missing .env

Il faut créer le dossier secret pour chaque orga ! (cas de maj du docker-compose après ajout de service)
Quelques appels restants + script de migration
2025-07-31 14:33:47 +02:00 · 2025-07-31 14:18:57 +02:00 · 2025-07-31 06:16:36 +02:00 · 2025-07-31 05:36:32 +02:00 · 2025-07-31 05:05:13 +02:00 · 2025-07-31 05:04:29 +02:00
127 changed files with 1034 additions and 2371 deletions
--- a/bin/applyTemplate.sh
+++ b/bin/applyTemplate.sh
@@ -16,7 +16,6 @@ KAZ_ROOT=$(cd "$(dirname $0)/.."; pwd)
 setKazVars
 . "${DOCKERS_ENV}"
 . "${KAZ_KEY_DIR}/SetAllPass.sh"
 usage () {
    echo $(basename "$0") " [-h] [-help] [-timestamp] template dst"
@@ -64,8 +63,8 @@ done
 	-e "s|__DOKUWIKI_HOST__|${dokuwikiHost}|g"\
 	-e "s|__DOMAIN__|${domain}|g"\
 	-e "s|__FILE_HOST__|${fileHost}|g"\
-	-e "s|__PAHEKO_API_PASSWORD__|${paheko_API_PASSWORD}|g"\
+#	-e "s|__PAHEKO_API_PASSWORD__|${paheko_API_PASSWORD}|g"\
-	-e "s|__PAHEKO_API_USER__|${paheko_API_USER}|g"\
+#	-e "s|__PAHEKO_API_USER__|${paheko_API_USER}|g"\
 	-e "s|__PAHEKO_HOST__|${pahekoHost}|g"\
 	-e "s|__GIT_HOST__|${gitHost}|g"\
 	-e "s|__GRAV_HOST__|${gravHost}|g"\
@@ -79,9 +78,9 @@ done
 	-e "s|__SMTP_HOST__|${smtpHost}|g"\
 	-e "s|__SYMPADB__|${sympaDBName}|g"\
 	-e "s|__SYMPA_HOST__|${sympaHost}|g"\
-	-e "s|__SYMPA_MYSQL_DATABASE__|${sympa_MYSQL_DATABASE}|g"\
+#	-e "s|__SYMPA_MYSQL_DATABASE__|${sympa_MYSQL_DATABASE}|g"\
-	-e "s|__SYMPA_MYSQL_PASSWORD__|${sympa_MYSQL_PASSWORD}|g"\
+#	-e "s|__SYMPA_MYSQL_PASSWORD__|${sympa_MYSQL_PASSWORD}|g"\
-	-e "s|__SYMPA_MYSQL_USER__|${sympa_MYSQL_USER}|g"\
+#	-e "s|__SYMPA_MYSQL_USER__|${sympa_MYSQL_USER}|g"\
 	-e "s|__VIGILO_HOST__|${vigiloHost}|g"\
 	-e "s|__WEBMAIL_HOST__|${webmailHost}|g"\
 	-e "s|__CASTOPOD_HOST__|${castopodHost}|g"\
--- a/bin/certbot-dns-alwaysdata.sh
+++ b/bin/certbot-dns-alwaysdata.sh
@@ -2,9 +2,10 @@
 # certbot certonly --manual --preferred-challenges=dns --manual-auth-hook certbot-dns-alwaysdata.sh --manual-cleanup-hook certbot-dns-alwaysdata.sh -d "*.kaz.bzh" -d "kaz.bzh"
-ALWAYSDATA_TOKEN="TOKEN"
+export KAZ_ROOT=$(cd "$(dirname $0)/.."; pwd)
-ALWAYSDATA_ACCOUNT="ACCOUNT"
+. "${KAZ_ROOT}/bin/.commonFunctions.sh"
-ALWAYSDATA_API="https://api.alwaysdata.com/v1/"
+setKazVars
 . $KAZ_KEY_DIR/env-alwaysdata
 DOMAIN_ID=$(curl -s -X GET --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" ${ALWAYSDATA_API}/domain/?name=${CERTBOT_DOMAIN} | jq '.[0].id')
--- a/bin/checkEnvFiles.sh
+++ b/bin/checkEnvFiles.sh
@@ -6,8 +6,6 @@ setKazVars
 RUN_PASS_DIR="secret"
 TMPL_PASS_DIR="secret.tmpl"
 RUN_PASS_FILE="${RUN_PASS_DIR}/SetAllPass.sh"
 TMPL_PASS_FILE="${TMPL_PASS_DIR}/SetAllPass.sh"
 NEED_GEN=
 ########################################
@@ -48,7 +46,12 @@ getVars () {
 # get lvalues in script
 getSettedVars () {
    # $1 : filename
-    grep "^[^#]*=..*" $1 | grep -v '^[^#]*=".*--clean_val--.*"' | grep -v '^[^#]*="${' | sort -u
+	grep -E "^[^=#]*(USER|PASS|TOKEN|DATABASE|ACCOUNT|LOGIN|KEY)[^#]*=..*" ./* |  grep -vE '^[^#=]*=.*@@(user|pass|db|token|gv|cv)@@.*' | sort -u
 }
 getUnsettedVars () {
    # $1 : filename
 	grep -vE '^[^#=]*=.*@@(user|pass|db|token|gv|cv)@@.*' ./* | sort -u
 }
 getVarFormVal () {
@@ -57,60 +60,6 @@ getVarFormVal () {
    grep "^[^#]*=$1" $2 | sed 's/\s*\([^=]*\).*/\1/'
 }
 ########################################
 # synchronized SetAllPass.sh (find missing lvalues)
 updatePassFile () {
    # $1 : ref filename
    # $2 : target filename
    REF_FILE="$1"
    TARGET_FILE="$2"
    NEED_UPDATE=
    while : ; do
 	declare -a listRef listTarget missing
 	listRef=($(getVars "${REF_FILE}"))
 	listTarget=($(getVars "${TARGET_FILE}"))
 	missing=($(comm -23 <(printf "%s\n" ${listRef[@]}) <(printf "%s\n" ${listTarget[@]})))
 	if [ -n "${missing}" ]; then
 	    echo "missing vars in  ${YELLOW}${BOLD}${TARGET_FILE}${NC}:${RED}${BOLD}" ${missing[@]} "${NC}"
 	    read -p "Do you want to add them? [y/n]: " yn
            case $yn in
 		""|[Yy]*)
 		    emacs "${REF_FILE}" "${TARGET_FILE}"
 		    NEED_UPDATE=true
 		    break
 		    ;;
 		[Nn]*)
 		    break
 		    ;;
 	    esac
 	else
 	    break
 	fi
    done
 }
 updatePassFile "${TMPL_PASS_FILE}" "${RUN_PASS_FILE}"
 [ -n "${NEED_UPDATE}" ] && NEED_GEN=true
 updatePassFile "${RUN_PASS_FILE}" "${TMPL_PASS_FILE}"
 ########################################
 # check empty pass in TMPL_PASS_FILE
 declare -a settedVars
 settedVars=($(getSettedVars "${TMPL_PASS_FILE}"))
 if [ -n "${settedVars}" ]; then
    echo "unclear password in  ${YELLOW}${BOLD}${TMPL_PASS_FILE}${NC}:${BLUE}${BOLD}"
    for var in ${settedVars[@]}; do
 	echo -e "\t${var}"
    done
    echo "${NC}"
    read -p "Do you want to clear them? [y/n]: " yn
    case $yn in
 	""|[Yy]*)
 	    emacs "${TMPL_PASS_FILE}"
 	    ;;
    esac
 fi
 ########################################
 # check new files env-*
@@ -146,7 +95,7 @@ createMissingEnv "${TMPL_PASS_DIR}" "${RUN_PASS_DIR}"
 declare -a listTmpl listRun listCommonFiles
 listTmplFiles=($(cd "${TMPL_PASS_DIR}"; ls -1 env-* | grep -v '~$'))
 listRunFiles=($(cd "${RUN_PASS_DIR}"; ls -1 env-* | grep -v '~$'))
-listCommonFiles=($(comm -3 <(printf "%s\n" ${listTmplFiles[@]}) <(printf "%s\n" ${listRunFiles[@]})))
+listCommonFiles=($(comm -12 <(printf "%s\n" ${listTmplFiles[@]}) <(printf "%s\n" ${listRunFiles[@]})))
 for envFile in ${listCommonFiles[@]}; do
    while : ; do
 	TMPL_FILE="${TMPL_PASS_DIR}/${envFile}"
@@ -224,21 +173,19 @@ if [ -n "${missing}" ]; then
 fi
 ########################################
-# check env-* in updateDockerPassword.sh
+# check extention in dockers.env
-missing=($(for DIR in "${RUN_PASS_DIR}" "${TMPL_PASS_DIR}"; do
+declare -a missing
 unsetted=($(for DIR in "${RUN_PASS_DIR}"; do
 	       for envFile in $(ls -1 "${DIR}/"env-* | grep -v '~$'); do
 		   val="${envFile#*env-}"
 		   varName=$(getVarFormVal "${val}" "${DOCKERS_ENV}")
-		   [ -z "${varName}" ] && continue
+		   if [ -z "${varName}" ]; then
-		   prefixe=$(grep "^\s*updateEnv.*${varName}" "${KAZ_BIN_DIR}/updateDockerPassword.sh" |
+		       echo "${val}"
 				 sed 's/\s*updateEnv[^"]*"\([^"]*\)".*/\1/' | sort -u)
 		   if [ -z "${prefixe}" ]; then
 		       echo "${envFile#*/}_(\${KAZ_KEY_DIR}/env-\${"${varName}"})"
 		   fi
 	       done
 	   done | sort -u))
 if [ -n "${missing}" ]; then
-    echo "missing update in  ${GREEN}${BOLD}${KAZ_BIN_DIR}/updateDockerPassword.sh${NC}:${BLUE}${BOLD}"
+    echo "missing def in  ${GREEN}${BOLD}${DOCKERS_ENV}${NC}:${BLUE}${BOLD}"
    for var in ${missing[@]}; do
 	echo -e "\t${var}"
    done
@@ -246,53 +193,17 @@ if [ -n "${missing}" ]; then
    read -p "Do you want to add them? [y/n]: " yn
    case $yn in
 	""|[Yy]*)
-	    emacs "${KAZ_BIN_DIR}/updateDockerPassword.sh"
+	    emacs "${DOCKERS_ENV}"
 	    ;;
    esac
 fi
 ########################################
 # synchronized SetAllPass.sh and env-*
 updateEnvFiles () {
    # $1 secret dir
    DIR=$1
    listRef=($(getVars "${DIR}/SetAllPass.sh"))
    missing=($(for envFile in $(ls -1 "${DIR}/"env-* | grep -v '~$'); do
 		   val="${envFile#*env-}"
 		   varName=$(getVarFormVal "${val}" "${DOCKERS_ENV}")
 		   [ -z "${varName}" ] && continue
 		   prefixe=$(grep "^\s*updateEnv.*${varName}" "${KAZ_BIN_DIR}/updateDockerPassword.sh" |
 				 sed 's/\s*updateEnv[^"]*"\([^"]*\)".*/\1/' | sort -u)
 		   [ -z "${prefixe}" ] && continue
 		   listVarsInEnv=($(getVars "${envFile}"))
 		   for var in ${listVarsInEnv[@]}; do
 		       [[ ! " ${listRef[@]} " =~ " ${prefixe}_${var} " ]] && echo "${prefixe}_${var}"
 		   done
 		   # XXX doit exister dans SetAllPass.sh avec le prefixe
 	       done))
    if [ -n "${missing}" ]; then
 	echo "missing update in  ${GREEN}${BOLD}${DIR}/SetAllPass.sh${NC}:${BLUE}${BOLD}"
 	for var in ${missing[@]}; do
 	    echo -e "\t${var}"
 	done
 	echo "${NC}"
 	read -p "Do you want to add them? [y/n]: " yn
 	case $yn in
 	    ""|[Yy]*)
 		emacs "${DIR}/SetAllPass.sh"
 		;;
 	esac
    fi
 }
 updateEnvFiles "${RUN_PASS_DIR}"
 updateEnvFiles "${TMPL_PASS_DIR}"
 # XXX chercher les variables non utilisées dans les SetAllPass.sh
 if [ -n "${NEED_GEN}" ]; then
    while : ; do
-	read -p "Do you want to generate blank values? [y/n]: " yn
+	read -p "Do you want to generate missing values? [y/n]: " yn
 	case $yn in
 	    ""|[Yy]*)
 	    	"${KAZ_BIN_DIR}/secretGen.sh"
--- a/bin/checkEnvPassword.sh
+++ b/bin/checkEnvPassword.sh
@@ -1,11 +0,0 @@
 #!/bin/bash
 KAZ_ROOT=$(cd $(dirname $0)/..; pwd)
 . "${KAZ_ROOT}/bin/.commonFunctions.sh"
 setKazVars
 for filename in "${KAZ_KEY_DIR}/"env-*Serv "${KAZ_KEY_DIR}/"env-*DB;  do
    if grep -q "^[^#=]*=\s*$" "${filename}" 2>/dev/null; then
 	echo "${filename}"
    fi
 done
--- a/bin/container.sh
+++ b/bin/container.sh
@@ -61,20 +61,6 @@ doCompose () {
 	${SIMU} ln -fs ../../config/dockers.env .env
    fi
    ${SIMU} docker-compose $1
    if [ "$2" = "cachet" ] && [ "$1" != "down" ]; then
 	NEW_KEY=$(cd "${KAZ_COMP_DIR}/$2" ; docker-compose logs | grep APP_KEY=base64: | sed "s/^.*'APP_KEY=\(base64:[^']*\)'.*$/\1/" | tail -1)
 	if [ -n "${NEW_KEY}" ]; then
 	    printKazMsg "cachet key change"
 	    # change key
 	    ${SIMU} sed -i \
 		    -e 's%^\(\s*cachet_APP_KEY=\).*$%\1"'"${NEW_KEY}"'"%' \
 		    "${KAZ_KEY_DIR}/SetAllPass.sh"
 	    ${SIMU} "${KAZ_BIN_DIR}/secretGen.sh"
 	    # restart
 	    ${SIMU} docker-compose $1
 	fi
    fi
 }
 doComposes () {
@@ -177,7 +163,6 @@ statusComposes () {
 saveComposes () {
    . "${DOCKERS_ENV}"
    . "${KAZ_ROOT}/secret/SetAllPass.sh"
    savedComposes+=( ${enableMailComposes[@]} )
    savedComposes+=( ${enableProxyComposes[@]} )
@@ -195,67 +180,85 @@ saveComposes () {
 	    ;;
 	    sympa)
       		echo "save sympa"
-		saveDB ${sympaDBName} "${sympa_MYSQL_USER}" "${sympa_MYSQL_PASSWORD}" "${sympa_MYSQL_DATABASE}" sympa mysql
+		. $KAZ_BIN_DIR/getPasswords.sh sympaDB
 		saveDB ${sympaDBName} "${sympaDB_MYSQL_USER}" "${sympaDB_MYSQL_PASSWORD}" "${sympaDB_MYSQL_DATABASE}" sympa mysql
 		;;
 	    web)
 		# rien à faire (fichiers)
 		;;
 	    etherpad)
 		echo "save pad"
-		saveDB ${etherpadDBName} "${etherpad_MYSQL_USER}" "${etherpad_MYSQL_PASSWORD}" "${etherpad_MYSQL_DATABASE}" etherpad mysql
+		. $KAZ_BIN_DIR/getPasswords.sh etherpadDB
 		saveDB ${etherpadDBName} "${etherpadDB_MYSQL_USER}" "${etherpadDB_MYSQL_PASSWORD}" "${etherpadDB_MYSQL_DATABASE}" etherpad mysql
 		;;
 	    framadate)
 		echo "save date"
-		saveDB ${framadateDBName} "${framadate_MYSQL_USER}" "${framadate_MYSQL_PASSWORD}" "${framadate_MYSQL_DATABASE}" framadate mysql
+		. $KAZ_BIN_DIR/getPasswords.sh framadateDB
 		saveDB ${framadateDBName} "${framadateDB_MYSQL_USER}" "${framadateDB_MYSQL_PASSWORD}" "${framadateDB_MYSQL_DATABASE}" framadate mysql
 		;;
 	    cloud)
 		echo "save cloud"
-		saveDB ${nextcloudDBName} "${nextcloud_MYSQL_USER}" "${nextcloud_MYSQL_PASSWORD}" "${nextcloud_MYSQL_DATABASE}" nextcloud mysql
+		. $KAZ_BIN_DIR/getPasswords.sh nextcloudDB
 		saveDB ${nextcloudDBName} "${nextcloudDB_MYSQL_USER}" "${nextcloudDB_MYSQL_PASSWORD}" "${nextcloudDB_MYSQL_DATABASE}" nextcloud mysql
 		;;
 	    paheko)
 		# rien à faire (fichiers)
 		;;		
 	    mattermost)
 		echo "save mattermost"
-		saveDB matterPG "${mattermost_POSTGRES_USER}" "${mattermost_POSTGRES_PASSWORD}" "${mattermost_POSTGRES_DB}" mattermost postgres
+		. $KAZ_BIN_DIR/getPasswords.sh mattermostDB
 		saveDB matterPG "${mattermostDB_POSTGRES_USER}" "${mattermostDB_POSTGRES_PASSWORD}" "${mattermostDB_POSTGRES_DB}" mattermost postgres
 		;;
 	    mobilizon)
 		echo "save mobilizon"
-		saveDB ${mobilizonDBName} "${mobilizon_POSTGRES_USER}" "${mobilizon_POSTGRES_PASSWORD}" "${mobilizon_POSTGRES_DB}" mobilizon postgres
+		. $KAZ_BIN_DIR/getPasswords.sh mobilizonDB
 		saveDB ${mobilizonDBName} "${mobilizonDB_POSTGRES_USER}" "${mobilizonDB_POSTGRES_PASSWORD}" "${mobilizonDB_POSTGRES_DB}" mobilizon postgres
 		;;
 	    peertube)
 		echo "save peertube"
-		saveDB ${peertubeDBName} "${peertube_POSTGRES_USER}" "${peertube_POSTGRES_PASSWORD}" "${PEERTUBE_DB_HOSTNAME}" peertube postgres
+		. $KAZ_BIN_DIR/getPasswords.sh peertubeDB
 		saveDB ${peertubeDBName} "${peertubeDB_POSTGRES_USER}" "${peertubeDB_POSTGRES_PASSWORD}" "${peertubeDB_PEERTUBE_DB_HOSTNAME}" peertube postgres
 		;;
 	    mastodon)
 		echo "save mastodon"
-		saveDB ${mastodonDBName} "${mastodon_POSTGRES_USER}" "${mastodon_POSTGRES_PASSWORD}" "${mastodon_POSTGRES_DB}" mastodon postgres
+		. $KAZ_BIN_DIR/getPasswords.sh mastodonDB
 		saveDB ${mastodonDBName} "${mastodonDB_POSTGRES_USER}" "${mastodonDB_POSTGRES_PASSWORD}" "${mastodonDB_POSTGRES_DB}" mastodon postgres
 		;;
 	    roundcube)
 		echo "save roundcube"
-		saveDB ${roundcubeDBName} "${roundcube_MYSQL_USER}" "${roundcube_MYSQL_PASSWORD}" "${roundcube_MYSQL_DATABASE}" roundcube mysql
+		. $KAZ_BIN_DIR/getPasswords.sh roundcubeDB
 		saveDB ${roundcubeDBName} "${roundcubeDB_MYSQL_USER}" "${roundcubeDB_MYSQL_PASSWORD}" "${roundcubeDB_MYSQL_DATABASE}" roundcube mysql
 		;;	
 	    vaultwarden)
 		echo "save vaultwarden"
-		saveDB ${vaultwardenDBName} "${vaultwarden_MYSQL_USER}" "${vaultwarden_MYSQL_PASSWORD}" "${vaultwarden_MYSQL_DATABASE}" vaultwarden mysql
+		. $KAZ_BIN_DIR/getPasswords.sh vaultwardenDB
 		saveDB ${vaultwardenDBName} "${vaultwardenDB_MYSQL_USER}" "${vaultwardenDB_MYSQL_PASSWORD}" "${vaultwardenDB_MYSQL_DATABASE}" vaultwarden mysql
 		;;
 	    dokuwiki)
 		# rien à faire (fichiers)
 		;;
 	    *-orga)
 		ORGA=${compose%-orga}
-		echo "save ${ORGA}"
+		echo "save ${ORGA}"		
 		if grep -q "cloud:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then
 		    echo "    => cloud"
-		    saveDB "${ORGA}-DB" "${nextcloud_MYSQL_USER}" "${nextcloud_MYSQL_PASSWORD}" "${nextcloud_MYSQL_DATABASE}" "${ORGA}-cloud" mysql
+			. $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudDB
 		    saveDB "${ORGA}-DB" "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" "${ORGA}-cloud" mysql
 		fi
 		if grep -q "agora:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then
 		    echo "    => mattermost"
-		    saveDB "${ORGA}-DB" "${mattermost_MYSQL_USER}" "${mattermost_MYSQL_PASSWORD}" "${mattermost_MYSQL_DATABASE}" "${ORGA}-mattermost" mysql
+			. $KAZ_KEY_DIR/orgas/$ORGA/env-mattermostDB
 			saveDB "${ORGA}-DB" "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" "${ORGA}-mattermost" mysql
 		fi
 		if grep -q "wordpress:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then
 		    echo "    => wordpress"
-		    saveDB "${ORGA}-DB" "${wp_MYSQL_USER}" "${wp_MYSQL_PASSWORD}" "${wp_MYSQL_DATABASE}" "${ORGA}-wordpress" mysql
+			. $KAZ_KEY_DIR/orgas/$ORGA/env-wpDB
 		    saveDB "${ORGA}-DB" "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" "${ORGA}-wordpress" mysql
 		fi
 		if grep -q "spip:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then
 		    echo "    => spip"
 			. $KAZ_KEY_DIR/orgas/$ORGA/env-spipDB
 		    saveDB "${ORGA}-DB" "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" "${ORGA}-spip" mysql
 		fi
 		;;
 	esac
--- a/bin/createDBUsers.sh
+++ b/bin/createDBUsers.sh
@@ -0,0 +1,81 @@
 #!/bin/bash
 KAZ_ROOT=$(cd $(dirname $0)/..; pwd)
 . "${KAZ_ROOT}/bin/.commonFunctions.sh"
 setKazVars
 # pour mise au point
 # SIMU=echo
 # Améliorations à prévoir
 # - donner en paramètre les services concernés (pour limité les modifications)
 # - pour les DB si on déclare un nouveau login, alors les privilèges sont créé mais les anciens pas révoqués
 . "${DOCKERS_ENV}"
 createMysqlUser(){
    # $1 = envName
    # $2 = containerName of DB
 	. $KAZ_KEY_DIR/env-$1
    # seulement si pas de mdp pour root
    # pb oeuf et poule (il faudrait les anciennes valeurs) :
    # * si rootPass change, faire à la main
    # * si dbName change, faire à la main
    checkDockerRunning "$2" "$2" || return
    echo "change DB pass on docker $2"
    echo "grant all privileges on ${MYSQL_DATABASE}.* to '${MYSQL_USER}' identified by '${MYSQL_PASSWORD}';" | \
 	docker exec -i $2 bash -c "mysql --user=root --password=${MYSQL_ROOT_PASSWORD}"
 }
 framadateUpdate(){
    [[ "${COMP_ENABLE}" =~ " framadate " ]] || return
    if [ ! -f "${DOCK_LIB}/volumes/framadate_dateConfig/_data/config.php" ]; then
 	return 0
    fi
 	.$KAZ_BIN_DIR/getPasswords.sh framadateDB framadateServ
    checkDockerRunning "${framadateServName}" "Framadate" &&
 	${SIMU} docker exec -ti "${framadateServName}" bash -c -i "htpasswd -bc /var/framadate/admin/.htpasswd ${framadateServ_HTTPD_USER} ${framadateServ_HTTPD_PASSWORD}"
    ${SIMU} sed -i \
 	    -e "s/^#*const DB_USER[ ]*=.*$/const DB_USER= '${framadateDB_MYSQL_USER}';/g" \
 	    -e "s/^#*const DB_PASSWORD[ ]*=.*$/const DB_PASSWORD= '${framadateDB_MYSQL_PASSWORD}';/g" \
 	    "${DOCK_LIB}/volumes/framadate_dateConfig/_data/config.php"
 }
 jirafeauUpdate(){
    [[ "${COMP_ENABLE}" =~ " jirafeau " ]] || return
    if [ ! -f "${DOCK_LIB}/volumes/jirafeau_fileConfig/_data/config.local.php" ]; then
 	return 0
    fi
 	. $KAZ_BIN_DIR/getPasswords.sh jirafeauServ
    SHA=$(echo -n "${jirafeauServ_HTTPD_PASSWORD}" | sha256sum | cut -d \  -f 1)
    ${SIMU} sed -i \
 	    -e "s/'admin_password'[ ]*=>[ ]*'[^']*'/'admin_password' => '${SHA}'/g" \
 	    "${DOCK_LIB}/volumes/jirafeau_fileConfig/_data/config.local.php"
 }
 ####################
 # main
 createMysqlUser "etherpadDB" "${etherpadDBName}"
 createMysqlUser "framadateDB" "${framadateDBName}"
 createMysqlUser "giteaDB" "${gitDBName}"
 createMysqlUser "mattermostDB" "${mattermostDBName}"
 createMysqlUser "nextcloudDB" "${nextcloudDBName}"
 createMysqlUser "roundcubeDB" "${roundcubeDBName}"
 createMysqlUser "sympaDB" "${sympaDBName}"
 createMysqlUser "vigiloDB" "${vigiloDBName}"
 createMysqlUser "wpDB" "${wordpressDBName}"
 createMysqlUser "vaultwardenDB" "${vaultwardenDBName}"
 createMysqlUser "castopodDB" "${castopodDBName}"
 createMysqlUser "spipDB" "${spipDBName}"
 createMysqlUser "mastodonDB" "${mastodonDBName}"
 framadateUpdate
 jirafeauUpdate
 exit 0
--- a/bin/createEmptyPasswd.sh
+++ b/bin/createEmptyPasswd.sh
@@ -1,104 +0,0 @@
 #!/bin/bash
 cd $(dirname $0)/..
 mkdir -p emptySecret
 rsync -aHAX --info=progress2 --delete secret/ emptySecret/
 cd emptySecret/
 . ../config/dockers.env
 . ./SetAllPass.sh
 # pour mise au point
 # SIMU=echo
 cleanEnvDB(){
    # $1 = prefix
    # $2 = envName
    # $3 = containerName of DB
    rootPass="--root_password--"
    dbName="--database_name--"
    userName="--user_name--"
    userPass="--user_password--"
    ${SIMU} sed -i \
 	    -e "s/MYSQL_ROOT_PASSWORD=.*/MYSQL_ROOT_PASSWORD=${rootPass}/g" \
 	    -e "s/MYSQL_DATABASE=.*/MYSQL_DATABASE=${dbName}/g" \
 	    -e "s/MYSQL_USER=.*/MYSQL_USER=${userName}/g" \
 	    -e "s/MYSQL_PASSWORD=.*/MYSQL_PASSWORD=${userPass}/g" \
 	    "$2"
 }
 cleanEnv(){
    # $1 = prefix
    # $2 = envName    
    for varName in $(grep "^[a-zA-Z_]*=" $2 | sed "s/^\([^=]*\)=.*/\1/g")
    do
 	srcName="$1_${varName}"
 	srcVal="--clean_val--"
 	${SIMU} sed -i \
 		-e "s~^[ ]*${varName}=.*$~${varName}=${srcVal}~" \
 		"$2"
    done
 }
 cleanPasswd(){
    ${SIMU} sed -i \
 	    -e 's/^\([# ]*[^#= ]*\)=".[^{][^"]*"/\1="--clean_val--"/g' \
 	    ./SetAllPass.sh
 }
 ####################
 # main
 # read -r -p "Do you want to remove all password? [Y/n] " input
 # case $input in
 #     [yY][eE][sS]|[yY])
 #  echo "Remove all password"
 #  ;;
 #     [nN][oO]|[nN])
 #  echo "Abort"
 #        ;;
 #     *)
 #  echo "Invalid input..."
 #  exit 1
 #  ;;
 # esac
 cleanPasswd
 cleanEnvDB "etherpad" "./env-${etherpadDBName}" "${etherpadDBName}"
 cleanEnvDB "framadate" "./env-${framadateDBName}" "${framadateDBName}"
 cleanEnvDB "git" "./env-${gitDBName}" "${gitDBName}"
 cleanEnvDB "mattermost" "./env-${mattermostDBName}" "${mattermostDBName}"
 cleanEnvDB "nextcloud" "./env-${nextcloudDBName}" "${nextcloudDBName}"
 cleanEnvDB "roundcube" "./env-${roundcubeDBName}" "${roundcubeDBName}"
 cleanEnvDB "sso" "./env-${ssoDBName}" "${ssoDBName}"
 cleanEnvDB "sympa" "./env-${sympaDBName}" "${sympaDBName}"
 cleanEnvDB "vigilo" "./env-${vigiloDBName}" "${vigiloDBName}"
 cleanEnvDB "wp" "./env-${wordpressDBName}" "${wordpressDBName}"
 cleanEnv "etherpad" "./env-${etherpadServName}"
 cleanEnv "gandi" "./env-gandi"
 cleanEnv "jirafeau" "./env-${jirafeauServName}"
 cleanEnv "mattermost" "./env-${mattermostServName}"
 cleanEnv "nextcloud" "./env-${nextcloudServName}"
 cleanEnv "office" "./env-${officeServName}"
 cleanEnv "roundcube" "./env-${roundcubeServName}"
 cleanEnv "sso" "./env-${ssoServName}"
 cleanEnv "vigilo" "./env-${vigiloServName}"
 cleanEnv "wp" "./env-${wordpressServName}"
 cat > allow_admin_ip <<EOF
 # ip for admin access only
 # local test
 allow 127.0.0.0/8;
 allow 192.168.0.0/16;
 EOF
 chmod -R go= .
 chmod -R +X .
--- a/bin/createSrcDocker.sh
+++ b/bin/createSrcDocker.sh
@@ -3,14 +3,13 @@
 cd $(dirname $0)
 ./setOwner.sh
 ./createEmptyPasswd.sh
 cd ../..
-FILE_NAME="/tmp/$(date +'%Y%M%d')-KAZ.tar.bz2"
+FILE_NAME="/tmp/$(date +'%Y%m%d')-KAZ.tar.bz2"
-tar -cjf "${FILE_NAME}" --transform s/emptySecret/secret/ \
+tar -cjf "${FILE_NAME}" --transform s/secret.tmpl/secret/ \
-     ./kaz/emptySecret/ ./kaz/bin ./kaz/config ./kaz/dockers
+     ./kaz/secret.tmpl/ ./kaz/bin ./kaz/config ./kaz/dockers
 ls -l "${FILE_NAME}"
--- a/bin/createUser.py
+++ b/bin/createUser.py
@@ -1,5 +0,0 @@
 #!/usr/bin/python3
 from lib.user import create_users_from_file
 create_users_from_file()
--- a/bin/createUser.sh
+++ b/bin/createUser.sh
@@ -37,7 +37,9 @@ setKazVars
 cd "${KAZ_ROOT}"
 . "${DOCKERS_ENV}"
-. "${KAZ_KEY_DIR}/SetAllPass.sh"
+
 . $KAZ_BIN_DIR/getPasswords.sh ldapServ sympaServ paheko
 # DOCK_DIR="${KAZ_COMP_DIR}" # ???
@@ -221,6 +223,7 @@ dos2unix "${TFILE_MM}"
 echo "done"
 # se connecter à l'agora pour ensuite pouvoir passer toutes les commandes mmctl
 . $KAZ_KEY_DIR/env-mattermostAdmin
 echo "docker exec -i mattermostServ bin/mmctl auth login ${httpProto}://${URL_AGORA} --name local-server --username ${mattermost_user} --password ${mattermost_pass}" | tee -a "${CMD_INIT}"
 # vérif des emails
@@ -393,9 +396,9 @@ nextcloudEnabled: TRUE\n\
 nextcloudQuota: ${QUOTA} GB\n\
 mobilizonEnabled: TRUE\n\
 agoraEnabled: TRUE\n\
-userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldap_LDAP_ADMIN_PASSWORD}" | tee -a "${CMD_LOGIN}"
+userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}" | tee -a "${CMD_LOGIN}"
    fi
-#userPassword: {CRYPT}\$6\$${pass}\n\n\" | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldap_LDAP_CONFIG_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldap_LDAP_CONFIG_ADMIN_PASSWORD}" | tee -a "${CMD_LOGIN}"
+#userPassword: {CRYPT}\$6\$${pass}\n\n\" | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldapServ_LDAP_CONFIG_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldapServ_LDAP_CONFIG_ADMIN_PASSWORD}" | tee -a "${CMD_LOGIN}"
    CREATE_ORGA_SERVICES=""
@@ -424,15 +427,16 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$
    MESSAGE_MAIL_ORGA_1="${MESSAGE_MAIL_ORGA_1}${NL}* un bureau virtuel pour stocker des fichiers/calendriers/contacts et partager avec vos connaissances : ${httpProto}://${URL_NC}"
    # le user existe t-il déjà sur NC ?
-    curl -o "${TEMP_USER_NC}" -X GET -H 'OCS-APIRequest:true' "${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users?search=${IDENT_KAZ}"
+	. $KAZ_KEY_DIR/env-nextcloudServ
    curl -o "${TEMP_USER_NC}" -X GET -H 'OCS-APIRequest:true' "${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users?search=${IDENT_KAZ}"
    if grep -q "<element>${IDENT_KAZ}</element>" "${TEMP_USER_NC}"; then
 	echo "${IDENT_KAZ} existe déjà sur ${URL_NC}" | tee -a "${LOG}"
    else
      # on créé l'utilisateur sur NC sauf si c'est le NC général, on ne créé jamais l'utilisateur7
 	  if [ ${URL_NC} != "${cloudHost}.${domain}" ]; then
-	
+		. $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudServ
-	    echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users \
+	    echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users \
 -d userid='${IDENT_KAZ}' \
 -d displayName='${PRENOM} ${NOM}' \
 -d password='${PASSWORD}' \
@@ -445,19 +449,22 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$
 	# s'il est admin de son orga, on le met admin
 	if [ "${service[ADMIN_ORGA]}" == "O" -a "${ORGA}" != "" -a "${service[NC_ORGA]}" == "O" ]; then
-	    echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://${nextcloud_NEXTCLOUD_ADMIN_USER}:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users/${IDENT_KAZ}/groups -d groupid='admin'" | tee -a "${CMD_INIT}"
+		. $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudServ
 	    echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users/${IDENT_KAZ}/groups -d groupid='admin'" | tee -a "${CMD_INIT}"
 	fi
 	# faut-il mettre le user NC dans un groupe particulier sur le NC de base ?
 	if [ "${GROUPE_NC_BASE}" != "" -a  "${service[NC_BASE]}" == "O" ]; then
 		# ici on travaille à nouveau sur le NC commun, donc on rechoppe les bons mdp
 		. $KAZ_KEY_DIR/env-nextcloudServ
 	    # le groupe existe t-il déjà ?
-	    curl -o "${TEMP_GROUP_NC}" -X GET -H 'OCS-APIRequest:true' "${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/groups?search=${GROUPE_NC_BASE}"
+	    curl -o "${TEMP_GROUP_NC}" -X GET -H 'OCS-APIRequest:true' "${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/groups?search=${GROUPE_NC_BASE}"
 	    nb=$(grep "<element>${GROUPE_NC_BASE}</element>" "${TEMP_GROUP_NC}" | wc -l)
 	    if [ "${nb}" == "0" ];then
-		echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/groups -d groupid=${GROUPE_NC_BASE}" | tee -a "${CMD_INIT}"
+		echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/groups -d groupid=${GROUPE_NC_BASE}" | tee -a "${CMD_INIT}"
 	    fi
 	    # puis attacher le user au groupe
-	    echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users/${IDENT_KAZ}/groups -d groupid=${GROUPE_NC_BASE}" | tee -a "${CMD_INIT}"
+	    echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users/${IDENT_KAZ}/groups -d groupid=${GROUPE_NC_BASE}" | tee -a "${CMD_INIT}"
 	fi
    fi
@@ -483,7 +490,8 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$
 	# TODO : vérif existance user
 	# 			# le user existe t-il déjà sur le wp ?
-	# 			curl -o "${TEMP_USER_WP}" -X GET "${httpProto}://${wp_WORDPRESS_ADMIN_USER}:${wp_WORDPRESS_ADMIN_PASSWORD}@${URL_WP_ORGA}/ocs/v1.php/cloud/users?search=${IDENT_KAZ}"
+	#			. $KAZ_BIN_DIR/getPasswords.sh wpServ
 	# 			curl -o "${TEMP_USER_WP}" -X GET "${httpProto}://${wpServ_WORDPRESS_ADMIN_USER}:${wpServ_WORDPRESS_ADMIN_PASSWORD}@${URL_WP_ORGA}/ocs/v1.php/cloud/users?search=${IDENT_KAZ}"
 	# 			nb_user_wp_orga=$(grep "<element>${IDENT_KAZ}</element>" "${TEMP_USER_WP}" | wc -l)
 	# 			if [ "${nb_user_wp_orga}" != "0" ];then
 	# 				(
@@ -501,7 +509,7 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$
 	# 					) | tee -a "${LOG}"
 	#
 	# 					# on supprime l'utilisateur sur NC.
-	# 					echo "curl -X DELETE -H 'OCS-APIRequest:true' ${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users \
+	# 					echo "curl -X DELETE -H 'OCS-APIRequest:true' ${httpProto}://admin:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users \
 	    # 					-d userid='${IDENT_KAZ}' \
 	    # 					" | tee -a "${CMD_INIT}"
 	# 				fi
@@ -619,13 +627,13 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$
    # docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=https://listes.kaz.sns/sympasoap --trusted_application=SOAP_USER --trusted_application_password=SOAP_PASSWORD --proxy_vars="USER_EMAIL=contact1@kaz.sns" --service=which
    if [[ "${mode}" = "dev" ]]; then
 	echo "# DEV, on teste l'inscription à sympa"| tee -a "${CMD_SYMPA}"
-	LISTMASTER=$(echo ${sympa_LISTMASTERS} | cut -d',' -f1)
+	LISTMASTER=$(echo ${sympaServ_LISTMASTERS} | cut -d',' -f1)
-	echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\""  | tee -a "${CMD_SYMPA}"
+	echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\""  | tee -a "${CMD_SYMPA}"
    else
 	echo "# PROD, on inscrit à sympa"| tee -a "${CMD_SYMPA}"
-	LISTMASTER=$(echo ${sympa_LISTMASTERS} | cut -d',' -f1)
+	LISTMASTER=$(echo ${sympaServ_LISTMASTERS} | cut -d',' -f1)
-	echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\""  | tee -a "${CMD_SYMPA}"
+	echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\""  | tee -a "${CMD_SYMPA}"
-	echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SECOURS}\""  | tee -a "${CMD_SYMPA}"
+	echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SECOURS}\""  | tee -a "${CMD_SYMPA}"
    fi
    if [ "${service[ADMIN_ORGA]}" == "O" ]; then
--- a/bin/gestContainers.sh
+++ b/bin/gestContainers.sh
@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
 . $KAZ_ROOT/bin/.commonFunctions.sh
 setKazVars
 . $DOCKERS_ENV
 . $KAZ_ROOT/secret/SetAllPass.sh
 . $KAZ_ROOT/secret/env-kaz
 PRG=$(basename $0)
--- a/bin/gestContainers_v2.sh
+++ b/bin/gestContainers_v2.sh
@@ -7,7 +7,7 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
 . $KAZ_ROOT/bin/.commonFunctions.sh
 setKazVars
 . $DOCKERS_ENV
-. $KAZ_ROOT/secret/SetAllPass.sh
+
 PRG=$(basename $0)
--- a/bin/gestUsers.sh
+++ b/bin/gestUsers.sh
@@ -8,7 +8,7 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
 setKazVars
 . $DOCKERS_ENV
-. $KAZ_ROOT/secret/SetAllPass.sh
+. $KAZ_BIN_DIR/getPasswords.sh ldapServ nextcloudServ sympaServ paheko
 VERSION="18-05-2025"
 PRG=$(basename $0)
@@ -24,7 +24,7 @@ URL_PAHEKO="$httpProto://${paheko_API_USER}:${paheko_API_PASSWORD}@kaz-paheko.$(
 NL_LIST=infos@listes.kaz.bzh
 URL_AGORA_API=${URL_AGORA}/api/v4
 EQUIPE=kaz
-LISTMASTER=$(echo ${sympa_LISTMASTERS} | cut -d',' -f1)
+LISTMASTER=$(echo ${sympaServ_LISTMASTERS} | cut -d',' -f1)
 #### Test du serveur sur lequel s' execute le script ####
@@ -47,6 +47,8 @@ rm -rf /tmp/*.json
 ############################################ Fonctions #######################################################
 ExpMail() {
 		. $KAZ_KEY_DIR/env-mail
        MAIL_DEST=$1
        MAIL_SUJET=$2
        MAIL_TEXTE=$3
@@ -58,6 +60,7 @@ ExpMail() {
 }
 PostMattermost() {
 		. $KAZ_KEY_DIR/env-mattermostAdmin
        PostM=$1
        CHANNEL=$2
        TEAMID=$(curl -s -H "Authorization: Bearer ${mattermost_token}" "${URL_AGORA_API}/teams/name/${EQUIPE}" | jq .id | sed -e 's/"//g')
@@ -91,8 +94,8 @@ searchEmail() {
 			fi
 		done
 		ldapsearch -H ldap://${LDAP_IP} \
-		-x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
+		-x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-		-w "${ldap_LDAP_ADMIN_PASSWORD}" \
+		-w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
 		-b "${ldap_root}" "(&(objectclass=${SEARCH_OBJECT_CLASS})(cn=*${RMAIL}*))" cn | grep ^cn | sed -e 's/^cn: //' >$TFILE_EMAILS
 		COMPTEUR_LIGNE=0
 		while read LIGNE
@@ -136,7 +139,8 @@ searchEmail() {
 searchMattermost() {
 		#Ici $1 est une adresse email
-            	docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings auth login $httpProto://$URL_AGORA --name local-server --username $mattermost_user --password $mattermost_pass >/dev/null 2>&1
+		. $KAZ_KEY_DIR/env-mattermostAdmin
        docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings auth login $httpProto://$URL_AGORA --name local-server --username $mattermost_user --password $mattermost_pass >/dev/null 2>&1
 		docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings config set ServiceSettings.EnableAPIUserDeletion "true" >/dev/null 2>&1
 		#on créé la list des mails dans mattermost
 		docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings user list --all >${TFILE_MAILS_MATTERMOST} 2>/dev/null
@@ -182,12 +186,12 @@ infoEmail() {
 					printKazMsg " DETAILS DU COMPTE DANS NEXTCLOUD PRINCIPAL"
 					echo -e ""
 					#TEMP_USER_NC=$(mktemp /tmp/$RACINE.XXXXXXXXX.TEMP_USER_NC)
-					#curl -s -o $TEMP_USER_NC -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloud_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=$CHOIX_MAIL
+					#curl -s -o $TEMP_USER_NC -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=$CHOIX_MAIL
 					#cat $TEMP_USER_NC | grep -i "element" | sed -e s/[\<\>\/]//g | sed -e s/element//g
 					echo -ne "${NC}"
 					echo -ne " - Nextcloud enable : "
 					echo -ne "${GREEN}"
-					ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i nextcloudEnabled | cut -c 18-30
+					ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i nextcloudEnabled | cut -c 18-30
 					echo -ne "${NC}"
 					echo -e "${NC} ------------------------------------------------"
 					printKazMsg " DETAILS DU COMPTE DANS LDAP ET PAHEKO"
@@ -203,11 +207,11 @@ infoEmail() {
 					echo -ne "${NC}"
 					echo -n " - Quota Mail (Ldap) : " 
 					echo -ne "${GREEN}"
-					ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i mailquota | cut -c 11-60
+					ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i mailquota | cut -c 11-60
 					echo -ne "${NC}"
 					echo -n " - Quota Nextcloud (Ldap) : "
 					echo -ne "${GREEN}"
-					ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i nextcloudquota | cut -c 17-60
+					ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i nextcloudquota | cut -c 17-60
 					echo -ne "${NC}"
 					echo -n " - Mail de secours (Paheko ): "
 					echo -ne "${GREEN}"
@@ -215,11 +219,11 @@ infoEmail() {
 					echo -ne "${NC}"
 					echo -n " - Mail de secours (Ldap): "
 					echo -ne "${GREEN}"
-					ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i maildeSecours | sed -e 's/mailDeSecours://'
+					ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i maildeSecours | sed -e 's/mailDeSecours://'
 					echo -ne "${NC}"
 					echo -n " - Alias (Ldap) : "
 					echo -ne "${GREEN}"
-					LDAP_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i alias | cut -c 11-60)
+					LDAP_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i alias | cut -c 11-60)
 					echo -ne "${NC}"
 					echo -ne "${GREEN}"
 					for ldap_alias in ${LDAP_ALIAS}
@@ -239,8 +243,8 @@ infoEmail() {
                			echo "------------------------------------------------"
 					echo  " Alias : ${CHOIX_MAIL} "
 					echo ""
-					for INFOALIAS in $(ldapsearch -H ldap://${LDAP_IP} -x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
+					for INFOALIAS in $(ldapsearch -H ldap://${LDAP_IP} -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-                		        -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${CHOIX_MAIL}*))" mail \
+                		        -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${CHOIX_MAIL}*))" mail \
 					| grep ^mail: | sed -e 's/^mail://')
 					do
 						echo -ne "=====> ${GREEN}  " 
@@ -307,12 +311,12 @@ searchDestroy() {
 						fi
 						echo -e "${NC}"
 						echo -e "Recherche de ${GREEN} ${REP_SEARCH_DESTROY} ${NC} dans nextcloud"
-						USER_NEXTCLOUD_SUPPR=$(curl -s -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloud_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=${REP_SEARCH_DESTROY} | grep element | sed -s 's/[ \<\>\/]//g' | sed  's/element//g')
+						USER_NEXTCLOUD_SUPPR=$(curl -s -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=${REP_SEARCH_DESTROY} | grep element | sed -s 's/[ \<\>\/]//g' | sed  's/element//g')
 						if [ ! -z ${USER_NEXTCLOUD_SUPPR} ]
 						then
 							printKazMsg "le user trouvé est : ${USER_NEXTCLOUD_SUPPR}"
 							echo -e "${RED} Suppresion de ${USER_NEXTCLOUD_SUPPR}"
-							curl -H 'OCS-APIREQUEST: true' -X DELETE $httpProto://admin:$nextcloud_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users/${USER_NEXTCLOUD_SUPPR} >/dev/null 2>&1
+							curl -H 'OCS-APIREQUEST: true' -X DELETE $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users/${USER_NEXTCLOUD_SUPPR} >/dev/null 2>&1
 							if [ "$?" -eq "0" ]
                        				then
 								printKazMsg "Suppresion ok"
@@ -327,7 +331,7 @@ searchDestroy() {
 							echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans la liste info de sympa"
 							echo -e "${NC}"
 							echo ""
-							docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${REP_SEARCH_DESTROY}"
+							docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${REP_SEARCH_DESTROY}"
 							echo -e "${NC}"
 							echo ""
 							echo  -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans le serveur de mail"
@@ -344,7 +348,7 @@ searchDestroy() {
                                                echo  -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans le ldap"
                                                echo -e "${NC}"
                                                echo ""
-						ldapdelete -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" "cn=${REP_SEARCH_DESTROY},ou=users,${ldap_root}"
+						ldapdelete -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" "cn=${REP_SEARCH_DESTROY},ou=users,${ldap_root}"
 						if [ "$?" -eq "0" ]
 						then
 							printKazMsg "Suppresion ok"
@@ -377,8 +381,8 @@ gestPassword() {
 		# MAIL_SECOURS=$(jq .results[].email_secours $FICMAILSECOURS | sed -e 's/\"//g')
 		MAIL_SECOURS=$(ldapsearch -H ldap://${LDAP_IP} \
-                -x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
+                -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-                -w "${ldap_LDAP_ADMIN_PASSWORD}" \
+                -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
                -b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=*${CHOIX_MAIL}*))" | grep ^mailDeSecours | sed -e 's/^mailDeSecours: //')
 		if [ "$MAIL_SECOURS" = "" ]
                then
@@ -405,19 +409,19 @@ gestPassword() {
 		fi
 		if [ "$SEARCH_RESET_INPUT" = "o" ] || [ "$SEARCH_RESET_INPUT" = "O" ]
 		then
-			USER_NEXTCLOUD_MODIF=$(curl -s -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloud_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=${COMPTE_A_MODIFIER} | grep element | sed -e 's/[ \<\>\/]//g' -e 's/element//g')
+			USER_NEXTCLOUD_MODIF=$(curl -s -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=${COMPTE_A_MODIFIER} | grep element | sed -e 's/[ \<\>\/]//g' -e 's/element//g')
 			echo -e "$GREEN Compte à modifier = $RED ${COMPTE_A_MODIFIER}  ${NC}"
 			echo -e "$GREEN Mail de secours = $RED ${MAIL_SECOURS}  ${NC}"
 			echo -e "$GREEN Compte $RED $(searchMattermost $COMPTE_A_MODIFIER)  ${NC}"
 			echo -e "$GREEN Compte Nextcloud $RED ${USER_NEXTCLOUD_MODIF} ${NC}"
 			echo -e "$GREEN Le mot de passe sera = $RED ${PASSWORD} ${NC}"
 			docker exec -ti mattermostServ bin/mmctl user change-password $(searchMattermost $COMPTE_A_MODIFIER) -p $PASSWORD >/dev/null 2>&1
-			curl -H 'OCS-APIREQUEST: true' -X PUT $httpProto://admin:$nextcloud_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users/${USER_NEXTCLOUD_MODIF} -d key=password -d value=${PASSWORD} >/dev/null 2>&1
+			curl -H 'OCS-APIREQUEST: true' -X PUT $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users/${USER_NEXTCLOUD_MODIF} -d key=password -d value=${PASSWORD} >/dev/null 2>&1
 			pass=$(mkpasswd -m sha512crypt ${PASSWORD})
 			echo -e "\n\ndn: cn=${COMPTE_A_MODIFIER},ou=users,${ldap_root}\n\
 changeType: modify\n\
 replace: userPassword\n\
-userPassword: {CRYPT}${pass}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}"
+userPassword: {CRYPT}${pass}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}"
 			echo -e "Envoi d'un message dans mattermost pour la modification du mot de passe"
 			docker exec -ti mattermostServ bin/mmctl post create kaz:Creation-Comptes --message "Le mot de passe du compte ${COMPTE_A_MODIFIER} a été modifié" >/dev/null 2>&1
 			if [ $ADRESSE_SEC == "OUI" ]
@@ -465,8 +469,8 @@ createMail() {
 		if [[ ${EMAIL_SOUHAITE} =~ ${regexMail} ]] 
 		then
 			ldapsearch -H ldap://${LDAP_IP} \
-                        -x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
+                        -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-                        -w "${ldap_LDAP_ADMIN_PASSWORD}" \
+                        -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
                        -b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=${EMAIL_SOUHAITE}))" cn | grep ^cn | sed -e 's/^cn: //' >$TFILE_EMAILS
 	        	if grep -q "^${EMAIL_SOUHAITE}$" "${TFILE_EMAILS}"
 			then
@@ -564,7 +568,7 @@ nextcloudEnabled: ${TRUE_KAZ}\n\
 nextcloudQuota: ${QUOTA} GB\n\
 mobilizonEnabled: ${TRUE_KAZ}\n\
 agoraEnabled: ${TRUE_KAZ}\n\
-userPassword: {CRYPT}${LDAPPASS}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldap_LDAP_ADMIN_PASSWORD}" >${TFILE_CREATE_MAIL}
+userPassword: {CRYPT}${LDAPPASS}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}" >${TFILE_CREATE_MAIL}
 # on execute le fichier avec les données ldap pour créer l' entrée dans l' annuaire
 bash ${TFILE_CREATE_MAIL} >/dev/null
 # on colle le compte et le mot de passe dans le fichier 
@@ -610,12 +614,12 @@ createAlias() {
 		if [[ ${AMAIL} =~ ${regexMail} ]] 
 		then
 			RESU_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} \
-			-x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
+			-x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-			-w "${ldap_LDAP_ADMIN_PASSWORD}" \
+			-w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
 			-b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${AMAIL}*))" | grep ^cn | sed -e 's/^cn: //')
 			RESU_ALIAS_IS_MAIL=$(ldapsearch -H ldap://${LDAP_IP} \
- 	                -x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
+ 	                -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-			-w "${ldap_LDAP_ADMIN_PASSWORD}" \
+			-w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
             		-b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=*${AMAIL}*))" cn | grep ^cn | sed -e 's/^cn: //')
 	        	if echo ${RESU_ALIAS} | grep -q "^${AMAIL}$" || echo ${RESU_ALIAS_IS_MAIL} | grep -q "^${AMAIL}$"
@@ -690,7 +694,7 @@ changeType: add\n\
 objectClass: organizationalRole\n\
 objectClass: PostfixBookMailForward\n\
 mailAlias: ${AMAIL}\n\
-${LDAPALAISMAIL}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldap_LDAP_ADMIN_PASSWORD}
+${LDAPALAISMAIL}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}
 			fait=1
 			printKazMsg "Création de ${AMAIL}"
 			sleep 3			
@@ -722,8 +726,8 @@ delAlias() {
                if [[ ${RALIAS} =~ ${regexMail} ]]
                then
                	RESU_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} \
-                        -x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
+                        -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-                        -w "${ldap_LDAP_ADMIN_PASSWORD}" \
+                        -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
                        -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=${RALIAS}))" cn | grep ^cn | sed -e 's/^cn: //')
 			if [ ! -z ${RESU_ALIAS} ]
 			then
@@ -733,7 +737,7 @@ delAlias() {
 					read -p "suppression de ${RESU_ALIAS} ? (o/n): " REPDELALIAS
 					case "${REPDELALIAS}" in
 					o | O )
-                        			ldapdelete -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" "cn=${RESU_ALIAS},ou=mailForwardings,${ldap_root}"
+                        			ldapdelete -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" "cn=${RESU_ALIAS},ou=mailForwardings,${ldap_root}"
 						printKazMsg "suppression ${RESU_ALIAS} effectuée"
 						sleep 2
 						faitdel=1
@@ -769,8 +773,8 @@ modifyAlias()
 	ACHANGE=0
 	searchEmail alias
 	LISTE_MAIL_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} \
-        -x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
+        -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-        -w "${ldap_LDAP_ADMIN_PASSWORD}" \
+        -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
        -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${CHOIX_MAIL}*))" \
 	| grep -i ^mail: | sed -e 's/^mail: /_/' | tr -d [:space:] | sed -s 's/_/ /g')
 	echo "-------------------------------------------------------------------"
@@ -845,8 +849,8 @@ modifyAlias()
 				echo "mail: ${key}" >>${FIC_MODIF_LDIF}
 			done
 			echo "-" >>${FIC_MODIF_LDIF}
-		 	ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
+		 	ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-			-x -w ${ldap_LDAP_ADMIN_PASSWORD} \
+			-x -w ${ldapServ_LDAP_ADMIN_PASSWORD} \
 			-f ${FIC_MODIF_LDIF} >/dev/null
 		else
 			printKazMsg "Pas de changement"
@@ -872,8 +876,8 @@ updateUser() {
 		for attribut in mailDeSecours mailAlias mailQuota nextcloudQuota
 		do
 			ATTRIB+=([${attribut}]=$(ldapsearch -H ldap://${LDAP_IP} \
-	               	-x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
+	               	-x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-                	-w "${ldap_LDAP_ADMIN_PASSWORD}" \
+                	-w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
                	-b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=*${CHOIX_MAIL}*))" \
 			 | grep ^"${attribut}": | sed -e 's/^'${attribut}': //' | tr -s '[:space:]' ' ' ))
 			# si l' attribut est mailDesecours on l' attrape et on on le stocke pour pouvoir l' enlever de sympa
@@ -1056,15 +1060,15 @@ updateUser() {
 					done
 					cat ${FIC_MODIF_LDIF}
 					sleep 3
-					ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
+					ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-					-x -w ${ldap_LDAP_ADMIN_PASSWORD} \
+					-x -w ${ldapServ_LDAP_ADMIN_PASSWORD} \
 					-f ${FIC_MODIF_LDIF}
 					if [ ! -z ${MAILDESECOURS} ]
 					then
 						# suppression du mail de secours de la liste infos
-						docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${MAILDESECOURSACTUEL}"
+						docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${MAILDESECOURSACTUEL}"
 						# ajout de l' adresse  de la nouvelle adresse de secours
-						docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=add --service_parameters="${NL_LIST},${MAILDESECOURS}"
+						docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=add --service_parameters="${NL_LIST},${MAILDESECOURS}"
 					fi
 					updateUser
 				fi
--- a/bin/getPasswords.sh
+++ b/bin/getPasswords.sh
@@ -0,0 +1,94 @@
 #!/bin/bash
 #Ki: Gael
 #Kan: 2025
 #Koi: gestion mots de passe
 KAZ_ROOT=/kaz
 . "${KAZ_ROOT}/bin/.commonFunctions.sh"
 QUIET=1
 usage() {
 echo "getPasswords.sh [OPTIONS] [envname ...] 
 Récupère les variables d'environnement présentes dans /kaz/secret/env-envname et crée des variables à partir de ces noms là.
 Les variables sont du type envname_NOMVARIABLE=valeur
 On peut passer plusieurs fichiers env, à partir du moment ou ils sont tous dans le même répertoire !
 OPTIONS 
 -h|--help            Cette aide :-)
 -n|--simu            SIMULATION
 -d foldername        prend les envfiles dans un sous dossier /kaz/secret/foldername/ (pour les orgas !) 
                      Les variables seront du type foldername-envname_NOMVARIABLE=valeur
 -e varname           Affiche le contenu d'une variable en particulier
 "
 }
 if [ ! -d "${KAZ_KEY_DIR}/tmp" ]; then
    mkdir "${KAZ_KEY_DIR}/tmp"
 fi
 for ARG in "$@"; do
    if [ -n "${DIRECTORYARG}" ]; then # après un -d
        SUBDIRECTORY="${ARG}"
        unset DIRECTORYARG
    elif  [ -n "${ECHOVARARG}" ]; then # après un -e
        VARTOECHO="${ARG}"
        unset ECHOVARARG
        QUIET="/dev/null"  # pour ne pas avoir d'autres bruits ...
    else
      case "${ARG}" in
          '-d' | '--directory' | '-f' | '--folder' | '--foldername')
              DIRECTORYARG="ON ATTEND UN REPERTOIRE APRES CA" ;;
          '-h' | '--help' )
            usage && exit ;;
          '-n' | '--simu')
            SIMU="echo" ;;
          '-e' | '--echo')
            ECHOVARARG="ON ATTEND UNE UN NOM DE VARIABLE APRES CA" ;;
            '-q' )
            QUIET="/dev/null" ;;
          *)
            ENVFILES="${ENVFILES} ${ARG%}";;
      esac
    fi
 done
 getVars () {
    # $1 : filename
    grep "^[^#]*=" $1 | sed 's/\([^=]*\).*/\1/' | sort -u
 }
 NB_FILES=$(echo "${ENVFILES}" | wc -w )
 if [[ $NB_FILES = 0 ]]; then
    usage
    exit 1
 fi
 for ENVFILE in $ENVFILES; do
    FILENAME="$KAZ_KEY_DIR/env-$ENVFILE"
    VARSUFFIX="$ENVFILE"_
    if [ -n "${SUBDIRECTORY}" ]; then
      FILENAME="$KAZ_KEY_DIR/orgas/$SUBDIRECTORY/env-$ENVFILE"
      VARSUFFIX="${SUBDIRECTORY}-${ENVFILE}_"
    fi
    if ! [ -f "$FILENAME" ]; then
      echo "$FILENAME does not exist."  >& $QUIET
      continue
    fi
    . $FILENAME # on récupère les variables
    vars=$(getVars $FILENAME)
    for var in $vars; do
      $SIMU declare $VARSUFFIX$var=${!var}
      unset $var
    done
    unset FILENAME VARSUFFIX vars
 done
 if [ -n "$VARTOECHO" ]; then
  echo ${!VARTOECHO}
 fi
 unset ENVFILES KAZ_ROOT SUBDIRECTORY SIMU QUIET NB_FILES VARTOECHO
--- a/bin/init.sh
+++ b/bin/init.sh
@@ -214,7 +214,6 @@ fi
 if [ ! -d "${KAZ_ROOT}/secret" ]; then
    rsync -a "${KAZ_ROOT}/secret.tmpl/" "${KAZ_ROOT}/secret/"
    . "${KAZ_ROOT}/secret/SetAllPass.sh"
    "${KAZ_BIN_DIR}/secretGen.sh"
-    "${KAZ_BIN_DIR}/updateDockerPassword.sh"
+    "${KAZ_BIN_DIR}/createDBUsers.sh"
 fi
--- a/bin/install.sh
+++ b/bin/install.sh
@@ -123,8 +123,6 @@ export DebugLog="${KAZ_ROOT}/log/log-install-$(date +%y-%m-%d-%T)-"
    if [[ " ${DOCKERS_LIST[*]} " =~ " traefik " ]]; then
      # on initialise traefik :-(
      ${KAZ_COMP_DIR}/traefik/first.sh
      # on démarre traefik (plus lancé dans container.sh)
      docker-compose -f ${KAZ_COMP_DIR}/traefik/docker-compose.yml up -d
    fi
    if [[ " ${DOCKERS_LIST[*]} " =~ " etherpad " ]]; then
--- a/bin/interoPaheko.sh
+++ b/bin/interoPaheko.sh
@@ -6,7 +6,8 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
 setKazVars
 . $DOCKERS_ENV
-. $KAZ_ROOT/secret/SetAllPass.sh
+
 . $KAZ_BIN_DIR/getPasswords.sh paheko
 URL_PAHEKO="$httpProto://${paheko_API_USER}:${paheko_API_PASSWORD}@kaz-paheko.$(echo $domain)"
--- a/bin/ldap/ldap_sauve.sh
+++ b/bin/ldap/ldap_sauve.sh
@@ -7,6 +7,5 @@ setKazVars
 FILE_LDIF=/home/sauve/ldap.ldif
 . $DOCKERS_ENV
 . $KAZ_ROOT/secret/SetAllPass.sh
 docker exec -u 0 -i ${ldapServName} slapcat -F /opt/bitnami/openldap/etc/slapd.d -b ${ldap_root} | gzip >${FILE_LDIF}.gz
--- a/bin/ldap/ldapvi.sh
+++ b/bin/ldap/ldapvi.sh
@@ -5,7 +5,7 @@ KAZ_ROOT=/kaz
 setKazVars
 . $DOCKERS_ENV
-. $KAZ_ROOT/secret/SetAllPass.sh
+. $KAZ_BIN_DIR/getPasswords.sh ldapServ
 LDAP_IP=$(docker inspect -f '{{.NetworkSettings.Networks.ldapNet.IPAddress}}' ldapServ)
@@ -20,4 +20,4 @@ EDITOR=${EDITOR:-vi}
 EDITOR=${EDITOR:-vi}
 export EDITOR=${EDITOR}
-ldapvi -h $LDAP_IP -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -w ${ldap_LDAP_ADMIN_PASSWORD} --discover
+ldapvi -h $LDAP_IP -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -w ${ldapServ_LDAP_ADMIN_PASSWORD} --discover
--- a/bin/ldap/migrate_to_ldap.sh
+++ b/bin/ldap/migrate_to_ldap.sh
@@ -8,7 +8,7 @@ KAZ_ROOT=/kaz
 setKazVars
 . $DOCKERS_ENV
-. $KAZ_ROOT/secret/SetAllPass.sh
+. $KAZ_BIN_DIR/getPasswords.sh ldapServ paheko
 ACCOUNTS=/kaz/dockers/postfix/config/postfix-accounts.cf
@@ -126,7 +126,7 @@ replace: agoraEnabled\n\
 agoraEnabled: TRUE\n\
 -\n\
 replace: mobilizonEnabled\n\
-mobilizonEnabled: TRUE\n\n" | tee /tmp/ldap/${mail}.ldif | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldap_LDAP_ADMIN_PASSWORD}
+mobilizonEnabled: TRUE\n\n" | tee /tmp/ldap/${mail}.ldif | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}
 done
 #replace: nextcloudEnabled\n\
@@ -164,7 +164,7 @@ do
 			echo -e "dn: cn=${mail},ou=users,${ldap_root}\n\
 changeType: modify
 replace: mailAlias\n\
-$LIST\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldap_LDAP_ADMIN_PASSWORD}
+$LIST\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}
 		else
 			echo "Alias vers un mail externe, go fichier"
 			echo $line >> ${ALIASES_WITHLDAP}
@@ -185,7 +185,7 @@ replace: mailAlias\n\
 mailAlias: ${src}\n\
 -\n\
 replace: mail\n\
-mail: ${dst}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldap_LDAP_ADMIN_PASSWORD}
+mail: ${dst}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}
 		fi
 	else
 		echo "Forward vers plusieurs adresses, on met dans le fichier"
@@ -215,7 +215,7 @@ replace: mailAlias\n\
 mailAlias: ${src}\n\
 -\n\
 replace: mail\n\
-${LIST}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldap_LDAP_ADMIN_PASSWORD}
+${LIST}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}
 	fi
 done
--- a/bin/ldap/tests/nc_orphans.sh
+++ b/bin/ldap/tests/nc_orphans.sh
@@ -5,16 +5,16 @@ KAZ_ROOT=/kaz
 setKazVars
 . $DOCKERS_ENV
-. $KAZ_ROOT/secret/SetAllPass.sh
+. $KAZ_BIN_DIR/getPasswords.sh ldapServ nextcloudDB
 LDAP_IP=$(docker inspect -f '{{.NetworkSettings.Networks.ldapNet.IPAddress}}' ldapServ)
-docker exec -i nextcloudDB mysql --user=${nextcloud_MYSQL_USER} --password=${nextcloud_MYSQL_PASSWORD} ${nextcloud_MYSQL_DATABASE} <<< "select uid from oc_users;" > /tmp/nc_users.txt
+docker exec -i nextcloudDB mysql --user=${nextcloudDB_MYSQL_USER} --password=${nextcloudDB_MYSQL_PASSWORD} ${nextcloudDB_MYSQL_DATABASE} <<< "select uid from oc_users;" > /tmp/nc_users.txt
 OLDIFS=${IFS}
 IFS=$'\n'
 for line in `cat /tmp/nc_users.txt`; do
-	result=$(ldapsearch -h $LDAP_IP -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -w ${ldap_LDAP_ADMIN_PASSWORD} -b $ldap_root -x "(identifiantKaz=${line})" | grep numEntries)
+	result=$(ldapsearch -h $LDAP_IP -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -w ${ldapServ_LDAP_ADMIN_PASSWORD} -b $ldap_root -x "(identifiantKaz=${line})" | grep numEntries)
 	echo "${line} ${result}" | grep -v "numEntries: 1" | grep -v "^uid"
 done
 IFS=${OLDIFS}
--- a/bin/lib/config.py
+++ b/bin/lib/config.py
@@ -1,15 +0,0 @@
 DOCKERS_ENV = "/kaz/config/dockers.env"
 SECRETS = "/kaz/secret/env-{serv}"
 def getDockersConfig(key):
    with open(DOCKERS_ENV) as config:
        for line in config:
            if line.startswith(f"{key}="):
                return line.split("=", 1)[1].split("#")[0].strip()
 def getSecretConfig(serv, key):
    with open(SECRETS.format(serv=serv)) as config:
        for line in config:
            if line.startswith(f"{key}="):
                return line.split("=", 2)[1].split("#")[0].strip()
--- a/bin/lib/ldap.py
+++ b/bin/lib/ldap.py
@@ -1,101 +0,0 @@
 import ldap
 from passlib.hash import sha512_crypt
 from email_validator import validate_email, EmailNotValidError
 import subprocess
 from .config import getDockersConfig, getSecretConfig
 class Ldap:
    def __init__(self):
        self.ldap_connection = None
        self.ldap_root = getDockersConfig("ldap_root")
        self.ldap_admin_username = getSecretConfig("ldapServ", "LDAP_ADMIN_USERNAME")
        self.ldap_admin_password = getSecretConfig("ldapServ", "LDAP_ADMIN_PASSWORD")
        cmd="docker inspect -f '{{.NetworkSettings.Networks.ldapNet.IPAddress}}' ldapServ"
        self.ldap_host = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT).strip().decode()
    def __enter__(self):
        self.ldap_connection = ldap.initialize(f"ldap://{self.ldap_host}")
        self.ldap_connection.simple_bind_s("cn={},{}".format(self.ldap_admin_username, self.ldap_root), self.ldap_admin_password)
        return self
    def __exit__(self, tp, e, traceback):
        self.ldap_connection.unbind_s()
    def get_email(self, email):
        """
        Vérifier si un utilisateur avec cet email existe dans le LDAP soit comme mail principal soit comme alias
        """
        # Créer une chaîne de filtre pour rechercher dans les champs "cn" et "mailAlias"
        filter_str = "(|(cn={})(mailAlias={}))".format(email, email)
        result = self.ldap_connection.search_s("ou=users,{}".format(self.ldap_root), ldap.SCOPE_SUBTREE, filter_str)
        return result
    def delete_user(self, email):
        """
        Supprimer un utilisateur du LDAP par son adresse e-mail
        """
        try:
            # Recherche de l'utilisateur
            result = self.ldap_connection.search_s("ou=users,{}".format(self.ldap_root), ldap.SCOPE_SUBTREE, "(cn={})".format(email))
            if not result:
                return False  # Utilisateur non trouvé
            # Récupération du DN de l'utilisateur
            dn = result[0][0]
            # Suppression de l'utilisateur
            self.ldap_connection.delete_s(dn)
            return True  # Utilisateur supprimé avec succès
        except ldap.NO_SUCH_OBJECT:
            return False  # Utilisateur non trouvé
        except ldap.LDAPError as e:
            return False  # Erreur lors de la suppression
    def create_user(self, email, prenom, nom, password, email_secours, quota):
        """
        Créer une nouvelle entrée dans le LDAP pour un nouvel utilisateur. QUESTION: A QUOI SERVENT PRENOM/NOM/IDENT_KAZ DANS LE LDAP ? POURQUOI 3 QUOTA ?
        """
        password_chiffre = sha512_crypt.hash(password)
        if not validate_email(email) or not validate_email(email_secours):
            return False
        if self.get_email(email):
            return False
        # Construire le DN
        dn = f"cn={email},ou=users,{self.ldap_root}"
        mod_attrs = [
          ('objectClass', [b'inetOrgPerson', b'PostfixBookMailAccount', b'nextcloudAccount', b'kaznaute']),
          ('sn', f'{prenom} {nom}'.encode('utf-8')),
          ('mail', email.encode('utf-8')),
          ('mailEnabled', b'TRUE'),
          ('mailGidNumber', b'5000'),
          ('mailHomeDirectory', f"/var/mail/{email.split('@')[1]}/{email.split('@')[0]}/".encode('utf-8')),
          ('mailQuota', f'{quota}G'.encode('utf-8')),
          ('mailStorageDirectory', f"maildir:/var/mail/{email.split('@')[1]}/{email.split('@')[0]}/".encode('utf-8')),
          ('mailUidNumber', b'5000'),
          ('mailDeSecours', email_secours.encode('utf-8')),
          ('identifiantKaz', f'{prenom.lower()}.{nom.lower()}'.encode('utf-8')),
          ('quota', str(quota).encode('utf-8')),
          ('nextcloudEnabled', b'TRUE'),
          ('nextcloudQuota', f'{quota} GB'.encode('utf-8')),
          ('mobilizonEnabled', b'TRUE'),
          ('agoraEnabled', b'TRUE'),
          ('userPassword', f'{{CRYPT}}{password_chiffre}'.encode('utf-8')),
          ('cn', email.encode('utf-8'))
        ]
        self.ldap_connection.add_s(dn, mod_attrs)
        return True
--- a/bin/lib/mattermost.py
+++ b/bin/lib/mattermost.py
@@ -1,134 +0,0 @@
 import subprocess
 from .config import getDockersConfig, getSecretConfig
 mattermost_user = getSecretConfig("mattermostServ", "MM_ADMIN_USER")
 mattermost_pass = getSecretConfig("mattermostServ", "MM_ADMIN_PASSWORD")
 mattermost_url = f"https://{getDockersConfig('matterHost')}.{getDockersConfig('domain')}"
 mmctl = "docker exec -i mattermostServ bin/mmctl"
 class Mattermost:
    def __init__(self):
        pass
    def __enter__(self):
        self.authenticate()
        return self
    def __exit__(self, tp, e, traceback):
        self.logout()
    def authenticate(self):
         # Authentification sur MM
         cmd = f"{mmctl} auth login {mattermost_url} --name local-server --username {mattermost_user} --password {mattermost_pass}"
         subprocess.run(cmd, shell=True, stderr=subprocess.STDOUT, check=True)
    def logout(self):
         # Authentification sur MM
         cmd = f"{mmctl} auth clean"
         subprocess.run(cmd, shell=True, stderr=subprocess.STDOUT, check=True)
    def post_message(self, message, equipe="kaz", canal="creation-comptes"):
        """
        Envoyer un message dans une Equipe/Canal de MM
        """
        cmd = f"{mmctl} post create {equipe}:{canal} --message \"{message}\""
        output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
        return output.decode()
    def get_user(self, user):
        """
        Le user existe t-il sur MM ?
        """
        try:
            cmd = f"{mmctl} user search {user} --json"
            user_list_output = subprocess.check_output(cmd, shell=True)
            return True  # Le nom d'utilisateur existe
        except subprocess.CalledProcessError:
            return False
    def create_user(self, user, email, password):
        """
        Créer un utilisateur sur MM
        """
        cmd = f"{mmctl} user create --email {email} --username {user} --password {password}"
        output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
        return output.decode()
    def delete_user(self, email):
        """
        Supprimer un utilisateur sur MM
        """
        cmd = f"{mmctl} user delete {email} --confirm"
        output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
        return output.decode()
    def update_password(self, email, new_password):
        """
        Changer un password pour un utilisateur de MM
        """
        cmd = f"{mmctl} user change-password {email} --password {new_password}"
        output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
        return output.decode()
    def add_user_to_team(self, email, equipe):
        """
        Affecte un utilisateur à une équipe MM
        """
        cmd = f"{mmctl} team users add {equipe} {email}"
        output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
        return output.decode()
    def add_user_to_channel(self, email, equipe, canal):
        """
        Affecte un utilisateur à un canal MM
        """
        cmd = f'{mmctl} channel users add {equipe}:{canal} {email}'
        output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
        return output.decode()
    def get_teams(self):
        """
        Lister les équipes sur MM
        """
        cmd = f"{mmctl} team list --disable-pager"
        output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
        data_list = output.decode("utf-8").strip().split('\n')
        data_list.pop()
        return data_list
    def create_team(self, equipe, email):
        """
        Créer une équipe sur MM et affecter un admin si email est renseigné (set admin marche pô)
        """
        #DANGER: l'option --email ne rend pas le user admin de l'équipe comme c'est indiqué dans la doc :(
        cmd = f"{mmctl} team create --name {equipe} --display-name {equipe} --private --email {email}"
        output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
        #Workaround: on récup l'id du user et de l'équipe pour affecter le rôle "scheme_admin": true, "scheme_user": true avec l'api MM classique.
        #TODO:
        return output.decode()
    def delete_team(self, equipe):
        """
        Supprimer une équipe sur MM
        """
        cmd = f"{mmctl} team delete {equipe} --confirm"
        output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
        return output.decode()
--- a/bin/lib/paheko.py
+++ b/bin/lib/paheko.py
@@ -1,134 +0,0 @@
 import re
 import requests
 from .config import getDockersConfig, getSecretConfig
 paheko_ident = getDockersConfig("paheko_API_USER")
 paheko_pass = getDockersConfig("paheko_API_PASSWORD")
 paheko_auth = (paheko_ident, paheko_pass)
 paheko_url = f"https://kaz-paheko.{getDockersConfig('domain')}"
 class Paheko:
    def get_categories(self):
        """
        Récupérer les catégories Paheko avec le compteur associé
        """
        api_url = paheko_url + '/api/user/categories'
        response = requests.get(api_url, auth=paheko_auth)
        if response.status_code == 200:
            data = response.json()
            return data
        else:
            return None
    def get_users_in_categorie(self,categorie):
        """
        Afficher les membres d'une catégorie Paheko
        """
        if not categorie.isdigit():
            return 'Id de category non valide', 400
        api_url = paheko_url + '/api/user/category/'+categorie+'.json'
        response = requests.get(api_url, auth=paheko_auth)
        if response.status_code == 200:
            data = response.json()
            return data
        else:
            return None
    def get_user(self,ident):
        """
        Afficher un membre de Paheko par son email kaz ou son numéro ou le non court de l'orga
        """
        emailmatchregexp = re.compile(r"^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$")
        if emailmatchregexp.match(ident):
          data = { "sql": f"select * from users where email='{ident}' or alias = '{ident}'" }
          api_url = paheko_url + '/api/sql/'
          response = requests.post(api_url, auth=paheko_auth,  data=data)
          #TODO: if faut Rechercher count et vérifier que = 1 et supprimer le count=1 dans la réponse
        elif  ident.isdigit():
          api_url = paheko_url + '/api/user/'+ident
          response = requests.get(api_url, auth=paheko_auth)
        else:
          nomorga = re.sub(r'\W+', '', ident) # on vire les caractères non alphanumérique
          data = { "sql": f"select * from users where admin_orga=1 and nom_orga='{nomorga}'" }
          api_url = paheko_url + '/api/sql/'
          response = requests.post(api_url, auth=paheko_auth,  data=data)
          #TODO:if faut Rechercher count et vérifier que = 1  et supprimer le count=1 dans la réponse
        if response.status_code == 200:
            data = response.json()
            if data["count"] == 1:
                 return data["results"][0]
            elif data["count"] == 0:
                 return None
            else:
                 return data["results"]
        else:
            return None
    def set_user(self,ident,field,new_value):
        """
        Modifie la valeur d'un champ d'un membre paheko (ident= numéro paheko ou email kaz)
        """
        #récupérer le numero paheko si on fournit un email kaz
        emailmatchregexp = re.compile(r"^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$")
        if emailmatchregexp.match(ident):
          data = { "sql": f"select id from users where email='{ident}'" }
          api_url = paheko_url + '/api/sql/'
          response = requests.post(api_url, auth=paheko_auth, data=data)
          if response.status_code == 200:
              #on extrait l'id de la réponse
              data = response.json()
              if data['count'] == 0:
                print("email non trouvé")
                return None
              elif data['count'] > 1:
                  print("trop de résultat")
                  return None
              else:
                #OK
                ident = data['results'][0]['id']
          else:
              print("pas de résultat")
              return None
        elif not ident.isdigit():
           print("Identifiant utilisateur invalide")
           return None
        regexp = re.compile("[^a-zA-Z0-9 \\r\\n\\t" + re.escape(string.punctuation) + "]")
        valeur = regexp.sub('',new_value) # mouais, il faudrait être beaucoup plus précis ici en fonction des champs qu'on accepte...
        champ = re.sub(r'\W+','',field) # pas de caractères non alphanumériques ici, dans l'idéal, c'est à choisir dans une liste plutot
        api_url = paheko_url + '/api/user/'+str(ident)
        payload = {champ: valeur}
        response = requests.post(api_url, auth=paheko_auth, data=payload)
        return response.json()
    def get_users_with_action(self, action):
        """
        retourne tous les membres de paheko avec une action à mener (création du compte kaz / modification...)
        """
        api_url = paheko_url + '/api/sql/'
        payload = { "sql": f"select * from users where action_auto='{action}'" }
        response = requests.post(api_url, auth=paheko_auth,  data=payload)
        if response.status_code == 200:
            return response.json()
        else:
            return None
--- a/bin/lib/sympa.py
+++ b/bin/lib/sympa.py
@@ -1,40 +0,0 @@
 import subprocess
 from email_validator import validate_email, EmailNotValidError
 from .config import getDockersConfig, getSecretConfig
 sympa_user = getSecretConfig("sympaServ", "SOAP_USER")
 sympa_pass = getSecretConfig("sympaServ", "SOAP_PASSWORD")
 sympa_listmaster = getSecretConfig("sympaServ", "ADMINEMAIL")
 sympa_url = f"https://{getDockersConfig('sympaHost')}.{getDockersConfig('domain')}"
 sympa_soap = "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl"
 sympa_domain = getDockersConfig('domain_sympa')
 sympa_liste_info = "infos"
 # docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\""  | tee -a "${CMD_SYMPA}"
 class Sympa:
    def _execute_sympa_command(self, email, liste, service):
        if validate_email(email) and validate_email(liste):
            cmd = f'{sympa_soap} --soap_url={sympa_url}/sympasoap --trusted_application={sympa_user} --trusted_application_password={sympa_pass} --proxy_vars=USER_EMAIL={sympa_listmaster} --service={service} --service_parameters="{liste},{email}" && echo $?'
            output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
            return output.decode()
    def add_email_to_list(self, email, liste=sympa_liste_info):
        """
        Ajouter un email dans une liste sympa
        """
        output = self._execute_sympa_command(email, f"{liste}@{sympa_domain}", 'add')
        return output
    def delete_email_from_list(self, email, liste=sympa_liste_info):
        """
        Supprimer un email dans une liste sympa
        """
        output = self._execute_sympa_command(email, f"{liste}@{sympa_domain}", 'del')
        return output
--- a/bin/lib/template.py
+++ b/bin/lib/template.py
@@ -1,8 +0,0 @@
 import jinja2
 templateLoader = jinja2.FileSystemLoader(searchpath="../templates")
 templateEnv = jinja2.Environment(loader=templateLoader)
 def render_template(filename, args):
    template = templateEnv.get_template(filename)
    return template.render(args)
--- a/bin/lib/user.py
+++ b/bin/lib/user.py
@@ -1,213 +0,0 @@
 from email_validator import validate_email, EmailNotValidError
 from glob import glob
 import tempfile
 import subprocess
 import re
 from email.mime.text import MIMEText
 from email.mime.multipart import MIMEMultipart
 import smtplib
 from .paheko import Paheko
 from .ldap import Ldap
 from .mattermost import Mattermost
 from .sympa import Sympa
 from .template import render_template
 from .config import getDockersConfig, getSecretConfig
 DEFAULT_FILE = "/kaz/tmp/createUser.txt"
 webmail_url = f"https://webmail.{getDockersConfig('domain')}"
 mattermost_url = f"https://agora.{getDockersConfig('domain')}"
 mdp_url = f"https://mdp.{getDockersConfig('domain')}"
 sympa_url = f"https://listes.{getDockersConfig('domain')}"
 site_url = f"https://{getDockersConfig('domain')}"
 cloud_url = f"https://cloud.{getDockersConfig('domain')}"
 def _generate_password(self):
    cmd="apg -n 1 -m 10 -M NCL -d"
    output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
    new_password="_"+output.decode("utf-8")+"_"
    return new_password
 def create_user(email, email_secours, admin_orga, nom_orga, quota_disque, nom, prenom, nc_orga, garradin_orga, wp_orga, agora_orga, wiki_orga, nc_base, groupe_nc_base, equipe_agora, password=None):
    email = email.lower()
    with Ldap() as ldap:
        # est-il déjà dans le ldap ? (mail ou alias)
        if ldap.get_email(email):
            print(f"ERREUR 1: {email} déjà existant dans ldap. on arrête tout")
            return None
        #test nom orga
        if admin_orga == 1:
          if nom_orga is None:
              print(f"ERREUR 0 sur paheko: {email} : nom_orga vide, on arrête tout")
              return
          if not bool(re.match(r'^[a-z0-9-]+$', nom_orga)):
              print(f"ERREUR 0 sur paheko: {email} : nom_orga ({tab['nom_orga']}) incohérent (minuscule/chiffre/-), on arrête tout")
              return
        #test email_secours
        email_secours = email_secours.lower()
        if not validate_email(email_secours):
            print("Mauvais email de secours")
            return
        #test quota
        quota = quota_disque
        if not quota.isdigit():
            print(f"ERREUR 2: quota non numérique : {quota}, on arrête tout")
            return
        #on génère un password
        password = password or _generate_password()
        #on créé dans le ldap
        #à quoi servent prenom/nom dans le ldap ?
        data = {
          "prenom": prenom,
          "nom": nom,
          "password": password,
          "email_secours": email_secours,
          "quota": quota
        }
        if not ldap.create_user(email, **data):
            print("Erreur LDAP")
            return
    with Mattermost() as mm:
        #on créé dans MM
        user = email.split('@')[0]
        mm.create_user(user, email, password)
        mm.add_user_to_team(email, "kaz")
        #et aux 2 canaux de base
        mm.add_user_to_channel(email, "kaz", "une-question--un-soucis")
        mm.add_user_to_channel(email, "kaz", "cafe-du-commerce--ouvert-2424h")
        #on créé une nouvelle équipe ds MM si besoin
        if admin_orga == 1:
          mm.create_team(nom_orga, email)
          #BUG: créer la nouvelle équipe n'a pas rendu l'email admin, on le rajoute comme membre simple
          mm.add_user_to_team(email, nom_orga)
    #on inscrit email et email_secours à la nl sympa_liste_info
    sympa = Sympa()
    sympa.add_email_to_list(email)
    sympa.add_email_to_list(email_secours)
    #on construit/envoie le mail
    context = {
        'ADMIN_ORGA': admin_orga,
        'NOM': f"{prenom} {nom}",
        'EMAIL_SOUHAITE': email,
        'PASSWORD': password,
        'QUOTA': quota_disque,
        'URL_WEBMAIL': webmail_url,
        'URL_AGORA': mattermost_url,
        'URL_MDP': mdp_url,
        'URL_LISTE': sympa_url,
        'URL_SITE': site_url,
        'URL_CLOUD': cloud_url,
    }
    html = render_template("email_inscription.html", context)
    raw = render_template("email_inscription.txt", context)
    message = MIMEMultipart()
    message["Subject"] = "KAZ: confirmation d'inscription !"
    message["From"] = f"contact@{getDockersConfig('domain')}"
    message["To"] = f"{email}, {email_secours}"
    message.attach(MIMEText(raw, "plain"))
    message.attach(MIMEText(html, "html"))
    with smtplib.SMTP(f"mail.{getDockersConfig('domain')}", 25) as server:
        server.sendmail(f"contact@{getDockersConfig('domain')}", [email,email_secours], message.as_string())
    #on met le flag paheko action à Aucune
    paheko = Paheko()
    try:
        paheko.set_user(email, "action_auto", "Aucune")
    except:
        print(f"Erreur paheko pour remettre action_auto = Aucune pour {email}")
    #on post sur MM pour dire ok
    with Mattermost() as mm:
        msg=f"**POST AUTO** Inscription réussie pour {email} avec le secours {email_secours} Bisou!"
        mm.post_message(message=msg)
 def create_waiting_users():
    """
    Créé les kaznautes en attente: inscription sur MM / Cloud / email + msg sur MM + email à partir de action="a créer" sur paheko
    """
    #verrou pour empêcher de lancer en même temps la même api
    prefixe="create_user_lock_"
    if glob(f"{tempfile.gettempdir()}/{prefixe}*"):
        print("Lock présent")
        return None
    lock_file = tempfile.NamedTemporaryFile(prefix=prefixe,delete=True)
    #qui sont les kaznautes à créer ?
    paheko = Paheko()
    liste_kaznautes = paheko.get_users_with_action("A créer")
    if liste_kaznautes:
        count=liste_kaznautes['count']
        if count==0:
            print("aucun nouveau kaznaute à créer")
            return
        #au moins un kaznaute à créer
        for tab in liste_kaznautes['results']:
          create_user(**tab)
    print("fin des inscriptions")
 def create_users_from_file(file=DEFAULT_FILE):
    """
    Créé les kaznautes en attente: inscription sur MM / Cloud / email + msg sur MM + email à partir du ficher
    """
    #verrou pour empêcher de lancer en même temps la même api
    prefixe="create_user_lock_"
    if glob(f"{tempfile.gettempdir()}/{prefixe}*"):
        print("Lock présent")
        return None
    lock_file = tempfile.NamedTemporaryFile(prefix=prefixe,delete=True)
    #qui sont les kaznautes à créer ?
    liste_kaznautes = []
    with open(file) as lines:
        for line in lines:
            line = line.strip()
            if not line.startswith("#") and line != "":
                user_data = line.split(';')
                user_dict = {
                    "nom": user_data[0],
                    "prenom": user_data[1],
                    "email": user_data[2],
                    "email_secours": user_data[3],
                    "nom_orga": user_data[4],
                    "admin_orga": user_data[5],
                    "nc_orga": user_data[6],
                    "garradin_orga": user_data[7],
                    "wp_orga": user_data[8],
                    "agora_orga": user_data[9],
                    "wiki_orga": user_data[10],
                    "nc_base": user_data[11],
                    "groupe_nc_base": user_data[12],
                    "equipe_agora": user_data[13],
                    "quota_disque": user_data[14],
                    "password": user_data[15],
                }
                liste_kaznautes.append(user_dict)
    if liste_kaznautes:
        for tab in liste_kaznautes:
          create_user(**tab)
    print("fin des inscriptions")
--- a/bin/manageAgora.sh
+++ b/bin/manageAgora.sh
@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
 . $KAZ_ROOT/bin/.commonFunctions.sh
 setKazVars
 . $DOCKERS_ENV
 . $KAZ_ROOT/secret/SetAllPass.sh
 #GLOBAL VARS
 PRG=$(basename $0)
@@ -83,7 +82,8 @@ Init(){
    [ $? -ne 0 ] && printKazError "$DockerServName ne parvient pas à démarrer correctement : impossible de terminer l'install" && return 1 >& $QUIET
    # creation compte admin
-    ${SIMU} curl -i -d "{\"email\":\"${mattermost_MM_ADMIN_EMAIL}\",\"username\":\"${mattermost_user}\",\"password\":\"${mattermost_pass}\",\"allow_marketing\":true}" "${MATTER_URL}/api/v4/users"
+    _getPasswords
    ${SIMU} curl -i -d "{\"email\":\"${mattermostServ_MM_ADMIN_EMAIL}\",\"username\":\"${mattermost_user}\",\"password\":\"${mattermost_pass}\",\"allow_marketing\":true}" "${MATTER_URL}/api/v4/users"
    MM_TOKEN=$(_getMMToken ${MATTER_URL})
@@ -98,12 +98,13 @@ Version(){
 _getMMToken(){
    #$1 MATTER_URL
    _getPasswords
    ${SIMU} curl -i -s -d "{\"login_id\":\"${mattermost_user}\",\"password\":\"${mattermost_pass}\"}" "${1}/api/v4/users/login" | grep 'token' | sed 's/token:\s*\(.*\)\s*/\1/' | tr -d '\r'
 }
 PostMessage(){
    printKazMsg "Envoi à $TEAM : $MESSAGE" >& $QUIET
-    
+    _getPasswords
    ${SIMU} docker exec -ti "${DockerServName}" bin/mmctl auth login "${MATTER_URL}" --name local-server --username ${mattermost_user} --password ${mattermost_pass}
    ${SIMU} docker exec -ti "${DockerServName}" bin/mmctl post create "${TEAM}" --message "${MESSAGE}"
 }
@@ -113,6 +114,16 @@ MmctlCommand(){
    ${SIMU} docker exec -u 33 "$DockerServName" bin/mmctl $1
 }
 _getPasswords(){
    # récupération des infos du compte admin
    if [ -n "$AGORACOMMUN" ] ; then 
        . $KAZ_KEY_DIR/env-mattermostAdmin
        . $KAZ_BIN_DIR/getPasswords.sh mattermostServ
    else
        . $KAZ_KEY_DIR/orgas/${ORGA}/env-mattermostAdmin
        . $KAZ_BIN_DIR/getPasswords.sh -d ${ORGA} mattermostServ
    fi
 }
 ########## Main #################
 for ARG in "$@"; do
--- a/bin/manageCastopod.sh
+++ b/bin/manageCastopod.sh
@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
 . $KAZ_ROOT/bin/.commonFunctions.sh
 setKazVars
 . $DOCKERS_ENV
 . $KAZ_ROOT/secret/SetAllPass.sh
 #GLOBAL VARS
 PRG=$(basename $0)
@@ -63,11 +62,12 @@ Init(){
    cookies=$(curl -c - ${POD_URL})    
    CSRF_TOKEN=$(curl --cookie <(echo "$cookies") ${POD_URL}/cp-install | grep "csrf_test_name" | sed "s/.*value=.//" | sed "s/.>//") 
    _getPasswords
    #echo ${CSRF_TOKEN}
    ${SIMU} curl --cookie <(echo "$cookies") -X POST \
-        -d "username=${castopod_ADMIN_USER}" \
+        -d "username=${ADMIN_USER}" \
-        -d "password=${castopod_ADMIN_PASSWORD}" \
+        -d "password=${ADMIN_PASSWORD}" \
-        -d "email=${castopod_ADMIN_MAIL}" \
+        -d "email=${ADMIN_MAIL}" \
        -d "csrf_test_name=${CSRF_TOKEN}" \
        "${POD_URL}/cp-install/create-superadmin"
@@ -78,7 +78,13 @@ Version(){
    echo "Version $DockerServName : ${GREEN}${VERSION}${NC}"
 }
-
+_getPasswords(){
    if [ -n "$CASTOPOD_COMMUN" ]; then 
        . $KAZ_KEY_DIR/env-castopodAdmin
    else
        . $KAZ_KEY_DIR/orgas/$ORGA/env-castopodAdmin
    fi
 }
 ########## Main #################
 for ARG in "$@"; do 
--- a/bin/manageCloud.sh
+++ b/bin/manageCloud.sh
@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
 . $KAZ_ROOT/bin/.commonFunctions.sh
 setKazVars
 . $DOCKERS_ENV
 . $KAZ_ROOT/secret/SetAllPass.sh
 #GLOBAL VARS
 PRG=$(basename $0)
@@ -32,7 +31,7 @@ OPTIONS
 -n|--simu          SIMULATION
 -q|--quiet         On ne parle pas (utile avec le -n pour avoir que les commandes)
 --nas              L'orga se trouve sur le NAS !
-
+ 
 COMMANDES (on peut en mettre plusieurs dans l'ordre souhaité)
 -I|--install       L'initialisation du cloud
 -v|--version       Donne la version du cloud et signale les MàJ
@@ -75,7 +74,7 @@ Init(){
        CONF_FILE="${NAS_VOL}/orga_${ORGA}-cloudConfig/_data/config.php"
    fi
-    firstInstall "$CLOUD_URL" "$CONF_FILE" " NextCloud de $NOM"
+    firstInstall "$CLOUD_URL" "$CONF_FILE" "$NOM"
    updatePhpConf "$CONF_FILE"
    InstallApplis
    echo "${CYAN}  *** Paramétrage richdocuments pour $ORGA${NC}" >& $QUIET
@@ -100,25 +99,38 @@ firstInstall(){
    # $2 phpConfFile
    # $3 orga
    if ! grep -q "'installed' => true," "$2" 2> /dev/null; then
-        printKazMsg "\n  *** Premier lancement de $3" >& $QUIET
+
        printKazMsg "\n  *** Premier lancement nextcloud $3" >& $QUIET
        _getPasswords
        ${SIMU} waitUrl "$1"
        ${SIMU} curl -X POST \
            -d "install=true" \
-            -d "adminlogin=${nextcloud_NEXTCLOUD_ADMIN_USER}" \
+            -d "adminlogin=${NEXTCLOUD_ADMIN_USER}" \
-            -d "adminpass=${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}" \
+            -d "adminpass=${NEXTCLOUD_ADMIN_PASSWORD}" \
            -d "directory=/var/www/html/data" \
            -d "dbtype=mysql" \
-            -d "dbuser=${nextcloud_MYSQL_USER}" \
+            -d "dbuser=${MYSQL_USER}" \
-            -d "dbpass=${nextcloud_MYSQL_PASSWORD}" \
+            -d "dbpass=${MYSQL_PASSWORD}" \
-            -d "dbname=${nextcloud_MYSQL_DATABASE}" \
+            -d "dbname=${MYSQL_DATABASE}" \
-            -d "dbhost=${nextcloud_MYSQL_HOST}" \
+            -d "dbhost=${MYSQL_HOST}" \
            -d "install-recommended-apps=true" \
            "$1"
    fi
 }
 _getPasswords(){
    if [ -n "$CLOUDCOMMUN" ]; then 
        . $KAZ_KEY_DIR/env-nextcloudServ
        . $KAZ_KEY_DIR/env-nextcloudDB
    else
        . $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudServ
        . $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudDB
    fi
 }
 setOfficeUrl(){
    # Did le 25 mars les offices sont tous normalisé sur les serveurs https://${site}-${officeHost}.${domain}
    #OFFICE_URL="https://${officeHost}.${domain}"
@@ -131,13 +143,14 @@ setOfficeUrl(){
 }
 initLdap(){
    . $KAZ_BIN_DIR/getPasswords.sh ldapServ
    # $1 Nom du cloud
    echo "${CYAN}  *** Installation LDAP pour $1${NC}" >& $QUIET
    occCommand "app:enable user_ldap" "${DockerServName}"
    occCommand "ldap:delete-config s01" "${DockerServName}"
    occCommand "ldap:create-empty-config" "${DockerServName}"
    occCommand "ldap:set-config s01 ldapAgentName cn=cloud,ou=applications,${ldap_root}" "${DockerServName}"
-    occCommand "ldap:set-config s01 ldapAgentPassword ${ldap_LDAP_CLOUD_PASSWORD}" "${DockerServName}"
+    occCommand "ldap:set-config s01 ldapAgentPassword ${ldapServ_LDAP_CLOUD_PASSWORD}" "${DockerServName}"
    occCommand "ldap:set-config s01 ldapBase ${ldap_root}" "${DockerServName}"
    occCommand "ldap:set-config s01 ldapBaseGroups ${ldap_root}" "${DockerServName}"
    occCommand "ldap:set-config s01 ldapBaseUsers ou=users,${ldap_root}" "${DockerServName}"
--- a/bin/manageWiki.sh
+++ b/bin/manageWiki.sh
@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
 . $KAZ_ROOT/bin/.commonFunctions.sh
 setKazVars
 . $DOCKERS_ENV
 . $KAZ_ROOT/secret/SetAllPass.sh
 #GLOBAL VARS
 PRG=$(basename $0)
@@ -55,15 +54,7 @@ Init(){
    PLG_DIR="${VOL_PREFIX}wikiPlugins/_data"
    CONF_DIR="${VOL_PREFIX}wikiConf/_data"
-    # Gael, j'avais ajouté ça mais j'ai pas test alors je laisse comme avant ... 
+    . $KAZ_BIN_DIR/getPasswords.sh dokuwiki
    # A charge au prochain qui monte un wiki de faire qque chose
    #WIKI_ROOT="${dokuwiki_WIKI_ROOT}"
    #WIKI_EMAIL="${dokuwiki_WIKI_EMAIL}"
    #WIKI_PASS="${dokuwiki_WIKI_PASSWORD}"
    WIKI_ROOT=Kaz
    WIKI_EMAIL=wiki@kaz.local
    WIKI_PASS=azerty
    ${SIMU} checkDockerRunning "${DockerServName}" "${NOM}" || exit
@@ -77,11 +68,11 @@ Init(){
            -d "l=fr" \
            -d "d[title]=${NOM}" \
            -d "d[acl]=true" \
-            -d "d[superuser]=${WIKI_ROOT}" \
+            -d "d[superuser]=${dokuwiki_WIKI_ROOT}" \
            -d "d[fullname]=Admin"\
-            -d "d[email]=${WIKI_EMAIL}" \
+            -d "d[email]=${dokuwiki_WIKI_EMAIL}" \
-            -d "d[password]=${WIKI_PASS}" \
+            -d "d[password]=${dokuwiki_WIKI_PASSWORD}" \
-            -d "d[confirm]=${WIKI_PASS}" \
+            -d "d[confirm]=${dokuwiki_WIKI_PASSWORD}" \
            -d "d[policy]=1" \
            -d "d[allowreg]=false" \
            -d "d[license]=0" \
--- a/bin/manageWp.sh
+++ b/bin/manageWp.sh
@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
 . $KAZ_ROOT/bin/.commonFunctions.sh
 setKazVars
 . $DOCKERS_ENV
 . $KAZ_ROOT/secret/SetAllPass.sh
 #GLOBAL VARS
 PRG=$(basename $0)
@@ -61,11 +60,11 @@ Init(){
    echo "\n  *** Premier lancement de WP" >& $QUIET
    ${SIMU} waitUrl "${WP_URL}"
-
+    . $KAZ_BIN_DIR/getPasswords.sh wpServ
    ${SIMU} curl -X POST \
-        -d "user_name=${wp_WORDPRESS_ADMIN_USER}" \
+        -d "user_name=${wpServ_WORDPRESS_ADMIN_USER}" \
-        -d "admin_password=${wp_WORDPRESS_ADMIN_PASSWORD}" \
+        -d "admin_password=${wpServ_WORDPRESS_ADMIN_PASSWORD}" \
-        -d "admin_password2=${wp_WORDPRESS_ADMIN_PASSWORD}" \
+        -d "admin_password2=${wpServ_WORDPRESS_ADMIN_PASSWORD}" \
        -d "pw_weak=true" \
        -d "admin_email=admin@kaz.bzh" \
        -d "blog_public=0" \
--- a/bin/migGestionMotsDePasse.sh
+++ b/bin/migGestionMotsDePasse.sh
@@ -0,0 +1,68 @@
 #!/bin/bash
 KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
 . $KAZ_ROOT/bin/.commonFunctions.sh
 setKazVars
 . $DOCKERS_ENV
 . $KAZ_ROOT/secret/SetAllPass.sh
 newenvfile=$KAZ_KEY_DIR/env-mattermostAdmin
 touch $newenvfile
 echo "mattermost_user=$mattermost_user" >> $newenvfile
 echo "mattermost_pass=$mattermost_pass" >> $newenvfile
 echo "mattermost_token=$mattermost_token" >> $newenvfile
 echo "EMAIL_CONTACT=$EMAIL_CONTACT" >> $DOCKERS_ENV
 newenvfile=$KAZ_KEY_DIR/env-paheko
 touch $newenvfile
 echo "API_USER=$paheko_API_USER" >> $newenvfile
 echo "API_PASSWORD=$paheko_API_PASSWORD" >> $newenvfile
 newenvfile=$KAZ_KEY_DIR/env-mail
 touch $newenvfile
 echo "service_mail=$service_mail" >> $newenvfile
 echo "service_password=$service_password" >> $newenvfile
 newenvfile=$KAZ_KEY_DIR/env-borg
 # touch $newenvfile  à priori il existe déjà
 echo "BORG_REPO=$BORG_REPO" >> $newenvfile
 echo "BORG_PASSPHRASE=$BORG_PASSPHRASE" >> $newenvfile
 echo "VOLUME_SAUVEGARDES=$VOLUME_SAUVEGARDES" >> $newenvfile
 echo "MAIL_RAPPORT=$MAIL_RAPPORT" >> $newenvfile
 echo "BORGMOUNT=$BORGMOUNT" >> $newenvfile
 newenvfile=$KAZ_KEY_DIR/env-traefik
 touch $newenvfile
 echo "DASHBOARD_USER=$traefik_DASHBOARD_USER" >> $newenvfile
 echo "DASHBOARD_PASSWORD=$traefik_DASHBOARD_PASSWORD" >> $newenvfile
 #####################
 # Castopod
 # A COPIER DANS UN FICHIER DE CONF !! castopodAdmin
 newenvfile=$KAZ_KEY_DIR/env-castopodAdmin
 touch $newenvfile
 echo "ADMIN_USER=$castopod_ADMIN_USER" >> $newenvfile
 echo "ADMIN_MAIL=$castopod_ADMIN_MAIL" >> $newenvfile
 echo "ADMIN_PASSWORD=$castopod_ADMIN_PASSWORD" >> $newenvfile
 # creation dossier pour les env des orgas
 mkdir $KAZ_KEY_DIR/orgas
 orgasLong=($(getList "${KAZ_CONF_DIR}/container-orga.list"))
 ORGAS=${orgasLong[*]//-orga/}
 for orga in ${ORGAS};do
    mkdir $KAZ_KEY_DIR/orgas/$orga
    cp $KAZ_KEY_DIR/env-{castopod{Admin,DB,Serv},mattermost{DB,Serv},nextcloud{DB,Serv},spip{DB,Serv},wp{DB,Serv}} $KAZ_KEY_DIR/orgas/$orga
 done
 echo "C'est parfait, vous pouvez git pull puis supprimer SetAllPass.sh"
--- a/bin/migVersProdX.sh
+++ b/bin/migVersProdX.sh
@@ -9,7 +9,6 @@ KAZ_ROOT=$(cd "$(dirname $0)/.."; pwd)
 setKazVars
 . $DOCKERS_ENV
 . $KAZ_ROOT/secret/SetAllPass.sh
 . $KAZ_ROOT/secret/env-kaz
@@ -133,6 +132,7 @@ for orgaLong in ${Orgas}; do
 	    ${SIMU} rsync -aAhHX --info=progress2 --delete "${DOCK_VOL_PAHEKO_ORGA}/${orgaCourt}" -e "ssh -p 2201" root@${SITE_DST}.${domain}:"${DOCK_VOL_PAHEKO_ORGA}/"
 	fi
 	${SIMU} rsync -aAhHX --info=progress2 --delete ${KAZ_COMP_DIR}/${orgaLong} -e "ssh -p 2201" root@${SITE_DST}.${domain}:${KAZ_COMP_DIR}/
 	${SIMU} rsync -aAhHX --info=progress2 --delete ${KAZ_KEY_DIR}/orgas/${orgaCourt} -e "ssh -p 2201" root@${SITE_DST}.${domain}:${KAZ_KEY_DIR}/orgas/${orgaCourt}
 	${SIMU} ssh -p 2201 root@${SITE_DST}.${domain} "grep -q '^${orgaLong}\$' /kaz/config/container-orga.list || echo ${orgaLong} >> /kaz/config/container-orga.list"
 	${SIMU} ssh -p 2201 root@${SITE_DST}.${domain} ${KAZ_COMP_DIR}/${orgaLong}/init-volume.sh
--- a/bin/migration.sh
+++ b/bin/migration.sh
@@ -20,8 +20,7 @@ ${SIMU} "${CV1}" stop orga
 ${SIMU} "${CV1}" stop
 ${SIMU} rsync "${EV1}/dockers.env" "${EV2}/"
-${SIMU} rsync "${SV1}/SetAllPass.sh" "${SV2}/"
+${SIMU} rsync "${SV1}/" "${SV2}/"
 ${SIMU} "${BV2}/updateDockerPassword.sh"
 # XXX ? rsync /kaz/secret/allow_admin_ip /kaz-git/secret/allow_admin_ip
--- a/bin/nextcloud_maintenance.sh
+++ b/bin/nextcloud_maintenance.sh
@@ -4,12 +4,12 @@ KAZ_ROOT=/kaz
 . $KAZ_ROOT/bin/.commonFunctions.sh
 setKazVars
 . $DOCKERS_ENV
 . $KAZ_ROOT/secret/SetAllPass.sh
 URL_AGORA=https://$matterHost.$domain/api/v4
 EQUIPE=kaz
 PostMattermost() {
        . $KAZ_KEY_DIR/env-mattermostAdmin
        PostM=$1
        CHANNEL=$2
        TEAMID=$(curl -s -H "Authorization: Bearer ${mattermost_token}" "${URL_AGORA}/teams/name/${EQUIPE}" | jq .id | sed -e 's/"//g')
--- a/bin/postfix-superviz.sh
+++ b/bin/postfix-superviz.sh
@@ -6,7 +6,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
 setKazVars
 . $DOCKERS_ENV
 . $KAZ_ROOT/secret/SetAllPass.sh
 URL_AGORA=$(echo $matterHost).$(echo $domain)
 MAX_QUEUE=50
@@ -15,6 +14,8 @@ OLDIFS=$IFS
 IFS=" "
 COUNT_MAILQ=$(docker exec -t mailServ mailq | tail -n1 | gawk '{print $5}')
 # récupération mots de passes
 . $KAZ_KEY_DIR/env-mattermostAdmin
 docker exec ${mattermostServName} bin/mmctl --suppress-warnings auth login $httpProto://$URL_AGORA --name local-server --username $mattermost_user --password $mattermost_pass >/dev/null 2>&1
 if [ "${COUNT_MAILQ}" -gt "${MAX_QUEUE}" ]; then
--- a/bin/scriptBorg.sh
+++ b/bin/scriptBorg.sh
@@ -17,7 +17,7 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
 . $KAZ_ROOT/bin/.commonFunctions.sh
 setKazVars
 . $DOCKERS_ENV
-. $KAZ_ROOT/secret/SetAllPass.sh
+. $KAZ_BIN_DIR/getPasswords.sh borg
 VERSION="V-10-03-2025"
 PRG=$(basename $0)
--- a/bin/secretGen.sh
+++ b/bin/secretGen.sh
@@ -3,70 +3,137 @@
 KAZ_ROOT=$(cd "$(dirname $0)/.."; pwd)
 . "${KAZ_ROOT}/bin/.commonFunctions.sh"
 setKazVars
 . $DOCKERS_ENV
 cd "${KAZ_ROOT}"
 NEW_DIR="secret"
 TMPL_DIR="secret.tmpl"
 SORTIESTANDARD=1	
 DIR=$KAZ_KEY_DIR
 ORGA=
 if [ ! -d "${NEW_DIR}/" ]; then
    rsync -a "${TMPL_DIR}/" "${NEW_DIR}/"
 fi
-NEW_FILE="${NEW_DIR}/SetAllPass-new.sh"
+usage() {
-TMPL_FILE="${NEW_DIR}/SetAllPass.sh"
+echo "${PRG} [OPTIONS] [filename ...] 
 	# PARCOURE LES ENV FILE ET REMPLIT LES --clean_val-- qui n'ont pas été complétés.
 	on cherche des 
 	@@pass@@***@@p@@ 			-> on génère un mot de passe 16car (les *** permettent d'identifier le mot de passe, s'il doit être utilisé ailleurs)
 	@@db@@***@@d@@					-> on génère une base de données (pareil identifié par ***)
 	@@user@@***@@u@@				-> on génère un user
 	@@token@@***@@t@@			-> on génère un token
 	@@globalvar@@***@@gv@@ 	-> on cherche la variable globale ***
 	@@crossvar@@envname_varname@@cv@@	-> on retrouve la variable dans les envfiles
-while read line ; do
+	Si on précise des fichiers, alors il ne remplace que dans ceux là (et on "lie" les clean-val ensemble !!!)
-    if [[ "${line}" =~ ^# ]] || [ -z "${line}" ] ; then
+OPTIONS 
-	echo "${line}"
+ -h|--help            Cette aide :-)
-	continue
+ -n|--simu            SIMULATION
-    fi
+ -q|--quiet           Sans bruits de fond
-    if [[ "${line}" =~  "--clean_val--" ]] ; then
+ -d foldername        prend les envfiles dans un sous dossier /kaz/secret/orgas/foldername/ (pour les orgas !) 
-	case "${line}" in
+ -
-	    *jirafeau_DATA_DIR*)
+
-		JIRAFEAU_DIR=$(getValInFile "${DOCKERS_ENV}" "jirafeauDir")
+"
-		[ -z "${JIRAFEAU_DIR}" ] &&
+}
-		    echo "${line}" ||
+
-			sed "s%\(.*\)--clean_val--\(.*\)%\1${JIRAFEAU_DIR}\2%" <<< ${line}
+for ARG in "$@"; do
-		continue
+    if [ -n "${DIRECTORYARG}" ]; then # après un -d
-		;;
+		DIR=$KAZ_KEY_DIR/orgas/${ARG}
-	    *DATABASE*|*DB_NAME*)
+		ORGA=${ARG}
-		dbName="$(sed "s/\([^_]*\)_.*/\1/" <<< ${line})_$(apg -n 1 -m 2 -M NCL | cut -c 1-2)"
+        DIRECTORYARG=
 		sed "s/\(.*\)--clean_val--\(.*\)/\1${dbName}\2/" <<< ${line}
 		continue
 		;;
 	    *ROOT_PASSWORD*|*PASSWORD*|*SECRET*)
 		pass="$(apg -n 1 -m 16 -M NCL)"
 		sed "s/\(.*\)--clean_val--\(.*\)/\1${pass}\2/" <<< ${line}
 		continue
 		;;
 	    *USER*)
 		user="$(sed "s/\([^_]*\)_.*/\1/" <<< ${line})_$(apg -n 1 -m 2 -M NCL | cut -c 1-2)"
 		sed "s/\(.*\)--clean_val--\(.*\)/\1${user}\2/" <<< ${line}
 		continue
 		;;
 	    *RAIN_LOOP*|*office_password*|*mattermost_*|*sympa_*|*gitea_*)
 		pass="$(apg -n 1 -m 16 -M NCL)"
 		sed "s/\(.*\)--clean_val--\(.*\)/\1${pass}\2/" <<< ${line}
 		continue
 		;;
 	    *vaultwarden_ADMIN_TOKEN*)
 		pass="$(apg -n 1 -m 32 -M NCL)"
 		sed "s/\(.*\)--clean_val--\(.*\)/\1${pass}\2/" <<< ${line}
 		continue
 		;;
 	esac
    else
-	echo "${line}"
+
-	continue
+      case "${ARG}" in
          '-d' | '--directory' | '-f' | '--folder' | '--foldername')
              DIRECTORYARG="ON ATTEND UN REPERTOIRE APRES CA" ;;
          '-h' | '--help' )
            usage && exit ;;
          '-n' | '--simu')
            SIMU="echo" ;;
          '-q' | '--quiet')
            SORTIESTANDARD="/dev/null" ;;
          *)
            ENVFILES="${ENVFILES} ${ARG%}";;
      esac
    fi
-    printKazError "${line}" >&2
+done
 done < "${TMPL_FILE}" > "${NEW_FILE}"
-mv "${NEW_FILE}" "${TMPL_FILE}"
+NB_FILES=$(echo "${ENVFILES}" | wc -w )
-chmod a+x "${TMPL_FILE}"
+if [[ $NB_FILES = 0 ]]; then
-. "${TMPL_FILE}"
+	ENVFILES=$(grep -lE '@@pass@@|@@db@@|@@user@@|@@token@@|@@globalvar@@|@@crossvar@@' $DIR/* | sed 's/.*\///')   # 
-"${KAZ_BIN_DIR}/updateDockerPassword.sh"
+fi
 secretGen(){
 	# $1	Le env-file à compléter
 	FILENAME=$DIR/$1
 	NBMATCH=$(grep -lE '@@pass@@|@@db@@|@@user@@|@@token@@|@@globalvar@@' $FILENAME | wc -l)   # est ce qu'il y a des choses à génrérer
 	if [[ $NBMATCH = 0 ]]; then
 		true
 		# rien à faire dans ce fichier, on passe
 	else
 		echo "Remplissage $FILENAME" >& $SORTIESTANDARD
 		db="$(apg -n 1 -m 2 -M NCL | cut -c 1-2)"
 		pass="$(apg -n 1 -m 16 -M NCL)"
 		token="$(apg -n 1 -m 32 -M NCL)"
 		user="$(apg -n 1 -m 2 -M NCL | cut -c 1-2)"
 		dbs=$(grep -Eo '@@db@@[^@]*@@d@@' $FILENAME | sed -e 's/@@db@@//' -e 's/@@d@@//')
 		passwords=$(grep -Eo '@@pass@@[^@]*@@p@@' $FILENAME | sed -e 's/@@pass@@//' -e 's/@@p@@//')
 		tokens=$(grep -Eo '@@token@@[^@]*@@t@@' $FILENAME | sed -e 's/@@token@@//' -e 's/@@t@@//')
 		users=$(grep -Eo '@@user@@[^@]*@@u@@' $FILENAME | sed -e 's/@@user@@//' -e 's/@@u@@//')
 		globalvars=$(grep -Eo '@@globalvar@@[^@]*@@gv@@' $FILENAME | sed -e 's/@@globalvar@@//' -e 's/@@gv@@//')
 		for dbName in $dbs; do $SIMU sed -i "s/@@db@@$dbName@@d@@/${dbName}_$db/"  $DIR/*; done
 		for pw in $passwords; do $SIMU sed -i "s/@@pass@@$pw@@p@@/${pass}/"  $DIR/*; done
 		for tk in $tokens; do $SIMU sed -i "s/@@token@@$tk@@t@@/${token}/"  $DIR/*; done
 		for u in $users; do $SIMU sed -i "s/@@user@@$u@@u@@/${u}_$user/"  $DIR/*; done
 		for var in $globalvars; do $SIMU sed -i "s/@@globalvar@@$var@@gv@@/${!var}/"  $DIR/*; done
 	fi
 }
 crossVarComplete(){
 	# $1	Le env-file à compléter
 	FILENAME=$DIR/$1
 	NBMATCH=$(grep -lE '@@crossvar@@' $FILENAME | wc -l)   # est ce qu'il y a des cross-var à récupérer
 	if [[ $NBMATCH = 0 ]]; then
 		true
 		# rien à faire dans ce fichier, on passe
 	else
 		echo "Remplissage $FILENAME" >& $SORTIESTANDARD
 		varnames=$(grep -Eo '@@crossvar@@[^@]*@@cv@@' $FILENAME | sed -e 's/@@crossvar@@//' -e 's/@@cv@@//')
 		for varname in $varnames; do 
 			envname=${varname%%_*}
 			value=$(/$KAZ_BIN_DIR/getPasswords.sh -e $varname $envname -d $ORGA)
 			$SIMU sed -i "s/@@crossvar@@$varname@@cv@@/${value}/"  $DIR/*; 
 		done
 	fi
 }
 for ENVFILE in $ENVFILES; do
 	secretGen "$ENVFILE"
 done
 for ENVFILE in $ENVFILES; do
 	crossVarComplete "$ENVFILE"
 done
 exit 0
--- a/bin/templates/email.css
+++ b/bin/templates/email.css
@@ -1,82 +0,0 @@
 body {
    font-family: Arial, sans-serif;
    background-color: #f4f4f4;
    margin: 0;
    padding: 0;
 }
 .email-content {
    background-color: #f0f0f0; /* Light gray background */
    margin: 20px auto;
    padding: 20px;
    border: 1px solid #dddddd;
    max-width: 600px;
    width: 90%; /* This makes the content take 90% width of its container */
    text-align: left; /* Remove text justification */
 }
 header {
    background-color: #E16969;
    color: white;
    text-align: center;
    height: 50px; /* Fixed height for header */
    line-height: 50px; /* Vertically center the text */
    width: 100%; /* Make header full width */
 }
 footer {
    background-color: #E16969;
    color: white;
    text-align: center;
    height: 50px; /* Fixed height for footer */
    line-height: 50px; /* Vertically center the text */
    width: 100%; /* Make footer full width */
 }
 .header-container {
    position: relative; /* Pour positionner le logo et le texte dans le header */
    height: 50px; /* Hauteur maximale du header */
 }
 .logo {
    position: absolute; /* Pour positionner le logo */
    max-height: 100%; /* Taille maximale du logo égale à la hauteur du header */
    top: 0; /* Aligner le logo en haut */
    left: 0; /* Aligner le logo à gauche */
    margin-right: 10px; /* Marge à droite du logo */
 }
 .header-container h1, .footer-container p {
    margin: 0;
    font-size: 24px;
 }
 .footer-container p {
    font-size: 12px;
 }
 .footer-container a {
    color: #FFFFFF; /* White color for links in footer */
    text-decoration: none;
 }
 .footer-container a:hover {
    text-decoration: underline; /* Optional: add underline on hover */
 }
 a {
    color: #E16969; /* Same color as header/footer background for all other links */
    text-decoration: none;
 }
 a:hover {
    text-decoration: underline; /* Optional: add underline on hover */
 }
 h2 {
    color: #E16969;
 }
 p {
    line-height: 1.6;
 }
--- a/bin/templates/email_footer.html
+++ b/bin/templates/email_footer.html
@@ -1,9 +0,0 @@
 <footer>
    <div class="footer-container">
        <p>
            Ici, on prend soin de vos données et on ne les vend pas !
            <br>
            <a href="https://kaz.bzh">https://kaz.bzh</a>
        </p>
    </div>
 </footer>
--- a/bin/templates/email_header.html
+++ b/bin/templates/email_header.html
@@ -1,6 +0,0 @@
 <header>
    <div class="header-container">
        <img class="logo" src="https://kaz-cloud.kaz.bzh/apps/theming/image/logo?v=33" alt="KAZ Logo">
        <h1>Kaz : Le numérique sobre, libre, éthique et local</h1>
    </div>
 </header>
--- a/bin/templates/email_inscription.html
+++ b/bin/templates/email_inscription.html
@@ -1,94 +0,0 @@
 <!DOCTYPE html>
 <html lang="fr">
 <head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Email d'inscription'</title>
    <style>
        {% include 'email.css' %}
    </style>
 </head>
 <body>
 {% include 'email_header.html' %}
 <div class="email-content">
 <p>
 Bonjour {{NOM}}!<br><br>
 Bienvenue chez KAZ!<br><br>
 Vous disposez de :
 <ul>
 <li>une messagerie classique : <a href={{URL_WEBMAIL}}>{{URL_WEBMAIL}}</a></li>
 <li>une messagerie instantanée pour discuter au sein d'équipes : <a href={{URL_AGORA}}>{{URL_AGORA}}</a></li>
 </ul>
 Votre email et identifiant pour ces services : {{EMAIL_SOUHAITE}}<br>
 Le mot de passe : <b>{{PASSWORD}}</b><br><br>
 Pour changer votre mot de passe de messagerie, c'est ici: <a href={{URL_MDP}}>{{URL_MDP}}</a><br>
 Si vous avez perdu votre mot de passe, c'est ici: <a href={{URL_MDP}}/?action=sendtoken>{{URL_MDP}}/?action=sendtoken</a><br><br>
 Vous pouvez accéder à votre messagerie classique:
 <ul>
 <li>soit depuis votre webmail : <a href={{URL_WEBMAIL}}>{{URL_WEBMAIL}}</a></li>
 <li>soit depuis votre bureau virtuel : <a href={{URL_CLOUD}}>{{URL_CLOUD}}</a></li>
 <li>soit depuis un client de messagerie comme thunderbird<br>
 </ul>
 </p>
 {% if ADMIN_ORGA == '1' %}
 <p>
 En tant qu'association/famille/société. Vous avez la possibilité d'ouvrir, quand vous le voulez, des services kaz, il vous suffit de nous le demander.<br><br>
 Pourquoi n'ouvrons-nous pas tous les services tout de suite ? parce que nous aimons la sobriété et que nous préservons notre espace disque ;)<br>
 A quoi sert d'avoir un site web si on ne l'utilise pas, n'est-ce pas ?<br><br>
 Par retour de mail, dites-nous de quoi vous avez besoin tout de suite entre:
 <ul>
 <li>une comptabilité : un service de gestion adhérents/clients</li>
 <li>un site web de type WordPress</li>
 <li>un cloud : bureau virtuel pour stocker des fichiers/calendriers/contacts et partager avec vos connaissances</li>
 </ul>
 Une fois que vous aurez répondu à ce mail, votre demande sera traitée manuellement.
 </p>
 {% endif %}
 <p>
 Vous avez quelques docs intéressantes sur le wiki de kaz:
 <ul>
 <li>Migrer son site internet wordpress vers kaz : <a href="https://wiki.kaz.bzh/wordpress/start#migrer_son_site_wordpress_vers_kaz">https://wiki.kaz.bzh/wordpress/start#migrer_son_site_wordpress_vers_kaz</a></li>
 <li>Migrer sa messagerie vers kaz : <a href="https://wiki.kaz.bzh/messagerie/gmail/start">https://wiki.kaz.bzh/messagerie/gmail/start</a></li>
 <li>Démarrer simplement avec son cloud : <a href="https://wiki.kaz.bzh/nextcloud/start">https://wiki.kaz.bzh/messagerie/gmail/start</a></li>
 </ul>
 Votre quota est de {{QUOTA}}GB. Si vous souhaitez plus de place pour vos fichiers ou la messagerie, faites-nous signe !<br><br>
 Pour accéder à la messagerie instantanée et communiquer avec les membres de votre équipe ou ceux de kaz : <a href={{URL_AGORA}}/login>{{URL_AGORA}}/login</a><br>
 </p>
 {% if ADMIN_ORGA == '1' %}
 <p>
 Comme administrateur de votre organisation, vous pouvez créer des listes de diffusion en vous rendant sur <a href={{URL_LISTE}}>{{URL_LISTE}}</a><br>
 </p>
 {% endif %}
 <p>
 Enfin, vous disposez de tous les autres services KAZ où l'authentification n'est pas nécessaire : <a href={{URL_SITE}}>{{URL_SITE}}</a><br><br>
 En cas de soucis, n'hésitez pas à poser vos questions sur le canal 'Une question ? un soucis' de l'agora dispo ici : <a href={{URL_AGORA}}>{{URL_AGORA}}</a><br><br>
 Si vous avez besoin d'accompagnement pour votre site, votre cloud, votre compta, votre migration de messagerie,...<br>nous proposons des formations mensuelles gratuites. Si vous souhaitez être accompagné par un professionnel, nous pouvons vous donner une liste de pros, référencés par KAZ.<br><br>
 À bientôt 😉<br><br>
 La collégiale de KAZ.<br>
 </p>
 </div> <!-- <div class="email-content"> -->
 {% include 'email_footer.html' %}
 </body>
 </html>
--- a/bin/templates/email_inscription.txt
+++ b/bin/templates/email_inscription.txt
@@ -1,70 +0,0 @@
 Bonjour {{NOM}}!
 Bienvenue chez KAZ!<br><br>
 Vous disposez de :
 <ul>
 <li>une messagerie classique : <a href={{URL_WEBMAIL}}>{{URL_WEBMAIL}}</a></li>
 <li>une messagerie instantanée pour discuter au sein d'équipes : <a href={{URL_AGORA}}>{{URL_AGORA}}</a></li>
 </ul>
 Votre email et identifiant pour ces services : {{EMAIL_SOUHAITE}}<br>
 Le mot de passe : <b>{{PASSWORD}}</b><br><br>
 Pour changer votre mot de passe de messagerie, c'est ici: <a href={{URL_MDP}}>{{URL_MDP}}</a><br>
 Si vous avez perdu votre mot de passe, c'est ici: <a href={{URL_MDP}}/?action=sendtoken>{{URL_MDP}}/?action=sendtoken</a><br><br>
 Vous pouvez accéder à votre messagerie classique:
 <ul>
 <li>soit depuis votre webmail : <a href={{URL_WEBMAIL}}>{{URL_WEBMAIL}}</a></li>
 <li>soit depuis votre bureau virtuel : <a href={{URL_CLOUD}}>{{URL_CLOUD}}</a></li>
 <li>soit depuis un client de messagerie comme thunderbird<br>
 </ul>
 </p>
 {% if ADMIN_ORGA == '1' %}
 <p>
 En tant qu'association/famille/société. Vous avez la possibilité d'ouvrir, quand vous le voulez, des services kaz, il vous suffit de nous le demander.<br><br>
 Pourquoi n'ouvrons-nous pas tous les services tout de suite ? parce que nous aimons la sobriété et que nous préservons notre espace disque ;)<br>
 A quoi sert d'avoir un site web si on ne l'utilise pas, n'est-ce pas ?<br><br>
 Par retour de mail, dites-nous de quoi vous avez besoin tout de suite entre:
 <ul>
 <li>une comptabilité : un service de gestion adhérents/clients</li>
 <li>un site web de type WordPress</li>
 <li>un cloud : bureau virtuel pour stocker des fichiers/calendriers/contacts et partager avec vos connaissances</li>
 </ul>
 Une fois que vous aurez répondu à ce mail, votre demande sera traitée manuellement.
 </p>
 {% endif %}
 <p>
 Vous avez quelques docs intéressantes sur le wiki de kaz:
 <ul>
 <li>Migrer son site internet wordpress vers kaz : <a href="https://wiki.kaz.bzh/wordpress/start#migrer_son_site_wordpress_vers_kaz">https://wiki.kaz.bzh/wordpress/start#migrer_son_site_wordpress_vers_kaz</a></li>
 <li>Migrer sa messagerie vers kaz : <a href="https://wiki.kaz.bzh/messagerie/gmail/start">https://wiki.kaz.bzh/messagerie/gmail/start</a></li>
 <li>Démarrer simplement avec son cloud : <a href="https://wiki.kaz.bzh/nextcloud/start">https://wiki.kaz.bzh/messagerie/gmail/start</a></li>
 </ul>
 Votre quota est de {{QUOTA}}GB. Si vous souhaitez plus de place pour vos fichiers ou la messagerie, faites-nous signe !<br><br>
 Pour accéder à la messagerie instantanée et communiquer avec les membres de votre équipe ou ceux de kaz : <a href={{URL_AGORA}}/login>{{URL_AGORA}}/login</a><br>
 </p>
 {% if ADMIN_ORGA == '1' %}
 <p>
 Comme administrateur de votre organisation, vous pouvez créer des listes de diffusion en vous rendant sur <a href={{URL_LISTE}}>{{URL_LISTE}}</a><br>
 </p>
 {% endif %}
 <p>
 Enfin, vous disposez de tous les autres services KAZ où l'authentification n'est pas nécessaire : <a href={{URL_SITE}}>{{URL_SITE}}</a><br><br>
 En cas de soucis, n'hésitez pas à poser vos questions sur le canal 'Une question ? un soucis' de l'agora dispo ici : <a href={{URL_AGORA}}>{{URL_AGORA}}</a><br><br>
 Si vous avez besoin d'accompagnement pour votre site, votre cloud, votre compta, votre migration de messagerie,...<br>nous proposons des formations mensuelles gratuites. Si vous souhaitez être accompagné par un professionnel, nous pouvons vous donner une liste de pros, référencés par KAZ.<br><br>
 À bientôt 😉<br><br>
 La collégiale de KAZ.<br>
--- a/bin/updateDockerPassword.sh
+++ b/bin/updateDockerPassword.sh
@@ -1,127 +0,0 @@
 #!/bin/bash
 KAZ_ROOT=$(cd $(dirname $0)/..; pwd)
 . "${KAZ_ROOT}/bin/.commonFunctions.sh"
 setKazVars
 # pour mise au point
 # SIMU=echo
 # Améliorations à prévoir
 # - donner en paramètre les services concernés (pour limité les modifications)
 # - pour les DB si on déclare un nouveau login, alors les privilèges sont créé mais les anciens pas révoqués
 . "${DOCKERS_ENV}"
 . "${KAZ_KEY_DIR}/SetAllPass.sh"
 updateEnvDB(){
    # $1 = prefix
    # $2 = envName
    # $3 = containerName of DB
    rootPass="$1_MYSQL_ROOT_PASSWORD"
    dbName="$1_MYSQL_DATABASE"
    userName="$1_MYSQL_USER"
    userPass="$1_MYSQL_PASSWORD"
    ${SIMU} sed -i \
 	    -e "s/MYSQL_ROOT_PASSWORD=.*/MYSQL_ROOT_PASSWORD=${!rootPass}/g" \
 	    -e "s/MYSQL_DATABASE=.*/MYSQL_DATABASE=${!dbName}/g" \
 	    -e "s/MYSQL_USER=.*/MYSQL_USER=${!userName}/g" \
 	    -e "s/MYSQL_PASSWORD=.*/MYSQL_PASSWORD=${!userPass}/g" \
 	    "$2"
    # seulement si pas de mdp pour root
    # pb oeuf et poule (il faudrait les anciennes valeurs) :
    # * si rootPass change, faire à la main
    # * si dbName change, faire à la main
    checkDockerRunning "$3" "$3" || return
    echo "change DB pass on docker $3"
    echo "grant all privileges on ${!dbName}.* to '${!userName}' identified by '${!userPass}';" | \
 	docker exec -i $3 bash -c "mysql --user=root --password=${!rootPass}"
 }
 updateEnv(){
    # $1 = prefix
    # $2 = envName
    for varName in $(grep "^[a-zA-Z_]*=" $2 | sed "s/^\([^=]*\)=.*/\1/g")
    do
 	srcName="$1_${varName}"
 	srcVal=$(echo "${!srcName}" | sed -e "s/[&]/\\\&/g")
 	${SIMU} sed -i \
 		-e "s%^[ ]*${varName}=.*\$%${varName}=${srcVal}%" \
 		"$2"
    done
 }
 framadateUpdate(){
    [[ "${COMP_ENABLE}" =~ " framadate " ]] || return
    if [ ! -f "${DOCK_LIB}/volumes/framadate_dateConfig/_data/config.php" ]; then
 	return 0
    fi
    checkDockerRunning "${framadateServName}" "Framadate" &&
 	${SIMU} docker exec -ti "${framadateServName}" bash -c -i "htpasswd -bc /var/framadate/admin/.htpasswd ${framadate_HTTPD_USER} ${framadate_HTTPD_PASSWORD}"
    ${SIMU} sed -i \
 	    -e "s/^#*const DB_USER[ ]*=.*$/const DB_USER= '${framadate_MYSQL_USER}';/g" \
 	    -e "s/^#*const DB_PASSWORD[ ]*=.*$/const DB_PASSWORD= '${framadate_MYSQL_PASSWORD}';/g" \
 	    "${DOCK_LIB}/volumes/framadate_dateConfig/_data/config.php"
 }
 jirafeauUpdate(){
    [[ "${COMP_ENABLE}" =~ " jirafeau " ]] || return
    if [ ! -f "${DOCK_LIB}/volumes/jirafeau_fileConfig/_data/config.local.php" ]; then
 	return 0
    fi
    SHA=$(echo -n "${jirafeau_HTTPD_PASSWORD}" | sha256sum | cut -d \  -f 1)
    ${SIMU} sed -i \
 	    -e "s/'admin_password'[ ]*=>[ ]*'[^']*'/'admin_password' => '${SHA}'/g" \
 	    "${DOCK_LIB}/volumes/jirafeau_fileConfig/_data/config.local.php"
 }
 ####################
 # main
 updateEnvDB "etherpad" "${KAZ_KEY_DIR}/env-${etherpadDBName}" "${etherpadDBName}"
 updateEnvDB "framadate" "${KAZ_KEY_DIR}/env-${framadateDBName}" "${framadateDBName}"
 updateEnvDB "gitea" "${KAZ_KEY_DIR}/env-${gitDBName}" "${gitDBName}"
 updateEnvDB "nextcloud" "${KAZ_KEY_DIR}/env-${nextcloudDBName}" "${nextcloudDBName}"
 updateEnvDB "roundcube" "${KAZ_KEY_DIR}/env-${roundcubeDBName}" "${roundcubeDBName}"
 updateEnvDB "sympa" "${KAZ_KEY_DIR}/env-${sympaDBName}" "${sympaDBName}"
 updateEnvDB "vigilo" "${KAZ_KEY_DIR}/env-${vigiloDBName}" "${vigiloDBName}"
 updateEnvDB "wp" "${KAZ_KEY_DIR}/env-${wordpressDBName}" "${wordpressDBName}"
 updateEnvDB "vaultwarden" "${KAZ_KEY_DIR}/env-${vaultwardenDBName}" "${vaultwardenDBName}"
 updateEnvDB "castopod" "${KAZ_KEY_DIR}/env-${castopodDBName}" "${castopodDBName}"
 updateEnvDB "spip" "${KAZ_KEY_DIR}/env-${spipDBName}" "${spipDBName}"
 updateEnvDB "mastodon" "${KAZ_KEY_DIR}/env-${mastodonDBName}" "${mastodonDBName}"
 updateEnv "apikaz" "${KAZ_KEY_DIR}/env-${apikazServName}"
 updateEnv "ethercalc" "${KAZ_KEY_DIR}/env-${ethercalcServName}"
 updateEnv "etherpad" "${KAZ_KEY_DIR}/env-${etherpadServName}"
 updateEnv "framadate" "${KAZ_KEY_DIR}/env-${framadateServName}"
 updateEnv "gandi" "${KAZ_KEY_DIR}/env-gandi"
 updateEnv "gitea" "${KAZ_KEY_DIR}/env-${gitServName}"
 updateEnv "jirafeau" "${KAZ_KEY_DIR}/env-${jirafeauServName}"
 updateEnv "mattermost" "${KAZ_KEY_DIR}/env-${mattermostServName}"
 updateEnv "mattermost" "${KAZ_KEY_DIR}/env-${mattermostDBName}"
 updateEnv "nextcloud" "${KAZ_KEY_DIR}/env-${nextcloudServName}"
 updateEnv "office" "${KAZ_KEY_DIR}/env-${officeServName}"
 updateEnv "roundcube" "${KAZ_KEY_DIR}/env-${roundcubeServName}"
 updateEnv "vigilo" "${KAZ_KEY_DIR}/env-${vigiloServName}"
 updateEnv "wp" "${KAZ_KEY_DIR}/env-${wordpressServName}"
 updateEnv "ldap" "${KAZ_KEY_DIR}/env-${ldapServName}"
 updateEnv "sympa" "${KAZ_KEY_DIR}/env-${sympaServName}"
 updateEnv "mail" "${KAZ_KEY_DIR}/env-${smtpServName}"
 updateEnv "mobilizon" "${KAZ_KEY_DIR}/env-${mobilizonServName}"
 updateEnv "mobilizon" "${KAZ_KEY_DIR}/env-${mobilizonDBName}"
 updateEnv "vaultwarden" "${KAZ_KEY_DIR}/env-${vaultwardenServName}"
 updateEnv "castopod" "${KAZ_KEY_DIR}/env-${castopodServName}"
 updateEnv "spip" "${KAZ_KEY_DIR}/env-${spipServName}"
 updateEnv "ldap" "${KAZ_KEY_DIR}/env-${ldapUIName}"
 updateEnv "peertube" "${KAZ_KEY_DIR}/env-${peertubeServName}"
 updateEnv "peertube" "${KAZ_KEY_DIR}/env-${peertubeDBName}" "${peertubeDBName}"
 updateEnv "mastodon" "${KAZ_KEY_DIR}/env-${mastodonServName}"
 framadateUpdate
 jirafeauUpdate
 exit 0
--- a/bin/verifExistenceMails.sh
+++ b/bin/verifExistenceMails.sh
@@ -12,7 +12,6 @@ setKazVars
 cd $(dirname $0)/..
 . "${DOCKERS_ENV}"
 . "${KAZ_KEY_DIR}/SetAllPass.sh"
 DOCK_DIR=$KAZ_COMP_DIR
--- a/config/container-proxy.list.tmpl
+++ b/config/container-proxy.list.tmpl
@@ -1,2 +1,2 @@
-# proxy
+proxy
-traefik
+#traefik
--- a/config/container-withMail.list.tmpl
+++ b/config/container-withMail.list.tmpl
@@ -4,7 +4,7 @@ dokuwiki
 paheko
 gitea
 jirafeau
-#mattermost
+mattermost
 roundcube
 mobilizon
 vaultwarden
--- a/config/dockers.tmpl.env
+++ b/config/dockers.tmpl.env
@@ -101,7 +101,7 @@ snappymailHost=snappymail
 ########################################
 # ports internes
-matterPort=8065
+matterPort=8000
 imapsyncPort=8080
 apikaz=5000
@@ -159,3 +159,8 @@ apikazServName=apikazServ
 # services activés par container.sh
 # variables d'environneements utilisées
 # pour le tmpl du mandataire (proxy)
 ##################
 #qui on envoi le mail d'inscription ?
 EMAIL_CONTACT="toto@kaz.bzh"
--- a/config/orgaTmpl/app/Dockerfile
+++ b/config/orgaTmpl/app/Dockerfile
@@ -1,58 +0,0 @@
 FROM alpine:3.17
 # Some ENV variables
 ENV PATH="/mattermost/bin:${PATH}"
 #ENV MM_VERSION=5.32.0
 ENV MM_VERSION=6.1.0
 ENV MM_INSTALL_TYPE=docker
 # Build argument to set Mattermost edition
 ARG edition=enterprise
 ARG PUID=2000
 ARG PGID=2000
 ARG MM_BINARY=
 # Install some needed packages
 RUN apk add --no-cache \
 	ca-certificates \
 	curl \
 	jq \
 	libc6-compat \
 	libffi-dev \
 	libcap \
 	linux-headers \
 	mailcap \
 	netcat-openbsd \
 	xmlsec-dev \
 	tzdata \
 	&& rm -rf /tmp/*
 # Get Mattermost
 RUN mkdir -p /mattermost/data /mattermost/plugins /mattermost/client/plugins \
 	&& if [ ! -z "$MM_BINARY" ]; then curl $MM_BINARY | tar -xvz ; \
 		elif [ "$edition" = "team" ] ; then curl https://releases.mattermost.com/$MM_VERSION/mattermost-team-$MM_VERSION-linux-amd64.tar.gz?src=docker-app | tar -xvz ; \
 		else curl https://releases.mattermost.com/$MM_VERSION/mattermost-$MM_VERSION-linux-amd64.tar.gz?src=docker-app | tar -xvz ; fi \
 	&& cp /mattermost/config/config.json /config.json.save \
 	&& rm -rf /mattermost/config/config.json \
 	&& addgroup -g ${PGID} mattermost \
 	&& adduser -D -u ${PUID} -G mattermost -h /mattermost -D mattermost \
 	&& chown -R mattermost:mattermost /mattermost /config.json.save /mattermost/plugins /mattermost/client/plugins \
 	&& setcap cap_net_bind_service=+ep /mattermost/bin/mattermost
 USER mattermost
 #Healthcheck to make sure container is ready
 HEALTHCHECK CMD curl --fail http://localhost:8000 || exit 1
 # Configure entrypoint and command
 COPY entrypoint.sh /
 ENTRYPOINT ["/entrypoint.sh"]
 WORKDIR /mattermost
 CMD ["mattermost"]
 # Expose port 8000 of the container
 EXPOSE 8000
 # Declare volumes for mount point directories
 VOLUME ["/mattermost/data", "/mattermost/logs", "/mattermost/config", "/mattermost/plugins", "/mattermost/client/plugins"]
--- a/config/orgaTmpl/app/entrypoint.sh
+++ b/config/orgaTmpl/app/entrypoint.sh
@@ -1,82 +0,0 @@
 #!/bin/sh
 # Function to generate a random salt
 generate_salt() {
 	tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 48 | head -n 1
 }
 # Read environment variables or set default values
 DB_HOST=${DB_HOST:-db}
 DB_PORT_NUMBER=${DB_PORT_NUMBER:-5432}
 # see https://www.postgresql.org/docs/current/libpq-ssl.html
 # for usage when database connection requires encryption
 # filenames should be escaped if they contain spaces
 #  i.e. $(printf %s ${MY_ENV_VAR:-''}  | jq -s -R -r @uri)
 # the location of the CA file can be set using environment var PGSSLROOTCERT
 # the location of the CRL file can be set using PGSSLCRL
 # The URL syntax for connection string does not support the parameters
 # sslrootcert and sslcrl reliably, so use these PostgreSQL-specified variables
 # to set names if using a location other than default
 DB_USE_SSL=${DB_USE_SSL:-disable}
 MM_DBNAME=${MM_DBNAME:-mattermost}
 MM_CONFIG=${MM_CONFIG:-/mattermost/config/config.json}
 _1=$(echo "$1" | awk  '{ s=substr($0, 0, 1); print s; }' )
 if [ "$_1" = '-' ]; then
 	set -- mattermost "$@"
 fi
 if [ "$1" = 'mattermost' ]; then
 	# Check CLI args for a -config option
 	for ARG in "$@"; do
 		case "$ARG" in
 			-config=*) MM_CONFIG=${ARG#*=};;
 		esac
 	done
 	if [ ! -f "$MM_CONFIG" ]; then
 		# If there is no configuration file, create it with some default values
 		echo "No configuration file $MM_CONFIG"
 		echo "Creating a new one"
 		# Copy default configuration file
 		cp /config.json.save "$MM_CONFIG"
 		# Substitute some parameters with jq
 		jq '.ServiceSettings.ListenAddress = ":8000"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
 		jq '.LogSettings.EnableConsole = true' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
 		jq '.LogSettings.ConsoleLevel = "ERROR"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
 		jq '.FileSettings.Directory = "/mattermost/data/"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
 		jq '.FileSettings.EnablePublicLink = true' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
 		jq ".FileSettings.PublicLinkSalt = \"$(generate_salt)\"" "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
 		jq '.EmailSettings.SendEmailNotifications = false' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
 		jq '.EmailSettings.FeedbackEmail = ""' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
 		jq '.EmailSettings.SMTPServer = ""' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
 		jq '.EmailSettings.SMTPPort = ""' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
 		jq ".EmailSettings.InviteSalt = \"$(generate_salt)\"" "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
 		jq ".EmailSettings.PasswordResetSalt = \"$(generate_salt)\"" "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
 		jq '.RateLimitSettings.Enable = true' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
 		jq '.SqlSettings.DriverName = "postgres"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
 		jq ".SqlSettings.AtRestEncryptKey = \"$(generate_salt)\"" "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
 		jq '.PluginSettings.Directory = "/mattermost/plugins/"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
 	else
 		echo "Using existing config file $MM_CONFIG"
 	fi
 	# Configure database access
 	if [ -z "$MM_SQLSETTINGS_DATASOURCE" ] && [ -n "$MM_USERNAME" ] && [ -n "$MM_PASSWORD" ]; then
 		echo "Configure database connection..."
 		# URLEncode the password, allowing for special characters
 		ENCODED_PASSWORD=$(printf %s "$MM_PASSWORD" | jq -s -R -r @uri)
 		export MM_SQLSETTINGS_DATASOURCE="postgres://$MM_USERNAME:$ENCODED_PASSWORD@$DB_HOST:$DB_PORT_NUMBER/$MM_DBNAME?sslmode=$DB_USE_SSL&connect_timeout=10"
 		echo "OK"
 	else
 		echo "Using existing database connection"
 	fi
 	# Wait another second for the database to be properly started.
 	# Necessary to avoid "panic: Failed to open sql connection pq: the database system is starting up"
 	sleep 1
 	echo "Starting mattermost"
 fi
 exec "$@"
--- a/config/orgaTmpl/docker-compose.yml
+++ b/config/orgaTmpl/docker-compose.yml
@@ -4,21 +4,21 @@ services:
 #{{db
  db:
    image: mariadb:11.4
-    container_name: ${orga}DB
+    container_name: ${orga}-DB
    #disk_quota: 10G
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    restart: ${restartPolicy}
    volumes:
-      - ./initdb.d:/docker-entrypoint-initdb.d:ro
+#      - ./initdb.d:/docker-entrypoint-initdb.d:ro
      - orgaDB:/var/lib/mysql
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
    environment:
      - MARIADB_AUTO_UPGRADE=1      
    env_file:
-      - ../../secret/env-${nextcloudDBName}
+      - ../../secret/orgas/${orga}/env-${nextcloudDBName}
-#      - ../../secret/env-${mattermostDBName}
+#      - ../../secret/orgas/${orga}/env-${mattermostDBName}
-      - ../../secret/env-${wordpressDBName}
+      - ../../secret/orgas/${orga}/env-${wordpressDBName}
    networks:
      - orgaNet
    healthcheck: # utilisé par init-db.sh pour la créa d'orga
@@ -34,7 +34,7 @@ services:
 #{{cloud
  cloud:
    image: nextcloud
-    container_name: ${orga}${nextcloudServName}
+    container_name: ${orga}-${nextcloudServName}
    #disk_quota: 10G
    restart: ${restartPolicy}
    networks:
@@ -50,8 +50,8 @@ services:
      - ${smtpServName}:${smtpHost}
    labels:
      - "traefik.enable=true"
-      - "traefik.http.routers.${orga}${nextcloudServName}.rule=Host(`${orga}${cloudHost}.${domain}`){{FOREIGN_NC}}"
+      - "traefik.http.routers.${orga}-${nextcloudServName}.rule=Host(`${orga}-${cloudHost}.${domain}`){{FOREIGN_NC}}"
-      - "traefik.http.routers.${orga}${nextcloudServName}.middlewares=nextcloud-redirectregex1@file,nextcloud-redirectregex2@file"
+      - "traefik.http.routers.${orga}-${nextcloudServName}.middlewares=nextcloud-redirectregex1@file,nextcloud-redirectregex2@file"
    volumes:
      - cloudMain:/var/www/html
      - cloudData:/var/www/html/data
@@ -63,10 +63,10 @@ services:
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
    env_file:
-      - ../../secret/env-${nextcloudServName}
+      - ../../secret/orgas/${orga}/env-${nextcloudServName}
-      - ../../secret/env-${nextcloudDBName}
+      - ../../secret/orgas/${orga}/env-${nextcloudDBName}
    environment:
-      - NEXTCLOUD_TRUSTED_DOMAINS=${orga}${cloudHost}.${domain}
+      - NEXTCLOUD_TRUSTED_DOMAINS=${orga}-${cloudHost}.${domain}
      - SMTP_HOST=${smtpHost}
      - SMTP_PORT=25
      - MAIL_DOMAIN=${domain}
@@ -80,7 +80,7 @@ services:
        - edition=team
        - PUID=1000
        - PGID=1000
-    container_name: ${orga}${mattermostServName}
+    container_name: ${orga}-${mattermostServName}
    #disk_quota: 10G
    restart: ${restartPolicy}
    # memory: 1G
@@ -109,20 +109,20 @@ services:
      - /etc/timezone:/etc/timezone:ro
      - /etc/environment:/etc/environment:ro
    env_file:
-      - ../../secret/env-${mattermostServName}
+      - ../../secret/orgas/${orga}/env-${mattermostServName}
    environment:
-      - VIRTUAL_HOST=${orga}${matterHost}.${domain}
+      - VIRTUAL_HOST=${orga}-${matterHost}.${domain}
      # in case your config is not in default location
      #- MM_CONFIG=/mattermost/config/config.json
    labels:
      - "traefik.enable=true"
-      - "traefik.http.routers.${orga}${mattermostServName}.rule=Host(`${orga}${matterHost}.${domain}`)"
+      - "traefik.http.routers.${orga}-${mattermostServName}.rule=Host(`${orga}-${matterHost}.${domain}`)"
 #}}
 #{{wp
  wordpress:
    image: wordpress
-    container_name: ${orga}${wordpressServName}
+    container_name: ${orga}-${wordpressServName}
    restart: ${restartPolicy}
    networks:
      - orgaNet
@@ -136,17 +136,17 @@ services:
    external_links:
      - ${smtpServName}:${smtpHost}.${domain}
    env_file:
-      - ../../secret/env-${wordpressServName}
+      - ../../secret/orgas/${orga}/env-${wordpressServName}
    environment:
      - WORDPRESS_SMTP_HOST=${smtpHost}.${domain}
      - WORDPRESS_SMTP_PORT=25
      # - WORDPRESS_SMTP_USERNAME
      # - WORDPRESS_SMTP_PASSWORD
-      # - WORDPRESS_SMTP_FROM=${orga}
+      # - WORDPRESS_SMTP_FROM=${orga}-
-      - WORDPRESS_SMTP_FROM_NAME=${orga}
+      - WORDPRESS_SMTP_FROM_NAME=${orga}-
    labels:
      - "traefik.enable=true"
-      - "traefik.http.routers.${orga}${wordpressServName}.rule=Host(`${orga}${wordpressHost}.${domain}`){{FOREIGN_WP}}"
+      - "traefik.http.routers.${orga}-${wordpressServName}.rule=Host(`${orga}-${wordpressHost}.${domain}`){{FOREIGN_WP}}"
    volumes:
      - wordpress:/var/www/html
 #      - ../../config/orgaTmpl/wp:/usr/local/bin/wp:ro
@@ -154,12 +154,12 @@ services:
 #{{wiki
  dokuwiki:
    image: mprasil/dokuwiki
-    container_name: ${orga}${dokuwikiServName}
+    container_name: ${orga}-${dokuwikiServName}
    #disk_quota: 10G
    restart: ${restartPolicy}
    labels:
      - "traefik.enable=true"
-      - "traefik.http.routers.${orga}${dokuwikiServName}.rule=Host(`${orga}${dokuwikiHost}.${domain}`){{FOREIGN_DW}}"
+      - "traefik.http.routers.${orga}-${dokuwikiServName}.rule=Host(`${orga}-${dokuwikiHost}.${domain}`){{FOREIGN_DW}}"
    volumes:
      - wikiData:/dokuwiki/data
      - wikiConf:/dokuwiki/conf
@@ -175,7 +175,7 @@ services:
 #{{castopod
  castopod:
    image: castopod/castopod:latest
-    container_name: ${orga}${castopodServName}
+    container_name: ${orga}-${castopodServName}
    #disk_quota: 10G
    restart: ${restartPolicy}
    # memory: 1G
@@ -193,27 +193,27 @@ services:
    volumes:
      - castopodMedia:/var/www/castopod/public/media
    environment:
-      CP_BASEURL: "https://${orga}${castopodHost}.${domain}"
+      CP_BASEURL: "https://${orga}-${castopodHost}.${domain}"
      CP_ANALYTICS_SALT: qldsgfliuzrbhgmkjbdbmkvb
      VIRTUAL_PORT: 8000
      CP_CACHE_HANDLER: redis
      CP_REDIS_HOST: redis
      CP_DATABASE_HOSTNAME: db
    env_file:
-      - ../../secret/env-${castopodServName}
+      - ../../secret/orgas/${orga}/env-${castopodServName}
-      - ../../secret/env-${castopodDBName}
+      - ../../secret/orgas/${orga}/env-${castopodDBName}
    labels:
      - "traefik.enable=true"
-      - "traefik.http.routers.${orga}${castopodServName}.rule=Host(`${orga}${castopodHost}.${domain}`){{FOREIGN_POD}}"
+      - "traefik.http.routers.${orga}-${castopodServName}.rule=Host(`${orga}-${castopodHost}.${domain}`){{FOREIGN_POD}}"
  redis:
    image: redis:7.0-alpine
-    container_name: ${orga}castopodCache
+    container_name: ${orga}-castopodCache
    volumes:
      - castopodCache:/data
    networks:
      - orgaNet
    env_file:
-      - ../../secret/env-${castopodServName}
+      - ../../secret/orgas/${orga}/env-${castopodServName}
    command: --requirepass ${castopodRedisPassword} 
 #}}
 #{{spip
@@ -225,16 +225,16 @@ services:
    links:
      - db
    env_file:
-      - ../../secret/env-${spipServName}
+      - ../../secret/orgas/${orga}/env-${spipServName}
    environment:
      - SPIP_AUTO_INSTALL=1
      - SPIP_DB_HOST=db
-      - SPIP_SITE_ADDRESS=https://${orga}${spipHost}.${domain}
+      - SPIP_SITE_ADDRESS=https://${orga}-${spipHost}.${domain}
    expose:
      - 80
    labels:
      - "traefik.enable=true"
-      - "traefik.http.routers.${orga}${spipServName}.rule=Host(`${orga}${spipHost}.${domain}`){{FOREIGN_SPIP}}"
+      - "traefik.http.routers.${orga}-${spipServName}.rule=Host(`${orga}-${spipHost}.${domain}`){{FOREIGN_SPIP}}"
    networks:
      - orgaNet
    volumes:
@@ -250,84 +250,84 @@ volumes:
 #{{db
  orgaDB:
    external: true
-    name: orga_${orga}orgaDB
+    name: orga_${orga}-orgaDB
 #}}
 #{{agora
  matterConfig:
    external: true
-    name: orga_${orga}matterConfig
+    name: orga_${orga}-matterConfig
  matterData:
    external: true
-    name: orga_${orga}matterData
+    name: orga_${orga}-matterData
  matterLogs:
    external: true
-    name: orga_${orga}matterLogs
+    name: orga_${orga}-matterLogs
  matterPlugins:
    external: true
-    name: orga_${orga}matterPlugins
+    name: orga_${orga}-matterPlugins
  matterClientPlugins:
    external: true
-    name: orga_${orga}matterClientPlugins
+    name: orga_${orga}-matterClientPlugins
  matterIcons:
    external: true
    name: matterIcons
 #{{cloud
  cloudMain:
    external: true
-    name: orga_${orga}cloudMain
+    name: orga_${orga}-cloudMain
  cloudData:
    external: true
-    name: orga_${orga}cloudData
+    name: orga_${orga}-cloudData
  cloudConfig:
    external: true
-    name: orga_${orga}cloudConfig
+    name: orga_${orga}-cloudConfig
  cloudApps:
    external: true
-    name: orga_${orga}cloudApps
+    name: orga_${orga}-cloudApps
  cloudCustomApps:
    external: true
-    name: orga_${orga}cloudCustomApps
+    name: orga_${orga}-cloudCustomApps
  cloudThemes:
    external: true
-    name: orga_${orga}cloudThemes
+    name: orga_${orga}-cloudThemes
  cloudPhp:
    external: true
-    name: orga_${orga}cloudPhp
+    name: orga_${orga}-cloudPhp
 #}}
 #{{wiki
  wikiData:
    external: true
-    name: orga_${orga}wikiData
+    name: orga_${orga}-wikiData
  wikiConf:
    external: true
-    name: orga_${orga}wikiConf
+    name: orga_${orga}-wikiConf
  wikiPlugins:
    external: true
-    name: orga_${orga}wikiPlugins
+    name: orga_${orga}-wikiPlugins
  wikiLibtpl:
    external: true
-    name: orga_${orga}wikiLibtpl
+    name: orga_${orga}-wikiLibtpl
  wikiLogs:
    external: true
-    name: orga_${orga}wikiLogs
+    name: orga_${orga}-wikiLogs
 #}}
 #{{wp
  wordpress:
    external: true
-    name: orga_${orga}wordpress
+    name: orga_${orga}-wordpress
 #}}
 #{{castopod
  castopodMedia:
    external: true
-    name: orga_${orga}castopodMedia
+    name: orga_${orga}-castopodMedia
  castopodCache:
    external: true
-    name: orga_${orga}castopodCache
+    name: orga_${orga}-castopodCache
 #}}
 #{{spip
  spip:
    external: true
-    name: orga_${orga}spip
+    name: orga_${orga}-spip
 #}}
@@ -335,7 +335,7 @@ volumes:
 networks:
  orgaNet:
    external: true
-    name: ${orga}orgaNet
+    name: ${orga}-orgaNet
  # postfixNet:
  #   external:
  #     name: postfixNet
--- a/config/orgaTmpl/init-db.sh
+++ b/config/orgaTmpl/init-db.sh
@@ -4,7 +4,6 @@ KAZ_ROOT=$(cd $(dirname $0)/../..; pwd)
 . "${KAZ_ROOT}/bin/.commonFunctions.sh"
 setKazVars
 . "${DOCKERS_ENV}"
 . "${KAZ_KEY_DIR}/SetAllPass.sh"
 cd $(dirname $0)
 ORGA_DIR="$(basename "$(pwd)")"
@@ -25,57 +24,66 @@ SQL=""
 for ARG in "$@"; do
    case "${ARG}" in
 	'cloud' )
 		. $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudDB
 	    SQL="$SQL
-CREATE DATABASE IF NOT EXISTS ${nextcloud_MYSQL_DATABASE};
+CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE};
-DROP USER IF EXISTS '${nextcloud_MYSQL_USER}';
+DROP USER IF EXISTS '${MYSQL_USER}';
-CREATE USER '${nextcloud_MYSQL_USER}'@'%';
+CREATE USER '${MYSQL_USER}'@'%';
-GRANT ALL ON ${nextcloud_MYSQL_DATABASE}.* TO '${nextcloud_MYSQL_USER}'@'%' IDENTIFIED BY '${nextcloud_MYSQL_PASSWORD}';
+GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';
 FLUSH PRIVILEGES;"
        ;;
 	'agora' )
 		. $KAZ_KEY_DIR/orgas/$ORGA/env-mattermostDB
 	    SQL="$SQL
-CREATE DATABASE IF NOT EXISTS ${mattermost_MYSQL_DATABASE};
+CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE};
-DROP USER IF EXISTS '${mattermost_MYSQL_USER}';
+DROP USER IF EXISTS '${MYSQL_USER}';
-CREATE USER '${mattermost_MYSQL_USER}'@'%';
+CREATE USER '${MYSQL_USER}'@'%';
-GRANT ALL ON ${mattermost_MYSQL_DATABASE}.* TO '${mattermost_MYSQL_USER}'@'%' IDENTIFIED BY '${mattermost_MYSQL_PASSWORD}';
+GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';
 FLUSH PRIVILEGES;"
 	    ;;
 	'wp' )
 		. $KAZ_KEY_DIR/orgas/$ORGA/env-wpDB
 	    SQL="$SQL
-CREATE DATABASE IF NOT EXISTS ${wp_MYSQL_DATABASE};
+CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE};
-DROP USER IF EXISTS '${wp_MYSQL_USER}';
+DROP USER IF EXISTS '${MYSQL_USER}';
-CREATE USER '${wp_MYSQL_USER}'@'%';
+CREATE USER '${MYSQL_USER}'@'%';
-GRANT ALL ON ${wp_MYSQL_DATABASE}.* TO '${wp_MYSQL_USER}'@'%' IDENTIFIED BY '${wp_MYSQL_PASSWORD}';
+GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';
 FLUSH PRIVILEGES;"
 	    ;;
 	'castopod' )
 		. $KAZ_KEY_DIR/orgas/$ORGA/env-castopodDB
 	    SQL="$SQL
-CREATE DATABASE IF NOT EXISTS ${castopod_MYSQL_DATABASE};
+CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE};
-DROP USER IF EXISTS '${castopod_MYSQL_USER}';
+DROP USER IF EXISTS '${MYSQL_USER}';
-CREATE USER '${castopod_MYSQL_USER}'@'%';
+CREATE USER '${MYSQL_USER}'@'%';
-GRANT ALL ON ${castopod_MYSQL_DATABASE}.* TO '${castopod_MYSQL_USER}'@'%' IDENTIFIED BY '${castopod_MYSQL_PASSWORD}';
+GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';
 FLUSH PRIVILEGES;"
 	    ;;
 	'spip' )
 		. $KAZ_KEY_DIR/orgas/$ORGA/env-spipDB
           SQL="$SQL
-CREATE DATABASE IF NOT EXISTS ${spip_MYSQL_DATABASE};
+CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE};
-DROP USER IF EXISTS '${spip_MYSQL_USER}';
+DROP USER IF EXISTS '${MYSQL_USER}';
-CREATE USER '${spip_MYSQL_USER}'@'%';
+CREATE USER '${MYSQL_USER}'@'%';
-GRANT ALL ON ${spip_MYSQL_DATABASE}.* TO '${spip_MYSQL_USER}'@'%' IDENTIFIED BY '${spip_MYSQL_PASSWORD}';
+GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';
 FLUSH PRIVILEGES;"
 	    ;;
@@ -84,4 +92,4 @@ FLUSH PRIVILEGES;"
    esac
 done
-echo $SQL | docker exec -i ${ORGA}-DB bash -c "mariadb --user=root --password=${wp_MYSQL_ROOT_PASSWORD}"
+echo $SQL | docker exec -i ${ORGA}-DB bash -c "mariadb --user=root --password=${MYSQL_ROOT_PASSWORD}"
--- a/config/orgaTmpl/initdb.d/orga.sql
+++ b/config/orgaTmpl/initdb.d/orga.sql
@@ -1,3 +0,0 @@
 CREATE DATABASE IF NOT EXISTS nextcloud;
 CREATE DATABASE IF NOT EXISTS mattermost;
 CREATE DATABASE IF NOT EXISTS wpdb;
--- a/config/orgaTmpl/orga-gen.sh
+++ b/config/orgaTmpl/orga-gen.sh
@@ -389,7 +389,7 @@ update() {
 					       -e "s/{{FOREIGN_DW}}/${FOREIGN_DW}/"\
 					       -e "s/{{FOREIGN_POD}}/${FOREIGN_POD}/"\
 						   -e "s/{{FOREIGN_SPIP}}/${FOREIGN_SPIP}/"\
-					       -e "s|\${orga}|${ORGA}-|g"
+					       -e "s|\${orga}|${ORGA}|g"
    ) > "$2"
    sed "s/storage_opt:.*/storage_opt: ${quota}/g" -i "$2"
 }
@@ -412,13 +412,18 @@ if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then
    ln -sf ../../config/orgaTmpl/orga-gen.sh
    ln -sf ../../config/orgaTmpl/orga-rm.sh
    ln -sf ../../config/orgaTmpl/init-paheko.sh    
-    ln -sf ../../config/orgaTmpl/initdb.d/
+    #ln -sf ../../config/orgaTmpl/initdb.d/
    ln -sf ../../config/orgaTmpl/app/
    ln -sf ../../config/orgaTmpl/wiki-conf/
    ln -sf ../../config/orgaTmpl/reload.sh
    ln -sf ../../config/orgaTmpl/init-db.sh
 fi
 if [ ! -d "${KAZ_KEY_DIR}/orgas/$ORGA/" ]; then
    rsync -a "${KAZ_CONF_DIR}/orgaTmpl/secret.tmpl/" "${KAZ_KEY_DIR}/orgas/$ORGA/"
 	${KAZ_BIN_DIR}/secretGen.sh -d $ORGA
 fi
 if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then
    # ########## update ${DOCKERS_ENV}
    if ! grep -q "proxy_orga=" .env 2> /dev/null
@@ -438,6 +443,12 @@ if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then
 fi
 if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then
    # ########## create network 
 	## GAEL bizarre, je pense que c'est déjà fait qque part, mais chez moi ça veut pas ... 
    docker network create "${ORGA}-orgaNet"
    # ########## create volume
    ./init-volume.sh
 fi
--- a/config/orgaTmpl/orga-rm.sh
+++ b/config/orgaTmpl/orga-rm.sh
@@ -40,6 +40,8 @@ remove () {
 	    sed -i -e "/proxy_${ORGA_FLAG}=/d" "${DOCKERS_ENV}"
 	    sed -i -e "/^${ORGA}-orga$/d" "${ORGA_LIST}"
 	    rm -fr "${KAZ_COMP_DIR}/${ORGA}-orga"
 	    rm -fr "${KAZ_KEY_DIR}/orgas/${ORGA}"
 	    exit;;
 	    [Nn]* )
--- a/config/orgaTmpl/secret.tmpl/env-castopodAdmin
+++ b/config/orgaTmpl/secret.tmpl/env-castopodAdmin
@@ -0,0 +1,3 @@
 ADMIN_USER=@@pass@@castopod2@@p@@
 ADMIN_MAIL=admin@@@globalvar@@domain@@gv@@
 ADMIN_PASSWORD=@@pass@@castopod3@@p@@
--- a/config/orgaTmpl/secret.tmpl/env-castopodDB
+++ b/config/orgaTmpl/secret.tmpl/env-castopodDB
@@ -0,0 +1,4 @@
 MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
 MYSQL_USER=@@user@@castopod1@@u@@
 MYSQL_PASSWORD=@@pass@@castopod1@@p@@
 MYSQL_DATABASE=@@db@@castopod1@@d@@
--- a/config/orgaTmpl/secret.tmpl/env-castopodServ
+++ b/config/orgaTmpl/secret.tmpl/env-castopodServ
@@ -0,0 +1,7 @@
 CP_EMAIL_SMTP_HOST= 
 CP_EMAIL_FROM=	
 CP_EMAIL_SMTP_USERNAME=
 CP_EMAIL_SMTP_PASSWORD=
 CP_EMAIL_SMTP_PORT=
 CP_EMAIL_SMTP_CRYPTO=
 CP_REDIS_PASSWORD=
--- a/config/orgaTmpl/secret.tmpl/env-mattermostDB
+++ b/config/orgaTmpl/secret.tmpl/env-mattermostDB
@@ -0,0 +1,9 @@
 MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
 MYSQL_DATABASE=@@db@@mattermost@@d@@
 MYSQL_USER=@@user@@mattermost@@u@@
 MYSQL_PASSWORD=@@pass@@mattermost@@p@@
 POSTGRES_USER=@@user@@mattermost@@u@@
 POSTGRES_PASSWORD=@@pass@@mattermost@@p@@
 POSTGRES_DB=@@db@@mattermost@@d@@
--- a/config/orgaTmpl/secret.tmpl/env-mattermostServ
+++ b/config/orgaTmpl/secret.tmpl/env-mattermostServ
@@ -0,0 +1,9 @@
 MM_ADMIN_EMAIL=@@globalvar@@matterHost@@gv@@@@@globalvar@@domain@@gv@@
 MM_ADMIN_USER=@@user@@mattermost2@@u@@
 MM_ADMIN_PASSWORD=@@pass@@mattermost2@@p@@
 MM_SQLSETTINGS_DRIVERNAME=postgres
 MM_SQLSETTINGS_DATASOURCE=postgres://@@user@@mattermost@@u@@:@@pass@@mattermost@@p@@@postgres:5432/@@db@@mattermost@@d@@?sslmode=disable&connect_timeout=10
--- a/config/orgaTmpl/secret.tmpl/env-nextcloudDB
+++ b/config/orgaTmpl/secret.tmpl/env-nextcloudDB
@@ -0,0 +1,8 @@
 MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
 MYSQL_DATABASE=@@db@@nextcloud@@d@@
 MYSQL_USER=@@user@@nextcloud@@u@@
 MYSQL_PASSWORD=@@pass@@nextcloud@@p@@
 #NC_MYSQL_USER=
 #NC_MYSQL_PASSWORD=
--- a/config/orgaTmpl/secret.tmpl/env-nextcloudServ
+++ b/config/orgaTmpl/secret.tmpl/env-nextcloudServ
@@ -0,0 +1,5 @@
 NEXTCLOUD_ADMIN_USER=@@user@@nextcloudadmin@@u@@
 NEXTCLOUD_ADMIN_PASSWORD=@@pass@@nextcloudadmin@@p@@
 MYSQL_HOST=db
 RAIN_LOOP=@@pass@@rainloop@@p@@
--- a/config/orgaTmpl/secret.tmpl/env-spipDB
+++ b/config/orgaTmpl/secret.tmpl/env-spipDB
@@ -0,0 +1,4 @@
 MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
 MYSQL_DATABASE=@@db@@spip@@d@@
 MYSQL_USER=@@user@@spip@@u@@
 MYSQL_PASSWORD=@@pass@@spip@@p@@
--- a/config/orgaTmpl/secret.tmpl/env-spipServ
+++ b/config/orgaTmpl/secret.tmpl/env-spipServ
@@ -0,0 +1,10 @@
 SPIP_AUTO_INSTALL=1
 SPIP_DB_SERVER=mysql
 SPIP_DB_NAME=@@db@@spip@@d@@
 SPIP_DB_LOGIN=@@user@@spip@@u@@
 SPIP_DB_PASS=@@pass@@spip@@p@@
 SPIP_ADMIN_NAME=admin
 SPIP_ADMIN_LOGIN=@@user@@spipadmin@@u@@
 SPIP_ADMIN_EMAIL=admin@@@globalvar@@domain@@gv@@
 SPIP_ADMIN_PASS=@@pass@@spipadmin@@p@@
 PHP_TIMEZONE=Europe/Paris
--- a/config/orgaTmpl/secret.tmpl/env-wpDB
+++ b/config/orgaTmpl/secret.tmpl/env-wpDB
@@ -0,0 +1,4 @@
 MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
 MYSQL_DATABASE=@@db@@wp@@d@@
 MYSQL_USER=@@user@@wp@@u@@
 MYSQL_PASSWORD=@@pass@@wp@@p@@
--- a/config/orgaTmpl/secret.tmpl/env-wpServ
+++ b/config/orgaTmpl/secret.tmpl/env-wpServ
@@ -0,0 +1,8 @@
 # share with wpDB
 WORDPRESS_DB_HOST=db:3306
 WORDPRESS_ADMIN_USER=@@user@@adminwp@@u@@
 WORDPRESS_ADMIN_PASSWORD=@@pass@@adminwp@@p@@
 WORDPRESS_DB_NAME=@@db@@wp@@d@@
 WORDPRESS_DB_USER=@@user@@wp@@u@@
 WORDPRESS_DB_PASSWORD=@@pass@@wp@@p@@
--- a/config/orgaTmpl/wiki-conf/acl.auth.php
+++ b/config/orgaTmpl/wiki-conf/acl.auth.php
@@ -1,10 +0,0 @@
 # acl.auth.php
 # <?php exit()?>
 # Don't modify the lines above
 #
 # Access Control Lists
 #
 # Auto-generated by install script
 # Date: Sat, 13 Feb 2021 17:42:28 +0000
 *	@ALL	1
 *	@user	8
--- a/config/orgaTmpl/wiki-conf/local.php
+++ b/config/orgaTmpl/wiki-conf/local.php
@@ -1,26 +0,0 @@
 <?php
 /*
 * Dokuwiki's Main Configuration File - Local Settings
 * Auto-generated by config plugin
 * Run for user: felix
 * Date: Sun, 28 Feb 2021 15:56:13 +0000
 */
 $conf['title'] = 'Kaz';
 $conf['template'] = 'docnavwiki';
 $conf['license'] = 'cc-by-sa';
 $conf['useacl'] = 1;
 $conf['superuser'] = '@admin';
 $conf['manager'] = '@manager';
 $conf['disableactions'] = 'register';
 $conf['remoteuser'] = '';
 $conf['mailfrom'] = 'dokuwiki@kaz.bzh';
 $conf['updatecheck'] = 0;
 $conf['userewrite'] = '1';
 $conf['useslash'] = 1;
 $conf['plugin']['ckgedit']['scayt_auto'] = 'on';
 $conf['plugin']['ckgedit']['scayt_lang'] = 'French/fr_FR';
 $conf['plugin']['ckgedit']['other_lang'] = 'fr';
 $conf['plugin']['smtp']['smtp_host'] = 'smtp.kaz.bzh';
 $conf['plugin']['todo']['CheckboxText'] = 0;
 $conf['plugin']['wrap']['restrictionType'] = '1';
--- a/config/orgaTmpl/wiki-conf/users.auth.php
+++ b/config/orgaTmpl/wiki-conf/users.auth.php
@@ -1,13 +0,0 @@
 # users.auth.php
 # <?php exit()?>
 # Don't modify the lines above
 #
 # Userfile
 #
 # Auto-generated by install script
 # Date: Sat, 13 Feb 2021 17:42:28 +0000
 #
 # Format:
 # login:passwordhash:Real Name:email:groups,comma,separated
 admin:$2y$10$GYvFgViXeEUmDViplHEs7eoYV8tmbfsS8wA1vfHQ.tWgW14o9aTjy:admin:contact@kaz.bzh:admin,user
--- a/config/proxy/proxy_params
+++ b/config/proxy/proxy_params
@@ -1,21 +0,0 @@
 #proxy_buffering off;
 #proxy_set_header X-Forwarded-Host $host:$server_port;
 #proxy_set_header X-Forwarded-Server $host;
 #XXX pb proxy_set_header Connection $proxy_connection;
 proxy_buffers 256 16k;
 proxy_buffer_size 16k;
 # mattermost
 http2_push_preload on; # Enable HTTP/2 Server Push
 add_header Strict-Transport-Security max-age=15768000;
 proxy_set_header Host $http_host;
 proxy_set_header X-Real-IP $remote_addr;
 #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header X-Forwarded-Proto $scheme;
 #proxy_hide_header 'x-frame-options';
 #proxy_set_header x-frame-options allowall;
 proxy_set_header X-Frame-Options SAMEORIGIN;
--- a/dockers/castopod/first.sh
+++ b/dockers/castopod/first.sh
@@ -6,7 +6,6 @@ setKazVars
 cd $(dirname $0)
 . "${DOCKERS_ENV}"
 . "${KAZ_KEY_DIR}/SetAllPass.sh"
 "${KAZ_BIN_DIR}/gestContainers.sh" --install -M -castopod
--- a/dockers/cloud/first.sh
+++ b/dockers/cloud/first.sh
@@ -4,7 +4,6 @@ KAZ_ROOT=$(cd $(dirname $0)/../..; pwd)
 . "${KAZ_ROOT}/bin/.commonFunctions.sh"
 setKazVars
 . "${DOCKERS_ENV}"
 . $KAZ_ROOT/secret/SetAllPass.sh
 ${KAZ_BIN_DIR}/gestContainers.sh --install -M -cloud
--- a/dockers/cloud/up.sh
+++ b/dockers/cloud/up.sh
@@ -1,102 +0,0 @@
 #!/bin/bash
 KAZ_ROOT=$(cd $(dirname $0)/../..; pwd)
 . "${KAZ_ROOT}/bin/.commonFunctions.sh"
 setKazVars
 . "${DOCKERS_ENV}"
 . $KAZ_ROOT/secret/SetAllPass.sh
 #"${KAZ_BIN_DIR}/initCloud.sh"
 docker exec -ti -u 33 nextcloudServ /var/www/html/occ app:enable user_ldap
 docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:delete-config s01
 docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:create-empty-config
 docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapAgentName cn=cloud,ou=applications,${ldap_root}
 docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapAgentPassword ${ldap_LDAP_CLOUD_PASSWORD}
 docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapAgentPassword ${ldap_LDAP_CLOUD_PASSWORD}
 docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapBase ${ldap_root}
 docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapBaseGroups ${ldap_root}
 docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapBaseUsers ou=users,${ldap_root}
 docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapExpertUsernameAttr identifiantKaz
 docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapHost ${ldapServName}
 docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapPort 389
 docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapTLS 0
 docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapLoginFilter "(&(objectclass=nextcloudAccount)(|(cn=%uid)(identifiantKaz=%uid)))"
 docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapQuotaAttribute nextcloudQuota
 docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapUserFilter "(&(objectclass=nextcloudAccount)(nextcloudEnabled=TRUE))"
 docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapUserFilterObjectclass nextcloudAccount
 docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapEmailAttribute mail
 docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapUserDisplayName cn
 docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapUserFilterMode 1
 docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapConfigurationActive 1
 # Dans le mariadb, pour permettre au ldap de reprendre la main : delete from oc_users where uid<>'admin';
 # docker exec -i nextcloudDB mysql --user=<user> --password=<password> <db> <<< "delete from oc_users where uid<>'admin';"
 # Doc : https://help.nextcloud.com/t/migration-to-ldap-keeping-users-and-data/13205
 # Exemple de table/clés :
 # +-------------------------------+----------------------------------------------------------+
 # | Configuration                 | s01                                                      |
 # +-------------------------------+----------------------------------------------------------+
 # | hasMemberOfFilterSupport      | 0                                                        |
 # | homeFolderNamingRule          |                                                          |
 # | lastJpegPhotoLookup           | 0                                                        |
 # | ldapAgentName                 | cn=cloud,ou=applications,dc=kaz,dc=sns                   |
 # | ldapAgentPassword             | ***                                                      |
 # | ldapAttributesForGroupSearch  |                                                          |
 # | ldapAttributesForUserSearch   |                                                          |
 # | ldapBackgroundHost            |                                                          |
 # | ldapBackgroundPort            |                                                          |
 # | ldapBackupHost                |                                                          |
 # | ldapBackupPort                |                                                          |
 # | ldapBase                      | ou=users,dc=kaz,dc=sns                                   |
 # | ldapBaseGroups                | ou=users,dc=kaz,dc=sns                                   |
 # | ldapBaseUsers                 | ou=users,dc=kaz,dc=sns                                   |
 # | ldapCacheTTL                  | 600                                                      |
 # | ldapConfigurationActive       | 1                                                        |
 # | ldapConnectionTimeout         | 15                                                       |
 # | ldapDefaultPPolicyDN          |                                                          |
 # | ldapDynamicGroupMemberURL     |                                                          |
 # | ldapEmailAttribute            | mail                                                     |
 # | ldapExperiencedAdmin          | 0                                                        |
 # | ldapExpertUUIDGroupAttr       |                                                          |
 # | ldapExpertUUIDUserAttr        |                                                          |
 # | ldapExpertUsernameAttr        | uid                                                      |
 # | ldapExtStorageHomeAttribute   |                                                          |
 # | ldapGidNumber                 | gidNumber                                                |
 # | ldapGroupDisplayName          | cn                                                       |
 # | ldapGroupFilter               |                                                          |
 # | ldapGroupFilterGroups         |                                                          |
 # | ldapGroupFilterMode           | 0                                                        |
 # | ldapGroupFilterObjectclass    |                                                          |
 # | ldapGroupMemberAssocAttr      |                                                          |
 # | ldapHost                      | ldap                                                     |
 # | ldapIgnoreNamingRules         |                                                          |
 # | ldapLoginFilter               | (&(|(objectclass=nextcloudAccount))(cn=%uid))            |
 # | ldapLoginFilterAttributes     |                                                          |
 # | ldapLoginFilterEmail          | 0                                                        |
 # | ldapLoginFilterMode           | 0                                                        |
 # | ldapLoginFilterUsername       | 1                                                        |
 # | ldapMatchingRuleInChainState  | unknown                                                  |
 # | ldapNestedGroups              | 0                                                        |
 # | ldapOverrideMainServer        |                                                          |
 # | ldapPagingSize                | 500                                                      |
 # | ldapPort                      | 389                                                      |
 # | ldapQuotaAttribute            | nextcloudQuota                                           |
 # | ldapQuotaDefault              |                                                          |
 # | ldapTLS                       | 0                                                        |
 # | ldapUserAvatarRule            | default                                                  |
 # | ldapUserDisplayName           | cn                                                       |
 # | ldapUserDisplayName2          |                                                          |
 # | ldapUserFilter                | (&(objectclass=nextcloudAccount)(nextcloudEnabled=TRUE)) |
 # | ldapUserFilterGroups          |                                                          |
 # | ldapUserFilterMode            | 1                                                        |
 # | ldapUserFilterObjectclass     | nextcloudAccount                                         |
 # | ldapUuidGroupAttribute        | auto                                                     |
 # | ldapUuidUserAttribute         | auto                                                     |
 # | turnOffCertCheck              | 0                                                        |
 # | turnOnPasswordChange          | 0                                                        |
 # | useMemberOfToDetectMembership | 1                                                        |
 # +-------------------------------+----------------------------------------------------------+
--- a/dockers/ldap/UIHooks/post-hook.sh
+++ b/dockers/ldap/UIHooks/post-hook.sh
@@ -5,7 +5,9 @@ NEWPASSWORD=$(base64 -d <<< $2)
 OLDPASSWORD=$(base64 -d <<< $3)
 URL_AGORA="https://${matterHost}.${domain}"
-mattermost_token=${LDAPUI_MM_ADMIN_TOKEN}
+
 #mattermost_token=${LDAPUI_MM_ADMIN_TOKEN}
 . $KAZ_KEY_DIR/env-mattermostAdmin
 IDUSER=$(curl -s -H "Authorization: Bearer ${mattermost_token}" "${URL_AGORA}/api/v4/users/email/${EMAIL}" | awk -F "," '{print $1}' | sed -e 's/{"id"://g' -e 's/"//g')
 if [ ${IDUSER} == 'app.user.missing_account.const' ]
--- a/dockers/mattermost/first.sh
+++ b/dockers/mattermost/first.sh
@@ -6,12 +6,7 @@ setKazVars
 cd $(dirname $0)
 . "${DOCKERS_ENV}"
 . "${KAZ_KEY_DIR}/SetAllPass.sh"
 "${KAZ_BIN_DIR}/gestContainers.sh" --install -M -agora
 docker exec ${mattermostServName} mmctl auth login https://${matterHost}.${domain} --name local-server --username ${mattermost_MM_ADMIN_USER} --password ${mattermost_MM_ADMIN_PASSWORD}
 docker exec ${mattermostServName} mmctl channel create --team kaz --name "une-question--un-soucis" --display-name "Une question ? Un souci ?"
 docker exec ${mattermostServName} mmctl channel create --team kaz --name "cafe-du-commerce--ouvert-2424h" --display-name "Café du commerce"
 docker exec ${mattermostServName} mmctl channel create --team kaz --name "creation-comptes" --display-name "Création comptes"
--- a/dockers/peertube/.env
+++ b/dockers/peertube/.env
@@ -0,0 +1 @@
 ../../config/dockers.env
--- a/dockers/spip/.env
+++ b/dockers/spip/.env
@@ -0,0 +1 @@
 ../../config/dockers.env
--- a/dockers/sympa/alerting/sympa.sh
+++ b/dockers/sympa/alerting/sympa.sh
@@ -6,7 +6,7 @@ KAZ_ROOT=/kaz
 setKazVars
 . $DOCKERS_ENV
-. $KAZ_ROOT/secret/SetAllPass.sh
+. $KAZ_KEY_DIR/env-mattermostAdmin
 DOCKER_CMD="docker exec sympaServ"
 URL_AGORA=$(echo $matterHost).$(echo $domain)
--- a/dockers/sympa/first.sh
+++ b/dockers/sympa/first.sh
@@ -6,7 +6,6 @@ setKazVars
 cd $(dirname $0)
 . "${DOCKERS_ENV}"
 . "${KAZ_KEY_DIR}/SetAllPass.sh"
 DockerServName="${sympaServName}"
--- a/dockers/traefik/docker-compose.tmpl.yml.dist
+++ b/dockers/traefik/docker-compose.tmpl.yml.dist
@@ -1,6 +1,6 @@
 services:
  reverse-proxy:
-    image: traefik:v3.4.4
+    image: traefik:v3.4.1
    container_name: ${traefikServName}
    restart: ${restartPolicy}
    # Enables the web UI and tells Traefik to listen to docker
--- a/dockers/traefik/proxy-gen.sh
+++ b/dockers/traefik/proxy-gen.sh
@@ -4,7 +4,7 @@ KAZ_ROOT=$(cd "$(dirname $0)/../.."; pwd)
 . "${KAZ_ROOT}/bin/.commonFunctions.sh"
 setKazVars
 . "${DOCKERS_ENV}"
-. "${KAZ_ROOT}/secret/SetAllPass.sh"
+. $KAZ_BIN_DIR/getPasswords.sh traefik
 printKazMsg "\n  *** Proxy update config"
--- a/secret.tmpl/Readme.txt
+++ b/secret.tmpl/Readme.txt
@@ -1,11 +0,0 @@
 Mise à jour des mots de passe
 L'idée c'est d'extraire la gestion des mots de passe de l'installation.
 Tous les mots de passe sont dans un fichier "SetAllPass.sh" que des scripts vont chercher.
 updateDockerPassword.sh met à jours les fichiers d'environnement de mots de passe utilisé par docker-compose.
 (Il y a un problème pour mettre à jour le mot de passe d'une BD si son conteneur n'est pas en route)
 Les modifications sont prises en compte que lors de la création de nouveaux conteneurs (les données permanentes (mot de passe) dans les volumes ne sont pas changées)
--- a/secret.tmpl/SetAllPass.sh
+++ b/secret.tmpl/SetAllPass.sh
@@ -2,215 +2,43 @@
 # Attention à cause des scripts pas de ["'/] dans les mot de passe
 ####################
 # ethercalc
 ethercalc_REDIS_PORT_6379_TCP_ADDR="redis"
 ethercalc_REDIS_PORT_6379_TCP_PORT="6379"
 ####################
 # etherpad
 etherpad_MYSQL_ROOT_PASSWORD="--clean_val--"
 etherpad_MYSQL_DATABASE="--clean_val--"
 etherpad_MYSQL_USER="--clean_val--"
 etherpad_MYSQL_PASSWORD="--clean_val--"
 # Share with etherpadDB
 etherpad_DB_NAME="${etherpad_MYSQL_DATABASE}"
 etherpad_DB_USER="${etherpad_MYSQL_USER}"
 etherpad_DB_PASS="${etherpad_MYSQL_PASSWORD}"
 etherpad_DB_TYPE="mysql"
 etherpad_DB_HOST="padDB"
 etherpad_DB_PORT="3306"
 #etherpad_DB_CHARSET="utf8"
 #user: admin
 etherpad_ADMIN_PASSWORD="--clean_val--"
 etherpad_PAD_OPTIONS_LANG="fr"
 etherpad_TITLE="KazPad"
 etherpad_TRUST_PROXY="true"
 ####################
 # framadate
 framadate_MYSQL_ROOT_PASSWORD="--clean_val--"
 framadate_MYSQL_DATABASE="--clean_val--"
 framadate_MYSQL_USER="--clean_val--"
 framadate_MYSQL_PASSWORD="--clean_val--"
 framadate_HTTPD_USER="--clean_val--"
 framadate_HTTPD_PASSWORD="--clean_val--"
 ##################
 # Gandi
 # à supprimer et à replacer par dns_gandi_api_key
 gandi_GANDI_KEY="xxx"
 gandi_GANDI_API="https://api.gandi.net/v5/livedns/domains/${domain}"
 gandi_dns_gandi_api_key="${gandi_GANDI_KEY}"
 ####################
 # mattermost
 mattermost_POSTGRES_USER="mattermost"
 mattermost_POSTGRES_PASSWORD="--clean_val--"
 mattermost_POSTGRES_DB="mattermost"
 mattermost_MM_ADMIN_EMAIL="${matterHost}@${domain}"
 mattermost_MM_ADMIN_USER="admin-mattermost"
 mattermost_MM_ADMIN_PASSWORD="--clean_val--@"
 mattermost_MM_SQLSETTINGS_DATASOURCE="postgres://${mattermost_POSTGRES_USER}:${mattermost_POSTGRES_PASSWORD}@postgres:5432/${mattermost_POSTGRES_DB}?sslmode=disable&connect_timeout=10"
 # A COPIER DANS UN FICHIER DE CONF !! ->  mattermostAdmin
 # pour envoyer des messages sur l'agora avec mmctl
-mattermost_user="${mattermost_MM_ADMIN_USER}"
+mattermost_user="admin-mattermost"
-mattermost_pass="${mattermost_MM_ADMIN_PASSWORD}"
+mattermost_pass="--clean_val--"
 mattermost_token="xxx-private"
 ##################
 # Openldap
 ldap_LDAP_ADMIN_USERNAME="--clean_val--"
 ldap_LDAP_ADMIN_PASSWORD="--clean_val--"
 ldap_LDAP_CONFIG_ADMIN_USERNAME="--clean_val--"
 ldap_LDAP_CONFIG_ADMIN_PASSWORD="--clean_val--"
 ldap_LDAP_POSTFIX_PASSWORD="--clean_val--"
 ldap_LDAP_LDAPUI_PASSWORD="--clean_val--"
 ldap_LDAP_MATTERMOST_PASSWORD="--clean_val--"
 ldap_LDAP_CLOUD_PASSWORD="--clean_val--"
 ldap_LDAP_MOBILIZON_PASSWORD="--clean_val--"
 ldap_LDAPUI_URI=ldap://ldap
 ldap_LDAPUI_BASE_DN=${ldap_root}
 ldap_LDAPUI_REQUIRE_STARTTLS=FALSE
 ldap_LDAPUI_ADMINS_GROUP=admins
 ldap_LDAPUI_ADMIN_BIND_DN=cn=ldapui,ou=applications,${ldap_root}
 ldap_LDAPUI_ADMIN_BIND_PWD=${ldap_LDAP_LDAPUI_PASSWORD}
 ldap_LDAPUI_IGNORE_CERT_ERRORS=TRUE
 ldap_LDAPUI_PASSWORD="--clean_val--"
 ldap_LDAPUI_MM_ADMIN_TOKEN=${mattermost_token}
 ###################
 # gitea
 gitea_MYSQL_ROOT_PASSWORD="--clean_val--"
 gitea_MYSQL_DATABASE="--clean_val--"
 gitea_MYSQL_USER="--clean_val--"
 gitea_MYSQL_PASSWORD="--clean_val--"
 # on ne peut pas utiliser le login "admin"
 gitea_user_admin="admin_gitea"
 gitea_pass_admin="--clean_val--"
 gitea_admin_email="admin@kaz.bzh"
 ####################
 # jirafeau
 jirafeau_HTTPD_PASSWORD="--clean_val--"
 jirafeau_DATA_DIR="--clean_val--"
 ####################
 # nexcloud
 nextcloud_MYSQL_ROOT_PASSWORD="${mattermost_MYSQL_ROOT_PASSWORD}"
 nextcloud_MYSQL_DATABASE="--clean_val--"
 nextcloud_MYSQL_USER="--clean_val--"
 nextcloud_MYSQL_PASSWORD="--clean_val--"
 nextcloud_NEXTCLOUD_ADMIN_USER="admin"
 nextcloud_NEXTCLOUD_ADMIN_PASSWORD="--clean_val--"
 nextcloud_MYSQL_HOST="db"
 #user: admin
 nextcloud_RAIN_LOOP="--clean_val--"
 ####################
 # collabora
 office_username="admin"
 office_password="--clean_val--"
 ####################
 # roundcube
 roundcube_MYSQL_ROOT_PASSWORD="--clean_val--"
 roundcube_MYSQL_DATABASE="--clean_val--"
 roundcube_MYSQL_USER="--clean_val--"
 roundcube_MYSQL_PASSWORD="--clean_val--"
 # Share with roundcubeDB
 roundcube_ROUNDCUBEMAIL_DB_TYPE="mysql"
 roundcube_ROUNDCUBEMAIL_DB_NAME="${roundcube_MYSQL_DATABASE}"
 roundcube_ROUNDCUBEMAIL_DB_USER="${roundcube_MYSQL_USER}"
 roundcube_ROUNDCUBEMAIL_DB_PASSWORD="${roundcube_MYSQL_PASSWORD}"
 roundcube_ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE="1G"
 ####################
 # postfix LDAP
 mail_LDAP_BIND_DN=cn=postfix,ou=applications,${ldap_root}
 mail_LDAP_BIND_PW=${ldap_LDAP_POSTFIX_PASSWORD}
 ####################
 # sympa
 sympa_MYSQL_ROOT_PASSWORD="--clean_val--"
 sympa_MYSQL_DATABASE="sympa"
 sympa_MYSQL_USER="sympa"
 sympa_MYSQL_PASSWORD="--clean_val--"
 sympa_KEY="/etc/letsencrypt/live/${domain}/privkey.pem"
 sympa_CERT="/etc/letsencrypt/live/${domain}/fullchain.pem"
 sympa_LISTMASTERS="listmaster@${domain_sympa}"
 sympa_ADMINEMAIL="listmaster@${domain_sympa}"
 sympa_SOAP_USER="sympa"
 sympa_SOAP_PASSWORD="--clean_val--"
 # pour inscrire des users sur des listes sympa avec soap
 #il faut que le user soit admin de sympa
 sympa_user="a@${domain}"
 sympa_pass="--clean_val--"
 ##################
 # vigilo
 vigilo_MYSQL_ROOT_PASSWORD="--clean_val--"
 vigilo_MYSQL_USER="--clean_val--"
 vigilo_MYSQL_PASSWORD="--clean_val--"
 vigilo_MYSQL_DATABASE="--clean_val--"
 vigilo_MYSQL_HOST="db"
 #vigilo_BIND=
 ####################
 # wordpress
 wp_MYSQL_ROOT_PASSWORD="${mattermost_MYSQL_ROOT_PASSWORD}"
 wp_MYSQL_DATABASE="--clean_val--"
 wp_MYSQL_USER="--clean_val--"
 wp_MYSQL_PASSWORD="--clean_val--"
 # Share with wpDB
 wp_WORDPRESS_DB_HOST="db:3306"
 wp_WORDPRESS_DB_NAME="${wp_MYSQL_DATABASE}"
 wp_WORDPRESS_DB_USER="${wp_MYSQL_USER}"
 wp_WORDPRESS_DB_PASSWORD="${wp_MYSQL_PASSWORD}"
 wp_WORDPRESS_ADMIN_USER="admin"
 wp_WORDPRESS_ADMIN_PASSWORD="--clean_val--"
 ##################
 # A DEPLACER DANS DOCKER ENV
 #qui envoi le mail d'inscription ?
 EMAIL_CONTACT="toto@kaz.bzh"
 # A COPIER DANS UN FICHIER DE CONF !! ->  paheko
 ##################
 # Paheko
 paheko_API_USER="admin-api"
 paheko_API_PASSWORD="--clean_val--"
 ##################
 # La nas de Kaz chez Grifon
 nas_admin1="admin"
 nas_password1="--clean_val--"
 nas_admin2="kaz"
 nas_password1="--clean_val--"
 # compte mail pour les notifications du nas
 nas_email_account="admin-nas@${domain}"
 nas_email_password="--clean_val--"
 # A virer dans koffre
 ##################
 #Compte sur outlook.com
 outlook_user="kaz-user@outlook.fr"
 outlook_pass="--clean_val--"
 # A COPIER DANS UN FICHIER DE CONF !! ->  mail
 service_mail=admin-kaz@kaz.bzh
 service_password="--clean_val--"
 ##################
 #Borg
 # A COPIER DANS UN FICHIER DE CONF !! ->  borg
 BORG_REPO="/mnt/backup-nas1/BorgRepo"
 BORG_PASSPHRASE="--clean_val--"
 VOLUME_SAUVEGARDES="/mnt/backup-nas1"
@@ -218,148 +46,21 @@ MAIL_RAPPORT="a@${domain};b@${domain};c@${domain}"
 BORGMOUNT="/mnt/disk-nas1/tmp/repo_mount"
 ###################
 # mobilizon
 mobilizon_POSTGRES_USER="--clean_val--"
 mobilizon_POSTGRES_PASSWORD="--clean_val--"
 mobilizon_POSTGRES_DB=mobilizon
 mobilizon_MOBILIZON_DATABASE_USERNAME="${mobilizon_POSTGRES_USER}"
 mobilizon_MOBILIZON_DATABASE_PASSWORD="${mobilizon_POSTGRES_PASSWORD}"
 mobilizon_MOBILIZON_DATABASE_DBNAME=mobilizon
 mobilizon_MOBILIZON_INSTANCE_REGISTRATIONS_OPEN=false
 mobilizon_MOBILIZON_INSTANCE_NAME="Mobilizon"
 mobilizon_MOBILIZON_INSTANCE_HOST="${mobilizonHost}.${domain}"
 mobilizon_MOBILIZON_INSTANCE_SECRET_KEY_BASE=changeme
 mobilizon_MOBILIZON_INSTANCE_SECRET_KEY=changeme
 mobilizon_MOBILIZON_INSTANCE_EMAIL=noreply@${domain}
 mobilizon_MOBILIZON_REPLY_EMAIL=contact@${domain_sympa}
 mobilizon_MOBILIZON_ADMIN_EMAIL=admin@${domain_sympa}
 mobilizon_MOBILIZON_SMTP_SERVER="${smtpHost}.${domain}"
 mobilizon_MOBILIZON_SMTP_PORT=25
 mobilizon_MOBILIZON_SMTP_HOSTNAME="${smtpHost}.${domain}"
 mobilizon_MOBILIZON_SMTP_USERNAME=noreply@${domain}
 mobilizon_MOBILIZON_SMTP_PASSWORD=
 mobilizon_MOBILIZON_SMTP_SSL=false
 mobilizon_MOBILIZON_LDAP_BINDUID=cn=mobilizon,ou=applications,${ldap_root}
 mobilizon_MOBILIZON_LDAP_BINDPASSWORD=${ldap_LDAP_MOBILIZON_PASSWORD}
 #####################
 # Vaultwarden
 vaultwarden_MYSQL_ROOT_PASSWORD="--clean_val--"
 vaultwarden_MYSQL_DATABASE="vaultwarden"
 vaultwarden_MYSQL_USER="vaultwarden"
 vaultwarden_MYSQL_PASSWORD="--clean_val--"
 vaultwarden_DATABASE_URL="mysql://${vaultwarden_MYSQL_USER}:${vaultwarden_MYSQL_PASSWORD}@db/${vaultwarden_MYSQL_DATABASE}"
 vaultwarden_ADMIN_TOKEN="--clean_val--"
 #####################
 #Traefik
 # A COPIER DANS UN FICHIER DE CONF !! ->  traefik
 traefik_DASHBOARD_USER="admin"
 traefik_DASHBOARD_PASSWORD="--clean_val--"
 #####################
 # dokuwiki
 dokuwiki_WIKI_ROOT=Kaz
 dokuwiki_WIKI_EMAIL=wiki@kaz.local
 dokuwiki_WIKI_PASSWORD="--clean_val--"
 #####################
 # Castopod
-castopod_MYSQL_ROOT_PASSWORD="--clean_val--"
+# A COPIER DANS UN FICHIER DE CONF !! castopodAdmin
-castopod_MYSQL_DATABASE="--clean_val--"
+
 castopod_MYSQL_USER="--clean_val--"
 castopod_MYSQL_PASSWORD="--clean_val--"
 castopod_CP_REDIS_PASSWORD="${castopodRedisPassword}"
 castopod_ADMIN_USER=adminKaz
 castopod_ADMIN_MAIL=admin@${domain}
 castopod_ADMIN_PASSWORD="--clean_val--"
 castopod_CP_EMAIL_SMTP_HOST="${smtpHost}.${domain}"
 castopod_CP_EMAIL_SMTP_PORT=25
 castopod_CP_EMAIL_SMTP_USERNAME=noreply@${domain}
 castopod_CP_EMAIL_SMTP_PASSWORD=
 castopod_CP_EMAIL_FROM=noreply@${domain}
 castopod_CP_EMAIL_SMTP_CRYPTO=tls
 #####################
 # Spip
 spip_MYSQL_ROOT_PASSWORD="--clean_val--"
 spip_MYSQL_DATABASE="--clean_val--"
 spip_MYSQL_USER="--clean_val--"
 spip_MYSQL_PASSWORD="--clean_val--"
 spip_SPIP_AUTO_INSTALL=1
 spip_SPIP_DB_SERVER=mysql
 spip_SPIP_DB_LOGIN="${spip_MYSQL_USER}"
 spip_SPIP_DB_PASS="${spip_MYSQL_PASSWORD}"
 spip_SPIP_DB_NAME="${spip_MYSQL_DATABASE}"
 spip_SPIP_ADMIN_NAME=admin
 spip_SPIP_ADMIN_LOGIN=admin
 spip_SPIP_ADMIN_EMAIL=admin@${domain}
 spip_SPIP_ADMIN_PASS="--clean_val--"
 spip_PHP_TIMEZONE="Europe/Paris"
 #####################
 # Peertube
 peertube_POSTGRES_USER="--clean_val--"
 peertube_POSTGRES_PASSWORD="--clean_val--"
 peertube_PEERTUBE_DB_NAME="--clean_val--"
 peertube_PEERTUBE_DB_USERNAME="${peertube_POSTGRES_USER}"
 peertube_PEERTUBE_DB_PASSWORD="${peertube_POSTGRES_PASSWORD}"
 peertube_PEERTUBE_DB_SSL=false
 peertube_PEERTUBE_DB_HOSTNAME="${peertubeDBName}"
 peertube_PEERTUBE_WEBSERVER_HOSTNAME="${peertubeHost}.${domain}"
 peertube_PEERTUBE_TRUST_PROXY="['10.0.0.0/8', '127.0.0.1', 'loopback', '172.18.0.0/16']"
 peertube_PEERTUBE_SECRET="--clean_val--"
 peertube_PT_INITIAL_ROOT_PASSWORD="--clean_val--"
 #peertube_PEERTUBE_SMTP_USERNAME=
 #peertube_PEERTUBE_SMTP_PASSWORD=
 # Default to Postfix service name "postfix" in docker-compose.yml
 # May be the hostname of your Custom SMTP server
 peertube_PEERTUBE_SMTP_HOSTNAME=
 peertube_PEERTUBE_SMTP_PORT=25
 peertube_PEERTUBE_SMTP_FROM=
 peertube_PEERTUBE_SMTP_TLS=false
 peertube_PEERTUBE_SMTP_DISABLE_STARTTLS=false
 peertube_PEERTUBE_ADMIN_EMAIL=
 peertube_POSTFIX_myhostname=
 #peertube_OPENDKIM_DOMAINS=peertube
 peertube_OPENDKIM_RequireSafeKeys=no
 peertube_PEERTUBE_OBJECT_STORAGE_UPLOAD_ACL_PUBLIC="public-read"
 peertube_PEERTUBE_OBJECT_STORAGE_UPLOAD_ACL_PRIVATE="private"
 ######################
 peertube_POSTGRES_DB="${peertube_PEERTUBE_DB_NAME}"
 ######################
 # SNAPPYMAIL
 # Url  https://snappymail.${domain}/?admin
 # au premier lancement un mot de passe est généré en aut par l' appli dans le
 # volume Data : /var/lib/docker/volumes/snappymail_data/_data/_data_/_default_
 # le fichier s' appelle admin_password.txt
 # une fois le mot de passe changé dans le Gui de l' admin, ce fichier est automatiquement supprimé
 snappymail_TZ="Europe/Paris"
 snappymail_UPLOAD_MAX_SIZE="100M"
 ####################
 # mastodon
 mastodon_POSTGRES_USER="--clean_val--"
 mastodon_POSTGRES_PASSWORD="--clean_val--"
 mastodon_POSTGRES_DB=mastodon
 mastodon_DB_USER="${mastodon_POSTGRES_USER}"
 mastodon_DB_PASS="${mastodon_POSTGRES_PASSWORD}"
 mastodon_DB_NAME=mastodon
--- a/secret.tmpl/env-apikazServ
+++ b/secret.tmpl/env-apikazServ
@@ -1,22 +1,24 @@
 paheko_API_USER=
 paheko_API_PASSWORD=
 paheko_url=
-mattermost_user=
+paheko_url=https://kaz-@@globalvar@@pahekoHost@@gv@@.@@globalvar@@domain@@gv@@
-mattermost_pass=
+paheko_API_USER="@@user@@pahekoapi@@u@@"
-mattermost_url=
+paheko_API_PASSWORD="@@pass@@pahekoapi@@p@@"
-ldap_LDAP_ADMIN_USERNAME=
+mattermost_user="@@user@@mattermost2@@u@@"
-ldap_LDAP_ADMIN_PASSWORD=
+mattermost_pass="@@pass@@mattermost2@@p@@"
-ldap_root=
+mattermost_token="@@token@@mattermost@@t@@"
-nextcloud_NEXTCLOUD_ADMIN_USER=
+ldap_LDAP_ADMIN_USERNAME="@@user@@ldap@@u@@"
-nextcloud_NEXTCLOUD_ADMIN_PASSWORD=
+ldap_LDAP_ADMIN_PASSWORD="@@pass@@ldap@@p@@"
-cloud_url=
+ldap_root=@@globalvar@@ldap_root@@gv@@
-sympa_SOAP_USER=
+nextcloud_NEXTCLOUD_ADMIN_USER="@@user@@nextcloudadmin@@u@@"
-sympa_SOAP_PASSWORD=
+nextcloud_NEXTCLOUD_ADMIN_PASSWORD="@@pass@@nextcloudadmin@@p@@"
-sympa_url=
+cloud_url=https://@@globalvar@@cloudHost@@gv@@.@@globalvar@@domain@@gv@@
 sympa_SOAP_USER="@@user@@sympasoap@@u@@"
 sympa_SOAP_PASSWORD="@@pass@@sympasoap@@p@@"
 sympa_url=https://@@globalvar@@sympaHost@@gv@@.@@globalvar@@domain@@gv@@
 gandi_GANDI_KEY=
 gandi_GANDI_API=
--- a/secret.tmpl/env-borg
+++ b/secret.tmpl/env-borg
@@ -0,0 +1,17 @@
 VOLUME_SAUVEGARDES=
 BORG_REPO=
 BORG_PASSPHRASE=@@token@@borg@@t@@
 BORGLOG="/var/log/borg"
 BORG_FIC_DEL="/tmp/sauvegarde_supp.txt"
 BORG_EXCLUDE_BACKUP=
 MAIL_RAPPORT=a@@@globalvar@@domain@@gv@@;b@@@globalvar@@domain@@gv@@;c@@@globalvar@@domain@@gv@@
 LISTREPSAUV=
 BORGMOUNT="/mnt/repo_borg"
 MAILOK=
 MAILWARNING=
 MAILDETAIL=
 BACKUPS_KEEP="4m"
 NB_BACKUPS_JOUR=90
 NB_BACKUPS_SEM=30
 NB_BACKUPS_MOIS=12
 BORGSCRIPTS=/root/borgscripts
--- a/secret.tmpl/env-castopodAdmin
+++ b/secret.tmpl/env-castopodAdmin
@@ -0,0 +1,3 @@
 ADMIN_USER=@@pass@@castopod2@@p@@
 ADMIN_MAIL=admin@@@globalvar@@domain@@gv@@
 ADMIN_PASSWORD=@@pass@@castopod3@@p@@
--- a/secret.tmpl/env-castopodDB
+++ b/secret.tmpl/env-castopodDB
@@ -1,4 +1,4 @@
-MYSQL_ROOT_PASSWORD=
+MYSQL_ROOT_PASSWORD=@@pass@@castopod@@p@@
-MYSQL_DATABASE=
+MYSQL_USER=@@user@@castopod1@@u@@
-MYSQL_USER=
+MYSQL_PASSWORD=@@pass@@castopod1@@p@@
-MYSQL_PASSWORD=
+MYSQL_DATABASE=@@db@@castopod1@@d@@
--- a/secret.tmpl/env-dokuwikiServ
+++ b/secret.tmpl/env-dokuwikiServ
@@ -1,4 +1,4 @@
-WIKI_ROOT=
+WIKI_ROOT=Kaz
-WIKI_EMAIL=
+WIKI_EMAIL=wiki@@@globalvar@@domain@@gv@@
-WIKI_PASSWORD=
+WIKI_PASSWORD=@@pass@@dokuwiki@@p@@
--- a/secret.tmpl/env-etherpadDB
+++ b/secret.tmpl/env-etherpadDB
@@ -1,5 +1,5 @@
-MYSQL_ROOT_PASSWORD=
+MYSQL_ROOT_PASSWORD=@@pass@@etherpadroot@@p@@
-MYSQL_DATABASE=
+MYSQL_DATABASE=@@db@@etherpad@@d@@
-MYSQL_USER=
+MYSQL_USER=@@user@@etherpad@@u@@
-MYSQL_PASSWORD=
+MYSQL_PASSWORD=@@pass@@etherpad@@p@@
--- a/secret.tmpl/env-etherpadServ
+++ b/secret.tmpl/env-etherpadServ
@@ -1,16 +1,17 @@
 # share with padDB
-DB_NAME=
+DB_NAME=@@db@@etherpad@@d@@
-DB_USER=
+DB_USER=@@user@@etherpad@@u@@
-DB_PASS=
+DB_PASS=@@pass@@etherpad@@p@@
-DB_TYPE=
+
-DB_HOST=
+DB_TYPE=mysql
-DB_PORT=
+DB_HOST=padDB
 DB_PORT=3306
 #DB_CHARSET=
-ADMIN_PASSWORD=
+ADMIN_PASSWORD=@@pass@@etherpadadmin@@p@@
-TITLE=
+TITLE=KazPad
-PAD_OPTIONS_LANG=
+PAD_OPTIONS_LANG=fr
-TRUST_PROXY=
+TRUST_PROXY=true
-#DEFAULT_PAD_TEXT="––––– Ce texte est à effacer (après lecture si c’est votre première visite) ou à conserver en bas de votre pad –––––\n\nBienvenue sur notre PAD !\n\n➡ Comment commencer ?\n• Renseignez votre nom ou pseudo, en cliquant sur l’icône « utilisateur » en haut à droite.\n• Choisissez votre couleur d'écriture au même endroit.\n• Lancez-vous : écrivez sur votre pad !\n• Les contributions de chacun se synchronisent « en temps réel » sous leur propre couleur.\n\n➡ Comment partager / collaborer ?\n• Sélectionnez et copiez l'URL (l'adresse web dans la grande barre en haut à gauche du navigateur)\n• Partagez-là à vos collaborateurs et collaboratrices (email, messagerie, etc.)\n• Attention : toute personne ayant cette adresse d'accès peut modifier le pad à sa convenance.\n• Utilisez l'onglet chat (en bas à droite) pour séparer les discussions du texte sur lequel vous travaillez.\n\n➡ Comment sauvegarder ?\n• Il n'y a rien à faire : le texte est automatiquement sauvegardé, à chaque caractère tapé.\n• Marquez une version (un état du pad) en cliquant sur l’icône « étoile ».\n• Retrouvez toute l'évolution du pad et vos versions marquées d'une étoile dans l’historique (icône « horloge »).\n• Importez et exportez votre texte avec l'icône « double flèche » (formats HTML, texte brut, PDF, ODF…) ou avec un copier/coller.\n\nImportant ! N’oubliez pas de conserver quelque part l’adresse web (URL) de votre pad.\n\nBon travail collaboratif :)\n\n––––– Ce texte est à effacer (après lecture si c’est votre première visite) –––––\n\n**ATTENTION**\nCETTE INSTANCE PROPOSE DES PADS À EFFACEMENT AUTOMATIQUE !\n\nVOS PADS SERONT AUTOMATIQUEMENT SUPPRIMÉS AU BOUT DE 62 JOURS (2 MOIS) SANS ÉDITION !\n\nSi le contenu de votre pad bimestriel a été effacé, c'est qu'il n'avait pas été modifié depuis plus de 62 jours consécutifs.\n"
+DEFAULT_PAD_TEXT="––––– Ce texte est à effacer (après lecture si c’est votre première visite) ou à conserver en bas de votre pad –––––\n\nBienvenue sur notre PAD !\n\n➡ Comment commencer ?\n• Renseignez votre nom ou pseudo, en cliquant sur l’icône « utilisateur » en haut à droite.\n• Choisissez votre couleur d'écriture au même endroit.\n• Lancez-vous : écrivez sur votre pad !\n• Les contributions de chacun se synchronisent « en temps réel » sous leur propre couleur.\n\n➡ Comment partager / collaborer ?\n• Sélectionnez et copiez l'URL (l'adresse web dans la grande barre en haut à gauche du navigateur)\n• Partagez-là à vos collaborateurs et collaboratrices (email, messagerie, etc.)\n• Attention : toute personne ayant cette adresse d'accès peut modifier le pad à sa convenance.\n• Utilisez l'onglet chat (en bas à droite) pour séparer les discussions du texte sur lequel vous travaillez.\n\n➡ Comment sauvegarder ?\n• Il n'y a rien à faire : le texte est automatiquement sauvegardé, à chaque caractère tapé.\n• Marquez une version (un état du pad) en cliquant sur l’icône « étoile ».\n• Retrouvez toute l'évolution du pad et vos versions marquées d'une étoile dans l’historique (icône « horloge »).\n• Importez et exportez votre texte avec l'icône « double flèche » (formats HTML, texte brut, PDF, ODF…) ou avec un copier/coller.\n\nImportant ! N’oubliez pas de conserver quelque part l’adresse web (URL) de votre pad.\n\nBon travail collaboratif :)\n\n––––– Ce texte est à effacer (après lecture si c’est votre première visite) –––––\n\n**ATTENTION**\nCETTE INSTANCE PROPOSE DES PADS À EFFACEMENT AUTOMATIQUE !\n\nVOS PADS SERONT AUTOMATIQUEMENT SUPPRIMÉS AU BOUT DE 62 JOURS (2 MOIS) SANS ÉDITION !\n\nSi le contenu de votre pad bimestriel a été effacé, c'est qu'il n'avait pas été modifié depuis plus de 62 jours consécutifs.\n"
--- a/secret.tmpl/env-framadateDB
+++ b/secret.tmpl/env-framadateDB
@@ -1,5 +1,5 @@
-MYSQL_ROOT_PASSWORD=
+MYSQL_ROOT_PASSWORD=@@pass@@framadateroot@@p@@
-MYSQL_DATABASE=
+MYSQL_DATABASE=@@db@@framadatedb@@d@@
-MYSQL_USER=
+MYSQL_USER=@@user@@framadatedb@@u@@
-MYSQL_PASSWORD=
+MYSQL_PASSWORD=@@pass@@framadatedb@@p@@
--- a/secret.tmpl/env-framadateServ
+++ b/secret.tmpl/env-framadateServ
@@ -1,3 +1,3 @@
-HTTPD_USER=
+HTTPD_USER=@@user@@framadate@@u@@
-HTTPD_PASSWORD=
+HTTPD_PASSWORD=@@pass@@framadate2@@p@@
--- a/secret.tmpl/env-gitDB
+++ b/secret.tmpl/env-gitDB
@@ -1,5 +1,5 @@
-MYSQL_ROOT_PASSWORD=
+MYSQL_ROOT_PASSWORD=@@pass@@gitroot@@p@@
-MYSQL_DATABASE=
+MYSQL_DATABASE=@@db@@gitdb@@d@@
-MYSQL_USER=
+MYSQL_USER=@@user@@gitdb@@u@@
-MYSQL_PASSWORD=
+MYSQL_PASSWORD=@@pass@@gitdb@@p@@
--- a/secret.tmpl/env-gitServ
+++ b/secret.tmpl/env-gitServ
@@ -1,3 +1,3 @@
-user_admin=
+user_admin=@@user@@git@@u@@
-pass_admin=
+pass_admin=@@pass@@git@@p@@
-admin_email=
+admin_email=admin@@@globalvar@@domain@@gv@@
--- a/secret.tmpl/env-jirafeauServ
+++ b/secret.tmpl/env-jirafeauServ
@@ -1,2 +1,2 @@
-HTTPD_PASSWORD=
+HTTPD_PASSWORD=@@pass@@jirafeau@@pass@@
--- a/secret.tmpl/env-kaz
+++ b/secret.tmpl/env-kaz
@@ -0,0 +1,11 @@
 # tout est dans le env_kaz
 # utilisé par gest containers
 NAS_VOL=
 OPERATE_ON_MAIN=                 # par defaut NON on ne traite que des orgas
 OPERATE_ON_NAS_ORGA=             # par defaut NON, on va aussi sur les orgas du NAS
 OPERATE_LOCAL_ORGA="OUI"         # par defaut oui
 TEMPO_ACTION_STOP=2              # Lors de redémarrage avec tempo, on attend après le stop
 TEMPO_ACTION_START=60            # Lors de redémarrage avec tempo, avant de reload le proxy
 DEFAULTCONTAINERS="cloud agora wp wiki office paheko castopod spip"
 APPLIS_PAR_DEFAUT="tasks calendar contacts bookmarks mail richdocuments external drawio snappymail ransomware_protection" #rainloop richdocumentscode 
 QUIET="1"                    # redirection des echo
--- a/secret.tmpl/env-ldapServ
+++ b/secret.tmpl/env-ldapServ
@@ -1,9 +1,9 @@
-LDAP_ADMIN_USERNAME=
+LDAP_ADMIN_USERNAME=@@user@@ldap@@u@@
-LDAP_ADMIN_PASSWORD=
+LDAP_ADMIN_PASSWORD=@@pass@@ldap@@p@@
-LDAP_CONFIG_ADMIN_USERNAME=
+LDAP_CONFIG_ADMIN_USERNAME=@@user@@ldapconfig@@u@@
-LDAP_CONFIG_ADMIN_PASSWORD=
+LDAP_CONFIG_ADMIN_PASSWORD=@@pass@@ldapconfig@@p@@
-LDAP_POSTFIX_PASSWORD=
+LDAP_POSTFIX_PASSWORD=@@pass@@ldappostfix@@p@@
-LDAP_LDAPUI_PASSWORD=
+LDAP_LDAPUI_PASSWORD=@@pass@@ldapui@@p@@
-LDAP_MATTERMOST_PASSWORD=
+LDAP_MATTERMOST_PASSWORD=@@pass@@ldapmm@@p@@
-LDAP_CLOUD_PASSWORD=
+LDAP_CLOUD_PASSWORD=@@pass@@ldapcloud@@p@@
-LDAP_MOBILIZON_PASSWORD=
+LDAP_MOBILIZON_PASSWORD=@@pass@@ldapmobilizon@@p@@
--- a/secret.tmpl/env-ldapUI
+++ b/secret.tmpl/env-ldapUI
@@ -1,9 +1,9 @@
-LDAPUI_URI=
+LDAPUI_URI=ldap://ldap
-LDAPUI_BASE_DN=
+LDAPUI_BASE_DN=@@globalvar@@ldap_root@@gv@@
-LDAPUI_REQUIRE_STARTTLS=
+LDAPUI_REQUIRE_STARTTLS=FALSE
-LDAPUI_ADMINS_GROUP=
+LDAPUI_ADMINS_GROUP=admins
-LDAPUI_ADMIN_BIND_DN=
+LDAPUI_ADMIN_BIND_DN=cn=ldapui,ou=applications,@@globalvar@@ldap_root@@gv@@
-LDAPUI_ADMIN_BIND_PWD=
+LDAPUI_ADMIN_BIND_PWD=@@pass@@ldapui@@p@@
-LDAPUI_IGNORE_CERT_ERRORS=
+LDAPUI_IGNORE_CERT_ERRORS=TRUE
-LDAPUI_PASSWORD=
+LDAPUI_PASSWORD=@@pass@@ldapuipass@@p@@
-LDAPUI_MM_ADMIN_TOKEN=
+LDAPUI_MM_ADMIN_TOKEN=@@crossvar@@mattermostAdmin_mattermost_token@@cv@@
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Gael	a3f448b457	missing .env	2025-07-31 14:33:47 +02:00
Gael	77a3819beb	Il faut créer le dossier secret pour chaque orga ! (cas de maj du docker-compose après ajout de service)	2025-07-31 14:18:57 +02:00
Gael	ec16cdfe92	Quelques appels restants + script de migration	2025-07-31 06:16:36 +02:00
Gael	6877a5f872	Le init db est fait dans le initdb.sh plutôt ...	2025-07-31 05:36:32 +02:00
Gael	3a8bd9ec1a	Merge branch 'gestionSecrets' of git+ssh://git.kaz.bzh:2202/KAZ/KazV2 into gestionSecrets	2025-07-31 05:05:13 +02:00
Gael	1f9ccff5b6	Les orgas + qques changements pour getpasswords.sh	2025-07-31 05:04:29 +02:00
Gael	ff69724f86	droits d'execution sur les scripts	2025-07-31 01:55:59 +02:00
Gael	99779a70ff	Récupération des valeurs du docker.env !	2025-07-30 23:08:48 +02:00
Gael	400775bf41	removing double quotes + divers petits bugs	2025-07-30 02:57:38 +02:00
Gael	8baf9fc492	Merge branch 'gestionSecrets' of git+ssh://git.kaz.bzh:2202/KAZ/KazV2 into gestionSecrets	2025-07-29 16:37:45 +02:00
Gael	8d26a57b6b	A tester : la génération des mots de passe !	2025-07-29 16:33:17 +02:00
HPL	5fbc804edd	Actualiser secret.tmpl/SetAllPass.sh	2025-07-23 06:34:30 +02:00
Gael	44ff3980f9	SetAllPass a disparu ! Reste le secretgen à refaire + revoir les valeurs "liées" par setallpass. Rien n'est testé pour le moment.	2025-07-23 03:19:27 +02:00
`@@ -1,3 +1,3 @@`

	`HTTPD_USER=`	`HTTPD_USER=@@user@@framadate@@u@@`
	`HTTPD_PASSWORD=`	`HTTPD_PASSWORD=@@pass@@framadate2@@p@@`
`@@ -1,2 +1,2 @@`

	`HTTPD_PASSWORD=`	`HTTPD_PASSWORD=@@pass@@jirafeau@@pass@@`