fix castopod/firefox

KAZ_KEY_DIR
suppression de SetAllPass
2025-08-14 13:06:30 +02:00 · 2025-08-07 20:27:05 +02:00 · 2025-08-07 20:19:00 +02:00 · 2025-07-31 00:14:34 +02:00 · 2025-07-27 10:45:14 +02:00 · 2025-07-27 10:28:39 +02:00
16 changed files with 36 additions and 660 deletions
--- a/bin/createUser.py
+++ b/bin/createUser.py
@@ -1,5 +0,0 @@
 #!/usr/bin/python3
 from lib.user import create_users_from_file
 create_users_from_file()
--- a/bin/lib/config.py
+++ b/bin/lib/config.py
@@ -1,15 +0,0 @@
 DOCKERS_ENV = "/kaz/config/dockers.env"
 SECRETS = "/kaz/secret/env-{serv}"
 def getDockersConfig(key):
    with open(DOCKERS_ENV) as config:
        for line in config:
            if line.startswith(f"{key}="):
                return line.split("=", 1)[1].split("#")[0].strip()
 def getSecretConfig(serv, key):
    with open(SECRETS.format(serv=serv)) as config:
        for line in config:
            if line.startswith(f"{key}="):
                return line.split("=", 2)[1].split("#")[0].strip()
--- a/bin/lib/ldap.py
+++ b/bin/lib/ldap.py
@@ -1,101 +0,0 @@
 import ldap
 from passlib.hash import sha512_crypt
 from email_validator import validate_email, EmailNotValidError
 import subprocess
 from .config import getDockersConfig, getSecretConfig
 class Ldap:
    def __init__(self):
        self.ldap_connection = None
        self.ldap_root = getDockersConfig("ldap_root")
        self.ldap_admin_username = getSecretConfig("ldapServ", "LDAP_ADMIN_USERNAME")
        self.ldap_admin_password = getSecretConfig("ldapServ", "LDAP_ADMIN_PASSWORD")
        cmd="docker inspect -f '{{.NetworkSettings.Networks.ldapNet.IPAddress}}' ldapServ"
        self.ldap_host = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT).strip().decode()
    def __enter__(self):
        self.ldap_connection = ldap.initialize(f"ldap://{self.ldap_host}")
        self.ldap_connection.simple_bind_s("cn={},{}".format(self.ldap_admin_username, self.ldap_root), self.ldap_admin_password)
        return self
    def __exit__(self, tp, e, traceback):
        self.ldap_connection.unbind_s()
    def get_email(self, email):
        """
        Vérifier si un utilisateur avec cet email existe dans le LDAP soit comme mail principal soit comme alias
        """
        # Créer une chaîne de filtre pour rechercher dans les champs "cn" et "mailAlias"
        filter_str = "(|(cn={})(mailAlias={}))".format(email, email)
        result = self.ldap_connection.search_s("ou=users,{}".format(self.ldap_root), ldap.SCOPE_SUBTREE, filter_str)
        return result
    def delete_user(self, email):
        """
        Supprimer un utilisateur du LDAP par son adresse e-mail
        """
        try:
            # Recherche de l'utilisateur
            result = self.ldap_connection.search_s("ou=users,{}".format(self.ldap_root), ldap.SCOPE_SUBTREE, "(cn={})".format(email))
            if not result:
                return False  # Utilisateur non trouvé
            # Récupération du DN de l'utilisateur
            dn = result[0][0]
            # Suppression de l'utilisateur
            self.ldap_connection.delete_s(dn)
            return True  # Utilisateur supprimé avec succès
        except ldap.NO_SUCH_OBJECT:
            return False  # Utilisateur non trouvé
        except ldap.LDAPError as e:
            return False  # Erreur lors de la suppression
    def create_user(self, email, prenom, nom, password, email_secours, quota):
        """
        Créer une nouvelle entrée dans le LDAP pour un nouvel utilisateur. QUESTION: A QUOI SERVENT PRENOM/NOM/IDENT_KAZ DANS LE LDAP ? POURQUOI 3 QUOTA ?
        """
        password_chiffre = sha512_crypt.hash(password)
        if not validate_email(email) or not validate_email(email_secours):
            return False
        if self.get_email(email):
            return False
        # Construire le DN
        dn = f"cn={email},ou=users,{self.ldap_root}"
        mod_attrs = [
          ('objectClass', [b'inetOrgPerson', b'PostfixBookMailAccount', b'nextcloudAccount', b'kaznaute']),
          ('sn', f'{prenom} {nom}'.encode('utf-8')),
          ('mail', email.encode('utf-8')),
          ('mailEnabled', b'TRUE'),
          ('mailGidNumber', b'5000'),
          ('mailHomeDirectory', f"/var/mail/{email.split('@')[1]}/{email.split('@')[0]}/".encode('utf-8')),
          ('mailQuota', f'{quota}G'.encode('utf-8')),
          ('mailStorageDirectory', f"maildir:/var/mail/{email.split('@')[1]}/{email.split('@')[0]}/".encode('utf-8')),
          ('mailUidNumber', b'5000'),
          ('mailDeSecours', email_secours.encode('utf-8')),
          ('identifiantKaz', f'{prenom.lower()}.{nom.lower()}'.encode('utf-8')),
          ('quota', str(quota).encode('utf-8')),
          ('nextcloudEnabled', b'TRUE'),
          ('nextcloudQuota', f'{quota} GB'.encode('utf-8')),
          ('mobilizonEnabled', b'TRUE'),
          ('agoraEnabled', b'TRUE'),
          ('userPassword', f'{{CRYPT}}{password_chiffre}'.encode('utf-8')),
          ('cn', email.encode('utf-8'))
        ]
        self.ldap_connection.add_s(dn, mod_attrs)
        return True
--- a/bin/lib/mattermost.py
+++ b/bin/lib/mattermost.py
@@ -1,122 +0,0 @@
 import subprocess
 from .config import getDockersConfig, getSecretConfig
 mattermost_user = getSecretConfig("mattermostServ", "MM_ADMIN_USER")
 mattermost_pass = getSecretConfig("mattermostServ", "MM_ADMIN_PASSWORD")
 mattermost_url = f"https://{getDockersConfig('matterHost')}.{getDockersConfig('domain')}"
 mmctl = "docker exec -i mattermostServ bin/mmctl"
 class Mattermost:
    def __init__(self):
        self.authenticate()
    def authenticate(self):
         # Authentification sur MM
         cmd = f"{mmctl} auth login {mattermost_url} --name local-server --username {mattermost_user} --password {mattermost_pass}"
         subprocess.run(cmd, shell=True, stderr=subprocess.STDOUT, check=True)
    def post_message(self, message, equipe="kaz", canal="creation-comptes"):
        """
        Envoyer un message dans une Equipe/Canal de MM
        """
        cmd = f"{mmctl} post create {equipe}:{canal} --message \"{message}\""
        output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
        return output.decode()
    def get_user(self, user):
        """
        Le user existe t-il sur MM ?
        """
        try:
            cmd = f"{mmctl} user search {user} --json"
            user_list_output = subprocess.check_output(cmd, shell=True)
            return True  # Le nom d'utilisateur existe
        except subprocess.CalledProcessError:
            return False
    def create_user(self, user, email, password):
        """
        Créer un utilisateur sur MM
        """
        cmd = f"{mmctl} user create --email {email} --username {user} --password {password}"
        output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
        return output.decode()
    def delete_user(self, email):
        """
        Supprimer un utilisateur sur MM
        """
        cmd = f"{mmctl} user delete {email} --confirm"
        output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
        return output.decode()
    def update_password(self, email, new_password):
        """
        Changer un password pour un utilisateur de MM
        """
        cmd = f"{mmctl} user change-password {email} --password {new_password}"
        output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
        return output.decode()
    def add_user_to_team(self, email, equipe):
        """
        Affecte un utilisateur à une équipe MM
        """
        cmd = f"{mmctl} team users add {equipe} {email}"
        output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
        return output.decode()
    def add_user_to_channel(self, email, equipe, canal):
        """
        Affecte un utilisateur à un canal MM
        """
        cmd = f'{mmctl} channel users add {equipe}:{canal} {email}'
        output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
        return output.decode()
    def get_teams(self):
        """
        Lister les équipes sur MM
        """
        cmd = f"{mmctl} team list --disable-pager"
        output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
        data_list = output.decode("utf-8").strip().split('\n')
        data_list.pop()
        return data_list
    def create_team(self, equipe, email):
        """
        Créer une équipe sur MM et affecter un admin si email est renseigné (set admin marche pô)
        """
        #DANGER: l'option --email ne rend pas le user admin de l'équipe comme c'est indiqué dans la doc :(
        cmd = f"{mmctl} team create --name {equipe} --display-name {equipe} --private --email {email}"
        output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
        #Workaround: on récup l'id du user et de l'équipe pour affecter le rôle "scheme_admin": true, "scheme_user": true avec l'api MM classique.
        #TODO:
        return output.decode()
    def delete_team(self, equipe):
        """
        Supprimer une équipe sur MM
        """
        cmd = f"{mmctl} team delete {equipe} --confirm"
        output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
        return output.decode()
--- a/bin/lib/paheko.py
+++ b/bin/lib/paheko.py
@@ -1,134 +0,0 @@
 import re
 import requests
 from .config import getDockersConfig, getSecretConfig
 paheko_ident = getDockersConfig("paheko_API_USER")
 paheko_pass = getDockersConfig("paheko_API_PASSWORD")
 paheko_auth = (paheko_ident, paheko_pass)
 paheko_url = f"https://kaz-paheko.{getDockersConfig('domain')}"
 class Paheko:
    def get_categories(self):
        """
        Récupérer les catégories Paheko avec le compteur associé
        """
        api_url = paheko_url + '/api/user/categories'
        response = requests.get(api_url, auth=paheko_auth)
        if response.status_code == 200:
            data = response.json()
            return data
        else:
            return None
    def get_users_in_categorie(self,categorie):
        """
        Afficher les membres d'une catégorie Paheko
        """
        if not categorie.isdigit():
            return 'Id de category non valide', 400
        api_url = paheko_url + '/api/user/category/'+categorie+'.json'
        response = requests.get(api_url, auth=paheko_auth)
        if response.status_code == 200:
            data = response.json()
            return data
        else:
            return None
    def get_user(self,ident):
        """
        Afficher un membre de Paheko par son email kaz ou son numéro ou le non court de l'orga
        """
        emailmatchregexp = re.compile(r"^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$")
        if emailmatchregexp.match(ident):
          data = { "sql": f"select * from users where email='{ident}' or alias = '{ident}'" }
          api_url = paheko_url + '/api/sql/'
          response = requests.post(api_url, auth=paheko_auth,  data=data)
          #TODO: if faut Rechercher count et vérifier que = 1 et supprimer le count=1 dans la réponse
        elif  ident.isdigit():
          api_url = paheko_url + '/api/user/'+ident
          response = requests.get(api_url, auth=paheko_auth)
        else:
          nomorga = re.sub(r'\W+', '', ident) # on vire les caractères non alphanumérique
          data = { "sql": f"select * from users where admin_orga=1 and nom_orga='{nomorga}'" }
          api_url = paheko_url + '/api/sql/'
          response = requests.post(api_url, auth=paheko_auth,  data=data)
          #TODO:if faut Rechercher count et vérifier que = 1  et supprimer le count=1 dans la réponse
        if response.status_code == 200:
            data = response.json()
            if data["count"] == 1:
                 return data["results"][0]
            elif data["count"] == 0:
                 return None
            else:
                 return data["results"]
        else:
            return None
    def set_user(self,ident,field,new_value):
        """
        Modifie la valeur d'un champ d'un membre paheko (ident= numéro paheko ou email kaz)
        """
        #récupérer le numero paheko si on fournit un email kaz
        emailmatchregexp = re.compile(r"^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$")
        if emailmatchregexp.match(ident):
          data = { "sql": f"select id from users where email='{ident}'" }
          api_url = paheko_url + '/api/sql/'
          response = requests.post(api_url, auth=paheko_auth, data=data)
          if response.status_code == 200:
              #on extrait l'id de la réponse
              data = response.json()
              if data['count'] == 0:
                print("email non trouvé")
                return None
              elif data['count'] > 1:
                  print("trop de résultat")
                  return None
              else:
                #OK
                ident = data['results'][0]['id']
          else:
              print("pas de résultat")
              return None
        elif not ident.isdigit():
           print("Identifiant utilisateur invalide")
           return None
        regexp = re.compile("[^a-zA-Z0-9 \\r\\n\\t" + re.escape(string.punctuation) + "]")
        valeur = regexp.sub('',new_value) # mouais, il faudrait être beaucoup plus précis ici en fonction des champs qu'on accepte...
        champ = re.sub(r'\W+','',field) # pas de caractères non alphanumériques ici, dans l'idéal, c'est à choisir dans une liste plutot
        api_url = paheko_url + '/api/user/'+str(ident)
        payload = {champ: valeur}
        response = requests.post(api_url, auth=paheko_auth, data=payload)
        return response.json()
    def get_users_with_action(self, action):
        """
        retourne tous les membres de paheko avec une action à mener (création du compte kaz / modification...)
        """
        api_url = paheko_url + '/api/sql/'
        payload = { "sql": f"select * from users where action_auto='{action}'" }
        response = requests.post(api_url, auth=paheko_auth,  data=payload)
        if response.status_code == 200:
            return response.json()
        else:
            return None
--- a/bin/lib/sympa.py
+++ b/bin/lib/sympa.py
@@ -1,37 +0,0 @@
 import subprocess
 from .config import getDockersConfig, getSecretConfig
 sympa_user = getSecretConfig("sympaServ", "SOAP_USER")
 sympa_pass = getSecretConfig("sympaServ", "SOAP_PASSWORD")
 sympa_listmaster = getSecretConfig("sympaServ", "ADMINEMAIL")
 sympa_url = f"https://{getDockersConfig('sympaHost')}.{getDockersConfig('domain')}"
 sympa_soap = "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl"
 sympa_liste_info = f"info@{getDockersConfig('domain_sympa')}"
 # docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\""  | tee -a "${CMD_SYMPA}"
 class Sympa:
    def _execute_sympa_command(self, email, liste, service):
        if validate_email(email) and validate_email(liste):
            cmd = f'{sympa_soap} --soap_url={sympa_url}/sympasoap --trusted_application={sympa_user} --trusted_application_password={sympa_pass} --proxy_vars=USER_EMAIL={sympa_listmaster} --service={service} --service_parameters="{liste},{email}" && echo $?'
            output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
            return output.decode()
    def add_email_to_list(self, email, liste=sympa_liste_info):
        """
        Ajouter un email dans une liste sympa
        """
        output = self._execute_sympa_command(email, liste, 'add')
        return output
    def delete_email_from_list(self, email, liste=sympa_liste_info):
        """
        Supprimer un email dans une liste sympa
        """
        output = self._execute_sympa_command(email, liste, 'del')
        return output
--- a/bin/lib/user.py
+++ b/bin/lib/user.py
@@ -1,191 +0,0 @@
 from email_validator import validate_email, EmailNotValidError
 from glob import glob
 import tempfile
 import subprocess
 import re
 from .paheko import Paheko
 from .ldap import Ldap
 from .mattermost import Mattermost
 DEFAULT_FILE = "/kaz/tmp/createUser.txt"
 def _generate_password(self):
    cmd="apg -n 1 -m 10 -M NCL -d"
    output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
    new_password="_"+output.decode("utf-8")+"_"
    return new_password
 def create_user(email, email_secours, admin_orga, nom_orga, quota_disque, nom, prenom, nc_orga, garradin_orga, wp_orga, agora_orga, wiki_orga, nc_base, groupe_nc_base, equipe_agora, password=None):
    email = email.lower()
    with Ldap() as ldap:
        # est-il déjà dans le ldap ? (mail ou alias)
        if ldap.get_email(email):
            print(f"ERREUR 1: {email} déjà existant dans ldap. on arrête tout")
            return None
        #test nom orga
        if admin_orga == 1:
          if nom_orga is None:
              print(f"ERREUR 0 sur paheko: {email} : nom_orga vide, on arrête tout")
              return
          if not bool(re.match(r'^[a-z0-9-]+$', nom_orga)):
              print(f"ERREUR 0 sur paheko: {email} : nom_orga ({tab['nom_orga']}) incohérent (minuscule/chiffre/-), on arrête tout")
              return
        #test email_secours
        email_secours = email_secours.lower()
        if not validate_email(email_secours):
            print("Mauvais email de secours")
            return
        #test quota
        quota = quota_disque
        if not quota.isdigit():
            print(f"ERREUR 2: quota non numérique : {quota}, on arrête tout")
            return
        #on génère un password
        password = password or _generate_password()
        #on créé dans le ldap
        #à quoi servent prenom/nom dans le ldap ?
        data = {
          "prenom": prenom,
          "nom": nom,
          "password": password,
          "email_secours": email_secours,
          "quota": quota
        }
        if not ldap.create_user(email, **data):
            print("Erreur LDAP")
            return
    with Mattermost() as mm:
        #on créé dans MM
        user = email.split('@')[0]
        mm.create_user(user, email, password)
        mm.add_user_to_team(email, "kaz")
        #et aux 2 canaux de base
        mm.add_user_to_channel(email, "kaz", "une-question--un-soucis")
        mm.add_user_to_channel(email, "kaz", "cafe-du-commerce--ouvert-2424h")
        #on créé une nouvelle équipe ds MM si besoin
        if admin_orga == 1:
          mm.create_team(nom_orga, email)
          #BUG: créer la nouvelle équipe n'a pas rendu l'email admin, on le rajoute comme membre simple
          mm.add_user_to_team(email, nom_orga)
    # #on inscrit email et email_secours à la nl sympa_liste_info
    # res, status_code = self.sympa_user_resource.post(email,sympa_liste_info)
    # if status_code != 200: raise ValueError(f"ERREUR 9 sur Sympa: {email} : {res}, on arrête tout ")
    # res, status_code = self.sympa_user_resource.post(email_secours,sympa_liste_info)
    # if status_code != 200: raise ValueError(f"ERREUR 10 sur Sympa: {email_secours} : {res}, on arrête tout ")
    #
    # #on construit/envoie le mail
    # context = {
    # 'ADMIN_ORGA': tab['admin_orga'],
    # 'NOM': tab['nom'],
    # 'EMAIL_SOUHAITE': email,
    # 'PASSWORD': password,
    # 'QUOTA': tab['quota_disque'],
    # 'URL_WEBMAIL': webmail_url,
    # 'URL_AGORA': mattermost_url,
    # 'URL_MDP': mdp_url,
    # 'URL_LISTE': sympa_url,
    # 'URL_SITE': site_url,
    # 'URL_CLOUD': cloud_url
    # }
    # subject="KAZ: confirmation d'inscription !"
    # sender=app.config['MAIL_USERNAME']
    # reply_to = app.config['MAIL_REPLY_TO']
    # msg = Message(subject=subject, sender=sender, reply_to=reply_to, recipients=[email,email_secours])
    # msg.html = render_template('email_inscription.html', **context)
    # mail.send(msg)
    #on met le flag paheko action à Aucune
    # paheko = Paheko()
    # paheko.set_user(email, "action_auto", "Aucune")
    #on post sur MM pour dire ok
    with Mattermost() as mm:
        msg=f"**POST AUTO** Inscription réussie pour {email} avec le secours {email_secours} Bisou!"
        mm.post_message(message=msg)
 def create_waiting_users():
    """
    Créé les kaznautes en attente: inscription sur MM / Cloud / email + msg sur MM + email à partir de action="a créer" sur paheko
    """
    #verrou pour empêcher de lancer en même temps la même api
    prefixe="create_user_lock_"
    if glob(f"{tempfile.gettempdir()}/{prefixe}*"):
        print("Lock présent")
        return None
    lock_file = tempfile.NamedTemporaryFile(prefix=prefixe,delete=True)
    #qui sont les kaznautes à créer ?
    paheko = Paheko()
    liste_kaznautes = paheko.get_users_with_action("A créer")
    if liste_kaznautes:
        count=liste_kaznautes['count']
        if count==0:
            print("aucun nouveau kaznaute à créer")
            return
        #au moins un kaznaute à créer
        for tab in liste_kaznautes['results']:
          create_user(**tab)
    print("fin des inscriptions")
 def create_users_from_file(file=DEFAULT_FILE):
    """
    Créé les kaznautes en attente: inscription sur MM / Cloud / email + msg sur MM + email à partir du ficher
    """
    #verrou pour empêcher de lancer en même temps la même api
    prefixe="create_user_lock_"
    if glob(f"{tempfile.gettempdir()}/{prefixe}*"):
        print("Lock présent")
        return None
    lock_file = tempfile.NamedTemporaryFile(prefix=prefixe,delete=True)
    #qui sont les kaznautes à créer ?
    liste_kaznautes = []
    with open(file) as lines:
        for line in lines:
            line = line.strip()
            if not line.startswith("#") and line != "":
                user_data = line.split(';')
                user_dict = {
                    "nom": user_data[0],
                    "prenom": user_data[1],
                    "email": user_data[2],
                    "email_secours": user_data[3],
                    "nom_orga": user_data[4],
                    "admin_orga": user_data[5],
                    "nc_orga": user_data[6],
                    "garradin_orga": user_data[7],
                    "wp_orga": user_data[8],
                    "agora_orga": user_data[9],
                    "wiki_orga": user_data[10],
                    "nc_base": user_data[11],
                    "groupe_nc_base": user_data[12],
                    "equipe_agora": user_data[13],
                    "quota_disque": user_data[14],
                    "password": user_data[15],
                }
                liste_kaznautes.append(user_dict)
    if liste_kaznautes:
        for tab in liste_kaznautes:
          create_user(**tab)
    print("fin des inscriptions")
--- a/bin/scriptBorg.sh
+++ b/bin/scriptBorg.sh
@@ -17,9 +17,13 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
 . $KAZ_ROOT/bin/.commonFunctions.sh
 setKazVars
 . $DOCKERS_ENV
-. $KAZ_ROOT/secret/SetAllPass.sh
+. ${KAZ_KEY_DIR}/env-borg
-
+# Si la variable SCRIPTBORG est renseignée avec un fichier on le source 
-VERSION="V-10-03-2025"
+if [ ! -z ${SCRIPTBORG} ]
 then
 	[ -f ${SCRIPTBORG} ] && . ${SCRIPTBORG}
 fi
 VERSION="V-07-08-2025"
 PRG=$(basename $0)
 RACINE=$(echo $PRG | awk '{print $1}')
 #IFS=' '
--- a/bin/updateDockerPassword.sh
+++ b/bin/updateDockerPassword.sh
@@ -84,7 +84,6 @@ jirafeauUpdate(){
 updateEnvDB "etherpad" "${KAZ_KEY_DIR}/env-${etherpadDBName}" "${etherpadDBName}"
 updateEnvDB "framadate" "${KAZ_KEY_DIR}/env-${framadateDBName}" "${framadateDBName}"
 updateEnvDB "gitea" "${KAZ_KEY_DIR}/env-${gitDBName}" "${gitDBName}"
 updateEnvDB "mattermost" "${KAZ_KEY_DIR}/env-${mattermostDBName}" "${mattermostDBName}"
 updateEnvDB "nextcloud" "${KAZ_KEY_DIR}/env-${nextcloudDBName}" "${nextcloudDBName}"
 updateEnvDB "roundcube" "${KAZ_KEY_DIR}/env-${roundcubeDBName}" "${roundcubeDBName}"
 updateEnvDB "sympa" "${KAZ_KEY_DIR}/env-${sympaDBName}" "${sympaDBName}"
@@ -103,6 +102,7 @@ updateEnv "gandi" "${KAZ_KEY_DIR}/env-gandi"
 updateEnv "gitea" "${KAZ_KEY_DIR}/env-${gitServName}"
 updateEnv "jirafeau" "${KAZ_KEY_DIR}/env-${jirafeauServName}"
 updateEnv "mattermost" "${KAZ_KEY_DIR}/env-${mattermostServName}"
 updateEnv "mattermost" "${KAZ_KEY_DIR}/env-${mattermostDBName}"
 updateEnv "nextcloud" "${KAZ_KEY_DIR}/env-${nextcloudServName}"
 updateEnv "office" "${KAZ_KEY_DIR}/env-${officeServName}"
 updateEnv "roundcube" "${KAZ_KEY_DIR}/env-${roundcubeServName}"
--- a/config/dockers.tmpl.env
+++ b/config/dockers.tmpl.env
@@ -101,7 +101,7 @@ snappymailHost=snappymail
 ########################################
 # ports internes
-matterPort=8000
+matterPort=8065
 imapsyncPort=8080
 apikaz=5000
--- a/dockers/mattermost/first.sh
+++ b/dockers/mattermost/first.sh
@@ -11,3 +11,7 @@ cd $(dirname $0)
 "${KAZ_BIN_DIR}/gestContainers.sh" --install -M -agora
 docker exec ${mattermostServName} mmctl auth login https://${matterHost}.${domain} --name local-server --username ${mattermost_MM_ADMIN_USER} --password ${mattermost_MM_ADMIN_PASSWORD}
 docker exec ${mattermostServName} mmctl channel create --team kaz --name "une-question--un-soucis" --display-name "Une question ? Un souci ?"
 docker exec ${mattermostServName} mmctl channel create --team kaz --name "cafe-du-commerce--ouvert-2424h" --display-name "Café du commerce"
 docker exec ${mattermostServName} mmctl channel create --team kaz --name "creation-comptes" --display-name "Création comptes"
--- a/dockers/roundcube/docker-compose.yml
+++ b/dockers/roundcube/docker-compose.yml
@@ -1,7 +1,7 @@
 services:
  app:
-    image: roundcube/roundcubemail:1.6.9-apache
+    image: roundcube/roundcubemail
    container_name: ${roundcubeServName}
    restart: ${restartPolicy}
    depends_on:
--- a/dockers/traefik/docker-compose.tmpl.yml.dist
+++ b/dockers/traefik/docker-compose.tmpl.yml.dist
@@ -23,6 +23,7 @@ services:
      - TRAEFIK_ENTRYPOINTS_websecure_HTTP_TLS_CERTRESOLVER=letsencrypt
      - TRAEFIK_ENTRYPOINTS_websecure_HTTP_MIDDLEWARES=hsts@file,test-ipallowlist@file
      - TRAEFIK_ENTRYPOINTS_websecure_TRANSPORT_RESPONDINGTIMEOUTS_READTIMEOUT=600
      - TRAEFIK_ENTRYPOINTS_websecure_TRANSPORT_RESPONDINGTIMEOUTS_IDLETIMEOUT=600
      - TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_EMAIL=admin@${domain}
      - TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_CASERVER=${acme_server}
      - TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_STORAGE=/letsencrypt/acme.json
@@ -34,7 +35,7 @@ services:
      - TZ=Europe/Paris
      - TRAEFIK_ACCESSLOG=true
      - TRAEFIK_ACCESSLOG_FILEPATH=/log/traefik_acces.log
-      - TRAEFIK_ACCESSLOG_FILTERS_STATUSCODES=404,403,401      
+      - TRAEFIK_ACCESSLOG_FILTERS_STATUSCODES=404,403,401
      - TRAEFIK_LOG=true
      - TRAEFIK_LOG_LEVEL=INFO
      - TRAEFIK_LOG_FILEPATH=/log/traefik.log
@@ -226,13 +227,13 @@ networks:
 }}
 {{peertube
  peertubeNet:
-    external:true
+    external: true
-    name:peertubeNet
+    name: peertubeNet
 }}
 {{spip
  spipNet:
-    external:true
+    external: true
-    name:spipNet
+    name: spipNet
 }}
--- a/secret.tmpl/SetAllPass.sh
+++ b/secret.tmpl/SetAllPass.sh
@@ -48,30 +48,18 @@ gandi_dns_gandi_api_key="${gandi_GANDI_KEY}"
 ####################
 # mattermost
-mattermost_MYSQL_ROOT_PASSWORD="--clean_val--"
+mattermost_POSTGRES_USER="mattermost"
-mattermost_MYSQL_DATABASE="--clean_val--"
+mattermost_POSTGRES_PASSWORD="--clean_val--"
-mattermost_MYSQL_USER="--clean_val--"
+mattermost_POSTGRES_DB="mattermost"
 mattermost_MYSQL_PASSWORD="--clean_val--"
-# Share with mattermostDB
+mattermost_MM_ADMIN_EMAIL="${matterHost}@${domain}"
-mattermost_MM_DBNAME="${mattermost_MYSQL_DATABASE}"
+mattermost_MM_ADMIN_USER="admin-mattermost"
-mattermost_MM_USERNAME="${mattermost_MYSQL_USER}"
+mattermost_MM_ADMIN_PASSWORD="--clean_val--@"
-mattermost_MM_PASSWORD="${mattermost_MYSQL_PASSWORD}"
+mattermost_MM_SQLSETTINGS_DATASOURCE="postgres://${mattermost_POSTGRES_USER}:${mattermost_POSTGRES_PASSWORD}@postgres:5432/${mattermost_POSTGRES_DB}?sslmode=disable&connect_timeout=10"
 mattermost_DB_PORT_NUMBER="3306"
 mattermost_DB_HOST="db"
 mattermost_MM_SQLSETTINGS_DRIVERNAME="mysql"
 mattermost_MM_ADMIN_EMAIL="admin@kaz.bzh"
 # mattermost_MM_SQLSETTINGS_DATASOURCE = "MM_USERNAME:MM_PASSWORD@tcp(DB_HOST:DB_PORT_NUMBER)/MM_DBNAME?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s"
 # Don't forget to replace all entries (beginning by MM_ and DB_) in MM_SQLSETTINGS_DATASOURCE with the real variables values.
 mattermost_MM_SQLSETTINGS_DATASOURCE="${mattermost_MYSQL_USER}:${mattermost_MYSQL_PASSWORD}@tcp(${mattermost_DB_HOST}:${mattermost_DB_PORT_NUMBER})/${mattermost_MM_DBNAME}?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s"
 # sinon avec postgres
 # mattermost_MM_SQLSETTINGS_DATASOURCE = "postgres://${MM_USERNAME}:${MM_PASSWORD}@db:5432/${MM_DBNAME}?sslmode=disable&connect_timeout=10"
 # pour envoyer des messages sur l'agora avec mmctl
-mattermost_user="admin-mattermost"
+mattermost_user="${mattermost_MM_ADMIN_USER}"
-mattermost_pass="--clean_val--"
+mattermost_pass="${mattermost_MM_ADMIN_PASSWORD}"
 mattermost_token="xxx-private"
 ##################
@@ -159,8 +147,8 @@ sympa_MYSQL_DATABASE="sympa"
 sympa_MYSQL_USER="sympa"
 sympa_MYSQL_PASSWORD="--clean_val--"
-sympa_KEY="/etc/letsencrypt/live/${domain}/privkey.pem"
+sympa_KEY="/etc/ssl/private/listes.key"
-sympa_CERT="/etc/letsencrypt/live/${domain}/fullchain.pem"
+sympa_CERT="/etc/ssl/certs/listes.pem"
 sympa_LISTMASTERS="listmaster@${domain_sympa}"
 sympa_ADMINEMAIL="listmaster@${domain_sympa}"
 sympa_SOAP_USER="sympa"
--- a/secret.tmpl/env-mattermostDB
+++ b/secret.tmpl/env-mattermostDB
@@ -1,8 +1,3 @@
-
+POSTGRES_USER=
-MYSQL_ROOT_PASSWORD=
+POSTGRES_PASSWORD=
-MYSQL_DATABASE=
+POSTGRES_DB=
 MYSQL_USER=
 MYSQL_PASSWORD=
 MM_MYSQL_USER=
 MM_MYSQL_PASSWORD=
--- a/secret.tmpl/env-mattermostServ
+++ b/secret.tmpl/env-mattermostServ
@@ -1,15 +1,4 @@
-
+MM_SQLSETTINGS_DATASOURCE=
 # share with matterDB
 MM_DBNAME=
 MM_USERNAME=
 MM_PASSWORD=
 MM_ADMIN_EMAIL=
 MM_ADMIN_USER=
-MM_ADMIN_PASSWORD=
+MM_ADMIN_PASSWORD=
 DB_HOST=
 DB_PORT_NUMBER=
 MM_SQLSETTINGS_DRIVERNAME=
 MM_SQLSETTINGS_DATASOURCE=
Author	SHA1	Message	Date
Fanch	98cc875611	fix castopod/firefox	2025-08-14 13:06:30 +02:00
didier	618f22db6b	KAZ_KEY_DIR	2025-08-07 20:27:05 +02:00
didier	290c6fe360	suppression de SetAllPass	2025-08-07 20:19:00 +02:00
Gael	3b5d01d5df	yaml veut des espaces	2025-07-31 00:14:34 +02:00
didier	3a3c4f4d0c	version a jourt de roundcube	2025-07-27 10:45:14 +02:00
Fanch	898d6a652d	Revert "modif docker compose pour avoir la dernière version de roundcube" This reverts commit `3bf952b57f`.	2025-07-27 10:28:39 +02:00
didier	3bf952b57f	modif docker compose pour avoir la dernière version de roundcube	2025-07-27 09:47:27 +02:00
Fanch	70442f6464	fix fix	2025-07-26 17:59:16 +02:00
Fanch	33f793fcbe	fix cert sympa	2025-07-26 17:51:13 +02:00
Fanch	813e0e761f	typo	2025-07-26 15:41:38 +02:00
Fanch	2e62e9782e	mattermost canal creation comptes	2025-07-26 15:40:15 +02:00
Fanch	fc4adc0fae	mattermost first launch	2025-07-26 15:32:54 +02:00
Fanch	74812fa79a	mattermost admin user/pass	2025-07-26 14:45:27 +02:00
Fanch	3220d862a6	fix mattermost	2025-07-26 13:52:15 +02:00
Fanch	1936326535	fix default matterport	2025-07-25 15:52:47 +02:00
Fanch	a630e47bfe	fix mattermost pgsql	2025-07-25 15:10:43 +02:00