-15 -4 -27 -17 -31 -31 -12 -46 -20 -984 -10 -1269 30 -885 107 -1328 426 -2460 109 -387 161 -468 329 -516 169 -50 310 55 370 275 26 92 31 634 14 1355 -7 308 -13 585 -14 615 l0 55 256 3 257 2 6 -142 c35 -740 202 -1240 531 -1587 69 -73 201 -179 262 -210 100 -50 231 -33 303 39 22 22 42 40 44 40 2 0 9 -37 16 -82 20 -144 63 -245 129 -306 111 -103 309 -85 415 39 68 80 92 145 196 525 282 1027 353 1413 390 2109 16 300 10 1519 -8 1537 -11 11 -373 13 -1935 14 -1057 0 -1933 -2 -1946 -5z m2775 -2093 c-14 -256 -26 -764 -26 -1055 0 -167 -4 -303 -8 -303 -5 0 -17 10 -28 21 -10 12 -47 41 -80 65 -128 92 -247 242 -324 408 -106 228 -160 493 -184 904 l-5 82 330 0 331 0 -6 -122z"
id="path14" />
</g>
<text
xml:space="preserve"
transform="matrix(0.96846201,0,0,0.86019954,-43.878364,-38.095408)"
id="text246"
style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:106.667px;line-height:125%;font-family:'Arial Black';-inkscape-font-specification:'Arial Black, ';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-feature-settings:normal;text-align:start;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;white-space:pre;shape-inside:url(#rect248);fill:#00ff00;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"><tspan
x="179.93945"
y="291.75453"
id="tspan371">GREVE</tspan></text>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 6.6 KiB

72
bin/look/kaz/logo.svg Normal file
View File

@@ -0,0 +1,72 @@
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 20010904//EN"
"http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd">
<svg version="1.0" xmlns="http://www.w3.org/2000/svg"
width="640.000000pt" height="1280.000000pt" viewBox="0 0 640.000000 1280.000000"
preserveAspectRatio="xMidYMid meet">
<g transform="translate(0.000000,1280.000000) scale(0.100000,-0.100000)"
fill="#000000" stroke="none">
<path d="M1450 12780 c-28 -28 -38 -56 -65 -190 -70 -337 -103 -1013 -111
-2260 l-6 -785 69 -32 c218 -103 428 -212 520 -270 133 -84 182 -103 396 -159
350 -91 440 -127 536 -211 65 -57 94 -102 118 -184 l19 -64 274 0 274 0 17 60
c31 102 63 147 162 221 77 57 183 96 406 150 386 92 459 117 766 259 262 121
388 175 408 175 23 0 24 44 15 915 -13 1328 -47 1950 -124 2250 -35 134 -58
158 -129 130 -78 -29 -169 -147 -453 -587 -216 -333 -330 -485 -385 -512 -32
-15 -76 -19 -265 -27 -269 -10 -1017 -10 -1288 0 -176 6 -194 8 -240 32 -64
33 -95 73 -419 559 -272 408 -340 497 -406 530 -48 25 -64 25 -89 0z m197
-402 c50 -55 184 -325 220 -445 22 -76 23 -250 0 -309 -41 -108 -100 -164
-173 -164 -50 0 -67 17 -88 90 -24 80 -72 370 -92 549 -20 188 -16 257 16 283
32 26 91 24 117 -4z m3353 12 c29 -16 43 -84 36 -170 -20 -223 -80 -593 -112
-693 -18 -54 -36 -67 -93 -67 -53 0 -110 49 -148 128 -22 47 -28 75 -31 154
-7 150 13 217 125 437 52 102 102 194 110 204 18 19 83 23 113 7z m-2675
-1975 c22 -4 67 -21 99 -38 95 -51 142 -134 117 -209 -14 -41 -72 -103 -120
-127 -46 -23 -139 -47 -148 -38 -3 4 5 20 20 35 37 39 59 98 59 162 1 82 -17
134 -62 182 -45 46 -47 51 -22 45 9 -3 35 -8 57 -12z m-199 -36 c-48 -56 -59
-97 -54 -188 5 -78 19 -118 58 -159 12 -13 20 -25 18 -28 -7 -6 -108 26 -137
44 -75 46 -111 99 -111 162 0 49 17 84 63 128 36 35 136 81 175 82 23 0 22 -2
-12 -41z m1984 37 c0 -3 -13 -19 -30 -37 -79 -87 -79 -255 1 -340 16 -18 28
-33 26 -36 -2 -2 -34 6 -72 18 -79 24 -157 89 -176 146 -30 92 44 191 179 239
37 13 72 18 72 10z m223 -16 c60 -23 130 -78 152 -121 19 -36 19 -102 1 -138
-17 -32 -73 -84 -114 -105 -59 -30 -193 -45 -140 -15 10 5 29 30 44 54 54 94
39 240 -33 310 l-36 35 36 0 c20 0 60 -9 90 -20z m-1089 -306 c9 -3 59 -69
113 -146 53 -77 106 -146 118 -154 11 -7 39 -16 60 -19 52 -6 75 -34 75 -92 0
-67 -31 -93 -111 -93 -36 0 -75 7 -96 17 -34 16 -117 106 -170 186 -14 20 -29
37 -33 37 -4 0 -19 -17 -32 -37 -44 -66 -118 -147 -160 -175 -34 -23 -52 -28
-105 -28 -55 0 -68 4 -88 25 -20 19 -25 34 -25 73 0 60 17 78 84 91 57 10 72
26 186 193 44 64 85 119 92 121 19 8 74 8 92 1z"/>
<path d="M1130 9411 c-340 -102 -544 -266 -581 -467 -34 -181 103 -365 345
-466 158 -65 303 -89 656 -108 569 -31 954 -31 1065 1 190 54 276 205 195 345
-73 128 -194 193 -509 274 -286 74 -348 98 -515 199 -188 114 -457 243 -515
248 -30 2 -79 -7 -141 -26z"/>
<path d="M5105 9354 c-550 -254 -547 -253 -925 -345 -236 -57 -301 -77 -377
-114 -204 -100 -290 -244 -223 -374 39 -78 115 -129 232 -156 99 -23 629 -25
838 -4 52 5 187 14 300 19 292 14 442 43 596 116 222 105 340 285 304 461 -32
154 -131 268 -311 356 -111 54 -240 97 -290 97 -13 -1 -78 -26 -144 -56z"/>
<path d="M1200 6430 l0 -1120 165 0 165 0 2 496 3 496 206 -494 207 -493 181
-3 181 -2 -6 27 c-4 16 -12 39 -20 53 -7 14 -116 264 -243 555 l-231 530 216
510 c118 281 220 518 225 527 19 37 13 38 -177 36 l-186 -3 -177 -463 -176
-462 -3 465 -2 465 -165 0 -165 0 0 -1120z"/>
<path d="M3005 7528 c-3 -13 -97 -504 -210 -1093 -113 -588 -208 -1082 -211
-1097 l-6 -28 161 0 c89 0 161 3 162 8 0 4 15 97 32 207 l32 200 212 3 213 2
5 -22 c3 -13 16 -95 30 -183 14 -88 28 -172 31 -187 l6 -28 160 0 160 0 -5 23
c-3 12 -99 508 -212 1102 -113 594 -208 1088 -211 1098 -5 15 -22 17 -174 17
-168 0 -170 0 -175 -22z m258 -1010 c43 -266 78 -486 77 -490 0 -5 -75 -8
-166 -8 l-166 0 5 26 c2 14 38 234 78 490 42 263 78 464 84 464 6 0 44 -209
88 -482z"/>
<path d="M4150 7399 l0 -150 290 3 c286 3 290 3 284 -17 -4 -11 -144 -402
-312 -870 l-305 -850 -5 -102 -4 -103 516 0 516 0 0 151 0 150 -315 -3 c-173
-2 -315 -2 -315 -1 0 1 120 334 266 740 380 1054 364 1004 364 1113 l0 90
-490 0 -490 0 0 -151z"/>
<path d="M1251 4291 c-15 -4 -27 -17 -31 -31 -12 -46 -20 -984 -10 -1269 30
-885 107 -1328 426 -2460 109 -387 161 -468 329 -516 169 -50 310 55 370 275
26 92 31 634 14 1355 -7 308 -13 585 -14 615 l0 55 256 3 257 2 6 -142 c35
-740 202 -1240 531 -1587 69 -73 201 -179 262 -210 100 -50 231 -33 303 39 22
22 42 40 44 40 2 0 9 -37 16 -82 20 -144 63 -245 129 -306 111 -103 309 -85
415 39 68 80 92 145 196 525 282 1027 353 1413 390 2109 16 300 10 1519 -8
1537 -11 11 -373 13 -1935 14 -1057 0 -1933 -2 -1946 -5z m2775 -2093 c-14
-256 -26 -764 -26 -1055 0 -167 -4 -303 -8 -303 -5 0 -17 10 -28 21 -10 12
-47 41 -80 65 -128 92 -247 242 -324 408 -106 228 -160 493 -184 904 l-5 82
330 0 331 0 -6 -122z"/>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 4.6 KiB

86
bin/look/noel/logo.svg Normal file
View File

@@ -0,0 +1,86 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<svg
version="1.0"
width="640.000000pt"
height="1280.000000pt"
viewBox="0 0 640.000000 1280.000000"
preserveAspectRatio="xMidYMid meet"
id="svg18"
sodipodi:docname="logo.svg"
xml:space="preserve"
inkscape:version="1.2.2 (b0a8486541, 2022-12-01)"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns="http://www.w3.org/2000/svg"
xmlns:svg="http://www.w3.org/2000/svg"><defs
id="defs22" /><sodipodi:namedview
id="namedview20"
pagecolor="#ffffff"
bordercolor="#666666"
borderopacity="1.0"
inkscape:showpageshadow="2"
inkscape:pageopacity="0.0"
inkscape:pagecheckerboard="0"
inkscape:deskcolor="#d1d1d1"
inkscape:document-units="pt"
showgrid="false"
inkscape:zoom="0.36440298"
inkscape:cx="428.09749"
inkscape:cy="939.89353"
inkscape:window-width="1920"
inkscape:window-height="1032"
inkscape:window-x="0"
inkscape:window-y="0"
inkscape:window-maximized="1"
inkscape:current-layer="svg18" /><g
transform="translate(0.000000,1280.000000) scale(0.100000,-0.100000)"
fill="#000000"
stroke="none"
id="g16"><path
d="M1450 12780 c-28 -28 -38 -56 -65 -190 -70 -337 -103 -1013 -111 -2260 l-6 -785 69 -32 c218 -103 428 -212 520 -270 133 -84 182 -103 396 -159 350 -91 440 -127 536 -211 65 -57 94 -102 118 -184 l19 -64 274 0 274 0 17 60 c31 102 63 147 162 221 77 57 183 96 406 150 386 92 459 117 766 259 262 121 388 175 408 175 23 0 24 44 15 915 -13 1328 -47 1950 -124 2250 -35 134 -58 158 -129 130 -78 -29 -169 -147 -453 -587 -216 -333 -330 -485 -385 -512 -32 -15 -76 -19 -265 -27 -269 -10 -1017 -10 -1288 0 -176 6 -194 8 -240 32 -64 33 -95 73 -419 559 -272 408 -340 497 -406 530 -48 25 -64 25 -89 0z m197 -402 c50 -55 184 -325 220 -445 22 -76 23 -250 0 -309 -41 -108 -100 -164 -173 -164 -50 0 -67 17 -88 90 -24 80 -72 370 -92 549 -20 188 -16 257 16 283 32 26 91 24 117 -4z m3353 12 c29 -16 43 -84 36 -170 -20 -223 -80 -593 -112 -693 -18 -54 -36 -67 -93 -67 -53 0 -110 49 -148 128 -22 47 -28 75 -31 154 -7 150 13 217 125 437 52 102 102 194 110 204 18 19 83 23 113 7z m-2675 -1975 c22 -4 67 -21 99 -38 95 -51 142 -134 117 -209 -14 -41 -72 -103 -120 -127 -46 -23 -139 -47 -148 -38 -3 4 5 20 20 35 37 39 59 98 59 162 1 82 -17 134 -62 182 -45 46 -47 51 -22 45 9 -3 35 -8 57 -12z m-199 -36 c-48 -56 -59 -97 -54 -188 5 -78 19 -118 58 -159 12 -13 20 -25 18 -28 -7 -6 -108 26 -137 44 -75 46 -111 99 -111 162 0 49 17 84 63 128 36 35 136 81 175 82 23 0 22 -2 -12 -41z m1984 37 c0 -3 -13 -19 -30 -37 -79 -87 -79 -255 1 -340 16 -18 28 -33 26 -36 -2 -2 -34 6 -72 18 -79 24 -157 89 -176 146 -30 92 44 191 179 239 37 13 72 18 72 10z m223 -16 c60 -23 130 -78 152 -121 19 -36 19 -102 1 -138 -17 -32 -73 -84 -114 -105 -59 -30 -193 -45 -140 -15 10 5 29 30 44 54 54 94 39 240 -33 310 l-36 35 36 0 c20 0 60 -9 90 -20z m-1089 -306 c9 -3 59 -69 113 -146 53 -77 106 -146 118 -154 11 -7 39 -16 60 -19 52 -6 75 -34 75 -92 0 -67 -31 -93 -111 -93 -36 0 -75 7 -96 17 -34 16 -117 106 -170 186 -14 20 -29 37 -33 37 -4 0 -19 -17 -32 -37 -44 -66 -118 -147 -160 -175 -34 -23 -52 -28 -105 -28 -55 0 -68 4 -88 25 -20 19 -25 34 -25 73 0 60 17 78 84 91 57 10 72 26 186 193 44 64 85 119 92 121 19 8 74 8 92 1z"
id="path2" /><path
d="M1130 9411 c-340 -102 -544 -266 -581 -467 -34 -181 103 -365 345 -466 158 -65 303 -89 656 -108 569 -31 954 -31 1065 1 190 54 276 205 195 345 -73 128 -194 193 -509 274 -286 74 -348 98 -515 199 -188 114 -457 243 -515 248 -30 2 -79 -7 -141 -26z"
id="path4" /><path
d="M5105 9354 c-550 -254 -547 -253 -925 -345 -236 -57 -301 -77 -377 -114 -204 -100 -290 -244 -223 -374 39 -78 115 -129 232 -156 99 -23 629 -25 838 -4 52 5 187 14 300 19 292 14 442 43 596 116 222 105 340 285 304 461 -32 154 -131 268 -311 356 -111 54 -240 97 -290 97 -13 -1 -78 -26 -144 -56z"
id="path6" /><path
d="M1200 6430 l0 -1120 165 0 165 0 2 496 3 496 206 -494 207 -493 181 -3 181 -2 -6 27 c-4 16 -12 39 -20 53 -7 14 -116 264 -243 555 l-231 530 216 510 c118 281 220 518 225 527 19 37 13 38 -177 36 l-186 -3 -177 -463 -176 -462 -3 465 -2 465 -165 0 -165 0 0 -1120z"
id="path8" /><path
d="M3005 7528 c-3 -13 -97 -504 -210 -1093 -113 -588 -208 -1082 -211 -1097 l-6 -28 161 0 c89 0 161 3 162 8 0 4 15 97 32 207 l32 200 212 3 213 2 5 -22 c3 -13 16 -95 30 -183 14 -88 28 -172 31 -187 l6 -28 160 0 160 0 -5 23 c-3 12 -99 508 -212 1102 -113 594 -208 1088 -211 1098 -5 15 -22 17 -174 17 -168 0 -170 0 -175 -22z m258 -1010 c43 -266 78 -486 77 -490 0 -5 -75 -8 -166 -8 l-166 0 5 26 c2 14 38 234 78 490 42 263 78 464 84 464 6 0 44 -209 88 -482z"
id="path10" /><path
d="M4150 7399 l0 -150 290 3 c286 3 290 3 284 -17 -4 -11 -144 -402 -312 -870 l-305 -850 -5 -102 -4 -103 516 0 516 0 0 151 0 150 -315 -3 c-173 -2 -315 -2 -315 -1 0 1 120 334 266 740 380 1054 364 1004 364 1113 l0 90 -490 0 -490 0 0 -151z"
id="path12" /><path
d="M1251 4291 c-15 -4 -27 -17 -31 -31 -12 -46 -20 -984 -10 -1269 30 -885 107 -1328 426 -2460 109 -387 161 -468 329 -516 169 -50 310 55 370 275 26 92 31 634 14 1355 -7 308 -13 585 -14 615 l0 55 256 3 257 2 6 -142 c35 -740 202 -1240 531 -1587 69 -73 201 -179 262 -210 100 -50 231 -33 303 39 22 22 42 40 44 40 2 0 9 -37 16 -82 20 -144 63 -245 129 -306 111 -103 309 -85 415 39 68 80 92 145 196 525 282 1027 353 1413 390 2109 16 300 10 1519 -8 1537 -11 11 -373 13 -1935 14 -1057 0 -1933 -2 -1946 -5z m2775 -2093 c-14 -256 -26 -764 -26 -1055 0 -167 -4 -303 -8 -303 -5 0 -17 10 -28 21 -10 12 -47 41 -80 65 -128 92 -247 242 -324 408 -106 228 -160 493 -184 904 l-5 82 330 0 331 0 -6 -122z"
id="path14" /></g><image
width="205.84871"
height="157.69467"
preserveAspectRatio="none"
xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAaCAYAAACkVDyJAAAABHNCSVQICAgIfAhkiAAABS9JREFU
SIm1lVuIXWcVx39r7332Pmfm3DvNxM5kmlQT05SmtfGhtY2CsUwVCsXavETQF0PBUlosptDigC8q
PlkQFEQiFYQBA0pN6Rh7p2pCmoGWNkY604nJ3M51n9s++7p8mBmZmJNpKvYPH3zs72P9+K+19reE
T1CqavSS/g/S2Pvcbjf7/sKcYf2vwY4/e+DTd5yuHCpV+5/P1P2bvbQxETlWUVvBpT66XCvZSxeO
/2x2z7cfnwLBNi2GrGE+FvCR6UfMJ56ffWjnheqTpefe+UK6E4qoApAgdBWaItt9YPjDhJxRQtec
EiUJYRRdP/DEd/buueuHLx/fcaF5j4QxsulMgb4KTVFqJLgIPlBGieMYP4houm0qtTrm9cBePbLv
q/e+sPDitoX2bkkSZB2yAQ2ApkAVqGLgAh5CXCiRuvseao0mHy4tMbd4+aMdzhz57L0HZuZPZGte
evP3DVgCdBHqQFWglkDHMcLWrsKPLg0tPl/553u/7rXCg+1OV3vqnZKrCJv01FP7h49Nz58f+Vdn
fM3TlVKgh1BBuIyyDNQFlu4sPzb1du3nAN//w09ymahciIKWjBZSq1u6e+e+Hc+oIarCwBUKugo6
i+hJEf2ViP54JNOemtpnXyumca2D6cf275r4R/17qrrWaevp27z3FVoCDVlLZxNwUV26KXN1OtY1
sIYzh/d87XO/n/uFU+2VQhWQjSbZiLPWhcsizKsyJ8JFVVZRPOX87sXcNYFX1fDPD++dvOOl+ZPp
TmiAXnFDAU+go0oVYQ7hA5TLQAXoOLIc31fYe+pUw71uh+b71UNuNzC6CJYIBiCiJCoEKK6CC6wo
LIpSB/qAopj51KmXtoANBJ4rGvMrgC0JGYSMCmkEBzBUCUUwENIiFFWJBNIKRRHidjS7FWywQ1Uz
BEKgB6RQUgoOiiNCWtdcDwtEAomCLdAX6G0bvpWF9pbAK7r06C8PpMYWvEdvQCkBBSCDkBJBRQiA
LtAWaAMdlEAgRlGFUm7Ht154483Xf/OX6bGPBJ44+9qtD9YfnItWvNtc1l4PT5U+CZ4m9FRpozQl
oUFCk4Q24AE+Qmya7H/0u9aNheLBgj1yfGp6atC/KBbAc3/7bb6swzPFB74+3k2XaJ09w9zMDOp5
GKZJ7PtIEBKnLMwgJFUqIuUSQ9tGyeYL7Jy8n+zYBJ86+EXqLZehbvYrE4UDh4AXB9VQCu3yN+K8
jpvFLLuOfJP80aMcsoSw3cW0UwT9PtW5Dxj9zG4un5tl9PbbyI1uBxRUiOOYXt+n3e2hiSKJYoTG
4U1AWV93CRB+aXLSfPLYs7L9hjLlYp5iNksm45C2bUzDQGTwk6uqRHGC7wd0PI9Wu0Ot6bJcqfHX
c6f56dPH4MrBggVYhe0jrFSqJHFMFMWEfkQ+O0QmncGxLSzLwjAEYx2cqKJxTBjH9IOQrtfH7fZo
uC6r9QarjQZ/f/WV/9Ttv1PK0sVL9IOQxZVV3E6HciFPMZcjOzxExrGxbRvLNNeBuuYsiugHIT3P
p93r0Wh1aLZcup7Pe+dnefftswOzIoAapsHd93+ZyYcOUxougIBlmTi2Q8Z2cByHlGVhigECcZIQ
hCF938cPAvpBQBTFxCizZ97iT9O/o7Y8eBJtDG8A7LTD2C07GR0bZ+/+OxmfuBk7ZZPPlYg1wTRM
ZL0iqoqKUKuskLJtXj75R2qVVd49fWYgaCBwkAzTYCiXxet0sTNpRiZuonpxEUMMDMuk03TRZMsQ
Hw/4/9Y1B/AnpX8DQ2J16tSILa8AAAAASUVORK5CYII=
"
id="image136"
x="239.88551"
y="10.151023" /></svg>
Side by Side

After

Width:  |  Height:  |  Size: 7.7 KiB

17
bin/manageAgora.sh
View File

@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh . $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars setKazVars
. $DOCKERS_ENV . $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
#GLOBAL VARS #GLOBAL VARS
PRG=$(basename $0) PRG=$(basename $0)
@@ -83,7 +82,8 @@ Init(){
[ $? -ne 0 ] && printKazError "$DockerServName ne parvient pas à démarrer correctement : impossible de terminer l'install" && return 1 >& $QUIET [ $? -ne 0 ] && printKazError "$DockerServName ne parvient pas à démarrer correctement : impossible de terminer l'install" && return 1 >& $QUIET
# creation compte admin # creation compte admin
${SIMU} curl -i -d "{\"email\":\"${mattermost_MM_ADMIN_EMAIL}\",\"username\":\"${mattermost_user}\",\"password\":\"${mattermost_pass}\",\"allow_marketing\":true}" "${MATTER_URL}/api/v4/users" _getPasswords
${SIMU} curl -i -d "{\"email\":\"${mattermostServ_MM_ADMIN_EMAIL}\",\"username\":\"${mattermost_user}\",\"password\":\"${mattermost_pass}\",\"allow_marketing\":true}" "${MATTER_URL}/api/v4/users"
MM_TOKEN=$(_getMMToken ${MATTER_URL}) MM_TOKEN=$(_getMMToken ${MATTER_URL})
@@ -98,12 +98,13 @@ Version(){
_getMMToken(){ _getMMToken(){
#$1 MATTER_URL #$1 MATTER_URL
_getPasswords
${SIMU} curl -i -s -d "{\"login_id\":\"${mattermost_user}\",\"password\":\"${mattermost_pass}\"}" "${1}/api/v4/users/login" | grep 'token' | sed 's/token:\s*\(.*\)\s*/\1/' | tr -d '\r' ${SIMU} curl -i -s -d "{\"login_id\":\"${mattermost_user}\",\"password\":\"${mattermost_pass}\"}" "${1}/api/v4/users/login" | grep 'token' | sed 's/token:\s*\(.*\)\s*/\1/' | tr -d '\r'
} }
PostMessage(){ PostMessage(){
printKazMsg "Envoi à $TEAM : $MESSAGE" >& $QUIET printKazMsg "Envoi à $TEAM : $MESSAGE" >& $QUIET
_getPasswords
${SIMU} docker exec -ti "${DockerServName}" bin/mmctl auth login "${MATTER_URL}" --name local-server --username ${mattermost_user} --password ${mattermost_pass} ${SIMU} docker exec -ti "${DockerServName}" bin/mmctl auth login "${MATTER_URL}" --name local-server --username ${mattermost_user} --password ${mattermost_pass}
${SIMU} docker exec -ti "${DockerServName}" bin/mmctl post create "${TEAM}" --message "${MESSAGE}" ${SIMU} docker exec -ti "${DockerServName}" bin/mmctl post create "${TEAM}" --message "${MESSAGE}"
} }
@@ -113,6 +114,16 @@ MmctlCommand(){
${SIMU} docker exec -u 33 "$DockerServName" bin/mmctl $1 ${SIMU} docker exec -u 33 "$DockerServName" bin/mmctl $1
} }
_getPasswords(){
# récupération des infos du compte admin
if [ -n "$AGORACOMMUN" ] ; then
. $KAZ_KEY_DIR/env-mattermostAdmin
. $KAZ_BIN_DIR/getPasswords.sh mattermostServ
else
. $KAZ_KEY_DIR/orgas/${ORGA}/env-mattermostAdmin
. $KAZ_BIN_DIR/getPasswords.sh -d ${ORGA} mattermostServ
fi
}
########## Main ################# ########## Main #################
for ARG in "$@"; do for ARG in "$@"; do

16
bin/manageCastopod.sh
View File

@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh . $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars setKazVars
. $DOCKERS_ENV . $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
#GLOBAL VARS #GLOBAL VARS
PRG=$(basename $0) PRG=$(basename $0)
@@ -63,11 +62,12 @@ Init(){
cookies=$(curl -c - ${POD_URL}) cookies=$(curl -c - ${POD_URL})
CSRF_TOKEN=$(curl --cookie <(echo "$cookies") ${POD_URL}/cp-install | grep "csrf_test_name" | sed "s/.*value=.//" | sed "s/.>//") CSRF_TOKEN=$(curl --cookie <(echo "$cookies") ${POD_URL}/cp-install | grep "csrf_test_name" | sed "s/.*value=.//" | sed "s/.>//")
_getPasswords
#echo ${CSRF_TOKEN} #echo ${CSRF_TOKEN}
${SIMU} curl --cookie <(echo "$cookies") -X POST \ ${SIMU} curl --cookie <(echo "$cookies") -X POST \
-d "username=${castopod_ADMIN_USER}" \ -d "username=${ADMIN_USER}" \
-d "password=${castopod_ADMIN_PASSWORD}" \ -d "password=${ADMIN_PASSWORD}" \
-d "email=${castopod_ADMIN_MAIL}" \ -d "email=${ADMIN_MAIL}" \
-d "csrf_test_name=${CSRF_TOKEN}" \ -d "csrf_test_name=${CSRF_TOKEN}" \
"${POD_URL}/cp-install/create-superadmin" "${POD_URL}/cp-install/create-superadmin"
@@ -78,7 +78,13 @@ Version(){
echo "Version $DockerServName : ${GREEN}${VERSION}${NC}" echo "Version $DockerServName : ${GREEN}${VERSION}${NC}"
} }
_getPasswords(){
if [ -n "$CASTOPOD_COMMUN" ]; then
. $KAZ_KEY_DIR/env-castopodAdmin
else
. $KAZ_KEY_DIR/orgas/$ORGA/env-castopodAdmin
fi
}
########## Main ################# ########## Main #################
for ARG in "$@"; do for ARG in "$@"; do

46
bin/manageCloud.sh
View File

@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh . $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars setKazVars
. $DOCKERS_ENV . $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
#GLOBAL VARS #GLOBAL VARS
PRG=$(basename $0) PRG=$(basename $0)
@@ -16,7 +15,7 @@ availableOrga=($(getList "${KAZ_CONF_DIR}/container-orga.list"))
AVAILABLE_ORGAS=${availableOrga[*]//-orga/} AVAILABLE_ORGAS=${availableOrga[*]//-orga/}
# CLOUD # CLOUD
APPLIS_PAR_DEFAUT="tasks calendar contacts bookmarks mail richdocuments external drawio snappymail ransomware_protection" #rainloop richdocumentscode APPLIS_PAR_DEFAUT="tasks calendar contacts bookmarks mail richdocuments external drawio ransomware_protection" #rainloop richdocumentscode
QUIET="1" QUIET="1"
ONNAS= ONNAS=
@@ -32,7 +31,7 @@ OPTIONS
-n|--simu SIMULATION -n|--simu SIMULATION
-q|--quiet On ne parle pas (utile avec le -n pour avoir que les commandes) -q|--quiet On ne parle pas (utile avec le -n pour avoir que les commandes)
--nas L'orga se trouve sur le NAS ! --nas L'orga se trouve sur le NAS !
COMMANDES (on peut en mettre plusieurs dans l'ordre souhaité) COMMANDES (on peut en mettre plusieurs dans l'ordre souhaité)
-I|--install L'initialisation du cloud -I|--install L'initialisation du cloud
-v|--version Donne la version du cloud et signale les MàJ -v|--version Donne la version du cloud et signale les MàJ
@@ -75,7 +74,7 @@ Init(){
CONF_FILE="${NAS_VOL}/orga_${ORGA}-cloudConfig/_data/config.php" CONF_FILE="${NAS_VOL}/orga_${ORGA}-cloudConfig/_data/config.php"
fi fi
firstInstall "$CLOUD_URL" "$CONF_FILE" " NextCloud de $NOM" firstInstall "$CLOUD_URL" "$CONF_FILE" "$NOM"
updatePhpConf "$CONF_FILE" updatePhpConf "$CONF_FILE"
InstallApplis InstallApplis
echo "${CYAN} *** Paramétrage richdocuments pour $ORGA${NC}" >& $QUIET echo "${CYAN} *** Paramétrage richdocuments pour $ORGA${NC}" >& $QUIET
@@ -100,43 +99,58 @@ firstInstall(){
# $2 phpConfFile # $2 phpConfFile
# $3 orga # $3 orga
if ! grep -q "'installed' => true," "$2" 2> /dev/null; then if ! grep -q "'installed' => true," "$2" 2> /dev/null; then
printKazMsg "\n *** Premier lancement de $3" >& $QUIET
printKazMsg "\n *** Premier lancement nextcloud $3" >& $QUIET
_getPasswords
${SIMU} waitUrl "$1" ${SIMU} waitUrl "$1"
${SIMU} curl -X POST \ ${SIMU} curl -X POST \
-d "install=true" \ -d "install=true" \
-d "adminlogin=${nextcloud_NEXTCLOUD_ADMIN_USER}" \ -d "adminlogin=${NEXTCLOUD_ADMIN_USER}" \
-d "adminpass=${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}" \ -d "adminpass=${NEXTCLOUD_ADMIN_PASSWORD}" \
-d "directory=/var/www/html/data" \ -d "directory=/var/www/html/data" \
-d "dbtype=mysql" \ -d "dbtype=mysql" \
-d "dbuser=${nextcloud_MYSQL_USER}" \ -d "dbuser=${MYSQL_USER}" \
-d "dbpass=${nextcloud_MYSQL_PASSWORD}" \ -d "dbpass=${MYSQL_PASSWORD}" \
-d "dbname=${nextcloud_MYSQL_DATABASE}" \ -d "dbname=${MYSQL_DATABASE}" \
-d "dbhost=${nextcloud_MYSQL_HOST}" \ -d "dbhost=${MYSQL_HOST}" \
-d "install-recommended-apps=true" \ -d "install-recommended-apps=true" \
"$1" "$1"
fi fi
} }
_getPasswords(){
if [ -n "$CLOUDCOMMUN" ]; then
. $KAZ_KEY_DIR/env-nextcloudServ
. $KAZ_KEY_DIR/env-nextcloudDB
else
. $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudServ
. $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudDB
fi
}
setOfficeUrl(){ setOfficeUrl(){
OFFICE_URL="https://${officeHost}.${domain}" # Did le 25 mars les offices sont tous normalisé sur les serveurs https://${site}-${officeHost}.${domain}
if [ ! "${site}" = "prod1" ]; then #OFFICE_URL="https://${officeHost}.${domain}"
OFFICE_URL="https://${site}-${officeHost}.${domain}" #if [ ! "${site}" = "prod1" ]; then
fi OFFICE_URL="https://${site}-${officeHost}.${domain}"
#fi
occCommand "config:app:set --value $OFFICE_URL richdocuments public_wopi_url" occCommand "config:app:set --value $OFFICE_URL richdocuments public_wopi_url"
occCommand "config:app:set --value $OFFICE_URL richdocuments wopi_url" occCommand "config:app:set --value $OFFICE_URL richdocuments wopi_url"
occCommand "config:app:set --value $OFFICE_URL richdocuments disable_certificate_verification" occCommand "config:app:set --value $OFFICE_URL richdocuments disable_certificate_verification"
} }
initLdap(){ initLdap(){
. $KAZ_BIN_DIR/getPasswords.sh ldapServ
# $1 Nom du cloud # $1 Nom du cloud
echo "${CYAN} *** Installation LDAP pour $1${NC}" >& $QUIET echo "${CYAN} *** Installation LDAP pour $1${NC}" >& $QUIET
occCommand "app:enable user_ldap" "${DockerServName}" occCommand "app:enable user_ldap" "${DockerServName}"
occCommand "ldap:delete-config s01" "${DockerServName}" occCommand "ldap:delete-config s01" "${DockerServName}"
occCommand "ldap:create-empty-config" "${DockerServName}" occCommand "ldap:create-empty-config" "${DockerServName}"
occCommand "ldap:set-config s01 ldapAgentName cn=cloud,ou=applications,${ldap_root}" "${DockerServName}" occCommand "ldap:set-config s01 ldapAgentName cn=cloud,ou=applications,${ldap_root}" "${DockerServName}"
occCommand "ldap:set-config s01 ldapAgentPassword ${ldap_LDAP_CLOUD_PASSWORD}" "${DockerServName}" occCommand "ldap:set-config s01 ldapAgentPassword ${ldapServ_LDAP_CLOUD_PASSWORD}" "${DockerServName}"
occCommand "ldap:set-config s01 ldapBase ${ldap_root}" "${DockerServName}" occCommand "ldap:set-config s01 ldapBase ${ldap_root}" "${DockerServName}"
occCommand "ldap:set-config s01 ldapBaseGroups ${ldap_root}" "${DockerServName}" occCommand "ldap:set-config s01 ldapBaseGroups ${ldap_root}" "${DockerServName}"
occCommand "ldap:set-config s01 ldapBaseUsers ou=users,${ldap_root}" "${DockerServName}" occCommand "ldap:set-config s01 ldapBaseUsers ou=users,${ldap_root}" "${DockerServName}"

19
bin/manageWiki.sh
View File

@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh . $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars setKazVars
. $DOCKERS_ENV . $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
#GLOBAL VARS #GLOBAL VARS
PRG=$(basename $0) PRG=$(basename $0)
@@ -55,15 +54,7 @@ Init(){
PLG_DIR="${VOL_PREFIX}wikiPlugins/_data" PLG_DIR="${VOL_PREFIX}wikiPlugins/_data"
CONF_DIR="${VOL_PREFIX}wikiConf/_data" CONF_DIR="${VOL_PREFIX}wikiConf/_data"
# Gael, j'avais ajouté ça mais j'ai pas test alors je laisse comme avant ... . $KAZ_BIN_DIR/getPasswords.sh dokuwiki
# A charge au prochain qui monte un wiki de faire qque chose
#WIKI_ROOT="${dokuwiki_WIKI_ROOT}"
#WIKI_EMAIL="${dokuwiki_WIKI_EMAIL}"
#WIKI_PASS="${dokuwiki_WIKI_PASSWORD}"
WIKI_ROOT=Kaz
WIKI_EMAIL=wiki@kaz.local
WIKI_PASS=azerty
${SIMU} checkDockerRunning "${DockerServName}" "${NOM}" || exit ${SIMU} checkDockerRunning "${DockerServName}" "${NOM}" || exit
@@ -77,11 +68,11 @@ Init(){
-d "l=fr" \ -d "l=fr" \
-d "d[title]=${NOM}" \ -d "d[title]=${NOM}" \
-d "d[acl]=true" \ -d "d[acl]=true" \
-d "d[superuser]=${WIKI_ROOT}" \ -d "d[superuser]=${dokuwiki_WIKI_ROOT}" \
-d "d[fullname]=Admin"\ -d "d[fullname]=Admin"\
-d "d[email]=${WIKI_EMAIL}" \ -d "d[email]=${dokuwiki_WIKI_EMAIL}" \
-d "d[password]=${WIKI_PASS}" \ -d "d[password]=${dokuwiki_WIKI_PASSWORD}" \
-d "d[confirm]=${WIKI_PASS}" \ -d "d[confirm]=${dokuwiki_WIKI_PASSWORD}" \
-d "d[policy]=1" \ -d "d[policy]=1" \
-d "d[allowreg]=false" \ -d "d[allowreg]=false" \
-d "d[license]=0" \ -d "d[license]=0" \

9
bin/manageWp.sh
View File

@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh . $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars setKazVars
. $DOCKERS_ENV . $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
#GLOBAL VARS #GLOBAL VARS
PRG=$(basename $0) PRG=$(basename $0)
@@ -61,11 +60,11 @@ Init(){
echo "\n *** Premier lancement de WP" >& $QUIET echo "\n *** Premier lancement de WP" >& $QUIET
${SIMU} waitUrl "${WP_URL}" ${SIMU} waitUrl "${WP_URL}"
. $KAZ_BIN_DIR/getPasswords.sh wpServ
${SIMU} curl -X POST \ ${SIMU} curl -X POST \
-d "user_name=${wp_WORDPRESS_ADMIN_USER}" \ -d "user_name=${wpServ_WORDPRESS_ADMIN_USER}" \
-d "admin_password=${wp_WORDPRESS_ADMIN_PASSWORD}" \ -d "admin_password=${wpServ_WORDPRESS_ADMIN_PASSWORD}" \
-d "admin_password2=${wp_WORDPRESS_ADMIN_PASSWORD}" \ -d "admin_password2=${wpServ_WORDPRESS_ADMIN_PASSWORD}" \
-d "pw_weak=true" \ -d "pw_weak=true" \
-d "admin_email=admin@kaz.bzh" \ -d "admin_email=admin@kaz.bzh" \
-d "blog_public=0" \ -d "blog_public=0" \

68
bin/migGestionMotsDePasse.sh Normal file
View File

@@ -0,0 +1,68 @@
#!/bin/bash
KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
newenvfile=$KAZ_KEY_DIR/env-mattermostAdmin
touch $newenvfile
echo "mattermost_user=$mattermost_user" >> $newenvfile
echo "mattermost_pass=$mattermost_pass" >> $newenvfile
echo "mattermost_token=$mattermost_token" >> $newenvfile
echo "EMAIL_CONTACT=$EMAIL_CONTACT" >> $DOCKERS_ENV
newenvfile=$KAZ_KEY_DIR/env-paheko
touch $newenvfile
echo "API_USER=$paheko_API_USER" >> $newenvfile
echo "API_PASSWORD=$paheko_API_PASSWORD" >> $newenvfile
newenvfile=$KAZ_KEY_DIR/env-mail
touch $newenvfile
echo "service_mail=$service_mail" >> $newenvfile
echo "service_password=$service_password" >> $newenvfile
newenvfile=$KAZ_KEY_DIR/env-borg
# touch $newenvfile à priori il existe déjà
echo "BORG_REPO=$BORG_REPO" >> $newenvfile
echo "BORG_PASSPHRASE=$BORG_PASSPHRASE" >> $newenvfile
echo "VOLUME_SAUVEGARDES=$VOLUME_SAUVEGARDES" >> $newenvfile
echo "MAIL_RAPPORT=$MAIL_RAPPORT" >> $newenvfile
echo "BORGMOUNT=$BORGMOUNT" >> $newenvfile
newenvfile=$KAZ_KEY_DIR/env-traefik
touch $newenvfile
echo "DASHBOARD_USER=$traefik_DASHBOARD_USER" >> $newenvfile
echo "DASHBOARD_PASSWORD=$traefik_DASHBOARD_PASSWORD" >> $newenvfile
#####################
# Castopod
# A COPIER DANS UN FICHIER DE CONF !! castopodAdmin
newenvfile=$KAZ_KEY_DIR/env-castopodAdmin
touch $newenvfile
echo "ADMIN_USER=$castopod_ADMIN_USER" >> $newenvfile
echo "ADMIN_MAIL=$castopod_ADMIN_MAIL" >> $newenvfile
echo "ADMIN_PASSWORD=$castopod_ADMIN_PASSWORD" >> $newenvfile
# creation dossier pour les env des orgas
mkdir $KAZ_KEY_DIR/orgas
orgasLong=($(getList "${KAZ_CONF_DIR}/container-orga.list"))
ORGAS=${orgasLong[*]//-orga/}
for orga in ${ORGAS};do
mkdir $KAZ_KEY_DIR/orgas/$orga
cp $KAZ_KEY_DIR/env-{castopod{Admin,DB,Serv},mattermost{DB,Serv},nextcloud{DB,Serv},spip{DB,Serv},wp{DB,Serv}} $KAZ_KEY_DIR/orgas/$orga
done
echo "C'est parfait, vous pouvez git pull puis supprimer SetAllPass.sh"

8
bin/migVersProdX.sh
View File

@@ -9,13 +9,12 @@ KAZ_ROOT=$(cd "$(dirname $0)/.."; pwd)
setKazVars setKazVars
. $DOCKERS_ENV . $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh . $KAZ_ROOT/secret/env-kaz
NAS_VOL="/mnt/disk-nas1/docker/volumes/" NAS_VOL="/mnt/disk-nas1/docker/volumes/"
#TODO: ce tab doit être construit à partir de la liste des machines dispos et pas en dur tab_sites_destinations_possibles=${TAB_SITES_POSSIBLES}
tab_sites_destinations_possibles=("kazoulet" "prod2")
#par défaut, on prend le premier site #par défaut, on prend le premier site
SITE_DST="${tab_sites_destinations_possibles[0]}" SITE_DST="${tab_sites_destinations_possibles[0]}"
@@ -133,6 +132,7 @@ for orgaLong in ${Orgas}; do
${SIMU} rsync -aAhHX --info=progress2 --delete "${DOCK_VOL_PAHEKO_ORGA}/${orgaCourt}" -e "ssh -p 2201" root@${SITE_DST}.${domain}:"${DOCK_VOL_PAHEKO_ORGA}/" ${SIMU} rsync -aAhHX --info=progress2 --delete "${DOCK_VOL_PAHEKO_ORGA}/${orgaCourt}" -e "ssh -p 2201" root@${SITE_DST}.${domain}:"${DOCK_VOL_PAHEKO_ORGA}/"
fi fi
${SIMU} rsync -aAhHX --info=progress2 --delete ${KAZ_COMP_DIR}/${orgaLong} -e "ssh -p 2201" root@${SITE_DST}.${domain}:${KAZ_COMP_DIR}/ ${SIMU} rsync -aAhHX --info=progress2 --delete ${KAZ_COMP_DIR}/${orgaLong} -e "ssh -p 2201" root@${SITE_DST}.${domain}:${KAZ_COMP_DIR}/
${SIMU} rsync -aAhHX --info=progress2 --delete ${KAZ_KEY_DIR}/orgas/${orgaCourt} -e "ssh -p 2201" root@${SITE_DST}.${domain}:${KAZ_KEY_DIR}/orgas/${orgaCourt}
${SIMU} ssh -p 2201 root@${SITE_DST}.${domain} "grep -q '^${orgaLong}\$' /kaz/config/container-orga.list || echo ${orgaLong} >> /kaz/config/container-orga.list" ${SIMU} ssh -p 2201 root@${SITE_DST}.${domain} "grep -q '^${orgaLong}\$' /kaz/config/container-orga.list || echo ${orgaLong} >> /kaz/config/container-orga.list"
${SIMU} ssh -p 2201 root@${SITE_DST}.${domain} ${KAZ_COMP_DIR}/${orgaLong}/init-volume.sh ${SIMU} ssh -p 2201 root@${SITE_DST}.${domain} ${KAZ_COMP_DIR}/${orgaLong}/init-volume.sh
@@ -143,6 +143,4 @@ for orgaLong in ${Orgas}; do
${SIMU} ssh -p 2201 root@${SITE_DST}.${domain} "${KAZ_BIN_DIR}/manageCloud.sh" --officeURL "${orgaCourt}" ${SIMU} ssh -p 2201 root@${SITE_DST}.${domain} "${KAZ_BIN_DIR}/manageCloud.sh" --officeURL "${orgaCourt}"
fi fi
done done

3
bin/migration.sh
View File

@@ -20,8 +20,7 @@ ${SIMU} "${CV1}" stop orga
${SIMU} "${CV1}" stop ${SIMU} "${CV1}" stop
${SIMU} rsync "${EV1}/dockers.env" "${EV2}/" ${SIMU} rsync "${EV1}/dockers.env" "${EV2}/"
${SIMU} rsync "${SV1}/SetAllPass.sh" "${SV2}/" ${SIMU} rsync "${SV1}/" "${SV2}/"
${SIMU} "${BV2}/updateDockerPassword.sh"
# XXX ? rsync /kaz/secret/allow_admin_ip /kaz-git/secret/allow_admin_ip # XXX ? rsync /kaz/secret/allow_admin_ip /kaz-git/secret/allow_admin_ip

41
bin/nettoyer_acme_json_certifs.sh Executable file
View File

@@ -0,0 +1,41 @@
#!/bin/bash
#date: 23/04/2025
#ki: fab
#koi: supprimer de acme.json les certificats LE devenus inutiles
KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars
. "${DOCKERS_ENV}"
FILE_ACME_ORI="/var/lib/docker/volumes/traefik_letsencrypt/_data/acme.json"
FILE_ACME="/tmp/acme.json"
FILE_URL=$(mktemp)
FILE_ACME_TMP=$(mktemp)
#l'ip du serveur:
#marche po pour les machines hébergée chez T.C... :( on récupère l'IP dans config/dockers.env
#MAIN_IP=$(curl ifconfig.me)
#DANGER: IP depuis config/dockers.env ne fonctionne pas pour les domaines hors *.kaz.bzh (ex:radiokalon.fr)
#sauvegarde
cp $FILE_ACME_ORI $FILE_ACME
cp $FILE_ACME "$FILE_ACME"_$(date +%Y%m%d_%H%M%S)
#je cherche toutes les url
jq -r '.letsencrypt.Certificates[].domain.main' $FILE_ACME > $FILE_URL
while read -r url; do
#echo "Traitement de : $url"
nb=$(dig $url | grep $MAIN_IP | wc -l)
if [ "$nb" -eq 0 ]; then
#absent, on vire de acme.json
echo "on supprime "$url
jq --arg url "$url" 'del(.letsencrypt.Certificates[] | select(.domain.main == $url))' $FILE_ACME > $FILE_ACME_TMP
mv -f $FILE_ACME_TMP $FILE_ACME
fi
done < "$FILE_URL"
echo "si satisfait, remettre "$FILE_ACME" dans "$FILE_ACME_ORI

2
bin/nextcloud_maintenance.sh
View File

@@ -4,12 +4,12 @@ KAZ_ROOT=/kaz
. $KAZ_ROOT/bin/.commonFunctions.sh . $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars setKazVars
. $DOCKERS_ENV . $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
URL_AGORA=https://$matterHost.$domain/api/v4 URL_AGORA=https://$matterHost.$domain/api/v4
EQUIPE=kaz EQUIPE=kaz
PostMattermost() { PostMattermost() {
. $KAZ_KEY_DIR/env-mattermostAdmin
PostM=$1 PostM=$1
CHANNEL=$2 CHANNEL=$2
TEAMID=$(curl -s -H "Authorization: Bearer ${mattermost_token}" "${URL_AGORA}/teams/name/${EQUIPE}" | jq .id | sed -e 's/"//g') TEAMID=$(curl -s -H "Authorization: Bearer ${mattermost_token}" "${URL_AGORA}/teams/name/${EQUIPE}" | jq .id | sed -e 's/"//g')

3
bin/postfix-superviz.sh
View File

@@ -6,7 +6,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
setKazVars setKazVars
. $DOCKERS_ENV . $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
URL_AGORA=$(echo $matterHost).$(echo $domain) URL_AGORA=$(echo $matterHost).$(echo $domain)
MAX_QUEUE=50 MAX_QUEUE=50
@@ -15,6 +14,8 @@ OLDIFS=$IFS
IFS=" " IFS=" "
COUNT_MAILQ=$(docker exec -t mailServ mailq | tail -n1 | gawk '{print $5}') COUNT_MAILQ=$(docker exec -t mailServ mailq | tail -n1 | gawk '{print $5}')
# récupération mots de passes
. $KAZ_KEY_DIR/env-mattermostAdmin
docker exec ${mattermostServName} bin/mmctl --suppress-warnings auth login $httpProto://$URL_AGORA --name local-server --username $mattermost_user --password $mattermost_pass >/dev/null 2>&1 docker exec ${mattermostServName} bin/mmctl --suppress-warnings auth login $httpProto://$URL_AGORA --name local-server --username $mattermost_user --password $mattermost_pass >/dev/null 2>&1
if [ "${COUNT_MAILQ}" -gt "${MAX_QUEUE}" ]; then if [ "${COUNT_MAILQ}" -gt "${MAX_QUEUE}" ]; then

2
bin/sauve_serveur.sh
View File

@@ -1,7 +1,7 @@
#! /bin/sh #! /bin/sh
# date: 12/11/2020 # date: 12/11/2020
#PATH=/bin:/sbin:/usr/bin:/usr/sbin PATH=/bin:/sbin:/usr/bin:/usr/sbin
PATH_SAUVE="/home/sauve/" PATH_SAUVE="/home/sauve/"
iptables-save > $PATH_SAUVE/iptables.sav iptables-save > $PATH_SAUVE/iptables.sav

27
bin/scriptBorg.sh
View File

@@ -1,7 +1,6 @@
#!/bin/bash #!/bin/bash
# -------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------
# Didier # Didier
#
# Script de sauvegarde avec BorgBackup # Script de sauvegarde avec BorgBackup
# la commande de creation du dépot est : borg init --encryption=repokey /mnt/backup-nas1/BorgRepo # la commande de creation du dépot est : borg init --encryption=repokey /mnt/backup-nas1/BorgRepo
# la conf de borg est dans /root/.config/borg # la conf de borg est dans /root/.config/borg
@@ -18,9 +17,9 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh . $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars setKazVars
. $DOCKERS_ENV . $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh . $KAZ_BIN_DIR/getPasswords.sh borg
VERSION="V-3-11-2024" VERSION="V-10-03-2025"
PRG=$(basename $0) PRG=$(basename $0)
RACINE=$(echo $PRG | awk '{print $1}') RACINE=$(echo $PRG | awk '{print $1}')
#IFS=' ' #IFS=' '
@@ -72,20 +71,10 @@ LogFic() {
} }
# #
ExpMail() { ExpMail() {
MAIL_SOURCE=$1 MAIL_DEST=$1
MAIL_SUJET=$2 MAIL_SUJET=$2
MAIL_DEST=$3 MAIL_TEXTE=$3
MAIL_TEXTE=$4
# a mettre ailleurs
mailexp=${borg_MAILEXP}
mailpassword=${borg_MAILPASSWORD}
mailserveur=${borg_MAILSERVEUR}
#
#sendemail -t ${MAIL_DEST} -u ${MAIL_SUJET} -m ${MAIL_TEXTE} -f $mailexp -s $mailserveur:587 -xu $mailexp -xp $mailpassword -o tls=yes >/dev/null 2>&1
printf "Subject:${MAIL_SUJET}\n${MAIL_TEXTE}" | msmtp ${MAIL_DEST} printf "Subject:${MAIL_SUJET}\n${MAIL_TEXTE}" | msmtp ${MAIL_DEST}
#docker exec -i mailServ mailx -a 'Content-Type: text/plain; charset="UTF-8"' -r ${MAIL_SOURCE} -s "${MAIL_SUJET}" ${MAIL_DEST} << EOF
#${MAIL_TEXTE}
#EOF
} }
Pre_Sauvegarde() { Pre_Sauvegarde() {
@@ -297,7 +286,7 @@ if [ "${REPO_MOUNT_ACTIVE}" = "true" ]
then then
echo "le REPO : ${BORG_REPO} est monté , je sors" echo "le REPO : ${BORG_REPO} est monté , je sors"
LogFic "le REPO : ${BORG_REPO} est monté , je sors" LogFic "le REPO : ${BORG_REPO} est monté , je sors"
ExpMail borg@${domain} "${site} : Sauvegarde en erreur" ${MAIL_RAPPORT} "le REPO : ${BORG_REPO} est monté, sauvegarde impossible" ExpMail ${MAIL_RAPPORT} "${site} : Sauvegarde en erreur" "le REPO : ${BORG_REPO} est monté, sauvegarde impossible"
exit 1 exit 1
fi fi
@@ -349,7 +338,7 @@ BorgBackup
" "
LogFic " - la sauvegarde est OK" LogFic " - la sauvegarde est OK"
[ "$MAILOK" = true ] && ExpMail borg@${domain} "${site} : Sauvegarde Ok" ${MAIL_RAPPORT} ${MESS_SAUVE_OK}${LOGDATA} [ "$MAILOK" = true ] && ExpMail ${MAIL_RAPPORT} "${site} : Sauvegarde Ok" ${MESS_SAUVE_OK}${LOGDATA}
IFS=' ' IFS=' '
;; ;;
'1' ) '1' )
@@ -365,7 +354,7 @@ BorgBackup
" "
LogFic " - Sauvegarde en Warning: ${BACKUP_EXIT}" LogFic " - Sauvegarde en Warning: ${BACKUP_EXIT}"
[ "$MAILWARNING" = true ] && ExpMail borg@${domain} "${site} : Sauvegarde en Warning: ${BACKUP_EXIT}" ${MAIL_RAPPORT} ${MESS_SAUVE_ERR}${LOGDATA} [ "$MAILWARNING" = true ] && ExpMail ${MAIL_RAPPORT} "${site} : Sauvegarde en Warning: ${BACKUP_EXIT}" ${MESS_SAUVE_ERR}${LOGDATA}
IFS=' ' IFS=' '
;; ;;
* ) * )
@@ -381,7 +370,7 @@ BorgBackup
" "
LogFic " - !!!!! Sauvegarde en Erreur !!!!! : ${BACKUP_EXIT}" LogFic " - !!!!! Sauvegarde en Erreur !!!!! : ${BACKUP_EXIT}"
ExpMail borg@${domain} "${site} : Sauvegarde en Erreur !!!! : ${BACKUP_EXIT}" ${MAIL_RAPPORT} ${MESS_SAUVE_ERR}${LOGDATA} ExpMail ${MAIL_RAPPORT} "${site} : Sauvegarde en Erreur !!!! : ${BACKUP_EXIT}" ${MESS_SAUVE_ERR}${LOGDATA}
IFS=' ' IFS=' '
;; ;;
esac esac

167
bin/secretGen.sh
View File

@@ -3,70 +3,137 @@
KAZ_ROOT=$(cd "$(dirname $0)/.."; pwd) KAZ_ROOT=$(cd "$(dirname $0)/.."; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh" . "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars setKazVars
. $DOCKERS_ENV
cd "${KAZ_ROOT}" cd "${KAZ_ROOT}"
NEW_DIR="secret" NEW_DIR="secret"
TMPL_DIR="secret.tmpl" TMPL_DIR="secret.tmpl"
SORTIESTANDARD=1
DIR=$KAZ_KEY_DIR
ORGA=
if [ ! -d "${NEW_DIR}/" ]; then if [ ! -d "${NEW_DIR}/" ]; then
rsync -a "${TMPL_DIR}/" "${NEW_DIR}/" rsync -a "${TMPL_DIR}/" "${NEW_DIR}/"
fi fi
NEW_FILE="${NEW_DIR}/SetAllPass-new.sh" usage() {
TMPL_FILE="${NEW_DIR}/SetAllPass.sh" echo "${PRG} [OPTIONS] [filename ...]
# PARCOURE LES ENV FILE ET REMPLIT LES --clean_val-- qui n'ont pas été complétés.
on cherche des
@@pass@@***@@p@@ -> on génère un mot de passe 16car (les *** permettent d'identifier le mot de passe, s'il doit être utilisé ailleurs)
@@db@@***@@d@@ -> on génère une base de données (pareil identifié par ***)
@@user@@***@@u@@ -> on génère un user
@@token@@***@@t@@ -> on génère un token
@@globalvar@@***@@gv@@ -> on cherche la variable globale ***
@@crossvar@@envname_varname@@cv@@ -> on retrouve la variable dans les envfiles
while read line ; do Si on précise des fichiers, alors il ne remplace que dans ceux là (et on "lie" les clean-val ensemble !!!)
if [[ "${line}" =~ ^# ]] || [ -z "${line}" ] ; then OPTIONS
echo "${line}" -h|--help Cette aide :-)
continue -n|--simu SIMULATION
fi -q|--quiet Sans bruits de fond
if [[ "${line}" =~ "--clean_val--" ]] ; then -d foldername prend les envfiles dans un sous dossier /kaz/secret/orgas/foldername/ (pour les orgas !)
case "${line}" in -
*jirafeau_DATA_DIR*)
JIRAFEAU_DIR=$(getValInFile "${DOCKERS_ENV}" "jirafeauDir") "
[ -z "${JIRAFEAU_DIR}" ] && }
echo "${line}" ||
sed "s%\(.*\)--clean_val--\(.*\)%\1${JIRAFEAU_DIR}\2%" <<< ${line} for ARG in "$@"; do
continue if [ -n "${DIRECTORYARG}" ]; then # après un -d
;; DIR=$KAZ_KEY_DIR/orgas/${ARG}
*DATABASE*) ORGA=${ARG}
dbName="$(sed "s/\([^_]*\)_.*/\1/" <<< ${line})_$(apg -n 1 -m 2 -M NCL | cut -c 1-2)" DIRECTORYARG=
sed "s/\(.*\)--clean_val--\(.*\)/\1${dbName}\2/" <<< ${line}
continue
;;
*ROOT_PASSWORD*|*PASSWORD*)
pass="$(apg -n 1 -m 16 -M NCL)"
sed "s/\(.*\)--clean_val--\(.*\)/\1${pass}\2/" <<< ${line}
continue
;;
*USER*)
user="$(sed "s/\([^_]*\)_.*/\1/" <<< ${line})_$(apg -n 1 -m 2 -M NCL | cut -c 1-2)"
sed "s/\(.*\)--clean_val--\(.*\)/\1${user}\2/" <<< ${line}
continue
;;
*RAIN_LOOP*|*office_password*|*mattermost_*|*sympa_*|*gitea_*)
pass="$(apg -n 1 -m 16 -M NCL)"
sed "s/\(.*\)--clean_val--\(.*\)/\1${pass}\2/" <<< ${line}
continue
;;
*vaultwarden_ADMIN_TOKEN*)
pass="$(apg -n 1 -m 32 -M NCL)"
sed "s/\(.*\)--clean_val--\(.*\)/\1${pass}\2/" <<< ${line}
continue
;;
esac
else else
echo "${line}"
continue case "${ARG}" in
'-d' | '--directory' | '-f' | '--folder' | '--foldername')
DIRECTORYARG="ON ATTEND UN REPERTOIRE APRES CA" ;;
'-h' | '--help' )
usage && exit ;;
'-n' | '--simu')
SIMU="echo" ;;
'-q' | '--quiet')
SORTIESTANDARD="/dev/null" ;;
*)
ENVFILES="${ENVFILES} ${ARG%}";;
esac
fi fi
printKazError "${line}" >&2 done
done < "${TMPL_FILE}" > "${NEW_FILE}"
mv "${NEW_FILE}" "${TMPL_FILE}" NB_FILES=$(echo "${ENVFILES}" | wc -w )
chmod a+x "${TMPL_FILE}" if [[ $NB_FILES = 0 ]]; then
. "${TMPL_FILE}" ENVFILES=$(grep -lE '@@pass@@|@@db@@|@@user@@|@@token@@|@@globalvar@@|@@crossvar@@' $DIR/* | sed 's/.*\///') #
"${KAZ_BIN_DIR}/updateDockerPassword.sh" fi
secretGen(){
# $1 Le env-file à compléter
FILENAME=$DIR/$1
NBMATCH=$(grep -lE '@@pass@@|@@db@@|@@user@@|@@token@@|@@globalvar@@' $FILENAME | wc -l) # est ce qu'il y a des choses à génrérer
if [[ $NBMATCH = 0 ]]; then
true
# rien à faire dans ce fichier, on passe
else
echo "Remplissage $FILENAME" >& $SORTIESTANDARD
db="$(apg -n 1 -m 2 -M NCL | cut -c 1-2)"
pass="$(apg -n 1 -m 16 -M NCL)"
token="$(apg -n 1 -m 32 -M NCL)"
user="$(apg -n 1 -m 2 -M NCL | cut -c 1-2)"
dbs=$(grep -Eo '@@db@@[^@]*@@d@@' $FILENAME | sed -e 's/@@db@@//' -e 's/@@d@@//')
passwords=$(grep -Eo '@@pass@@[^@]*@@p@@' $FILENAME | sed -e 's/@@pass@@//' -e 's/@@p@@//')
tokens=$(grep -Eo '@@token@@[^@]*@@t@@' $FILENAME | sed -e 's/@@token@@//' -e 's/@@t@@//')
users=$(grep -Eo '@@user@@[^@]*@@u@@' $FILENAME | sed -e 's/@@user@@//' -e 's/@@u@@//')
globalvars=$(grep -Eo '@@globalvar@@[^@]*@@gv@@' $FILENAME | sed -e 's/@@globalvar@@//' -e 's/@@gv@@//')
for dbName in $dbs; do $SIMU sed -i "s/@@db@@$dbName@@d@@/${dbName}_$db/" $DIR/*; done
for pw in $passwords; do $SIMU sed -i "s/@@pass@@$pw@@p@@/${pass}/" $DIR/*; done
for tk in $tokens; do $SIMU sed -i "s/@@token@@$tk@@t@@/${token}/" $DIR/*; done
for u in $users; do $SIMU sed -i "s/@@user@@$u@@u@@/${u}_$user/" $DIR/*; done
for var in $globalvars; do $SIMU sed -i "s/@@globalvar@@$var@@gv@@/${!var}/" $DIR/*; done
fi
}
crossVarComplete(){
# $1 Le env-file à compléter
FILENAME=$DIR/$1
NBMATCH=$(grep -lE '@@crossvar@@' $FILENAME | wc -l) # est ce qu'il y a des cross-var à récupérer
if [[ $NBMATCH = 0 ]]; then
true
# rien à faire dans ce fichier, on passe
else
echo "Remplissage $FILENAME" >& $SORTIESTANDARD
varnames=$(grep -Eo '@@crossvar@@[^@]*@@cv@@' $FILENAME | sed -e 's/@@crossvar@@//' -e 's/@@cv@@//')
for varname in $varnames; do
envname=${varname%%_*}
value=$(/$KAZ_BIN_DIR/getPasswords.sh -e $varname $envname -d $ORGA)
$SIMU sed -i "s/@@crossvar@@$varname@@cv@@/${value}/" $DIR/*;
done
fi
}
for ENVFILE in $ENVFILES; do
secretGen "$ENVFILE"
done
for ENVFILE in $ENVFILES; do
crossVarComplete "$ENVFILE"
done
exit 0 exit 0

121
bin/updateDockerPassword.sh
View File

@@ -1,121 +0,0 @@
#!/bin/bash
KAZ_ROOT=$(cd $(dirname $0)/..; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars
# pour mise au point
# SIMU=echo
# Améliorations à prévoir
# - donner en paramètre les services concernés (pour limité les modifications)
# - pour les DB si on déclare un nouveau login, alors les privilèges sont créé mais les anciens pas révoqués
. "${DOCKERS_ENV}"
. "${KAZ_KEY_DIR}/SetAllPass.sh"
updateEnvDB(){
# $1 = prefix
# $2 = envName
# $3 = containerName of DB
rootPass="$1_MYSQL_ROOT_PASSWORD"
dbName="$1_MYSQL_DATABASE"
userName="$1_MYSQL_USER"
userPass="$1_MYSQL_PASSWORD"
${SIMU} sed -i \
-e "s/MYSQL_ROOT_PASSWORD=.*/MYSQL_ROOT_PASSWORD=${!rootPass}/g" \
-e "s/MYSQL_DATABASE=.*/MYSQL_DATABASE=${!dbName}/g" \
-e "s/MYSQL_USER=.*/MYSQL_USER=${!userName}/g" \
-e "s/MYSQL_PASSWORD=.*/MYSQL_PASSWORD=${!userPass}/g" \
"$2"
# seulement si pas de mdp pour root
# pb oeuf et poule (il faudrait les anciennes valeurs) :
# * si rootPass change, faire à la main
# * si dbName change, faire à la main
checkDockerRunning "$3" "$3" || return
echo "change DB pass on docker $3"
echo "grant all privileges on ${!dbName}.* to '${!userName}' identified by '${!userPass}';" | \
docker exec -i $3 bash -c "mysql --user=root --password=${!rootPass}"
}
updateEnv(){
# $1 = prefix
# $2 = envName
for varName in $(grep "^[a-zA-Z_]*=" $2 | sed "s/^\([^=]*\)=.*/\1/g")
do
srcName="$1_${varName}"
srcVal=$(echo "${!srcName}" | sed -e "s/[&]/\\\&/g")
${SIMU} sed -i \
-e "s%^[ ]*${varName}=.*\$%${varName}=${srcVal}%" \
"$2"
done
}
framadateUpdate(){
[[ "${COMP_ENABLE}" =~ " framadate " ]] || return
if [ ! -f "${DOCK_LIB}/volumes/framadate_dateConfig/_data/config.php" ]; then
return 0
fi
checkDockerRunning "${framadateServName}" "Framadate" &&
${SIMU} docker exec -ti "${framadateServName}" bash -c -i "htpasswd -bc /var/framadate/admin/.htpasswd ${framadate_HTTPD_USER} ${framadate_HTTPD_PASSWORD}"
${SIMU} sed -i \
-e "s/^#*const DB_USER[ ]*=.*$/const DB_USER= '${framadate_MYSQL_USER}';/g" \
-e "s/^#*const DB_PASSWORD[ ]*=.*$/const DB_PASSWORD= '${framadate_MYSQL_PASSWORD}';/g" \
"${DOCK_LIB}/volumes/framadate_dateConfig/_data/config.php"
}
jirafeauUpdate(){
[[ "${COMP_ENABLE}" =~ " jirafeau " ]] || return
if [ ! -f "${DOCK_LIB}/volumes/jirafeau_fileConfig/_data/config.local.php" ]; then
return 0
fi
SHA=$(echo -n "${jirafeau_HTTPD_PASSWORD}" | sha256sum | cut -d \ -f 1)
${SIMU} sed -i \
-e "s/'admin_password'[ ]*=>[ ]*'[^']*'/'admin_password' => '${SHA}'/g" \
"${DOCK_LIB}/volumes/jirafeau_fileConfig/_data/config.local.php"
}
####################
# main
updateEnvDB "etherpad" "${KAZ_KEY_DIR}/env-${etherpadDBName}" "${etherpadDBName}"
updateEnvDB "framadate" "${KAZ_KEY_DIR}/env-${framadateDBName}" "${framadateDBName}"
updateEnvDB "gitea" "${KAZ_KEY_DIR}/env-${gitDBName}" "${gitDBName}"
updateEnvDB "mattermost" "${KAZ_KEY_DIR}/env-${mattermostDBName}" "${mattermostDBName}"
updateEnvDB "nextcloud" "${KAZ_KEY_DIR}/env-${nextcloudDBName}" "${nextcloudDBName}"
updateEnvDB "roundcube" "${KAZ_KEY_DIR}/env-${roundcubeDBName}" "${roundcubeDBName}"
updateEnvDB "sympa" "${KAZ_KEY_DIR}/env-${sympaDBName}" "${sympaDBName}"
updateEnvDB "vigilo" "${KAZ_KEY_DIR}/env-${vigiloDBName}" "${vigiloDBName}"
updateEnvDB "wp" "${KAZ_KEY_DIR}/env-${wordpressDBName}" "${wordpressDBName}"
updateEnvDB "vaultwarden" "${KAZ_KEY_DIR}/env-${vaultwardenDBName}" "${vaultwardenDBName}"
updateEnvDB "castopod" "${KAZ_KEY_DIR}/env-${castopodDBName}" "${castopodDBName}"
updateEnv "apikaz" "${KAZ_KEY_DIR}/env-${apikazServName}"
updateEnv "ethercalc" "${KAZ_KEY_DIR}/env-${ethercalcServName}"
updateEnv "etherpad" "${KAZ_KEY_DIR}/env-${etherpadServName}"
updateEnv "framadate" "${KAZ_KEY_DIR}/env-${framadateServName}"
updateEnv "gandi" "${KAZ_KEY_DIR}/env-gandi"
updateEnv "gitea" "${KAZ_KEY_DIR}/env-${gitServName}"
updateEnv "jirafeau" "${KAZ_KEY_DIR}/env-${jirafeauServName}"
updateEnv "mattermost" "${KAZ_KEY_DIR}/env-${mattermostServName}"
updateEnv "nextcloud" "${KAZ_KEY_DIR}/env-${nextcloudServName}"
updateEnv "office" "${KAZ_KEY_DIR}/env-${officeServName}"
updateEnv "roundcube" "${KAZ_KEY_DIR}/env-${roundcubeServName}"
updateEnv "vigilo" "${KAZ_KEY_DIR}/env-${vigiloServName}"
updateEnv "wp" "${KAZ_KEY_DIR}/env-${wordpressServName}"
updateEnv "ldap" "${KAZ_KEY_DIR}/env-${ldapServName}"
updateEnv "sympa" "${KAZ_KEY_DIR}/env-${sympaServName}"
updateEnv "mail" "${KAZ_KEY_DIR}/env-${smtpServName}"
updateEnv "mobilizon" "${KAZ_KEY_DIR}/env-${mobilizonServName}"
updateEnv "mobilizon" "${KAZ_KEY_DIR}/env-${mobilizonDBName}"
updateEnv "vaultwarden" "${KAZ_KEY_DIR}/env-${vaultwardenServName}"
updateEnv "castopod" "${KAZ_KEY_DIR}/env-${castopodServName}"
updateEnv "ldap" "${KAZ_KEY_DIR}/env-${ldapUIName}"
framadateUpdate
jirafeauUpdate
exit 0

1
bin/verifExistenceMails.sh
View File

@@ -12,7 +12,6 @@ setKazVars
cd $(dirname $0)/.. cd $(dirname $0)/..
. "${DOCKERS_ENV}" . "${DOCKERS_ENV}"
. "${KAZ_KEY_DIR}/SetAllPass.sh"
DOCK_DIR=$KAZ_COMP_DIR DOCK_DIR=$KAZ_COMP_DIR

1
config/container-withoutMail.list.tmpl
View File

@@ -4,3 +4,4 @@ collabora
etherpad etherpad
web web
imapsync imapsync
spip

11
config/dockers.tmpl.env
View File

@@ -93,6 +93,8 @@ vaultwardenHost=koffre
traefikHost=dashboard traefikHost=dashboard
imapsyncHost=imapsync imapsyncHost=imapsync
castopodHost=pod castopodHost=pod
spipHost=spip
mastodonHost=masto
apikazHost=apikaz apikazHost=apikaz
snappymailHost=snappymail snappymailHost=snappymail
@@ -147,9 +149,18 @@ ldapUIName=ldapUI
imapsyncServName=imapsyncServ imapsyncServName=imapsyncServ
castopodDBName=castopodDB castopodDBName=castopodDB
castopodServName=castopodServ castopodServName=castopodServ
mastodonServName=mastodonServ
spipDBName=spipDB
spipServName=spipServ
mastodonDBName=mastodonDB
apikazServName=apikazServ apikazServName=apikazServ
######################################## ########################################
# services activés par container.sh # services activés par container.sh
# variables d'environneements utilisées # variables d'environneements utilisées
# pour le tmpl du mandataire (proxy) # pour le tmpl du mandataire (proxy)
##################
#qui on envoi le mail d'inscription ?
EMAIL_CONTACT="toto@kaz.bzh"

58
config/orgaTmpl/app/Dockerfile
View File

@@ -1,58 +0,0 @@
FROM alpine:3.17
# Some ENV variables
ENV PATH="/mattermost/bin:${PATH}"
#ENV MM_VERSION=5.32.0
ENV MM_VERSION=6.1.0
ENV MM_INSTALL_TYPE=docker
# Build argument to set Mattermost edition
ARG edition=enterprise
ARG PUID=2000
ARG PGID=2000
ARG MM_BINARY=
# Install some needed packages
RUN apk add --no-cache \
ca-certificates \
curl \
jq \
libc6-compat \
libffi-dev \
libcap \
linux-headers \
mailcap \
netcat-openbsd \
xmlsec-dev \
tzdata \
&& rm -rf /tmp/*
# Get Mattermost
RUN mkdir -p /mattermost/data /mattermost/plugins /mattermost/client/plugins \
&& if [ ! -z "$MM_BINARY" ]; then curl $MM_BINARY | tar -xvz ; \
elif [ "$edition" = "team" ] ; then curl https://releases.mattermost.com/$MM_VERSION/mattermost-team-$MM_VERSION-linux-amd64.tar.gz?src=docker-app | tar -xvz ; \
else curl https://releases.mattermost.com/$MM_VERSION/mattermost-$MM_VERSION-linux-amd64.tar.gz?src=docker-app | tar -xvz ; fi \
&& cp /mattermost/config/config.json /config.json.save \
&& rm -rf /mattermost/config/config.json \
&& addgroup -g ${PGID} mattermost \
&& adduser -D -u ${PUID} -G mattermost -h /mattermost -D mattermost \
&& chown -R mattermost:mattermost /mattermost /config.json.save /mattermost/plugins /mattermost/client/plugins \
&& setcap cap_net_bind_service=+ep /mattermost/bin/mattermost
USER mattermost
#Healthcheck to make sure container is ready
HEALTHCHECK CMD curl --fail http://localhost:8000 || exit 1
# Configure entrypoint and command
COPY entrypoint.sh /
ENTRYPOINT ["/entrypoint.sh"]
WORKDIR /mattermost
CMD ["mattermost"]
# Expose port 8000 of the container
EXPOSE 8000
# Declare volumes for mount point directories
VOLUME ["/mattermost/data", "/mattermost/logs", "/mattermost/config", "/mattermost/plugins", "/mattermost/client/plugins"]

82
config/orgaTmpl/app/entrypoint.sh
View File

@@ -1,82 +0,0 @@
#!/bin/sh
# Function to generate a random salt
generate_salt() {
tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 48 | head -n 1
}
# Read environment variables or set default values
DB_HOST=${DB_HOST:-db}
DB_PORT_NUMBER=${DB_PORT_NUMBER:-5432}
# see https://www.postgresql.org/docs/current/libpq-ssl.html
# for usage when database connection requires encryption
# filenames should be escaped if they contain spaces
# i.e. $(printf %s ${MY_ENV_VAR:-''} | jq -s -R -r @uri)
# the location of the CA file can be set using environment var PGSSLROOTCERT
# the location of the CRL file can be set using PGSSLCRL
# The URL syntax for connection string does not support the parameters
# sslrootcert and sslcrl reliably, so use these PostgreSQL-specified variables
# to set names if using a location other than default
DB_USE_SSL=${DB_USE_SSL:-disable}
MM_DBNAME=${MM_DBNAME:-mattermost}
MM_CONFIG=${MM_CONFIG:-/mattermost/config/config.json}
_1=$(echo "$1" | awk '{ s=substr($0, 0, 1); print s; }' )
if [ "$_1" = '-' ]; then
set -- mattermost "$@"
fi
if [ "$1" = 'mattermost' ]; then
# Check CLI args for a -config option
for ARG in "$@"; do
case "$ARG" in
-config=*) MM_CONFIG=${ARG#*=};;
esac
done
if [ ! -f "$MM_CONFIG" ]; then
# If there is no configuration file, create it with some default values
echo "No configuration file $MM_CONFIG"
echo "Creating a new one"
# Copy default configuration file
cp /config.json.save "$MM_CONFIG"
# Substitute some parameters with jq
jq '.ServiceSettings.ListenAddress = ":8000"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.LogSettings.EnableConsole = true' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.LogSettings.ConsoleLevel = "ERROR"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.FileSettings.Directory = "/mattermost/data/"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.FileSettings.EnablePublicLink = true' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq ".FileSettings.PublicLinkSalt = \"$(generate_salt)\"" "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.EmailSettings.SendEmailNotifications = false' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.EmailSettings.FeedbackEmail = ""' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.EmailSettings.SMTPServer = ""' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.EmailSettings.SMTPPort = ""' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq ".EmailSettings.InviteSalt = \"$(generate_salt)\"" "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq ".EmailSettings.PasswordResetSalt = \"$(generate_salt)\"" "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.RateLimitSettings.Enable = true' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.SqlSettings.DriverName = "postgres"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq ".SqlSettings.AtRestEncryptKey = \"$(generate_salt)\"" "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.PluginSettings.Directory = "/mattermost/plugins/"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
else
echo "Using existing config file $MM_CONFIG"
fi
# Configure database access
if [ -z "$MM_SQLSETTINGS_DATASOURCE" ] && [ -n "$MM_USERNAME" ] && [ -n "$MM_PASSWORD" ]; then
echo "Configure database connection..."
# URLEncode the password, allowing for special characters
ENCODED_PASSWORD=$(printf %s "$MM_PASSWORD" | jq -s -R -r @uri)
export MM_SQLSETTINGS_DATASOURCE="postgres://$MM_USERNAME:$ENCODED_PASSWORD@$DB_HOST:$DB_PORT_NUMBER/$MM_DBNAME?sslmode=$DB_USE_SSL&connect_timeout=10"
echo "OK"
else
echo "Using existing database connection"
fi
# Wait another second for the database to be properly started.
# Necessary to avoid "panic: Failed to open sql connection pq: the database system is starting up"
sleep 1
echo "Starting mattermost"
fi
exec "$@"

139
config/orgaTmpl/docker-compose.yml
View File

@@ -4,26 +4,29 @@ services:
#{{db #{{db
db: db:
image: mariadb:11.4 image: mariadb:11.4
container_name: ${orga}DB container_name: ${orga}-DB
#disk_quota: 10G #disk_quota: 10G
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
restart: ${restartPolicy} restart: ${restartPolicy}
volumes: volumes:
- ./initdb.d:/docker-entrypoint-initdb.d:ro # - ./initdb.d:/docker-entrypoint-initdb.d:ro
- orgaDB:/var/lib/mysql - orgaDB:/var/lib/mysql
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro
environment:
- MARIADB_AUTO_UPGRADE=1
env_file: env_file:
- ../../secret/env-${nextcloudDBName} - ../../secret/orgas/${orga}/env-${nextcloudDBName}
# - ../../secret/env-${mattermostDBName} # - ../../secret/orgas/${orga}/env-${mattermostDBName}
- ../../secret/env-${wordpressDBName} - ../../secret/orgas/${orga}/env-${wordpressDBName}
networks: networks:
- orgaNet - orgaNet
healthcheck: # utilisé par init-db.sh pour la créa d'orga healthcheck: # utilisé par init-db.sh pour la créa d'orga
#maridb10.5 #maridb10.5
#test: ["CMD", 'mysqladmin', 'ping', '-h', 'localhost', '-u', 'root', '-p$$MYSQL_ROOT_PASSWORD' ] #test: ["CMD", 'mysqladmin', 'ping', '-h', 'localhost', '-u', 'root', '-p$$MYSQL_ROOT_PASSWORD' ]
#maridb11.4 #maridb11.4
test: ["CMD", 'healthcheck.sh', '--su-mysql', '--connect', '--innodb_initialized'] #test: ["CMD", 'healthcheck.sh', '--su-mysql', '--connect', '--innodb_initialized']
test: ["CMD", "mariadb-admin", "ping", "--silent"]
interval: 30s interval: 30s
timeout: 30s timeout: 30s
retries: 5 retries: 5
@@ -31,7 +34,7 @@ services:
#{{cloud #{{cloud
cloud: cloud:
image: nextcloud image: nextcloud
container_name: ${orga}${nextcloudServName} container_name: ${orga}-${nextcloudServName}
#disk_quota: 10G #disk_quota: 10G
restart: ${restartPolicy} restart: ${restartPolicy}
networks: networks:
@@ -47,8 +50,8 @@ services:
- ${smtpServName}:${smtpHost} - ${smtpServName}:${smtpHost}
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.${orga}${nextcloudServName}.rule=Host(`${orga}${cloudHost}.${domain}`){{FOREIGN_NC}}" - "traefik.http.routers.${orga}-${nextcloudServName}.rule=Host(`${orga}-${cloudHost}.${domain}`){{FOREIGN_NC}}"
- "traefik.http.routers.${orga}${nextcloudServName}.middlewares=nextcloud-redirectregex1@file,nextcloud-redirectregex2@file" - "traefik.http.routers.${orga}-${nextcloudServName}.middlewares=nextcloud-redirectregex1@file,nextcloud-redirectregex2@file"
volumes: volumes:
- cloudMain:/var/www/html - cloudMain:/var/www/html
- cloudData:/var/www/html/data - cloudData:/var/www/html/data
@@ -60,10 +63,10 @@ services:
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro
env_file: env_file:
- ../../secret/env-${nextcloudServName} - ../../secret/orgas/${orga}/env-${nextcloudServName}
- ../../secret/env-${nextcloudDBName} - ../../secret/orgas/${orga}/env-${nextcloudDBName}
environment: environment:
- NEXTCLOUD_TRUSTED_DOMAINS=${orga}${cloudHost}.${domain} - NEXTCLOUD_TRUSTED_DOMAINS=${orga}-${cloudHost}.${domain}
- SMTP_HOST=${smtpHost} - SMTP_HOST=${smtpHost}
- SMTP_PORT=25 - SMTP_PORT=25
- MAIL_DOMAIN=${domain} - MAIL_DOMAIN=${domain}
@@ -77,7 +80,7 @@ services:
- edition=team - edition=team
- PUID=1000 - PUID=1000
- PGID=1000 - PGID=1000
container_name: ${orga}${mattermostServName} container_name: ${orga}-${mattermostServName}
#disk_quota: 10G #disk_quota: 10G
restart: ${restartPolicy} restart: ${restartPolicy}
# memory: 1G # memory: 1G
@@ -106,20 +109,20 @@ services:
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro
- /etc/environment:/etc/environment:ro - /etc/environment:/etc/environment:ro
env_file: env_file:
- ../../secret/env-${mattermostServName} - ../../secret/orgas/${orga}/env-${mattermostServName}
environment: environment:
- VIRTUAL_HOST=${orga}${matterHost}.${domain} - VIRTUAL_HOST=${orga}-${matterHost}.${domain}
# in case your config is not in default location # in case your config is not in default location
#- MM_CONFIG=/mattermost/config/config.json #- MM_CONFIG=/mattermost/config/config.json
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.${orga}${mattermostServName}.rule=Host(`${orga}${matterHost}.${domain}`)" - "traefik.http.routers.${orga}-${mattermostServName}.rule=Host(`${orga}-${matterHost}.${domain}`)"
#}} #}}
#{{wp #{{wp
wordpress: wordpress:
image: wordpress image: wordpress
container_name: ${orga}${wordpressServName} container_name: ${orga}-${wordpressServName}
restart: ${restartPolicy} restart: ${restartPolicy}
networks: networks:
- orgaNet - orgaNet
@@ -133,17 +136,17 @@ services:
external_links: external_links:
- ${smtpServName}:${smtpHost}.${domain} - ${smtpServName}:${smtpHost}.${domain}
env_file: env_file:
- ../../secret/env-${wordpressServName} - ../../secret/orgas/${orga}/env-${wordpressServName}
environment: environment:
- WORDPRESS_SMTP_HOST=${smtpHost}.${domain} - WORDPRESS_SMTP_HOST=${smtpHost}.${domain}
- WORDPRESS_SMTP_PORT=25 - WORDPRESS_SMTP_PORT=25
# - WORDPRESS_SMTP_USERNAME # - WORDPRESS_SMTP_USERNAME
# - WORDPRESS_SMTP_PASSWORD # - WORDPRESS_SMTP_PASSWORD
# - WORDPRESS_SMTP_FROM=${orga} # - WORDPRESS_SMTP_FROM=${orga}-
- WORDPRESS_SMTP_FROM_NAME=${orga} - WORDPRESS_SMTP_FROM_NAME=${orga}-
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.${orga}${wordpressServName}.rule=Host(`${orga}${wordpressHost}.${domain}`){{FOREIGN_WP}}" - "traefik.http.routers.${orga}-${wordpressServName}.rule=Host(`${orga}-${wordpressHost}.${domain}`){{FOREIGN_WP}}"
volumes: volumes:
- wordpress:/var/www/html - wordpress:/var/www/html
# - ../../config/orgaTmpl/wp:/usr/local/bin/wp:ro # - ../../config/orgaTmpl/wp:/usr/local/bin/wp:ro
@@ -151,12 +154,12 @@ services:
#{{wiki #{{wiki
dokuwiki: dokuwiki:
image: mprasil/dokuwiki image: mprasil/dokuwiki
container_name: ${orga}${dokuwikiServName} container_name: ${orga}-${dokuwikiServName}
#disk_quota: 10G #disk_quota: 10G
restart: ${restartPolicy} restart: ${restartPolicy}
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.${orga}${dokuwikiServName}.rule=Host(`${orga}${dokuwikiHost}.${domain}`){{FOREIGN_DW}}" - "traefik.http.routers.${orga}-${dokuwikiServName}.rule=Host(`${orga}-${dokuwikiHost}.${domain}`){{FOREIGN_DW}}"
volumes: volumes:
- wikiData:/dokuwiki/data - wikiData:/dokuwiki/data
- wikiConf:/dokuwiki/conf - wikiConf:/dokuwiki/conf
@@ -172,7 +175,7 @@ services:
#{{castopod #{{castopod
castopod: castopod:
image: castopod/castopod:latest image: castopod/castopod:latest
container_name: ${orga}${castopodServName} container_name: ${orga}-${castopodServName}
#disk_quota: 10G #disk_quota: 10G
restart: ${restartPolicy} restart: ${restartPolicy}
# memory: 1G # memory: 1G
@@ -190,29 +193,54 @@ services:
volumes: volumes:
- castopodMedia:/var/www/castopod/public/media - castopodMedia:/var/www/castopod/public/media
environment: environment:
CP_BASEURL: "https://${orga}${castopodHost}.${domain}" CP_BASEURL: "https://${orga}-${castopodHost}.${domain}"
CP_ANALYTICS_SALT: qldsgfliuzrbhgmkjbdbmkvb CP_ANALYTICS_SALT: qldsgfliuzrbhgmkjbdbmkvb
VIRTUAL_PORT: 8000 VIRTUAL_PORT: 8000
CP_CACHE_HANDLER: redis CP_CACHE_HANDLER: redis
CP_REDIS_HOST: redis CP_REDIS_HOST: redis
CP_DATABASE_HOSTNAME: db CP_DATABASE_HOSTNAME: db
env_file: env_file:
- ../../secret/env-${castopodServName} - ../../secret/orgas/${orga}/env-${castopodServName}
- ../../secret/env-${castopodDBName} - ../../secret/orgas/${orga}/env-${castopodDBName}
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.${orga}${castopodServName}.rule=Host(`${orga}${castopodHost}.${domain}`){{FOREIGN_POD}}" - "traefik.http.routers.${orga}-${castopodServName}.rule=Host(`${orga}-${castopodHost}.${domain}`){{FOREIGN_POD}}"
redis: redis:
image: redis:7.0-alpine image: redis:7.0-alpine
container_name: ${orga}castopodCache container_name: ${orga}-castopodCache
volumes: volumes:
- castopodCache:/data - castopodCache:/data
networks: networks:
- orgaNet - orgaNet
env_file: env_file:
- ../../secret/env-${castopodServName} - ../../secret/orgas/${orga}/env-${castopodServName}
command: --requirepass ${castopodRedisPassword} command: --requirepass ${castopodRedisPassword}
#}} #}}
#{{spip
spip:
image: ipeos/spip:4.4
restart: ${restartPolicy}
depends_on:
- db
links:
- db
env_file:
- ../../secret/orgas/${orga}/env-${spipServName}
environment:
- SPIP_AUTO_INSTALL=1
- SPIP_DB_HOST=db
- SPIP_SITE_ADDRESS=https://${orga}-${spipHost}.${domain}
expose:
- 80
labels:
- "traefik.enable=true"
- "traefik.http.routers.${orga}-${spipServName}.rule=Host(`${orga}-${spipHost}.${domain}`){{FOREIGN_SPIP}}"
networks:
- orgaNet
volumes:
- spip:/usr/src/spip
#}}
@@ -222,87 +250,92 @@ volumes:
#{{db #{{db
orgaDB: orgaDB:
external: true external: true
name: orga_${orga}orgaDB name: orga_${orga}-orgaDB
#}} #}}
#{{agora #{{agora
matterConfig: matterConfig:
external: true external: true
name: orga_${orga}matterConfig name: orga_${orga}-matterConfig
matterData: matterData:
external: true external: true
name: orga_${orga}matterData name: orga_${orga}-matterData
matterLogs: matterLogs:
external: true external: true
name: orga_${orga}matterLogs name: orga_${orga}-matterLogs
matterPlugins: matterPlugins:
external: true external: true
name: orga_${orga}matterPlugins name: orga_${orga}-matterPlugins
matterClientPlugins: matterClientPlugins:
external: true external: true
name: orga_${orga}matterClientPlugins name: orga_${orga}-matterClientPlugins
matterIcons: matterIcons:
external: true external: true
name: matterIcons name: matterIcons
#{{cloud #{{cloud
cloudMain: cloudMain:
external: true external: true
name: orga_${orga}cloudMain name: orga_${orga}-cloudMain
cloudData: cloudData:
external: true external: true
name: orga_${orga}cloudData name: orga_${orga}-cloudData
cloudConfig: cloudConfig:
external: true external: true
name: orga_${orga}cloudConfig name: orga_${orga}-cloudConfig
cloudApps: cloudApps:
external: true external: true
name: orga_${orga}cloudApps name: orga_${orga}-cloudApps
cloudCustomApps: cloudCustomApps:
external: true external: true
name: orga_${orga}cloudCustomApps name: orga_${orga}-cloudCustomApps
cloudThemes: cloudThemes:
external: true external: true
name: orga_${orga}cloudThemes name: orga_${orga}-cloudThemes
cloudPhp: cloudPhp:
external: true external: true
name: orga_${orga}cloudPhp name: orga_${orga}-cloudPhp
#}} #}}
#{{wiki #{{wiki
wikiData: wikiData:
external: true external: true
name: orga_${orga}wikiData name: orga_${orga}-wikiData
wikiConf: wikiConf:
external: true external: true
name: orga_${orga}wikiConf name: orga_${orga}-wikiConf
wikiPlugins: wikiPlugins:
external: true external: true
name: orga_${orga}wikiPlugins name: orga_${orga}-wikiPlugins
wikiLibtpl: wikiLibtpl:
external: true external: true
name: orga_${orga}wikiLibtpl name: orga_${orga}-wikiLibtpl
wikiLogs: wikiLogs:
external: true external: true
name: orga_${orga}wikiLogs name: orga_${orga}-wikiLogs
#}} #}}
#{{wp #{{wp
wordpress: wordpress:
external: true external: true
name: orga_${orga}wordpress name: orga_${orga}-wordpress
#}} #}}
#{{castopod #{{castopod
castopodMedia: castopodMedia:
external: true external: true
name: orga_${orga}castopodMedia name: orga_${orga}-castopodMedia
castopodCache: castopodCache:
external: true external: true
name: orga_${orga}castopodCache name: orga_${orga}-castopodCache
#}} #}}
#{{spip
spip:
external: true
name: orga_${orga}-spip
#}}
networks: networks:
orgaNet: orgaNet:
external: true external: true
name: ${orga}orgaNet name: ${orga}-orgaNet
# postfixNet: # postfixNet:
# external: # external:
# name: postfixNet # name: postfixNet

56
config/orgaTmpl/init-db.sh
View File

@@ -4,7 +4,6 @@ KAZ_ROOT=$(cd $(dirname $0)/../..; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh" . "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars setKazVars
. "${DOCKERS_ENV}" . "${DOCKERS_ENV}"
. "${KAZ_KEY_DIR}/SetAllPass.sh"
cd $(dirname $0) cd $(dirname $0)
ORGA_DIR="$(basename "$(pwd)")" ORGA_DIR="$(basename "$(pwd)")"
@@ -25,51 +24,72 @@ SQL=""
for ARG in "$@"; do for ARG in "$@"; do
case "${ARG}" in case "${ARG}" in
'cloud' ) 'cloud' )
. $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudDB
SQL="$SQL SQL="$SQL
CREATE DATABASE IF NOT EXISTS ${nextcloud_MYSQL_DATABASE}; CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE};
DROP USER IF EXISTS '${nextcloud_MYSQL_USER}'; DROP USER IF EXISTS '${MYSQL_USER}';
CREATE USER '${nextcloud_MYSQL_USER}'@'%'; CREATE USER '${MYSQL_USER}'@'%';
GRANT ALL ON ${nextcloud_MYSQL_DATABASE}.* TO '${nextcloud_MYSQL_USER}'@'%' IDENTIFIED BY '${nextcloud_MYSQL_PASSWORD}'; GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';
FLUSH PRIVILEGES;" FLUSH PRIVILEGES;"
;; ;;
'agora' ) 'agora' )
. $KAZ_KEY_DIR/orgas/$ORGA/env-mattermostDB
SQL="$SQL SQL="$SQL
CREATE DATABASE IF NOT EXISTS ${mattermost_MYSQL_DATABASE}; CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE};
DROP USER IF EXISTS '${mattermost_MYSQL_USER}'; DROP USER IF EXISTS '${MYSQL_USER}';
CREATE USER '${mattermost_MYSQL_USER}'@'%'; CREATE USER '${MYSQL_USER}'@'%';
GRANT ALL ON ${mattermost_MYSQL_DATABASE}.* TO '${mattermost_MYSQL_USER}'@'%' IDENTIFIED BY '${mattermost_MYSQL_PASSWORD}'; GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';
FLUSH PRIVILEGES;" FLUSH PRIVILEGES;"
;; ;;
'wp' ) 'wp' )
. $KAZ_KEY_DIR/orgas/$ORGA/env-wpDB
SQL="$SQL SQL="$SQL
CREATE DATABASE IF NOT EXISTS ${wp_MYSQL_DATABASE}; CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE};
DROP USER IF EXISTS '${wp_MYSQL_USER}'; DROP USER IF EXISTS '${MYSQL_USER}';
CREATE USER '${wp_MYSQL_USER}'@'%'; CREATE USER '${MYSQL_USER}'@'%';
GRANT ALL ON ${wp_MYSQL_DATABASE}.* TO '${wp_MYSQL_USER}'@'%' IDENTIFIED BY '${wp_MYSQL_PASSWORD}'; GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';
FLUSH PRIVILEGES;" FLUSH PRIVILEGES;"
;; ;;
'castopod' ) 'castopod' )
. $KAZ_KEY_DIR/orgas/$ORGA/env-castopodDB
SQL="$SQL SQL="$SQL
CREATE DATABASE IF NOT EXISTS ${castopod_MYSQL_DATABASE}; CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE};
DROP USER IF EXISTS '${castopod_MYSQL_USER}'; DROP USER IF EXISTS '${MYSQL_USER}';
CREATE USER '${castopod_MYSQL_USER}'@'%'; CREATE USER '${MYSQL_USER}'@'%';
GRANT ALL ON ${castopod_MYSQL_DATABASE}.* TO '${castopod_MYSQL_USER}'@'%' IDENTIFIED BY '${castopod_MYSQL_PASSWORD}'; GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';
FLUSH PRIVILEGES;" FLUSH PRIVILEGES;"
;; ;;
'spip' )
. $KAZ_KEY_DIR/orgas/$ORGA/env-spipDB
SQL="$SQL
CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE};
DROP USER IF EXISTS '${MYSQL_USER}';
CREATE USER '${MYSQL_USER}'@'%';
GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';
FLUSH PRIVILEGES;"
;;
esac esac
done done
echo $SQL | docker exec -i ${ORGA}-DB bash -c "mariadb --user=root --password=${wp_MYSQL_ROOT_PASSWORD}" echo $SQL | docker exec -i ${ORGA}-DB bash -c "mariadb --user=root --password=${MYSQL_ROOT_PASSWORD}"

48
config/orgaTmpl/init-volume.sh
View File

@@ -3,37 +3,41 @@
#docker network create postfix_mailNet #docker network create postfix_mailNet
#{{db #{{db
docker volume create --name=orga_${orga}orgaDB docker volume create --name=orga_${orga}-orgaDB
#}} #}}
#{{agora #{{agora
docker volume create --name=orga_${orga}matterConfig docker volume create --name=orga_${orga}-matterConfig
docker volume create --name=orga_${orga}matterData docker volume create --name=orga_${orga}-matterData
docker volume create --name=orga_${orga}matterLogs docker volume create --name=orga_${orga}-matterLogs
docker volume create --name=orga_${orga}matterPlugins docker volume create --name=orga_${orga}-matterPlugins
docker volume create --name=orga_${orga}matterClientPlugins docker volume create --name=orga_${orga}-matterClientPlugins
docker volume create --name=matterIcons docker volume create --name=matterIcons
#}} #}}
#{{cloud #{{cloud
docker volume create --name=orga_${orga}cloudMain docker volume create --name=orga_${orga}-cloudMain
docker volume create --name=orga_${orga}cloudData docker volume create --name=orga_${orga}-cloudData
docker volume create --name=orga_${orga}cloudConfig docker volume create --name=orga_${orga}-cloudConfig
docker volume create --name=orga_${orga}cloudApps docker volume create --name=orga_${orga}-cloudApps
docker volume create --name=orga_${orga}cloudCustomApps docker volume create --name=orga_${orga}-cloudCustomApps
docker volume create --name=orga_${orga}cloudThemes docker volume create --name=orga_${orga}-cloudThemes
docker volume create --name=orga_${orga}cloudPhp docker volume create --name=orga_${orga}-cloudPhp
chown 33:33 /var/lib/docker/volumes/orga_${orga}cloud*/_data chown 33:33 /var/lib/docker/volumes/orga_${orga}-cloud*/_data
#}} #}}
#{{wiki #{{wiki
docker volume create --name=orga_${orga}wikiData docker volume create --name=orga_${orga}-wikiData
docker volume create --name=orga_${orga}wikiConf docker volume create --name=orga_${orga}-wikiConf
docker volume create --name=orga_${orga}wikiPlugins docker volume create --name=orga_${orga}-wikiPlugins
docker volume create --name=orga_${orga}wikiLibtpl docker volume create --name=orga_${orga}-wikiLibtpl
docker volume create --name=orga_${orga}wikiLogs docker volume create --name=orga_${orga}-wikiLogs
#}} #}}
#{{wp #{{wp
docker volume create --name=orga_${orga}wordpress docker volume create --name=orga_${orga}-wordpress
#}} #}}
#{{castopod #{{castopod
docker volume create --name=orga_${orga}castopodCache docker volume create --name=orga_${orga}-castopodCache
docker volume create --name=orga_${orga}castopodMedia docker volume create --name=orga_${orga}-castopodMedia
#}} #}}
#{{spip
docker volume create --name=orga_${orga}-spip
#}}

3
config/orgaTmpl/initdb.d/orga.sql
View File

@@ -1,3 +0,0 @@
CREATE DATABASE IF NOT EXISTS nextcloud;
CREATE DATABASE IF NOT EXISTS mattermost;
CREATE DATABASE IF NOT EXISTS wpdb;

38
config/orgaTmpl/orga-gen.sh
View File

@@ -20,7 +20,7 @@ STAGE_CREATE=
STAGE_INIT= STAGE_INIT=
usage(){ usage(){
echo "Usage: $0 [-h] [-l] [+/-paheko] [-/+cloud [-/+collabora}]] [+/-agora] [+/-wiki] [+/-wp] [+/-pod] [x{G/M/k}] OrgaName" echo "Usage: $0 [-h] [-l] [+/-paheko] [-/+cloud [-/+collabora}]] [+/-agora] [+/-wiki] [+/-wp] [+/-pod] [+/-spip] [x{G/M/k}] OrgaName"
echo " -h|--help : this help" echo " -h|--help : this help"
echo " -l|--list : list service" echo " -l|--list : list service"
@@ -34,6 +34,7 @@ usage(){
echo " +/- wiki : on/off wiki" echo " +/- wiki : on/off wiki"
echo " +/- wp|word* : on/off wp" echo " +/- wp|word* : on/off wp"
echo " +/- casto*|pod : on/off castopod" echo " +/- casto*|pod : on/off castopod"
echo " +/- spip : on/off spip"
echo " x[GMk] : set quota" echo " x[GMk] : set quota"
echo " OrgaName : name must contain a-z0-9_\-" echo " OrgaName : name must contain a-z0-9_\-"
} }
@@ -141,6 +142,7 @@ export agora=$(flagInCompose docker-compose.yml agora: off)
export wiki=$(flagInCompose docker-compose.yml dokuwiki: off) export wiki=$(flagInCompose docker-compose.yml dokuwiki: off)
export wp=$(flagInCompose docker-compose.yml wordpress: off) export wp=$(flagInCompose docker-compose.yml wordpress: off)
export castopod=$(flagInCompose docker-compose.yml castopod: off) export castopod=$(flagInCompose docker-compose.yml castopod: off)
export spip=$(flagInCompose docker-compose.yml spip: off)
export db="off" export db="off"
export services="off" export services="off"
export paheko=$([[ -f usePaheko ]] && echo "on" || echo "off") export paheko=$([[ -f usePaheko ]] && echo "on" || echo "off")
@@ -159,7 +161,7 @@ INITCMD2="--install"
for ARG in "$@"; do for ARG in "$@"; do
case "${ARG}" in case "${ARG}" in
'-show' ) '-show' )
for i in cloud collabora agora wiki wp castopod db; do for i in cloud collabora agora wiki wp castopod spip db; do
echo "${i}=${!i}" echo "${i}=${!i}"
done done
exit;; exit;;
@@ -225,6 +227,11 @@ for ARG in "$@"; do
DBaInitialiser="$DBaInitialiser castopod" DBaInitialiser="$DBaInitialiser castopod"
INITCMD2="$INITCMD2 -pod" INITCMD2="$INITCMD2 -pod"
;; ;;
'+spip' )
spip="on"
DBaInitialiser="$DBaInitialiser spip"
;;
[.0-9]*[GMk] ) [.0-9]*[GMk] )
quota="${ARG}" quota="${ARG}"
;; ;;
@@ -262,6 +269,7 @@ fi
if [[ "${paheko}" = "on" ]]; then if [[ "${paheko}" = "on" ]]; then
touch usePaheko touch usePaheko
mkdir -p /var/lib/docker/volumes/paheko_assoUsers/_data/${ORGA} mkdir -p /var/lib/docker/volumes/paheko_assoUsers/_data/${ORGA}
chown www-data:www-data /var/lib/docker/volumes/paheko_assoUsers/_data/${ORGA} -R
ADD_DOMAIN+="${ORGA}-${pahekoHost} " ADD_DOMAIN+="${ORGA}-${pahekoHost} "
else else
rm -f usePaheko rm -f usePaheko
@@ -303,6 +311,13 @@ if [[ "${castopod}" = "on" ]]; then
else else
DEL_DOMAIN+="${ORGA}-${castopodHost} " DEL_DOMAIN+="${ORGA}-${castopodHost} "
fi fi
if [[ "${spip}" = "on" ]]; then
DOMAIN_AREA+=" - ${ORGA}-\${spipServName}:${ORGA}-\${spipHost}.\${domain}\n"
ADD_DOMAIN+="${ORGA}-${spipHost} "
else
DEL_DOMAIN+="${ORGA}-${spipHost} "
fi
DOMAIN_AREA+="}}\n" DOMAIN_AREA+="}}\n"
if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then
@@ -357,6 +372,9 @@ update() {
sed "s/\([^ ]*\) ${ORGA};/ \|\| Host(\`\1\`)/" | tr -d "\r\n") sed "s/\([^ ]*\) ${ORGA};/ \|\| Host(\`\1\`)/" | tr -d "\r\n")
FOREIGN_POD=$(grep " ${ORGA};" "${KAZ_CONF_PROXY_DIR}/pod_kaz_map" 2>/dev/null | \ FOREIGN_POD=$(grep " ${ORGA};" "${KAZ_CONF_PROXY_DIR}/pod_kaz_map" 2>/dev/null | \
sed "s/\([^ ]*\) ${ORGA};/ \|\| Host(\`\1\`)/" | tr -d "\r\n") sed "s/\([^ ]*\) ${ORGA};/ \|\| Host(\`\1\`)/" | tr -d "\r\n")
FOREIGN_SPIP=$(grep " ${ORGA};" "${KAZ_CONF_PROXY_DIR}/spip_kaz_map" 2>/dev/null | \
sed "s/\([^ ]*\) ${ORGA};/ \|\| Host(\`\1\`)/" | tr -d "\r\n")
awk ' awk '
BEGIN {cp=1} BEGIN {cp=1}
/#}}/ {cp=1 ; next}; /#}}/ {cp=1 ; next};
@@ -370,7 +388,8 @@ update() {
-e "s/{{FOREIGN_NC}}/${FOREIGN_NC}/"\ -e "s/{{FOREIGN_NC}}/${FOREIGN_NC}/"\
-e "s/{{FOREIGN_DW}}/${FOREIGN_DW}/"\ -e "s/{{FOREIGN_DW}}/${FOREIGN_DW}/"\
-e "s/{{FOREIGN_POD}}/${FOREIGN_POD}/"\ -e "s/{{FOREIGN_POD}}/${FOREIGN_POD}/"\
-e "s|\${orga}|${ORGA}-|g" -e "s/{{FOREIGN_SPIP}}/${FOREIGN_SPIP}/"\
-e "s|\${orga}|${ORGA}|g"
) > "$2" ) > "$2"
sed "s/storage_opt:.*/storage_opt: ${quota}/g" -i "$2" sed "s/storage_opt:.*/storage_opt: ${quota}/g" -i "$2"
} }
@@ -393,13 +412,18 @@ if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then
ln -sf ../../config/orgaTmpl/orga-gen.sh ln -sf ../../config/orgaTmpl/orga-gen.sh
ln -sf ../../config/orgaTmpl/orga-rm.sh ln -sf ../../config/orgaTmpl/orga-rm.sh
ln -sf ../../config/orgaTmpl/init-paheko.sh ln -sf ../../config/orgaTmpl/init-paheko.sh
ln -sf ../../config/orgaTmpl/initdb.d/ #ln -sf ../../config/orgaTmpl/initdb.d/
ln -sf ../../config/orgaTmpl/app/ ln -sf ../../config/orgaTmpl/app/
ln -sf ../../config/orgaTmpl/wiki-conf/ ln -sf ../../config/orgaTmpl/wiki-conf/
ln -sf ../../config/orgaTmpl/reload.sh ln -sf ../../config/orgaTmpl/reload.sh
ln -sf ../../config/orgaTmpl/init-db.sh ln -sf ../../config/orgaTmpl/init-db.sh
fi fi
if [ ! -d "${KAZ_KEY_DIR}/orgas/$ORGA/" ]; then
rsync -a "${KAZ_CONF_DIR}/orgaTmpl/secret.tmpl/" "${KAZ_KEY_DIR}/orgas/$ORGA/"
${KAZ_BIN_DIR}/secretGen.sh -d $ORGA
fi
if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then
# ########## update ${DOCKERS_ENV} # ########## update ${DOCKERS_ENV}
if ! grep -q "proxy_orga=" .env 2> /dev/null if ! grep -q "proxy_orga=" .env 2> /dev/null
@@ -419,6 +443,12 @@ if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then
fi fi
if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then
# ########## create network
## GAEL bizarre, je pense que c'est déjà fait qque part, mais chez moi ça veut pas ...
docker network create "${ORGA}-orgaNet"
# ########## create volume # ########## create volume
./init-volume.sh ./init-volume.sh
fi fi

2
config/orgaTmpl/orga-rm.sh
View File

@@ -40,6 +40,8 @@ remove () {
sed -i -e "/proxy_${ORGA_FLAG}=/d" "${DOCKERS_ENV}" sed -i -e "/proxy_${ORGA_FLAG}=/d" "${DOCKERS_ENV}"
sed -i -e "/^${ORGA}-orga$/d" "${ORGA_LIST}" sed -i -e "/^${ORGA}-orga$/d" "${ORGA_LIST}"
rm -fr "${KAZ_COMP_DIR}/${ORGA}-orga" rm -fr "${KAZ_COMP_DIR}/${ORGA}-orga"
rm -fr "${KAZ_KEY_DIR}/orgas/${ORGA}"
exit;; exit;;
[Nn]* ) [Nn]* )

3
config/orgaTmpl/secret.tmpl/env-castopodAdmin Normal file
View File

@@ -0,0 +1,3 @@
ADMIN_USER=@@pass@@castopod2@@p@@
ADMIN_MAIL=admin@@@globalvar@@domain@@gv@@
ADMIN_PASSWORD=@@pass@@castopod3@@p@@

4
config/orgaTmpl/secret.tmpl/env-castopodDB Normal file
View File

@@ -0,0 +1,4 @@
MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
MYSQL_USER=@@user@@castopod1@@u@@
MYSQL_PASSWORD=@@pass@@castopod1@@p@@
MYSQL_DATABASE=@@db@@castopod1@@d@@

7
config/orgaTmpl/secret.tmpl/env-castopodServ Normal file
View File

@@ -0,0 +1,7 @@
CP_EMAIL_SMTP_HOST=
CP_EMAIL_FROM=
CP_EMAIL_SMTP_USERNAME=
CP_EMAIL_SMTP_PASSWORD=
CP_EMAIL_SMTP_PORT=
CP_EMAIL_SMTP_CRYPTO=
CP_REDIS_PASSWORD=

9
config/orgaTmpl/secret.tmpl/env-mattermostDB Normal file
View File

@@ -0,0 +1,9 @@
MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
MYSQL_DATABASE=@@db@@mattermost@@d@@
MYSQL_USER=@@user@@mattermost@@u@@
MYSQL_PASSWORD=@@pass@@mattermost@@p@@
POSTGRES_USER=@@user@@mattermost@@u@@
POSTGRES_PASSWORD=@@pass@@mattermost@@p@@
POSTGRES_DB=@@db@@mattermost@@d@@

9
config/orgaTmpl/secret.tmpl/env-mattermostServ Normal file
View File

@@ -0,0 +1,9 @@
MM_ADMIN_EMAIL=@@globalvar@@matterHost@@gv@@@@@globalvar@@domain@@gv@@
MM_ADMIN_USER=@@user@@mattermost2@@u@@
MM_ADMIN_PASSWORD=@@pass@@mattermost2@@p@@
MM_SQLSETTINGS_DRIVERNAME=postgres
MM_SQLSETTINGS_DATASOURCE=postgres://@@user@@mattermost@@u@@:@@pass@@mattermost@@p@@@postgres:5432/@@db@@mattermost@@d@@?sslmode=disable&connect_timeout=10

8
config/orgaTmpl/secret.tmpl/env-nextcloudDB Normal file
View File

@@ -0,0 +1,8 @@
MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
MYSQL_DATABASE=@@db@@nextcloud@@d@@
MYSQL_USER=@@user@@nextcloud@@u@@
MYSQL_PASSWORD=@@pass@@nextcloud@@p@@
#NC_MYSQL_USER=
#NC_MYSQL_PASSWORD=

5
config/orgaTmpl/secret.tmpl/env-nextcloudServ Normal file
View File

@@ -0,0 +1,5 @@
NEXTCLOUD_ADMIN_USER=@@user@@nextcloudadmin@@u@@
NEXTCLOUD_ADMIN_PASSWORD=@@pass@@nextcloudadmin@@p@@
MYSQL_HOST=db
RAIN_LOOP=@@pass@@rainloop@@p@@

4
config/orgaTmpl/secret.tmpl/env-spipDB Normal file
View File

@@ -0,0 +1,4 @@
MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
MYSQL_DATABASE=@@db@@spip@@d@@
MYSQL_USER=@@user@@spip@@u@@
MYSQL_PASSWORD=@@pass@@spip@@p@@

10
config/orgaTmpl/secret.tmpl/env-spipServ Normal file
View File

@@ -0,0 +1,10 @@
SPIP_AUTO_INSTALL=1
SPIP_DB_SERVER=mysql
SPIP_DB_NAME=@@db@@spip@@d@@
SPIP_DB_LOGIN=@@user@@spip@@u@@
SPIP_DB_PASS=@@pass@@spip@@p@@
SPIP_ADMIN_NAME=admin
SPIP_ADMIN_LOGIN=@@user@@spipadmin@@u@@
SPIP_ADMIN_EMAIL=admin@@@globalvar@@domain@@gv@@
SPIP_ADMIN_PASS=@@pass@@spipadmin@@p@@
PHP_TIMEZONE=Europe/Paris

4
config/orgaTmpl/secret.tmpl/env-wpDB Normal file
View File

@@ -0,0 +1,4 @@
MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
MYSQL_DATABASE=@@db@@wp@@d@@
MYSQL_USER=@@user@@wp@@u@@
MYSQL_PASSWORD=@@pass@@wp@@p@@

8
config/orgaTmpl/secret.tmpl/env-wpServ Normal file
View File

@@ -0,0 +1,8 @@
# share with wpDB
WORDPRESS_DB_HOST=db:3306
WORDPRESS_ADMIN_USER=@@user@@adminwp@@u@@
WORDPRESS_ADMIN_PASSWORD=@@pass@@adminwp@@p@@
WORDPRESS_DB_NAME=@@db@@wp@@d@@
WORDPRESS_DB_USER=@@user@@wp@@u@@
WORDPRESS_DB_PASSWORD=@@pass@@wp@@p@@

10
config/orgaTmpl/wiki-conf/acl.auth.php
View File

@@ -1,10 +0,0 @@
# acl.auth.php
# <?php exit()?>
# Don't modify the lines above
#
# Access Control Lists
#
# Auto-generated by install script
# Date: Sat, 13 Feb 2021 17:42:28 +0000
* @ALL 1
* @user 8

26
config/orgaTmpl/wiki-conf/local.php
View File

@@ -1,26 +0,0 @@
<?php
/*
* Dokuwiki's Main Configuration File - Local Settings
* Auto-generated by config plugin
* Run for user: felix
* Date: Sun, 28 Feb 2021 15:56:13 +0000
*/
$conf['title'] = 'Kaz';
$conf['template'] = 'docnavwiki';
$conf['license'] = 'cc-by-sa';
$conf['useacl'] = 1;
$conf['superuser'] = '@admin';
$conf['manager'] = '@manager';
$conf['disableactions'] = 'register';
$conf['remoteuser'] = '';
$conf['mailfrom'] = 'dokuwiki@kaz.bzh';
$conf['updatecheck'] = 0;
$conf['userewrite'] = '1';
$conf['useslash'] = 1;
$conf['plugin']['ckgedit']['scayt_auto'] = 'on';
$conf['plugin']['ckgedit']['scayt_lang'] = 'French/fr_FR';
$conf['plugin']['ckgedit']['other_lang'] = 'fr';
$conf['plugin']['smtp']['smtp_host'] = 'smtp.kaz.bzh';
$conf['plugin']['todo']['CheckboxText'] = 0;
$conf['plugin']['wrap']['restrictionType'] = '1';

13
config/orgaTmpl/wiki-conf/users.auth.php
View File

@@ -1,13 +0,0 @@
# users.auth.php
# <?php exit()?>
# Don't modify the lines above
#
# Userfile
#
# Auto-generated by install script
# Date: Sat, 13 Feb 2021 17:42:28 +0000
#
# Format:
# login:passwordhash:Real Name:email:groups,comma,separated
admin:$2y$10$GYvFgViXeEUmDViplHEs7eoYV8tmbfsS8wA1vfHQ.tWgW14o9aTjy:admin:contact@kaz.bzh:admin,user

21
config/proxy/proxy_params
View File

@@ -1,21 +0,0 @@
#proxy_buffering off;
#proxy_set_header X-Forwarded-Host $host:$server_port;
#proxy_set_header X-Forwarded-Server $host;
#XXX pb proxy_set_header Connection $proxy_connection;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
# mattermost
http2_push_preload on; # Enable HTTP/2 Server Push
add_header Strict-Transport-Security max-age=15768000;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
#proxy_hide_header 'x-frame-options';
#proxy_set_header x-frame-options allowall;
proxy_set_header X-Frame-Options SAMEORIGIN;

3
dockers/apikaz/Readme.txt
View File

@@ -1,6 +1,6 @@
yo, ceci est l'api de kaz ! yo, ceci est l'api de kaz !
https://apikaz.kazkouil.fr/ https://apikaz.DEV/
Je pars de ça: python api + docker-compose: https://dev.to/alissonzampietro/the-amazing-journey-of-docker-compose-17lj Je pars de ça: python api + docker-compose: https://dev.to/alissonzampietro/the-amazing-journey-of-docker-compose-17lj
@@ -14,6 +14,7 @@ autre piste: abandonnée pour l'instant. trop jeune ?
Documentation (OpenApi remplace swagger) Documentation (OpenApi remplace swagger)
https://pypi.org/project/flask-openapi3/ https://pypi.org/project/flask-openapi3/
autre piste ? https://github.com/fastapi/fastapi (mais y a du node :( )
TODO: TODO:
* sécurisation de l'API : un token ? otp ? * sécurisation de l'API : un token ? otp ?

8
dockers/apikaz/source/resources/config.py
View File

@@ -38,8 +38,6 @@ gandi_url_api=os.environ.get('gandi_GANDI_API')
#kaz_user #kaz_user
site_url=os.environ.get('site_url') site_url=os.environ.get('site_url')
#pour webmail_url et mdp_url, ça renvoie des tuples et non des str, bizarre, du coup, je mets en dur #pour webmail_url et mdp_url, ça renvoie des tuples et non des str, bizarre, il fat mettre les url en dur
#webmail_url=os.environ.get('webmail_url'), webmail_url=os.environ.get('webmail_url')
#mdp_url=os.environ.get('mdp_url'), mdp_url=os.environ.get('mdp_url')
webmail_url='https://webmail.kaz.bzh',
mdp_url='https://mdp.kazkouil.fr',

2
dockers/apikaz/source/resources/quota.py
View File

@@ -9,7 +9,7 @@ class Quota(Resource):
#https://doc.dovecot.org/configuration_manual/authentication/master_users/ #https://doc.dovecot.org/configuration_manual/authentication/master_users/
#https://blog.debugo.fr/serveur-messagerie-dovecot/ #https://blog.debugo.fr/serveur-messagerie-dovecot/
# sur kazkouil.fr, j'ai modifié /etc/dovecot/conf.d/20-lmtp.conf # sur DEV, j'ai modifié /etc/dovecot/conf.d/20-lmtp.conf
#mail_plugins = $mail_plugins sieve quota #mail_plugins = $mail_plugins sieve quota
@jwt_required() @jwt_required()

2
dockers/apikaz/source/resources/test.py
View File

@@ -35,7 +35,7 @@ class Test(Resource):
auth = (self.paheko_ident, self.paheko_pass) auth = (self.paheko_ident, self.paheko_pass)
api_url = self.paheko_url + '/api/sql/' api_url = self.paheko_url + '/api/sql/'
payload = { "sql": f"select * from users where id_category <> 13 and email='fab@kazkouil.fr'" } payload = { "sql": f"select * from users where id_category <> 13 and email='MONEMAIL@perso'" }
#payload = { "sql": f"select * from users where id_category <> 13 " } #payload = { "sql": f"select * from users where id_category <> 13 " }
response = requests.post(api_url, auth=auth, data=payload) response = requests.post(api_url, auth=auth, data=payload)

0
dockers/postfix2/.env → dockers/cadvisor/.env
View File

42
dockers/cadvisor/docker-compose.yml Normal file
View File

@@ -0,0 +1,42 @@
services:
cadvisor:
image: gcr.io/cadvisor/cadvisor:v0.52.0
container_name: cadvisor
command:
- "--store_container_labels=false"
- "--whitelisted_container_labels=com.docker.compose.project"
- "--housekeeping_interval=60s"
- "--docker_only=true"
- "--disable_metrics=percpu,sched,tcp,udp,disk,diskIO,hugetlb,referenced_memory,cpu_topology,resctrl"
networks:
- traefikNet
labels:
- "traefik.enable=true"
- "traefik.http.routers.cadvisor-secure.entrypoints=websecure"
- "traefik.http.routers.cadvisor-secure.rule=Host(`cadvisor-${site}.${domain}`)"
#- "traefik.http.routers.grafana-secure.tls=true"
- "traefik.http.routers.cadvisor-secure.service=cadvisor"
- "traefik.http.routers.cadvisor-secure.middlewares=test-adminipallowlist@file"
- "traefik.http.services.cadvisor.loadbalancer.server.port=8080"
- "traefik.docker.network=traefikNet"
# ports:
# - 8098:8080
volumes:
- /:/rootfs:ro
- /var/run:/var/run:ro
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
- /dev/disk/:/dev/disk:ro
devices:
- /dev/kmsg
privileged: true
restart: unless-stopped
networks:
traefikNet:
external: true
name: traefikNet

1
dockers/castopod/first.sh
View File

@@ -6,7 +6,6 @@ setKazVars
cd $(dirname $0) cd $(dirname $0)
. "${DOCKERS_ENV}" . "${DOCKERS_ENV}"
. "${KAZ_KEY_DIR}/SetAllPass.sh"
"${KAZ_BIN_DIR}/gestContainers.sh" --install -M -castopod "${KAZ_BIN_DIR}/gestContainers.sh" --install -M -castopod

1
dockers/cloud/first.sh
View File

@@ -4,7 +4,6 @@ KAZ_ROOT=$(cd $(dirname $0)/../..; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh" . "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars setKazVars
. "${DOCKERS_ENV}" . "${DOCKERS_ENV}"
. $KAZ_ROOT/secret/SetAllPass.sh
${KAZ_BIN_DIR}/gestContainers.sh --install -M -cloud ${KAZ_BIN_DIR}/gestContainers.sh --install -M -cloud

2
dockers/collabora/docker-compose.yml
View File

@@ -15,6 +15,8 @@ services:
environment: environment:
- dictionaries=fr_FR en_GB es_ES - dictionaries=fr_FR en_GB es_ES
- aliasgroup1=https://.*${cloudHost}.${domain}:443 - aliasgroup1=https://.*${cloudHost}.${domain}:443
# test did sur un cloud distant
- aliasgroup2=https://cloud.bodam.fr:443
# si on veut ajouter d'autres domaines autorisés pour certaines orgas: # si on veut ajouter d'autres domaines autorisés pour certaines orgas:
# - aliasgroup2=https://autre-domaine1:443 # - aliasgroup2=https://autre-domaine1:443
# - aliasgroup3=https://autre-domaine2:443 # - aliasgroup3=https://autre-domaine2:443

4
dockers/gitea/docker-compose.yml
View File

@@ -27,11 +27,13 @@ services:
- "traefik.docker.network=giteaNet" - "traefik.docker.network=giteaNet"
db: db:
image: mariadb:10.5 image: mariadb
container_name: ${gitDBName} container_name: ${gitDBName}
restart: ${restartPolicy} restart: ${restartPolicy}
env_file: env_file:
- ../../secret/env-${gitDBName} - ../../secret/env-${gitDBName}
environment:
- MARIADB_AUTO_UPGRADE=1
volumes: volumes:
- gitDB:/var/lib/mysql - gitDB:/var/lib/mysql
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro

32
dockers/grafana/docker-compose.yml
View File

@@ -1,7 +1,7 @@
services: services:
prometheus: prometheus:
image: prom/prometheus:v2.15.2 image: prom/prometheus:v3.3.0
restart: unless-stopped restart: unless-stopped
container_name: ${prometheusServName} container_name: ${prometheusServName}
volumes: volumes:
@@ -10,27 +10,27 @@ services:
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
command: command:
- "--web.route-prefix=/" # - "--web.route-prefix=/"
- "--web.external-url=https://${site}.${domain}/prometheus" # - "--web.external-url=https://prometheus.${domain}"
- "--config.file=/etc/prometheus/prometheus.yml" - "--config.file=/etc/prometheus/prometheus.yml"
- "--storage.tsdb.path=/prometheus" - "--storage.tsdb.path=/prometheus"
- "--web.console.libraries=/usr/share/prometheus/console_libraries" - "--web.console.libraries=/usr/share/prometheus/console_libraries"
- "--web.console.templates=/usr/share/prometheus/consoles" - "--web.console.templates=/usr/share/prometheus/consoles"
networks: networks:
- traefikNet - traefikNet
labels: # labels:
- "traefik.enable=true" # - "traefik.enable=true"
- "traefik.http.routers.prometheus-secure.entrypoints=websecure" # - "traefik.http.routers.prometheus-secure.entrypoints=websecure"
- "traefik.http.middlewares.prometheus-stripprefix.stripprefix.prefixes=/prometheus" # - "traefik.http.middlewares.prometheus-stripprefix.stripprefix.prefixes=/prometheus"
- "traefik.http.routers.prometheus-secure.rule=Host(`${site}.${domain}`) && PathPrefix(`/prometheus`)" # - "traefik.http.routers.prometheus-secure.rule=Host(`prometheus.${domain}`)"
# - "traefik.http.routers.prometheus-secure.tls=true" # # - "traefik.http.routers.prometheus-secure.tls=true"
- "traefik.http.routers.prometheus-secure.middlewares=prometheus-stripprefix,test-adminiallowlist@file,traefik-auth" # - "traefik.http.routers.prometheus-secure.middlewares=prometheus-stripprefix,test-adminiallowlist@file,traefik-auth"
- "traefik.http.routers.prometheus-secure.service=prometheus" # - "traefik.http.routers.prometheus-secure.service=prometheus"
- "traefik.http.services.prometheus.loadbalancer.server.port=9090" # - "traefik.http.services.prometheus.loadbalancer.server.port=9090"
- "traefik.docker.network=traefikNet" # - "traefik.docker.network=traefikNet"
grafana: grafana:
image: grafana/grafana:6.6.1 image: grafana/grafana:11.6.0
restart: unless-stopped restart: unless-stopped
container_name: ${grafanaServName} container_name: ${grafanaServName}
volumes: volumes:
@@ -48,8 +48,8 @@ services:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.grafana-secure.entrypoints=websecure" - "traefik.http.routers.grafana-secure.entrypoints=websecure"
- "traefik.http.middlewares.grafana-stripprefix.stripprefix.prefixes=/grafana" - "traefik.http.middlewares.grafana-stripprefix.stripprefix.prefixes=/grafana"
- "traefik.http.routers.grafana-secure.rule=Host(`${site}.${domain}`) && PathPrefix(`/grafana`)" - "traefik.http.routers.grafana-secure.rule=Host(`grafana.${domain}`)"
# - "traefik.http.routers.grafana-secure.tls=true" #- "traefik.http.routers.grafana-secure.tls=true"
- "traefik.http.routers.grafana-secure.service=grafana" - "traefik.http.routers.grafana-secure.service=grafana"
- "traefik.http.routers.grafana-secure.middlewares=grafana-stripprefix,test-adminipallowlist@file,traefik-auth" - "traefik.http.routers.grafana-secure.middlewares=grafana-stripprefix,test-adminipallowlist@file,traefik-auth"
- "traefik.http.services.grafana.loadbalancer.server.port=3000" - "traefik.http.services.grafana.loadbalancer.server.port=3000"

23545
dockers/grafana/grafana/provisioning/dashboards/Node_Exporter_Full.json Normal file
View File

File diff suppressed because it is too large Load Diff

2666
dockers/grafana/grafana/provisioning/dashboards/Node_Exporter_for_Prometheus_Dashboard_based_on_11074.json Normal file
View File

File diff suppressed because it is too large Load Diff

1540
dockers/grafana/grafana/provisioning/dashboards/Prometheus_2.0_Stats.json Normal file
View File

File diff suppressed because it is too large Load Diff

874
dockers/grafana/grafana/provisioning/dashboards/per_host_docker_monitoring.json Normal file
View File

@@ -0,0 +1,874 @@
{
"__inputs": [
{
"name": "DS_PROMETHEUS",
"label": "Prometheus",
"description": "",
"type": "datasource",
"pluginId": "prometheus",
"pluginName": "Prometheus"
}
],
"__elements": {},
"__requires": [
{
"type": "grafana",
"id": "grafana",
"name": "Grafana",
"version": "11.6.0"
},
{
"type": "datasource",
"id": "prometheus",
"name": "Prometheus",
"version": "1.0.0"
},
{
"type": "panel",
"id": "stat",
"name": "Stat",
"version": ""
},
{
"type": "panel",
"id": "timeseries",
"name": "Time series",
"version": ""
}
],
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "grafana",
"uid": "-- Grafana --"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"description": "Docker monitoring with Prometheus and cAdvisor",
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 1,
"id": null,
"links": [
{
"asDropdown": false,
"icon": "external link",
"includeVars": false,
"keepTime": false,
"tags": [],
"targetBlank": true,
"title": "Portainer",
"tooltip": "",
"type": "link",
"url": "https://portainer.kaz.bzh/"
}
],
"panels": [
{
"collapsed": false,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 0
},
"id": 8,
"panels": [],
"repeat": "host",
"title": "$host",
"type": "row"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"fieldConfig": {
"defaults": {
"mappings": [
{
"options": {
"match": "null",
"result": {
"text": "N/A"
}
},
"type": "special"
}
],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green"
},
{
"color": "red",
"value": 80
}
]
},
"unit": "none"
},
"overrides": []
},
"gridPos": {
"h": 3,
"w": 8,
"x": 0,
"y": 1
},
"id": 7,
"maxDataPoints": 100,
"options": {
"colorMode": "none",
"graphMode": "none",
"justifyMode": "auto",
"orientation": "horizontal",
"percentChangeColorMode": "standard",
"reduceOptions": {
"calcs": [
"mean"
],
"fields": "",
"values": false
},
"showPercentChange": false,
"textMode": "auto",
"wideLayout": true
},
"pluginVersion": "11.6.0",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"editorMode": "code",
"expr": "count(container_last_seen{image!=\"\", host=\"$host\"})",
"intervalFactor": 2,
"legendFormat": "",
"metric": "container_last_seen",
"range": true,
"refId": "A",
"step": 240
}
],
"title": "Running containers",
"transparent": true,
"type": "stat"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"fieldConfig": {
"defaults": {
"mappings": [
{
"options": {
"match": "null",
"result": {
"text": "N/A"
}
},
"type": "special"
}
],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green"
},
{
"color": "red",
"value": 80
}
]
},
"unit": "mbytes"
},
"overrides": []
},
"gridPos": {
"h": 3,
"w": 8,
"x": 8,
"y": 1
},
"id": 5,
"maxDataPoints": 100,
"options": {
"colorMode": "none",
"graphMode": "none",
"justifyMode": "auto",
"orientation": "horizontal",
"percentChangeColorMode": "standard",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"showPercentChange": false,
"textMode": "auto",
"wideLayout": true
},
"pluginVersion": "11.6.0",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"editorMode": "code",
"expr": "sum(container_memory_usage_bytes{image!=\"\", host=\"$host\"})/1024/1024",
"intervalFactor": 2,
"legendFormat": "",
"metric": "container_memory_usage_bytes",
"range": true,
"refId": "A",
"step": 240
}
],
"title": "Total Memory Usage",
"transparent": true,
"type": "stat"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"fieldConfig": {
"defaults": {
"mappings": [
{
"options": {
"match": "null",
"result": {
"text": "N/A"
}
},
"type": "special"
}
],
"max": 100,
"min": 0,
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green"
},
{
"color": "red",
"value": 80
}
]
},
"unit": "percent"
},
"overrides": []
},
"gridPos": {
"h": 3,
"w": 8,
"x": 16,
"y": 1
},
"id": 6,
"maxDataPoints": 100,
"options": {
"colorMode": "none",
"graphMode": "none",
"justifyMode": "auto",
"orientation": "horizontal",
"percentChangeColorMode": "standard",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"showPercentChange": false,
"textMode": "auto",
"wideLayout": true
},
"pluginVersion": "11.6.0",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"editorMode": "code",
"expr": "sum(rate(container_cpu_user_seconds_total{image!=\"\", host=\"$host\"}[5m]) * 100)",
"intervalFactor": 2,
"legendFormat": "",
"metric": "container_memory_usage_bytes",
"range": true,
"refId": "A",
"step": 240
}
],
"title": "Total CPU Usage",
"transparent": true,
"type": "stat"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"barWidthFactor": 0.6,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 2,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": true,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"links": [
{
"oneClick": false,
"targetBlank": true,
"title": "Portainer host",
"url": "https://portainer.kaz.bzh/#!/${__field.labels.portainer_id}/docker/containers"
},
{
"targetBlank": true,
"title": "Portainer container",
"url": "https://portainer.kaz.bzh/#!/${__field.labels.portainer_id}/docker/containers/${__field.labels.id.21}${__field.labels.id.22}${__field.labels.id.23}${__field.labels.id.24}${__field.labels.id.25}${__field.labels.id.26}${__field.labels.id.27}${__field.labels.id.28}${__field.labels.id.29}${__field.labels.id.30}${__field.labels.id.31}${__field.labels.id.32}"
}
],
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green"
},
{
"color": "red",
"value": 80
}
]
},
"unit": "percent"
},
"overrides": [
{
"__systemRef": "hideSeriesFrom",
"matcher": {
"id": "byNames",
"options": {
"mode": "exclude",
"names": [
"lagalette-orga/lagalette-wpServ"
],
"prefix": "All except:",
"readOnly": true
}
},
"properties": [
{
"id": "custom.hideFrom",
"value": {
"legend": false,
"tooltip": false,
"viz": true
}
}
]
}
]
},
"gridPos": {
"h": 7,
"w": 24,
"x": 0,
"y": 4
},
"id": 2,
"options": {
"legend": {
"calcs": [
"mean",
"lastNotNull"
],
"displayMode": "table",
"placement": "right",
"showLegend": true,
"sortBy": "Mean",
"sortDesc": true
},
"tooltip": {
"hideZeros": false,
"mode": "multi",
"sort": "desc"
}
},
"pluginVersion": "11.6.0",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"editorMode": "code",
"expr": "rate(container_cpu_user_seconds_total{image!=\"\", host=\"$host\"}[5m]) * 100",
"intervalFactor": 2,
"legendFormat": "{{container_label_com_docker_compose_project}}/{{name}}",
"metric": "cpu",
"range": true,
"refId": "A",
"step": 10
}
],
"title": "CPU Usage",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"barWidthFactor": 0.6,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 2,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": true,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"links": [
{
"targetBlank": true,
"title": "Portainer host",
"url": "https://portainer.kaz.bzh/#!/${__field.labels.portainer_id}/docker/containers"
},
{
"targetBlank": true,
"title": "Portainer container",
"url": "https://portainer.kaz.bzh/#!/${__field.labels.portainer_id}/docker/containers/${__field.labels.id.21}${__field.labels.id.22}${__field.labels.id.23}${__field.labels.id.24}${__field.labels.id.25}${__field.labels.id.26}${__field.labels.id.27}${__field.labels.id.28}${__field.labels.id.29}${__field.labels.id.30}${__field.labels.id.31}${__field.labels.id.32}"
}
],
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green"
},
{
"color": "red",
"value": 80
}
]
},
"unit": "bytes"
},
"overrides": []
},
"gridPos": {
"h": 7,
"w": 24,
"x": 0,
"y": 11
},
"id": 1,
"links": [
{
"targetBlank": true,
"title": "Portainer",
"url": "https://portainer.kaz.bzh"
}
],
"options": {
"legend": {
"calcs": [
"mean",
"lastNotNull"
],
"displayMode": "table",
"placement": "right",
"showLegend": true
},
"tooltip": {
"hideZeros": false,
"mode": "multi",
"sort": "desc"
}
},
"pluginVersion": "11.6.0",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"editorMode": "builder",
"expr": "container_memory_usage_bytes{image!=\"\", host=\"$host\"}",
"hide": false,
"intervalFactor": 2,
"legendFormat": "{{container_label_com_docker_compose_project}}/{{name}}",
"metric": "container_memory_usage_bytes",
"range": true,
"refId": "A",
"step": 10
}
],
"title": "Memory Usage",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"barWidthFactor": 0.6,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 2,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": true,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green"
},
{
"color": "red",
"value": 80
}
]
},
"unit": "Bps"
},
"overrides": []
},
"gridPos": {
"h": 7,
"w": 12,
"x": 0,
"y": 18
},
"id": 3,
"options": {
"legend": {
"calcs": [
"mean",
"lastNotNull"
],
"displayMode": "table",
"placement": "right",
"showLegend": true,
"sortBy": "Mean",
"sortDesc": true
},
"tooltip": {
"hideZeros": false,
"mode": "multi",
"sort": "desc"
}
},
"pluginVersion": "11.6.0",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"editorMode": "code",
"expr": "irate(container_network_receive_bytes_total{image!=\"\", host=\"$host\"}[5m])",
"intervalFactor": 2,
"legendFormat": "{{container_label_com_docker_compose_project}}/{{name}}",
"metric": "container_network_receive_bytes_total",
"range": true,
"refId": "A",
"step": 20
}
],
"title": "Network Rx",
"transformations": [
{
"id": "renameByRegex",
"options": {
"regex": "(.*)",
"renamePattern": "$1"
}
}
],
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"barWidthFactor": 0.6,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 2,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": true,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green"
},
{
"color": "red",
"value": 80
}
]
},
"unit": "Bps"
},
"overrides": []
},
"gridPos": {
"h": 7,
"w": 12,
"x": 12,
"y": 18
},
"id": 9,
"options": {
"legend": {
"calcs": [
"mean",
"lastNotNull"
],
"displayMode": "table",
"placement": "right",
"showLegend": true,
"sortBy": "Mean",
"sortDesc": true
},
"tooltip": {
"hideZeros": false,
"mode": "multi",
"sort": "desc"
}
},
"pluginVersion": "11.6.0",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"editorMode": "code",
"expr": "irate(container_network_transmit_bytes_total{image!=\"\", host=\"$host\"}[5m])",
"hide": false,
"intervalFactor": 2,
"legendFormat": "{{container_label_com_docker_compose_project}}/{{name}}",
"metric": "container_network_receive_bytes_total",
"range": true,
"refId": "B",
"step": 20
}
],
"title": "Network Tx",
"type": "timeseries"
}
],
"refresh": "30s",
"schemaVersion": 41,
"tags": [],
"templating": {
"list": [
{
"allowCustomValue": false,
"current": {},
"definition": "label_values(host)",
"includeAll": true,
"multi": true,
"name": "host",
"options": [],
"query": {
"qryType": 1,
"query": "label_values(host)",
"refId": "PrometheusVariableQueryEditor-VariableQuery"
},
"refresh": 1,
"regex": "",
"type": "query"
},
{
"baseFilters": [],
"datasource": {
"type": "prometheus",
"uid": "PBFA97CFB590B2093"
},
"filters": [
{
"condition": "",
"key": "container_label_com_docker_compose_project",
"keyLabel": "container_label_com_docker_compose_project",
"operator": "=~",
"value": ".*",
"valueLabels": [
".*"
]
}
],
"hide": 1,
"name": "filter",
"type": "adhoc"
}
]
},
"time": {
"from": "now-3h",
"to": "now"
},
"timepicker": {},
"timezone": "browser",
"title": "Docker monitoring par host",
"uid": "eekgch7tdq8sgc",
"version": 29,
"weekStart": ""
}

442
dockers/grafana/grafana/provisioning/dashboards/server_details.json Normal file
View File

@@ -0,0 +1,442 @@
"color": "green"
},
{
"color": "red",
"value": 80
}
]
},
"unit": "Bps"
},
"overrides": []
},
"gridPos": {
"h": 7,
"w": 12,
"x": 0,
"y": 14
},
"id": 84,
"options": {
"legend": {
"calcs": [
"mean",
"lastNotNull",
"max",
"min"
],
"displayMode": "table",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"hideZeros": false,
"mode": "multi",
"sort": "none"
}
},
"pluginVersion": "11.6.0",
"targets": [
{
"datasource": {
"type": "prometheus"
},
"editorMode": "code",
"expr": "rate(node_network_receive_bytes_total{host=\"$host\", device=~\"$device\"}[5m])",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{device}} - rx",
"range": true,
"refId": "A",
"step": 240
},
{
"datasource": {
"type": "prometheus"
},
"editorMode": "code",
"expr": "- rate(node_network_transmit_bytes_total{host=\"$host\", device=~\"$device\"}[5m])",
"hide": false,
"instant": false,
"legendFormat": "{{device}} - tx",
"range": true,
"refId": "B"
}
],
"title": "Network Traffic Rx",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus"
},
"description": "",
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"barWidthFactor": 0.6,
"drawStyle": "line",
"fillOpacity": 0,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "auto",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"links": [],
"mappings": [],
"max": 100,
"min": 0,
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green"
},
{
"color": "red",
"value": 80
}
]
},
"unit": "percent"
},
"overrides": []
},
"gridPos": {
"h": 7,
"w": 12,
"x": 12,
"y": 14
},
"id": 174,
"options": {
"alertThreshold": true,
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"hideZeros": false,
"mode": "single",
"sort": "none"
}
},
"pluginVersion": "11.6.0",
"targets": [
{
"datasource": {
"type": "prometheus"
},
"editorMode": "code",
"expr": "(node_filesystem_size_bytes{host=\"$host\",fstype=~\"ext.*|xfs\",mountpoint !~\".*pod.*\"}-node_filesystem_free_bytes{host=\"$host\",fstype=~\"ext.*|xfs\",mountpoint !~\".*pod.*\"}) *100/(node_filesystem_avail_bytes{host=\"$host\",fstype=~\"ext.*|xfs\",mountpoint !~\".*pod.*\"}+(node_filesystem_size_bytes{host=\"$host\",fstype=~\"ext.*|xfs\",mountpoint !~\".*pod.*\"}-node_filesystem_free_bytes{host=\"$host\",fstype=~\"ext.*|xfs\",mountpoint !~\".*pod.*\"}))",
"format": "time_series",
"instant": false,
"interval": "",
"intervalFactor": 1,
"legendFormat": "{{mountpoint}}",
"refId": "A"
},
{
"datasource": {
"type": "prometheus"
},
"expr": "node_filesystem_files_free{host=\"$host\",fstype=~\"ext.?|xfs\"} / node_filesystem_files{host=\"$host\",fstype=~\"ext.?|xfs\"}",
"hide": true,
"interval": "",
"legendFormat": "Inodes{{instance}}{{mountpoint}}",
"refId": "B"
}
],
"title": "Disk",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus"
},
"description": "Physical machines only",
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"barWidthFactor": 0.6,
"drawStyle": "line",
"fillOpacity": 0,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "auto",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"min": 0,
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green"
},
{
"color": "red",
"value": 80
}
]
},
"unit": "celsius"
},
"overrides": []
},
"gridPos": {
"h": 7,
"w": 12,
"x": 0,
"y": 21
},
"id": 175,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"hideZeros": false,
"mode": "single",
"sort": "none"
}
},
"pluginVersion": "11.6.0",
"targets": [
{
"editorMode": "code",
"expr": "node_thermal_zone_temp{host=\"$host\"}",
"legendFormat": "{{type}}-zone{{zone}}",
"range": true,
"refId": "A"
}
],
"title": "Temperature",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"barWidthFactor": 0.6,
"drawStyle": "line",
"fillOpacity": 0,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "auto",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green"
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 7,
"w": 12,
"x": 12,
"y": 21
},
"id": 176,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"hideZeros": false,
"mode": "single",
"sort": "none"
}
},
"pluginVersion": "11.6.0",
"targets": [
{
"editorMode": "code",
"expr": "rate(node_disk_reads_completed_total{host=\"$host\"}[2m])",
"legendFormat": "{{device}} reads",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus"
},
"editorMode": "code",
"expr": " rate(node_disk_writes_completed_total{host=~\"$host\"}[2m])",
"hide": false,
"instant": false,
"legendFormat": "{{device}} writes",
"range": true,
"refId": "B"
}
],
"title": "Disks IOs",
"type": "timeseries"
}
],
"preload": false,
"refresh": "5s",
"schemaVersion": 41,
"tags": [],
"templating": {
"list": [
{
"allowCustomValue": false,
"current": {
"text": "kazguel",
"value": "kazguel"
},
"definition": "label_values(host)",
"includeAll": false,
"name": "host",
"options": [],
"query": {
"qryType": 1,
"query": "label_values(host)",
"refId": "PrometheusVariableQueryEditor-VariableQuery"
},
"refresh": 1,
"regex": "",
"type": "query"
},
{
"allowCustomValue": false,
"current": {
"text": [
"ens18"
],
"value": [
"ens18"
]
},
"definition": "label_values(node_network_info{device!~\"br.*|veth.*|lo.*|tap.*|docker.*|vibr.*\"},device)",
"includeAll": true,
"label": "NIC",
"multi": true,
"name": "device",
"options": [],
"query": {
"qryType": 1,
"query": "label_values(node_network_info{device!~\"br.*|veth.*|lo.*|tap.*|docker.*|vibr.*\"},device)",
"refId": "PrometheusVariableQueryEditor-VariableQuery"
},
"refresh": 1,
"regex": "",
"type": "query"
}
]
},
"time": {
"from": "now-6h",
"to": "now"
},
"timepicker": {},
"timezone": "",
"title": "Vue Serveur",
"uid": "deki6c3qvihhcd",
"version": 22
}

1197
dockers/grafana/grafana/provisioning/dashboards/server_overview.json Normal file
View File

File diff suppressed because it is too large Load Diff

106
dockers/grafana/prometheus/prometheus.yml
View File

@@ -1,12 +1,108 @@
global: global:
scrape_interval: 15s scrape_interval: 60s
evaluation_interval: 15s evaluation_interval: 60s
scrape_timeout: 55s
rule_files: rule_files:
- 'alert.rules' - 'alert.rules'
scrape_configs: scrape_configs:
- job_name: 'traefik' # unused for now
scrape_interval: 5s #- job_name: 'traefik'
# scrape_interval: 5s
# static_configs:
# - targets: ['reverse-proxy:8080']
- job_name: prometheus
static_configs: static_configs:
- targets: ['dashboard.kaz.sns:8289','dashboard2.kaz.sns:8289'] - targets: ["prometheus:9090"]
- job_name: cadvisor-prod1
scheme: "https"
static_configs:
- targets: ["cadvisor-prod1.kaz.bzh:443"]
labels:
host: 'prod1'
portainer_id: 2
- job_name: cadvisor-prod2
scheme: "https"
static_configs:
- targets: ["cadvisor-prod2.kaz.bzh:443"]
labels:
host: 'prod2'
portainer_id: 4
- job_name: cadvisor-kazoulet
scheme: "https"
static_configs:
- targets: ["cadvisor-kazoulet.kaz.bzh:443"]
labels:
host: 'kazoulet'
portainer_id: 3
- job_name: cadvisor-tykaz
scheme: "https"
static_configs:
- targets: ["cadvisor-tykaz.kaz.bzh:443"]
labels:
host: 'tykaz'
portainer_id: 10
- job_name: cadvisor-kazguel
scheme: "https"
static_configs:
- targets: ["cadvisor-kazguel.kaz.bzh:443"]
labels:
host: 'kazguel'
portainer_id: 11
- job_name: cadvisor-kazkouil
scheme: "https"
static_configs:
- targets: ["cadvisor-dev.kazkouil.fr:443"]
labels:
host: 'kazkouil'
portainer_id: 5
- job_name: node-exporter-prod1
static_configs:
# - targets: ["prod1.kaz.bzh:9100","prod2.kaz.bzh:9100","kazoulet.kaz.bzh:9100","tykaz.kaz.bzh:9100","kazguel.kaz.bzh:9100","kazkouil.fr:9100"]
- targets: ["prod1.kaz.bzh:9100"]
labels:
host: 'prod1'
- job_name: node-exporter-prod2
static_configs:
# - targets: ["prod1.kaz.bzh:9100","prod2.kaz.bzh:9100","kazoulet.kaz.bzh:9100","tykaz.kaz.bzh:9100","kazguel.kaz.bzh:9100","kazkouil.fr:9100"]
- targets: ["prod2.kaz.bzh:9100"]
labels:
host: 'prod2'
- job_name: node-exporter-kazoulet
static_configs:
- targets: ["kazoulet.kaz.bzh:9100"]
labels:
host: 'kazoulet'
- job_name: node-exporter-tykaz
static_configs:
- targets: ["tykaz.kaz.bzh:9100"]
labels:
host: 'tykaz'
- job_name: node-exporter-kazguel
static_configs:
- targets: ["kazguel.kaz.bzh:9100"]
labels:
host: 'kazguel'
- job_name: node-exporter-kazkouil
static_configs:
- targets: ["kazkouil.fr:9100"]
labels:
host: 'kazkouil'

3
dockers/jirafeau/Dockerfile
View File

@@ -38,7 +38,8 @@ RUN docker-php-ext-install zip
RUN mkdir /var/jirafeau/ /var/jirafeauData/ RUN mkdir /var/jirafeau/ /var/jirafeauData/
WORKDIR /var/jirafeau WORKDIR /var/jirafeau
COPY --chown=www-data git/Jirafeau/ . COPY --chown=www-data git/Jirafeau/ .
COPY --chown=www-data git/depollueur/src/Jirafeau/[aft].php ./ COPY --chown=www-data git/depollueur/src/Jirafeau/ ./
COPY --chown=www-data dockers/jirafeau/media/kaz media/kaz COPY --chown=www-data dockers/jirafeau/media/kaz media/kaz
RUN sed -i -e '1i\<p>La limite des t&eacute;l&eacute;versements est actuellement de <?php echo ini_get("post_max_size"); ?></p>' lib/template/footer.php RUN sed -i -e '1i\<p>La limite des t&eacute;l&eacute;versements est actuellement de <?php echo ini_get("post_max_size"); ?></p>' lib/template/footer.php
RUN sed -i -e '/<div id="jyraphe">/i\<div id="kaz">' lib/template/footer.php RUN sed -i -e '/<div id="jyraphe">/i\<div id="kaz">' lib/template/footer.php

14
dockers/jirafeau/docker-compose.yml
View File

@@ -23,11 +23,15 @@ services:
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.${jirafeauServName}-admin.rule=Host(`${fileHost}.${domain}`) && PathPrefix(`/admin.php`)" # pour ouvrir juste /f.php !!
- "traefik.http.routers.${jirafeauServName}-admin.middlewares=test-adminipallowlist@file" # - "traefik.http.routers.${jirafeauServName}-download.rule=Host(`${fileHost}.${domain}`) && ( PathPrefix(`/f.php`) || PathPrefix(`/index.php`)"
- "traefik.http.routers.${jirafeauServName}.rule=Host(`${fileHost}.${domain}`) && ! PathPrefix(`/admin.php`)" # Le service est ouvert aux ip autorisées
- "traefik.docker.network=jirafeauNet" # - "traefik.http.routers.${jirafeauServName}-admin.rule=Host(`${fileHost}.${domain}`)"
- "traefik.http.routers.${jirafeauServName}-admin.rule=Host(`${fileHost}.${domain}`) && ( PathPrefix(`/a-send.php`) || PathPrefix(`/s.php`) || PathPrefix(`/admin.php`) || PathPrefix(`/script.php`) )"
- "traefik.http.routers.${jirafeauServName}-admin.middlewares=test-adminipallowlist@file"
- "traefik.http.routers.${jirafeauServName}.rule=Host(`${fileHost}.${domain}`) && ! ( PathPrefix(`/a-send.php`) || PathPrefix(`/s.php`) || PathPrefix(`/admin.php`) || PathPrefix(`/script.php`) )"
- "traefik.docker.network=jirafeauNet"
volumes: volumes:
fileData: fileData:

7
dockers/jirafeau/reload.sh Executable file
View File

@@ -0,0 +1,7 @@
#!/bin/bash
# limitation du filter.sh
docker exec jirafeauServ bash -c "cp /var/jirafeauData/*/20241109/*.json /var/jirafeau/lib/locales/"
docker exec jirafeauServ bash -c "cp /var/jirafeauData/*/20241109/*.php /var/jirafeau/"
docker exec jirafeauServ bash -c "mv /var/jirafeau/settings.php /var/jirafeau/lib/"
docker exec jirafeauServ bash -c "mv /var/jirafeau/functions.js.php /var/jirafeau/lib/"

4
dockers/ldap/UIHooks/post-hook.sh
View File

@@ -5,7 +5,9 @@ NEWPASSWORD=$(base64 -d <<< $2)
OLDPASSWORD=$(base64 -d <<< $3) OLDPASSWORD=$(base64 -d <<< $3)
URL_AGORA="https://${matterHost}.${domain}" URL_AGORA="https://${matterHost}.${domain}"
mattermost_token=${LDAPUI_MM_ADMIN_TOKEN}
#mattermost_token=${LDAPUI_MM_ADMIN_TOKEN}
. $KAZ_KEY_DIR/env-mattermostAdmin
IDUSER=$(curl -s -H "Authorization: Bearer ${mattermost_token}" "${URL_AGORA}/api/v4/users/email/${EMAIL}" | awk -F "," '{print $1}' | sed -e 's/{"id"://g' -e 's/"//g') IDUSER=$(curl -s -H "Authorization: Bearer ${mattermost_token}" "${URL_AGORA}/api/v4/users/email/${EMAIL}" | awk -F "," '{print $1}' | sed -e 's/{"id"://g' -e 's/"//g')
if [ ${IDUSER} == 'app.user.missing_account.const' ] if [ ${IDUSER} == 'app.user.missing_account.const' ]

3
dockers/ldap/docker-compose.yml
View File

@@ -11,6 +11,7 @@ services:
web: web:
image: ltbproject/self-service-password image: ltbproject/self-service-password
container_name: ${ldapUIName} container_name: ${ldapUIName}
restart: ${restartPolicy}
depends_on: depends_on:
- ldap - ldap
networks: networks:
@@ -45,7 +46,7 @@ services:
ldap: ldap:
image: docker.io/bitnami/openldap:2.6 image: docker.io/bitnami/openldap:2.6
container_name: ${ldapServName} container_name: ${ldapServName}
restart: always restart: ${restartPolicy}
env_file: env_file:
- ../../secret/env-${ldapServName} - ../../secret/env-${ldapServName}

4
dockers/ldap/first.sh
View File

@@ -84,5 +84,5 @@ updateVarInConf "pwd_show_policy" "always" "${CONFIG_IHM}"
updateVarInConf "posthook" "/var/www/kaz/post-hook.sh" "${CONFIG_IHM}" updateVarInConf "posthook" "/var/www/kaz/post-hook.sh" "${CONFIG_IHM}"
updateVarInConf "posthook_password_encodebase64" "true" "${CONFIG_IHM}" updateVarInConf "posthook_password_encodebase64" "true" "${CONFIG_IHM}"
# does not work
docker cp "${KAZ_BIN_DIR}/look/kaz/kaz-tete.png" "${ldapUIName}:/var/www/html/images/ltb-logo.png" # docker cp "${KAZ_BIN_DIR}/look/kaz/kaz-tete.png" "${ldapUIName}:/var/www/html/images/ltb-logo.png"

1
dockers/mastodon/.env Symbolic link
View File

@@ -0,0 +1 @@
../../config/dockers.env

Some files were not shown because too many files have changed in this diff Show More