KAZ/KazV2
11
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

Compare commits

base: KAZ:39aa417d113e0e11a0dd9d3b16a77cf814ba3757
Branches Tags
KAZ:master KAZ:feat/python KAZ:gestionSecrets
...
compare: KAZ:master
Branches Tags
KAZ:master KAZ:feat/python KAZ:gestionSecrets

18 Commits
39aa417d11 ... master

Author SHA1 Message Date
nom
a5a8580e7a pour démarrer un script quand sympa est up. doit-être démarré au boot de la machine 2025-12-02 15:06:22 +01:00
nom
acbe218f78 upgrade traefik 3.6.2 2025-11-22 07:57:57 +01:00
didier
9731aa7631 modif du Readme 2025-11-19 19:48:04 +01:00
Fanch
eccd0a5ddc ldaps commenté le temps de mettre en prod 2025-11-19 10:40:46 +01:00
Fanch
5e858b86f3 ldap: autoriser ldaps via traefik 2025-11-19 10:30:05 +01:00
nom
5dc5155c53 upgrade MM 11.1 2025-11-19 00:10:59 +01:00
Fanch
f90620b268 python: lib mattermost 2025-11-16 10:30:37 +01:00
didier
f5678d6c67 cosmétique 2025-11-16 10:00:48 +01:00
didier
3acc408eac date 2025-11-16 09:52:20 +01:00
didier
789917abae ajout suppression du mail de scours dans la liste infos 2025-11-16 09:49:53 +01:00
Fanch
d6dbe1212c chechpaekoldap: forwardings 2025-11-14 21:20:52 +01:00
didier
e50911b40e nettoyage 2025-11-14 14:32:27 +01:00
didier
2100395ef3 modif 2025-11-14 14:15:44 +01:00
nom
d1d637f213 suppr Dockerfile 2025-11-12 17:40:48 +01:00
François
972006cc81 upgrade dokuwiki to "dokuwiki/dokuwiki" 2025-11-09 07:04:46 +01:00
nom
4fc0f4ed74 maj display_name en display-name pour mmctl 2025-11-03 09:02:56 +01:00
didier
ca98a51ff2 git en gitea 2025-10-28 05:36:56 +01:00
didier
e462c383a5 ajout de git dans le save 2025-10-28 05:34:00 +01:00
18 changed files with 157 additions and 210 deletions
Expand all files Collapse all files

4
bin/checkPahekoLdap.py
View File

@@ -163,12 +163,12 @@ with Ldap() as ldap:
ldap_forwardings = ldap.get_mail_forwardings() ldap_forwardings = ldap.get_mail_forwardings()
for ldap_user in ldap_forwardings: for ldap_user in ldap_forwardings:
ldap_user = ldap_user[1] ldap_user = ldap_user[1]
paheko_entry = [x for x in membres if x["email"] == ldap_user["mail"][0].decode() or (x["emails_rattaches"] and ldap_user["mail"][0].decode() in x["emails_rattaches"])] paheko_entry = [x for x in membres if x["email"] == ldap_user["mailAlias"][0].decode() or (x["forward"] and ldap_user["mailAlias"][0].decode() in x["forward"])]
paheko_entry = paheko_entry[0] if len(paheko_entry) else None paheko_entry = paheko_entry[0] if len(paheko_entry) else None
if paheko_entry: if paheko_entry:
pass pass
else: else:
not_in_paheko.append(ldap_user["mail"][0].decode() + " (forwarding)") not_in_paheko.append(ldap_user["mailAlias"][0].decode() + " (forwarding)")
print("Mails dans paheko mais pas dans le LDAP :") print("Mails dans paheko mais pas dans le LDAP :")

5
bin/container.sh
View File

@@ -191,6 +191,11 @@ saveComposes () {
. $KAZ_KEY_DIR/env-etherpadDB . $KAZ_KEY_DIR/env-etherpadDB
saveDB ${etherpadDBName} "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" etherpad mysql saveDB ${etherpadDBName} "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" etherpad mysql
;; ;;
gitea)
echo "save gitea"
. $KAZ_KEY_DIR/env-gitDB
saveDB ${gitDBName} "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" gitea mysql
;;
framadate) framadate)
echo "save date" echo "save date"
. $KAZ_KEY_DIR/env-framadateDB . $KAZ_KEY_DIR/env-framadateDB

2
bin/createUser.sh
View File

@@ -606,7 +606,7 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$
# l'équipe existe t-elle déjà ? # l'équipe existe t-elle déjà ?
nb=$(docker exec mattermostServ bin/mmctl team list | grep -w "${EQUIPE_AGORA}" | wc -l) nb=$(docker exec mattermostServ bin/mmctl team list | grep -w "${EQUIPE_AGORA}" | wc -l)
if [ "${nb}" == "0" ];then # non, on la créé en mettant le user en admin de l'équipe if [ "${nb}" == "0" ];then # non, on la créé en mettant le user en admin de l'équipe
echo "docker exec -i mattermostServ bin/mmctl team create --name ${EQUIPE_AGORA} --display_name ${EQUIPE_AGORA} --email ${EMAIL_SOUHAITE}" --private | tee -a "${CMD_INIT}" echo "docker exec -i mattermostServ bin/mmctl team create --name ${EQUIPE_AGORA} --display-name ${EQUIPE_AGORA} --email ${EMAIL_SOUHAITE}" --private | tee -a "${CMD_INIT}"
fi fi
# puis ajouter le user à l'équipe # puis ajouter le user à l'équipe
echo "docker exec -i mattermostServ bin/mmctl team users add ${EQUIPE_AGORA} ${EMAIL_SOUHAITE}" | tee -a "${CMD_INIT}" echo "docker exec -i mattermostServ bin/mmctl team users add ${EQUIPE_AGORA} ${EMAIL_SOUHAITE}" | tee -a "${CMD_INIT}"

50
bin/gestUsers.sh
View File

@@ -13,7 +13,7 @@ setKazVars
. $KAZ_KEY_DIR/env-sympaServ . $KAZ_KEY_DIR/env-sympaServ
. $KAZ_KEY_DIR/env-paheko . $KAZ_KEY_DIR/env-paheko
VERSION="16-10-2025" VERSION="16-11-2025"
PRG=$(basename $0) PRG=$(basename $0)
RACINE=$(echo $PRG | awk '{print $1}') RACINE=$(echo $PRG | awk '{print $1}')
IFS=' ' IFS=' '
@@ -139,7 +139,7 @@ searchEmail() {
searchMattermost() { searchMattermost() {
#Ici $1 est une adresse email #Ici $1 est une adresse email
. $KAZ_KEY_DIR/env-mattermostAdmin . $KAZ_KEY_DIR/env-mattermostAdmin
docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings auth login $httpProto://$URL_AGORA --name local-server --username $mattermost_user --password $mattermost_pass >/dev/null 2>&1 docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings auth login $httpProto://$URL_AGORA --name local-server --username $mattermost_user --password $mattermost_pass >/dev/null 2>&1
docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings config set ServiceSettings.EnableAPIUserDeletion "true" >/dev/null 2>&1 docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings config set ServiceSettings.EnableAPIUserDeletion "true" >/dev/null 2>&1
#on créé la list des mails dans mattermost #on créé la list des mails dans mattermost
docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings user list --all >${TFILE_MAILS_MATTERMOST} 2>/dev/null docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings user list --all >${TFILE_MAILS_MATTERMOST} 2>/dev/null
@@ -167,9 +167,9 @@ infoEmail() {
while : while :
do do
clear clear
echo "------------------------------------------------" echo "------------------------------------------------"
printKazMsg "${ACTION_EN_COURS}" printKazMsg "${ACTION_EN_COURS}"
echo "------------------------------------------------" echo "------------------------------------------------"
read -p "Alias ou Mail ? (R pour retour ou M/A [M] :" RINFOMAIL read -p "Alias ou Mail ? (R pour retour ou M/A [M] :" RINFOMAIL
case ${RINFOMAIL} in case ${RINFOMAIL} in
"" | M | m ) "" | M | m )
@@ -184,9 +184,6 @@ infoEmail() {
echo " ------------------------------------------------" echo " ------------------------------------------------"
printKazMsg " DETAILS DU COMPTE DANS NEXTCLOUD PRINCIPAL" printKazMsg " DETAILS DU COMPTE DANS NEXTCLOUD PRINCIPAL"
echo -e "" echo -e ""
#TEMP_USER_NC=$(mktemp /tmp/$RACINE.XXXXXXXXX.TEMP_USER_NC)
#curl -s -o $TEMP_USER_NC -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=$CHOIX_MAIL
#cat $TEMP_USER_NC | grep -i "element" | sed -e s/[\<\>\/]//g | sed -e s/element//g
echo -ne "${NC}" echo -ne "${NC}"
echo -ne " - Nextcloud enable : " echo -ne " - Nextcloud enable : "
echo -ne "${GREEN}" echo -ne "${GREEN}"
@@ -212,10 +209,10 @@ infoEmail() {
ldapsearch -H ldap://${LDAP_IP} -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i mailquota | cut -c 11-60 ldapsearch -H ldap://${LDAP_IP} -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i mailquota | cut -c 11-60
echo -ne "${NC}" echo -ne "${NC}"
echo -ne " - Place disque des mails : " echo -ne " - Place disque des mails : "
cd ${DOCK_VOL}/postfix_mailData/_data/${DOMAINE_EN_COURS} cd ${DOCK_VOL}/postfix_mailData/_data/${DOMAINE_EN_COURS}
echo -ne "${GREEN}" echo -ne "${GREEN}"
du -sh $(echo ${CHOIX_MAIL} | sed -e 's/@.*//') | cut -c 1-4 du -sh $(echo ${CHOIX_MAIL} | sed -e 's/@.*//') | cut -c 1-4
echo -ne "${NC}" echo -ne "${NC}"
echo -n " - Quota Nextcloud (Ldap) : " echo -n " - Quota Nextcloud (Ldap) : "
echo -ne "${GREEN}" echo -ne "${GREEN}"
ldapsearch -H ldap://${LDAP_IP} -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i nextcloudquota | cut -c 17-60 ldapsearch -H ldap://${LDAP_IP} -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i nextcloudquota | cut -c 17-60
@@ -247,11 +244,11 @@ infoEmail() {
;; ;;
A | a ) A | a )
searchEmail alias searchEmail alias
echo "------------------------------------------------" echo "------------------------------------------------"
echo " Alias : ${CHOIX_MAIL} " echo " Alias : ${CHOIX_MAIL} "
echo "" echo ""
for INFOALIAS in $(ldapsearch -H ldap://${LDAP_IP} -x -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" \ for INFOALIAS in $(ldapsearch -H ldap://${LDAP_IP} -x -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${LDAP_ADMIN_PASSWORD}" -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${CHOIX_MAIL}*))" mail \ -w "${LDAP_ADMIN_PASSWORD}" -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${CHOIX_MAIL}*))" mail \
| grep ^mail: | sed -e 's/^mail://') | grep ^mail: | sed -e 's/^mail://')
do do
echo -ne "=====> ${GREEN} " echo -ne "=====> ${GREEN} "
@@ -278,16 +275,21 @@ searchDestroy() {
CHOIX_MAIL="" CHOIX_MAIL=""
searchEmail searchEmail
REP_SEARCH_DESTROY=$CHOIX_MAIL REP_SEARCH_DESTROY=$CHOIX_MAIL
echo "CHOIX=$REP_SEARCH_DESTROY" MAIL_SECOURS=$(ldapsearch -H ldap://${LDAP_IP} \
echo "domaine en cours : ${DOMAINE_EN_COURS}" -x -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${LDAP_ADMIN_PASSWORD}" \
-b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=*${REP_SEARCH_DESTROY}*))" | grep ^mailDeSecours | sed -e 's/^mailDeSecours: //')
echo "Mail en cours = $REP_SEARCH_DESTROY"
echo "Mail de secours = ${MAIL_SECOURS}"
echo "Domaine en cours : ${DOMAINE_EN_COURS}"
echo "--------------------------------- SUPPRESION ----------------------------------------" echo "--------------------------------- SUPPRESION ----------------------------------------"
while : while :
do do
echo "----------------------------------------------------------------------" echo "----------------------------------------------------------------------"
printKazMsg "${GREEN}${ACTION_EN_COURS}${NC}" printKazMsg "${GREEN}${ACTION_EN_COURS}${NC}"
echo "----------------------------------------------------------------------" echo "----------------------------------------------------------------------"
echo -e "${BLINK} TOUT RETOUR EN ARRIERE EST IMPOSSIBLE ${NC}" echo -e "${BLINK} TOUT RETOUR EN ARRIERE EST IMPOSSIBLE ${NC}"
read -p "ON CONTINUE ? [ o / n ]: " SEARCH_DESTROY_INPUT read -p "ON CONTINUE ? [ o / n ]: " SEARCH_DESTROY_INPUT
if [ "$SEARCH_DESTROY_INPUT" = "n" ] || [ "$SEARCH_DESTROY_INPUT" = "N" ] if [ "$SEARCH_DESTROY_INPUT" = "n" ] || [ "$SEARCH_DESTROY_INPUT" = "N" ]
then then
searchDestroy searchDestroy
@@ -335,10 +337,11 @@ searchDestroy() {
fi fi
echo -e "${NC}" echo -e "${NC}"
echo "" echo ""
echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans la liste info de sympa" echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} et ${MAIL_SECOURS} dans la liste info de sympa"
echo -e "${NC}" echo -e "${NC}"
echo "" echo ""
docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${SOAP_USER} --trusted_application_password=${SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${REP_SEARCH_DESTROY}" docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${SOAP_USER} --trusted_application_password=${SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${REP_SEARCH_DESTROY}"
docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${SOAP_USER} --trusted_application_password=${SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${MAIL_SECOURS}"
echo -e "${NC}" echo -e "${NC}"
echo "" echo ""
echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans le serveur de mail" echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans le serveur de mail"
@@ -355,10 +358,6 @@ searchDestroy() {
echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans le ldap" echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans le ldap"
echo -e "${NC}" echo -e "${NC}"
echo "" echo ""
MAIL_SECOURS=$(ldapsearch -H ldap://${LDAP_IP} \
-x -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${LDAP_ADMIN_PASSWORD}" \
-b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=*${REP_SEARCH_DESTROY}*))" | grep ^mailDeSecours | sed -e 's/^mailDeSecours: //')
ldapdelete -H ldap://${LDAP_IP} -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${LDAP_ADMIN_PASSWORD}" "cn=${REP_SEARCH_DESTROY},ou=users,${ldap_root}" ldapdelete -H ldap://${LDAP_IP} -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${LDAP_ADMIN_PASSWORD}" "cn=${REP_SEARCH_DESTROY},ou=users,${ldap_root}"
if [ "$?" -eq "0" ] if [ "$?" -eq "0" ]
then then
@@ -373,7 +372,7 @@ searchDestroy() {
printKazError "Erreur de suppression" printKazError "Erreur de suppression"
fi fi
printKazMsg "Envoi d'un message dans mattermost pour la suppression du compte" printKazMsg "Envoi d'un message dans mattermost pour la suppression du compte"
docker exec -ti mattermostServ bin/mmctl post create kaz:Creation-Comptes --message "Le compte ${REP_SEARCH_DESTROY} est supprimé" >/dev/null 2>&1 docker exec -ti mattermostServ bin/mmctl post create kaz:Creation-Comptes --message "Le compte ${REP_SEARCH_DESTROY} est supprimé , mail envoyé à ${MAIL_SECOURS}" >/dev/null 2>&1
MAIL_SUPPR="Le compte ${REP_SEARCH_DESTROY} est supprimé" MAIL_SUPPR="Le compte ${REP_SEARCH_DESTROY} est supprimé"
OLDIFS=${IFS} OLDIFS=${IFS}
IFS='' IFS=''
@@ -1199,4 +1198,3 @@ esac
[ ! -e ${KAZ_CONF_DIR}/autorized-domains.txt ] && { echo "création de ${KAZ_CONF_DIR}/autorized-domains.txt" ; touch ${KAZ_CONF_DIR}/autorized-domains.txt;} [ ! -e ${KAZ_CONF_DIR}/autorized-domains.txt ] && { echo "création de ${KAZ_CONF_DIR}/autorized-domains.txt" ; touch ${KAZ_CONF_DIR}/autorized-domains.txt;}
! grep $domain ${KAZ_CONF_DIR}/autorized-domains.txt && echo $domain >> ${KAZ_CONF_DIR}/autorized-domains.txt ! grep $domain ${KAZ_CONF_DIR}/autorized-domains.txt && echo $domain >> ${KAZ_CONF_DIR}/autorized-domains.txt
Main Main

8
bin/lib/mattermost.py
View File

@@ -2,8 +2,9 @@ import subprocess
from .config import getDockersConfig, getSecretConfig from .config import getDockersConfig, getSecretConfig
mattermost_user = getSecretConfig("mattermostServ", "MM_ADMIN_USER") mattermost_user = getSecretConfig("mattermostAdmin", "mattermost_user")
mattermost_pass = getSecretConfig("mattermostServ", "MM_ADMIN_PASSWORD") mattermost_pass = getSecretConfig("mattermostAdmin", "mattermost_pass")
# mattermost_token = getSecretConfig("mattermostAdmin", "mattermost_token")
mattermost_url = f"https://{getDockersConfig('matterHost')}.{getDockersConfig('domain')}" mattermost_url = f"https://{getDockersConfig('matterHost')}.{getDockersConfig('domain')}"
mmctl = "docker exec -i mattermostServ bin/mmctl" mmctl = "docker exec -i mattermostServ bin/mmctl"
@@ -23,6 +24,8 @@ class Mattermost:
def authenticate(self): def authenticate(self):
# Authentification sur MM # Authentification sur MM
cmd = f"{mmctl} auth login {mattermost_url} --name local-server --username {mattermost_user} --password {mattermost_pass}" cmd = f"{mmctl} auth login {mattermost_url} --name local-server --username {mattermost_user} --password {mattermost_pass}"
# ou (si ça casse le token ?)
# cmd = f"{mmctl} auth login {mattermost_url} --name local-server --access-token {mattermost_token}"
subprocess.run(cmd, shell=True, stderr=subprocess.STDOUT, check=True) subprocess.run(cmd, shell=True, stderr=subprocess.STDOUT, check=True)
@@ -131,4 +134,3 @@ class Mattermost:
cmd = f"{mmctl} team delete {equipe} --confirm" cmd = f"{mmctl} team delete {equipe} --confirm"
output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT) output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
return output.decode() return output.decode()

2
bin/manageWiki.sh
View File

@@ -117,7 +117,7 @@ Version(){
Reload(){ Reload(){
# $1 ContainerName # $1 ContainerName
if [ -f "${VOL_PREFIX}wikiData/_data/farms/init.sh" ]; then if [ -f "${VOL_PREFIX}wikiData/_data/farms/init.sh" ]; then
${SIMU} docker exec -ti "${1}" /dokuwiki/data/farms/init.sh ${SIMU} docker exec -ti "${1}" /storage/data/farms/init.sh
${SIMU} pkill -KILL lighttpd ${SIMU} pkill -KILL lighttpd
fi fi
} }

11
config/orgaTmpl/docker-compose.yml
View File

@@ -153,18 +153,19 @@ services:
#}} #}}
#{{wiki #{{wiki
dokuwiki: dokuwiki:
image: mprasil/dokuwiki image: dokuwiki/dokuwiki
container_name: ${orga}-${dokuwikiServName} container_name: ${orga}-${dokuwikiServName}
#disk_quota: 10G #disk_quota: 10G
restart: ${restartPolicy} restart: ${restartPolicy}
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.${orga}-${dokuwikiServName}.rule=Host(`${orga}-${dokuwikiHost}.${domain}`){{FOREIGN_DW}}" - "traefik.http.routers.${orga}-${dokuwikiServName}.rule=Host(`${orga}-${dokuwikiHost}.${domain}`){{FOREIGN_DW}}"
- "traefik.http.services.${orga}-${dokuwikiServName}.loadbalancer.server.port=8080"
volumes: volumes:
- wikiData:/dokuwiki/data - wikiData:/storage/data
- wikiConf:/dokuwiki/conf - wikiConf:/storage/conf
- wikiPlugins:/dokuwiki/lib/plugins - wikiPlugins:/storage/lib/plugins
- wikiLibtpl:/dokuwiki/lib/tpl - wikiLibtpl:/storage/lib/tpl
- wikiLogs:/var/log - wikiLogs:/var/log
networks: networks:
- orgaNet - orgaNet

85
dockers/dokuwiki/Dockerfile
View File

@@ -1,85 +0,0 @@
FROM --platform=${TARGETPLATFORM:-linux/amd64} crazymax/alpine-s6:3.12
ARG TARGETPLATFORM
ARG BUILDPLATFORM
RUN printf "I am running on ${BUILDPLATFORM:-linux/amd64}, building for ${TARGETPLATFORM:-linux/amd64}\n$(uname -a)\n"
LABEL maintainer="CrazyMax"
########################################
# APT local cache
# work around because COPY failed if no source file
COPY .dummy .apt-mirror-confi[g] .proxy-confi[g] /
RUN cp /.proxy-config /etc/profile.d/proxy.sh 2> /dev/null || true
RUN if [ -f /.apt-mirror-config ] ; then . /.apt-mirror-config && sed -i \
-e "s%s\?://deb.debian.org%://${APT_MIRROR_DEBIAN}%g" \
-e "s%s\?://security.debian.org%://${APT_MIRROR_DEBIAN_SECURITY}%g" \
-e "s%s\?://archive.ubuntu.com%://${APT_MIRROR_UBUNTU}%g" \
-e "s%s\?://security.ubuntu.com%://${APT_MIRROR_UBUNTU_SECURITY}%g" \
/etc/apt/sources.list; fi
########################################
RUN apk --update --no-cache add \
curl \
imagemagick \
inotify-tools \
libgd \
nginx \
php7 \
php7-cli \
php7-ctype \
php7-curl \
php7-fpm \
php7-gd \
php7-imagick \
php7-json \
php7-ldap \
php7-mbstring \
php7-openssl \
php7-pdo \
php7-pdo_sqlite \
php7-session \
php7-simplexml \
php7-sqlite3 \
php7-xml \
php7-zip \
php7-zlib \
shadow \
su-exec \
tar \
tzdata \
&& rm -rf /tmp/* /var/cache/apk/* /var/www/*
ENV S6_BEHAVIOUR_IF_STAGE2_FAILS="2" \
DOKUWIKI_VERSION="2020-07-29" \
DOKUWIKI_MD5="8867b6a5d71ecb5203402fe5e8fa18c9" \
TZ="UTC" \
PUID="1500" \
PGID="1500"
RUN apk --update --no-cache add -t build-dependencies \
gnupg \
wget \
&& cd /tmp \
&& wget -q "https://download.dokuwiki.org/src/dokuwiki/dokuwiki-$DOKUWIKI_VERSION.tgz" \
&& echo "$DOKUWIKI_MD5 /tmp/dokuwiki-$DOKUWIKI_VERSION.tgz" | md5sum -c - | grep OK \
&& tar -xzf "dokuwiki-$DOKUWIKI_VERSION.tgz" --strip 1 -C /var/www \
&& apk del build-dependencies \
&& rm -rf /root/.gnupg /tmp/* /var/cache/apk/*
COPY rootfs /
RUN rm -f /dokuwiki.tgz
COPY htaccess /dokuwiki/.htaccess
RUN chmod a+x /usr/local/bin/* \
&& addgroup -g ${PGID} dokuwiki \
&& adduser -D -H -u ${PUID} -G dokuwiki -s /bin/sh dokuwiki
EXPOSE 8000
WORKDIR /var/www
VOLUME [ "/data" ]
ENTRYPOINT [ "/init" ]
HEALTHCHECK --interval=10s --timeout=5s --start-period=20s \
CMD curl --fail http://127.0.0.1:12345/ping || exit 1

11
dockers/dokuwiki/docker-compose.yml
View File

@@ -1,7 +1,7 @@
services: services:
dokuwiki: dokuwiki:
image: mprasil/dokuwiki image: dokuwiki/dokuwiki
container_name: ${dokuwikiServName} container_name: ${dokuwikiServName}
restart: ${restartPolicy} restart: ${restartPolicy}
# ports: # ports:
@@ -12,14 +12,15 @@ services:
external_links: external_links:
- ${smtpServName}:${smtpHost}.${domain} - ${smtpServName}:${smtpHost}.${domain}
volumes: volumes:
- "dokuwikiData:/dokuwiki/data" - "dokuwikiData:/storage/data"
- "dokuwikiConf:/dokuwiki/conf" - "dokuwikiConf:/storage/conf"
- "dokuwikiPlugins:/dokuwiki/lib/plugins" - "dokuwikiPlugins:/storage/lib/plugins"
- "dokuwikiLibtpl:/dokuwiki/lib/tpl" - "dokuwikiLibtpl:/storage/lib/tpl"
- "dokuwikiLogs:/var/log" - "dokuwikiLogs:/var/log"
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.${dokuwikiServName}.rule=Host(`${dokuwikiHost}.${domain}`)" - "traefik.http.routers.${dokuwikiServName}.rule=Host(`${dokuwikiHost}.${domain}`)"
- "traefik.http.services.${dokuwikiServName}.loadbalancer.server.port=8080"
- "traefik.docker.network=dokuwikiNet" - "traefik.docker.network=dokuwikiNet"
volumes: volumes:

10
dockers/ldap/docker-compose.yml
View File

@@ -68,6 +68,16 @@ services:
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro
networks: networks:
- ldapNet - ldapNet
# labels:
# - "traefik.enable=true"
# - "traefik.tcp.routers.${ldapServName}.rule=HostSNI(`ldap.${domain}`)"
# - "traefik.tcp.routers.${ldapServName}.entrypoints=ldapsecure"
# - "traefik.tcp.routers.${ldapServName}.tls=true"
# - "traefik.tcp.routers.${ldapServName}.tls.domains[0].main=ldap.${domain}"
# - "traefik.tcp.routers.${ldapServName}.tls.certResolver=letsencrypt"
# - "traefik.tcp.routers.${ldapServName}.middlewares=ldap-ip-allowlist@file"
# - "traefik.tcp.services.${ldapServName}.loadbalancer.server.port=389"
# - "traefik.docker.network=ldapNet"
volumes: volumes:
openldapData: openldapData:

6
dockers/mastodon/README.md
View File

@@ -4,3 +4,9 @@ docker-compose run --rm web bundle exec rails db:setup
Créer un compte admin : Créer un compte admin :
tootctl accounts create adminkaz --email admin@kaz.bzh --confirmed --role Owner tootctl accounts create adminkaz --email admin@kaz.bzh --confirmed --role Owner
tootctl accounts approve adminkaz tootctl accounts approve adminkaz
après un upgrade mastodon j'ai du faire ça
docker-compose run --rm web bundle exec rails db:migrate
De la doc sur ldap :
https://gist.github.com/sigmaris/5db742083a3406c7c385315634640650

39
dockers/mastodon/docker-compose.yml
View File

@@ -1,6 +1,3 @@
# This file is designed for production server deployment, not local development work
# For a containerized local dev environment, see: https://github.com/mastodon/mastodon/blob/main/docs/DEVELOPMENT.md#docker
services: services:
db: db:
container_name: ${mastodonDBName} container_name: ${mastodonDBName}
@@ -13,8 +10,6 @@ services:
test: ['CMD', 'pg_isready', '-U', 'postgres'] test: ['CMD', 'pg_isready', '-U', 'postgres']
volumes: volumes:
- postgres:/var/lib/postgresql/data - postgres:/var/lib/postgresql/data
# environment:
# - 'POSTGRES_HOST_AUTH_METHOD=trust'
env_file: env_file:
- ../../secret/env-mastodonDB - ../../secret/env-mastodonDB
@@ -61,16 +56,11 @@ services:
# - '127.0.0.1:9200:9200' # - '127.0.0.1:9200:9200'
web: web:
# You can uncomment the following line if you want to not use the prebuilt image, for example if you have local code changes
# build: .
container_name: ${mastodonServName} container_name: ${mastodonServName}
image: ghcr.io/mastodon/mastodon:v4.3.6 image: ghcr.io/mastodon/mastodon:v4.5.1
restart: ${restartPolicy} restart: ${restartPolicy}
environment: environment:
- LOCAL_DOMAIN=${mastodonHost}.${domain} - LOCAL_DOMAIN=${mastodonHost}.${domain}
- SMTP_SERVER=smtp.${domain}
- SMTP_LOGIN=admin@${domain}
- SMTP_FROM_ADDRESS=admin@${domain}
env_file: env_file:
- env-config - env-config
- ../../secret/env-mastodonServ - ../../secret/env-mastodonServ
@@ -92,27 +82,20 @@ services:
- images:/mastodon/app/javascript/images - images:/mastodon/app/javascript/images
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.koz.rule=Host(`${mastodonHost}.${domain}`)" - "traefik.http.routers.mastodon.rule=Host(`${mastodonHost}.${domain}`)"
- "traefik.http.services.koz.loadbalancer.server.port=3000" - "traefik.http.services.mastodon.loadbalancer.server.port=3000"
- "traefik.docker.network=mastodonNet" - "traefik.docker.network=mastodonNet"
streaming: streaming:
# You can uncomment the following lines if you want to not use the prebuilt image, for example if you have local code changes
# build:
# dockerfile: ./streaming/Dockerfile
# context: .
container_name: ${mastodonStreamingName} container_name: ${mastodonStreamingName}
image: ghcr.io/mastodon/mastodon-streaming:v4.3.6 image: ghcr.io/mastodon/mastodon-streaming:v4.5.1
restart: ${restartPolicy} restart: ${restartPolicy}
environment: environment:
- LOCAL_DOMAIN=${mastodonHost}.${domain} - LOCAL_DOMAIN=${mastodonHost}.${domain}
- SMTP_SERVER=smtp.${domain}
- SMTP_LOGIN=admin@${domain}
- SMTP_FROM_ADDRESS=admin@${domain}
env_file: env_file:
- env-config - env-config
- ../../secret/env-mastodonServ - ../../secret/env-mastodonServ
- ../../secret/env-mastodonDB
command: node ./streaming/index.js command: node ./streaming/index.js
networks: networks:
- mastodonNet - mastodonNet
@@ -126,24 +109,20 @@ services:
- redis - redis
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.kozs.rule=(Host(`${mastodonHost}.${domain}`) && PathPrefix(`/api/v1/streaming`))" - "traefik.http.routers.mastodons.rule=(Host(`${mastodonHost}.${domain}`) && PathPrefix(`/api/v1/streaming`))"
- "traefik.http.services.kozs.loadbalancer.server.port=4000" - "traefik.http.services.mastodons.loadbalancer.server.port=4000"
- "traefik.docker.network=mastodonNet" - "traefik.docker.network=mastodonNet"
sidekiq: sidekiq:
# You can uncomment the following line if you want to not use the prebuilt image, for example if you have local code changes
# build: .
container_name: ${mastodonSidekiqName} container_name: ${mastodonSidekiqName}
image: ghcr.io/mastodon/mastodon:v4.3.6 image: ghcr.io/mastodon/mastodon:v4.5.1
restart: ${restartPolicy} restart: ${restartPolicy}
environment: environment:
- LOCAL_DOMAIN=${mastodonHost}.${domain} - LOCAL_DOMAIN=${mastodonHost}.${domain}
- SMTP_SERVER=smtp.${domain}
- SMTP_LOGIN=admin@${domain}
- SMTP_FROM_ADDRESS=admin@${domain}
env_file: env_file:
- env-config - env-config
- ../../secret/env-mastodonServ - ../../secret/env-mastodonServ
- ../../secret/env-mastodonDB
command: bundle exec sidekiq command: bundle exec sidekiq
depends_on: depends_on:
- db - db

2
dockers/mastodon/env-config
View File

@@ -67,7 +67,7 @@ ES_PASS=password
# Sending mail # Sending mail
# ------------ # ------------
#SMTP_SERVER= #SMTP_SERVER=
SMTP_PORT=587 #SMTP_PORT=587
#SMTP_LOGIN= #SMTP_LOGIN=
#SMTP_PASSWORD= #SMTP_PASSWORD=
#SMTP_FROM_ADDRESS= #SMTP_FROM_ADDRESS=

4
dockers/mattermost/docker-compose.yml
View File

@@ -3,7 +3,7 @@
services: services:
app: app:
image: mattermost/mattermost-team-edition:11.0.2 image: mattermost/mattermost-team-edition:11.1
container_name: ${mattermostServName} container_name: ${mattermostServName}
restart: ${restartPolicy} restart: ${restartPolicy}
volumes: volumes:
@@ -16,7 +16,7 @@ services:
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro
- /etc/environment:/etc/environment:ro - /etc/environment:/etc/environment:ro
- ./mostlymatter-amd64-v11.0.2:/mattermost/bin/mattermost - ./mostlymatter-amd64-v11.1.0:/mattermost/bin/mattermost
env_file: env_file:
- ../../secret/env-${mattermostServName} - ../../secret/env-${mattermostServName}
environment: environment:

21
dockers/sympa/wait-sympa.sh Executable file
View File

@@ -0,0 +1,21 @@
#!/bin/bash
#quoi: lancer des cmdes iptables lorsque sympa est up
#quand: 02/12/2025
#qui: fab
CONTAINER="sympaServ"
HOST_SCRIPT="/kaz/dockers/sympa/updateFirewall.sh"
echo "On attend que sympa soit UP"
# Boucle jusqu'à ce qu'il soit en état running
while :; do
state=$(docker inspect -f '{{.State.Running}}' "$CONTAINER" 2>/dev/null)
if [ "$state" = "true" ]; then
echo "$CONTAINER est up. démarrage de $HOST_SCRIPT..."
bash "$HOST_SCRIPT"
exit 0
fi
sleep 2
done

7
dockers/traefik/conf/allow_ip.yml.dist
View File

@@ -9,3 +9,10 @@ http:
ipallowlist: ipallowlist:
sourceRange: sourceRange:
- "127.0.0.1" - "127.0.0.1"
tcp:
middlewares:
ldap-ip-allowlist:
ipAllowList:
sourceRange:
- "127.0.0.1"

4
dockers/traefik/docker-compose.tmpl.yml.dist
View File

@@ -1,12 +1,13 @@
services: services:
reverse-proxy: reverse-proxy:
image: traefik:v3.5.1 image: traefik:v3.6.2
container_name: ${traefikServName} container_name: ${traefikServName}
restart: ${restartPolicy} restart: ${restartPolicy}
# Enables the web UI and tells Traefik to listen to docker # Enables the web UI and tells Traefik to listen to docker
ports: ports:
- ${MAIN_IP}:80:80 - ${MAIN_IP}:80:80
- ${MAIN_IP}:443:443 - ${MAIN_IP}:443:443
- ${MAIN_IP}:636:636
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro - /var/run/docker.sock:/var/run/docker.sock:ro
- ./conf:/etc/traefik/ - ./conf:/etc/traefik/
@@ -24,6 +25,7 @@ services:
- TRAEFIK_ENTRYPOINTS_websecure_HTTP_MIDDLEWARES=hsts@file,test-ipallowlist@file - TRAEFIK_ENTRYPOINTS_websecure_HTTP_MIDDLEWARES=hsts@file,test-ipallowlist@file
- TRAEFIK_ENTRYPOINTS_websecure_TRANSPORT_RESPONDINGTIMEOUTS_READTIMEOUT=600 - TRAEFIK_ENTRYPOINTS_websecure_TRANSPORT_RESPONDINGTIMEOUTS_READTIMEOUT=600
- TRAEFIK_ENTRYPOINTS_websecure_TRANSPORT_RESPONDINGTIMEOUTS_IDLETIMEOUT=600 - TRAEFIK_ENTRYPOINTS_websecure_TRANSPORT_RESPONDINGTIMEOUTS_IDLETIMEOUT=600
- TRAEFIK_ENTRYPOINTS_ldapsecure_ADDRESS=:636
- TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_EMAIL=admin@${domain} - TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_EMAIL=admin@${domain}
- TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_CASERVER=${acme_server} - TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_CASERVER=${acme_server}
- TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_STORAGE=/letsencrypt/acme.json - TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_STORAGE=/letsencrypt/acme.json