KAZ/KazV2
11
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

Compare commits

merge into: KAZ:master
Branches Tags
KAZ:master KAZ:gestionSecrets KAZ:feat/python
...
pull from: KAZ:gestionSecrets
Branches Tags
KAZ:gestionSecrets KAZ:master KAZ:feat/python

13 Commits
master ... gestionSec

Author SHA1 Message Date
Gael
a3f448b457 missing .env 2025-07-31 14:33:47 +02:00
Gael
77a3819beb Il faut créer le dossier secret pour chaque orga ! (cas de maj du docker-compose après ajout de service) 2025-07-31 14:18:57 +02:00
Gael
ec16cdfe92 Quelques appels restants + script de migration 2025-07-31 06:16:36 +02:00
Gael
6877a5f872 Le init db est fait dans le initdb.sh plutôt ... 2025-07-31 05:36:32 +02:00
Gael
3a8bd9ec1a Merge branch 'gestionSecrets' of git+ssh://git.kaz.bzh:2202/KAZ/KazV2 into gestionSecrets 2025-07-31 05:05:13 +02:00
Gael
1f9ccff5b6 Les orgas + qques changements pour getpasswords.sh 2025-07-31 05:04:29 +02:00
Gael
ff69724f86 droits d'execution sur les scripts 2025-07-31 01:55:59 +02:00
Gael
99779a70ff Récupération des valeurs du docker.env ! 2025-07-30 23:08:48 +02:00
Gael
400775bf41 removing double quotes + divers petits bugs 2025-07-30 02:57:38 +02:00
Gael
8baf9fc492 Merge branch 'gestionSecrets' of git+ssh://git.kaz.bzh:2202/KAZ/KazV2 into gestionSecrets 2025-07-29 16:37:45 +02:00
Gael
8d26a57b6b A tester : la génération des mots de passe ! 2025-07-29 16:33:17 +02:00
HPL
5fbc804edd Actualiser secret.tmpl/SetAllPass.sh 2025-07-23 06:34:30 +02:00
Gael
44ff3980f9 SetAllPass a disparu ! Reste le secretgen à refaire + revoir les valeurs "liées" par setallpass. Rien n'est testé pour le moment. 2025-07-23 03:19:27 +02:00
110 changed files with 1021 additions and 1469 deletions
Expand all files Collapse all files

11
bin/applyTemplate.sh
View File

@@ -16,7 +16,6 @@ KAZ_ROOT=$(cd "$(dirname $0)/.."; pwd)
setKazVars
. "${DOCKERS_ENV}"
. "${KAZ_KEY_DIR}/SetAllPass.sh"
usage () {
echo $(basename "$0") " [-h] [-help] [-timestamp] template dst"
@@ -64,8 +63,8 @@ done
-e "s|__DOKUWIKI_HOST__|${dokuwikiHost}|g"\
-e "s|__DOMAIN__|${domain}|g"\
-e "s|__FILE_HOST__|${fileHost}|g"\
-e "s|__PAHEKO_API_PASSWORD__|${paheko_API_PASSWORD}|g"\
-e "s|__PAHEKO_API_USER__|${paheko_API_USER}|g"\
# -e "s|__PAHEKO_API_PASSWORD__|${paheko_API_PASSWORD}|g"\
# -e "s|__PAHEKO_API_USER__|${paheko_API_USER}|g"\
-e "s|__PAHEKO_HOST__|${pahekoHost}|g"\
-e "s|__GIT_HOST__|${gitHost}|g"\
-e "s|__GRAV_HOST__|${gravHost}|g"\
@@ -79,9 +78,9 @@ done
-e "s|__SMTP_HOST__|${smtpHost}|g"\
-e "s|__SYMPADB__|${sympaDBName}|g"\
-e "s|__SYMPA_HOST__|${sympaHost}|g"\
-e "s|__SYMPA_MYSQL_DATABASE__|${sympa_MYSQL_DATABASE}|g"\
-e "s|__SYMPA_MYSQL_PASSWORD__|${sympa_MYSQL_PASSWORD}|g"\
-e "s|__SYMPA_MYSQL_USER__|${sympa_MYSQL_USER}|g"\
# -e "s|__SYMPA_MYSQL_DATABASE__|${sympa_MYSQL_DATABASE}|g"\
# -e "s|__SYMPA_MYSQL_PASSWORD__|${sympa_MYSQL_PASSWORD}|g"\
# -e "s|__SYMPA_MYSQL_USER__|${sympa_MYSQL_USER}|g"\
-e "s|__VIGILO_HOST__|${vigiloHost}|g"\
-e "s|__WEBMAIL_HOST__|${webmailHost}|g"\
-e "s|__CASTOPOD_HOST__|${castopodHost}|g"\

7
bin/certbot-dns-alwaysdata.sh Normal file → Executable file
View File

@@ -2,9 +2,10 @@
# certbot certonly --manual --preferred-challenges=dns --manual-auth-hook certbot-dns-alwaysdata.sh --manual-cleanup-hook certbot-dns-alwaysdata.sh -d "*.kaz.bzh" -d "kaz.bzh"
ALWAYSDATA_TOKEN="TOKEN"
ALWAYSDATA_ACCOUNT="ACCOUNT"
ALWAYSDATA_API="https://api.alwaysdata.com/v1/"
export KAZ_ROOT=$(cd "$(dirname $0)/.."; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars
. $KAZ_KEY_DIR/env-alwaysdata
DOMAIN_ID=$(curl -s -X GET --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" ${ALWAYSDATA_API}/domain/?name=${CERTBOT_DOMAIN} | jq '.[0].id')

119
bin/checkEnvFiles.sh
View File

@@ -6,8 +6,6 @@ setKazVars
RUN_PASS_DIR="secret"
TMPL_PASS_DIR="secret.tmpl"
RUN_PASS_FILE="${RUN_PASS_DIR}/SetAllPass.sh"
TMPL_PASS_FILE="${TMPL_PASS_DIR}/SetAllPass.sh"
NEED_GEN=
########################################
@@ -48,7 +46,12 @@ getVars () {
# get lvalues in script
getSettedVars () {
# $1 : filename
grep "^[^#]*=..*" $1 | grep -v '^[^#]*=".*--clean_val--.*"' | grep -v '^[^#]*="${' | sort -u
grep -E "^[^=#]*(USER|PASS|TOKEN|DATABASE|ACCOUNT|LOGIN|KEY)[^#]*=..*" ./* | grep -vE '^[^#=]*=.*@@(user|pass|db|token|gv|cv)@@.*' | sort -u
}
getUnsettedVars () {
# $1 : filename
grep -vE '^[^#=]*=.*@@(user|pass|db|token|gv|cv)@@.*' ./* | sort -u
}
getVarFormVal () {
@@ -57,60 +60,6 @@ getVarFormVal () {
grep "^[^#]*=$1" $2 | sed 's/\s*\([^=]*\).*/\1/'
}
########################################
# synchronized SetAllPass.sh (find missing lvalues)
updatePassFile () {
# $1 : ref filename
# $2 : target filename
REF_FILE="$1"
TARGET_FILE="$2"
NEED_UPDATE=
while : ; do
declare -a listRef listTarget missing
listRef=($(getVars "${REF_FILE}"))
listTarget=($(getVars "${TARGET_FILE}"))
missing=($(comm -23 <(printf "%s\n" ${listRef[@]}) <(printf "%s\n" ${listTarget[@]})))
if [ -n "${missing}" ]; then
echo "missing vars in ${YELLOW}${BOLD}${TARGET_FILE}${NC}:${RED}${BOLD}" ${missing[@]} "${NC}"
read -p "Do you want to add them? [y/n]: " yn
case $yn in
""|[Yy]*)
emacs "${REF_FILE}" "${TARGET_FILE}"
NEED_UPDATE=true
break
;;
[Nn]*)
break
;;
esac
else
break
fi
done
}
updatePassFile "${TMPL_PASS_FILE}" "${RUN_PASS_FILE}"
[ -n "${NEED_UPDATE}" ] && NEED_GEN=true
updatePassFile "${RUN_PASS_FILE}" "${TMPL_PASS_FILE}"
########################################
# check empty pass in TMPL_PASS_FILE
declare -a settedVars
settedVars=($(getSettedVars "${TMPL_PASS_FILE}"))
if [ -n "${settedVars}" ]; then
echo "unclear password in ${YELLOW}${BOLD}${TMPL_PASS_FILE}${NC}:${BLUE}${BOLD}"
for var in ${settedVars[@]}; do
echo -e "\t${var}"
done
echo "${NC}"
read -p "Do you want to clear them? [y/n]: " yn
case $yn in
""|[Yy]*)
emacs "${TMPL_PASS_FILE}"
;;
esac
fi
########################################
# check new files env-*
@@ -146,7 +95,7 @@ createMissingEnv "${TMPL_PASS_DIR}" "${RUN_PASS_DIR}"
declare -a listTmpl listRun listCommonFiles
listTmplFiles=($(cd "${TMPL_PASS_DIR}"; ls -1 env-* | grep -v '~$'))
listRunFiles=($(cd "${RUN_PASS_DIR}"; ls -1 env-* | grep -v '~$'))
listCommonFiles=($(comm -3 <(printf "%s\n" ${listTmplFiles[@]}) <(printf "%s\n" ${listRunFiles[@]})))
listCommonFiles=($(comm -12 <(printf "%s\n" ${listTmplFiles[@]}) <(printf "%s\n" ${listRunFiles[@]})))
for envFile in ${listCommonFiles[@]}; do
while : ; do
TMPL_FILE="${TMPL_PASS_DIR}/${envFile}"
@@ -224,21 +173,19 @@ if [ -n "${missing}" ]; then
fi
########################################
# check env-* in updateDockerPassword.sh
missing=($(for DIR in "${RUN_PASS_DIR}" "${TMPL_PASS_DIR}"; do
# check extention in dockers.env
declare -a missing
unsetted=($(for DIR in "${RUN_PASS_DIR}"; do
for envFile in $(ls -1 "${DIR}/"env-* | grep -v '~$'); do
val="${envFile#*env-}"
varName=$(getVarFormVal "${val}" "${DOCKERS_ENV}")
[ -z "${varName}" ] && continue
prefixe=$(grep "^\s*updateEnv.*${varName}" "${KAZ_BIN_DIR}/updateDockerPassword.sh" |
sed 's/\s*updateEnv[^"]*"\([^"]*\)".*/\1/' | sort -u)
if [ -z "${prefixe}" ]; then
echo "${envFile#*/}_(\${KAZ_KEY_DIR}/env-\${"${varName}"})"
if [ -z "${varName}" ]; then
echo "${val}"
fi
done
done | sort -u))
if [ -n "${missing}" ]; then
echo "missing update in ${GREEN}${BOLD}${KAZ_BIN_DIR}/updateDockerPassword.sh${NC}:${BLUE}${BOLD}"
echo "missing def in ${GREEN}${BOLD}${DOCKERS_ENV}${NC}:${BLUE}${BOLD}"
for var in ${missing[@]}; do
echo -e "\t${var}"
done
@@ -246,53 +193,17 @@ if [ -n "${missing}" ]; then
read -p "Do you want to add them? [y/n]: " yn
case $yn in
""|[Yy]*)
emacs "${KAZ_BIN_DIR}/updateDockerPassword.sh"
emacs "${DOCKERS_ENV}"
;;
esac
fi
########################################
# synchronized SetAllPass.sh and env-*
updateEnvFiles () {
# $1 secret dir
DIR=$1
listRef=($(getVars "${DIR}/SetAllPass.sh"))
missing=($(for envFile in $(ls -1 "${DIR}/"env-* | grep -v '~$'); do
val="${envFile#*env-}"
varName=$(getVarFormVal "${val}" "${DOCKERS_ENV}")
[ -z "${varName}" ] && continue
prefixe=$(grep "^\s*updateEnv.*${varName}" "${KAZ_BIN_DIR}/updateDockerPassword.sh" |
sed 's/\s*updateEnv[^"]*"\([^"]*\)".*/\1/' | sort -u)
[ -z "${prefixe}" ] && continue
listVarsInEnv=($(getVars "${envFile}"))
for var in ${listVarsInEnv[@]}; do
[[ ! " ${listRef[@]} " =~ " ${prefixe}_${var} " ]] && echo "${prefixe}_${var}"
done
# XXX doit exister dans SetAllPass.sh avec le prefixe
done))
if [ -n "${missing}" ]; then
echo "missing update in ${GREEN}${BOLD}${DIR}/SetAllPass.sh${NC}:${BLUE}${BOLD}"
for var in ${missing[@]}; do
echo -e "\t${var}"
done
echo "${NC}"
read -p "Do you want to add them? [y/n]: " yn
case $yn in
""|[Yy]*)
emacs "${DIR}/SetAllPass.sh"
;;
esac
fi
}
updateEnvFiles "${RUN_PASS_DIR}"
updateEnvFiles "${TMPL_PASS_DIR}"
# XXX chercher les variables non utilisées dans les SetAllPass.sh
if [ -n "${NEED_GEN}" ]; then
while : ; do
read -p "Do you want to generate blank values? [y/n]: " yn
read -p "Do you want to generate missing values? [y/n]: " yn
case $yn in
""|[Yy]*)
"${KAZ_BIN_DIR}/secretGen.sh"

11
bin/checkEnvPassword.sh
View File

@@ -1,11 +0,0 @@
#!/bin/bash
KAZ_ROOT=$(cd $(dirname $0)/..; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars
for filename in "${KAZ_KEY_DIR}/"env-*Serv "${KAZ_KEY_DIR}/"env-*DB; do
if grep -q "^[^#=]*=\s*$" "${filename}" 2>/dev/null; then
echo "${filename}"
fi
done

61
bin/container.sh
View File

@@ -61,20 +61,6 @@ doCompose () {
${SIMU} ln -fs ../../config/dockers.env .env
fi
${SIMU} docker-compose $1
if [ "$2" = "cachet" ] && [ "$1" != "down" ]; then
NEW_KEY=$(cd "${KAZ_COMP_DIR}/$2" ; docker-compose logs | grep APP_KEY=base64: | sed "s/^.*'APP_KEY=\(base64:[^']*\)'.*$/\1/" | tail -1)
if [ -n "${NEW_KEY}" ]; then
printKazMsg "cachet key change"
# change key
${SIMU} sed -i \
-e 's%^\(\s*cachet_APP_KEY=\).*$%\1"'"${NEW_KEY}"'"%' \
"${KAZ_KEY_DIR}/SetAllPass.sh"
${SIMU} "${KAZ_BIN_DIR}/secretGen.sh"
# restart
${SIMU} docker-compose $1
fi
fi
}
doComposes () {
@@ -177,7 +163,6 @@ statusComposes () {
saveComposes () {
. "${DOCKERS_ENV}"
. "${KAZ_ROOT}/secret/SetAllPass.sh"
savedComposes+=( ${enableMailComposes[@]} )
savedComposes+=( ${enableProxyComposes[@]} )
@@ -195,67 +180,85 @@ saveComposes () {
;;
sympa)
echo "save sympa"
saveDB ${sympaDBName} "${sympa_MYSQL_USER}" "${sympa_MYSQL_PASSWORD}" "${sympa_MYSQL_DATABASE}" sympa mysql
. $KAZ_BIN_DIR/getPasswords.sh sympaDB
saveDB ${sympaDBName} "${sympaDB_MYSQL_USER}" "${sympaDB_MYSQL_PASSWORD}" "${sympaDB_MYSQL_DATABASE}" sympa mysql
;;
web)
# rien à faire (fichiers)
;;
etherpad)
echo "save pad"
saveDB ${etherpadDBName} "${etherpad_MYSQL_USER}" "${etherpad_MYSQL_PASSWORD}" "${etherpad_MYSQL_DATABASE}" etherpad mysql
. $KAZ_BIN_DIR/getPasswords.sh etherpadDB
saveDB ${etherpadDBName} "${etherpadDB_MYSQL_USER}" "${etherpadDB_MYSQL_PASSWORD}" "${etherpadDB_MYSQL_DATABASE}" etherpad mysql
;;
framadate)
echo "save date"
saveDB ${framadateDBName} "${framadate_MYSQL_USER}" "${framadate_MYSQL_PASSWORD}" "${framadate_MYSQL_DATABASE}" framadate mysql
. $KAZ_BIN_DIR/getPasswords.sh framadateDB
saveDB ${framadateDBName} "${framadateDB_MYSQL_USER}" "${framadateDB_MYSQL_PASSWORD}" "${framadateDB_MYSQL_DATABASE}" framadate mysql
;;
cloud)
echo "save cloud"
saveDB ${nextcloudDBName} "${nextcloud_MYSQL_USER}" "${nextcloud_MYSQL_PASSWORD}" "${nextcloud_MYSQL_DATABASE}" nextcloud mysql
. $KAZ_BIN_DIR/getPasswords.sh nextcloudDB
saveDB ${nextcloudDBName} "${nextcloudDB_MYSQL_USER}" "${nextcloudDB_MYSQL_PASSWORD}" "${nextcloudDB_MYSQL_DATABASE}" nextcloud mysql
;;
paheko)
# rien à faire (fichiers)
;;
mattermost)
echo "save mattermost"
saveDB matterPG "${mattermost_POSTGRES_USER}" "${mattermost_POSTGRES_PASSWORD}" "${mattermost_POSTGRES_DB}" mattermost postgres
. $KAZ_BIN_DIR/getPasswords.sh mattermostDB
saveDB matterPG "${mattermostDB_POSTGRES_USER}" "${mattermostDB_POSTGRES_PASSWORD}" "${mattermostDB_POSTGRES_DB}" mattermost postgres
;;
mobilizon)
echo "save mobilizon"
saveDB ${mobilizonDBName} "${mobilizon_POSTGRES_USER}" "${mobilizon_POSTGRES_PASSWORD}" "${mobilizon_POSTGRES_DB}" mobilizon postgres
. $KAZ_BIN_DIR/getPasswords.sh mobilizonDB
saveDB ${mobilizonDBName} "${mobilizonDB_POSTGRES_USER}" "${mobilizonDB_POSTGRES_PASSWORD}" "${mobilizonDB_POSTGRES_DB}" mobilizon postgres
;;
peertube)
echo "save peertube"
saveDB ${peertubeDBName} "${peertube_POSTGRES_USER}" "${peertube_POSTGRES_PASSWORD}" "${PEERTUBE_DB_HOSTNAME}" peertube postgres
. $KAZ_BIN_DIR/getPasswords.sh peertubeDB
saveDB ${peertubeDBName} "${peertubeDB_POSTGRES_USER}" "${peertubeDB_POSTGRES_PASSWORD}" "${peertubeDB_PEERTUBE_DB_HOSTNAME}" peertube postgres
;;
mastodon)
echo "save mastodon"
saveDB ${mastodonDBName} "${mastodon_POSTGRES_USER}" "${mastodon_POSTGRES_PASSWORD}" "${mastodon_POSTGRES_DB}" mastodon postgres
. $KAZ_BIN_DIR/getPasswords.sh mastodonDB
saveDB ${mastodonDBName} "${mastodonDB_POSTGRES_USER}" "${mastodonDB_POSTGRES_PASSWORD}" "${mastodonDB_POSTGRES_DB}" mastodon postgres
;;
roundcube)
echo "save roundcube"
saveDB ${roundcubeDBName} "${roundcube_MYSQL_USER}" "${roundcube_MYSQL_PASSWORD}" "${roundcube_MYSQL_DATABASE}" roundcube mysql
. $KAZ_BIN_DIR/getPasswords.sh roundcubeDB
saveDB ${roundcubeDBName} "${roundcubeDB_MYSQL_USER}" "${roundcubeDB_MYSQL_PASSWORD}" "${roundcubeDB_MYSQL_DATABASE}" roundcube mysql
;;
vaultwarden)
echo "save vaultwarden"
saveDB ${vaultwardenDBName} "${vaultwarden_MYSQL_USER}" "${vaultwarden_MYSQL_PASSWORD}" "${vaultwarden_MYSQL_DATABASE}" vaultwarden mysql
. $KAZ_BIN_DIR/getPasswords.sh vaultwardenDB
saveDB ${vaultwardenDBName} "${vaultwardenDB_MYSQL_USER}" "${vaultwardenDB_MYSQL_PASSWORD}" "${vaultwardenDB_MYSQL_DATABASE}" vaultwarden mysql
;;
dokuwiki)
# rien à faire (fichiers)
;;
*-orga)
ORGA=${compose%-orga}
echo "save ${ORGA}"
echo "save ${ORGA}"
if grep -q "cloud:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then
echo " => cloud"
saveDB "${ORGA}-DB" "${nextcloud_MYSQL_USER}" "${nextcloud_MYSQL_PASSWORD}" "${nextcloud_MYSQL_DATABASE}" "${ORGA}-cloud" mysql
. $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudDB
saveDB "${ORGA}-DB" "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" "${ORGA}-cloud" mysql
fi
if grep -q "agora:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then
echo " => mattermost"
saveDB "${ORGA}-DB" "${mattermost_MYSQL_USER}" "${mattermost_MYSQL_PASSWORD}" "${mattermost_MYSQL_DATABASE}" "${ORGA}-mattermost" mysql
. $KAZ_KEY_DIR/orgas/$ORGA/env-mattermostDB
saveDB "${ORGA}-DB" "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" "${ORGA}-mattermost" mysql
fi
if grep -q "wordpress:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then
echo " => wordpress"
saveDB "${ORGA}-DB" "${wp_MYSQL_USER}" "${wp_MYSQL_PASSWORD}" "${wp_MYSQL_DATABASE}" "${ORGA}-wordpress" mysql
. $KAZ_KEY_DIR/orgas/$ORGA/env-wpDB
saveDB "${ORGA}-DB" "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" "${ORGA}-wordpress" mysql
fi
if grep -q "spip:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then
echo " => spip"
. $KAZ_KEY_DIR/orgas/$ORGA/env-spipDB
saveDB "${ORGA}-DB" "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" "${ORGA}-spip" mysql
fi
;;
esac

81
bin/createDBUsers.sh Executable file
View File

@@ -0,0 +1,81 @@
#!/bin/bash
KAZ_ROOT=$(cd $(dirname $0)/..; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars
# pour mise au point
# SIMU=echo
# Améliorations à prévoir
# - donner en paramètre les services concernés (pour limité les modifications)
# - pour les DB si on déclare un nouveau login, alors les privilèges sont créé mais les anciens pas révoqués
. "${DOCKERS_ENV}"
createMysqlUser(){
# $1 = envName
# $2 = containerName of DB
. $KAZ_KEY_DIR/env-$1
# seulement si pas de mdp pour root
# pb oeuf et poule (il faudrait les anciennes valeurs) :
# * si rootPass change, faire à la main
# * si dbName change, faire à la main
checkDockerRunning "$2" "$2" || return
echo "change DB pass on docker $2"
echo "grant all privileges on ${MYSQL_DATABASE}.* to '${MYSQL_USER}' identified by '${MYSQL_PASSWORD}';" | \
docker exec -i $2 bash -c "mysql --user=root --password=${MYSQL_ROOT_PASSWORD}"
}
framadateUpdate(){
[[ "${COMP_ENABLE}" =~ " framadate " ]] || return
if [ ! -f "${DOCK_LIB}/volumes/framadate_dateConfig/_data/config.php" ]; then
return 0
fi
.$KAZ_BIN_DIR/getPasswords.sh framadateDB framadateServ
checkDockerRunning "${framadateServName}" "Framadate" &&
${SIMU} docker exec -ti "${framadateServName}" bash -c -i "htpasswd -bc /var/framadate/admin/.htpasswd ${framadateServ_HTTPD_USER} ${framadateServ_HTTPD_PASSWORD}"
${SIMU} sed -i \
-e "s/^#*const DB_USER[ ]*=.*$/const DB_USER= '${framadateDB_MYSQL_USER}';/g" \
-e "s/^#*const DB_PASSWORD[ ]*=.*$/const DB_PASSWORD= '${framadateDB_MYSQL_PASSWORD}';/g" \
"${DOCK_LIB}/volumes/framadate_dateConfig/_data/config.php"
}
jirafeauUpdate(){
[[ "${COMP_ENABLE}" =~ " jirafeau " ]] || return
if [ ! -f "${DOCK_LIB}/volumes/jirafeau_fileConfig/_data/config.local.php" ]; then
return 0
fi
. $KAZ_BIN_DIR/getPasswords.sh jirafeauServ
SHA=$(echo -n "${jirafeauServ_HTTPD_PASSWORD}" | sha256sum | cut -d \ -f 1)
${SIMU} sed -i \
-e "s/'admin_password'[ ]*=>[ ]*'[^']*'/'admin_password' => '${SHA}'/g" \
"${DOCK_LIB}/volumes/jirafeau_fileConfig/_data/config.local.php"
}
####################
# main
createMysqlUser "etherpadDB" "${etherpadDBName}"
createMysqlUser "framadateDB" "${framadateDBName}"
createMysqlUser "giteaDB" "${gitDBName}"
createMysqlUser "mattermostDB" "${mattermostDBName}"
createMysqlUser "nextcloudDB" "${nextcloudDBName}"
createMysqlUser "roundcubeDB" "${roundcubeDBName}"
createMysqlUser "sympaDB" "${sympaDBName}"
createMysqlUser "vigiloDB" "${vigiloDBName}"
createMysqlUser "wpDB" "${wordpressDBName}"
createMysqlUser "vaultwardenDB" "${vaultwardenDBName}"
createMysqlUser "castopodDB" "${castopodDBName}"
createMysqlUser "spipDB" "${spipDBName}"
createMysqlUser "mastodonDB" "${mastodonDBName}"
framadateUpdate
jirafeauUpdate
exit 0

104
bin/createEmptyPasswd.sh
View File

@@ -1,104 +0,0 @@
#!/bin/bash
cd $(dirname $0)/..
mkdir -p emptySecret
rsync -aHAX --info=progress2 --delete secret/ emptySecret/
cd emptySecret/
. ../config/dockers.env
. ./SetAllPass.sh
# pour mise au point
# SIMU=echo
cleanEnvDB(){
# $1 = prefix
# $2 = envName
# $3 = containerName of DB
rootPass="--root_password--"
dbName="--database_name--"
userName="--user_name--"
userPass="--user_password--"
${SIMU} sed -i \
-e "s/MYSQL_ROOT_PASSWORD=.*/MYSQL_ROOT_PASSWORD=${rootPass}/g" \
-e "s/MYSQL_DATABASE=.*/MYSQL_DATABASE=${dbName}/g" \
-e "s/MYSQL_USER=.*/MYSQL_USER=${userName}/g" \
-e "s/MYSQL_PASSWORD=.*/MYSQL_PASSWORD=${userPass}/g" \
"$2"
}
cleanEnv(){
# $1 = prefix
# $2 = envName
for varName in $(grep "^[a-zA-Z_]*=" $2 | sed "s/^\([^=]*\)=.*/\1/g")
do
srcName="$1_${varName}"
srcVal="--clean_val--"
${SIMU} sed -i \
-e "s~^[ ]*${varName}=.*$~${varName}=${srcVal}~" \
"$2"
done
}
cleanPasswd(){
${SIMU} sed -i \
-e 's/^\([# ]*[^#= ]*\)=".[^{][^"]*"/\1="--clean_val--"/g' \
./SetAllPass.sh
}
####################
# main
# read -r -p "Do you want to remove all password? [Y/n] " input
# case $input in
# [yY][eE][sS]|[yY])
# echo "Remove all password"
# ;;
# [nN][oO]|[nN])
# echo "Abort"
# ;;
# *)
# echo "Invalid input..."
# exit 1
# ;;
# esac
cleanPasswd
cleanEnvDB "etherpad" "./env-${etherpadDBName}" "${etherpadDBName}"
cleanEnvDB "framadate" "./env-${framadateDBName}" "${framadateDBName}"
cleanEnvDB "git" "./env-${gitDBName}" "${gitDBName}"
cleanEnvDB "mattermost" "./env-${mattermostDBName}" "${mattermostDBName}"
cleanEnvDB "nextcloud" "./env-${nextcloudDBName}" "${nextcloudDBName}"
cleanEnvDB "roundcube" "./env-${roundcubeDBName}" "${roundcubeDBName}"
cleanEnvDB "sso" "./env-${ssoDBName}" "${ssoDBName}"
cleanEnvDB "sympa" "./env-${sympaDBName}" "${sympaDBName}"
cleanEnvDB "vigilo" "./env-${vigiloDBName}" "${vigiloDBName}"
cleanEnvDB "wp" "./env-${wordpressDBName}" "${wordpressDBName}"
cleanEnv "etherpad" "./env-${etherpadServName}"
cleanEnv "gandi" "./env-gandi"
cleanEnv "jirafeau" "./env-${jirafeauServName}"
cleanEnv "mattermost" "./env-${mattermostServName}"
cleanEnv "nextcloud" "./env-${nextcloudServName}"
cleanEnv "office" "./env-${officeServName}"
cleanEnv "roundcube" "./env-${roundcubeServName}"
cleanEnv "sso" "./env-${ssoServName}"
cleanEnv "vigilo" "./env-${vigiloServName}"
cleanEnv "wp" "./env-${wordpressServName}"
cat > allow_admin_ip <<EOF
# ip for admin access only
# local test
allow 127.0.0.0/8;
allow 192.168.0.0/16;
EOF
chmod -R go= .
chmod -R +X .

7
bin/createSrcDocker.sh
View File

@@ -3,14 +3,13 @@
cd $(dirname $0)
./setOwner.sh
./createEmptyPasswd.sh
cd ../..
FILE_NAME="/tmp/$(date +'%Y%M%d')-KAZ.tar.bz2"
FILE_NAME="/tmp/$(date +'%Y%m%d')-KAZ.tar.bz2"
tar -cjf "${FILE_NAME}" --transform s/emptySecret/secret/ \
./kaz/emptySecret/ ./kaz/bin ./kaz/config ./kaz/dockers
tar -cjf "${FILE_NAME}" --transform s/secret.tmpl/secret/ \
./kaz/secret.tmpl/ ./kaz/bin ./kaz/config ./kaz/dockers
ls -l "${FILE_NAME}"

42
bin/createUser.sh
View File

@@ -37,7 +37,9 @@ setKazVars
cd "${KAZ_ROOT}"
. "${DOCKERS_ENV}"
. "${KAZ_KEY_DIR}/SetAllPass.sh"
. $KAZ_BIN_DIR/getPasswords.sh ldapServ sympaServ paheko
# DOCK_DIR="${KAZ_COMP_DIR}" # ???
@@ -221,6 +223,7 @@ dos2unix "${TFILE_MM}"
echo "done"
# se connecter à l'agora pour ensuite pouvoir passer toutes les commandes mmctl
. $KAZ_KEY_DIR/env-mattermostAdmin
echo "docker exec -i mattermostServ bin/mmctl auth login ${httpProto}://${URL_AGORA} --name local-server --username ${mattermost_user} --password ${mattermost_pass}" | tee -a "${CMD_INIT}"
# vérif des emails
@@ -393,9 +396,9 @@ nextcloudEnabled: TRUE\n\
nextcloudQuota: ${QUOTA} GB\n\
mobilizonEnabled: TRUE\n\
agoraEnabled: TRUE\n\
userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldap_LDAP_ADMIN_PASSWORD}" | tee -a "${CMD_LOGIN}"
userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}" | tee -a "${CMD_LOGIN}"
fi
#userPassword: {CRYPT}\$6\$${pass}\n\n\" | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldap_LDAP_CONFIG_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldap_LDAP_CONFIG_ADMIN_PASSWORD}" | tee -a "${CMD_LOGIN}"
#userPassword: {CRYPT}\$6\$${pass}\n\n\" | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldapServ_LDAP_CONFIG_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldapServ_LDAP_CONFIG_ADMIN_PASSWORD}" | tee -a "${CMD_LOGIN}"
CREATE_ORGA_SERVICES=""
@@ -424,15 +427,16 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$
MESSAGE_MAIL_ORGA_1="${MESSAGE_MAIL_ORGA_1}${NL}* un bureau virtuel pour stocker des fichiers/calendriers/contacts et partager avec vos connaissances : ${httpProto}://${URL_NC}"
# le user existe t-il déjà sur NC ?
curl -o "${TEMP_USER_NC}" -X GET -H 'OCS-APIRequest:true' "${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users?search=${IDENT_KAZ}"
. $KAZ_KEY_DIR/env-nextcloudServ
curl -o "${TEMP_USER_NC}" -X GET -H 'OCS-APIRequest:true' "${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users?search=${IDENT_KAZ}"
if grep -q "<element>${IDENT_KAZ}</element>" "${TEMP_USER_NC}"; then
echo "${IDENT_KAZ} existe déjà sur ${URL_NC}" | tee -a "${LOG}"
else
# on créé l'utilisateur sur NC sauf si c'est le NC général, on ne créé jamais l'utilisateur7
if [ ${URL_NC} != "${cloudHost}.${domain}" ]; then
echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users \
. $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudServ
echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users \
-d userid='${IDENT_KAZ}' \
-d displayName='${PRENOM} ${NOM}' \
-d password='${PASSWORD}' \
@@ -445,19 +449,22 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$
# s'il est admin de son orga, on le met admin
if [ "${service[ADMIN_ORGA]}" == "O" -a "${ORGA}" != "" -a "${service[NC_ORGA]}" == "O" ]; then
echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://${nextcloud_NEXTCLOUD_ADMIN_USER}:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users/${IDENT_KAZ}/groups -d groupid='admin'" | tee -a "${CMD_INIT}"
. $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudServ
echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users/${IDENT_KAZ}/groups -d groupid='admin'" | tee -a "${CMD_INIT}"
fi
# faut-il mettre le user NC dans un groupe particulier sur le NC de base ?
if [ "${GROUPE_NC_BASE}" != "" -a "${service[NC_BASE]}" == "O" ]; then
# ici on travaille à nouveau sur le NC commun, donc on rechoppe les bons mdp
. $KAZ_KEY_DIR/env-nextcloudServ
# le groupe existe t-il déjà ?
curl -o "${TEMP_GROUP_NC}" -X GET -H 'OCS-APIRequest:true' "${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/groups?search=${GROUPE_NC_BASE}"
curl -o "${TEMP_GROUP_NC}" -X GET -H 'OCS-APIRequest:true' "${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/groups?search=${GROUPE_NC_BASE}"
nb=$(grep "<element>${GROUPE_NC_BASE}</element>" "${TEMP_GROUP_NC}" | wc -l)
if [ "${nb}" == "0" ];then
echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/groups -d groupid=${GROUPE_NC_BASE}" | tee -a "${CMD_INIT}"
echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/groups -d groupid=${GROUPE_NC_BASE}" | tee -a "${CMD_INIT}"
fi
# puis attacher le user au groupe
echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users/${IDENT_KAZ}/groups -d groupid=${GROUPE_NC_BASE}" | tee -a "${CMD_INIT}"
echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users/${IDENT_KAZ}/groups -d groupid=${GROUPE_NC_BASE}" | tee -a "${CMD_INIT}"
fi
fi
@@ -483,7 +490,8 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$
# TODO : vérif existance user
# # le user existe t-il déjà sur le wp ?
# curl -o "${TEMP_USER_WP}" -X GET "${httpProto}://${wp_WORDPRESS_ADMIN_USER}:${wp_WORDPRESS_ADMIN_PASSWORD}@${URL_WP_ORGA}/ocs/v1.php/cloud/users?search=${IDENT_KAZ}"
# . $KAZ_BIN_DIR/getPasswords.sh wpServ
# curl -o "${TEMP_USER_WP}" -X GET "${httpProto}://${wpServ_WORDPRESS_ADMIN_USER}:${wpServ_WORDPRESS_ADMIN_PASSWORD}@${URL_WP_ORGA}/ocs/v1.php/cloud/users?search=${IDENT_KAZ}"
# nb_user_wp_orga=$(grep "<element>${IDENT_KAZ}</element>" "${TEMP_USER_WP}" | wc -l)
# if [ "${nb_user_wp_orga}" != "0" ];then
# (
@@ -501,7 +509,7 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$
# ) | tee -a "${LOG}"
#
# # on supprime l'utilisateur sur NC.
# echo "curl -X DELETE -H 'OCS-APIRequest:true' ${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users \
# echo "curl -X DELETE -H 'OCS-APIRequest:true' ${httpProto}://admin:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users \
# -d userid='${IDENT_KAZ}' \
# " | tee -a "${CMD_INIT}"
# fi
@@ -619,13 +627,13 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$
# docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=https://listes.kaz.sns/sympasoap --trusted_application=SOAP_USER --trusted_application_password=SOAP_PASSWORD --proxy_vars="USER_EMAIL=contact1@kaz.sns" --service=which
if [[ "${mode}" = "dev" ]]; then
echo "# DEV, on teste l'inscription à sympa"| tee -a "${CMD_SYMPA}"
LISTMASTER=$(echo ${sympa_LISTMASTERS} | cut -d',' -f1)
echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\"" | tee -a "${CMD_SYMPA}"
LISTMASTER=$(echo ${sympaServ_LISTMASTERS} | cut -d',' -f1)
echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\"" | tee -a "${CMD_SYMPA}"
else
echo "# PROD, on inscrit à sympa"| tee -a "${CMD_SYMPA}"
LISTMASTER=$(echo ${sympa_LISTMASTERS} | cut -d',' -f1)
echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\"" | tee -a "${CMD_SYMPA}"
echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SECOURS}\"" | tee -a "${CMD_SYMPA}"
LISTMASTER=$(echo ${sympaServ_LISTMASTERS} | cut -d',' -f1)
echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\"" | tee -a "${CMD_SYMPA}"
echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SECOURS}\"" | tee -a "${CMD_SYMPA}"
fi
if [ "${service[ADMIN_ORGA]}" == "O" ]; then

1
bin/gestContainers.sh
View File

@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
. $KAZ_ROOT/secret/env-kaz
PRG=$(basename $0)

2
bin/gestContainers_v2.sh
View File

@@ -7,7 +7,7 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
PRG=$(basename $0)

90
bin/gestUsers.sh
View File

@@ -8,7 +8,7 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
setKazVars
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
. $KAZ_BIN_DIR/getPasswords.sh ldapServ nextcloudServ sympaServ paheko
VERSION="18-05-2025"
PRG=$(basename $0)
@@ -24,7 +24,7 @@ URL_PAHEKO="$httpProto://${paheko_API_USER}:${paheko_API_PASSWORD}@kaz-paheko.$(
NL_LIST=infos@listes.kaz.bzh
URL_AGORA_API=${URL_AGORA}/api/v4
EQUIPE=kaz
LISTMASTER=$(echo ${sympa_LISTMASTERS} | cut -d',' -f1)
LISTMASTER=$(echo ${sympaServ_LISTMASTERS} | cut -d',' -f1)
#### Test du serveur sur lequel s' execute le script ####
@@ -47,6 +47,8 @@ rm -rf /tmp/*.json
############################################ Fonctions #######################################################
ExpMail() {
. $KAZ_KEY_DIR/env-mail
MAIL_DEST=$1
MAIL_SUJET=$2
MAIL_TEXTE=$3
@@ -58,6 +60,7 @@ ExpMail() {
}
PostMattermost() {
. $KAZ_KEY_DIR/env-mattermostAdmin
PostM=$1
CHANNEL=$2
TEAMID=$(curl -s -H "Authorization: Bearer ${mattermost_token}" "${URL_AGORA_API}/teams/name/${EQUIPE}" | jq .id | sed -e 's/"//g')
@@ -91,8 +94,8 @@ searchEmail() {
fi
done
ldapsearch -H ldap://${LDAP_IP} \
-x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${ldap_LDAP_ADMIN_PASSWORD}" \
-x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
-b "${ldap_root}" "(&(objectclass=${SEARCH_OBJECT_CLASS})(cn=*${RMAIL}*))" cn | grep ^cn | sed -e 's/^cn: //' >$TFILE_EMAILS
COMPTEUR_LIGNE=0
while read LIGNE
@@ -136,7 +139,8 @@ searchEmail() {
searchMattermost() {
#Ici $1 est une adresse email
docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings auth login $httpProto://$URL_AGORA --name local-server --username $mattermost_user --password $mattermost_pass >/dev/null 2>&1
. $KAZ_KEY_DIR/env-mattermostAdmin
docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings auth login $httpProto://$URL_AGORA --name local-server --username $mattermost_user --password $mattermost_pass >/dev/null 2>&1
docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings config set ServiceSettings.EnableAPIUserDeletion "true" >/dev/null 2>&1
#on créé la list des mails dans mattermost
docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings user list --all >${TFILE_MAILS_MATTERMOST} 2>/dev/null
@@ -182,12 +186,12 @@ infoEmail() {
printKazMsg " DETAILS DU COMPTE DANS NEXTCLOUD PRINCIPAL"
echo -e ""
#TEMP_USER_NC=$(mktemp /tmp/$RACINE.XXXXXXXXX.TEMP_USER_NC)
#curl -s -o $TEMP_USER_NC -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloud_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=$CHOIX_MAIL
#curl -s -o $TEMP_USER_NC -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=$CHOIX_MAIL
#cat $TEMP_USER_NC | grep -i "element" | sed -e s/[\<\>\/]//g | sed -e s/element//g
echo -ne "${NC}"
echo -ne " - Nextcloud enable : "
echo -ne "${GREEN}"
ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i nextcloudEnabled | cut -c 18-30
ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i nextcloudEnabled | cut -c 18-30
echo -ne "${NC}"
echo -e "${NC} ------------------------------------------------"
printKazMsg " DETAILS DU COMPTE DANS LDAP ET PAHEKO"
@@ -203,11 +207,11 @@ infoEmail() {
echo -ne "${NC}"
echo -n " - Quota Mail (Ldap) : "
echo -ne "${GREEN}"
ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i mailquota | cut -c 11-60
ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i mailquota | cut -c 11-60
echo -ne "${NC}"
echo -n " - Quota Nextcloud (Ldap) : "
echo -ne "${GREEN}"
ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i nextcloudquota | cut -c 17-60
ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i nextcloudquota | cut -c 17-60
echo -ne "${NC}"
echo -n " - Mail de secours (Paheko ): "
echo -ne "${GREEN}"
@@ -215,11 +219,11 @@ infoEmail() {
echo -ne "${NC}"
echo -n " - Mail de secours (Ldap): "
echo -ne "${GREEN}"
ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i maildeSecours | sed -e 's/mailDeSecours://'
ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i maildeSecours | sed -e 's/mailDeSecours://'
echo -ne "${NC}"
echo -n " - Alias (Ldap) : "
echo -ne "${GREEN}"
LDAP_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i alias | cut -c 11-60)
LDAP_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i alias | cut -c 11-60)
echo -ne "${NC}"
echo -ne "${GREEN}"
for ldap_alias in ${LDAP_ALIAS}
@@ -239,8 +243,8 @@ infoEmail() {
echo "------------------------------------------------"
echo " Alias : ${CHOIX_MAIL} "
echo ""
for INFOALIAS in $(ldapsearch -H ldap://${LDAP_IP} -x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${ldap_LDAP_ADMIN_PASSWORD}" -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${CHOIX_MAIL}*))" mail \
for INFOALIAS in $(ldapsearch -H ldap://${LDAP_IP} -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${CHOIX_MAIL}*))" mail \
| grep ^mail: | sed -e 's/^mail://')
do
echo -ne "=====> ${GREEN} "
@@ -307,12 +311,12 @@ searchDestroy() {
fi
echo -e "${NC}"
echo -e "Recherche de ${GREEN} ${REP_SEARCH_DESTROY} ${NC} dans nextcloud"
USER_NEXTCLOUD_SUPPR=$(curl -s -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloud_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=${REP_SEARCH_DESTROY} | grep element | sed -s 's/[ \<\>\/]//g' | sed 's/element//g')
USER_NEXTCLOUD_SUPPR=$(curl -s -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=${REP_SEARCH_DESTROY} | grep element | sed -s 's/[ \<\>\/]//g' | sed 's/element//g')
if [ ! -z ${USER_NEXTCLOUD_SUPPR} ]
then
printKazMsg "le user trouvé est : ${USER_NEXTCLOUD_SUPPR}"
echo -e "${RED} Suppresion de ${USER_NEXTCLOUD_SUPPR}"
curl -H 'OCS-APIREQUEST: true' -X DELETE $httpProto://admin:$nextcloud_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users/${USER_NEXTCLOUD_SUPPR} >/dev/null 2>&1
curl -H 'OCS-APIREQUEST: true' -X DELETE $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users/${USER_NEXTCLOUD_SUPPR} >/dev/null 2>&1
if [ "$?" -eq "0" ]
then
printKazMsg "Suppresion ok"
@@ -327,7 +331,7 @@ searchDestroy() {
echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans la liste info de sympa"
echo -e "${NC}"
echo ""
docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${REP_SEARCH_DESTROY}"
docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${REP_SEARCH_DESTROY}"
echo -e "${NC}"
echo ""
echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans le serveur de mail"
@@ -344,7 +348,7 @@ searchDestroy() {
echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans le ldap"
echo -e "${NC}"
echo ""
ldapdelete -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" "cn=${REP_SEARCH_DESTROY},ou=users,${ldap_root}"
ldapdelete -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" "cn=${REP_SEARCH_DESTROY},ou=users,${ldap_root}"
if [ "$?" -eq "0" ]
then
printKazMsg "Suppresion ok"
@@ -377,8 +381,8 @@ gestPassword() {
# MAIL_SECOURS=$(jq .results[].email_secours $FICMAILSECOURS | sed -e 's/\"//g')
MAIL_SECOURS=$(ldapsearch -H ldap://${LDAP_IP} \
-x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${ldap_LDAP_ADMIN_PASSWORD}" \
-x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
-b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=*${CHOIX_MAIL}*))" | grep ^mailDeSecours | sed -e 's/^mailDeSecours: //')
if [ "$MAIL_SECOURS" = "" ]
then
@@ -405,19 +409,19 @@ gestPassword() {
fi
if [ "$SEARCH_RESET_INPUT" = "o" ] || [ "$SEARCH_RESET_INPUT" = "O" ]
then
USER_NEXTCLOUD_MODIF=$(curl -s -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloud_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=${COMPTE_A_MODIFIER} | grep element | sed -e 's/[ \<\>\/]//g' -e 's/element//g')
USER_NEXTCLOUD_MODIF=$(curl -s -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=${COMPTE_A_MODIFIER} | grep element | sed -e 's/[ \<\>\/]//g' -e 's/element//g')
echo -e "$GREEN Compte à modifier = $RED ${COMPTE_A_MODIFIER} ${NC}"
echo -e "$GREEN Mail de secours = $RED ${MAIL_SECOURS} ${NC}"
echo -e "$GREEN Compte $RED $(searchMattermost $COMPTE_A_MODIFIER) ${NC}"
echo -e "$GREEN Compte Nextcloud $RED ${USER_NEXTCLOUD_MODIF} ${NC}"
echo -e "$GREEN Le mot de passe sera = $RED ${PASSWORD} ${NC}"
docker exec -ti mattermostServ bin/mmctl user change-password $(searchMattermost $COMPTE_A_MODIFIER) -p $PASSWORD >/dev/null 2>&1
curl -H 'OCS-APIREQUEST: true' -X PUT $httpProto://admin:$nextcloud_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users/${USER_NEXTCLOUD_MODIF} -d key=password -d value=${PASSWORD} >/dev/null 2>&1
curl -H 'OCS-APIREQUEST: true' -X PUT $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users/${USER_NEXTCLOUD_MODIF} -d key=password -d value=${PASSWORD} >/dev/null 2>&1
pass=$(mkpasswd -m sha512crypt ${PASSWORD})
echo -e "\n\ndn: cn=${COMPTE_A_MODIFIER},ou=users,${ldap_root}\n\
changeType: modify\n\
replace: userPassword\n\
userPassword: {CRYPT}${pass}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}"
userPassword: {CRYPT}${pass}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}"
echo -e "Envoi d'un message dans mattermost pour la modification du mot de passe"
docker exec -ti mattermostServ bin/mmctl post create kaz:Creation-Comptes --message "Le mot de passe du compte ${COMPTE_A_MODIFIER} a été modifié" >/dev/null 2>&1
if [ $ADRESSE_SEC == "OUI" ]
@@ -465,8 +469,8 @@ createMail() {
if [[ ${EMAIL_SOUHAITE} =~ ${regexMail} ]]
then
ldapsearch -H ldap://${LDAP_IP} \
-x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${ldap_LDAP_ADMIN_PASSWORD}" \
-x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
-b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=${EMAIL_SOUHAITE}))" cn | grep ^cn | sed -e 's/^cn: //' >$TFILE_EMAILS
if grep -q "^${EMAIL_SOUHAITE}$" "${TFILE_EMAILS}"
then
@@ -564,7 +568,7 @@ nextcloudEnabled: ${TRUE_KAZ}\n\
nextcloudQuota: ${QUOTA} GB\n\
mobilizonEnabled: ${TRUE_KAZ}\n\
agoraEnabled: ${TRUE_KAZ}\n\
userPassword: {CRYPT}${LDAPPASS}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldap_LDAP_ADMIN_PASSWORD}" >${TFILE_CREATE_MAIL}
userPassword: {CRYPT}${LDAPPASS}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}" >${TFILE_CREATE_MAIL}
# on execute le fichier avec les données ldap pour créer l' entrée dans l' annuaire
bash ${TFILE_CREATE_MAIL} >/dev/null
# on colle le compte et le mot de passe dans le fichier
@@ -610,12 +614,12 @@ createAlias() {
if [[ ${AMAIL} =~ ${regexMail} ]]
then
RESU_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} \
-x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${ldap_LDAP_ADMIN_PASSWORD}" \
-x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
-b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${AMAIL}*))" | grep ^cn | sed -e 's/^cn: //')
RESU_ALIAS_IS_MAIL=$(ldapsearch -H ldap://${LDAP_IP} \
-x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${ldap_LDAP_ADMIN_PASSWORD}" \
-x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
-b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=*${AMAIL}*))" cn | grep ^cn | sed -e 's/^cn: //')
if echo ${RESU_ALIAS} | grep -q "^${AMAIL}$" || echo ${RESU_ALIAS_IS_MAIL} | grep -q "^${AMAIL}$"
@@ -690,7 +694,7 @@ changeType: add\n\
objectClass: organizationalRole\n\
objectClass: PostfixBookMailForward\n\
mailAlias: ${AMAIL}\n\
${LDAPALAISMAIL}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldap_LDAP_ADMIN_PASSWORD}
${LDAPALAISMAIL}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}
fait=1
printKazMsg "Création de ${AMAIL}"
sleep 3
@@ -722,8 +726,8 @@ delAlias() {
if [[ ${RALIAS} =~ ${regexMail} ]]
then
RESU_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} \
-x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${ldap_LDAP_ADMIN_PASSWORD}" \
-x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
-b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=${RALIAS}))" cn | grep ^cn | sed -e 's/^cn: //')
if [ ! -z ${RESU_ALIAS} ]
then
@@ -733,7 +737,7 @@ delAlias() {
read -p "suppression de ${RESU_ALIAS} ? (o/n): " REPDELALIAS
case "${REPDELALIAS}" in
o | O )
ldapdelete -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" "cn=${RESU_ALIAS},ou=mailForwardings,${ldap_root}"
ldapdelete -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" "cn=${RESU_ALIAS},ou=mailForwardings,${ldap_root}"
printKazMsg "suppression ${RESU_ALIAS} effectuée"
sleep 2
faitdel=1
@@ -769,8 +773,8 @@ modifyAlias()
ACHANGE=0
searchEmail alias
LISTE_MAIL_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} \
-x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${ldap_LDAP_ADMIN_PASSWORD}" \
-x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
-b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${CHOIX_MAIL}*))" \
| grep -i ^mail: | sed -e 's/^mail: /_/' | tr -d [:space:] | sed -s 's/_/ /g')
echo "-------------------------------------------------------------------"
@@ -845,8 +849,8 @@ modifyAlias()
echo "mail: ${key}" >>${FIC_MODIF_LDIF}
done
echo "-" >>${FIC_MODIF_LDIF}
ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
-x -w ${ldap_LDAP_ADMIN_PASSWORD} \
ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-x -w ${ldapServ_LDAP_ADMIN_PASSWORD} \
-f ${FIC_MODIF_LDIF} >/dev/null
else
printKazMsg "Pas de changement"
@@ -872,8 +876,8 @@ updateUser() {
for attribut in mailDeSecours mailAlias mailQuota nextcloudQuota
do
ATTRIB+=([${attribut}]=$(ldapsearch -H ldap://${LDAP_IP} \
-x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${ldap_LDAP_ADMIN_PASSWORD}" \
-x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
-b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=*${CHOIX_MAIL}*))" \
| grep ^"${attribut}": | sed -e 's/^'${attribut}': //' | tr -s '[:space:]' ' ' ))
# si l' attribut est mailDesecours on l' attrape et on on le stocke pour pouvoir l' enlever de sympa
@@ -1056,15 +1060,15 @@ updateUser() {
done
cat ${FIC_MODIF_LDIF}
sleep 3
ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
-x -w ${ldap_LDAP_ADMIN_PASSWORD} \
ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-x -w ${ldapServ_LDAP_ADMIN_PASSWORD} \
-f ${FIC_MODIF_LDIF}
if [ ! -z ${MAILDESECOURS} ]
then
# suppression du mail de secours de la liste infos
docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${MAILDESECOURSACTUEL}"
docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${MAILDESECOURSACTUEL}"
# ajout de l' adresse de la nouvelle adresse de secours
docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=add --service_parameters="${NL_LIST},${MAILDESECOURS}"
docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=add --service_parameters="${NL_LIST},${MAILDESECOURS}"
fi
updateUser
fi

94
bin/getPasswords.sh Executable file
View File

@@ -0,0 +1,94 @@
#!/bin/bash
#Ki: Gael
#Kan: 2025
#Koi: gestion mots de passe
KAZ_ROOT=/kaz
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
QUIET=1
usage() {
echo "getPasswords.sh [OPTIONS] [envname ...]
Récupère les variables d'environnement présentes dans /kaz/secret/env-envname et crée des variables à partir de ces noms là.
Les variables sont du type envname_NOMVARIABLE=valeur
On peut passer plusieurs fichiers env, à partir du moment ou ils sont tous dans le même répertoire !
OPTIONS
-h|--help Cette aide :-)
-n|--simu SIMULATION
-d foldername prend les envfiles dans un sous dossier /kaz/secret/foldername/ (pour les orgas !)
Les variables seront du type foldername-envname_NOMVARIABLE=valeur
-e varname Affiche le contenu d'une variable en particulier
"
}
if [ ! -d "${KAZ_KEY_DIR}/tmp" ]; then
mkdir "${KAZ_KEY_DIR}/tmp"
fi
for ARG in "$@"; do
if [ -n "${DIRECTORYARG}" ]; then # après un -d
SUBDIRECTORY="${ARG}"
unset DIRECTORYARG
elif [ -n "${ECHOVARARG}" ]; then # après un -e
VARTOECHO="${ARG}"
unset ECHOVARARG
QUIET="/dev/null" # pour ne pas avoir d'autres bruits ...
else
case "${ARG}" in
'-d' | '--directory' | '-f' | '--folder' | '--foldername')
DIRECTORYARG="ON ATTEND UN REPERTOIRE APRES CA" ;;
'-h' | '--help' )
usage && exit ;;
'-n' | '--simu')
SIMU="echo" ;;
'-e' | '--echo')
ECHOVARARG="ON ATTEND UNE UN NOM DE VARIABLE APRES CA" ;;
'-q' )
QUIET="/dev/null" ;;
*)
ENVFILES="${ENVFILES} ${ARG%}";;
esac
fi
done
getVars () {
# $1 : filename
grep "^[^#]*=" $1 | sed 's/\([^=]*\).*/\1/' | sort -u
}
NB_FILES=$(echo "${ENVFILES}" | wc -w )
if [[ $NB_FILES = 0 ]]; then
usage
exit 1
fi
for ENVFILE in $ENVFILES; do
FILENAME="$KAZ_KEY_DIR/env-$ENVFILE"
VARSUFFIX="$ENVFILE"_
if [ -n "${SUBDIRECTORY}" ]; then
FILENAME="$KAZ_KEY_DIR/orgas/$SUBDIRECTORY/env-$ENVFILE"
VARSUFFIX="${SUBDIRECTORY}-${ENVFILE}_"
fi
if ! [ -f "$FILENAME" ]; then
echo "$FILENAME does not exist." >& $QUIET
continue
fi
. $FILENAME # on récupère les variables
vars=$(getVars $FILENAME)
for var in $vars; do
$SIMU declare $VARSUFFIX$var=${!var}
unset $var
done
unset FILENAME VARSUFFIX vars
done
if [ -n "$VARTOECHO" ]; then
echo ${!VARTOECHO}
fi
unset ENVFILES KAZ_ROOT SUBDIRECTORY SIMU QUIET NB_FILES VARTOECHO

3
bin/init.sh
View File

@@ -214,7 +214,6 @@ fi
if [ ! -d "${KAZ_ROOT}/secret" ]; then
rsync -a "${KAZ_ROOT}/secret.tmpl/" "${KAZ_ROOT}/secret/"
. "${KAZ_ROOT}/secret/SetAllPass.sh"
"${KAZ_BIN_DIR}/secretGen.sh"
"${KAZ_BIN_DIR}/updateDockerPassword.sh"
"${KAZ_BIN_DIR}/createDBUsers.sh"
fi

3
bin/interoPaheko.sh
View File

@@ -6,7 +6,8 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
setKazVars
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
. $KAZ_BIN_DIR/getPasswords.sh paheko
URL_PAHEKO="$httpProto://${paheko_API_USER}:${paheko_API_PASSWORD}@kaz-paheko.$(echo $domain)"

1
bin/ldap/ldap_sauve.sh
View File

@@ -7,6 +7,5 @@ setKazVars
FILE_LDIF=/home/sauve/ldap.ldif
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
docker exec -u 0 -i ${ldapServName} slapcat -F /opt/bitnami/openldap/etc/slapd.d -b ${ldap_root} | gzip >${FILE_LDIF}.gz

4
bin/ldap/ldapvi.sh
View File

@@ -5,7 +5,7 @@ KAZ_ROOT=/kaz
setKazVars
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
. $KAZ_BIN_DIR/getPasswords.sh ldapServ
LDAP_IP=$(docker inspect -f '{{.NetworkSettings.Networks.ldapNet.IPAddress}}' ldapServ)
@@ -20,4 +20,4 @@ EDITOR=${EDITOR:-vi}
EDITOR=${EDITOR:-vi}
export EDITOR=${EDITOR}
ldapvi -h $LDAP_IP -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -w ${ldap_LDAP_ADMIN_PASSWORD} --discover
ldapvi -h $LDAP_IP -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -w ${ldapServ_LDAP_ADMIN_PASSWORD} --discover

10
bin/ldap/migrate_to_ldap.sh
View File

@@ -8,7 +8,7 @@ KAZ_ROOT=/kaz
setKazVars
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
. $KAZ_BIN_DIR/getPasswords.sh ldapServ paheko
ACCOUNTS=/kaz/dockers/postfix/config/postfix-accounts.cf
@@ -126,7 +126,7 @@ replace: agoraEnabled\n\
agoraEnabled: TRUE\n\
-\n\
replace: mobilizonEnabled\n\
mobilizonEnabled: TRUE\n\n" | tee /tmp/ldap/${mail}.ldif | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldap_LDAP_ADMIN_PASSWORD}
mobilizonEnabled: TRUE\n\n" | tee /tmp/ldap/${mail}.ldif | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}
done
#replace: nextcloudEnabled\n\
@@ -164,7 +164,7 @@ do
echo -e "dn: cn=${mail},ou=users,${ldap_root}\n\
changeType: modify
replace: mailAlias\n\
$LIST\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldap_LDAP_ADMIN_PASSWORD}
$LIST\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}
else
echo "Alias vers un mail externe, go fichier"
echo $line >> ${ALIASES_WITHLDAP}
@@ -185,7 +185,7 @@ replace: mailAlias\n\
mailAlias: ${src}\n\
-\n\
replace: mail\n\
mail: ${dst}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldap_LDAP_ADMIN_PASSWORD}
mail: ${dst}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}
fi
else
echo "Forward vers plusieurs adresses, on met dans le fichier"
@@ -215,7 +215,7 @@ replace: mailAlias\n\
mailAlias: ${src}\n\
-\n\
replace: mail\n\
${LIST}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldap_LDAP_ADMIN_PASSWORD}
${LIST}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}
fi
done

6
bin/ldap/tests/nc_orphans.sh
View File

@@ -5,16 +5,16 @@ KAZ_ROOT=/kaz
setKazVars
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
. $KAZ_BIN_DIR/getPasswords.sh ldapServ nextcloudDB
LDAP_IP=$(docker inspect -f '{{.NetworkSettings.Networks.ldapNet.IPAddress}}' ldapServ)
docker exec -i nextcloudDB mysql --user=${nextcloud_MYSQL_USER} --password=${nextcloud_MYSQL_PASSWORD} ${nextcloud_MYSQL_DATABASE} <<< "select uid from oc_users;" > /tmp/nc_users.txt
docker exec -i nextcloudDB mysql --user=${nextcloudDB_MYSQL_USER} --password=${nextcloudDB_MYSQL_PASSWORD} ${nextcloudDB_MYSQL_DATABASE} <<< "select uid from oc_users;" > /tmp/nc_users.txt
OLDIFS=${IFS}
IFS=$'\n'
for line in `cat /tmp/nc_users.txt`; do
result=$(ldapsearch -h $LDAP_IP -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -w ${ldap_LDAP_ADMIN_PASSWORD} -b $ldap_root -x "(identifiantKaz=${line})" | grep numEntries)
result=$(ldapsearch -h $LDAP_IP -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -w ${ldapServ_LDAP_ADMIN_PASSWORD} -b $ldap_root -x "(identifiantKaz=${line})" | grep numEntries)
echo "${line} ${result}" | grep -v "numEntries: 1" | grep -v "^uid"
done
IFS=${OLDIFS}

17
bin/manageAgora.sh
View File

@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
#GLOBAL VARS
PRG=$(basename $0)
@@ -83,7 +82,8 @@ Init(){
[ $? -ne 0 ] && printKazError "$DockerServName ne parvient pas à démarrer correctement : impossible de terminer l'install" && return 1 >& $QUIET
# creation compte admin
${SIMU} curl -i -d "{\"email\":\"${mattermost_MM_ADMIN_EMAIL}\",\"username\":\"${mattermost_user}\",\"password\":\"${mattermost_pass}\",\"allow_marketing\":true}" "${MATTER_URL}/api/v4/users"
_getPasswords
${SIMU} curl -i -d "{\"email\":\"${mattermostServ_MM_ADMIN_EMAIL}\",\"username\":\"${mattermost_user}\",\"password\":\"${mattermost_pass}\",\"allow_marketing\":true}" "${MATTER_URL}/api/v4/users"
MM_TOKEN=$(_getMMToken ${MATTER_URL})
@@ -98,12 +98,13 @@ Version(){
_getMMToken(){
#$1 MATTER_URL
_getPasswords
${SIMU} curl -i -s -d "{\"login_id\":\"${mattermost_user}\",\"password\":\"${mattermost_pass}\"}" "${1}/api/v4/users/login" | grep 'token' | sed 's/token:\s*\(.*\)\s*/\1/' | tr -d '\r'
}
PostMessage(){
printKazMsg "Envoi à $TEAM : $MESSAGE" >& $QUIET
_getPasswords
${SIMU} docker exec -ti "${DockerServName}" bin/mmctl auth login "${MATTER_URL}" --name local-server --username ${mattermost_user} --password ${mattermost_pass}
${SIMU} docker exec -ti "${DockerServName}" bin/mmctl post create "${TEAM}" --message "${MESSAGE}"
}
@@ -113,6 +114,16 @@ MmctlCommand(){
${SIMU} docker exec -u 33 "$DockerServName" bin/mmctl $1
}
_getPasswords(){
# récupération des infos du compte admin
if [ -n "$AGORACOMMUN" ] ; then
. $KAZ_KEY_DIR/env-mattermostAdmin
. $KAZ_BIN_DIR/getPasswords.sh mattermostServ
else
. $KAZ_KEY_DIR/orgas/${ORGA}/env-mattermostAdmin
. $KAZ_BIN_DIR/getPasswords.sh -d ${ORGA} mattermostServ
fi
}
########## Main #################
for ARG in "$@"; do

16
bin/manageCastopod.sh
View File

@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
#GLOBAL VARS
PRG=$(basename $0)
@@ -63,11 +62,12 @@ Init(){
cookies=$(curl -c - ${POD_URL})
CSRF_TOKEN=$(curl --cookie <(echo "$cookies") ${POD_URL}/cp-install | grep "csrf_test_name" | sed "s/.*value=.//" | sed "s/.>//")
_getPasswords
#echo ${CSRF_TOKEN}
${SIMU} curl --cookie <(echo "$cookies") -X POST \
-d "username=${castopod_ADMIN_USER}" \
-d "password=${castopod_ADMIN_PASSWORD}" \
-d "email=${castopod_ADMIN_MAIL}" \
-d "username=${ADMIN_USER}" \
-d "password=${ADMIN_PASSWORD}" \
-d "email=${ADMIN_MAIL}" \
-d "csrf_test_name=${CSRF_TOKEN}" \
"${POD_URL}/cp-install/create-superadmin"
@@ -78,7 +78,13 @@ Version(){
echo "Version $DockerServName : ${GREEN}${VERSION}${NC}"
}
_getPasswords(){
if [ -n "$CASTOPOD_COMMUN" ]; then
. $KAZ_KEY_DIR/env-castopodAdmin
else
. $KAZ_KEY_DIR/orgas/$ORGA/env-castopodAdmin
fi
}
########## Main #################
for ARG in "$@"; do

35
bin/manageCloud.sh
View File

@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
#GLOBAL VARS
PRG=$(basename $0)
@@ -32,7 +31,7 @@ OPTIONS
-n|--simu SIMULATION
-q|--quiet On ne parle pas (utile avec le -n pour avoir que les commandes)
--nas L'orga se trouve sur le NAS !
COMMANDES (on peut en mettre plusieurs dans l'ordre souhaité)
-I|--install L'initialisation du cloud
-v|--version Donne la version du cloud et signale les MàJ
@@ -75,7 +74,7 @@ Init(){
CONF_FILE="${NAS_VOL}/orga_${ORGA}-cloudConfig/_data/config.php"
fi
firstInstall "$CLOUD_URL" "$CONF_FILE" " NextCloud de $NOM"
firstInstall "$CLOUD_URL" "$CONF_FILE" "$NOM"
updatePhpConf "$CONF_FILE"
InstallApplis
echo "${CYAN} *** Paramétrage richdocuments pour $ORGA${NC}" >& $QUIET
@@ -100,25 +99,38 @@ firstInstall(){
# $2 phpConfFile
# $3 orga
if ! grep -q "'installed' => true," "$2" 2> /dev/null; then
printKazMsg "\n *** Premier lancement de $3" >& $QUIET
printKazMsg "\n *** Premier lancement nextcloud $3" >& $QUIET
_getPasswords
${SIMU} waitUrl "$1"
${SIMU} curl -X POST \
-d "install=true" \
-d "adminlogin=${nextcloud_NEXTCLOUD_ADMIN_USER}" \
-d "adminpass=${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}" \
-d "adminlogin=${NEXTCLOUD_ADMIN_USER}" \
-d "adminpass=${NEXTCLOUD_ADMIN_PASSWORD}" \
-d "directory=/var/www/html/data" \
-d "dbtype=mysql" \
-d "dbuser=${nextcloud_MYSQL_USER}" \
-d "dbpass=${nextcloud_MYSQL_PASSWORD}" \
-d "dbname=${nextcloud_MYSQL_DATABASE}" \
-d "dbhost=${nextcloud_MYSQL_HOST}" \
-d "dbuser=${MYSQL_USER}" \
-d "dbpass=${MYSQL_PASSWORD}" \
-d "dbname=${MYSQL_DATABASE}" \
-d "dbhost=${MYSQL_HOST}" \
-d "install-recommended-apps=true" \
"$1"
fi
}
_getPasswords(){
if [ -n "$CLOUDCOMMUN" ]; then
. $KAZ_KEY_DIR/env-nextcloudServ
. $KAZ_KEY_DIR/env-nextcloudDB
else
. $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudServ
. $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudDB
fi
}
setOfficeUrl(){
# Did le 25 mars les offices sont tous normalisé sur les serveurs https://${site}-${officeHost}.${domain}
#OFFICE_URL="https://${officeHost}.${domain}"
@@ -131,13 +143,14 @@ setOfficeUrl(){
}
initLdap(){
. $KAZ_BIN_DIR/getPasswords.sh ldapServ
# $1 Nom du cloud
echo "${CYAN} *** Installation LDAP pour $1${NC}" >& $QUIET
occCommand "app:enable user_ldap" "${DockerServName}"
occCommand "ldap:delete-config s01" "${DockerServName}"
occCommand "ldap:create-empty-config" "${DockerServName}"
occCommand "ldap:set-config s01 ldapAgentName cn=cloud,ou=applications,${ldap_root}" "${DockerServName}"
occCommand "ldap:set-config s01 ldapAgentPassword ${ldap_LDAP_CLOUD_PASSWORD}" "${DockerServName}"
occCommand "ldap:set-config s01 ldapAgentPassword ${ldapServ_LDAP_CLOUD_PASSWORD}" "${DockerServName}"
occCommand "ldap:set-config s01 ldapBase ${ldap_root}" "${DockerServName}"
occCommand "ldap:set-config s01 ldapBaseGroups ${ldap_root}" "${DockerServName}"
occCommand "ldap:set-config s01 ldapBaseUsers ou=users,${ldap_root}" "${DockerServName}"

19
bin/manageWiki.sh
View File

@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
#GLOBAL VARS
PRG=$(basename $0)
@@ -55,15 +54,7 @@ Init(){
PLG_DIR="${VOL_PREFIX}wikiPlugins/_data"
CONF_DIR="${VOL_PREFIX}wikiConf/_data"
# Gael, j'avais ajouté ça mais j'ai pas test alors je laisse comme avant ...
# A charge au prochain qui monte un wiki de faire qque chose
#WIKI_ROOT="${dokuwiki_WIKI_ROOT}"
#WIKI_EMAIL="${dokuwiki_WIKI_EMAIL}"
#WIKI_PASS="${dokuwiki_WIKI_PASSWORD}"
WIKI_ROOT=Kaz
WIKI_EMAIL=wiki@kaz.local
WIKI_PASS=azerty
. $KAZ_BIN_DIR/getPasswords.sh dokuwiki
${SIMU} checkDockerRunning "${DockerServName}" "${NOM}" || exit
@@ -77,11 +68,11 @@ Init(){
-d "l=fr" \
-d "d[title]=${NOM}" \
-d "d[acl]=true" \
-d "d[superuser]=${WIKI_ROOT}" \
-d "d[superuser]=${dokuwiki_WIKI_ROOT}" \
-d "d[fullname]=Admin"\
-d "d[email]=${WIKI_EMAIL}" \
-d "d[password]=${WIKI_PASS}" \
-d "d[confirm]=${WIKI_PASS}" \
-d "d[email]=${dokuwiki_WIKI_EMAIL}" \
-d "d[password]=${dokuwiki_WIKI_PASSWORD}" \
-d "d[confirm]=${dokuwiki_WIKI_PASSWORD}" \
-d "d[policy]=1" \
-d "d[allowreg]=false" \
-d "d[license]=0" \

9
bin/manageWp.sh
View File

@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
#GLOBAL VARS
PRG=$(basename $0)
@@ -61,11 +60,11 @@ Init(){
echo "\n *** Premier lancement de WP" >& $QUIET
${SIMU} waitUrl "${WP_URL}"
. $KAZ_BIN_DIR/getPasswords.sh wpServ
${SIMU} curl -X POST \
-d "user_name=${wp_WORDPRESS_ADMIN_USER}" \
-d "admin_password=${wp_WORDPRESS_ADMIN_PASSWORD}" \
-d "admin_password2=${wp_WORDPRESS_ADMIN_PASSWORD}" \
-d "user_name=${wpServ_WORDPRESS_ADMIN_USER}" \
-d "admin_password=${wpServ_WORDPRESS_ADMIN_PASSWORD}" \
-d "admin_password2=${wpServ_WORDPRESS_ADMIN_PASSWORD}" \
-d "pw_weak=true" \
-d "admin_email=admin@kaz.bzh" \
-d "blog_public=0" \

68
bin/migGestionMotsDePasse.sh Normal file
View File

@@ -0,0 +1,68 @@
#!/bin/bash
KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
newenvfile=$KAZ_KEY_DIR/env-mattermostAdmin
touch $newenvfile
echo "mattermost_user=$mattermost_user" >> $newenvfile
echo "mattermost_pass=$mattermost_pass" >> $newenvfile
echo "mattermost_token=$mattermost_token" >> $newenvfile
echo "EMAIL_CONTACT=$EMAIL_CONTACT" >> $DOCKERS_ENV
newenvfile=$KAZ_KEY_DIR/env-paheko
touch $newenvfile
echo "API_USER=$paheko_API_USER" >> $newenvfile
echo "API_PASSWORD=$paheko_API_PASSWORD" >> $newenvfile
newenvfile=$KAZ_KEY_DIR/env-mail
touch $newenvfile
echo "service_mail=$service_mail" >> $newenvfile
echo "service_password=$service_password" >> $newenvfile
newenvfile=$KAZ_KEY_DIR/env-borg
# touch $newenvfile à priori il existe déjà
echo "BORG_REPO=$BORG_REPO" >> $newenvfile
echo "BORG_PASSPHRASE=$BORG_PASSPHRASE" >> $newenvfile
echo "VOLUME_SAUVEGARDES=$VOLUME_SAUVEGARDES" >> $newenvfile
echo "MAIL_RAPPORT=$MAIL_RAPPORT" >> $newenvfile
echo "BORGMOUNT=$BORGMOUNT" >> $newenvfile
newenvfile=$KAZ_KEY_DIR/env-traefik
touch $newenvfile
echo "DASHBOARD_USER=$traefik_DASHBOARD_USER" >> $newenvfile
echo "DASHBOARD_PASSWORD=$traefik_DASHBOARD_PASSWORD" >> $newenvfile
#####################
# Castopod
# A COPIER DANS UN FICHIER DE CONF !! castopodAdmin
newenvfile=$KAZ_KEY_DIR/env-castopodAdmin
touch $newenvfile
echo "ADMIN_USER=$castopod_ADMIN_USER" >> $newenvfile
echo "ADMIN_MAIL=$castopod_ADMIN_MAIL" >> $newenvfile
echo "ADMIN_PASSWORD=$castopod_ADMIN_PASSWORD" >> $newenvfile
# creation dossier pour les env des orgas
mkdir $KAZ_KEY_DIR/orgas
orgasLong=($(getList "${KAZ_CONF_DIR}/container-orga.list"))
ORGAS=${orgasLong[*]//-orga/}
for orga in ${ORGAS};do
mkdir $KAZ_KEY_DIR/orgas/$orga
cp $KAZ_KEY_DIR/env-{castopod{Admin,DB,Serv},mattermost{DB,Serv},nextcloud{DB,Serv},spip{DB,Serv},wp{DB,Serv}} $KAZ_KEY_DIR/orgas/$orga
done
echo "C'est parfait, vous pouvez git pull puis supprimer SetAllPass.sh"

2
bin/migVersProdX.sh
View File

@@ -9,7 +9,6 @@ KAZ_ROOT=$(cd "$(dirname $0)/.."; pwd)
setKazVars
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
. $KAZ_ROOT/secret/env-kaz
@@ -133,6 +132,7 @@ for orgaLong in ${Orgas}; do
${SIMU} rsync -aAhHX --info=progress2 --delete "${DOCK_VOL_PAHEKO_ORGA}/${orgaCourt}" -e "ssh -p 2201" root@${SITE_DST}.${domain}:"${DOCK_VOL_PAHEKO_ORGA}/"
fi
${SIMU} rsync -aAhHX --info=progress2 --delete ${KAZ_COMP_DIR}/${orgaLong} -e "ssh -p 2201" root@${SITE_DST}.${domain}:${KAZ_COMP_DIR}/
${SIMU} rsync -aAhHX --info=progress2 --delete ${KAZ_KEY_DIR}/orgas/${orgaCourt} -e "ssh -p 2201" root@${SITE_DST}.${domain}:${KAZ_KEY_DIR}/orgas/${orgaCourt}
${SIMU} ssh -p 2201 root@${SITE_DST}.${domain} "grep -q '^${orgaLong}\$' /kaz/config/container-orga.list || echo ${orgaLong} >> /kaz/config/container-orga.list"
${SIMU} ssh -p 2201 root@${SITE_DST}.${domain} ${KAZ_COMP_DIR}/${orgaLong}/init-volume.sh

3
bin/migration.sh
View File

@@ -20,8 +20,7 @@ ${SIMU} "${CV1}" stop orga
${SIMU} "${CV1}" stop
${SIMU} rsync "${EV1}/dockers.env" "${EV2}/"
${SIMU} rsync "${SV1}/SetAllPass.sh" "${SV2}/"
${SIMU} "${BV2}/updateDockerPassword.sh"
${SIMU} rsync "${SV1}/" "${SV2}/"
# XXX ? rsync /kaz/secret/allow_admin_ip /kaz-git/secret/allow_admin_ip

2
bin/nextcloud_maintenance.sh
View File

@@ -4,12 +4,12 @@ KAZ_ROOT=/kaz
. $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
URL_AGORA=https://$matterHost.$domain/api/v4
EQUIPE=kaz
PostMattermost() {
. $KAZ_KEY_DIR/env-mattermostAdmin
PostM=$1
CHANNEL=$2
TEAMID=$(curl -s -H "Authorization: Bearer ${mattermost_token}" "${URL_AGORA}/teams/name/${EQUIPE}" | jq .id | sed -e 's/"//g')

3
bin/postfix-superviz.sh
View File

@@ -6,7 +6,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
setKazVars
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
URL_AGORA=$(echo $matterHost).$(echo $domain)
MAX_QUEUE=50
@@ -15,6 +14,8 @@ OLDIFS=$IFS
IFS=" "
COUNT_MAILQ=$(docker exec -t mailServ mailq | tail -n1 | gawk '{print $5}')
# récupération mots de passes
. $KAZ_KEY_DIR/env-mattermostAdmin
docker exec ${mattermostServName} bin/mmctl --suppress-warnings auth login $httpProto://$URL_AGORA --name local-server --username $mattermost_user --password $mattermost_pass >/dev/null 2>&1
if [ "${COUNT_MAILQ}" -gt "${MAX_QUEUE}" ]; then

2
bin/scriptBorg.sh
View File

@@ -17,7 +17,7 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
. $KAZ_BIN_DIR/getPasswords.sh borg
VERSION="V-10-03-2025"
PRG=$(basename $0)

167
bin/secretGen.sh
View File

@@ -3,70 +3,137 @@
KAZ_ROOT=$(cd "$(dirname $0)/.."; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars
. $DOCKERS_ENV
cd "${KAZ_ROOT}"
NEW_DIR="secret"
TMPL_DIR="secret.tmpl"
SORTIESTANDARD=1
DIR=$KAZ_KEY_DIR
ORGA=
if [ ! -d "${NEW_DIR}/" ]; then
rsync -a "${TMPL_DIR}/" "${NEW_DIR}/"
fi
NEW_FILE="${NEW_DIR}/SetAllPass-new.sh"
TMPL_FILE="${NEW_DIR}/SetAllPass.sh"
usage() {
echo "${PRG} [OPTIONS] [filename ...]
# PARCOURE LES ENV FILE ET REMPLIT LES --clean_val-- qui n'ont pas été complétés.
on cherche des
@@pass@@***@@p@@ -> on génère un mot de passe 16car (les *** permettent d'identifier le mot de passe, s'il doit être utilisé ailleurs)
@@db@@***@@d@@ -> on génère une base de données (pareil identifié par ***)
@@user@@***@@u@@ -> on génère un user
@@token@@***@@t@@ -> on génère un token
@@globalvar@@***@@gv@@ -> on cherche la variable globale ***
@@crossvar@@envname_varname@@cv@@ -> on retrouve la variable dans les envfiles
while read line ; do
if [[ "${line}" =~ ^# ]] || [ -z "${line}" ] ; then
echo "${line}"
continue
fi
if [[ "${line}" =~ "--clean_val--" ]] ; then
case "${line}" in
*jirafeau_DATA_DIR*)
JIRAFEAU_DIR=$(getValInFile "${DOCKERS_ENV}" "jirafeauDir")
[ -z "${JIRAFEAU_DIR}" ] &&
echo "${line}" ||
sed "s%\(.*\)--clean_val--\(.*\)%\1${JIRAFEAU_DIR}\2%" <<< ${line}
continue
;;
*DATABASE*|*DB_NAME*)
dbName="$(sed "s/\([^_]*\)_.*/\1/" <<< ${line})_$(apg -n 1 -m 2 -M NCL | cut -c 1-2)"
sed "s/\(.*\)--clean_val--\(.*\)/\1${dbName}\2/" <<< ${line}
continue
;;
*ROOT_PASSWORD*|*PASSWORD*|*SECRET*)
pass="$(apg -n 1 -m 16 -M NCL)"
sed "s/\(.*\)--clean_val--\(.*\)/\1${pass}\2/" <<< ${line}
continue
;;
*USER*)
user="$(sed "s/\([^_]*\)_.*/\1/" <<< ${line})_$(apg -n 1 -m 2 -M NCL | cut -c 1-2)"
sed "s/\(.*\)--clean_val--\(.*\)/\1${user}\2/" <<< ${line}
continue
;;
*RAIN_LOOP*|*office_password*|*mattermost_*|*sympa_*|*gitea_*)
pass="$(apg -n 1 -m 16 -M NCL)"
sed "s/\(.*\)--clean_val--\(.*\)/\1${pass}\2/" <<< ${line}
continue
;;
*vaultwarden_ADMIN_TOKEN*)
pass="$(apg -n 1 -m 32 -M NCL)"
sed "s/\(.*\)--clean_val--\(.*\)/\1${pass}\2/" <<< ${line}
continue
;;
esac
Si on précise des fichiers, alors il ne remplace que dans ceux là (et on "lie" les clean-val ensemble !!!)
OPTIONS
-h|--help Cette aide :-)
-n|--simu SIMULATION
-q|--quiet Sans bruits de fond
-d foldername prend les envfiles dans un sous dossier /kaz/secret/orgas/foldername/ (pour les orgas !)
-
"
}
for ARG in "$@"; do
if [ -n "${DIRECTORYARG}" ]; then # après un -d
DIR=$KAZ_KEY_DIR/orgas/${ARG}
ORGA=${ARG}
DIRECTORYARG=
else
echo "${line}"
continue
case "${ARG}" in
'-d' | '--directory' | '-f' | '--folder' | '--foldername')
DIRECTORYARG="ON ATTEND UN REPERTOIRE APRES CA" ;;
'-h' | '--help' )
usage && exit ;;
'-n' | '--simu')
SIMU="echo" ;;
'-q' | '--quiet')
SORTIESTANDARD="/dev/null" ;;
*)
ENVFILES="${ENVFILES} ${ARG%}";;
esac
fi
printKazError "${line}" >&2
done < "${TMPL_FILE}" > "${NEW_FILE}"
done
mv "${NEW_FILE}" "${TMPL_FILE}"
NB_FILES=$(echo "${ENVFILES}" | wc -w )
chmod a+x "${TMPL_FILE}"
. "${TMPL_FILE}"
"${KAZ_BIN_DIR}/updateDockerPassword.sh"
if [[ $NB_FILES = 0 ]]; then
ENVFILES=$(grep -lE '@@pass@@|@@db@@|@@user@@|@@token@@|@@globalvar@@|@@crossvar@@' $DIR/* | sed 's/.*\///') #
fi
secretGen(){
# $1 Le env-file à compléter
FILENAME=$DIR/$1
NBMATCH=$(grep -lE '@@pass@@|@@db@@|@@user@@|@@token@@|@@globalvar@@' $FILENAME | wc -l) # est ce qu'il y a des choses à génrérer
if [[ $NBMATCH = 0 ]]; then
true
# rien à faire dans ce fichier, on passe
else
echo "Remplissage $FILENAME" >& $SORTIESTANDARD
db="$(apg -n 1 -m 2 -M NCL | cut -c 1-2)"
pass="$(apg -n 1 -m 16 -M NCL)"
token="$(apg -n 1 -m 32 -M NCL)"
user="$(apg -n 1 -m 2 -M NCL | cut -c 1-2)"
dbs=$(grep -Eo '@@db@@[^@]*@@d@@' $FILENAME | sed -e 's/@@db@@//' -e 's/@@d@@//')
passwords=$(grep -Eo '@@pass@@[^@]*@@p@@' $FILENAME | sed -e 's/@@pass@@//' -e 's/@@p@@//')
tokens=$(grep -Eo '@@token@@[^@]*@@t@@' $FILENAME | sed -e 's/@@token@@//' -e 's/@@t@@//')
users=$(grep -Eo '@@user@@[^@]*@@u@@' $FILENAME | sed -e 's/@@user@@//' -e 's/@@u@@//')
globalvars=$(grep -Eo '@@globalvar@@[^@]*@@gv@@' $FILENAME | sed -e 's/@@globalvar@@//' -e 's/@@gv@@//')
for dbName in $dbs; do $SIMU sed -i "s/@@db@@$dbName@@d@@/${dbName}_$db/" $DIR/*; done
for pw in $passwords; do $SIMU sed -i "s/@@pass@@$pw@@p@@/${pass}/" $DIR/*; done
for tk in $tokens; do $SIMU sed -i "s/@@token@@$tk@@t@@/${token}/" $DIR/*; done
for u in $users; do $SIMU sed -i "s/@@user@@$u@@u@@/${u}_$user/" $DIR/*; done
for var in $globalvars; do $SIMU sed -i "s/@@globalvar@@$var@@gv@@/${!var}/" $DIR/*; done
fi
}
crossVarComplete(){
# $1 Le env-file à compléter
FILENAME=$DIR/$1
NBMATCH=$(grep -lE '@@crossvar@@' $FILENAME | wc -l) # est ce qu'il y a des cross-var à récupérer
if [[ $NBMATCH = 0 ]]; then
true
# rien à faire dans ce fichier, on passe
else
echo "Remplissage $FILENAME" >& $SORTIESTANDARD
varnames=$(grep -Eo '@@crossvar@@[^@]*@@cv@@' $FILENAME | sed -e 's/@@crossvar@@//' -e 's/@@cv@@//')
for varname in $varnames; do
envname=${varname%%_*}
value=$(/$KAZ_BIN_DIR/getPasswords.sh -e $varname $envname -d $ORGA)
$SIMU sed -i "s/@@crossvar@@$varname@@cv@@/${value}/" $DIR/*;
done
fi
}
for ENVFILE in $ENVFILES; do
secretGen "$ENVFILE"
done
for ENVFILE in $ENVFILES; do
crossVarComplete "$ENVFILE"
done
exit 0

127
bin/updateDockerPassword.sh
View File

@@ -1,127 +0,0 @@
#!/bin/bash
KAZ_ROOT=$(cd $(dirname $0)/..; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars
# pour mise au point
# SIMU=echo
# Améliorations à prévoir
# - donner en paramètre les services concernés (pour limité les modifications)
# - pour les DB si on déclare un nouveau login, alors les privilèges sont créé mais les anciens pas révoqués
. "${DOCKERS_ENV}"
. "${KAZ_KEY_DIR}/SetAllPass.sh"
updateEnvDB(){
# $1 = prefix
# $2 = envName
# $3 = containerName of DB
rootPass="$1_MYSQL_ROOT_PASSWORD"
dbName="$1_MYSQL_DATABASE"
userName="$1_MYSQL_USER"
userPass="$1_MYSQL_PASSWORD"
${SIMU} sed -i \
-e "s/MYSQL_ROOT_PASSWORD=.*/MYSQL_ROOT_PASSWORD=${!rootPass}/g" \
-e "s/MYSQL_DATABASE=.*/MYSQL_DATABASE=${!dbName}/g" \
-e "s/MYSQL_USER=.*/MYSQL_USER=${!userName}/g" \
-e "s/MYSQL_PASSWORD=.*/MYSQL_PASSWORD=${!userPass}/g" \
"$2"
# seulement si pas de mdp pour root
# pb oeuf et poule (il faudrait les anciennes valeurs) :
# * si rootPass change, faire à la main
# * si dbName change, faire à la main
checkDockerRunning "$3" "$3" || return
echo "change DB pass on docker $3"
echo "grant all privileges on ${!dbName}.* to '${!userName}' identified by '${!userPass}';" | \
docker exec -i $3 bash -c "mysql --user=root --password=${!rootPass}"
}
updateEnv(){
# $1 = prefix
# $2 = envName
for varName in $(grep "^[a-zA-Z_]*=" $2 | sed "s/^\([^=]*\)=.*/\1/g")
do
srcName="$1_${varName}"
srcVal=$(echo "${!srcName}" | sed -e "s/[&]/\\\&/g")
${SIMU} sed -i \
-e "s%^[ ]*${varName}=.*\$%${varName}=${srcVal}%" \
"$2"
done
}
framadateUpdate(){
[[ "${COMP_ENABLE}" =~ " framadate " ]] || return
if [ ! -f "${DOCK_LIB}/volumes/framadate_dateConfig/_data/config.php" ]; then
return 0
fi
checkDockerRunning "${framadateServName}" "Framadate" &&
${SIMU} docker exec -ti "${framadateServName}" bash -c -i "htpasswd -bc /var/framadate/admin/.htpasswd ${framadate_HTTPD_USER} ${framadate_HTTPD_PASSWORD}"
${SIMU} sed -i \
-e "s/^#*const DB_USER[ ]*=.*$/const DB_USER= '${framadate_MYSQL_USER}';/g" \
-e "s/^#*const DB_PASSWORD[ ]*=.*$/const DB_PASSWORD= '${framadate_MYSQL_PASSWORD}';/g" \
"${DOCK_LIB}/volumes/framadate_dateConfig/_data/config.php"
}
jirafeauUpdate(){
[[ "${COMP_ENABLE}" =~ " jirafeau " ]] || return
if [ ! -f "${DOCK_LIB}/volumes/jirafeau_fileConfig/_data/config.local.php" ]; then
return 0
fi
SHA=$(echo -n "${jirafeau_HTTPD_PASSWORD}" | sha256sum | cut -d \ -f 1)
${SIMU} sed -i \
-e "s/'admin_password'[ ]*=>[ ]*'[^']*'/'admin_password' => '${SHA}'/g" \
"${DOCK_LIB}/volumes/jirafeau_fileConfig/_data/config.local.php"
}
####################
# main
updateEnvDB "etherpad" "${KAZ_KEY_DIR}/env-${etherpadDBName}" "${etherpadDBName}"
updateEnvDB "framadate" "${KAZ_KEY_DIR}/env-${framadateDBName}" "${framadateDBName}"
updateEnvDB "gitea" "${KAZ_KEY_DIR}/env-${gitDBName}" "${gitDBName}"
updateEnvDB "mattermost" "${KAZ_KEY_DIR}/env-${mattermostDBName}" "${mattermostDBName}"
updateEnvDB "nextcloud" "${KAZ_KEY_DIR}/env-${nextcloudDBName}" "${nextcloudDBName}"
updateEnvDB "roundcube" "${KAZ_KEY_DIR}/env-${roundcubeDBName}" "${roundcubeDBName}"
updateEnvDB "sympa" "${KAZ_KEY_DIR}/env-${sympaDBName}" "${sympaDBName}"
updateEnvDB "vigilo" "${KAZ_KEY_DIR}/env-${vigiloDBName}" "${vigiloDBName}"
updateEnvDB "wp" "${KAZ_KEY_DIR}/env-${wordpressDBName}" "${wordpressDBName}"
updateEnvDB "vaultwarden" "${KAZ_KEY_DIR}/env-${vaultwardenDBName}" "${vaultwardenDBName}"
updateEnvDB "castopod" "${KAZ_KEY_DIR}/env-${castopodDBName}" "${castopodDBName}"
updateEnvDB "spip" "${KAZ_KEY_DIR}/env-${spipDBName}" "${spipDBName}"
updateEnvDB "mastodon" "${KAZ_KEY_DIR}/env-${mastodonDBName}" "${mastodonDBName}"
updateEnv "apikaz" "${KAZ_KEY_DIR}/env-${apikazServName}"
updateEnv "ethercalc" "${KAZ_KEY_DIR}/env-${ethercalcServName}"
updateEnv "etherpad" "${KAZ_KEY_DIR}/env-${etherpadServName}"
updateEnv "framadate" "${KAZ_KEY_DIR}/env-${framadateServName}"
updateEnv "gandi" "${KAZ_KEY_DIR}/env-gandi"
updateEnv "gitea" "${KAZ_KEY_DIR}/env-${gitServName}"
updateEnv "jirafeau" "${KAZ_KEY_DIR}/env-${jirafeauServName}"
updateEnv "mattermost" "${KAZ_KEY_DIR}/env-${mattermostServName}"
updateEnv "nextcloud" "${KAZ_KEY_DIR}/env-${nextcloudServName}"
updateEnv "office" "${KAZ_KEY_DIR}/env-${officeServName}"
updateEnv "roundcube" "${KAZ_KEY_DIR}/env-${roundcubeServName}"
updateEnv "vigilo" "${KAZ_KEY_DIR}/env-${vigiloServName}"
updateEnv "wp" "${KAZ_KEY_DIR}/env-${wordpressServName}"
updateEnv "ldap" "${KAZ_KEY_DIR}/env-${ldapServName}"
updateEnv "sympa" "${KAZ_KEY_DIR}/env-${sympaServName}"
updateEnv "mail" "${KAZ_KEY_DIR}/env-${smtpServName}"
updateEnv "mobilizon" "${KAZ_KEY_DIR}/env-${mobilizonServName}"
updateEnv "mobilizon" "${KAZ_KEY_DIR}/env-${mobilizonDBName}"
updateEnv "vaultwarden" "${KAZ_KEY_DIR}/env-${vaultwardenServName}"
updateEnv "castopod" "${KAZ_KEY_DIR}/env-${castopodServName}"
updateEnv "spip" "${KAZ_KEY_DIR}/env-${spipServName}"
updateEnv "ldap" "${KAZ_KEY_DIR}/env-${ldapUIName}"
updateEnv "peertube" "${KAZ_KEY_DIR}/env-${peertubeServName}"
updateEnv "peertube" "${KAZ_KEY_DIR}/env-${peertubeDBName}" "${peertubeDBName}"
updateEnv "mastodon" "${KAZ_KEY_DIR}/env-${mastodonServName}"
framadateUpdate
jirafeauUpdate
exit 0

1
bin/verifExistenceMails.sh
View File

@@ -12,7 +12,6 @@ setKazVars
cd $(dirname $0)/..
. "${DOCKERS_ENV}"
. "${KAZ_KEY_DIR}/SetAllPass.sh"
DOCK_DIR=$KAZ_COMP_DIR

5
config/dockers.tmpl.env
View File

@@ -159,3 +159,8 @@ apikazServName=apikazServ
# services activés par container.sh
# variables d'environneements utilisées
# pour le tmpl du mandataire (proxy)
##################
#qui on envoi le mail d'inscription ?
EMAIL_CONTACT="toto@kaz.bzh"

58
config/orgaTmpl/app/Dockerfile
View File

@@ -1,58 +0,0 @@
FROM alpine:3.17
# Some ENV variables
ENV PATH="/mattermost/bin:${PATH}"
#ENV MM_VERSION=5.32.0
ENV MM_VERSION=6.1.0
ENV MM_INSTALL_TYPE=docker
# Build argument to set Mattermost edition
ARG edition=enterprise
ARG PUID=2000
ARG PGID=2000
ARG MM_BINARY=
# Install some needed packages
RUN apk add --no-cache \
ca-certificates \
curl \
jq \
libc6-compat \
libffi-dev \
libcap \
linux-headers \
mailcap \
netcat-openbsd \
xmlsec-dev \
tzdata \
&& rm -rf /tmp/*
# Get Mattermost
RUN mkdir -p /mattermost/data /mattermost/plugins /mattermost/client/plugins \
&& if [ ! -z "$MM_BINARY" ]; then curl $MM_BINARY | tar -xvz ; \
elif [ "$edition" = "team" ] ; then curl https://releases.mattermost.com/$MM_VERSION/mattermost-team-$MM_VERSION-linux-amd64.tar.gz?src=docker-app | tar -xvz ; \
else curl https://releases.mattermost.com/$MM_VERSION/mattermost-$MM_VERSION-linux-amd64.tar.gz?src=docker-app | tar -xvz ; fi \
&& cp /mattermost/config/config.json /config.json.save \
&& rm -rf /mattermost/config/config.json \
&& addgroup -g ${PGID} mattermost \
&& adduser -D -u ${PUID} -G mattermost -h /mattermost -D mattermost \
&& chown -R mattermost:mattermost /mattermost /config.json.save /mattermost/plugins /mattermost/client/plugins \
&& setcap cap_net_bind_service=+ep /mattermost/bin/mattermost
USER mattermost
#Healthcheck to make sure container is ready
HEALTHCHECK CMD curl --fail http://localhost:8000 || exit 1
# Configure entrypoint and command
COPY entrypoint.sh /
ENTRYPOINT ["/entrypoint.sh"]
WORKDIR /mattermost
CMD ["mattermost"]
# Expose port 8000 of the container
EXPOSE 8000
# Declare volumes for mount point directories
VOLUME ["/mattermost/data", "/mattermost/logs", "/mattermost/config", "/mattermost/plugins", "/mattermost/client/plugins"]

82
config/orgaTmpl/app/entrypoint.sh
View File

@@ -1,82 +0,0 @@
#!/bin/sh
# Function to generate a random salt
generate_salt() {
tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 48 | head -n 1
}
# Read environment variables or set default values
DB_HOST=${DB_HOST:-db}
DB_PORT_NUMBER=${DB_PORT_NUMBER:-5432}
# see https://www.postgresql.org/docs/current/libpq-ssl.html
# for usage when database connection requires encryption
# filenames should be escaped if they contain spaces
# i.e. $(printf %s ${MY_ENV_VAR:-''} | jq -s -R -r @uri)
# the location of the CA file can be set using environment var PGSSLROOTCERT
# the location of the CRL file can be set using PGSSLCRL
# The URL syntax for connection string does not support the parameters
# sslrootcert and sslcrl reliably, so use these PostgreSQL-specified variables
# to set names if using a location other than default
DB_USE_SSL=${DB_USE_SSL:-disable}
MM_DBNAME=${MM_DBNAME:-mattermost}
MM_CONFIG=${MM_CONFIG:-/mattermost/config/config.json}
_1=$(echo "$1" | awk '{ s=substr($0, 0, 1); print s; }' )
if [ "$_1" = '-' ]; then
set -- mattermost "$@"
fi
if [ "$1" = 'mattermost' ]; then
# Check CLI args for a -config option
for ARG in "$@"; do
case "$ARG" in
-config=*) MM_CONFIG=${ARG#*=};;
esac
done
if [ ! -f "$MM_CONFIG" ]; then
# If there is no configuration file, create it with some default values
echo "No configuration file $MM_CONFIG"
echo "Creating a new one"
# Copy default configuration file
cp /config.json.save "$MM_CONFIG"
# Substitute some parameters with jq
jq '.ServiceSettings.ListenAddress = ":8000"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.LogSettings.EnableConsole = true' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.LogSettings.ConsoleLevel = "ERROR"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.FileSettings.Directory = "/mattermost/data/"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.FileSettings.EnablePublicLink = true' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq ".FileSettings.PublicLinkSalt = \"$(generate_salt)\"" "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.EmailSettings.SendEmailNotifications = false' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.EmailSettings.FeedbackEmail = ""' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.EmailSettings.SMTPServer = ""' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.EmailSettings.SMTPPort = ""' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq ".EmailSettings.InviteSalt = \"$(generate_salt)\"" "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq ".EmailSettings.PasswordResetSalt = \"$(generate_salt)\"" "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.RateLimitSettings.Enable = true' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.SqlSettings.DriverName = "postgres"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq ".SqlSettings.AtRestEncryptKey = \"$(generate_salt)\"" "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.PluginSettings.Directory = "/mattermost/plugins/"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
else
echo "Using existing config file $MM_CONFIG"
fi
# Configure database access
if [ -z "$MM_SQLSETTINGS_DATASOURCE" ] && [ -n "$MM_USERNAME" ] && [ -n "$MM_PASSWORD" ]; then
echo "Configure database connection..."
# URLEncode the password, allowing for special characters
ENCODED_PASSWORD=$(printf %s "$MM_PASSWORD" | jq -s -R -r @uri)
export MM_SQLSETTINGS_DATASOURCE="postgres://$MM_USERNAME:$ENCODED_PASSWORD@$DB_HOST:$DB_PORT_NUMBER/$MM_DBNAME?sslmode=$DB_USE_SSL&connect_timeout=10"
echo "OK"
else
echo "Using existing database connection"
fi
# Wait another second for the database to be properly started.
# Necessary to avoid "panic: Failed to open sql connection pq: the database system is starting up"
sleep 1
echo "Starting mattermost"
fi
exec "$@"

110
config/orgaTmpl/docker-compose.yml
View File

@@ -4,21 +4,21 @@ services:
#{{db
db:
image: mariadb:11.4
container_name: ${orga}DB
container_name: ${orga}-DB
#disk_quota: 10G
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
restart: ${restartPolicy}
volumes:
- ./initdb.d:/docker-entrypoint-initdb.d:ro
# - ./initdb.d:/docker-entrypoint-initdb.d:ro
- orgaDB:/var/lib/mysql
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
environment:
- MARIADB_AUTO_UPGRADE=1
env_file:
- ../../secret/env-${nextcloudDBName}
# - ../../secret/env-${mattermostDBName}
- ../../secret/env-${wordpressDBName}
- ../../secret/orgas/${orga}/env-${nextcloudDBName}
# - ../../secret/orgas/${orga}/env-${mattermostDBName}
- ../../secret/orgas/${orga}/env-${wordpressDBName}
networks:
- orgaNet
healthcheck: # utilisé par init-db.sh pour la créa d'orga
@@ -34,7 +34,7 @@ services:
#{{cloud
cloud:
image: nextcloud
container_name: ${orga}${nextcloudServName}
container_name: ${orga}-${nextcloudServName}
#disk_quota: 10G
restart: ${restartPolicy}
networks:
@@ -50,8 +50,8 @@ services:
- ${smtpServName}:${smtpHost}
labels:
- "traefik.enable=true"
- "traefik.http.routers.${orga}${nextcloudServName}.rule=Host(`${orga}${cloudHost}.${domain}`){{FOREIGN_NC}}"
- "traefik.http.routers.${orga}${nextcloudServName}.middlewares=nextcloud-redirectregex1@file,nextcloud-redirectregex2@file"
- "traefik.http.routers.${orga}-${nextcloudServName}.rule=Host(`${orga}-${cloudHost}.${domain}`){{FOREIGN_NC}}"
- "traefik.http.routers.${orga}-${nextcloudServName}.middlewares=nextcloud-redirectregex1@file,nextcloud-redirectregex2@file"
volumes:
- cloudMain:/var/www/html
- cloudData:/var/www/html/data
@@ -63,10 +63,10 @@ services:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
env_file:
- ../../secret/env-${nextcloudServName}
- ../../secret/env-${nextcloudDBName}
- ../../secret/orgas/${orga}/env-${nextcloudServName}
- ../../secret/orgas/${orga}/env-${nextcloudDBName}
environment:
- NEXTCLOUD_TRUSTED_DOMAINS=${orga}${cloudHost}.${domain}
- NEXTCLOUD_TRUSTED_DOMAINS=${orga}-${cloudHost}.${domain}
- SMTP_HOST=${smtpHost}
- SMTP_PORT=25
- MAIL_DOMAIN=${domain}
@@ -80,7 +80,7 @@ services:
- edition=team
- PUID=1000
- PGID=1000
container_name: ${orga}${mattermostServName}
container_name: ${orga}-${mattermostServName}
#disk_quota: 10G
restart: ${restartPolicy}
# memory: 1G
@@ -109,20 +109,20 @@ services:
- /etc/timezone:/etc/timezone:ro
- /etc/environment:/etc/environment:ro
env_file:
- ../../secret/env-${mattermostServName}
- ../../secret/orgas/${orga}/env-${mattermostServName}
environment:
- VIRTUAL_HOST=${orga}${matterHost}.${domain}
- VIRTUAL_HOST=${orga}-${matterHost}.${domain}
# in case your config is not in default location
#- MM_CONFIG=/mattermost/config/config.json
labels:
- "traefik.enable=true"
- "traefik.http.routers.${orga}${mattermostServName}.rule=Host(`${orga}${matterHost}.${domain}`)"
- "traefik.http.routers.${orga}-${mattermostServName}.rule=Host(`${orga}-${matterHost}.${domain}`)"
#}}
#{{wp
wordpress:
image: wordpress
container_name: ${orga}${wordpressServName}
container_name: ${orga}-${wordpressServName}
restart: ${restartPolicy}
networks:
- orgaNet
@@ -136,17 +136,17 @@ services:
external_links:
- ${smtpServName}:${smtpHost}.${domain}
env_file:
- ../../secret/env-${wordpressServName}
- ../../secret/orgas/${orga}/env-${wordpressServName}
environment:
- WORDPRESS_SMTP_HOST=${smtpHost}.${domain}
- WORDPRESS_SMTP_PORT=25
# - WORDPRESS_SMTP_USERNAME
# - WORDPRESS_SMTP_PASSWORD
# - WORDPRESS_SMTP_FROM=${orga}
- WORDPRESS_SMTP_FROM_NAME=${orga}
# - WORDPRESS_SMTP_FROM=${orga}-
- WORDPRESS_SMTP_FROM_NAME=${orga}-
labels:
- "traefik.enable=true"
- "traefik.http.routers.${orga}${wordpressServName}.rule=Host(`${orga}${wordpressHost}.${domain}`){{FOREIGN_WP}}"
- "traefik.http.routers.${orga}-${wordpressServName}.rule=Host(`${orga}-${wordpressHost}.${domain}`){{FOREIGN_WP}}"
volumes:
- wordpress:/var/www/html
# - ../../config/orgaTmpl/wp:/usr/local/bin/wp:ro
@@ -154,12 +154,12 @@ services:
#{{wiki
dokuwiki:
image: mprasil/dokuwiki
container_name: ${orga}${dokuwikiServName}
container_name: ${orga}-${dokuwikiServName}
#disk_quota: 10G
restart: ${restartPolicy}
labels:
- "traefik.enable=true"
- "traefik.http.routers.${orga}${dokuwikiServName}.rule=Host(`${orga}${dokuwikiHost}.${domain}`){{FOREIGN_DW}}"
- "traefik.http.routers.${orga}-${dokuwikiServName}.rule=Host(`${orga}-${dokuwikiHost}.${domain}`){{FOREIGN_DW}}"
volumes:
- wikiData:/dokuwiki/data
- wikiConf:/dokuwiki/conf
@@ -175,7 +175,7 @@ services:
#{{castopod
castopod:
image: castopod/castopod:latest
container_name: ${orga}${castopodServName}
container_name: ${orga}-${castopodServName}
#disk_quota: 10G
restart: ${restartPolicy}
# memory: 1G
@@ -193,27 +193,27 @@ services:
volumes:
- castopodMedia:/var/www/castopod/public/media
environment:
CP_BASEURL: "https://${orga}${castopodHost}.${domain}"
CP_BASEURL: "https://${orga}-${castopodHost}.${domain}"
CP_ANALYTICS_SALT: qldsgfliuzrbhgmkjbdbmkvb
VIRTUAL_PORT: 8000
CP_CACHE_HANDLER: redis
CP_REDIS_HOST: redis
CP_DATABASE_HOSTNAME: db
env_file:
- ../../secret/env-${castopodServName}
- ../../secret/env-${castopodDBName}
- ../../secret/orgas/${orga}/env-${castopodServName}
- ../../secret/orgas/${orga}/env-${castopodDBName}
labels:
- "traefik.enable=true"
- "traefik.http.routers.${orga}${castopodServName}.rule=Host(`${orga}${castopodHost}.${domain}`){{FOREIGN_POD}}"
- "traefik.http.routers.${orga}-${castopodServName}.rule=Host(`${orga}-${castopodHost}.${domain}`){{FOREIGN_POD}}"
redis:
image: redis:7.0-alpine
container_name: ${orga}castopodCache
container_name: ${orga}-castopodCache
volumes:
- castopodCache:/data
networks:
- orgaNet
env_file:
- ../../secret/env-${castopodServName}
- ../../secret/orgas/${orga}/env-${castopodServName}
command: --requirepass ${castopodRedisPassword}
#}}
#{{spip
@@ -225,16 +225,16 @@ services:
links:
- db
env_file:
- ../../secret/env-${spipServName}
- ../../secret/orgas/${orga}/env-${spipServName}
environment:
- SPIP_AUTO_INSTALL=1
- SPIP_DB_HOST=db
- SPIP_SITE_ADDRESS=https://${orga}${spipHost}.${domain}
- SPIP_SITE_ADDRESS=https://${orga}-${spipHost}.${domain}
expose:
- 80
labels:
- "traefik.enable=true"
- "traefik.http.routers.${orga}${spipServName}.rule=Host(`${orga}${spipHost}.${domain}`){{FOREIGN_SPIP}}"
- "traefik.http.routers.${orga}-${spipServName}.rule=Host(`${orga}-${spipHost}.${domain}`){{FOREIGN_SPIP}}"
networks:
- orgaNet
volumes:
@@ -250,84 +250,84 @@ volumes:
#{{db
orgaDB:
external: true
name: orga_${orga}orgaDB
name: orga_${orga}-orgaDB
#}}
#{{agora
matterConfig:
external: true
name: orga_${orga}matterConfig
name: orga_${orga}-matterConfig
matterData:
external: true
name: orga_${orga}matterData
name: orga_${orga}-matterData
matterLogs:
external: true
name: orga_${orga}matterLogs
name: orga_${orga}-matterLogs
matterPlugins:
external: true
name: orga_${orga}matterPlugins
name: orga_${orga}-matterPlugins
matterClientPlugins:
external: true
name: orga_${orga}matterClientPlugins
name: orga_${orga}-matterClientPlugins
matterIcons:
external: true
name: matterIcons
#{{cloud
cloudMain:
external: true
name: orga_${orga}cloudMain
name: orga_${orga}-cloudMain
cloudData:
external: true
name: orga_${orga}cloudData
name: orga_${orga}-cloudData
cloudConfig:
external: true
name: orga_${orga}cloudConfig
name: orga_${orga}-cloudConfig
cloudApps:
external: true
name: orga_${orga}cloudApps
name: orga_${orga}-cloudApps
cloudCustomApps:
external: true
name: orga_${orga}cloudCustomApps
name: orga_${orga}-cloudCustomApps
cloudThemes:
external: true
name: orga_${orga}cloudThemes
name: orga_${orga}-cloudThemes
cloudPhp:
external: true
name: orga_${orga}cloudPhp
name: orga_${orga}-cloudPhp
#}}
#{{wiki
wikiData:
external: true
name: orga_${orga}wikiData
name: orga_${orga}-wikiData
wikiConf:
external: true
name: orga_${orga}wikiConf
name: orga_${orga}-wikiConf
wikiPlugins:
external: true
name: orga_${orga}wikiPlugins
name: orga_${orga}-wikiPlugins
wikiLibtpl:
external: true
name: orga_${orga}wikiLibtpl
name: orga_${orga}-wikiLibtpl
wikiLogs:
external: true
name: orga_${orga}wikiLogs
name: orga_${orga}-wikiLogs
#}}
#{{wp
wordpress:
external: true
name: orga_${orga}wordpress
name: orga_${orga}-wordpress
#}}
#{{castopod
castopodMedia:
external: true
name: orga_${orga}castopodMedia
name: orga_${orga}-castopodMedia
castopodCache:
external: true
name: orga_${orga}castopodCache
name: orga_${orga}-castopodCache
#}}
#{{spip
spip:
external: true
name: orga_${orga}spip
name: orga_${orga}-spip
#}}
@@ -335,7 +335,7 @@ volumes:
networks:
orgaNet:
external: true
name: ${orga}orgaNet
name: ${orga}-orgaNet
# postfixNet:
# external:
# name: postfixNet

52
config/orgaTmpl/init-db.sh
View File

@@ -4,7 +4,6 @@ KAZ_ROOT=$(cd $(dirname $0)/../..; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars
. "${DOCKERS_ENV}"
. "${KAZ_KEY_DIR}/SetAllPass.sh"
cd $(dirname $0)
ORGA_DIR="$(basename "$(pwd)")"
@@ -25,57 +24,66 @@ SQL=""
for ARG in "$@"; do
case "${ARG}" in
'cloud' )
. $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudDB
SQL="$SQL
CREATE DATABASE IF NOT EXISTS ${nextcloud_MYSQL_DATABASE};
CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE};
DROP USER IF EXISTS '${nextcloud_MYSQL_USER}';
CREATE USER '${nextcloud_MYSQL_USER}'@'%';
DROP USER IF EXISTS '${MYSQL_USER}';
CREATE USER '${MYSQL_USER}'@'%';
GRANT ALL ON ${nextcloud_MYSQL_DATABASE}.* TO '${nextcloud_MYSQL_USER}'@'%' IDENTIFIED BY '${nextcloud_MYSQL_PASSWORD}';
GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';
FLUSH PRIVILEGES;"
;;
'agora' )
. $KAZ_KEY_DIR/orgas/$ORGA/env-mattermostDB
SQL="$SQL
CREATE DATABASE IF NOT EXISTS ${mattermost_MYSQL_DATABASE};
CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE};
DROP USER IF EXISTS '${mattermost_MYSQL_USER}';
CREATE USER '${mattermost_MYSQL_USER}'@'%';
DROP USER IF EXISTS '${MYSQL_USER}';
CREATE USER '${MYSQL_USER}'@'%';
GRANT ALL ON ${mattermost_MYSQL_DATABASE}.* TO '${mattermost_MYSQL_USER}'@'%' IDENTIFIED BY '${mattermost_MYSQL_PASSWORD}';
GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';
FLUSH PRIVILEGES;"
;;
'wp' )
. $KAZ_KEY_DIR/orgas/$ORGA/env-wpDB
SQL="$SQL
CREATE DATABASE IF NOT EXISTS ${wp_MYSQL_DATABASE};
CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE};
DROP USER IF EXISTS '${wp_MYSQL_USER}';
CREATE USER '${wp_MYSQL_USER}'@'%';
DROP USER IF EXISTS '${MYSQL_USER}';
CREATE USER '${MYSQL_USER}'@'%';
GRANT ALL ON ${wp_MYSQL_DATABASE}.* TO '${wp_MYSQL_USER}'@'%' IDENTIFIED BY '${wp_MYSQL_PASSWORD}';
GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';
FLUSH PRIVILEGES;"
;;
'castopod' )
. $KAZ_KEY_DIR/orgas/$ORGA/env-castopodDB
SQL="$SQL
CREATE DATABASE IF NOT EXISTS ${castopod_MYSQL_DATABASE};
CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE};
DROP USER IF EXISTS '${castopod_MYSQL_USER}';
CREATE USER '${castopod_MYSQL_USER}'@'%';
DROP USER IF EXISTS '${MYSQL_USER}';
CREATE USER '${MYSQL_USER}'@'%';
GRANT ALL ON ${castopod_MYSQL_DATABASE}.* TO '${castopod_MYSQL_USER}'@'%' IDENTIFIED BY '${castopod_MYSQL_PASSWORD}';
GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';
FLUSH PRIVILEGES;"
;;
'spip' )
. $KAZ_KEY_DIR/orgas/$ORGA/env-spipDB
SQL="$SQL
CREATE DATABASE IF NOT EXISTS ${spip_MYSQL_DATABASE};
CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE};
DROP USER IF EXISTS '${spip_MYSQL_USER}';
CREATE USER '${spip_MYSQL_USER}'@'%';
DROP USER IF EXISTS '${MYSQL_USER}';
CREATE USER '${MYSQL_USER}'@'%';
GRANT ALL ON ${spip_MYSQL_DATABASE}.* TO '${spip_MYSQL_USER}'@'%' IDENTIFIED BY '${spip_MYSQL_PASSWORD}';
GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';
FLUSH PRIVILEGES;"
;;
@@ -84,4 +92,4 @@ FLUSH PRIVILEGES;"
esac
done
echo $SQL | docker exec -i ${ORGA}-DB bash -c "mariadb --user=root --password=${wp_MYSQL_ROOT_PASSWORD}"
echo $SQL | docker exec -i ${ORGA}-DB bash -c "mariadb --user=root --password=${MYSQL_ROOT_PASSWORD}"

3
config/orgaTmpl/initdb.d/orga.sql
View File

@@ -1,3 +0,0 @@
CREATE DATABASE IF NOT EXISTS nextcloud;
CREATE DATABASE IF NOT EXISTS mattermost;
CREATE DATABASE IF NOT EXISTS wpdb;

15
config/orgaTmpl/orga-gen.sh
View File

@@ -389,7 +389,7 @@ update() {
-e "s/{{FOREIGN_DW}}/${FOREIGN_DW}/"\
-e "s/{{FOREIGN_POD}}/${FOREIGN_POD}/"\
-e "s/{{FOREIGN_SPIP}}/${FOREIGN_SPIP}/"\
-e "s|\${orga}|${ORGA}-|g"
-e "s|\${orga}|${ORGA}|g"
) > "$2"
sed "s/storage_opt:.*/storage_opt: ${quota}/g" -i "$2"
}
@@ -412,13 +412,18 @@ if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then
ln -sf ../../config/orgaTmpl/orga-gen.sh
ln -sf ../../config/orgaTmpl/orga-rm.sh
ln -sf ../../config/orgaTmpl/init-paheko.sh
ln -sf ../../config/orgaTmpl/initdb.d/
#ln -sf ../../config/orgaTmpl/initdb.d/
ln -sf ../../config/orgaTmpl/app/
ln -sf ../../config/orgaTmpl/wiki-conf/
ln -sf ../../config/orgaTmpl/reload.sh
ln -sf ../../config/orgaTmpl/init-db.sh
fi
if [ ! -d "${KAZ_KEY_DIR}/orgas/$ORGA/" ]; then
rsync -a "${KAZ_CONF_DIR}/orgaTmpl/secret.tmpl/" "${KAZ_KEY_DIR}/orgas/$ORGA/"
${KAZ_BIN_DIR}/secretGen.sh -d $ORGA
fi
if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then
# ########## update ${DOCKERS_ENV}
if ! grep -q "proxy_orga=" .env 2> /dev/null
@@ -438,6 +443,12 @@ if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then
fi
if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then
# ########## create network
## GAEL bizarre, je pense que c'est déjà fait qque part, mais chez moi ça veut pas ...
docker network create "${ORGA}-orgaNet"
# ########## create volume
./init-volume.sh
fi

2
config/orgaTmpl/orga-rm.sh
View File

@@ -40,6 +40,8 @@ remove () {
sed -i -e "/proxy_${ORGA_FLAG}=/d" "${DOCKERS_ENV}"
sed -i -e "/^${ORGA}-orga$/d" "${ORGA_LIST}"
rm -fr "${KAZ_COMP_DIR}/${ORGA}-orga"
rm -fr "${KAZ_KEY_DIR}/orgas/${ORGA}"
exit;;
[Nn]* )

3
config/orgaTmpl/secret.tmpl/env-castopodAdmin Normal file
View File

@@ -0,0 +1,3 @@
ADMIN_USER=@@pass@@castopod2@@p@@
ADMIN_MAIL=admin@@@globalvar@@domain@@gv@@
ADMIN_PASSWORD=@@pass@@castopod3@@p@@

4
config/orgaTmpl/secret.tmpl/env-castopodDB Normal file
View File

@@ -0,0 +1,4 @@
MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
MYSQL_USER=@@user@@castopod1@@u@@
MYSQL_PASSWORD=@@pass@@castopod1@@p@@
MYSQL_DATABASE=@@db@@castopod1@@d@@

7
config/orgaTmpl/secret.tmpl/env-castopodServ Normal file
View File

@@ -0,0 +1,7 @@
CP_EMAIL_SMTP_HOST=
CP_EMAIL_FROM=
CP_EMAIL_SMTP_USERNAME=
CP_EMAIL_SMTP_PASSWORD=
CP_EMAIL_SMTP_PORT=
CP_EMAIL_SMTP_CRYPTO=
CP_REDIS_PASSWORD=

9
config/orgaTmpl/secret.tmpl/env-mattermostDB Normal file
View File

@@ -0,0 +1,9 @@
MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
MYSQL_DATABASE=@@db@@mattermost@@d@@
MYSQL_USER=@@user@@mattermost@@u@@
MYSQL_PASSWORD=@@pass@@mattermost@@p@@
POSTGRES_USER=@@user@@mattermost@@u@@
POSTGRES_PASSWORD=@@pass@@mattermost@@p@@
POSTGRES_DB=@@db@@mattermost@@d@@

9
config/orgaTmpl/secret.tmpl/env-mattermostServ Normal file
View File

@@ -0,0 +1,9 @@
MM_ADMIN_EMAIL=@@globalvar@@matterHost@@gv@@@@@globalvar@@domain@@gv@@
MM_ADMIN_USER=@@user@@mattermost2@@u@@
MM_ADMIN_PASSWORD=@@pass@@mattermost2@@p@@
MM_SQLSETTINGS_DRIVERNAME=postgres
MM_SQLSETTINGS_DATASOURCE=postgres://@@user@@mattermost@@u@@:@@pass@@mattermost@@p@@@postgres:5432/@@db@@mattermost@@d@@?sslmode=disable&connect_timeout=10

8
config/orgaTmpl/secret.tmpl/env-nextcloudDB Normal file
View File

@@ -0,0 +1,8 @@
MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
MYSQL_DATABASE=@@db@@nextcloud@@d@@
MYSQL_USER=@@user@@nextcloud@@u@@
MYSQL_PASSWORD=@@pass@@nextcloud@@p@@
#NC_MYSQL_USER=
#NC_MYSQL_PASSWORD=

5
config/orgaTmpl/secret.tmpl/env-nextcloudServ Normal file
View File

@@ -0,0 +1,5 @@
NEXTCLOUD_ADMIN_USER=@@user@@nextcloudadmin@@u@@
NEXTCLOUD_ADMIN_PASSWORD=@@pass@@nextcloudadmin@@p@@
MYSQL_HOST=db
RAIN_LOOP=@@pass@@rainloop@@p@@

4
config/orgaTmpl/secret.tmpl/env-spipDB Normal file
View File

@@ -0,0 +1,4 @@
MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
MYSQL_DATABASE=@@db@@spip@@d@@
MYSQL_USER=@@user@@spip@@u@@
MYSQL_PASSWORD=@@pass@@spip@@p@@

10
config/orgaTmpl/secret.tmpl/env-spipServ Normal file
View File

@@ -0,0 +1,10 @@
SPIP_AUTO_INSTALL=1
SPIP_DB_SERVER=mysql
SPIP_DB_NAME=@@db@@spip@@d@@
SPIP_DB_LOGIN=@@user@@spip@@u@@
SPIP_DB_PASS=@@pass@@spip@@p@@
SPIP_ADMIN_NAME=admin
SPIP_ADMIN_LOGIN=@@user@@spipadmin@@u@@
SPIP_ADMIN_EMAIL=admin@@@globalvar@@domain@@gv@@
SPIP_ADMIN_PASS=@@pass@@spipadmin@@p@@
PHP_TIMEZONE=Europe/Paris

4
config/orgaTmpl/secret.tmpl/env-wpDB Normal file
View File

@@ -0,0 +1,4 @@
MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
MYSQL_DATABASE=@@db@@wp@@d@@
MYSQL_USER=@@user@@wp@@u@@
MYSQL_PASSWORD=@@pass@@wp@@p@@

8
config/orgaTmpl/secret.tmpl/env-wpServ Normal file
View File

@@ -0,0 +1,8 @@
# share with wpDB
WORDPRESS_DB_HOST=db:3306
WORDPRESS_ADMIN_USER=@@user@@adminwp@@u@@
WORDPRESS_ADMIN_PASSWORD=@@pass@@adminwp@@p@@
WORDPRESS_DB_NAME=@@db@@wp@@d@@
WORDPRESS_DB_USER=@@user@@wp@@u@@
WORDPRESS_DB_PASSWORD=@@pass@@wp@@p@@

10
config/orgaTmpl/wiki-conf/acl.auth.php
View File

@@ -1,10 +0,0 @@
# acl.auth.php
# <?php exit()?>
# Don't modify the lines above
#
# Access Control Lists
#
# Auto-generated by install script
# Date: Sat, 13 Feb 2021 17:42:28 +0000
* @ALL 1
* @user 8

26
config/orgaTmpl/wiki-conf/local.php
View File

@@ -1,26 +0,0 @@
<?php
/*
* Dokuwiki's Main Configuration File - Local Settings
* Auto-generated by config plugin
* Run for user: felix
* Date: Sun, 28 Feb 2021 15:56:13 +0000
*/
$conf['title'] = 'Kaz';
$conf['template'] = 'docnavwiki';
$conf['license'] = 'cc-by-sa';
$conf['useacl'] = 1;
$conf['superuser'] = '@admin';
$conf['manager'] = '@manager';
$conf['disableactions'] = 'register';
$conf['remoteuser'] = '';
$conf['mailfrom'] = 'dokuwiki@kaz.bzh';
$conf['updatecheck'] = 0;
$conf['userewrite'] = '1';
$conf['useslash'] = 1;
$conf['plugin']['ckgedit']['scayt_auto'] = 'on';
$conf['plugin']['ckgedit']['scayt_lang'] = 'French/fr_FR';
$conf['plugin']['ckgedit']['other_lang'] = 'fr';
$conf['plugin']['smtp']['smtp_host'] = 'smtp.kaz.bzh';
$conf['plugin']['todo']['CheckboxText'] = 0;
$conf['plugin']['wrap']['restrictionType'] = '1';

13
config/orgaTmpl/wiki-conf/users.auth.php
View File

@@ -1,13 +0,0 @@
# users.auth.php
# <?php exit()?>
# Don't modify the lines above
#
# Userfile
#
# Auto-generated by install script
# Date: Sat, 13 Feb 2021 17:42:28 +0000
#
# Format:
# login:passwordhash:Real Name:email:groups,comma,separated
admin:$2y$10$GYvFgViXeEUmDViplHEs7eoYV8tmbfsS8wA1vfHQ.tWgW14o9aTjy:admin:contact@kaz.bzh:admin,user

21
config/proxy/proxy_params
View File

@@ -1,21 +0,0 @@
#proxy_buffering off;
#proxy_set_header X-Forwarded-Host $host:$server_port;
#proxy_set_header X-Forwarded-Server $host;
#XXX pb proxy_set_header Connection $proxy_connection;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
# mattermost
http2_push_preload on; # Enable HTTP/2 Server Push
add_header Strict-Transport-Security max-age=15768000;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
#proxy_hide_header 'x-frame-options';
#proxy_set_header x-frame-options allowall;
proxy_set_header X-Frame-Options SAMEORIGIN;

1
dockers/castopod/first.sh
View File

@@ -6,7 +6,6 @@ setKazVars
cd $(dirname $0)
. "${DOCKERS_ENV}"
. "${KAZ_KEY_DIR}/SetAllPass.sh"
"${KAZ_BIN_DIR}/gestContainers.sh" --install -M -castopod

1
dockers/cloud/first.sh
View File

@@ -4,7 +4,6 @@ KAZ_ROOT=$(cd $(dirname $0)/../..; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars
. "${DOCKERS_ENV}"
. $KAZ_ROOT/secret/SetAllPass.sh
${KAZ_BIN_DIR}/gestContainers.sh --install -M -cloud

102
dockers/cloud/up.sh
View File

@@ -1,102 +0,0 @@
#!/bin/bash
KAZ_ROOT=$(cd $(dirname $0)/../..; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars
. "${DOCKERS_ENV}"
. $KAZ_ROOT/secret/SetAllPass.sh
#"${KAZ_BIN_DIR}/initCloud.sh"
docker exec -ti -u 33 nextcloudServ /var/www/html/occ app:enable user_ldap
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:delete-config s01
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:create-empty-config
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapAgentName cn=cloud,ou=applications,${ldap_root}
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapAgentPassword ${ldap_LDAP_CLOUD_PASSWORD}
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapAgentPassword ${ldap_LDAP_CLOUD_PASSWORD}
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapBase ${ldap_root}
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapBaseGroups ${ldap_root}
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapBaseUsers ou=users,${ldap_root}
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapExpertUsernameAttr identifiantKaz
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapHost ${ldapServName}
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapPort 389
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapTLS 0
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapLoginFilter "(&(objectclass=nextcloudAccount)(|(cn=%uid)(identifiantKaz=%uid)))"
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapQuotaAttribute nextcloudQuota
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapUserFilter "(&(objectclass=nextcloudAccount)(nextcloudEnabled=TRUE))"
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapUserFilterObjectclass nextcloudAccount
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapEmailAttribute mail
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapUserDisplayName cn
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapUserFilterMode 1
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapConfigurationActive 1
# Dans le mariadb, pour permettre au ldap de reprendre la main : delete from oc_users where uid<>'admin';
# docker exec -i nextcloudDB mysql --user=<user> --password=<password> <db> <<< "delete from oc_users where uid<>'admin';"
# Doc : https://help.nextcloud.com/t/migration-to-ldap-keeping-users-and-data/13205
# Exemple de table/clés :
# +-------------------------------+----------------------------------------------------------+
# | Configuration | s01 |
# +-------------------------------+----------------------------------------------------------+
# | hasMemberOfFilterSupport | 0 |
# | homeFolderNamingRule | |
# | lastJpegPhotoLookup | 0 |
# | ldapAgentName | cn=cloud,ou=applications,dc=kaz,dc=sns |
# | ldapAgentPassword | *** |
# | ldapAttributesForGroupSearch | |
# | ldapAttributesForUserSearch | |
# | ldapBackgroundHost | |
# | ldapBackgroundPort | |
# | ldapBackupHost | |
# | ldapBackupPort | |
# | ldapBase | ou=users,dc=kaz,dc=sns |
# | ldapBaseGroups | ou=users,dc=kaz,dc=sns |
# | ldapBaseUsers | ou=users,dc=kaz,dc=sns |
# | ldapCacheTTL | 600 |
# | ldapConfigurationActive | 1 |
# | ldapConnectionTimeout | 15 |
# | ldapDefaultPPolicyDN | |
# | ldapDynamicGroupMemberURL | |
# | ldapEmailAttribute | mail |
# | ldapExperiencedAdmin | 0 |
# | ldapExpertUUIDGroupAttr | |
# | ldapExpertUUIDUserAttr | |
# | ldapExpertUsernameAttr | uid |
# | ldapExtStorageHomeAttribute | |
# | ldapGidNumber | gidNumber |
# | ldapGroupDisplayName | cn |
# | ldapGroupFilter | |
# | ldapGroupFilterGroups | |
# | ldapGroupFilterMode | 0 |
# | ldapGroupFilterObjectclass | |
# | ldapGroupMemberAssocAttr | |
# | ldapHost | ldap |
# | ldapIgnoreNamingRules | |
# | ldapLoginFilter | (&(|(objectclass=nextcloudAccount))(cn=%uid)) |
# | ldapLoginFilterAttributes | |
# | ldapLoginFilterEmail | 0 |
# | ldapLoginFilterMode | 0 |
# | ldapLoginFilterUsername | 1 |
# | ldapMatchingRuleInChainState | unknown |
# | ldapNestedGroups | 0 |
# | ldapOverrideMainServer | |
# | ldapPagingSize | 500 |
# | ldapPort | 389 |
# | ldapQuotaAttribute | nextcloudQuota |
# | ldapQuotaDefault | |
# | ldapTLS | 0 |
# | ldapUserAvatarRule | default |
# | ldapUserDisplayName | cn |
# | ldapUserDisplayName2 | |
# | ldapUserFilter | (&(objectclass=nextcloudAccount)(nextcloudEnabled=TRUE)) |
# | ldapUserFilterGroups | |
# | ldapUserFilterMode | 1 |
# | ldapUserFilterObjectclass | nextcloudAccount |
# | ldapUuidGroupAttribute | auto |
# | ldapUuidUserAttribute | auto |
# | turnOffCertCheck | 0 |
# | turnOnPasswordChange | 0 |
# | useMemberOfToDetectMembership | 1 |
# +-------------------------------+----------------------------------------------------------+

4
dockers/ldap/UIHooks/post-hook.sh
View File

@@ -5,7 +5,9 @@ NEWPASSWORD=$(base64 -d <<< $2)
OLDPASSWORD=$(base64 -d <<< $3)
URL_AGORA="https://${matterHost}.${domain}"
mattermost_token=${LDAPUI_MM_ADMIN_TOKEN}
#mattermost_token=${LDAPUI_MM_ADMIN_TOKEN}
. $KAZ_KEY_DIR/env-mattermostAdmin
IDUSER=$(curl -s -H "Authorization: Bearer ${mattermost_token}" "${URL_AGORA}/api/v4/users/email/${EMAIL}" | awk -F "," '{print $1}' | sed -e 's/{"id"://g' -e 's/"//g')
if [ ${IDUSER} == 'app.user.missing_account.const' ]

1
dockers/mattermost/first.sh
View File

@@ -6,7 +6,6 @@ setKazVars
cd $(dirname $0)
. "${DOCKERS_ENV}"
. "${KAZ_KEY_DIR}/SetAllPass.sh"
"${KAZ_BIN_DIR}/gestContainers.sh" --install -M -agora

1
dockers/peertube/.env Symbolic link
View File

@@ -0,0 +1 @@
../../config/dockers.env

1
dockers/spip/.env Symbolic link
View File

@@ -0,0 +1 @@
../../config/dockers.env

2
dockers/sympa/alerting/sympa.sh
View File

@@ -6,7 +6,7 @@ KAZ_ROOT=/kaz
setKazVars
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
. $KAZ_KEY_DIR/env-mattermostAdmin
DOCKER_CMD="docker exec sympaServ"
URL_AGORA=$(echo $matterHost).$(echo $domain)

1
dockers/sympa/first.sh
View File

@@ -6,7 +6,6 @@ setKazVars
cd $(dirname $0)
. "${DOCKERS_ENV}"
. "${KAZ_KEY_DIR}/SetAllPass.sh"
DockerServName="${sympaServName}"

2
dockers/traefik/proxy-gen.sh
View File

@@ -4,7 +4,7 @@ KAZ_ROOT=$(cd "$(dirname $0)/../.."; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars
. "${DOCKERS_ENV}"
. "${KAZ_ROOT}/secret/SetAllPass.sh"
. $KAZ_BIN_DIR/getPasswords.sh traefik
printKazMsg "\n *** Proxy update config"

11
secret.tmpl/Readme.txt
View File

@@ -1,11 +0,0 @@
Mise à jour des mots de passe
L'idée c'est d'extraire la gestion des mots de passe de l'installation.
Tous les mots de passe sont dans un fichier "SetAllPass.sh" que des scripts vont chercher.
updateDockerPassword.sh met à jours les fichiers d'environnement de mots de passe utilisé par docker-compose.
(Il y a un problème pour mettre à jour le mot de passe d'une BD si son conteneur n'est pas en route)
Les modifications sont prises en compte que lors de la création de nouveaux conteneurs (les données permanentes (mot de passe) dans les volumes ne sont pas changées)

341
secret.tmpl/SetAllPass.sh
View File

@@ -2,227 +2,43 @@
# Attention à cause des scripts pas de ["'/] dans les mot de passe
####################
# ethercalc
ethercalc_REDIS_PORT_6379_TCP_ADDR="redis"
ethercalc_REDIS_PORT_6379_TCP_PORT="6379"
####################
# etherpad
etherpad_MYSQL_ROOT_PASSWORD="--clean_val--"
etherpad_MYSQL_DATABASE="--clean_val--"
etherpad_MYSQL_USER="--clean_val--"
etherpad_MYSQL_PASSWORD="--clean_val--"
# Share with etherpadDB
etherpad_DB_NAME="${etherpad_MYSQL_DATABASE}"
etherpad_DB_USER="${etherpad_MYSQL_USER}"
etherpad_DB_PASS="${etherpad_MYSQL_PASSWORD}"
etherpad_DB_TYPE="mysql"
etherpad_DB_HOST="padDB"
etherpad_DB_PORT="3306"
#etherpad_DB_CHARSET="utf8"
#user: admin
etherpad_ADMIN_PASSWORD="--clean_val--"
etherpad_PAD_OPTIONS_LANG="fr"
etherpad_TITLE="KazPad"
etherpad_TRUST_PROXY="true"
####################
# framadate
framadate_MYSQL_ROOT_PASSWORD="--clean_val--"
framadate_MYSQL_DATABASE="--clean_val--"
framadate_MYSQL_USER="--clean_val--"
framadate_MYSQL_PASSWORD="--clean_val--"
framadate_HTTPD_USER="--clean_val--"
framadate_HTTPD_PASSWORD="--clean_val--"
##################
# Gandi
# à supprimer et à replacer par dns_gandi_api_key
gandi_GANDI_KEY="xxx"
gandi_GANDI_API="https://api.gandi.net/v5/livedns/domains/${domain}"
gandi_dns_gandi_api_key="${gandi_GANDI_KEY}"
####################
# mattermost
mattermost_MYSQL_ROOT_PASSWORD="--clean_val--"
mattermost_MYSQL_DATABASE="--clean_val--"
mattermost_MYSQL_USER="--clean_val--"
mattermost_MYSQL_PASSWORD="--clean_val--"
# Share with mattermostDB
mattermost_MM_DBNAME="${mattermost_MYSQL_DATABASE}"
mattermost_MM_USERNAME="${mattermost_MYSQL_USER}"
mattermost_MM_PASSWORD="${mattermost_MYSQL_PASSWORD}"
mattermost_DB_PORT_NUMBER="3306"
mattermost_DB_HOST="db"
mattermost_MM_SQLSETTINGS_DRIVERNAME="mysql"
mattermost_MM_ADMIN_EMAIL="admin@kaz.bzh"
# mattermost_MM_SQLSETTINGS_DATASOURCE = "MM_USERNAME:MM_PASSWORD@tcp(DB_HOST:DB_PORT_NUMBER)/MM_DBNAME?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s"
# Don't forget to replace all entries (beginning by MM_ and DB_) in MM_SQLSETTINGS_DATASOURCE with the real variables values.
mattermost_MM_SQLSETTINGS_DATASOURCE="${mattermost_MYSQL_USER}:${mattermost_MYSQL_PASSWORD}@tcp(${mattermost_DB_HOST}:${mattermost_DB_PORT_NUMBER})/${mattermost_MM_DBNAME}?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s"
# sinon avec postgres
# mattermost_MM_SQLSETTINGS_DATASOURCE = "postgres://${MM_USERNAME}:${MM_PASSWORD}@db:5432/${MM_DBNAME}?sslmode=disable&connect_timeout=10"
# A COPIER DANS UN FICHIER DE CONF !! -> mattermostAdmin
# pour envoyer des messages sur l'agora avec mmctl
mattermost_user="admin-mattermost"
mattermost_pass="--clean_val--"
mattermost_token="xxx-private"
##################
# Openldap
ldap_LDAP_ADMIN_USERNAME="--clean_val--"
ldap_LDAP_ADMIN_PASSWORD="--clean_val--"
ldap_LDAP_CONFIG_ADMIN_USERNAME="--clean_val--"
ldap_LDAP_CONFIG_ADMIN_PASSWORD="--clean_val--"
ldap_LDAP_POSTFIX_PASSWORD="--clean_val--"
ldap_LDAP_LDAPUI_PASSWORD="--clean_val--"
ldap_LDAP_MATTERMOST_PASSWORD="--clean_val--"
ldap_LDAP_CLOUD_PASSWORD="--clean_val--"
ldap_LDAP_MOBILIZON_PASSWORD="--clean_val--"
ldap_LDAPUI_URI=ldap://ldap
ldap_LDAPUI_BASE_DN=${ldap_root}
ldap_LDAPUI_REQUIRE_STARTTLS=FALSE
ldap_LDAPUI_ADMINS_GROUP=admins
ldap_LDAPUI_ADMIN_BIND_DN=cn=ldapui,ou=applications,${ldap_root}
ldap_LDAPUI_ADMIN_BIND_PWD=${ldap_LDAP_LDAPUI_PASSWORD}
ldap_LDAPUI_IGNORE_CERT_ERRORS=TRUE
ldap_LDAPUI_PASSWORD="--clean_val--"
ldap_LDAPUI_MM_ADMIN_TOKEN=${mattermost_token}
###################
# gitea
gitea_MYSQL_ROOT_PASSWORD="--clean_val--"
gitea_MYSQL_DATABASE="--clean_val--"
gitea_MYSQL_USER="--clean_val--"
gitea_MYSQL_PASSWORD="--clean_val--"
# on ne peut pas utiliser le login "admin"
gitea_user_admin="admin_gitea"
gitea_pass_admin="--clean_val--"
gitea_admin_email="admin@kaz.bzh"
####################
# jirafeau
jirafeau_HTTPD_PASSWORD="--clean_val--"
jirafeau_DATA_DIR="--clean_val--"
####################
# nexcloud
nextcloud_MYSQL_ROOT_PASSWORD="${mattermost_MYSQL_ROOT_PASSWORD}"
nextcloud_MYSQL_DATABASE="--clean_val--"
nextcloud_MYSQL_USER="--clean_val--"
nextcloud_MYSQL_PASSWORD="--clean_val--"
nextcloud_NEXTCLOUD_ADMIN_USER="admin"
nextcloud_NEXTCLOUD_ADMIN_PASSWORD="--clean_val--"
nextcloud_MYSQL_HOST="db"
#user: admin
nextcloud_RAIN_LOOP="--clean_val--"
####################
# collabora
office_username="admin"
office_password="--clean_val--"
####################
# roundcube
roundcube_MYSQL_ROOT_PASSWORD="--clean_val--"
roundcube_MYSQL_DATABASE="--clean_val--"
roundcube_MYSQL_USER="--clean_val--"
roundcube_MYSQL_PASSWORD="--clean_val--"
# Share with roundcubeDB
roundcube_ROUNDCUBEMAIL_DB_TYPE="mysql"
roundcube_ROUNDCUBEMAIL_DB_NAME="${roundcube_MYSQL_DATABASE}"
roundcube_ROUNDCUBEMAIL_DB_USER="${roundcube_MYSQL_USER}"
roundcube_ROUNDCUBEMAIL_DB_PASSWORD="${roundcube_MYSQL_PASSWORD}"
roundcube_ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE="1G"
####################
# postfix LDAP
mail_LDAP_BIND_DN=cn=postfix,ou=applications,${ldap_root}
mail_LDAP_BIND_PW=${ldap_LDAP_POSTFIX_PASSWORD}
####################
# sympa
sympa_MYSQL_ROOT_PASSWORD="--clean_val--"
sympa_MYSQL_DATABASE="sympa"
sympa_MYSQL_USER="sympa"
sympa_MYSQL_PASSWORD="--clean_val--"
sympa_KEY="/etc/letsencrypt/live/${domain}/privkey.pem"
sympa_CERT="/etc/letsencrypt/live/${domain}/fullchain.pem"
sympa_LISTMASTERS="listmaster@${domain_sympa}"
sympa_ADMINEMAIL="listmaster@${domain_sympa}"
sympa_SOAP_USER="sympa"
sympa_SOAP_PASSWORD="--clean_val--"
# pour inscrire des users sur des listes sympa avec soap
#il faut que le user soit admin de sympa
sympa_user="a@${domain}"
sympa_pass="--clean_val--"
##################
# vigilo
vigilo_MYSQL_ROOT_PASSWORD="--clean_val--"
vigilo_MYSQL_USER="--clean_val--"
vigilo_MYSQL_PASSWORD="--clean_val--"
vigilo_MYSQL_DATABASE="--clean_val--"
vigilo_MYSQL_HOST="db"
#vigilo_BIND=
####################
# wordpress
wp_MYSQL_ROOT_PASSWORD="${mattermost_MYSQL_ROOT_PASSWORD}"
wp_MYSQL_DATABASE="--clean_val--"
wp_MYSQL_USER="--clean_val--"
wp_MYSQL_PASSWORD="--clean_val--"
# Share with wpDB
wp_WORDPRESS_DB_HOST="db:3306"
wp_WORDPRESS_DB_NAME="${wp_MYSQL_DATABASE}"
wp_WORDPRESS_DB_USER="${wp_MYSQL_USER}"
wp_WORDPRESS_DB_PASSWORD="${wp_MYSQL_PASSWORD}"
wp_WORDPRESS_ADMIN_USER="admin"
wp_WORDPRESS_ADMIN_PASSWORD="--clean_val--"
##################
# A DEPLACER DANS DOCKER ENV
#qui envoi le mail d'inscription ?
EMAIL_CONTACT="toto@kaz.bzh"
# A COPIER DANS UN FICHIER DE CONF !! -> paheko
##################
# Paheko
paheko_API_USER="admin-api"
paheko_API_PASSWORD="--clean_val--"
##################
# La nas de Kaz chez Grifon
nas_admin1="admin"
nas_password1="--clean_val--"
nas_admin2="kaz"
nas_password1="--clean_val--"
# compte mail pour les notifications du nas
nas_email_account="admin-nas@${domain}"
nas_email_password="--clean_val--"
# A virer dans koffre
##################
#Compte sur outlook.com
outlook_user="kaz-user@outlook.fr"
outlook_pass="--clean_val--"
# A COPIER DANS UN FICHIER DE CONF !! -> mail
service_mail=admin-kaz@kaz.bzh
service_password="--clean_val--"
##################
#Borg
# A COPIER DANS UN FICHIER DE CONF !! -> borg
BORG_REPO="/mnt/backup-nas1/BorgRepo"
BORG_PASSPHRASE="--clean_val--"
VOLUME_SAUVEGARDES="/mnt/backup-nas1"
@@ -230,148 +46,21 @@ MAIL_RAPPORT="a@${domain};b@${domain};c@${domain}"
BORGMOUNT="/mnt/disk-nas1/tmp/repo_mount"
###################
# mobilizon
mobilizon_POSTGRES_USER="--clean_val--"
mobilizon_POSTGRES_PASSWORD="--clean_val--"
mobilizon_POSTGRES_DB=mobilizon
mobilizon_MOBILIZON_DATABASE_USERNAME="${mobilizon_POSTGRES_USER}"
mobilizon_MOBILIZON_DATABASE_PASSWORD="${mobilizon_POSTGRES_PASSWORD}"
mobilizon_MOBILIZON_DATABASE_DBNAME=mobilizon
mobilizon_MOBILIZON_INSTANCE_REGISTRATIONS_OPEN=false
mobilizon_MOBILIZON_INSTANCE_NAME="Mobilizon"
mobilizon_MOBILIZON_INSTANCE_HOST="${mobilizonHost}.${domain}"
mobilizon_MOBILIZON_INSTANCE_SECRET_KEY_BASE=changeme
mobilizon_MOBILIZON_INSTANCE_SECRET_KEY=changeme
mobilizon_MOBILIZON_INSTANCE_EMAIL=noreply@${domain}
mobilizon_MOBILIZON_REPLY_EMAIL=contact@${domain_sympa}
mobilizon_MOBILIZON_ADMIN_EMAIL=admin@${domain_sympa}
mobilizon_MOBILIZON_SMTP_SERVER="${smtpHost}.${domain}"
mobilizon_MOBILIZON_SMTP_PORT=25
mobilizon_MOBILIZON_SMTP_HOSTNAME="${smtpHost}.${domain}"
mobilizon_MOBILIZON_SMTP_USERNAME=noreply@${domain}
mobilizon_MOBILIZON_SMTP_PASSWORD=
mobilizon_MOBILIZON_SMTP_SSL=false
mobilizon_MOBILIZON_LDAP_BINDUID=cn=mobilizon,ou=applications,${ldap_root}
mobilizon_MOBILIZON_LDAP_BINDPASSWORD=${ldap_LDAP_MOBILIZON_PASSWORD}
#####################
# Vaultwarden
vaultwarden_MYSQL_ROOT_PASSWORD="--clean_val--"
vaultwarden_MYSQL_DATABASE="vaultwarden"
vaultwarden_MYSQL_USER="vaultwarden"
vaultwarden_MYSQL_PASSWORD="--clean_val--"
vaultwarden_DATABASE_URL="mysql://${vaultwarden_MYSQL_USER}:${vaultwarden_MYSQL_PASSWORD}@db/${vaultwarden_MYSQL_DATABASE}"
vaultwarden_ADMIN_TOKEN="--clean_val--"
#####################
#Traefik
# A COPIER DANS UN FICHIER DE CONF !! -> traefik
traefik_DASHBOARD_USER="admin"
traefik_DASHBOARD_PASSWORD="--clean_val--"
#####################
# dokuwiki
dokuwiki_WIKI_ROOT=Kaz
dokuwiki_WIKI_EMAIL=wiki@kaz.local
dokuwiki_WIKI_PASSWORD="--clean_val--"
#####################
# Castopod
castopod_MYSQL_ROOT_PASSWORD="--clean_val--"
castopod_MYSQL_DATABASE="--clean_val--"
castopod_MYSQL_USER="--clean_val--"
castopod_MYSQL_PASSWORD="--clean_val--"
castopod_CP_REDIS_PASSWORD="${castopodRedisPassword}"
# A COPIER DANS UN FICHIER DE CONF !! castopodAdmin
castopod_ADMIN_USER=adminKaz
castopod_ADMIN_MAIL=admin@${domain}
castopod_ADMIN_PASSWORD="--clean_val--"
castopod_CP_EMAIL_SMTP_HOST="${smtpHost}.${domain}"
castopod_CP_EMAIL_SMTP_PORT=25
castopod_CP_EMAIL_SMTP_USERNAME=noreply@${domain}
castopod_CP_EMAIL_SMTP_PASSWORD=
castopod_CP_EMAIL_FROM=noreply@${domain}
castopod_CP_EMAIL_SMTP_CRYPTO=tls
#####################
# Spip
spip_MYSQL_ROOT_PASSWORD="--clean_val--"
spip_MYSQL_DATABASE="--clean_val--"
spip_MYSQL_USER="--clean_val--"
spip_MYSQL_PASSWORD="--clean_val--"
spip_SPIP_AUTO_INSTALL=1
spip_SPIP_DB_SERVER=mysql
spip_SPIP_DB_LOGIN="${spip_MYSQL_USER}"
spip_SPIP_DB_PASS="${spip_MYSQL_PASSWORD}"
spip_SPIP_DB_NAME="${spip_MYSQL_DATABASE}"
spip_SPIP_ADMIN_NAME=admin
spip_SPIP_ADMIN_LOGIN=admin
spip_SPIP_ADMIN_EMAIL=admin@${domain}
spip_SPIP_ADMIN_PASS="--clean_val--"
spip_PHP_TIMEZONE="Europe/Paris"
#####################
# Peertube
peertube_POSTGRES_USER="--clean_val--"
peertube_POSTGRES_PASSWORD="--clean_val--"
peertube_PEERTUBE_DB_NAME="--clean_val--"
peertube_PEERTUBE_DB_USERNAME="${peertube_POSTGRES_USER}"
peertube_PEERTUBE_DB_PASSWORD="${peertube_POSTGRES_PASSWORD}"
peertube_PEERTUBE_DB_SSL=false
peertube_PEERTUBE_DB_HOSTNAME="${peertubeDBName}"
peertube_PEERTUBE_WEBSERVER_HOSTNAME="${peertubeHost}.${domain}"
peertube_PEERTUBE_TRUST_PROXY="['10.0.0.0/8', '127.0.0.1', 'loopback', '172.18.0.0/16']"
peertube_PEERTUBE_SECRET="--clean_val--"
peertube_PT_INITIAL_ROOT_PASSWORD="--clean_val--"
#peertube_PEERTUBE_SMTP_USERNAME=
#peertube_PEERTUBE_SMTP_PASSWORD=
# Default to Postfix service name "postfix" in docker-compose.yml
# May be the hostname of your Custom SMTP server
peertube_PEERTUBE_SMTP_HOSTNAME=
peertube_PEERTUBE_SMTP_PORT=25
peertube_PEERTUBE_SMTP_FROM=
peertube_PEERTUBE_SMTP_TLS=false
peertube_PEERTUBE_SMTP_DISABLE_STARTTLS=false
peertube_PEERTUBE_ADMIN_EMAIL=
peertube_POSTFIX_myhostname=
#peertube_OPENDKIM_DOMAINS=peertube
peertube_OPENDKIM_RequireSafeKeys=no
peertube_PEERTUBE_OBJECT_STORAGE_UPLOAD_ACL_PUBLIC="public-read"
peertube_PEERTUBE_OBJECT_STORAGE_UPLOAD_ACL_PRIVATE="private"
######################
peertube_POSTGRES_DB="${peertube_PEERTUBE_DB_NAME}"
######################
# SNAPPYMAIL
# Url https://snappymail.${domain}/?admin
# au premier lancement un mot de passe est généré en aut par l' appli dans le
# volume Data : /var/lib/docker/volumes/snappymail_data/_data/_data_/_default_
# le fichier s' appelle admin_password.txt
# une fois le mot de passe changé dans le Gui de l' admin, ce fichier est automatiquement supprimé
snappymail_TZ="Europe/Paris"
snappymail_UPLOAD_MAX_SIZE="100M"
####################
# mastodon
mastodon_POSTGRES_USER="--clean_val--"
mastodon_POSTGRES_PASSWORD="--clean_val--"
mastodon_POSTGRES_DB=mastodon
mastodon_DB_USER="${mastodon_POSTGRES_USER}"
mastodon_DB_PASS="${mastodon_POSTGRES_PASSWORD}"
mastodon_DB_NAME=mastodon

32
secret.tmpl/env-apikazServ
View File

@@ -1,22 +1,24 @@
paheko_API_USER=
paheko_API_PASSWORD=
paheko_url=
mattermost_user=
mattermost_pass=
mattermost_url=
paheko_url=https://kaz-@@globalvar@@pahekoHost@@gv@@.@@globalvar@@domain@@gv@@
paheko_API_USER="@@user@@pahekoapi@@u@@"
paheko_API_PASSWORD="@@pass@@pahekoapi@@p@@"
ldap_LDAP_ADMIN_USERNAME=
ldap_LDAP_ADMIN_PASSWORD=
ldap_root=
mattermost_user="@@user@@mattermost2@@u@@"
mattermost_pass="@@pass@@mattermost2@@p@@"
mattermost_token="@@token@@mattermost@@t@@"
nextcloud_NEXTCLOUD_ADMIN_USER=
nextcloud_NEXTCLOUD_ADMIN_PASSWORD=
cloud_url=
ldap_LDAP_ADMIN_USERNAME="@@user@@ldap@@u@@"
ldap_LDAP_ADMIN_PASSWORD="@@pass@@ldap@@p@@"
ldap_root=@@globalvar@@ldap_root@@gv@@
sympa_SOAP_USER=
sympa_SOAP_PASSWORD=
sympa_url=
nextcloud_NEXTCLOUD_ADMIN_USER="@@user@@nextcloudadmin@@u@@"
nextcloud_NEXTCLOUD_ADMIN_PASSWORD="@@pass@@nextcloudadmin@@p@@"
cloud_url=https://@@globalvar@@cloudHost@@gv@@.@@globalvar@@domain@@gv@@
sympa_SOAP_USER="@@user@@sympasoap@@u@@"
sympa_SOAP_PASSWORD="@@pass@@sympasoap@@p@@"
sympa_url=https://@@globalvar@@sympaHost@@gv@@.@@globalvar@@domain@@gv@@
gandi_GANDI_KEY=
gandi_GANDI_API=

17
secret.tmpl/env-borg Normal file
View File

@@ -0,0 +1,17 @@
VOLUME_SAUVEGARDES=
BORG_REPO=
BORG_PASSPHRASE=@@token@@borg@@t@@
BORGLOG="/var/log/borg"
BORG_FIC_DEL="/tmp/sauvegarde_supp.txt"
BORG_EXCLUDE_BACKUP=
MAIL_RAPPORT=a@@@globalvar@@domain@@gv@@;b@@@globalvar@@domain@@gv@@;c@@@globalvar@@domain@@gv@@
LISTREPSAUV=
BORGMOUNT="/mnt/repo_borg"
MAILOK=
MAILWARNING=
MAILDETAIL=
BACKUPS_KEEP="4m"
NB_BACKUPS_JOUR=90
NB_BACKUPS_SEM=30
NB_BACKUPS_MOIS=12
BORGSCRIPTS=/root/borgscripts

3
secret.tmpl/env-castopodAdmin Normal file
View File

@@ -0,0 +1,3 @@
ADMIN_USER=@@pass@@castopod2@@p@@
ADMIN_MAIL=admin@@@globalvar@@domain@@gv@@
ADMIN_PASSWORD=@@pass@@castopod3@@p@@

8
secret.tmpl/env-castopodDB
View File

@@ -1,4 +1,4 @@
MYSQL_ROOT_PASSWORD=
MYSQL_DATABASE=
MYSQL_USER=
MYSQL_PASSWORD=
MYSQL_ROOT_PASSWORD=@@pass@@castopod@@p@@
MYSQL_USER=@@user@@castopod1@@u@@
MYSQL_PASSWORD=@@pass@@castopod1@@p@@
MYSQL_DATABASE=@@db@@castopod1@@d@@

6
secret.tmpl/env-dokuwikiServ
View File

@@ -1,4 +1,4 @@
WIKI_ROOT=
WIKI_EMAIL=
WIKI_PASSWORD=
WIKI_ROOT=Kaz
WIKI_EMAIL=wiki@@@globalvar@@domain@@gv@@
WIKI_PASSWORD=@@pass@@dokuwiki@@p@@

8
secret.tmpl/env-etherpadDB
View File

@@ -1,5 +1,5 @@
MYSQL_ROOT_PASSWORD=
MYSQL_DATABASE=
MYSQL_USER=
MYSQL_PASSWORD=
MYSQL_ROOT_PASSWORD=@@pass@@etherpadroot@@p@@
MYSQL_DATABASE=@@db@@etherpad@@d@@
MYSQL_USER=@@user@@etherpad@@u@@
MYSQL_PASSWORD=@@pass@@etherpad@@p@@

23
secret.tmpl/env-etherpadServ
View File

@@ -1,16 +1,17 @@
# share with padDB
DB_NAME=
DB_USER=
DB_PASS=
DB_NAME=@@db@@etherpad@@d@@
DB_USER=@@user@@etherpad@@u@@
DB_PASS=@@pass@@etherpad@@p@@
DB_TYPE=
DB_HOST=
DB_PORT=
DB_TYPE=mysql
DB_HOST=padDB
DB_PORT=3306
#DB_CHARSET=
ADMIN_PASSWORD=
ADMIN_PASSWORD=@@pass@@etherpadadmin@@p@@
TITLE=
PAD_OPTIONS_LANG=
TRUST_PROXY=
#DEFAULT_PAD_TEXT=" Ce texte est à effacer (après lecture si cest votre première visite) ou à conserver en bas de votre pad \n\nBienvenue sur notre PAD !\n\n➡ Comment commencer ?\n• Renseignez votre nom ou pseudo, en cliquant sur licône « utilisateur » en haut à droite.\n• Choisissez votre couleur d'écriture au même endroit.\n• Lancez-vous : écrivez sur votre pad !\n• Les contributions de chacun se synchronisent « en temps réel » sous leur propre couleur.\n\n➡ Comment partager / collaborer ?\n• Sélectionnez et copiez l'URL (l'adresse web dans la grande barre en haut à gauche du navigateur)\n• Partagez-là à vos collaborateurs et collaboratrices (email, messagerie, etc.)\n• Attention : toute personne ayant cette adresse d'accès peut modifier le pad à sa convenance.\n• Utilisez l'onglet chat (en bas à droite) pour séparer les discussions du texte sur lequel vous travaillez.\n\n➡ Comment sauvegarder ?\n• Il n'y a rien à faire : le texte est automatiquement sauvegardé, à chaque caractère tapé.\n• Marquez une version (un état du pad) en cliquant sur licône « étoile ».\n• Retrouvez toute l'évolution du pad et vos versions marquées d'une étoile dans lhistorique (icône « horloge »).\n• Importez et exportez votre texte avec l'icône « double flèche » (formats HTML, texte brut, PDF, ODF…) ou avec un copier/coller.\n\nImportant ! Noubliez pas de conserver quelque part ladresse web (URL) de votre pad.\n\nBon travail collaboratif :)\n\n Ce texte est à effacer (après lecture si cest votre première visite) \n\n**ATTENTION**\nCETTE INSTANCE PROPOSE DES PADS À EFFACEMENT AUTOMATIQUE !\n\nVOS PADS SERONT AUTOMATIQUEMENT SUPPRIMÉS AU BOUT DE 62 JOURS (2 MOIS) SANS ÉDITION !\n\nSi le contenu de votre pad bimestriel a été effacé, c'est qu'il n'avait pas été modifié depuis plus de 62 jours consécutifs.\n"
TITLE=KazPad
PAD_OPTIONS_LANG=fr
TRUST_PROXY=true
DEFAULT_PAD_TEXT=" Ce texte est à effacer (après lecture si cest votre première visite) ou à conserver en bas de votre pad \n\nBienvenue sur notre PAD !\n\n➡ Comment commencer ?\n• Renseignez votre nom ou pseudo, en cliquant sur licône « utilisateur » en haut à droite.\n• Choisissez votre couleur d'écriture au même endroit.\n• Lancez-vous : écrivez sur votre pad !\n• Les contributions de chacun se synchronisent « en temps réel » sous leur propre couleur.\n\n➡ Comment partager / collaborer ?\n• Sélectionnez et copiez l'URL (l'adresse web dans la grande barre en haut à gauche du navigateur)\n• Partagez-là à vos collaborateurs et collaboratrices (email, messagerie, etc.)\n• Attention : toute personne ayant cette adresse d'accès peut modifier le pad à sa convenance.\n• Utilisez l'onglet chat (en bas à droite) pour séparer les discussions du texte sur lequel vous travaillez.\n\n➡ Comment sauvegarder ?\n• Il n'y a rien à faire : le texte est automatiquement sauvegardé, à chaque caractère tapé.\n• Marquez une version (un état du pad) en cliquant sur licône « étoile ».\n• Retrouvez toute l'évolution du pad et vos versions marquées d'une étoile dans lhistorique (icône « horloge »).\n• Importez et exportez votre texte avec l'icône « double flèche » (formats HTML, texte brut, PDF, ODF…) ou avec un copier/coller.\n\nImportant ! Noubliez pas de conserver quelque part ladresse web (URL) de votre pad.\n\nBon travail collaboratif :)\n\n Ce texte est à effacer (après lecture si cest votre première visite) \n\n**ATTENTION**\nCETTE INSTANCE PROPOSE DES PADS À EFFACEMENT AUTOMATIQUE !\n\nVOS PADS SERONT AUTOMATIQUEMENT SUPPRIMÉS AU BOUT DE 62 JOURS (2 MOIS) SANS ÉDITION !\n\nSi le contenu de votre pad bimestriel a été effacé, c'est qu'il n'avait pas été modifié depuis plus de 62 jours consécutifs.\n"

8
secret.tmpl/env-framadateDB
View File

@@ -1,5 +1,5 @@
MYSQL_ROOT_PASSWORD=
MYSQL_DATABASE=
MYSQL_USER=
MYSQL_PASSWORD=
MYSQL_ROOT_PASSWORD=@@pass@@framadateroot@@p@@
MYSQL_DATABASE=@@db@@framadatedb@@d@@
MYSQL_USER=@@user@@framadatedb@@u@@
MYSQL_PASSWORD=@@pass@@framadatedb@@p@@

4
secret.tmpl/env-framadateServ
View File

@@ -1,3 +1,3 @@
HTTPD_USER=
HTTPD_PASSWORD=
HTTPD_USER=@@user@@framadate@@u@@
HTTPD_PASSWORD=@@pass@@framadate2@@p@@

8
secret.tmpl/env-gitDB
View File

@@ -1,5 +1,5 @@
MYSQL_ROOT_PASSWORD=
MYSQL_DATABASE=
MYSQL_USER=
MYSQL_PASSWORD=
MYSQL_ROOT_PASSWORD=@@pass@@gitroot@@p@@
MYSQL_DATABASE=@@db@@gitdb@@d@@
MYSQL_USER=@@user@@gitdb@@u@@
MYSQL_PASSWORD=@@pass@@gitdb@@p@@

6
secret.tmpl/env-gitServ
View File

@@ -1,3 +1,3 @@
user_admin=
pass_admin=
admin_email=
user_admin=@@user@@git@@u@@
pass_admin=@@pass@@git@@p@@
admin_email=admin@@@globalvar@@domain@@gv@@

2
secret.tmpl/env-jirafeauServ
View File

@@ -1,2 +1,2 @@
HTTPD_PASSWORD=
HTTPD_PASSWORD=@@pass@@jirafeau@@pass@@

11
secret.tmpl/env-kaz Normal file
View File

@@ -0,0 +1,11 @@
# tout est dans le env_kaz
# utilisé par gest containers
NAS_VOL=
OPERATE_ON_MAIN= # par defaut NON on ne traite que des orgas
OPERATE_ON_NAS_ORGA= # par defaut NON, on va aussi sur les orgas du NAS
OPERATE_LOCAL_ORGA="OUI" # par defaut oui
TEMPO_ACTION_STOP=2 # Lors de redémarrage avec tempo, on attend après le stop
TEMPO_ACTION_START=60 # Lors de redémarrage avec tempo, avant de reload le proxy
DEFAULTCONTAINERS="cloud agora wp wiki office paheko castopod spip"
APPLIS_PAR_DEFAUT="tasks calendar contacts bookmarks mail richdocuments external drawio snappymail ransomware_protection" #rainloop richdocumentscode
QUIET="1" # redirection des echo

18
secret.tmpl/env-ldapServ
View File

@@ -1,9 +1,9 @@
LDAP_ADMIN_USERNAME=
LDAP_ADMIN_PASSWORD=
LDAP_CONFIG_ADMIN_USERNAME=
LDAP_CONFIG_ADMIN_PASSWORD=
LDAP_POSTFIX_PASSWORD=
LDAP_LDAPUI_PASSWORD=
LDAP_MATTERMOST_PASSWORD=
LDAP_CLOUD_PASSWORD=
LDAP_MOBILIZON_PASSWORD=
LDAP_ADMIN_USERNAME=@@user@@ldap@@u@@
LDAP_ADMIN_PASSWORD=@@pass@@ldap@@p@@
LDAP_CONFIG_ADMIN_USERNAME=@@user@@ldapconfig@@u@@
LDAP_CONFIG_ADMIN_PASSWORD=@@pass@@ldapconfig@@p@@
LDAP_POSTFIX_PASSWORD=@@pass@@ldappostfix@@p@@
LDAP_LDAPUI_PASSWORD=@@pass@@ldapui@@p@@
LDAP_MATTERMOST_PASSWORD=@@pass@@ldapmm@@p@@
LDAP_CLOUD_PASSWORD=@@pass@@ldapcloud@@p@@
LDAP_MOBILIZON_PASSWORD=@@pass@@ldapmobilizon@@p@@

18
secret.tmpl/env-ldapUI
View File

@@ -1,9 +1,9 @@
LDAPUI_URI=
LDAPUI_BASE_DN=
LDAPUI_REQUIRE_STARTTLS=
LDAPUI_ADMINS_GROUP=
LDAPUI_ADMIN_BIND_DN=
LDAPUI_ADMIN_BIND_PWD=
LDAPUI_IGNORE_CERT_ERRORS=
LDAPUI_PASSWORD=
LDAPUI_MM_ADMIN_TOKEN=
LDAPUI_URI=ldap://ldap
LDAPUI_BASE_DN=@@globalvar@@ldap_root@@gv@@
LDAPUI_REQUIRE_STARTTLS=FALSE
LDAPUI_ADMINS_GROUP=admins
LDAPUI_ADMIN_BIND_DN=cn=ldapui,ou=applications,@@globalvar@@ldap_root@@gv@@
LDAPUI_ADMIN_BIND_PWD=@@pass@@ldapui@@p@@
LDAPUI_IGNORE_CERT_ERRORS=TRUE
LDAPUI_PASSWORD=@@pass@@ldapuipass@@p@@
LDAPUI_MM_ADMIN_TOKEN=@@crossvar@@mattermostAdmin_mattermost_token@@cv@@

2
secret.tmpl/env-mail Normal file
View File

@@ -0,0 +1,2 @@
service_mail=admin@@@globalvar@@domain@@gv@@
service_password=@@pass@@servicemail@@p@@

12
secret.tmpl/env-mastodonDB
View File

@@ -1,6 +1,6 @@
DB_USER=
DB_NAME=
DB_PASS=
POSTGRES_USER=
POSTGRES_PASSWORD=
POSTGRES_DB=postgres
DB_USER=@@user@@mastodon@@u@@
DB_NAME=@@db@@mastodon@@d@@
DB_PASS=@@pass@@mastodon@@p@@
POSTGRES_USER=@@user@@postgresmasto@@u@@
POSTGRES_PASSWORD=@@pass@@postgresmasto@@p@@
POSTGRES_DB=@@db@@mastodon@@d@@

4
secret.tmpl/env-mastodonServ
View File

@@ -1,9 +1,9 @@
SECRET_KEY_BASE=
OTP_SECRET=
OTP_SECRET=@@token@@masto-otp@@t@@
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=
VAPID_PRIVATE_KEY==
VAPID_PRIVATE_KEY=
VAPID_PUBLIC_KEY=
SMTP_PASSWORD=
EMAIL_DOMAIN_ALLOWLIST=

4
secret.tmpl/env-mattermostAdmin Normal file
View File

@@ -0,0 +1,4 @@
mattermost_user=@@user@@mattermost2@@u@@
mattermost_pass=@@pass@@mattermost2@@p@@
mattermost_token=@@token@@mattermost@@t@@

13
secret.tmpl/env-mattermostDB
View File

@@ -1,8 +1,9 @@
MYSQL_ROOT_PASSWORD=
MYSQL_DATABASE=
MYSQL_USER=
MYSQL_PASSWORD=
MYSQL_ROOT_PASSWORD=@@pass@@mattermostroot@@p@@
MYSQL_DATABASE=@@db@@mattermost@@d@@
MYSQL_USER=@@user@@mattermost@@u@@
MYSQL_PASSWORD=@@pass@@mattermost@@p@@
MM_MYSQL_USER=
MM_MYSQL_PASSWORD=
POSTGRES_USER=@@user@@mattermost@@u@@
POSTGRES_PASSWORD=@@pass@@mattermost@@p@@
POSTGRES_DB=@@db@@mattermost@@d@@

16
secret.tmpl/env-mattermostServ
View File

@@ -1,15 +1,9 @@
# share with matterDB
MM_DBNAME=
MM_USERNAME=
MM_PASSWORD=
MM_ADMIN_EMAIL=@@globalvar@@matterHost@@gv@@@@@globalvar@@domain@@gv@@
MM_ADMIN_USER=@@user@@mattermost2@@u@@
MM_ADMIN_PASSWORD=@@pass@@mattermost2@@p@@
MM_ADMIN_EMAIL=
MM_ADMIN_USER=
MM_ADMIN_PASSWORD=
DB_HOST=
DB_PORT_NUMBER=
MM_SQLSETTINGS_DRIVERNAME=
MM_SQLSETTINGS_DATASOURCE=
MM_SQLSETTINGS_DRIVERNAME=postgres
MM_SQLSETTINGS_DATASOURCE=postgres://@@user@@mattermost@@u@@:@@pass@@mattermost@@p@@@postgres:5432/@@db@@mattermost@@d@@?sslmode=disable&connect_timeout=10

6
secret.tmpl/env-mobilizonDB
View File

@@ -1,4 +1,4 @@
# Database settings
POSTGRES_USER=
POSTGRES_PASSWORD=
POSTGRES_DB=
POSTGRES_USER=@@user@@mobilizon@@u@@
POSTGRES_PASSWORD=@@pass@@mobilizon@@p@@
POSTGRES_DB=@@db@@mobilizon@@d@@

6
secret.tmpl/env-mobilizonServ
View File

@@ -18,9 +18,9 @@ MOBILIZON_SMTP_USERNAME=
MOBILIZON_SMTP_PASSWORD=
MOBILIZON_SMTP_SSL=
MOBILIZON_DATABASE_USERNAME=
MOBILIZON_DATABASE_PASSWORD=
MOBILIZON_DATABASE_DBNAME=
MOBILIZON_DATABASE_USERNAME=@@user@@mobilizon@@u@@
MOBILIZON_DATABASE_PASSWORD=@@pass@@mobilizon@@p@@
MOBILIZON_DATABASE_DBNAME=@@db@@mobilizon@@d@@
# LDAP
MOBILIZON_LDAP_BINDUID=

12
secret.tmpl/env-nextcloudDB
View File

@@ -1,8 +1,8 @@
MYSQL_ROOT_PASSWORD=
MYSQL_DATABASE=
MYSQL_USER=
MYSQL_PASSWORD=
MYSQL_ROOT_PASSWORD=@@pass@@nextcloudroot@@p@@
MYSQL_DATABASE=@@db@@nextcloud@@d@@
MYSQL_USER=@@user@@nextcloud@@u@@
MYSQL_PASSWORD=@@pass@@nextcloud@@p@@
NC_MYSQL_USER=
NC_MYSQL_PASSWORD=
#NC_MYSQL_USER=
#NC_MYSQL_PASSWORD=

8
secret.tmpl/env-nextcloudServ
View File

@@ -1,5 +1,5 @@
NEXTCLOUD_ADMIN_USER=
NEXTCLOUD_ADMIN_PASSWORD=
MYSQL_HOST=
RAIN_LOOP=
NEXTCLOUD_ADMIN_USER=@@user@@nextcloudadmin@@u@@
NEXTCLOUD_ADMIN_PASSWORD=@@pass@@nextcloudadmin@@p@@
MYSQL_HOST=db
RAIN_LOOP=@@pass@@rainloop@@p@@

4
secret.tmpl/env-officeServ
View File

@@ -1,3 +1,3 @@
username=
password=
username=@@user@@office@@u@@
password=@@pass@@office@@p@@

2
secret.tmpl/env-paheko Normal file
View File

@@ -0,0 +1,2 @@
API_USER=@@user@@pahekoapi@@u@@
API_PASSWORD=@@pass@@pahekoapi@@p@@

8
secret.tmpl/env-peertubeDB Normal file
View File

@@ -0,0 +1,8 @@
POSTGRES_USER=@@user@@peertube@@u@@
POSTGRES_PASSWORD=@@pass@@peertube@@p@@
POSTGRES_DB=@@db@@peertube@@d@@
PEERTUBE_DB_USERNAME=@@user@@peertube@@u@@
PEERTUBE_DB_PASSWORD=@@pass@@peertube@@p@@
PEERTUBE_DB_SSL=false
PEERTUBE_DB_HOSTNAME=peertubeDB

32
secret.tmpl/env-peertubeServ Normal file
View File

@@ -0,0 +1,32 @@
POSTGRES_USER=@@user@@peertube@@u@@
POSTGRES_PASSWORD=@@pass@@peertube@@p@@
POSTGRES_DB=@@db@@peertube@@d@@
PEERTUBE_DB_USERNAME=@@user@@peertube@@u@@
PEERTUBE_DB_PASSWORD=@@pass@@peertube@@p@@
PEERTUBE_DB_SSL=false
PEERTUBE_DB_HOSTNAME=peertubeDB
PEERTUBE_WEBSERVER_HOSTNAME=@@globalvar@@peertubeHost@@gv@@.@@globalvar@@domain@@gv@@
PEERTUBE_TRUST_PROXY=['10.0.0.0/8', '127.0.0.1', 'loopback', '172.18.0.0/16']
PEERTUBE_SECRET=@@token@@peertube@@t@@
PT_INITIAL_ROOT_PASSWORD=@@pass@@peertubeinitialroot@@p@@
#PEERTUBE_SMTP_USERNAME=
#PEERTUBE_SMTP_PASSWORD=
# Default to Postfix service name "postfix" in docker-compose.yml
# May be the hostname of your Custom SMTP server
PEERTUBE_SMTP_HOSTNAME=smtp.kaz.bzh
PEERTUBE_SMTP_PORT=25
PEERTUBE_SMTP_FROM=
PEERTUBE_SMTP_TLS=false
PEERTUBE_SMTP_DISABLE_STARTTLS=false
PEERTUBE_ADMIN_EMAIL=
POSTFIX_myhostname=
#OPENDKIM_DOMAINS=peertube
OPENDKIM_RequireSafeKeys=no
PEERTUBE_OBJECT_STORAGE_UPLOAD_ACL_PUBLIC=public-read
PEERTUBE_OBJECT_STORAGE_UPLOAD_ACL_PRIVATE=private

8
secret.tmpl/env-roundcubeDB
View File

@@ -1,4 +1,4 @@
MYSQL_ROOT_PASSWORD=
MYSQL_DATABASE=
MYSQL_USER=
MYSQL_PASSWORD=
MYSQL_ROOT_PASSWORD=@@pass@@roudcuberoot@@p@@
MYSQL_DATABASE=@@db@@roudcube@@d@@
MYSQL_USER=@@user@@roudcube@@u@@
MYSQL_PASSWORD=@@pass@@roudcube@@p@@

10
secret.tmpl/env-roundcubeServ
View File

@@ -1,6 +1,6 @@
ROUNDCUBEMAIL_DB_TYPE=
ROUNDCUBEMAIL_DB_NAME=
ROUNDCUBEMAIL_DB_USER=
ROUNDCUBEMAIL_DB_PASSWORD=
ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE=
ROUNDCUBEMAIL_DB_TYPE=mysql
ROUNDCUBEMAIL_DB_NAME=@@db@@roudcube@@d@@
ROUNDCUBEMAIL_DB_USER=@@user@@roudcube@@u@@
ROUNDCUBEMAIL_DB_PASSWORD=@@pass@@roudcube@@p@@
ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE=1G

8
secret.tmpl/env-spipDB
View File

@@ -1,4 +1,4 @@
MYSQL_ROOT_PASSWORD=
MYSQL_DATABASE=
MYSQL_USER=
MYSQL_PASSWORD=
MYSQL_ROOT_PASSWORD=@@pass@@spiproot@@p@@
MYSQL_DATABASE=@@db@@spip@@d@@
MYSQL_USER=@@user@@spip@@u@@
MYSQL_PASSWORD=@@pass@@spip@@p@@

Some files were not shown because too many files have changed in this diff Show More