KAZ/KazV2
11
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

Compare commits

base: KAZ:5fbc804edd5750bf633b2869a1240dee687ec8f4
Branches Tags
KAZ:master KAZ:gestionSecrets KAZ:feat/python
...
compare: KAZ:gestionSecrets
Branches Tags
KAZ:gestionSecrets KAZ:master KAZ:feat/python

11 Commits
5fbc804edd ... gestionSec

Author SHA1 Message Date
Gael
a3f448b457 missing .env 2025-07-31 14:33:47 +02:00
Gael
77a3819beb Il faut créer le dossier secret pour chaque orga ! (cas de maj du docker-compose après ajout de service) 2025-07-31 14:18:57 +02:00
Gael
ec16cdfe92 Quelques appels restants + script de migration 2025-07-31 06:16:36 +02:00
Gael
6877a5f872 Le init db est fait dans le initdb.sh plutôt ... 2025-07-31 05:36:32 +02:00
Gael
3a8bd9ec1a Merge branch 'gestionSecrets' of git+ssh://git.kaz.bzh:2202/KAZ/KazV2 into gestionSecrets 2025-07-31 05:05:13 +02:00
Gael
1f9ccff5b6 Les orgas + qques changements pour getpasswords.sh 2025-07-31 05:04:29 +02:00
Gael
ff69724f86 droits d'execution sur les scripts 2025-07-31 01:55:59 +02:00
Gael
99779a70ff Récupération des valeurs du docker.env ! 2025-07-30 23:08:48 +02:00
Gael
400775bf41 removing double quotes + divers petits bugs 2025-07-30 02:57:38 +02:00
Gael
8baf9fc492 Merge branch 'gestionSecrets' of git+ssh://git.kaz.bzh:2202/KAZ/KazV2 into gestionSecrets 2025-07-29 16:37:45 +02:00
Gael
8d26a57b6b A tester : la génération des mots de passe ! 2025-07-29 16:33:17 +02:00
84 changed files with 638 additions and 563 deletions
Expand all files Collapse all files

7
bin/certbot-dns-alwaysdata.sh Normal file → Executable file
View File

@@ -2,9 +2,10 @@
# certbot certonly --manual --preferred-challenges=dns --manual-auth-hook certbot-dns-alwaysdata.sh --manual-cleanup-hook certbot-dns-alwaysdata.sh -d "*.kaz.bzh" -d "kaz.bzh"
ALWAYSDATA_TOKEN="TOKEN"
ALWAYSDATA_ACCOUNT="ACCOUNT"
ALWAYSDATA_API="https://api.alwaysdata.com/v1/"
export KAZ_ROOT=$(cd "$(dirname $0)/.."; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars
. $KAZ_KEY_DIR/env-alwaysdata
DOMAIN_ID=$(curl -s -X GET --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" ${ALWAYSDATA_API}/domain/?name=${CERTBOT_DOMAIN} | jq '.[0].id')

119
bin/checkEnvFiles.sh
View File

@@ -6,8 +6,6 @@ setKazVars
RUN_PASS_DIR="secret"
TMPL_PASS_DIR="secret.tmpl"
RUN_PASS_FILE="${RUN_PASS_DIR}/SetAllPass.sh"
TMPL_PASS_FILE="${TMPL_PASS_DIR}/SetAllPass.sh"
NEED_GEN=
########################################
@@ -48,7 +46,12 @@ getVars () {
# get lvalues in script
getSettedVars () {
# $1 : filename
grep "^[^#]*=..*" $1 | grep -v '^[^#]*=".*--clean_val--.*"' | grep -v '^[^#]*="${' | sort -u
grep -E "^[^=#]*(USER|PASS|TOKEN|DATABASE|ACCOUNT|LOGIN|KEY)[^#]*=..*" ./* | grep -vE '^[^#=]*=.*@@(user|pass|db|token|gv|cv)@@.*' | sort -u
}
getUnsettedVars () {
# $1 : filename
grep -vE '^[^#=]*=.*@@(user|pass|db|token|gv|cv)@@.*' ./* | sort -u
}
getVarFormVal () {
@@ -57,60 +60,6 @@ getVarFormVal () {
grep "^[^#]*=$1" $2 | sed 's/\s*\([^=]*\).*/\1/'
}
########################################
# synchronized SetAllPass.sh (find missing lvalues)
updatePassFile () {
# $1 : ref filename
# $2 : target filename
REF_FILE="$1"
TARGET_FILE="$2"
NEED_UPDATE=
while : ; do
declare -a listRef listTarget missing
listRef=($(getVars "${REF_FILE}"))
listTarget=($(getVars "${TARGET_FILE}"))
missing=($(comm -23 <(printf "%s\n" ${listRef[@]}) <(printf "%s\n" ${listTarget[@]})))
if [ -n "${missing}" ]; then
echo "missing vars in ${YELLOW}${BOLD}${TARGET_FILE}${NC}:${RED}${BOLD}" ${missing[@]} "${NC}"
read -p "Do you want to add them? [y/n]: " yn
case $yn in
""|[Yy]*)
emacs "${REF_FILE}" "${TARGET_FILE}"
NEED_UPDATE=true
break
;;
[Nn]*)
break
;;
esac
else
break
fi
done
}
updatePassFile "${TMPL_PASS_FILE}" "${RUN_PASS_FILE}"
[ -n "${NEED_UPDATE}" ] && NEED_GEN=true
updatePassFile "${RUN_PASS_FILE}" "${TMPL_PASS_FILE}"
########################################
# check empty pass in TMPL_PASS_FILE
declare -a settedVars
settedVars=($(getSettedVars "${TMPL_PASS_FILE}"))
if [ -n "${settedVars}" ]; then
echo "unclear password in ${YELLOW}${BOLD}${TMPL_PASS_FILE}${NC}:${BLUE}${BOLD}"
for var in ${settedVars[@]}; do
echo -e "\t${var}"
done
echo "${NC}"
read -p "Do you want to clear them? [y/n]: " yn
case $yn in
""|[Yy]*)
emacs "${TMPL_PASS_FILE}"
;;
esac
fi
########################################
# check new files env-*
@@ -146,7 +95,7 @@ createMissingEnv "${TMPL_PASS_DIR}" "${RUN_PASS_DIR}"
declare -a listTmpl listRun listCommonFiles
listTmplFiles=($(cd "${TMPL_PASS_DIR}"; ls -1 env-* | grep -v '~$'))
listRunFiles=($(cd "${RUN_PASS_DIR}"; ls -1 env-* | grep -v '~$'))
listCommonFiles=($(comm -3 <(printf "%s\n" ${listTmplFiles[@]}) <(printf "%s\n" ${listRunFiles[@]})))
listCommonFiles=($(comm -12 <(printf "%s\n" ${listTmplFiles[@]}) <(printf "%s\n" ${listRunFiles[@]})))
for envFile in ${listCommonFiles[@]}; do
while : ; do
TMPL_FILE="${TMPL_PASS_DIR}/${envFile}"
@@ -224,21 +173,19 @@ if [ -n "${missing}" ]; then
fi
########################################
# check env-* in updateDockerPassword.sh
missing=($(for DIR in "${RUN_PASS_DIR}" "${TMPL_PASS_DIR}"; do
# check extention in dockers.env
declare -a missing
unsetted=($(for DIR in "${RUN_PASS_DIR}"; do
for envFile in $(ls -1 "${DIR}/"env-* | grep -v '~$'); do
val="${envFile#*env-}"
varName=$(getVarFormVal "${val}" "${DOCKERS_ENV}")
[ -z "${varName}" ] && continue
prefixe=$(grep "^\s*updateEnv.*${varName}" "${KAZ_BIN_DIR}/updateDockerPassword.sh" |
sed 's/\s*updateEnv[^"]*"\([^"]*\)".*/\1/' | sort -u)
if [ -z "${prefixe}" ]; then
echo "${envFile#*/}_(\${KAZ_KEY_DIR}/env-\${"${varName}"})"
if [ -z "${varName}" ]; then
echo "${val}"
fi
done
done | sort -u))
if [ -n "${missing}" ]; then
echo "missing update in ${GREEN}${BOLD}${KAZ_BIN_DIR}/updateDockerPassword.sh${NC}:${BLUE}${BOLD}"
echo "missing def in ${GREEN}${BOLD}${DOCKERS_ENV}${NC}:${BLUE}${BOLD}"
for var in ${missing[@]}; do
echo -e "\t${var}"
done
@@ -246,53 +193,17 @@ if [ -n "${missing}" ]; then
read -p "Do you want to add them? [y/n]: " yn
case $yn in
""|[Yy]*)
emacs "${KAZ_BIN_DIR}/updateDockerPassword.sh"
emacs "${DOCKERS_ENV}"
;;
esac
fi
########################################
# synchronized SetAllPass.sh and env-*
updateEnvFiles () {
# $1 secret dir
DIR=$1
listRef=($(getVars "${DIR}/SetAllPass.sh"))
missing=($(for envFile in $(ls -1 "${DIR}/"env-* | grep -v '~$'); do
val="${envFile#*env-}"
varName=$(getVarFormVal "${val}" "${DOCKERS_ENV}")
[ -z "${varName}" ] && continue
prefixe=$(grep "^\s*updateEnv.*${varName}" "${KAZ_BIN_DIR}/updateDockerPassword.sh" |
sed 's/\s*updateEnv[^"]*"\([^"]*\)".*/\1/' | sort -u)
[ -z "${prefixe}" ] && continue
listVarsInEnv=($(getVars "${envFile}"))
for var in ${listVarsInEnv[@]}; do
[[ ! " ${listRef[@]} " =~ " ${prefixe}_${var} " ]] && echo "${prefixe}_${var}"
done
# XXX doit exister dans SetAllPass.sh avec le prefixe
done))
if [ -n "${missing}" ]; then
echo "missing update in ${GREEN}${BOLD}${DIR}/SetAllPass.sh${NC}:${BLUE}${BOLD}"
for var in ${missing[@]}; do
echo -e "\t${var}"
done
echo "${NC}"
read -p "Do you want to add them? [y/n]: " yn
case $yn in
""|[Yy]*)
emacs "${DIR}/SetAllPass.sh"
;;
esac
fi
}
updateEnvFiles "${RUN_PASS_DIR}"
updateEnvFiles "${TMPL_PASS_DIR}"
# XXX chercher les variables non utilisées dans les SetAllPass.sh
if [ -n "${NEED_GEN}" ]; then
while : ; do
read -p "Do you want to generate blank values? [y/n]: " yn
read -p "Do you want to generate missing values? [y/n]: " yn
case $yn in
""|[Yy]*)
"${KAZ_BIN_DIR}/secretGen.sh"

11
bin/checkEnvPassword.sh
View File

@@ -1,11 +0,0 @@
#!/bin/bash
KAZ_ROOT=$(cd $(dirname $0)/..; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars
for filename in "${KAZ_KEY_DIR}/"env-*Serv "${KAZ_KEY_DIR}/"env-*DB; do
if grep -q "^[^#=]*=\s*$" "${filename}" 2>/dev/null; then
echo "${filename}"
fi
done

7
bin/container.sh
View File

@@ -192,7 +192,7 @@ saveComposes () {
saveDB ${etherpadDBName} "${etherpadDB_MYSQL_USER}" "${etherpadDB_MYSQL_PASSWORD}" "${etherpadDB_MYSQL_DATABASE}" etherpad mysql
;;
framadate)
echo "save date"
echo "save date"
. $KAZ_BIN_DIR/getPasswords.sh framadateDB
saveDB ${framadateDBName} "${framadateDB_MYSQL_USER}" "${framadateDB_MYSQL_PASSWORD}" "${framadateDB_MYSQL_DATABASE}" framadate mysql
;;
@@ -255,6 +255,11 @@ saveComposes () {
. $KAZ_KEY_DIR/orgas/$ORGA/env-wpDB
saveDB "${ORGA}-DB" "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" "${ORGA}-wordpress" mysql
fi
if grep -q "spip:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then
echo " => spip"
. $KAZ_KEY_DIR/orgas/$ORGA/env-spipDB
saveDB "${ORGA}-DB" "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" "${ORGA}-spip" mysql
fi
;;
esac
done

12
bin/createDBUsers.sh Normal file → Executable file
View File

@@ -12,27 +12,21 @@ setKazVars
# - pour les DB si on déclare un nouveau login, alors les privilèges sont créé mais les anciens pas révoqués
. "${DOCKERS_ENV}"
. "${KAZ_KEY_DIR}/SetAllPass.sh"
createMysqlUser(){
# $1 = envName
# $2 = containerName of DB
. $KAZ_BIN_DIR/getPasswords.sh $1
. $KAZ_KEY_DIR/env-$1
rootPass="$1_MYSQL_ROOT_PASSWORD"
dbName="$1_MYSQL_DATABASE"
userName="$1_MYSQL_USER"
userPass="$1_MYSQL_PASSWORD"
# seulement si pas de mdp pour root
# pb oeuf et poule (il faudrait les anciennes valeurs) :
# * si rootPass change, faire à la main
# * si dbName change, faire à la main
checkDockerRunning "$2" "$2" || return
echo "change DB pass on docker $2"
echo "grant all privileges on ${!dbName}.* to '${!userName}' identified by '${!userPass}';" | \
docker exec -i $2 bash -c "mysql --user=root --password=${!rootPass}"
echo "grant all privileges on ${MYSQL_DATABASE}.* to '${MYSQL_USER}' identified by '${MYSQL_PASSWORD}';" | \
docker exec -i $2 bash -c "mysql --user=root --password=${MYSQL_ROOT_PASSWORD}"
}

53
bin/getPasswords.sh Normal file → Executable file
View File

@@ -1,10 +1,15 @@
#!/bin/bash
KAZ_ROOT=$(cd "$(dirname $0)/.."; pwd)
#Ki: Gael
#Kan: 2025
#Koi: gestion mots de passe
KAZ_ROOT=/kaz
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
PRG=$(basename $0)
QUIET=1
usage() {
echo "${PRG} [OPTIONS] [envname ...]
echo "getPasswords.sh [OPTIONS] [envname ...]
Récupère les variables d'environnement présentes dans /kaz/secret/env-envname et crée des variables à partir de ces noms là.
Les variables sont du type envname_NOMVARIABLE=valeur
On peut passer plusieurs fichiers env, à partir du moment ou ils sont tous dans le même répertoire !
@@ -13,14 +18,22 @@ OPTIONS
-n|--simu SIMULATION
-d foldername prend les envfiles dans un sous dossier /kaz/secret/foldername/ (pour les orgas !)
Les variables seront du type foldername-envname_NOMVARIABLE=valeur
-e varname Affiche le contenu d'une variable en particulier
"
}
if [ ! -d "${KAZ_KEY_DIR}/tmp" ]; then
mkdir "${KAZ_KEY_DIR}/tmp"
fi
for ARG in "$@"; do
if [ -n "${DIRECTORYARG}" ]; then # après un -d
SUBDIRECTORY="${ARG}"
DIRECTORYARG=
unset DIRECTORYARG
elif [ -n "${ECHOVARARG}" ]; then # après un -e
VARTOECHO="${ARG}"
unset ECHOVARARG
QUIET="/dev/null" # pour ne pas avoir d'autres bruits ...
else
case "${ARG}" in
@@ -30,12 +43,21 @@ for ARG in "$@"; do
usage && exit ;;
'-n' | '--simu')
SIMU="echo" ;;
'-e' | '--echo')
ECHOVARARG="ON ATTEND UNE UN NOM DE VARIABLE APRES CA" ;;
'-q' )
QUIET="/dev/null" ;;
*)
ENVFILES="${ENVFILES} ${ARG%}";;
esac
fi
done
getVars () {
# $1 : filename
grep "^[^#]*=" $1 | sed 's/\([^=]*\).*/\1/' | sort -u
}
NB_FILES=$(echo "${ENVFILES}" | wc -w )
if [[ $NB_FILES = 0 ]]; then
@@ -45,19 +67,28 @@ fi
for ENVFILE in $ENVFILES; do
FILENAME="$KAZ_KEY_DIR/env-$ENVFILE"
VARNAME="$ENVFILE"_
VARSUFFIX="$ENVFILE"_
if [ -n "${SUBDIRECTORY}" ]; then
FILENAME="$KAZ_KEY_DIR/orgas/$SUBDIRECTORY/env-$ENVFILE"
VARNAME="${SUBDIRECTORY}-${ENVFILE}_"
VARSUFFIX="${SUBDIRECTORY}-${ENVFILE}_"
fi
if ! [ -f "$FILENAME" ]; then
echo "$FILENAME does not exist."
echo "$FILENAME does not exist." >& $QUIET
continue
fi
# formule magique qui crée des variables envname_NOMVARIABLE=la valeur trouvé (le sed vire les commentaires et les lignes vides)
# on pourrait se contenter d'un "source env-file", mais avec un prefix dans les variables pour savoir ce qu'on manipule c'est bien aussi ...
$SIMU export $(sed -e 's/#.*//' -e '/^\s*$/d' "$FILENAME" | awk -F= -v ENV="$VARNAME" '{output=output" "ENV$1"="$2} END {print output}')
. $FILENAME # on récupère les variables
vars=$(getVars $FILENAME)
for var in $vars; do
$SIMU declare $VARSUFFIX$var=${!var}
unset $var
done
unset FILENAME VARSUFFIX vars
done
if [ -n "$VARTOECHO" ]; then
echo ${!VARTOECHO}
fi
unset ENVFILES KAZ_ROOT SUBDIRECTORY SIMU QUIET NB_FILES VARTOECHO

1
bin/ldap/ldap_sauve.sh
View File

@@ -7,6 +7,5 @@ setKazVars
FILE_LDIF=/home/sauve/ldap.ldif
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
docker exec -u 0 -i ${ldapServName} slapcat -F /opt/bitnami/openldap/etc/slapd.d -b ${ldap_root} | gzip >${FILE_LDIF}.gz

1
bin/ldap/tests/nc_orphans.sh
View File

@@ -5,7 +5,6 @@ KAZ_ROOT=/kaz
setKazVars
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
. $KAZ_BIN_DIR/getPasswords.sh ldapServ nextcloudDB
LDAP_IP=$(docker inspect -f '{{.NetworkSettings.Networks.ldapNet.IPAddress}}' ldapServ)

1
bin/manageAgora.sh
View File

@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
#GLOBAL VARS
PRG=$(basename $0)

1
bin/manageCastopod.sh
View File

@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
#GLOBAL VARS
PRG=$(basename $0)

1
bin/manageCloud.sh
View File

@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
#GLOBAL VARS
PRG=$(basename $0)

1
bin/manageWiki.sh
View File

@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
#GLOBAL VARS
PRG=$(basename $0)

1
bin/manageWp.sh
View File

@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
#GLOBAL VARS
PRG=$(basename $0)

68
bin/migGestionMotsDePasse.sh Normal file
View File

@@ -0,0 +1,68 @@
#!/bin/bash
KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
newenvfile=$KAZ_KEY_DIR/env-mattermostAdmin
touch $newenvfile
echo "mattermost_user=$mattermost_user" >> $newenvfile
echo "mattermost_pass=$mattermost_pass" >> $newenvfile
echo "mattermost_token=$mattermost_token" >> $newenvfile
echo "EMAIL_CONTACT=$EMAIL_CONTACT" >> $DOCKERS_ENV
newenvfile=$KAZ_KEY_DIR/env-paheko
touch $newenvfile
echo "API_USER=$paheko_API_USER" >> $newenvfile
echo "API_PASSWORD=$paheko_API_PASSWORD" >> $newenvfile
newenvfile=$KAZ_KEY_DIR/env-mail
touch $newenvfile
echo "service_mail=$service_mail" >> $newenvfile
echo "service_password=$service_password" >> $newenvfile
newenvfile=$KAZ_KEY_DIR/env-borg
# touch $newenvfile à priori il existe déjà
echo "BORG_REPO=$BORG_REPO" >> $newenvfile
echo "BORG_PASSPHRASE=$BORG_PASSPHRASE" >> $newenvfile
echo "VOLUME_SAUVEGARDES=$VOLUME_SAUVEGARDES" >> $newenvfile
echo "MAIL_RAPPORT=$MAIL_RAPPORT" >> $newenvfile
echo "BORGMOUNT=$BORGMOUNT" >> $newenvfile
newenvfile=$KAZ_KEY_DIR/env-traefik
touch $newenvfile
echo "DASHBOARD_USER=$traefik_DASHBOARD_USER" >> $newenvfile
echo "DASHBOARD_PASSWORD=$traefik_DASHBOARD_PASSWORD" >> $newenvfile
#####################
# Castopod
# A COPIER DANS UN FICHIER DE CONF !! castopodAdmin
newenvfile=$KAZ_KEY_DIR/env-castopodAdmin
touch $newenvfile
echo "ADMIN_USER=$castopod_ADMIN_USER" >> $newenvfile
echo "ADMIN_MAIL=$castopod_ADMIN_MAIL" >> $newenvfile
echo "ADMIN_PASSWORD=$castopod_ADMIN_PASSWORD" >> $newenvfile
# creation dossier pour les env des orgas
mkdir $KAZ_KEY_DIR/orgas
orgasLong=($(getList "${KAZ_CONF_DIR}/container-orga.list"))
ORGAS=${orgasLong[*]//-orga/}
for orga in ${ORGAS};do
mkdir $KAZ_KEY_DIR/orgas/$orga
cp $KAZ_KEY_DIR/env-{castopod{Admin,DB,Serv},mattermost{DB,Serv},nextcloud{DB,Serv},spip{DB,Serv},wp{DB,Serv}} $KAZ_KEY_DIR/orgas/$orga
done
echo "C'est parfait, vous pouvez git pull puis supprimer SetAllPass.sh"

2
bin/migVersProdX.sh
View File

@@ -9,7 +9,6 @@ KAZ_ROOT=$(cd "$(dirname $0)/.."; pwd)
setKazVars
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
. $KAZ_ROOT/secret/env-kaz
@@ -133,6 +132,7 @@ for orgaLong in ${Orgas}; do
${SIMU} rsync -aAhHX --info=progress2 --delete "${DOCK_VOL_PAHEKO_ORGA}/${orgaCourt}" -e "ssh -p 2201" root@${SITE_DST}.${domain}:"${DOCK_VOL_PAHEKO_ORGA}/"
fi
${SIMU} rsync -aAhHX --info=progress2 --delete ${KAZ_COMP_DIR}/${orgaLong} -e "ssh -p 2201" root@${SITE_DST}.${domain}:${KAZ_COMP_DIR}/
${SIMU} rsync -aAhHX --info=progress2 --delete ${KAZ_KEY_DIR}/orgas/${orgaCourt} -e "ssh -p 2201" root@${SITE_DST}.${domain}:${KAZ_KEY_DIR}/orgas/${orgaCourt}
${SIMU} ssh -p 2201 root@${SITE_DST}.${domain} "grep -q '^${orgaLong}\$' /kaz/config/container-orga.list || echo ${orgaLong} >> /kaz/config/container-orga.list"
${SIMU} ssh -p 2201 root@${SITE_DST}.${domain} ${KAZ_COMP_DIR}/${orgaLong}/init-volume.sh

1
bin/nextcloud_maintenance.sh
View File

@@ -4,7 +4,6 @@ KAZ_ROOT=/kaz
. $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
URL_AGORA=https://$matterHost.$domain/api/v4
EQUIPE=kaz

1
bin/postfix-superviz.sh
View File

@@ -6,7 +6,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
setKazVars
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
URL_AGORA=$(echo $matterHost).$(echo $domain)
MAX_QUEUE=50

167
bin/secretGen.sh
View File

@@ -3,70 +3,137 @@
KAZ_ROOT=$(cd "$(dirname $0)/.."; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars
. $DOCKERS_ENV
cd "${KAZ_ROOT}"
NEW_DIR="secret"
TMPL_DIR="secret.tmpl"
SORTIESTANDARD=1
DIR=$KAZ_KEY_DIR
ORGA=
if [ ! -d "${NEW_DIR}/" ]; then
rsync -a "${TMPL_DIR}/" "${NEW_DIR}/"
fi
NEW_FILE="${NEW_DIR}/SetAllPass-new.sh"
TMPL_FILE="${NEW_DIR}/SetAllPass.sh"
usage() {
echo "${PRG} [OPTIONS] [filename ...]
# PARCOURE LES ENV FILE ET REMPLIT LES --clean_val-- qui n'ont pas été complétés.
on cherche des
@@pass@@***@@p@@ -> on génère un mot de passe 16car (les *** permettent d'identifier le mot de passe, s'il doit être utilisé ailleurs)
@@db@@***@@d@@ -> on génère une base de données (pareil identifié par ***)
@@user@@***@@u@@ -> on génère un user
@@token@@***@@t@@ -> on génère un token
@@globalvar@@***@@gv@@ -> on cherche la variable globale ***
@@crossvar@@envname_varname@@cv@@ -> on retrouve la variable dans les envfiles
while read line ; do
if [[ "${line}" =~ ^# ]] || [ -z "${line}" ] ; then
echo "${line}"
continue
fi
if [[ "${line}" =~ "--clean_val--" ]] ; then
case "${line}" in
*jirafeau_DATA_DIR*)
JIRAFEAU_DIR=$(getValInFile "${DOCKERS_ENV}" "jirafeauDir")
[ -z "${JIRAFEAU_DIR}" ] &&
echo "${line}" ||
sed "s%\(.*\)--clean_val--\(.*\)%\1${JIRAFEAU_DIR}\2%" <<< ${line}
continue
;;
*DATABASE*|*DB_NAME*)
dbName="$(sed "s/\([^_]*\)_.*/\1/" <<< ${line})_$(apg -n 1 -m 2 -M NCL | cut -c 1-2)"
sed "s/\(.*\)--clean_val--\(.*\)/\1${dbName}\2/" <<< ${line}
continue
;;
*ROOT_PASSWORD*|*PASSWORD*|*SECRET*)
pass="$(apg -n 1 -m 16 -M NCL)"
sed "s/\(.*\)--clean_val--\(.*\)/\1${pass}\2/" <<< ${line}
continue
;;
*USER*)
user="$(sed "s/\([^_]*\)_.*/\1/" <<< ${line})_$(apg -n 1 -m 2 -M NCL | cut -c 1-2)"
sed "s/\(.*\)--clean_val--\(.*\)/\1${user}\2/" <<< ${line}
continue
;;
*RAIN_LOOP*|*office_password*|*mattermost_*|*sympa_*|*gitea_*)
pass="$(apg -n 1 -m 16 -M NCL)"
sed "s/\(.*\)--clean_val--\(.*\)/\1${pass}\2/" <<< ${line}
continue
;;
*vaultwarden_ADMIN_TOKEN*)
pass="$(apg -n 1 -m 32 -M NCL)"
sed "s/\(.*\)--clean_val--\(.*\)/\1${pass}\2/" <<< ${line}
continue
;;
esac
Si on précise des fichiers, alors il ne remplace que dans ceux là (et on "lie" les clean-val ensemble !!!)
OPTIONS
-h|--help Cette aide :-)
-n|--simu SIMULATION
-q|--quiet Sans bruits de fond
-d foldername prend les envfiles dans un sous dossier /kaz/secret/orgas/foldername/ (pour les orgas !)
-
"
}
for ARG in "$@"; do
if [ -n "${DIRECTORYARG}" ]; then # après un -d
DIR=$KAZ_KEY_DIR/orgas/${ARG}
ORGA=${ARG}
DIRECTORYARG=
else
echo "${line}"
continue
case "${ARG}" in
'-d' | '--directory' | '-f' | '--folder' | '--foldername')
DIRECTORYARG="ON ATTEND UN REPERTOIRE APRES CA" ;;
'-h' | '--help' )
usage && exit ;;
'-n' | '--simu')
SIMU="echo" ;;
'-q' | '--quiet')
SORTIESTANDARD="/dev/null" ;;
*)
ENVFILES="${ENVFILES} ${ARG%}";;
esac
fi
printKazError "${line}" >&2
done < "${TMPL_FILE}" > "${NEW_FILE}"
done
mv "${NEW_FILE}" "${TMPL_FILE}"
NB_FILES=$(echo "${ENVFILES}" | wc -w )
chmod a+x "${TMPL_FILE}"
. "${TMPL_FILE}"
"${KAZ_BIN_DIR}/updateDockerPassword.sh"
if [[ $NB_FILES = 0 ]]; then
ENVFILES=$(grep -lE '@@pass@@|@@db@@|@@user@@|@@token@@|@@globalvar@@|@@crossvar@@' $DIR/* | sed 's/.*\///') #
fi
secretGen(){
# $1 Le env-file à compléter
FILENAME=$DIR/$1
NBMATCH=$(grep -lE '@@pass@@|@@db@@|@@user@@|@@token@@|@@globalvar@@' $FILENAME | wc -l) # est ce qu'il y a des choses à génrérer
if [[ $NBMATCH = 0 ]]; then
true
# rien à faire dans ce fichier, on passe
else
echo "Remplissage $FILENAME" >& $SORTIESTANDARD
db="$(apg -n 1 -m 2 -M NCL | cut -c 1-2)"
pass="$(apg -n 1 -m 16 -M NCL)"
token="$(apg -n 1 -m 32 -M NCL)"
user="$(apg -n 1 -m 2 -M NCL | cut -c 1-2)"
dbs=$(grep -Eo '@@db@@[^@]*@@d@@' $FILENAME | sed -e 's/@@db@@//' -e 's/@@d@@//')
passwords=$(grep -Eo '@@pass@@[^@]*@@p@@' $FILENAME | sed -e 's/@@pass@@//' -e 's/@@p@@//')
tokens=$(grep -Eo '@@token@@[^@]*@@t@@' $FILENAME | sed -e 's/@@token@@//' -e 's/@@t@@//')
users=$(grep -Eo '@@user@@[^@]*@@u@@' $FILENAME | sed -e 's/@@user@@//' -e 's/@@u@@//')
globalvars=$(grep -Eo '@@globalvar@@[^@]*@@gv@@' $FILENAME | sed -e 's/@@globalvar@@//' -e 's/@@gv@@//')
for dbName in $dbs; do $SIMU sed -i "s/@@db@@$dbName@@d@@/${dbName}_$db/" $DIR/*; done
for pw in $passwords; do $SIMU sed -i "s/@@pass@@$pw@@p@@/${pass}/" $DIR/*; done
for tk in $tokens; do $SIMU sed -i "s/@@token@@$tk@@t@@/${token}/" $DIR/*; done
for u in $users; do $SIMU sed -i "s/@@user@@$u@@u@@/${u}_$user/" $DIR/*; done
for var in $globalvars; do $SIMU sed -i "s/@@globalvar@@$var@@gv@@/${!var}/" $DIR/*; done
fi
}
crossVarComplete(){
# $1 Le env-file à compléter
FILENAME=$DIR/$1
NBMATCH=$(grep -lE '@@crossvar@@' $FILENAME | wc -l) # est ce qu'il y a des cross-var à récupérer
if [[ $NBMATCH = 0 ]]; then
true
# rien à faire dans ce fichier, on passe
else
echo "Remplissage $FILENAME" >& $SORTIESTANDARD
varnames=$(grep -Eo '@@crossvar@@[^@]*@@cv@@' $FILENAME | sed -e 's/@@crossvar@@//' -e 's/@@cv@@//')
for varname in $varnames; do
envname=${varname%%_*}
value=$(/$KAZ_BIN_DIR/getPasswords.sh -e $varname $envname -d $ORGA)
$SIMU sed -i "s/@@crossvar@@$varname@@cv@@/${value}/" $DIR/*;
done
fi
}
for ENVFILE in $ENVFILES; do
secretGen "$ENVFILE"
done
for ENVFILE in $ENVFILES; do
crossVarComplete "$ENVFILE"
done
exit 0

1
bin/verifExistenceMails.sh
View File

@@ -12,7 +12,6 @@ setKazVars
cd $(dirname $0)/..
. "${DOCKERS_ENV}"
. "${KAZ_KEY_DIR}/SetAllPass.sh"
DOCK_DIR=$KAZ_COMP_DIR

110
config/orgaTmpl/docker-compose.yml
View File

@@ -4,21 +4,21 @@ services:
#{{db
db:
image: mariadb:11.4
container_name: ${orga}DB
container_name: ${orga}-DB
#disk_quota: 10G
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
restart: ${restartPolicy}
volumes:
- ./initdb.d:/docker-entrypoint-initdb.d:ro
# - ./initdb.d:/docker-entrypoint-initdb.d:ro
- orgaDB:/var/lib/mysql
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
environment:
- MARIADB_AUTO_UPGRADE=1
env_file:
- ../../secret/env-${nextcloudDBName}
# - ../../secret/env-${mattermostDBName}
- ../../secret/env-${wordpressDBName}
- ../../secret/orgas/${orga}/env-${nextcloudDBName}
# - ../../secret/orgas/${orga}/env-${mattermostDBName}
- ../../secret/orgas/${orga}/env-${wordpressDBName}
networks:
- orgaNet
healthcheck: # utilisé par init-db.sh pour la créa d'orga
@@ -34,7 +34,7 @@ services:
#{{cloud
cloud:
image: nextcloud
container_name: ${orga}${nextcloudServName}
container_name: ${orga}-${nextcloudServName}
#disk_quota: 10G
restart: ${restartPolicy}
networks:
@@ -50,8 +50,8 @@ services:
- ${smtpServName}:${smtpHost}
labels:
- "traefik.enable=true"
- "traefik.http.routers.${orga}${nextcloudServName}.rule=Host(`${orga}${cloudHost}.${domain}`){{FOREIGN_NC}}"
- "traefik.http.routers.${orga}${nextcloudServName}.middlewares=nextcloud-redirectregex1@file,nextcloud-redirectregex2@file"
- "traefik.http.routers.${orga}-${nextcloudServName}.rule=Host(`${orga}-${cloudHost}.${domain}`){{FOREIGN_NC}}"
- "traefik.http.routers.${orga}-${nextcloudServName}.middlewares=nextcloud-redirectregex1@file,nextcloud-redirectregex2@file"
volumes:
- cloudMain:/var/www/html
- cloudData:/var/www/html/data
@@ -63,10 +63,10 @@ services:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
env_file:
- ../../secret/env-${nextcloudServName}
- ../../secret/env-${nextcloudDBName}
- ../../secret/orgas/${orga}/env-${nextcloudServName}
- ../../secret/orgas/${orga}/env-${nextcloudDBName}
environment:
- NEXTCLOUD_TRUSTED_DOMAINS=${orga}${cloudHost}.${domain}
- NEXTCLOUD_TRUSTED_DOMAINS=${orga}-${cloudHost}.${domain}
- SMTP_HOST=${smtpHost}
- SMTP_PORT=25
- MAIL_DOMAIN=${domain}
@@ -80,7 +80,7 @@ services:
- edition=team
- PUID=1000
- PGID=1000
container_name: ${orga}${mattermostServName}
container_name: ${orga}-${mattermostServName}
#disk_quota: 10G
restart: ${restartPolicy}
# memory: 1G
@@ -109,20 +109,20 @@ services:
- /etc/timezone:/etc/timezone:ro
- /etc/environment:/etc/environment:ro
env_file:
- ../../secret/env-${mattermostServName}
- ../../secret/orgas/${orga}/env-${mattermostServName}
environment:
- VIRTUAL_HOST=${orga}${matterHost}.${domain}
- VIRTUAL_HOST=${orga}-${matterHost}.${domain}
# in case your config is not in default location
#- MM_CONFIG=/mattermost/config/config.json
labels:
- "traefik.enable=true"
- "traefik.http.routers.${orga}${mattermostServName}.rule=Host(`${orga}${matterHost}.${domain}`)"
- "traefik.http.routers.${orga}-${mattermostServName}.rule=Host(`${orga}-${matterHost}.${domain}`)"
#}}
#{{wp
wordpress:
image: wordpress
container_name: ${orga}${wordpressServName}
container_name: ${orga}-${wordpressServName}
restart: ${restartPolicy}
networks:
- orgaNet
@@ -136,17 +136,17 @@ services:
external_links:
- ${smtpServName}:${smtpHost}.${domain}
env_file:
- ../../secret/env-${wordpressServName}
- ../../secret/orgas/${orga}/env-${wordpressServName}
environment:
- WORDPRESS_SMTP_HOST=${smtpHost}.${domain}
- WORDPRESS_SMTP_PORT=25
# - WORDPRESS_SMTP_USERNAME
# - WORDPRESS_SMTP_PASSWORD
# - WORDPRESS_SMTP_FROM=${orga}
- WORDPRESS_SMTP_FROM_NAME=${orga}
# - WORDPRESS_SMTP_FROM=${orga}-
- WORDPRESS_SMTP_FROM_NAME=${orga}-
labels:
- "traefik.enable=true"
- "traefik.http.routers.${orga}${wordpressServName}.rule=Host(`${orga}${wordpressHost}.${domain}`){{FOREIGN_WP}}"
- "traefik.http.routers.${orga}-${wordpressServName}.rule=Host(`${orga}-${wordpressHost}.${domain}`){{FOREIGN_WP}}"
volumes:
- wordpress:/var/www/html
# - ../../config/orgaTmpl/wp:/usr/local/bin/wp:ro
@@ -154,12 +154,12 @@ services:
#{{wiki
dokuwiki:
image: mprasil/dokuwiki
container_name: ${orga}${dokuwikiServName}
container_name: ${orga}-${dokuwikiServName}
#disk_quota: 10G
restart: ${restartPolicy}
labels:
- "traefik.enable=true"
- "traefik.http.routers.${orga}${dokuwikiServName}.rule=Host(`${orga}${dokuwikiHost}.${domain}`){{FOREIGN_DW}}"
- "traefik.http.routers.${orga}-${dokuwikiServName}.rule=Host(`${orga}-${dokuwikiHost}.${domain}`){{FOREIGN_DW}}"
volumes:
- wikiData:/dokuwiki/data
- wikiConf:/dokuwiki/conf
@@ -175,7 +175,7 @@ services:
#{{castopod
castopod:
image: castopod/castopod:latest
container_name: ${orga}${castopodServName}
container_name: ${orga}-${castopodServName}
#disk_quota: 10G
restart: ${restartPolicy}
# memory: 1G
@@ -193,27 +193,27 @@ services:
volumes:
- castopodMedia:/var/www/castopod/public/media
environment:
CP_BASEURL: "https://${orga}${castopodHost}.${domain}"
CP_BASEURL: "https://${orga}-${castopodHost}.${domain}"
CP_ANALYTICS_SALT: qldsgfliuzrbhgmkjbdbmkvb
VIRTUAL_PORT: 8000
CP_CACHE_HANDLER: redis
CP_REDIS_HOST: redis
CP_DATABASE_HOSTNAME: db
env_file:
- ../../secret/env-${castopodServName}
- ../../secret/env-${castopodDBName}
- ../../secret/orgas/${orga}/env-${castopodServName}
- ../../secret/orgas/${orga}/env-${castopodDBName}
labels:
- "traefik.enable=true"
- "traefik.http.routers.${orga}${castopodServName}.rule=Host(`${orga}${castopodHost}.${domain}`){{FOREIGN_POD}}"
- "traefik.http.routers.${orga}-${castopodServName}.rule=Host(`${orga}-${castopodHost}.${domain}`){{FOREIGN_POD}}"
redis:
image: redis:7.0-alpine
container_name: ${orga}castopodCache
container_name: ${orga}-castopodCache
volumes:
- castopodCache:/data
networks:
- orgaNet
env_file:
- ../../secret/env-${castopodServName}
- ../../secret/orgas/${orga}/env-${castopodServName}
command: --requirepass ${castopodRedisPassword}
#}}
#{{spip
@@ -225,16 +225,16 @@ services:
links:
- db
env_file:
- ../../secret/env-${spipServName}
- ../../secret/orgas/${orga}/env-${spipServName}
environment:
- SPIP_AUTO_INSTALL=1
- SPIP_DB_HOST=db
- SPIP_SITE_ADDRESS=https://${orga}${spipHost}.${domain}
- SPIP_SITE_ADDRESS=https://${orga}-${spipHost}.${domain}
expose:
- 80
labels:
- "traefik.enable=true"
- "traefik.http.routers.${orga}${spipServName}.rule=Host(`${orga}${spipHost}.${domain}`){{FOREIGN_SPIP}}"
- "traefik.http.routers.${orga}-${spipServName}.rule=Host(`${orga}-${spipHost}.${domain}`){{FOREIGN_SPIP}}"
networks:
- orgaNet
volumes:
@@ -250,84 +250,84 @@ volumes:
#{{db
orgaDB:
external: true
name: orga_${orga}orgaDB
name: orga_${orga}-orgaDB
#}}
#{{agora
matterConfig:
external: true
name: orga_${orga}matterConfig
name: orga_${orga}-matterConfig
matterData:
external: true
name: orga_${orga}matterData
name: orga_${orga}-matterData
matterLogs:
external: true
name: orga_${orga}matterLogs
name: orga_${orga}-matterLogs
matterPlugins:
external: true
name: orga_${orga}matterPlugins
name: orga_${orga}-matterPlugins
matterClientPlugins:
external: true
name: orga_${orga}matterClientPlugins
name: orga_${orga}-matterClientPlugins
matterIcons:
external: true
name: matterIcons
#{{cloud
cloudMain:
external: true
name: orga_${orga}cloudMain
name: orga_${orga}-cloudMain
cloudData:
external: true
name: orga_${orga}cloudData
name: orga_${orga}-cloudData
cloudConfig:
external: true
name: orga_${orga}cloudConfig
name: orga_${orga}-cloudConfig
cloudApps:
external: true
name: orga_${orga}cloudApps
name: orga_${orga}-cloudApps
cloudCustomApps:
external: true
name: orga_${orga}cloudCustomApps
name: orga_${orga}-cloudCustomApps
cloudThemes:
external: true
name: orga_${orga}cloudThemes
name: orga_${orga}-cloudThemes
cloudPhp:
external: true
name: orga_${orga}cloudPhp
name: orga_${orga}-cloudPhp
#}}
#{{wiki
wikiData:
external: true
name: orga_${orga}wikiData
name: orga_${orga}-wikiData
wikiConf:
external: true
name: orga_${orga}wikiConf
name: orga_${orga}-wikiConf
wikiPlugins:
external: true
name: orga_${orga}wikiPlugins
name: orga_${orga}-wikiPlugins
wikiLibtpl:
external: true
name: orga_${orga}wikiLibtpl
name: orga_${orga}-wikiLibtpl
wikiLogs:
external: true
name: orga_${orga}wikiLogs
name: orga_${orga}-wikiLogs
#}}
#{{wp
wordpress:
external: true
name: orga_${orga}wordpress
name: orga_${orga}-wordpress
#}}
#{{castopod
castopodMedia:
external: true
name: orga_${orga}castopodMedia
name: orga_${orga}-castopodMedia
castopodCache:
external: true
name: orga_${orga}castopodCache
name: orga_${orga}-castopodCache
#}}
#{{spip
spip:
external: true
name: orga_${orga}spip
name: orga_${orga}-spip
#}}
@@ -335,7 +335,7 @@ volumes:
networks:
orgaNet:
external: true
name: ${orga}orgaNet
name: ${orga}-orgaNet
# postfixNet:
# external:
# name: postfixNet

1
config/orgaTmpl/init-db.sh
View File

@@ -4,7 +4,6 @@ KAZ_ROOT=$(cd $(dirname $0)/../..; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars
. "${DOCKERS_ENV}"
. "${KAZ_KEY_DIR}/SetAllPass.sh"
cd $(dirname $0)
ORGA_DIR="$(basename "$(pwd)")"

15
config/orgaTmpl/orga-gen.sh
View File

@@ -389,7 +389,7 @@ update() {
-e "s/{{FOREIGN_DW}}/${FOREIGN_DW}/"\
-e "s/{{FOREIGN_POD}}/${FOREIGN_POD}/"\
-e "s/{{FOREIGN_SPIP}}/${FOREIGN_SPIP}/"\
-e "s|\${orga}|${ORGA}-|g"
-e "s|\${orga}|${ORGA}|g"
) > "$2"
sed "s/storage_opt:.*/storage_opt: ${quota}/g" -i "$2"
}
@@ -412,13 +412,18 @@ if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then
ln -sf ../../config/orgaTmpl/orga-gen.sh
ln -sf ../../config/orgaTmpl/orga-rm.sh
ln -sf ../../config/orgaTmpl/init-paheko.sh
ln -sf ../../config/orgaTmpl/initdb.d/
#ln -sf ../../config/orgaTmpl/initdb.d/
ln -sf ../../config/orgaTmpl/app/
ln -sf ../../config/orgaTmpl/wiki-conf/
ln -sf ../../config/orgaTmpl/reload.sh
ln -sf ../../config/orgaTmpl/init-db.sh
fi
if [ ! -d "${KAZ_KEY_DIR}/orgas/$ORGA/" ]; then
rsync -a "${KAZ_CONF_DIR}/orgaTmpl/secret.tmpl/" "${KAZ_KEY_DIR}/orgas/$ORGA/"
${KAZ_BIN_DIR}/secretGen.sh -d $ORGA
fi
if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then
# ########## update ${DOCKERS_ENV}
if ! grep -q "proxy_orga=" .env 2> /dev/null
@@ -438,6 +443,12 @@ if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then
fi
if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then
# ########## create network
## GAEL bizarre, je pense que c'est déjà fait qque part, mais chez moi ça veut pas ...
docker network create "${ORGA}-orgaNet"
# ########## create volume
./init-volume.sh
fi

2
config/orgaTmpl/orga-rm.sh
View File

@@ -40,6 +40,8 @@ remove () {
sed -i -e "/proxy_${ORGA_FLAG}=/d" "${DOCKERS_ENV}"
sed -i -e "/^${ORGA}-orga$/d" "${ORGA_LIST}"
rm -fr "${KAZ_COMP_DIR}/${ORGA}-orga"
rm -fr "${KAZ_KEY_DIR}/orgas/${ORGA}"
exit;;
[Nn]* )

3
config/orgaTmpl/secret.tmpl/env-castopodAdmin Normal file
View File

@@ -0,0 +1,3 @@
ADMIN_USER=@@pass@@castopod2@@p@@
ADMIN_MAIL=admin@@@globalvar@@domain@@gv@@
ADMIN_PASSWORD=@@pass@@castopod3@@p@@

4
config/orgaTmpl/secret.tmpl/env-castopodDB Normal file
View File

@@ -0,0 +1,4 @@
MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
MYSQL_USER=@@user@@castopod1@@u@@
MYSQL_PASSWORD=@@pass@@castopod1@@p@@
MYSQL_DATABASE=@@db@@castopod1@@d@@

7
config/orgaTmpl/secret.tmpl/env-castopodServ Normal file
View File

@@ -0,0 +1,7 @@
CP_EMAIL_SMTP_HOST=
CP_EMAIL_FROM=
CP_EMAIL_SMTP_USERNAME=
CP_EMAIL_SMTP_PASSWORD=
CP_EMAIL_SMTP_PORT=
CP_EMAIL_SMTP_CRYPTO=
CP_REDIS_PASSWORD=

9
config/orgaTmpl/secret.tmpl/env-mattermostDB Normal file
View File

@@ -0,0 +1,9 @@
MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
MYSQL_DATABASE=@@db@@mattermost@@d@@
MYSQL_USER=@@user@@mattermost@@u@@
MYSQL_PASSWORD=@@pass@@mattermost@@p@@
POSTGRES_USER=@@user@@mattermost@@u@@
POSTGRES_PASSWORD=@@pass@@mattermost@@p@@
POSTGRES_DB=@@db@@mattermost@@d@@

9
config/orgaTmpl/secret.tmpl/env-mattermostServ Normal file
View File

@@ -0,0 +1,9 @@
MM_ADMIN_EMAIL=@@globalvar@@matterHost@@gv@@@@@globalvar@@domain@@gv@@
MM_ADMIN_USER=@@user@@mattermost2@@u@@
MM_ADMIN_PASSWORD=@@pass@@mattermost2@@p@@
MM_SQLSETTINGS_DRIVERNAME=postgres
MM_SQLSETTINGS_DATASOURCE=postgres://@@user@@mattermost@@u@@:@@pass@@mattermost@@p@@@postgres:5432/@@db@@mattermost@@d@@?sslmode=disable&connect_timeout=10

8
config/orgaTmpl/secret.tmpl/env-nextcloudDB Normal file
View File

@@ -0,0 +1,8 @@
MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
MYSQL_DATABASE=@@db@@nextcloud@@d@@
MYSQL_USER=@@user@@nextcloud@@u@@
MYSQL_PASSWORD=@@pass@@nextcloud@@p@@
#NC_MYSQL_USER=
#NC_MYSQL_PASSWORD=

5
config/orgaTmpl/secret.tmpl/env-nextcloudServ Normal file
View File

@@ -0,0 +1,5 @@
NEXTCLOUD_ADMIN_USER=@@user@@nextcloudadmin@@u@@
NEXTCLOUD_ADMIN_PASSWORD=@@pass@@nextcloudadmin@@p@@
MYSQL_HOST=db
RAIN_LOOP=@@pass@@rainloop@@p@@

4
config/orgaTmpl/secret.tmpl/env-spipDB Normal file
View File

@@ -0,0 +1,4 @@
MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
MYSQL_DATABASE=@@db@@spip@@d@@
MYSQL_USER=@@user@@spip@@u@@
MYSQL_PASSWORD=@@pass@@spip@@p@@

10
config/orgaTmpl/secret.tmpl/env-spipServ Normal file
View File

@@ -0,0 +1,10 @@
SPIP_AUTO_INSTALL=1
SPIP_DB_SERVER=mysql
SPIP_DB_NAME=@@db@@spip@@d@@
SPIP_DB_LOGIN=@@user@@spip@@u@@
SPIP_DB_PASS=@@pass@@spip@@p@@
SPIP_ADMIN_NAME=admin
SPIP_ADMIN_LOGIN=@@user@@spipadmin@@u@@
SPIP_ADMIN_EMAIL=admin@@@globalvar@@domain@@gv@@
SPIP_ADMIN_PASS=@@pass@@spipadmin@@p@@
PHP_TIMEZONE=Europe/Paris

4
config/orgaTmpl/secret.tmpl/env-wpDB Normal file
View File

@@ -0,0 +1,4 @@
MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
MYSQL_DATABASE=@@db@@wp@@d@@
MYSQL_USER=@@user@@wp@@u@@
MYSQL_PASSWORD=@@pass@@wp@@p@@

8
config/orgaTmpl/secret.tmpl/env-wpServ Normal file
View File

@@ -0,0 +1,8 @@
# share with wpDB
WORDPRESS_DB_HOST=db:3306
WORDPRESS_ADMIN_USER=@@user@@adminwp@@u@@
WORDPRESS_ADMIN_PASSWORD=@@pass@@adminwp@@p@@
WORDPRESS_DB_NAME=@@db@@wp@@d@@
WORDPRESS_DB_USER=@@user@@wp@@u@@
WORDPRESS_DB_PASSWORD=@@pass@@wp@@p@@

1
dockers/castopod/first.sh
View File

@@ -6,7 +6,6 @@ setKazVars
cd $(dirname $0)
. "${DOCKERS_ENV}"
. "${KAZ_KEY_DIR}/SetAllPass.sh"
"${KAZ_BIN_DIR}/gestContainers.sh" --install -M -castopod

1
dockers/cloud/first.sh
View File

@@ -4,7 +4,6 @@ KAZ_ROOT=$(cd $(dirname $0)/../..; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars
. "${DOCKERS_ENV}"
. $KAZ_ROOT/secret/SetAllPass.sh
${KAZ_BIN_DIR}/gestContainers.sh --install -M -cloud

102
dockers/cloud/up.sh
View File

@@ -1,102 +0,0 @@
#!/bin/bash
KAZ_ROOT=$(cd $(dirname $0)/../..; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars
. "${DOCKERS_ENV}"
. $KAZ_ROOT/secret/SetAllPass.sh
#"${KAZ_BIN_DIR}/initCloud.sh"
docker exec -ti -u 33 nextcloudServ /var/www/html/occ app:enable user_ldap
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:delete-config s01
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:create-empty-config
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapAgentName cn=cloud,ou=applications,${ldap_root}
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapAgentPassword ${ldap_LDAP_CLOUD_PASSWORD}
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapAgentPassword ${ldap_LDAP_CLOUD_PASSWORD}
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapBase ${ldap_root}
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapBaseGroups ${ldap_root}
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapBaseUsers ou=users,${ldap_root}
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapExpertUsernameAttr identifiantKaz
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapHost ${ldapServName}
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapPort 389
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapTLS 0
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapLoginFilter "(&(objectclass=nextcloudAccount)(|(cn=%uid)(identifiantKaz=%uid)))"
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapQuotaAttribute nextcloudQuota
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapUserFilter "(&(objectclass=nextcloudAccount)(nextcloudEnabled=TRUE))"
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapUserFilterObjectclass nextcloudAccount
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapEmailAttribute mail
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapUserDisplayName cn
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapUserFilterMode 1
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapConfigurationActive 1
# Dans le mariadb, pour permettre au ldap de reprendre la main : delete from oc_users where uid<>'admin';
# docker exec -i nextcloudDB mysql --user=<user> --password=<password> <db> <<< "delete from oc_users where uid<>'admin';"
# Doc : https://help.nextcloud.com/t/migration-to-ldap-keeping-users-and-data/13205
# Exemple de table/clés :
# +-------------------------------+----------------------------------------------------------+
# | Configuration | s01 |
# +-------------------------------+----------------------------------------------------------+
# | hasMemberOfFilterSupport | 0 |
# | homeFolderNamingRule | |
# | lastJpegPhotoLookup | 0 |
# | ldapAgentName | cn=cloud,ou=applications,dc=kaz,dc=sns |
# | ldapAgentPassword | *** |
# | ldapAttributesForGroupSearch | |
# | ldapAttributesForUserSearch | |
# | ldapBackgroundHost | |
# | ldapBackgroundPort | |
# | ldapBackupHost | |
# | ldapBackupPort | |
# | ldapBase | ou=users,dc=kaz,dc=sns |
# | ldapBaseGroups | ou=users,dc=kaz,dc=sns |
# | ldapBaseUsers | ou=users,dc=kaz,dc=sns |
# | ldapCacheTTL | 600 |
# | ldapConfigurationActive | 1 |
# | ldapConnectionTimeout | 15 |
# | ldapDefaultPPolicyDN | |
# | ldapDynamicGroupMemberURL | |
# | ldapEmailAttribute | mail |
# | ldapExperiencedAdmin | 0 |
# | ldapExpertUUIDGroupAttr | |
# | ldapExpertUUIDUserAttr | |
# | ldapExpertUsernameAttr | uid |
# | ldapExtStorageHomeAttribute | |
# | ldapGidNumber | gidNumber |
# | ldapGroupDisplayName | cn |
# | ldapGroupFilter | |
# | ldapGroupFilterGroups | |
# | ldapGroupFilterMode | 0 |
# | ldapGroupFilterObjectclass | |
# | ldapGroupMemberAssocAttr | |
# | ldapHost | ldap |
# | ldapIgnoreNamingRules | |
# | ldapLoginFilter | (&(|(objectclass=nextcloudAccount))(cn=%uid)) |
# | ldapLoginFilterAttributes | |
# | ldapLoginFilterEmail | 0 |
# | ldapLoginFilterMode | 0 |
# | ldapLoginFilterUsername | 1 |
# | ldapMatchingRuleInChainState | unknown |
# | ldapNestedGroups | 0 |
# | ldapOverrideMainServer | |
# | ldapPagingSize | 500 |
# | ldapPort | 389 |
# | ldapQuotaAttribute | nextcloudQuota |
# | ldapQuotaDefault | |
# | ldapTLS | 0 |
# | ldapUserAvatarRule | default |
# | ldapUserDisplayName | cn |
# | ldapUserDisplayName2 | |
# | ldapUserFilter | (&(objectclass=nextcloudAccount)(nextcloudEnabled=TRUE)) |
# | ldapUserFilterGroups | |
# | ldapUserFilterMode | 1 |
# | ldapUserFilterObjectclass | nextcloudAccount |
# | ldapUuidGroupAttribute | auto |
# | ldapUuidUserAttribute | auto |
# | turnOffCertCheck | 0 |
# | turnOnPasswordChange | 0 |
# | useMemberOfToDetectMembership | 1 |
# +-------------------------------+----------------------------------------------------------+

1
dockers/mattermost/first.sh
View File

@@ -6,7 +6,6 @@ setKazVars
cd $(dirname $0)
. "${DOCKERS_ENV}"
. "${KAZ_KEY_DIR}/SetAllPass.sh"
"${KAZ_BIN_DIR}/gestContainers.sh" --install -M -agora

1
dockers/peertube/.env Symbolic link
View File

@@ -0,0 +1 @@
../../config/dockers.env

1
dockers/spip/.env Symbolic link
View File

@@ -0,0 +1 @@
../../config/dockers.env

1
dockers/sympa/first.sh
View File

@@ -6,7 +6,6 @@ setKazVars
cd $(dirname $0)
. "${DOCKERS_ENV}"
. "${KAZ_KEY_DIR}/SetAllPass.sh"
DockerServName="${sympaServName}"

11
secret.tmpl/Readme.txt
View File

@@ -1,11 +0,0 @@
Mise à jour des mots de passe
L'idée c'est d'extraire la gestion des mots de passe de l'installation.
Tous les mots de passe sont dans un fichier "SetAllPass.sh" que des scripts vont chercher.
updateDockerPassword.sh met à jours les fichiers d'environnement de mots de passe utilisé par docker-compose.
(Il y a un problème pour mettre à jour le mot de passe d'une BD si son conteneur n'est pas en route)
Les modifications sont prises en compte que lors de la création de nouveaux conteneurs (les données permanentes (mot de passe) dans les volumes ne sont pas changées)

32
secret.tmpl/env-apikazServ
View File

@@ -1,22 +1,24 @@
paheko_API_USER=
paheko_API_PASSWORD=
paheko_url=
mattermost_user=
mattermost_pass=
mattermost_url=
paheko_url=https://kaz-@@globalvar@@pahekoHost@@gv@@.@@globalvar@@domain@@gv@@
paheko_API_USER="@@user@@pahekoapi@@u@@"
paheko_API_PASSWORD="@@pass@@pahekoapi@@p@@"
ldap_LDAP_ADMIN_USERNAME=
ldap_LDAP_ADMIN_PASSWORD=
ldap_root=
mattermost_user="@@user@@mattermost2@@u@@"
mattermost_pass="@@pass@@mattermost2@@p@@"
mattermost_token="@@token@@mattermost@@t@@"
nextcloud_NEXTCLOUD_ADMIN_USER=
nextcloud_NEXTCLOUD_ADMIN_PASSWORD=
cloud_url=
ldap_LDAP_ADMIN_USERNAME="@@user@@ldap@@u@@"
ldap_LDAP_ADMIN_PASSWORD="@@pass@@ldap@@p@@"
ldap_root=@@globalvar@@ldap_root@@gv@@
sympa_SOAP_USER=
sympa_SOAP_PASSWORD=
sympa_url=
nextcloud_NEXTCLOUD_ADMIN_USER="@@user@@nextcloudadmin@@u@@"
nextcloud_NEXTCLOUD_ADMIN_PASSWORD="@@pass@@nextcloudadmin@@p@@"
cloud_url=https://@@globalvar@@cloudHost@@gv@@.@@globalvar@@domain@@gv@@
sympa_SOAP_USER="@@user@@sympasoap@@u@@"
sympa_SOAP_PASSWORD="@@pass@@sympasoap@@p@@"
sympa_url=https://@@globalvar@@sympaHost@@gv@@.@@globalvar@@domain@@gv@@
gandi_GANDI_KEY=
gandi_GANDI_API=

4
secret.tmpl/env-borg
View File

@@ -1,10 +1,10 @@
VOLUME_SAUVEGARDES=
BORG_REPO=
BORG_PASSPHRASE=
BORG_PASSPHRASE=@@token@@borg@@t@@
BORGLOG="/var/log/borg"
BORG_FIC_DEL="/tmp/sauvegarde_supp.txt"
BORG_EXCLUDE_BACKUP=
MAIL_RAPPORT=
MAIL_RAPPORT=a@@@globalvar@@domain@@gv@@;b@@@globalvar@@domain@@gv@@;c@@@globalvar@@domain@@gv@@
LISTREPSAUV=
BORGMOUNT="/mnt/repo_borg"
MAILOK=

6
secret.tmpl/env-castopodAdmin
View File

@@ -1,3 +1,3 @@
ADMIN_USER=
ADMIN_MAIL=
ADMIN_PASSWORD="--clean_val--"
ADMIN_USER=@@pass@@castopod2@@p@@
ADMIN_MAIL=admin@@@globalvar@@domain@@gv@@
ADMIN_PASSWORD=@@pass@@castopod3@@p@@

8
secret.tmpl/env-castopodDB
View File

@@ -1,4 +1,4 @@
MYSQL_ROOT_PASSWORD=
MYSQL_DATABASE=
MYSQL_USER=
MYSQL_PASSWORD=
MYSQL_ROOT_PASSWORD=@@pass@@castopod@@p@@
MYSQL_USER=@@user@@castopod1@@u@@
MYSQL_PASSWORD=@@pass@@castopod1@@p@@
MYSQL_DATABASE=@@db@@castopod1@@d@@

6
secret.tmpl/env-dokuwikiServ
View File

@@ -1,4 +1,4 @@
WIKI_ROOT=
WIKI_EMAIL=
WIKI_PASSWORD=
WIKI_ROOT=Kaz
WIKI_EMAIL=wiki@@@globalvar@@domain@@gv@@
WIKI_PASSWORD=@@pass@@dokuwiki@@p@@

8
secret.tmpl/env-etherpadDB
View File

@@ -1,5 +1,5 @@
MYSQL_ROOT_PASSWORD=
MYSQL_DATABASE=
MYSQL_USER=
MYSQL_PASSWORD=
MYSQL_ROOT_PASSWORD=@@pass@@etherpadroot@@p@@
MYSQL_DATABASE=@@db@@etherpad@@d@@
MYSQL_USER=@@user@@etherpad@@u@@
MYSQL_PASSWORD=@@pass@@etherpad@@p@@

23
secret.tmpl/env-etherpadServ
View File

@@ -1,16 +1,17 @@
# share with padDB
DB_NAME=
DB_USER=
DB_PASS=
DB_NAME=@@db@@etherpad@@d@@
DB_USER=@@user@@etherpad@@u@@
DB_PASS=@@pass@@etherpad@@p@@
DB_TYPE=
DB_HOST=
DB_PORT=
DB_TYPE=mysql
DB_HOST=padDB
DB_PORT=3306
#DB_CHARSET=
ADMIN_PASSWORD=
ADMIN_PASSWORD=@@pass@@etherpadadmin@@p@@
TITLE=
PAD_OPTIONS_LANG=
TRUST_PROXY=
#DEFAULT_PAD_TEXT=" Ce texte est à effacer (après lecture si cest votre première visite) ou à conserver en bas de votre pad \n\nBienvenue sur notre PAD !\n\n➡ Comment commencer ?\n• Renseignez votre nom ou pseudo, en cliquant sur licône « utilisateur » en haut à droite.\n• Choisissez votre couleur d'écriture au même endroit.\n• Lancez-vous : écrivez sur votre pad !\n• Les contributions de chacun se synchronisent « en temps réel » sous leur propre couleur.\n\n➡ Comment partager / collaborer ?\n• Sélectionnez et copiez l'URL (l'adresse web dans la grande barre en haut à gauche du navigateur)\n• Partagez-là à vos collaborateurs et collaboratrices (email, messagerie, etc.)\n• Attention : toute personne ayant cette adresse d'accès peut modifier le pad à sa convenance.\n• Utilisez l'onglet chat (en bas à droite) pour séparer les discussions du texte sur lequel vous travaillez.\n\n➡ Comment sauvegarder ?\n• Il n'y a rien à faire : le texte est automatiquement sauvegardé, à chaque caractère tapé.\n• Marquez une version (un état du pad) en cliquant sur licône « étoile ».\n• Retrouvez toute l'évolution du pad et vos versions marquées d'une étoile dans lhistorique (icône « horloge »).\n• Importez et exportez votre texte avec l'icône « double flèche » (formats HTML, texte brut, PDF, ODF…) ou avec un copier/coller.\n\nImportant ! Noubliez pas de conserver quelque part ladresse web (URL) de votre pad.\n\nBon travail collaboratif :)\n\n Ce texte est à effacer (après lecture si cest votre première visite) \n\n**ATTENTION**\nCETTE INSTANCE PROPOSE DES PADS À EFFACEMENT AUTOMATIQUE !\n\nVOS PADS SERONT AUTOMATIQUEMENT SUPPRIMÉS AU BOUT DE 62 JOURS (2 MOIS) SANS ÉDITION !\n\nSi le contenu de votre pad bimestriel a été effacé, c'est qu'il n'avait pas été modifié depuis plus de 62 jours consécutifs.\n"
TITLE=KazPad
PAD_OPTIONS_LANG=fr
TRUST_PROXY=true
DEFAULT_PAD_TEXT=" Ce texte est à effacer (après lecture si cest votre première visite) ou à conserver en bas de votre pad \n\nBienvenue sur notre PAD !\n\n➡ Comment commencer ?\n• Renseignez votre nom ou pseudo, en cliquant sur licône « utilisateur » en haut à droite.\n• Choisissez votre couleur d'écriture au même endroit.\n• Lancez-vous : écrivez sur votre pad !\n• Les contributions de chacun se synchronisent « en temps réel » sous leur propre couleur.\n\n➡ Comment partager / collaborer ?\n• Sélectionnez et copiez l'URL (l'adresse web dans la grande barre en haut à gauche du navigateur)\n• Partagez-là à vos collaborateurs et collaboratrices (email, messagerie, etc.)\n• Attention : toute personne ayant cette adresse d'accès peut modifier le pad à sa convenance.\n• Utilisez l'onglet chat (en bas à droite) pour séparer les discussions du texte sur lequel vous travaillez.\n\n➡ Comment sauvegarder ?\n• Il n'y a rien à faire : le texte est automatiquement sauvegardé, à chaque caractère tapé.\n• Marquez une version (un état du pad) en cliquant sur licône « étoile ».\n• Retrouvez toute l'évolution du pad et vos versions marquées d'une étoile dans lhistorique (icône « horloge »).\n• Importez et exportez votre texte avec l'icône « double flèche » (formats HTML, texte brut, PDF, ODF…) ou avec un copier/coller.\n\nImportant ! Noubliez pas de conserver quelque part ladresse web (URL) de votre pad.\n\nBon travail collaboratif :)\n\n Ce texte est à effacer (après lecture si cest votre première visite) \n\n**ATTENTION**\nCETTE INSTANCE PROPOSE DES PADS À EFFACEMENT AUTOMATIQUE !\n\nVOS PADS SERONT AUTOMATIQUEMENT SUPPRIMÉS AU BOUT DE 62 JOURS (2 MOIS) SANS ÉDITION !\n\nSi le contenu de votre pad bimestriel a été effacé, c'est qu'il n'avait pas été modifié depuis plus de 62 jours consécutifs.\n"

8
secret.tmpl/env-framadateDB
View File

@@ -1,5 +1,5 @@
MYSQL_ROOT_PASSWORD=
MYSQL_DATABASE=
MYSQL_USER=
MYSQL_PASSWORD=
MYSQL_ROOT_PASSWORD=@@pass@@framadateroot@@p@@
MYSQL_DATABASE=@@db@@framadatedb@@d@@
MYSQL_USER=@@user@@framadatedb@@u@@
MYSQL_PASSWORD=@@pass@@framadatedb@@p@@

4
secret.tmpl/env-framadateServ
View File

@@ -1,3 +1,3 @@
HTTPD_USER=
HTTPD_PASSWORD=
HTTPD_USER=@@user@@framadate@@u@@
HTTPD_PASSWORD=@@pass@@framadate2@@p@@

8
secret.tmpl/env-gitDB
View File

@@ -1,5 +1,5 @@
MYSQL_ROOT_PASSWORD=
MYSQL_DATABASE=
MYSQL_USER=
MYSQL_PASSWORD=
MYSQL_ROOT_PASSWORD=@@pass@@gitroot@@p@@
MYSQL_DATABASE=@@db@@gitdb@@d@@
MYSQL_USER=@@user@@gitdb@@u@@
MYSQL_PASSWORD=@@pass@@gitdb@@p@@

6
secret.tmpl/env-gitServ
View File

@@ -1,3 +1,3 @@
user_admin=
pass_admin=
admin_email=
user_admin=@@user@@git@@u@@
pass_admin=@@pass@@git@@p@@
admin_email=admin@@@globalvar@@domain@@gv@@

2
secret.tmpl/env-jirafeauServ
View File

@@ -1,2 +1,2 @@
HTTPD_PASSWORD=
HTTPD_PASSWORD=@@pass@@jirafeau@@pass@@

11
secret.tmpl/env-kaz Normal file
View File

@@ -0,0 +1,11 @@
# tout est dans le env_kaz
# utilisé par gest containers
NAS_VOL=
OPERATE_ON_MAIN= # par defaut NON on ne traite que des orgas
OPERATE_ON_NAS_ORGA= # par defaut NON, on va aussi sur les orgas du NAS
OPERATE_LOCAL_ORGA="OUI" # par defaut oui
TEMPO_ACTION_STOP=2 # Lors de redémarrage avec tempo, on attend après le stop
TEMPO_ACTION_START=60 # Lors de redémarrage avec tempo, avant de reload le proxy
DEFAULTCONTAINERS="cloud agora wp wiki office paheko castopod spip"
APPLIS_PAR_DEFAUT="tasks calendar contacts bookmarks mail richdocuments external drawio snappymail ransomware_protection" #rainloop richdocumentscode
QUIET="1" # redirection des echo

18
secret.tmpl/env-ldapServ
View File

@@ -1,9 +1,9 @@
LDAP_ADMIN_USERNAME=
LDAP_ADMIN_PASSWORD=
LDAP_CONFIG_ADMIN_USERNAME=
LDAP_CONFIG_ADMIN_PASSWORD=
LDAP_POSTFIX_PASSWORD=
LDAP_LDAPUI_PASSWORD=
LDAP_MATTERMOST_PASSWORD=
LDAP_CLOUD_PASSWORD=
LDAP_MOBILIZON_PASSWORD=
LDAP_ADMIN_USERNAME=@@user@@ldap@@u@@
LDAP_ADMIN_PASSWORD=@@pass@@ldap@@p@@
LDAP_CONFIG_ADMIN_USERNAME=@@user@@ldapconfig@@u@@
LDAP_CONFIG_ADMIN_PASSWORD=@@pass@@ldapconfig@@p@@
LDAP_POSTFIX_PASSWORD=@@pass@@ldappostfix@@p@@
LDAP_LDAPUI_PASSWORD=@@pass@@ldapui@@p@@
LDAP_MATTERMOST_PASSWORD=@@pass@@ldapmm@@p@@
LDAP_CLOUD_PASSWORD=@@pass@@ldapcloud@@p@@
LDAP_MOBILIZON_PASSWORD=@@pass@@ldapmobilizon@@p@@

18
secret.tmpl/env-ldapUI
View File

@@ -1,9 +1,9 @@
LDAPUI_URI=
LDAPUI_BASE_DN=
LDAPUI_REQUIRE_STARTTLS=
LDAPUI_ADMINS_GROUP=
LDAPUI_ADMIN_BIND_DN=
LDAPUI_ADMIN_BIND_PWD=
LDAPUI_IGNORE_CERT_ERRORS=
LDAPUI_PASSWORD=
LDAPUI_MM_ADMIN_TOKEN=
LDAPUI_URI=ldap://ldap
LDAPUI_BASE_DN=@@globalvar@@ldap_root@@gv@@
LDAPUI_REQUIRE_STARTTLS=FALSE
LDAPUI_ADMINS_GROUP=admins
LDAPUI_ADMIN_BIND_DN=cn=ldapui,ou=applications,@@globalvar@@ldap_root@@gv@@
LDAPUI_ADMIN_BIND_PWD=@@pass@@ldapui@@p@@
LDAPUI_IGNORE_CERT_ERRORS=TRUE
LDAPUI_PASSWORD=@@pass@@ldapuipass@@p@@
LDAPUI_MM_ADMIN_TOKEN=@@crossvar@@mattermostAdmin_mattermost_token@@cv@@

4
secret.tmpl/env-mail
View File

@@ -1,2 +1,2 @@
service_mail=
service_password=
service_mail=admin@@@globalvar@@domain@@gv@@
service_password=@@pass@@servicemail@@p@@

12
secret.tmpl/env-mastodonDB
View File

@@ -1,6 +1,6 @@
DB_USER=
DB_NAME=
DB_PASS=
POSTGRES_USER=
POSTGRES_PASSWORD=
POSTGRES_DB=postgres
DB_USER=@@user@@mastodon@@u@@
DB_NAME=@@db@@mastodon@@d@@
DB_PASS=@@pass@@mastodon@@p@@
POSTGRES_USER=@@user@@postgresmasto@@u@@
POSTGRES_PASSWORD=@@pass@@postgresmasto@@p@@
POSTGRES_DB=@@db@@mastodon@@d@@

4
secret.tmpl/env-mastodonServ
View File

@@ -1,9 +1,9 @@
SECRET_KEY_BASE=
OTP_SECRET=
OTP_SECRET=@@token@@masto-otp@@t@@
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=
VAPID_PRIVATE_KEY==
VAPID_PRIVATE_KEY=
VAPID_PUBLIC_KEY=
SMTP_PASSWORD=
EMAIL_DOMAIN_ALLOWLIST=

7
secret.tmpl/env-mattermostAdmin
View File

@@ -1,3 +1,4 @@
mattermost_user=
mattermost_pass=
mattermost_token=
mattermost_user=@@user@@mattermost2@@u@@
mattermost_pass=@@pass@@mattermost2@@p@@
mattermost_token=@@token@@mattermost@@t@@

13
secret.tmpl/env-mattermostDB
View File

@@ -1,8 +1,9 @@
MYSQL_ROOT_PASSWORD=
MYSQL_DATABASE=
MYSQL_USER=
MYSQL_PASSWORD=
MYSQL_ROOT_PASSWORD=@@pass@@mattermostroot@@p@@
MYSQL_DATABASE=@@db@@mattermost@@d@@
MYSQL_USER=@@user@@mattermost@@u@@
MYSQL_PASSWORD=@@pass@@mattermost@@p@@
MM_MYSQL_USER=
MM_MYSQL_PASSWORD=
POSTGRES_USER=@@user@@mattermost@@u@@
POSTGRES_PASSWORD=@@pass@@mattermost@@p@@
POSTGRES_DB=@@db@@mattermost@@d@@

16
secret.tmpl/env-mattermostServ
View File

@@ -1,15 +1,9 @@
# share with matterDB
MM_DBNAME=
MM_USERNAME=
MM_PASSWORD=
MM_ADMIN_EMAIL=@@globalvar@@matterHost@@gv@@@@@globalvar@@domain@@gv@@
MM_ADMIN_USER=@@user@@mattermost2@@u@@
MM_ADMIN_PASSWORD=@@pass@@mattermost2@@p@@
MM_ADMIN_EMAIL=
MM_ADMIN_USER=
MM_ADMIN_PASSWORD=
DB_HOST=
DB_PORT_NUMBER=
MM_SQLSETTINGS_DRIVERNAME=
MM_SQLSETTINGS_DATASOURCE=
MM_SQLSETTINGS_DRIVERNAME=postgres
MM_SQLSETTINGS_DATASOURCE=postgres://@@user@@mattermost@@u@@:@@pass@@mattermost@@p@@@postgres:5432/@@db@@mattermost@@d@@?sslmode=disable&connect_timeout=10

6
secret.tmpl/env-mobilizonDB
View File

@@ -1,4 +1,4 @@
# Database settings
POSTGRES_USER=
POSTGRES_PASSWORD=
POSTGRES_DB=
POSTGRES_USER=@@user@@mobilizon@@u@@
POSTGRES_PASSWORD=@@pass@@mobilizon@@p@@
POSTGRES_DB=@@db@@mobilizon@@d@@

6
secret.tmpl/env-mobilizonServ
View File

@@ -18,9 +18,9 @@ MOBILIZON_SMTP_USERNAME=
MOBILIZON_SMTP_PASSWORD=
MOBILIZON_SMTP_SSL=
MOBILIZON_DATABASE_USERNAME=
MOBILIZON_DATABASE_PASSWORD=
MOBILIZON_DATABASE_DBNAME=
MOBILIZON_DATABASE_USERNAME=@@user@@mobilizon@@u@@
MOBILIZON_DATABASE_PASSWORD=@@pass@@mobilizon@@p@@
MOBILIZON_DATABASE_DBNAME=@@db@@mobilizon@@d@@
# LDAP
MOBILIZON_LDAP_BINDUID=

12
secret.tmpl/env-nextcloudDB
View File

@@ -1,8 +1,8 @@
MYSQL_ROOT_PASSWORD=
MYSQL_DATABASE=
MYSQL_USER=
MYSQL_PASSWORD=
MYSQL_ROOT_PASSWORD=@@pass@@nextcloudroot@@p@@
MYSQL_DATABASE=@@db@@nextcloud@@d@@
MYSQL_USER=@@user@@nextcloud@@u@@
MYSQL_PASSWORD=@@pass@@nextcloud@@p@@
NC_MYSQL_USER=
NC_MYSQL_PASSWORD=
#NC_MYSQL_USER=
#NC_MYSQL_PASSWORD=

8
secret.tmpl/env-nextcloudServ
View File

@@ -1,5 +1,5 @@
NEXTCLOUD_ADMIN_USER=
NEXTCLOUD_ADMIN_PASSWORD=
MYSQL_HOST=
RAIN_LOOP=
NEXTCLOUD_ADMIN_USER=@@user@@nextcloudadmin@@u@@
NEXTCLOUD_ADMIN_PASSWORD=@@pass@@nextcloudadmin@@p@@
MYSQL_HOST=db
RAIN_LOOP=@@pass@@rainloop@@p@@

4
secret.tmpl/env-officeServ
View File

@@ -1,3 +1,3 @@
username=
password=
username=@@user@@office@@u@@
password=@@pass@@office@@p@@

4
secret.tmpl/env-paheko
View File

@@ -1,2 +1,2 @@
API_USER="admin-api"
API_PASSWORD="--clean_val--"
API_USER=@@user@@pahekoapi@@u@@
API_PASSWORD=@@pass@@pahekoapi@@p@@

8
secret.tmpl/env-peertubeDB Normal file
View File

@@ -0,0 +1,8 @@
POSTGRES_USER=@@user@@peertube@@u@@
POSTGRES_PASSWORD=@@pass@@peertube@@p@@
POSTGRES_DB=@@db@@peertube@@d@@
PEERTUBE_DB_USERNAME=@@user@@peertube@@u@@
PEERTUBE_DB_PASSWORD=@@pass@@peertube@@p@@
PEERTUBE_DB_SSL=false
PEERTUBE_DB_HOSTNAME=peertubeDB

32
secret.tmpl/env-peertubeServ Normal file
View File

@@ -0,0 +1,32 @@
POSTGRES_USER=@@user@@peertube@@u@@
POSTGRES_PASSWORD=@@pass@@peertube@@p@@
POSTGRES_DB=@@db@@peertube@@d@@
PEERTUBE_DB_USERNAME=@@user@@peertube@@u@@
PEERTUBE_DB_PASSWORD=@@pass@@peertube@@p@@
PEERTUBE_DB_SSL=false
PEERTUBE_DB_HOSTNAME=peertubeDB
PEERTUBE_WEBSERVER_HOSTNAME=@@globalvar@@peertubeHost@@gv@@.@@globalvar@@domain@@gv@@
PEERTUBE_TRUST_PROXY=['10.0.0.0/8', '127.0.0.1', 'loopback', '172.18.0.0/16']
PEERTUBE_SECRET=@@token@@peertube@@t@@
PT_INITIAL_ROOT_PASSWORD=@@pass@@peertubeinitialroot@@p@@
#PEERTUBE_SMTP_USERNAME=
#PEERTUBE_SMTP_PASSWORD=
# Default to Postfix service name "postfix" in docker-compose.yml
# May be the hostname of your Custom SMTP server
PEERTUBE_SMTP_HOSTNAME=smtp.kaz.bzh
PEERTUBE_SMTP_PORT=25
PEERTUBE_SMTP_FROM=
PEERTUBE_SMTP_TLS=false
PEERTUBE_SMTP_DISABLE_STARTTLS=false
PEERTUBE_ADMIN_EMAIL=
POSTFIX_myhostname=
#OPENDKIM_DOMAINS=peertube
OPENDKIM_RequireSafeKeys=no
PEERTUBE_OBJECT_STORAGE_UPLOAD_ACL_PUBLIC=public-read
PEERTUBE_OBJECT_STORAGE_UPLOAD_ACL_PRIVATE=private

8
secret.tmpl/env-roundcubeDB
View File

@@ -1,4 +1,4 @@
MYSQL_ROOT_PASSWORD=
MYSQL_DATABASE=
MYSQL_USER=
MYSQL_PASSWORD=
MYSQL_ROOT_PASSWORD=@@pass@@roudcuberoot@@p@@
MYSQL_DATABASE=@@db@@roudcube@@d@@
MYSQL_USER=@@user@@roudcube@@u@@
MYSQL_PASSWORD=@@pass@@roudcube@@p@@

10
secret.tmpl/env-roundcubeServ
View File

@@ -1,6 +1,6 @@
ROUNDCUBEMAIL_DB_TYPE=
ROUNDCUBEMAIL_DB_NAME=
ROUNDCUBEMAIL_DB_USER=
ROUNDCUBEMAIL_DB_PASSWORD=
ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE=
ROUNDCUBEMAIL_DB_TYPE=mysql
ROUNDCUBEMAIL_DB_NAME=@@db@@roudcube@@d@@
ROUNDCUBEMAIL_DB_USER=@@user@@roudcube@@u@@
ROUNDCUBEMAIL_DB_PASSWORD=@@pass@@roudcube@@p@@
ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE=1G

8
secret.tmpl/env-spipDB
View File

@@ -1,4 +1,4 @@
MYSQL_ROOT_PASSWORD=
MYSQL_DATABASE=
MYSQL_USER=
MYSQL_PASSWORD=
MYSQL_ROOT_PASSWORD=@@pass@@spiproot@@p@@
MYSQL_DATABASE=@@db@@spip@@d@@
MYSQL_USER=@@user@@spip@@u@@
MYSQL_PASSWORD=@@pass@@spip@@p@@

16
secret.tmpl/env-spipServ
View File

@@ -1,10 +1,10 @@
SPIP_AUTO_INSTALL=1
SPIP_DB_SERVER=mysql
SPIP_DB_LOGIN=
SPIP_DB_PASS=
SPIP_DB_NAME=
SPIP_ADMIN_NAME=
SPIP_ADMIN_LOGIN=
SPIP_ADMIN_EMAIL=
SPIP_ADMIN_PASS=
PHP_TIMEZONE=
SPIP_DB_NAME=@@db@@spip@@d@@
SPIP_DB_LOGIN=@@user@@spip@@u@@
SPIP_DB_PASS=@@pass@@spip@@p@@
SPIP_ADMIN_NAME=admin
SPIP_ADMIN_LOGIN=@@user@@spipadmin@@u@@
SPIP_ADMIN_EMAIL=admin@@@globalvar@@domain@@gv@@
SPIP_ADMIN_PASS=@@pass@@spipadmin@@p@@
PHP_TIMEZONE=Europe/Paris

8
secret.tmpl/env-sympaDB
View File

@@ -1,4 +1,4 @@
MYSQL_ROOT_PASSWORD=
MYSQL_DATABASE=
MYSQL_USER=
MYSQL_PASSWORD=
MYSQL_ROOT_PASSWORD=@@pass@@symparoot@@p@@
MYSQL_DATABASE=@@db@@sympa@@d@@
MYSQL_USER=@@user@@sympa@@u@@
MYSQL_PASSWORD=@@pass@@sympa@@p@@

18
secret.tmpl/env-sympaServ
View File

@@ -1,10 +1,10 @@
KEY=
CERT=
LISTMASTERS=
ADMINEMAIL=
SOAP_USER=
SOAP_PASSWORD=
KEY=/etc/ssl/private/listes.key
CERT=/etc/ssl/certs/listes.pem
LISTMASTERS=listmaster@@@globalvar@@domain_sympa@@gv@@
ADMINEMAIL=listmaster@@@globalvar@@domain_sympa@@gv@@
SOAP_USER=@@user@@sympasoap@@u@@
SOAP_PASSWORD=@@pass@@sympasoap@@p@@
MYSQL_DATABASE=
MYSQL_USER=
MYSQL_PASSWORD=
MYSQL_DATABASE=@@db@@sympa@@d@@
MYSQL_USER=@@user@@sympa@@u@@
MYSQL_PASSWORD=@@pass@@sympa@@p@@

4
secret.tmpl/env-traefik
View File

@@ -1,2 +1,2 @@
DASHBOARD_USER="admin"
DASHBOARD_PASSWORD="--clean_val--"
DASHBOARD_USER=@@user@@traefikdashboard@@u@@
DASHBOARD_PASSWORD=@@pass@@traefikdashboard@@p@@

8
secret.tmpl/env-vaultwardenDB
View File

@@ -1,4 +1,4 @@
MYSQL_ROOT_PASSWORD=
MYSQL_DATABASE=
MYSQL_USER=
MYSQL_PASSWORD=
MYSQL_ROOT_PASSWORD=@@pass@@koffreroot@@p@@
MYSQL_DATABASE=@@db@@koffre@@d@@
MYSQL_USER=@@user@@koffre@@u@@
MYSQL_PASSWORD=@@pass@@koffre@@p@@

5
secret.tmpl/env-vaultwardenServ
View File

@@ -1,3 +1,4 @@
DATABASE_URL=
ADMIN_TOKEN=
ADMIN_TOKEN=@@token@@koffre@@t@@
DATABASE_URL=mysql://@@user@@koffre@@u@@:@@pass@@koffre@@p@@@db/@@db@@koffre@@d@@
SIGNUPS_DOMAINS_WHITELIST=

8
secret.tmpl/env-vigiloDB
View File

@@ -1,4 +1,4 @@
MYSQL_ROOT_PASSWORD=
MYSQL_USER=
MYSQL_PASSWORD=
MYSQL_DATABASE=
MYSQL_ROOT_PASSWORD=@@pass@@vigiloroot@@p@@
MYSQL_DATABASE=@@db@@vigilo@@d@@
MYSQL_USER=@@user@@vigilo@@u@@
MYSQL_PASSWORD=@@pass@@vigilo@@p@@

12
secret.tmpl/env-vigiloServ
View File

@@ -1,7 +1,7 @@
BIND=
#BIND=
MYSQL_ROOT_PASSWORD=
MYSQL_USER=
MYSQL_PASSWORD=
MYSQL_DATABASE=
MYSQL_HOST=
MYSQL_ROOT_PASSWORD=@@pass@@vigiloroot@@p@@
MYSQL_DATABASE=@@db@@vigilo@@d@@
MYSQL_USER=@@user@@vigilo@@u@@
MYSQL_PASSWORD=@@pass@@vigilo@@p@@
MYSQL_HOST=db

12
secret.tmpl/env-wpDB
View File

@@ -1,8 +1,8 @@
MYSQL_ROOT_PASSWORD=@@pass@@wproot@@p@@
MYSQL_DATABASE=@@db@@wp@@d@@
MYSQL_USER=@@user@@wp@@u@@
MYSQL_PASSWORD=@@pass@@wp@@p@@
MYSQL_ROOT_PASSWORD=
MYSQL_DATABASE=
MYSQL_USER=
MYSQL_PASSWORD=
WP_MYSQL_USER=
WP_MYSQL_PASSWORD=
#WP_MYSQL_USER=
#WP_MYSQL_PASSWORD=

12
secret.tmpl/env-wpServ
View File

@@ -1,8 +1,8 @@
# share with wpDB
WORDPRESS_DB_HOST=
WORDPRESS_DB_USER=
WORDPRESS_DB_PASSWORD=
WORDPRESS_DB_NAME=
WORDPRESS_ADMIN_USER=
WORDPRESS_ADMIN_PASSWORD=
WORDPRESS_DB_HOST=db:3306
WORDPRESS_ADMIN_USER=@@user@@adminwp@@u@@
WORDPRESS_ADMIN_PASSWORD=@@pass@@adminwp@@p@@
WORDPRESS_DB_NAME=@@db@@wp@@d@@
WORDPRESS_DB_USER=@@user@@wp@@u@@
WORDPRESS_DB_PASSWORD=@@pass@@wp@@p@@