grafana: save current dashboards

Add custom dashboards, remove unused ones.

.gitignore

@@ -31,6 +31,7 @@ DEADJOE
 /config/skip-email.txt
 /config/updateGit.conf
 /config/autorized-domains.txt
+/config/domains/
 /dockers/*-orga
 /dockers/postfix/filter
 /dockers/proxy/config/nginx.conf
@@ -51,3 +52,7 @@ DEADJOE
 /state
 /dockers/paheko/config/config.local.php
 /dockers/traefik/conf/conf.local.yml
+/dockers/ldap/ldifs/
+/dockers/web/autoconfig.yml
+# contient un password il faudrait faire plus propre
+/dockers/jirafeau/config/config.local.php

bin/.commonFunctions.sh

@@ -224,10 +224,10 @@ waitUrl () {
     # $1 URL to waitfor
     # $2 timeout en secondes (optional)
     starttime=$(date +%s)
-    if [[ $(curl --connect-timeout 2 -s -D - "$1" -o /dev/null 2>/dev/null | head -n1) != *[23]0[0-9]* ]]; then
+    if [[ $(curl -k --connect-timeout 2 -s -D - "$1" -o /dev/null 2>/dev/null | head -n1) != *[23]0[0-9]* ]]; then
 	printKazMsg "service not available ($1). Please wait..."
-	echo curl --connect-timeout 2 -s -D - "$1" -o /dev/null \|  head -n1
-	while [[ $(curl --connect-timeout 2 -s -D - "$1" -o /dev/null 2>/dev/null | head -n1) != *[23]0[0-9]* ]]
+  echo curl -k --connect-timeout 2 -s -D - "$1" -o /dev/null \|  head -n1
+  while [[ $(curl -k --connect-timeout 2 -s -D - "$1" -o /dev/null 2>/dev/null | head -n1) != *[23]0[0-9]* ]]
 	do
 	    sleep 5
         if [ $# -gt 1 ]; then

bin/certbot-dns-alwaysdata.sh

@@ -0,0 +1,24 @@
+#/bin/bash
+
+# certbot certonly --manual --preferred-challenges=dns --manual-auth-hook certbot-dns-alwaysdata.sh --manual-cleanup-hook certbot-dns-alwaysdata.sh -d "*.kaz.bzh" -d "kaz.bzh"
+
+ALWAYSDATA_TOKEN="TOKEN"
+ALWAYSDATA_ACCOUNT="ACCOUNT"
+ALWAYSDATA_API="https://api.alwaysdata.com/v1/"
+
+DOMAIN_ID=$(curl -s -X GET --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" ${ALWAYSDATA_API}/domain/?name=${CERTBOT_DOMAIN} | jq '.[0].id')
+
+add_record(){
+  RECORD_ID=$(curl -s -X POST -d "{\"domain\":\"${DOMAIN_ID}\", \"type\":\"TXT\", \"name\":\"_acme-challenge\", \"value\":\"${CERTBOT_VALIDATION}\"}" --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" "${ALWAYSDATA_API}/record/")
+}
+
+del_record(){
+  RECORD_ID=$(curl -s -X GET --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" "${ALWAYSDATA_API}/record/?name=_acme-challenge&type=TXT&domain=${DOMAIN_ID}" | jq ".[0].id")
+	curl -s -X DELETE --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" "${ALWAYSDATA_API}/record/${RECORD_ID}/"
+}
+
+if [ -z ${CERTBOT_AUTH_OUTPUT} ]; then
+    add_record
+else
+    del_record
+fi

bin/cleanDepot.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+
+#SIMU=echo
+
+cd /var/lib/docker/volumes/jirafeau_fileData/_data
+
+find links/ -type f -print | while read link ; do
+    name=$(head -1 "${link}")
+    #if [[ -z $(head -1 "${link}" | grep "7z$") ]]; then
+    if [[ -z $(head -9 "${link}" | tail -1) ]]; then
+	# si c'est pas un 7z on continue
+	continue;
+    fi
+    # recherche le fichier de contenu
+    filename=$(head -6 "${link}" | tail -1)
+    l1=$(echo $filename | cut -c 1-8)
+    l2=$(echo $filename | cut -c 9-16)
+    l3=$(echo $filename | cut -c 17-24)
+    l4=$(echo $filename | cut -c 25-32)
+
+    # supprime le fichier de contenu
+    ${SIMU} rm -f "files/${l1}/${l2}/${l3}/${l4}/${filename}"
+    # coupe les branches mortes
+    ${SIMU} rmdir -p "files/${l1}/${l2}/${l3}/${l4}" 2>/dev/null
+    # supprime le lien
+    ${SIMU} rm -f "${link}"
+
+    # log
+    echo "$(date +%d-%m-%Y-%H-%M-%S) Find ${link} <${name}>"
+done

bin/container.sh

@@ -1,5 +1,17 @@
 #!/bin/bash
 
+#Ki: François
+#Kan: 2021
+#Koi: gestion dockers
+
+# 15/01/2025: Dernière modif by fab: ne pas redémarrer Traefik en cas de créaio d'orga 
+# Did : 13 fevrier 2025 modif des save en postgres et mysql
+# Did : ajout des sauvegardes de mobilizon et mattermost en postgres
+
+# 20/04/2025
+# Did : Ajout des sauvegardes de peertube dans les services generaux
+
+
 # En cas d'absence de postfix, il faut lancer :
 # docker network create postfix_mailNet
 
@@ -104,20 +116,22 @@ updateProxy () {
 }
 
 saveDB () {
-    #attention, soucis avec l'option "-ti" qui ne semble pas rendre la main avec docker exec
-
     containerName=$1
     userName=$2
     userPass=$3
     dbName=$4
     backName=$5
-    #on utilise mysqldump (v=10.5) et mariadb-dump (v>=11.4) pour être certain d'avoir un dump. L'une des 2 lignes fera une erreur
+    backDbType=$6
+    #on utilise mysqldump (v=10.5) et mariadb-dump (v>=11.4) et pgdump pour être certain d'avoir un dump. L'une des 3 lignes fera une erreur
+    # on teste si le backup est pour mysql ou postgres
     if [[ -n "${SIMU}" ]] ; then
-	${SIMU} "docker exec ${containerName} mysqldump --user=${userName} --password=${userPass} ${dbName} | gzip > $PATH_SAUVE${backName}.sql.gz"
-	${SIMU} "docker exec ${containerName} mariadb-dump --user=${userName} --password=${userPass} ${dbName} | gzip > $PATH_SAUVE${backName}.sql.gz"
+	${SIMU} "[ ${backDbType} = mysql ] && docker exec ${containerName} mysqldump --user=${userName} --password=${userPass} ${dbName} | gzip > $PATH_SAUVE${backName}.sql.gz"
+	${SIMU} "[ ${backDbType} = mysql ] && docker exec ${containerName} mariadb-dump --user=${userName} --password=${userPass} ${dbName} | gzip > $PATH_SAUVE${backName}.sql.gz"
+	${SIMU} "[ ${backDbType} = postgres ] && docker exec ${containerName} pg_dumpall --username=${userName} | gzip >${PATH_SAUVE}/${backName}.pgdump.sql.gz"
     else
-	docker exec ${containerName} mysqldump --user=${userName} --password=${userPass} ${dbName} | gzip > $PATH_SAUVE${backName}.sql.gz
-	docker exec ${containerName} mariadb-dump --user=${userName} --password=${userPass} ${dbName} | gzip > $PATH_SAUVE${backName}.sql.gz
+	[ ${backDbType} = mysql ] && docker exec ${containerName} mysqldump --user=${userName} --password=${userPass} ${dbName} | gzip > $PATH_SAUVE${backName}.sql.gz
+	[ ${backDbType} = mysql ] && docker exec ${containerName} mariadb-dump --user=${userName} --password=${userPass} ${dbName} | gzip > $PATH_SAUVE${backName}.sql.gz
+	[ ${backDbType} = postgres ] && docker exec ${containerName} pg_dumpall --username=${userName} | gzip >${PATH_SAUVE}/${backName}.pgdump.sql.gz
     fi
 }
 
@@ -136,7 +150,8 @@ startComposes () {
     doComposes "up -d" ${enableMailComposes[@]}
     doComposes "up -d" ${enableComposesNeedMail[@]}
     updateProxy "on" ${enableComposesNoNeedMail[@]} ${enableComposesNeedMail[@]}
-    doComposes "up -d" ${enableProxyComposes[@]}
+    #fab le 15/01/25: on ne redémarre plus le proxy avec container.sh
+    #doComposes "up -d" ${enableProxyComposes[@]}
 	for item in "${enableProxyComposes[@]}"; do
     	[[ -x "${KAZ_COMP_DIR}/${item}/reload.sh" ]] && ${SIMU} "${KAZ_COMP_DIR}/${item}/reload.sh"
 	done
@@ -178,35 +193,51 @@ saveComposes () {
 	    ethercalc)
 	    #inutile car le backup de /var/lib/docker/volumes/ethercalc_calcDB/_data/dump.rdb est suffisant
 	    ;;
-	    #grav)
-	    # ???
-	    #;;
-	    #postfix)
 	    sympa)
        		echo "save sympa"
-		saveDB ${sympaDBName} "${sympa_MYSQL_USER}" "${sympa_MYSQL_PASSWORD}" "${sympa_MYSQL_DATABASE}" sympa
+		saveDB ${sympaDBName} "${sympa_MYSQL_USER}" "${sympa_MYSQL_PASSWORD}" "${sympa_MYSQL_DATABASE}" sympa mysql
 		;;
 	    web)
 		# rien à faire (fichiers)
 		;;
 	    etherpad)
 		echo "save pad"
-		saveDB ${etherpadDBName} "${etherpad_MYSQL_USER}" "${etherpad_MYSQL_PASSWORD}" "${etherpad_MYSQL_DATABASE}" etherpad
+		saveDB ${etherpadDBName} "${etherpad_MYSQL_USER}" "${etherpad_MYSQL_PASSWORD}" "${etherpad_MYSQL_DATABASE}" etherpad mysql
 		;;
 	    framadate)
 		echo "save date"
-		saveDB ${framadateDBName} "${framadate_MYSQL_USER}" "${framadate_MYSQL_PASSWORD}" "${framadate_MYSQL_DATABASE}" framadate
+		saveDB ${framadateDBName} "${framadate_MYSQL_USER}" "${framadate_MYSQL_PASSWORD}" "${framadate_MYSQL_DATABASE}" framadate mysql
 		;;
 	    cloud)
 		echo "save cloud"
-		saveDB ${nextcloudDBName} "${nextcloud_MYSQL_USER}" "${nextcloud_MYSQL_PASSWORD}" "${nextcloud_MYSQL_DATABASE}" nextcloud
+		saveDB ${nextcloudDBName} "${nextcloud_MYSQL_USER}" "${nextcloud_MYSQL_PASSWORD}" "${nextcloud_MYSQL_DATABASE}" nextcloud mysql
 		;;
 	    paheko)
 		# rien à faire (fichiers)
 		;;		
 	    mattermost)
 		echo "save mattermost"
-		saveDB ${mattermostDBName} "${mattermost_MYSQL_USER}" "${mattermost_MYSQL_PASSWORD}" "${mattermost_MYSQL_DATABASE}" mattermost
+		saveDB matterPG "${mattermost_POSTGRES_USER}" "${mattermost_POSTGRES_PASSWORD}" "${mattermost_POSTGRES_DB}" mattermost postgres
+		;;
+	    mobilizon)
+		echo "save mobilizon"
+		saveDB ${mobilizonDBName} "${mobilizon_POSTGRES_USER}" "${mobilizon_POSTGRES_PASSWORD}" "${mobilizon_POSTGRES_DB}" mobilizon postgres
+		;;
+	    peertube)
+		echo "save peertube"
+		saveDB ${peertubeDBName} "${peertube_POSTGRES_USER}" "${peertube_POSTGRES_PASSWORD}" "${PEERTUBE_DB_HOSTNAME}" peertube postgres
+		;;
+	    mastodon)
+		echo "save mastodon"
+		saveDB ${mastodonDBName} "${mastodon_POSTGRES_USER}" "${mastodon_POSTGRES_PASSWORD}" "${mastodon_POSTGRES_DB}" mastodon postgres
+		;;
+	    roundcube)
+		echo "save roundcube"
+		saveDB ${roundcubeDBName} "${roundcube_MYSQL_USER}" "${roundcube_MYSQL_PASSWORD}" "${roundcube_MYSQL_DATABASE}" roundcube mysql
+		;;	
+	    vaultwarden)
+		echo "save vaultwarden"
+		saveDB ${vaultwardenDBName} "${vaultwarden_MYSQL_USER}" "${vaultwarden_MYSQL_PASSWORD}" "${vaultwarden_MYSQL_DATABASE}" vaultwarden mysql
 		;;
 	    dokuwiki)
 		# rien à faire (fichiers)
@@ -216,15 +247,15 @@ saveComposes () {
 		echo "save ${ORGA}"
 		if grep -q "cloud:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then
 		    echo "    => cloud"
-		    saveDB "${ORGA}-DB" "${nextcloud_MYSQL_USER}" "${nextcloud_MYSQL_PASSWORD}" "${nextcloud_MYSQL_DATABASE}" "${ORGA}-cloud"
+		    saveDB "${ORGA}-DB" "${nextcloud_MYSQL_USER}" "${nextcloud_MYSQL_PASSWORD}" "${nextcloud_MYSQL_DATABASE}" "${ORGA}-cloud" mysql
 		fi
 		if grep -q "agora:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then
 		    echo "    => mattermost"
-		    saveDB "${ORGA}-DB" "${mattermost_MYSQL_USER}" "${mattermost_MYSQL_PASSWORD}" "${mattermost_MYSQL_DATABASE}" "${ORGA}-mattermost"
+		    saveDB "${ORGA}-DB" "${mattermost_MYSQL_USER}" "${mattermost_MYSQL_PASSWORD}" "${mattermost_MYSQL_DATABASE}" "${ORGA}-mattermost" mysql
 		fi
 		if grep -q "wordpress:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then
 		    echo "    => wordpress"
-		    saveDB "${ORGA}-DB" "${wp_MYSQL_USER}" "${wp_MYSQL_PASSWORD}" "${wp_MYSQL_DATABASE}" "${ORGA}-wordpress"
+		    saveDB "${ORGA}-DB" "${wp_MYSQL_USER}" "${wp_MYSQL_PASSWORD}" "${wp_MYSQL_DATABASE}" "${ORGA}-wordpress" mysql
 		fi
 		;;
 	esac

bin/createUser.sh

@@ -41,8 +41,6 @@ cd "${KAZ_ROOT}"
 
 # DOCK_DIR="${KAZ_COMP_DIR}" # ???
 
-SETUP_MAIL="docker exec -ti mailServ setup"
-
 # on détermine le script appelant, le fichier log et le fichier source, tous issus de la même racine
 PRG=$(basename $0)
 RACINE=${PRG%.sh}
@@ -210,15 +208,6 @@ done
 echo "numero,nom,quota_disque,action_auto" > "${TEMP_PAHEKO}"
 echo "curl \"https://${paheko_API_USER}:${paheko_API_PASSWORD}@kaz-paheko.kaz.bzh/api/user/import\" -T \"${TEMP_PAHEKO}\"" >> "${CMD_PAHEKO}"
 
-#echo "récupération des login postfix... "
-## on stocke les emails et les alias KAZ déjà créés
-#(
-#    ${SETUP_MAIL} email list
-#    ${SETUP_MAIL} alias list
-#) | cut -d ' ' -f 2 | grep @ | sort > "${TFILE_EMAIL}"
-# did on supprime le ^M en fin de fichier pour pas faire planter les grep
-#dos2unix "${TFILE_EMAIL}"
-
 echo "on récupère tous les emails (secours/alias/kaz) sur le ldap"
 FILE_LDIF=/home/sauve/ldap.ldif
 /kaz/bin/ldap/ldap_sauve.sh
@@ -226,13 +215,13 @@ gunzip ${FILE_LDIF}.gz -f
 grep -aEiorh '([[:alnum:]]+([._-][[:alnum:]]+)*@[[:alnum:]]+([._-][[:alnum:]]+)*\.[[:alpha:]]{2,6})' ${FILE_LDIF} | sort -u > ${TFILE_EMAIL}
 
 echo "récupération des login mattermost... "
-docker exec -ti mattermostServ bin/mmctl user list --all | grep ":.*(" | cut -d ':' -f 2 | cut -d ' ' -f 2 | sort > "${TFILE_MM}"
+docker exec -i mattermostServ bin/mmctl user list --all | grep ":.*(" | cut -d ':' -f 2 | cut -d ' ' -f 2 | sort > "${TFILE_MM}"
 
 dos2unix "${TFILE_MM}"
 echo "done"
 
 # se connecter à l'agora pour ensuite pouvoir passer toutes les commandes mmctl
-echo "docker exec -ti mattermostServ bin/mmctl auth login ${httpProto}://${URL_AGORA} --name local-server --username ${mattermost_user} --password ${mattermost_pass}" | tee -a "${CMD_INIT}"
+echo "docker exec -i mattermostServ bin/mmctl auth login ${httpProto}://${URL_AGORA} --name local-server --username ${mattermost_user} --password ${mattermost_pass}" | tee -a "${CMD_INIT}"
 
 # vérif des emails
 regex="^(([A-Za-z0-9]+((\.|\-|\_|\+)?[A-Za-z0-9]?)*[A-Za-z0-9]+)|[A-Za-z0-9]+)@(([A-Za-z0-9]+)+((\.|\-|\_)?([A-Za-z0-9]+)+)*)+\.([A-Za-z]{2,})+$"
@@ -287,7 +276,8 @@ while read ligne; do
     PASSWORD=$(awk -F ";" '{print $16}' <<< "${ligne}" | xargs)
 
     IDENT_KAZ=$(unaccent utf8 "${PRENOM,,}.${NOM,,}")
-    EMAIL_SOUHAITE=${tab_email[EMAIL_SOUHAITE]}
+    #email en minuscule
+    EMAIL_SOUHAITE=${tab_email[EMAIL_SOUHAITE],,}
     EMAIL_SECOURS=${tab_email[EMAIL_SECOURS]}
 
     echo -e "${NL}***************************** traitement de ${ligne}" | tee -a "${LOG}"
@@ -378,8 +368,6 @@ while read ligne; do
     else
 	SEND_MSG_CREATE=true
 	echo "${EMAIL_SOUHAITE} n'existe pas" | tee -a "${LOG}"
-	echo "${SETUP_MAIL} email add ${EMAIL_SOUHAITE} ${PASSWORD}" | tee -a "${CMD_LOGIN}"
-	echo "${SETUP_MAIL} quota set ${EMAIL_SOUHAITE} ${QUOTA}G" | tee -a "${CMD_LOGIN}"
 	# LDAP, à tester
 	user=$(echo ${EMAIL_SOUHAITE} | awk -F '@' '{print $1}')
 	domain=$(echo ${EMAIL_SOUHAITE} | awk -F '@' '{print $2}')
@@ -596,11 +584,11 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$
 	echo "${IDENT_KAZ} existe déjà sur mattermost" | tee -a "${LOG}"
     else
 	# on créé le compte mattermost
-	echo "docker exec -ti mattermostServ bin/mmctl user create --email ${EMAIL_SOUHAITE} --username ${IDENT_KAZ} --password ${PASSWORD}" | tee -a "${CMD_LOGIN}"
+	echo "docker exec -i mattermostServ bin/mmctl user create --email ${EMAIL_SOUHAITE} --username ${IDENT_KAZ} --password ${PASSWORD}" | tee -a "${CMD_LOGIN}"
 	# et enfin on ajoute toujours le user à l'équipe KAZ et aux 2 channels publiques
-	echo "docker exec -ti mattermostServ bin/mmctl team users add kaz ${EMAIL_SOUHAITE}" | tee -a "${CMD_LOGIN}"
-	echo "docker exec -ti mattermostServ bin/mmctl channel users add kaz:une-question--un-soucis ${EMAIL_SOUHAITE}" | tee -a "${CMD_LOGIN}"
-	echo "docker exec -ti mattermostServ bin/mmctl channel users add kaz:cafe-du-commerce--ouvert-2424h ${EMAIL_SOUHAITE}" | tee -a "${CMD_LOGIN}"
+	echo "docker exec -i mattermostServ bin/mmctl team users add kaz ${EMAIL_SOUHAITE}" | tee -a "${CMD_LOGIN}"
+	echo "docker exec -i mattermostServ bin/mmctl channel users add kaz:une-question--un-soucis ${EMAIL_SOUHAITE}" | tee -a "${CMD_LOGIN}"
+	echo "docker exec -i mattermostServ bin/mmctl channel users add kaz:cafe-du-commerce--ouvert-2424h ${EMAIL_SOUHAITE}" | tee -a "${CMD_LOGIN}"
 	NB_SERVICES_BASE=$((NB_SERVICES_BASE+1))
     fi
 
@@ -608,10 +596,10 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$
 	# l'équipe existe t-elle déjà ?
 	nb=$(docker exec mattermostServ bin/mmctl team list | grep -w "${EQUIPE_AGORA}" | wc -l)
 	if [ "${nb}" == "0" ];then # non, on la créé en mettant le user en admin de l'équipe
-	    echo "docker exec -ti mattermostServ bin/mmctl team create --name ${EQUIPE_AGORA} --display_name ${EQUIPE_AGORA} --email ${EMAIL_SOUHAITE}" --private | tee -a "${CMD_INIT}"
+	    echo "docker exec -i mattermostServ bin/mmctl team create --name ${EQUIPE_AGORA} --display_name ${EQUIPE_AGORA} --email ${EMAIL_SOUHAITE}" --private | tee -a "${CMD_INIT}"
 	fi
 	# puis ajouter le user à l'équipe
-	echo "docker exec -ti mattermostServ bin/mmctl team users add ${EQUIPE_AGORA} ${EMAIL_SOUHAITE}" | tee -a "${CMD_INIT}"
+	echo "docker exec -i mattermostServ bin/mmctl team users add ${EQUIPE_AGORA} ${EMAIL_SOUHAITE}" | tee -a "${CMD_INIT}"
     fi
 
     if [ -n "${CREATE_ORGA_SERVICES}" ]; then
@@ -628,16 +616,16 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$
     # TODO : utiliser liste sur dev également
 
     # on inscrit le user sur sympa, à la liste infos@${domain_sympa}
-    # docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=https://listes.kaz.sns/sympasoap --trusted_application=SOAP_USER --trusted_application_password=SOAP_PASSWORD --proxy_vars="USER_EMAIL=contact1@kaz.sns" --service=which
+    # docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=https://listes.kaz.sns/sympasoap --trusted_application=SOAP_USER --trusted_application_password=SOAP_PASSWORD --proxy_vars="USER_EMAIL=contact1@kaz.sns" --service=which
     if [[ "${mode}" = "dev" ]]; then
 	echo "# DEV, on teste l'inscription à sympa"| tee -a "${CMD_SYMPA}"
 	LISTMASTER=$(echo ${sympa_LISTMASTERS} | cut -d',' -f1)
-	echo "docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\""  | tee -a "${CMD_SYMPA}"
+	echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\""  | tee -a "${CMD_SYMPA}"
     else
 	echo "# PROD, on inscrit à sympa"| tee -a "${CMD_SYMPA}"
 	LISTMASTER=$(echo ${sympa_LISTMASTERS} | cut -d',' -f1)
-	echo "docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\""  | tee -a "${CMD_SYMPA}"
-	echo "docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SECOURS}\""  | tee -a "${CMD_SYMPA}"
+	echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\""  | tee -a "${CMD_SYMPA}"
+	echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SECOURS}\""  | tee -a "${CMD_SYMPA}"
     fi
 
     if [ "${service[ADMIN_ORGA]}" == "O" ]; then
@@ -759,7 +747,7 @@ ${MAIL_KAZ}
 EOF" | tee -a "${CMD_MSG}"
 
     echo " # on envoie la confirmation d'inscription sur l'agora " | tee -a "${CMD_MSG}"
-    echo "docker exec -ti mattermostServ bin/mmctl post create kaz:Creation-Comptes --message \"${MAIL_KAZ}\"" | tee -a "${CMD_MSG}"
+    echo "docker exec -i mattermostServ bin/mmctl post create kaz:Creation-Comptes --message \"${MAIL_KAZ}\"" | tee -a "${CMD_MSG}"
 
     # fin des inscriptions
 done <<< "${ALL_LINES}"

bin/dns.sh

@@ -1,6 +1,11 @@
-#!/bin/bash
+#/bin/bash
 
-# list/ajout/supprime/ un sous-domaine
+#koi: gestion des records dns sur AlwaysData 
+#ki: fanch&gaël&fab
+#kan: 06/04/2025
+
+#doc: https://api.alwaysdata.com/v1/record/doc/
+#doc: https://help.alwaysdata.com/fr/api/ 
 
 KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
 . "${KAZ_ROOT}/bin/.commonFunctions.sh"
@@ -15,6 +20,7 @@ export ETC_HOSTS="/etc/hosts"
 # no more export in .env
 export $(set | grep "domain=")
 
+#TODO: récupérer la liste des services kaz au lieu des les écrire en dur
 declare -a forbidenName
 forbidenName=(${calcHost} calc ${cloudHost} bureau ${dateHost} date ${dokuwikiHost} dokuwiki ${fileHost} file ${ldapHost} ${pahekoHost} ${gitHost} ${gravHost} ${matterHost} ${officeHost} collabora ${padHost} ${sympaHost} listes ${webmailHost} ${wordpressHost} www ${vigiloHost} form)
 
@@ -31,6 +37,15 @@ usage(){
     exit 1
 }
 
+. "${KAZ_KEY_DIR}/env-alwaysdata"
+ 
+if [[ -z "${ALWAYSDATA_TOKEN}" ]] ; then
+    echo "no ALWAYSDATA_TOKEN set in ${KAZ_KEY_DIR}/env-alwaysdata"
+    usage
+fi
+ 
+DOMAIN_ID=$(curl -s -X GET --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" ${ALWAYSDATA_API}/domain/?name=${domain} | jq '.[0].id')
+
 for ARG in $@
 do
     case "${ARG}" in
@@ -60,78 +75,15 @@ if [ -z "${CMD}" ]; then
     usage
 fi
 
-. "${KAZ_KEY_DIR}/env-gandi"
-
-if [[ -z "${GANDI_KEY}" ]] ; then
-    echo
-    echo "no GANDI_KEY set in ${KAZ_KEY_DIR}/env-gandi"
-    usage
-fi
-
-
-waitNet () {
-    if [[ "${domain}" = "kaz.local" ]]; then
-	return
-    fi
-
-    ###  wait when error code 503
-    if [[ $(curl -H "authorization: Apikey ${GANDI_KEY}" --connect-timeout 2 -s -D - "${GANDI_API}" -o /dev/null 2>/dev/null | head -n1) != *200* ]]; then
-	echo "DNS not available. Please wait..."
-	while [[ $(curl -H "authorization: Apikey ${GANDI_KEY}" --connect-timeout 2 -s -D - "${GANDI_API}" -o /dev/null 2>/dev/null | head -n1) != *200* ]]
-	do
-	    sleep 5
-	done
-	exit
-    fi
-}
-
 list(){
-    if [[ "${domain}" = "kaz.local" ]]; then
-	grep --perl-regex "^${IP}\s.*${domain}" "${ETC_HOSTS}" 2> /dev/null | sed -e "s|^${IP}\s*\([0-9a-z.-]${domain}\)$|\1|g"
-	return
-    fi
-    waitNet
-    trap 'rm -f "${TMPFILE}"' EXIT
-    TMPFILE="$(mktemp)" || exit 1
-    if [[ -n "${SIMU}" ]] ; then
-	${SIMU} curl -X GET "${GANDI_API}/records" -H "authorization: Apikey ${GANDI_KEY}"
-    else
-	curl -X GET "${GANDI_API}/records" -H "authorization: Apikey ${GANDI_KEY}" 2>/dev/null | \
-	    sed "s/,{/\n/g" | \
-	    sed 's/.*rrset_name":"\([^"]*\)".*rrset_values":\["\([^"]*\)".*/\1:\2/g'| \
-	    grep -v '^[_@]'| \
-	    grep -e ":${domain}\.*$" -e ":prod[0-9]*$" > ${TMPFILE}
-    fi
-    if [ $# -lt 1 ]; then
-	cat ${TMPFILE}
-    else
-	for ARG in $@
-	do
-	    cat ${TMPFILE} | grep "${ARG}.*:"
-	done
-    fi
+  TARGET=$@
+  LISTE=$(curl -s -X GET --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" "${ALWAYSDATA_API}/record/?domain=${DOMAIN_ID}&type=CNAME&name=${TARGET}" | jq '.[] | "\(.name):\(.value)"')
+  echo ${LISTE}
 }
 
 saveDns () {
-    for ARG in $@ ; do
-	if [[ "${ARG}" =~ .local$ ]] ; then
-	    echo "${PRG}: old fasion style (remove .local at the end)"
-	    usage;
-	fi
-	if [[ "${ARG}" =~ .bzh$ ]] ; then
-	    echo "${PRG}: old fasion style (remove .bzh at the end)"
-	    usage;
-	fi
-	if [[ "${ARG}" =~ .dev$ ]] ; then
-	    echo "${PRG}: old fasion style (remove .dev at the end)"
-	    usage;
-	fi
-    done
-    if [[ "${domain}" = "kaz.local" ]]; then
-	return
-    fi
-    waitNet
-    ${SIMU} curl -X POST "${GANDI_API}/snapshots" -H "authorization: Apikey ${GANDI_KEY}" 2>/dev/null
+  mkdir -p /root/dns
+  ${SIMU} curl -s -X GET --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" "${ALWAYSDATA_API}/record/?domain=${DOMAIN_ID}" -o /root/dns/dns_save_$(date +'%Y%m%d%H%M%S')
 }
 
 badName(){
@@ -154,28 +106,14 @@ add(){
 	    echo "can't manage '${ARG}'. Use -f option"
 	    continue
 	fi
-	case "${domain}" in
-	    kaz.local )
-		if grep -q --perl-regex "^${IP}.*[ \t]${ARG}.${domain}" "${ETC_HOSTS}" 2> /dev/null ; then
-		    break
-		fi
-		if grep -q --perl-regex "^${IP}[ \t]" "${ETC_HOSTS}" 2> /dev/null ; then
-		    ${SIMU} sudo sed -i -e "0,/^${IP}[ \t]/s/^\(${IP}[ \t]\)/\1${ARG}.${domain} /g" "${ETC_HOSTS}"
-		else
-		    ${SIMU} sudo sed -i -e "$ a ${IP}\t${ARG}.${domain}" "${ETC_HOSTS}" 2> /dev/null
-		fi
-		;;
-	    *)
-		${SIMU} curl -X POST "${GANDI_API}/records" -H "authorization: Apikey  ${GANDI_KEY}" -H 'content-type: application/json' -d '{"rrset_type":"CNAME", "rrset_name":"'${ARG}'", "rrset_values":["'${site}'"]}'
-		echo
-		;;
-	esac
+        ${SIMU} curl -s -X POST -d "{\"domain\":\"${DOMAIN_ID}\", \"type\":\"CNAME\", \"name\":\"${ARG}\", \"value\":\"${site}.${domain}\"}" --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" "${ALWAYSDATA_API}/record/"
 	ADDED+=("${ARG}")
     done
     echo "Domains added to ${domain}: ${ADDED[@]}"
 } 
 
 del(){
+
     if [ $# -lt 1 ]; then
 	exit
     fi
@@ -187,23 +125,11 @@ del(){
 	    echo "can't manage '${ARG}'. Use -f option"
 	    continue
 	fi
-	case "${domain}" in
-	    kaz.local )
-		if !grep -q --perl-regex "^${IP}.*[ \t]${ARG}.${domain}" "${ETC_HOSTS}" 2> /dev/null ; then
-		    break
-		fi
-		${SIMU} sudo sed -i -e "/^${IP}[ \t]*${ARG}.${domain}[ \t]*$/d" \
-			-e "s|^\(${IP}.*\)[ \t]${ARG}.${domain}|\1|g" "${ETC_HOSTS}"
-		;;
-	    * )
-		${SIMU} curl -X DELETE "${GANDI_API}/records/${ARG}" -H "authorization: Apikey ${GANDI_KEY}"
-		echo
-		;;
-	esac
+	RECORD_ID=$(curl -s -X GET --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" "${ALWAYSDATA_API}/record/?name=${ARG}&type=CNAME&domain=${DOMAIN_ID}" | jq ".[] | select(.name==\"${ARG}\").id")
+	${SIMU} curl -s -X DELETE --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" "${ALWAYSDATA_API}/record/${RECORD_ID}/"
 	REMOVED+=("${ARG}")
     done
     echo "Domains removed from ${domain}: ${REMOVED[@]}"
 }
 
-#echo "CMD: ${CMD} $*"
 ${CMD} $*

bin/dns_alwaysdata.sh

@@ -0,0 +1,135 @@
+#/bin/bash
+
+#koi: gestion des records dns sur AlwaysData 
+#ki: fanch&gaël&fab
+#kan: 06/04/2025
+
+#doc: https://api.alwaysdata.com/v1/record/doc/
+#doc: https://help.alwaysdata.com/fr/api/ 
+
+KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
+. "${KAZ_ROOT}/bin/.commonFunctions.sh"
+setKazVars
+. "${DOCKERS_ENV}"
+
+cd "${KAZ_ROOT}"
+export PRG="$0"
+export IP="127.0.0.1"
+export ETC_HOSTS="/etc/hosts"
+
+# no more export in .env
+export $(set | grep "domain=")
+
+#TODO: récupérer la liste des services kaz au lieu des les écrire en dur
+declare -a forbidenName
+forbidenName=(${calcHost} calc ${cloudHost} bureau ${dateHost} date ${dokuwikiHost} dokuwiki ${fileHost} file ${ldapHost} ${pahekoHost} ${gitHost} ${gravHost} ${matterHost} ${officeHost} collabora ${padHost} ${sympaHost} listes ${webmailHost} ${wordpressHost} www ${vigiloHost} form)
+
+export FORCE="NO"
+export CMD=""
+export SIMU=""
+
+usage(){
+    echo "Usage: ${PRG} list [sub-domain...]"
+    echo "       ${PRG} [-n] [-f] {add/del} sub-domain..."
+    echo "  -h help"
+    echo "  -n simulation"
+    echo "  -f force protected domain"
+    exit 1
+}
+
+. "${KAZ_KEY_DIR}/env-alwaysdata"
+ 
+if [[ -z "${ALWAYSDATA_TOKEN}" ]] ; then
+    echo "no ALWAYSDATA_TOKEN set in ${KAZ_KEY_DIR}/env-alwaysdata"
+    usage
+fi
+ 
+DOMAIN_ID=$(curl -s -X GET --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" ${ALWAYSDATA_API}/domain/?name=${domain} | jq '.[0].id')
+
+for ARG in $@
+do
+    case "${ARG}" in
+	'-h' | '-help' )
+	    usage
+	    ;;
+	'-f' )
+	    shift
+	    export FORCE="YES"
+	    ;;
+	'-n' )
+	    shift
+	    export SIMU="echo"
+	    ;;
+	'list'|'add'|'del' )
+	    shift
+	    CMD="${ARG}"
+	    break
+	    ;;
+	* )
+	    usage
+	    ;;
+    esac
+done
+
+if [ -z "${CMD}" ]; then
+    usage
+fi
+
+list(){
+  TARGET=$@
+  LISTE=$(curl -s -X GET --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" "${ALWAYSDATA_API}/record/?domain=${DOMAIN_ID}&type=CNAME&name=${TARGET}" | jq '.[] | "\(.name):\(.value)"')
+  echo ${LISTE}
+}
+
+saveDns () {
+  mkdir -p /root/dns
+  ${SIMU} curl -s -X GET --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" "${ALWAYSDATA_API}/record/?domain=${DOMAIN_ID}" -o /root/dns/dns_save_$(date +'%Y%m%d%H%M%S')
+}
+
+badName(){
+    [[ -z "$1" ]] && return 0;
+    for item in "${forbidenName[@]}"; do
+	[[ "${item}" == "$1" ]] && [[ "${FORCE}" == "NO" ]] && return 0
+    done
+    return 1
+}
+
+add(){
+    if [ $# -lt 1 ]; then
+	exit
+    fi
+    saveDns $@
+    declare -a ADDED
+    for ARG in $@
+    do
+	if badName "${ARG}" ; then
+	    echo "can't manage '${ARG}'. Use -f option"
+	    continue
+	fi
+        ${SIMU} curl -s -X POST -d "{\"domain\":\"${DOMAIN_ID}\", \"type\":\"CNAME\", \"name\":\"${ARG}\", \"value\":\"${site}.${domain}\"}" --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" "${ALWAYSDATA_API}/record/"
+	ADDED+=("${ARG}")
+    done
+    echo "Domains added to ${domain}: ${ADDED[@]}"
+} 
+
+del(){
+
+    if [ $# -lt 1 ]; then
+	exit
+    fi
+    saveDns $@
+    declare -a REMOVED
+    for ARG in $@
+    do
+	if badName "${ARG}" ; then
+	    echo "can't manage '${ARG}'. Use -f option"
+	    continue
+	fi
+	RECORD_ID=$(curl -s -X GET --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" "${ALWAYSDATA_API}/record/?name=${ARG}&type=CNAME&domain=${DOMAIN_ID}" | jq ".[] | select(.name==\"${ARG}\").id")
+	${SIMU} curl -s -X DELETE --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" "${ALWAYSDATA_API}/record/${RECORD_ID}/"
+	REMOVED+=("${ARG}")
+    done
+    echo "Domains removed from ${domain}: ${REMOVED[@]}"
+}
+
+${CMD} $*

bin/dns_gandi.sh

@@ -0,0 +1,209 @@
+#!/bin/bash
+
+# list/ajout/supprime/ un sous-domaine
+
+KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
+. "${KAZ_ROOT}/bin/.commonFunctions.sh"
+setKazVars
+. "${DOCKERS_ENV}"
+
+cd "${KAZ_ROOT}"
+export PRG="$0"
+export IP="127.0.0.1"
+export ETC_HOSTS="/etc/hosts"
+
+# no more export in .env
+export $(set | grep "domain=")
+
+declare -a forbidenName
+forbidenName=(${calcHost} calc ${cloudHost} bureau ${dateHost} date ${dokuwikiHost} dokuwiki ${fileHost} file ${ldapHost} ${pahekoHost} ${gitHost} ${gravHost} ${matterHost} ${officeHost} collabora ${padHost} ${sympaHost} listes ${webmailHost} ${wordpressHost} www ${vigiloHost} form)
+
+export FORCE="NO"
+export CMD=""
+export SIMU=""
+
+usage(){
+    echo "Usage: ${PRG} list [sub-domain...]"
+    echo "       ${PRG} [-n] [-f] {add/del} sub-domain..."
+    echo "  -h help"
+    echo "  -n simulation"
+    echo "  -f force protected domain"
+    exit 1
+}
+
+for ARG in $@
+do
+    case "${ARG}" in
+	'-h' | '-help' )
+	    usage
+	    ;;
+	'-f' )
+	    shift
+	    export FORCE="YES"
+	    ;;
+	'-n' )
+	    shift
+	    export SIMU="echo"
+	    ;;
+	'list'|'add'|'del' )
+	    shift
+	    CMD="${ARG}"
+	    break
+	    ;;
+	* )
+	    usage
+	    ;;
+    esac
+done
+
+if [ -z "${CMD}" ]; then
+    usage
+fi
+
+. "${KAZ_KEY_DIR}/env-gandi"
+
+if [[ -z "${GANDI_KEY}" ]] ; then
+    echo
+    echo "no GANDI_KEY set in ${KAZ_KEY_DIR}/env-gandi"
+    usage
+fi
+
+
+waitNet () {
+    if [[ "${domain}" = "kaz.local" ]]; then
+	return
+    fi
+
+    ###  wait when error code 503
+    if [[ $(curl -H "authorization: Apikey ${GANDI_KEY}" --connect-timeout 2 -s -D - "${GANDI_API}" -o /dev/null 2>/dev/null | head -n1) != *200* ]]; then
+	echo "DNS not available. Please wait..."
+	while [[ $(curl -H "authorization: Apikey ${GANDI_KEY}" --connect-timeout 2 -s -D - "${GANDI_API}" -o /dev/null 2>/dev/null | head -n1) != *200* ]]
+	do
+	    sleep 5
+	done
+	exit
+    fi
+}
+
+list(){
+    if [[ "${domain}" = "kaz.local" ]]; then
+	grep --perl-regex "^${IP}\s.*${domain}" "${ETC_HOSTS}" 2> /dev/null | sed -e "s|^${IP}\s*\([0-9a-z.-]${domain}\)$|\1|g"
+	return
+    fi
+    waitNet
+    trap 'rm -f "${TMPFILE}"' EXIT
+    TMPFILE="$(mktemp)" || exit 1
+    if [[ -n "${SIMU}" ]] ; then
+	${SIMU} curl -X GET "${GANDI_API}/records" -H "authorization: Apikey ${GANDI_KEY}"
+    else
+	curl -X GET "${GANDI_API}/records" -H "authorization: Apikey ${GANDI_KEY}" 2>/dev/null | \
+	    sed "s/,{/\n/g" | \
+	    sed 's/.*rrset_name":"\([^"]*\)".*rrset_values":\["\([^"]*\)".*/\1:\2/g'| \
+	    grep -v '^[_@]'| \
+	    grep -e ":${domain}\.*$" -e ":prod[0-9]*$" > ${TMPFILE}
+    fi
+    if [ $# -lt 1 ]; then
+	cat ${TMPFILE}
+    else
+	for ARG in $@
+	do
+	    cat ${TMPFILE} | grep "${ARG}.*:"
+	done
+    fi
+}
+
+saveDns () {
+    for ARG in $@ ; do
+	if [[ "${ARG}" =~ .local$ ]] ; then
+	    echo "${PRG}: old fasion style (remove .local at the end)"
+	    usage;
+	fi
+	if [[ "${ARG}" =~ .bzh$ ]] ; then
+	    echo "${PRG}: old fasion style (remove .bzh at the end)"
+	    usage;
+	fi
+	if [[ "${ARG}" =~ .dev$ ]] ; then
+	    echo "${PRG}: old fasion style (remove .dev at the end)"
+	    usage;
+	fi
+    done
+    if [[ "${domain}" = "kaz.local" ]]; then
+	return
+    fi
+    waitNet
+    ${SIMU} curl -X POST "${GANDI_API}/snapshots" -H "authorization: Apikey ${GANDI_KEY}" 2>/dev/null
+}
+
+badName(){
+    [[ -z "$1" ]] && return 0;
+    for item in "${forbidenName[@]}"; do
+	[[ "${item}" == "$1" ]] && [[ "${FORCE}" == "NO" ]] && return 0
+    done
+    return 1
+}
+
+add(){
+    if [ $# -lt 1 ]; then
+	exit
+    fi
+    saveDns $@
+    declare -a ADDED
+    for ARG in $@
+    do
+	if badName "${ARG}" ; then
+	    echo "can't manage '${ARG}'. Use -f option"
+	    continue
+	fi
+	case "${domain}" in
+	    kaz.local )
+		if grep -q --perl-regex "^${IP}.*[ \t]${ARG}.${domain}" "${ETC_HOSTS}" 2> /dev/null ; then
+		    break
+		fi
+		if grep -q --perl-regex "^${IP}[ \t]" "${ETC_HOSTS}" 2> /dev/null ; then
+		    ${SIMU} sudo sed -i -e "0,/^${IP}[ \t]/s/^\(${IP}[ \t]\)/\1${ARG}.${domain} /g" "${ETC_HOSTS}"
+		else
+		    ${SIMU} sudo sed -i -e "$ a ${IP}\t${ARG}.${domain}" "${ETC_HOSTS}" 2> /dev/null
+		fi
+		;;
+	    *)
+		${SIMU} curl -X POST "${GANDI_API}/records" -H "authorization: Apikey  ${GANDI_KEY}" -H 'content-type: application/json' -d '{"rrset_type":"CNAME", "rrset_name":"'${ARG}'", "rrset_values":["'${site}'"]}'
+		echo
+		;;
+	esac
+	ADDED+=("${ARG}")
+    done
+    echo "Domains added to ${domain}: ${ADDED[@]}"
+}
+
+del(){
+    if [ $# -lt 1 ]; then
+	exit
+    fi
+    saveDns $@
+    declare -a REMOVED
+    for ARG in $@
+    do
+	if badName "${ARG}" ; then
+	    echo "can't manage '${ARG}'. Use -f option"
+	    continue
+	fi
+	case "${domain}" in
+	    kaz.local )
+		if !grep -q --perl-regex "^${IP}.*[ \t]${ARG}.${domain}" "${ETC_HOSTS}" 2> /dev/null ; then
+		    break
+		fi
+		${SIMU} sudo sed -i -e "/^${IP}[ \t]*${ARG}.${domain}[ \t]*$/d" \
+			-e "s|^\(${IP}.*\)[ \t]${ARG}.${domain}|\1|g" "${ETC_HOSTS}"
+		;;
+	    * )
+		${SIMU} curl -X DELETE "${GANDI_API}/records/${ARG}" -H "authorization: Apikey ${GANDI_KEY}"
+		echo
+		;;
+	esac
+	REMOVED+=("${ARG}")
+    done
+    echo "Domains removed from ${domain}: ${REMOVED[@]}"
+}
+
+#echo "CMD: ${CMD} $*"
+${CMD} $*

bin/dynDNS.sh

@@ -0,0 +1,176 @@
+#!/bin/bash
+
+# nohup /kaz/bin/dynDNS.sh &
+
+KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
+. "${KAZ_ROOT}/bin/.commonFunctions.sh"
+setKazVars
+. "${DOCKERS_ENV}"
+# no more export in .env
+export $(set | grep "domain=")
+
+cd "${KAZ_ROOT}"
+export PRG="$0"
+
+export MYHOST="${site}"
+
+MYIP_URL="https://kaz.bzh/myip.php"
+DNS_IP=""
+
+DELAI_WAIT=10 # DNS occupé
+DELAI_GET=5 # min entre 2 requêtes
+DELAI_CHANGE=3600 # propagation 1h
+DELAI_NO_CHANGE=300 # pas de changement 5 min
+
+BOLD='\e[1m'
+RED='\e[0;31m'
+GREEN='\e[0;32m'
+YELLOW='\e[0;33m'
+BLUE='\e[0;34m'
+MAGENTA='\e[0;35m'
+CYAN='\e[0;36m'
+NC='\e[0m' # No Color
+NL='
+'
+
+export VERBOSE=""
+export SIMU=""
+
+usage(){
+    echo "Usage: ${PRG} list [sub-domain...]"
+    echo "  -h help"
+    echo "  -v verbose"
+    echo "  -n simulation"
+    exit 1
+}
+
+#. "${KAZ_KEY_DIR}/env-gandi"
+. "${KAZ_KEY_DIR}/env-alwaysdata"
+ 
+if [[ -z "${ALWAYSDATA_TOKEN}" ]] ; then
+    echo "no ALWAYSDATA_TOKEN set in ${KAZ_KEY_DIR}/env-alwaysdata"
+    usage
+fi
+
+DOMAIN_ID=$(curl -s -X GET --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" ${ALWAYSDATA_API}/domain/?name=${domain} | jq '.[0].id')
+
+if [[ -z "${DOMAIN_ID}" ]] ; then
+    echo "no DOMAIN_ID give by alwaysdata"
+    usage
+fi
+
+# if [[ -z "${GANDI_KEY}" ]] ; then
+#     echo
+#     echo "no GANDI_KEY set in ${KAZ_KEY_DIR}/env-gandi"
+#     usage
+#     exit
+# fi
+
+for ARG in $@
+do
+    case "${ARG}" in
+	'-h' | '-help' )
+	    usage
+	    ;;
+	'-v' )
+	    shift
+	    export VERBOSE=":"
+	    ;;
+	'-n' )
+	    shift
+	    export SIMU="echo"
+	    ;;
+	* )
+	    usage
+	    ;;
+    esac
+done
+
+log () {
+    echo -e "${BLUE}$(date +%d-%m-%Y-%H-%M-%S)${NC} : $*"
+}
+
+simu () {
+    echo -e "${YELLOW}$(date +%d-%m-%Y-%H-%M-%S)${NC} : $*"
+}
+
+cmdWait () {
+    #ex gandi
+    #curl -H "authorization: Apikey ${GANDI_KEY}" --connect-timeout 2 -s -D - -o /dev/null "${GANDI_API}" 2>/dev/null
+    curl -s -X GET --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" --connect-timeout 2 -D - -o /dev/null "${ALWAYSDATA_API}/record/?domain=${DOMAIN_ID}&type=CNAME&name=${TARGET}" 2>/dev/null
+}
+
+waitNet () {
+    ###  wait when error code 503
+    if [[ $(cmdWait | head -n1) != *200* ]]; then
+	log "DNS not available. Please wait..."
+	while [[ $(cmdWait | head -n1) != *200* ]]; do
+	    [[ -z "${VERBOSE}" ]] || simu curl -s -X GET --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" --connect-timeout 2 -D - -o /dev/null "${ALWAYSDATA_API}/record/?domain=${DOMAIN_ID}&type=CNAME&name=${TARGET}"
+	    sleep "${DELAI_WAIT}"
+	done
+	exit
+    fi
+}
+
+
+getDNS () {
+    # curl -s -X GET "${GANDI_API}/records" -H "authorization: Apikey ${GANDI_KEY}"|
+    #     sed "s/,{/\n/g"|
+    #     sed 's/.*rrset_name":"\([^"]*\)".*rrset_values":\["\([^"]*\)".*/\1:\2/g'|
+    #     grep -e "^${MYHOST}:"|
+    #     sed "s/^${MYHOST}://g" |
+    # 	tr -d '\n\t\r '
+    ${SIMU} curl -s -X GET --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" "${ALWAYSDATA_API}/record/?domain=${DOMAIN_ID}&type=A&name=${MYHOST}" | jq '.[] | "\(.value)"' | tr -d '"'
+}
+
+saveDns () {
+  mkdir -p /root/dns
+  ${SIMU} curl -s -X GET --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" "${ALWAYSDATA_API}/record/?domain=${DOMAIN_ID}" -o /root/dns/dns_save_$(date +'%Y%m%d%H%M%S')
+}
+
+setDNS () {
+    saveDns
+    # curl -s -X POST "${GANDI_API}/records" -H "authorization: Apikey  ${GANDI_KEY}" -H 'content-type: application/json' -d '{"rrset_type":"A", "rrset_name":"'${MYHOST}'", "rrset_values":["'${IP}'"]}'
+    ${SIMU} curl -s -X POST -d "{\"domain\":\"${DOMAIN_ID}\", \"type\":\"A\", \"name\":\"${MYHOST}\", \"value\":\"${IP}\"}" --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" "${ALWAYSDATA_API}/record/"
+
+}
+
+while :; do
+    sleep "${DELAI_GET}"
+    IP=$(curl -s "${MYIP_URL}" | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' | tr -d '\n\t\r ')
+    if ! [[ ${IP} =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+	log "BAB IP ${IP}" ; continue
+    fi
+
+    if [ -z "${DNS_IP}" ]; then
+	# Variable pas encore initialisée
+	waitNet
+	DNS_IP=$(getDNS)
+
+	if [ -z "${DNS_IP}" ]; then
+	    # C'est la première fois que le site est en prod
+	    log "set ${MYHOST} : ${IP}"
+	    setDNS
+	    DNS_IP=$(getDNS)
+	    log "DNS set ${MYHOST}:${IP} (=${DNS_IP})"
+	    sleep "${DELAI_CHANGE}"
+	    continue
+	fi
+    fi
+
+    if [ "${DNS_IP}" != "${IP}" ]; then
+	log "${MYHOST} : ${DNS_IP} must change to ${IP}"
+	# Changement d'adresse
+	waitNet
+	#curl -s -X DELETE "${GANDI_API}/records/${MYHOST}" -H "authorization: Apikey ${GANDI_KEY}"
+	RECORD_ID=$(curl -s -X GET --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" "${ALWAYSDATA_API}/record/?name=${MYHOST}&type=A&domain=${DOMAIN_ID}" | jq ".[] | select(.name==\"${MYHOST}\").id")
+	${SIMU} curl -s -X DELETE --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" "${ALWAYSDATA_API}/record/${RECORD_ID}/"
+	setDNS
+	DNS_IP=$(getDNS)
+	log "DNS reset ${MYHOST}:${IP} (=${DNS_IP})"
+	sleep "${DELAI_CHANGE}"
+    else
+	log "OK ${MYHOST}:${DNS_IP} / ${IP}"
+	sleep ${DELAI_NO_CHANGE}
+    fi
+done

bin/gestContainers.sh

@@ -322,7 +322,7 @@ _reloadProxy() {
     availableProxyComposes=($(getList "${KAZ_CONF_DIR}/container-proxy.list"))
 
     for item in "${availableProxyComposes[@]}"; do
-        ${SIMU} ${KAZ_COMP_DIR}/${item}/reload.sh
+        [ "${item}" = "proxy" ] && ${SIMU} ${KAZ_COMP_DIR}/${item}/reload.sh
     done
 }
 

bin/gestUsers.sh

@@ -1,5 +1,7 @@
 #!/bin/bash
 # gestion des utilisateurs de kaz ( mail, cloud général, mattermost )
+# Ki : Did
+# koi : gestion globale des users Kaz mais aussi les users d'autres domaines hébergés
 
 KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
 . $KAZ_ROOT/bin/.commonFunctions.sh
@@ -8,7 +10,7 @@ setKazVars
 . $DOCKERS_ENV
 . $KAZ_ROOT/secret/SetAllPass.sh
 
-VERSION="5-12-2024"
+VERSION="18-05-2025"
 PRG=$(basename $0)
 RACINE=$(echo $PRG | awk '{print $1}')
 IFS=' '
@@ -26,7 +28,7 @@ LISTMASTER=$(echo ${sympa_LISTMASTERS} | cut -d',' -f1)
 
 
 #### Test du serveur sur lequel s' execute le script ####
-echo ${site} | grep -i prod2  && { echo "Le script ne fonctionne que sur Prod1 et Dev ";exit;}
+echo ${site} | grep -E 'prod1|dev' || { echo "Le script ne fonctionne que sur Prod1 et Dev ";exit;}
 ##############################
 
 TFILE_EMAILS=$(mktemp /tmp/$RACINE.XXXXXXXXX.TFILE_EMAILS)
@@ -968,9 +970,9 @@ updateUser() {
 							MAILALIAS_CHANGE=0
 							for VALMAIL in ${CONTENU_ATTRIBUT}
 							do
-								read -p " - On garde ${VALMAIL} (o/n) ? [o] : " READVALMAIL
+								read -p " - On garde ${VALMAIL} (o/n) [o] ? : " READVALMAIL
 								case  ${READVALMAIL} in
-								* | "" | o | O )
+								"" | o | O )
 									NEW_CONTENU_ATTRIBUT="${NEW_CONTENU_ATTRIBUT} ${VALMAIL}"
 									;;
 								n | N )
@@ -1007,7 +1009,7 @@ updateUser() {
 								done
 								;;
 							"" | n | N  )
-									#CHANGED+=([mailAlias]="${NEW_CONTENU_ATTRIBUT}")
+									CHANGED+=([mailAlias]="${NEW_CONTENU_ATTRIBUT}")
 									;;
 							* )
 									printKazMsg "Erreur"

bin/getX509Certificates.sh

@@ -0,0 +1,18 @@
+#/bin/bash
+
+#koi: récupération des certifs traefik vers x509 pour mail et listes
+#ki: fanch
+#kan: 18/04/2025
+
+KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
+. "${KAZ_ROOT}/bin/.commonFunctions.sh"
+setKazVars
+. "${DOCKERS_ENV}"
+
+certificates="mail listes"
+
+for i in ${certificates}; do
+  jq -r ".letsencrypt.Certificates[] | select(.domain.main==\"${i}.${domain}\") | .certificate" /var/lib/docker/volumes/traefik_letsencrypt/_data/acme.json | base64 -d > /etc/ssl/certs/${i}.pem
+  jq -r ".letsencrypt.Certificates[] | select(.domain.main==\"${i}.${domain}\") | .key" /var/lib/docker/volumes/traefik_letsencrypt/_data/acme.json | base64 -d > /etc/ssl/private/${i}.key
+  chmod 600 /etc/ssl/private/${i}.key
+done

bin/install.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+g#!/bin/bash
 
 set -e
 # on pourra inclure le fichier dockers.env pour
@@ -120,6 +120,11 @@ export DebugLog="${KAZ_ROOT}/log/log-install-$(date +%y-%m-%d-%T)-"
     # "${KAZ_ROOT}/bin/container.sh" stop ${DOCKERS_LIST[*]}
     "${KAZ_ROOT}/bin/container.sh" start ${DOCKERS_LIST[*]}
 
+    if [[ " ${DOCKERS_LIST[*]} " =~ " traefik " ]]; then
+      # on initialise traefik :-(
+      ${KAZ_COMP_DIR}/traefik/first.sh
+    fi
+
     if [[ " ${DOCKERS_LIST[*]} " =~ " etherpad " ]]; then
 	# pb avec la lanteur de démarrage du pad :-(
 	sleep 5

bin/interoPaheko.sh

@@ -1,6 +1,7 @@
 #!/bin/bash
 
 KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
+
 . $KAZ_ROOT/bin/.commonFunctions.sh
 setKazVars
 
@@ -76,6 +77,10 @@ Int_paheko_Action() {
 	    do
 		eval $VAL_GAR=$(jq .$VAL_GAR ${TFILE_INT_PAHEKO_IDFILE})
 	    done
+	    ################################
+	    # test du mail valide en $domain
+	    echo ${email} | grep -i "${domain}" || { echo "le mail ${email} n'est pas en ${domain}"; exit ;}
+	    ################################
 	    #comme tout va bien on continue
 	    #on compte le nom de champs dans la zone nom pour gérer les noms et prénoms composés
 	    # si il y a 3 champs, on associe les 2 premieres valeurs avec un - et on laisse le 3ème identique 
@@ -145,6 +150,9 @@ Int_paheko_Action() {
 		nc_base="N"
 		admin_orga="O"
 	    fi
+	    #On met le mail et le mail de secours en minuscules
+	    email=$(echo $email | tr [:upper:] [:lower:])
+	    email_secours=$(echo $email_secours | tr [:upper:] [:lower:])
 	    # Pour le reste on renomme les null en N ( non ) et les valeurs 1 en O ( Oui)
 	    cloud=$(echo $cloud | sed -e 's/0/N/g' | sed -e 's/1/O/g')
 	    paheko=$(echo $garradin | sed -e 's/0/N/g' | sed -e 's/1/O/g')
@@ -155,11 +163,11 @@ Int_paheko_Action() {
 	    echo "$nom_ok;$prenom_ok;$email;$email_secours;$nom_orga;$admin_orga;$cloud;$paheko;$wordpress;$agora;$docuwiki;$nc_base;$groupe_nc_base;$equipe_agora;$quota_disque">>${FILE_CREATEUSER}
 	done
     else
-	echo "Rien à créer"
+        [ "$OPTION" = "silence" ] || echo "Rien à créer"
 	exit 2
     fi
 }
-#Int_paheko_Action "A créer" "silence"
-Int_paheko_Action "A créer"
+# Main
+Int_paheko_Action "A créer" "silence"
 exit 0
 

bin/kazDockerNet.sh

@@ -1,5 +1,11 @@
 #!/bin/bash
 
+#Ki: François
+#Kan: 2021
+#Koi: gestion des réseaux docker
+
+#15/01/2025: Dernière modif by fab: connecter le réseau de l'orga nouvellement créé au ocntainter Traefik
+
 # faire un completion avec les composant dispo
 
 PRG=$(basename $0)
@@ -85,6 +91,10 @@ getNet() {
 		# the winner is...
 		echo "${netName} => ${subnet}/28"
 		${SIMU} docker network create --subnet "${subnet}/28" "${netName}"
+		
+		#maj du 15/01 by fab (pour éviter de restart le traefik)
+		${SIMU} docker network connect "${netName}" traefikServ
+		
 		find="ok"
 	    done
 	    minD=0

bin/look/feminin/logo.svg

@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<svg
+   version="1.0"
+   width="640.000000pt"
+   height="1280.000000pt"
+   viewBox="0 0 640.000000 1280.000000"
+   preserveAspectRatio="xMidYMid meet"
+   id="svg18"
+   sodipodi:docname="logo.svg"
+   xml:space="preserve"
+   inkscape:version="1.2.2 (b0a8486541, 2022-12-01)"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:xlink="http://www.w3.org/1999/xlink"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg"><defs
+     id="defs22" /><sodipodi:namedview
+     id="namedview20"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:showpageshadow="2"
+     inkscape:pageopacity="0.0"
+     inkscape:pagecheckerboard="0"
+     inkscape:deskcolor="#d1d1d1"
+     inkscape:document-units="pt"
+     showgrid="false"
+     inkscape:zoom="0.36440298"
+     inkscape:cx="428.09749"
+     inkscape:cy="753.28693"
+     inkscape:window-width="1920"
+     inkscape:window-height="1032"
+     inkscape:window-x="0"
+     inkscape:window-y="0"
+     inkscape:window-maximized="1"
+     inkscape:current-layer="svg18" /><g
+     transform="translate(0.000000,1280.000000) scale(0.100000,-0.100000)"
+     fill="#000000"
+     stroke="none"
+     id="g16"><path
+       d="M1450 12780 c-28 -28 -38 -56 -65 -190 -70 -337 -103 -1013 -111 -2260 l-6 -785 69 -32 c218 -103 428 -212 520 -270 133 -84 182 -103 396 -159 350 -91 440 -127 536 -211 65 -57 94 -102 118 -184 l19 -64 274 0 274 0 17 60 c31 102 63 147 162 221 77 57 183 96 406 150 386 92 459 117 766 259 262 121 388 175 408 175 23 0 24 44 15 915 -13 1328 -47 1950 -124 2250 -35 134 -58 158 -129 130 -78 -29 -169 -147 -453 -587 -216 -333 -330 -485 -385 -512 -32 -15 -76 -19 -265 -27 -269 -10 -1017 -10 -1288 0 -176 6 -194 8 -240 32 -64 33 -95 73 -419 559 -272 408 -340 497 -406 530 -48 25 -64 25 -89 0z m197 -402 c50 -55 184 -325 220 -445 22 -76 23 -250 0 -309 -41 -108 -100 -164 -173 -164 -50 0 -67 17 -88 90 -24 80 -72 370 -92 549 -20 188 -16 257 16 283 32 26 91 24 117 -4z m3353 12 c29 -16 43 -84 36 -170 -20 -223 -80 -593 -112 -693 -18 -54 -36 -67 -93 -67 -53 0 -110 49 -148 128 -22 47 -28 75 -31 154 -7 150 13 217 125 437 52 102 102 194 110 204 18 19 83 23 113 7z m-2675 -1975 c22 -4 67 -21 99 -38 95 -51 142 -134 117 -209 -14 -41 -72 -103 -120 -127 -46 -23 -139 -47 -148 -38 -3 4 5 20 20 35 37 39 59 98 59 162 1 82 -17 134 -62 182 -45 46 -47 51 -22 45 9 -3 35 -8 57 -12z m-199 -36 c-48 -56 -59 -97 -54 -188 5 -78 19 -118 58 -159 12 -13 20 -25 18 -28 -7 -6 -108 26 -137 44 -75 46 -111 99 -111 162 0 49 17 84 63 128 36 35 136 81 175 82 23 0 22 -2 -12 -41z m1984 37 c0 -3 -13 -19 -30 -37 -79 -87 -79 -255 1 -340 16 -18 28 -33 26 -36 -2 -2 -34 6 -72 18 -79 24 -157 89 -176 146 -30 92 44 191 179 239 37 13 72 18 72 10z m223 -16 c60 -23 130 -78 152 -121 19 -36 19 -102 1 -138 -17 -32 -73 -84 -114 -105 -59 -30 -193 -45 -140 -15 10 5 29 30 44 54 54 94 39 240 -33 310 l-36 35 36 0 c20 0 60 -9 90 -20z m-1089 -306 c9 -3 59 -69 113 -146 53 -77 106 -146 118 -154 11 -7 39 -16 60 -19 52 -6 75 -34 75 -92 0 -67 -31 -93 -111 -93 -36 0 -75 7 -96 17 -34 16 -117 106 -170 186 -14 20 -29 37 -33 37 -4 0 -19 -17 -32 -37 -44 -66 -118 -147 -160 -175 -34 -23 -52 -28 -105 -28 -55 0 -68 4 -88 25 -20 19 -25 34 -25 73 0 60 17 78 84 91 57 10 72 26 186 193 44 64 85 119 92 121 19 8 74 8 92 1z"
+       id="path2" /><path
+       d="M1130 9411 c-340 -102 -544 -266 -581 -467 -34 -181 103 -365 345 -466 158 -65 303 -89 656 -108 569 -31 954 -31 1065 1 190 54 276 205 195 345 -73 128 -194 193 -509 274 -286 74 -348 98 -515 199 -188 114 -457 243 -515 248 -30 2 -79 -7 -141 -26z"
+       id="path4" /><path
+       d="M5105 9354 c-550 -254 -547 -253 -925 -345 -236 -57 -301 -77 -377 -114 -204 -100 -290 -244 -223 -374 39 -78 115 -129 232 -156 99 -23 629 -25 838 -4 52 5 187 14 300 19 292 14 442 43 596 116 222 105 340 285 304 461 -32 154 -131 268 -311 356 -111 54 -240 97 -290 97 -13 -1 -78 -26 -144 -56z"
+       id="path6" /><path
+       d="M1200 6430 l0 -1120 165 0 165 0 2 496 3 496 206 -494 207 -493 181 -3 181 -2 -6 27 c-4 16 -12 39 -20 53 -7 14 -116 264 -243 555 l-231 530 216 510 c118 281 220 518 225 527 19 37 13 38 -177 36 l-186 -3 -177 -463 -176 -462 -3 465 -2 465 -165 0 -165 0 0 -1120z"
+       id="path8" /><path
+       d="M3005 7528 c-3 -13 -97 -504 -210 -1093 -113 -588 -208 -1082 -211 -1097 l-6 -28 161 0 c89 0 161 3 162 8 0 4 15 97 32 207 l32 200 212 3 213 2 5 -22 c3 -13 16 -95 30 -183 14 -88 28 -172 31 -187 l6 -28 160 0 160 0 -5 23 c-3 12 -99 508 -212 1102 -113 594 -208 1088 -211 1098 -5 15 -22 17 -174 17 -168 0 -170 0 -175 -22z m258 -1010 c43 -266 78 -486 77 -490 0 -5 -75 -8 -166 -8 l-166 0 5 26 c2 14 38 234 78 490 42 263 78 464 84 464 6 0 44 -209 88 -482z"
+       id="path10" /><path
+       d="M4150 7399 l0 -150 290 3 c286 3 290 3 284 -17 -4 -11 -144 -402 -312 -870 l-305 -850 -5 -102 -4 -103 516 0 516 0 0 151 0 150 -315 -3 c-173 -2 -315 -2 -315 -1 0 1 120 334 266 740 380 1054 364 1004 364 1113 l0 90 -490 0 -490 0 0 -151z"
+       id="path12" /><path
+       d="M1251 4291 c-15 -4 -27 -17 -31 -31 -12 -46 -20 -984 -10 -1269 30 -885 107 -1328 426 -2460 109 -387 161 -468 329 -516 169 -50 310 55 370 275 26 92 31 634 14 1355 -7 308 -13 585 -14 615 l0 55 256 3 257 2 6 -142 c35 -740 202 -1240 531 -1587 69 -73 201 -179 262 -210 100 -50 231 -33 303 39 22 22 42 40 44 40 2 0 9 -37 16 -82 20 -144 63 -245 129 -306 111 -103 309 -85 415 39 68 80 92 145 196 525 282 1027 353 1413 390 2109 16 300 10 1519 -8 1537 -11 11 -373 13 -1935 14 -1057 0 -1933 -2 -1946 -5z m2775 -2093 c-14 -256 -26 -764 -26 -1055 0 -167 -4 -303 -8 -303 -5 0 -17 10 -28 21 -10 12 -47 41 -80 65 -128 92 -247 242 -324 408 -106 228 -160 493 -184 904 l-5 82 330 0 331 0 -6 -122z"
+       id="path14" /></g><image
+     width="156.53996"
+     height="217.31963"
+     preserveAspectRatio="none"
+     xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABgAAAAfCAYAAAD9cg1AAAAABHNCSVQICAgIfAhkiAAAAghJREFU
+SIm1lrFrFFEQxn+bi/E0EAU7ESxsEgsJFyGNQuwVFEQQrC1S2tjnHxCEWFmlFC3Ezlo8rwmiqJfG
+Iu2JqHARzO39LLIJu2/vdt8lOjDcze033/duHjOzUGPiBXFNbIs/xL74XtwQV8SkjmMc8XHxkfhH
+tMI3xdak5HPimxrivO+I12PJE/HVBOT73hcvxQjcHZH8TrwjzmaYJXFdHAS4tzECH4Kk5+L0GOwN
+cTfAX6kivxiAv4unag70OMhZzz+fCvBLQfwsIflZJQA8DeLLVQKng/hzDTnApyA+VyUwDOITEQIn
+g3inSuBjEK9ECFwL4q9jkeJs1jT7FzYUx4qIzayT85f8sPI44pMg4Zt4dQRubkRD/hbP1gmcz4Za
+PjEVX4oPxPvZjOqNaMi1SvKcyM2sPJOMitfisSiBTOSW+CuS/MX+GJnI3NsFG44f2V3xnjU7IQm+
+l8DiGfFLQH47kpNd9hrM3GcKDLJnKTDs0CmcfpHFNHuWZnkFfMbjNHAwKROSpEULyg3ILMUSL7Aw
+1aCR/6kBsM02PXpBBTJv0px0yZR8lVXznKWTHtWS4Ar/u0BhU6WkdOgwTXmBzTNfuIcuXfr0S7iw
+/pCrV5W3aRdqvcxyVN6hSzRgEIWLFhAL8bC0m44oUCf4zwVibeT7zijbYosZZg7ineLqHWsJRP7X
+Q9pfySZ/u3a+10wAAAAASUVORK5CYII=
+"
+     id="image32"
+     x="233.91249"
+     y="24.324821" /></svg>

bin/look/greve/logo.svg

@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<svg
+   version="1.0"
+   width="640.000000pt"
+   height="1280.000000pt"
+   viewBox="0 0 640.000000 1280.000000"
+   preserveAspectRatio="xMidYMid meet"
+   id="svg18"
+   sodipodi:docname="logo.svg"
+   inkscape:version="1.2.2 (b0a8486541, 2022-12-01)"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg">
+  <defs
+     id="defs22">
+    <rect
+       x="179.93953"
+       y="196.11891"
+       width="517.72233"
+       height="120.71095"
+       id="rect248" />
+    <rect
+       x="144.39207"
+       y="193.77589"
+       width="604.30237"
+       height="115.55072"
+       id="rect182" />
+  </defs>
+  <sodipodi:namedview
+     id="namedview20"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:showpageshadow="2"
+     inkscape:pageopacity="0.0"
+     inkscape:pagecheckerboard="0"
+     inkscape:deskcolor="#d1d1d1"
+     inkscape:document-units="pt"
+     showgrid="false"
+     inkscape:zoom="0.48229806"
+     inkscape:cx="427.12177"
+     inkscape:cy="902.9686"
+     inkscape:window-width="1920"
+     inkscape:window-height="1032"
+     inkscape:window-x="0"
+     inkscape:window-y="0"
+     inkscape:window-maximized="1"
+     inkscape:current-layer="svg18" />
+  <g
+     transform="translate(0.000000,1280.000000) scale(0.100000,-0.100000)"
+     fill="#000000"
+     stroke="none"
+     id="g16">
+    <path
+       d="M1450 12780 c-28 -28 -38 -56 -65 -190 -70 -337 -103 -1013 -111 -2260 l-6 -785 69 -32 c218 -103 428 -212 520 -270 133 -84 182 -103 396 -159 350 -91 440 -127 536 -211 65 -57 94 -102 118 -184 l19 -64 274 0 274 0 17 60 c31 102 63 147 162 221 77 57 183 96 406 150 386 92 459 117 766 259 262 121 388 175 408 175 23 0 24 44 15 915 -13 1328 -47 1950 -124 2250 -35 134 -58 158 -129 130 -78 -29 -169 -147 -453 -587 -216 -333 -330 -485 -385 -512 -32 -15 -76 -19 -265 -27 -269 -10 -1017 -10 -1288 0 -176 6 -194 8 -240 32 -64 33 -95 73 -419 559 -272 408 -340 497 -406 530 -48 25 -64 25 -89 0z m197 -402 c50 -55 184 -325 220 -445 22 -76 23 -250 0 -309 -41 -108 -100 -164 -173 -164 -50 0 -67 17 -88 90 -24 80 -72 370 -92 549 -20 188 -16 257 16 283 32 26 91 24 117 -4z m3353 12 c29 -16 43 -84 36 -170 -20 -223 -80 -593 -112 -693 -18 -54 -36 -67 -93 -67 -53 0 -110 49 -148 128 -22 47 -28 75 -31 154 -7 150 13 217 125 437 52 102 102 194 110 204 18 19 83 23 113 7z m-2675 -1975 c22 -4 67 -21 99 -38 95 -51 142 -134 117 -209 -14 -41 -72 -103 -120 -127 -46 -23 -139 -47 -148 -38 -3 4 5 20 20 35 37 39 59 98 59 162 1 82 -17 134 -62 182 -45 46 -47 51 -22 45 9 -3 35 -8 57 -12z m-199 -36 c-48 -56 -59 -97 -54 -188 5 -78 19 -118 58 -159 12 -13 20 -25 18 -28 -7 -6 -108 26 -137 44 -75 46 -111 99 -111 162 0 49 17 84 63 128 36 35 136 81 175 82 23 0 22 -2 -12 -41z m1984 37 c0 -3 -13 -19 -30 -37 -79 -87 -79 -255 1 -340 16 -18 28 -33 26 -36 -2 -2 -34 6 -72 18 -79 24 -157 89 -176 146 -30 92 44 191 179 239 37 13 72 18 72 10z m223 -16 c60 -23 130 -78 152 -121 19 -36 19 -102 1 -138 -17 -32 -73 -84 -114 -105 -59 -30 -193 -45 -140 -15 10 5 29 30 44 54 54 94 39 240 -33 310 l-36 35 36 0 c20 0 60 -9 90 -20z m-1089 -306 c9 -3 59 -69 113 -146 53 -77 106 -146 118 -154 11 -7 39 -16 60 -19 52 -6 75 -34 75 -92 0 -67 -31 -93 -111 -93 -36 0 -75 7 -96 17 -34 16 -117 106 -170 186 -14 20 -29 37 -33 37 -4 0 -19 -17 -32 -37 -44 -66 -118 -147 -160 -175 -34 -23 -52 -28 -105 -28 -55 0 -68 4 -88 25 -20 19 -25 34 -25 73 0 60 17 78 84 91 57 10 72 26 186 193 44 64 85 119 92 121 19 8 74 8 92 1z"
+       id="path2" />
+    <path
+       d="M1130 9411 c-340 -102 -544 -266 -581 -467 -34 -181 103 -365 345 -466 158 -65 303 -89 656 -108 569 -31 954 -31 1065 1 190 54 276 205 195 345 -73 128 -194 193 -509 274 -286 74 -348 98 -515 199 -188 114 -457 243 -515 248 -30 2 -79 -7 -141 -26z"
+       id="path4" />
+    <path
+       d="M5105 9354 c-550 -254 -547 -253 -925 -345 -236 -57 -301 -77 -377 -114 -204 -100 -290 -244 -223 -374 39 -78 115 -129 232 -156 99 -23 629 -25 838 -4 52 5 187 14 300 19 292 14 442 43 596 116 222 105 340 285 304 461 -32 154 -131 268 -311 356 -111 54 -240 97 -290 97 -13 -1 -78 -26 -144 -56z"
+       id="path6" />
+    <path
+       d="M1200 6430 l0 -1120 165 0 165 0 2 496 3 496 206 -494 207 -493 181 -3 181 -2 -6 27 c-4 16 -12 39 -20 53 -7 14 -116 264 -243 555 l-231 530 216 510 c118 281 220 518 225 527 19 37 13 38 -177 36 l-186 -3 -177 -463 -176 -462 -3 465 -2 465 -165 0 -165 0 0 -1120z"
+       id="path8" />
+    <path
+       d="M3005 7528 c-3 -13 -97 -504 -210 -1093 -113 -588 -208 -1082 -211 -1097 l-6 -28 161 0 c89 0 161 3 162 8 0 4 15 97 32 207 l32 200 212 3 213 2 5 -22 c3 -13 16 -95 30 -183 14 -88 28 -172 31 -187 l6 -28 160 0 160 0 -5 23 c-3 12 -99 508 -212 1102 -113 594 -208 1088 -211 1098 -5 15 -22 17 -174 17 -168 0 -170 0 -175 -22z m258 -1010 c43 -266 78 -486 77 -490 0 -5 -75 -8 -166 -8 l-166 0 5 26 c2 14 38 234 78 490 42 263 78 464 84 464 6 0 44 -209 88 -482z"
+       id="path10" />
+    <path
+       d="M4150 7399 l0 -150 290 3 c286 3 290 3 284 -17 -4 -11 -144 -402 -312 -870 l-305 -850 -5 -102 -4 -103 516 0 516 0 0 151 0 150 -315 -3 c-173 -2 -315 -2 -315 -1 0 1 120 334 266 740 380 1054 364 1004 364 1113 l0 90 -490 0 -490 0 0 -151z"
+       id="path12" />
+    <path
+       d="M1251 4291 c-15 -4 -27 -17 -31 -31 -12 -46 -20 -984 -10 -1269 30 -885 107 -1328 426 -2460 109 -387 161 -468 329 -516 169 -50 310 55 370 275 26 92 31 634 14 1355 -7 308 -13 585 -14 615 l0 55 256 3 257 2 6 -142 c35 -740 202 -1240 531 -1587 69 -73 201 -179 262 -210 100 -50 231 -33 303 39 22 22 42 40 44 40 2 0 9 -37 16 -82 20 -144 63 -245 129 -306 111 -103 309 -85 415 39 68 80 92 145 196 525 282 1027 353 1413 390 2109 16 300 10 1519 -8 1537 -11 11 -373 13 -1935 14 -1057 0 -1933 -2 -1946 -5z m2775 -2093 c-14 -256 -26 -764 -26 -1055 0 -167 -4 -303 -8 -303 -5 0 -17 10 -28 21 -10 12 -47 41 -80 65 -128 92 -247 242 -324 408 -106 228 -160 493 -184 904 l-5 82 330 0 331 0 -6 -122z"
+       id="path14" />
+  </g>
+  <text
+     xml:space="preserve"
+     transform="matrix(0.96846201,0,0,0.86019954,-43.878364,-38.095408)"
+     id="text246"
+     style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:106.667px;line-height:125%;font-family:'Arial Black';-inkscape-font-specification:'Arial Black, ';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-feature-settings:normal;text-align:start;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;white-space:pre;shape-inside:url(#rect248);fill:#00ff00;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"><tspan
+       x="179.93945"
+       y="291.75453"
+       id="tspan371">GREVE</tspan></text>
+</svg>

bin/look/kaz/logo.svg

@@ -0,0 +1,72 @@
+<?xml version="1.0" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 20010904//EN"
+ "http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd">
+<svg version="1.0" xmlns="http://www.w3.org/2000/svg"
+ width="640.000000pt" height="1280.000000pt" viewBox="0 0 640.000000 1280.000000"
+ preserveAspectRatio="xMidYMid meet">
+
+<g transform="translate(0.000000,1280.000000) scale(0.100000,-0.100000)"
+fill="#000000" stroke="none">
+<path d="M1450 12780 c-28 -28 -38 -56 -65 -190 -70 -337 -103 -1013 -111
+-2260 l-6 -785 69 -32 c218 -103 428 -212 520 -270 133 -84 182 -103 396 -159
+350 -91 440 -127 536 -211 65 -57 94 -102 118 -184 l19 -64 274 0 274 0 17 60
+c31 102 63 147 162 221 77 57 183 96 406 150 386 92 459 117 766 259 262 121
+388 175 408 175 23 0 24 44 15 915 -13 1328 -47 1950 -124 2250 -35 134 -58
+158 -129 130 -78 -29 -169 -147 -453 -587 -216 -333 -330 -485 -385 -512 -32
+-15 -76 -19 -265 -27 -269 -10 -1017 -10 -1288 0 -176 6 -194 8 -240 32 -64
+33 -95 73 -419 559 -272 408 -340 497 -406 530 -48 25 -64 25 -89 0z m197
+-402 c50 -55 184 -325 220 -445 22 -76 23 -250 0 -309 -41 -108 -100 -164
+-173 -164 -50 0 -67 17 -88 90 -24 80 -72 370 -92 549 -20 188 -16 257 16 283
+32 26 91 24 117 -4z m3353 12 c29 -16 43 -84 36 -170 -20 -223 -80 -593 -112
+-693 -18 -54 -36 -67 -93 -67 -53 0 -110 49 -148 128 -22 47 -28 75 -31 154
+-7 150 13 217 125 437 52 102 102 194 110 204 18 19 83 23 113 7z m-2675
+-1975 c22 -4 67 -21 99 -38 95 -51 142 -134 117 -209 -14 -41 -72 -103 -120
+-127 -46 -23 -139 -47 -148 -38 -3 4 5 20 20 35 37 39 59 98 59 162 1 82 -17
+134 -62 182 -45 46 -47 51 -22 45 9 -3 35 -8 57 -12z m-199 -36 c-48 -56 -59
+-97 -54 -188 5 -78 19 -118 58 -159 12 -13 20 -25 18 -28 -7 -6 -108 26 -137
+44 -75 46 -111 99 -111 162 0 49 17 84 63 128 36 35 136 81 175 82 23 0 22 -2
+-12 -41z m1984 37 c0 -3 -13 -19 -30 -37 -79 -87 -79 -255 1 -340 16 -18 28
+-33 26 -36 -2 -2 -34 6 -72 18 -79 24 -157 89 -176 146 -30 92 44 191 179 239
+37 13 72 18 72 10z m223 -16 c60 -23 130 -78 152 -121 19 -36 19 -102 1 -138
+-17 -32 -73 -84 -114 -105 -59 -30 -193 -45 -140 -15 10 5 29 30 44 54 54 94
+39 240 -33 310 l-36 35 36 0 c20 0 60 -9 90 -20z m-1089 -306 c9 -3 59 -69
+113 -146 53 -77 106 -146 118 -154 11 -7 39 -16 60 -19 52 -6 75 -34 75 -92 0
+-67 -31 -93 -111 -93 -36 0 -75 7 -96 17 -34 16 -117 106 -170 186 -14 20 -29
+37 -33 37 -4 0 -19 -17 -32 -37 -44 -66 -118 -147 -160 -175 -34 -23 -52 -28
+-105 -28 -55 0 -68 4 -88 25 -20 19 -25 34 -25 73 0 60 17 78 84 91 57 10 72
+26 186 193 44 64 85 119 92 121 19 8 74 8 92 1z"/>
+<path d="M1130 9411 c-340 -102 -544 -266 -581 -467 -34 -181 103 -365 345
+-466 158 -65 303 -89 656 -108 569 -31 954 -31 1065 1 190 54 276 205 195 345
+-73 128 -194 193 -509 274 -286 74 -348 98 -515 199 -188 114 -457 243 -515
+248 -30 2 -79 -7 -141 -26z"/>
+<path d="M5105 9354 c-550 -254 -547 -253 -925 -345 -236 -57 -301 -77 -377
+-114 -204 -100 -290 -244 -223 -374 39 -78 115 -129 232 -156 99 -23 629 -25
+838 -4 52 5 187 14 300 19 292 14 442 43 596 116 222 105 340 285 304 461 -32
+154 -131 268 -311 356 -111 54 -240 97 -290 97 -13 -1 -78 -26 -144 -56z"/>
+<path d="M1200 6430 l0 -1120 165 0 165 0 2 496 3 496 206 -494 207 -493 181
+-3 181 -2 -6 27 c-4 16 -12 39 -20 53 -7 14 -116 264 -243 555 l-231 530 216
+510 c118 281 220 518 225 527 19 37 13 38 -177 36 l-186 -3 -177 -463 -176
+-462 -3 465 -2 465 -165 0 -165 0 0 -1120z"/>
+<path d="M3005 7528 c-3 -13 -97 -504 -210 -1093 -113 -588 -208 -1082 -211
+-1097 l-6 -28 161 0 c89 0 161 3 162 8 0 4 15 97 32 207 l32 200 212 3 213 2
+5 -22 c3 -13 16 -95 30 -183 14 -88 28 -172 31 -187 l6 -28 160 0 160 0 -5 23
+c-3 12 -99 508 -212 1102 -113 594 -208 1088 -211 1098 -5 15 -22 17 -174 17
+-168 0 -170 0 -175 -22z m258 -1010 c43 -266 78 -486 77 -490 0 -5 -75 -8
+-166 -8 l-166 0 5 26 c2 14 38 234 78 490 42 263 78 464 84 464 6 0 44 -209
+88 -482z"/>
+<path d="M4150 7399 l0 -150 290 3 c286 3 290 3 284 -17 -4 -11 -144 -402
+-312 -870 l-305 -850 -5 -102 -4 -103 516 0 516 0 0 151 0 150 -315 -3 c-173
+-2 -315 -2 -315 -1 0 1 120 334 266 740 380 1054 364 1004 364 1113 l0 90
+-490 0 -490 0 0 -151z"/>
+<path d="M1251 4291 c-15 -4 -27 -17 -31 -31 -12 -46 -20 -984 -10 -1269 30
+-885 107 -1328 426 -2460 109 -387 161 -468 329 -516 169 -50 310 55 370 275
+26 92 31 634 14 1355 -7 308 -13 585 -14 615 l0 55 256 3 257 2 6 -142 c35
+-740 202 -1240 531 -1587 69 -73 201 -179 262 -210 100 -50 231 -33 303 39 22
+22 42 40 44 40 2 0 9 -37 16 -82 20 -144 63 -245 129 -306 111 -103 309 -85
+415 39 68 80 92 145 196 525 282 1027 353 1413 390 2109 16 300 10 1519 -8
+1537 -11 11 -373 13 -1935 14 -1057 0 -1933 -2 -1946 -5z m2775 -2093 c-14
+-256 -26 -764 -26 -1055 0 -167 -4 -303 -8 -303 -5 0 -17 10 -28 21 -10 12
+-47 41 -80 65 -128 92 -247 242 -324 408 -106 228 -160 493 -184 904 l-5 82
+330 0 331 0 -6 -122z"/>
+</g>
+</svg>

bin/look/noel/logo.svg

@@ -0,0 +1,86 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<svg
+   version="1.0"
+   width="640.000000pt"
+   height="1280.000000pt"
+   viewBox="0 0 640.000000 1280.000000"
+   preserveAspectRatio="xMidYMid meet"
+   id="svg18"
+   sodipodi:docname="logo.svg"
+   xml:space="preserve"
+   inkscape:version="1.2.2 (b0a8486541, 2022-12-01)"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:xlink="http://www.w3.org/1999/xlink"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg"><defs
+     id="defs22" /><sodipodi:namedview
+     id="namedview20"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:showpageshadow="2"
+     inkscape:pageopacity="0.0"
+     inkscape:pagecheckerboard="0"
+     inkscape:deskcolor="#d1d1d1"
+     inkscape:document-units="pt"
+     showgrid="false"
+     inkscape:zoom="0.36440298"
+     inkscape:cx="428.09749"
+     inkscape:cy="939.89353"
+     inkscape:window-width="1920"
+     inkscape:window-height="1032"
+     inkscape:window-x="0"
+     inkscape:window-y="0"
+     inkscape:window-maximized="1"
+     inkscape:current-layer="svg18" /><g
+     transform="translate(0.000000,1280.000000) scale(0.100000,-0.100000)"
+     fill="#000000"
+     stroke="none"
+     id="g16"><path
+       d="M1450 12780 c-28 -28 -38 -56 -65 -190 -70 -337 -103 -1013 -111 -2260 l-6 -785 69 -32 c218 -103 428 -212 520 -270 133 -84 182 -103 396 -159 350 -91 440 -127 536 -211 65 -57 94 -102 118 -184 l19 -64 274 0 274 0 17 60 c31 102 63 147 162 221 77 57 183 96 406 150 386 92 459 117 766 259 262 121 388 175 408 175 23 0 24 44 15 915 -13 1328 -47 1950 -124 2250 -35 134 -58 158 -129 130 -78 -29 -169 -147 -453 -587 -216 -333 -330 -485 -385 -512 -32 -15 -76 -19 -265 -27 -269 -10 -1017 -10 -1288 0 -176 6 -194 8 -240 32 -64 33 -95 73 -419 559 -272 408 -340 497 -406 530 -48 25 -64 25 -89 0z m197 -402 c50 -55 184 -325 220 -445 22 -76 23 -250 0 -309 -41 -108 -100 -164 -173 -164 -50 0 -67 17 -88 90 -24 80 -72 370 -92 549 -20 188 -16 257 16 283 32 26 91 24 117 -4z m3353 12 c29 -16 43 -84 36 -170 -20 -223 -80 -593 -112 -693 -18 -54 -36 -67 -93 -67 -53 0 -110 49 -148 128 -22 47 -28 75 -31 154 -7 150 13 217 125 437 52 102 102 194 110 204 18 19 83 23 113 7z m-2675 -1975 c22 -4 67 -21 99 -38 95 -51 142 -134 117 -209 -14 -41 -72 -103 -120 -127 -46 -23 -139 -47 -148 -38 -3 4 5 20 20 35 37 39 59 98 59 162 1 82 -17 134 -62 182 -45 46 -47 51 -22 45 9 -3 35 -8 57 -12z m-199 -36 c-48 -56 -59 -97 -54 -188 5 -78 19 -118 58 -159 12 -13 20 -25 18 -28 -7 -6 -108 26 -137 44 -75 46 -111 99 -111 162 0 49 17 84 63 128 36 35 136 81 175 82 23 0 22 -2 -12 -41z m1984 37 c0 -3 -13 -19 -30 -37 -79 -87 -79 -255 1 -340 16 -18 28 -33 26 -36 -2 -2 -34 6 -72 18 -79 24 -157 89 -176 146 -30 92 44 191 179 239 37 13 72 18 72 10z m223 -16 c60 -23 130 -78 152 -121 19 -36 19 -102 1 -138 -17 -32 -73 -84 -114 -105 -59 -30 -193 -45 -140 -15 10 5 29 30 44 54 54 94 39 240 -33 310 l-36 35 36 0 c20 0 60 -9 90 -20z m-1089 -306 c9 -3 59 -69 113 -146 53 -77 106 -146 118 -154 11 -7 39 -16 60 -19 52 -6 75 -34 75 -92 0 -67 -31 -93 -111 -93 -36 0 -75 7 -96 17 -34 16 -117 106 -170 186 -14 20 -29 37 -33 37 -4 0 -19 -17 -32 -37 -44 -66 -118 -147 -160 -175 -34 -23 -52 -28 -105 -28 -55 0 -68 4 -88 25 -20 19 -25 34 -25 73 0 60 17 78 84 91 57 10 72 26 186 193 44 64 85 119 92 121 19 8 74 8 92 1z"
+       id="path2" /><path
+       d="M1130 9411 c-340 -102 -544 -266 -581 -467 -34 -181 103 -365 345 -466 158 -65 303 -89 656 -108 569 -31 954 -31 1065 1 190 54 276 205 195 345 -73 128 -194 193 -509 274 -286 74 -348 98 -515 199 -188 114 -457 243 -515 248 -30 2 -79 -7 -141 -26z"
+       id="path4" /><path
+       d="M5105 9354 c-550 -254 -547 -253 -925 -345 -236 -57 -301 -77 -377 -114 -204 -100 -290 -244 -223 -374 39 -78 115 -129 232 -156 99 -23 629 -25 838 -4 52 5 187 14 300 19 292 14 442 43 596 116 222 105 340 285 304 461 -32 154 -131 268 -311 356 -111 54 -240 97 -290 97 -13 -1 -78 -26 -144 -56z"
+       id="path6" /><path
+       d="M1200 6430 l0 -1120 165 0 165 0 2 496 3 496 206 -494 207 -493 181 -3 181 -2 -6 27 c-4 16 -12 39 -20 53 -7 14 -116 264 -243 555 l-231 530 216 510 c118 281 220 518 225 527 19 37 13 38 -177 36 l-186 -3 -177 -463 -176 -462 -3 465 -2 465 -165 0 -165 0 0 -1120z"
+       id="path8" /><path
+       d="M3005 7528 c-3 -13 -97 -504 -210 -1093 -113 -588 -208 -1082 -211 -1097 l-6 -28 161 0 c89 0 161 3 162 8 0 4 15 97 32 207 l32 200 212 3 213 2 5 -22 c3 -13 16 -95 30 -183 14 -88 28 -172 31 -187 l6 -28 160 0 160 0 -5 23 c-3 12 -99 508 -212 1102 -113 594 -208 1088 -211 1098 -5 15 -22 17 -174 17 -168 0 -170 0 -175 -22z m258 -1010 c43 -266 78 -486 77 -490 0 -5 -75 -8 -166 -8 l-166 0 5 26 c2 14 38 234 78 490 42 263 78 464 84 464 6 0 44 -209 88 -482z"
+       id="path10" /><path
+       d="M4150 7399 l0 -150 290 3 c286 3 290 3 284 -17 -4 -11 -144 -402 -312 -870 l-305 -850 -5 -102 -4 -103 516 0 516 0 0 151 0 150 -315 -3 c-173 -2 -315 -2 -315 -1 0 1 120 334 266 740 380 1054 364 1004 364 1113 l0 90 -490 0 -490 0 0 -151z"
+       id="path12" /><path
+       d="M1251 4291 c-15 -4 -27 -17 -31 -31 -12 -46 -20 -984 -10 -1269 30 -885 107 -1328 426 -2460 109 -387 161 -468 329 -516 169 -50 310 55 370 275 26 92 31 634 14 1355 -7 308 -13 585 -14 615 l0 55 256 3 257 2 6 -142 c35 -740 202 -1240 531 -1587 69 -73 201 -179 262 -210 100 -50 231 -33 303 39 22 22 42 40 44 40 2 0 9 -37 16 -82 20 -144 63 -245 129 -306 111 -103 309 -85 415 39 68 80 92 145 196 525 282 1027 353 1413 390 2109 16 300 10 1519 -8 1537 -11 11 -373 13 -1935 14 -1057 0 -1933 -2 -1946 -5z m2775 -2093 c-14 -256 -26 -764 -26 -1055 0 -167 -4 -303 -8 -303 -5 0 -17 10 -28 21 -10 12 -47 41 -80 65 -128 92 -247 242 -324 408 -106 228 -160 493 -184 904 l-5 82 330 0 331 0 -6 -122z"
+       id="path14" /></g><image
+     width="205.84871"
+     height="157.69467"
+     preserveAspectRatio="none"
+     xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAaCAYAAACkVDyJAAAABHNCSVQICAgIfAhkiAAABS9JREFU
+SIm1lVuIXWcVx39r7332Pmfm3DvNxM5kmlQT05SmtfGhtY2CsUwVCsXavETQF0PBUlosptDigC8q
+PlkQFEQiFYQBA0pN6Rh7p2pCmoGWNkY604nJ3M51n9s++7p8mBmZmJNpKvYPH3zs72P9+K+19reE
+T1CqavSS/g/S2Pvcbjf7/sKcYf2vwY4/e+DTd5yuHCpV+5/P1P2bvbQxETlWUVvBpT66XCvZSxeO
+/2x2z7cfnwLBNi2GrGE+FvCR6UfMJ56ffWjnheqTpefe+UK6E4qoApAgdBWaItt9YPjDhJxRQtec
+EiUJYRRdP/DEd/buueuHLx/fcaF5j4QxsulMgb4KTVFqJLgIPlBGieMYP4houm0qtTrm9cBePbLv
+q/e+sPDitoX2bkkSZB2yAQ2ApkAVqGLgAh5CXCiRuvseao0mHy4tMbd4+aMdzhz57L0HZuZPZGte
+evP3DVgCdBHqQFWglkDHMcLWrsKPLg0tPl/553u/7rXCg+1OV3vqnZKrCJv01FP7h49Nz58f+Vdn
+fM3TlVKgh1BBuIyyDNQFlu4sPzb1du3nAN//w09ymahciIKWjBZSq1u6e+e+Hc+oIarCwBUKugo6
+i+hJEf2ViP54JNOemtpnXyumca2D6cf275r4R/17qrrWaevp27z3FVoCDVlLZxNwUV26KXN1OtY1
+sIYzh/d87XO/n/uFU+2VQhWQjSbZiLPWhcsizKsyJ8JFVVZRPOX87sXcNYFX1fDPD++dvOOl+ZPp
+TmiAXnFDAU+go0oVYQ7hA5TLQAXoOLIc31fYe+pUw71uh+b71UNuNzC6CJYIBiCiJCoEKK6CC6wo
+LIpSB/qAopj51KmXtoANBJ4rGvMrgC0JGYSMCmkEBzBUCUUwENIiFFWJBNIKRRHidjS7FWywQ1Uz
+BEKgB6RQUgoOiiNCWtdcDwtEAomCLdAX6G0bvpWF9pbAK7r06C8PpMYWvEdvQCkBBSCDkBJBRQiA
+LtAWaAMdlEAgRlGFUm7Ht154483Xf/OX6bGPBJ44+9qtD9YfnItWvNtc1l4PT5U+CZ4m9FRpozQl
+oUFCk4Q24AE+Qmya7H/0u9aNheLBgj1yfGp6atC/KBbAc3/7bb6swzPFB74+3k2XaJ09w9zMDOp5
+GKZJ7PtIEBKnLMwgJFUqIuUSQ9tGyeYL7Jy8n+zYBJ86+EXqLZehbvYrE4UDh4AXB9VQCu3yN+K8
+jpvFLLuOfJP80aMcsoSw3cW0UwT9PtW5Dxj9zG4un5tl9PbbyI1uBxRUiOOYXt+n3e2hiSKJYoTG
+4U1AWV93CRB+aXLSfPLYs7L9hjLlYp5iNksm45C2bUzDQGTwk6uqRHGC7wd0PI9Wu0Ot6bJcqfHX
+c6f56dPH4MrBggVYhe0jrFSqJHFMFMWEfkQ+O0QmncGxLSzLwjAEYx2cqKJxTBjH9IOQrtfH7fZo
+uC6r9QarjQZ/f/WV/9Ttv1PK0sVL9IOQxZVV3E6HciFPMZcjOzxExrGxbRvLNNeBuuYsiugHIT3P
+p93r0Wh1aLZcup7Pe+dnefftswOzIoAapsHd93+ZyYcOUxougIBlmTi2Q8Z2cByHlGVhigECcZIQ
+hCF938cPAvpBQBTFxCizZ97iT9O/o7Y8eBJtDG8A7LTD2C07GR0bZ+/+OxmfuBk7ZZPPlYg1wTRM
+ZL0iqoqKUKuskLJtXj75R2qVVd49fWYgaCBwkAzTYCiXxet0sTNpRiZuonpxEUMMDMuk03TRZMsQ
+Hw/4/9Y1B/AnpX8DQ2J16tSILa8AAAAASUVORK5CYII=
+"
+     id="image136"
+     x="239.88551"
+     y="10.151023" /></svg>

bin/manageCloud.sh

@@ -16,7 +16,7 @@ availableOrga=($(getList "${KAZ_CONF_DIR}/container-orga.list"))
 AVAILABLE_ORGAS=${availableOrga[*]//-orga/}
 
 # CLOUD
-APPLIS_PAR_DEFAUT="tasks calendar contacts bookmarks mail richdocuments external drawio snappymail ransomware_protection" #rainloop richdocumentscode 
+APPLIS_PAR_DEFAUT="tasks calendar contacts bookmarks mail richdocuments external drawio ransomware_protection" #rainloop richdocumentscode 
 QUIET="1"
 ONNAS=
 
@@ -120,10 +120,11 @@ firstInstall(){
 }
 
 setOfficeUrl(){
-    OFFICE_URL="https://${officeHost}.${domain}"
-    if [ ! "${site}" = "prod1" ]; then
+    # Did le 25 mars les offices sont tous normalisé sur les serveurs https://${site}-${officeHost}.${domain}
+    #OFFICE_URL="https://${officeHost}.${domain}"
+    #if [ ! "${site}" = "prod1" ]; then
     OFFICE_URL="https://${site}-${officeHost}.${domain}"
-    fi 
+    #fi 
     occCommand "config:app:set --value $OFFICE_URL richdocuments public_wopi_url"
     occCommand "config:app:set --value $OFFICE_URL richdocuments wopi_url"
     occCommand "config:app:set --value $OFFICE_URL richdocuments disable_certificate_verification"

bin/migVersProdX.sh

@@ -10,12 +10,12 @@ setKazVars
 
 . $DOCKERS_ENV
 . $KAZ_ROOT/secret/SetAllPass.sh
+. $KAZ_ROOT/secret/env-kaz
 
 
 NAS_VOL="/mnt/disk-nas1/docker/volumes/"
 
-#TODO: ce tab doit être construit à partir de la liste des machines dispos et pas en dur
-tab_sites_destinations_possibles=("kazoulet" "prod2")
+tab_sites_destinations_possibles=${TAB_SITES_POSSIBLES}
 
 #par défaut, on prend le premier site
 SITE_DST="${tab_sites_destinations_possibles[0]}"
@@ -143,6 +143,4 @@ for orgaLong in ${Orgas}; do
 
 	${SIMU} ssh -p 2201 root@${SITE_DST}.${domain} "${KAZ_BIN_DIR}/manageCloud.sh" --officeURL "${orgaCourt}"
     fi
-
-
 done

bin/nettoyer_acme_json_certifs.sh

@@ -0,0 +1,41 @@
+#!/bin/bash
+
+#date: 23/04/2025
+#ki: fab
+#koi: supprimer de acme.json les certificats LE devenus inutiles
+
+KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
+. "${KAZ_ROOT}/bin/.commonFunctions.sh"
+setKazVars
+. "${DOCKERS_ENV}"
+
+FILE_ACME_ORI="/var/lib/docker/volumes/traefik_letsencrypt/_data/acme.json"
+FILE_ACME="/tmp/acme.json"
+FILE_URL=$(mktemp)
+FILE_ACME_TMP=$(mktemp)
+
+#l'ip du serveur:
+#marche po pour les machines hébergée chez T.C... :( on récupère l'IP dans config/dockers.env
+#MAIN_IP=$(curl ifconfig.me)
+
+#DANGER: IP depuis config/dockers.env ne fonctionne pas pour les domaines hors *.kaz.bzh (ex:radiokalon.fr)
+
+#sauvegarde
+cp $FILE_ACME_ORI $FILE_ACME
+cp $FILE_ACME "$FILE_ACME"_$(date +%Y%m%d_%H%M%S)
+
+#je cherche toutes les url
+jq -r '.letsencrypt.Certificates[].domain.main' $FILE_ACME > $FILE_URL
+
+while read -r url; do
+  #echo "Traitement de : $url"
+  nb=$(dig $url | grep $MAIN_IP | wc -l)
+  if [ "$nb" -eq 0 ]; then 
+    #absent, on vire de acme.json
+    echo "on supprime "$url
+    jq --arg url "$url" 'del(.letsencrypt.Certificates[] | select(.domain.main == $url))' $FILE_ACME > $FILE_ACME_TMP
+    mv -f $FILE_ACME_TMP $FILE_ACME
+  fi
+done < "$FILE_URL"
+
+echo "si satisfait, remettre "$FILE_ACME" dans "$FILE_ACME_ORI

bin/sauve_serveur.sh

@@ -1,7 +1,7 @@
 #! /bin/sh
 # date: 12/11/2020
 
-#PATH=/bin:/sbin:/usr/bin:/usr/sbin
+PATH=/bin:/sbin:/usr/bin:/usr/sbin
 PATH_SAUVE="/home/sauve/"
 
 iptables-save > $PATH_SAUVE/iptables.sav

bin/scriptBorg.sh

@@ -1,7 +1,6 @@
 #!/bin/bash
 # --------------------------------------------------------------------------------------
 # Didier
-# 
 # Script de sauvegarde avec BorgBackup 
 # la commande de creation du dépot est : borg init --encryption=repokey /mnt/backup-nas1/BorgRepo
 # la conf de borg est dans /root/.config/borg
@@ -20,7 +19,7 @@ setKazVars
 . $DOCKERS_ENV
 . $KAZ_ROOT/secret/SetAllPass.sh
 
-VERSION="V-3-11-2024"
+VERSION="V-10-03-2025"
 PRG=$(basename $0)
 RACINE=$(echo $PRG | awk '{print $1}')
 #IFS=' '
@@ -72,20 +71,10 @@ LogFic() {
 }
 #
 ExpMail() {
-	MAIL_SOURCE=$1
+	MAIL_DEST=$1
 	MAIL_SUJET=$2
-	MAIL_DEST=$3
-	MAIL_TEXTE=$4
-	# a mettre ailleurs
-	mailexp=${borg_MAILEXP}
-	mailpassword=${borg_MAILPASSWORD}
-	mailserveur=${borg_MAILSERVEUR}
-	#
-	#sendemail -t ${MAIL_DEST} -u ${MAIL_SUJET} -m ${MAIL_TEXTE} -f $mailexp -s $mailserveur:587 -xu $mailexp -xp $mailpassword -o tls=yes >/dev/null 2>&1
+	MAIL_TEXTE=$3
 	printf "Subject:${MAIL_SUJET}\n${MAIL_TEXTE}" | msmtp ${MAIL_DEST}
-        #docker exec -i mailServ mailx -a 'Content-Type: text/plain; charset="UTF-8"' -r ${MAIL_SOURCE} -s "${MAIL_SUJET}" ${MAIL_DEST} << EOF 
-        #${MAIL_TEXTE}
-#EOF
 }
 
 Pre_Sauvegarde() {
@@ -297,7 +286,7 @@ if [ "${REPO_MOUNT_ACTIVE}" = "true" ]
 then
         echo "le REPO : ${BORG_REPO} est monté , je sors"
         LogFic "le REPO : ${BORG_REPO} est monté , je sors"
-	ExpMail borg@${domain} "${site} : Sauvegarde en erreur" ${MAIL_RAPPORT} "le REPO : ${BORG_REPO} est monté, sauvegarde impossible"
+	ExpMail ${MAIL_RAPPORT} "${site} : Sauvegarde en erreur" "le REPO : ${BORG_REPO} est monté, sauvegarde impossible"
         exit 1
 fi
 
@@ -349,7 +338,7 @@ BorgBackup
 
 "
 		LogFic " - la sauvegarde est OK"
-		[ "$MAILOK" = true ] && ExpMail borg@${domain} "${site} : Sauvegarde Ok" ${MAIL_RAPPORT} ${MESS_SAUVE_OK}${LOGDATA}
+		[ "$MAILOK" = true ] && ExpMail ${MAIL_RAPPORT} "${site} : Sauvegarde Ok" ${MESS_SAUVE_OK}${LOGDATA}
 		IFS=' '
 		;;
 	'1' )
@@ -365,7 +354,7 @@ BorgBackup
 
 "
 		LogFic " - Sauvegarde en Warning: ${BACKUP_EXIT}"
-		[ "$MAILWARNING" = true ] && ExpMail borg@${domain} "${site} : Sauvegarde en Warning: ${BACKUP_EXIT}" ${MAIL_RAPPORT} ${MESS_SAUVE_ERR}${LOGDATA}
+		[ "$MAILWARNING" = true ] && ExpMail ${MAIL_RAPPORT} "${site} : Sauvegarde en Warning: ${BACKUP_EXIT}" ${MESS_SAUVE_ERR}${LOGDATA}
 		IFS=' '
 		;;
 	* )
@@ -381,7 +370,7 @@ BorgBackup
 
 "
 		LogFic " - !!!!! Sauvegarde en Erreur !!!!! : ${BACKUP_EXIT}"
-		ExpMail borg@${domain} "${site} : Sauvegarde en Erreur !!!! : ${BACKUP_EXIT}" ${MAIL_RAPPORT} ${MESS_SAUVE_ERR}${LOGDATA}
+		ExpMail ${MAIL_RAPPORT} "${site} : Sauvegarde en Erreur !!!! : ${BACKUP_EXIT}" ${MESS_SAUVE_ERR}${LOGDATA}
 		IFS=' '
 		;;
 esac

bin/secretGen.sh

@@ -30,12 +30,12 @@ while read line ; do
 			sed "s%\(.*\)--clean_val--\(.*\)%\1${JIRAFEAU_DIR}\2%" <<< ${line}
 		continue
 		;;
-	    *DATABASE*)
+	    *DATABASE*|*DB_NAME*)
 		dbName="$(sed "s/\([^_]*\)_.*/\1/" <<< ${line})_$(apg -n 1 -m 2 -M NCL | cut -c 1-2)"
 		sed "s/\(.*\)--clean_val--\(.*\)/\1${dbName}\2/" <<< ${line}
 		continue
 		;;
-	    *ROOT_PASSWORD*|*PASSWORD*)
+	    *ROOT_PASSWORD*|*PASSWORD*|*SECRET*)
 		pass="$(apg -n 1 -m 16 -M NCL)"
 		sed "s/\(.*\)--clean_val--\(.*\)/\1${pass}\2/" <<< ${line}
 		continue

bin/updateDockerPassword.sh

@@ -92,6 +92,7 @@ updateEnvDB "vigilo" "${KAZ_KEY_DIR}/env-${vigiloDBName}" "${vigiloDBName}"
 updateEnvDB "wp" "${KAZ_KEY_DIR}/env-${wordpressDBName}" "${wordpressDBName}"
 updateEnvDB "vaultwarden" "${KAZ_KEY_DIR}/env-${vaultwardenDBName}" "${vaultwardenDBName}"
 updateEnvDB "castopod" "${KAZ_KEY_DIR}/env-${castopodDBName}" "${castopodDBName}"
+updateEnvDB "mastodon" "${KAZ_KEY_DIR}/env-${mastodonDBName}" "${mastodonDBName}"
 
 updateEnv "apikaz" "${KAZ_KEY_DIR}/env-${apikazServName}"
 updateEnv "ethercalc" "${KAZ_KEY_DIR}/env-${ethercalcServName}"
@@ -114,6 +115,9 @@ updateEnv "mobilizon" "${KAZ_KEY_DIR}/env-${mobilizonDBName}"
 updateEnv "vaultwarden" "${KAZ_KEY_DIR}/env-${vaultwardenServName}"
 updateEnv "castopod" "${KAZ_KEY_DIR}/env-${castopodServName}"
 updateEnv "ldap" "${KAZ_KEY_DIR}/env-${ldapUIName}"
+updateEnv "peertube" "${KAZ_KEY_DIR}/env-${peertubeServName}"
+updateEnv "peertube" "${KAZ_KEY_DIR}/env-${peertubeDBName}" "${peertubeDBName}"
+updateEnv "mastodon" "${KAZ_KEY_DIR}/env-${mastodonServName}"
 
 
 framadateUpdate

config/dockers.tmpl.env

@@ -93,6 +93,7 @@ vaultwardenHost=koffre
 traefikHost=dashboard
 imapsyncHost=imapsync
 castopodHost=pod
+mastodonHost=masto
 apikazHost=apikaz
 snappymailHost=snappymail
 
@@ -147,6 +148,8 @@ ldapUIName=ldapUI
 imapsyncServName=imapsyncServ
 castopodDBName=castopodDB
 castopodServName=castopodServ
+mastodonServName=mastodonServ
+mastodonDBName=mastodonDB
 apikazServName=apikazServ
 
 ########################################

config/orgaTmpl/docker-compose.yml

@@ -13,6 +13,8 @@ services:
       - orgaDB:/var/lib/mysql
       - /etc/localtime:/etc/localtime:ro
       - /etc/timezone:/etc/timezone:ro
+    environment:
+      - MARIADB_AUTO_UPGRADE=1      
     env_file:
       - ../../secret/env-${nextcloudDBName}
 #      - ../../secret/env-${mattermostDBName}
@@ -23,7 +25,8 @@ services:
       #maridb10.5
       #test: ["CMD", 'mysqladmin', 'ping', '-h', 'localhost', '-u', 'root', '-p$$MYSQL_ROOT_PASSWORD' ]
       #maridb11.4
-      test: ["CMD", 'healthcheck.sh', '--su-mysql', '--connect', '--innodb_initialized']                      
+      #test: ["CMD", 'healthcheck.sh', '--su-mysql', '--connect', '--innodb_initialized']                      
+      test: ["CMD", "mariadb-admin", "ping", "--silent"]
       interval: 30s
       timeout: 30s
       retries: 5

config/orgaTmpl/orga-gen.sh

@@ -262,6 +262,7 @@ fi
 if [[ "${paheko}"   = "on" ]]; then
     touch usePaheko
     mkdir -p /var/lib/docker/volumes/paheko_assoUsers/_data/${ORGA}
+    chown www-data:www-data /var/lib/docker/volumes/paheko_assoUsers/_data/${ORGA} -R
     ADD_DOMAIN+="${ORGA}-${pahekoHost} "
 else
     rm -f usePaheko

dockers/apikaz/Readme.txt

@@ -1,6 +1,6 @@
 yo, ceci est l'api de kaz !
 
-https://apikaz.kazkouil.fr/
+https://apikaz.DEV/
 
 Je pars de ça: python api + docker-compose: https://dev.to/alissonzampietro/the-amazing-journey-of-docker-compose-17lj
 
@@ -14,6 +14,7 @@ autre piste: abandonnée pour l'instant. trop jeune ?
 Documentation (OpenApi remplace swagger)
 https://pypi.org/project/flask-openapi3/
 
+autre piste ? https://github.com/fastapi/fastapi (mais y a du node :( )
 
 TODO: 
 * sécurisation de l'API : un token ? otp ?

dockers/apikaz/source/resources/config.py

@@ -38,8 +38,6 @@ gandi_url_api=os.environ.get('gandi_GANDI_API')
 
 #kaz_user
 site_url=os.environ.get('site_url')
-#pour webmail_url et mdp_url, ça renvoie des tuples et non des str, bizarre, du coup, je mets en dur
-#webmail_url=os.environ.get('webmail_url'),
-#mdp_url=os.environ.get('mdp_url'),
-webmail_url='https://webmail.kaz.bzh',
-mdp_url='https://mdp.kazkouil.fr',
+#pour webmail_url et mdp_url, ça renvoie des tuples et non des str, bizarre, il fat mettre les url en dur
+webmail_url=os.environ.get('webmail_url')
+mdp_url=os.environ.get('mdp_url')

dockers/apikaz/source/resources/quota.py

@@ -9,7 +9,7 @@ class Quota(Resource):
 #https://doc.dovecot.org/configuration_manual/authentication/master_users/
 
 #https://blog.debugo.fr/serveur-messagerie-dovecot/
-# sur kazkouil.fr, j'ai modifié /etc/dovecot/conf.d/20-lmtp.conf
+# sur DEV, j'ai modifié /etc/dovecot/conf.d/20-lmtp.conf
 #mail_plugins = $mail_plugins sieve quota
 
     @jwt_required()

dockers/apikaz/source/resources/test.py

@@ -35,7 +35,7 @@ class Test(Resource):
         auth = (self.paheko_ident, self.paheko_pass)
 
         api_url = self.paheko_url + '/api/sql/'
-        payload = { "sql": f"select * from users where id_category <> 13 and email='fab@kazkouil.fr'" }
+        payload = { "sql": f"select * from users where id_category <> 13 and email='MONEMAIL@perso'" }
         #payload = { "sql": f"select * from users where id_category <> 13 " }
         response = requests.post(api_url, auth=auth,  data=payload)
           

dockers/cadvisor/docker-compose.yml

@@ -0,0 +1,42 @@
+services:
+
+  cadvisor:
+    image: gcr.io/cadvisor/cadvisor:v0.52.0
+    container_name: cadvisor
+    command:
+      - "--store_container_labels=false"
+      - "--whitelisted_container_labels=com.docker.compose.project"
+      - "--housekeeping_interval=60s"
+      - "--docker_only=true"
+      - "--disable_metrics=percpu,sched,tcp,udp,disk,diskIO,hugetlb,referenced_memory,cpu_topology,resctrl"
+    networks:
+      - traefikNet
+
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.cadvisor-secure.entrypoints=websecure"
+      - "traefik.http.routers.cadvisor-secure.rule=Host(`cadvisor-${site}.${domain}`)"
+      #- "traefik.http.routers.grafana-secure.tls=true"
+      - "traefik.http.routers.cadvisor-secure.service=cadvisor"
+      - "traefik.http.routers.cadvisor-secure.middlewares=test-adminipallowlist@file"
+      - "traefik.http.services.cadvisor.loadbalancer.server.port=8080"
+      - "traefik.docker.network=traefikNet"
+
+#    ports:
+#      - 8098:8080
+    volumes:
+      - /:/rootfs:ro
+      - /var/run:/var/run:ro
+      - /sys:/sys:ro
+      - /var/lib/docker/:/var/lib/docker:ro
+      - /dev/disk/:/dev/disk:ro
+    devices:
+      - /dev/kmsg
+    privileged: true
+    restart: unless-stopped
+
+networks:
+  traefikNet:
+    external: true
+    name: traefikNet
+

dockers/cloud/up.sh

@@ -0,0 +1,102 @@
+#!/bin/bash
+
+KAZ_ROOT=$(cd $(dirname $0)/../..; pwd)
+. "${KAZ_ROOT}/bin/.commonFunctions.sh"
+setKazVars
+. "${DOCKERS_ENV}"
+. $KAZ_ROOT/secret/SetAllPass.sh
+
+
+#"${KAZ_BIN_DIR}/initCloud.sh"
+
+docker exec -ti -u 33 nextcloudServ /var/www/html/occ app:enable user_ldap
+docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:delete-config s01
+docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:create-empty-config
+docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapAgentName cn=cloud,ou=applications,${ldap_root}
+docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapAgentPassword ${ldap_LDAP_CLOUD_PASSWORD}
+docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapAgentPassword ${ldap_LDAP_CLOUD_PASSWORD}
+docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapBase ${ldap_root}
+docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapBaseGroups ${ldap_root}
+docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapBaseUsers ou=users,${ldap_root}
+docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapExpertUsernameAttr identifiantKaz
+docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapHost ${ldapServName}
+docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapPort 389
+docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapTLS 0
+docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapLoginFilter "(&(objectclass=nextcloudAccount)(|(cn=%uid)(identifiantKaz=%uid)))"
+docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapQuotaAttribute nextcloudQuota
+docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapUserFilter "(&(objectclass=nextcloudAccount)(nextcloudEnabled=TRUE))"
+docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapUserFilterObjectclass nextcloudAccount
+docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapEmailAttribute mail
+docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapUserDisplayName cn
+docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapUserFilterMode 1
+docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapConfigurationActive 1
+
+# Dans le mariadb, pour permettre au ldap de reprendre la main : delete from oc_users where uid<>'admin';
+# docker exec -i nextcloudDB mysql --user=<user> --password=<password> <db> <<< "delete from oc_users where uid<>'admin';"
+
+# Doc : https://help.nextcloud.com/t/migration-to-ldap-keeping-users-and-data/13205
+
+# Exemple de table/clés :
+# +-------------------------------+----------------------------------------------------------+
+# | Configuration                 | s01                                                      |
+# +-------------------------------+----------------------------------------------------------+
+# | hasMemberOfFilterSupport      | 0                                                        |
+# | homeFolderNamingRule          |                                                          |
+# | lastJpegPhotoLookup           | 0                                                        |
+# | ldapAgentName                 | cn=cloud,ou=applications,dc=kaz,dc=sns                   |
+# | ldapAgentPassword             | ***                                                      |
+# | ldapAttributesForGroupSearch  |                                                          |
+# | ldapAttributesForUserSearch   |                                                          |
+# | ldapBackgroundHost            |                                                          |
+# | ldapBackgroundPort            |                                                          |
+# | ldapBackupHost                |                                                          |
+# | ldapBackupPort                |                                                          |
+# | ldapBase                      | ou=users,dc=kaz,dc=sns                                   |
+# | ldapBaseGroups                | ou=users,dc=kaz,dc=sns                                   |
+# | ldapBaseUsers                 | ou=users,dc=kaz,dc=sns                                   |
+# | ldapCacheTTL                  | 600                                                      |
+# | ldapConfigurationActive       | 1                                                        |
+# | ldapConnectionTimeout         | 15                                                       |
+# | ldapDefaultPPolicyDN          |                                                          |
+# | ldapDynamicGroupMemberURL     |                                                          |
+# | ldapEmailAttribute            | mail                                                     |
+# | ldapExperiencedAdmin          | 0                                                        |
+# | ldapExpertUUIDGroupAttr       |                                                          |
+# | ldapExpertUUIDUserAttr        |                                                          |
+# | ldapExpertUsernameAttr        | uid                                                      |
+# | ldapExtStorageHomeAttribute   |                                                          |
+# | ldapGidNumber                 | gidNumber                                                |
+# | ldapGroupDisplayName          | cn                                                       |
+# | ldapGroupFilter               |                                                          |
+# | ldapGroupFilterGroups         |                                                          |
+# | ldapGroupFilterMode           | 0                                                        |
+# | ldapGroupFilterObjectclass    |                                                          |
+# | ldapGroupMemberAssocAttr      |                                                          |
+# | ldapHost                      | ldap                                                     |
+# | ldapIgnoreNamingRules         |                                                          |
+# | ldapLoginFilter               | (&(|(objectclass=nextcloudAccount))(cn=%uid))            |
+# | ldapLoginFilterAttributes     |                                                          |
+# | ldapLoginFilterEmail          | 0                                                        |
+# | ldapLoginFilterMode           | 0                                                        |
+# | ldapLoginFilterUsername       | 1                                                        |
+# | ldapMatchingRuleInChainState  | unknown                                                  |
+# | ldapNestedGroups              | 0                                                        |
+# | ldapOverrideMainServer        |                                                          |
+# | ldapPagingSize                | 500                                                      |
+# | ldapPort                      | 389                                                      |
+# | ldapQuotaAttribute            | nextcloudQuota                                           |
+# | ldapQuotaDefault              |                                                          |
+# | ldapTLS                       | 0                                                        |
+# | ldapUserAvatarRule            | default                                                  |
+# | ldapUserDisplayName           | cn                                                       |
+# | ldapUserDisplayName2          |                                                          |
+# | ldapUserFilter                | (&(objectclass=nextcloudAccount)(nextcloudEnabled=TRUE)) |
+# | ldapUserFilterGroups          |                                                          |
+# | ldapUserFilterMode            | 1                                                        |
+# | ldapUserFilterObjectclass     | nextcloudAccount                                         |
+# | ldapUuidGroupAttribute        | auto                                                     |
+# | ldapUuidUserAttribute         | auto                                                     |
+# | turnOffCertCheck              | 0                                                        |
+# | turnOnPasswordChange          | 0                                                        |
+# | useMemberOfToDetectMembership | 1                                                        |
+# +-------------------------------+----------------------------------------------------------+

dockers/collabora/docker-compose.yml

@@ -15,6 +15,8 @@ services:
     environment:
       - dictionaries=fr_FR en_GB es_ES
       - aliasgroup1=https://.*${cloudHost}.${domain}:443
+      # test did sur un cloud distant
+      - aliasgroup2=https://cloud.bodam.fr:443
       # si on veut ajouter d'autres domaines autorisés pour certaines orgas: 
       # - aliasgroup2=https://autre-domaine1:443
       # - aliasgroup3=https://autre-domaine2:443

dockers/gitea/docker-compose.yml

@@ -27,11 +27,13 @@ services:
       - "traefik.docker.network=giteaNet"
 
   db:
-    image: mariadb:10.5
+    image: mariadb
     container_name: ${gitDBName}
     restart: ${restartPolicy}
     env_file:
       - ../../secret/env-${gitDBName}
+    environment:
+      - MARIADB_AUTO_UPGRADE=1    
     volumes:
       - gitDB:/var/lib/mysql
       - /etc/timezone:/etc/timezone:ro

dockers/grafana/docker-compose.yml

@@ -1,7 +1,7 @@
 services:
 
   prometheus:
-    image: prom/prometheus:v2.15.2
+    image: prom/prometheus:v3.3.0
     restart: unless-stopped
     container_name: ${prometheusServName}
     volumes:
@@ -10,27 +10,27 @@ services:
       - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro
     command:
-      - "--web.route-prefix=/"
-      - "--web.external-url=https://${site}.${domain}/prometheus"
+#      - "--web.route-prefix=/"
+#      - "--web.external-url=https://prometheus.${domain}"
       - "--config.file=/etc/prometheus/prometheus.yml"
       - "--storage.tsdb.path=/prometheus"
       - "--web.console.libraries=/usr/share/prometheus/console_libraries"
       - "--web.console.templates=/usr/share/prometheus/consoles"
     networks:
       - traefikNet
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.prometheus-secure.entrypoints=websecure"
-      - "traefik.http.middlewares.prometheus-stripprefix.stripprefix.prefixes=/prometheus"
-      - "traefik.http.routers.prometheus-secure.rule=Host(`${site}.${domain}`) && PathPrefix(`/prometheus`)"
-      # - "traefik.http.routers.prometheus-secure.tls=true"
-      - "traefik.http.routers.prometheus-secure.middlewares=prometheus-stripprefix,test-adminiallowlist@file,traefik-auth"
-      - "traefik.http.routers.prometheus-secure.service=prometheus"
-      - "traefik.http.services.prometheus.loadbalancer.server.port=9090"
-      - "traefik.docker.network=traefikNet"
+#    labels:
+#      - "traefik.enable=true"
+#      - "traefik.http.routers.prometheus-secure.entrypoints=websecure"
+#      - "traefik.http.middlewares.prometheus-stripprefix.stripprefix.prefixes=/prometheus"
+#      - "traefik.http.routers.prometheus-secure.rule=Host(`prometheus.${domain}`)"
+#      # - "traefik.http.routers.prometheus-secure.tls=true"
+#      - "traefik.http.routers.prometheus-secure.middlewares=prometheus-stripprefix,test-adminiallowlist@file,traefik-auth"
+#      - "traefik.http.routers.prometheus-secure.service=prometheus"
+#      - "traefik.http.services.prometheus.loadbalancer.server.port=9090"
+#      - "traefik.docker.network=traefikNet"
 
   grafana:
-    image: grafana/grafana:6.6.1
+    image: grafana/grafana:11.6.0
     restart: unless-stopped
     container_name: ${grafanaServName}
     volumes:
@@ -48,7 +48,7 @@ services:
       - "traefik.enable=true"
       - "traefik.http.routers.grafana-secure.entrypoints=websecure"
       - "traefik.http.middlewares.grafana-stripprefix.stripprefix.prefixes=/grafana"
-      - "traefik.http.routers.grafana-secure.rule=Host(`${site}.${domain}`) && PathPrefix(`/grafana`)"
+      - "traefik.http.routers.grafana-secure.rule=Host(`grafana.${domain}`)"
       #- "traefik.http.routers.grafana-secure.tls=true"
       - "traefik.http.routers.grafana-secure.service=grafana"
       - "traefik.http.routers.grafana-secure.middlewares=grafana-stripprefix,test-adminipallowlist@file,traefik-auth"

dockers/grafana/grafana/provisioning/dashboards/per_host_docker_monitoring.json

@@ -0,0 +1,874 @@
+{
+  "__inputs": [
+    {
+      "name": "DS_PROMETHEUS",
+      "label": "Prometheus",
+      "description": "",
+      "type": "datasource",
+      "pluginId": "prometheus",
+      "pluginName": "Prometheus"
+    }
+  ],
+  "__elements": {},
+  "__requires": [
+    {
+      "type": "grafana",
+      "id": "grafana",
+      "name": "Grafana",
+      "version": "11.6.0"
+    },
+    {
+      "type": "datasource",
+      "id": "prometheus",
+      "name": "Prometheus",
+      "version": "1.0.0"
+    },
+    {
+      "type": "panel",
+      "id": "stat",
+      "name": "Stat",
+      "version": ""
+    },
+    {
+      "type": "panel",
+      "id": "timeseries",
+      "name": "Time series",
+      "version": ""
+    }
+  ],
+  "annotations": {
+    "list": [
+      {
+        "builtIn": 1,
+        "datasource": {
+          "type": "grafana",
+          "uid": "-- Grafana --"
+        },
+        "enable": true,
+        "hide": true,
+        "iconColor": "rgba(0, 211, 255, 1)",
+        "name": "Annotations & Alerts",
+        "type": "dashboard"
+      }
+    ]
+  },
+  "description": "Docker monitoring with Prometheus and cAdvisor",
+  "editable": true,
+  "fiscalYearStartMonth": 0,
+  "graphTooltip": 1,
+  "id": null,
+  "links": [
+    {
+      "asDropdown": false,
+      "icon": "external link",
+      "includeVars": false,
+      "keepTime": false,
+      "tags": [],
+      "targetBlank": true,
+      "title": "Portainer",
+      "tooltip": "",
+      "type": "link",
+      "url": "https://portainer.kaz.bzh/"
+    }
+  ],
+  "panels": [
+    {
+      "collapsed": false,
+      "gridPos": {
+        "h": 1,
+        "w": 24,
+        "x": 0,
+        "y": 0
+      },
+      "id": 8,
+      "panels": [],
+      "repeat": "host",
+      "title": "$host",
+      "type": "row"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${DS_PROMETHEUS}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "mappings": [
+            {
+              "options": {
+                "match": "null",
+                "result": {
+                  "text": "N/A"
+                }
+              },
+              "type": "special"
+            }
+          ],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green"
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          },
+          "unit": "none"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 3,
+        "w": 8,
+        "x": 0,
+        "y": 1
+      },
+      "id": 7,
+      "maxDataPoints": 100,
+      "options": {
+        "colorMode": "none",
+        "graphMode": "none",
+        "justifyMode": "auto",
+        "orientation": "horizontal",
+        "percentChangeColorMode": "standard",
+        "reduceOptions": {
+          "calcs": [
+            "mean"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "showPercentChange": false,
+        "textMode": "auto",
+        "wideLayout": true
+      },
+      "pluginVersion": "11.6.0",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
+          "editorMode": "code",
+          "expr": "count(container_last_seen{image!=\"\", host=\"$host\"})",
+          "intervalFactor": 2,
+          "legendFormat": "",
+          "metric": "container_last_seen",
+          "range": true,
+          "refId": "A",
+          "step": 240
+        }
+      ],
+      "title": "Running containers",
+      "transparent": true,
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${DS_PROMETHEUS}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "mappings": [
+            {
+              "options": {
+                "match": "null",
+                "result": {
+                  "text": "N/A"
+                }
+              },
+              "type": "special"
+            }
+          ],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green"
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          },
+          "unit": "mbytes"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 3,
+        "w": 8,
+        "x": 8,
+        "y": 1
+      },
+      "id": 5,
+      "maxDataPoints": 100,
+      "options": {
+        "colorMode": "none",
+        "graphMode": "none",
+        "justifyMode": "auto",
+        "orientation": "horizontal",
+        "percentChangeColorMode": "standard",
+        "reduceOptions": {
+          "calcs": [
+            "lastNotNull"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "showPercentChange": false,
+        "textMode": "auto",
+        "wideLayout": true
+      },
+      "pluginVersion": "11.6.0",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
+          "editorMode": "code",
+          "expr": "sum(container_memory_usage_bytes{image!=\"\", host=\"$host\"})/1024/1024",
+          "intervalFactor": 2,
+          "legendFormat": "",
+          "metric": "container_memory_usage_bytes",
+          "range": true,
+          "refId": "A",
+          "step": 240
+        }
+      ],
+      "title": "Total Memory Usage",
+      "transparent": true,
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${DS_PROMETHEUS}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "mappings": [
+            {
+              "options": {
+                "match": "null",
+                "result": {
+                  "text": "N/A"
+                }
+              },
+              "type": "special"
+            }
+          ],
+          "max": 100,
+          "min": 0,
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green"
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          },
+          "unit": "percent"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 3,
+        "w": 8,
+        "x": 16,
+        "y": 1
+      },
+      "id": 6,
+      "maxDataPoints": 100,
+      "options": {
+        "colorMode": "none",
+        "graphMode": "none",
+        "justifyMode": "auto",
+        "orientation": "horizontal",
+        "percentChangeColorMode": "standard",
+        "reduceOptions": {
+          "calcs": [
+            "lastNotNull"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "showPercentChange": false,
+        "textMode": "auto",
+        "wideLayout": true
+      },
+      "pluginVersion": "11.6.0",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
+          "editorMode": "code",
+          "expr": "sum(rate(container_cpu_user_seconds_total{image!=\"\", host=\"$host\"}[5m]) * 100)",
+          "intervalFactor": 2,
+          "legendFormat": "",
+          "metric": "container_memory_usage_bytes",
+          "range": true,
+          "refId": "A",
+          "step": 240
+        }
+      ],
+      "title": "Total CPU Usage",
+      "transparent": true,
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${DS_PROMETHEUS}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisBorderShow": false,
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "barWidthFactor": 0.6,
+            "drawStyle": "line",
+            "fillOpacity": 10,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "insertNulls": false,
+            "lineInterpolation": "linear",
+            "lineWidth": 2,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": true,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "links": [
+            {
+              "oneClick": false,
+              "targetBlank": true,
+              "title": "Portainer host",
+              "url": "https://portainer.kaz.bzh/#!/${__field.labels.portainer_id}/docker/containers"
+            },
+            {
+              "targetBlank": true,
+              "title": "Portainer container",
+              "url": "https://portainer.kaz.bzh/#!/${__field.labels.portainer_id}/docker/containers/${__field.labels.id.21}${__field.labels.id.22}${__field.labels.id.23}${__field.labels.id.24}${__field.labels.id.25}${__field.labels.id.26}${__field.labels.id.27}${__field.labels.id.28}${__field.labels.id.29}${__field.labels.id.30}${__field.labels.id.31}${__field.labels.id.32}"
+            }
+          ],
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green"
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          },
+          "unit": "percent"
+        },
+        "overrides": [
+          {
+            "__systemRef": "hideSeriesFrom",
+            "matcher": {
+              "id": "byNames",
+              "options": {
+                "mode": "exclude",
+                "names": [
+                  "lagalette-orga/lagalette-wpServ"
+                ],
+                "prefix": "All except:",
+                "readOnly": true
+              }
+            },
+            "properties": [
+              {
+                "id": "custom.hideFrom",
+                "value": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": true
+                }
+              }
+            ]
+          }
+        ]
+      },
+      "gridPos": {
+        "h": 7,
+        "w": 24,
+        "x": 0,
+        "y": 4
+      },
+      "id": 2,
+      "options": {
+        "legend": {
+          "calcs": [
+            "mean",
+            "lastNotNull"
+          ],
+          "displayMode": "table",
+          "placement": "right",
+          "showLegend": true,
+          "sortBy": "Mean",
+          "sortDesc": true
+        },
+        "tooltip": {
+          "hideZeros": false,
+          "mode": "multi",
+          "sort": "desc"
+        }
+      },
+      "pluginVersion": "11.6.0",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
+          "editorMode": "code",
+          "expr": "rate(container_cpu_user_seconds_total{image!=\"\", host=\"$host\"}[5m]) * 100",
+          "intervalFactor": 2,
+          "legendFormat": "{{container_label_com_docker_compose_project}}/{{name}}",
+          "metric": "cpu",
+          "range": true,
+          "refId": "A",
+          "step": 10
+        }
+      ],
+      "title": "CPU Usage",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${DS_PROMETHEUS}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisBorderShow": false,
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "barWidthFactor": 0.6,
+            "drawStyle": "line",
+            "fillOpacity": 10,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "insertNulls": false,
+            "lineInterpolation": "linear",
+            "lineWidth": 2,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": true,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "links": [
+            {
+              "targetBlank": true,
+              "title": "Portainer host",
+              "url": "https://portainer.kaz.bzh/#!/${__field.labels.portainer_id}/docker/containers"
+            },
+            {
+              "targetBlank": true,
+              "title": "Portainer container",
+              "url": "https://portainer.kaz.bzh/#!/${__field.labels.portainer_id}/docker/containers/${__field.labels.id.21}${__field.labels.id.22}${__field.labels.id.23}${__field.labels.id.24}${__field.labels.id.25}${__field.labels.id.26}${__field.labels.id.27}${__field.labels.id.28}${__field.labels.id.29}${__field.labels.id.30}${__field.labels.id.31}${__field.labels.id.32}"
+            }
+          ],
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green"
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          },
+          "unit": "bytes"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 7,
+        "w": 24,
+        "x": 0,
+        "y": 11
+      },
+      "id": 1,
+      "links": [
+        {
+          "targetBlank": true,
+          "title": "Portainer",
+          "url": "https://portainer.kaz.bzh"
+        }
+      ],
+      "options": {
+        "legend": {
+          "calcs": [
+            "mean",
+            "lastNotNull"
+          ],
+          "displayMode": "table",
+          "placement": "right",
+          "showLegend": true
+        },
+        "tooltip": {
+          "hideZeros": false,
+          "mode": "multi",
+          "sort": "desc"
+        }
+      },
+      "pluginVersion": "11.6.0",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
+          "editorMode": "builder",
+          "expr": "container_memory_usage_bytes{image!=\"\", host=\"$host\"}",
+          "hide": false,
+          "intervalFactor": 2,
+          "legendFormat": "{{container_label_com_docker_compose_project}}/{{name}}",
+          "metric": "container_memory_usage_bytes",
+          "range": true,
+          "refId": "A",
+          "step": 10
+        }
+      ],
+      "title": "Memory Usage",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${DS_PROMETHEUS}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisBorderShow": false,
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "barWidthFactor": 0.6,
+            "drawStyle": "line",
+            "fillOpacity": 10,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "insertNulls": false,
+            "lineInterpolation": "linear",
+            "lineWidth": 2,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": true,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green"
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          },
+          "unit": "Bps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 7,
+        "w": 12,
+        "x": 0,
+        "y": 18
+      },
+      "id": 3,
+      "options": {
+        "legend": {
+          "calcs": [
+            "mean",
+            "lastNotNull"
+          ],
+          "displayMode": "table",
+          "placement": "right",
+          "showLegend": true,
+          "sortBy": "Mean",
+          "sortDesc": true
+        },
+        "tooltip": {
+          "hideZeros": false,
+          "mode": "multi",
+          "sort": "desc"
+        }
+      },
+      "pluginVersion": "11.6.0",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
+          "editorMode": "code",
+          "expr": "irate(container_network_receive_bytes_total{image!=\"\", host=\"$host\"}[5m])",
+          "intervalFactor": 2,
+          "legendFormat": "{{container_label_com_docker_compose_project}}/{{name}}",
+          "metric": "container_network_receive_bytes_total",
+          "range": true,
+          "refId": "A",
+          "step": 20
+        }
+      ],
+      "title": "Network Rx",
+      "transformations": [
+        {
+          "id": "renameByRegex",
+          "options": {
+            "regex": "(.*)",
+            "renamePattern": "$1"
+          }
+        }
+      ],
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${DS_PROMETHEUS}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisBorderShow": false,
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "barWidthFactor": 0.6,
+            "drawStyle": "line",
+            "fillOpacity": 10,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "insertNulls": false,
+            "lineInterpolation": "linear",
+            "lineWidth": 2,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": true,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green"
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          },
+          "unit": "Bps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 7,
+        "w": 12,
+        "x": 12,
+        "y": 18
+      },
+      "id": 9,
+      "options": {
+        "legend": {
+          "calcs": [
+            "mean",
+            "lastNotNull"
+          ],
+          "displayMode": "table",
+          "placement": "right",
+          "showLegend": true,
+          "sortBy": "Mean",
+          "sortDesc": true
+        },
+        "tooltip": {
+          "hideZeros": false,
+          "mode": "multi",
+          "sort": "desc"
+        }
+      },
+      "pluginVersion": "11.6.0",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
+          "editorMode": "code",
+          "expr": "irate(container_network_transmit_bytes_total{image!=\"\", host=\"$host\"}[5m])",
+          "hide": false,
+          "intervalFactor": 2,
+          "legendFormat": "{{container_label_com_docker_compose_project}}/{{name}}",
+          "metric": "container_network_receive_bytes_total",
+          "range": true,
+          "refId": "B",
+          "step": 20
+        }
+      ],
+      "title": "Network Tx",
+      "type": "timeseries"
+    }
+  ],
+  "refresh": "30s",
+  "schemaVersion": 41,
+  "tags": [],
+  "templating": {
+    "list": [
+      {
+        "allowCustomValue": false,
+        "current": {},
+        "definition": "label_values(host)",
+        "includeAll": true,
+        "multi": true,
+        "name": "host",
+        "options": [],
+        "query": {
+          "qryType": 1,
+          "query": "label_values(host)",
+          "refId": "PrometheusVariableQueryEditor-VariableQuery"
+        },
+        "refresh": 1,
+        "regex": "",
+        "type": "query"
+      },
+      {
+        "baseFilters": [],
+        "datasource": {
+          "type": "prometheus",
+          "uid": "PBFA97CFB590B2093"
+        },
+        "filters": [
+          {
+            "condition": "",
+            "key": "container_label_com_docker_compose_project",
+            "keyLabel": "container_label_com_docker_compose_project",
+            "operator": "=~",
+            "value": ".*",
+            "valueLabels": [
+              ".*"
+            ]
+          }
+        ],
+        "hide": 1,
+        "name": "filter",
+        "type": "adhoc"
+      }
+    ]
+  },
+  "time": {
+    "from": "now-3h",
+    "to": "now"
+  },
+  "timepicker": {},
+  "timezone": "browser",
+  "title": "Docker monitoring par host",
+  "uid": "eekgch7tdq8sgc",
+  "version": 29,
+  "weekStart": ""
+}

dockers/grafana/grafana/provisioning/dashboards/server_details.json

@@ -0,0 +1,442 @@
+
+                "color": "green"
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          },
+          "unit": "Bps"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 7,
+        "w": 12,
+        "x": 0,
+        "y": 14
+      },
+      "id": 84,
+      "options": {
+        "legend": {
+          "calcs": [
+            "mean",
+            "lastNotNull",
+            "max",
+            "min"
+          ],
+          "displayMode": "table",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "hideZeros": false,
+          "mode": "multi",
+          "sort": "none"
+        }
+      },
+      "pluginVersion": "11.6.0",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus"
+          },
+          "editorMode": "code",
+          "expr": "rate(node_network_receive_bytes_total{host=\"$host\", device=~\"$device\"}[5m])",
+          "format": "time_series",
+          "intervalFactor": 1,
+          "legendFormat": "{{device}} - rx",
+          "range": true,
+          "refId": "A",
+          "step": 240
+        },
+        {
+          "datasource": {
+            "type": "prometheus"
+          },
+          "editorMode": "code",
+          "expr": "- rate(node_network_transmit_bytes_total{host=\"$host\", device=~\"$device\"}[5m])",
+          "hide": false,
+          "instant": false,
+          "legendFormat": "{{device}} - tx",
+          "range": true,
+          "refId": "B"
+        }
+      ],
+      "title": "Network Traffic Rx",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus"
+      },
+      "description": "",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisBorderShow": false,
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "barWidthFactor": 0.6,
+            "drawStyle": "line",
+            "fillOpacity": 0,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "insertNulls": false,
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "auto",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "links": [],
+          "mappings": [],
+          "max": 100,
+          "min": 0,
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green"
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          },
+          "unit": "percent"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 7,
+        "w": 12,
+        "x": 12,
+        "y": 14
+      },
+      "id": 174,
+      "options": {
+        "alertThreshold": true,
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "hideZeros": false,
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "pluginVersion": "11.6.0",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus"
+          },
+          "editorMode": "code",
+          "expr": "(node_filesystem_size_bytes{host=\"$host\",fstype=~\"ext.*|xfs\",mountpoint !~\".*pod.*\"}-node_filesystem_free_bytes{host=\"$host\",fstype=~\"ext.*|xfs\",mountpoint !~\".*pod.*\"}) *100/(node_filesystem_avail_bytes{host=\"$host\",fstype=~\"ext.*|xfs\",mountpoint !~\".*pod.*\"}+(node_filesystem_size_bytes{host=\"$host\",fstype=~\"ext.*|xfs\",mountpoint !~\".*pod.*\"}-node_filesystem_free_bytes{host=\"$host\",fstype=~\"ext.*|xfs\",mountpoint !~\".*pod.*\"}))",
+          "format": "time_series",
+          "instant": false,
+          "interval": "",
+          "intervalFactor": 1,
+          "legendFormat": "{{mountpoint}}",
+          "refId": "A"
+        },
+        {
+          "datasource": {
+            "type": "prometheus"
+          },
+          "expr": "node_filesystem_files_free{host=\"$host\",fstype=~\"ext.?|xfs\"} / node_filesystem_files{host=\"$host\",fstype=~\"ext.?|xfs\"}",
+          "hide": true,
+          "interval": "",
+          "legendFormat": "Inodes：{{instance}}：{{mountpoint}}",
+          "refId": "B"
+        }
+      ],
+      "title": "Disk",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus"
+      },
+      "description": "Physical machines only",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisBorderShow": false,
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "barWidthFactor": 0.6,
+            "drawStyle": "line",
+            "fillOpacity": 0,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "insertNulls": false,
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "auto",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "min": 0,
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green"
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          },
+          "unit": "celsius"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 7,
+        "w": 12,
+        "x": 0,
+        "y": 21
+      },
+      "id": 175,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "hideZeros": false,
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "pluginVersion": "11.6.0",
+      "targets": [
+        {
+          "editorMode": "code",
+          "expr": "node_thermal_zone_temp{host=\"$host\"}",
+          "legendFormat": "{{type}}-zone{{zone}}",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Temperature",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisBorderShow": false,
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "barWidthFactor": 0.6,
+            "drawStyle": "line",
+            "fillOpacity": 0,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "insertNulls": false,
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "auto",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green"
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          }
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 7,
+        "w": 12,
+        "x": 12,
+        "y": 21
+      },
+      "id": 176,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "hideZeros": false,
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "pluginVersion": "11.6.0",
+      "targets": [
+        {
+          "editorMode": "code",
+          "expr": "rate(node_disk_reads_completed_total{host=\"$host\"}[2m])",
+          "legendFormat": "{{device}} reads",
+          "range": true,
+          "refId": "A"
+        },
+        {
+          "datasource": {
+            "type": "prometheus"
+          },
+          "editorMode": "code",
+          "expr": " rate(node_disk_writes_completed_total{host=~\"$host\"}[2m])",
+          "hide": false,
+          "instant": false,
+          "legendFormat": "{{device}} writes",
+          "range": true,
+          "refId": "B"
+        }
+      ],
+      "title": "Disks IOs",
+      "type": "timeseries"
+    }
+  ],
+  "preload": false,
+  "refresh": "5s",
+  "schemaVersion": 41,
+  "tags": [],
+  "templating": {
+    "list": [
+      {
+        "allowCustomValue": false,
+        "current": {
+          "text": "kazguel",
+          "value": "kazguel"
+        },
+        "definition": "label_values(host)",
+        "includeAll": false,
+        "name": "host",
+        "options": [],
+        "query": {
+          "qryType": 1,
+          "query": "label_values(host)",
+          "refId": "PrometheusVariableQueryEditor-VariableQuery"
+        },
+        "refresh": 1,
+        "regex": "",
+        "type": "query"
+      },
+      {
+        "allowCustomValue": false,
+        "current": {
+          "text": [
+            "ens18"
+          ],
+          "value": [
+            "ens18"
+          ]
+        },
+        "definition": "label_values(node_network_info{device!~\"br.*|veth.*|lo.*|tap.*|docker.*|vibr.*\"},device)",
+        "includeAll": true,
+        "label": "NIC",
+        "multi": true,
+        "name": "device",
+        "options": [],
+        "query": {
+          "qryType": 1,
+          "query": "label_values(node_network_info{device!~\"br.*|veth.*|lo.*|tap.*|docker.*|vibr.*\"},device)",
+          "refId": "PrometheusVariableQueryEditor-VariableQuery"
+        },
+        "refresh": 1,
+        "regex": "",
+        "type": "query"
+      }
+    ]
+  },
+  "time": {
+    "from": "now-6h",
+    "to": "now"
+  },
+  "timepicker": {},
+  "timezone": "",
+  "title": "Vue Serveur",
+  "uid": "deki6c3qvihhcd",
+  "version": 22
+}

dockers/grafana/prometheus/prometheus.yml

@@ -1,12 +1,108 @@
 global:
-  scrape_interval:     15s
-  evaluation_interval: 15s
+  scrape_interval:     60s
+  evaluation_interval: 60s
+  scrape_timeout:      55s
 
 rule_files:
   - 'alert.rules'
 
 scrape_configs:
-  - job_name: 'traefik'
-    scrape_interval: 5s
+  # unused for now
+  #- job_name: 'traefik'
+  #  scrape_interval: 5s
+  #  static_configs:
+  #    - targets: ['reverse-proxy:8080']
+
+  - job_name: prometheus
     static_configs:
-      - targets: ['dashboard.kaz.sns:8289','dashboard2.kaz.sns:8289']
+      - targets: ["prometheus:9090"]
+
+
+  - job_name: cadvisor-prod1
+    scheme: "https"
+    static_configs:
+      - targets: ["cadvisor-prod1.kaz.bzh:443"]
+        labels: 
+          host: 'prod1'
+          portainer_id: 2
+
+  - job_name: cadvisor-prod2
+    scheme: "https"
+    static_configs:        
+      - targets: ["cadvisor-prod2.kaz.bzh:443"]
+        labels: 
+          host: 'prod2'
+          portainer_id: 4
+
+  - job_name: cadvisor-kazoulet
+    scheme: "https"
+    static_configs:
+      - targets: ["cadvisor-kazoulet.kaz.bzh:443"]
+        labels: 
+          host: 'kazoulet'
+          portainer_id: 3
+
+  - job_name: cadvisor-tykaz
+    scheme: "https"
+    static_configs:          
+      - targets: ["cadvisor-tykaz.kaz.bzh:443"]
+        labels: 
+          host: 'tykaz'
+          portainer_id: 10
+
+  - job_name: cadvisor-kazguel
+    scheme: "https"
+    static_configs:
+      - targets: ["cadvisor-kazguel.kaz.bzh:443"]
+        labels: 
+          host: 'kazguel'
+          portainer_id: 11
+
+  - job_name: cadvisor-kazkouil
+    scheme: "https"
+    static_configs:
+      - targets: ["cadvisor-dev.kazkouil.fr:443"]
+        labels: 
+          host: 'kazkouil'
+          portainer_id: 5
+
+  - job_name: node-exporter-prod1
+    static_configs:
+#      - targets: ["prod1.kaz.bzh:9100","prod2.kaz.bzh:9100","kazoulet.kaz.bzh:9100","tykaz.kaz.bzh:9100","kazguel.kaz.bzh:9100","kazkouil.fr:9100"]
+
+      - targets: ["prod1.kaz.bzh:9100"]
+        labels:
+          host: 'prod1'
+
+          
+  - job_name: node-exporter-prod2
+    static_configs:
+#      - targets: ["prod1.kaz.bzh:9100","prod2.kaz.bzh:9100","kazoulet.kaz.bzh:9100","tykaz.kaz.bzh:9100","kazguel.kaz.bzh:9100","kazkouil.fr:9100"]
+          
+      - targets: ["prod2.kaz.bzh:9100"]
+        labels: 
+          host: 'prod2'
+
+  - job_name: node-exporter-kazoulet
+    static_configs:
+      - targets: ["kazoulet.kaz.bzh:9100"]
+        labels: 
+          host: 'kazoulet'
+
+  - job_name: node-exporter-tykaz
+    static_configs:
+      - targets: ["tykaz.kaz.bzh:9100"]
+        labels: 
+          host: 'tykaz'
+
+  - job_name: node-exporter-kazguel
+    static_configs:
+      - targets: ["kazguel.kaz.bzh:9100"]
+        labels: 
+          host: 'kazguel'
+
+  - job_name: node-exporter-kazkouil
+    static_configs:
+      - targets: ["kazkouil.fr:9100"]
+        labels: 
+          host: 'kazkouil'

dockers/jirafeau/Dockerfile

@@ -38,7 +38,8 @@ RUN docker-php-ext-install zip
 RUN mkdir /var/jirafeau/ /var/jirafeauData/
 WORKDIR /var/jirafeau
 COPY --chown=www-data git/Jirafeau/ .
-COPY --chown=www-data git/depollueur/src/Jirafeau/[aft].php ./
+COPY --chown=www-data git/depollueur/src/Jirafeau/ ./
+
 COPY --chown=www-data dockers/jirafeau/media/kaz media/kaz
 RUN sed -i -e '1i\<p>La limite des t&eacute;l&eacute;versements est actuellement de <?php echo ini_get("post_max_size"); ?></p>' lib/template/footer.php
 RUN sed -i -e '/<div id="jyraphe">/i\<div id="kaz">' lib/template/footer.php

dockers/jirafeau/docker-compose.yml

@@ -28,9 +28,9 @@ services:
     #   - "traefik.http.routers.${jirafeauServName}-download.rule=Host(`${fileHost}.${domain}`) && ( PathPrefix(`/f.php`) || PathPrefix(`/index.php`)"
     # Le service est ouvert aux ip autorisées
     #   - "traefik.http.routers.${jirafeauServName}-admin.rule=Host(`${fileHost}.${domain}`)"
-       - "traefik.http.routers.${jirafeauServName}-admin.rule=Host(`${fileHost}.${domain}`) && ( PathPrefix(`/a-send.php`) || PathPrefix(`/s.php`) || PathPrefix(`/admin.php`) )"
+       - "traefik.http.routers.${jirafeauServName}-admin.rule=Host(`${fileHost}.${domain}`) && ( PathPrefix(`/a-send.php`) || PathPrefix(`/s.php`) || PathPrefix(`/admin.php`) || PathPrefix(`/script.php`) )"
        - "traefik.http.routers.${jirafeauServName}-admin.middlewares=test-adminipallowlist@file"
-       - "traefik.http.routers.${jirafeauServName}.rule=Host(`${fileHost}.${domain}`) && ! ( PathPrefix(`/a-send.php`) || PathPrefix(`/s.php`) || PathPrefix(`/admin.php`) )"
+       - "traefik.http.routers.${jirafeauServName}.rule=Host(`${fileHost}.${domain}`) && ! ( PathPrefix(`/a-send.php`) || PathPrefix(`/s.php`) || PathPrefix(`/admin.php`) || PathPrefix(`/script.php`) )"
        - "traefik.docker.network=jirafeauNet"
 
 volumes:

dockers/jirafeau/reload.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+# limitation du filter.sh
+docker exec jirafeauServ bash -c "cp /var/jirafeauData/*/20241109/*.json /var/jirafeau/lib/locales/"
+docker exec jirafeauServ bash -c "cp /var/jirafeauData/*/20241109/*.php /var/jirafeau/"
+docker exec jirafeauServ bash -c "mv /var/jirafeau/settings.php /var/jirafeau/lib/"
+docker exec jirafeauServ bash -c "mv /var/jirafeau/functions.js.php /var/jirafeau/lib/"

dockers/ldap/docker-compose.yml

@@ -11,6 +11,7 @@ services:
   web:
     image: ltbproject/self-service-password
     container_name: ${ldapUIName}
+    restart: ${restartPolicy}
     depends_on:
       - ldap
     networks:
@@ -45,7 +46,7 @@ services:
   ldap:
     image: docker.io/bitnami/openldap:2.6
     container_name: ${ldapServName}
-    restart: always
+    restart: ${restartPolicy}
 
     env_file:
       - ../../secret/env-${ldapServName}

dockers/ldap/first.sh

@@ -84,5 +84,5 @@ updateVarInConf "pwd_show_policy" "always" "${CONFIG_IHM}"
 updateVarInConf "posthook" "/var/www/kaz/post-hook.sh" "${CONFIG_IHM}"
 updateVarInConf "posthook_password_encodebase64" "true" "${CONFIG_IHM}"
 
-
-docker cp "${KAZ_BIN_DIR}/look/kaz/kaz-tete.png" "${ldapUIName}:/var/www/html/images/ltb-logo.png"
+# does not work
+# docker cp "${KAZ_BIN_DIR}/look/kaz/kaz-tete.png" "${ldapUIName}:/var/www/html/images/ltb-logo.png"

dockers/mastodon/.env

@@ -0,0 +1 @@
+../../config/dockers.env

dockers/mastodon/README.md

@@ -0,0 +1,6 @@
+Initialiser la DB :
+docker-compose run --rm web bundle exec rails db:setup
+
+Créer un compte admin :
+tootctl accounts create adminkaz --email admin@kaz.bzh --confirmed --role Owner
+tootctl accounts approve adminkaz

dockers/mastodon/docker-compose.yml

@@ -0,0 +1,184 @@
+# This file is designed for production server deployment, not local development work
+# For a containerized local dev environment, see: https://github.com/mastodon/mastodon/blob/main/docs/DEVELOPMENT.md#docker
+
+services:
+  db:
+    container_name: ${mastodonDBName}
+    restart: ${restartPolicy}
+    image: postgres:14-alpine
+    shm_size: 256mb
+    networks:
+      - mastodonNet
+    healthcheck:
+      test: ['CMD', 'pg_isready', '-U', 'postgres']
+    volumes:
+      - postgres:/var/lib/postgresql/data
+    # environment:
+    #   - 'POSTGRES_HOST_AUTH_METHOD=trust'
+    env_file:
+      - ../../secret/env-mastodonDB
+
+  redis:
+    container_name: ${mastodonRedisName}
+    restart: ${restartPolicy}
+    image: redis:7-alpine
+    networks:
+      - mastodonNet
+    healthcheck:
+      test: ['CMD', 'redis-cli', 'ping']
+    volumes:
+      - redis:/data
+
+  # es:
+  #   restart: always
+  #   image: docker.elastic.co/elasticsearch/elasticsearch:7.17.4
+  #   environment:
+  #     - "ES_JAVA_OPTS=-Xms512m -Xmx512m -Des.enforce.bootstrap.checks=true"
+  #     - "xpack.license.self_generated.type=basic"
+  #     - "xpack.security.enabled=false"
+  #     - "xpack.watcher.enabled=false"
+  #     - "xpack.graph.enabled=false"
+  #     - "xpack.ml.enabled=false"
+  #     - "bootstrap.memory_lock=true"
+  #     - "cluster.name=es-mastodon"
+  #     - "discovery.type=single-node"
+  #     - "thread_pool.write.queue_size=1000"
+  #   networks:
+  #      - external_network
+  #      - internal_network
+  #   healthcheck:
+  #      test: ["CMD-SHELL", "curl --silent --fail localhost:9200/_cluster/health || exit 1"]
+  #   volumes:
+  #      - ./elasticsearch:/usr/share/elasticsearch/data
+  #   ulimits:
+  #     memlock:
+  #       soft: -1
+  #       hard: -1
+  #     nofile:
+  #       soft: 65536
+  #       hard: 65536
+  #   ports:
+  #     - '127.0.0.1:9200:9200'
+
+  web:
+    # You can uncomment the following line if you want to not use the prebuilt image, for example if you have local code changes
+    # build: .
+    container_name: ${mastodonServName}
+    image: ghcr.io/mastodon/mastodon:v4.3.6
+    restart: ${restartPolicy}
+    environment:
+      - LOCAL_DOMAIN=${mastodonHost}.${domain}
+      - SMTP_SERVER=smtp.${domain}
+      - SMTP_LOGIN=admin@${domain}
+      - SMTP_FROM_ADDRESS=admin@${domain}
+    env_file:
+      - env-config
+      - ../../secret/env-mastodonServ
+      - ../../secret/env-mastodonDB
+    command: bundle exec puma -C config/puma.rb
+    networks:
+      - mastodonNet
+    healthcheck:
+      # prettier-ignore
+      test: ['CMD-SHELL',"curl -s --noproxy localhost localhost:3000/health | grep -q 'OK' || exit 1"]
+    ports:
+      - '127.0.0.1:3000:3000'
+    depends_on:
+      - db
+      - redis
+      # - es
+    volumes:
+      - public_system:/mastodon/public/system
+      - images:/mastodon/app/javascript/images
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.koz.rule=Host(`${mastodonHost}.${domain}`)"
+      - "traefik.http.services.koz.loadbalancer.server.port=3000"
+      - "traefik.docker.network=mastodonNet"
+
+
+  streaming:
+    # You can uncomment the following lines if you want to not use the prebuilt image, for example if you have local code changes
+    # build:
+    #   dockerfile: ./streaming/Dockerfile
+    #   context: .
+    container_name: ${mastodonStreamingName}
+    image: ghcr.io/mastodon/mastodon-streaming:v4.3.6
+    restart: ${restartPolicy}
+    environment:
+      - LOCAL_DOMAIN=${mastodonHost}.${domain}
+      - SMTP_SERVER=smtp.${domain}
+      - SMTP_LOGIN=admin@${domain}
+      - SMTP_FROM_ADDRESS=admin@${domain}
+    env_file:
+      - env-config
+      - ../../secret/env-mastodonServ
+    command: node ./streaming/index.js
+    networks:
+      - mastodonNet
+    healthcheck:
+      # prettier-ignore
+      test: ['CMD-SHELL', "curl -s --noproxy localhost localhost:4000/api/v1/streaming/health | grep -q 'OK' || exit 1"]
+    ports:
+      - '127.0.0.1:4000:4000'
+    depends_on:
+      - db
+      - redis
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.kozs.rule=(Host(`${mastodonHost}.${domain}`) && PathPrefix(`/api/v1/streaming`))"
+      - "traefik.http.services.kozs.loadbalancer.server.port=4000"
+      - "traefik.docker.network=mastodonNet"
+
+  sidekiq:
+    # You can uncomment the following line if you want to not use the prebuilt image, for example if you have local code changes
+    # build: .
+    container_name: ${mastodonSidekiqName}
+    image: ghcr.io/mastodon/mastodon:v4.3.6
+    restart: ${restartPolicy}
+    environment:
+      - LOCAL_DOMAIN=${mastodonHost}.${domain}
+      - SMTP_SERVER=smtp.${domain}
+      - SMTP_LOGIN=admin@${domain}
+      - SMTP_FROM_ADDRESS=admin@${domain}
+    env_file:
+      - env-config
+      - ../../secret/env-mastodonServ
+    command: bundle exec sidekiq
+    depends_on:
+      - db
+      - redis
+    networks:
+      - mastodonNet
+    volumes:
+      - public_system:/mastodon/public/system
+    healthcheck:
+      test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]
+
+  ## Uncomment to enable federation with tor instances along with adding the following ENV variables
+  ## http_hidden_proxy=http://privoxy:8118
+  ## ALLOW_ACCESS_TO_HIDDEN_SERVICE=true
+  # tor:
+  #   image: sirboops/tor
+  #   networks:
+  #      - external_network
+  #      - internal_network
+  #
+  # privoxy:
+  #   image: sirboops/privoxy
+  #   volumes:
+  #     - ./priv-config:/opt/config
+  #   networks:
+  #     - external_network
+  #     - internal_network
+
+volumes:
+  postgres:
+  redis:
+  public_system:
+  images:
+
+networks:
+  mastodonNet:
+    external: true
+    name: mastodonNet

dockers/mastodon/env-config

@@ -0,0 +1,113 @@
+# This is a sample configuration file. You can generate your configuration
+# with the `bundle exec rails mastodon:setup` interactive setup wizard, but to customize
+# your setup even further, you'll need to edit it manually. This sample does
+# not demonstrate all available configuration options. Please look at
+# https://docs.joinmastodon.org/admin/config/ for the full documentation.
+
+# Note that this file accepts slightly different syntax depending on whether
+# you are using `docker-compose` or not. In particular, if you use
+# `docker-compose`, the value of each declared variable will be taken verbatim,
+# including surrounding quotes.
+# See: https://github.com/mastodon/mastodon/issues/16895
+
+# Federation
+# ----------
+# This identifies your server and cannot be changed safely later
+# ----------
+# LOCAL_DOMAIN=
+
+# Redis
+# -----
+REDIS_HOST=redis
+REDIS_PORT=
+
+# PostgreSQL
+# ----------
+DB_HOST=db
+#DB_USER=postgres
+#DB_NAME=postgres
+#DB_PASS=
+DB_PORT=5432
+
+# Elasticsearch (optional)
+# ------------------------
+ES_ENABLED=false
+ES_HOST=localhost
+ES_PORT=9200
+# Authentication for ES (optional)
+ES_USER=elastic
+ES_PASS=password
+
+# Secrets
+# -------
+# Make sure to use `bundle exec rails secret` to generate secrets
+# -------
+#SECRET_KEY_BASE=
+#OTP_SECRET=
+
+# Encryption secrets
+# ------------------
+# Must be available (and set to same values) for all server processes
+# These are private/secret values, do not share outside hosting environment
+# Use `bin/rails db:encryption:init` to generate fresh secrets
+# Do NOT change these secrets once in use, as this would cause data loss and other issues
+# ------------------
+#ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=
+#ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=
+#ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=
+
+
+# Web Push
+# --------
+# Generate with `bundle exec rails mastodon:webpush:generate_vapid_key`
+# --------
+#VAPID_PRIVATE_KEY=
+#VAPID_PUBLIC_KEY=
+
+# Sending mail
+# ------------
+#SMTP_SERVER=
+SMTP_PORT=587
+#SMTP_LOGIN=
+#SMTP_PASSWORD=
+#SMTP_FROM_ADDRESS=
+
+# File storage (optional)
+# -----------------------
+S3_ENABLED=false
+S3_BUCKET=files.example.com
+AWS_ACCESS_KEY_ID=
+AWS_SECRET_ACCESS_KEY=
+S3_ALIAS_HOST=files.example.com
+
+# IP and session retention
+# -----------------------
+# Make sure to modify the scheduling of ip_cleanup_scheduler in config/sidekiq.yml
+# to be less than daily if you lower IP_RETENTION_PERIOD below two days (172800).
+# -----------------------
+IP_RETENTION_PERIOD=31556952
+SESSION_RETENTION_PERIOD=31556952
+
+# Fetch All Replies Behavior
+# --------------------------
+# When a user expands a post (DetailedStatus view), fetch all of its replies
+# (default: false)
+FETCH_REPLIES_ENABLED=false
+
+# Period to wait between fetching replies (in minutes)
+FETCH_REPLIES_COOLDOWN_MINUTES=15
+
+# Period to wait after a post is first created before fetching its replies (in minutes)
+FETCH_REPLIES_INITIAL_WAIT_MINUTES=5
+
+# Max number of replies to fetch - total, recursively through a whole reply tree
+FETCH_REPLIES_MAX_GLOBAL=1000
+
+# Max number of replies to fetch - for a single post
+FETCH_REPLIES_MAX_SINGLE=500
+
+# Max number of replies Collection pages to fetch - total
+FETCH_REPLIES_MAX_PAGES=500
+
+SINGLE_USER_MODE=false
+#EMAIL_DOMAIN_ALLOWLIST=

dockers/mattermost/docker-compose.yml

@@ -1,21 +1,15 @@
 services:
 
   app:
-    image: mattermost/mattermost-team-edition:9.10
+    image: mattermost/mattermost-team-edition:10.9.1
     container_name: ${mattermostServName}
     restart: ${restartPolicy}
-    # memory: 1G
-    # disk_quota: 256M
     volumes:
       - matterConfig:/mattermost/config:rw
-#      - matterConfigLangSrv:/mattermost/i18n:rw
-#      - matterConfigLangClt:/mattermost/client/i18n:rw      
       - matterData:/mattermost/data:rw
       - matterLogs:/mattermost/logs:rw
       - matterPlugins:/mattermost/plugins:rw
       - matterClientPlugins:/mattermost/client/plugins:rw
-#      - matterIcons:/mattermost/client/images/
-#      - matterI18n:/mattermost/i18n:rw
       - /etc/ssl:/etc/ssl:ro
       - /etc/localtime:/etc/localtime:ro
       - /etc/timezone:/etc/timezone:ro
@@ -29,17 +23,12 @@ services:
       - MM_PASSWORDSETTINGS_UPPERCASE=false
       - MM_PASSWORDSETTINGS_NUMBER=false
       - MM_PASSWORDSETTINGS_SYMBOL=true
-      # in case your config is not in default location
-      #- MM_CONFIG=/mattermost/config/config.json
-
     depends_on:
-      - db
+      - postgres
     links:
-      - db
+      - postgres
     expose:
       - ${matterPort}
-    # ports:
-    #   - 8089:80
     networks:
       - mattermostNet
       - postfixNet
@@ -57,22 +46,30 @@ services:
       start_period: 20s
       timeout: 10s
 
-  db:
-    image: mariadb:10.5
-    container_name: ${mattermostDBName}
+  postgres:
+    image: postgres:17-alpine
+    container_name: matterPG
     restart: ${restartPolicy}
     networks:
       - mattermostNet
+    security_opt:
+      - no-new-privileges:true
+    pids_limit: 100
+    read_only: true
+    tmpfs:
+      - /tmp
+      - /var/run/postgresql
+    volumes:
+      - matterPG:/var/lib/postgresql/data
+#    environment:
+      # timezone inside container
+      # - TZ
     env_file:
       - ../../secret/env-${mattermostDBName}
-    volumes:
-      - matterDB:/var/lib/mysql
-      - /home/sauve/:/svg/
-      - /etc/localtime:/etc/localtime:ro
-      - /etc/timezone:/etc/timezone:ro
+
 
 volumes:
-  matterDB:
+  matterPG:
   matterConfig:
   matterData:
   matterLogs:
@@ -80,8 +77,6 @@ volumes:
   matterClientPlugins:
   matterConfigLangSrv:
   matterConfigLangClt:
-#  matterI18n:
-#  matterIcons:
 
 networks:
   mattermostNet:

dockers/mobilizon/config.exs

@@ -44,7 +44,7 @@ config :mobilizon, Mobilizon.Storage.Repo,
 
 config :mobilizon, Mobilizon.Web.Email.Mailer,
   adapter: Swoosh.Adapters.SMTP,
-  relay: System.get_env("MOBILIZON_SMTP_SERVER", "localhost"),
+  relay: System.get_env("MOBILIZON_SMTP_SERVER", "smtp"),
   port: System.get_env("MOBILIZON_SMTP_PORT", "25"),
   username: System.get_env("MOBILIZON_SMTP_USERNAME", nil),
   password: System.get_env("MOBILIZON_SMTP_PASSWORD", nil),

dockers/paheko/Dockerfile

@@ -1,6 +1,5 @@
-FROM paheko/paheko:1.3.12
+FROM paheko/paheko:1.3.15
 
-#ENV PAHEKO_DIR /usr/share/paheko
 ENV PAHEKO_DIR /var/www/paheko
 
 COPY dockers/paheko/config/factory_cron.sh ${PAHEKO_DIR}/
@@ -8,12 +7,25 @@ COPY dockers/paheko/config/factory_cron_emails.sh ${PAHEKO_DIR}/
 COPY dockers/paheko/config/setupWebRights.sh ${PAHEKO_DIR}/
 RUN mkdir ${PAHEKO_DIR}/users
 
+#pour corriger le bug "export excel"
+RUN docker-php-ext-install calendar
+
+RUN apt-get update
+RUN apt-get install -y libwebp-dev
+RUN docker-php-ext-configure gd --with-jpeg --with-freetype --with-webp
+RUN docker-php-ext-install gd
+
 #Plugin facturation (le seul qui ne fasse pas parti de la distribution de base
-COPY "dockers/paheko/config/facturation.tar.gz" ${PAHEKO_DIR}/data/plugins/
-RUN mkdir ${PAHEKO_DIR}/data/plugins/facturation && tar zxvf ${PAHEKO_DIR}/data/plugins/facturation.tar.gz -C ${PAHEKO_DIR}/data/plugins/facturation && rm ${PAHEKO_DIR}/data/plugins/facturation.tar.gz
+RUN apt-get install unzip
+COPY "dockers/paheko/config/facturation.zip" ${PAHEKO_DIR}/data/plugins/
+WORKDIR ${PAHEKO_DIR}/data/plugins/
+RUN unzip ${PAHEKO_DIR}/data/plugins/facturation.zip
+WORKDIR /
+
+#RUN mkdir ${PAHEKO_DIR}/data/plugins/facturation && tar zxvf ${PAHEKO_DIR}/data/plugins/facturation.tar.gz -C ${PAHEKO_DIR}/data/plugins/facturation && rm ${PAHEKO_DIR}/data/plugins/facturation.tar.gz
 
 #install cron pour factory_cron.sh
-RUN apt-get update && apt-get install cron joe rsyslog -y
+RUN apt-get install cron joe rsyslog -y
 RUN sed -i '/imklog/s/^/#/' /etc/rsyslog.conf
 RUN echo "0 1 * * * cd ${PAHEKO_DIR} && ${PAHEKO_DIR}/factory_cron.sh 1> /dev/null 2> /dev/null" >> /var/spool/cron/crontabs/root
 RUN echo "* * * * *  cd ${PAHEKO_DIR} && ${PAHEKO_DIR}/factory_cron_emails.sh 1> /dev/null 2> /dev/null" >> /var/spool/cron/crontabs/root

dockers/paheko/config/config.local.tmpl.php

@@ -127,4 +127,4 @@ define('Paheko\SHOW_ERRORS', true);
 #add by fab le 21/04/2022
 //const PDF_COMMAND = 'prince';
 # const PDF_COMMAND = 'auto';
-const PDF_COMMAND = 'chromium --no-sandbox --headless --disable-dev-shm-usage --autoplay-policy=no-user-gesture-required --no-first-run --disable-gpu --disable-features=DefaultPassthroughCommandDecoder --use-fake-ui-for-media-stream --use-fake-device-for-media-stream --disable-sync --print-to-pdf=%2$s %1$s';
+const PDF_COMMAND = 'chromium --no-sandbox --headless --no-pdf-header-footer --disable-dev-shm-usage --autoplay-policy=no-user-gesture-required --no-first-run --disable-gpu --disable-features=DefaultPassthroughCommandDecoder --use-fake-ui-for-media-stream --use-fake-device-for-media-stream --disable-sync --print-to-pdf=%2$s %1$s';

dockers/paheko/docker-compose.yml.dist

@@ -4,6 +4,7 @@ services:
     image: pahekokaz
     build: .
     container_name: ${pahekoServName}
+    restart: ${restartPolicy}
     volumes:
       - ./config/config.local.php:/var/www/paheko/config.local.php
       - ./config/factory_cron.sh:/var/www/paheko/factory_cron.sh

dockers/peertube/docker-compose.yml

@@ -0,0 +1,84 @@
+services:
+
+  webserver:
+    image: chocobozzz/peertube-webserver:latest
+    restart: ${restartPolicy}
+    depends_on:
+      - peertube
+    networks:
+      - peertubeNet
+        #ports:
+        #- "80:80"
+        #- "443:443"
+    volumes:
+      - assets:/var/www/peertube/peertube-latest/client/dist:ro
+      - data:/var/www/peertube/storage
+    env_file:
+      - ../../secret/env-${peertubeServName}
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.${peertubeServName}.rule=Host(`${peertubeHost}.${domain}`)"      
+      - "traefik.docker.network=peertubeNet"
+
+  peertube:
+    image: chocobozzz/peertube:production-bookworm
+    container_name: ${peertubeServName}
+    restart: ${restartPolicy}
+    depends_on:
+      - postgres
+      - redis
+    networks:
+      - peertubeNet
+    volumes:
+      # Remove the following line if you want to use another webserver/proxy or test PeerTube in local
+      - assets:/app/client/dist
+      - data:/data
+      - config:/config
+    env_file:
+      - ../../secret/env-${peertubeServName}
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.${peertubeServName}.rule=Host(`${peertubeHost}.${domain}`)"      
+      - "traefik.docker.network=peertubeNet"
+      - "traefik.http.services.${peertubeServName}.loadbalancer.server.port=9000"
+        #traefik.frontend.rule: "Host:videos.kaz.bzh"
+        #traefik.port: "9000"
+        #      traefik.frontend.redirect.entryPoint: https
+
+  postgres:
+    image: postgres:13-alpine
+    container_name: ${peertubeDBName}
+    restart: ${restartPolicy}
+    networks:
+      - peertubeNet
+    volumes:
+      - db:/var/lib/postgresql/data
+    env_file:
+      - ../../secret/env-${peertubeDBName}
+    labels:
+      traefik.enable: "false"
+
+  redis:
+    image: redis:6-alpine
+    container_name: peertubeCache
+    restart: ${restartPolicy}
+    networks:
+      - peertubeNet
+    env_file:
+      - ../../secret/env-${peertubeServName}
+    volumes:
+      - redis:/data
+    labels:
+      traefik.enable: "false"
+
+volumes:
+  assets:
+  data:
+  config:
+  db:
+  redis:
+
+networks:
+  peertubeNet:
+    external: true
+    name: peertubeNet

dockers/portainer/docker-compose.yml

@@ -16,8 +16,8 @@ services:
       - "traefik.enable=true"
       
       # Frontend      
+      - "traefik.http.routers.frontend.middlewares=test-adminipallowlist@file"
       - "traefik.http.routers.frontend.rule=Host(`portainer.${domain}`)"
-#      - "traefik.docker.network=portainerNet"      
       - "traefik.http.routers.frontend.entrypoints=websecure"
       - "traefik.http.services.frontend.loadbalancer.server.port=9000"
       - "traefik.http.routers.frontend.service=frontend"

dockers/postfix/Dockerfile

@@ -1,4 +1,4 @@
-FROM docker.io/mailserver/docker-mailserver:13.3.1
+FROM docker.io/mailserver/docker-mailserver:15.0.2
 
 ########################################
 # APT local cache

dockers/postfix/docker-compose.yml

@@ -4,6 +4,7 @@ services:
     hostname: ${smtpHost}
     domainname: ${domain}
     container_name: ${smtpServName}
+    restart: ${restartPolicy}
     networks:
       - postfixNet
       - jirafeauNet
@@ -25,7 +26,7 @@ services:
       - filterConfig:/home/filter/config/
       - /etc/localtime:/etc/localtime:ro
       - /etc/timezone:/etc/timezone:ro
-      - /etc/letsencrypt:/etc/letsencrypt:ro
+      - /etc/ssl:/etc/ssl:ro
 #      - /etc/ssl:/etc/ssl:ro
 #      - /usr/local/share/ca-certificates:/usr/local/share/ca-certificates:ro
     environment:
@@ -40,7 +41,14 @@ services:
     cap_add:
       - NET_ADMIN
       - SYS_PTRACE
-    restart: always
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.mail.rule=Host(`mail.${domain}`) || Host(`smtp.${domain}`)"
+      - "traefik.http.routers.webmails.rule=Host(`webmail.${domain}`)"
+      - "traefik.http.middlewares.reg-webmails.redirectregex.regex=^https://webmail.${domain}(.*)"
+      - "traefik.http.middlewares.reg-webmails.redirectregex.replacement=https://kaz.bzh/relever-ses-mails-chez-kaz-via-un-webmail"
+      - "traefik.http.middlewares.reg-webmails.redirectregex.permanent=true"
+      - "traefik.http.routers.webmails.middlewares=reg-webmails"
 
 volumes:
   mailData:

dockers/postfix/env-config

@@ -94,10 +94,10 @@ SMTP_ONLY=
 # custom => Enables custom certificates
 # manual => Let's you manually specify locations of your SSL certificates for non-standard cases
 # self-signed => Enables self-signed certificates
-#SSL_TYPE=self-signed
-SSL_TYPE=letsencrypt
-#SSL_CERT_PATH=
-#SSL_KEY_PATH=
+SSL_TYPE=manual
+#SSL_TYPE=letsencrypt
+SSL_CERT_PATH=/etc/ssl/certs/mail.pem
+SSL_KEY_PATH=/etc/ssl/private/mail.key
 
 # Set how many days a virusmail will stay on the server before being deleted
 # empty => 7 days
@@ -210,7 +210,7 @@ SA_TAG2=6.31
 SA_KILL=6.31
 
 # add tag to subject if spam detected
-SA_SPAM_SUBJECT=***SPAM*****
+SPAM_SUBJECT=***SPAM*****
 
 # KAM is a 3rd party SpamAssassin ruleset, provided by the McGrail Foundation. If SpamAssassin is enabled, KAM can be used in addition to the default ruleset.
 
@@ -298,8 +298,8 @@ DOVECOT_AUTH_BIND=yes
 
 DOVECOT_PASS_ATTRS=cn=user,userPassword=password
 
-# DOVECOT_USER_ATTRS=mailHomeDirectory=home,mailUidNumber=uid,mailGidNumber=gid,mailStorageDirectory=mail,mailQuota=quota_rule=*:bytes=%$
-DOVECOT_USER_ATTRS=mailHomeDirectory=home,mailUidNumber=uid,mailGidNumber=gid,mailStorageDirectory=mail,mailQuota=quota_rule=*:bytes=20G
+DOVECOT_USER_ATTRS=mailHomeDirectory=home,mailUidNumber=uid,mailGidNumber=gid,mailStorageDirectory=mail,mailQuota=quota_rule=*:bytes=%$
+# DOVECOT_USER_ATTRS=mailHomeDirectory=home,mailUidNumber=uid,mailGidNumber=gid,mailStorageDirectory=mail,mailQuota=quota_rule=*:bytes=20G
 
 ENABLE_QUOTAS=1
 
@@ -428,3 +428,6 @@ RELAY_USER=
 # empty => no default
 # password for default relay user
 RELAY_PASSWORD=
+
+LOGROTATE_INTERVAL=weekly
+LOGROTATE_COUNT=4

dockers/postfix/first.sh

@@ -28,6 +28,6 @@ EOF
 chmod +x /var/lib/docker/volumes/postfix_mailConfig/_data/user-patches.sh
 fi
 
-if [ "${mode}" == "local" ] || exit
+[ "${mode}" == "local" ] || exit
 
 # echo "virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf, ldap:/etc/postfix/ldap-groups.cf, texthash:/etc/postfix/virtual" >> config/postfix-main.cf

dockers/roundcube/docker-compose.yml

@@ -1,7 +1,7 @@
 services:
 
   app:
-    image: roundcube/roundcubemail
+    image: roundcube/roundcubemail:1.6.9-apache
     container_name: ${roundcubeServName}
     restart: ${restartPolicy}
     depends_on:
@@ -26,7 +26,7 @@ services:
       - ../../secret/env-${roundcubeServName}
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.${roundcubeServName}.rule=Host(`${webmailHost}.${domain}`)"
+      - "traefik.http.routers.${roundcubeServName}.rule=host(`roundcube.${domain}`)"
       - "traefik.docker.network=roundcubeNet"
 
   db:

dockers/snappymail/.env

@@ -0,0 +1 @@
+../../config/dockers.env

dockers/sympa/Dockerfile

@@ -99,7 +99,7 @@ RUN echo "root: ADMIN_EMAIL" >> /etc/aliases \
 RUN echo aliases_program postalias >>/etc/sympa/sympa/sympa.conf \
     && echo sendmail /usr/sbin/sendmail >>/etc/sympa/sympa/sympa.conf \
     && echo soap_url /sympasoap >>/etc/sympa/sympa/sympa.conf \
-    && echo dmarc_protection.mode dmarc_reject >>/etc/sympa/sympa/sympa.conf \
+    && echo dmarc_protection.mode dmarc_reject,dmarc_quarantine >>/etc/sympa/sympa/sympa.conf \
     && cp /usr/share/doc/sympa/examples/script/sympa_soap_client.pl.gz /usr/lib/sympa/bin/ \
     && gunzip /usr/lib/sympa/bin/sympa_soap_client.pl.gz \
     && chmod +x /usr/lib/sympa/bin/sympa_soap_client.pl \

dockers/sympa/config/transport

@@ -3,6 +3,7 @@ orange.com      veryslow:
 wanadoo.com     veryslow:
 wanadoo.fr      veryslow:
 gmail.com	slow:
+laposte.net	slow:
 yahoo.com  	slow:
 yahoo.fr	slow:
 outlook.com	veryslow:

dockers/sympa/docker-compose.yml

@@ -16,7 +16,6 @@ services:
       - ${jirafeauServName}:${fileHost}
     ports:
       - ${SYMPA_IP}:25:25
-      - ${SYMPA_IP}:80:80
       - ${SYMPA_IP}:443:443
     env_file:
       - ../../secret/env-${sympaServName}
@@ -33,7 +32,12 @@ services:
       - ./config/transport:/etc/postfix/transport:rw
       - /etc/localtime:/etc/localtime:ro
       - /etc/timezone:/etc/timezone:ro
-      - /etc/letsencrypt:/etc/letsencrypt:ro
+      - /etc/ssl:/etc/ssl:ro
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.sympa.rule=host(`listes.${domain}`)"
+      - "traefik.docker.network=sympaNet"
+
 
   db:
     image: mariadb:10.5

dockers/sympa/reload.sh

@@ -1,10 +0,0 @@
-#!/bin/bash
-
-
-# mis à jour du filtre (si pas de ./build)
-cd $(dirname $0)/..
-for i in eMailShrinker filter.sh filterTest.sh; do
-    docker cp "postfix/filter/$i" sympaServ:/home/filter/
-done
-#Correction des droits sur le filter.sh
-docker exec  sympaServ chmod a+rx /home/filter/filter.sh /home/filter/filterTest.sh

dockers/sympa/updateFirewall.sh

@@ -11,6 +11,8 @@ iptables -t nat -N ipbis
 iptables -t nat -F ipbis
 iptables -t nat -I ipbis -o ens18 -p tcp --source `docker inspect -f '{{.NetworkSettings.Networks.sympaNet.IPAddress}}' sympaServ` -j SNAT --to `ifconfig ens18:0 | grep "inet" | awk '{print $2}'`
 iptables -t nat -I ipbis -o ens18 -p tcp --source `docker inspect -f '{{.NetworkSettings.Networks.jirafeauNet.IPAddress}}' sympaServ` -j SNAT --to `ifconfig ens18:0 | grep "inet" | awk '{print $2}'`
+#add by fab mais non testé 'assque chu pas fou !
+#iptables -t nat -I ipbis -o ens18 -p tcp --source `docker inspect -f '{{.NetworkSettings.Networks.apikazNet.IPAddress}}' sympaServ` -j SNAT --to `ifconfig ens18:0 | grep "inet" | awk '{print $2}'`
 iptables -t nat -A ipbis -j RETURN
 iptables -t nat -D POSTROUTING -o ens18 -j ipbis
 iptables -t nat -I POSTROUTING -o ens18 -j ipbis

dockers/traefik/conf/allow_ip.yml.dist

@@ -0,0 +1,11 @@
+http:
+  middlewares:
+    test-ipallowlist:
+      ipallowlist:
+        sourceRange:
+          # tlm est autorisé
+          - "0.0.0.0/0"
+    test-adminipallowlist:
+      ipallowlist:
+        sourceRange:
+          - "127.0.0.1"

dockers/traefik/conf/allow_ip.yml.sample

@@ -1,18 +0,0 @@
-http:
-  middlewares:
-    ipwhitelist:
-      ipWhiteList:
-        sourceRange:
-          - "192.168.0.0/16"
-          - "172.16.0.0/12"
-          - "127.0.0.0/8"
-          - "10.0.0.0/8"
-          - "0.0.0.0/0"	
-    adminipwhitelist:
-      ipWhiteList:
-        sourceRange:
-          - "192.168.0.0/16"
-          - "172.16.0.0/12"
-          - "127.0.0.0/8"
-          - "10.0.0.0/8"
-          - "0.0.0.0/0"	

dockers/traefik/conf/cert.yml.dist

@@ -0,0 +1,6 @@
+tls:
+  stores:
+    default:
+      defaultCertificate:
+        certFile: /etc/traefik/fullchain.pem
+        keyFile: /etc/traefik/privkey.pem

dockers/traefik/docker-compose.tmpl.yml.dist

@@ -1,6 +1,6 @@
 services:
   reverse-proxy:
-    image: traefik:v3.2.1
+    image: traefik:v3.4.1
     container_name: ${traefikServName}
     restart: ${restartPolicy}
     # Enables the web UI and tells Traefik to listen to docker
@@ -11,6 +11,7 @@ services:
       - /var/run/docker.sock:/var/run/docker.sock:ro
       - ./conf:/etc/traefik/
       - letsencrypt:/letsencrypt
+      - log:/log
     environment:
       - TRAEFIK_PROVIDERS_DOCKER=true
       - TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT=false
@@ -25,11 +26,19 @@ services:
       - TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_EMAIL=admin@${domain}
       - TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_CASERVER=${acme_server}
       - TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_STORAGE=/letsencrypt/acme.json
-      - TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_TLSCHALLENGE=true
-      - TRAEFIK_LOG_LEVEL=INFO
+      - TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_HTTPCHALLENGE_ENTRYPOINT=web
       - TRAEFIK_API_DASHBOARD=true
       #pour la migration vers traefik3
       - TRAEFIK_CORE_DEFAULTRULESYNTAX=v3
+
+      - TZ=Europe/Paris
+      - TRAEFIK_ACCESSLOG=true
+      - TRAEFIK_ACCESSLOG_FILEPATH=/log/traefik_acces.log
+      - TRAEFIK_ACCESSLOG_FILTERS_STATUSCODES=404,403,401      
+      - TRAEFIK_LOG=true
+      - TRAEFIK_LOG_LEVEL=INFO
+      - TRAEFIK_LOG_FILEPATH=/log/traefik.log
+
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.traefik_https.rule=Host(`${site}.${domain}`) && PathPrefix(`/api`, `/dashboard`)"
@@ -98,6 +107,12 @@ services:
 {{apikaz
       - apikazNet
 }}
+{{mastodon
+      - mastodonNet
+}}
+{{peertube
+      - peertubeNet
+}}
 
 #### BEGIN ORGA USE_NET
 #### END ORGA USE_NET
@@ -201,9 +216,21 @@ networks:
     external: true
     name: apikazNet
 }}
+{{mastodon
+  mastodonNet:
+    external: true
+    name: mastodonNet
+}}
+{{peertube
+  peertubeNet:
+    external:true
+    name:peertubeNet
+}}
+
 
 #### BEGIN ORGA DEF_NET
 #### END ORGA DEF_NET
 
 volumes:
   letsencrypt:
+  log:

dockers/traefik/first.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+SERV_DIR=$(cd $(dirname $0); pwd)
+KAZ_ROOT=$(cd $(dirname $0)/../..; pwd)
+. "${KAZ_ROOT}/bin/.commonFunctions.sh"
+setKazVars
+
+cd $(dirname $0)
+. "${DOCKERS_ENV}"
+
+
+printKazMsg "\n  *** Premier lancement de Traefik : Mise en place"
+
+[[ -f "conf/allow_ip.yml" ]] || cp "conf/allow_ip.yml.dist" "conf/allow_ip.yml"
+cp /etc/letsencrypt/live/${domain}/{fullchain.pem,privkey.pem} conf/
+[[ -f "conf/cert.yml" ]] || cp "conf/cert.yml.dist" "conf/cert.yml"

dockers/vaultwarden/docker-compose.yml

@@ -10,7 +10,7 @@ services:
     links:
       - db
     environment:
-      - SIGNUPS_DOMAINS_WHITELIST=${domain}
+#      - SIGNUPS_DOMAINS_WHITELIST=${domain}
       - SIGNUPS_VERIFY=true
       - SMTP_HOST=smtp
       - SMTP_FROM=${vaultwardenHost}@${domain}

dockers/web/html/m/email.css

@@ -67,3 +67,59 @@ div.kaz::after {
     border-width: thin;
     border-color: red;
 }
+
+
+div.kaz2:hover {
+    font-size: initial !important;
+    color: initial !important;
+}
+div.kaz2:hover a.kaz2 {
+    background-size: initial !important;
+    padding: 4px 0 4px 230px;
+}
+div.kaz2 a.kaz2 {
+    background-size: 110px 12px;
+    padding: 4px 0 4px 120px;
+}
+div.kaz2 {
+    font-size: 10px;
+    color: #969696;
+    padding: 1pc 0 0 0;
+    margin: 0 0 0 80px;
+    min-height: 200px;
+    clear: left;
+}
+div.kaz2::before {
+    content: url("/m/logo.png");
+    position: absolute;
+    padding: 0;
+    margin: 0 0 0 -70px;
+    width: 50px;
+    height: 100px;
+}
+div.kaz2>ul>li {
+    list-style-type: none; /* Remove bullets */ 
+}
+div.kaz2>ul>li::before {
+    content: "\2713";
+    color: green;
+    margin-left: -20px;
+    margin-right: 10px;
+}
+a.kaz2 {
+    background-image: url("/m/coche.png");
+    background-repeat: no-repeat;
+    padding: 4px 0 4px 230px;
+    margin: 0 0 0 0;
+    min-height: 25px;
+}
+
+div.kaz2 div.nb {
+    padding: 1pc;
+    margin: 0 0 0 -70px;
+    display: block;
+    border-radius: 30px;
+    border-style: solid;
+    border-width: thin;
+    border-color: red;
+}

secret.tmpl/SetAllPass.sh

@@ -303,6 +303,42 @@ castopod_CP_EMAIL_SMTP_PASSWORD=
 castopod_CP_EMAIL_FROM=noreply@${domain}
 castopod_CP_EMAIL_SMTP_CRYPTO=tls
 
+#####################
+# Peertube
+peertube_POSTGRES_USER="--clean_val--"
+peertube_POSTGRES_PASSWORD="--clean_val--"
+peertube_PEERTUBE_DB_NAME="--clean_val--"
+
+peertube_PEERTUBE_DB_USERNAME="${peertube_POSTGRES_USER}"
+peertube_PEERTUBE_DB_PASSWORD="${peertube_POSTGRES_PASSWORD}"
+peertube_PEERTUBE_DB_SSL=false
+peertube_PEERTUBE_DB_HOSTNAME="${peertubeDBName}"
+peertube_PEERTUBE_WEBSERVER_HOSTNAME="${peertubeHost}.${domain}"
+peertube_PEERTUBE_TRUST_PROXY="['10.0.0.0/8', '127.0.0.1', 'loopback', '172.18.0.0/16']"
+
+peertube_PEERTUBE_SECRET="--clean_val--"
+peertube_PT_INITIAL_ROOT_PASSWORD="--clean_val--"
+
+#peertube_PEERTUBE_SMTP_USERNAME=
+#peertube_PEERTUBE_SMTP_PASSWORD=
+# Default to Postfix service name "postfix" in docker-compose.yml
+# May be the hostname of your Custom SMTP server
+peertube_PEERTUBE_SMTP_HOSTNAME=
+peertube_PEERTUBE_SMTP_PORT=25
+peertube_PEERTUBE_SMTP_FROM=
+peertube_PEERTUBE_SMTP_TLS=false
+peertube_PEERTUBE_SMTP_DISABLE_STARTTLS=false
+peertube_PEERTUBE_ADMIN_EMAIL=
+peertube_POSTFIX_myhostname=
+#peertube_OPENDKIM_DOMAINS=peertube
+peertube_OPENDKIM_RequireSafeKeys=no
+
+peertube_PEERTUBE_OBJECT_STORAGE_UPLOAD_ACL_PUBLIC="public-read"
+peertube_PEERTUBE_OBJECT_STORAGE_UPLOAD_ACL_PRIVATE="private"
+
+######################
+peertube_POSTGRES_DB="${peertube_PEERTUBE_DB_NAME}"
+
 ######################
 # SNAPPYMAIL
 # Url  https://snappymail.${domain}/?admin
@@ -313,3 +349,11 @@ castopod_CP_EMAIL_SMTP_CRYPTO=tls
 snappymail_TZ="Europe/Paris"
 snappymail_UPLOAD_MAX_SIZE="100M"
 
+####################
+# mastodon
+mastodon_POSTGRES_USER="--clean_val--"
+mastodon_POSTGRES_PASSWORD="--clean_val--"
+mastodon_POSTGRES_DB=mastodon
+mastodon_DB_USER="${mastodon_POSTGRES_USER}"
+mastodon_DB_PASS="${mastodon_POSTGRES_PASSWORD}"
+mastodon_DB_NAME=mastodon

secret.tmpl/env-alwaysdata

@@ -0,0 +1,3 @@
+ALWAYSDATA_TOKEN=
+ALWAYSDATA_API=
+ALWAYSDATA_ACCOUNT=

secret.tmpl/env-mastodonDB

@@ -0,0 +1,6 @@
+DB_USER=
+DB_NAME=
+DB_PASS=
+POSTGRES_USER=
+POSTGRES_PASSWORD=
+POSTGRES_DB=postgres

secret.tmpl/env-mastodonServ

@@ -0,0 +1,10 @@
+SECRET_KEY_BASE=
+OTP_SECRET=
+ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=
+ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=
+ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=
+VAPID_PRIVATE_KEY==
+VAPID_PUBLIC_KEY=
+SMTP_PASSWORD=
+EMAIL_DOMAIN_ALLOWLIST=
+ADMIN_PASSWORD=

secret.tmpl/env-vaultwardenServ

@@ -1,2 +1,3 @@
 DATABASE_URL=
 ADMIN_TOKEN=
+SIGNUPS_DOMAINS_WHITELIST=