KAZ/KazV2
11
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

Compare commits

base: KAZ:8baf9fc4926f2c99369fe53a4a8f0819e1e00cfa
Branches Tags
KAZ:master KAZ:gestionSecrets KAZ:feat/python
...
compare: KAZ:gestionSecrets
Branches Tags
KAZ:gestionSecrets KAZ:master KAZ:feat/python

9 Commits
8baf9fc492 ... gestionSec

Author SHA1 Message Date
Gael
a3f448b457 missing .env 2025-07-31 14:33:47 +02:00
Gael
77a3819beb Il faut créer le dossier secret pour chaque orga ! (cas de maj du docker-compose après ajout de service) 2025-07-31 14:18:57 +02:00
Gael
ec16cdfe92 Quelques appels restants + script de migration 2025-07-31 06:16:36 +02:00
Gael
6877a5f872 Le init db est fait dans le initdb.sh plutôt ... 2025-07-31 05:36:32 +02:00
Gael
3a8bd9ec1a Merge branch 'gestionSecrets' of git+ssh://git.kaz.bzh:2202/KAZ/KazV2 into gestionSecrets 2025-07-31 05:05:13 +02:00
Gael
1f9ccff5b6 Les orgas + qques changements pour getpasswords.sh 2025-07-31 05:04:29 +02:00
Gael
ff69724f86 droits d'execution sur les scripts 2025-07-31 01:55:59 +02:00
Gael
99779a70ff Récupération des valeurs du docker.env ! 2025-07-30 23:08:48 +02:00
Gael
400775bf41 removing double quotes + divers petits bugs 2025-07-30 02:57:38 +02:00
79 changed files with 437 additions and 479 deletions
Expand all files Collapse all files

0
bin/certbot-dns-alwaysdata.sh Normal file → Executable file
View File

119
bin/checkEnvFiles.sh
View File

@@ -6,8 +6,6 @@ setKazVars
RUN_PASS_DIR="secret"
TMPL_PASS_DIR="secret.tmpl"
RUN_PASS_FILE="${RUN_PASS_DIR}/SetAllPass.sh"
TMPL_PASS_FILE="${TMPL_PASS_DIR}/SetAllPass.sh"
NEED_GEN=
########################################
@@ -48,7 +46,12 @@ getVars () {
# get lvalues in script
getSettedVars () {
# $1 : filename
grep "^[^#]*=..*" $1 | grep -v '^[^#]*=".*--clean_val--.*"' | grep -v '^[^#]*="${' | sort -u
grep -E "^[^=#]*(USER|PASS|TOKEN|DATABASE|ACCOUNT|LOGIN|KEY)[^#]*=..*" ./* | grep -vE '^[^#=]*=.*@@(user|pass|db|token|gv|cv)@@.*' | sort -u
}
getUnsettedVars () {
# $1 : filename
grep -vE '^[^#=]*=.*@@(user|pass|db|token|gv|cv)@@.*' ./* | sort -u
}
getVarFormVal () {
@@ -57,60 +60,6 @@ getVarFormVal () {
grep "^[^#]*=$1" $2 | sed 's/\s*\([^=]*\).*/\1/'
}
########################################
# synchronized SetAllPass.sh (find missing lvalues)
updatePassFile () {
# $1 : ref filename
# $2 : target filename
REF_FILE="$1"
TARGET_FILE="$2"
NEED_UPDATE=
while : ; do
declare -a listRef listTarget missing
listRef=($(getVars "${REF_FILE}"))
listTarget=($(getVars "${TARGET_FILE}"))
missing=($(comm -23 <(printf "%s\n" ${listRef[@]}) <(printf "%s\n" ${listTarget[@]})))
if [ -n "${missing}" ]; then
echo "missing vars in ${YELLOW}${BOLD}${TARGET_FILE}${NC}:${RED}${BOLD}" ${missing[@]} "${NC}"
read -p "Do you want to add them? [y/n]: " yn
case $yn in
""|[Yy]*)
emacs "${REF_FILE}" "${TARGET_FILE}"
NEED_UPDATE=true
break
;;
[Nn]*)
break
;;
esac
else
break
fi
done
}
updatePassFile "${TMPL_PASS_FILE}" "${RUN_PASS_FILE}"
[ -n "${NEED_UPDATE}" ] && NEED_GEN=true
updatePassFile "${RUN_PASS_FILE}" "${TMPL_PASS_FILE}"
########################################
# check empty pass in TMPL_PASS_FILE
declare -a settedVars
settedVars=($(getSettedVars "${TMPL_PASS_FILE}"))
if [ -n "${settedVars}" ]; then
echo "unclear password in ${YELLOW}${BOLD}${TMPL_PASS_FILE}${NC}:${BLUE}${BOLD}"
for var in ${settedVars[@]}; do
echo -e "\t${var}"
done
echo "${NC}"
read -p "Do you want to clear them? [y/n]: " yn
case $yn in
""|[Yy]*)
emacs "${TMPL_PASS_FILE}"
;;
esac
fi
########################################
# check new files env-*
@@ -146,7 +95,7 @@ createMissingEnv "${TMPL_PASS_DIR}" "${RUN_PASS_DIR}"
declare -a listTmpl listRun listCommonFiles
listTmplFiles=($(cd "${TMPL_PASS_DIR}"; ls -1 env-* | grep -v '~$'))
listRunFiles=($(cd "${RUN_PASS_DIR}"; ls -1 env-* | grep -v '~$'))
listCommonFiles=($(comm -3 <(printf "%s\n" ${listTmplFiles[@]}) <(printf "%s\n" ${listRunFiles[@]})))
listCommonFiles=($(comm -12 <(printf "%s\n" ${listTmplFiles[@]}) <(printf "%s\n" ${listRunFiles[@]})))
for envFile in ${listCommonFiles[@]}; do
while : ; do
TMPL_FILE="${TMPL_PASS_DIR}/${envFile}"
@@ -224,21 +173,19 @@ if [ -n "${missing}" ]; then
fi
########################################
# check env-* in updateDockerPassword.sh
missing=($(for DIR in "${RUN_PASS_DIR}" "${TMPL_PASS_DIR}"; do
# check extention in dockers.env
declare -a missing
unsetted=($(for DIR in "${RUN_PASS_DIR}"; do
for envFile in $(ls -1 "${DIR}/"env-* | grep -v '~$'); do
val="${envFile#*env-}"
varName=$(getVarFormVal "${val}" "${DOCKERS_ENV}")
[ -z "${varName}" ] && continue
prefixe=$(grep "^\s*updateEnv.*${varName}" "${KAZ_BIN_DIR}/updateDockerPassword.sh" |
sed 's/\s*updateEnv[^"]*"\([^"]*\)".*/\1/' | sort -u)
if [ -z "${prefixe}" ]; then
echo "${envFile#*/}_(\${KAZ_KEY_DIR}/env-\${"${varName}"})"
if [ -z "${varName}" ]; then
echo "${val}"
fi
done
done | sort -u))
if [ -n "${missing}" ]; then
echo "missing update in ${GREEN}${BOLD}${KAZ_BIN_DIR}/updateDockerPassword.sh${NC}:${BLUE}${BOLD}"
echo "missing def in ${GREEN}${BOLD}${DOCKERS_ENV}${NC}:${BLUE}${BOLD}"
for var in ${missing[@]}; do
echo -e "\t${var}"
done
@@ -246,53 +193,17 @@ if [ -n "${missing}" ]; then
read -p "Do you want to add them? [y/n]: " yn
case $yn in
""|[Yy]*)
emacs "${KAZ_BIN_DIR}/updateDockerPassword.sh"
emacs "${DOCKERS_ENV}"
;;
esac
fi
########################################
# synchronized SetAllPass.sh and env-*
updateEnvFiles () {
# $1 secret dir
DIR=$1
listRef=($(getVars "${DIR}/SetAllPass.sh"))
missing=($(for envFile in $(ls -1 "${DIR}/"env-* | grep -v '~$'); do
val="${envFile#*env-}"
varName=$(getVarFormVal "${val}" "${DOCKERS_ENV}")
[ -z "${varName}" ] && continue
prefixe=$(grep "^\s*updateEnv.*${varName}" "${KAZ_BIN_DIR}/updateDockerPassword.sh" |
sed 's/\s*updateEnv[^"]*"\([^"]*\)".*/\1/' | sort -u)
[ -z "${prefixe}" ] && continue
listVarsInEnv=($(getVars "${envFile}"))
for var in ${listVarsInEnv[@]}; do
[[ ! " ${listRef[@]} " =~ " ${prefixe}_${var} " ]] && echo "${prefixe}_${var}"
done
# XXX doit exister dans SetAllPass.sh avec le prefixe
done))
if [ -n "${missing}" ]; then
echo "missing update in ${GREEN}${BOLD}${DIR}/SetAllPass.sh${NC}:${BLUE}${BOLD}"
for var in ${missing[@]}; do
echo -e "\t${var}"
done
echo "${NC}"
read -p "Do you want to add them? [y/n]: " yn
case $yn in
""|[Yy]*)
emacs "${DIR}/SetAllPass.sh"
;;
esac
fi
}
updateEnvFiles "${RUN_PASS_DIR}"
updateEnvFiles "${TMPL_PASS_DIR}"
# XXX chercher les variables non utilisées dans les SetAllPass.sh
if [ -n "${NEED_GEN}" ]; then
while : ; do
read -p "Do you want to generate blank values? [y/n]: " yn
read -p "Do you want to generate missing values? [y/n]: " yn
case $yn in
""|[Yy]*)
"${KAZ_BIN_DIR}/secretGen.sh"

7
bin/container.sh
View File

@@ -192,7 +192,7 @@ saveComposes () {
saveDB ${etherpadDBName} "${etherpadDB_MYSQL_USER}" "${etherpadDB_MYSQL_PASSWORD}" "${etherpadDB_MYSQL_DATABASE}" etherpad mysql
;;
framadate)
echo "save date"
echo "save date"
. $KAZ_BIN_DIR/getPasswords.sh framadateDB
saveDB ${framadateDBName} "${framadateDB_MYSQL_USER}" "${framadateDB_MYSQL_PASSWORD}" "${framadateDB_MYSQL_DATABASE}" framadate mysql
;;
@@ -255,6 +255,11 @@ saveComposes () {
. $KAZ_KEY_DIR/orgas/$ORGA/env-wpDB
saveDB "${ORGA}-DB" "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" "${ORGA}-wordpress" mysql
fi
if grep -q "spip:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then
echo " => spip"
. $KAZ_KEY_DIR/orgas/$ORGA/env-spipDB
saveDB "${ORGA}-DB" "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" "${ORGA}-spip" mysql
fi
;;
esac
done

12
bin/createDBUsers.sh Normal file → Executable file
View File

@@ -12,27 +12,21 @@ setKazVars
# - pour les DB si on déclare un nouveau login, alors les privilèges sont créé mais les anciens pas révoqués
. "${DOCKERS_ENV}"
. "${KAZ_KEY_DIR}/SetAllPass.sh"
createMysqlUser(){
# $1 = envName
# $2 = containerName of DB
. $KAZ_BIN_DIR/getPasswords.sh $1
. $KAZ_KEY_DIR/env-$1
rootPass="$1_MYSQL_ROOT_PASSWORD"
dbName="$1_MYSQL_DATABASE"
userName="$1_MYSQL_USER"
userPass="$1_MYSQL_PASSWORD"
# seulement si pas de mdp pour root
# pb oeuf et poule (il faudrait les anciennes valeurs) :
# * si rootPass change, faire à la main
# * si dbName change, faire à la main
checkDockerRunning "$2" "$2" || return
echo "change DB pass on docker $2"
echo "grant all privileges on ${!dbName}.* to '${!userName}' identified by '${!userPass}';" | \
docker exec -i $2 bash -c "mysql --user=root --password=${!rootPass}"
echo "grant all privileges on ${MYSQL_DATABASE}.* to '${MYSQL_USER}' identified by '${MYSQL_PASSWORD}';" | \
docker exec -i $2 bash -c "mysql --user=root --password=${MYSQL_ROOT_PASSWORD}"
}

49
bin/getPasswords.sh Normal file → Executable file
View File

@@ -1,11 +1,15 @@
#!/bin/bash
#Ki: Gael
#Kan: 2025
#Koi: gestion mots de passe
KAZ_ROOT=/kaz
KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
PRG=$(basename $0)
QUIET=1
usage() {
echo "${PRG} [OPTIONS] [envname ...]
echo "getPasswords.sh [OPTIONS] [envname ...]
Récupère les variables d'environnement présentes dans /kaz/secret/env-envname et crée des variables à partir de ces noms là.
Les variables sont du type envname_NOMVARIABLE=valeur
On peut passer plusieurs fichiers env, à partir du moment ou ils sont tous dans le même répertoire !
@@ -18,13 +22,18 @@ OPTIONS
"
}
if [ ! -d "${KAZ_KEY_DIR}/tmp" ]; then
mkdir "${KAZ_KEY_DIR}/tmp"
fi
for ARG in "$@"; do
if [ -n "${DIRECTORYARG}" ]; then # après un -d
SUBDIRECTORY="${ARG}"
DIRECTORYARG=
elif [ -n "${DIRECTORYARG}" ]; then # après un -e
unset DIRECTORYARG
elif [ -n "${ECHOVARARG}" ]; then # après un -e
VARTOECHO="${ARG}"
ECHOVARARG=
unset ECHOVARARG
QUIET="/dev/null" # pour ne pas avoir d'autres bruits ...
else
case "${ARG}" in
@@ -35,14 +44,20 @@ for ARG in "$@"; do
'-n' | '--simu')
SIMU="echo" ;;
'-e' | '--echo')
ECHOVARARG="ON ATTEND UNE UN NOM DE VARIABLE APRES CA"
;;
ECHOVARARG="ON ATTEND UNE UN NOM DE VARIABLE APRES CA" ;;
'-q' )
QUIET="/dev/null" ;;
*)
ENVFILES="${ENVFILES} ${ARG%}";;
esac
fi
done
getVars () {
# $1 : filename
grep "^[^#]*=" $1 | sed 's/\([^=]*\).*/\1/' | sort -u
}
NB_FILES=$(echo "${ENVFILES}" | wc -w )
if [[ $NB_FILES = 0 ]]; then
@@ -52,22 +67,28 @@ fi
for ENVFILE in $ENVFILES; do
FILENAME="$KAZ_KEY_DIR/env-$ENVFILE"
VARNAME="$ENVFILE"_
VARSUFFIX="$ENVFILE"_
if [ -n "${SUBDIRECTORY}" ]; then
FILENAME="$KAZ_KEY_DIR/orgas/$SUBDIRECTORY/env-$ENVFILE"
VARNAME="${SUBDIRECTORY}-${ENVFILE}_"
VARSUFFIX="${SUBDIRECTORY}-${ENVFILE}_"
fi
if ! [ -f "$FILENAME" ]; then
echo "$FILENAME does not exist."
echo "$FILENAME does not exist." >& $QUIET
continue
fi
# formule magique qui crée des variables envname_NOMVARIABLE=la valeur trouvé (le sed vire les commentaires et les lignes vides)
# on pourrait se contenter d'un "source env-file", mais avec un prefix dans les variables pour savoir ce qu'on manipule c'est bien aussi ...
$SIMU export $(sed -e 's/#.*//' -e '/^\s*$/d' "$FILENAME" | awk -F= -v ENV="$VARNAME" '{output=output" "ENV$1"="$2} END {print output}')
. $FILENAME # on récupère les variables
vars=$(getVars $FILENAME)
for var in $vars; do
$SIMU declare $VARSUFFIX$var=${!var}
unset $var
done
unset FILENAME VARSUFFIX vars
done
if [ -n "$VARTOECHO" ]; then
echo ${!VARTOECHO}
fi
unset ENVFILES KAZ_ROOT SUBDIRECTORY SIMU QUIET NB_FILES VARTOECHO

1
bin/ldap/ldap_sauve.sh
View File

@@ -7,6 +7,5 @@ setKazVars
FILE_LDIF=/home/sauve/ldap.ldif
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
docker exec -u 0 -i ${ldapServName} slapcat -F /opt/bitnami/openldap/etc/slapd.d -b ${ldap_root} | gzip >${FILE_LDIF}.gz

1
bin/ldap/tests/nc_orphans.sh
View File

@@ -5,7 +5,6 @@ KAZ_ROOT=/kaz
setKazVars
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
. $KAZ_BIN_DIR/getPasswords.sh ldapServ nextcloudDB
LDAP_IP=$(docker inspect -f '{{.NetworkSettings.Networks.ldapNet.IPAddress}}' ldapServ)

1
bin/manageAgora.sh
View File

@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
#GLOBAL VARS
PRG=$(basename $0)

1
bin/manageCastopod.sh
View File

@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
#GLOBAL VARS
PRG=$(basename $0)

1
bin/manageCloud.sh
View File

@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
#GLOBAL VARS
PRG=$(basename $0)

1
bin/manageWiki.sh
View File

@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
#GLOBAL VARS
PRG=$(basename $0)

1
bin/manageWp.sh
View File

@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
#GLOBAL VARS
PRG=$(basename $0)

68
bin/migGestionMotsDePasse.sh Normal file
View File

@@ -0,0 +1,68 @@
#!/bin/bash
KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
newenvfile=$KAZ_KEY_DIR/env-mattermostAdmin
touch $newenvfile
echo "mattermost_user=$mattermost_user" >> $newenvfile
echo "mattermost_pass=$mattermost_pass" >> $newenvfile
echo "mattermost_token=$mattermost_token" >> $newenvfile
echo "EMAIL_CONTACT=$EMAIL_CONTACT" >> $DOCKERS_ENV
newenvfile=$KAZ_KEY_DIR/env-paheko
touch $newenvfile
echo "API_USER=$paheko_API_USER" >> $newenvfile
echo "API_PASSWORD=$paheko_API_PASSWORD" >> $newenvfile
newenvfile=$KAZ_KEY_DIR/env-mail
touch $newenvfile
echo "service_mail=$service_mail" >> $newenvfile
echo "service_password=$service_password" >> $newenvfile
newenvfile=$KAZ_KEY_DIR/env-borg
# touch $newenvfile à priori il existe déjà
echo "BORG_REPO=$BORG_REPO" >> $newenvfile
echo "BORG_PASSPHRASE=$BORG_PASSPHRASE" >> $newenvfile
echo "VOLUME_SAUVEGARDES=$VOLUME_SAUVEGARDES" >> $newenvfile
echo "MAIL_RAPPORT=$MAIL_RAPPORT" >> $newenvfile
echo "BORGMOUNT=$BORGMOUNT" >> $newenvfile
newenvfile=$KAZ_KEY_DIR/env-traefik
touch $newenvfile
echo "DASHBOARD_USER=$traefik_DASHBOARD_USER" >> $newenvfile
echo "DASHBOARD_PASSWORD=$traefik_DASHBOARD_PASSWORD" >> $newenvfile
#####################
# Castopod
# A COPIER DANS UN FICHIER DE CONF !! castopodAdmin
newenvfile=$KAZ_KEY_DIR/env-castopodAdmin
touch $newenvfile
echo "ADMIN_USER=$castopod_ADMIN_USER" >> $newenvfile
echo "ADMIN_MAIL=$castopod_ADMIN_MAIL" >> $newenvfile
echo "ADMIN_PASSWORD=$castopod_ADMIN_PASSWORD" >> $newenvfile
# creation dossier pour les env des orgas
mkdir $KAZ_KEY_DIR/orgas
orgasLong=($(getList "${KAZ_CONF_DIR}/container-orga.list"))
ORGAS=${orgasLong[*]//-orga/}
for orga in ${ORGAS};do
mkdir $KAZ_KEY_DIR/orgas/$orga
cp $KAZ_KEY_DIR/env-{castopod{Admin,DB,Serv},mattermost{DB,Serv},nextcloud{DB,Serv},spip{DB,Serv},wp{DB,Serv}} $KAZ_KEY_DIR/orgas/$orga
done
echo "C'est parfait, vous pouvez git pull puis supprimer SetAllPass.sh"

2
bin/migVersProdX.sh
View File

@@ -9,7 +9,6 @@ KAZ_ROOT=$(cd "$(dirname $0)/.."; pwd)
setKazVars
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
. $KAZ_ROOT/secret/env-kaz
@@ -133,6 +132,7 @@ for orgaLong in ${Orgas}; do
${SIMU} rsync -aAhHX --info=progress2 --delete "${DOCK_VOL_PAHEKO_ORGA}/${orgaCourt}" -e "ssh -p 2201" root@${SITE_DST}.${domain}:"${DOCK_VOL_PAHEKO_ORGA}/"
fi
${SIMU} rsync -aAhHX --info=progress2 --delete ${KAZ_COMP_DIR}/${orgaLong} -e "ssh -p 2201" root@${SITE_DST}.${domain}:${KAZ_COMP_DIR}/
${SIMU} rsync -aAhHX --info=progress2 --delete ${KAZ_KEY_DIR}/orgas/${orgaCourt} -e "ssh -p 2201" root@${SITE_DST}.${domain}:${KAZ_KEY_DIR}/orgas/${orgaCourt}
${SIMU} ssh -p 2201 root@${SITE_DST}.${domain} "grep -q '^${orgaLong}\$' /kaz/config/container-orga.list || echo ${orgaLong} >> /kaz/config/container-orga.list"
${SIMU} ssh -p 2201 root@${SITE_DST}.${domain} ${KAZ_COMP_DIR}/${orgaLong}/init-volume.sh

1
bin/nextcloud_maintenance.sh
View File

@@ -4,7 +4,6 @@ KAZ_ROOT=/kaz
. $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
URL_AGORA=https://$matterHost.$domain/api/v4
EQUIPE=kaz

1
bin/postfix-superviz.sh
View File

@@ -6,7 +6,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
setKazVars
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
URL_AGORA=$(echo $matterHost).$(echo $domain)
MAX_QUEUE=50

19
bin/secretGen.sh
View File

@@ -3,6 +3,7 @@
KAZ_ROOT=$(cd "$(dirname $0)/.."; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars
. $DOCKERS_ENV
cd "${KAZ_ROOT}"
@@ -79,10 +80,10 @@ secretGen(){
# rien à faire dans ce fichier, on passe
else
echo "Remplissage $FILENAME" >& $SORTIESTANDARD
db="$1$(apg -n 1 -m 2 -M NCL | cut -c 1-2)"
db="$(apg -n 1 -m 2 -M NCL | cut -c 1-2)"
pass="$(apg -n 1 -m 16 -M NCL)"
token="$(apg -n 1 -m 32 -M NCL)"
user="$1$(apg -n 1 -m 2 -M NCL | cut -c 1-2)"
user="$(apg -n 1 -m 2 -M NCL | cut -c 1-2)"
dbs=$(grep -Eo '@@db@@[^@]*@@d@@' $FILENAME | sed -e 's/@@db@@//' -e 's/@@d@@//')
passwords=$(grep -Eo '@@pass@@[^@]*@@p@@' $FILENAME | sed -e 's/@@pass@@//' -e 's/@@p@@//')
@@ -90,11 +91,11 @@ secretGen(){
users=$(grep -Eo '@@user@@[^@]*@@u@@' $FILENAME | sed -e 's/@@user@@//' -e 's/@@u@@//')
globalvars=$(grep -Eo '@@globalvar@@[^@]*@@gv@@' $FILENAME | sed -e 's/@@globalvar@@//' -e 's/@@gv@@//')
for dbName in $dbs; do sed -i "s/@@db@@$dbName@@d@@/${dbName}_$db" $DIR/*; done
for pw in $passwords; do sed -i "s/@@pass@@$pw@@p@@/${pw}" $DIR/*; done
for tk in $tokens; do sed -i "s/@@token@@$tk@@t@@/${tk}" $DIR/*; done
for u in $users; do sed -i "s/@@user@@$u@@u@@/${u}_$user" $DIR/*; done
for var in $globalvars; do sed -i "s/@@globalvar@@$var@@gv@@/${!var}" $DIR/*; done
for dbName in $dbs; do $SIMU sed -i "s/@@db@@$dbName@@d@@/${dbName}_$db/" $DIR/*; done
for pw in $passwords; do $SIMU sed -i "s/@@pass@@$pw@@p@@/${pass}/" $DIR/*; done
for tk in $tokens; do $SIMU sed -i "s/@@token@@$tk@@t@@/${token}/" $DIR/*; done
for u in $users; do $SIMU sed -i "s/@@user@@$u@@u@@/${u}_$user/" $DIR/*; done
for var in $globalvars; do $SIMU sed -i "s/@@globalvar@@$var@@gv@@/${!var}/" $DIR/*; done
fi
}
@@ -115,9 +116,9 @@ crossVarComplete(){
varnames=$(grep -Eo '@@crossvar@@[^@]*@@cv@@' $FILENAME | sed -e 's/@@crossvar@@//' -e 's/@@cv@@//')
for varname in $varnames; do
envname=${varname%_}
envname=${varname%%_*}
value=$(/$KAZ_BIN_DIR/getPasswords.sh -e $varname $envname -d $ORGA)
sed -i "s/@@crossvar@@$varname@@cv@@/${value}" $DIR/*;
$SIMU sed -i "s/@@crossvar@@$varname@@cv@@/${value}/" $DIR/*;
done

1
bin/verifExistenceMails.sh
View File

@@ -12,7 +12,6 @@ setKazVars
cd $(dirname $0)/..
. "${DOCKERS_ENV}"
. "${KAZ_KEY_DIR}/SetAllPass.sh"
DOCK_DIR=$KAZ_COMP_DIR

110
config/orgaTmpl/docker-compose.yml
View File

@@ -4,21 +4,21 @@ services:
#{{db
db:
image: mariadb:11.4
container_name: ${orga}DB
container_name: ${orga}-DB
#disk_quota: 10G
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
restart: ${restartPolicy}
volumes:
- ./initdb.d:/docker-entrypoint-initdb.d:ro
# - ./initdb.d:/docker-entrypoint-initdb.d:ro
- orgaDB:/var/lib/mysql
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
environment:
- MARIADB_AUTO_UPGRADE=1
env_file:
- ../../secret/env-${nextcloudDBName}
# - ../../secret/env-${mattermostDBName}
- ../../secret/env-${wordpressDBName}
- ../../secret/orgas/${orga}/env-${nextcloudDBName}
# - ../../secret/orgas/${orga}/env-${mattermostDBName}
- ../../secret/orgas/${orga}/env-${wordpressDBName}
networks:
- orgaNet
healthcheck: # utilisé par init-db.sh pour la créa d'orga
@@ -34,7 +34,7 @@ services:
#{{cloud
cloud:
image: nextcloud
container_name: ${orga}${nextcloudServName}
container_name: ${orga}-${nextcloudServName}
#disk_quota: 10G
restart: ${restartPolicy}
networks:
@@ -50,8 +50,8 @@ services:
- ${smtpServName}:${smtpHost}
labels:
- "traefik.enable=true"
- "traefik.http.routers.${orga}${nextcloudServName}.rule=Host(`${orga}${cloudHost}.${domain}`){{FOREIGN_NC}}"
- "traefik.http.routers.${orga}${nextcloudServName}.middlewares=nextcloud-redirectregex1@file,nextcloud-redirectregex2@file"
- "traefik.http.routers.${orga}-${nextcloudServName}.rule=Host(`${orga}-${cloudHost}.${domain}`){{FOREIGN_NC}}"
- "traefik.http.routers.${orga}-${nextcloudServName}.middlewares=nextcloud-redirectregex1@file,nextcloud-redirectregex2@file"
volumes:
- cloudMain:/var/www/html
- cloudData:/var/www/html/data
@@ -63,10 +63,10 @@ services:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
env_file:
- ../../secret/env-${nextcloudServName}
- ../../secret/env-${nextcloudDBName}
- ../../secret/orgas/${orga}/env-${nextcloudServName}
- ../../secret/orgas/${orga}/env-${nextcloudDBName}
environment:
- NEXTCLOUD_TRUSTED_DOMAINS=${orga}${cloudHost}.${domain}
- NEXTCLOUD_TRUSTED_DOMAINS=${orga}-${cloudHost}.${domain}
- SMTP_HOST=${smtpHost}
- SMTP_PORT=25
- MAIL_DOMAIN=${domain}
@@ -80,7 +80,7 @@ services:
- edition=team
- PUID=1000
- PGID=1000
container_name: ${orga}${mattermostServName}
container_name: ${orga}-${mattermostServName}
#disk_quota: 10G
restart: ${restartPolicy}
# memory: 1G
@@ -109,20 +109,20 @@ services:
- /etc/timezone:/etc/timezone:ro
- /etc/environment:/etc/environment:ro
env_file:
- ../../secret/env-${mattermostServName}
- ../../secret/orgas/${orga}/env-${mattermostServName}
environment:
- VIRTUAL_HOST=${orga}${matterHost}.${domain}
- VIRTUAL_HOST=${orga}-${matterHost}.${domain}
# in case your config is not in default location
#- MM_CONFIG=/mattermost/config/config.json
labels:
- "traefik.enable=true"
- "traefik.http.routers.${orga}${mattermostServName}.rule=Host(`${orga}${matterHost}.${domain}`)"
- "traefik.http.routers.${orga}-${mattermostServName}.rule=Host(`${orga}-${matterHost}.${domain}`)"
#}}
#{{wp
wordpress:
image: wordpress
container_name: ${orga}${wordpressServName}
container_name: ${orga}-${wordpressServName}
restart: ${restartPolicy}
networks:
- orgaNet
@@ -136,17 +136,17 @@ services:
external_links:
- ${smtpServName}:${smtpHost}.${domain}
env_file:
- ../../secret/env-${wordpressServName}
- ../../secret/orgas/${orga}/env-${wordpressServName}
environment:
- WORDPRESS_SMTP_HOST=${smtpHost}.${domain}
- WORDPRESS_SMTP_PORT=25
# - WORDPRESS_SMTP_USERNAME
# - WORDPRESS_SMTP_PASSWORD
# - WORDPRESS_SMTP_FROM=${orga}
- WORDPRESS_SMTP_FROM_NAME=${orga}
# - WORDPRESS_SMTP_FROM=${orga}-
- WORDPRESS_SMTP_FROM_NAME=${orga}-
labels:
- "traefik.enable=true"
- "traefik.http.routers.${orga}${wordpressServName}.rule=Host(`${orga}${wordpressHost}.${domain}`){{FOREIGN_WP}}"
- "traefik.http.routers.${orga}-${wordpressServName}.rule=Host(`${orga}-${wordpressHost}.${domain}`){{FOREIGN_WP}}"
volumes:
- wordpress:/var/www/html
# - ../../config/orgaTmpl/wp:/usr/local/bin/wp:ro
@@ -154,12 +154,12 @@ services:
#{{wiki
dokuwiki:
image: mprasil/dokuwiki
container_name: ${orga}${dokuwikiServName}
container_name: ${orga}-${dokuwikiServName}
#disk_quota: 10G
restart: ${restartPolicy}
labels:
- "traefik.enable=true"
- "traefik.http.routers.${orga}${dokuwikiServName}.rule=Host(`${orga}${dokuwikiHost}.${domain}`){{FOREIGN_DW}}"
- "traefik.http.routers.${orga}-${dokuwikiServName}.rule=Host(`${orga}-${dokuwikiHost}.${domain}`){{FOREIGN_DW}}"
volumes:
- wikiData:/dokuwiki/data
- wikiConf:/dokuwiki/conf
@@ -175,7 +175,7 @@ services:
#{{castopod
castopod:
image: castopod/castopod:latest
container_name: ${orga}${castopodServName}
container_name: ${orga}-${castopodServName}
#disk_quota: 10G
restart: ${restartPolicy}
# memory: 1G
@@ -193,27 +193,27 @@ services:
volumes:
- castopodMedia:/var/www/castopod/public/media
environment:
CP_BASEURL: "https://${orga}${castopodHost}.${domain}"
CP_BASEURL: "https://${orga}-${castopodHost}.${domain}"
CP_ANALYTICS_SALT: qldsgfliuzrbhgmkjbdbmkvb
VIRTUAL_PORT: 8000
CP_CACHE_HANDLER: redis
CP_REDIS_HOST: redis
CP_DATABASE_HOSTNAME: db
env_file:
- ../../secret/env-${castopodServName}
- ../../secret/env-${castopodDBName}
- ../../secret/orgas/${orga}/env-${castopodServName}
- ../../secret/orgas/${orga}/env-${castopodDBName}
labels:
- "traefik.enable=true"
- "traefik.http.routers.${orga}${castopodServName}.rule=Host(`${orga}${castopodHost}.${domain}`){{FOREIGN_POD}}"
- "traefik.http.routers.${orga}-${castopodServName}.rule=Host(`${orga}-${castopodHost}.${domain}`){{FOREIGN_POD}}"
redis:
image: redis:7.0-alpine
container_name: ${orga}castopodCache
container_name: ${orga}-castopodCache
volumes:
- castopodCache:/data
networks:
- orgaNet
env_file:
- ../../secret/env-${castopodServName}
- ../../secret/orgas/${orga}/env-${castopodServName}
command: --requirepass ${castopodRedisPassword}
#}}
#{{spip
@@ -225,16 +225,16 @@ services:
links:
- db
env_file:
- ../../secret/env-${spipServName}
- ../../secret/orgas/${orga}/env-${spipServName}
environment:
- SPIP_AUTO_INSTALL=1
- SPIP_DB_HOST=db
- SPIP_SITE_ADDRESS=https://${orga}${spipHost}.${domain}
- SPIP_SITE_ADDRESS=https://${orga}-${spipHost}.${domain}
expose:
- 80
labels:
- "traefik.enable=true"
- "traefik.http.routers.${orga}${spipServName}.rule=Host(`${orga}${spipHost}.${domain}`){{FOREIGN_SPIP}}"
- "traefik.http.routers.${orga}-${spipServName}.rule=Host(`${orga}-${spipHost}.${domain}`){{FOREIGN_SPIP}}"
networks:
- orgaNet
volumes:
@@ -250,84 +250,84 @@ volumes:
#{{db
orgaDB:
external: true
name: orga_${orga}orgaDB
name: orga_${orga}-orgaDB
#}}
#{{agora
matterConfig:
external: true
name: orga_${orga}matterConfig
name: orga_${orga}-matterConfig
matterData:
external: true
name: orga_${orga}matterData
name: orga_${orga}-matterData
matterLogs:
external: true
name: orga_${orga}matterLogs
name: orga_${orga}-matterLogs
matterPlugins:
external: true
name: orga_${orga}matterPlugins
name: orga_${orga}-matterPlugins
matterClientPlugins:
external: true
name: orga_${orga}matterClientPlugins
name: orga_${orga}-matterClientPlugins
matterIcons:
external: true
name: matterIcons
#{{cloud
cloudMain:
external: true
name: orga_${orga}cloudMain
name: orga_${orga}-cloudMain
cloudData:
external: true
name: orga_${orga}cloudData
name: orga_${orga}-cloudData
cloudConfig:
external: true
name: orga_${orga}cloudConfig
name: orga_${orga}-cloudConfig
cloudApps:
external: true
name: orga_${orga}cloudApps
name: orga_${orga}-cloudApps
cloudCustomApps:
external: true
name: orga_${orga}cloudCustomApps
name: orga_${orga}-cloudCustomApps
cloudThemes:
external: true
name: orga_${orga}cloudThemes
name: orga_${orga}-cloudThemes
cloudPhp:
external: true
name: orga_${orga}cloudPhp
name: orga_${orga}-cloudPhp
#}}
#{{wiki
wikiData:
external: true
name: orga_${orga}wikiData
name: orga_${orga}-wikiData
wikiConf:
external: true
name: orga_${orga}wikiConf
name: orga_${orga}-wikiConf
wikiPlugins:
external: true
name: orga_${orga}wikiPlugins
name: orga_${orga}-wikiPlugins
wikiLibtpl:
external: true
name: orga_${orga}wikiLibtpl
name: orga_${orga}-wikiLibtpl
wikiLogs:
external: true
name: orga_${orga}wikiLogs
name: orga_${orga}-wikiLogs
#}}
#{{wp
wordpress:
external: true
name: orga_${orga}wordpress
name: orga_${orga}-wordpress
#}}
#{{castopod
castopodMedia:
external: true
name: orga_${orga}castopodMedia
name: orga_${orga}-castopodMedia
castopodCache:
external: true
name: orga_${orga}castopodCache
name: orga_${orga}-castopodCache
#}}
#{{spip
spip:
external: true
name: orga_${orga}spip
name: orga_${orga}-spip
#}}
@@ -335,7 +335,7 @@ volumes:
networks:
orgaNet:
external: true
name: ${orga}orgaNet
name: ${orga}-orgaNet
# postfixNet:
# external:
# name: postfixNet

1
config/orgaTmpl/init-db.sh
View File

@@ -4,7 +4,6 @@ KAZ_ROOT=$(cd $(dirname $0)/../..; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars
. "${DOCKERS_ENV}"
. "${KAZ_KEY_DIR}/SetAllPass.sh"
cd $(dirname $0)
ORGA_DIR="$(basename "$(pwd)")"

15
config/orgaTmpl/orga-gen.sh
View File

@@ -389,7 +389,7 @@ update() {
-e "s/{{FOREIGN_DW}}/${FOREIGN_DW}/"\
-e "s/{{FOREIGN_POD}}/${FOREIGN_POD}/"\
-e "s/{{FOREIGN_SPIP}}/${FOREIGN_SPIP}/"\
-e "s|\${orga}|${ORGA}-|g"
-e "s|\${orga}|${ORGA}|g"
) > "$2"
sed "s/storage_opt:.*/storage_opt: ${quota}/g" -i "$2"
}
@@ -412,13 +412,18 @@ if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then
ln -sf ../../config/orgaTmpl/orga-gen.sh
ln -sf ../../config/orgaTmpl/orga-rm.sh
ln -sf ../../config/orgaTmpl/init-paheko.sh
ln -sf ../../config/orgaTmpl/initdb.d/
#ln -sf ../../config/orgaTmpl/initdb.d/
ln -sf ../../config/orgaTmpl/app/
ln -sf ../../config/orgaTmpl/wiki-conf/
ln -sf ../../config/orgaTmpl/reload.sh
ln -sf ../../config/orgaTmpl/init-db.sh
fi
if [ ! -d "${KAZ_KEY_DIR}/orgas/$ORGA/" ]; then
rsync -a "${KAZ_CONF_DIR}/orgaTmpl/secret.tmpl/" "${KAZ_KEY_DIR}/orgas/$ORGA/"
${KAZ_BIN_DIR}/secretGen.sh -d $ORGA
fi
if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then
# ########## update ${DOCKERS_ENV}
if ! grep -q "proxy_orga=" .env 2> /dev/null
@@ -438,6 +443,12 @@ if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then
fi
if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then
# ########## create network
## GAEL bizarre, je pense que c'est déjà fait qque part, mais chez moi ça veut pas ...
docker network create "${ORGA}-orgaNet"
# ########## create volume
./init-volume.sh
fi

2
config/orgaTmpl/orga-rm.sh
View File

@@ -40,6 +40,8 @@ remove () {
sed -i -e "/proxy_${ORGA_FLAG}=/d" "${DOCKERS_ENV}"
sed -i -e "/^${ORGA}-orga$/d" "${ORGA_LIST}"
rm -fr "${KAZ_COMP_DIR}/${ORGA}-orga"
rm -fr "${KAZ_KEY_DIR}/orgas/${ORGA}"
exit;;
[Nn]* )

3
config/orgaTmpl/secret.tmpl/env-castopodAdmin Normal file
View File

@@ -0,0 +1,3 @@
ADMIN_USER=@@pass@@castopod2@@p@@
ADMIN_MAIL=admin@@@globalvar@@domain@@gv@@
ADMIN_PASSWORD=@@pass@@castopod3@@p@@

4
config/orgaTmpl/secret.tmpl/env-castopodDB Normal file
View File

@@ -0,0 +1,4 @@
MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
MYSQL_USER=@@user@@castopod1@@u@@
MYSQL_PASSWORD=@@pass@@castopod1@@p@@
MYSQL_DATABASE=@@db@@castopod1@@d@@

7
config/orgaTmpl/secret.tmpl/env-castopodServ Normal file
View File

@@ -0,0 +1,7 @@
CP_EMAIL_SMTP_HOST=
CP_EMAIL_FROM=
CP_EMAIL_SMTP_USERNAME=
CP_EMAIL_SMTP_PASSWORD=
CP_EMAIL_SMTP_PORT=
CP_EMAIL_SMTP_CRYPTO=
CP_REDIS_PASSWORD=

9
config/orgaTmpl/secret.tmpl/env-mattermostDB Normal file
View File

@@ -0,0 +1,9 @@
MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
MYSQL_DATABASE=@@db@@mattermost@@d@@
MYSQL_USER=@@user@@mattermost@@u@@
MYSQL_PASSWORD=@@pass@@mattermost@@p@@
POSTGRES_USER=@@user@@mattermost@@u@@
POSTGRES_PASSWORD=@@pass@@mattermost@@p@@
POSTGRES_DB=@@db@@mattermost@@d@@

9
config/orgaTmpl/secret.tmpl/env-mattermostServ Normal file
View File

@@ -0,0 +1,9 @@
MM_ADMIN_EMAIL=@@globalvar@@matterHost@@gv@@@@@globalvar@@domain@@gv@@
MM_ADMIN_USER=@@user@@mattermost2@@u@@
MM_ADMIN_PASSWORD=@@pass@@mattermost2@@p@@
MM_SQLSETTINGS_DRIVERNAME=postgres
MM_SQLSETTINGS_DATASOURCE=postgres://@@user@@mattermost@@u@@:@@pass@@mattermost@@p@@@postgres:5432/@@db@@mattermost@@d@@?sslmode=disable&connect_timeout=10

8
config/orgaTmpl/secret.tmpl/env-nextcloudDB Normal file
View File

@@ -0,0 +1,8 @@
MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
MYSQL_DATABASE=@@db@@nextcloud@@d@@
MYSQL_USER=@@user@@nextcloud@@u@@
MYSQL_PASSWORD=@@pass@@nextcloud@@p@@
#NC_MYSQL_USER=
#NC_MYSQL_PASSWORD=

5
config/orgaTmpl/secret.tmpl/env-nextcloudServ Normal file
View File

@@ -0,0 +1,5 @@
NEXTCLOUD_ADMIN_USER=@@user@@nextcloudadmin@@u@@
NEXTCLOUD_ADMIN_PASSWORD=@@pass@@nextcloudadmin@@p@@
MYSQL_HOST=db
RAIN_LOOP=@@pass@@rainloop@@p@@

4
config/orgaTmpl/secret.tmpl/env-spipDB Normal file
View File

@@ -0,0 +1,4 @@
MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
MYSQL_DATABASE=@@db@@spip@@d@@
MYSQL_USER=@@user@@spip@@u@@
MYSQL_PASSWORD=@@pass@@spip@@p@@

10
config/orgaTmpl/secret.tmpl/env-spipServ Normal file
View File

@@ -0,0 +1,10 @@
SPIP_AUTO_INSTALL=1
SPIP_DB_SERVER=mysql
SPIP_DB_NAME=@@db@@spip@@d@@
SPIP_DB_LOGIN=@@user@@spip@@u@@
SPIP_DB_PASS=@@pass@@spip@@p@@
SPIP_ADMIN_NAME=admin
SPIP_ADMIN_LOGIN=@@user@@spipadmin@@u@@
SPIP_ADMIN_EMAIL=admin@@@globalvar@@domain@@gv@@
SPIP_ADMIN_PASS=@@pass@@spipadmin@@p@@
PHP_TIMEZONE=Europe/Paris

4
config/orgaTmpl/secret.tmpl/env-wpDB Normal file
View File

@@ -0,0 +1,4 @@
MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
MYSQL_DATABASE=@@db@@wp@@d@@
MYSQL_USER=@@user@@wp@@u@@
MYSQL_PASSWORD=@@pass@@wp@@p@@

8
config/orgaTmpl/secret.tmpl/env-wpServ Normal file
View File

@@ -0,0 +1,8 @@
# share with wpDB
WORDPRESS_DB_HOST=db:3306
WORDPRESS_ADMIN_USER=@@user@@adminwp@@u@@
WORDPRESS_ADMIN_PASSWORD=@@pass@@adminwp@@p@@
WORDPRESS_DB_NAME=@@db@@wp@@d@@
WORDPRESS_DB_USER=@@user@@wp@@u@@
WORDPRESS_DB_PASSWORD=@@pass@@wp@@p@@

1
dockers/castopod/first.sh
View File

@@ -6,7 +6,6 @@ setKazVars
cd $(dirname $0)
. "${DOCKERS_ENV}"
. "${KAZ_KEY_DIR}/SetAllPass.sh"
"${KAZ_BIN_DIR}/gestContainers.sh" --install -M -castopod

1
dockers/cloud/first.sh
View File

@@ -4,7 +4,6 @@ KAZ_ROOT=$(cd $(dirname $0)/../..; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars
. "${DOCKERS_ENV}"
. $KAZ_ROOT/secret/SetAllPass.sh
${KAZ_BIN_DIR}/gestContainers.sh --install -M -cloud

102
dockers/cloud/up.sh
View File

@@ -1,102 +0,0 @@
#!/bin/bash
KAZ_ROOT=$(cd $(dirname $0)/../..; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars
. "${DOCKERS_ENV}"
. $KAZ_ROOT/secret/SetAllPass.sh
#"${KAZ_BIN_DIR}/initCloud.sh"
docker exec -ti -u 33 nextcloudServ /var/www/html/occ app:enable user_ldap
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:delete-config s01
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:create-empty-config
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapAgentName cn=cloud,ou=applications,${ldap_root}
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapAgentPassword ${ldap_LDAP_CLOUD_PASSWORD}
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapAgentPassword ${ldap_LDAP_CLOUD_PASSWORD}
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapBase ${ldap_root}
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapBaseGroups ${ldap_root}
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapBaseUsers ou=users,${ldap_root}
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapExpertUsernameAttr identifiantKaz
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapHost ${ldapServName}
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapPort 389
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapTLS 0
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapLoginFilter "(&(objectclass=nextcloudAccount)(|(cn=%uid)(identifiantKaz=%uid)))"
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapQuotaAttribute nextcloudQuota
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapUserFilter "(&(objectclass=nextcloudAccount)(nextcloudEnabled=TRUE))"
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapUserFilterObjectclass nextcloudAccount
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapEmailAttribute mail
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapUserDisplayName cn
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapUserFilterMode 1
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapConfigurationActive 1
# Dans le mariadb, pour permettre au ldap de reprendre la main : delete from oc_users where uid<>'admin';
# docker exec -i nextcloudDB mysql --user=<user> --password=<password> <db> <<< "delete from oc_users where uid<>'admin';"
# Doc : https://help.nextcloud.com/t/migration-to-ldap-keeping-users-and-data/13205
# Exemple de table/clés :
# +-------------------------------+----------------------------------------------------------+
# | Configuration | s01 |
# +-------------------------------+----------------------------------------------------------+
# | hasMemberOfFilterSupport | 0 |
# | homeFolderNamingRule | |
# | lastJpegPhotoLookup | 0 |
# | ldapAgentName | cn=cloud,ou=applications,dc=kaz,dc=sns |
# | ldapAgentPassword | *** |
# | ldapAttributesForGroupSearch | |
# | ldapAttributesForUserSearch | |
# | ldapBackgroundHost | |
# | ldapBackgroundPort | |
# | ldapBackupHost | |
# | ldapBackupPort | |
# | ldapBase | ou=users,dc=kaz,dc=sns |
# | ldapBaseGroups | ou=users,dc=kaz,dc=sns |
# | ldapBaseUsers | ou=users,dc=kaz,dc=sns |
# | ldapCacheTTL | 600 |
# | ldapConfigurationActive | 1 |
# | ldapConnectionTimeout | 15 |
# | ldapDefaultPPolicyDN | |
# | ldapDynamicGroupMemberURL | |
# | ldapEmailAttribute | mail |
# | ldapExperiencedAdmin | 0 |
# | ldapExpertUUIDGroupAttr | |
# | ldapExpertUUIDUserAttr | |
# | ldapExpertUsernameAttr | uid |
# | ldapExtStorageHomeAttribute | |
# | ldapGidNumber | gidNumber |
# | ldapGroupDisplayName | cn |
# | ldapGroupFilter | |
# | ldapGroupFilterGroups | |
# | ldapGroupFilterMode | 0 |
# | ldapGroupFilterObjectclass | |
# | ldapGroupMemberAssocAttr | |
# | ldapHost | ldap |
# | ldapIgnoreNamingRules | |
# | ldapLoginFilter | (&(|(objectclass=nextcloudAccount))(cn=%uid)) |
# | ldapLoginFilterAttributes | |
# | ldapLoginFilterEmail | 0 |
# | ldapLoginFilterMode | 0 |
# | ldapLoginFilterUsername | 1 |
# | ldapMatchingRuleInChainState | unknown |
# | ldapNestedGroups | 0 |
# | ldapOverrideMainServer | |
# | ldapPagingSize | 500 |
# | ldapPort | 389 |
# | ldapQuotaAttribute | nextcloudQuota |
# | ldapQuotaDefault | |
# | ldapTLS | 0 |
# | ldapUserAvatarRule | default |
# | ldapUserDisplayName | cn |
# | ldapUserDisplayName2 | |
# | ldapUserFilter | (&(objectclass=nextcloudAccount)(nextcloudEnabled=TRUE)) |
# | ldapUserFilterGroups | |
# | ldapUserFilterMode | 1 |
# | ldapUserFilterObjectclass | nextcloudAccount |
# | ldapUuidGroupAttribute | auto |
# | ldapUuidUserAttribute | auto |
# | turnOffCertCheck | 0 |
# | turnOnPasswordChange | 0 |
# | useMemberOfToDetectMembership | 1 |
# +-------------------------------+----------------------------------------------------------+

1
dockers/mattermost/first.sh
View File

@@ -6,7 +6,6 @@ setKazVars
cd $(dirname $0)
. "${DOCKERS_ENV}"
. "${KAZ_KEY_DIR}/SetAllPass.sh"
"${KAZ_BIN_DIR}/gestContainers.sh" --install -M -agora

1
dockers/peertube/.env Symbolic link
View File

@@ -0,0 +1 @@
../../config/dockers.env

1
dockers/spip/.env Symbolic link
View File

@@ -0,0 +1 @@
../../config/dockers.env

1
dockers/sympa/first.sh
View File

@@ -6,7 +6,6 @@ setKazVars
cd $(dirname $0)
. "${DOCKERS_ENV}"
. "${KAZ_KEY_DIR}/SetAllPass.sh"
DockerServName="${sympaServName}"

11
secret.tmpl/Readme.txt
View File

@@ -1,11 +0,0 @@
Mise à jour des mots de passe
L'idée c'est d'extraire la gestion des mots de passe de l'installation.
Tous les mots de passe sont dans un fichier "SetAllPass.sh" que des scripts vont chercher.
updateDockerPassword.sh met à jours les fichiers d'environnement de mots de passe utilisé par docker-compose.
(Il y a un problème pour mettre à jour le mot de passe d'une BD si son conteneur n'est pas en route)
Les modifications sont prises en compte que lors de la création de nouveaux conteneurs (les données permanentes (mot de passe) dans les volumes ne sont pas changées)

4
secret.tmpl/env-borg
View File

@@ -1,10 +1,10 @@
VOLUME_SAUVEGARDES=
BORG_REPO=
BORG_PASSPHRASE="@@token@@borg@@tk@@"
BORG_PASSPHRASE=@@token@@borg@@t@@
BORGLOG="/var/log/borg"
BORG_FIC_DEL="/tmp/sauvegarde_supp.txt"
BORG_EXCLUDE_BACKUP=
MAIL_RAPPORT=
MAIL_RAPPORT=a@@@globalvar@@domain@@gv@@;b@@@globalvar@@domain@@gv@@;c@@@globalvar@@domain@@gv@@
LISTREPSAUV=
BORGMOUNT="/mnt/repo_borg"
MAILOK=

4
secret.tmpl/env-castopodAdmin
View File

@@ -1,3 +1,3 @@
ADMIN_USER="@@pass@@castopod2@@pass@@"
ADMIN_USER=@@pass@@castopod2@@p@@
ADMIN_MAIL=admin@@@globalvar@@domain@@gv@@
ADMIN_PASSWORD="@@pass@@castopod3@@pass@@"
ADMIN_PASSWORD=@@pass@@castopod3@@p@@

8
secret.tmpl/env-castopodDB
View File

@@ -1,4 +1,4 @@
MYSQL_ROOT_PASSWORD="@@pass@@castopod@@p@@"
MYSQL_USER="@@user@@castopod1@@u@@"
MYSQL_PASSWORD="@@pass@@castopod1@@p@@"
MYSQL_DATABASE="@@db@@castopod1@@d@@"
MYSQL_ROOT_PASSWORD=@@pass@@castopod@@p@@
MYSQL_USER=@@user@@castopod1@@u@@
MYSQL_PASSWORD=@@pass@@castopod1@@p@@
MYSQL_DATABASE=@@db@@castopod1@@d@@

2
secret.tmpl/env-dokuwikiServ
View File

@@ -1,4 +1,4 @@
WIKI_ROOT=Kaz
WIKI_EMAIL=wiki@@@globalvar@@domain@@gv@@
WIKI_PASSWORD="@@pass@@dokuwiki@@pass@@"
WIKI_PASSWORD=@@pass@@dokuwiki@@p@@

8
secret.tmpl/env-etherpadDB
View File

@@ -1,5 +1,5 @@
MYSQL_ROOT_PASSWORD="@@pass@@etherpadroot@@p@@"
MYSQL_DATABASE="@@db@@etherpad@@d@@"
MYSQL_USER="@@user@@etherpad@@u@@"
MYSQL_PASSWORD="@@pass@@etherpad@@p@@"
MYSQL_ROOT_PASSWORD=@@pass@@etherpadroot@@p@@
MYSQL_DATABASE=@@db@@etherpad@@d@@
MYSQL_USER=@@user@@etherpad@@u@@
MYSQL_PASSWORD=@@pass@@etherpad@@p@@

20
secret.tmpl/env-etherpadServ
View File

@@ -1,17 +1,17 @@
# share with padDB
DB_NAME="@@db@@etherpad@@d@@"
DB_USER="@@user@@etherpad@@u@@"
DB_PASS="@@pass@@etherpad@@p@@"
DB_NAME=@@db@@etherpad@@d@@
DB_USER=@@user@@etherpad@@u@@
DB_PASS=@@pass@@etherpad@@p@@
DB_TYPE="mysql"
DB_HOST="padDB"
DB_PORT="3306"
DB_TYPE=mysql
DB_HOST=padDB
DB_PORT=3306
#DB_CHARSET=
ADMIN_PASSWORD="@@pass@@etherpadadmin@@p@@"
ADMIN_PASSWORD=@@pass@@etherpadadmin@@p@@
TITLE="KazPad"
PAD_OPTIONS_LANG="fr"
TRUST_PROXY="true"
TITLE=KazPad
PAD_OPTIONS_LANG=fr
TRUST_PROXY=true
DEFAULT_PAD_TEXT=" Ce texte est à effacer (après lecture si cest votre première visite) ou à conserver en bas de votre pad \n\nBienvenue sur notre PAD !\n\n➡ Comment commencer ?\n• Renseignez votre nom ou pseudo, en cliquant sur licône « utilisateur » en haut à droite.\n• Choisissez votre couleur d'écriture au même endroit.\n• Lancez-vous : écrivez sur votre pad !\n• Les contributions de chacun se synchronisent « en temps réel » sous leur propre couleur.\n\n➡ Comment partager / collaborer ?\n• Sélectionnez et copiez l'URL (l'adresse web dans la grande barre en haut à gauche du navigateur)\n• Partagez-là à vos collaborateurs et collaboratrices (email, messagerie, etc.)\n• Attention : toute personne ayant cette adresse d'accès peut modifier le pad à sa convenance.\n• Utilisez l'onglet chat (en bas à droite) pour séparer les discussions du texte sur lequel vous travaillez.\n\n➡ Comment sauvegarder ?\n• Il n'y a rien à faire : le texte est automatiquement sauvegardé, à chaque caractère tapé.\n• Marquez une version (un état du pad) en cliquant sur licône « étoile ».\n• Retrouvez toute l'évolution du pad et vos versions marquées d'une étoile dans lhistorique (icône « horloge »).\n• Importez et exportez votre texte avec l'icône « double flèche » (formats HTML, texte brut, PDF, ODF…) ou avec un copier/coller.\n\nImportant ! Noubliez pas de conserver quelque part ladresse web (URL) de votre pad.\n\nBon travail collaboratif :)\n\n Ce texte est à effacer (après lecture si cest votre première visite) \n\n**ATTENTION**\nCETTE INSTANCE PROPOSE DES PADS À EFFACEMENT AUTOMATIQUE !\n\nVOS PADS SERONT AUTOMATIQUEMENT SUPPRIMÉS AU BOUT DE 62 JOURS (2 MOIS) SANS ÉDITION !\n\nSi le contenu de votre pad bimestriel a été effacé, c'est qu'il n'avait pas été modifié depuis plus de 62 jours consécutifs.\n"

8
secret.tmpl/env-framadateDB
View File

@@ -1,5 +1,5 @@
MYSQL_ROOT_PASSWORD="@@pass@@framadateroot@@p@@"
MYSQL_DATABASE="@@db@@framadatedb@@d@@"
MYSQL_USER="@@user@@framadatedb@@u@@"
MYSQL_PASSWORD="@@pass@@framadatedb@@p@@"
MYSQL_ROOT_PASSWORD=@@pass@@framadateroot@@p@@
MYSQL_DATABASE=@@db@@framadatedb@@d@@
MYSQL_USER=@@user@@framadatedb@@u@@
MYSQL_PASSWORD=@@pass@@framadatedb@@p@@

4
secret.tmpl/env-framadateServ
View File

@@ -1,3 +1,3 @@
HTTPD_USER="@@user@@framadate@@u@@"
HTTPD_PASSWORD="@@pass@@framadate2@@p@@"
HTTPD_USER=@@user@@framadate@@u@@
HTTPD_PASSWORD=@@pass@@framadate2@@p@@

8
secret.tmpl/env-gitDB
View File

@@ -1,5 +1,5 @@
MYSQL_ROOT_PASSWORD="@@pass@@gitroot@@p@@"
MYSQL_DATABASE="@@db@@gitdb@@d@@"
MYSQL_USER="@@user@@gitdb@@u@@"
MYSQL_PASSWORD="@@pass@@gitdb@@p@@"
MYSQL_ROOT_PASSWORD=@@pass@@gitroot@@p@@
MYSQL_DATABASE=@@db@@gitdb@@d@@
MYSQL_USER=@@user@@gitdb@@u@@
MYSQL_PASSWORD=@@pass@@gitdb@@p@@

4
secret.tmpl/env-gitServ
View File

@@ -1,3 +1,3 @@
user_admin="@@user@@git@@u@@"
pass_admin="@@pass@@git@@p@@"
user_admin=@@user@@git@@u@@
pass_admin=@@pass@@git@@p@@
admin_email=admin@@@globalvar@@domain@@gv@@

2
secret.tmpl/env-jirafeauServ
View File

@@ -1,2 +1,2 @@
HTTPD_PASSWORD=
HTTPD_PASSWORD=@@pass@@jirafeau@@pass@@

18
secret.tmpl/env-ldapServ
View File

@@ -1,9 +1,9 @@
LDAP_ADMIN_USERNAME="@@user@@ldap@@u@@"
LDAP_ADMIN_PASSWORD="@@pass@@ldap@@p@@"
LDAP_CONFIG_ADMIN_USERNAME="@@user@@ldapconfig@@u@@"
LDAP_CONFIG_ADMIN_PASSWORD="@@pass@@ldapconfig@@p@@"
LDAP_POSTFIX_PASSWORD="@@pass@@ldappostfix@@p@@"
LDAP_LDAPUI_PASSWORD="@@pass@@ldapui@@p@@"
LDAP_MATTERMOST_PASSWORD="@@pass@@ldapmm@@p@@"
LDAP_CLOUD_PASSWORD="@@pass@@ldapcloud@@p@@"
LDAP_MOBILIZON_PASSWORD="@@pass@@ldapmobilizon@@p@@"
LDAP_ADMIN_USERNAME=@@user@@ldap@@u@@
LDAP_ADMIN_PASSWORD=@@pass@@ldap@@p@@
LDAP_CONFIG_ADMIN_USERNAME=@@user@@ldapconfig@@u@@
LDAP_CONFIG_ADMIN_PASSWORD=@@pass@@ldapconfig@@p@@
LDAP_POSTFIX_PASSWORD=@@pass@@ldappostfix@@p@@
LDAP_LDAPUI_PASSWORD=@@pass@@ldapui@@p@@
LDAP_MATTERMOST_PASSWORD=@@pass@@ldapmm@@p@@
LDAP_CLOUD_PASSWORD=@@pass@@ldapcloud@@p@@
LDAP_MOBILIZON_PASSWORD=@@pass@@ldapmobilizon@@p@@

8
secret.tmpl/env-ldapUI
View File

@@ -1,9 +1,9 @@
LDAPUI_URI=ldap://ldap
LDAPUI_BASE_DN="@@globalvar@@ldap_root@@gv@@"
LDAPUI_BASE_DN=@@globalvar@@ldap_root@@gv@@
LDAPUI_REQUIRE_STARTTLS=FALSE
LDAPUI_ADMINS_GROUP=admins
LDAPUI_ADMIN_BIND_DN=cn=ldapui,ou=applications,@@globalvar@@ldap_root@@gv@@
LDAPUI_ADMIN_BIND_PWD="@@pass@@ldapui@@p@@"
LDAPUI_ADMIN_BIND_PWD=@@pass@@ldapui@@p@@
LDAPUI_IGNORE_CERT_ERRORS=TRUE
LDAPUI_PASSWORD="@@pass@@ldapuipass@@p@@"
LDAPUI_MM_ADMIN_TOKEN="@@crossvar@@mattermostAdmin_mattermost_token@@cv@@"
LDAPUI_PASSWORD=@@pass@@ldapuipass@@p@@
LDAPUI_MM_ADMIN_TOKEN=@@crossvar@@mattermostAdmin_mattermost_token@@cv@@

4
secret.tmpl/env-mail
View File

@@ -1,2 +1,2 @@
service_mail=
service_password="@@pass@@servicemail@@pass@@"
service_mail=admin@@@globalvar@@domain@@gv@@
service_password=@@pass@@servicemail@@p@@

12
secret.tmpl/env-mastodonDB
View File

@@ -1,6 +1,6 @@
DB_USER="@@user@@mastodon@@u@@"
DB_NAME="@@db@@mastodon@@d@@"
DB_PASS="@@pass@@mastodon@@p@@"
POSTGRES_USER="@@user@@postgresmasto@@u@@"
POSTGRES_PASSWORD="@@pass@@postgresmasto@@p@@"
POSTGRES_DB="@@db@@mastodon@@d@@"
DB_USER=@@user@@mastodon@@u@@
DB_NAME=@@db@@mastodon@@d@@
DB_PASS=@@pass@@mastodon@@p@@
POSTGRES_USER=@@user@@postgresmasto@@u@@
POSTGRES_PASSWORD=@@pass@@postgresmasto@@p@@
POSTGRES_DB=@@db@@mastodon@@d@@

4
secret.tmpl/env-mastodonServ
View File

@@ -1,9 +1,9 @@
SECRET_KEY_BASE=
OTP_SECRET="@@token@@masto-otp@@token@@"
OTP_SECRET=@@token@@masto-otp@@t@@
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=
VAPID_PRIVATE_KEY==
VAPID_PRIVATE_KEY=
VAPID_PUBLIC_KEY=
SMTP_PASSWORD=
EMAIL_DOMAIN_ALLOWLIST=

6
secret.tmpl/env-mattermostAdmin
View File

@@ -1,4 +1,4 @@
mattermost_user="@@user@@mattermost2@@u@@"
mattermost_pass="@@pass@@mattermost2@@p@@"
mattermost_token="@@token@@mattermost@@t@@"
mattermost_user=@@user@@mattermost2@@u@@
mattermost_pass=@@pass@@mattermost2@@p@@
mattermost_token=@@token@@mattermost@@t@@

14
secret.tmpl/env-mattermostDB
View File

@@ -1,9 +1,9 @@
MYSQL_ROOT_PASSWORD="@@pass@@mattermostroot@@p@@"
MYSQL_DATABASE="@@db@@mattermost@@d@@"
MYSQL_USER="@@user@@mattermost@@u@@"
MYSQL_PASSWORD="@@pass@@mattermost@@p@@"
MYSQL_ROOT_PASSWORD=@@pass@@mattermostroot@@p@@
MYSQL_DATABASE=@@db@@mattermost@@d@@
MYSQL_USER=@@user@@mattermost@@u@@
MYSQL_PASSWORD=@@pass@@mattermost@@p@@
POSTGRES_USER="@@user@@mattermost@@u@@"
POSTGRES_PASSWORD="@@pass@@mattermost@@p@@"
POSTGRES_DB="@@db@@mattermost@@d@@"
POSTGRES_USER=@@user@@mattermost@@u@@
POSTGRES_PASSWORD=@@pass@@mattermost@@p@@
POSTGRES_DB=@@db@@mattermost@@d@@

6
secret.tmpl/env-mattermostServ
View File

@@ -1,7 +1,7 @@
MM_ADMIN_EMAIL="@@globalvar@@matterHost@@gv@@@@@globalvar@@domain@@gv@@"
MM_ADMIN_USER="@@user@@mattermost2@@u@@"
MM_ADMIN_PASSWORD="@@pass@@mattermost2@@u@@"
MM_ADMIN_EMAIL=@@globalvar@@matterHost@@gv@@@@@globalvar@@domain@@gv@@
MM_ADMIN_USER=@@user@@mattermost2@@u@@
MM_ADMIN_PASSWORD=@@pass@@mattermost2@@p@@
MM_SQLSETTINGS_DRIVERNAME=postgres

8
secret.tmpl/env-nextcloudDB
View File

@@ -1,8 +1,8 @@
MYSQL_ROOT_PASSWORD="@@pass@@nextcloudroot@@p@@"
MYSQL_DATABASE="@@db@@nextcloud@@d@@"
MYSQL_USER="@@user@@nextcloud@@u@@"
MYSQL_PASSWORD="@@pass@@nextcloud@@p@@"
MYSQL_ROOT_PASSWORD=@@pass@@nextcloudroot@@p@@
MYSQL_DATABASE=@@db@@nextcloud@@d@@
MYSQL_USER=@@user@@nextcloud@@u@@
MYSQL_PASSWORD=@@pass@@nextcloud@@p@@
#NC_MYSQL_USER=
#NC_MYSQL_PASSWORD=

8
secret.tmpl/env-nextcloudServ
View File

@@ -1,5 +1,5 @@
NEXTCLOUD_ADMIN_USER="@@user@@nextcloudadmin@@u@@"
NEXTCLOUD_ADMIN_PASSWORD="@@pass@@nextcloudadmin@@p@@"
MYSQL_HOST="db"
RAIN_LOOP="@@pass@@rainloop@@p@@"
NEXTCLOUD_ADMIN_USER=@@user@@nextcloudadmin@@u@@
NEXTCLOUD_ADMIN_PASSWORD=@@pass@@nextcloudadmin@@p@@
MYSQL_HOST=db
RAIN_LOOP=@@pass@@rainloop@@p@@

4
secret.tmpl/env-officeServ
View File

@@ -1,3 +1,3 @@
username="@@user@@office@@u@@"
password="@@pass@@office@@p@@"
username=@@user@@office@@u@@
password=@@pass@@office@@p@@

4
secret.tmpl/env-paheko
View File

@@ -1,2 +1,2 @@
API_USER="@@user@@pahekoapi@@u@@"
API_PASSWORD="@@pass@@pahekoapi@@p@@"
API_USER=@@user@@pahekoapi@@u@@
API_PASSWORD=@@pass@@pahekoapi@@p@@

10
secret.tmpl/env-peertubeDB
View File

@@ -1,8 +1,8 @@
POSTGRES_USER="@@user@@peertube@@u@@"
POSTGRES_PASSWORD="@@pass@@peertube@@p@@"
POSTGRES_DB="@@db@@peertube@@d@@"
POSTGRES_USER=@@user@@peertube@@u@@
POSTGRES_PASSWORD=@@pass@@peertube@@p@@
POSTGRES_DB=@@db@@peertube@@d@@
PEERTUBE_DB_USERNAME="@@user@@peertube@@u@@"
PEERTUBE_DB_PASSWORD="@@pass@@peertube@@p@@"
PEERTUBE_DB_USERNAME=@@user@@peertube@@u@@
PEERTUBE_DB_PASSWORD=@@pass@@peertube@@p@@
PEERTUBE_DB_SSL=false
PEERTUBE_DB_HOSTNAME=peertubeDB

16
secret.tmpl/env-peertubeServ
View File

@@ -1,17 +1,17 @@
POSTGRES_USER="@@user@@peertube@@u@@"
POSTGRES_PASSWORD="@@pass@@peertube@@p@@"
POSTGRES_DB="@@db@@peertube@@d@@"
POSTGRES_USER=@@user@@peertube@@u@@
POSTGRES_PASSWORD=@@pass@@peertube@@p@@
POSTGRES_DB=@@db@@peertube@@d@@
PEERTUBE_DB_USERNAME="@@user@@peertube@@u@@"
PEERTUBE_DB_PASSWORD="@@pass@@peertube@@p@@"
PEERTUBE_DB_USERNAME=@@user@@peertube@@u@@
PEERTUBE_DB_PASSWORD=@@pass@@peertube@@p@@
PEERTUBE_DB_SSL=false
PEERTUBE_DB_HOSTNAME=peertubeDB
PEERTUBE_WEBSERVER_HOSTNAME="@@globalvar@@peertubeHost@@gv@@.@@globalvar@@domain@@gv@@"
PEERTUBE_WEBSERVER_HOSTNAME=@@globalvar@@peertubeHost@@gv@@.@@globalvar@@domain@@gv@@
PEERTUBE_TRUST_PROXY=['10.0.0.0/8', '127.0.0.1', 'loopback', '172.18.0.0/16']
PEERTUBE_SECRET="@@token@@peertube@@t@@"
PT_INITIAL_ROOT_PASSWORD="@@pass@@peertubeinitialroot@@p@@"
PEERTUBE_SECRET=@@token@@peertube@@t@@
PT_INITIAL_ROOT_PASSWORD=@@pass@@peertubeinitialroot@@p@@
#PEERTUBE_SMTP_USERNAME=
#PEERTUBE_SMTP_PASSWORD=

8
secret.tmpl/env-roundcubeDB
View File

@@ -1,4 +1,4 @@
MYSQL_ROOT_PASSWORD="@@pass@@roudcuberoot@@p@@"
MYSQL_DATABASE="@@db@@roudcube@@d@@"
MYSQL_USER="@@user@@roudcube@@u@@"
MYSQL_PASSWORD="@@pass@@roudcube@@p@@"
MYSQL_ROOT_PASSWORD=@@pass@@roudcuberoot@@p@@
MYSQL_DATABASE=@@db@@roudcube@@d@@
MYSQL_USER=@@user@@roudcube@@u@@
MYSQL_PASSWORD=@@pass@@roudcube@@p@@

10
secret.tmpl/env-roundcubeServ
View File

@@ -1,6 +1,6 @@
ROUNDCUBEMAIL_DB_TYPE="mysql"
ROUNDCUBEMAIL_DB_NAME="@@db@@roudcube@@d@@"
ROUNDCUBEMAIL_DB_USER="@@user@@roudcube@@u@@"
ROUNDCUBEMAIL_DB_PASSWORD="@@pass@@roudcube@@p@@"
ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE="1G"
ROUNDCUBEMAIL_DB_TYPE=mysql
ROUNDCUBEMAIL_DB_NAME=@@db@@roudcube@@d@@
ROUNDCUBEMAIL_DB_USER=@@user@@roudcube@@u@@
ROUNDCUBEMAIL_DB_PASSWORD=@@pass@@roudcube@@p@@
ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE=1G

8
secret.tmpl/env-spipDB
View File

@@ -1,4 +1,4 @@
MYSQL_ROOT_PASSWORD="@@pass@@spiproot@@p@@"
MYSQL_DATABASE="@@db@@spip@@d@@"
MYSQL_USER="@@user@@spip@@u@@"
MYSQL_PASSWORD="@@pass@@spip@@p@@"
MYSQL_ROOT_PASSWORD=@@pass@@spiproot@@p@@
MYSQL_DATABASE=@@db@@spip@@d@@
MYSQL_USER=@@user@@spip@@u@@
MYSQL_PASSWORD=@@pass@@spip@@p@@

14
secret.tmpl/env-spipServ
View File

@@ -1,10 +1,10 @@
SPIP_AUTO_INSTALL=1
SPIP_DB_SERVER=mysql
SPIP_DB_NAME="@@db@@spip@@d@@"
SPIP_DB_LOGIN="@@user@@spip@@u@@"
SPIP_DB_PASS="@@pass@@spip@@p@@"
SPIP_ADMIN_NAME="admin"
SPIP_ADMIN_LOGIN="@@user@@spipadmin@@u@@"
SPIP_DB_NAME=@@db@@spip@@d@@
SPIP_DB_LOGIN=@@user@@spip@@u@@
SPIP_DB_PASS=@@pass@@spip@@p@@
SPIP_ADMIN_NAME=admin
SPIP_ADMIN_LOGIN=@@user@@spipadmin@@u@@
SPIP_ADMIN_EMAIL=admin@@@globalvar@@domain@@gv@@
SPIP_ADMIN_PASS="@@pass@@spipadmin@@p@@"
PHP_TIMEZONE="Europe/Paris"
SPIP_ADMIN_PASS=@@pass@@spipadmin@@p@@
PHP_TIMEZONE=Europe/Paris

8
secret.tmpl/env-sympaDB
View File

@@ -1,4 +1,4 @@
MYSQL_ROOT_PASSWORD="@@pass@@symparoot@@p@@"
MYSQL_DATABASE="@@db@@sympa@@d@@"
MYSQL_USER="@@user@@sympa@@u@@"
MYSQL_PASSWORD="@@pass@@sympa@@p@@"
MYSQL_ROOT_PASSWORD=@@pass@@symparoot@@p@@
MYSQL_DATABASE=@@db@@sympa@@d@@
MYSQL_USER=@@user@@sympa@@u@@
MYSQL_PASSWORD=@@pass@@sympa@@p@@

18
secret.tmpl/env-sympaServ
View File

@@ -1,10 +1,10 @@
KEY="/etc/ssl/private/listes.key"
CERT="/etc/ssl/certs/listes.pem"
LISTMASTERS="listmaster@@@globalvar@@domain_sympa@@gv@@"
ADMINEMAIL="listmaster@@@globalvar@@domain_sympa@@gv@@"
SOAP_USER="@@user@@sympasoap@@u@@"
SOAP_PASSWORD="@@pass@@sympasoap@@p@@"
KEY=/etc/ssl/private/listes.key
CERT=/etc/ssl/certs/listes.pem
LISTMASTERS=listmaster@@@globalvar@@domain_sympa@@gv@@
ADMINEMAIL=listmaster@@@globalvar@@domain_sympa@@gv@@
SOAP_USER=@@user@@sympasoap@@u@@
SOAP_PASSWORD=@@pass@@sympasoap@@p@@
MYSQL_DATABASE="@@db@@sympa@@d@@"
MYSQL_USER="@@user@@sympa@@u@@"
MYSQL_PASSWORD="@@pass@@sympa@@p@@"
MYSQL_DATABASE=@@db@@sympa@@d@@
MYSQL_USER=@@user@@sympa@@u@@
MYSQL_PASSWORD=@@pass@@sympa@@p@@

4
secret.tmpl/env-traefik
View File

@@ -1,2 +1,2 @@
DASHBOARD_USER="@@user@@traefikdashboard@@u@@"
DASHBOARD_PASSWORD="@@pass@@traefikdashboard@@p@@"
DASHBOARD_USER=@@user@@traefikdashboard@@u@@
DASHBOARD_PASSWORD=@@pass@@traefikdashboard@@p@@

8
secret.tmpl/env-vaultwardenDB
View File

@@ -1,4 +1,4 @@
MYSQL_ROOT_PASSWORD="@@pass@@koffreroot@@p@@"
MYSQL_DATABASE="@@db@@koffre@@d@@"
MYSQL_USER="@@user@@koffre@@u@@"
MYSQL_PASSWORD="@@pass@@koffre@@p@@"
MYSQL_ROOT_PASSWORD=@@pass@@koffreroot@@p@@
MYSQL_DATABASE=@@db@@koffre@@d@@
MYSQL_USER=@@user@@koffre@@u@@
MYSQL_PASSWORD=@@pass@@koffre@@p@@

2
secret.tmpl/env-vaultwardenServ
View File

@@ -1,4 +1,4 @@
ADMIN_TOKEN=@@token@@koffre@@t@@
DATABASE_URL="mysql://@@user@@koffre@@u@@:@@pass@@koffre@@p@@@db/@@db@@koffre@@d@@"
DATABASE_URL=mysql://@@user@@koffre@@u@@:@@pass@@koffre@@p@@@db/@@db@@koffre@@d@@
SIGNUPS_DOMAINS_WHITELIST=

8
secret.tmpl/env-vigiloDB
View File

@@ -1,4 +1,4 @@
MYSQL_ROOT_PASSWORD="@@pass@@vigiloroot@@p@@"
MYSQL_DATABASE="@@db@@vigilo@@d@@"
MYSQL_USER="@@user@@vigilo@@u@@"
MYSQL_PASSWORD="@@pass@@vigilo@@p@@"
MYSQL_ROOT_PASSWORD=@@pass@@vigiloroot@@p@@
MYSQL_DATABASE=@@db@@vigilo@@d@@
MYSQL_USER=@@user@@vigilo@@u@@
MYSQL_PASSWORD=@@pass@@vigilo@@p@@

10
secret.tmpl/env-vigiloServ
View File

@@ -1,7 +1,7 @@
#BIND=
MYSQL_ROOT_PASSWORD="@@pass@@vigiloroot@@p@@"
MYSQL_DATABASE="@@db@@vigilo@@d@@"
MYSQL_USER="@@user@@vigilo@@u@@"
MYSQL_PASSWORD="@@pass@@vigilo@@p@@"
MYSQL_HOST="db"
MYSQL_ROOT_PASSWORD=@@pass@@vigiloroot@@p@@
MYSQL_DATABASE=@@db@@vigilo@@d@@
MYSQL_USER=@@user@@vigilo@@u@@
MYSQL_PASSWORD=@@pass@@vigilo@@p@@
MYSQL_HOST=db

8
secret.tmpl/env-wpDB
View File

@@ -1,7 +1,7 @@
MYSQL_ROOT_PASSWORD="@@pass@@wproot@@p@@"
MYSQL_DATABASE="@@db@@wp@@d@@"
MYSQL_USER="@@user@@wp@@u@@"
MYSQL_PASSWORD="@@pass@@wp@@p@@"
MYSQL_ROOT_PASSWORD=@@pass@@wproot@@p@@
MYSQL_DATABASE=@@db@@wp@@d@@
MYSQL_USER=@@user@@wp@@u@@
MYSQL_PASSWORD=@@pass@@wp@@p@@
#WP_MYSQL_USER=

12
secret.tmpl/env-wpServ
View File

@@ -1,8 +1,8 @@
# share with wpDB
WORDPRESS_DB_HOST="db:3306"
WORDPRESS_ADMIN_USER="@@user@@adminwp@@u@@"
WORDPRESS_ADMIN_PASSWORD="@@pass@@adminwp@@p@@"
WORDPRESS_DB_NAME="@@db@@wp@@d@@"
WORDPRESS_DB_USER="@@user@@wp@@u@@"
WORDPRESS_DB_PASSWORD="@@pass@@wp@@p@@"
WORDPRESS_DB_HOST=db:3306
WORDPRESS_ADMIN_USER=@@user@@adminwp@@u@@
WORDPRESS_ADMIN_PASSWORD=@@pass@@adminwp@@p@@
WORDPRESS_DB_NAME=@@db@@wp@@d@@
WORDPRESS_DB_USER=@@user@@wp@@u@@
WORDPRESS_DB_PASSWORD=@@pass@@wp@@p@@