KAZ/KazV2
11
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

Compare commits

base: KAZ:gestionSecrets
Branches Tags
KAZ:master KAZ:feat/python KAZ:gestionSecrets
...
compare: KAZ:bca0693a14d3b917f6488ccde4dc532e53867424
Branches Tags
KAZ:master KAZ:feat/python KAZ:gestionSecrets

22 Commits
gestionSec ... bca0693a14

Author SHA1 Message Date
Gael
bca0693a14 Merge branch 'gestionSecrets' 2025-09-03 21:49:21 +02:00
nom
0d00b418a0 upgrade MM. attention, cette image est slim. Plus de curl, j'ai donc enlevé le health check DB 2025-08-31 18:33:46 +02:00
Fanch
98cc875611 fix castopod/firefox 2025-08-14 13:06:30 +02:00
didier
618f22db6b KAZ_KEY_DIR 2025-08-07 20:27:05 +02:00
didier
290c6fe360 suppression de SetAllPass 2025-08-07 20:19:00 +02:00
Gael
3b5d01d5df yaml veut des espaces 2025-07-31 00:14:34 +02:00
didier
3a3c4f4d0c version a jourt de roundcube 2025-07-27 10:45:14 +02:00
Fanch
898d6a652d Revert "modif docker compose pour avoir la dernière version de roundcube" 
This reverts commit 3bf952b57f.
 2025-07-27 10:28:39 +02:00
didier
3bf952b57f modif docker compose pour avoir la dernière version de roundcube 2025-07-27 09:47:27 +02:00
Fanch
70442f6464 fix fix 2025-07-26 17:59:16 +02:00
Fanch
33f793fcbe fix cert sympa 2025-07-26 17:51:13 +02:00
Fanch
813e0e761f typo 2025-07-26 15:41:38 +02:00
Fanch
2e62e9782e mattermost canal creation comptes 2025-07-26 15:40:15 +02:00
Fanch
fc4adc0fae mattermost first launch 2025-07-26 15:32:54 +02:00
Fanch
74812fa79a mattermost admin user/pass 2025-07-26 14:45:27 +02:00
Fanch
3220d862a6 fix mattermost 2025-07-26 13:52:15 +02:00
Fanch
1936326535 fix default matterport 2025-07-25 15:52:47 +02:00
Fanch
a630e47bfe fix mattermost pgsql 2025-07-25 15:10:43 +02:00
Fanch
33fc237cb8 fix traefik 2025-07-17 18:26:36 +02:00
Fanch
ed5ef23ed2 fix traefik 2025-07-17 17:23:13 +02:00
Fanch
6f33808736 fix vm 2025-07-17 16:13:30 +02:00
nom
477a9155fe upgrade traefik to 3.4.4 2025-07-16 06:43:16 +02:00
14 changed files with 50 additions and 118 deletions
Expand all files Collapse all files

2
bin/install.sh
View File

@@ -123,6 +123,8 @@ export DebugLog="${KAZ_ROOT}/log/log-install-$(date +%y-%m-%d-%T)-"
if [[ " ${DOCKERS_LIST[*]} " =~ " traefik " ]]; then
# on initialise traefik :-(
${KAZ_COMP_DIR}/traefik/first.sh
# on démarre traefik (plus lancé dans container.sh)
docker-compose -f ${KAZ_COMP_DIR}/traefik/docker-compose.yml up -d
fi
if [[ " ${DOCKERS_LIST[*]} " =~ " etherpad " ]]; then

10
bin/scriptBorg.sh
View File

@@ -17,9 +17,13 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars
. $DOCKERS_ENV
. $KAZ_BIN_DIR/getPasswords.sh borg
VERSION="V-10-03-2025"
. ${KAZ_KEY_DIR}/env-borg
# Si la variable SCRIPTBORG est renseignée avec un fichier on le source
if [ ! -z ${SCRIPTBORG} ]
then
[ -f ${SCRIPTBORG} ] && . ${SCRIPTBORG}
fi
VERSION="V-07-08-2025"
PRG=$(basename $0)
RACINE=$(echo $PRG | awk '{print $1}')
#IFS=' '

4
config/container-proxy.list.tmpl
View File

@@ -1,2 +1,2 @@
proxy
#traefik
# proxy
traefik

2
config/container-withMail.list.tmpl
View File

@@ -4,7 +4,7 @@ dokuwiki
paheko
gitea
jirafeau
mattermost
#mattermost
roundcube
mobilizon
vaultwarden

2
config/dockers.tmpl.env
View File

@@ -101,7 +101,7 @@ snappymailHost=snappymail
########################################
# ports internes
matterPort=8000
matterPort=8065
imapsyncPort=8080
apikaz=5000

4
config/orgaTmpl/secret.tmpl/env-mattermostServ
View File

@@ -1,9 +1,5 @@
MM_ADMIN_EMAIL=@@globalvar@@matterHost@@gv@@@@@globalvar@@domain@@gv@@
MM_ADMIN_USER=@@user@@mattermost2@@u@@
MM_ADMIN_PASSWORD=@@pass@@mattermost2@@p@@
MM_SQLSETTINGS_DRIVERNAME=postgres
MM_SQLSETTINGS_DATASOURCE=postgres://@@user@@mattermost@@u@@:@@pass@@mattermost@@p@@@postgres:5432/@@db@@mattermost@@d@@?sslmode=disable&connect_timeout=10

14
dockers/mattermost/docker-compose.yml
View File

@@ -1,7 +1,7 @@
services:
app:
image: mattermost/mattermost-team-edition:10.9.1
image: mattermost/mattermost-team-edition:10.11.1
container_name: ${mattermostServName}
restart: ${restartPolicy}
volumes:
@@ -39,12 +39,12 @@ services:
- "traefik.http.routers.${mattermostServName}.rule=Host(`${matterHost}.${domain}`)"
- "traefik.http.services.${mattermostServName}.loadbalancer.server.port=${matterPort}"
- "traefik.docker.network=mattermostNet"
healthcheck:
test: ["CMD", "curl", "-f", "http://app:${matterPort}"]
interval: 20s
retries: 10
start_period: 20s
timeout: 10s
# healthcheck:
# test: ["CMD", "curl", "-f", "http://app:${matterPort}"]
# interval: 20s
# retries: 10
# start_period: 20s
# timeout: 10s
postgres:
image: postgres:17-alpine

4
dockers/mattermost/first.sh
View File

@@ -10,3 +10,7 @@ cd $(dirname $0)
"${KAZ_BIN_DIR}/gestContainers.sh" --install -M -agora
docker exec ${mattermostServName} mmctl auth login https://${matterHost}.${domain} --name local-server --username ${mattermost_MM_ADMIN_USER} --password ${mattermost_MM_ADMIN_PASSWORD}
docker exec ${mattermostServName} mmctl channel create --team kaz --name "une-question--un-soucis" --display-name "Une question ? Un souci ?"
docker exec ${mattermostServName} mmctl channel create --team kaz --name "cafe-du-commerce--ouvert-2424h" --display-name "Café du commerce"
docker exec ${mattermostServName} mmctl channel create --team kaz --name "creation-comptes" --display-name "Création comptes"

2
dockers/roundcube/docker-compose.yml
View File

@@ -1,7 +1,7 @@
services:
app:
image: roundcube/roundcubemail:1.6.9-apache
image: roundcube/roundcubemail
container_name: ${roundcubeServName}
restart: ${restartPolicy}
depends_on:

13
dockers/traefik/docker-compose.tmpl.yml.dist
View File

@@ -1,6 +1,6 @@
services:
reverse-proxy:
image: traefik:v3.4.1
image: traefik:v3.4.4
container_name: ${traefikServName}
restart: ${restartPolicy}
# Enables the web UI and tells Traefik to listen to docker
@@ -23,6 +23,7 @@ services:
- TRAEFIK_ENTRYPOINTS_websecure_HTTP_TLS_CERTRESOLVER=letsencrypt
- TRAEFIK_ENTRYPOINTS_websecure_HTTP_MIDDLEWARES=hsts@file,test-ipallowlist@file
- TRAEFIK_ENTRYPOINTS_websecure_TRANSPORT_RESPONDINGTIMEOUTS_READTIMEOUT=600
- TRAEFIK_ENTRYPOINTS_websecure_TRANSPORT_RESPONDINGTIMEOUTS_IDLETIMEOUT=600
- TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_EMAIL=admin@${domain}
- TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_CASERVER=${acme_server}
- TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_STORAGE=/letsencrypt/acme.json
@@ -34,7 +35,7 @@ services:
- TZ=Europe/Paris
- TRAEFIK_ACCESSLOG=true
- TRAEFIK_ACCESSLOG_FILEPATH=/log/traefik_acces.log
- TRAEFIK_ACCESSLOG_FILTERS_STATUSCODES=404,403,401
- TRAEFIK_ACCESSLOG_FILTERS_STATUSCODES=404,403,401
- TRAEFIK_LOG=true
- TRAEFIK_LOG_LEVEL=INFO
- TRAEFIK_LOG_FILEPATH=/log/traefik.log
@@ -226,13 +227,13 @@ networks:
}}
{{peertube
peertubeNet:
external:true
name:peertubeNet
external: true
name: peertubeNet
}}
{{spip
spipNet:
external:true
name:spipNet
external: true
name: spipNet
}}

66
secret.tmpl/SetAllPass.sh
View File

@@ -1,66 +0,0 @@
#!/bin/bash
# Attention à cause des scripts pas de ["'/] dans les mot de passe
# A COPIER DANS UN FICHIER DE CONF !! -> mattermostAdmin
# pour envoyer des messages sur l'agora avec mmctl
mattermost_user="admin-mattermost"
mattermost_pass="--clean_val--"
mattermost_token="xxx-private"
##################
# A DEPLACER DANS DOCKER ENV
#qui envoi le mail d'inscription ?
EMAIL_CONTACT="toto@kaz.bzh"
# A COPIER DANS UN FICHIER DE CONF !! -> paheko
##################
# Paheko
paheko_API_USER="admin-api"
paheko_API_PASSWORD="--clean_val--"
# A virer dans koffre
##################
#Compte sur outlook.com
outlook_user="kaz-user@outlook.fr"
outlook_pass="--clean_val--"
# A COPIER DANS UN FICHIER DE CONF !! -> mail
service_mail=admin-kaz@kaz.bzh
service_password="--clean_val--"
##################
#Borg
# A COPIER DANS UN FICHIER DE CONF !! -> borg
BORG_REPO="/mnt/backup-nas1/BorgRepo"
BORG_PASSPHRASE="--clean_val--"
VOLUME_SAUVEGARDES="/mnt/backup-nas1"
MAIL_RAPPORT="a@${domain};b@${domain};c@${domain}"
BORGMOUNT="/mnt/disk-nas1/tmp/repo_mount"
#####################
#Traefik
# A COPIER DANS UN FICHIER DE CONF !! -> traefik
traefik_DASHBOARD_USER="admin"
traefik_DASHBOARD_PASSWORD="--clean_val--"
#####################
# Castopod
# A COPIER DANS UN FICHIER DE CONF !! castopodAdmin
castopod_ADMIN_USER=adminKaz
castopod_ADMIN_MAIL=admin@${domain}
castopod_ADMIN_PASSWORD="--clean_val--"

34
secret.tmpl/env-borg
View File

@@ -1,17 +1,17 @@
VOLUME_SAUVEGARDES=
BORG_REPO=
BORG_PASSPHRASE=@@token@@borg@@t@@
BORGLOG="/var/log/borg"
BORG_FIC_DEL="/tmp/sauvegarde_supp.txt"
BORG_EXCLUDE_BACKUP=
MAIL_RAPPORT=a@@@globalvar@@domain@@gv@@;b@@@globalvar@@domain@@gv@@;c@@@globalvar@@domain@@gv@@
LISTREPSAUV=
BORGMOUNT="/mnt/repo_borg"
MAILOK=
MAILWARNING=
MAILDETAIL=
BACKUPS_KEEP="4m"
NB_BACKUPS_JOUR=90
NB_BACKUPS_SEM=30
NB_BACKUPS_MOIS=12
BORGSCRIPTS=/root/borgscripts
borg_VOLUME_SAUVEGARDES=
borg_BORG_REPO=
borg_BORG_PASSPHRASE=@@token@@borg@@t@@
borg_BORGLOG="/var/log/borg"
borg_BORG_FIC_DEL="/tmp/sauvegarde_supp.txt"
borg_BORG_EXCLUDE_BACKUP=
borg_MAIL_RAPPORT=a@@@globalvar@@domain@@gv@@;b@@@globalvar@@domain@@gv@@;c@@@globalvar@@domain@@gv@@
borg_LISTREPSAUV=
borg_BORGMOUNT="/mnt/repo_borg"
borg_MAILOK=
borg_MAILWARNING=
borg_MAILDETAIL=
borg_BACKUPS_KEEP="4m"
borg_NB_BACKUPS_JOUR=90
borg_NB_BACKUPS_SEM=30
borg_NB_BACKUPS_MOIS=12
borg_BORGSCRIPTS=/root/borgscripts

7
secret.tmpl/env-mattermostDB
View File

@@ -1,9 +1,4 @@
MYSQL_ROOT_PASSWORD=@@pass@@mattermostroot@@p@@
MYSQL_DATABASE=@@db@@mattermost@@d@@
MYSQL_USER=@@user@@mattermost@@u@@
MYSQL_PASSWORD=@@pass@@mattermost@@p@@
POSTGRES_USER=@@user@@mattermost@@u@@
POSTGRES_PASSWORD=@@pass@@mattermost@@p@@
POSTGRES_DB=@@db@@mattermost@@d@@

4
secret.tmpl/env-mattermostServ
View File

@@ -1,9 +1,5 @@
MM_ADMIN_EMAIL=@@globalvar@@matterHost@@gv@@@@@globalvar@@domain@@gv@@
MM_ADMIN_USER=@@user@@mattermost2@@u@@
MM_ADMIN_PASSWORD=@@pass@@mattermost2@@p@@
MM_SQLSETTINGS_DRIVERNAME=postgres
MM_SQLSETTINGS_DATASOURCE=postgres://@@user@@mattermost@@u@@:@@pass@@mattermost@@p@@@postgres:5432/@@db@@mattermost@@d@@?sslmode=disable&connect_timeout=10