KAZ/KazV2
11
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

Compare commits

base: KAZ:39aa417d113e0e11a0dd9d3b16a77cf814ba3757
Branches Tags
KAZ:master KAZ:feat/python KAZ:gestionSecrets
...
compare: KAZ:master
Branches Tags
KAZ:master KAZ:feat/python KAZ:gestionSecrets

18 Commits
39aa417d11 ... master

Author SHA1 Message Date
nom
a5a8580e7a pour démarrer un script quand sympa est up. doit-être démarré au boot de la machine 2025-12-02 15:06:22 +01:00
nom
acbe218f78 upgrade traefik 3.6.2 2025-11-22 07:57:57 +01:00
didier
9731aa7631 modif du Readme 2025-11-19 19:48:04 +01:00
Fanch
eccd0a5ddc ldaps commenté le temps de mettre en prod 2025-11-19 10:40:46 +01:00
Fanch
5e858b86f3 ldap: autoriser ldaps via traefik 2025-11-19 10:30:05 +01:00
nom
5dc5155c53 upgrade MM 11.1 2025-11-19 00:10:59 +01:00
Fanch
f90620b268 python: lib mattermost 2025-11-16 10:30:37 +01:00
didier
f5678d6c67 cosmétique 2025-11-16 10:00:48 +01:00
didier
3acc408eac date 2025-11-16 09:52:20 +01:00
didier
789917abae ajout suppression du mail de scours dans la liste infos 2025-11-16 09:49:53 +01:00
Fanch
d6dbe1212c chechpaekoldap: forwardings 2025-11-14 21:20:52 +01:00
didier
e50911b40e nettoyage 2025-11-14 14:32:27 +01:00
didier
2100395ef3 modif 2025-11-14 14:15:44 +01:00
nom
d1d637f213 suppr Dockerfile 2025-11-12 17:40:48 +01:00
François
972006cc81 upgrade dokuwiki to "dokuwiki/dokuwiki" 2025-11-09 07:04:46 +01:00
nom
4fc0f4ed74 maj display_name en display-name pour mmctl 2025-11-03 09:02:56 +01:00
didier
ca98a51ff2 git en gitea 2025-10-28 05:36:56 +01:00
didier
e462c383a5 ajout de git dans le save 2025-10-28 05:34:00 +01:00
18 changed files with 157 additions and 210 deletions
Expand all files Collapse all files

4
bin/checkPahekoLdap.py
View File

@@ -163,12 +163,12 @@ with Ldap() as ldap:
ldap_forwardings = ldap.get_mail_forwardings()
for ldap_user in ldap_forwardings:
ldap_user = ldap_user[1]
paheko_entry = [x for x in membres if x["email"] == ldap_user["mail"][0].decode() or (x["emails_rattaches"] and ldap_user["mail"][0].decode() in x["emails_rattaches"])]
paheko_entry = [x for x in membres if x["email"] == ldap_user["mailAlias"][0].decode() or (x["forward"] and ldap_user["mailAlias"][0].decode() in x["forward"])]
paheko_entry = paheko_entry[0] if len(paheko_entry) else None
if paheko_entry:
pass
else:
not_in_paheko.append(ldap_user["mail"][0].decode() + " (forwarding)")
not_in_paheko.append(ldap_user["mailAlias"][0].decode() + " (forwarding)")
print("Mails dans paheko mais pas dans le LDAP :")

5
bin/container.sh
View File

@@ -191,6 +191,11 @@ saveComposes () {
. $KAZ_KEY_DIR/env-etherpadDB
saveDB ${etherpadDBName} "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" etherpad mysql
;;
gitea)
echo "save gitea"
. $KAZ_KEY_DIR/env-gitDB
saveDB ${gitDBName} "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" gitea mysql
;;
framadate)
echo "save date"
. $KAZ_KEY_DIR/env-framadateDB

2
bin/createUser.sh
View File

@@ -606,7 +606,7 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$
# l'équipe existe t-elle déjà ?
nb=$(docker exec mattermostServ bin/mmctl team list | grep -w "${EQUIPE_AGORA}" | wc -l)
if [ "${nb}" == "0" ];then # non, on la créé en mettant le user en admin de l'équipe
echo "docker exec -i mattermostServ bin/mmctl team create --name ${EQUIPE_AGORA} --display_name ${EQUIPE_AGORA} --email ${EMAIL_SOUHAITE}" --private | tee -a "${CMD_INIT}"
echo "docker exec -i mattermostServ bin/mmctl team create --name ${EQUIPE_AGORA} --display-name ${EQUIPE_AGORA} --email ${EMAIL_SOUHAITE}" --private | tee -a "${CMD_INIT}"
fi
# puis ajouter le user à l'équipe
echo "docker exec -i mattermostServ bin/mmctl team users add ${EQUIPE_AGORA} ${EMAIL_SOUHAITE}" | tee -a "${CMD_INIT}"

140
bin/gestUsers.sh
View File

@@ -8,12 +8,12 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
setKazVars
. $DOCKERS_ENV
. $KAZ_KEY_DIR/env-ldapServ
. $KAZ_KEY_DIR/env-nextcloudServ
. $KAZ_KEY_DIR/env-sympaServ
. $KAZ_KEY_DIR/env-ldapServ
. $KAZ_KEY_DIR/env-nextcloudServ
. $KAZ_KEY_DIR/env-sympaServ
. $KAZ_KEY_DIR/env-paheko
VERSION="16-10-2025"
VERSION="16-11-2025"
PRG=$(basename $0)
RACINE=$(echo $PRG | awk '{print $1}')
IFS=' '
@@ -50,7 +50,7 @@ rm -rf /tmp/*.json
############################################ Fonctions #######################################################
ExpMail() {
. $KAZ_KEY_DIR/env-mail
MAIL_DEST=$1
MAIL_SUJET=$2
@@ -69,7 +69,7 @@ PostMattermost() {
searchEmail() {
# on peut appeler cette fonction avec un paramêtre
# on peut appeler cette fonction avec un paramêtre
# qui doit être une adresse email
CHOIX_MAIL=""
SEARCH_OBJECT_CLASS="inetOrgPerson"
@@ -85,7 +85,7 @@ searchEmail() {
echo "----------------------------------------------------------------------"
read -p "Adresse ou caractere contenu dans cette adresse (r ou R pour retour ) ? : " RMAIL
[[ ${RMAIL} =~ ^[rRqQ]$ ]] && Main
if [ "${RMAIL}" == "" ]
if [ "${RMAIL}" == "" ]
then
fait=0
else
@@ -114,11 +114,11 @@ searchEmail() {
# si on tape r ou r ou Q ou q ou 0 on relance le menu de recherche de mail
[[ $NB_LIGNE_MAIL =~ [rRqQ0] ]] && searchEmail $1
CHOIX_MAIL=$(cat ${TFILE_MAILS_TROUVE} | grep "^${NB_LIGNE_MAIL}\b" | awk '{print $3}' | tr -d '[:space:]')
# si on répond par entrée nb_ligne_mail sera vide
# si on donne une réponse qui est une lettre ou un mauvais chiffre choix_mail sera vide
# si on répond par entrée nb_ligne_mail sera vide
# si on donne une réponse qui est une lettre ou un mauvais chiffre choix_mail sera vide
# alors on reboucle sur la liste des mails
if [ "$CHOIX_MAIL" == "" ] || [ "$NB_LIGNE_MAIL" == "" ]
then
CHOIX_MAIL=""
@@ -139,7 +139,7 @@ searchEmail() {
searchMattermost() {
#Ici $1 est une adresse email
. $KAZ_KEY_DIR/env-mattermostAdmin
docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings auth login $httpProto://$URL_AGORA --name local-server --username $mattermost_user --password $mattermost_pass >/dev/null 2>&1
docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings auth login $httpProto://$URL_AGORA --name local-server --username $mattermost_user --password $mattermost_pass >/dev/null 2>&1
docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings config set ServiceSettings.EnableAPIUserDeletion "true" >/dev/null 2>&1
#on créé la list des mails dans mattermost
docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings user list --all >${TFILE_MAILS_MATTERMOST} 2>/dev/null
@@ -167,11 +167,11 @@ infoEmail() {
while :
do
clear
echo "------------------------------------------------"
echo "------------------------------------------------"
printKazMsg "${ACTION_EN_COURS}"
echo "------------------------------------------------"
echo "------------------------------------------------"
read -p "Alias ou Mail ? (R pour retour ou M/A [M] :" RINFOMAIL
case ${RINFOMAIL} in
case ${RINFOMAIL} in
"" | M | m )
infofait=O
searchEmail
@@ -184,9 +184,6 @@ infoEmail() {
echo " ------------------------------------------------"
printKazMsg " DETAILS DU COMPTE DANS NEXTCLOUD PRINCIPAL"
echo -e ""
#TEMP_USER_NC=$(mktemp /tmp/$RACINE.XXXXXXXXX.TEMP_USER_NC)
#curl -s -o $TEMP_USER_NC -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=$CHOIX_MAIL
#cat $TEMP_USER_NC | grep -i "element" | sed -e s/[\<\>\/]//g | sed -e s/element//g
echo -ne "${NC}"
echo -ne " - Nextcloud enable : "
echo -ne "${GREEN}"
@@ -202,20 +199,20 @@ infoEmail() {
jq .results[].ville /tmp/$CHOIX_MAIL-paheko.json
SERVEUR_PROD=$(jq .results[].serveur_prod /tmp/$CHOIX_MAIL-paheko.json)
NOM_ORGA=$(jq .results[].nom_orga /tmp/$CHOIX_MAIL-paheko.json)
[ "${NOM_ORGA}" = "null" ] || echo -e " - ORGA : ${GREEN}${NOM_ORGA}${NC} sur serveur ${GREEN}${SERVEUR_PROD}${NC} "
[ "${NOM_ORGA}" = "null" ] || echo -e " - ORGA : ${GREEN}${NOM_ORGA}${NC} sur serveur ${GREEN}${SERVEUR_PROD}${NC} "
echo -n " - Quota (Paheko) : "
echo -ne "${GREEN}"
jq .results[].quota_disque /tmp/$CHOIX_MAIL-paheko.json
echo -ne "${NC}"
echo -n " - Quota Mail (Ldap) : "
echo -n " - Quota Mail (Ldap) : "
echo -ne "${GREEN}"
ldapsearch -H ldap://${LDAP_IP} -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i mailquota | cut -c 11-60
echo -ne "${NC}"
echo -ne " - Place disque des mails : "
cd ${DOCK_VOL}/postfix_mailData/_data/${DOMAINE_EN_COURS}
echo -ne "${GREEN}"
du -sh $(echo ${CHOIX_MAIL} | sed -e 's/@.*//') | cut -c 1-4
echo -ne "${NC}"
cd ${DOCK_VOL}/postfix_mailData/_data/${DOMAINE_EN_COURS}
echo -ne "${GREEN}"
du -sh $(echo ${CHOIX_MAIL} | sed -e 's/@.*//') | cut -c 1-4
echo -ne "${NC}"
echo -n " - Quota Nextcloud (Ldap) : "
echo -ne "${GREEN}"
ldapsearch -H ldap://${LDAP_IP} -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i nextcloudquota | cut -c 17-60
@@ -247,14 +244,14 @@ infoEmail() {
;;
A | a )
searchEmail alias
echo "------------------------------------------------"
echo "------------------------------------------------"
echo " Alias : ${CHOIX_MAIL} "
echo ""
for INFOALIAS in $(ldapsearch -H ldap://${LDAP_IP} -x -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${LDAP_ADMIN_PASSWORD}" -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${CHOIX_MAIL}*))" mail \
-w "${LDAP_ADMIN_PASSWORD}" -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${CHOIX_MAIL}*))" mail \
| grep ^mail: | sed -e 's/^mail://')
do
echo -ne "=====> ${GREEN} "
echo -ne "=====> ${GREEN} "
echo "${INFOALIAS}" | tr -d [:space:]
echo "${NC}"
done
@@ -278,16 +275,21 @@ searchDestroy() {
CHOIX_MAIL=""
searchEmail
REP_SEARCH_DESTROY=$CHOIX_MAIL
echo "CHOIX=$REP_SEARCH_DESTROY"
echo "domaine en cours : ${DOMAINE_EN_COURS}"
MAIL_SECOURS=$(ldapsearch -H ldap://${LDAP_IP} \
-x -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${LDAP_ADMIN_PASSWORD}" \
-b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=*${REP_SEARCH_DESTROY}*))" | grep ^mailDeSecours | sed -e 's/^mailDeSecours: //')
echo "Mail en cours = $REP_SEARCH_DESTROY"
echo "Mail de secours = ${MAIL_SECOURS}"
echo "Domaine en cours : ${DOMAINE_EN_COURS}"
echo "--------------------------------- SUPPRESION ----------------------------------------"
while :
do
echo "----------------------------------------------------------------------"
printKazMsg "${GREEN}${ACTION_EN_COURS}${NC}"
echo "----------------------------------------------------------------------"
echo "----------------------------------------------------------------------"
printKazMsg "${GREEN}${ACTION_EN_COURS}${NC}"
echo "----------------------------------------------------------------------"
echo -e "${BLINK} TOUT RETOUR EN ARRIERE EST IMPOSSIBLE ${NC}"
read -p "ON CONTINUE ? [ o / n ]: " SEARCH_DESTROY_INPUT
read -p "ON CONTINUE ? [ o / n ]: " SEARCH_DESTROY_INPUT
if [ "$SEARCH_DESTROY_INPUT" = "n" ] || [ "$SEARCH_DESTROY_INPUT" = "N" ]
then
searchDestroy
@@ -335,10 +337,11 @@ searchDestroy() {
fi
echo -e "${NC}"
echo ""
echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans la liste info de sympa"
echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} et ${MAIL_SECOURS} dans la liste info de sympa"
echo -e "${NC}"
echo ""
docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${SOAP_USER} --trusted_application_password=${SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${REP_SEARCH_DESTROY}"
docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${SOAP_USER} --trusted_application_password=${SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${MAIL_SECOURS}"
echo -e "${NC}"
echo ""
echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans le serveur de mail"
@@ -355,10 +358,6 @@ searchDestroy() {
echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans le ldap"
echo -e "${NC}"
echo ""
MAIL_SECOURS=$(ldapsearch -H ldap://${LDAP_IP} \
-x -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${LDAP_ADMIN_PASSWORD}" \
-b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=*${REP_SEARCH_DESTROY}*))" | grep ^mailDeSecours | sed -e 's/^mailDeSecours: //')
ldapdelete -H ldap://${LDAP_IP} -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${LDAP_ADMIN_PASSWORD}" "cn=${REP_SEARCH_DESTROY},ou=users,${ldap_root}"
if [ "$?" -eq "0" ]
then
@@ -373,7 +372,7 @@ searchDestroy() {
printKazError "Erreur de suppression"
fi
printKazMsg "Envoi d'un message dans mattermost pour la suppression du compte"
docker exec -ti mattermostServ bin/mmctl post create kaz:Creation-Comptes --message "Le compte ${REP_SEARCH_DESTROY} est supprimé" >/dev/null 2>&1
docker exec -ti mattermostServ bin/mmctl post create kaz:Creation-Comptes --message "Le compte ${REP_SEARCH_DESTROY} est supprimé , mail envoyé à ${MAIL_SECOURS}" >/dev/null 2>&1
MAIL_SUPPR="Le compte ${REP_SEARCH_DESTROY} est supprimé"
OLDIFS=${IFS}
IFS=''
@@ -386,7 +385,7 @@ searchDestroy() {
done
}
gestPassword() {
gestPassword() {
ACTION_EN_COURS="Gestion du mot de passe d' un compte"
searchEmail
#cree un mdp acceptable par postfix/nc/mattermost
@@ -473,7 +472,7 @@ createMail() {
QUOTA=1
TRUE_KAZ=TRUE
fait=0
# On demande le mail souhaite on regarde si c' est valide et si ça existe déjà
# On demande le mail souhaite on regarde si c' est valide et si ça existe déjà
while [ $fait -eq 0 ]
do
clear
@@ -482,7 +481,7 @@ createMail() {
echo "----------------------------------------------------------------------"
read -p "Mail souhaité (r ou R pour quitter ) : " EMAIL_SOUHAITE
[[ ${EMAIL_SOUHAITE} =~ ^[rRqQ]$ ]] && Main
if [[ ${EMAIL_SOUHAITE} =~ ${regexMail} ]]
if [[ ${EMAIL_SOUHAITE} =~ ${regexMail} ]]
then
ldapsearch -H ldap://${LDAP_IP} \
-x -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" \
@@ -509,7 +508,7 @@ createMail() {
# on renseigne le domaine en cours pour les options qui concernent pas le domaine kaz.bzh
# ----------------------------------------------------------------------
DOMAINE_EN_COURS=$(echo ${EMAIL_SOUHAITE} | sed -e 's/^.*@//')
echo " ---- Domaine: " ${DOMAINE_EN_COURS} ----
echo " ---- Domaine: " ${DOMAINE_EN_COURS} ----
# ----------------------------------------------------------------------
# On demande le mail de secours et on teste si c' est un mail valide
fait=0
@@ -546,7 +545,7 @@ createMail() {
# on constitue le user,domain et pass crypté pour le ldap
LDAPUSER=$(echo ${EMAIL_SOUHAITE} | awk -F '@' '{print $1}')
LDAPDOMAIN=$(echo ${EMAIL_SOUHAITE} | awk -F '@' '{print $2}')
LDAPPASS=$(mkpasswd -m sha512crypt ${PASSWORD})
LDAPPASS=$(mkpasswd -m sha512crypt ${PASSWORD})
[ "${DOMAINE_EN_COURS}" != "${domain}" ] && TRUE_KAZ=FALSE
echo "${GREEN}Mail souhaité : ${NC}${EMAIL_SOUHAITE}"
echo "${GREEN}Mail secours : ${NC}${EMAIL_SECOURS}"
@@ -587,7 +586,7 @@ agoraEnabled: ${TRUE_KAZ}\n\
userPassword: {CRYPT}${LDAPPASS}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${LDAP_ADMIN_USERNAME},${ldap_root}\" -x -w ${LDAP_ADMIN_PASSWORD}" >${TFILE_CREATE_MAIL}
# on execute le fichier avec les données ldap pour créer l' entrée dans l' annuaire
bash ${TFILE_CREATE_MAIL} >/dev/null
# on colle le compte et le mot de passe dans le fichier
# on colle le compte et le mot de passe dans le fichier
echo "Création de : ${EMAIL_SOUHAITE} avec le mot de passe : ${PASSWORD}" >>${TFILE_CREATE_MAIL}
OLDIFS=${IFS}
IFS=''
@@ -618,7 +617,7 @@ Main
createAlias() {
ACTION_EN_COURS="création d' un alias de messagerie"
fait=0
# On demande alias souhaite on regarde si c' est valide et si ça existe déjà
# On demande alias souhaite on regarde si c' est valide et si ça existe déjà
while [ $fait -eq 0 ]
do
clear
@@ -627,7 +626,7 @@ createAlias() {
echo "-------------------------------------------------"
read -p "Alias souhaité (r ou q pour quitter ) : " AMAIL
[[ ${AMAIL} =~ ^[rRqQ]$ ]] && Main
if [[ ${AMAIL} =~ ${regexMail} ]]
if [[ ${AMAIL} =~ ${regexMail} ]]
then
RESU_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} \
-x -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" \
@@ -689,7 +688,7 @@ createAlias() {
done
fait=0
while [ "$fait" = 0 ]
do
do
clear
echo "--------------------------------------------------"
echo -e "${GREEN}résumé de la situation${NC}"
@@ -713,7 +712,7 @@ mailAlias: ${AMAIL}\n\
${LDAPALAISMAIL}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${LDAP_ADMIN_PASSWORD}
fait=1
printKazMsg "Création de ${AMAIL}"
sleep 3
sleep 3
createAlias
;;
n | N )
@@ -737,7 +736,7 @@ delAlias() {
CHOIX_MAIL=""
RESU_ALIAS=""
searchEmail alias
RALIAS=${CHOIX_MAIL}
RALIAS=${CHOIX_MAIL}
[[ ${RALIAS} =~ ^[rRqQ]$ ]] && Main
if [[ ${RALIAS} =~ ${regexMail} ]]
then
@@ -764,13 +763,13 @@ delAlias() {
"" | * )
faitdel=0
;;
esac
esac
done
else
fait=0
fi
else
printKazError " - format alias invalide !"
sleep 2
@@ -780,12 +779,12 @@ delAlias() {
delAlias
}
modifyAlias()
modifyAlias()
{
ACTION_EN_COURS="Modfication d' un alias de messagerie"
MRESU_ALIAS=""
LISTE_MAIL_ALIAS=""
NEW_LISTE_MAIL_ALIAS=""
NEW_LISTE_MAIL_ALIAS=""
ACHANGE=0
searchEmail alias
LISTE_MAIL_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} \
@@ -841,13 +840,13 @@ modifyAlias()
BOUCLE_ADD_MAIL=1
else
printKazMsg "erreur de mail"
fi
fi
done
;;
"" | n | N )
BOUCLE_ADD_MAIL=1
;;
* )
* )
BOUCLE_ADD_MAIL=1
;;
esac
@@ -875,7 +874,7 @@ modifyAlias()
}
updateUser() {
rm -rf /tmp/*attributs.txt
rm -rf /tmp/*attributs.txt
ACTION_EN_COURS="Modification d'un compte"
ATTRIB_MAILS="mailDeSecours mailAlias"
ATTRIB_QUOTA="mailQuota nextcloudQuota"
@@ -923,7 +922,7 @@ updateUser() {
then
echo "------------------------------------------------------------------------"
read -p "=====> ATTENTION : il y a des modifs en cours abandonner ?(o ou n) ? <===== : " RABANDON
case "${RABANDON}" in
case "${RABANDON}" in
o | O )
faitAttrib=1
;;
@@ -933,7 +932,7 @@ updateUser() {
* )
echo ""
;;
esac
esac
else
faitAttrib=1
fi
@@ -947,7 +946,7 @@ updateUser() {
# pour être sur de virer tous les espaces et les tab etc on utilise [:space:]
# on affiche tout les arguments ( les $1 $2 $2 avec la boucle for)
# on ajoute de ___ pour pouvoir le remplace par un espace entre chaque variable
# afin d' afficher un beau contenu1 contenu2 contenu 3
# afin d' afficher un beau contenu1 contenu2 contenu 3
ATTRIBUT_EN_COURS=$(cat ${FIC_ATTRIBUTS} | grep "^${REP_ATTRIBUT}\b" | awk '{print $3}')
CONTENU_ATTRIBUT=$(cat ${FIC_ATTRIBUTS} | grep "^${REP_ATTRIBUT}\b" \
@@ -971,7 +970,7 @@ updateUser() {
mailDeSecours )
echo "------------------------------------------------"
read -p " - Nouveau Mail de Secours : " RCHANGE
if [[ ${RCHANGE} =~ ${regexMail} ]]
if [[ ${RCHANGE} =~ ${regexMail} ]]
then
CHANGED+=([mailDeSecours]=${RCHANGE})
else
@@ -1011,7 +1010,7 @@ updateUser() {
do
read -p " - ${GREEN}Nouvel Alias: ( F pour finir ) :${NC} " ALIAS_SUPP
BOUCLE_ADD_MAIL=0
if [[ ${ALIAS_SUPP} =~ ${regexMail} ]]
if [[ ${ALIAS_SUPP} =~ ${regexMail} ]]
then
if echo "${CONTENU_ATTRIBUT}" | grep "^${ALIAS_SUPP}$"
then
@@ -1035,7 +1034,7 @@ updateUser() {
printKazMsg "Erreur"
sleep 2
;;
esac
esac
[ "${MAILALIAS_CHANGE}" -gt "0" ] && CHANGED+=([mailAlias]="${NEW_CONTENU_ATTRIBUT} ${TALIAS_SUPP}")
faitattrib=0
;;
@@ -1090,7 +1089,7 @@ updateUser() {
fi
;;
"" | * )
faitAttrib=0
faitAttrib=0
;;
esac
done
@@ -1149,19 +1148,19 @@ case "$CHOICE" in
;;
'4' )
searchDestroy
;;
;;
'5' )
createMail
;;
;;
'6' )
createAlias
;;
;;
'7' )
modifyAlias
;;
;;
'8' )
delAlias
;;
;;
'h'| "H" )
clear
echo "--------------------------------------------"
@@ -1199,4 +1198,3 @@ esac
[ ! -e ${KAZ_CONF_DIR}/autorized-domains.txt ] && { echo "création de ${KAZ_CONF_DIR}/autorized-domains.txt" ; touch ${KAZ_CONF_DIR}/autorized-domains.txt;}
! grep $domain ${KAZ_CONF_DIR}/autorized-domains.txt && echo $domain >> ${KAZ_CONF_DIR}/autorized-domains.txt
Main

8
bin/lib/mattermost.py
View File

@@ -2,8 +2,9 @@ import subprocess
from .config import getDockersConfig, getSecretConfig
mattermost_user = getSecretConfig("mattermostServ", "MM_ADMIN_USER")
mattermost_pass = getSecretConfig("mattermostServ", "MM_ADMIN_PASSWORD")
mattermost_user = getSecretConfig("mattermostAdmin", "mattermost_user")
mattermost_pass = getSecretConfig("mattermostAdmin", "mattermost_pass")
# mattermost_token = getSecretConfig("mattermostAdmin", "mattermost_token")
mattermost_url = f"https://{getDockersConfig('matterHost')}.{getDockersConfig('domain')}"
mmctl = "docker exec -i mattermostServ bin/mmctl"
@@ -23,6 +24,8 @@ class Mattermost:
def authenticate(self):
# Authentification sur MM
cmd = f"{mmctl} auth login {mattermost_url} --name local-server --username {mattermost_user} --password {mattermost_pass}"
# ou (si ça casse le token ?)
# cmd = f"{mmctl} auth login {mattermost_url} --name local-server --access-token {mattermost_token}"
subprocess.run(cmd, shell=True, stderr=subprocess.STDOUT, check=True)
@@ -131,4 +134,3 @@ class Mattermost:
cmd = f"{mmctl} team delete {equipe} --confirm"
output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
return output.decode()

4
bin/manageWiki.sh
View File

@@ -117,7 +117,7 @@ Version(){
Reload(){
# $1 ContainerName
if [ -f "${VOL_PREFIX}wikiData/_data/farms/init.sh" ]; then
${SIMU} docker exec -ti "${1}" /dokuwiki/data/farms/init.sh
${SIMU} docker exec -ti "${1}" /storage/data/farms/init.sh
${SIMU} pkill -KILL lighttpd
fi
}
@@ -169,4 +169,4 @@ for COMMAND in ${COMMANDS}; do
'RELOAD' )
Reload "${DockerServName}";;
esac
done
done

11
config/orgaTmpl/docker-compose.yml
View File

@@ -153,18 +153,19 @@ services:
#}}
#{{wiki
dokuwiki:
image: mprasil/dokuwiki
image: dokuwiki/dokuwiki
container_name: ${orga}-${dokuwikiServName}
#disk_quota: 10G
restart: ${restartPolicy}
labels:
- "traefik.enable=true"
- "traefik.http.routers.${orga}-${dokuwikiServName}.rule=Host(`${orga}-${dokuwikiHost}.${domain}`){{FOREIGN_DW}}"
- "traefik.http.services.${orga}-${dokuwikiServName}.loadbalancer.server.port=8080"
volumes:
- wikiData:/dokuwiki/data
- wikiConf:/dokuwiki/conf
- wikiPlugins:/dokuwiki/lib/plugins
- wikiLibtpl:/dokuwiki/lib/tpl
- wikiData:/storage/data
- wikiConf:/storage/conf
- wikiPlugins:/storage/lib/plugins
- wikiLibtpl:/storage/lib/tpl
- wikiLogs:/var/log
networks:
- orgaNet

2
config/orgaTmpl/reload.sh
View File

@@ -12,4 +12,4 @@ ORGA_DIR=$(basename ${PWD})
ORGA=${ORGA_DIR%-orga}
${KAZ_BIN_DIR}/manageWiki.sh --reload $ORGA
${KAZ_BIN_DIR}/manageWiki.sh --reload $ORGA

85
dockers/dokuwiki/Dockerfile
View File

@@ -1,85 +0,0 @@
FROM --platform=${TARGETPLATFORM:-linux/amd64} crazymax/alpine-s6:3.12
ARG TARGETPLATFORM
ARG BUILDPLATFORM
RUN printf "I am running on ${BUILDPLATFORM:-linux/amd64}, building for ${TARGETPLATFORM:-linux/amd64}\n$(uname -a)\n"
LABEL maintainer="CrazyMax"
########################################
# APT local cache
# work around because COPY failed if no source file
COPY .dummy .apt-mirror-confi[g] .proxy-confi[g] /
RUN cp /.proxy-config /etc/profile.d/proxy.sh 2> /dev/null || true
RUN if [ -f /.apt-mirror-config ] ; then . /.apt-mirror-config && sed -i \
-e "s%s\?://deb.debian.org%://${APT_MIRROR_DEBIAN}%g" \
-e "s%s\?://security.debian.org%://${APT_MIRROR_DEBIAN_SECURITY}%g" \
-e "s%s\?://archive.ubuntu.com%://${APT_MIRROR_UBUNTU}%g" \
-e "s%s\?://security.ubuntu.com%://${APT_MIRROR_UBUNTU_SECURITY}%g" \
/etc/apt/sources.list; fi
########################################
RUN apk --update --no-cache add \
curl \
imagemagick \
inotify-tools \
libgd \
nginx \
php7 \
php7-cli \
php7-ctype \
php7-curl \
php7-fpm \
php7-gd \
php7-imagick \
php7-json \
php7-ldap \
php7-mbstring \
php7-openssl \
php7-pdo \
php7-pdo_sqlite \
php7-session \
php7-simplexml \
php7-sqlite3 \
php7-xml \
php7-zip \
php7-zlib \
shadow \
su-exec \
tar \
tzdata \
&& rm -rf /tmp/* /var/cache/apk/* /var/www/*
ENV S6_BEHAVIOUR_IF_STAGE2_FAILS="2" \
DOKUWIKI_VERSION="2020-07-29" \
DOKUWIKI_MD5="8867b6a5d71ecb5203402fe5e8fa18c9" \
TZ="UTC" \
PUID="1500" \
PGID="1500"
RUN apk --update --no-cache add -t build-dependencies \
gnupg \
wget \
&& cd /tmp \
&& wget -q "https://download.dokuwiki.org/src/dokuwiki/dokuwiki-$DOKUWIKI_VERSION.tgz" \
&& echo "$DOKUWIKI_MD5 /tmp/dokuwiki-$DOKUWIKI_VERSION.tgz" | md5sum -c - | grep OK \
&& tar -xzf "dokuwiki-$DOKUWIKI_VERSION.tgz" --strip 1 -C /var/www \
&& apk del build-dependencies \
&& rm -rf /root/.gnupg /tmp/* /var/cache/apk/*
COPY rootfs /
RUN rm -f /dokuwiki.tgz
COPY htaccess /dokuwiki/.htaccess
RUN chmod a+x /usr/local/bin/* \
&& addgroup -g ${PGID} dokuwiki \
&& adduser -D -H -u ${PUID} -G dokuwiki -s /bin/sh dokuwiki
EXPOSE 8000
WORKDIR /var/www
VOLUME [ "/data" ]
ENTRYPOINT [ "/init" ]
HEALTHCHECK --interval=10s --timeout=5s --start-period=20s \
CMD curl --fail http://127.0.0.1:12345/ping || exit 1

11
dockers/dokuwiki/docker-compose.yml
View File

@@ -1,7 +1,7 @@
services:
dokuwiki:
image: mprasil/dokuwiki
image: dokuwiki/dokuwiki
container_name: ${dokuwikiServName}
restart: ${restartPolicy}
# ports:
@@ -12,14 +12,15 @@ services:
external_links:
- ${smtpServName}:${smtpHost}.${domain}
volumes:
- "dokuwikiData:/dokuwiki/data"
- "dokuwikiConf:/dokuwiki/conf"
- "dokuwikiPlugins:/dokuwiki/lib/plugins"
- "dokuwikiLibtpl:/dokuwiki/lib/tpl"
- "dokuwikiData:/storage/data"
- "dokuwikiConf:/storage/conf"
- "dokuwikiPlugins:/storage/lib/plugins"
- "dokuwikiLibtpl:/storage/lib/tpl"
- "dokuwikiLogs:/var/log"
labels:
- "traefik.enable=true"
- "traefik.http.routers.${dokuwikiServName}.rule=Host(`${dokuwikiHost}.${domain}`)"
- "traefik.http.services.${dokuwikiServName}.loadbalancer.server.port=8080"
- "traefik.docker.network=dokuwikiNet"
volumes:

10
dockers/ldap/docker-compose.yml
View File

@@ -68,6 +68,16 @@ services:
- /etc/timezone:/etc/timezone:ro
networks:
- ldapNet
# labels:
# - "traefik.enable=true"
# - "traefik.tcp.routers.${ldapServName}.rule=HostSNI(`ldap.${domain}`)"
# - "traefik.tcp.routers.${ldapServName}.entrypoints=ldapsecure"
# - "traefik.tcp.routers.${ldapServName}.tls=true"
# - "traefik.tcp.routers.${ldapServName}.tls.domains[0].main=ldap.${domain}"
# - "traefik.tcp.routers.${ldapServName}.tls.certResolver=letsencrypt"
# - "traefik.tcp.routers.${ldapServName}.middlewares=ldap-ip-allowlist@file"
# - "traefik.tcp.services.${ldapServName}.loadbalancer.server.port=389"
# - "traefik.docker.network=ldapNet"
volumes:
openldapData:

8
dockers/mastodon/README.md
View File

@@ -3,4 +3,10 @@ docker-compose run --rm web bundle exec rails db:setup
Créer un compte admin :
tootctl accounts create adminkaz --email admin@kaz.bzh --confirmed --role Owner
tootctl accounts approve adminkaz
tootctl accounts approve adminkaz
après un upgrade mastodon j'ai du faire ça
docker-compose run --rm web bundle exec rails db:migrate
De la doc sur ldap :
https://gist.github.com/sigmaris/5db742083a3406c7c385315634640650

39
dockers/mastodon/docker-compose.yml
View File

@@ -1,6 +1,3 @@
# This file is designed for production server deployment, not local development work
# For a containerized local dev environment, see: https://github.com/mastodon/mastodon/blob/main/docs/DEVELOPMENT.md#docker
services:
db:
container_name: ${mastodonDBName}
@@ -13,8 +10,6 @@ services:
test: ['CMD', 'pg_isready', '-U', 'postgres']
volumes:
- postgres:/var/lib/postgresql/data
# environment:
# - 'POSTGRES_HOST_AUTH_METHOD=trust'
env_file:
- ../../secret/env-mastodonDB
@@ -61,16 +56,11 @@ services:
# - '127.0.0.1:9200:9200'
web:
# You can uncomment the following line if you want to not use the prebuilt image, for example if you have local code changes
# build: .
container_name: ${mastodonServName}
image: ghcr.io/mastodon/mastodon:v4.3.6
image: ghcr.io/mastodon/mastodon:v4.5.1
restart: ${restartPolicy}
environment:
- LOCAL_DOMAIN=${mastodonHost}.${domain}
- SMTP_SERVER=smtp.${domain}
- SMTP_LOGIN=admin@${domain}
- SMTP_FROM_ADDRESS=admin@${domain}
env_file:
- env-config
- ../../secret/env-mastodonServ
@@ -92,27 +82,20 @@ services:
- images:/mastodon/app/javascript/images
labels:
- "traefik.enable=true"
- "traefik.http.routers.koz.rule=Host(`${mastodonHost}.${domain}`)"
- "traefik.http.services.koz.loadbalancer.server.port=3000"
- "traefik.http.routers.mastodon.rule=Host(`${mastodonHost}.${domain}`)"
- "traefik.http.services.mastodon.loadbalancer.server.port=3000"
- "traefik.docker.network=mastodonNet"
streaming:
# You can uncomment the following lines if you want to not use the prebuilt image, for example if you have local code changes
# build:
# dockerfile: ./streaming/Dockerfile
# context: .
container_name: ${mastodonStreamingName}
image: ghcr.io/mastodon/mastodon-streaming:v4.3.6
image: ghcr.io/mastodon/mastodon-streaming:v4.5.1
restart: ${restartPolicy}
environment:
- LOCAL_DOMAIN=${mastodonHost}.${domain}
- SMTP_SERVER=smtp.${domain}
- SMTP_LOGIN=admin@${domain}
- SMTP_FROM_ADDRESS=admin@${domain}
env_file:
- env-config
- ../../secret/env-mastodonServ
- ../../secret/env-mastodonDB
command: node ./streaming/index.js
networks:
- mastodonNet
@@ -126,24 +109,20 @@ services:
- redis
labels:
- "traefik.enable=true"
- "traefik.http.routers.kozs.rule=(Host(`${mastodonHost}.${domain}`) && PathPrefix(`/api/v1/streaming`))"
- "traefik.http.services.kozs.loadbalancer.server.port=4000"
- "traefik.http.routers.mastodons.rule=(Host(`${mastodonHost}.${domain}`) && PathPrefix(`/api/v1/streaming`))"
- "traefik.http.services.mastodons.loadbalancer.server.port=4000"
- "traefik.docker.network=mastodonNet"
sidekiq:
# You can uncomment the following line if you want to not use the prebuilt image, for example if you have local code changes
# build: .
container_name: ${mastodonSidekiqName}
image: ghcr.io/mastodon/mastodon:v4.3.6
image: ghcr.io/mastodon/mastodon:v4.5.1
restart: ${restartPolicy}
environment:
- LOCAL_DOMAIN=${mastodonHost}.${domain}
- SMTP_SERVER=smtp.${domain}
- SMTP_LOGIN=admin@${domain}
- SMTP_FROM_ADDRESS=admin@${domain}
env_file:
- env-config
- ../../secret/env-mastodonServ
- ../../secret/env-mastodonDB
command: bundle exec sidekiq
depends_on:
- db

2
dockers/mastodon/env-config
View File

@@ -67,7 +67,7 @@ ES_PASS=password
# Sending mail
# ------------
#SMTP_SERVER=
SMTP_PORT=587
#SMTP_PORT=587
#SMTP_LOGIN=
#SMTP_PASSWORD=
#SMTP_FROM_ADDRESS=

4
dockers/mattermost/docker-compose.yml
View File

@@ -3,7 +3,7 @@
services:
app:
image: mattermost/mattermost-team-edition:11.0.2
image: mattermost/mattermost-team-edition:11.1
container_name: ${mattermostServName}
restart: ${restartPolicy}
volumes:
@@ -16,7 +16,7 @@ services:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- /etc/environment:/etc/environment:ro
- ./mostlymatter-amd64-v11.0.2:/mattermost/bin/mattermost
- ./mostlymatter-amd64-v11.1.0:/mattermost/bin/mattermost
env_file:
- ../../secret/env-${mattermostServName}
environment:

21
dockers/sympa/wait-sympa.sh Executable file
View File

@@ -0,0 +1,21 @@
#!/bin/bash
#quoi: lancer des cmdes iptables lorsque sympa est up
#quand: 02/12/2025
#qui: fab
CONTAINER="sympaServ"
HOST_SCRIPT="/kaz/dockers/sympa/updateFirewall.sh"
echo "On attend que sympa soit UP"
# Boucle jusqu'à ce qu'il soit en état running
while :; do
state=$(docker inspect -f '{{.State.Running}}' "$CONTAINER" 2>/dev/null)
if [ "$state" = "true" ]; then
echo "$CONTAINER est up. démarrage de $HOST_SCRIPT..."
bash "$HOST_SCRIPT"
exit 0
fi
sleep 2
done

7
dockers/traefik/conf/allow_ip.yml.dist
View File

@@ -9,3 +9,10 @@ http:
ipallowlist:
sourceRange:
- "127.0.0.1"
tcp:
middlewares:
ldap-ip-allowlist:
ipAllowList:
sourceRange:
- "127.0.0.1"

4
dockers/traefik/docker-compose.tmpl.yml.dist
View File

@@ -1,12 +1,13 @@
services:
reverse-proxy:
image: traefik:v3.5.1
image: traefik:v3.6.2
container_name: ${traefikServName}
restart: ${restartPolicy}
# Enables the web UI and tells Traefik to listen to docker
ports:
- ${MAIN_IP}:80:80
- ${MAIN_IP}:443:443
- ${MAIN_IP}:636:636
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./conf:/etc/traefik/
@@ -24,6 +25,7 @@ services:
- TRAEFIK_ENTRYPOINTS_websecure_HTTP_MIDDLEWARES=hsts@file,test-ipallowlist@file
- TRAEFIK_ENTRYPOINTS_websecure_TRANSPORT_RESPONDINGTIMEOUTS_READTIMEOUT=600
- TRAEFIK_ENTRYPOINTS_websecure_TRANSPORT_RESPONDINGTIMEOUTS_IDLETIMEOUT=600
- TRAEFIK_ENTRYPOINTS_ldapsecure_ADDRESS=:636
- TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_EMAIL=admin@${domain}
- TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_CASERVER=${acme_server}
- TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_STORAGE=/letsencrypt/acme.json