inscription utilisateur complète

Merge branch 'master' into feat/python
typo
2025-07-28 17:07:01 +02:00 · 2025-07-26 15:45:22 +02:00 · 2025-07-26 15:41:38 +02:00 · 2025-07-26 15:40:15 +02:00 · 2025-07-26 15:39:49 +02:00 · 2025-07-26 15:32:54 +02:00
65 changed files with 1863 additions and 451 deletions
--- a/bin/applyTemplate.sh
+++ b/bin/applyTemplate.sh
@@ -16,6 +16,7 @@ KAZ_ROOT=$(cd "$(dirname $0)/.."; pwd)
 setKazVars
 . "${DOCKERS_ENV}"
 . "${KAZ_KEY_DIR}/SetAllPass.sh"
 usage () {
    echo $(basename "$0") " [-h] [-help] [-timestamp] template dst"
@@ -63,8 +64,8 @@ done
 	-e "s|__DOKUWIKI_HOST__|${dokuwikiHost}|g"\
 	-e "s|__DOMAIN__|${domain}|g"\
 	-e "s|__FILE_HOST__|${fileHost}|g"\
-#	-e "s|__PAHEKO_API_PASSWORD__|${paheko_API_PASSWORD}|g"\
+	-e "s|__PAHEKO_API_PASSWORD__|${paheko_API_PASSWORD}|g"\
-#	-e "s|__PAHEKO_API_USER__|${paheko_API_USER}|g"\
+	-e "s|__PAHEKO_API_USER__|${paheko_API_USER}|g"\
 	-e "s|__PAHEKO_HOST__|${pahekoHost}|g"\
 	-e "s|__GIT_HOST__|${gitHost}|g"\
 	-e "s|__GRAV_HOST__|${gravHost}|g"\
@@ -78,9 +79,9 @@ done
 	-e "s|__SMTP_HOST__|${smtpHost}|g"\
 	-e "s|__SYMPADB__|${sympaDBName}|g"\
 	-e "s|__SYMPA_HOST__|${sympaHost}|g"\
-#	-e "s|__SYMPA_MYSQL_DATABASE__|${sympa_MYSQL_DATABASE}|g"\
+	-e "s|__SYMPA_MYSQL_DATABASE__|${sympa_MYSQL_DATABASE}|g"\
-#	-e "s|__SYMPA_MYSQL_PASSWORD__|${sympa_MYSQL_PASSWORD}|g"\
+	-e "s|__SYMPA_MYSQL_PASSWORD__|${sympa_MYSQL_PASSWORD}|g"\
-#	-e "s|__SYMPA_MYSQL_USER__|${sympa_MYSQL_USER}|g"\
+	-e "s|__SYMPA_MYSQL_USER__|${sympa_MYSQL_USER}|g"\
 	-e "s|__VIGILO_HOST__|${vigiloHost}|g"\
 	-e "s|__WEBMAIL_HOST__|${webmailHost}|g"\
 	-e "s|__CASTOPOD_HOST__|${castopodHost}|g"\
--- a/bin/container.sh
+++ b/bin/container.sh
@@ -61,6 +61,20 @@ doCompose () {
 	${SIMU} ln -fs ../../config/dockers.env .env
    fi
    ${SIMU} docker-compose $1
    if [ "$2" = "cachet" ] && [ "$1" != "down" ]; then
 	NEW_KEY=$(cd "${KAZ_COMP_DIR}/$2" ; docker-compose logs | grep APP_KEY=base64: | sed "s/^.*'APP_KEY=\(base64:[^']*\)'.*$/\1/" | tail -1)
 	if [ -n "${NEW_KEY}" ]; then
 	    printKazMsg "cachet key change"
 	    # change key
 	    ${SIMU} sed -i \
 		    -e 's%^\(\s*cachet_APP_KEY=\).*$%\1"'"${NEW_KEY}"'"%' \
 		    "${KAZ_KEY_DIR}/SetAllPass.sh"
 	    ${SIMU} "${KAZ_BIN_DIR}/secretGen.sh"
 	    # restart
 	    ${SIMU} docker-compose $1
 	fi
    fi
 }
 doComposes () {
@@ -163,6 +177,7 @@ statusComposes () {
 saveComposes () {
    . "${DOCKERS_ENV}"
    . "${KAZ_ROOT}/secret/SetAllPass.sh"
    savedComposes+=( ${enableMailComposes[@]} )
    savedComposes+=( ${enableProxyComposes[@]} )
@@ -180,59 +195,49 @@ saveComposes () {
 	    ;;
 	    sympa)
       		echo "save sympa"
-		. $KAZ_BIN_DIR/getPasswords.sh sympaDB
+		saveDB ${sympaDBName} "${sympa_MYSQL_USER}" "${sympa_MYSQL_PASSWORD}" "${sympa_MYSQL_DATABASE}" sympa mysql
 		saveDB ${sympaDBName} "${sympaDB_MYSQL_USER}" "${sympaDB_MYSQL_PASSWORD}" "${sympaDB_MYSQL_DATABASE}" sympa mysql
 		;;
 	    web)
 		# rien à faire (fichiers)
 		;;
 	    etherpad)
 		echo "save pad"
-		. $KAZ_BIN_DIR/getPasswords.sh etherpadDB
+		saveDB ${etherpadDBName} "${etherpad_MYSQL_USER}" "${etherpad_MYSQL_PASSWORD}" "${etherpad_MYSQL_DATABASE}" etherpad mysql
 		saveDB ${etherpadDBName} "${etherpadDB_MYSQL_USER}" "${etherpadDB_MYSQL_PASSWORD}" "${etherpadDB_MYSQL_DATABASE}" etherpad mysql
 		;;
 	    framadate)
 		echo "save date"
-		. $KAZ_BIN_DIR/getPasswords.sh framadateDB
+		saveDB ${framadateDBName} "${framadate_MYSQL_USER}" "${framadate_MYSQL_PASSWORD}" "${framadate_MYSQL_DATABASE}" framadate mysql
 		saveDB ${framadateDBName} "${framadateDB_MYSQL_USER}" "${framadateDB_MYSQL_PASSWORD}" "${framadateDB_MYSQL_DATABASE}" framadate mysql
 		;;
 	    cloud)
 		echo "save cloud"
-		. $KAZ_BIN_DIR/getPasswords.sh nextcloudDB
+		saveDB ${nextcloudDBName} "${nextcloud_MYSQL_USER}" "${nextcloud_MYSQL_PASSWORD}" "${nextcloud_MYSQL_DATABASE}" nextcloud mysql
 		saveDB ${nextcloudDBName} "${nextcloudDB_MYSQL_USER}" "${nextcloudDB_MYSQL_PASSWORD}" "${nextcloudDB_MYSQL_DATABASE}" nextcloud mysql
 		;;
 	    paheko)
 		# rien à faire (fichiers)
 		;;		
 	    mattermost)
 		echo "save mattermost"
-		. $KAZ_BIN_DIR/getPasswords.sh mattermostDB
+		saveDB matterPG "${mattermost_POSTGRES_USER}" "${mattermost_POSTGRES_PASSWORD}" "${mattermost_POSTGRES_DB}" mattermost postgres
 		saveDB matterPG "${mattermostDB_POSTGRES_USER}" "${mattermostDB_POSTGRES_PASSWORD}" "${mattermostDB_POSTGRES_DB}" mattermost postgres
 		;;
 	    mobilizon)
 		echo "save mobilizon"
-		. $KAZ_BIN_DIR/getPasswords.sh mobilizonDB
+		saveDB ${mobilizonDBName} "${mobilizon_POSTGRES_USER}" "${mobilizon_POSTGRES_PASSWORD}" "${mobilizon_POSTGRES_DB}" mobilizon postgres
 		saveDB ${mobilizonDBName} "${mobilizonDB_POSTGRES_USER}" "${mobilizonDB_POSTGRES_PASSWORD}" "${mobilizonDB_POSTGRES_DB}" mobilizon postgres
 		;;
 	    peertube)
 		echo "save peertube"
-		. $KAZ_BIN_DIR/getPasswords.sh peertubeDB
+		saveDB ${peertubeDBName} "${peertube_POSTGRES_USER}" "${peertube_POSTGRES_PASSWORD}" "${PEERTUBE_DB_HOSTNAME}" peertube postgres
 		saveDB ${peertubeDBName} "${peertubeDB_POSTGRES_USER}" "${peertubeDB_POSTGRES_PASSWORD}" "${peertubeDB_PEERTUBE_DB_HOSTNAME}" peertube postgres
 		;;
 	    mastodon)
 		echo "save mastodon"
-		. $KAZ_BIN_DIR/getPasswords.sh mastodonDB
+		saveDB ${mastodonDBName} "${mastodon_POSTGRES_USER}" "${mastodon_POSTGRES_PASSWORD}" "${mastodon_POSTGRES_DB}" mastodon postgres
 		saveDB ${mastodonDBName} "${mastodonDB_POSTGRES_USER}" "${mastodonDB_POSTGRES_PASSWORD}" "${mastodonDB_POSTGRES_DB}" mastodon postgres
 		;;
 	    roundcube)
 		echo "save roundcube"
-		. $KAZ_BIN_DIR/getPasswords.sh roundcubeDB
+		saveDB ${roundcubeDBName} "${roundcube_MYSQL_USER}" "${roundcube_MYSQL_PASSWORD}" "${roundcube_MYSQL_DATABASE}" roundcube mysql
 		saveDB ${roundcubeDBName} "${roundcubeDB_MYSQL_USER}" "${roundcubeDB_MYSQL_PASSWORD}" "${roundcubeDB_MYSQL_DATABASE}" roundcube mysql
 		;;	
 	    vaultwarden)
 		echo "save vaultwarden"
-		. $KAZ_BIN_DIR/getPasswords.sh vaultwardenDB
+		saveDB ${vaultwardenDBName} "${vaultwarden_MYSQL_USER}" "${vaultwarden_MYSQL_PASSWORD}" "${vaultwarden_MYSQL_DATABASE}" vaultwarden mysql
 		saveDB ${vaultwardenDBName} "${vaultwardenDB_MYSQL_USER}" "${vaultwardenDB_MYSQL_PASSWORD}" "${vaultwardenDB_MYSQL_DATABASE}" vaultwarden mysql
 		;;
 	    dokuwiki)
 		# rien à faire (fichiers)
@@ -242,18 +247,15 @@ saveComposes () {
 		echo "save ${ORGA}"
 		if grep -q "cloud:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then
 		    echo "    => cloud"
-			. $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudDB
+		    saveDB "${ORGA}-DB" "${nextcloud_MYSQL_USER}" "${nextcloud_MYSQL_PASSWORD}" "${nextcloud_MYSQL_DATABASE}" "${ORGA}-cloud" mysql
 		    saveDB "${ORGA}-DB" "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" "${ORGA}-cloud" mysql
 		fi
 		if grep -q "agora:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then
 		    echo "    => mattermost"
-			. $KAZ_KEY_DIR/orgas/$ORGA/env-mattermostDB
+		    saveDB "${ORGA}-DB" "${mattermost_MYSQL_USER}" "${mattermost_MYSQL_PASSWORD}" "${mattermost_MYSQL_DATABASE}" "${ORGA}-mattermost" mysql
 			saveDB "${ORGA}-DB" "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" "${ORGA}-mattermost" mysql
 		fi
 		if grep -q "wordpress:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then
 		    echo "    => wordpress"
-			. $KAZ_KEY_DIR/orgas/$ORGA/env-wpDB
+		    saveDB "${ORGA}-DB" "${wp_MYSQL_USER}" "${wp_MYSQL_PASSWORD}" "${wp_MYSQL_DATABASE}" "${ORGA}-wordpress" mysql
 		    saveDB "${ORGA}-DB" "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" "${ORGA}-wordpress" mysql
 		fi
 		;;
 	esac
--- a/bin/createDBUsers.sh
+++ b/bin/createDBUsers.sh
@@ -1,87 +0,0 @@
 #!/bin/bash
 KAZ_ROOT=$(cd $(dirname $0)/..; pwd)
 . "${KAZ_ROOT}/bin/.commonFunctions.sh"
 setKazVars
 # pour mise au point
 # SIMU=echo
 # Améliorations à prévoir
 # - donner en paramètre les services concernés (pour limité les modifications)
 # - pour les DB si on déclare un nouveau login, alors les privilèges sont créé mais les anciens pas révoqués
 . "${DOCKERS_ENV}"
 . "${KAZ_KEY_DIR}/SetAllPass.sh"
 createMysqlUser(){
    # $1 = envName
    # $2 = containerName of DB
 	. $KAZ_BIN_DIR/getPasswords.sh $1
    rootPass="$1_MYSQL_ROOT_PASSWORD"
    dbName="$1_MYSQL_DATABASE"
    userName="$1_MYSQL_USER"
    userPass="$1_MYSQL_PASSWORD"
    # seulement si pas de mdp pour root
    # pb oeuf et poule (il faudrait les anciennes valeurs) :
    # * si rootPass change, faire à la main
    # * si dbName change, faire à la main
    checkDockerRunning "$2" "$2" || return
    echo "change DB pass on docker $2"
    echo "grant all privileges on ${!dbName}.* to '${!userName}' identified by '${!userPass}';" | \
 	docker exec -i $2 bash -c "mysql --user=root --password=${!rootPass}"
 }
 framadateUpdate(){
    [[ "${COMP_ENABLE}" =~ " framadate " ]] || return
    if [ ! -f "${DOCK_LIB}/volumes/framadate_dateConfig/_data/config.php" ]; then
 	return 0
    fi
 	.$KAZ_BIN_DIR/getPasswords.sh framadateDB framadateServ
    checkDockerRunning "${framadateServName}" "Framadate" &&
 	${SIMU} docker exec -ti "${framadateServName}" bash -c -i "htpasswd -bc /var/framadate/admin/.htpasswd ${framadateServ_HTTPD_USER} ${framadateServ_HTTPD_PASSWORD}"
    ${SIMU} sed -i \
 	    -e "s/^#*const DB_USER[ ]*=.*$/const DB_USER= '${framadateDB_MYSQL_USER}';/g" \
 	    -e "s/^#*const DB_PASSWORD[ ]*=.*$/const DB_PASSWORD= '${framadateDB_MYSQL_PASSWORD}';/g" \
 	    "${DOCK_LIB}/volumes/framadate_dateConfig/_data/config.php"
 }
 jirafeauUpdate(){
    [[ "${COMP_ENABLE}" =~ " jirafeau " ]] || return
    if [ ! -f "${DOCK_LIB}/volumes/jirafeau_fileConfig/_data/config.local.php" ]; then
 	return 0
    fi
 	. $KAZ_BIN_DIR/getPasswords.sh jirafeauServ
    SHA=$(echo -n "${jirafeauServ_HTTPD_PASSWORD}" | sha256sum | cut -d \  -f 1)
    ${SIMU} sed -i \
 	    -e "s/'admin_password'[ ]*=>[ ]*'[^']*'/'admin_password' => '${SHA}'/g" \
 	    "${DOCK_LIB}/volumes/jirafeau_fileConfig/_data/config.local.php"
 }
 ####################
 # main
 createMysqlUser "etherpadDB" "${etherpadDBName}"
 createMysqlUser "framadateDB" "${framadateDBName}"
 createMysqlUser "giteaDB" "${gitDBName}"
 createMysqlUser "mattermostDB" "${mattermostDBName}"
 createMysqlUser "nextcloudDB" "${nextcloudDBName}"
 createMysqlUser "roundcubeDB" "${roundcubeDBName}"
 createMysqlUser "sympaDB" "${sympaDBName}"
 createMysqlUser "vigiloDB" "${vigiloDBName}"
 createMysqlUser "wpDB" "${wordpressDBName}"
 createMysqlUser "vaultwardenDB" "${vaultwardenDBName}"
 createMysqlUser "castopodDB" "${castopodDBName}"
 createMysqlUser "spipDB" "${spipDBName}"
 createMysqlUser "mastodonDB" "${mastodonDBName}"
 framadateUpdate
 jirafeauUpdate
 exit 0
--- a/bin/createEmptyPasswd.sh
+++ b/bin/createEmptyPasswd.sh
@@ -0,0 +1,104 @@
 #!/bin/bash
 cd $(dirname $0)/..
 mkdir -p emptySecret
 rsync -aHAX --info=progress2 --delete secret/ emptySecret/
 cd emptySecret/
 . ../config/dockers.env
 . ./SetAllPass.sh
 # pour mise au point
 # SIMU=echo
 cleanEnvDB(){
    # $1 = prefix
    # $2 = envName
    # $3 = containerName of DB
    rootPass="--root_password--"
    dbName="--database_name--"
    userName="--user_name--"
    userPass="--user_password--"
    ${SIMU} sed -i \
 	    -e "s/MYSQL_ROOT_PASSWORD=.*/MYSQL_ROOT_PASSWORD=${rootPass}/g" \
 	    -e "s/MYSQL_DATABASE=.*/MYSQL_DATABASE=${dbName}/g" \
 	    -e "s/MYSQL_USER=.*/MYSQL_USER=${userName}/g" \
 	    -e "s/MYSQL_PASSWORD=.*/MYSQL_PASSWORD=${userPass}/g" \
 	    "$2"
 }
 cleanEnv(){
    # $1 = prefix
    # $2 = envName    
    for varName in $(grep "^[a-zA-Z_]*=" $2 | sed "s/^\([^=]*\)=.*/\1/g")
    do
 	srcName="$1_${varName}"
 	srcVal="--clean_val--"
 	${SIMU} sed -i \
 		-e "s~^[ ]*${varName}=.*$~${varName}=${srcVal}~" \
 		"$2"
    done
 }
 cleanPasswd(){
    ${SIMU} sed -i \
 	    -e 's/^\([# ]*[^#= ]*\)=".[^{][^"]*"/\1="--clean_val--"/g' \
 	    ./SetAllPass.sh
 }
 ####################
 # main
 # read -r -p "Do you want to remove all password? [Y/n] " input
 # case $input in
 #     [yY][eE][sS]|[yY])
 #  echo "Remove all password"
 #  ;;
 #     [nN][oO]|[nN])
 #  echo "Abort"
 #        ;;
 #     *)
 #  echo "Invalid input..."
 #  exit 1
 #  ;;
 # esac
 cleanPasswd
 cleanEnvDB "etherpad" "./env-${etherpadDBName}" "${etherpadDBName}"
 cleanEnvDB "framadate" "./env-${framadateDBName}" "${framadateDBName}"
 cleanEnvDB "git" "./env-${gitDBName}" "${gitDBName}"
 cleanEnvDB "mattermost" "./env-${mattermostDBName}" "${mattermostDBName}"
 cleanEnvDB "nextcloud" "./env-${nextcloudDBName}" "${nextcloudDBName}"
 cleanEnvDB "roundcube" "./env-${roundcubeDBName}" "${roundcubeDBName}"
 cleanEnvDB "sso" "./env-${ssoDBName}" "${ssoDBName}"
 cleanEnvDB "sympa" "./env-${sympaDBName}" "${sympaDBName}"
 cleanEnvDB "vigilo" "./env-${vigiloDBName}" "${vigiloDBName}"
 cleanEnvDB "wp" "./env-${wordpressDBName}" "${wordpressDBName}"
 cleanEnv "etherpad" "./env-${etherpadServName}"
 cleanEnv "gandi" "./env-gandi"
 cleanEnv "jirafeau" "./env-${jirafeauServName}"
 cleanEnv "mattermost" "./env-${mattermostServName}"
 cleanEnv "nextcloud" "./env-${nextcloudServName}"
 cleanEnv "office" "./env-${officeServName}"
 cleanEnv "roundcube" "./env-${roundcubeServName}"
 cleanEnv "sso" "./env-${ssoServName}"
 cleanEnv "vigilo" "./env-${vigiloServName}"
 cleanEnv "wp" "./env-${wordpressServName}"
 cat > allow_admin_ip <<EOF
 # ip for admin access only
 # local test
 allow 127.0.0.0/8;
 allow 192.168.0.0/16;
 EOF
 chmod -R go= .
 chmod -R +X .
--- a/bin/createSrcDocker.sh
+++ b/bin/createSrcDocker.sh
@@ -3,13 +3,14 @@
 cd $(dirname $0)
 ./setOwner.sh
 ./createEmptyPasswd.sh
 cd ../..
-FILE_NAME="/tmp/$(date +'%Y%m%d')-KAZ.tar.bz2"
+FILE_NAME="/tmp/$(date +'%Y%M%d')-KAZ.tar.bz2"
-tar -cjf "${FILE_NAME}" --transform s/secret.tmpl/secret/ \
+tar -cjf "${FILE_NAME}" --transform s/emptySecret/secret/ \
-     ./kaz/secret.tmpl/ ./kaz/bin ./kaz/config ./kaz/dockers
+     ./kaz/emptySecret/ ./kaz/bin ./kaz/config ./kaz/dockers
 ls -l "${FILE_NAME}"
--- a/bin/createUser.py
+++ b/bin/createUser.py
@@ -0,0 +1,5 @@
 #!/usr/bin/python3
 from lib.user import create_users_from_file
 create_users_from_file()
--- a/bin/createUser.sh
+++ b/bin/createUser.sh
@@ -37,9 +37,7 @@ setKazVars
 cd "${KAZ_ROOT}"
 . "${DOCKERS_ENV}"
-
+. "${KAZ_KEY_DIR}/SetAllPass.sh"
 . $KAZ_BIN_DIR/getPasswords.sh ldapServ sympaServ paheko
 # DOCK_DIR="${KAZ_COMP_DIR}" # ???
@@ -223,7 +221,6 @@ dos2unix "${TFILE_MM}"
 echo "done"
 # se connecter à l'agora pour ensuite pouvoir passer toutes les commandes mmctl
 . $KAZ_KEY_DIR/env-mattermostAdmin
 echo "docker exec -i mattermostServ bin/mmctl auth login ${httpProto}://${URL_AGORA} --name local-server --username ${mattermost_user} --password ${mattermost_pass}" | tee -a "${CMD_INIT}"
 # vérif des emails
@@ -396,9 +393,9 @@ nextcloudEnabled: TRUE\n\
 nextcloudQuota: ${QUOTA} GB\n\
 mobilizonEnabled: TRUE\n\
 agoraEnabled: TRUE\n\
-userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}" | tee -a "${CMD_LOGIN}"
+userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldap_LDAP_ADMIN_PASSWORD}" | tee -a "${CMD_LOGIN}"
    fi
-#userPassword: {CRYPT}\$6\$${pass}\n\n\" | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldapServ_LDAP_CONFIG_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldapServ_LDAP_CONFIG_ADMIN_PASSWORD}" | tee -a "${CMD_LOGIN}"
+#userPassword: {CRYPT}\$6\$${pass}\n\n\" | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldap_LDAP_CONFIG_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldap_LDAP_CONFIG_ADMIN_PASSWORD}" | tee -a "${CMD_LOGIN}"
    CREATE_ORGA_SERVICES=""
@@ -427,16 +424,15 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$
    MESSAGE_MAIL_ORGA_1="${MESSAGE_MAIL_ORGA_1}${NL}* un bureau virtuel pour stocker des fichiers/calendriers/contacts et partager avec vos connaissances : ${httpProto}://${URL_NC}"
    # le user existe t-il déjà sur NC ?
-	. $KAZ_KEY_DIR/env-nextcloudServ
+    curl -o "${TEMP_USER_NC}" -X GET -H 'OCS-APIRequest:true' "${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users?search=${IDENT_KAZ}"
    curl -o "${TEMP_USER_NC}" -X GET -H 'OCS-APIRequest:true' "${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users?search=${IDENT_KAZ}"
    if grep -q "<element>${IDENT_KAZ}</element>" "${TEMP_USER_NC}"; then
 	echo "${IDENT_KAZ} existe déjà sur ${URL_NC}" | tee -a "${LOG}"
    else
      # on créé l'utilisateur sur NC sauf si c'est le NC général, on ne créé jamais l'utilisateur7
 	  if [ ${URL_NC} != "${cloudHost}.${domain}" ]; then
-		. $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudServ
+	
-	    echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users \
+	    echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users \
 -d userid='${IDENT_KAZ}' \
 -d displayName='${PRENOM} ${NOM}' \
 -d password='${PASSWORD}' \
@@ -449,22 +445,19 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$
 	# s'il est admin de son orga, on le met admin
 	if [ "${service[ADMIN_ORGA]}" == "O" -a "${ORGA}" != "" -a "${service[NC_ORGA]}" == "O" ]; then
-		. $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudServ
+	    echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://${nextcloud_NEXTCLOUD_ADMIN_USER}:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users/${IDENT_KAZ}/groups -d groupid='admin'" | tee -a "${CMD_INIT}"
 	    echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users/${IDENT_KAZ}/groups -d groupid='admin'" | tee -a "${CMD_INIT}"
 	fi
 	# faut-il mettre le user NC dans un groupe particulier sur le NC de base ?
 	if [ "${GROUPE_NC_BASE}" != "" -a  "${service[NC_BASE]}" == "O" ]; then
 		# ici on travaille à nouveau sur le NC commun, donc on rechoppe les bons mdp
 		. $KAZ_KEY_DIR/env-nextcloudServ
 	    # le groupe existe t-il déjà ?
-	    curl -o "${TEMP_GROUP_NC}" -X GET -H 'OCS-APIRequest:true' "${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/groups?search=${GROUPE_NC_BASE}"
+	    curl -o "${TEMP_GROUP_NC}" -X GET -H 'OCS-APIRequest:true' "${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/groups?search=${GROUPE_NC_BASE}"
 	    nb=$(grep "<element>${GROUPE_NC_BASE}</element>" "${TEMP_GROUP_NC}" | wc -l)
 	    if [ "${nb}" == "0" ];then
-		echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/groups -d groupid=${GROUPE_NC_BASE}" | tee -a "${CMD_INIT}"
+		echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/groups -d groupid=${GROUPE_NC_BASE}" | tee -a "${CMD_INIT}"
 	    fi
 	    # puis attacher le user au groupe
-	    echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users/${IDENT_KAZ}/groups -d groupid=${GROUPE_NC_BASE}" | tee -a "${CMD_INIT}"
+	    echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users/${IDENT_KAZ}/groups -d groupid=${GROUPE_NC_BASE}" | tee -a "${CMD_INIT}"
 	fi
    fi
@@ -490,8 +483,7 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$
 	# TODO : vérif existance user
 	# 			# le user existe t-il déjà sur le wp ?
-	#			. $KAZ_BIN_DIR/getPasswords.sh wpServ
+	# 			curl -o "${TEMP_USER_WP}" -X GET "${httpProto}://${wp_WORDPRESS_ADMIN_USER}:${wp_WORDPRESS_ADMIN_PASSWORD}@${URL_WP_ORGA}/ocs/v1.php/cloud/users?search=${IDENT_KAZ}"
 	# 			curl -o "${TEMP_USER_WP}" -X GET "${httpProto}://${wpServ_WORDPRESS_ADMIN_USER}:${wpServ_WORDPRESS_ADMIN_PASSWORD}@${URL_WP_ORGA}/ocs/v1.php/cloud/users?search=${IDENT_KAZ}"
 	# 			nb_user_wp_orga=$(grep "<element>${IDENT_KAZ}</element>" "${TEMP_USER_WP}" | wc -l)
 	# 			if [ "${nb_user_wp_orga}" != "0" ];then
 	# 				(
@@ -509,7 +501,7 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$
 	# 					) | tee -a "${LOG}"
 	#
 	# 					# on supprime l'utilisateur sur NC.
-	# 					echo "curl -X DELETE -H 'OCS-APIRequest:true' ${httpProto}://admin:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users \
+	# 					echo "curl -X DELETE -H 'OCS-APIRequest:true' ${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users \
 	    # 					-d userid='${IDENT_KAZ}' \
 	    # 					" | tee -a "${CMD_INIT}"
 	# 				fi
@@ -627,13 +619,13 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$
    # docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=https://listes.kaz.sns/sympasoap --trusted_application=SOAP_USER --trusted_application_password=SOAP_PASSWORD --proxy_vars="USER_EMAIL=contact1@kaz.sns" --service=which
    if [[ "${mode}" = "dev" ]]; then
 	echo "# DEV, on teste l'inscription à sympa"| tee -a "${CMD_SYMPA}"
-	LISTMASTER=$(echo ${sympaServ_LISTMASTERS} | cut -d',' -f1)
+	LISTMASTER=$(echo ${sympa_LISTMASTERS} | cut -d',' -f1)
-	echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\""  | tee -a "${CMD_SYMPA}"
+	echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\""  | tee -a "${CMD_SYMPA}"
    else
 	echo "# PROD, on inscrit à sympa"| tee -a "${CMD_SYMPA}"
-	LISTMASTER=$(echo ${sympaServ_LISTMASTERS} | cut -d',' -f1)
+	LISTMASTER=$(echo ${sympa_LISTMASTERS} | cut -d',' -f1)
-	echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\""  | tee -a "${CMD_SYMPA}"
+	echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\""  | tee -a "${CMD_SYMPA}"
-	echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SECOURS}\""  | tee -a "${CMD_SYMPA}"
+	echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SECOURS}\""  | tee -a "${CMD_SYMPA}"
    fi
    if [ "${service[ADMIN_ORGA]}" == "O" ]; then
--- a/bin/gestContainers.sh
+++ b/bin/gestContainers.sh
@@ -7,6 +7,7 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
 . $KAZ_ROOT/bin/.commonFunctions.sh
 setKazVars
 . $DOCKERS_ENV
 . $KAZ_ROOT/secret/SetAllPass.sh
 . $KAZ_ROOT/secret/env-kaz
 PRG=$(basename $0)
--- a/bin/gestContainers_v2.sh
+++ b/bin/gestContainers_v2.sh
@@ -7,7 +7,7 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
 . $KAZ_ROOT/bin/.commonFunctions.sh
 setKazVars
 . $DOCKERS_ENV
-
+. $KAZ_ROOT/secret/SetAllPass.sh
 PRG=$(basename $0)
--- a/bin/gestUsers.sh
+++ b/bin/gestUsers.sh
@@ -8,7 +8,7 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
 setKazVars
 . $DOCKERS_ENV
-. $KAZ_BIN_DIR/getPasswords.sh ldapServ nextcloudServ sympaServ paheko
+. $KAZ_ROOT/secret/SetAllPass.sh
 VERSION="18-05-2025"
 PRG=$(basename $0)
@@ -24,7 +24,7 @@ URL_PAHEKO="$httpProto://${paheko_API_USER}:${paheko_API_PASSWORD}@kaz-paheko.$(
 NL_LIST=infos@listes.kaz.bzh
 URL_AGORA_API=${URL_AGORA}/api/v4
 EQUIPE=kaz
-LISTMASTER=$(echo ${sympaServ_LISTMASTERS} | cut -d',' -f1)
+LISTMASTER=$(echo ${sympa_LISTMASTERS} | cut -d',' -f1)
 #### Test du serveur sur lequel s' execute le script ####
@@ -47,8 +47,6 @@ rm -rf /tmp/*.json
 ############################################ Fonctions #######################################################
 ExpMail() {
 		. $KAZ_KEY_DIR/env-mail
        MAIL_DEST=$1
        MAIL_SUJET=$2
        MAIL_TEXTE=$3
@@ -60,7 +58,6 @@ ExpMail() {
 }
 PostMattermost() {
 		. $KAZ_KEY_DIR/env-mattermostAdmin
        PostM=$1
        CHANNEL=$2
        TEAMID=$(curl -s -H "Authorization: Bearer ${mattermost_token}" "${URL_AGORA_API}/teams/name/${EQUIPE}" | jq .id | sed -e 's/"//g')
@@ -94,8 +91,8 @@ searchEmail() {
 			fi
 		done
 		ldapsearch -H ldap://${LDAP_IP} \
-		-x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
+		-x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
-		-w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
+		-w "${ldap_LDAP_ADMIN_PASSWORD}" \
 		-b "${ldap_root}" "(&(objectclass=${SEARCH_OBJECT_CLASS})(cn=*${RMAIL}*))" cn | grep ^cn | sed -e 's/^cn: //' >$TFILE_EMAILS
 		COMPTEUR_LIGNE=0
 		while read LIGNE
@@ -139,7 +136,6 @@ searchEmail() {
 searchMattermost() {
 		#Ici $1 est une adresse email
 		. $KAZ_KEY_DIR/env-mattermostAdmin
            	docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings auth login $httpProto://$URL_AGORA --name local-server --username $mattermost_user --password $mattermost_pass >/dev/null 2>&1
 		docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings config set ServiceSettings.EnableAPIUserDeletion "true" >/dev/null 2>&1
 		#on créé la list des mails dans mattermost
@@ -186,12 +182,12 @@ infoEmail() {
 					printKazMsg " DETAILS DU COMPTE DANS NEXTCLOUD PRINCIPAL"
 					echo -e ""
 					#TEMP_USER_NC=$(mktemp /tmp/$RACINE.XXXXXXXXX.TEMP_USER_NC)
-					#curl -s -o $TEMP_USER_NC -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=$CHOIX_MAIL
+					#curl -s -o $TEMP_USER_NC -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloud_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=$CHOIX_MAIL
 					#cat $TEMP_USER_NC | grep -i "element" | sed -e s/[\<\>\/]//g | sed -e s/element//g
 					echo -ne "${NC}"
 					echo -ne " - Nextcloud enable : "
 					echo -ne "${GREEN}"
-					ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i nextcloudEnabled | cut -c 18-30
+					ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i nextcloudEnabled | cut -c 18-30
 					echo -ne "${NC}"
 					echo -e "${NC} ------------------------------------------------"
 					printKazMsg " DETAILS DU COMPTE DANS LDAP ET PAHEKO"
@@ -207,11 +203,11 @@ infoEmail() {
 					echo -ne "${NC}"
 					echo -n " - Quota Mail (Ldap) : " 
 					echo -ne "${GREEN}"
-					ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i mailquota | cut -c 11-60
+					ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i mailquota | cut -c 11-60
 					echo -ne "${NC}"
 					echo -n " - Quota Nextcloud (Ldap) : "
 					echo -ne "${GREEN}"
-					ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i nextcloudquota | cut -c 17-60
+					ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i nextcloudquota | cut -c 17-60
 					echo -ne "${NC}"
 					echo -n " - Mail de secours (Paheko ): "
 					echo -ne "${GREEN}"
@@ -219,11 +215,11 @@ infoEmail() {
 					echo -ne "${NC}"
 					echo -n " - Mail de secours (Ldap): "
 					echo -ne "${GREEN}"
-					ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i maildeSecours | sed -e 's/mailDeSecours://'
+					ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i maildeSecours | sed -e 's/mailDeSecours://'
 					echo -ne "${NC}"
 					echo -n " - Alias (Ldap) : "
 					echo -ne "${GREEN}"
-					LDAP_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i alias | cut -c 11-60)
+					LDAP_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i alias | cut -c 11-60)
 					echo -ne "${NC}"
 					echo -ne "${GREEN}"
 					for ldap_alias in ${LDAP_ALIAS}
@@ -243,8 +239,8 @@ infoEmail() {
                			echo "------------------------------------------------"
 					echo  " Alias : ${CHOIX_MAIL} "
 					echo ""
-					for INFOALIAS in $(ldapsearch -H ldap://${LDAP_IP} -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
+					for INFOALIAS in $(ldapsearch -H ldap://${LDAP_IP} -x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
-                		        -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${CHOIX_MAIL}*))" mail \
+                		        -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${CHOIX_MAIL}*))" mail \
 					| grep ^mail: | sed -e 's/^mail://')
 					do
 						echo -ne "=====> ${GREEN}  " 
@@ -311,12 +307,12 @@ searchDestroy() {
 						fi
 						echo -e "${NC}"
 						echo -e "Recherche de ${GREEN} ${REP_SEARCH_DESTROY} ${NC} dans nextcloud"
-						USER_NEXTCLOUD_SUPPR=$(curl -s -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=${REP_SEARCH_DESTROY} | grep element | sed -s 's/[ \<\>\/]//g' | sed  's/element//g')
+						USER_NEXTCLOUD_SUPPR=$(curl -s -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloud_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=${REP_SEARCH_DESTROY} | grep element | sed -s 's/[ \<\>\/]//g' | sed  's/element//g')
 						if [ ! -z ${USER_NEXTCLOUD_SUPPR} ]
 						then
 							printKazMsg "le user trouvé est : ${USER_NEXTCLOUD_SUPPR}"
 							echo -e "${RED} Suppresion de ${USER_NEXTCLOUD_SUPPR}"
-							curl -H 'OCS-APIREQUEST: true' -X DELETE $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users/${USER_NEXTCLOUD_SUPPR} >/dev/null 2>&1
+							curl -H 'OCS-APIREQUEST: true' -X DELETE $httpProto://admin:$nextcloud_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users/${USER_NEXTCLOUD_SUPPR} >/dev/null 2>&1
 							if [ "$?" -eq "0" ]
                        				then
 								printKazMsg "Suppresion ok"
@@ -331,7 +327,7 @@ searchDestroy() {
 							echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans la liste info de sympa"
 							echo -e "${NC}"
 							echo ""
-							docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${REP_SEARCH_DESTROY}"
+							docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${REP_SEARCH_DESTROY}"
 							echo -e "${NC}"
 							echo ""
 							echo  -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans le serveur de mail"
@@ -348,7 +344,7 @@ searchDestroy() {
                                                echo  -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans le ldap"
                                                echo -e "${NC}"
                                                echo ""
-						ldapdelete -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" "cn=${REP_SEARCH_DESTROY},ou=users,${ldap_root}"
+						ldapdelete -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" "cn=${REP_SEARCH_DESTROY},ou=users,${ldap_root}"
 						if [ "$?" -eq "0" ]
 						then
 							printKazMsg "Suppresion ok"
@@ -381,8 +377,8 @@ gestPassword() {
 		# MAIL_SECOURS=$(jq .results[].email_secours $FICMAILSECOURS | sed -e 's/\"//g')
 		MAIL_SECOURS=$(ldapsearch -H ldap://${LDAP_IP} \
-                -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
+                -x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
-                -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
+                -w "${ldap_LDAP_ADMIN_PASSWORD}" \
                -b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=*${CHOIX_MAIL}*))" | grep ^mailDeSecours | sed -e 's/^mailDeSecours: //')
 		if [ "$MAIL_SECOURS" = "" ]
                then
@@ -409,19 +405,19 @@ gestPassword() {
 		fi
 		if [ "$SEARCH_RESET_INPUT" = "o" ] || [ "$SEARCH_RESET_INPUT" = "O" ]
 		then
-			USER_NEXTCLOUD_MODIF=$(curl -s -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=${COMPTE_A_MODIFIER} | grep element | sed -e 's/[ \<\>\/]//g' -e 's/element//g')
+			USER_NEXTCLOUD_MODIF=$(curl -s -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloud_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=${COMPTE_A_MODIFIER} | grep element | sed -e 's/[ \<\>\/]//g' -e 's/element//g')
 			echo -e "$GREEN Compte à modifier = $RED ${COMPTE_A_MODIFIER}  ${NC}"
 			echo -e "$GREEN Mail de secours = $RED ${MAIL_SECOURS}  ${NC}"
 			echo -e "$GREEN Compte $RED $(searchMattermost $COMPTE_A_MODIFIER)  ${NC}"
 			echo -e "$GREEN Compte Nextcloud $RED ${USER_NEXTCLOUD_MODIF} ${NC}"
 			echo -e "$GREEN Le mot de passe sera = $RED ${PASSWORD} ${NC}"
 			docker exec -ti mattermostServ bin/mmctl user change-password $(searchMattermost $COMPTE_A_MODIFIER) -p $PASSWORD >/dev/null 2>&1
-			curl -H 'OCS-APIREQUEST: true' -X PUT $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users/${USER_NEXTCLOUD_MODIF} -d key=password -d value=${PASSWORD} >/dev/null 2>&1
+			curl -H 'OCS-APIREQUEST: true' -X PUT $httpProto://admin:$nextcloud_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users/${USER_NEXTCLOUD_MODIF} -d key=password -d value=${PASSWORD} >/dev/null 2>&1
 			pass=$(mkpasswd -m sha512crypt ${PASSWORD})
 			echo -e "\n\ndn: cn=${COMPTE_A_MODIFIER},ou=users,${ldap_root}\n\
 changeType: modify\n\
 replace: userPassword\n\
-userPassword: {CRYPT}${pass}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}"
+userPassword: {CRYPT}${pass}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}"
 			echo -e "Envoi d'un message dans mattermost pour la modification du mot de passe"
 			docker exec -ti mattermostServ bin/mmctl post create kaz:Creation-Comptes --message "Le mot de passe du compte ${COMPTE_A_MODIFIER} a été modifié" >/dev/null 2>&1
 			if [ $ADRESSE_SEC == "OUI" ]
@@ -469,8 +465,8 @@ createMail() {
 		if [[ ${EMAIL_SOUHAITE} =~ ${regexMail} ]] 
 		then
 			ldapsearch -H ldap://${LDAP_IP} \
-                        -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
+                        -x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
-                        -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
+                        -w "${ldap_LDAP_ADMIN_PASSWORD}" \
                        -b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=${EMAIL_SOUHAITE}))" cn | grep ^cn | sed -e 's/^cn: //' >$TFILE_EMAILS
 	        	if grep -q "^${EMAIL_SOUHAITE}$" "${TFILE_EMAILS}"
 			then
@@ -568,7 +564,7 @@ nextcloudEnabled: ${TRUE_KAZ}\n\
 nextcloudQuota: ${QUOTA} GB\n\
 mobilizonEnabled: ${TRUE_KAZ}\n\
 agoraEnabled: ${TRUE_KAZ}\n\
-userPassword: {CRYPT}${LDAPPASS}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}" >${TFILE_CREATE_MAIL}
+userPassword: {CRYPT}${LDAPPASS}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldap_LDAP_ADMIN_PASSWORD}" >${TFILE_CREATE_MAIL}
 # on execute le fichier avec les données ldap pour créer l' entrée dans l' annuaire
 bash ${TFILE_CREATE_MAIL} >/dev/null
 # on colle le compte et le mot de passe dans le fichier 
@@ -614,12 +610,12 @@ createAlias() {
 		if [[ ${AMAIL} =~ ${regexMail} ]] 
 		then
 			RESU_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} \
-			-x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
+			-x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
-			-w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
+			-w "${ldap_LDAP_ADMIN_PASSWORD}" \
 			-b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${AMAIL}*))" | grep ^cn | sed -e 's/^cn: //')
 			RESU_ALIAS_IS_MAIL=$(ldapsearch -H ldap://${LDAP_IP} \
- 	                -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
+ 	                -x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
-			-w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
+			-w "${ldap_LDAP_ADMIN_PASSWORD}" \
             		-b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=*${AMAIL}*))" cn | grep ^cn | sed -e 's/^cn: //')
 	        	if echo ${RESU_ALIAS} | grep -q "^${AMAIL}$" || echo ${RESU_ALIAS_IS_MAIL} | grep -q "^${AMAIL}$"
@@ -694,7 +690,7 @@ changeType: add\n\
 objectClass: organizationalRole\n\
 objectClass: PostfixBookMailForward\n\
 mailAlias: ${AMAIL}\n\
-${LDAPALAISMAIL}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}
+${LDAPALAISMAIL}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldap_LDAP_ADMIN_PASSWORD}
 			fait=1
 			printKazMsg "Création de ${AMAIL}"
 			sleep 3			
@@ -726,8 +722,8 @@ delAlias() {
                if [[ ${RALIAS} =~ ${regexMail} ]]
                then
                	RESU_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} \
-                        -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
+                        -x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
-                        -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
+                        -w "${ldap_LDAP_ADMIN_PASSWORD}" \
                        -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=${RALIAS}))" cn | grep ^cn | sed -e 's/^cn: //')
 			if [ ! -z ${RESU_ALIAS} ]
 			then
@@ -737,7 +733,7 @@ delAlias() {
 					read -p "suppression de ${RESU_ALIAS} ? (o/n): " REPDELALIAS
 					case "${REPDELALIAS}" in
 					o | O )
-                        			ldapdelete -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" "cn=${RESU_ALIAS},ou=mailForwardings,${ldap_root}"
+                        			ldapdelete -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" "cn=${RESU_ALIAS},ou=mailForwardings,${ldap_root}"
 						printKazMsg "suppression ${RESU_ALIAS} effectuée"
 						sleep 2
 						faitdel=1
@@ -773,8 +769,8 @@ modifyAlias()
 	ACHANGE=0
 	searchEmail alias
 	LISTE_MAIL_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} \
-        -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
+        -x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
-        -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
+        -w "${ldap_LDAP_ADMIN_PASSWORD}" \
        -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${CHOIX_MAIL}*))" \
 	| grep -i ^mail: | sed -e 's/^mail: /_/' | tr -d [:space:] | sed -s 's/_/ /g')
 	echo "-------------------------------------------------------------------"
@@ -849,8 +845,8 @@ modifyAlias()
 				echo "mail: ${key}" >>${FIC_MODIF_LDIF}
 			done
 			echo "-" >>${FIC_MODIF_LDIF}
-		 	ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
+		 	ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
-			-x -w ${ldapServ_LDAP_ADMIN_PASSWORD} \
+			-x -w ${ldap_LDAP_ADMIN_PASSWORD} \
 			-f ${FIC_MODIF_LDIF} >/dev/null
 		else
 			printKazMsg "Pas de changement"
@@ -876,8 +872,8 @@ updateUser() {
 		for attribut in mailDeSecours mailAlias mailQuota nextcloudQuota
 		do
 			ATTRIB+=([${attribut}]=$(ldapsearch -H ldap://${LDAP_IP} \
-	               	-x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
+	               	-x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
-                	-w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
+                	-w "${ldap_LDAP_ADMIN_PASSWORD}" \
                	-b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=*${CHOIX_MAIL}*))" \
 			 | grep ^"${attribut}": | sed -e 's/^'${attribut}': //' | tr -s '[:space:]' ' ' ))
 			# si l' attribut est mailDesecours on l' attrape et on on le stocke pour pouvoir l' enlever de sympa
@@ -1060,15 +1056,15 @@ updateUser() {
 					done
 					cat ${FIC_MODIF_LDIF}
 					sleep 3
-					ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
+					ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
-					-x -w ${ldapServ_LDAP_ADMIN_PASSWORD} \
+					-x -w ${ldap_LDAP_ADMIN_PASSWORD} \
 					-f ${FIC_MODIF_LDIF}
 					if [ ! -z ${MAILDESECOURS} ]
 					then
 						# suppression du mail de secours de la liste infos
-						docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${MAILDESECOURSACTUEL}"
+						docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${MAILDESECOURSACTUEL}"
 						# ajout de l' adresse  de la nouvelle adresse de secours
-						docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=add --service_parameters="${NL_LIST},${MAILDESECOURS}"
+						docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=add --service_parameters="${NL_LIST},${MAILDESECOURS}"
 					fi
 					updateUser
 				fi
--- a/bin/getPasswords.sh
+++ b/bin/getPasswords.sh
@@ -1,63 +0,0 @@
 #!/bin/bash
 KAZ_ROOT=$(cd "$(dirname $0)/.."; pwd)
 . "${KAZ_ROOT}/bin/.commonFunctions.sh"
 PRG=$(basename $0)
 usage() {
 echo "${PRG} [OPTIONS] [envname ...] 
 Récupère les variables d'environnement présentes dans /kaz/secret/env-envname et crée des variables à partir de ces noms là.
 Les variables sont du type envname_NOMVARIABLE=valeur
 On peut passer plusieurs fichiers env, à partir du moment ou ils sont tous dans le même répertoire !
 OPTIONS 
 -h|--help            Cette aide :-)
 -n|--simu            SIMULATION
 -d foldername        prend les envfiles dans un sous dossier /kaz/secret/foldername/ (pour les orgas !) 
                      Les variables seront du type foldername-envname_NOMVARIABLE=valeur
 "
 }
 for ARG in "$@"; do
    if [ -n "${DIRECTORYARG}" ]; then # après un -d
        SUBDIRECTORY="${ARG}"
        DIRECTORYARG=
    else
      case "${ARG}" in
          '-d' | '--directory' | '-f' | '--folder' | '--foldername')
              DIRECTORYARG="ON ATTEND UN REPERTOIRE APRES CA" ;;
          '-h' | '--help' )
            usage && exit ;;
          '-n' | '--simu')
            SIMU="echo" ;;
          *)
            ENVFILES="${ENVFILES} ${ARG%}";;
      esac
    fi
 done
 NB_FILES=$(echo "${ENVFILES}" | wc -w )
 if [[ $NB_FILES = 0 ]]; then
    usage
    exit 1
 fi
 for ENVFILE in $ENVFILES; do
    FILENAME="$KAZ_KEY_DIR/env-$ENVFILE"
    VARNAME="$ENVFILE"_
    if [ -n "${SUBDIRECTORY}" ]; then
      FILENAME="$KAZ_KEY_DIR/orgas/$SUBDIRECTORY/env-$ENVFILE"
      VARNAME="${SUBDIRECTORY}-${ENVFILE}_"
    fi
    if ! [ -f "$FILENAME" ]; then
      echo "$FILENAME does not exist."
      continue
    fi
    # formule magique qui crée des variables envname_NOMVARIABLE=la valeur trouvé (le sed vire les commentaires et les lignes vides)
    # on pourrait se contenter d'un "source env-file", mais avec un prefix dans les variables pour savoir ce qu'on manipule c'est bien aussi ...
    $SIMU export $(sed -e 's/#.*//' -e '/^\s*$/d' "$FILENAME" | awk -F= -v ENV="$VARNAME" '{output=output" "ENV$1"="$2} END {print output}')
 done
--- a/bin/init.sh
+++ b/bin/init.sh
@@ -214,6 +214,7 @@ fi
 if [ ! -d "${KAZ_ROOT}/secret" ]; then
    rsync -a "${KAZ_ROOT}/secret.tmpl/" "${KAZ_ROOT}/secret/"
    . "${KAZ_ROOT}/secret/SetAllPass.sh"
    "${KAZ_BIN_DIR}/secretGen.sh"
-    "${KAZ_BIN_DIR}/createDBUsers.sh"
+    "${KAZ_BIN_DIR}/updateDockerPassword.sh"
 fi
--- a/bin/install.sh
+++ b/bin/install.sh
@@ -123,6 +123,8 @@ export DebugLog="${KAZ_ROOT}/log/log-install-$(date +%y-%m-%d-%T)-"
    if [[ " ${DOCKERS_LIST[*]} " =~ " traefik " ]]; then
      # on initialise traefik :-(
      ${KAZ_COMP_DIR}/traefik/first.sh
      # on démarre traefik (plus lancé dans container.sh)
      docker-compose -f ${KAZ_COMP_DIR}/traefik/docker-compose.yml up -d
    fi
    if [[ " ${DOCKERS_LIST[*]} " =~ " etherpad " ]]; then
--- a/bin/interoPaheko.sh
+++ b/bin/interoPaheko.sh
@@ -6,8 +6,7 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
 setKazVars
 . $DOCKERS_ENV
-
+. $KAZ_ROOT/secret/SetAllPass.sh
 . $KAZ_BIN_DIR/getPasswords.sh paheko
 URL_PAHEKO="$httpProto://${paheko_API_USER}:${paheko_API_PASSWORD}@kaz-paheko.$(echo $domain)"
--- a/bin/ldap/ldapvi.sh
+++ b/bin/ldap/ldapvi.sh
@@ -5,7 +5,7 @@ KAZ_ROOT=/kaz
 setKazVars
 . $DOCKERS_ENV
-. $KAZ_BIN_DIR/getPasswords.sh ldapServ
+. $KAZ_ROOT/secret/SetAllPass.sh
 LDAP_IP=$(docker inspect -f '{{.NetworkSettings.Networks.ldapNet.IPAddress}}' ldapServ)
@@ -20,4 +20,4 @@ EDITOR=${EDITOR:-vi}
 EDITOR=${EDITOR:-vi}
 export EDITOR=${EDITOR}
-ldapvi -h $LDAP_IP -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -w ${ldapServ_LDAP_ADMIN_PASSWORD} --discover
+ldapvi -h $LDAP_IP -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -w ${ldap_LDAP_ADMIN_PASSWORD} --discover
--- a/bin/ldap/migrate_to_ldap.sh
+++ b/bin/ldap/migrate_to_ldap.sh
@@ -8,7 +8,7 @@ KAZ_ROOT=/kaz
 setKazVars
 . $DOCKERS_ENV
-. $KAZ_BIN_DIR/getPasswords.sh ldapServ paheko
+. $KAZ_ROOT/secret/SetAllPass.sh
 ACCOUNTS=/kaz/dockers/postfix/config/postfix-accounts.cf
@@ -126,7 +126,7 @@ replace: agoraEnabled\n\
 agoraEnabled: TRUE\n\
 -\n\
 replace: mobilizonEnabled\n\
-mobilizonEnabled: TRUE\n\n" | tee /tmp/ldap/${mail}.ldif | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}
+mobilizonEnabled: TRUE\n\n" | tee /tmp/ldap/${mail}.ldif | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldap_LDAP_ADMIN_PASSWORD}
 done
 #replace: nextcloudEnabled\n\
@@ -164,7 +164,7 @@ do
 			echo -e "dn: cn=${mail},ou=users,${ldap_root}\n\
 changeType: modify
 replace: mailAlias\n\
-$LIST\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}
+$LIST\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldap_LDAP_ADMIN_PASSWORD}
 		else
 			echo "Alias vers un mail externe, go fichier"
 			echo $line >> ${ALIASES_WITHLDAP}
@@ -185,7 +185,7 @@ replace: mailAlias\n\
 mailAlias: ${src}\n\
 -\n\
 replace: mail\n\
-mail: ${dst}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}
+mail: ${dst}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldap_LDAP_ADMIN_PASSWORD}
 		fi
 	else
 		echo "Forward vers plusieurs adresses, on met dans le fichier"
@@ -215,7 +215,7 @@ replace: mailAlias\n\
 mailAlias: ${src}\n\
 -\n\
 replace: mail\n\
-${LIST}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}
+${LIST}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldap_LDAP_ADMIN_PASSWORD}
 	fi
 done
--- a/bin/ldap/tests/nc_orphans.sh
+++ b/bin/ldap/tests/nc_orphans.sh
@@ -6,16 +6,15 @@ setKazVars
 . $DOCKERS_ENV
 . $KAZ_ROOT/secret/SetAllPass.sh
 . $KAZ_BIN_DIR/getPasswords.sh ldapServ nextcloudDB
 LDAP_IP=$(docker inspect -f '{{.NetworkSettings.Networks.ldapNet.IPAddress}}' ldapServ)
-docker exec -i nextcloudDB mysql --user=${nextcloudDB_MYSQL_USER} --password=${nextcloudDB_MYSQL_PASSWORD} ${nextcloudDB_MYSQL_DATABASE} <<< "select uid from oc_users;" > /tmp/nc_users.txt
+docker exec -i nextcloudDB mysql --user=${nextcloud_MYSQL_USER} --password=${nextcloud_MYSQL_PASSWORD} ${nextcloud_MYSQL_DATABASE} <<< "select uid from oc_users;" > /tmp/nc_users.txt
 OLDIFS=${IFS}
 IFS=$'\n'
 for line in `cat /tmp/nc_users.txt`; do
-	result=$(ldapsearch -h $LDAP_IP -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -w ${ldapServ_LDAP_ADMIN_PASSWORD} -b $ldap_root -x "(identifiantKaz=${line})" | grep numEntries)
+	result=$(ldapsearch -h $LDAP_IP -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -w ${ldap_LDAP_ADMIN_PASSWORD} -b $ldap_root -x "(identifiantKaz=${line})" | grep numEntries)
 	echo "${line} ${result}" | grep -v "numEntries: 1" | grep -v "^uid"
 done
 IFS=${OLDIFS}
--- a/bin/lib/config.py
+++ b/bin/lib/config.py
@@ -0,0 +1,15 @@
 DOCKERS_ENV = "/kaz/config/dockers.env"
 SECRETS = "/kaz/secret/env-{serv}"
 def getDockersConfig(key):
    with open(DOCKERS_ENV) as config:
        for line in config:
            if line.startswith(f"{key}="):
                return line.split("=", 1)[1].split("#")[0].strip()
 def getSecretConfig(serv, key):
    with open(SECRETS.format(serv=serv)) as config:
        for line in config:
            if line.startswith(f"{key}="):
                return line.split("=", 2)[1].split("#")[0].strip()
--- a/bin/lib/ldap.py
+++ b/bin/lib/ldap.py
@@ -0,0 +1,101 @@
 import ldap
 from passlib.hash import sha512_crypt
 from email_validator import validate_email, EmailNotValidError
 import subprocess
 from .config import getDockersConfig, getSecretConfig
 class Ldap:
    def __init__(self):
        self.ldap_connection = None
        self.ldap_root = getDockersConfig("ldap_root")
        self.ldap_admin_username = getSecretConfig("ldapServ", "LDAP_ADMIN_USERNAME")
        self.ldap_admin_password = getSecretConfig("ldapServ", "LDAP_ADMIN_PASSWORD")
        cmd="docker inspect -f '{{.NetworkSettings.Networks.ldapNet.IPAddress}}' ldapServ"
        self.ldap_host = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT).strip().decode()
    def __enter__(self):
        self.ldap_connection = ldap.initialize(f"ldap://{self.ldap_host}")
        self.ldap_connection.simple_bind_s("cn={},{}".format(self.ldap_admin_username, self.ldap_root), self.ldap_admin_password)
        return self
    def __exit__(self, tp, e, traceback):
        self.ldap_connection.unbind_s()
    def get_email(self, email):
        """
        Vérifier si un utilisateur avec cet email existe dans le LDAP soit comme mail principal soit comme alias
        """
        # Créer une chaîne de filtre pour rechercher dans les champs "cn" et "mailAlias"
        filter_str = "(|(cn={})(mailAlias={}))".format(email, email)
        result = self.ldap_connection.search_s("ou=users,{}".format(self.ldap_root), ldap.SCOPE_SUBTREE, filter_str)
        return result
    def delete_user(self, email):
        """
        Supprimer un utilisateur du LDAP par son adresse e-mail
        """
        try:
            # Recherche de l'utilisateur
            result = self.ldap_connection.search_s("ou=users,{}".format(self.ldap_root), ldap.SCOPE_SUBTREE, "(cn={})".format(email))
            if not result:
                return False  # Utilisateur non trouvé
            # Récupération du DN de l'utilisateur
            dn = result[0][0]
            # Suppression de l'utilisateur
            self.ldap_connection.delete_s(dn)
            return True  # Utilisateur supprimé avec succès
        except ldap.NO_SUCH_OBJECT:
            return False  # Utilisateur non trouvé
        except ldap.LDAPError as e:
            return False  # Erreur lors de la suppression
    def create_user(self, email, prenom, nom, password, email_secours, quota):
        """
        Créer une nouvelle entrée dans le LDAP pour un nouvel utilisateur. QUESTION: A QUOI SERVENT PRENOM/NOM/IDENT_KAZ DANS LE LDAP ? POURQUOI 3 QUOTA ?
        """
        password_chiffre = sha512_crypt.hash(password)
        if not validate_email(email) or not validate_email(email_secours):
            return False
        if self.get_email(email):
            return False
        # Construire le DN
        dn = f"cn={email},ou=users,{self.ldap_root}"
        mod_attrs = [
          ('objectClass', [b'inetOrgPerson', b'PostfixBookMailAccount', b'nextcloudAccount', b'kaznaute']),
          ('sn', f'{prenom} {nom}'.encode('utf-8')),
          ('mail', email.encode('utf-8')),
          ('mailEnabled', b'TRUE'),
          ('mailGidNumber', b'5000'),
          ('mailHomeDirectory', f"/var/mail/{email.split('@')[1]}/{email.split('@')[0]}/".encode('utf-8')),
          ('mailQuota', f'{quota}G'.encode('utf-8')),
          ('mailStorageDirectory', f"maildir:/var/mail/{email.split('@')[1]}/{email.split('@')[0]}/".encode('utf-8')),
          ('mailUidNumber', b'5000'),
          ('mailDeSecours', email_secours.encode('utf-8')),
          ('identifiantKaz', f'{prenom.lower()}.{nom.lower()}'.encode('utf-8')),
          ('quota', str(quota).encode('utf-8')),
          ('nextcloudEnabled', b'TRUE'),
          ('nextcloudQuota', f'{quota} GB'.encode('utf-8')),
          ('mobilizonEnabled', b'TRUE'),
          ('agoraEnabled', b'TRUE'),
          ('userPassword', f'{{CRYPT}}{password_chiffre}'.encode('utf-8')),
          ('cn', email.encode('utf-8'))
        ]
        self.ldap_connection.add_s(dn, mod_attrs)
        return True
--- a/bin/lib/mattermost.py
+++ b/bin/lib/mattermost.py
@@ -0,0 +1,134 @@
 import subprocess
 from .config import getDockersConfig, getSecretConfig
 mattermost_user = getSecretConfig("mattermostServ", "MM_ADMIN_USER")
 mattermost_pass = getSecretConfig("mattermostServ", "MM_ADMIN_PASSWORD")
 mattermost_url = f"https://{getDockersConfig('matterHost')}.{getDockersConfig('domain')}"
 mmctl = "docker exec -i mattermostServ bin/mmctl"
 class Mattermost:
    def __init__(self):
        pass
    def __enter__(self):
        self.authenticate()
        return self
    def __exit__(self, tp, e, traceback):
        self.logout()
    def authenticate(self):
         # Authentification sur MM
         cmd = f"{mmctl} auth login {mattermost_url} --name local-server --username {mattermost_user} --password {mattermost_pass}"
         subprocess.run(cmd, shell=True, stderr=subprocess.STDOUT, check=True)
    def logout(self):
         # Authentification sur MM
         cmd = f"{mmctl} auth clean"
         subprocess.run(cmd, shell=True, stderr=subprocess.STDOUT, check=True)
    def post_message(self, message, equipe="kaz", canal="creation-comptes"):
        """
        Envoyer un message dans une Equipe/Canal de MM
        """
        cmd = f"{mmctl} post create {equipe}:{canal} --message \"{message}\""
        output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
        return output.decode()
    def get_user(self, user):
        """
        Le user existe t-il sur MM ?
        """
        try:
            cmd = f"{mmctl} user search {user} --json"
            user_list_output = subprocess.check_output(cmd, shell=True)
            return True  # Le nom d'utilisateur existe
        except subprocess.CalledProcessError:
            return False
    def create_user(self, user, email, password):
        """
        Créer un utilisateur sur MM
        """
        cmd = f"{mmctl} user create --email {email} --username {user} --password {password}"
        output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
        return output.decode()
    def delete_user(self, email):
        """
        Supprimer un utilisateur sur MM
        """
        cmd = f"{mmctl} user delete {email} --confirm"
        output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
        return output.decode()
    def update_password(self, email, new_password):
        """
        Changer un password pour un utilisateur de MM
        """
        cmd = f"{mmctl} user change-password {email} --password {new_password}"
        output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
        return output.decode()
    def add_user_to_team(self, email, equipe):
        """
        Affecte un utilisateur à une équipe MM
        """
        cmd = f"{mmctl} team users add {equipe} {email}"
        output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
        return output.decode()
    def add_user_to_channel(self, email, equipe, canal):
        """
        Affecte un utilisateur à un canal MM
        """
        cmd = f'{mmctl} channel users add {equipe}:{canal} {email}'
        output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
        return output.decode()
    def get_teams(self):
        """
        Lister les équipes sur MM
        """
        cmd = f"{mmctl} team list --disable-pager"
        output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
        data_list = output.decode("utf-8").strip().split('\n')
        data_list.pop()
        return data_list
    def create_team(self, equipe, email):
        """
        Créer une équipe sur MM et affecter un admin si email est renseigné (set admin marche pô)
        """
        #DANGER: l'option --email ne rend pas le user admin de l'équipe comme c'est indiqué dans la doc :(
        cmd = f"{mmctl} team create --name {equipe} --display-name {equipe} --private --email {email}"
        output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
        #Workaround: on récup l'id du user et de l'équipe pour affecter le rôle "scheme_admin": true, "scheme_user": true avec l'api MM classique.
        #TODO:
        return output.decode()
    def delete_team(self, equipe):
        """
        Supprimer une équipe sur MM
        """
        cmd = f"{mmctl} team delete {equipe} --confirm"
        output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
        return output.decode()
--- a/bin/lib/paheko.py
+++ b/bin/lib/paheko.py
@@ -0,0 +1,134 @@
 import re
 import requests
 from .config import getDockersConfig, getSecretConfig
 paheko_ident = getDockersConfig("paheko_API_USER")
 paheko_pass = getDockersConfig("paheko_API_PASSWORD")
 paheko_auth = (paheko_ident, paheko_pass)
 paheko_url = f"https://kaz-paheko.{getDockersConfig('domain')}"
 class Paheko:
    def get_categories(self):
        """
        Récupérer les catégories Paheko avec le compteur associé
        """
        api_url = paheko_url + '/api/user/categories'
        response = requests.get(api_url, auth=paheko_auth)
        if response.status_code == 200:
            data = response.json()
            return data
        else:
            return None
    def get_users_in_categorie(self,categorie):
        """
        Afficher les membres d'une catégorie Paheko
        """
        if not categorie.isdigit():
            return 'Id de category non valide', 400
        api_url = paheko_url + '/api/user/category/'+categorie+'.json'
        response = requests.get(api_url, auth=paheko_auth)
        if response.status_code == 200:
            data = response.json()
            return data
        else:
            return None
    def get_user(self,ident):
        """
        Afficher un membre de Paheko par son email kaz ou son numéro ou le non court de l'orga
        """
        emailmatchregexp = re.compile(r"^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$")
        if emailmatchregexp.match(ident):
          data = { "sql": f"select * from users where email='{ident}' or alias = '{ident}'" }
          api_url = paheko_url + '/api/sql/'
          response = requests.post(api_url, auth=paheko_auth,  data=data)
          #TODO: if faut Rechercher count et vérifier que = 1 et supprimer le count=1 dans la réponse
        elif  ident.isdigit():
          api_url = paheko_url + '/api/user/'+ident
          response = requests.get(api_url, auth=paheko_auth)
        else:
          nomorga = re.sub(r'\W+', '', ident) # on vire les caractères non alphanumérique
          data = { "sql": f"select * from users where admin_orga=1 and nom_orga='{nomorga}'" }
          api_url = paheko_url + '/api/sql/'
          response = requests.post(api_url, auth=paheko_auth,  data=data)
          #TODO:if faut Rechercher count et vérifier que = 1  et supprimer le count=1 dans la réponse
        if response.status_code == 200:
            data = response.json()
            if data["count"] == 1:
                 return data["results"][0]
            elif data["count"] == 0:
                 return None
            else:
                 return data["results"]
        else:
            return None
    def set_user(self,ident,field,new_value):
        """
        Modifie la valeur d'un champ d'un membre paheko (ident= numéro paheko ou email kaz)
        """
        #récupérer le numero paheko si on fournit un email kaz
        emailmatchregexp = re.compile(r"^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$")
        if emailmatchregexp.match(ident):
          data = { "sql": f"select id from users where email='{ident}'" }
          api_url = paheko_url + '/api/sql/'
          response = requests.post(api_url, auth=paheko_auth, data=data)
          if response.status_code == 200:
              #on extrait l'id de la réponse
              data = response.json()
              if data['count'] == 0:
                print("email non trouvé")
                return None
              elif data['count'] > 1:
                  print("trop de résultat")
                  return None
              else:
                #OK
                ident = data['results'][0]['id']
          else:
              print("pas de résultat")
              return None
        elif not ident.isdigit():
           print("Identifiant utilisateur invalide")
           return None
        regexp = re.compile("[^a-zA-Z0-9 \\r\\n\\t" + re.escape(string.punctuation) + "]")
        valeur = regexp.sub('',new_value) # mouais, il faudrait être beaucoup plus précis ici en fonction des champs qu'on accepte...
        champ = re.sub(r'\W+','',field) # pas de caractères non alphanumériques ici, dans l'idéal, c'est à choisir dans une liste plutot
        api_url = paheko_url + '/api/user/'+str(ident)
        payload = {champ: valeur}
        response = requests.post(api_url, auth=paheko_auth, data=payload)
        return response.json()
    def get_users_with_action(self, action):
        """
        retourne tous les membres de paheko avec une action à mener (création du compte kaz / modification...)
        """
        api_url = paheko_url + '/api/sql/'
        payload = { "sql": f"select * from users where action_auto='{action}'" }
        response = requests.post(api_url, auth=paheko_auth,  data=payload)
        if response.status_code == 200:
            return response.json()
        else:
            return None
--- a/bin/lib/sympa.py
+++ b/bin/lib/sympa.py
@@ -0,0 +1,40 @@
 import subprocess
 from email_validator import validate_email, EmailNotValidError
 from .config import getDockersConfig, getSecretConfig
 sympa_user = getSecretConfig("sympaServ", "SOAP_USER")
 sympa_pass = getSecretConfig("sympaServ", "SOAP_PASSWORD")
 sympa_listmaster = getSecretConfig("sympaServ", "ADMINEMAIL")
 sympa_url = f"https://{getDockersConfig('sympaHost')}.{getDockersConfig('domain')}"
 sympa_soap = "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl"
 sympa_domain = getDockersConfig('domain_sympa')
 sympa_liste_info = "infos"
 # docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\""  | tee -a "${CMD_SYMPA}"
 class Sympa:
    def _execute_sympa_command(self, email, liste, service):
        if validate_email(email) and validate_email(liste):
            cmd = f'{sympa_soap} --soap_url={sympa_url}/sympasoap --trusted_application={sympa_user} --trusted_application_password={sympa_pass} --proxy_vars=USER_EMAIL={sympa_listmaster} --service={service} --service_parameters="{liste},{email}" && echo $?'
            output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
            return output.decode()
    def add_email_to_list(self, email, liste=sympa_liste_info):
        """
        Ajouter un email dans une liste sympa
        """
        output = self._execute_sympa_command(email, f"{liste}@{sympa_domain}", 'add')
        return output
    def delete_email_from_list(self, email, liste=sympa_liste_info):
        """
        Supprimer un email dans une liste sympa
        """
        output = self._execute_sympa_command(email, f"{liste}@{sympa_domain}", 'del')
        return output
--- a/bin/lib/template.py
+++ b/bin/lib/template.py
@@ -0,0 +1,8 @@
 import jinja2
 templateLoader = jinja2.FileSystemLoader(searchpath="../templates")
 templateEnv = jinja2.Environment(loader=templateLoader)
 def render_template(filename, args):
    template = templateEnv.get_template(filename)
    return template.render(args)
--- a/bin/lib/user.py
+++ b/bin/lib/user.py
@@ -0,0 +1,213 @@
 from email_validator import validate_email, EmailNotValidError
 from glob import glob
 import tempfile
 import subprocess
 import re
 from email.mime.text import MIMEText
 from email.mime.multipart import MIMEMultipart
 import smtplib
 from .paheko import Paheko
 from .ldap import Ldap
 from .mattermost import Mattermost
 from .sympa import Sympa
 from .template import render_template
 from .config import getDockersConfig, getSecretConfig
 DEFAULT_FILE = "/kaz/tmp/createUser.txt"
 webmail_url = f"https://webmail.{getDockersConfig('domain')}"
 mattermost_url = f"https://agora.{getDockersConfig('domain')}"
 mdp_url = f"https://mdp.{getDockersConfig('domain')}"
 sympa_url = f"https://listes.{getDockersConfig('domain')}"
 site_url = f"https://{getDockersConfig('domain')}"
 cloud_url = f"https://cloud.{getDockersConfig('domain')}"
 def _generate_password(self):
    cmd="apg -n 1 -m 10 -M NCL -d"
    output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
    new_password="_"+output.decode("utf-8")+"_"
    return new_password
 def create_user(email, email_secours, admin_orga, nom_orga, quota_disque, nom, prenom, nc_orga, garradin_orga, wp_orga, agora_orga, wiki_orga, nc_base, groupe_nc_base, equipe_agora, password=None):
    email = email.lower()
    with Ldap() as ldap:
        # est-il déjà dans le ldap ? (mail ou alias)
        if ldap.get_email(email):
            print(f"ERREUR 1: {email} déjà existant dans ldap. on arrête tout")
            return None
        #test nom orga
        if admin_orga == 1:
          if nom_orga is None:
              print(f"ERREUR 0 sur paheko: {email} : nom_orga vide, on arrête tout")
              return
          if not bool(re.match(r'^[a-z0-9-]+$', nom_orga)):
              print(f"ERREUR 0 sur paheko: {email} : nom_orga ({tab['nom_orga']}) incohérent (minuscule/chiffre/-), on arrête tout")
              return
        #test email_secours
        email_secours = email_secours.lower()
        if not validate_email(email_secours):
            print("Mauvais email de secours")
            return
        #test quota
        quota = quota_disque
        if not quota.isdigit():
            print(f"ERREUR 2: quota non numérique : {quota}, on arrête tout")
            return
        #on génère un password
        password = password or _generate_password()
        #on créé dans le ldap
        #à quoi servent prenom/nom dans le ldap ?
        data = {
          "prenom": prenom,
          "nom": nom,
          "password": password,
          "email_secours": email_secours,
          "quota": quota
        }
        if not ldap.create_user(email, **data):
            print("Erreur LDAP")
            return
    with Mattermost() as mm:
        #on créé dans MM
        user = email.split('@')[0]
        mm.create_user(user, email, password)
        mm.add_user_to_team(email, "kaz")
        #et aux 2 canaux de base
        mm.add_user_to_channel(email, "kaz", "une-question--un-soucis")
        mm.add_user_to_channel(email, "kaz", "cafe-du-commerce--ouvert-2424h")
        #on créé une nouvelle équipe ds MM si besoin
        if admin_orga == 1:
          mm.create_team(nom_orga, email)
          #BUG: créer la nouvelle équipe n'a pas rendu l'email admin, on le rajoute comme membre simple
          mm.add_user_to_team(email, nom_orga)
    #on inscrit email et email_secours à la nl sympa_liste_info
    sympa = Sympa()
    sympa.add_email_to_list(email)
    sympa.add_email_to_list(email_secours)
    #on construit/envoie le mail
    context = {
        'ADMIN_ORGA': admin_orga,
        'NOM': f"{prenom} {nom}",
        'EMAIL_SOUHAITE': email,
        'PASSWORD': password,
        'QUOTA': quota_disque,
        'URL_WEBMAIL': webmail_url,
        'URL_AGORA': mattermost_url,
        'URL_MDP': mdp_url,
        'URL_LISTE': sympa_url,
        'URL_SITE': site_url,
        'URL_CLOUD': cloud_url,
    }
    html = render_template("email_inscription.html", context)
    raw = render_template("email_inscription.txt", context)
    message = MIMEMultipart()
    message["Subject"] = "KAZ: confirmation d'inscription !"
    message["From"] = f"contact@{getDockersConfig('domain')}"
    message["To"] = f"{email}, {email_secours}"
    message.attach(MIMEText(raw, "plain"))
    message.attach(MIMEText(html, "html"))
    with smtplib.SMTP(f"mail.{getDockersConfig('domain')}", 25) as server:
        server.sendmail(f"contact@{getDockersConfig('domain')}", [email,email_secours], message.as_string())
    #on met le flag paheko action à Aucune
    paheko = Paheko()
    try:
        paheko.set_user(email, "action_auto", "Aucune")
    except:
        print(f"Erreur paheko pour remettre action_auto = Aucune pour {email}")
    #on post sur MM pour dire ok
    with Mattermost() as mm:
        msg=f"**POST AUTO** Inscription réussie pour {email} avec le secours {email_secours} Bisou!"
        mm.post_message(message=msg)
 def create_waiting_users():
    """
    Créé les kaznautes en attente: inscription sur MM / Cloud / email + msg sur MM + email à partir de action="a créer" sur paheko
    """
    #verrou pour empêcher de lancer en même temps la même api
    prefixe="create_user_lock_"
    if glob(f"{tempfile.gettempdir()}/{prefixe}*"):
        print("Lock présent")
        return None
    lock_file = tempfile.NamedTemporaryFile(prefix=prefixe,delete=True)
    #qui sont les kaznautes à créer ?
    paheko = Paheko()
    liste_kaznautes = paheko.get_users_with_action("A créer")
    if liste_kaznautes:
        count=liste_kaznautes['count']
        if count==0:
            print("aucun nouveau kaznaute à créer")
            return
        #au moins un kaznaute à créer
        for tab in liste_kaznautes['results']:
          create_user(**tab)
    print("fin des inscriptions")
 def create_users_from_file(file=DEFAULT_FILE):
    """
    Créé les kaznautes en attente: inscription sur MM / Cloud / email + msg sur MM + email à partir du ficher
    """
    #verrou pour empêcher de lancer en même temps la même api
    prefixe="create_user_lock_"
    if glob(f"{tempfile.gettempdir()}/{prefixe}*"):
        print("Lock présent")
        return None
    lock_file = tempfile.NamedTemporaryFile(prefix=prefixe,delete=True)
    #qui sont les kaznautes à créer ?
    liste_kaznautes = []
    with open(file) as lines:
        for line in lines:
            line = line.strip()
            if not line.startswith("#") and line != "":
                user_data = line.split(';')
                user_dict = {
                    "nom": user_data[0],
                    "prenom": user_data[1],
                    "email": user_data[2],
                    "email_secours": user_data[3],
                    "nom_orga": user_data[4],
                    "admin_orga": user_data[5],
                    "nc_orga": user_data[6],
                    "garradin_orga": user_data[7],
                    "wp_orga": user_data[8],
                    "agora_orga": user_data[9],
                    "wiki_orga": user_data[10],
                    "nc_base": user_data[11],
                    "groupe_nc_base": user_data[12],
                    "equipe_agora": user_data[13],
                    "quota_disque": user_data[14],
                    "password": user_data[15],
                }
                liste_kaznautes.append(user_dict)
    if liste_kaznautes:
        for tab in liste_kaznautes:
          create_user(**tab)
    print("fin des inscriptions")
--- a/bin/manageAgora.sh
+++ b/bin/manageAgora.sh
@@ -83,8 +83,7 @@ Init(){
    [ $? -ne 0 ] && printKazError "$DockerServName ne parvient pas à démarrer correctement : impossible de terminer l'install" && return 1 >& $QUIET
    # creation compte admin
-    _getPasswords
+    ${SIMU} curl -i -d "{\"email\":\"${mattermost_MM_ADMIN_EMAIL}\",\"username\":\"${mattermost_user}\",\"password\":\"${mattermost_pass}\",\"allow_marketing\":true}" "${MATTER_URL}/api/v4/users"
    ${SIMU} curl -i -d "{\"email\":\"${mattermostServ_MM_ADMIN_EMAIL}\",\"username\":\"${mattermost_user}\",\"password\":\"${mattermost_pass}\",\"allow_marketing\":true}" "${MATTER_URL}/api/v4/users"
    MM_TOKEN=$(_getMMToken ${MATTER_URL})
@@ -99,13 +98,12 @@ Version(){
 _getMMToken(){
    #$1 MATTER_URL
    _getPasswords
    ${SIMU} curl -i -s -d "{\"login_id\":\"${mattermost_user}\",\"password\":\"${mattermost_pass}\"}" "${1}/api/v4/users/login" | grep 'token' | sed 's/token:\s*\(.*\)\s*/\1/' | tr -d '\r'
 }
 PostMessage(){
    printKazMsg "Envoi à $TEAM : $MESSAGE" >& $QUIET
-    _getPasswords
+    
    ${SIMU} docker exec -ti "${DockerServName}" bin/mmctl auth login "${MATTER_URL}" --name local-server --username ${mattermost_user} --password ${mattermost_pass}
    ${SIMU} docker exec -ti "${DockerServName}" bin/mmctl post create "${TEAM}" --message "${MESSAGE}"
 }
@@ -115,16 +113,6 @@ MmctlCommand(){
    ${SIMU} docker exec -u 33 "$DockerServName" bin/mmctl $1
 }
 _getPasswords(){
    # récupération des infos du compte admin
    if [ -n "$AGORACOMMUN" ] ; then 
        . $KAZ_KEY_DIR/env-mattermostAdmin
        . $KAZ_BIN_DIR/getPasswords.sh mattermostServ
    else
        . $KAZ_KEY_DIR/orgas/${ORGA}/env-mattermostAdmin
        . $KAZ_BIN_DIR/getPasswords.sh -d ${ORGA} mattermostServ
    fi
 }
 ########## Main #################
 for ARG in "$@"; do
--- a/bin/manageCastopod.sh
+++ b/bin/manageCastopod.sh
@@ -63,12 +63,11 @@ Init(){
    cookies=$(curl -c - ${POD_URL})    
    CSRF_TOKEN=$(curl --cookie <(echo "$cookies") ${POD_URL}/cp-install | grep "csrf_test_name" | sed "s/.*value=.//" | sed "s/.>//") 
    _getPasswords
    #echo ${CSRF_TOKEN}
    ${SIMU} curl --cookie <(echo "$cookies") -X POST \
-        -d "username=${ADMIN_USER}" \
+        -d "username=${castopod_ADMIN_USER}" \
-        -d "password=${ADMIN_PASSWORD}" \
+        -d "password=${castopod_ADMIN_PASSWORD}" \
-        -d "email=${ADMIN_MAIL}" \
+        -d "email=${castopod_ADMIN_MAIL}" \
        -d "csrf_test_name=${CSRF_TOKEN}" \
        "${POD_URL}/cp-install/create-superadmin"
@@ -79,13 +78,7 @@ Version(){
    echo "Version $DockerServName : ${GREEN}${VERSION}${NC}"
 }
-_getPasswords(){
+
    if [ -n "$CASTOPOD_COMMUN" ]; then 
        . $KAZ_KEY_DIR/env-castopodAdmin
    else
        . $KAZ_KEY_DIR/orgas/$ORGA/env-castopodAdmin
    fi
 }
 ########## Main #################
 for ARG in "$@"; do 
--- a/bin/manageCloud.sh
+++ b/bin/manageCloud.sh
@@ -75,7 +75,7 @@ Init(){
        CONF_FILE="${NAS_VOL}/orga_${ORGA}-cloudConfig/_data/config.php"
    fi
-    firstInstall "$CLOUD_URL" "$CONF_FILE" "$NOM"
+    firstInstall "$CLOUD_URL" "$CONF_FILE" " NextCloud de $NOM"
    updatePhpConf "$CONF_FILE"
    InstallApplis
    echo "${CYAN}  *** Paramétrage richdocuments pour $ORGA${NC}" >& $QUIET
@@ -100,38 +100,25 @@ firstInstall(){
    # $2 phpConfFile
    # $3 orga
    if ! grep -q "'installed' => true," "$2" 2> /dev/null; then
-
+        printKazMsg "\n  *** Premier lancement de $3" >& $QUIET
        printKazMsg "\n  *** Premier lancement nextcloud $3" >& $QUIET
        _getPasswords
        ${SIMU} waitUrl "$1"
        ${SIMU} curl -X POST \
            -d "install=true" \
-            -d "adminlogin=${NEXTCLOUD_ADMIN_USER}" \
+            -d "adminlogin=${nextcloud_NEXTCLOUD_ADMIN_USER}" \
-            -d "adminpass=${NEXTCLOUD_ADMIN_PASSWORD}" \
+            -d "adminpass=${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}" \
            -d "directory=/var/www/html/data" \
            -d "dbtype=mysql" \
-            -d "dbuser=${MYSQL_USER}" \
+            -d "dbuser=${nextcloud_MYSQL_USER}" \
-            -d "dbpass=${MYSQL_PASSWORD}" \
+            -d "dbpass=${nextcloud_MYSQL_PASSWORD}" \
-            -d "dbname=${MYSQL_DATABASE}" \
+            -d "dbname=${nextcloud_MYSQL_DATABASE}" \
-            -d "dbhost=${MYSQL_HOST}" \
+            -d "dbhost=${nextcloud_MYSQL_HOST}" \
            -d "install-recommended-apps=true" \
            "$1"
    fi
 }
 _getPasswords(){
    if [ -n "$CLOUDCOMMUN" ]; then 
        . $KAZ_KEY_DIR/env-nextcloudServ
        . $KAZ_KEY_DIR/env-nextcloudDB
    else
        . $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudServ
        . $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudDB
    fi
 }
 setOfficeUrl(){
    # Did le 25 mars les offices sont tous normalisé sur les serveurs https://${site}-${officeHost}.${domain}
    #OFFICE_URL="https://${officeHost}.${domain}"
@@ -144,14 +131,13 @@ setOfficeUrl(){
 }
 initLdap(){
    . $KAZ_BIN_DIR/getPasswords.sh ldapServ
    # $1 Nom du cloud
    echo "${CYAN}  *** Installation LDAP pour $1${NC}" >& $QUIET
    occCommand "app:enable user_ldap" "${DockerServName}"
    occCommand "ldap:delete-config s01" "${DockerServName}"
    occCommand "ldap:create-empty-config" "${DockerServName}"
    occCommand "ldap:set-config s01 ldapAgentName cn=cloud,ou=applications,${ldap_root}" "${DockerServName}"
-    occCommand "ldap:set-config s01 ldapAgentPassword ${ldapServ_LDAP_CLOUD_PASSWORD}" "${DockerServName}"
+    occCommand "ldap:set-config s01 ldapAgentPassword ${ldap_LDAP_CLOUD_PASSWORD}" "${DockerServName}"
    occCommand "ldap:set-config s01 ldapBase ${ldap_root}" "${DockerServName}"
    occCommand "ldap:set-config s01 ldapBaseGroups ${ldap_root}" "${DockerServName}"
    occCommand "ldap:set-config s01 ldapBaseUsers ou=users,${ldap_root}" "${DockerServName}"
--- a/bin/manageWiki.sh
+++ b/bin/manageWiki.sh
@@ -55,7 +55,15 @@ Init(){
    PLG_DIR="${VOL_PREFIX}wikiPlugins/_data"
    CONF_DIR="${VOL_PREFIX}wikiConf/_data"
-    . $KAZ_BIN_DIR/getPasswords.sh dokuwiki
+    # Gael, j'avais ajouté ça mais j'ai pas test alors je laisse comme avant ... 
    # A charge au prochain qui monte un wiki de faire qque chose
    #WIKI_ROOT="${dokuwiki_WIKI_ROOT}"
    #WIKI_EMAIL="${dokuwiki_WIKI_EMAIL}"
    #WIKI_PASS="${dokuwiki_WIKI_PASSWORD}"
    WIKI_ROOT=Kaz
    WIKI_EMAIL=wiki@kaz.local
    WIKI_PASS=azerty
    ${SIMU} checkDockerRunning "${DockerServName}" "${NOM}" || exit
@@ -69,11 +77,11 @@ Init(){
            -d "l=fr" \
            -d "d[title]=${NOM}" \
            -d "d[acl]=true" \
-            -d "d[superuser]=${dokuwiki_WIKI_ROOT}" \
+            -d "d[superuser]=${WIKI_ROOT}" \
            -d "d[fullname]=Admin"\
-            -d "d[email]=${dokuwiki_WIKI_EMAIL}" \
+            -d "d[email]=${WIKI_EMAIL}" \
-            -d "d[password]=${dokuwiki_WIKI_PASSWORD}" \
+            -d "d[password]=${WIKI_PASS}" \
-            -d "d[confirm]=${dokuwiki_WIKI_PASSWORD}" \
+            -d "d[confirm]=${WIKI_PASS}" \
            -d "d[policy]=1" \
            -d "d[allowreg]=false" \
            -d "d[license]=0" \
--- a/bin/manageWp.sh
+++ b/bin/manageWp.sh
@@ -61,11 +61,11 @@ Init(){
    echo "\n  *** Premier lancement de WP" >& $QUIET
    ${SIMU} waitUrl "${WP_URL}"
-    . $KAZ_BIN_DIR/getPasswords.sh wpServ
+
    ${SIMU} curl -X POST \
-        -d "user_name=${wpServ_WORDPRESS_ADMIN_USER}" \
+        -d "user_name=${wp_WORDPRESS_ADMIN_USER}" \
-        -d "admin_password=${wpServ_WORDPRESS_ADMIN_PASSWORD}" \
+        -d "admin_password=${wp_WORDPRESS_ADMIN_PASSWORD}" \
-        -d "admin_password2=${wpServ_WORDPRESS_ADMIN_PASSWORD}" \
+        -d "admin_password2=${wp_WORDPRESS_ADMIN_PASSWORD}" \
        -d "pw_weak=true" \
        -d "admin_email=admin@kaz.bzh" \
        -d "blog_public=0" \
--- a/bin/migration.sh
+++ b/bin/migration.sh
@@ -20,7 +20,8 @@ ${SIMU} "${CV1}" stop orga
 ${SIMU} "${CV1}" stop
 ${SIMU} rsync "${EV1}/dockers.env" "${EV2}/"
-${SIMU} rsync "${SV1}/" "${SV2}/"
+${SIMU} rsync "${SV1}/SetAllPass.sh" "${SV2}/"
 ${SIMU} "${BV2}/updateDockerPassword.sh"
 # XXX ? rsync /kaz/secret/allow_admin_ip /kaz-git/secret/allow_admin_ip
--- a/bin/nextcloud_maintenance.sh
+++ b/bin/nextcloud_maintenance.sh
@@ -10,7 +10,6 @@ URL_AGORA=https://$matterHost.$domain/api/v4
 EQUIPE=kaz
 PostMattermost() {
        . $KAZ_KEY_DIR/env-mattermostAdmin
        PostM=$1
        CHANNEL=$2
        TEAMID=$(curl -s -H "Authorization: Bearer ${mattermost_token}" "${URL_AGORA}/teams/name/${EQUIPE}" | jq .id | sed -e 's/"//g')
--- a/bin/postfix-superviz.sh
+++ b/bin/postfix-superviz.sh
@@ -15,8 +15,6 @@ OLDIFS=$IFS
 IFS=" "
 COUNT_MAILQ=$(docker exec -t mailServ mailq | tail -n1 | gawk '{print $5}')
 # récupération mots de passes
 . $KAZ_KEY_DIR/env-mattermostAdmin
 docker exec ${mattermostServName} bin/mmctl --suppress-warnings auth login $httpProto://$URL_AGORA --name local-server --username $mattermost_user --password $mattermost_pass >/dev/null 2>&1
 if [ "${COUNT_MAILQ}" -gt "${MAX_QUEUE}" ]; then
--- a/bin/scriptBorg.sh
+++ b/bin/scriptBorg.sh
@@ -17,7 +17,7 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
 . $KAZ_ROOT/bin/.commonFunctions.sh
 setKazVars
 . $DOCKERS_ENV
-. $KAZ_BIN_DIR/getPasswords.sh borg
+. $KAZ_ROOT/secret/SetAllPass.sh
 VERSION="V-10-03-2025"
 PRG=$(basename $0)
--- a/bin/templates/email.css
+++ b/bin/templates/email.css
@@ -0,0 +1,82 @@
 body {
    font-family: Arial, sans-serif;
    background-color: #f4f4f4;
    margin: 0;
    padding: 0;
 }
 .email-content {
    background-color: #f0f0f0; /* Light gray background */
    margin: 20px auto;
    padding: 20px;
    border: 1px solid #dddddd;
    max-width: 600px;
    width: 90%; /* This makes the content take 90% width of its container */
    text-align: left; /* Remove text justification */
 }
 header {
    background-color: #E16969;
    color: white;
    text-align: center;
    height: 50px; /* Fixed height for header */
    line-height: 50px; /* Vertically center the text */
    width: 100%; /* Make header full width */
 }
 footer {
    background-color: #E16969;
    color: white;
    text-align: center;
    height: 50px; /* Fixed height for footer */
    line-height: 50px; /* Vertically center the text */
    width: 100%; /* Make footer full width */
 }
 .header-container {
    position: relative; /* Pour positionner le logo et le texte dans le header */
    height: 50px; /* Hauteur maximale du header */
 }
 .logo {
    position: absolute; /* Pour positionner le logo */
    max-height: 100%; /* Taille maximale du logo égale à la hauteur du header */
    top: 0; /* Aligner le logo en haut */
    left: 0; /* Aligner le logo à gauche */
    margin-right: 10px; /* Marge à droite du logo */
 }
 .header-container h1, .footer-container p {
    margin: 0;
    font-size: 24px;
 }
 .footer-container p {
    font-size: 12px;
 }
 .footer-container a {
    color: #FFFFFF; /* White color for links in footer */
    text-decoration: none;
 }
 .footer-container a:hover {
    text-decoration: underline; /* Optional: add underline on hover */
 }
 a {
    color: #E16969; /* Same color as header/footer background for all other links */
    text-decoration: none;
 }
 a:hover {
    text-decoration: underline; /* Optional: add underline on hover */
 }
 h2 {
    color: #E16969;
 }
 p {
    line-height: 1.6;
 }
--- a/bin/templates/email_footer.html
+++ b/bin/templates/email_footer.html
@@ -0,0 +1,9 @@
 <footer>
    <div class="footer-container">
        <p>
            Ici, on prend soin de vos données et on ne les vend pas !
            <br>
            <a href="https://kaz.bzh">https://kaz.bzh</a>
        </p>
    </div>
 </footer>
--- a/bin/templates/email_header.html
+++ b/bin/templates/email_header.html
@@ -0,0 +1,6 @@
 <header>
    <div class="header-container">
        <img class="logo" src="https://kaz-cloud.kaz.bzh/apps/theming/image/logo?v=33" alt="KAZ Logo">
        <h1>Kaz : Le numérique sobre, libre, éthique et local</h1>
    </div>
 </header>
--- a/bin/templates/email_inscription.html
+++ b/bin/templates/email_inscription.html
@@ -0,0 +1,94 @@
 <!DOCTYPE html>
 <html lang="fr">
 <head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Email d'inscription'</title>
    <style>
        {% include 'email.css' %}
    </style>
 </head>
 <body>
 {% include 'email_header.html' %}
 <div class="email-content">
 <p>
 Bonjour {{NOM}}!<br><br>
 Bienvenue chez KAZ!<br><br>
 Vous disposez de :
 <ul>
 <li>une messagerie classique : <a href={{URL_WEBMAIL}}>{{URL_WEBMAIL}}</a></li>
 <li>une messagerie instantanée pour discuter au sein d'équipes : <a href={{URL_AGORA}}>{{URL_AGORA}}</a></li>
 </ul>
 Votre email et identifiant pour ces services : {{EMAIL_SOUHAITE}}<br>
 Le mot de passe : <b>{{PASSWORD}}</b><br><br>
 Pour changer votre mot de passe de messagerie, c'est ici: <a href={{URL_MDP}}>{{URL_MDP}}</a><br>
 Si vous avez perdu votre mot de passe, c'est ici: <a href={{URL_MDP}}/?action=sendtoken>{{URL_MDP}}/?action=sendtoken</a><br><br>
 Vous pouvez accéder à votre messagerie classique:
 <ul>
 <li>soit depuis votre webmail : <a href={{URL_WEBMAIL}}>{{URL_WEBMAIL}}</a></li>
 <li>soit depuis votre bureau virtuel : <a href={{URL_CLOUD}}>{{URL_CLOUD}}</a></li>
 <li>soit depuis un client de messagerie comme thunderbird<br>
 </ul>
 </p>
 {% if ADMIN_ORGA == '1' %}
 <p>
 En tant qu'association/famille/société. Vous avez la possibilité d'ouvrir, quand vous le voulez, des services kaz, il vous suffit de nous le demander.<br><br>
 Pourquoi n'ouvrons-nous pas tous les services tout de suite ? parce que nous aimons la sobriété et que nous préservons notre espace disque ;)<br>
 A quoi sert d'avoir un site web si on ne l'utilise pas, n'est-ce pas ?<br><br>
 Par retour de mail, dites-nous de quoi vous avez besoin tout de suite entre:
 <ul>
 <li>une comptabilité : un service de gestion adhérents/clients</li>
 <li>un site web de type WordPress</li>
 <li>un cloud : bureau virtuel pour stocker des fichiers/calendriers/contacts et partager avec vos connaissances</li>
 </ul>
 Une fois que vous aurez répondu à ce mail, votre demande sera traitée manuellement.
 </p>
 {% endif %}
 <p>
 Vous avez quelques docs intéressantes sur le wiki de kaz:
 <ul>
 <li>Migrer son site internet wordpress vers kaz : <a href="https://wiki.kaz.bzh/wordpress/start#migrer_son_site_wordpress_vers_kaz">https://wiki.kaz.bzh/wordpress/start#migrer_son_site_wordpress_vers_kaz</a></li>
 <li>Migrer sa messagerie vers kaz : <a href="https://wiki.kaz.bzh/messagerie/gmail/start">https://wiki.kaz.bzh/messagerie/gmail/start</a></li>
 <li>Démarrer simplement avec son cloud : <a href="https://wiki.kaz.bzh/nextcloud/start">https://wiki.kaz.bzh/messagerie/gmail/start</a></li>
 </ul>
 Votre quota est de {{QUOTA}}GB. Si vous souhaitez plus de place pour vos fichiers ou la messagerie, faites-nous signe !<br><br>
 Pour accéder à la messagerie instantanée et communiquer avec les membres de votre équipe ou ceux de kaz : <a href={{URL_AGORA}}/login>{{URL_AGORA}}/login</a><br>
 </p>
 {% if ADMIN_ORGA == '1' %}
 <p>
 Comme administrateur de votre organisation, vous pouvez créer des listes de diffusion en vous rendant sur <a href={{URL_LISTE}}>{{URL_LISTE}}</a><br>
 </p>
 {% endif %}
 <p>
 Enfin, vous disposez de tous les autres services KAZ où l'authentification n'est pas nécessaire : <a href={{URL_SITE}}>{{URL_SITE}}</a><br><br>
 En cas de soucis, n'hésitez pas à poser vos questions sur le canal 'Une question ? un soucis' de l'agora dispo ici : <a href={{URL_AGORA}}>{{URL_AGORA}}</a><br><br>
 Si vous avez besoin d'accompagnement pour votre site, votre cloud, votre compta, votre migration de messagerie,...<br>nous proposons des formations mensuelles gratuites. Si vous souhaitez être accompagné par un professionnel, nous pouvons vous donner une liste de pros, référencés par KAZ.<br><br>
 À bientôt 😉<br><br>
 La collégiale de KAZ.<br>
 </p>
 </div> <!-- <div class="email-content"> -->
 {% include 'email_footer.html' %}
 </body>
 </html>
--- a/bin/templates/email_inscription.txt
+++ b/bin/templates/email_inscription.txt
@@ -0,0 +1,70 @@
 Bonjour {{NOM}}!
 Bienvenue chez KAZ!<br><br>
 Vous disposez de :
 <ul>
 <li>une messagerie classique : <a href={{URL_WEBMAIL}}>{{URL_WEBMAIL}}</a></li>
 <li>une messagerie instantanée pour discuter au sein d'équipes : <a href={{URL_AGORA}}>{{URL_AGORA}}</a></li>
 </ul>
 Votre email et identifiant pour ces services : {{EMAIL_SOUHAITE}}<br>
 Le mot de passe : <b>{{PASSWORD}}</b><br><br>
 Pour changer votre mot de passe de messagerie, c'est ici: <a href={{URL_MDP}}>{{URL_MDP}}</a><br>
 Si vous avez perdu votre mot de passe, c'est ici: <a href={{URL_MDP}}/?action=sendtoken>{{URL_MDP}}/?action=sendtoken</a><br><br>
 Vous pouvez accéder à votre messagerie classique:
 <ul>
 <li>soit depuis votre webmail : <a href={{URL_WEBMAIL}}>{{URL_WEBMAIL}}</a></li>
 <li>soit depuis votre bureau virtuel : <a href={{URL_CLOUD}}>{{URL_CLOUD}}</a></li>
 <li>soit depuis un client de messagerie comme thunderbird<br>
 </ul>
 </p>
 {% if ADMIN_ORGA == '1' %}
 <p>
 En tant qu'association/famille/société. Vous avez la possibilité d'ouvrir, quand vous le voulez, des services kaz, il vous suffit de nous le demander.<br><br>
 Pourquoi n'ouvrons-nous pas tous les services tout de suite ? parce que nous aimons la sobriété et que nous préservons notre espace disque ;)<br>
 A quoi sert d'avoir un site web si on ne l'utilise pas, n'est-ce pas ?<br><br>
 Par retour de mail, dites-nous de quoi vous avez besoin tout de suite entre:
 <ul>
 <li>une comptabilité : un service de gestion adhérents/clients</li>
 <li>un site web de type WordPress</li>
 <li>un cloud : bureau virtuel pour stocker des fichiers/calendriers/contacts et partager avec vos connaissances</li>
 </ul>
 Une fois que vous aurez répondu à ce mail, votre demande sera traitée manuellement.
 </p>
 {% endif %}
 <p>
 Vous avez quelques docs intéressantes sur le wiki de kaz:
 <ul>
 <li>Migrer son site internet wordpress vers kaz : <a href="https://wiki.kaz.bzh/wordpress/start#migrer_son_site_wordpress_vers_kaz">https://wiki.kaz.bzh/wordpress/start#migrer_son_site_wordpress_vers_kaz</a></li>
 <li>Migrer sa messagerie vers kaz : <a href="https://wiki.kaz.bzh/messagerie/gmail/start">https://wiki.kaz.bzh/messagerie/gmail/start</a></li>
 <li>Démarrer simplement avec son cloud : <a href="https://wiki.kaz.bzh/nextcloud/start">https://wiki.kaz.bzh/messagerie/gmail/start</a></li>
 </ul>
 Votre quota est de {{QUOTA}}GB. Si vous souhaitez plus de place pour vos fichiers ou la messagerie, faites-nous signe !<br><br>
 Pour accéder à la messagerie instantanée et communiquer avec les membres de votre équipe ou ceux de kaz : <a href={{URL_AGORA}}/login>{{URL_AGORA}}/login</a><br>
 </p>
 {% if ADMIN_ORGA == '1' %}
 <p>
 Comme administrateur de votre organisation, vous pouvez créer des listes de diffusion en vous rendant sur <a href={{URL_LISTE}}>{{URL_LISTE}}</a><br>
 </p>
 {% endif %}
 <p>
 Enfin, vous disposez de tous les autres services KAZ où l'authentification n'est pas nécessaire : <a href={{URL_SITE}}>{{URL_SITE}}</a><br><br>
 En cas de soucis, n'hésitez pas à poser vos questions sur le canal 'Une question ? un soucis' de l'agora dispo ici : <a href={{URL_AGORA}}>{{URL_AGORA}}</a><br><br>
 Si vous avez besoin d'accompagnement pour votre site, votre cloud, votre compta, votre migration de messagerie,...<br>nous proposons des formations mensuelles gratuites. Si vous souhaitez être accompagné par un professionnel, nous pouvons vous donner une liste de pros, référencés par KAZ.<br><br>
 À bientôt 😉<br><br>
 La collégiale de KAZ.<br>
--- a/bin/updateDockerPassword.sh
+++ b/bin/updateDockerPassword.sh
@@ -0,0 +1,127 @@
 #!/bin/bash
 KAZ_ROOT=$(cd $(dirname $0)/..; pwd)
 . "${KAZ_ROOT}/bin/.commonFunctions.sh"
 setKazVars
 # pour mise au point
 # SIMU=echo
 # Améliorations à prévoir
 # - donner en paramètre les services concernés (pour limité les modifications)
 # - pour les DB si on déclare un nouveau login, alors les privilèges sont créé mais les anciens pas révoqués
 . "${DOCKERS_ENV}"
 . "${KAZ_KEY_DIR}/SetAllPass.sh"
 updateEnvDB(){
    # $1 = prefix
    # $2 = envName
    # $3 = containerName of DB
    rootPass="$1_MYSQL_ROOT_PASSWORD"
    dbName="$1_MYSQL_DATABASE"
    userName="$1_MYSQL_USER"
    userPass="$1_MYSQL_PASSWORD"
    ${SIMU} sed -i \
 	    -e "s/MYSQL_ROOT_PASSWORD=.*/MYSQL_ROOT_PASSWORD=${!rootPass}/g" \
 	    -e "s/MYSQL_DATABASE=.*/MYSQL_DATABASE=${!dbName}/g" \
 	    -e "s/MYSQL_USER=.*/MYSQL_USER=${!userName}/g" \
 	    -e "s/MYSQL_PASSWORD=.*/MYSQL_PASSWORD=${!userPass}/g" \
 	    "$2"
    # seulement si pas de mdp pour root
    # pb oeuf et poule (il faudrait les anciennes valeurs) :
    # * si rootPass change, faire à la main
    # * si dbName change, faire à la main
    checkDockerRunning "$3" "$3" || return
    echo "change DB pass on docker $3"
    echo "grant all privileges on ${!dbName}.* to '${!userName}' identified by '${!userPass}';" | \
 	docker exec -i $3 bash -c "mysql --user=root --password=${!rootPass}"
 }
 updateEnv(){
    # $1 = prefix
    # $2 = envName
    for varName in $(grep "^[a-zA-Z_]*=" $2 | sed "s/^\([^=]*\)=.*/\1/g")
    do
 	srcName="$1_${varName}"
 	srcVal=$(echo "${!srcName}" | sed -e "s/[&]/\\\&/g")
 	${SIMU} sed -i \
 		-e "s%^[ ]*${varName}=.*\$%${varName}=${srcVal}%" \
 		"$2"
    done
 }
 framadateUpdate(){
    [[ "${COMP_ENABLE}" =~ " framadate " ]] || return
    if [ ! -f "${DOCK_LIB}/volumes/framadate_dateConfig/_data/config.php" ]; then
 	return 0
    fi
    checkDockerRunning "${framadateServName}" "Framadate" &&
 	${SIMU} docker exec -ti "${framadateServName}" bash -c -i "htpasswd -bc /var/framadate/admin/.htpasswd ${framadate_HTTPD_USER} ${framadate_HTTPD_PASSWORD}"
    ${SIMU} sed -i \
 	    -e "s/^#*const DB_USER[ ]*=.*$/const DB_USER= '${framadate_MYSQL_USER}';/g" \
 	    -e "s/^#*const DB_PASSWORD[ ]*=.*$/const DB_PASSWORD= '${framadate_MYSQL_PASSWORD}';/g" \
 	    "${DOCK_LIB}/volumes/framadate_dateConfig/_data/config.php"
 }
 jirafeauUpdate(){
    [[ "${COMP_ENABLE}" =~ " jirafeau " ]] || return
    if [ ! -f "${DOCK_LIB}/volumes/jirafeau_fileConfig/_data/config.local.php" ]; then
 	return 0
    fi
    SHA=$(echo -n "${jirafeau_HTTPD_PASSWORD}" | sha256sum | cut -d \  -f 1)
    ${SIMU} sed -i \
 	    -e "s/'admin_password'[ ]*=>[ ]*'[^']*'/'admin_password' => '${SHA}'/g" \
 	    "${DOCK_LIB}/volumes/jirafeau_fileConfig/_data/config.local.php"
 }
 ####################
 # main
 updateEnvDB "etherpad" "${KAZ_KEY_DIR}/env-${etherpadDBName}" "${etherpadDBName}"
 updateEnvDB "framadate" "${KAZ_KEY_DIR}/env-${framadateDBName}" "${framadateDBName}"
 updateEnvDB "gitea" "${KAZ_KEY_DIR}/env-${gitDBName}" "${gitDBName}"
 updateEnvDB "nextcloud" "${KAZ_KEY_DIR}/env-${nextcloudDBName}" "${nextcloudDBName}"
 updateEnvDB "roundcube" "${KAZ_KEY_DIR}/env-${roundcubeDBName}" "${roundcubeDBName}"
 updateEnvDB "sympa" "${KAZ_KEY_DIR}/env-${sympaDBName}" "${sympaDBName}"
 updateEnvDB "vigilo" "${KAZ_KEY_DIR}/env-${vigiloDBName}" "${vigiloDBName}"
 updateEnvDB "wp" "${KAZ_KEY_DIR}/env-${wordpressDBName}" "${wordpressDBName}"
 updateEnvDB "vaultwarden" "${KAZ_KEY_DIR}/env-${vaultwardenDBName}" "${vaultwardenDBName}"
 updateEnvDB "castopod" "${KAZ_KEY_DIR}/env-${castopodDBName}" "${castopodDBName}"
 updateEnvDB "spip" "${KAZ_KEY_DIR}/env-${spipDBName}" "${spipDBName}"
 updateEnvDB "mastodon" "${KAZ_KEY_DIR}/env-${mastodonDBName}" "${mastodonDBName}"
 updateEnv "apikaz" "${KAZ_KEY_DIR}/env-${apikazServName}"
 updateEnv "ethercalc" "${KAZ_KEY_DIR}/env-${ethercalcServName}"
 updateEnv "etherpad" "${KAZ_KEY_DIR}/env-${etherpadServName}"
 updateEnv "framadate" "${KAZ_KEY_DIR}/env-${framadateServName}"
 updateEnv "gandi" "${KAZ_KEY_DIR}/env-gandi"
 updateEnv "gitea" "${KAZ_KEY_DIR}/env-${gitServName}"
 updateEnv "jirafeau" "${KAZ_KEY_DIR}/env-${jirafeauServName}"
 updateEnv "mattermost" "${KAZ_KEY_DIR}/env-${mattermostServName}"
 updateEnv "mattermost" "${KAZ_KEY_DIR}/env-${mattermostDBName}"
 updateEnv "nextcloud" "${KAZ_KEY_DIR}/env-${nextcloudServName}"
 updateEnv "office" "${KAZ_KEY_DIR}/env-${officeServName}"
 updateEnv "roundcube" "${KAZ_KEY_DIR}/env-${roundcubeServName}"
 updateEnv "vigilo" "${KAZ_KEY_DIR}/env-${vigiloServName}"
 updateEnv "wp" "${KAZ_KEY_DIR}/env-${wordpressServName}"
 updateEnv "ldap" "${KAZ_KEY_DIR}/env-${ldapServName}"
 updateEnv "sympa" "${KAZ_KEY_DIR}/env-${sympaServName}"
 updateEnv "mail" "${KAZ_KEY_DIR}/env-${smtpServName}"
 updateEnv "mobilizon" "${KAZ_KEY_DIR}/env-${mobilizonServName}"
 updateEnv "mobilizon" "${KAZ_KEY_DIR}/env-${mobilizonDBName}"
 updateEnv "vaultwarden" "${KAZ_KEY_DIR}/env-${vaultwardenServName}"
 updateEnv "castopod" "${KAZ_KEY_DIR}/env-${castopodServName}"
 updateEnv "spip" "${KAZ_KEY_DIR}/env-${spipServName}"
 updateEnv "ldap" "${KAZ_KEY_DIR}/env-${ldapUIName}"
 updateEnv "peertube" "${KAZ_KEY_DIR}/env-${peertubeServName}"
 updateEnv "peertube" "${KAZ_KEY_DIR}/env-${peertubeDBName}" "${peertubeDBName}"
 updateEnv "mastodon" "${KAZ_KEY_DIR}/env-${mastodonServName}"
 framadateUpdate
 jirafeauUpdate
 exit 0
--- a/config/container-proxy.list.tmpl
+++ b/config/container-proxy.list.tmpl
@@ -1,2 +1,2 @@
-proxy
+# proxy
-#traefik
+traefik
--- a/config/container-withMail.list.tmpl
+++ b/config/container-withMail.list.tmpl
@@ -4,7 +4,7 @@ dokuwiki
 paheko
 gitea
 jirafeau
-mattermost
+#mattermost
 roundcube
 mobilizon
 vaultwarden
--- a/config/dockers.tmpl.env
+++ b/config/dockers.tmpl.env
@@ -101,7 +101,7 @@ snappymailHost=snappymail
 ########################################
 # ports internes
-matterPort=8000
+matterPort=8065
 imapsyncPort=8080
 apikaz=5000
@@ -159,8 +159,3 @@ apikazServName=apikazServ
 # services activés par container.sh
 # variables d'environneements utilisées
 # pour le tmpl du mandataire (proxy)
 ##################
 #qui on envoi le mail d'inscription ?
 EMAIL_CONTACT="toto@kaz.bzh"
--- a/config/orgaTmpl/app/Dockerfile
+++ b/config/orgaTmpl/app/Dockerfile
@@ -0,0 +1,58 @@
 FROM alpine:3.17
 # Some ENV variables
 ENV PATH="/mattermost/bin:${PATH}"
 #ENV MM_VERSION=5.32.0
 ENV MM_VERSION=6.1.0
 ENV MM_INSTALL_TYPE=docker
 # Build argument to set Mattermost edition
 ARG edition=enterprise
 ARG PUID=2000
 ARG PGID=2000
 ARG MM_BINARY=
 # Install some needed packages
 RUN apk add --no-cache \
 	ca-certificates \
 	curl \
 	jq \
 	libc6-compat \
 	libffi-dev \
 	libcap \
 	linux-headers \
 	mailcap \
 	netcat-openbsd \
 	xmlsec-dev \
 	tzdata \
 	&& rm -rf /tmp/*
 # Get Mattermost
 RUN mkdir -p /mattermost/data /mattermost/plugins /mattermost/client/plugins \
 	&& if [ ! -z "$MM_BINARY" ]; then curl $MM_BINARY | tar -xvz ; \
 		elif [ "$edition" = "team" ] ; then curl https://releases.mattermost.com/$MM_VERSION/mattermost-team-$MM_VERSION-linux-amd64.tar.gz?src=docker-app | tar -xvz ; \
 		else curl https://releases.mattermost.com/$MM_VERSION/mattermost-$MM_VERSION-linux-amd64.tar.gz?src=docker-app | tar -xvz ; fi \
 	&& cp /mattermost/config/config.json /config.json.save \
 	&& rm -rf /mattermost/config/config.json \
 	&& addgroup -g ${PGID} mattermost \
 	&& adduser -D -u ${PUID} -G mattermost -h /mattermost -D mattermost \
 	&& chown -R mattermost:mattermost /mattermost /config.json.save /mattermost/plugins /mattermost/client/plugins \
 	&& setcap cap_net_bind_service=+ep /mattermost/bin/mattermost
 USER mattermost
 #Healthcheck to make sure container is ready
 HEALTHCHECK CMD curl --fail http://localhost:8000 || exit 1
 # Configure entrypoint and command
 COPY entrypoint.sh /
 ENTRYPOINT ["/entrypoint.sh"]
 WORKDIR /mattermost
 CMD ["mattermost"]
 # Expose port 8000 of the container
 EXPOSE 8000
 # Declare volumes for mount point directories
 VOLUME ["/mattermost/data", "/mattermost/logs", "/mattermost/config", "/mattermost/plugins", "/mattermost/client/plugins"]
--- a/config/orgaTmpl/app/entrypoint.sh
+++ b/config/orgaTmpl/app/entrypoint.sh
@@ -0,0 +1,82 @@
 #!/bin/sh
 # Function to generate a random salt
 generate_salt() {
 	tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 48 | head -n 1
 }
 # Read environment variables or set default values
 DB_HOST=${DB_HOST:-db}
 DB_PORT_NUMBER=${DB_PORT_NUMBER:-5432}
 # see https://www.postgresql.org/docs/current/libpq-ssl.html
 # for usage when database connection requires encryption
 # filenames should be escaped if they contain spaces
 #  i.e. $(printf %s ${MY_ENV_VAR:-''}  | jq -s -R -r @uri)
 # the location of the CA file can be set using environment var PGSSLROOTCERT
 # the location of the CRL file can be set using PGSSLCRL
 # The URL syntax for connection string does not support the parameters
 # sslrootcert and sslcrl reliably, so use these PostgreSQL-specified variables
 # to set names if using a location other than default
 DB_USE_SSL=${DB_USE_SSL:-disable}
 MM_DBNAME=${MM_DBNAME:-mattermost}
 MM_CONFIG=${MM_CONFIG:-/mattermost/config/config.json}
 _1=$(echo "$1" | awk  '{ s=substr($0, 0, 1); print s; }' )
 if [ "$_1" = '-' ]; then
 	set -- mattermost "$@"
 fi
 if [ "$1" = 'mattermost' ]; then
 	# Check CLI args for a -config option
 	for ARG in "$@"; do
 		case "$ARG" in
 			-config=*) MM_CONFIG=${ARG#*=};;
 		esac
 	done
 	if [ ! -f "$MM_CONFIG" ]; then
 		# If there is no configuration file, create it with some default values
 		echo "No configuration file $MM_CONFIG"
 		echo "Creating a new one"
 		# Copy default configuration file
 		cp /config.json.save "$MM_CONFIG"
 		# Substitute some parameters with jq
 		jq '.ServiceSettings.ListenAddress = ":8000"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
 		jq '.LogSettings.EnableConsole = true' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
 		jq '.LogSettings.ConsoleLevel = "ERROR"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
 		jq '.FileSettings.Directory = "/mattermost/data/"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
 		jq '.FileSettings.EnablePublicLink = true' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
 		jq ".FileSettings.PublicLinkSalt = \"$(generate_salt)\"" "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
 		jq '.EmailSettings.SendEmailNotifications = false' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
 		jq '.EmailSettings.FeedbackEmail = ""' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
 		jq '.EmailSettings.SMTPServer = ""' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
 		jq '.EmailSettings.SMTPPort = ""' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
 		jq ".EmailSettings.InviteSalt = \"$(generate_salt)\"" "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
 		jq ".EmailSettings.PasswordResetSalt = \"$(generate_salt)\"" "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
 		jq '.RateLimitSettings.Enable = true' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
 		jq '.SqlSettings.DriverName = "postgres"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
 		jq ".SqlSettings.AtRestEncryptKey = \"$(generate_salt)\"" "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
 		jq '.PluginSettings.Directory = "/mattermost/plugins/"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
 	else
 		echo "Using existing config file $MM_CONFIG"
 	fi
 	# Configure database access
 	if [ -z "$MM_SQLSETTINGS_DATASOURCE" ] && [ -n "$MM_USERNAME" ] && [ -n "$MM_PASSWORD" ]; then
 		echo "Configure database connection..."
 		# URLEncode the password, allowing for special characters
 		ENCODED_PASSWORD=$(printf %s "$MM_PASSWORD" | jq -s -R -r @uri)
 		export MM_SQLSETTINGS_DATASOURCE="postgres://$MM_USERNAME:$ENCODED_PASSWORD@$DB_HOST:$DB_PORT_NUMBER/$MM_DBNAME?sslmode=$DB_USE_SSL&connect_timeout=10"
 		echo "OK"
 	else
 		echo "Using existing database connection"
 	fi
 	# Wait another second for the database to be properly started.
 	# Necessary to avoid "panic: Failed to open sql connection pq: the database system is starting up"
 	sleep 1
 	echo "Starting mattermost"
 fi
 exec "$@"
--- a/config/orgaTmpl/init-db.sh
+++ b/config/orgaTmpl/init-db.sh
@@ -25,66 +25,57 @@ SQL=""
 for ARG in "$@"; do
    case "${ARG}" in
 	'cloud' )
 		. $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudDB
 	    SQL="$SQL
-CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE};
+CREATE DATABASE IF NOT EXISTS ${nextcloud_MYSQL_DATABASE};
-DROP USER IF EXISTS '${MYSQL_USER}';
+DROP USER IF EXISTS '${nextcloud_MYSQL_USER}';
-CREATE USER '${MYSQL_USER}'@'%';
+CREATE USER '${nextcloud_MYSQL_USER}'@'%';
-GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';
+GRANT ALL ON ${nextcloud_MYSQL_DATABASE}.* TO '${nextcloud_MYSQL_USER}'@'%' IDENTIFIED BY '${nextcloud_MYSQL_PASSWORD}';
 FLUSH PRIVILEGES;"
        ;;
 	'agora' )
 		. $KAZ_KEY_DIR/orgas/$ORGA/env-mattermostDB
 	    SQL="$SQL
-CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE};
+CREATE DATABASE IF NOT EXISTS ${mattermost_MYSQL_DATABASE};
-DROP USER IF EXISTS '${MYSQL_USER}';
+DROP USER IF EXISTS '${mattermost_MYSQL_USER}';
-CREATE USER '${MYSQL_USER}'@'%';
+CREATE USER '${mattermost_MYSQL_USER}'@'%';
-GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';
+GRANT ALL ON ${mattermost_MYSQL_DATABASE}.* TO '${mattermost_MYSQL_USER}'@'%' IDENTIFIED BY '${mattermost_MYSQL_PASSWORD}';
 FLUSH PRIVILEGES;"
 	    ;;
 	'wp' )
 		. $KAZ_KEY_DIR/orgas/$ORGA/env-wpDB
 	    SQL="$SQL
-CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE};
+CREATE DATABASE IF NOT EXISTS ${wp_MYSQL_DATABASE};
-DROP USER IF EXISTS '${MYSQL_USER}';
+DROP USER IF EXISTS '${wp_MYSQL_USER}';
-CREATE USER '${MYSQL_USER}'@'%';
+CREATE USER '${wp_MYSQL_USER}'@'%';
-GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';
+GRANT ALL ON ${wp_MYSQL_DATABASE}.* TO '${wp_MYSQL_USER}'@'%' IDENTIFIED BY '${wp_MYSQL_PASSWORD}';
 FLUSH PRIVILEGES;"
 	    ;;
 	'castopod' )
 		. $KAZ_KEY_DIR/orgas/$ORGA/env-castopodDB
 	    SQL="$SQL
-CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE};
+CREATE DATABASE IF NOT EXISTS ${castopod_MYSQL_DATABASE};
-DROP USER IF EXISTS '${MYSQL_USER}';
+DROP USER IF EXISTS '${castopod_MYSQL_USER}';
-CREATE USER '${MYSQL_USER}'@'%';
+CREATE USER '${castopod_MYSQL_USER}'@'%';
-GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';
+GRANT ALL ON ${castopod_MYSQL_DATABASE}.* TO '${castopod_MYSQL_USER}'@'%' IDENTIFIED BY '${castopod_MYSQL_PASSWORD}';
 FLUSH PRIVILEGES;"
 	    ;;
 	'spip' )
 		. $KAZ_KEY_DIR/orgas/$ORGA/env-spipDB
           SQL="$SQL
-CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE};
+CREATE DATABASE IF NOT EXISTS ${spip_MYSQL_DATABASE};
-DROP USER IF EXISTS '${MYSQL_USER}';
+DROP USER IF EXISTS '${spip_MYSQL_USER}';
-CREATE USER '${MYSQL_USER}'@'%';
+CREATE USER '${spip_MYSQL_USER}'@'%';
-GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';
+GRANT ALL ON ${spip_MYSQL_DATABASE}.* TO '${spip_MYSQL_USER}'@'%' IDENTIFIED BY '${spip_MYSQL_PASSWORD}';
 FLUSH PRIVILEGES;"
 	    ;;
@@ -93,4 +84,4 @@ FLUSH PRIVILEGES;"
    esac
 done
-echo $SQL | docker exec -i ${ORGA}-DB bash -c "mariadb --user=root --password=${MYSQL_ROOT_PASSWORD}"
+echo $SQL | docker exec -i ${ORGA}-DB bash -c "mariadb --user=root --password=${wp_MYSQL_ROOT_PASSWORD}"
--- a/config/orgaTmpl/initdb.d/orga.sql
+++ b/config/orgaTmpl/initdb.d/orga.sql
@@ -0,0 +1,3 @@
 CREATE DATABASE IF NOT EXISTS nextcloud;
 CREATE DATABASE IF NOT EXISTS mattermost;
 CREATE DATABASE IF NOT EXISTS wpdb;
--- a/config/orgaTmpl/wiki-conf/acl.auth.php
+++ b/config/orgaTmpl/wiki-conf/acl.auth.php
@@ -0,0 +1,10 @@
 # acl.auth.php
 # <?php exit()?>
 # Don't modify the lines above
 #
 # Access Control Lists
 #
 # Auto-generated by install script
 # Date: Sat, 13 Feb 2021 17:42:28 +0000
 *	@ALL	1
 *	@user	8
--- a/config/orgaTmpl/wiki-conf/local.php
+++ b/config/orgaTmpl/wiki-conf/local.php
@@ -0,0 +1,26 @@
 <?php
 /*
 * Dokuwiki's Main Configuration File - Local Settings
 * Auto-generated by config plugin
 * Run for user: felix
 * Date: Sun, 28 Feb 2021 15:56:13 +0000
 */
 $conf['title'] = 'Kaz';
 $conf['template'] = 'docnavwiki';
 $conf['license'] = 'cc-by-sa';
 $conf['useacl'] = 1;
 $conf['superuser'] = '@admin';
 $conf['manager'] = '@manager';
 $conf['disableactions'] = 'register';
 $conf['remoteuser'] = '';
 $conf['mailfrom'] = 'dokuwiki@kaz.bzh';
 $conf['updatecheck'] = 0;
 $conf['userewrite'] = '1';
 $conf['useslash'] = 1;
 $conf['plugin']['ckgedit']['scayt_auto'] = 'on';
 $conf['plugin']['ckgedit']['scayt_lang'] = 'French/fr_FR';
 $conf['plugin']['ckgedit']['other_lang'] = 'fr';
 $conf['plugin']['smtp']['smtp_host'] = 'smtp.kaz.bzh';
 $conf['plugin']['todo']['CheckboxText'] = 0;
 $conf['plugin']['wrap']['restrictionType'] = '1';
--- a/config/orgaTmpl/wiki-conf/users.auth.php
+++ b/config/orgaTmpl/wiki-conf/users.auth.php
@@ -0,0 +1,13 @@
 # users.auth.php
 # <?php exit()?>
 # Don't modify the lines above
 #
 # Userfile
 #
 # Auto-generated by install script
 # Date: Sat, 13 Feb 2021 17:42:28 +0000
 #
 # Format:
 # login:passwordhash:Real Name:email:groups,comma,separated
 admin:$2y$10$GYvFgViXeEUmDViplHEs7eoYV8tmbfsS8wA1vfHQ.tWgW14o9aTjy:admin:contact@kaz.bzh:admin,user
--- a/config/proxy/proxy_params
+++ b/config/proxy/proxy_params
@@ -0,0 +1,21 @@
 #proxy_buffering off;
 #proxy_set_header X-Forwarded-Host $host:$server_port;
 #proxy_set_header X-Forwarded-Server $host;
 #XXX pb proxy_set_header Connection $proxy_connection;
 proxy_buffers 256 16k;
 proxy_buffer_size 16k;
 # mattermost
 http2_push_preload on; # Enable HTTP/2 Server Push
 add_header Strict-Transport-Security max-age=15768000;
 proxy_set_header Host $http_host;
 proxy_set_header X-Real-IP $remote_addr;
 #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header X-Forwarded-Proto $scheme;
 #proxy_hide_header 'x-frame-options';
 #proxy_set_header x-frame-options allowall;
 proxy_set_header X-Frame-Options SAMEORIGIN;
--- a/dockers/ldap/UIHooks/post-hook.sh
+++ b/dockers/ldap/UIHooks/post-hook.sh
@@ -5,9 +5,7 @@ NEWPASSWORD=$(base64 -d <<< $2)
 OLDPASSWORD=$(base64 -d <<< $3)
 URL_AGORA="https://${matterHost}.${domain}"
-
+mattermost_token=${LDAPUI_MM_ADMIN_TOKEN}
 #mattermost_token=${LDAPUI_MM_ADMIN_TOKEN}
 . $KAZ_KEY_DIR/env-mattermostAdmin
 IDUSER=$(curl -s -H "Authorization: Bearer ${mattermost_token}" "${URL_AGORA}/api/v4/users/email/${EMAIL}" | awk -F "," '{print $1}' | sed -e 's/{"id"://g' -e 's/"//g')
 if [ ${IDUSER} == 'app.user.missing_account.const' ]
--- a/dockers/mattermost/first.sh
+++ b/dockers/mattermost/first.sh
@@ -11,3 +11,7 @@ cd $(dirname $0)
 "${KAZ_BIN_DIR}/gestContainers.sh" --install -M -agora
 docker exec ${mattermostServName} mmctl auth login https://${matterHost}.${domain} --name local-server --username ${mattermost_MM_ADMIN_USER} --password ${mattermost_MM_ADMIN_PASSWORD}
 docker exec ${mattermostServName} mmctl channel create --team kaz --name "une-question--un-soucis" --display-name "Une question ? Un souci ?"
 docker exec ${mattermostServName} mmctl channel create --team kaz --name "cafe-du-commerce--ouvert-2424h" --display-name "Café du commerce"
 docker exec ${mattermostServName} mmctl channel create --team kaz --name "creation-comptes" --display-name "Création comptes"
--- a/dockers/sympa/alerting/sympa.sh
+++ b/dockers/sympa/alerting/sympa.sh
@@ -6,7 +6,7 @@ KAZ_ROOT=/kaz
 setKazVars
 . $DOCKERS_ENV
-. $KAZ_KEY_DIR/env-mattermostAdmin
+. $KAZ_ROOT/secret/SetAllPass.sh
 DOCKER_CMD="docker exec sympaServ"
 URL_AGORA=$(echo $matterHost).$(echo $domain)
--- a/dockers/traefik/docker-compose.tmpl.yml.dist
+++ b/dockers/traefik/docker-compose.tmpl.yml.dist
@@ -1,6 +1,6 @@
 services:
  reverse-proxy:
-    image: traefik:v3.4.1
+    image: traefik:v3.4.4
    container_name: ${traefikServName}
    restart: ${restartPolicy}
    # Enables the web UI and tells Traefik to listen to docker
--- a/dockers/traefik/proxy-gen.sh
+++ b/dockers/traefik/proxy-gen.sh
@@ -4,7 +4,7 @@ KAZ_ROOT=$(cd "$(dirname $0)/../.."; pwd)
 . "${KAZ_ROOT}/bin/.commonFunctions.sh"
 setKazVars
 . "${DOCKERS_ENV}"
-. $KAZ_BIN_DIR/getPasswords.sh traefik
+. "${KAZ_ROOT}/secret/SetAllPass.sh"
 printKazMsg "\n  *** Proxy update config"
--- a/secret.tmpl/SetAllPass.sh
+++ b/secret.tmpl/SetAllPass.sh
@@ -2,43 +2,215 @@
 # Attention à cause des scripts pas de ["'/] dans les mot de passe
 ####################
 # ethercalc
 ethercalc_REDIS_PORT_6379_TCP_ADDR="redis"
 ethercalc_REDIS_PORT_6379_TCP_PORT="6379"
-# A COPIER DANS UN FICHIER DE CONF !! ->  mattermostAdmin
+####################
-# pour envoyer des messages sur l'agora avec mmctl
+# etherpad
-mattermost_user="admin-mattermost"
+etherpad_MYSQL_ROOT_PASSWORD="--clean_val--"
-mattermost_pass="--clean_val--"
+etherpad_MYSQL_DATABASE="--clean_val--"
-mattermost_token="xxx-private"
+etherpad_MYSQL_USER="--clean_val--"
 etherpad_MYSQL_PASSWORD="--clean_val--"
 # Share with etherpadDB
 etherpad_DB_NAME="${etherpad_MYSQL_DATABASE}"
 etherpad_DB_USER="${etherpad_MYSQL_USER}"
 etherpad_DB_PASS="${etherpad_MYSQL_PASSWORD}"
 etherpad_DB_TYPE="mysql"
 etherpad_DB_HOST="padDB"
 etherpad_DB_PORT="3306"
 #etherpad_DB_CHARSET="utf8"
 #user: admin
 etherpad_ADMIN_PASSWORD="--clean_val--"
 etherpad_PAD_OPTIONS_LANG="fr"
 etherpad_TITLE="KazPad"
 etherpad_TRUST_PROXY="true"
 ####################
 # framadate
 framadate_MYSQL_ROOT_PASSWORD="--clean_val--"
 framadate_MYSQL_DATABASE="--clean_val--"
 framadate_MYSQL_USER="--clean_val--"
 framadate_MYSQL_PASSWORD="--clean_val--"
 framadate_HTTPD_USER="--clean_val--"
 framadate_HTTPD_PASSWORD="--clean_val--"
 ##################
 # Gandi
 # à supprimer et à replacer par dns_gandi_api_key
 gandi_GANDI_KEY="xxx"
 gandi_GANDI_API="https://api.gandi.net/v5/livedns/domains/${domain}"
 gandi_dns_gandi_api_key="${gandi_GANDI_KEY}"
 ####################
 # mattermost
 mattermost_POSTGRES_USER="mattermost"
 mattermost_POSTGRES_PASSWORD="--clean_val--"
 mattermost_POSTGRES_DB="mattermost"
 mattermost_MM_ADMIN_EMAIL="${matterHost}@${domain}"
 mattermost_MM_ADMIN_USER="admin-mattermost"
 mattermost_MM_ADMIN_PASSWORD="--clean_val--@"
 mattermost_MM_SQLSETTINGS_DATASOURCE="postgres://${mattermost_POSTGRES_USER}:${mattermost_POSTGRES_PASSWORD}@postgres:5432/${mattermost_POSTGRES_DB}?sslmode=disable&connect_timeout=10"
 # pour envoyer des messages sur l'agora avec mmctl
 mattermost_user="${mattermost_MM_ADMIN_USER}"
 mattermost_pass="${mattermost_MM_ADMIN_PASSWORD}"
 mattermost_token="xxx-private"
 ##################
 # Openldap
 ldap_LDAP_ADMIN_USERNAME="--clean_val--"
 ldap_LDAP_ADMIN_PASSWORD="--clean_val--"
 ldap_LDAP_CONFIG_ADMIN_USERNAME="--clean_val--"
 ldap_LDAP_CONFIG_ADMIN_PASSWORD="--clean_val--"
 ldap_LDAP_POSTFIX_PASSWORD="--clean_val--"
 ldap_LDAP_LDAPUI_PASSWORD="--clean_val--"
 ldap_LDAP_MATTERMOST_PASSWORD="--clean_val--"
 ldap_LDAP_CLOUD_PASSWORD="--clean_val--"
 ldap_LDAP_MOBILIZON_PASSWORD="--clean_val--"
 ldap_LDAPUI_URI=ldap://ldap
 ldap_LDAPUI_BASE_DN=${ldap_root}
 ldap_LDAPUI_REQUIRE_STARTTLS=FALSE
 ldap_LDAPUI_ADMINS_GROUP=admins
 ldap_LDAPUI_ADMIN_BIND_DN=cn=ldapui,ou=applications,${ldap_root}
 ldap_LDAPUI_ADMIN_BIND_PWD=${ldap_LDAP_LDAPUI_PASSWORD}
 ldap_LDAPUI_IGNORE_CERT_ERRORS=TRUE
 ldap_LDAPUI_PASSWORD="--clean_val--"
 ldap_LDAPUI_MM_ADMIN_TOKEN=${mattermost_token}
 ###################
 # gitea
 gitea_MYSQL_ROOT_PASSWORD="--clean_val--"
 gitea_MYSQL_DATABASE="--clean_val--"
 gitea_MYSQL_USER="--clean_val--"
 gitea_MYSQL_PASSWORD="--clean_val--"
 # on ne peut pas utiliser le login "admin"
 gitea_user_admin="admin_gitea"
 gitea_pass_admin="--clean_val--"
 gitea_admin_email="admin@kaz.bzh"
 ####################
 # jirafeau
 jirafeau_HTTPD_PASSWORD="--clean_val--"
 jirafeau_DATA_DIR="--clean_val--"
 ####################
 # nexcloud
 nextcloud_MYSQL_ROOT_PASSWORD="${mattermost_MYSQL_ROOT_PASSWORD}"
 nextcloud_MYSQL_DATABASE="--clean_val--"
 nextcloud_MYSQL_USER="--clean_val--"
 nextcloud_MYSQL_PASSWORD="--clean_val--"
 nextcloud_NEXTCLOUD_ADMIN_USER="admin"
 nextcloud_NEXTCLOUD_ADMIN_PASSWORD="--clean_val--"
 nextcloud_MYSQL_HOST="db"
 #user: admin
 nextcloud_RAIN_LOOP="--clean_val--"
 ####################
 # collabora
 office_username="admin"
 office_password="--clean_val--"
 ####################
 # roundcube
 roundcube_MYSQL_ROOT_PASSWORD="--clean_val--"
 roundcube_MYSQL_DATABASE="--clean_val--"
 roundcube_MYSQL_USER="--clean_val--"
 roundcube_MYSQL_PASSWORD="--clean_val--"
 # Share with roundcubeDB
 roundcube_ROUNDCUBEMAIL_DB_TYPE="mysql"
 roundcube_ROUNDCUBEMAIL_DB_NAME="${roundcube_MYSQL_DATABASE}"
 roundcube_ROUNDCUBEMAIL_DB_USER="${roundcube_MYSQL_USER}"
 roundcube_ROUNDCUBEMAIL_DB_PASSWORD="${roundcube_MYSQL_PASSWORD}"
 roundcube_ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE="1G"
 ####################
 # postfix LDAP
 mail_LDAP_BIND_DN=cn=postfix,ou=applications,${ldap_root}
 mail_LDAP_BIND_PW=${ldap_LDAP_POSTFIX_PASSWORD}
 ####################
 # sympa
 sympa_MYSQL_ROOT_PASSWORD="--clean_val--"
 sympa_MYSQL_DATABASE="sympa"
 sympa_MYSQL_USER="sympa"
 sympa_MYSQL_PASSWORD="--clean_val--"
 sympa_KEY="/etc/letsencrypt/live/${domain}/privkey.pem"
 sympa_CERT="/etc/letsencrypt/live/${domain}/fullchain.pem"
 sympa_LISTMASTERS="listmaster@${domain_sympa}"
 sympa_ADMINEMAIL="listmaster@${domain_sympa}"
 sympa_SOAP_USER="sympa"
 sympa_SOAP_PASSWORD="--clean_val--"
 # pour inscrire des users sur des listes sympa avec soap
 #il faut que le user soit admin de sympa
 sympa_user="a@${domain}"
 sympa_pass="--clean_val--"
 ##################
 # vigilo
 vigilo_MYSQL_ROOT_PASSWORD="--clean_val--"
 vigilo_MYSQL_USER="--clean_val--"
 vigilo_MYSQL_PASSWORD="--clean_val--"
 vigilo_MYSQL_DATABASE="--clean_val--"
 vigilo_MYSQL_HOST="db"
 #vigilo_BIND=
 ####################
 # wordpress
 wp_MYSQL_ROOT_PASSWORD="${mattermost_MYSQL_ROOT_PASSWORD}"
 wp_MYSQL_DATABASE="--clean_val--"
 wp_MYSQL_USER="--clean_val--"
 wp_MYSQL_PASSWORD="--clean_val--"
 # Share with wpDB
 wp_WORDPRESS_DB_HOST="db:3306"
 wp_WORDPRESS_DB_NAME="${wp_MYSQL_DATABASE}"
 wp_WORDPRESS_DB_USER="${wp_MYSQL_USER}"
 wp_WORDPRESS_DB_PASSWORD="${wp_MYSQL_PASSWORD}"
 wp_WORDPRESS_ADMIN_USER="admin"
 wp_WORDPRESS_ADMIN_PASSWORD="--clean_val--"
 ##################
 # A DEPLACER DANS DOCKER ENV
 #qui envoi le mail d'inscription ?
 EMAIL_CONTACT="toto@kaz.bzh"
 # A COPIER DANS UN FICHIER DE CONF !! ->  paheko
 ##################
 # Paheko
 paheko_API_USER="admin-api"
 paheko_API_PASSWORD="--clean_val--"
 ##################
 # La nas de Kaz chez Grifon
 nas_admin1="admin"
 nas_password1="--clean_val--"
 nas_admin2="kaz"
 nas_password1="--clean_val--"
 # compte mail pour les notifications du nas
 nas_email_account="admin-nas@${domain}"
 nas_email_password="--clean_val--"
 # A virer dans koffre
 ##################
 #Compte sur outlook.com
 outlook_user="kaz-user@outlook.fr"
 outlook_pass="--clean_val--"
 # A COPIER DANS UN FICHIER DE CONF !! ->  mail
 service_mail=admin-kaz@kaz.bzh
 service_password="--clean_val--"
 ##################
 #Borg
 # A COPIER DANS UN FICHIER DE CONF !! ->  borg
 BORG_REPO="/mnt/backup-nas1/BorgRepo"
 BORG_PASSPHRASE="--clean_val--"
 VOLUME_SAUVEGARDES="/mnt/backup-nas1"
@@ -46,21 +218,148 @@ MAIL_RAPPORT="a@${domain};b@${domain};c@${domain}"
 BORGMOUNT="/mnt/disk-nas1/tmp/repo_mount"
 ###################
 # mobilizon
 mobilizon_POSTGRES_USER="--clean_val--"
 mobilizon_POSTGRES_PASSWORD="--clean_val--"
 mobilizon_POSTGRES_DB=mobilizon
 mobilizon_MOBILIZON_DATABASE_USERNAME="${mobilizon_POSTGRES_USER}"
 mobilizon_MOBILIZON_DATABASE_PASSWORD="${mobilizon_POSTGRES_PASSWORD}"
 mobilizon_MOBILIZON_DATABASE_DBNAME=mobilizon
 mobilizon_MOBILIZON_INSTANCE_REGISTRATIONS_OPEN=false
 mobilizon_MOBILIZON_INSTANCE_NAME="Mobilizon"
 mobilizon_MOBILIZON_INSTANCE_HOST="${mobilizonHost}.${domain}"
 mobilizon_MOBILIZON_INSTANCE_SECRET_KEY_BASE=changeme
 mobilizon_MOBILIZON_INSTANCE_SECRET_KEY=changeme
 mobilizon_MOBILIZON_INSTANCE_EMAIL=noreply@${domain}
 mobilizon_MOBILIZON_REPLY_EMAIL=contact@${domain_sympa}
 mobilizon_MOBILIZON_ADMIN_EMAIL=admin@${domain_sympa}
 mobilizon_MOBILIZON_SMTP_SERVER="${smtpHost}.${domain}"
 mobilizon_MOBILIZON_SMTP_PORT=25
 mobilizon_MOBILIZON_SMTP_HOSTNAME="${smtpHost}.${domain}"
 mobilizon_MOBILIZON_SMTP_USERNAME=noreply@${domain}
 mobilizon_MOBILIZON_SMTP_PASSWORD=
 mobilizon_MOBILIZON_SMTP_SSL=false
 mobilizon_MOBILIZON_LDAP_BINDUID=cn=mobilizon,ou=applications,${ldap_root}
 mobilizon_MOBILIZON_LDAP_BINDPASSWORD=${ldap_LDAP_MOBILIZON_PASSWORD}
 #####################
 # Vaultwarden
 vaultwarden_MYSQL_ROOT_PASSWORD="--clean_val--"
 vaultwarden_MYSQL_DATABASE="vaultwarden"
 vaultwarden_MYSQL_USER="vaultwarden"
 vaultwarden_MYSQL_PASSWORD="--clean_val--"
 vaultwarden_DATABASE_URL="mysql://${vaultwarden_MYSQL_USER}:${vaultwarden_MYSQL_PASSWORD}@db/${vaultwarden_MYSQL_DATABASE}"
 vaultwarden_ADMIN_TOKEN="--clean_val--"
 #####################
 #Traefik
 # A COPIER DANS UN FICHIER DE CONF !! ->  traefik
 traefik_DASHBOARD_USER="admin"
 traefik_DASHBOARD_PASSWORD="--clean_val--"
 #####################
 # dokuwiki
 dokuwiki_WIKI_ROOT=Kaz
 dokuwiki_WIKI_EMAIL=wiki@kaz.local
 dokuwiki_WIKI_PASSWORD="--clean_val--"
 #####################
 # Castopod
-# A COPIER DANS UN FICHIER DE CONF !! castopodAdmin
+castopod_MYSQL_ROOT_PASSWORD="--clean_val--"
-
+castopod_MYSQL_DATABASE="--clean_val--"
 castopod_MYSQL_USER="--clean_val--"
 castopod_MYSQL_PASSWORD="--clean_val--"
 castopod_CP_REDIS_PASSWORD="${castopodRedisPassword}"
 castopod_ADMIN_USER=adminKaz
 castopod_ADMIN_MAIL=admin@${domain}
 castopod_ADMIN_PASSWORD="--clean_val--"
 castopod_CP_EMAIL_SMTP_HOST="${smtpHost}.${domain}"
 castopod_CP_EMAIL_SMTP_PORT=25
 castopod_CP_EMAIL_SMTP_USERNAME=noreply@${domain}
 castopod_CP_EMAIL_SMTP_PASSWORD=
 castopod_CP_EMAIL_FROM=noreply@${domain}
 castopod_CP_EMAIL_SMTP_CRYPTO=tls
 #####################
 # Spip
 spip_MYSQL_ROOT_PASSWORD="--clean_val--"
 spip_MYSQL_DATABASE="--clean_val--"
 spip_MYSQL_USER="--clean_val--"
 spip_MYSQL_PASSWORD="--clean_val--"
 spip_SPIP_AUTO_INSTALL=1
 spip_SPIP_DB_SERVER=mysql
 spip_SPIP_DB_LOGIN="${spip_MYSQL_USER}"
 spip_SPIP_DB_PASS="${spip_MYSQL_PASSWORD}"
 spip_SPIP_DB_NAME="${spip_MYSQL_DATABASE}"
 spip_SPIP_ADMIN_NAME=admin
 spip_SPIP_ADMIN_LOGIN=admin
 spip_SPIP_ADMIN_EMAIL=admin@${domain}
 spip_SPIP_ADMIN_PASS="--clean_val--"
 spip_PHP_TIMEZONE="Europe/Paris"
 #####################
 # Peertube
 peertube_POSTGRES_USER="--clean_val--"
 peertube_POSTGRES_PASSWORD="--clean_val--"
 peertube_PEERTUBE_DB_NAME="--clean_val--"
 peertube_PEERTUBE_DB_USERNAME="${peertube_POSTGRES_USER}"
 peertube_PEERTUBE_DB_PASSWORD="${peertube_POSTGRES_PASSWORD}"
 peertube_PEERTUBE_DB_SSL=false
 peertube_PEERTUBE_DB_HOSTNAME="${peertubeDBName}"
 peertube_PEERTUBE_WEBSERVER_HOSTNAME="${peertubeHost}.${domain}"
 peertube_PEERTUBE_TRUST_PROXY="['10.0.0.0/8', '127.0.0.1', 'loopback', '172.18.0.0/16']"
 peertube_PEERTUBE_SECRET="--clean_val--"
 peertube_PT_INITIAL_ROOT_PASSWORD="--clean_val--"
 #peertube_PEERTUBE_SMTP_USERNAME=
 #peertube_PEERTUBE_SMTP_PASSWORD=
 # Default to Postfix service name "postfix" in docker-compose.yml
 # May be the hostname of your Custom SMTP server
 peertube_PEERTUBE_SMTP_HOSTNAME=
 peertube_PEERTUBE_SMTP_PORT=25
 peertube_PEERTUBE_SMTP_FROM=
 peertube_PEERTUBE_SMTP_TLS=false
 peertube_PEERTUBE_SMTP_DISABLE_STARTTLS=false
 peertube_PEERTUBE_ADMIN_EMAIL=
 peertube_POSTFIX_myhostname=
 #peertube_OPENDKIM_DOMAINS=peertube
 peertube_OPENDKIM_RequireSafeKeys=no
 peertube_PEERTUBE_OBJECT_STORAGE_UPLOAD_ACL_PUBLIC="public-read"
 peertube_PEERTUBE_OBJECT_STORAGE_UPLOAD_ACL_PRIVATE="private"
 ######################
 peertube_POSTGRES_DB="${peertube_PEERTUBE_DB_NAME}"
 ######################
 # SNAPPYMAIL
 # Url  https://snappymail.${domain}/?admin
 # au premier lancement un mot de passe est généré en aut par l' appli dans le
 # volume Data : /var/lib/docker/volumes/snappymail_data/_data/_data_/_default_
 # le fichier s' appelle admin_password.txt
 # une fois le mot de passe changé dans le Gui de l' admin, ce fichier est automatiquement supprimé
 snappymail_TZ="Europe/Paris"
 snappymail_UPLOAD_MAX_SIZE="100M"
 ####################
 # mastodon
 mastodon_POSTGRES_USER="--clean_val--"
 mastodon_POSTGRES_PASSWORD="--clean_val--"
 mastodon_POSTGRES_DB=mastodon
 mastodon_DB_USER="${mastodon_POSTGRES_USER}"
 mastodon_DB_PASS="${mastodon_POSTGRES_PASSWORD}"
 mastodon_DB_NAME=mastodon
--- a/secret.tmpl/env-borg
+++ b/secret.tmpl/env-borg
@@ -1,17 +0,0 @@
 VOLUME_SAUVEGARDES=
 BORG_REPO=
 BORG_PASSPHRASE=
 BORGLOG="/var/log/borg"
 BORG_FIC_DEL="/tmp/sauvegarde_supp.txt"
 BORG_EXCLUDE_BACKUP=
 MAIL_RAPPORT=
 LISTREPSAUV=
 BORGMOUNT="/mnt/repo_borg"
 MAILOK=
 MAILWARNING=
 MAILDETAIL=
 BACKUPS_KEEP="4m"
 NB_BACKUPS_JOUR=90
 NB_BACKUPS_SEM=30
 NB_BACKUPS_MOIS=12
 BORGSCRIPTS=/root/borgscripts
--- a/secret.tmpl/env-castopodAdmin
+++ b/secret.tmpl/env-castopodAdmin
@@ -1,3 +0,0 @@
 ADMIN_USER=
 ADMIN_MAIL=
 ADMIN_PASSWORD="--clean_val--"
--- a/secret.tmpl/env-mail
+++ b/secret.tmpl/env-mail
@@ -1,2 +0,0 @@
 service_mail=
 service_password=
--- a/secret.tmpl/env-mattermostAdmin
+++ b/secret.tmpl/env-mattermostAdmin
@@ -1,3 +0,0 @@
 mattermost_user=
 mattermost_pass=
 mattermost_token=
--- a/secret.tmpl/env-mattermostDB
+++ b/secret.tmpl/env-mattermostDB
@@ -1,8 +1,3 @@
-
+POSTGRES_USER=
-MYSQL_ROOT_PASSWORD=
+POSTGRES_PASSWORD=
-MYSQL_DATABASE=
+POSTGRES_DB=
 MYSQL_USER=
 MYSQL_PASSWORD=
 MM_MYSQL_USER=
 MM_MYSQL_PASSWORD=
--- a/secret.tmpl/env-mattermostServ
+++ b/secret.tmpl/env-mattermostServ
@@ -1,15 +1,4 @@
-
+MM_SQLSETTINGS_DATASOURCE=
 # share with matterDB
 MM_DBNAME=
 MM_USERNAME=
 MM_PASSWORD=
 MM_ADMIN_EMAIL=
 MM_ADMIN_USER=
 MM_ADMIN_PASSWORD=
 DB_HOST=
 DB_PORT_NUMBER=
 MM_SQLSETTINGS_DRIVERNAME=
 MM_SQLSETTINGS_DATASOURCE=
--- a/secret.tmpl/env-paheko
+++ b/secret.tmpl/env-paheko
@@ -1,2 +0,0 @@
 API_USER="admin-api"
 API_PASSWORD="--clean_val--"
--- a/secret.tmpl/env-traefik
+++ b/secret.tmpl/env-traefik
@@ -1,2 +0,0 @@
 DASHBOARD_USER="admin"
 DASHBOARD_PASSWORD="--clean_val--"
--- a/secret.tmpl/env-wpServ
+++ b/secret.tmpl/env-wpServ
@@ -4,5 +4,3 @@ WORDPRESS_DB_HOST=
 WORDPRESS_DB_USER=
 WORDPRESS_DB_PASSWORD=
 WORDPRESS_DB_NAME=
 WORDPRESS_ADMIN_USER=
 WORDPRESS_ADMIN_PASSWORD=
Author	SHA1	Message	Date
Fanch	4d127a57e2	inscription utilisateur complète	2025-07-28 17:07:01 +02:00
Fanch	6e58f328e4	Merge branch 'master' into feat/python	2025-07-26 15:45:22 +02:00
Fanch	813e0e761f	typo	2025-07-26 15:41:38 +02:00
Fanch	2e62e9782e	mattermost canal creation comptes	2025-07-26 15:40:15 +02:00
Fanch	9f0b8f2e1e	paheko standby	2025-07-26 15:39:49 +02:00
Fanch	fc4adc0fae	mattermost first launch	2025-07-26 15:32:54 +02:00
Fanch	74812fa79a	mattermost admin user/pass	2025-07-26 14:45:27 +02:00
Fanch	490c527d9a	smallies	2025-07-26 14:41:31 +02:00
Fanch	3220d862a6	fix mattermost	2025-07-26 13:52:15 +02:00
Fanch	51cd89c16d	smallies	2025-07-25 15:55:30 +02:00
Fanch	1936326535	fix default matterport	2025-07-25 15:52:47 +02:00
Fanch	a630e47bfe	fix mattermost pgsql	2025-07-25 15:10:43 +02:00
Fanch	b4eee312df	python	2025-07-25 14:49:46 +02:00
Fanch	27ca4dfce3	init python	2025-07-24 21:47:54 +02:00
Fanch	33fc237cb8	fix traefik	2025-07-17 18:26:36 +02:00
Fanch	ed5ef23ed2	fix traefik	2025-07-17 17:23:13 +02:00
Fanch	6f33808736	fix vm	2025-07-17 16:13:30 +02:00
nom	477a9155fe	upgrade traefik to 3.4.4	2025-07-16 06:43:16 +02:00
		`@@ -1,2 +0,0 @@`
			`API_USER="admin-api"`
			`API_PASSWORD="--clean_val--"`
		`@@ -1,2 +0,0 @@`
			`DASHBOARD_USER="admin"`
			`DASHBOARD_PASSWORD="--clean_val--"`