KAZ/KazV2
11
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

Compare commits

base: KAZ:39aa417d113e0e11a0dd9d3b16a77cf814ba3757
Branches Tags
KAZ:master KAZ:feat/python KAZ:gestionSecrets
...
compare: KAZ:master
Branches Tags
KAZ:master KAZ:feat/python KAZ:gestionSecrets

18 Commits
39aa417d11 ... master

Author SHA1 Message Date
nom
a5a8580e7a pour démarrer un script quand sympa est up. doit-être démarré au boot de la machine 2025-12-02 15:06:22 +01:00
nom
acbe218f78 upgrade traefik 3.6.2 2025-11-22 07:57:57 +01:00
didier
9731aa7631 modif du Readme 2025-11-19 19:48:04 +01:00
Fanch
eccd0a5ddc ldaps commenté le temps de mettre en prod 2025-11-19 10:40:46 +01:00
Fanch
5e858b86f3 ldap: autoriser ldaps via traefik 2025-11-19 10:30:05 +01:00
nom
5dc5155c53 upgrade MM 11.1 2025-11-19 00:10:59 +01:00
Fanch
f90620b268 python: lib mattermost 2025-11-16 10:30:37 +01:00
didier
f5678d6c67 cosmétique 2025-11-16 10:00:48 +01:00
didier
3acc408eac date 2025-11-16 09:52:20 +01:00
didier
789917abae ajout suppression du mail de scours dans la liste infos 2025-11-16 09:49:53 +01:00
Fanch
d6dbe1212c chechpaekoldap: forwardings 2025-11-14 21:20:52 +01:00
didier
e50911b40e nettoyage 2025-11-14 14:32:27 +01:00
didier
2100395ef3 modif 2025-11-14 14:15:44 +01:00
nom
d1d637f213 suppr Dockerfile 2025-11-12 17:40:48 +01:00
François
972006cc81 upgrade dokuwiki to "dokuwiki/dokuwiki" 2025-11-09 07:04:46 +01:00
nom
4fc0f4ed74 maj display_name en display-name pour mmctl 2025-11-03 09:02:56 +01:00
didier
ca98a51ff2 git en gitea 2025-10-28 05:36:56 +01:00
didier
e462c383a5 ajout de git dans le save 2025-10-28 05:34:00 +01:00
18 changed files with 157 additions and 210 deletions
Expand all files Collapse all files

4
bin/checkPahekoLdap.py
View File

@@ -163,12 +163,12 @@ with Ldap() as ldap:
ldap_forwardings = ldap.get_mail_forwardings()
for ldap_user in ldap_forwardings:
ldap_user = ldap_user[1]
paheko_entry = [x for x in membres if x["email"] == ldap_user["mail"][0].decode() or (x["emails_rattaches"] and ldap_user["mail"][0].decode() in x["emails_rattaches"])]
paheko_entry = [x for x in membres if x["email"] == ldap_user["mailAlias"][0].decode() or (x["forward"] and ldap_user["mailAlias"][0].decode() in x["forward"])]
paheko_entry = paheko_entry[0] if len(paheko_entry) else None
if paheko_entry:
pass
else:
not_in_paheko.append(ldap_user["mail"][0].decode() + " (forwarding)")
not_in_paheko.append(ldap_user["mailAlias"][0].decode() + " (forwarding)")
print("Mails dans paheko mais pas dans le LDAP :")

5
bin/container.sh
View File

@@ -191,6 +191,11 @@ saveComposes () {
. $KAZ_KEY_DIR/env-etherpadDB
saveDB ${etherpadDBName} "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" etherpad mysql
;;
gitea)
echo "save gitea"
. $KAZ_KEY_DIR/env-gitDB
saveDB ${gitDBName} "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" gitea mysql
;;
framadate)
echo "save date"
. $KAZ_KEY_DIR/env-framadateDB

2
bin/createUser.sh
View File

@@ -606,7 +606,7 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$
# l'équipe existe t-elle déjà ?
nb=$(docker exec mattermostServ bin/mmctl team list | grep -w "${EQUIPE_AGORA}" | wc -l)
if [ "${nb}" == "0" ];then # non, on la créé en mettant le user en admin de l'équipe
echo "docker exec -i mattermostServ bin/mmctl team create --name ${EQUIPE_AGORA} --display_name ${EQUIPE_AGORA} --email ${EMAIL_SOUHAITE}" --private | tee -a "${CMD_INIT}"
echo "docker exec -i mattermostServ bin/mmctl team create --name ${EQUIPE_AGORA} --display-name ${EQUIPE_AGORA} --email ${EMAIL_SOUHAITE}" --private | tee -a "${CMD_INIT}"
fi
# puis ajouter le user à l'équipe
echo "docker exec -i mattermostServ bin/mmctl team users add ${EQUIPE_AGORA} ${EMAIL_SOUHAITE}" | tee -a "${CMD_INIT}"

50
bin/gestUsers.sh
View File

@@ -13,7 +13,7 @@ setKazVars
. $KAZ_KEY_DIR/env-sympaServ
. $KAZ_KEY_DIR/env-paheko
VERSION="16-10-2025"
VERSION="16-11-2025"
PRG=$(basename $0)
RACINE=$(echo $PRG | awk '{print $1}')
IFS=' '
@@ -139,7 +139,7 @@ searchEmail() {
searchMattermost() {
#Ici $1 est une adresse email
. $KAZ_KEY_DIR/env-mattermostAdmin
docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings auth login $httpProto://$URL_AGORA --name local-server --username $mattermost_user --password $mattermost_pass >/dev/null 2>&1
docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings auth login $httpProto://$URL_AGORA --name local-server --username $mattermost_user --password $mattermost_pass >/dev/null 2>&1
docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings config set ServiceSettings.EnableAPIUserDeletion "true" >/dev/null 2>&1
#on créé la list des mails dans mattermost
docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings user list --all >${TFILE_MAILS_MATTERMOST} 2>/dev/null
@@ -167,9 +167,9 @@ infoEmail() {
while :
do
clear
echo "------------------------------------------------"
echo "------------------------------------------------"
printKazMsg "${ACTION_EN_COURS}"
echo "------------------------------------------------"
echo "------------------------------------------------"
read -p "Alias ou Mail ? (R pour retour ou M/A [M] :" RINFOMAIL
case ${RINFOMAIL} in
"" | M | m )
@@ -184,9 +184,6 @@ infoEmail() {
echo " ------------------------------------------------"
printKazMsg " DETAILS DU COMPTE DANS NEXTCLOUD PRINCIPAL"
echo -e ""
#TEMP_USER_NC=$(mktemp /tmp/$RACINE.XXXXXXXXX.TEMP_USER_NC)
#curl -s -o $TEMP_USER_NC -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=$CHOIX_MAIL
#cat $TEMP_USER_NC | grep -i "element" | sed -e s/[\<\>\/]//g | sed -e s/element//g
echo -ne "${NC}"
echo -ne " - Nextcloud enable : "
echo -ne "${GREEN}"
@@ -212,10 +209,10 @@ infoEmail() {
ldapsearch -H ldap://${LDAP_IP} -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i mailquota | cut -c 11-60
echo -ne "${NC}"
echo -ne " - Place disque des mails : "
cd ${DOCK_VOL}/postfix_mailData/_data/${DOMAINE_EN_COURS}
echo -ne "${GREEN}"
du -sh $(echo ${CHOIX_MAIL} | sed -e 's/@.*//') | cut -c 1-4
echo -ne "${NC}"
cd ${DOCK_VOL}/postfix_mailData/_data/${DOMAINE_EN_COURS}
echo -ne "${GREEN}"
du -sh $(echo ${CHOIX_MAIL} | sed -e 's/@.*//') | cut -c 1-4
echo -ne "${NC}"
echo -n " - Quota Nextcloud (Ldap) : "
echo -ne "${GREEN}"
ldapsearch -H ldap://${LDAP_IP} -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i nextcloudquota | cut -c 17-60
@@ -247,11 +244,11 @@ infoEmail() {
;;
A | a )
searchEmail alias
echo "------------------------------------------------"
echo "------------------------------------------------"
echo " Alias : ${CHOIX_MAIL} "
echo ""
for INFOALIAS in $(ldapsearch -H ldap://${LDAP_IP} -x -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${LDAP_ADMIN_PASSWORD}" -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${CHOIX_MAIL}*))" mail \
-w "${LDAP_ADMIN_PASSWORD}" -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${CHOIX_MAIL}*))" mail \
| grep ^mail: | sed -e 's/^mail://')
do
echo -ne "=====> ${GREEN} "
@@ -278,16 +275,21 @@ searchDestroy() {
CHOIX_MAIL=""
searchEmail
REP_SEARCH_DESTROY=$CHOIX_MAIL
echo "CHOIX=$REP_SEARCH_DESTROY"
echo "domaine en cours : ${DOMAINE_EN_COURS}"
MAIL_SECOURS=$(ldapsearch -H ldap://${LDAP_IP} \
-x -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${LDAP_ADMIN_PASSWORD}" \
-b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=*${REP_SEARCH_DESTROY}*))" | grep ^mailDeSecours | sed -e 's/^mailDeSecours: //')
echo "Mail en cours = $REP_SEARCH_DESTROY"
echo "Mail de secours = ${MAIL_SECOURS}"
echo "Domaine en cours : ${DOMAINE_EN_COURS}"
echo "--------------------------------- SUPPRESION ----------------------------------------"
while :
do
echo "----------------------------------------------------------------------"
printKazMsg "${GREEN}${ACTION_EN_COURS}${NC}"
echo "----------------------------------------------------------------------"
echo "----------------------------------------------------------------------"
printKazMsg "${GREEN}${ACTION_EN_COURS}${NC}"
echo "----------------------------------------------------------------------"
echo -e "${BLINK} TOUT RETOUR EN ARRIERE EST IMPOSSIBLE ${NC}"
read -p "ON CONTINUE ? [ o / n ]: " SEARCH_DESTROY_INPUT
read -p "ON CONTINUE ? [ o / n ]: " SEARCH_DESTROY_INPUT
if [ "$SEARCH_DESTROY_INPUT" = "n" ] || [ "$SEARCH_DESTROY_INPUT" = "N" ]
then
searchDestroy
@@ -335,10 +337,11 @@ searchDestroy() {
fi
echo -e "${NC}"
echo ""
echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans la liste info de sympa"
echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} et ${MAIL_SECOURS} dans la liste info de sympa"
echo -e "${NC}"
echo ""
docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${SOAP_USER} --trusted_application_password=${SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${REP_SEARCH_DESTROY}"
docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${SOAP_USER} --trusted_application_password=${SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${MAIL_SECOURS}"
echo -e "${NC}"
echo ""
echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans le serveur de mail"
@@ -355,10 +358,6 @@ searchDestroy() {
echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans le ldap"
echo -e "${NC}"
echo ""
MAIL_SECOURS=$(ldapsearch -H ldap://${LDAP_IP} \
-x -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${LDAP_ADMIN_PASSWORD}" \
-b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=*${REP_SEARCH_DESTROY}*))" | grep ^mailDeSecours | sed -e 's/^mailDeSecours: //')
ldapdelete -H ldap://${LDAP_IP} -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${LDAP_ADMIN_PASSWORD}" "cn=${REP_SEARCH_DESTROY},ou=users,${ldap_root}"
if [ "$?" -eq "0" ]
then
@@ -373,7 +372,7 @@ searchDestroy() {
printKazError "Erreur de suppression"
fi
printKazMsg "Envoi d'un message dans mattermost pour la suppression du compte"
docker exec -ti mattermostServ bin/mmctl post create kaz:Creation-Comptes --message "Le compte ${REP_SEARCH_DESTROY} est supprimé" >/dev/null 2>&1
docker exec -ti mattermostServ bin/mmctl post create kaz:Creation-Comptes --message "Le compte ${REP_SEARCH_DESTROY} est supprimé , mail envoyé à ${MAIL_SECOURS}" >/dev/null 2>&1
MAIL_SUPPR="Le compte ${REP_SEARCH_DESTROY} est supprimé"
OLDIFS=${IFS}
IFS=''
@@ -1199,4 +1198,3 @@ esac
[ ! -e ${KAZ_CONF_DIR}/autorized-domains.txt ] && { echo "création de ${KAZ_CONF_DIR}/autorized-domains.txt" ; touch ${KAZ_CONF_DIR}/autorized-domains.txt;}
! grep $domain ${KAZ_CONF_DIR}/autorized-domains.txt && echo $domain >> ${KAZ_CONF_DIR}/autorized-domains.txt
Main

8
bin/lib/mattermost.py
View File

@@ -2,8 +2,9 @@ import subprocess
from .config import getDockersConfig, getSecretConfig
mattermost_user = getSecretConfig("mattermostServ", "MM_ADMIN_USER")
mattermost_pass = getSecretConfig("mattermostServ", "MM_ADMIN_PASSWORD")
mattermost_user = getSecretConfig("mattermostAdmin", "mattermost_user")
mattermost_pass = getSecretConfig("mattermostAdmin", "mattermost_pass")
# mattermost_token = getSecretConfig("mattermostAdmin", "mattermost_token")
mattermost_url = f"https://{getDockersConfig('matterHost')}.{getDockersConfig('domain')}"
mmctl = "docker exec -i mattermostServ bin/mmctl"
@@ -23,6 +24,8 @@ class Mattermost:
def authenticate(self):
# Authentification sur MM
cmd = f"{mmctl} auth login {mattermost_url} --name local-server --username {mattermost_user} --password {mattermost_pass}"
# ou (si ça casse le token ?)
# cmd = f"{mmctl} auth login {mattermost_url} --name local-server --access-token {mattermost_token}"
subprocess.run(cmd, shell=True, stderr=subprocess.STDOUT, check=True)
@@ -131,4 +134,3 @@ class Mattermost:
cmd = f"{mmctl} team delete {equipe} --confirm"
output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
return output.decode()

2
bin/manageWiki.sh
View File

@@ -117,7 +117,7 @@ Version(){
Reload(){
# $1 ContainerName
if [ -f "${VOL_PREFIX}wikiData/_data/farms/init.sh" ]; then
${SIMU} docker exec -ti "${1}" /dokuwiki/data/farms/init.sh
${SIMU} docker exec -ti "${1}" /storage/data/farms/init.sh
${SIMU} pkill -KILL lighttpd
fi
}

11
config/orgaTmpl/docker-compose.yml
View File

@@ -153,18 +153,19 @@ services:
#}}
#{{wiki
dokuwiki:
image: mprasil/dokuwiki
image: dokuwiki/dokuwiki
container_name: ${orga}-${dokuwikiServName}
#disk_quota: 10G
restart: ${restartPolicy}
labels:
- "traefik.enable=true"
- "traefik.http.routers.${orga}-${dokuwikiServName}.rule=Host(`${orga}-${dokuwikiHost}.${domain}`){{FOREIGN_DW}}"
- "traefik.http.services.${orga}-${dokuwikiServName}.loadbalancer.server.port=8080"
volumes:
- wikiData:/dokuwiki/data
- wikiConf:/dokuwiki/conf
- wikiPlugins:/dokuwiki/lib/plugins
- wikiLibtpl:/dokuwiki/lib/tpl
- wikiData:/storage/data
- wikiConf:/storage/conf
- wikiPlugins:/storage/lib/plugins
- wikiLibtpl:/storage/lib/tpl
- wikiLogs:/var/log
networks:
- orgaNet

85
dockers/dokuwiki/Dockerfile
View File

@@ -1,85 +0,0 @@
FROM --platform=${TARGETPLATFORM:-linux/amd64} crazymax/alpine-s6:3.12
ARG TARGETPLATFORM
ARG BUILDPLATFORM
RUN printf "I am running on ${BUILDPLATFORM:-linux/amd64}, building for ${TARGETPLATFORM:-linux/amd64}\n$(uname -a)\n"
LABEL maintainer="CrazyMax"
########################################
# APT local cache
# work around because COPY failed if no source file
COPY .dummy .apt-mirror-confi[g] .proxy-confi[g] /
RUN cp /.proxy-config /etc/profile.d/proxy.sh 2> /dev/null || true
RUN if [ -f /.apt-mirror-config ] ; then . /.apt-mirror-config && sed -i \
-e "s%s\?://deb.debian.org%://${APT_MIRROR_DEBIAN}%g" \
-e "s%s\?://security.debian.org%://${APT_MIRROR_DEBIAN_SECURITY}%g" \
-e "s%s\?://archive.ubuntu.com%://${APT_MIRROR_UBUNTU}%g" \
-e "s%s\?://security.ubuntu.com%://${APT_MIRROR_UBUNTU_SECURITY}%g" \
/etc/apt/sources.list; fi
########################################
RUN apk --update --no-cache add \
curl \
imagemagick \
inotify-tools \
libgd \
nginx \
php7 \
php7-cli \
php7-ctype \
php7-curl \
php7-fpm \
php7-gd \
php7-imagick \
php7-json \
php7-ldap \
php7-mbstring \
php7-openssl \
php7-pdo \
php7-pdo_sqlite \
php7-session \
php7-simplexml \
php7-sqlite3 \
php7-xml \
php7-zip \
php7-zlib \
shadow \
su-exec \
tar \
tzdata \
&& rm -rf /tmp/* /var/cache/apk/* /var/www/*
ENV S6_BEHAVIOUR_IF_STAGE2_FAILS="2" \
DOKUWIKI_VERSION="2020-07-29" \
DOKUWIKI_MD5="8867b6a5d71ecb5203402fe5e8fa18c9" \
TZ="UTC" \
PUID="1500" \
PGID="1500"
RUN apk --update --no-cache add -t build-dependencies \
gnupg \
wget \
&& cd /tmp \
&& wget -q "https://download.dokuwiki.org/src/dokuwiki/dokuwiki-$DOKUWIKI_VERSION.tgz" \
&& echo "$DOKUWIKI_MD5 /tmp/dokuwiki-$DOKUWIKI_VERSION.tgz" | md5sum -c - | grep OK \
&& tar -xzf "dokuwiki-$DOKUWIKI_VERSION.tgz" --strip 1 -C /var/www \
&& apk del build-dependencies \
&& rm -rf /root/.gnupg /tmp/* /var/cache/apk/*
COPY rootfs /
RUN rm -f /dokuwiki.tgz
COPY htaccess /dokuwiki/.htaccess
RUN chmod a+x /usr/local/bin/* \
&& addgroup -g ${PGID} dokuwiki \
&& adduser -D -H -u ${PUID} -G dokuwiki -s /bin/sh dokuwiki
EXPOSE 8000
WORKDIR /var/www
VOLUME [ "/data" ]
ENTRYPOINT [ "/init" ]
HEALTHCHECK --interval=10s --timeout=5s --start-period=20s \
CMD curl --fail http://127.0.0.1:12345/ping || exit 1

11
dockers/dokuwiki/docker-compose.yml
View File

@@ -1,7 +1,7 @@
services:
dokuwiki:
image: mprasil/dokuwiki
image: dokuwiki/dokuwiki
container_name: ${dokuwikiServName}
restart: ${restartPolicy}
# ports:
@@ -12,14 +12,15 @@ services:
external_links:
- ${smtpServName}:${smtpHost}.${domain}
volumes:
- "dokuwikiData:/dokuwiki/data"
- "dokuwikiConf:/dokuwiki/conf"
- "dokuwikiPlugins:/dokuwiki/lib/plugins"
- "dokuwikiLibtpl:/dokuwiki/lib/tpl"
- "dokuwikiData:/storage/data"
- "dokuwikiConf:/storage/conf"
- "dokuwikiPlugins:/storage/lib/plugins"
- "dokuwikiLibtpl:/storage/lib/tpl"
- "dokuwikiLogs:/var/log"
labels:
- "traefik.enable=true"
- "traefik.http.routers.${dokuwikiServName}.rule=Host(`${dokuwikiHost}.${domain}`)"
- "traefik.http.services.${dokuwikiServName}.loadbalancer.server.port=8080"
- "traefik.docker.network=dokuwikiNet"
volumes:

10
dockers/ldap/docker-compose.yml
View File

@@ -68,6 +68,16 @@ services:
- /etc/timezone:/etc/timezone:ro
networks:
- ldapNet
# labels:
# - "traefik.enable=true"
# - "traefik.tcp.routers.${ldapServName}.rule=HostSNI(`ldap.${domain}`)"
# - "traefik.tcp.routers.${ldapServName}.entrypoints=ldapsecure"
# - "traefik.tcp.routers.${ldapServName}.tls=true"
# - "traefik.tcp.routers.${ldapServName}.tls.domains[0].main=ldap.${domain}"
# - "traefik.tcp.routers.${ldapServName}.tls.certResolver=letsencrypt"
# - "traefik.tcp.routers.${ldapServName}.middlewares=ldap-ip-allowlist@file"
# - "traefik.tcp.services.${ldapServName}.loadbalancer.server.port=389"
# - "traefik.docker.network=ldapNet"
volumes:
openldapData:

6
dockers/mastodon/README.md
View File

@@ -4,3 +4,9 @@ docker-compose run --rm web bundle exec rails db:setup
Créer un compte admin :
tootctl accounts create adminkaz --email admin@kaz.bzh --confirmed --role Owner
tootctl accounts approve adminkaz
après un upgrade mastodon j'ai du faire ça
docker-compose run --rm web bundle exec rails db:migrate
De la doc sur ldap :
https://gist.github.com/sigmaris/5db742083a3406c7c385315634640650

39
dockers/mastodon/docker-compose.yml
View File

@@ -1,6 +1,3 @@
# This file is designed for production server deployment, not local development work
# For a containerized local dev environment, see: https://github.com/mastodon/mastodon/blob/main/docs/DEVELOPMENT.md#docker
services:
db:
container_name: ${mastodonDBName}
@@ -13,8 +10,6 @@ services:
test: ['CMD', 'pg_isready', '-U', 'postgres']
volumes:
- postgres:/var/lib/postgresql/data
# environment:
# - 'POSTGRES_HOST_AUTH_METHOD=trust'
env_file:
- ../../secret/env-mastodonDB
@@ -61,16 +56,11 @@ services:
# - '127.0.0.1:9200:9200'
web:
# You can uncomment the following line if you want to not use the prebuilt image, for example if you have local code changes
# build: .
container_name: ${mastodonServName}
image: ghcr.io/mastodon/mastodon:v4.3.6
image: ghcr.io/mastodon/mastodon:v4.5.1
restart: ${restartPolicy}
environment:
- LOCAL_DOMAIN=${mastodonHost}.${domain}
- SMTP_SERVER=smtp.${domain}
- SMTP_LOGIN=admin@${domain}
- SMTP_FROM_ADDRESS=admin@${domain}
env_file:
- env-config
- ../../secret/env-mastodonServ
@@ -92,27 +82,20 @@ services:
- images:/mastodon/app/javascript/images
labels:
- "traefik.enable=true"
- "traefik.http.routers.koz.rule=Host(`${mastodonHost}.${domain}`)"
- "traefik.http.services.koz.loadbalancer.server.port=3000"
- "traefik.http.routers.mastodon.rule=Host(`${mastodonHost}.${domain}`)"
- "traefik.http.services.mastodon.loadbalancer.server.port=3000"
- "traefik.docker.network=mastodonNet"
streaming:
# You can uncomment the following lines if you want to not use the prebuilt image, for example if you have local code changes
# build:
# dockerfile: ./streaming/Dockerfile
# context: .
container_name: ${mastodonStreamingName}
image: ghcr.io/mastodon/mastodon-streaming:v4.3.6
image: ghcr.io/mastodon/mastodon-streaming:v4.5.1
restart: ${restartPolicy}
environment:
- LOCAL_DOMAIN=${mastodonHost}.${domain}
- SMTP_SERVER=smtp.${domain}
- SMTP_LOGIN=admin@${domain}
- SMTP_FROM_ADDRESS=admin@${domain}
env_file:
- env-config
- ../../secret/env-mastodonServ
- ../../secret/env-mastodonDB
command: node ./streaming/index.js
networks:
- mastodonNet
@@ -126,24 +109,20 @@ services:
- redis
labels:
- "traefik.enable=true"
- "traefik.http.routers.kozs.rule=(Host(`${mastodonHost}.${domain}`) && PathPrefix(`/api/v1/streaming`))"
- "traefik.http.services.kozs.loadbalancer.server.port=4000"
- "traefik.http.routers.mastodons.rule=(Host(`${mastodonHost}.${domain}`) && PathPrefix(`/api/v1/streaming`))"
- "traefik.http.services.mastodons.loadbalancer.server.port=4000"
- "traefik.docker.network=mastodonNet"
sidekiq:
# You can uncomment the following line if you want to not use the prebuilt image, for example if you have local code changes
# build: .
container_name: ${mastodonSidekiqName}
image: ghcr.io/mastodon/mastodon:v4.3.6
image: ghcr.io/mastodon/mastodon:v4.5.1
restart: ${restartPolicy}
environment:
- LOCAL_DOMAIN=${mastodonHost}.${domain}
- SMTP_SERVER=smtp.${domain}
- SMTP_LOGIN=admin@${domain}
- SMTP_FROM_ADDRESS=admin@${domain}
env_file:
- env-config
- ../../secret/env-mastodonServ
- ../../secret/env-mastodonDB
command: bundle exec sidekiq
depends_on:
- db

2
dockers/mastodon/env-config
View File

@@ -67,7 +67,7 @@ ES_PASS=password
# Sending mail
# ------------
#SMTP_SERVER=
SMTP_PORT=587
#SMTP_PORT=587
#SMTP_LOGIN=
#SMTP_PASSWORD=
#SMTP_FROM_ADDRESS=

4
dockers/mattermost/docker-compose.yml
View File

@@ -3,7 +3,7 @@
services:
app:
image: mattermost/mattermost-team-edition:11.0.2
image: mattermost/mattermost-team-edition:11.1
container_name: ${mattermostServName}
restart: ${restartPolicy}
volumes:
@@ -16,7 +16,7 @@ services:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- /etc/environment:/etc/environment:ro
- ./mostlymatter-amd64-v11.0.2:/mattermost/bin/mattermost
- ./mostlymatter-amd64-v11.1.0:/mattermost/bin/mattermost
env_file:
- ../../secret/env-${mattermostServName}
environment:

21
dockers/sympa/wait-sympa.sh Executable file
View File

@@ -0,0 +1,21 @@
#!/bin/bash
#quoi: lancer des cmdes iptables lorsque sympa est up
#quand: 02/12/2025
#qui: fab
CONTAINER="sympaServ"
HOST_SCRIPT="/kaz/dockers/sympa/updateFirewall.sh"
echo "On attend que sympa soit UP"
# Boucle jusqu'à ce qu'il soit en état running
while :; do
state=$(docker inspect -f '{{.State.Running}}' "$CONTAINER" 2>/dev/null)
if [ "$state" = "true" ]; then
echo "$CONTAINER est up. démarrage de $HOST_SCRIPT..."
bash "$HOST_SCRIPT"
exit 0
fi
sleep 2
done

7
dockers/traefik/conf/allow_ip.yml.dist
View File

@@ -9,3 +9,10 @@ http:
ipallowlist:
sourceRange:
- "127.0.0.1"
tcp:
middlewares:
ldap-ip-allowlist:
ipAllowList:
sourceRange:
- "127.0.0.1"

4
dockers/traefik/docker-compose.tmpl.yml.dist
View File

@@ -1,12 +1,13 @@
services:
reverse-proxy:
image: traefik:v3.5.1
image: traefik:v3.6.2
container_name: ${traefikServName}
restart: ${restartPolicy}
# Enables the web UI and tells Traefik to listen to docker
ports:
- ${MAIN_IP}:80:80
- ${MAIN_IP}:443:443
- ${MAIN_IP}:636:636
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./conf:/etc/traefik/
@@ -24,6 +25,7 @@ services:
- TRAEFIK_ENTRYPOINTS_websecure_HTTP_MIDDLEWARES=hsts@file,test-ipallowlist@file
- TRAEFIK_ENTRYPOINTS_websecure_TRANSPORT_RESPONDINGTIMEOUTS_READTIMEOUT=600
- TRAEFIK_ENTRYPOINTS_websecure_TRANSPORT_RESPONDINGTIMEOUTS_IDLETIMEOUT=600
- TRAEFIK_ENTRYPOINTS_ldapsecure_ADDRESS=:636
- TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_EMAIL=admin@${domain}
- TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_CASERVER=${acme_server}
- TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_STORAGE=/letsencrypt/acme.json