Compare commits
13 Commits
master
...
gestionSec
Author | SHA1 | Date | |
---|---|---|---|
a3f448b457 | |||
77a3819beb | |||
ec16cdfe92 | |||
6877a5f872 | |||
3a8bd9ec1a | |||
1f9ccff5b6 | |||
ff69724f86 | |||
99779a70ff | |||
400775bf41 | |||
8baf9fc492 | |||
8d26a57b6b | |||
5fbc804edd | |||
44ff3980f9 |
@@ -16,7 +16,6 @@ KAZ_ROOT=$(cd "$(dirname $0)/.."; pwd)
|
||||
setKazVars
|
||||
|
||||
. "${DOCKERS_ENV}"
|
||||
. "${KAZ_KEY_DIR}/SetAllPass.sh"
|
||||
|
||||
usage () {
|
||||
echo $(basename "$0") " [-h] [-help] [-timestamp] template dst"
|
||||
@@ -64,8 +63,8 @@ done
|
||||
-e "s|__DOKUWIKI_HOST__|${dokuwikiHost}|g"\
|
||||
-e "s|__DOMAIN__|${domain}|g"\
|
||||
-e "s|__FILE_HOST__|${fileHost}|g"\
|
||||
-e "s|__PAHEKO_API_PASSWORD__|${paheko_API_PASSWORD}|g"\
|
||||
-e "s|__PAHEKO_API_USER__|${paheko_API_USER}|g"\
|
||||
# -e "s|__PAHEKO_API_PASSWORD__|${paheko_API_PASSWORD}|g"\
|
||||
# -e "s|__PAHEKO_API_USER__|${paheko_API_USER}|g"\
|
||||
-e "s|__PAHEKO_HOST__|${pahekoHost}|g"\
|
||||
-e "s|__GIT_HOST__|${gitHost}|g"\
|
||||
-e "s|__GRAV_HOST__|${gravHost}|g"\
|
||||
@@ -79,9 +78,9 @@ done
|
||||
-e "s|__SMTP_HOST__|${smtpHost}|g"\
|
||||
-e "s|__SYMPADB__|${sympaDBName}|g"\
|
||||
-e "s|__SYMPA_HOST__|${sympaHost}|g"\
|
||||
-e "s|__SYMPA_MYSQL_DATABASE__|${sympa_MYSQL_DATABASE}|g"\
|
||||
-e "s|__SYMPA_MYSQL_PASSWORD__|${sympa_MYSQL_PASSWORD}|g"\
|
||||
-e "s|__SYMPA_MYSQL_USER__|${sympa_MYSQL_USER}|g"\
|
||||
# -e "s|__SYMPA_MYSQL_DATABASE__|${sympa_MYSQL_DATABASE}|g"\
|
||||
# -e "s|__SYMPA_MYSQL_PASSWORD__|${sympa_MYSQL_PASSWORD}|g"\
|
||||
# -e "s|__SYMPA_MYSQL_USER__|${sympa_MYSQL_USER}|g"\
|
||||
-e "s|__VIGILO_HOST__|${vigiloHost}|g"\
|
||||
-e "s|__WEBMAIL_HOST__|${webmailHost}|g"\
|
||||
-e "s|__CASTOPOD_HOST__|${castopodHost}|g"\
|
||||
|
7
bin/certbot-dns-alwaysdata.sh
Normal file → Executable file
7
bin/certbot-dns-alwaysdata.sh
Normal file → Executable file
@@ -2,9 +2,10 @@
|
||||
|
||||
# certbot certonly --manual --preferred-challenges=dns --manual-auth-hook certbot-dns-alwaysdata.sh --manual-cleanup-hook certbot-dns-alwaysdata.sh -d "*.kaz.bzh" -d "kaz.bzh"
|
||||
|
||||
ALWAYSDATA_TOKEN="TOKEN"
|
||||
ALWAYSDATA_ACCOUNT="ACCOUNT"
|
||||
ALWAYSDATA_API="https://api.alwaysdata.com/v1/"
|
||||
export KAZ_ROOT=$(cd "$(dirname $0)/.."; pwd)
|
||||
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
|
||||
setKazVars
|
||||
. $KAZ_KEY_DIR/env-alwaysdata
|
||||
|
||||
DOMAIN_ID=$(curl -s -X GET --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" ${ALWAYSDATA_API}/domain/?name=${CERTBOT_DOMAIN} | jq '.[0].id')
|
||||
|
||||
|
@@ -6,8 +6,6 @@ setKazVars
|
||||
|
||||
RUN_PASS_DIR="secret"
|
||||
TMPL_PASS_DIR="secret.tmpl"
|
||||
RUN_PASS_FILE="${RUN_PASS_DIR}/SetAllPass.sh"
|
||||
TMPL_PASS_FILE="${TMPL_PASS_DIR}/SetAllPass.sh"
|
||||
NEED_GEN=
|
||||
|
||||
########################################
|
||||
@@ -48,7 +46,12 @@ getVars () {
|
||||
# get lvalues in script
|
||||
getSettedVars () {
|
||||
# $1 : filename
|
||||
grep "^[^#]*=..*" $1 | grep -v '^[^#]*=".*--clean_val--.*"' | grep -v '^[^#]*="${' | sort -u
|
||||
grep -E "^[^=#]*(USER|PASS|TOKEN|DATABASE|ACCOUNT|LOGIN|KEY)[^#]*=..*" ./* | grep -vE '^[^#=]*=.*@@(user|pass|db|token|gv|cv)@@.*' | sort -u
|
||||
}
|
||||
|
||||
getUnsettedVars () {
|
||||
# $1 : filename
|
||||
grep -vE '^[^#=]*=.*@@(user|pass|db|token|gv|cv)@@.*' ./* | sort -u
|
||||
}
|
||||
|
||||
getVarFormVal () {
|
||||
@@ -57,60 +60,6 @@ getVarFormVal () {
|
||||
grep "^[^#]*=$1" $2 | sed 's/\s*\([^=]*\).*/\1/'
|
||||
}
|
||||
|
||||
########################################
|
||||
# synchronized SetAllPass.sh (find missing lvalues)
|
||||
updatePassFile () {
|
||||
# $1 : ref filename
|
||||
# $2 : target filename
|
||||
|
||||
REF_FILE="$1"
|
||||
TARGET_FILE="$2"
|
||||
NEED_UPDATE=
|
||||
while : ; do
|
||||
declare -a listRef listTarget missing
|
||||
listRef=($(getVars "${REF_FILE}"))
|
||||
listTarget=($(getVars "${TARGET_FILE}"))
|
||||
missing=($(comm -23 <(printf "%s\n" ${listRef[@]}) <(printf "%s\n" ${listTarget[@]})))
|
||||
if [ -n "${missing}" ]; then
|
||||
echo "missing vars in ${YELLOW}${BOLD}${TARGET_FILE}${NC}:${RED}${BOLD}" ${missing[@]} "${NC}"
|
||||
read -p "Do you want to add them? [y/n]: " yn
|
||||
case $yn in
|
||||
""|[Yy]*)
|
||||
emacs "${REF_FILE}" "${TARGET_FILE}"
|
||||
NEED_UPDATE=true
|
||||
break
|
||||
;;
|
||||
[Nn]*)
|
||||
break
|
||||
;;
|
||||
esac
|
||||
else
|
||||
break
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
updatePassFile "${TMPL_PASS_FILE}" "${RUN_PASS_FILE}"
|
||||
[ -n "${NEED_UPDATE}" ] && NEED_GEN=true
|
||||
updatePassFile "${RUN_PASS_FILE}" "${TMPL_PASS_FILE}"
|
||||
|
||||
########################################
|
||||
# check empty pass in TMPL_PASS_FILE
|
||||
declare -a settedVars
|
||||
settedVars=($(getSettedVars "${TMPL_PASS_FILE}"))
|
||||
if [ -n "${settedVars}" ]; then
|
||||
echo "unclear password in ${YELLOW}${BOLD}${TMPL_PASS_FILE}${NC}:${BLUE}${BOLD}"
|
||||
for var in ${settedVars[@]}; do
|
||||
echo -e "\t${var}"
|
||||
done
|
||||
echo "${NC}"
|
||||
read -p "Do you want to clear them? [y/n]: " yn
|
||||
case $yn in
|
||||
""|[Yy]*)
|
||||
emacs "${TMPL_PASS_FILE}"
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
|
||||
########################################
|
||||
# check new files env-*
|
||||
@@ -146,7 +95,7 @@ createMissingEnv "${TMPL_PASS_DIR}" "${RUN_PASS_DIR}"
|
||||
declare -a listTmpl listRun listCommonFiles
|
||||
listTmplFiles=($(cd "${TMPL_PASS_DIR}"; ls -1 env-* | grep -v '~$'))
|
||||
listRunFiles=($(cd "${RUN_PASS_DIR}"; ls -1 env-* | grep -v '~$'))
|
||||
listCommonFiles=($(comm -3 <(printf "%s\n" ${listTmplFiles[@]}) <(printf "%s\n" ${listRunFiles[@]})))
|
||||
listCommonFiles=($(comm -12 <(printf "%s\n" ${listTmplFiles[@]}) <(printf "%s\n" ${listRunFiles[@]})))
|
||||
for envFile in ${listCommonFiles[@]}; do
|
||||
while : ; do
|
||||
TMPL_FILE="${TMPL_PASS_DIR}/${envFile}"
|
||||
@@ -224,21 +173,19 @@ if [ -n "${missing}" ]; then
|
||||
fi
|
||||
|
||||
########################################
|
||||
# check env-* in updateDockerPassword.sh
|
||||
missing=($(for DIR in "${RUN_PASS_DIR}" "${TMPL_PASS_DIR}"; do
|
||||
# check extention in dockers.env
|
||||
declare -a missing
|
||||
unsetted=($(for DIR in "${RUN_PASS_DIR}"; do
|
||||
for envFile in $(ls -1 "${DIR}/"env-* | grep -v '~$'); do
|
||||
val="${envFile#*env-}"
|
||||
varName=$(getVarFormVal "${val}" "${DOCKERS_ENV}")
|
||||
[ -z "${varName}" ] && continue
|
||||
prefixe=$(grep "^\s*updateEnv.*${varName}" "${KAZ_BIN_DIR}/updateDockerPassword.sh" |
|
||||
sed 's/\s*updateEnv[^"]*"\([^"]*\)".*/\1/' | sort -u)
|
||||
if [ -z "${prefixe}" ]; then
|
||||
echo "${envFile#*/}_(\${KAZ_KEY_DIR}/env-\${"${varName}"})"
|
||||
if [ -z "${varName}" ]; then
|
||||
echo "${val}"
|
||||
fi
|
||||
done
|
||||
done | sort -u))
|
||||
if [ -n "${missing}" ]; then
|
||||
echo "missing update in ${GREEN}${BOLD}${KAZ_BIN_DIR}/updateDockerPassword.sh${NC}:${BLUE}${BOLD}"
|
||||
echo "missing def in ${GREEN}${BOLD}${DOCKERS_ENV}${NC}:${BLUE}${BOLD}"
|
||||
for var in ${missing[@]}; do
|
||||
echo -e "\t${var}"
|
||||
done
|
||||
@@ -246,53 +193,17 @@ if [ -n "${missing}" ]; then
|
||||
read -p "Do you want to add them? [y/n]: " yn
|
||||
case $yn in
|
||||
""|[Yy]*)
|
||||
emacs "${KAZ_BIN_DIR}/updateDockerPassword.sh"
|
||||
emacs "${DOCKERS_ENV}"
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
|
||||
########################################
|
||||
# synchronized SetAllPass.sh and env-*
|
||||
updateEnvFiles () {
|
||||
# $1 secret dir
|
||||
DIR=$1
|
||||
listRef=($(getVars "${DIR}/SetAllPass.sh"))
|
||||
missing=($(for envFile in $(ls -1 "${DIR}/"env-* | grep -v '~$'); do
|
||||
val="${envFile#*env-}"
|
||||
varName=$(getVarFormVal "${val}" "${DOCKERS_ENV}")
|
||||
[ -z "${varName}" ] && continue
|
||||
prefixe=$(grep "^\s*updateEnv.*${varName}" "${KAZ_BIN_DIR}/updateDockerPassword.sh" |
|
||||
sed 's/\s*updateEnv[^"]*"\([^"]*\)".*/\1/' | sort -u)
|
||||
[ -z "${prefixe}" ] && continue
|
||||
listVarsInEnv=($(getVars "${envFile}"))
|
||||
for var in ${listVarsInEnv[@]}; do
|
||||
[[ ! " ${listRef[@]} " =~ " ${prefixe}_${var} " ]] && echo "${prefixe}_${var}"
|
||||
done
|
||||
# XXX doit exister dans SetAllPass.sh avec le prefixe
|
||||
done))
|
||||
if [ -n "${missing}" ]; then
|
||||
echo "missing update in ${GREEN}${BOLD}${DIR}/SetAllPass.sh${NC}:${BLUE}${BOLD}"
|
||||
for var in ${missing[@]}; do
|
||||
echo -e "\t${var}"
|
||||
done
|
||||
echo "${NC}"
|
||||
read -p "Do you want to add them? [y/n]: " yn
|
||||
case $yn in
|
||||
""|[Yy]*)
|
||||
emacs "${DIR}/SetAllPass.sh"
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
}
|
||||
|
||||
updateEnvFiles "${RUN_PASS_DIR}"
|
||||
updateEnvFiles "${TMPL_PASS_DIR}"
|
||||
|
||||
# XXX chercher les variables non utilisées dans les SetAllPass.sh
|
||||
|
||||
if [ -n "${NEED_GEN}" ]; then
|
||||
while : ; do
|
||||
read -p "Do you want to generate blank values? [y/n]: " yn
|
||||
read -p "Do you want to generate missing values? [y/n]: " yn
|
||||
case $yn in
|
||||
""|[Yy]*)
|
||||
"${KAZ_BIN_DIR}/secretGen.sh"
|
||||
|
@@ -1,11 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
KAZ_ROOT=$(cd $(dirname $0)/..; pwd)
|
||||
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
|
||||
setKazVars
|
||||
|
||||
for filename in "${KAZ_KEY_DIR}/"env-*Serv "${KAZ_KEY_DIR}/"env-*DB; do
|
||||
if grep -q "^[^#=]*=\s*$" "${filename}" 2>/dev/null; then
|
||||
echo "${filename}"
|
||||
fi
|
||||
done
|
@@ -61,20 +61,6 @@ doCompose () {
|
||||
${SIMU} ln -fs ../../config/dockers.env .env
|
||||
fi
|
||||
${SIMU} docker-compose $1
|
||||
|
||||
if [ "$2" = "cachet" ] && [ "$1" != "down" ]; then
|
||||
NEW_KEY=$(cd "${KAZ_COMP_DIR}/$2" ; docker-compose logs | grep APP_KEY=base64: | sed "s/^.*'APP_KEY=\(base64:[^']*\)'.*$/\1/" | tail -1)
|
||||
if [ -n "${NEW_KEY}" ]; then
|
||||
printKazMsg "cachet key change"
|
||||
# change key
|
||||
${SIMU} sed -i \
|
||||
-e 's%^\(\s*cachet_APP_KEY=\).*$%\1"'"${NEW_KEY}"'"%' \
|
||||
"${KAZ_KEY_DIR}/SetAllPass.sh"
|
||||
${SIMU} "${KAZ_BIN_DIR}/secretGen.sh"
|
||||
# restart
|
||||
${SIMU} docker-compose $1
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
doComposes () {
|
||||
@@ -177,7 +163,6 @@ statusComposes () {
|
||||
|
||||
saveComposes () {
|
||||
. "${DOCKERS_ENV}"
|
||||
. "${KAZ_ROOT}/secret/SetAllPass.sh"
|
||||
|
||||
savedComposes+=( ${enableMailComposes[@]} )
|
||||
savedComposes+=( ${enableProxyComposes[@]} )
|
||||
@@ -195,67 +180,85 @@ saveComposes () {
|
||||
;;
|
||||
sympa)
|
||||
echo "save sympa"
|
||||
saveDB ${sympaDBName} "${sympa_MYSQL_USER}" "${sympa_MYSQL_PASSWORD}" "${sympa_MYSQL_DATABASE}" sympa mysql
|
||||
. $KAZ_BIN_DIR/getPasswords.sh sympaDB
|
||||
saveDB ${sympaDBName} "${sympaDB_MYSQL_USER}" "${sympaDB_MYSQL_PASSWORD}" "${sympaDB_MYSQL_DATABASE}" sympa mysql
|
||||
;;
|
||||
web)
|
||||
# rien à faire (fichiers)
|
||||
;;
|
||||
etherpad)
|
||||
echo "save pad"
|
||||
saveDB ${etherpadDBName} "${etherpad_MYSQL_USER}" "${etherpad_MYSQL_PASSWORD}" "${etherpad_MYSQL_DATABASE}" etherpad mysql
|
||||
. $KAZ_BIN_DIR/getPasswords.sh etherpadDB
|
||||
saveDB ${etherpadDBName} "${etherpadDB_MYSQL_USER}" "${etherpadDB_MYSQL_PASSWORD}" "${etherpadDB_MYSQL_DATABASE}" etherpad mysql
|
||||
;;
|
||||
framadate)
|
||||
echo "save date"
|
||||
saveDB ${framadateDBName} "${framadate_MYSQL_USER}" "${framadate_MYSQL_PASSWORD}" "${framadate_MYSQL_DATABASE}" framadate mysql
|
||||
. $KAZ_BIN_DIR/getPasswords.sh framadateDB
|
||||
saveDB ${framadateDBName} "${framadateDB_MYSQL_USER}" "${framadateDB_MYSQL_PASSWORD}" "${framadateDB_MYSQL_DATABASE}" framadate mysql
|
||||
;;
|
||||
cloud)
|
||||
echo "save cloud"
|
||||
saveDB ${nextcloudDBName} "${nextcloud_MYSQL_USER}" "${nextcloud_MYSQL_PASSWORD}" "${nextcloud_MYSQL_DATABASE}" nextcloud mysql
|
||||
. $KAZ_BIN_DIR/getPasswords.sh nextcloudDB
|
||||
saveDB ${nextcloudDBName} "${nextcloudDB_MYSQL_USER}" "${nextcloudDB_MYSQL_PASSWORD}" "${nextcloudDB_MYSQL_DATABASE}" nextcloud mysql
|
||||
;;
|
||||
paheko)
|
||||
# rien à faire (fichiers)
|
||||
;;
|
||||
mattermost)
|
||||
echo "save mattermost"
|
||||
saveDB matterPG "${mattermost_POSTGRES_USER}" "${mattermost_POSTGRES_PASSWORD}" "${mattermost_POSTGRES_DB}" mattermost postgres
|
||||
. $KAZ_BIN_DIR/getPasswords.sh mattermostDB
|
||||
saveDB matterPG "${mattermostDB_POSTGRES_USER}" "${mattermostDB_POSTGRES_PASSWORD}" "${mattermostDB_POSTGRES_DB}" mattermost postgres
|
||||
;;
|
||||
mobilizon)
|
||||
echo "save mobilizon"
|
||||
saveDB ${mobilizonDBName} "${mobilizon_POSTGRES_USER}" "${mobilizon_POSTGRES_PASSWORD}" "${mobilizon_POSTGRES_DB}" mobilizon postgres
|
||||
. $KAZ_BIN_DIR/getPasswords.sh mobilizonDB
|
||||
saveDB ${mobilizonDBName} "${mobilizonDB_POSTGRES_USER}" "${mobilizonDB_POSTGRES_PASSWORD}" "${mobilizonDB_POSTGRES_DB}" mobilizon postgres
|
||||
;;
|
||||
peertube)
|
||||
echo "save peertube"
|
||||
saveDB ${peertubeDBName} "${peertube_POSTGRES_USER}" "${peertube_POSTGRES_PASSWORD}" "${PEERTUBE_DB_HOSTNAME}" peertube postgres
|
||||
. $KAZ_BIN_DIR/getPasswords.sh peertubeDB
|
||||
saveDB ${peertubeDBName} "${peertubeDB_POSTGRES_USER}" "${peertubeDB_POSTGRES_PASSWORD}" "${peertubeDB_PEERTUBE_DB_HOSTNAME}" peertube postgres
|
||||
;;
|
||||
mastodon)
|
||||
echo "save mastodon"
|
||||
saveDB ${mastodonDBName} "${mastodon_POSTGRES_USER}" "${mastodon_POSTGRES_PASSWORD}" "${mastodon_POSTGRES_DB}" mastodon postgres
|
||||
. $KAZ_BIN_DIR/getPasswords.sh mastodonDB
|
||||
saveDB ${mastodonDBName} "${mastodonDB_POSTGRES_USER}" "${mastodonDB_POSTGRES_PASSWORD}" "${mastodonDB_POSTGRES_DB}" mastodon postgres
|
||||
;;
|
||||
roundcube)
|
||||
echo "save roundcube"
|
||||
saveDB ${roundcubeDBName} "${roundcube_MYSQL_USER}" "${roundcube_MYSQL_PASSWORD}" "${roundcube_MYSQL_DATABASE}" roundcube mysql
|
||||
. $KAZ_BIN_DIR/getPasswords.sh roundcubeDB
|
||||
saveDB ${roundcubeDBName} "${roundcubeDB_MYSQL_USER}" "${roundcubeDB_MYSQL_PASSWORD}" "${roundcubeDB_MYSQL_DATABASE}" roundcube mysql
|
||||
;;
|
||||
vaultwarden)
|
||||
echo "save vaultwarden"
|
||||
saveDB ${vaultwardenDBName} "${vaultwarden_MYSQL_USER}" "${vaultwarden_MYSQL_PASSWORD}" "${vaultwarden_MYSQL_DATABASE}" vaultwarden mysql
|
||||
. $KAZ_BIN_DIR/getPasswords.sh vaultwardenDB
|
||||
saveDB ${vaultwardenDBName} "${vaultwardenDB_MYSQL_USER}" "${vaultwardenDB_MYSQL_PASSWORD}" "${vaultwardenDB_MYSQL_DATABASE}" vaultwarden mysql
|
||||
;;
|
||||
dokuwiki)
|
||||
# rien à faire (fichiers)
|
||||
;;
|
||||
*-orga)
|
||||
ORGA=${compose%-orga}
|
||||
echo "save ${ORGA}"
|
||||
echo "save ${ORGA}"
|
||||
if grep -q "cloud:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then
|
||||
echo " => cloud"
|
||||
saveDB "${ORGA}-DB" "${nextcloud_MYSQL_USER}" "${nextcloud_MYSQL_PASSWORD}" "${nextcloud_MYSQL_DATABASE}" "${ORGA}-cloud" mysql
|
||||
. $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudDB
|
||||
saveDB "${ORGA}-DB" "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" "${ORGA}-cloud" mysql
|
||||
fi
|
||||
if grep -q "agora:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then
|
||||
echo " => mattermost"
|
||||
saveDB "${ORGA}-DB" "${mattermost_MYSQL_USER}" "${mattermost_MYSQL_PASSWORD}" "${mattermost_MYSQL_DATABASE}" "${ORGA}-mattermost" mysql
|
||||
. $KAZ_KEY_DIR/orgas/$ORGA/env-mattermostDB
|
||||
saveDB "${ORGA}-DB" "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" "${ORGA}-mattermost" mysql
|
||||
fi
|
||||
if grep -q "wordpress:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then
|
||||
echo " => wordpress"
|
||||
saveDB "${ORGA}-DB" "${wp_MYSQL_USER}" "${wp_MYSQL_PASSWORD}" "${wp_MYSQL_DATABASE}" "${ORGA}-wordpress" mysql
|
||||
. $KAZ_KEY_DIR/orgas/$ORGA/env-wpDB
|
||||
saveDB "${ORGA}-DB" "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" "${ORGA}-wordpress" mysql
|
||||
fi
|
||||
if grep -q "spip:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then
|
||||
echo " => spip"
|
||||
. $KAZ_KEY_DIR/orgas/$ORGA/env-spipDB
|
||||
saveDB "${ORGA}-DB" "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" "${ORGA}-spip" mysql
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
|
81
bin/createDBUsers.sh
Executable file
81
bin/createDBUsers.sh
Executable file
@@ -0,0 +1,81 @@
|
||||
#!/bin/bash
|
||||
|
||||
KAZ_ROOT=$(cd $(dirname $0)/..; pwd)
|
||||
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
|
||||
setKazVars
|
||||
|
||||
# pour mise au point
|
||||
# SIMU=echo
|
||||
|
||||
# Améliorations à prévoir
|
||||
# - donner en paramètre les services concernés (pour limité les modifications)
|
||||
# - pour les DB si on déclare un nouveau login, alors les privilèges sont créé mais les anciens pas révoqués
|
||||
|
||||
. "${DOCKERS_ENV}"
|
||||
|
||||
createMysqlUser(){
|
||||
# $1 = envName
|
||||
# $2 = containerName of DB
|
||||
|
||||
. $KAZ_KEY_DIR/env-$1
|
||||
|
||||
# seulement si pas de mdp pour root
|
||||
# pb oeuf et poule (il faudrait les anciennes valeurs) :
|
||||
# * si rootPass change, faire à la main
|
||||
# * si dbName change, faire à la main
|
||||
checkDockerRunning "$2" "$2" || return
|
||||
echo "change DB pass on docker $2"
|
||||
echo "grant all privileges on ${MYSQL_DATABASE}.* to '${MYSQL_USER}' identified by '${MYSQL_PASSWORD}';" | \
|
||||
docker exec -i $2 bash -c "mysql --user=root --password=${MYSQL_ROOT_PASSWORD}"
|
||||
}
|
||||
|
||||
|
||||
|
||||
framadateUpdate(){
|
||||
[[ "${COMP_ENABLE}" =~ " framadate " ]] || return
|
||||
if [ ! -f "${DOCK_LIB}/volumes/framadate_dateConfig/_data/config.php" ]; then
|
||||
return 0
|
||||
fi
|
||||
.$KAZ_BIN_DIR/getPasswords.sh framadateDB framadateServ
|
||||
|
||||
checkDockerRunning "${framadateServName}" "Framadate" &&
|
||||
${SIMU} docker exec -ti "${framadateServName}" bash -c -i "htpasswd -bc /var/framadate/admin/.htpasswd ${framadateServ_HTTPD_USER} ${framadateServ_HTTPD_PASSWORD}"
|
||||
${SIMU} sed -i \
|
||||
-e "s/^#*const DB_USER[ ]*=.*$/const DB_USER= '${framadateDB_MYSQL_USER}';/g" \
|
||||
-e "s/^#*const DB_PASSWORD[ ]*=.*$/const DB_PASSWORD= '${framadateDB_MYSQL_PASSWORD}';/g" \
|
||||
"${DOCK_LIB}/volumes/framadate_dateConfig/_data/config.php"
|
||||
}
|
||||
|
||||
jirafeauUpdate(){
|
||||
[[ "${COMP_ENABLE}" =~ " jirafeau " ]] || return
|
||||
if [ ! -f "${DOCK_LIB}/volumes/jirafeau_fileConfig/_data/config.local.php" ]; then
|
||||
return 0
|
||||
fi
|
||||
. $KAZ_BIN_DIR/getPasswords.sh jirafeauServ
|
||||
SHA=$(echo -n "${jirafeauServ_HTTPD_PASSWORD}" | sha256sum | cut -d \ -f 1)
|
||||
${SIMU} sed -i \
|
||||
-e "s/'admin_password'[ ]*=>[ ]*'[^']*'/'admin_password' => '${SHA}'/g" \
|
||||
"${DOCK_LIB}/volumes/jirafeau_fileConfig/_data/config.local.php"
|
||||
}
|
||||
|
||||
####################
|
||||
# main
|
||||
|
||||
createMysqlUser "etherpadDB" "${etherpadDBName}"
|
||||
createMysqlUser "framadateDB" "${framadateDBName}"
|
||||
createMysqlUser "giteaDB" "${gitDBName}"
|
||||
createMysqlUser "mattermostDB" "${mattermostDBName}"
|
||||
createMysqlUser "nextcloudDB" "${nextcloudDBName}"
|
||||
createMysqlUser "roundcubeDB" "${roundcubeDBName}"
|
||||
createMysqlUser "sympaDB" "${sympaDBName}"
|
||||
createMysqlUser "vigiloDB" "${vigiloDBName}"
|
||||
createMysqlUser "wpDB" "${wordpressDBName}"
|
||||
createMysqlUser "vaultwardenDB" "${vaultwardenDBName}"
|
||||
createMysqlUser "castopodDB" "${castopodDBName}"
|
||||
createMysqlUser "spipDB" "${spipDBName}"
|
||||
createMysqlUser "mastodonDB" "${mastodonDBName}"
|
||||
|
||||
|
||||
framadateUpdate
|
||||
jirafeauUpdate
|
||||
exit 0
|
@@ -1,104 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
cd $(dirname $0)/..
|
||||
|
||||
mkdir -p emptySecret
|
||||
rsync -aHAX --info=progress2 --delete secret/ emptySecret/
|
||||
|
||||
cd emptySecret/
|
||||
|
||||
. ../config/dockers.env
|
||||
. ./SetAllPass.sh
|
||||
|
||||
# pour mise au point
|
||||
# SIMU=echo
|
||||
|
||||
cleanEnvDB(){
|
||||
# $1 = prefix
|
||||
# $2 = envName
|
||||
# $3 = containerName of DB
|
||||
rootPass="--root_password--"
|
||||
dbName="--database_name--"
|
||||
userName="--user_name--"
|
||||
userPass="--user_password--"
|
||||
|
||||
${SIMU} sed -i \
|
||||
-e "s/MYSQL_ROOT_PASSWORD=.*/MYSQL_ROOT_PASSWORD=${rootPass}/g" \
|
||||
-e "s/MYSQL_DATABASE=.*/MYSQL_DATABASE=${dbName}/g" \
|
||||
-e "s/MYSQL_USER=.*/MYSQL_USER=${userName}/g" \
|
||||
-e "s/MYSQL_PASSWORD=.*/MYSQL_PASSWORD=${userPass}/g" \
|
||||
"$2"
|
||||
}
|
||||
|
||||
cleanEnv(){
|
||||
# $1 = prefix
|
||||
# $2 = envName
|
||||
for varName in $(grep "^[a-zA-Z_]*=" $2 | sed "s/^\([^=]*\)=.*/\1/g")
|
||||
do
|
||||
srcName="$1_${varName}"
|
||||
srcVal="--clean_val--"
|
||||
${SIMU} sed -i \
|
||||
-e "s~^[ ]*${varName}=.*$~${varName}=${srcVal}~" \
|
||||
"$2"
|
||||
done
|
||||
}
|
||||
|
||||
cleanPasswd(){
|
||||
${SIMU} sed -i \
|
||||
-e 's/^\([# ]*[^#= ]*\)=".[^{][^"]*"/\1="--clean_val--"/g' \
|
||||
./SetAllPass.sh
|
||||
}
|
||||
|
||||
####################
|
||||
# main
|
||||
|
||||
# read -r -p "Do you want to remove all password? [Y/n] " input
|
||||
|
||||
# case $input in
|
||||
# [yY][eE][sS]|[yY])
|
||||
# echo "Remove all password"
|
||||
# ;;
|
||||
# [nN][oO]|[nN])
|
||||
# echo "Abort"
|
||||
# ;;
|
||||
# *)
|
||||
# echo "Invalid input..."
|
||||
# exit 1
|
||||
# ;;
|
||||
# esac
|
||||
|
||||
cleanPasswd
|
||||
|
||||
cleanEnvDB "etherpad" "./env-${etherpadDBName}" "${etherpadDBName}"
|
||||
cleanEnvDB "framadate" "./env-${framadateDBName}" "${framadateDBName}"
|
||||
cleanEnvDB "git" "./env-${gitDBName}" "${gitDBName}"
|
||||
cleanEnvDB "mattermost" "./env-${mattermostDBName}" "${mattermostDBName}"
|
||||
cleanEnvDB "nextcloud" "./env-${nextcloudDBName}" "${nextcloudDBName}"
|
||||
cleanEnvDB "roundcube" "./env-${roundcubeDBName}" "${roundcubeDBName}"
|
||||
cleanEnvDB "sso" "./env-${ssoDBName}" "${ssoDBName}"
|
||||
cleanEnvDB "sympa" "./env-${sympaDBName}" "${sympaDBName}"
|
||||
cleanEnvDB "vigilo" "./env-${vigiloDBName}" "${vigiloDBName}"
|
||||
cleanEnvDB "wp" "./env-${wordpressDBName}" "${wordpressDBName}"
|
||||
|
||||
cleanEnv "etherpad" "./env-${etherpadServName}"
|
||||
cleanEnv "gandi" "./env-gandi"
|
||||
cleanEnv "jirafeau" "./env-${jirafeauServName}"
|
||||
cleanEnv "mattermost" "./env-${mattermostServName}"
|
||||
cleanEnv "nextcloud" "./env-${nextcloudServName}"
|
||||
cleanEnv "office" "./env-${officeServName}"
|
||||
cleanEnv "roundcube" "./env-${roundcubeServName}"
|
||||
cleanEnv "sso" "./env-${ssoServName}"
|
||||
cleanEnv "vigilo" "./env-${vigiloServName}"
|
||||
cleanEnv "wp" "./env-${wordpressServName}"
|
||||
|
||||
cat > allow_admin_ip <<EOF
|
||||
# ip for admin access only
|
||||
|
||||
# local test
|
||||
allow 127.0.0.0/8;
|
||||
allow 192.168.0.0/16;
|
||||
|
||||
EOF
|
||||
|
||||
chmod -R go= .
|
||||
chmod -R +X .
|
@@ -3,14 +3,13 @@
|
||||
cd $(dirname $0)
|
||||
|
||||
./setOwner.sh
|
||||
./createEmptyPasswd.sh
|
||||
|
||||
cd ../..
|
||||
|
||||
FILE_NAME="/tmp/$(date +'%Y%M%d')-KAZ.tar.bz2"
|
||||
FILE_NAME="/tmp/$(date +'%Y%m%d')-KAZ.tar.bz2"
|
||||
|
||||
tar -cjf "${FILE_NAME}" --transform s/emptySecret/secret/ \
|
||||
./kaz/emptySecret/ ./kaz/bin ./kaz/config ./kaz/dockers
|
||||
tar -cjf "${FILE_NAME}" --transform s/secret.tmpl/secret/ \
|
||||
./kaz/secret.tmpl/ ./kaz/bin ./kaz/config ./kaz/dockers
|
||||
|
||||
ls -l "${FILE_NAME}"
|
||||
|
||||
|
@@ -37,7 +37,9 @@ setKazVars
|
||||
|
||||
cd "${KAZ_ROOT}"
|
||||
. "${DOCKERS_ENV}"
|
||||
. "${KAZ_KEY_DIR}/SetAllPass.sh"
|
||||
|
||||
|
||||
. $KAZ_BIN_DIR/getPasswords.sh ldapServ sympaServ paheko
|
||||
|
||||
# DOCK_DIR="${KAZ_COMP_DIR}" # ???
|
||||
|
||||
@@ -221,6 +223,7 @@ dos2unix "${TFILE_MM}"
|
||||
echo "done"
|
||||
|
||||
# se connecter à l'agora pour ensuite pouvoir passer toutes les commandes mmctl
|
||||
. $KAZ_KEY_DIR/env-mattermostAdmin
|
||||
echo "docker exec -i mattermostServ bin/mmctl auth login ${httpProto}://${URL_AGORA} --name local-server --username ${mattermost_user} --password ${mattermost_pass}" | tee -a "${CMD_INIT}"
|
||||
|
||||
# vérif des emails
|
||||
@@ -393,9 +396,9 @@ nextcloudEnabled: TRUE\n\
|
||||
nextcloudQuota: ${QUOTA} GB\n\
|
||||
mobilizonEnabled: TRUE\n\
|
||||
agoraEnabled: TRUE\n\
|
||||
userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldap_LDAP_ADMIN_PASSWORD}" | tee -a "${CMD_LOGIN}"
|
||||
userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}" | tee -a "${CMD_LOGIN}"
|
||||
fi
|
||||
#userPassword: {CRYPT}\$6\$${pass}\n\n\" | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldap_LDAP_CONFIG_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldap_LDAP_CONFIG_ADMIN_PASSWORD}" | tee -a "${CMD_LOGIN}"
|
||||
#userPassword: {CRYPT}\$6\$${pass}\n\n\" | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldapServ_LDAP_CONFIG_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldapServ_LDAP_CONFIG_ADMIN_PASSWORD}" | tee -a "${CMD_LOGIN}"
|
||||
|
||||
CREATE_ORGA_SERVICES=""
|
||||
|
||||
@@ -424,15 +427,16 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$
|
||||
MESSAGE_MAIL_ORGA_1="${MESSAGE_MAIL_ORGA_1}${NL}* un bureau virtuel pour stocker des fichiers/calendriers/contacts et partager avec vos connaissances : ${httpProto}://${URL_NC}"
|
||||
|
||||
# le user existe t-il déjà sur NC ?
|
||||
curl -o "${TEMP_USER_NC}" -X GET -H 'OCS-APIRequest:true' "${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users?search=${IDENT_KAZ}"
|
||||
. $KAZ_KEY_DIR/env-nextcloudServ
|
||||
curl -o "${TEMP_USER_NC}" -X GET -H 'OCS-APIRequest:true' "${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users?search=${IDENT_KAZ}"
|
||||
if grep -q "<element>${IDENT_KAZ}</element>" "${TEMP_USER_NC}"; then
|
||||
echo "${IDENT_KAZ} existe déjà sur ${URL_NC}" | tee -a "${LOG}"
|
||||
else
|
||||
|
||||
# on créé l'utilisateur sur NC sauf si c'est le NC général, on ne créé jamais l'utilisateur7
|
||||
if [ ${URL_NC} != "${cloudHost}.${domain}" ]; then
|
||||
|
||||
echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users \
|
||||
. $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudServ
|
||||
echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users \
|
||||
-d userid='${IDENT_KAZ}' \
|
||||
-d displayName='${PRENOM} ${NOM}' \
|
||||
-d password='${PASSWORD}' \
|
||||
@@ -445,19 +449,22 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$
|
||||
|
||||
# s'il est admin de son orga, on le met admin
|
||||
if [ "${service[ADMIN_ORGA]}" == "O" -a "${ORGA}" != "" -a "${service[NC_ORGA]}" == "O" ]; then
|
||||
echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://${nextcloud_NEXTCLOUD_ADMIN_USER}:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users/${IDENT_KAZ}/groups -d groupid='admin'" | tee -a "${CMD_INIT}"
|
||||
. $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudServ
|
||||
echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users/${IDENT_KAZ}/groups -d groupid='admin'" | tee -a "${CMD_INIT}"
|
||||
fi
|
||||
|
||||
# faut-il mettre le user NC dans un groupe particulier sur le NC de base ?
|
||||
if [ "${GROUPE_NC_BASE}" != "" -a "${service[NC_BASE]}" == "O" ]; then
|
||||
# ici on travaille à nouveau sur le NC commun, donc on rechoppe les bons mdp
|
||||
. $KAZ_KEY_DIR/env-nextcloudServ
|
||||
# le groupe existe t-il déjà ?
|
||||
curl -o "${TEMP_GROUP_NC}" -X GET -H 'OCS-APIRequest:true' "${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/groups?search=${GROUPE_NC_BASE}"
|
||||
curl -o "${TEMP_GROUP_NC}" -X GET -H 'OCS-APIRequest:true' "${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/groups?search=${GROUPE_NC_BASE}"
|
||||
nb=$(grep "<element>${GROUPE_NC_BASE}</element>" "${TEMP_GROUP_NC}" | wc -l)
|
||||
if [ "${nb}" == "0" ];then
|
||||
echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/groups -d groupid=${GROUPE_NC_BASE}" | tee -a "${CMD_INIT}"
|
||||
echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/groups -d groupid=${GROUPE_NC_BASE}" | tee -a "${CMD_INIT}"
|
||||
fi
|
||||
# puis attacher le user au groupe
|
||||
echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users/${IDENT_KAZ}/groups -d groupid=${GROUPE_NC_BASE}" | tee -a "${CMD_INIT}"
|
||||
echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users/${IDENT_KAZ}/groups -d groupid=${GROUPE_NC_BASE}" | tee -a "${CMD_INIT}"
|
||||
fi
|
||||
fi
|
||||
|
||||
@@ -483,7 +490,8 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$
|
||||
|
||||
# TODO : vérif existance user
|
||||
# # le user existe t-il déjà sur le wp ?
|
||||
# curl -o "${TEMP_USER_WP}" -X GET "${httpProto}://${wp_WORDPRESS_ADMIN_USER}:${wp_WORDPRESS_ADMIN_PASSWORD}@${URL_WP_ORGA}/ocs/v1.php/cloud/users?search=${IDENT_KAZ}"
|
||||
# . $KAZ_BIN_DIR/getPasswords.sh wpServ
|
||||
# curl -o "${TEMP_USER_WP}" -X GET "${httpProto}://${wpServ_WORDPRESS_ADMIN_USER}:${wpServ_WORDPRESS_ADMIN_PASSWORD}@${URL_WP_ORGA}/ocs/v1.php/cloud/users?search=${IDENT_KAZ}"
|
||||
# nb_user_wp_orga=$(grep "<element>${IDENT_KAZ}</element>" "${TEMP_USER_WP}" | wc -l)
|
||||
# if [ "${nb_user_wp_orga}" != "0" ];then
|
||||
# (
|
||||
@@ -501,7 +509,7 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$
|
||||
# ) | tee -a "${LOG}"
|
||||
#
|
||||
# # on supprime l'utilisateur sur NC.
|
||||
# echo "curl -X DELETE -H 'OCS-APIRequest:true' ${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users \
|
||||
# echo "curl -X DELETE -H 'OCS-APIRequest:true' ${httpProto}://admin:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users \
|
||||
# -d userid='${IDENT_KAZ}' \
|
||||
# " | tee -a "${CMD_INIT}"
|
||||
# fi
|
||||
@@ -619,13 +627,13 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$
|
||||
# docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=https://listes.kaz.sns/sympasoap --trusted_application=SOAP_USER --trusted_application_password=SOAP_PASSWORD --proxy_vars="USER_EMAIL=contact1@kaz.sns" --service=which
|
||||
if [[ "${mode}" = "dev" ]]; then
|
||||
echo "# DEV, on teste l'inscription à sympa"| tee -a "${CMD_SYMPA}"
|
||||
LISTMASTER=$(echo ${sympa_LISTMASTERS} | cut -d',' -f1)
|
||||
echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\"" | tee -a "${CMD_SYMPA}"
|
||||
LISTMASTER=$(echo ${sympaServ_LISTMASTERS} | cut -d',' -f1)
|
||||
echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\"" | tee -a "${CMD_SYMPA}"
|
||||
else
|
||||
echo "# PROD, on inscrit à sympa"| tee -a "${CMD_SYMPA}"
|
||||
LISTMASTER=$(echo ${sympa_LISTMASTERS} | cut -d',' -f1)
|
||||
echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\"" | tee -a "${CMD_SYMPA}"
|
||||
echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SECOURS}\"" | tee -a "${CMD_SYMPA}"
|
||||
LISTMASTER=$(echo ${sympaServ_LISTMASTERS} | cut -d',' -f1)
|
||||
echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\"" | tee -a "${CMD_SYMPA}"
|
||||
echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SECOURS}\"" | tee -a "${CMD_SYMPA}"
|
||||
fi
|
||||
|
||||
if [ "${service[ADMIN_ORGA]}" == "O" ]; then
|
||||
|
@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
|
||||
. $KAZ_ROOT/bin/.commonFunctions.sh
|
||||
setKazVars
|
||||
. $DOCKERS_ENV
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
. $KAZ_ROOT/secret/env-kaz
|
||||
|
||||
PRG=$(basename $0)
|
||||
|
@@ -7,7 +7,7 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
|
||||
. $KAZ_ROOT/bin/.commonFunctions.sh
|
||||
setKazVars
|
||||
. $DOCKERS_ENV
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
|
||||
|
||||
PRG=$(basename $0)
|
||||
|
||||
|
@@ -8,7 +8,7 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
|
||||
setKazVars
|
||||
|
||||
. $DOCKERS_ENV
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
. $KAZ_BIN_DIR/getPasswords.sh ldapServ nextcloudServ sympaServ paheko
|
||||
|
||||
VERSION="18-05-2025"
|
||||
PRG=$(basename $0)
|
||||
@@ -24,7 +24,7 @@ URL_PAHEKO="$httpProto://${paheko_API_USER}:${paheko_API_PASSWORD}@kaz-paheko.$(
|
||||
NL_LIST=infos@listes.kaz.bzh
|
||||
URL_AGORA_API=${URL_AGORA}/api/v4
|
||||
EQUIPE=kaz
|
||||
LISTMASTER=$(echo ${sympa_LISTMASTERS} | cut -d',' -f1)
|
||||
LISTMASTER=$(echo ${sympaServ_LISTMASTERS} | cut -d',' -f1)
|
||||
|
||||
|
||||
#### Test du serveur sur lequel s' execute le script ####
|
||||
@@ -47,6 +47,8 @@ rm -rf /tmp/*.json
|
||||
############################################ Fonctions #######################################################
|
||||
|
||||
ExpMail() {
|
||||
|
||||
. $KAZ_KEY_DIR/env-mail
|
||||
MAIL_DEST=$1
|
||||
MAIL_SUJET=$2
|
||||
MAIL_TEXTE=$3
|
||||
@@ -58,6 +60,7 @@ ExpMail() {
|
||||
}
|
||||
|
||||
PostMattermost() {
|
||||
. $KAZ_KEY_DIR/env-mattermostAdmin
|
||||
PostM=$1
|
||||
CHANNEL=$2
|
||||
TEAMID=$(curl -s -H "Authorization: Bearer ${mattermost_token}" "${URL_AGORA_API}/teams/name/${EQUIPE}" | jq .id | sed -e 's/"//g')
|
||||
@@ -91,8 +94,8 @@ searchEmail() {
|
||||
fi
|
||||
done
|
||||
ldapsearch -H ldap://${LDAP_IP} \
|
||||
-x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
|
||||
-w "${ldap_LDAP_ADMIN_PASSWORD}" \
|
||||
-x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
|
||||
-w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
|
||||
-b "${ldap_root}" "(&(objectclass=${SEARCH_OBJECT_CLASS})(cn=*${RMAIL}*))" cn | grep ^cn | sed -e 's/^cn: //' >$TFILE_EMAILS
|
||||
COMPTEUR_LIGNE=0
|
||||
while read LIGNE
|
||||
@@ -136,7 +139,8 @@ searchEmail() {
|
||||
|
||||
searchMattermost() {
|
||||
#Ici $1 est une adresse email
|
||||
docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings auth login $httpProto://$URL_AGORA --name local-server --username $mattermost_user --password $mattermost_pass >/dev/null 2>&1
|
||||
. $KAZ_KEY_DIR/env-mattermostAdmin
|
||||
docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings auth login $httpProto://$URL_AGORA --name local-server --username $mattermost_user --password $mattermost_pass >/dev/null 2>&1
|
||||
docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings config set ServiceSettings.EnableAPIUserDeletion "true" >/dev/null 2>&1
|
||||
#on créé la list des mails dans mattermost
|
||||
docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings user list --all >${TFILE_MAILS_MATTERMOST} 2>/dev/null
|
||||
@@ -182,12 +186,12 @@ infoEmail() {
|
||||
printKazMsg " DETAILS DU COMPTE DANS NEXTCLOUD PRINCIPAL"
|
||||
echo -e ""
|
||||
#TEMP_USER_NC=$(mktemp /tmp/$RACINE.XXXXXXXXX.TEMP_USER_NC)
|
||||
#curl -s -o $TEMP_USER_NC -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloud_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=$CHOIX_MAIL
|
||||
#curl -s -o $TEMP_USER_NC -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=$CHOIX_MAIL
|
||||
#cat $TEMP_USER_NC | grep -i "element" | sed -e s/[\<\>\/]//g | sed -e s/element//g
|
||||
echo -ne "${NC}"
|
||||
echo -ne " - Nextcloud enable : "
|
||||
echo -ne "${GREEN}"
|
||||
ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i nextcloudEnabled | cut -c 18-30
|
||||
ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i nextcloudEnabled | cut -c 18-30
|
||||
echo -ne "${NC}"
|
||||
echo -e "${NC} ------------------------------------------------"
|
||||
printKazMsg " DETAILS DU COMPTE DANS LDAP ET PAHEKO"
|
||||
@@ -203,11 +207,11 @@ infoEmail() {
|
||||
echo -ne "${NC}"
|
||||
echo -n " - Quota Mail (Ldap) : "
|
||||
echo -ne "${GREEN}"
|
||||
ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i mailquota | cut -c 11-60
|
||||
ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i mailquota | cut -c 11-60
|
||||
echo -ne "${NC}"
|
||||
echo -n " - Quota Nextcloud (Ldap) : "
|
||||
echo -ne "${GREEN}"
|
||||
ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i nextcloudquota | cut -c 17-60
|
||||
ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i nextcloudquota | cut -c 17-60
|
||||
echo -ne "${NC}"
|
||||
echo -n " - Mail de secours (Paheko ): "
|
||||
echo -ne "${GREEN}"
|
||||
@@ -215,11 +219,11 @@ infoEmail() {
|
||||
echo -ne "${NC}"
|
||||
echo -n " - Mail de secours (Ldap): "
|
||||
echo -ne "${GREEN}"
|
||||
ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i maildeSecours | sed -e 's/mailDeSecours://'
|
||||
ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i maildeSecours | sed -e 's/mailDeSecours://'
|
||||
echo -ne "${NC}"
|
||||
echo -n " - Alias (Ldap) : "
|
||||
echo -ne "${GREEN}"
|
||||
LDAP_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i alias | cut -c 11-60)
|
||||
LDAP_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i alias | cut -c 11-60)
|
||||
echo -ne "${NC}"
|
||||
echo -ne "${GREEN}"
|
||||
for ldap_alias in ${LDAP_ALIAS}
|
||||
@@ -239,8 +243,8 @@ infoEmail() {
|
||||
echo "------------------------------------------------"
|
||||
echo " Alias : ${CHOIX_MAIL} "
|
||||
echo ""
|
||||
for INFOALIAS in $(ldapsearch -H ldap://${LDAP_IP} -x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
|
||||
-w "${ldap_LDAP_ADMIN_PASSWORD}" -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${CHOIX_MAIL}*))" mail \
|
||||
for INFOALIAS in $(ldapsearch -H ldap://${LDAP_IP} -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
|
||||
-w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${CHOIX_MAIL}*))" mail \
|
||||
| grep ^mail: | sed -e 's/^mail://')
|
||||
do
|
||||
echo -ne "=====> ${GREEN} "
|
||||
@@ -307,12 +311,12 @@ searchDestroy() {
|
||||
fi
|
||||
echo -e "${NC}"
|
||||
echo -e "Recherche de ${GREEN} ${REP_SEARCH_DESTROY} ${NC} dans nextcloud"
|
||||
USER_NEXTCLOUD_SUPPR=$(curl -s -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloud_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=${REP_SEARCH_DESTROY} | grep element | sed -s 's/[ \<\>\/]//g' | sed 's/element//g')
|
||||
USER_NEXTCLOUD_SUPPR=$(curl -s -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=${REP_SEARCH_DESTROY} | grep element | sed -s 's/[ \<\>\/]//g' | sed 's/element//g')
|
||||
if [ ! -z ${USER_NEXTCLOUD_SUPPR} ]
|
||||
then
|
||||
printKazMsg "le user trouvé est : ${USER_NEXTCLOUD_SUPPR}"
|
||||
echo -e "${RED} Suppresion de ${USER_NEXTCLOUD_SUPPR}"
|
||||
curl -H 'OCS-APIREQUEST: true' -X DELETE $httpProto://admin:$nextcloud_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users/${USER_NEXTCLOUD_SUPPR} >/dev/null 2>&1
|
||||
curl -H 'OCS-APIREQUEST: true' -X DELETE $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users/${USER_NEXTCLOUD_SUPPR} >/dev/null 2>&1
|
||||
if [ "$?" -eq "0" ]
|
||||
then
|
||||
printKazMsg "Suppresion ok"
|
||||
@@ -327,7 +331,7 @@ searchDestroy() {
|
||||
echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans la liste info de sympa"
|
||||
echo -e "${NC}"
|
||||
echo ""
|
||||
docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${REP_SEARCH_DESTROY}"
|
||||
docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${REP_SEARCH_DESTROY}"
|
||||
echo -e "${NC}"
|
||||
echo ""
|
||||
echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans le serveur de mail"
|
||||
@@ -344,7 +348,7 @@ searchDestroy() {
|
||||
echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans le ldap"
|
||||
echo -e "${NC}"
|
||||
echo ""
|
||||
ldapdelete -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" "cn=${REP_SEARCH_DESTROY},ou=users,${ldap_root}"
|
||||
ldapdelete -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" "cn=${REP_SEARCH_DESTROY},ou=users,${ldap_root}"
|
||||
if [ "$?" -eq "0" ]
|
||||
then
|
||||
printKazMsg "Suppresion ok"
|
||||
@@ -377,8 +381,8 @@ gestPassword() {
|
||||
# MAIL_SECOURS=$(jq .results[].email_secours $FICMAILSECOURS | sed -e 's/\"//g')
|
||||
|
||||
MAIL_SECOURS=$(ldapsearch -H ldap://${LDAP_IP} \
|
||||
-x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
|
||||
-w "${ldap_LDAP_ADMIN_PASSWORD}" \
|
||||
-x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
|
||||
-w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
|
||||
-b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=*${CHOIX_MAIL}*))" | grep ^mailDeSecours | sed -e 's/^mailDeSecours: //')
|
||||
if [ "$MAIL_SECOURS" = "" ]
|
||||
then
|
||||
@@ -405,19 +409,19 @@ gestPassword() {
|
||||
fi
|
||||
if [ "$SEARCH_RESET_INPUT" = "o" ] || [ "$SEARCH_RESET_INPUT" = "O" ]
|
||||
then
|
||||
USER_NEXTCLOUD_MODIF=$(curl -s -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloud_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=${COMPTE_A_MODIFIER} | grep element | sed -e 's/[ \<\>\/]//g' -e 's/element//g')
|
||||
USER_NEXTCLOUD_MODIF=$(curl -s -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=${COMPTE_A_MODIFIER} | grep element | sed -e 's/[ \<\>\/]//g' -e 's/element//g')
|
||||
echo -e "$GREEN Compte à modifier = $RED ${COMPTE_A_MODIFIER} ${NC}"
|
||||
echo -e "$GREEN Mail de secours = $RED ${MAIL_SECOURS} ${NC}"
|
||||
echo -e "$GREEN Compte $RED $(searchMattermost $COMPTE_A_MODIFIER) ${NC}"
|
||||
echo -e "$GREEN Compte Nextcloud $RED ${USER_NEXTCLOUD_MODIF} ${NC}"
|
||||
echo -e "$GREEN Le mot de passe sera = $RED ${PASSWORD} ${NC}"
|
||||
docker exec -ti mattermostServ bin/mmctl user change-password $(searchMattermost $COMPTE_A_MODIFIER) -p $PASSWORD >/dev/null 2>&1
|
||||
curl -H 'OCS-APIREQUEST: true' -X PUT $httpProto://admin:$nextcloud_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users/${USER_NEXTCLOUD_MODIF} -d key=password -d value=${PASSWORD} >/dev/null 2>&1
|
||||
curl -H 'OCS-APIREQUEST: true' -X PUT $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users/${USER_NEXTCLOUD_MODIF} -d key=password -d value=${PASSWORD} >/dev/null 2>&1
|
||||
pass=$(mkpasswd -m sha512crypt ${PASSWORD})
|
||||
echo -e "\n\ndn: cn=${COMPTE_A_MODIFIER},ou=users,${ldap_root}\n\
|
||||
changeType: modify\n\
|
||||
replace: userPassword\n\
|
||||
userPassword: {CRYPT}${pass}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}"
|
||||
userPassword: {CRYPT}${pass}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}"
|
||||
echo -e "Envoi d'un message dans mattermost pour la modification du mot de passe"
|
||||
docker exec -ti mattermostServ bin/mmctl post create kaz:Creation-Comptes --message "Le mot de passe du compte ${COMPTE_A_MODIFIER} a été modifié" >/dev/null 2>&1
|
||||
if [ $ADRESSE_SEC == "OUI" ]
|
||||
@@ -465,8 +469,8 @@ createMail() {
|
||||
if [[ ${EMAIL_SOUHAITE} =~ ${regexMail} ]]
|
||||
then
|
||||
ldapsearch -H ldap://${LDAP_IP} \
|
||||
-x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
|
||||
-w "${ldap_LDAP_ADMIN_PASSWORD}" \
|
||||
-x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
|
||||
-w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
|
||||
-b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=${EMAIL_SOUHAITE}))" cn | grep ^cn | sed -e 's/^cn: //' >$TFILE_EMAILS
|
||||
if grep -q "^${EMAIL_SOUHAITE}$" "${TFILE_EMAILS}"
|
||||
then
|
||||
@@ -564,7 +568,7 @@ nextcloudEnabled: ${TRUE_KAZ}\n\
|
||||
nextcloudQuota: ${QUOTA} GB\n\
|
||||
mobilizonEnabled: ${TRUE_KAZ}\n\
|
||||
agoraEnabled: ${TRUE_KAZ}\n\
|
||||
userPassword: {CRYPT}${LDAPPASS}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldap_LDAP_ADMIN_PASSWORD}" >${TFILE_CREATE_MAIL}
|
||||
userPassword: {CRYPT}${LDAPPASS}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}" >${TFILE_CREATE_MAIL}
|
||||
# on execute le fichier avec les données ldap pour créer l' entrée dans l' annuaire
|
||||
bash ${TFILE_CREATE_MAIL} >/dev/null
|
||||
# on colle le compte et le mot de passe dans le fichier
|
||||
@@ -610,12 +614,12 @@ createAlias() {
|
||||
if [[ ${AMAIL} =~ ${regexMail} ]]
|
||||
then
|
||||
RESU_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} \
|
||||
-x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
|
||||
-w "${ldap_LDAP_ADMIN_PASSWORD}" \
|
||||
-x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
|
||||
-w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
|
||||
-b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${AMAIL}*))" | grep ^cn | sed -e 's/^cn: //')
|
||||
RESU_ALIAS_IS_MAIL=$(ldapsearch -H ldap://${LDAP_IP} \
|
||||
-x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
|
||||
-w "${ldap_LDAP_ADMIN_PASSWORD}" \
|
||||
-x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
|
||||
-w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
|
||||
-b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=*${AMAIL}*))" cn | grep ^cn | sed -e 's/^cn: //')
|
||||
|
||||
if echo ${RESU_ALIAS} | grep -q "^${AMAIL}$" || echo ${RESU_ALIAS_IS_MAIL} | grep -q "^${AMAIL}$"
|
||||
@@ -690,7 +694,7 @@ changeType: add\n\
|
||||
objectClass: organizationalRole\n\
|
||||
objectClass: PostfixBookMailForward\n\
|
||||
mailAlias: ${AMAIL}\n\
|
||||
${LDAPALAISMAIL}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldap_LDAP_ADMIN_PASSWORD}
|
||||
${LDAPALAISMAIL}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}
|
||||
fait=1
|
||||
printKazMsg "Création de ${AMAIL}"
|
||||
sleep 3
|
||||
@@ -722,8 +726,8 @@ delAlias() {
|
||||
if [[ ${RALIAS} =~ ${regexMail} ]]
|
||||
then
|
||||
RESU_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} \
|
||||
-x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
|
||||
-w "${ldap_LDAP_ADMIN_PASSWORD}" \
|
||||
-x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
|
||||
-w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
|
||||
-b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=${RALIAS}))" cn | grep ^cn | sed -e 's/^cn: //')
|
||||
if [ ! -z ${RESU_ALIAS} ]
|
||||
then
|
||||
@@ -733,7 +737,7 @@ delAlias() {
|
||||
read -p "suppression de ${RESU_ALIAS} ? (o/n): " REPDELALIAS
|
||||
case "${REPDELALIAS}" in
|
||||
o | O )
|
||||
ldapdelete -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" "cn=${RESU_ALIAS},ou=mailForwardings,${ldap_root}"
|
||||
ldapdelete -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" "cn=${RESU_ALIAS},ou=mailForwardings,${ldap_root}"
|
||||
printKazMsg "suppression ${RESU_ALIAS} effectuée"
|
||||
sleep 2
|
||||
faitdel=1
|
||||
@@ -769,8 +773,8 @@ modifyAlias()
|
||||
ACHANGE=0
|
||||
searchEmail alias
|
||||
LISTE_MAIL_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} \
|
||||
-x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
|
||||
-w "${ldap_LDAP_ADMIN_PASSWORD}" \
|
||||
-x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
|
||||
-w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
|
||||
-b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${CHOIX_MAIL}*))" \
|
||||
| grep -i ^mail: | sed -e 's/^mail: /_/' | tr -d [:space:] | sed -s 's/_/ /g')
|
||||
echo "-------------------------------------------------------------------"
|
||||
@@ -845,8 +849,8 @@ modifyAlias()
|
||||
echo "mail: ${key}" >>${FIC_MODIF_LDIF}
|
||||
done
|
||||
echo "-" >>${FIC_MODIF_LDIF}
|
||||
ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
|
||||
-x -w ${ldap_LDAP_ADMIN_PASSWORD} \
|
||||
ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
|
||||
-x -w ${ldapServ_LDAP_ADMIN_PASSWORD} \
|
||||
-f ${FIC_MODIF_LDIF} >/dev/null
|
||||
else
|
||||
printKazMsg "Pas de changement"
|
||||
@@ -872,8 +876,8 @@ updateUser() {
|
||||
for attribut in mailDeSecours mailAlias mailQuota nextcloudQuota
|
||||
do
|
||||
ATTRIB+=([${attribut}]=$(ldapsearch -H ldap://${LDAP_IP} \
|
||||
-x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
|
||||
-w "${ldap_LDAP_ADMIN_PASSWORD}" \
|
||||
-x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
|
||||
-w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
|
||||
-b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=*${CHOIX_MAIL}*))" \
|
||||
| grep ^"${attribut}": | sed -e 's/^'${attribut}': //' | tr -s '[:space:]' ' ' ))
|
||||
# si l' attribut est mailDesecours on l' attrape et on on le stocke pour pouvoir l' enlever de sympa
|
||||
@@ -1056,15 +1060,15 @@ updateUser() {
|
||||
done
|
||||
cat ${FIC_MODIF_LDIF}
|
||||
sleep 3
|
||||
ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \
|
||||
-x -w ${ldap_LDAP_ADMIN_PASSWORD} \
|
||||
ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
|
||||
-x -w ${ldapServ_LDAP_ADMIN_PASSWORD} \
|
||||
-f ${FIC_MODIF_LDIF}
|
||||
if [ ! -z ${MAILDESECOURS} ]
|
||||
then
|
||||
# suppression du mail de secours de la liste infos
|
||||
docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${MAILDESECOURSACTUEL}"
|
||||
docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${MAILDESECOURSACTUEL}"
|
||||
# ajout de l' adresse de la nouvelle adresse de secours
|
||||
docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=add --service_parameters="${NL_LIST},${MAILDESECOURS}"
|
||||
docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=add --service_parameters="${NL_LIST},${MAILDESECOURS}"
|
||||
fi
|
||||
updateUser
|
||||
fi
|
||||
|
94
bin/getPasswords.sh
Executable file
94
bin/getPasswords.sh
Executable file
@@ -0,0 +1,94 @@
|
||||
#!/bin/bash
|
||||
#Ki: Gael
|
||||
#Kan: 2025
|
||||
#Koi: gestion mots de passe
|
||||
|
||||
KAZ_ROOT=/kaz
|
||||
|
||||
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
|
||||
QUIET=1
|
||||
|
||||
usage() {
|
||||
echo "getPasswords.sh [OPTIONS] [envname ...]
|
||||
Récupère les variables d'environnement présentes dans /kaz/secret/env-envname et crée des variables à partir de ces noms là.
|
||||
Les variables sont du type envname_NOMVARIABLE=valeur
|
||||
On peut passer plusieurs fichiers env, à partir du moment ou ils sont tous dans le même répertoire !
|
||||
OPTIONS
|
||||
-h|--help Cette aide :-)
|
||||
-n|--simu SIMULATION
|
||||
-d foldername prend les envfiles dans un sous dossier /kaz/secret/foldername/ (pour les orgas !)
|
||||
Les variables seront du type foldername-envname_NOMVARIABLE=valeur
|
||||
-e varname Affiche le contenu d'une variable en particulier
|
||||
"
|
||||
}
|
||||
|
||||
if [ ! -d "${KAZ_KEY_DIR}/tmp" ]; then
|
||||
mkdir "${KAZ_KEY_DIR}/tmp"
|
||||
fi
|
||||
|
||||
for ARG in "$@"; do
|
||||
if [ -n "${DIRECTORYARG}" ]; then # après un -d
|
||||
SUBDIRECTORY="${ARG}"
|
||||
unset DIRECTORYARG
|
||||
elif [ -n "${ECHOVARARG}" ]; then # après un -e
|
||||
VARTOECHO="${ARG}"
|
||||
unset ECHOVARARG
|
||||
QUIET="/dev/null" # pour ne pas avoir d'autres bruits ...
|
||||
else
|
||||
|
||||
case "${ARG}" in
|
||||
'-d' | '--directory' | '-f' | '--folder' | '--foldername')
|
||||
DIRECTORYARG="ON ATTEND UN REPERTOIRE APRES CA" ;;
|
||||
'-h' | '--help' )
|
||||
usage && exit ;;
|
||||
'-n' | '--simu')
|
||||
SIMU="echo" ;;
|
||||
'-e' | '--echo')
|
||||
ECHOVARARG="ON ATTEND UNE UN NOM DE VARIABLE APRES CA" ;;
|
||||
'-q' )
|
||||
QUIET="/dev/null" ;;
|
||||
*)
|
||||
ENVFILES="${ENVFILES} ${ARG%}";;
|
||||
esac
|
||||
fi
|
||||
done
|
||||
|
||||
getVars () {
|
||||
# $1 : filename
|
||||
grep "^[^#]*=" $1 | sed 's/\([^=]*\).*/\1/' | sort -u
|
||||
}
|
||||
|
||||
NB_FILES=$(echo "${ENVFILES}" | wc -w )
|
||||
|
||||
if [[ $NB_FILES = 0 ]]; then
|
||||
usage
|
||||
exit 1
|
||||
fi
|
||||
|
||||
for ENVFILE in $ENVFILES; do
|
||||
FILENAME="$KAZ_KEY_DIR/env-$ENVFILE"
|
||||
VARSUFFIX="$ENVFILE"_
|
||||
if [ -n "${SUBDIRECTORY}" ]; then
|
||||
FILENAME="$KAZ_KEY_DIR/orgas/$SUBDIRECTORY/env-$ENVFILE"
|
||||
VARSUFFIX="${SUBDIRECTORY}-${ENVFILE}_"
|
||||
fi
|
||||
|
||||
if ! [ -f "$FILENAME" ]; then
|
||||
echo "$FILENAME does not exist." >& $QUIET
|
||||
continue
|
||||
fi
|
||||
|
||||
. $FILENAME # on récupère les variables
|
||||
vars=$(getVars $FILENAME)
|
||||
for var in $vars; do
|
||||
$SIMU declare $VARSUFFIX$var=${!var}
|
||||
unset $var
|
||||
done
|
||||
unset FILENAME VARSUFFIX vars
|
||||
done
|
||||
|
||||
if [ -n "$VARTOECHO" ]; then
|
||||
echo ${!VARTOECHO}
|
||||
fi
|
||||
|
||||
unset ENVFILES KAZ_ROOT SUBDIRECTORY SIMU QUIET NB_FILES VARTOECHO
|
@@ -214,7 +214,6 @@ fi
|
||||
|
||||
if [ ! -d "${KAZ_ROOT}/secret" ]; then
|
||||
rsync -a "${KAZ_ROOT}/secret.tmpl/" "${KAZ_ROOT}/secret/"
|
||||
. "${KAZ_ROOT}/secret/SetAllPass.sh"
|
||||
"${KAZ_BIN_DIR}/secretGen.sh"
|
||||
"${KAZ_BIN_DIR}/updateDockerPassword.sh"
|
||||
"${KAZ_BIN_DIR}/createDBUsers.sh"
|
||||
fi
|
||||
|
@@ -6,7 +6,8 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
|
||||
setKazVars
|
||||
|
||||
. $DOCKERS_ENV
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
|
||||
. $KAZ_BIN_DIR/getPasswords.sh paheko
|
||||
|
||||
URL_PAHEKO="$httpProto://${paheko_API_USER}:${paheko_API_PASSWORD}@kaz-paheko.$(echo $domain)"
|
||||
|
||||
|
@@ -7,6 +7,5 @@ setKazVars
|
||||
FILE_LDIF=/home/sauve/ldap.ldif
|
||||
|
||||
. $DOCKERS_ENV
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
|
||||
docker exec -u 0 -i ${ldapServName} slapcat -F /opt/bitnami/openldap/etc/slapd.d -b ${ldap_root} | gzip >${FILE_LDIF}.gz
|
||||
|
@@ -5,7 +5,7 @@ KAZ_ROOT=/kaz
|
||||
setKazVars
|
||||
|
||||
. $DOCKERS_ENV
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
. $KAZ_BIN_DIR/getPasswords.sh ldapServ
|
||||
|
||||
LDAP_IP=$(docker inspect -f '{{.NetworkSettings.Networks.ldapNet.IPAddress}}' ldapServ)
|
||||
|
||||
@@ -20,4 +20,4 @@ EDITOR=${EDITOR:-vi}
|
||||
EDITOR=${EDITOR:-vi}
|
||||
export EDITOR=${EDITOR}
|
||||
|
||||
ldapvi -h $LDAP_IP -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -w ${ldap_LDAP_ADMIN_PASSWORD} --discover
|
||||
ldapvi -h $LDAP_IP -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -w ${ldapServ_LDAP_ADMIN_PASSWORD} --discover
|
||||
|
@@ -8,7 +8,7 @@ KAZ_ROOT=/kaz
|
||||
setKazVars
|
||||
|
||||
. $DOCKERS_ENV
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
. $KAZ_BIN_DIR/getPasswords.sh ldapServ paheko
|
||||
|
||||
ACCOUNTS=/kaz/dockers/postfix/config/postfix-accounts.cf
|
||||
|
||||
@@ -126,7 +126,7 @@ replace: agoraEnabled\n\
|
||||
agoraEnabled: TRUE\n\
|
||||
-\n\
|
||||
replace: mobilizonEnabled\n\
|
||||
mobilizonEnabled: TRUE\n\n" | tee /tmp/ldap/${mail}.ldif | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldap_LDAP_ADMIN_PASSWORD}
|
||||
mobilizonEnabled: TRUE\n\n" | tee /tmp/ldap/${mail}.ldif | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}
|
||||
done
|
||||
|
||||
#replace: nextcloudEnabled\n\
|
||||
@@ -164,7 +164,7 @@ do
|
||||
echo -e "dn: cn=${mail},ou=users,${ldap_root}\n\
|
||||
changeType: modify
|
||||
replace: mailAlias\n\
|
||||
$LIST\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldap_LDAP_ADMIN_PASSWORD}
|
||||
$LIST\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}
|
||||
else
|
||||
echo "Alias vers un mail externe, go fichier"
|
||||
echo $line >> ${ALIASES_WITHLDAP}
|
||||
@@ -185,7 +185,7 @@ replace: mailAlias\n\
|
||||
mailAlias: ${src}\n\
|
||||
-\n\
|
||||
replace: mail\n\
|
||||
mail: ${dst}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldap_LDAP_ADMIN_PASSWORD}
|
||||
mail: ${dst}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}
|
||||
fi
|
||||
else
|
||||
echo "Forward vers plusieurs adresses, on met dans le fichier"
|
||||
@@ -215,7 +215,7 @@ replace: mailAlias\n\
|
||||
mailAlias: ${src}\n\
|
||||
-\n\
|
||||
replace: mail\n\
|
||||
${LIST}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldap_LDAP_ADMIN_PASSWORD}
|
||||
${LIST}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}
|
||||
|
||||
fi
|
||||
done
|
||||
|
@@ -5,16 +5,16 @@ KAZ_ROOT=/kaz
|
||||
setKazVars
|
||||
|
||||
. $DOCKERS_ENV
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
. $KAZ_BIN_DIR/getPasswords.sh ldapServ nextcloudDB
|
||||
|
||||
LDAP_IP=$(docker inspect -f '{{.NetworkSettings.Networks.ldapNet.IPAddress}}' ldapServ)
|
||||
|
||||
docker exec -i nextcloudDB mysql --user=${nextcloud_MYSQL_USER} --password=${nextcloud_MYSQL_PASSWORD} ${nextcloud_MYSQL_DATABASE} <<< "select uid from oc_users;" > /tmp/nc_users.txt
|
||||
docker exec -i nextcloudDB mysql --user=${nextcloudDB_MYSQL_USER} --password=${nextcloudDB_MYSQL_PASSWORD} ${nextcloudDB_MYSQL_DATABASE} <<< "select uid from oc_users;" > /tmp/nc_users.txt
|
||||
|
||||
OLDIFS=${IFS}
|
||||
IFS=$'\n'
|
||||
for line in `cat /tmp/nc_users.txt`; do
|
||||
result=$(ldapsearch -h $LDAP_IP -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -w ${ldap_LDAP_ADMIN_PASSWORD} -b $ldap_root -x "(identifiantKaz=${line})" | grep numEntries)
|
||||
result=$(ldapsearch -h $LDAP_IP -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -w ${ldapServ_LDAP_ADMIN_PASSWORD} -b $ldap_root -x "(identifiantKaz=${line})" | grep numEntries)
|
||||
echo "${line} ${result}" | grep -v "numEntries: 1" | grep -v "^uid"
|
||||
done
|
||||
IFS=${OLDIFS}
|
||||
|
@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
|
||||
. $KAZ_ROOT/bin/.commonFunctions.sh
|
||||
setKazVars
|
||||
. $DOCKERS_ENV
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
|
||||
#GLOBAL VARS
|
||||
PRG=$(basename $0)
|
||||
@@ -83,7 +82,8 @@ Init(){
|
||||
[ $? -ne 0 ] && printKazError "$DockerServName ne parvient pas à démarrer correctement : impossible de terminer l'install" && return 1 >& $QUIET
|
||||
|
||||
# creation compte admin
|
||||
${SIMU} curl -i -d "{\"email\":\"${mattermost_MM_ADMIN_EMAIL}\",\"username\":\"${mattermost_user}\",\"password\":\"${mattermost_pass}\",\"allow_marketing\":true}" "${MATTER_URL}/api/v4/users"
|
||||
_getPasswords
|
||||
${SIMU} curl -i -d "{\"email\":\"${mattermostServ_MM_ADMIN_EMAIL}\",\"username\":\"${mattermost_user}\",\"password\":\"${mattermost_pass}\",\"allow_marketing\":true}" "${MATTER_URL}/api/v4/users"
|
||||
|
||||
MM_TOKEN=$(_getMMToken ${MATTER_URL})
|
||||
|
||||
@@ -98,12 +98,13 @@ Version(){
|
||||
|
||||
_getMMToken(){
|
||||
#$1 MATTER_URL
|
||||
_getPasswords
|
||||
${SIMU} curl -i -s -d "{\"login_id\":\"${mattermost_user}\",\"password\":\"${mattermost_pass}\"}" "${1}/api/v4/users/login" | grep 'token' | sed 's/token:\s*\(.*\)\s*/\1/' | tr -d '\r'
|
||||
}
|
||||
|
||||
PostMessage(){
|
||||
printKazMsg "Envoi à $TEAM : $MESSAGE" >& $QUIET
|
||||
|
||||
_getPasswords
|
||||
${SIMU} docker exec -ti "${DockerServName}" bin/mmctl auth login "${MATTER_URL}" --name local-server --username ${mattermost_user} --password ${mattermost_pass}
|
||||
${SIMU} docker exec -ti "${DockerServName}" bin/mmctl post create "${TEAM}" --message "${MESSAGE}"
|
||||
}
|
||||
@@ -113,6 +114,16 @@ MmctlCommand(){
|
||||
${SIMU} docker exec -u 33 "$DockerServName" bin/mmctl $1
|
||||
}
|
||||
|
||||
_getPasswords(){
|
||||
# récupération des infos du compte admin
|
||||
if [ -n "$AGORACOMMUN" ] ; then
|
||||
. $KAZ_KEY_DIR/env-mattermostAdmin
|
||||
. $KAZ_BIN_DIR/getPasswords.sh mattermostServ
|
||||
else
|
||||
. $KAZ_KEY_DIR/orgas/${ORGA}/env-mattermostAdmin
|
||||
. $KAZ_BIN_DIR/getPasswords.sh -d ${ORGA} mattermostServ
|
||||
fi
|
||||
}
|
||||
|
||||
########## Main #################
|
||||
for ARG in "$@"; do
|
||||
|
@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
|
||||
. $KAZ_ROOT/bin/.commonFunctions.sh
|
||||
setKazVars
|
||||
. $DOCKERS_ENV
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
|
||||
#GLOBAL VARS
|
||||
PRG=$(basename $0)
|
||||
@@ -63,11 +62,12 @@ Init(){
|
||||
cookies=$(curl -c - ${POD_URL})
|
||||
CSRF_TOKEN=$(curl --cookie <(echo "$cookies") ${POD_URL}/cp-install | grep "csrf_test_name" | sed "s/.*value=.//" | sed "s/.>//")
|
||||
|
||||
_getPasswords
|
||||
#echo ${CSRF_TOKEN}
|
||||
${SIMU} curl --cookie <(echo "$cookies") -X POST \
|
||||
-d "username=${castopod_ADMIN_USER}" \
|
||||
-d "password=${castopod_ADMIN_PASSWORD}" \
|
||||
-d "email=${castopod_ADMIN_MAIL}" \
|
||||
-d "username=${ADMIN_USER}" \
|
||||
-d "password=${ADMIN_PASSWORD}" \
|
||||
-d "email=${ADMIN_MAIL}" \
|
||||
-d "csrf_test_name=${CSRF_TOKEN}" \
|
||||
"${POD_URL}/cp-install/create-superadmin"
|
||||
|
||||
@@ -78,7 +78,13 @@ Version(){
|
||||
echo "Version $DockerServName : ${GREEN}${VERSION}${NC}"
|
||||
}
|
||||
|
||||
|
||||
_getPasswords(){
|
||||
if [ -n "$CASTOPOD_COMMUN" ]; then
|
||||
. $KAZ_KEY_DIR/env-castopodAdmin
|
||||
else
|
||||
. $KAZ_KEY_DIR/orgas/$ORGA/env-castopodAdmin
|
||||
fi
|
||||
}
|
||||
|
||||
########## Main #################
|
||||
for ARG in "$@"; do
|
||||
|
@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
|
||||
. $KAZ_ROOT/bin/.commonFunctions.sh
|
||||
setKazVars
|
||||
. $DOCKERS_ENV
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
|
||||
#GLOBAL VARS
|
||||
PRG=$(basename $0)
|
||||
@@ -32,7 +31,7 @@ OPTIONS
|
||||
-n|--simu SIMULATION
|
||||
-q|--quiet On ne parle pas (utile avec le -n pour avoir que les commandes)
|
||||
--nas L'orga se trouve sur le NAS !
|
||||
|
||||
|
||||
COMMANDES (on peut en mettre plusieurs dans l'ordre souhaité)
|
||||
-I|--install L'initialisation du cloud
|
||||
-v|--version Donne la version du cloud et signale les MàJ
|
||||
@@ -75,7 +74,7 @@ Init(){
|
||||
CONF_FILE="${NAS_VOL}/orga_${ORGA}-cloudConfig/_data/config.php"
|
||||
fi
|
||||
|
||||
firstInstall "$CLOUD_URL" "$CONF_FILE" " NextCloud de $NOM"
|
||||
firstInstall "$CLOUD_URL" "$CONF_FILE" "$NOM"
|
||||
updatePhpConf "$CONF_FILE"
|
||||
InstallApplis
|
||||
echo "${CYAN} *** Paramétrage richdocuments pour $ORGA${NC}" >& $QUIET
|
||||
@@ -100,25 +99,38 @@ firstInstall(){
|
||||
# $2 phpConfFile
|
||||
# $3 orga
|
||||
if ! grep -q "'installed' => true," "$2" 2> /dev/null; then
|
||||
printKazMsg "\n *** Premier lancement de $3" >& $QUIET
|
||||
|
||||
printKazMsg "\n *** Premier lancement nextcloud $3" >& $QUIET
|
||||
_getPasswords
|
||||
|
||||
${SIMU} waitUrl "$1"
|
||||
|
||||
${SIMU} curl -X POST \
|
||||
-d "install=true" \
|
||||
-d "adminlogin=${nextcloud_NEXTCLOUD_ADMIN_USER}" \
|
||||
-d "adminpass=${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}" \
|
||||
-d "adminlogin=${NEXTCLOUD_ADMIN_USER}" \
|
||||
-d "adminpass=${NEXTCLOUD_ADMIN_PASSWORD}" \
|
||||
-d "directory=/var/www/html/data" \
|
||||
-d "dbtype=mysql" \
|
||||
-d "dbuser=${nextcloud_MYSQL_USER}" \
|
||||
-d "dbpass=${nextcloud_MYSQL_PASSWORD}" \
|
||||
-d "dbname=${nextcloud_MYSQL_DATABASE}" \
|
||||
-d "dbhost=${nextcloud_MYSQL_HOST}" \
|
||||
-d "dbuser=${MYSQL_USER}" \
|
||||
-d "dbpass=${MYSQL_PASSWORD}" \
|
||||
-d "dbname=${MYSQL_DATABASE}" \
|
||||
-d "dbhost=${MYSQL_HOST}" \
|
||||
-d "install-recommended-apps=true" \
|
||||
"$1"
|
||||
fi
|
||||
}
|
||||
|
||||
_getPasswords(){
|
||||
if [ -n "$CLOUDCOMMUN" ]; then
|
||||
. $KAZ_KEY_DIR/env-nextcloudServ
|
||||
. $KAZ_KEY_DIR/env-nextcloudDB
|
||||
else
|
||||
. $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudServ
|
||||
. $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudDB
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
setOfficeUrl(){
|
||||
# Did le 25 mars les offices sont tous normalisé sur les serveurs https://${site}-${officeHost}.${domain}
|
||||
#OFFICE_URL="https://${officeHost}.${domain}"
|
||||
@@ -131,13 +143,14 @@ setOfficeUrl(){
|
||||
}
|
||||
|
||||
initLdap(){
|
||||
. $KAZ_BIN_DIR/getPasswords.sh ldapServ
|
||||
# $1 Nom du cloud
|
||||
echo "${CYAN} *** Installation LDAP pour $1${NC}" >& $QUIET
|
||||
occCommand "app:enable user_ldap" "${DockerServName}"
|
||||
occCommand "ldap:delete-config s01" "${DockerServName}"
|
||||
occCommand "ldap:create-empty-config" "${DockerServName}"
|
||||
occCommand "ldap:set-config s01 ldapAgentName cn=cloud,ou=applications,${ldap_root}" "${DockerServName}"
|
||||
occCommand "ldap:set-config s01 ldapAgentPassword ${ldap_LDAP_CLOUD_PASSWORD}" "${DockerServName}"
|
||||
occCommand "ldap:set-config s01 ldapAgentPassword ${ldapServ_LDAP_CLOUD_PASSWORD}" "${DockerServName}"
|
||||
occCommand "ldap:set-config s01 ldapBase ${ldap_root}" "${DockerServName}"
|
||||
occCommand "ldap:set-config s01 ldapBaseGroups ${ldap_root}" "${DockerServName}"
|
||||
occCommand "ldap:set-config s01 ldapBaseUsers ou=users,${ldap_root}" "${DockerServName}"
|
||||
|
@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
|
||||
. $KAZ_ROOT/bin/.commonFunctions.sh
|
||||
setKazVars
|
||||
. $DOCKERS_ENV
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
|
||||
#GLOBAL VARS
|
||||
PRG=$(basename $0)
|
||||
@@ -55,15 +54,7 @@ Init(){
|
||||
PLG_DIR="${VOL_PREFIX}wikiPlugins/_data"
|
||||
CONF_DIR="${VOL_PREFIX}wikiConf/_data"
|
||||
|
||||
# Gael, j'avais ajouté ça mais j'ai pas test alors je laisse comme avant ...
|
||||
# A charge au prochain qui monte un wiki de faire qque chose
|
||||
#WIKI_ROOT="${dokuwiki_WIKI_ROOT}"
|
||||
#WIKI_EMAIL="${dokuwiki_WIKI_EMAIL}"
|
||||
#WIKI_PASS="${dokuwiki_WIKI_PASSWORD}"
|
||||
|
||||
WIKI_ROOT=Kaz
|
||||
WIKI_EMAIL=wiki@kaz.local
|
||||
WIKI_PASS=azerty
|
||||
. $KAZ_BIN_DIR/getPasswords.sh dokuwiki
|
||||
|
||||
${SIMU} checkDockerRunning "${DockerServName}" "${NOM}" || exit
|
||||
|
||||
@@ -77,11 +68,11 @@ Init(){
|
||||
-d "l=fr" \
|
||||
-d "d[title]=${NOM}" \
|
||||
-d "d[acl]=true" \
|
||||
-d "d[superuser]=${WIKI_ROOT}" \
|
||||
-d "d[superuser]=${dokuwiki_WIKI_ROOT}" \
|
||||
-d "d[fullname]=Admin"\
|
||||
-d "d[email]=${WIKI_EMAIL}" \
|
||||
-d "d[password]=${WIKI_PASS}" \
|
||||
-d "d[confirm]=${WIKI_PASS}" \
|
||||
-d "d[email]=${dokuwiki_WIKI_EMAIL}" \
|
||||
-d "d[password]=${dokuwiki_WIKI_PASSWORD}" \
|
||||
-d "d[confirm]=${dokuwiki_WIKI_PASSWORD}" \
|
||||
-d "d[policy]=1" \
|
||||
-d "d[allowreg]=false" \
|
||||
-d "d[license]=0" \
|
||||
|
@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
|
||||
. $KAZ_ROOT/bin/.commonFunctions.sh
|
||||
setKazVars
|
||||
. $DOCKERS_ENV
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
|
||||
#GLOBAL VARS
|
||||
PRG=$(basename $0)
|
||||
@@ -61,11 +60,11 @@ Init(){
|
||||
echo "\n *** Premier lancement de WP" >& $QUIET
|
||||
|
||||
${SIMU} waitUrl "${WP_URL}"
|
||||
|
||||
. $KAZ_BIN_DIR/getPasswords.sh wpServ
|
||||
${SIMU} curl -X POST \
|
||||
-d "user_name=${wp_WORDPRESS_ADMIN_USER}" \
|
||||
-d "admin_password=${wp_WORDPRESS_ADMIN_PASSWORD}" \
|
||||
-d "admin_password2=${wp_WORDPRESS_ADMIN_PASSWORD}" \
|
||||
-d "user_name=${wpServ_WORDPRESS_ADMIN_USER}" \
|
||||
-d "admin_password=${wpServ_WORDPRESS_ADMIN_PASSWORD}" \
|
||||
-d "admin_password2=${wpServ_WORDPRESS_ADMIN_PASSWORD}" \
|
||||
-d "pw_weak=true" \
|
||||
-d "admin_email=admin@kaz.bzh" \
|
||||
-d "blog_public=0" \
|
||||
|
68
bin/migGestionMotsDePasse.sh
Normal file
68
bin/migGestionMotsDePasse.sh
Normal file
@@ -0,0 +1,68 @@
|
||||
#!/bin/bash
|
||||
|
||||
KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
|
||||
. $KAZ_ROOT/bin/.commonFunctions.sh
|
||||
setKazVars
|
||||
. $DOCKERS_ENV
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
|
||||
newenvfile=$KAZ_KEY_DIR/env-mattermostAdmin
|
||||
touch $newenvfile
|
||||
echo "mattermost_user=$mattermost_user" >> $newenvfile
|
||||
echo "mattermost_pass=$mattermost_pass" >> $newenvfile
|
||||
echo "mattermost_token=$mattermost_token" >> $newenvfile
|
||||
|
||||
|
||||
echo "EMAIL_CONTACT=$EMAIL_CONTACT" >> $DOCKERS_ENV
|
||||
|
||||
|
||||
newenvfile=$KAZ_KEY_DIR/env-paheko
|
||||
touch $newenvfile
|
||||
echo "API_USER=$paheko_API_USER" >> $newenvfile
|
||||
echo "API_PASSWORD=$paheko_API_PASSWORD" >> $newenvfile
|
||||
|
||||
|
||||
|
||||
newenvfile=$KAZ_KEY_DIR/env-mail
|
||||
touch $newenvfile
|
||||
echo "service_mail=$service_mail" >> $newenvfile
|
||||
echo "service_password=$service_password" >> $newenvfile
|
||||
|
||||
|
||||
newenvfile=$KAZ_KEY_DIR/env-borg
|
||||
# touch $newenvfile à priori il existe déjà
|
||||
echo "BORG_REPO=$BORG_REPO" >> $newenvfile
|
||||
echo "BORG_PASSPHRASE=$BORG_PASSPHRASE" >> $newenvfile
|
||||
echo "VOLUME_SAUVEGARDES=$VOLUME_SAUVEGARDES" >> $newenvfile
|
||||
echo "MAIL_RAPPORT=$MAIL_RAPPORT" >> $newenvfile
|
||||
echo "BORGMOUNT=$BORGMOUNT" >> $newenvfile
|
||||
|
||||
|
||||
newenvfile=$KAZ_KEY_DIR/env-traefik
|
||||
touch $newenvfile
|
||||
echo "DASHBOARD_USER=$traefik_DASHBOARD_USER" >> $newenvfile
|
||||
echo "DASHBOARD_PASSWORD=$traefik_DASHBOARD_PASSWORD" >> $newenvfile
|
||||
|
||||
|
||||
|
||||
#####################
|
||||
# Castopod
|
||||
# A COPIER DANS UN FICHIER DE CONF !! castopodAdmin
|
||||
|
||||
newenvfile=$KAZ_KEY_DIR/env-castopodAdmin
|
||||
touch $newenvfile
|
||||
echo "ADMIN_USER=$castopod_ADMIN_USER" >> $newenvfile
|
||||
echo "ADMIN_MAIL=$castopod_ADMIN_MAIL" >> $newenvfile
|
||||
echo "ADMIN_PASSWORD=$castopod_ADMIN_PASSWORD" >> $newenvfile
|
||||
|
||||
|
||||
# creation dossier pour les env des orgas
|
||||
mkdir $KAZ_KEY_DIR/orgas
|
||||
orgasLong=($(getList "${KAZ_CONF_DIR}/container-orga.list"))
|
||||
ORGAS=${orgasLong[*]//-orga/}
|
||||
for orga in ${ORGAS};do
|
||||
mkdir $KAZ_KEY_DIR/orgas/$orga
|
||||
cp $KAZ_KEY_DIR/env-{castopod{Admin,DB,Serv},mattermost{DB,Serv},nextcloud{DB,Serv},spip{DB,Serv},wp{DB,Serv}} $KAZ_KEY_DIR/orgas/$orga
|
||||
done
|
||||
|
||||
echo "C'est parfait, vous pouvez git pull puis supprimer SetAllPass.sh"
|
@@ -9,7 +9,6 @@ KAZ_ROOT=$(cd "$(dirname $0)/.."; pwd)
|
||||
setKazVars
|
||||
|
||||
. $DOCKERS_ENV
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
. $KAZ_ROOT/secret/env-kaz
|
||||
|
||||
|
||||
@@ -133,6 +132,7 @@ for orgaLong in ${Orgas}; do
|
||||
${SIMU} rsync -aAhHX --info=progress2 --delete "${DOCK_VOL_PAHEKO_ORGA}/${orgaCourt}" -e "ssh -p 2201" root@${SITE_DST}.${domain}:"${DOCK_VOL_PAHEKO_ORGA}/"
|
||||
fi
|
||||
${SIMU} rsync -aAhHX --info=progress2 --delete ${KAZ_COMP_DIR}/${orgaLong} -e "ssh -p 2201" root@${SITE_DST}.${domain}:${KAZ_COMP_DIR}/
|
||||
${SIMU} rsync -aAhHX --info=progress2 --delete ${KAZ_KEY_DIR}/orgas/${orgaCourt} -e "ssh -p 2201" root@${SITE_DST}.${domain}:${KAZ_KEY_DIR}/orgas/${orgaCourt}
|
||||
${SIMU} ssh -p 2201 root@${SITE_DST}.${domain} "grep -q '^${orgaLong}\$' /kaz/config/container-orga.list || echo ${orgaLong} >> /kaz/config/container-orga.list"
|
||||
${SIMU} ssh -p 2201 root@${SITE_DST}.${domain} ${KAZ_COMP_DIR}/${orgaLong}/init-volume.sh
|
||||
|
||||
|
@@ -20,8 +20,7 @@ ${SIMU} "${CV1}" stop orga
|
||||
${SIMU} "${CV1}" stop
|
||||
|
||||
${SIMU} rsync "${EV1}/dockers.env" "${EV2}/"
|
||||
${SIMU} rsync "${SV1}/SetAllPass.sh" "${SV2}/"
|
||||
${SIMU} "${BV2}/updateDockerPassword.sh"
|
||||
${SIMU} rsync "${SV1}/" "${SV2}/"
|
||||
|
||||
# XXX ? rsync /kaz/secret/allow_admin_ip /kaz-git/secret/allow_admin_ip
|
||||
|
||||
|
@@ -4,12 +4,12 @@ KAZ_ROOT=/kaz
|
||||
. $KAZ_ROOT/bin/.commonFunctions.sh
|
||||
setKazVars
|
||||
. $DOCKERS_ENV
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
|
||||
URL_AGORA=https://$matterHost.$domain/api/v4
|
||||
EQUIPE=kaz
|
||||
|
||||
PostMattermost() {
|
||||
. $KAZ_KEY_DIR/env-mattermostAdmin
|
||||
PostM=$1
|
||||
CHANNEL=$2
|
||||
TEAMID=$(curl -s -H "Authorization: Bearer ${mattermost_token}" "${URL_AGORA}/teams/name/${EQUIPE}" | jq .id | sed -e 's/"//g')
|
||||
|
@@ -6,7 +6,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
|
||||
setKazVars
|
||||
|
||||
. $DOCKERS_ENV
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
|
||||
URL_AGORA=$(echo $matterHost).$(echo $domain)
|
||||
MAX_QUEUE=50
|
||||
@@ -15,6 +14,8 @@ OLDIFS=$IFS
|
||||
IFS=" "
|
||||
COUNT_MAILQ=$(docker exec -t mailServ mailq | tail -n1 | gawk '{print $5}')
|
||||
|
||||
# récupération mots de passes
|
||||
. $KAZ_KEY_DIR/env-mattermostAdmin
|
||||
docker exec ${mattermostServName} bin/mmctl --suppress-warnings auth login $httpProto://$URL_AGORA --name local-server --username $mattermost_user --password $mattermost_pass >/dev/null 2>&1
|
||||
|
||||
if [ "${COUNT_MAILQ}" -gt "${MAX_QUEUE}" ]; then
|
||||
|
@@ -17,7 +17,7 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
|
||||
. $KAZ_ROOT/bin/.commonFunctions.sh
|
||||
setKazVars
|
||||
. $DOCKERS_ENV
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
. $KAZ_BIN_DIR/getPasswords.sh borg
|
||||
|
||||
VERSION="V-10-03-2025"
|
||||
PRG=$(basename $0)
|
||||
|
167
bin/secretGen.sh
167
bin/secretGen.sh
@@ -3,70 +3,137 @@
|
||||
KAZ_ROOT=$(cd "$(dirname $0)/.."; pwd)
|
||||
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
|
||||
setKazVars
|
||||
. $DOCKERS_ENV
|
||||
|
||||
cd "${KAZ_ROOT}"
|
||||
|
||||
NEW_DIR="secret"
|
||||
TMPL_DIR="secret.tmpl"
|
||||
SORTIESTANDARD=1
|
||||
DIR=$KAZ_KEY_DIR
|
||||
ORGA=
|
||||
|
||||
if [ ! -d "${NEW_DIR}/" ]; then
|
||||
rsync -a "${TMPL_DIR}/" "${NEW_DIR}/"
|
||||
fi
|
||||
|
||||
NEW_FILE="${NEW_DIR}/SetAllPass-new.sh"
|
||||
TMPL_FILE="${NEW_DIR}/SetAllPass.sh"
|
||||
usage() {
|
||||
echo "${PRG} [OPTIONS] [filename ...]
|
||||
# PARCOURE LES ENV FILE ET REMPLIT LES --clean_val-- qui n'ont pas été complétés.
|
||||
on cherche des
|
||||
@@pass@@***@@p@@ -> on génère un mot de passe 16car (les *** permettent d'identifier le mot de passe, s'il doit être utilisé ailleurs)
|
||||
@@db@@***@@d@@ -> on génère une base de données (pareil identifié par ***)
|
||||
@@user@@***@@u@@ -> on génère un user
|
||||
@@token@@***@@t@@ -> on génère un token
|
||||
@@globalvar@@***@@gv@@ -> on cherche la variable globale ***
|
||||
@@crossvar@@envname_varname@@cv@@ -> on retrouve la variable dans les envfiles
|
||||
|
||||
while read line ; do
|
||||
if [[ "${line}" =~ ^# ]] || [ -z "${line}" ] ; then
|
||||
echo "${line}"
|
||||
continue
|
||||
fi
|
||||
if [[ "${line}" =~ "--clean_val--" ]] ; then
|
||||
case "${line}" in
|
||||
*jirafeau_DATA_DIR*)
|
||||
JIRAFEAU_DIR=$(getValInFile "${DOCKERS_ENV}" "jirafeauDir")
|
||||
[ -z "${JIRAFEAU_DIR}" ] &&
|
||||
echo "${line}" ||
|
||||
sed "s%\(.*\)--clean_val--\(.*\)%\1${JIRAFEAU_DIR}\2%" <<< ${line}
|
||||
continue
|
||||
;;
|
||||
*DATABASE*|*DB_NAME*)
|
||||
dbName="$(sed "s/\([^_]*\)_.*/\1/" <<< ${line})_$(apg -n 1 -m 2 -M NCL | cut -c 1-2)"
|
||||
sed "s/\(.*\)--clean_val--\(.*\)/\1${dbName}\2/" <<< ${line}
|
||||
continue
|
||||
;;
|
||||
*ROOT_PASSWORD*|*PASSWORD*|*SECRET*)
|
||||
pass="$(apg -n 1 -m 16 -M NCL)"
|
||||
sed "s/\(.*\)--clean_val--\(.*\)/\1${pass}\2/" <<< ${line}
|
||||
continue
|
||||
;;
|
||||
*USER*)
|
||||
user="$(sed "s/\([^_]*\)_.*/\1/" <<< ${line})_$(apg -n 1 -m 2 -M NCL | cut -c 1-2)"
|
||||
sed "s/\(.*\)--clean_val--\(.*\)/\1${user}\2/" <<< ${line}
|
||||
continue
|
||||
;;
|
||||
*RAIN_LOOP*|*office_password*|*mattermost_*|*sympa_*|*gitea_*)
|
||||
pass="$(apg -n 1 -m 16 -M NCL)"
|
||||
sed "s/\(.*\)--clean_val--\(.*\)/\1${pass}\2/" <<< ${line}
|
||||
continue
|
||||
;;
|
||||
*vaultwarden_ADMIN_TOKEN*)
|
||||
pass="$(apg -n 1 -m 32 -M NCL)"
|
||||
sed "s/\(.*\)--clean_val--\(.*\)/\1${pass}\2/" <<< ${line}
|
||||
continue
|
||||
;;
|
||||
esac
|
||||
Si on précise des fichiers, alors il ne remplace que dans ceux là (et on "lie" les clean-val ensemble !!!)
|
||||
OPTIONS
|
||||
-h|--help Cette aide :-)
|
||||
-n|--simu SIMULATION
|
||||
-q|--quiet Sans bruits de fond
|
||||
-d foldername prend les envfiles dans un sous dossier /kaz/secret/orgas/foldername/ (pour les orgas !)
|
||||
-
|
||||
|
||||
"
|
||||
}
|
||||
|
||||
for ARG in "$@"; do
|
||||
if [ -n "${DIRECTORYARG}" ]; then # après un -d
|
||||
DIR=$KAZ_KEY_DIR/orgas/${ARG}
|
||||
ORGA=${ARG}
|
||||
DIRECTORYARG=
|
||||
else
|
||||
echo "${line}"
|
||||
continue
|
||||
|
||||
case "${ARG}" in
|
||||
'-d' | '--directory' | '-f' | '--folder' | '--foldername')
|
||||
DIRECTORYARG="ON ATTEND UN REPERTOIRE APRES CA" ;;
|
||||
'-h' | '--help' )
|
||||
usage && exit ;;
|
||||
'-n' | '--simu')
|
||||
SIMU="echo" ;;
|
||||
'-q' | '--quiet')
|
||||
SORTIESTANDARD="/dev/null" ;;
|
||||
*)
|
||||
ENVFILES="${ENVFILES} ${ARG%}";;
|
||||
esac
|
||||
fi
|
||||
printKazError "${line}" >&2
|
||||
done < "${TMPL_FILE}" > "${NEW_FILE}"
|
||||
done
|
||||
|
||||
mv "${NEW_FILE}" "${TMPL_FILE}"
|
||||
NB_FILES=$(echo "${ENVFILES}" | wc -w )
|
||||
|
||||
chmod a+x "${TMPL_FILE}"
|
||||
. "${TMPL_FILE}"
|
||||
"${KAZ_BIN_DIR}/updateDockerPassword.sh"
|
||||
if [[ $NB_FILES = 0 ]]; then
|
||||
ENVFILES=$(grep -lE '@@pass@@|@@db@@|@@user@@|@@token@@|@@globalvar@@|@@crossvar@@' $DIR/* | sed 's/.*\///') #
|
||||
fi
|
||||
|
||||
|
||||
|
||||
secretGen(){
|
||||
# $1 Le env-file à compléter
|
||||
|
||||
FILENAME=$DIR/$1
|
||||
|
||||
NBMATCH=$(grep -lE '@@pass@@|@@db@@|@@user@@|@@token@@|@@globalvar@@' $FILENAME | wc -l) # est ce qu'il y a des choses à génrérer
|
||||
if [[ $NBMATCH = 0 ]]; then
|
||||
true
|
||||
# rien à faire dans ce fichier, on passe
|
||||
else
|
||||
echo "Remplissage $FILENAME" >& $SORTIESTANDARD
|
||||
db="$(apg -n 1 -m 2 -M NCL | cut -c 1-2)"
|
||||
pass="$(apg -n 1 -m 16 -M NCL)"
|
||||
token="$(apg -n 1 -m 32 -M NCL)"
|
||||
user="$(apg -n 1 -m 2 -M NCL | cut -c 1-2)"
|
||||
|
||||
dbs=$(grep -Eo '@@db@@[^@]*@@d@@' $FILENAME | sed -e 's/@@db@@//' -e 's/@@d@@//')
|
||||
passwords=$(grep -Eo '@@pass@@[^@]*@@p@@' $FILENAME | sed -e 's/@@pass@@//' -e 's/@@p@@//')
|
||||
tokens=$(grep -Eo '@@token@@[^@]*@@t@@' $FILENAME | sed -e 's/@@token@@//' -e 's/@@t@@//')
|
||||
users=$(grep -Eo '@@user@@[^@]*@@u@@' $FILENAME | sed -e 's/@@user@@//' -e 's/@@u@@//')
|
||||
globalvars=$(grep -Eo '@@globalvar@@[^@]*@@gv@@' $FILENAME | sed -e 's/@@globalvar@@//' -e 's/@@gv@@//')
|
||||
|
||||
for dbName in $dbs; do $SIMU sed -i "s/@@db@@$dbName@@d@@/${dbName}_$db/" $DIR/*; done
|
||||
for pw in $passwords; do $SIMU sed -i "s/@@pass@@$pw@@p@@/${pass}/" $DIR/*; done
|
||||
for tk in $tokens; do $SIMU sed -i "s/@@token@@$tk@@t@@/${token}/" $DIR/*; done
|
||||
for u in $users; do $SIMU sed -i "s/@@user@@$u@@u@@/${u}_$user/" $DIR/*; done
|
||||
for var in $globalvars; do $SIMU sed -i "s/@@globalvar@@$var@@gv@@/${!var}/" $DIR/*; done
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
crossVarComplete(){
|
||||
# $1 Le env-file à compléter
|
||||
|
||||
FILENAME=$DIR/$1
|
||||
|
||||
NBMATCH=$(grep -lE '@@crossvar@@' $FILENAME | wc -l) # est ce qu'il y a des cross-var à récupérer
|
||||
if [[ $NBMATCH = 0 ]]; then
|
||||
true
|
||||
# rien à faire dans ce fichier, on passe
|
||||
else
|
||||
echo "Remplissage $FILENAME" >& $SORTIESTANDARD
|
||||
|
||||
varnames=$(grep -Eo '@@crossvar@@[^@]*@@cv@@' $FILENAME | sed -e 's/@@crossvar@@//' -e 's/@@cv@@//')
|
||||
for varname in $varnames; do
|
||||
envname=${varname%%_*}
|
||||
value=$(/$KAZ_BIN_DIR/getPasswords.sh -e $varname $envname -d $ORGA)
|
||||
$SIMU sed -i "s/@@crossvar@@$varname@@cv@@/${value}/" $DIR/*;
|
||||
|
||||
done
|
||||
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
|
||||
for ENVFILE in $ENVFILES; do
|
||||
secretGen "$ENVFILE"
|
||||
done
|
||||
|
||||
|
||||
for ENVFILE in $ENVFILES; do
|
||||
crossVarComplete "$ENVFILE"
|
||||
done
|
||||
|
||||
exit 0
|
||||
|
@@ -1,127 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
KAZ_ROOT=$(cd $(dirname $0)/..; pwd)
|
||||
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
|
||||
setKazVars
|
||||
|
||||
# pour mise au point
|
||||
# SIMU=echo
|
||||
|
||||
# Améliorations à prévoir
|
||||
# - donner en paramètre les services concernés (pour limité les modifications)
|
||||
# - pour les DB si on déclare un nouveau login, alors les privilèges sont créé mais les anciens pas révoqués
|
||||
|
||||
. "${DOCKERS_ENV}"
|
||||
. "${KAZ_KEY_DIR}/SetAllPass.sh"
|
||||
|
||||
updateEnvDB(){
|
||||
# $1 = prefix
|
||||
# $2 = envName
|
||||
# $3 = containerName of DB
|
||||
rootPass="$1_MYSQL_ROOT_PASSWORD"
|
||||
dbName="$1_MYSQL_DATABASE"
|
||||
userName="$1_MYSQL_USER"
|
||||
userPass="$1_MYSQL_PASSWORD"
|
||||
|
||||
${SIMU} sed -i \
|
||||
-e "s/MYSQL_ROOT_PASSWORD=.*/MYSQL_ROOT_PASSWORD=${!rootPass}/g" \
|
||||
-e "s/MYSQL_DATABASE=.*/MYSQL_DATABASE=${!dbName}/g" \
|
||||
-e "s/MYSQL_USER=.*/MYSQL_USER=${!userName}/g" \
|
||||
-e "s/MYSQL_PASSWORD=.*/MYSQL_PASSWORD=${!userPass}/g" \
|
||||
"$2"
|
||||
|
||||
# seulement si pas de mdp pour root
|
||||
# pb oeuf et poule (il faudrait les anciennes valeurs) :
|
||||
# * si rootPass change, faire à la main
|
||||
# * si dbName change, faire à la main
|
||||
checkDockerRunning "$3" "$3" || return
|
||||
echo "change DB pass on docker $3"
|
||||
echo "grant all privileges on ${!dbName}.* to '${!userName}' identified by '${!userPass}';" | \
|
||||
docker exec -i $3 bash -c "mysql --user=root --password=${!rootPass}"
|
||||
}
|
||||
|
||||
updateEnv(){
|
||||
# $1 = prefix
|
||||
# $2 = envName
|
||||
|
||||
for varName in $(grep "^[a-zA-Z_]*=" $2 | sed "s/^\([^=]*\)=.*/\1/g")
|
||||
do
|
||||
srcName="$1_${varName}"
|
||||
srcVal=$(echo "${!srcName}" | sed -e "s/[&]/\\\&/g")
|
||||
${SIMU} sed -i \
|
||||
-e "s%^[ ]*${varName}=.*\$%${varName}=${srcVal}%" \
|
||||
"$2"
|
||||
done
|
||||
}
|
||||
|
||||
framadateUpdate(){
|
||||
[[ "${COMP_ENABLE}" =~ " framadate " ]] || return
|
||||
if [ ! -f "${DOCK_LIB}/volumes/framadate_dateConfig/_data/config.php" ]; then
|
||||
return 0
|
||||
fi
|
||||
checkDockerRunning "${framadateServName}" "Framadate" &&
|
||||
${SIMU} docker exec -ti "${framadateServName}" bash -c -i "htpasswd -bc /var/framadate/admin/.htpasswd ${framadate_HTTPD_USER} ${framadate_HTTPD_PASSWORD}"
|
||||
${SIMU} sed -i \
|
||||
-e "s/^#*const DB_USER[ ]*=.*$/const DB_USER= '${framadate_MYSQL_USER}';/g" \
|
||||
-e "s/^#*const DB_PASSWORD[ ]*=.*$/const DB_PASSWORD= '${framadate_MYSQL_PASSWORD}';/g" \
|
||||
"${DOCK_LIB}/volumes/framadate_dateConfig/_data/config.php"
|
||||
}
|
||||
|
||||
jirafeauUpdate(){
|
||||
[[ "${COMP_ENABLE}" =~ " jirafeau " ]] || return
|
||||
if [ ! -f "${DOCK_LIB}/volumes/jirafeau_fileConfig/_data/config.local.php" ]; then
|
||||
return 0
|
||||
fi
|
||||
SHA=$(echo -n "${jirafeau_HTTPD_PASSWORD}" | sha256sum | cut -d \ -f 1)
|
||||
${SIMU} sed -i \
|
||||
-e "s/'admin_password'[ ]*=>[ ]*'[^']*'/'admin_password' => '${SHA}'/g" \
|
||||
"${DOCK_LIB}/volumes/jirafeau_fileConfig/_data/config.local.php"
|
||||
}
|
||||
|
||||
####################
|
||||
# main
|
||||
|
||||
updateEnvDB "etherpad" "${KAZ_KEY_DIR}/env-${etherpadDBName}" "${etherpadDBName}"
|
||||
updateEnvDB "framadate" "${KAZ_KEY_DIR}/env-${framadateDBName}" "${framadateDBName}"
|
||||
updateEnvDB "gitea" "${KAZ_KEY_DIR}/env-${gitDBName}" "${gitDBName}"
|
||||
updateEnvDB "mattermost" "${KAZ_KEY_DIR}/env-${mattermostDBName}" "${mattermostDBName}"
|
||||
updateEnvDB "nextcloud" "${KAZ_KEY_DIR}/env-${nextcloudDBName}" "${nextcloudDBName}"
|
||||
updateEnvDB "roundcube" "${KAZ_KEY_DIR}/env-${roundcubeDBName}" "${roundcubeDBName}"
|
||||
updateEnvDB "sympa" "${KAZ_KEY_DIR}/env-${sympaDBName}" "${sympaDBName}"
|
||||
updateEnvDB "vigilo" "${KAZ_KEY_DIR}/env-${vigiloDBName}" "${vigiloDBName}"
|
||||
updateEnvDB "wp" "${KAZ_KEY_DIR}/env-${wordpressDBName}" "${wordpressDBName}"
|
||||
updateEnvDB "vaultwarden" "${KAZ_KEY_DIR}/env-${vaultwardenDBName}" "${vaultwardenDBName}"
|
||||
updateEnvDB "castopod" "${KAZ_KEY_DIR}/env-${castopodDBName}" "${castopodDBName}"
|
||||
updateEnvDB "spip" "${KAZ_KEY_DIR}/env-${spipDBName}" "${spipDBName}"
|
||||
updateEnvDB "mastodon" "${KAZ_KEY_DIR}/env-${mastodonDBName}" "${mastodonDBName}"
|
||||
|
||||
updateEnv "apikaz" "${KAZ_KEY_DIR}/env-${apikazServName}"
|
||||
updateEnv "ethercalc" "${KAZ_KEY_DIR}/env-${ethercalcServName}"
|
||||
updateEnv "etherpad" "${KAZ_KEY_DIR}/env-${etherpadServName}"
|
||||
updateEnv "framadate" "${KAZ_KEY_DIR}/env-${framadateServName}"
|
||||
updateEnv "gandi" "${KAZ_KEY_DIR}/env-gandi"
|
||||
updateEnv "gitea" "${KAZ_KEY_DIR}/env-${gitServName}"
|
||||
updateEnv "jirafeau" "${KAZ_KEY_DIR}/env-${jirafeauServName}"
|
||||
updateEnv "mattermost" "${KAZ_KEY_DIR}/env-${mattermostServName}"
|
||||
updateEnv "nextcloud" "${KAZ_KEY_DIR}/env-${nextcloudServName}"
|
||||
updateEnv "office" "${KAZ_KEY_DIR}/env-${officeServName}"
|
||||
updateEnv "roundcube" "${KAZ_KEY_DIR}/env-${roundcubeServName}"
|
||||
updateEnv "vigilo" "${KAZ_KEY_DIR}/env-${vigiloServName}"
|
||||
updateEnv "wp" "${KAZ_KEY_DIR}/env-${wordpressServName}"
|
||||
updateEnv "ldap" "${KAZ_KEY_DIR}/env-${ldapServName}"
|
||||
updateEnv "sympa" "${KAZ_KEY_DIR}/env-${sympaServName}"
|
||||
updateEnv "mail" "${KAZ_KEY_DIR}/env-${smtpServName}"
|
||||
updateEnv "mobilizon" "${KAZ_KEY_DIR}/env-${mobilizonServName}"
|
||||
updateEnv "mobilizon" "${KAZ_KEY_DIR}/env-${mobilizonDBName}"
|
||||
updateEnv "vaultwarden" "${KAZ_KEY_DIR}/env-${vaultwardenServName}"
|
||||
updateEnv "castopod" "${KAZ_KEY_DIR}/env-${castopodServName}"
|
||||
updateEnv "spip" "${KAZ_KEY_DIR}/env-${spipServName}"
|
||||
updateEnv "ldap" "${KAZ_KEY_DIR}/env-${ldapUIName}"
|
||||
updateEnv "peertube" "${KAZ_KEY_DIR}/env-${peertubeServName}"
|
||||
updateEnv "peertube" "${KAZ_KEY_DIR}/env-${peertubeDBName}" "${peertubeDBName}"
|
||||
updateEnv "mastodon" "${KAZ_KEY_DIR}/env-${mastodonServName}"
|
||||
|
||||
|
||||
framadateUpdate
|
||||
jirafeauUpdate
|
||||
exit 0
|
@@ -12,7 +12,6 @@ setKazVars
|
||||
|
||||
cd $(dirname $0)/..
|
||||
. "${DOCKERS_ENV}"
|
||||
. "${KAZ_KEY_DIR}/SetAllPass.sh"
|
||||
|
||||
DOCK_DIR=$KAZ_COMP_DIR
|
||||
|
||||
|
@@ -159,3 +159,8 @@ apikazServName=apikazServ
|
||||
# services activés par container.sh
|
||||
# variables d'environneements utilisées
|
||||
# pour le tmpl du mandataire (proxy)
|
||||
|
||||
|
||||
##################
|
||||
#qui on envoi le mail d'inscription ?
|
||||
EMAIL_CONTACT="toto@kaz.bzh"
|
@@ -1,58 +0,0 @@
|
||||
FROM alpine:3.17
|
||||
|
||||
# Some ENV variables
|
||||
ENV PATH="/mattermost/bin:${PATH}"
|
||||
#ENV MM_VERSION=5.32.0
|
||||
ENV MM_VERSION=6.1.0
|
||||
ENV MM_INSTALL_TYPE=docker
|
||||
|
||||
# Build argument to set Mattermost edition
|
||||
ARG edition=enterprise
|
||||
ARG PUID=2000
|
||||
ARG PGID=2000
|
||||
ARG MM_BINARY=
|
||||
|
||||
|
||||
# Install some needed packages
|
||||
RUN apk add --no-cache \
|
||||
ca-certificates \
|
||||
curl \
|
||||
jq \
|
||||
libc6-compat \
|
||||
libffi-dev \
|
||||
libcap \
|
||||
linux-headers \
|
||||
mailcap \
|
||||
netcat-openbsd \
|
||||
xmlsec-dev \
|
||||
tzdata \
|
||||
&& rm -rf /tmp/*
|
||||
|
||||
# Get Mattermost
|
||||
RUN mkdir -p /mattermost/data /mattermost/plugins /mattermost/client/plugins \
|
||||
&& if [ ! -z "$MM_BINARY" ]; then curl $MM_BINARY | tar -xvz ; \
|
||||
elif [ "$edition" = "team" ] ; then curl https://releases.mattermost.com/$MM_VERSION/mattermost-team-$MM_VERSION-linux-amd64.tar.gz?src=docker-app | tar -xvz ; \
|
||||
else curl https://releases.mattermost.com/$MM_VERSION/mattermost-$MM_VERSION-linux-amd64.tar.gz?src=docker-app | tar -xvz ; fi \
|
||||
&& cp /mattermost/config/config.json /config.json.save \
|
||||
&& rm -rf /mattermost/config/config.json \
|
||||
&& addgroup -g ${PGID} mattermost \
|
||||
&& adduser -D -u ${PUID} -G mattermost -h /mattermost -D mattermost \
|
||||
&& chown -R mattermost:mattermost /mattermost /config.json.save /mattermost/plugins /mattermost/client/plugins \
|
||||
&& setcap cap_net_bind_service=+ep /mattermost/bin/mattermost
|
||||
|
||||
USER mattermost
|
||||
|
||||
#Healthcheck to make sure container is ready
|
||||
HEALTHCHECK CMD curl --fail http://localhost:8000 || exit 1
|
||||
|
||||
# Configure entrypoint and command
|
||||
COPY entrypoint.sh /
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
||||
WORKDIR /mattermost
|
||||
CMD ["mattermost"]
|
||||
|
||||
# Expose port 8000 of the container
|
||||
EXPOSE 8000
|
||||
|
||||
# Declare volumes for mount point directories
|
||||
VOLUME ["/mattermost/data", "/mattermost/logs", "/mattermost/config", "/mattermost/plugins", "/mattermost/client/plugins"]
|
@@ -1,82 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
# Function to generate a random salt
|
||||
generate_salt() {
|
||||
tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 48 | head -n 1
|
||||
}
|
||||
|
||||
# Read environment variables or set default values
|
||||
DB_HOST=${DB_HOST:-db}
|
||||
DB_PORT_NUMBER=${DB_PORT_NUMBER:-5432}
|
||||
# see https://www.postgresql.org/docs/current/libpq-ssl.html
|
||||
# for usage when database connection requires encryption
|
||||
# filenames should be escaped if they contain spaces
|
||||
# i.e. $(printf %s ${MY_ENV_VAR:-''} | jq -s -R -r @uri)
|
||||
# the location of the CA file can be set using environment var PGSSLROOTCERT
|
||||
# the location of the CRL file can be set using PGSSLCRL
|
||||
# The URL syntax for connection string does not support the parameters
|
||||
# sslrootcert and sslcrl reliably, so use these PostgreSQL-specified variables
|
||||
# to set names if using a location other than default
|
||||
DB_USE_SSL=${DB_USE_SSL:-disable}
|
||||
MM_DBNAME=${MM_DBNAME:-mattermost}
|
||||
MM_CONFIG=${MM_CONFIG:-/mattermost/config/config.json}
|
||||
|
||||
_1=$(echo "$1" | awk '{ s=substr($0, 0, 1); print s; }' )
|
||||
if [ "$_1" = '-' ]; then
|
||||
set -- mattermost "$@"
|
||||
fi
|
||||
|
||||
if [ "$1" = 'mattermost' ]; then
|
||||
# Check CLI args for a -config option
|
||||
for ARG in "$@"; do
|
||||
case "$ARG" in
|
||||
-config=*) MM_CONFIG=${ARG#*=};;
|
||||
esac
|
||||
done
|
||||
|
||||
if [ ! -f "$MM_CONFIG" ]; then
|
||||
# If there is no configuration file, create it with some default values
|
||||
echo "No configuration file $MM_CONFIG"
|
||||
echo "Creating a new one"
|
||||
# Copy default configuration file
|
||||
cp /config.json.save "$MM_CONFIG"
|
||||
# Substitute some parameters with jq
|
||||
jq '.ServiceSettings.ListenAddress = ":8000"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
|
||||
jq '.LogSettings.EnableConsole = true' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
|
||||
jq '.LogSettings.ConsoleLevel = "ERROR"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
|
||||
jq '.FileSettings.Directory = "/mattermost/data/"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
|
||||
jq '.FileSettings.EnablePublicLink = true' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
|
||||
jq ".FileSettings.PublicLinkSalt = \"$(generate_salt)\"" "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
|
||||
jq '.EmailSettings.SendEmailNotifications = false' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
|
||||
jq '.EmailSettings.FeedbackEmail = ""' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
|
||||
jq '.EmailSettings.SMTPServer = ""' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
|
||||
jq '.EmailSettings.SMTPPort = ""' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
|
||||
jq ".EmailSettings.InviteSalt = \"$(generate_salt)\"" "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
|
||||
jq ".EmailSettings.PasswordResetSalt = \"$(generate_salt)\"" "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
|
||||
jq '.RateLimitSettings.Enable = true' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
|
||||
jq '.SqlSettings.DriverName = "postgres"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
|
||||
jq ".SqlSettings.AtRestEncryptKey = \"$(generate_salt)\"" "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
|
||||
jq '.PluginSettings.Directory = "/mattermost/plugins/"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
|
||||
else
|
||||
echo "Using existing config file $MM_CONFIG"
|
||||
fi
|
||||
|
||||
# Configure database access
|
||||
if [ -z "$MM_SQLSETTINGS_DATASOURCE" ] && [ -n "$MM_USERNAME" ] && [ -n "$MM_PASSWORD" ]; then
|
||||
echo "Configure database connection..."
|
||||
# URLEncode the password, allowing for special characters
|
||||
ENCODED_PASSWORD=$(printf %s "$MM_PASSWORD" | jq -s -R -r @uri)
|
||||
export MM_SQLSETTINGS_DATASOURCE="postgres://$MM_USERNAME:$ENCODED_PASSWORD@$DB_HOST:$DB_PORT_NUMBER/$MM_DBNAME?sslmode=$DB_USE_SSL&connect_timeout=10"
|
||||
echo "OK"
|
||||
else
|
||||
echo "Using existing database connection"
|
||||
fi
|
||||
|
||||
# Wait another second for the database to be properly started.
|
||||
# Necessary to avoid "panic: Failed to open sql connection pq: the database system is starting up"
|
||||
sleep 1
|
||||
|
||||
echo "Starting mattermost"
|
||||
fi
|
||||
|
||||
exec "$@"
|
@@ -4,21 +4,21 @@ services:
|
||||
#{{db
|
||||
db:
|
||||
image: mariadb:11.4
|
||||
container_name: ${orga}DB
|
||||
container_name: ${orga}-DB
|
||||
#disk_quota: 10G
|
||||
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
|
||||
restart: ${restartPolicy}
|
||||
volumes:
|
||||
- ./initdb.d:/docker-entrypoint-initdb.d:ro
|
||||
# - ./initdb.d:/docker-entrypoint-initdb.d:ro
|
||||
- orgaDB:/var/lib/mysql
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
environment:
|
||||
- MARIADB_AUTO_UPGRADE=1
|
||||
env_file:
|
||||
- ../../secret/env-${nextcloudDBName}
|
||||
# - ../../secret/env-${mattermostDBName}
|
||||
- ../../secret/env-${wordpressDBName}
|
||||
- ../../secret/orgas/${orga}/env-${nextcloudDBName}
|
||||
# - ../../secret/orgas/${orga}/env-${mattermostDBName}
|
||||
- ../../secret/orgas/${orga}/env-${wordpressDBName}
|
||||
networks:
|
||||
- orgaNet
|
||||
healthcheck: # utilisé par init-db.sh pour la créa d'orga
|
||||
@@ -34,7 +34,7 @@ services:
|
||||
#{{cloud
|
||||
cloud:
|
||||
image: nextcloud
|
||||
container_name: ${orga}${nextcloudServName}
|
||||
container_name: ${orga}-${nextcloudServName}
|
||||
#disk_quota: 10G
|
||||
restart: ${restartPolicy}
|
||||
networks:
|
||||
@@ -50,8 +50,8 @@ services:
|
||||
- ${smtpServName}:${smtpHost}
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.${orga}${nextcloudServName}.rule=Host(`${orga}${cloudHost}.${domain}`){{FOREIGN_NC}}"
|
||||
- "traefik.http.routers.${orga}${nextcloudServName}.middlewares=nextcloud-redirectregex1@file,nextcloud-redirectregex2@file"
|
||||
- "traefik.http.routers.${orga}-${nextcloudServName}.rule=Host(`${orga}-${cloudHost}.${domain}`){{FOREIGN_NC}}"
|
||||
- "traefik.http.routers.${orga}-${nextcloudServName}.middlewares=nextcloud-redirectregex1@file,nextcloud-redirectregex2@file"
|
||||
volumes:
|
||||
- cloudMain:/var/www/html
|
||||
- cloudData:/var/www/html/data
|
||||
@@ -63,10 +63,10 @@ services:
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
env_file:
|
||||
- ../../secret/env-${nextcloudServName}
|
||||
- ../../secret/env-${nextcloudDBName}
|
||||
- ../../secret/orgas/${orga}/env-${nextcloudServName}
|
||||
- ../../secret/orgas/${orga}/env-${nextcloudDBName}
|
||||
environment:
|
||||
- NEXTCLOUD_TRUSTED_DOMAINS=${orga}${cloudHost}.${domain}
|
||||
- NEXTCLOUD_TRUSTED_DOMAINS=${orga}-${cloudHost}.${domain}
|
||||
- SMTP_HOST=${smtpHost}
|
||||
- SMTP_PORT=25
|
||||
- MAIL_DOMAIN=${domain}
|
||||
@@ -80,7 +80,7 @@ services:
|
||||
- edition=team
|
||||
- PUID=1000
|
||||
- PGID=1000
|
||||
container_name: ${orga}${mattermostServName}
|
||||
container_name: ${orga}-${mattermostServName}
|
||||
#disk_quota: 10G
|
||||
restart: ${restartPolicy}
|
||||
# memory: 1G
|
||||
@@ -109,20 +109,20 @@ services:
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/environment:/etc/environment:ro
|
||||
env_file:
|
||||
- ../../secret/env-${mattermostServName}
|
||||
- ../../secret/orgas/${orga}/env-${mattermostServName}
|
||||
environment:
|
||||
- VIRTUAL_HOST=${orga}${matterHost}.${domain}
|
||||
- VIRTUAL_HOST=${orga}-${matterHost}.${domain}
|
||||
# in case your config is not in default location
|
||||
#- MM_CONFIG=/mattermost/config/config.json
|
||||
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.${orga}${mattermostServName}.rule=Host(`${orga}${matterHost}.${domain}`)"
|
||||
- "traefik.http.routers.${orga}-${mattermostServName}.rule=Host(`${orga}-${matterHost}.${domain}`)"
|
||||
#}}
|
||||
#{{wp
|
||||
wordpress:
|
||||
image: wordpress
|
||||
container_name: ${orga}${wordpressServName}
|
||||
container_name: ${orga}-${wordpressServName}
|
||||
restart: ${restartPolicy}
|
||||
networks:
|
||||
- orgaNet
|
||||
@@ -136,17 +136,17 @@ services:
|
||||
external_links:
|
||||
- ${smtpServName}:${smtpHost}.${domain}
|
||||
env_file:
|
||||
- ../../secret/env-${wordpressServName}
|
||||
- ../../secret/orgas/${orga}/env-${wordpressServName}
|
||||
environment:
|
||||
- WORDPRESS_SMTP_HOST=${smtpHost}.${domain}
|
||||
- WORDPRESS_SMTP_PORT=25
|
||||
# - WORDPRESS_SMTP_USERNAME
|
||||
# - WORDPRESS_SMTP_PASSWORD
|
||||
# - WORDPRESS_SMTP_FROM=${orga}
|
||||
- WORDPRESS_SMTP_FROM_NAME=${orga}
|
||||
# - WORDPRESS_SMTP_FROM=${orga}-
|
||||
- WORDPRESS_SMTP_FROM_NAME=${orga}-
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.${orga}${wordpressServName}.rule=Host(`${orga}${wordpressHost}.${domain}`){{FOREIGN_WP}}"
|
||||
- "traefik.http.routers.${orga}-${wordpressServName}.rule=Host(`${orga}-${wordpressHost}.${domain}`){{FOREIGN_WP}}"
|
||||
volumes:
|
||||
- wordpress:/var/www/html
|
||||
# - ../../config/orgaTmpl/wp:/usr/local/bin/wp:ro
|
||||
@@ -154,12 +154,12 @@ services:
|
||||
#{{wiki
|
||||
dokuwiki:
|
||||
image: mprasil/dokuwiki
|
||||
container_name: ${orga}${dokuwikiServName}
|
||||
container_name: ${orga}-${dokuwikiServName}
|
||||
#disk_quota: 10G
|
||||
restart: ${restartPolicy}
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.${orga}${dokuwikiServName}.rule=Host(`${orga}${dokuwikiHost}.${domain}`){{FOREIGN_DW}}"
|
||||
- "traefik.http.routers.${orga}-${dokuwikiServName}.rule=Host(`${orga}-${dokuwikiHost}.${domain}`){{FOREIGN_DW}}"
|
||||
volumes:
|
||||
- wikiData:/dokuwiki/data
|
||||
- wikiConf:/dokuwiki/conf
|
||||
@@ -175,7 +175,7 @@ services:
|
||||
#{{castopod
|
||||
castopod:
|
||||
image: castopod/castopod:latest
|
||||
container_name: ${orga}${castopodServName}
|
||||
container_name: ${orga}-${castopodServName}
|
||||
#disk_quota: 10G
|
||||
restart: ${restartPolicy}
|
||||
# memory: 1G
|
||||
@@ -193,27 +193,27 @@ services:
|
||||
volumes:
|
||||
- castopodMedia:/var/www/castopod/public/media
|
||||
environment:
|
||||
CP_BASEURL: "https://${orga}${castopodHost}.${domain}"
|
||||
CP_BASEURL: "https://${orga}-${castopodHost}.${domain}"
|
||||
CP_ANALYTICS_SALT: qldsgfliuzrbhgmkjbdbmkvb
|
||||
VIRTUAL_PORT: 8000
|
||||
CP_CACHE_HANDLER: redis
|
||||
CP_REDIS_HOST: redis
|
||||
CP_DATABASE_HOSTNAME: db
|
||||
env_file:
|
||||
- ../../secret/env-${castopodServName}
|
||||
- ../../secret/env-${castopodDBName}
|
||||
- ../../secret/orgas/${orga}/env-${castopodServName}
|
||||
- ../../secret/orgas/${orga}/env-${castopodDBName}
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.${orga}${castopodServName}.rule=Host(`${orga}${castopodHost}.${domain}`){{FOREIGN_POD}}"
|
||||
- "traefik.http.routers.${orga}-${castopodServName}.rule=Host(`${orga}-${castopodHost}.${domain}`){{FOREIGN_POD}}"
|
||||
redis:
|
||||
image: redis:7.0-alpine
|
||||
container_name: ${orga}castopodCache
|
||||
container_name: ${orga}-castopodCache
|
||||
volumes:
|
||||
- castopodCache:/data
|
||||
networks:
|
||||
- orgaNet
|
||||
env_file:
|
||||
- ../../secret/env-${castopodServName}
|
||||
- ../../secret/orgas/${orga}/env-${castopodServName}
|
||||
command: --requirepass ${castopodRedisPassword}
|
||||
#}}
|
||||
#{{spip
|
||||
@@ -225,16 +225,16 @@ services:
|
||||
links:
|
||||
- db
|
||||
env_file:
|
||||
- ../../secret/env-${spipServName}
|
||||
- ../../secret/orgas/${orga}/env-${spipServName}
|
||||
environment:
|
||||
- SPIP_AUTO_INSTALL=1
|
||||
- SPIP_DB_HOST=db
|
||||
- SPIP_SITE_ADDRESS=https://${orga}${spipHost}.${domain}
|
||||
- SPIP_SITE_ADDRESS=https://${orga}-${spipHost}.${domain}
|
||||
expose:
|
||||
- 80
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.${orga}${spipServName}.rule=Host(`${orga}${spipHost}.${domain}`){{FOREIGN_SPIP}}"
|
||||
- "traefik.http.routers.${orga}-${spipServName}.rule=Host(`${orga}-${spipHost}.${domain}`){{FOREIGN_SPIP}}"
|
||||
networks:
|
||||
- orgaNet
|
||||
volumes:
|
||||
@@ -250,84 +250,84 @@ volumes:
|
||||
#{{db
|
||||
orgaDB:
|
||||
external: true
|
||||
name: orga_${orga}orgaDB
|
||||
name: orga_${orga}-orgaDB
|
||||
#}}
|
||||
#{{agora
|
||||
matterConfig:
|
||||
external: true
|
||||
name: orga_${orga}matterConfig
|
||||
name: orga_${orga}-matterConfig
|
||||
matterData:
|
||||
external: true
|
||||
name: orga_${orga}matterData
|
||||
name: orga_${orga}-matterData
|
||||
matterLogs:
|
||||
external: true
|
||||
name: orga_${orga}matterLogs
|
||||
name: orga_${orga}-matterLogs
|
||||
matterPlugins:
|
||||
external: true
|
||||
name: orga_${orga}matterPlugins
|
||||
name: orga_${orga}-matterPlugins
|
||||
matterClientPlugins:
|
||||
external: true
|
||||
name: orga_${orga}matterClientPlugins
|
||||
name: orga_${orga}-matterClientPlugins
|
||||
matterIcons:
|
||||
external: true
|
||||
name: matterIcons
|
||||
#{{cloud
|
||||
cloudMain:
|
||||
external: true
|
||||
name: orga_${orga}cloudMain
|
||||
name: orga_${orga}-cloudMain
|
||||
cloudData:
|
||||
external: true
|
||||
name: orga_${orga}cloudData
|
||||
name: orga_${orga}-cloudData
|
||||
cloudConfig:
|
||||
external: true
|
||||
name: orga_${orga}cloudConfig
|
||||
name: orga_${orga}-cloudConfig
|
||||
cloudApps:
|
||||
external: true
|
||||
name: orga_${orga}cloudApps
|
||||
name: orga_${orga}-cloudApps
|
||||
cloudCustomApps:
|
||||
external: true
|
||||
name: orga_${orga}cloudCustomApps
|
||||
name: orga_${orga}-cloudCustomApps
|
||||
cloudThemes:
|
||||
external: true
|
||||
name: orga_${orga}cloudThemes
|
||||
name: orga_${orga}-cloudThemes
|
||||
cloudPhp:
|
||||
external: true
|
||||
name: orga_${orga}cloudPhp
|
||||
name: orga_${orga}-cloudPhp
|
||||
#}}
|
||||
#{{wiki
|
||||
wikiData:
|
||||
external: true
|
||||
name: orga_${orga}wikiData
|
||||
name: orga_${orga}-wikiData
|
||||
wikiConf:
|
||||
external: true
|
||||
name: orga_${orga}wikiConf
|
||||
name: orga_${orga}-wikiConf
|
||||
wikiPlugins:
|
||||
external: true
|
||||
name: orga_${orga}wikiPlugins
|
||||
name: orga_${orga}-wikiPlugins
|
||||
wikiLibtpl:
|
||||
external: true
|
||||
name: orga_${orga}wikiLibtpl
|
||||
name: orga_${orga}-wikiLibtpl
|
||||
wikiLogs:
|
||||
external: true
|
||||
name: orga_${orga}wikiLogs
|
||||
name: orga_${orga}-wikiLogs
|
||||
#}}
|
||||
#{{wp
|
||||
wordpress:
|
||||
external: true
|
||||
name: orga_${orga}wordpress
|
||||
name: orga_${orga}-wordpress
|
||||
#}}
|
||||
#{{castopod
|
||||
castopodMedia:
|
||||
external: true
|
||||
name: orga_${orga}castopodMedia
|
||||
name: orga_${orga}-castopodMedia
|
||||
castopodCache:
|
||||
external: true
|
||||
name: orga_${orga}castopodCache
|
||||
name: orga_${orga}-castopodCache
|
||||
#}}
|
||||
#{{spip
|
||||
spip:
|
||||
external: true
|
||||
name: orga_${orga}spip
|
||||
name: orga_${orga}-spip
|
||||
#}}
|
||||
|
||||
|
||||
@@ -335,7 +335,7 @@ volumes:
|
||||
networks:
|
||||
orgaNet:
|
||||
external: true
|
||||
name: ${orga}orgaNet
|
||||
name: ${orga}-orgaNet
|
||||
# postfixNet:
|
||||
# external:
|
||||
# name: postfixNet
|
||||
|
@@ -4,7 +4,6 @@ KAZ_ROOT=$(cd $(dirname $0)/../..; pwd)
|
||||
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
|
||||
setKazVars
|
||||
. "${DOCKERS_ENV}"
|
||||
. "${KAZ_KEY_DIR}/SetAllPass.sh"
|
||||
|
||||
cd $(dirname $0)
|
||||
ORGA_DIR="$(basename "$(pwd)")"
|
||||
@@ -25,57 +24,66 @@ SQL=""
|
||||
for ARG in "$@"; do
|
||||
case "${ARG}" in
|
||||
'cloud' )
|
||||
. $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudDB
|
||||
SQL="$SQL
|
||||
CREATE DATABASE IF NOT EXISTS ${nextcloud_MYSQL_DATABASE};
|
||||
CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE};
|
||||
|
||||
DROP USER IF EXISTS '${nextcloud_MYSQL_USER}';
|
||||
CREATE USER '${nextcloud_MYSQL_USER}'@'%';
|
||||
DROP USER IF EXISTS '${MYSQL_USER}';
|
||||
CREATE USER '${MYSQL_USER}'@'%';
|
||||
|
||||
GRANT ALL ON ${nextcloud_MYSQL_DATABASE}.* TO '${nextcloud_MYSQL_USER}'@'%' IDENTIFIED BY '${nextcloud_MYSQL_PASSWORD}';
|
||||
GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';
|
||||
|
||||
FLUSH PRIVILEGES;"
|
||||
;;
|
||||
'agora' )
|
||||
|
||||
. $KAZ_KEY_DIR/orgas/$ORGA/env-mattermostDB
|
||||
SQL="$SQL
|
||||
CREATE DATABASE IF NOT EXISTS ${mattermost_MYSQL_DATABASE};
|
||||
CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE};
|
||||
|
||||
DROP USER IF EXISTS '${mattermost_MYSQL_USER}';
|
||||
CREATE USER '${mattermost_MYSQL_USER}'@'%';
|
||||
DROP USER IF EXISTS '${MYSQL_USER}';
|
||||
CREATE USER '${MYSQL_USER}'@'%';
|
||||
|
||||
GRANT ALL ON ${mattermost_MYSQL_DATABASE}.* TO '${mattermost_MYSQL_USER}'@'%' IDENTIFIED BY '${mattermost_MYSQL_PASSWORD}';
|
||||
GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';
|
||||
|
||||
FLUSH PRIVILEGES;"
|
||||
;;
|
||||
'wp' )
|
||||
|
||||
. $KAZ_KEY_DIR/orgas/$ORGA/env-wpDB
|
||||
SQL="$SQL
|
||||
CREATE DATABASE IF NOT EXISTS ${wp_MYSQL_DATABASE};
|
||||
CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE};
|
||||
|
||||
DROP USER IF EXISTS '${wp_MYSQL_USER}';
|
||||
CREATE USER '${wp_MYSQL_USER}'@'%';
|
||||
DROP USER IF EXISTS '${MYSQL_USER}';
|
||||
CREATE USER '${MYSQL_USER}'@'%';
|
||||
|
||||
GRANT ALL ON ${wp_MYSQL_DATABASE}.* TO '${wp_MYSQL_USER}'@'%' IDENTIFIED BY '${wp_MYSQL_PASSWORD}';
|
||||
GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';
|
||||
|
||||
FLUSH PRIVILEGES;"
|
||||
;;
|
||||
'castopod' )
|
||||
|
||||
. $KAZ_KEY_DIR/orgas/$ORGA/env-castopodDB
|
||||
SQL="$SQL
|
||||
CREATE DATABASE IF NOT EXISTS ${castopod_MYSQL_DATABASE};
|
||||
CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE};
|
||||
|
||||
DROP USER IF EXISTS '${castopod_MYSQL_USER}';
|
||||
CREATE USER '${castopod_MYSQL_USER}'@'%';
|
||||
DROP USER IF EXISTS '${MYSQL_USER}';
|
||||
CREATE USER '${MYSQL_USER}'@'%';
|
||||
|
||||
GRANT ALL ON ${castopod_MYSQL_DATABASE}.* TO '${castopod_MYSQL_USER}'@'%' IDENTIFIED BY '${castopod_MYSQL_PASSWORD}';
|
||||
GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';
|
||||
|
||||
FLUSH PRIVILEGES;"
|
||||
;;
|
||||
'spip' )
|
||||
|
||||
. $KAZ_KEY_DIR/orgas/$ORGA/env-spipDB
|
||||
SQL="$SQL
|
||||
CREATE DATABASE IF NOT EXISTS ${spip_MYSQL_DATABASE};
|
||||
CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE};
|
||||
|
||||
DROP USER IF EXISTS '${spip_MYSQL_USER}';
|
||||
CREATE USER '${spip_MYSQL_USER}'@'%';
|
||||
DROP USER IF EXISTS '${MYSQL_USER}';
|
||||
CREATE USER '${MYSQL_USER}'@'%';
|
||||
|
||||
GRANT ALL ON ${spip_MYSQL_DATABASE}.* TO '${spip_MYSQL_USER}'@'%' IDENTIFIED BY '${spip_MYSQL_PASSWORD}';
|
||||
GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';
|
||||
|
||||
FLUSH PRIVILEGES;"
|
||||
;;
|
||||
@@ -84,4 +92,4 @@ FLUSH PRIVILEGES;"
|
||||
esac
|
||||
done
|
||||
|
||||
echo $SQL | docker exec -i ${ORGA}-DB bash -c "mariadb --user=root --password=${wp_MYSQL_ROOT_PASSWORD}"
|
||||
echo $SQL | docker exec -i ${ORGA}-DB bash -c "mariadb --user=root --password=${MYSQL_ROOT_PASSWORD}"
|
||||
|
@@ -1,3 +0,0 @@
|
||||
CREATE DATABASE IF NOT EXISTS nextcloud;
|
||||
CREATE DATABASE IF NOT EXISTS mattermost;
|
||||
CREATE DATABASE IF NOT EXISTS wpdb;
|
@@ -389,7 +389,7 @@ update() {
|
||||
-e "s/{{FOREIGN_DW}}/${FOREIGN_DW}/"\
|
||||
-e "s/{{FOREIGN_POD}}/${FOREIGN_POD}/"\
|
||||
-e "s/{{FOREIGN_SPIP}}/${FOREIGN_SPIP}/"\
|
||||
-e "s|\${orga}|${ORGA}-|g"
|
||||
-e "s|\${orga}|${ORGA}|g"
|
||||
) > "$2"
|
||||
sed "s/storage_opt:.*/storage_opt: ${quota}/g" -i "$2"
|
||||
}
|
||||
@@ -412,13 +412,18 @@ if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then
|
||||
ln -sf ../../config/orgaTmpl/orga-gen.sh
|
||||
ln -sf ../../config/orgaTmpl/orga-rm.sh
|
||||
ln -sf ../../config/orgaTmpl/init-paheko.sh
|
||||
ln -sf ../../config/orgaTmpl/initdb.d/
|
||||
#ln -sf ../../config/orgaTmpl/initdb.d/
|
||||
ln -sf ../../config/orgaTmpl/app/
|
||||
ln -sf ../../config/orgaTmpl/wiki-conf/
|
||||
ln -sf ../../config/orgaTmpl/reload.sh
|
||||
ln -sf ../../config/orgaTmpl/init-db.sh
|
||||
fi
|
||||
|
||||
if [ ! -d "${KAZ_KEY_DIR}/orgas/$ORGA/" ]; then
|
||||
rsync -a "${KAZ_CONF_DIR}/orgaTmpl/secret.tmpl/" "${KAZ_KEY_DIR}/orgas/$ORGA/"
|
||||
${KAZ_BIN_DIR}/secretGen.sh -d $ORGA
|
||||
fi
|
||||
|
||||
if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then
|
||||
# ########## update ${DOCKERS_ENV}
|
||||
if ! grep -q "proxy_orga=" .env 2> /dev/null
|
||||
@@ -438,6 +443,12 @@ if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then
|
||||
fi
|
||||
|
||||
if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then
|
||||
|
||||
|
||||
# ########## create network
|
||||
## GAEL bizarre, je pense que c'est déjà fait qque part, mais chez moi ça veut pas ...
|
||||
docker network create "${ORGA}-orgaNet"
|
||||
|
||||
# ########## create volume
|
||||
./init-volume.sh
|
||||
fi
|
||||
|
@@ -40,6 +40,8 @@ remove () {
|
||||
sed -i -e "/proxy_${ORGA_FLAG}=/d" "${DOCKERS_ENV}"
|
||||
sed -i -e "/^${ORGA}-orga$/d" "${ORGA_LIST}"
|
||||
rm -fr "${KAZ_COMP_DIR}/${ORGA}-orga"
|
||||
|
||||
rm -fr "${KAZ_KEY_DIR}/orgas/${ORGA}"
|
||||
exit;;
|
||||
[Nn]* )
|
||||
|
||||
|
3
config/orgaTmpl/secret.tmpl/env-castopodAdmin
Normal file
3
config/orgaTmpl/secret.tmpl/env-castopodAdmin
Normal file
@@ -0,0 +1,3 @@
|
||||
ADMIN_USER=@@pass@@castopod2@@p@@
|
||||
ADMIN_MAIL=admin@@@globalvar@@domain@@gv@@
|
||||
ADMIN_PASSWORD=@@pass@@castopod3@@p@@
|
4
config/orgaTmpl/secret.tmpl/env-castopodDB
Normal file
4
config/orgaTmpl/secret.tmpl/env-castopodDB
Normal file
@@ -0,0 +1,4 @@
|
||||
MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
|
||||
MYSQL_USER=@@user@@castopod1@@u@@
|
||||
MYSQL_PASSWORD=@@pass@@castopod1@@p@@
|
||||
MYSQL_DATABASE=@@db@@castopod1@@d@@
|
7
config/orgaTmpl/secret.tmpl/env-castopodServ
Normal file
7
config/orgaTmpl/secret.tmpl/env-castopodServ
Normal file
@@ -0,0 +1,7 @@
|
||||
CP_EMAIL_SMTP_HOST=
|
||||
CP_EMAIL_FROM=
|
||||
CP_EMAIL_SMTP_USERNAME=
|
||||
CP_EMAIL_SMTP_PASSWORD=
|
||||
CP_EMAIL_SMTP_PORT=
|
||||
CP_EMAIL_SMTP_CRYPTO=
|
||||
CP_REDIS_PASSWORD=
|
9
config/orgaTmpl/secret.tmpl/env-mattermostDB
Normal file
9
config/orgaTmpl/secret.tmpl/env-mattermostDB
Normal file
@@ -0,0 +1,9 @@
|
||||
|
||||
MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
|
||||
MYSQL_DATABASE=@@db@@mattermost@@d@@
|
||||
MYSQL_USER=@@user@@mattermost@@u@@
|
||||
MYSQL_PASSWORD=@@pass@@mattermost@@p@@
|
||||
|
||||
POSTGRES_USER=@@user@@mattermost@@u@@
|
||||
POSTGRES_PASSWORD=@@pass@@mattermost@@p@@
|
||||
POSTGRES_DB=@@db@@mattermost@@d@@
|
9
config/orgaTmpl/secret.tmpl/env-mattermostServ
Normal file
9
config/orgaTmpl/secret.tmpl/env-mattermostServ
Normal file
@@ -0,0 +1,9 @@
|
||||
|
||||
MM_ADMIN_EMAIL=@@globalvar@@matterHost@@gv@@@@@globalvar@@domain@@gv@@
|
||||
MM_ADMIN_USER=@@user@@mattermost2@@u@@
|
||||
MM_ADMIN_PASSWORD=@@pass@@mattermost2@@p@@
|
||||
|
||||
|
||||
MM_SQLSETTINGS_DRIVERNAME=postgres
|
||||
MM_SQLSETTINGS_DATASOURCE=postgres://@@user@@mattermost@@u@@:@@pass@@mattermost@@p@@@postgres:5432/@@db@@mattermost@@d@@?sslmode=disable&connect_timeout=10
|
||||
|
8
config/orgaTmpl/secret.tmpl/env-nextcloudDB
Normal file
8
config/orgaTmpl/secret.tmpl/env-nextcloudDB
Normal file
@@ -0,0 +1,8 @@
|
||||
|
||||
MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
|
||||
MYSQL_DATABASE=@@db@@nextcloud@@d@@
|
||||
MYSQL_USER=@@user@@nextcloud@@u@@
|
||||
MYSQL_PASSWORD=@@pass@@nextcloud@@p@@
|
||||
|
||||
#NC_MYSQL_USER=
|
||||
#NC_MYSQL_PASSWORD=
|
5
config/orgaTmpl/secret.tmpl/env-nextcloudServ
Normal file
5
config/orgaTmpl/secret.tmpl/env-nextcloudServ
Normal file
@@ -0,0 +1,5 @@
|
||||
|
||||
NEXTCLOUD_ADMIN_USER=@@user@@nextcloudadmin@@u@@
|
||||
NEXTCLOUD_ADMIN_PASSWORD=@@pass@@nextcloudadmin@@p@@
|
||||
MYSQL_HOST=db
|
||||
RAIN_LOOP=@@pass@@rainloop@@p@@
|
4
config/orgaTmpl/secret.tmpl/env-spipDB
Normal file
4
config/orgaTmpl/secret.tmpl/env-spipDB
Normal file
@@ -0,0 +1,4 @@
|
||||
MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
|
||||
MYSQL_DATABASE=@@db@@spip@@d@@
|
||||
MYSQL_USER=@@user@@spip@@u@@
|
||||
MYSQL_PASSWORD=@@pass@@spip@@p@@
|
10
config/orgaTmpl/secret.tmpl/env-spipServ
Normal file
10
config/orgaTmpl/secret.tmpl/env-spipServ
Normal file
@@ -0,0 +1,10 @@
|
||||
SPIP_AUTO_INSTALL=1
|
||||
SPIP_DB_SERVER=mysql
|
||||
SPIP_DB_NAME=@@db@@spip@@d@@
|
||||
SPIP_DB_LOGIN=@@user@@spip@@u@@
|
||||
SPIP_DB_PASS=@@pass@@spip@@p@@
|
||||
SPIP_ADMIN_NAME=admin
|
||||
SPIP_ADMIN_LOGIN=@@user@@spipadmin@@u@@
|
||||
SPIP_ADMIN_EMAIL=admin@@@globalvar@@domain@@gv@@
|
||||
SPIP_ADMIN_PASS=@@pass@@spipadmin@@p@@
|
||||
PHP_TIMEZONE=Europe/Paris
|
4
config/orgaTmpl/secret.tmpl/env-wpDB
Normal file
4
config/orgaTmpl/secret.tmpl/env-wpDB
Normal file
@@ -0,0 +1,4 @@
|
||||
MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
|
||||
MYSQL_DATABASE=@@db@@wp@@d@@
|
||||
MYSQL_USER=@@user@@wp@@u@@
|
||||
MYSQL_PASSWORD=@@pass@@wp@@p@@
|
8
config/orgaTmpl/secret.tmpl/env-wpServ
Normal file
8
config/orgaTmpl/secret.tmpl/env-wpServ
Normal file
@@ -0,0 +1,8 @@
|
||||
# share with wpDB
|
||||
|
||||
WORDPRESS_DB_HOST=db:3306
|
||||
WORDPRESS_ADMIN_USER=@@user@@adminwp@@u@@
|
||||
WORDPRESS_ADMIN_PASSWORD=@@pass@@adminwp@@p@@
|
||||
WORDPRESS_DB_NAME=@@db@@wp@@d@@
|
||||
WORDPRESS_DB_USER=@@user@@wp@@u@@
|
||||
WORDPRESS_DB_PASSWORD=@@pass@@wp@@p@@
|
@@ -1,10 +0,0 @@
|
||||
# acl.auth.php
|
||||
# <?php exit()?>
|
||||
# Don't modify the lines above
|
||||
#
|
||||
# Access Control Lists
|
||||
#
|
||||
# Auto-generated by install script
|
||||
# Date: Sat, 13 Feb 2021 17:42:28 +0000
|
||||
* @ALL 1
|
||||
* @user 8
|
@@ -1,26 +0,0 @@
|
||||
<?php
|
||||
/*
|
||||
* Dokuwiki's Main Configuration File - Local Settings
|
||||
* Auto-generated by config plugin
|
||||
* Run for user: felix
|
||||
* Date: Sun, 28 Feb 2021 15:56:13 +0000
|
||||
*/
|
||||
|
||||
$conf['title'] = 'Kaz';
|
||||
$conf['template'] = 'docnavwiki';
|
||||
$conf['license'] = 'cc-by-sa';
|
||||
$conf['useacl'] = 1;
|
||||
$conf['superuser'] = '@admin';
|
||||
$conf['manager'] = '@manager';
|
||||
$conf['disableactions'] = 'register';
|
||||
$conf['remoteuser'] = '';
|
||||
$conf['mailfrom'] = 'dokuwiki@kaz.bzh';
|
||||
$conf['updatecheck'] = 0;
|
||||
$conf['userewrite'] = '1';
|
||||
$conf['useslash'] = 1;
|
||||
$conf['plugin']['ckgedit']['scayt_auto'] = 'on';
|
||||
$conf['plugin']['ckgedit']['scayt_lang'] = 'French/fr_FR';
|
||||
$conf['plugin']['ckgedit']['other_lang'] = 'fr';
|
||||
$conf['plugin']['smtp']['smtp_host'] = 'smtp.kaz.bzh';
|
||||
$conf['plugin']['todo']['CheckboxText'] = 0;
|
||||
$conf['plugin']['wrap']['restrictionType'] = '1';
|
@@ -1,13 +0,0 @@
|
||||
# users.auth.php
|
||||
# <?php exit()?>
|
||||
# Don't modify the lines above
|
||||
#
|
||||
# Userfile
|
||||
#
|
||||
# Auto-generated by install script
|
||||
# Date: Sat, 13 Feb 2021 17:42:28 +0000
|
||||
#
|
||||
# Format:
|
||||
# login:passwordhash:Real Name:email:groups,comma,separated
|
||||
|
||||
admin:$2y$10$GYvFgViXeEUmDViplHEs7eoYV8tmbfsS8wA1vfHQ.tWgW14o9aTjy:admin:contact@kaz.bzh:admin,user
|
@@ -1,21 +0,0 @@
|
||||
|
||||
#proxy_buffering off;
|
||||
#proxy_set_header X-Forwarded-Host $host:$server_port;
|
||||
#proxy_set_header X-Forwarded-Server $host;
|
||||
#XXX pb proxy_set_header Connection $proxy_connection;
|
||||
|
||||
proxy_buffers 256 16k;
|
||||
proxy_buffer_size 16k;
|
||||
|
||||
# mattermost
|
||||
http2_push_preload on; # Enable HTTP/2 Server Push
|
||||
add_header Strict-Transport-Security max-age=15768000;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
#proxy_hide_header 'x-frame-options';
|
||||
#proxy_set_header x-frame-options allowall;
|
||||
proxy_set_header X-Frame-Options SAMEORIGIN;
|
||||
|
@@ -6,7 +6,6 @@ setKazVars
|
||||
|
||||
cd $(dirname $0)
|
||||
. "${DOCKERS_ENV}"
|
||||
. "${KAZ_KEY_DIR}/SetAllPass.sh"
|
||||
|
||||
"${KAZ_BIN_DIR}/gestContainers.sh" --install -M -castopod
|
||||
|
||||
|
@@ -4,7 +4,6 @@ KAZ_ROOT=$(cd $(dirname $0)/../..; pwd)
|
||||
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
|
||||
setKazVars
|
||||
. "${DOCKERS_ENV}"
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
|
||||
|
||||
${KAZ_BIN_DIR}/gestContainers.sh --install -M -cloud
|
||||
|
@@ -1,102 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
KAZ_ROOT=$(cd $(dirname $0)/../..; pwd)
|
||||
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
|
||||
setKazVars
|
||||
. "${DOCKERS_ENV}"
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
|
||||
|
||||
#"${KAZ_BIN_DIR}/initCloud.sh"
|
||||
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ app:enable user_ldap
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:delete-config s01
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:create-empty-config
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapAgentName cn=cloud,ou=applications,${ldap_root}
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapAgentPassword ${ldap_LDAP_CLOUD_PASSWORD}
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapAgentPassword ${ldap_LDAP_CLOUD_PASSWORD}
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapBase ${ldap_root}
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapBaseGroups ${ldap_root}
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapBaseUsers ou=users,${ldap_root}
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapExpertUsernameAttr identifiantKaz
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapHost ${ldapServName}
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapPort 389
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapTLS 0
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapLoginFilter "(&(objectclass=nextcloudAccount)(|(cn=%uid)(identifiantKaz=%uid)))"
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapQuotaAttribute nextcloudQuota
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapUserFilter "(&(objectclass=nextcloudAccount)(nextcloudEnabled=TRUE))"
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapUserFilterObjectclass nextcloudAccount
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapEmailAttribute mail
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapUserDisplayName cn
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapUserFilterMode 1
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapConfigurationActive 1
|
||||
|
||||
# Dans le mariadb, pour permettre au ldap de reprendre la main : delete from oc_users where uid<>'admin';
|
||||
# docker exec -i nextcloudDB mysql --user=<user> --password=<password> <db> <<< "delete from oc_users where uid<>'admin';"
|
||||
|
||||
# Doc : https://help.nextcloud.com/t/migration-to-ldap-keeping-users-and-data/13205
|
||||
|
||||
# Exemple de table/clés :
|
||||
# +-------------------------------+----------------------------------------------------------+
|
||||
# | Configuration | s01 |
|
||||
# +-------------------------------+----------------------------------------------------------+
|
||||
# | hasMemberOfFilterSupport | 0 |
|
||||
# | homeFolderNamingRule | |
|
||||
# | lastJpegPhotoLookup | 0 |
|
||||
# | ldapAgentName | cn=cloud,ou=applications,dc=kaz,dc=sns |
|
||||
# | ldapAgentPassword | *** |
|
||||
# | ldapAttributesForGroupSearch | |
|
||||
# | ldapAttributesForUserSearch | |
|
||||
# | ldapBackgroundHost | |
|
||||
# | ldapBackgroundPort | |
|
||||
# | ldapBackupHost | |
|
||||
# | ldapBackupPort | |
|
||||
# | ldapBase | ou=users,dc=kaz,dc=sns |
|
||||
# | ldapBaseGroups | ou=users,dc=kaz,dc=sns |
|
||||
# | ldapBaseUsers | ou=users,dc=kaz,dc=sns |
|
||||
# | ldapCacheTTL | 600 |
|
||||
# | ldapConfigurationActive | 1 |
|
||||
# | ldapConnectionTimeout | 15 |
|
||||
# | ldapDefaultPPolicyDN | |
|
||||
# | ldapDynamicGroupMemberURL | |
|
||||
# | ldapEmailAttribute | mail |
|
||||
# | ldapExperiencedAdmin | 0 |
|
||||
# | ldapExpertUUIDGroupAttr | |
|
||||
# | ldapExpertUUIDUserAttr | |
|
||||
# | ldapExpertUsernameAttr | uid |
|
||||
# | ldapExtStorageHomeAttribute | |
|
||||
# | ldapGidNumber | gidNumber |
|
||||
# | ldapGroupDisplayName | cn |
|
||||
# | ldapGroupFilter | |
|
||||
# | ldapGroupFilterGroups | |
|
||||
# | ldapGroupFilterMode | 0 |
|
||||
# | ldapGroupFilterObjectclass | |
|
||||
# | ldapGroupMemberAssocAttr | |
|
||||
# | ldapHost | ldap |
|
||||
# | ldapIgnoreNamingRules | |
|
||||
# | ldapLoginFilter | (&(|(objectclass=nextcloudAccount))(cn=%uid)) |
|
||||
# | ldapLoginFilterAttributes | |
|
||||
# | ldapLoginFilterEmail | 0 |
|
||||
# | ldapLoginFilterMode | 0 |
|
||||
# | ldapLoginFilterUsername | 1 |
|
||||
# | ldapMatchingRuleInChainState | unknown |
|
||||
# | ldapNestedGroups | 0 |
|
||||
# | ldapOverrideMainServer | |
|
||||
# | ldapPagingSize | 500 |
|
||||
# | ldapPort | 389 |
|
||||
# | ldapQuotaAttribute | nextcloudQuota |
|
||||
# | ldapQuotaDefault | |
|
||||
# | ldapTLS | 0 |
|
||||
# | ldapUserAvatarRule | default |
|
||||
# | ldapUserDisplayName | cn |
|
||||
# | ldapUserDisplayName2 | |
|
||||
# | ldapUserFilter | (&(objectclass=nextcloudAccount)(nextcloudEnabled=TRUE)) |
|
||||
# | ldapUserFilterGroups | |
|
||||
# | ldapUserFilterMode | 1 |
|
||||
# | ldapUserFilterObjectclass | nextcloudAccount |
|
||||
# | ldapUuidGroupAttribute | auto |
|
||||
# | ldapUuidUserAttribute | auto |
|
||||
# | turnOffCertCheck | 0 |
|
||||
# | turnOnPasswordChange | 0 |
|
||||
# | useMemberOfToDetectMembership | 1 |
|
||||
# +-------------------------------+----------------------------------------------------------+
|
@@ -5,7 +5,9 @@ NEWPASSWORD=$(base64 -d <<< $2)
|
||||
OLDPASSWORD=$(base64 -d <<< $3)
|
||||
|
||||
URL_AGORA="https://${matterHost}.${domain}"
|
||||
mattermost_token=${LDAPUI_MM_ADMIN_TOKEN}
|
||||
|
||||
#mattermost_token=${LDAPUI_MM_ADMIN_TOKEN}
|
||||
. $KAZ_KEY_DIR/env-mattermostAdmin
|
||||
|
||||
IDUSER=$(curl -s -H "Authorization: Bearer ${mattermost_token}" "${URL_AGORA}/api/v4/users/email/${EMAIL}" | awk -F "," '{print $1}' | sed -e 's/{"id"://g' -e 's/"//g')
|
||||
if [ ${IDUSER} == 'app.user.missing_account.const' ]
|
||||
|
@@ -6,7 +6,6 @@ setKazVars
|
||||
|
||||
cd $(dirname $0)
|
||||
. "${DOCKERS_ENV}"
|
||||
. "${KAZ_KEY_DIR}/SetAllPass.sh"
|
||||
|
||||
"${KAZ_BIN_DIR}/gestContainers.sh" --install -M -agora
|
||||
|
||||
|
1
dockers/peertube/.env
Symbolic link
1
dockers/peertube/.env
Symbolic link
@@ -0,0 +1 @@
|
||||
../../config/dockers.env
|
1
dockers/spip/.env
Symbolic link
1
dockers/spip/.env
Symbolic link
@@ -0,0 +1 @@
|
||||
../../config/dockers.env
|
@@ -6,7 +6,7 @@ KAZ_ROOT=/kaz
|
||||
setKazVars
|
||||
|
||||
. $DOCKERS_ENV
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
. $KAZ_KEY_DIR/env-mattermostAdmin
|
||||
|
||||
DOCKER_CMD="docker exec sympaServ"
|
||||
URL_AGORA=$(echo $matterHost).$(echo $domain)
|
||||
|
@@ -6,7 +6,6 @@ setKazVars
|
||||
|
||||
cd $(dirname $0)
|
||||
. "${DOCKERS_ENV}"
|
||||
. "${KAZ_KEY_DIR}/SetAllPass.sh"
|
||||
|
||||
DockerServName="${sympaServName}"
|
||||
|
||||
|
@@ -4,7 +4,7 @@ KAZ_ROOT=$(cd "$(dirname $0)/../.."; pwd)
|
||||
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
|
||||
setKazVars
|
||||
. "${DOCKERS_ENV}"
|
||||
. "${KAZ_ROOT}/secret/SetAllPass.sh"
|
||||
. $KAZ_BIN_DIR/getPasswords.sh traefik
|
||||
|
||||
printKazMsg "\n *** Proxy update config"
|
||||
|
||||
|
@@ -1,11 +0,0 @@
|
||||
Mise à jour des mots de passe
|
||||
|
||||
L'idée c'est d'extraire la gestion des mots de passe de l'installation.
|
||||
|
||||
Tous les mots de passe sont dans un fichier "SetAllPass.sh" que des scripts vont chercher.
|
||||
|
||||
updateDockerPassword.sh met à jours les fichiers d'environnement de mots de passe utilisé par docker-compose.
|
||||
|
||||
(Il y a un problème pour mettre à jour le mot de passe d'une BD si son conteneur n'est pas en route)
|
||||
|
||||
Les modifications sont prises en compte que lors de la création de nouveaux conteneurs (les données permanentes (mot de passe) dans les volumes ne sont pas changées)
|
@@ -2,227 +2,43 @@
|
||||
|
||||
# Attention à cause des scripts pas de ["'/] dans les mot de passe
|
||||
|
||||
####################
|
||||
# ethercalc
|
||||
ethercalc_REDIS_PORT_6379_TCP_ADDR="redis"
|
||||
ethercalc_REDIS_PORT_6379_TCP_PORT="6379"
|
||||
|
||||
####################
|
||||
# etherpad
|
||||
etherpad_MYSQL_ROOT_PASSWORD="--clean_val--"
|
||||
etherpad_MYSQL_DATABASE="--clean_val--"
|
||||
etherpad_MYSQL_USER="--clean_val--"
|
||||
etherpad_MYSQL_PASSWORD="--clean_val--"
|
||||
|
||||
# Share with etherpadDB
|
||||
etherpad_DB_NAME="${etherpad_MYSQL_DATABASE}"
|
||||
etherpad_DB_USER="${etherpad_MYSQL_USER}"
|
||||
etherpad_DB_PASS="${etherpad_MYSQL_PASSWORD}"
|
||||
|
||||
etherpad_DB_TYPE="mysql"
|
||||
etherpad_DB_HOST="padDB"
|
||||
etherpad_DB_PORT="3306"
|
||||
#etherpad_DB_CHARSET="utf8"
|
||||
#user: admin
|
||||
etherpad_ADMIN_PASSWORD="--clean_val--"
|
||||
etherpad_PAD_OPTIONS_LANG="fr"
|
||||
etherpad_TITLE="KazPad"
|
||||
etherpad_TRUST_PROXY="true"
|
||||
|
||||
####################
|
||||
# framadate
|
||||
framadate_MYSQL_ROOT_PASSWORD="--clean_val--"
|
||||
framadate_MYSQL_DATABASE="--clean_val--"
|
||||
framadate_MYSQL_USER="--clean_val--"
|
||||
framadate_MYSQL_PASSWORD="--clean_val--"
|
||||
|
||||
framadate_HTTPD_USER="--clean_val--"
|
||||
framadate_HTTPD_PASSWORD="--clean_val--"
|
||||
|
||||
##################
|
||||
# Gandi
|
||||
# à supprimer et à replacer par dns_gandi_api_key
|
||||
gandi_GANDI_KEY="xxx"
|
||||
gandi_GANDI_API="https://api.gandi.net/v5/livedns/domains/${domain}"
|
||||
gandi_dns_gandi_api_key="${gandi_GANDI_KEY}"
|
||||
|
||||
####################
|
||||
# mattermost
|
||||
mattermost_MYSQL_ROOT_PASSWORD="--clean_val--"
|
||||
mattermost_MYSQL_DATABASE="--clean_val--"
|
||||
mattermost_MYSQL_USER="--clean_val--"
|
||||
mattermost_MYSQL_PASSWORD="--clean_val--"
|
||||
|
||||
# Share with mattermostDB
|
||||
mattermost_MM_DBNAME="${mattermost_MYSQL_DATABASE}"
|
||||
mattermost_MM_USERNAME="${mattermost_MYSQL_USER}"
|
||||
mattermost_MM_PASSWORD="${mattermost_MYSQL_PASSWORD}"
|
||||
|
||||
mattermost_DB_PORT_NUMBER="3306"
|
||||
mattermost_DB_HOST="db"
|
||||
mattermost_MM_SQLSETTINGS_DRIVERNAME="mysql"
|
||||
mattermost_MM_ADMIN_EMAIL="admin@kaz.bzh"
|
||||
|
||||
# mattermost_MM_SQLSETTINGS_DATASOURCE = "MM_USERNAME:MM_PASSWORD@tcp(DB_HOST:DB_PORT_NUMBER)/MM_DBNAME?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s"
|
||||
# Don't forget to replace all entries (beginning by MM_ and DB_) in MM_SQLSETTINGS_DATASOURCE with the real variables values.
|
||||
mattermost_MM_SQLSETTINGS_DATASOURCE="${mattermost_MYSQL_USER}:${mattermost_MYSQL_PASSWORD}@tcp(${mattermost_DB_HOST}:${mattermost_DB_PORT_NUMBER})/${mattermost_MM_DBNAME}?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s"
|
||||
# sinon avec postgres
|
||||
# mattermost_MM_SQLSETTINGS_DATASOURCE = "postgres://${MM_USERNAME}:${MM_PASSWORD}@db:5432/${MM_DBNAME}?sslmode=disable&connect_timeout=10"
|
||||
|
||||
# A COPIER DANS UN FICHIER DE CONF !! -> mattermostAdmin
|
||||
# pour envoyer des messages sur l'agora avec mmctl
|
||||
mattermost_user="admin-mattermost"
|
||||
mattermost_pass="--clean_val--"
|
||||
mattermost_token="xxx-private"
|
||||
|
||||
##################
|
||||
# Openldap
|
||||
ldap_LDAP_ADMIN_USERNAME="--clean_val--"
|
||||
ldap_LDAP_ADMIN_PASSWORD="--clean_val--"
|
||||
ldap_LDAP_CONFIG_ADMIN_USERNAME="--clean_val--"
|
||||
ldap_LDAP_CONFIG_ADMIN_PASSWORD="--clean_val--"
|
||||
ldap_LDAP_POSTFIX_PASSWORD="--clean_val--"
|
||||
ldap_LDAP_LDAPUI_PASSWORD="--clean_val--"
|
||||
ldap_LDAP_MATTERMOST_PASSWORD="--clean_val--"
|
||||
ldap_LDAP_CLOUD_PASSWORD="--clean_val--"
|
||||
ldap_LDAP_MOBILIZON_PASSWORD="--clean_val--"
|
||||
|
||||
ldap_LDAPUI_URI=ldap://ldap
|
||||
ldap_LDAPUI_BASE_DN=${ldap_root}
|
||||
ldap_LDAPUI_REQUIRE_STARTTLS=FALSE
|
||||
ldap_LDAPUI_ADMINS_GROUP=admins
|
||||
ldap_LDAPUI_ADMIN_BIND_DN=cn=ldapui,ou=applications,${ldap_root}
|
||||
ldap_LDAPUI_ADMIN_BIND_PWD=${ldap_LDAP_LDAPUI_PASSWORD}
|
||||
ldap_LDAPUI_IGNORE_CERT_ERRORS=TRUE
|
||||
ldap_LDAPUI_PASSWORD="--clean_val--"
|
||||
ldap_LDAPUI_MM_ADMIN_TOKEN=${mattermost_token}
|
||||
|
||||
###################
|
||||
# gitea
|
||||
gitea_MYSQL_ROOT_PASSWORD="--clean_val--"
|
||||
gitea_MYSQL_DATABASE="--clean_val--"
|
||||
gitea_MYSQL_USER="--clean_val--"
|
||||
gitea_MYSQL_PASSWORD="--clean_val--"
|
||||
|
||||
# on ne peut pas utiliser le login "admin"
|
||||
gitea_user_admin="admin_gitea"
|
||||
gitea_pass_admin="--clean_val--"
|
||||
gitea_admin_email="admin@kaz.bzh"
|
||||
|
||||
####################
|
||||
# jirafeau
|
||||
jirafeau_HTTPD_PASSWORD="--clean_val--"
|
||||
jirafeau_DATA_DIR="--clean_val--"
|
||||
|
||||
|
||||
####################
|
||||
# nexcloud
|
||||
nextcloud_MYSQL_ROOT_PASSWORD="${mattermost_MYSQL_ROOT_PASSWORD}"
|
||||
nextcloud_MYSQL_DATABASE="--clean_val--"
|
||||
nextcloud_MYSQL_USER="--clean_val--"
|
||||
nextcloud_MYSQL_PASSWORD="--clean_val--"
|
||||
|
||||
nextcloud_NEXTCLOUD_ADMIN_USER="admin"
|
||||
nextcloud_NEXTCLOUD_ADMIN_PASSWORD="--clean_val--"
|
||||
nextcloud_MYSQL_HOST="db"
|
||||
|
||||
#user: admin
|
||||
nextcloud_RAIN_LOOP="--clean_val--"
|
||||
|
||||
####################
|
||||
# collabora
|
||||
office_username="admin"
|
||||
office_password="--clean_val--"
|
||||
|
||||
####################
|
||||
# roundcube
|
||||
roundcube_MYSQL_ROOT_PASSWORD="--clean_val--"
|
||||
roundcube_MYSQL_DATABASE="--clean_val--"
|
||||
roundcube_MYSQL_USER="--clean_val--"
|
||||
roundcube_MYSQL_PASSWORD="--clean_val--"
|
||||
|
||||
# Share with roundcubeDB
|
||||
roundcube_ROUNDCUBEMAIL_DB_TYPE="mysql"
|
||||
roundcube_ROUNDCUBEMAIL_DB_NAME="${roundcube_MYSQL_DATABASE}"
|
||||
roundcube_ROUNDCUBEMAIL_DB_USER="${roundcube_MYSQL_USER}"
|
||||
roundcube_ROUNDCUBEMAIL_DB_PASSWORD="${roundcube_MYSQL_PASSWORD}"
|
||||
roundcube_ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE="1G"
|
||||
|
||||
####################
|
||||
# postfix LDAP
|
||||
mail_LDAP_BIND_DN=cn=postfix,ou=applications,${ldap_root}
|
||||
mail_LDAP_BIND_PW=${ldap_LDAP_POSTFIX_PASSWORD}
|
||||
|
||||
####################
|
||||
# sympa
|
||||
sympa_MYSQL_ROOT_PASSWORD="--clean_val--"
|
||||
sympa_MYSQL_DATABASE="sympa"
|
||||
sympa_MYSQL_USER="sympa"
|
||||
sympa_MYSQL_PASSWORD="--clean_val--"
|
||||
|
||||
sympa_KEY="/etc/letsencrypt/live/${domain}/privkey.pem"
|
||||
sympa_CERT="/etc/letsencrypt/live/${domain}/fullchain.pem"
|
||||
sympa_LISTMASTERS="listmaster@${domain_sympa}"
|
||||
sympa_ADMINEMAIL="listmaster@${domain_sympa}"
|
||||
sympa_SOAP_USER="sympa"
|
||||
sympa_SOAP_PASSWORD="--clean_val--"
|
||||
|
||||
# pour inscrire des users sur des listes sympa avec soap
|
||||
#il faut que le user soit admin de sympa
|
||||
sympa_user="a@${domain}"
|
||||
sympa_pass="--clean_val--"
|
||||
|
||||
##################
|
||||
# vigilo
|
||||
vigilo_MYSQL_ROOT_PASSWORD="--clean_val--"
|
||||
vigilo_MYSQL_USER="--clean_val--"
|
||||
vigilo_MYSQL_PASSWORD="--clean_val--"
|
||||
vigilo_MYSQL_DATABASE="--clean_val--"
|
||||
vigilo_MYSQL_HOST="db"
|
||||
#vigilo_BIND=
|
||||
|
||||
####################
|
||||
# wordpress
|
||||
wp_MYSQL_ROOT_PASSWORD="${mattermost_MYSQL_ROOT_PASSWORD}"
|
||||
wp_MYSQL_DATABASE="--clean_val--"
|
||||
wp_MYSQL_USER="--clean_val--"
|
||||
wp_MYSQL_PASSWORD="--clean_val--"
|
||||
|
||||
# Share with wpDB
|
||||
wp_WORDPRESS_DB_HOST="db:3306"
|
||||
wp_WORDPRESS_DB_NAME="${wp_MYSQL_DATABASE}"
|
||||
wp_WORDPRESS_DB_USER="${wp_MYSQL_USER}"
|
||||
wp_WORDPRESS_DB_PASSWORD="${wp_MYSQL_PASSWORD}"
|
||||
|
||||
wp_WORDPRESS_ADMIN_USER="admin"
|
||||
wp_WORDPRESS_ADMIN_PASSWORD="--clean_val--"
|
||||
|
||||
##################
|
||||
# A DEPLACER DANS DOCKER ENV
|
||||
#qui envoi le mail d'inscription ?
|
||||
EMAIL_CONTACT="toto@kaz.bzh"
|
||||
|
||||
|
||||
# A COPIER DANS UN FICHIER DE CONF !! -> paheko
|
||||
##################
|
||||
# Paheko
|
||||
paheko_API_USER="admin-api"
|
||||
paheko_API_PASSWORD="--clean_val--"
|
||||
|
||||
##################
|
||||
# La nas de Kaz chez Grifon
|
||||
nas_admin1="admin"
|
||||
nas_password1="--clean_val--"
|
||||
nas_admin2="kaz"
|
||||
nas_password1="--clean_val--"
|
||||
# compte mail pour les notifications du nas
|
||||
nas_email_account="admin-nas@${domain}"
|
||||
nas_email_password="--clean_val--"
|
||||
|
||||
|
||||
# A virer dans koffre
|
||||
##################
|
||||
#Compte sur outlook.com
|
||||
outlook_user="kaz-user@outlook.fr"
|
||||
outlook_pass="--clean_val--"
|
||||
|
||||
|
||||
# A COPIER DANS UN FICHIER DE CONF !! -> mail
|
||||
service_mail=admin-kaz@kaz.bzh
|
||||
service_password="--clean_val--"
|
||||
|
||||
##################
|
||||
#Borg
|
||||
|
||||
# A COPIER DANS UN FICHIER DE CONF !! -> borg
|
||||
BORG_REPO="/mnt/backup-nas1/BorgRepo"
|
||||
BORG_PASSPHRASE="--clean_val--"
|
||||
VOLUME_SAUVEGARDES="/mnt/backup-nas1"
|
||||
@@ -230,148 +46,21 @@ MAIL_RAPPORT="a@${domain};b@${domain};c@${domain}"
|
||||
BORGMOUNT="/mnt/disk-nas1/tmp/repo_mount"
|
||||
|
||||
|
||||
###################
|
||||
# mobilizon
|
||||
mobilizon_POSTGRES_USER="--clean_val--"
|
||||
mobilizon_POSTGRES_PASSWORD="--clean_val--"
|
||||
mobilizon_POSTGRES_DB=mobilizon
|
||||
mobilizon_MOBILIZON_DATABASE_USERNAME="${mobilizon_POSTGRES_USER}"
|
||||
mobilizon_MOBILIZON_DATABASE_PASSWORD="${mobilizon_POSTGRES_PASSWORD}"
|
||||
mobilizon_MOBILIZON_DATABASE_DBNAME=mobilizon
|
||||
|
||||
mobilizon_MOBILIZON_INSTANCE_REGISTRATIONS_OPEN=false
|
||||
mobilizon_MOBILIZON_INSTANCE_NAME="Mobilizon"
|
||||
mobilizon_MOBILIZON_INSTANCE_HOST="${mobilizonHost}.${domain}"
|
||||
|
||||
mobilizon_MOBILIZON_INSTANCE_SECRET_KEY_BASE=changeme
|
||||
mobilizon_MOBILIZON_INSTANCE_SECRET_KEY=changeme
|
||||
|
||||
mobilizon_MOBILIZON_INSTANCE_EMAIL=noreply@${domain}
|
||||
mobilizon_MOBILIZON_REPLY_EMAIL=contact@${domain_sympa}
|
||||
mobilizon_MOBILIZON_ADMIN_EMAIL=admin@${domain_sympa}
|
||||
|
||||
mobilizon_MOBILIZON_SMTP_SERVER="${smtpHost}.${domain}"
|
||||
mobilizon_MOBILIZON_SMTP_PORT=25
|
||||
mobilizon_MOBILIZON_SMTP_HOSTNAME="${smtpHost}.${domain}"
|
||||
mobilizon_MOBILIZON_SMTP_USERNAME=noreply@${domain}
|
||||
mobilizon_MOBILIZON_SMTP_PASSWORD=
|
||||
mobilizon_MOBILIZON_SMTP_SSL=false
|
||||
|
||||
mobilizon_MOBILIZON_LDAP_BINDUID=cn=mobilizon,ou=applications,${ldap_root}
|
||||
mobilizon_MOBILIZON_LDAP_BINDPASSWORD=${ldap_LDAP_MOBILIZON_PASSWORD}
|
||||
|
||||
|
||||
#####################
|
||||
# Vaultwarden
|
||||
|
||||
vaultwarden_MYSQL_ROOT_PASSWORD="--clean_val--"
|
||||
vaultwarden_MYSQL_DATABASE="vaultwarden"
|
||||
vaultwarden_MYSQL_USER="vaultwarden"
|
||||
vaultwarden_MYSQL_PASSWORD="--clean_val--"
|
||||
|
||||
vaultwarden_DATABASE_URL="mysql://${vaultwarden_MYSQL_USER}:${vaultwarden_MYSQL_PASSWORD}@db/${vaultwarden_MYSQL_DATABASE}"
|
||||
vaultwarden_ADMIN_TOKEN="--clean_val--"
|
||||
|
||||
#####################
|
||||
#Traefik
|
||||
|
||||
# A COPIER DANS UN FICHIER DE CONF !! -> traefik
|
||||
traefik_DASHBOARD_USER="admin"
|
||||
traefik_DASHBOARD_PASSWORD="--clean_val--"
|
||||
|
||||
|
||||
#####################
|
||||
# dokuwiki
|
||||
|
||||
dokuwiki_WIKI_ROOT=Kaz
|
||||
dokuwiki_WIKI_EMAIL=wiki@kaz.local
|
||||
dokuwiki_WIKI_PASSWORD="--clean_val--"
|
||||
|
||||
#####################
|
||||
# Castopod
|
||||
castopod_MYSQL_ROOT_PASSWORD="--clean_val--"
|
||||
castopod_MYSQL_DATABASE="--clean_val--"
|
||||
castopod_MYSQL_USER="--clean_val--"
|
||||
castopod_MYSQL_PASSWORD="--clean_val--"
|
||||
castopod_CP_REDIS_PASSWORD="${castopodRedisPassword}"
|
||||
# A COPIER DANS UN FICHIER DE CONF !! castopodAdmin
|
||||
|
||||
castopod_ADMIN_USER=adminKaz
|
||||
castopod_ADMIN_MAIL=admin@${domain}
|
||||
castopod_ADMIN_PASSWORD="--clean_val--"
|
||||
castopod_CP_EMAIL_SMTP_HOST="${smtpHost}.${domain}"
|
||||
castopod_CP_EMAIL_SMTP_PORT=25
|
||||
castopod_CP_EMAIL_SMTP_USERNAME=noreply@${domain}
|
||||
castopod_CP_EMAIL_SMTP_PASSWORD=
|
||||
castopod_CP_EMAIL_FROM=noreply@${domain}
|
||||
castopod_CP_EMAIL_SMTP_CRYPTO=tls
|
||||
|
||||
|
||||
#####################
|
||||
# Spip
|
||||
spip_MYSQL_ROOT_PASSWORD="--clean_val--"
|
||||
spip_MYSQL_DATABASE="--clean_val--"
|
||||
spip_MYSQL_USER="--clean_val--"
|
||||
spip_MYSQL_PASSWORD="--clean_val--"
|
||||
spip_SPIP_AUTO_INSTALL=1
|
||||
spip_SPIP_DB_SERVER=mysql
|
||||
spip_SPIP_DB_LOGIN="${spip_MYSQL_USER}"
|
||||
spip_SPIP_DB_PASS="${spip_MYSQL_PASSWORD}"
|
||||
spip_SPIP_DB_NAME="${spip_MYSQL_DATABASE}"
|
||||
spip_SPIP_ADMIN_NAME=admin
|
||||
spip_SPIP_ADMIN_LOGIN=admin
|
||||
spip_SPIP_ADMIN_EMAIL=admin@${domain}
|
||||
spip_SPIP_ADMIN_PASS="--clean_val--"
|
||||
spip_PHP_TIMEZONE="Europe/Paris"
|
||||
|
||||
#####################
|
||||
# Peertube
|
||||
peertube_POSTGRES_USER="--clean_val--"
|
||||
peertube_POSTGRES_PASSWORD="--clean_val--"
|
||||
peertube_PEERTUBE_DB_NAME="--clean_val--"
|
||||
|
||||
peertube_PEERTUBE_DB_USERNAME="${peertube_POSTGRES_USER}"
|
||||
peertube_PEERTUBE_DB_PASSWORD="${peertube_POSTGRES_PASSWORD}"
|
||||
peertube_PEERTUBE_DB_SSL=false
|
||||
peertube_PEERTUBE_DB_HOSTNAME="${peertubeDBName}"
|
||||
peertube_PEERTUBE_WEBSERVER_HOSTNAME="${peertubeHost}.${domain}"
|
||||
peertube_PEERTUBE_TRUST_PROXY="['10.0.0.0/8', '127.0.0.1', 'loopback', '172.18.0.0/16']"
|
||||
|
||||
peertube_PEERTUBE_SECRET="--clean_val--"
|
||||
peertube_PT_INITIAL_ROOT_PASSWORD="--clean_val--"
|
||||
|
||||
#peertube_PEERTUBE_SMTP_USERNAME=
|
||||
#peertube_PEERTUBE_SMTP_PASSWORD=
|
||||
# Default to Postfix service name "postfix" in docker-compose.yml
|
||||
# May be the hostname of your Custom SMTP server
|
||||
peertube_PEERTUBE_SMTP_HOSTNAME=
|
||||
peertube_PEERTUBE_SMTP_PORT=25
|
||||
peertube_PEERTUBE_SMTP_FROM=
|
||||
peertube_PEERTUBE_SMTP_TLS=false
|
||||
peertube_PEERTUBE_SMTP_DISABLE_STARTTLS=false
|
||||
peertube_PEERTUBE_ADMIN_EMAIL=
|
||||
peertube_POSTFIX_myhostname=
|
||||
#peertube_OPENDKIM_DOMAINS=peertube
|
||||
peertube_OPENDKIM_RequireSafeKeys=no
|
||||
|
||||
peertube_PEERTUBE_OBJECT_STORAGE_UPLOAD_ACL_PUBLIC="public-read"
|
||||
peertube_PEERTUBE_OBJECT_STORAGE_UPLOAD_ACL_PRIVATE="private"
|
||||
|
||||
######################
|
||||
peertube_POSTGRES_DB="${peertube_PEERTUBE_DB_NAME}"
|
||||
|
||||
######################
|
||||
# SNAPPYMAIL
|
||||
# Url https://snappymail.${domain}/?admin
|
||||
# au premier lancement un mot de passe est généré en aut par l' appli dans le
|
||||
# volume Data : /var/lib/docker/volumes/snappymail_data/_data/_data_/_default_
|
||||
# le fichier s' appelle admin_password.txt
|
||||
# une fois le mot de passe changé dans le Gui de l' admin, ce fichier est automatiquement supprimé
|
||||
snappymail_TZ="Europe/Paris"
|
||||
snappymail_UPLOAD_MAX_SIZE="100M"
|
||||
|
||||
####################
|
||||
# mastodon
|
||||
mastodon_POSTGRES_USER="--clean_val--"
|
||||
mastodon_POSTGRES_PASSWORD="--clean_val--"
|
||||
mastodon_POSTGRES_DB=mastodon
|
||||
mastodon_DB_USER="${mastodon_POSTGRES_USER}"
|
||||
mastodon_DB_PASS="${mastodon_POSTGRES_PASSWORD}"
|
||||
mastodon_DB_NAME=mastodon
|
||||
|
@@ -1,22 +1,24 @@
|
||||
paheko_API_USER=
|
||||
paheko_API_PASSWORD=
|
||||
paheko_url=
|
||||
|
||||
mattermost_user=
|
||||
mattermost_pass=
|
||||
mattermost_url=
|
||||
paheko_url=https://kaz-@@globalvar@@pahekoHost@@gv@@.@@globalvar@@domain@@gv@@
|
||||
paheko_API_USER="@@user@@pahekoapi@@u@@"
|
||||
paheko_API_PASSWORD="@@pass@@pahekoapi@@p@@"
|
||||
|
||||
ldap_LDAP_ADMIN_USERNAME=
|
||||
ldap_LDAP_ADMIN_PASSWORD=
|
||||
ldap_root=
|
||||
mattermost_user="@@user@@mattermost2@@u@@"
|
||||
mattermost_pass="@@pass@@mattermost2@@p@@"
|
||||
mattermost_token="@@token@@mattermost@@t@@"
|
||||
|
||||
nextcloud_NEXTCLOUD_ADMIN_USER=
|
||||
nextcloud_NEXTCLOUD_ADMIN_PASSWORD=
|
||||
cloud_url=
|
||||
ldap_LDAP_ADMIN_USERNAME="@@user@@ldap@@u@@"
|
||||
ldap_LDAP_ADMIN_PASSWORD="@@pass@@ldap@@p@@"
|
||||
ldap_root=@@globalvar@@ldap_root@@gv@@
|
||||
|
||||
sympa_SOAP_USER=
|
||||
sympa_SOAP_PASSWORD=
|
||||
sympa_url=
|
||||
nextcloud_NEXTCLOUD_ADMIN_USER="@@user@@nextcloudadmin@@u@@"
|
||||
nextcloud_NEXTCLOUD_ADMIN_PASSWORD="@@pass@@nextcloudadmin@@p@@"
|
||||
cloud_url=https://@@globalvar@@cloudHost@@gv@@.@@globalvar@@domain@@gv@@
|
||||
|
||||
|
||||
sympa_SOAP_USER="@@user@@sympasoap@@u@@"
|
||||
sympa_SOAP_PASSWORD="@@pass@@sympasoap@@p@@"
|
||||
sympa_url=https://@@globalvar@@sympaHost@@gv@@.@@globalvar@@domain@@gv@@
|
||||
|
||||
gandi_GANDI_KEY=
|
||||
gandi_GANDI_API=
|
||||
|
17
secret.tmpl/env-borg
Normal file
17
secret.tmpl/env-borg
Normal file
@@ -0,0 +1,17 @@
|
||||
VOLUME_SAUVEGARDES=
|
||||
BORG_REPO=
|
||||
BORG_PASSPHRASE=@@token@@borg@@t@@
|
||||
BORGLOG="/var/log/borg"
|
||||
BORG_FIC_DEL="/tmp/sauvegarde_supp.txt"
|
||||
BORG_EXCLUDE_BACKUP=
|
||||
MAIL_RAPPORT=a@@@globalvar@@domain@@gv@@;b@@@globalvar@@domain@@gv@@;c@@@globalvar@@domain@@gv@@
|
||||
LISTREPSAUV=
|
||||
BORGMOUNT="/mnt/repo_borg"
|
||||
MAILOK=
|
||||
MAILWARNING=
|
||||
MAILDETAIL=
|
||||
BACKUPS_KEEP="4m"
|
||||
NB_BACKUPS_JOUR=90
|
||||
NB_BACKUPS_SEM=30
|
||||
NB_BACKUPS_MOIS=12
|
||||
BORGSCRIPTS=/root/borgscripts
|
3
secret.tmpl/env-castopodAdmin
Normal file
3
secret.tmpl/env-castopodAdmin
Normal file
@@ -0,0 +1,3 @@
|
||||
ADMIN_USER=@@pass@@castopod2@@p@@
|
||||
ADMIN_MAIL=admin@@@globalvar@@domain@@gv@@
|
||||
ADMIN_PASSWORD=@@pass@@castopod3@@p@@
|
@@ -1,4 +1,4 @@
|
||||
MYSQL_ROOT_PASSWORD=
|
||||
MYSQL_DATABASE=
|
||||
MYSQL_USER=
|
||||
MYSQL_PASSWORD=
|
||||
MYSQL_ROOT_PASSWORD=@@pass@@castopod@@p@@
|
||||
MYSQL_USER=@@user@@castopod1@@u@@
|
||||
MYSQL_PASSWORD=@@pass@@castopod1@@p@@
|
||||
MYSQL_DATABASE=@@db@@castopod1@@d@@
|
@@ -1,4 +1,4 @@
|
||||
|
||||
WIKI_ROOT=
|
||||
WIKI_EMAIL=
|
||||
WIKI_PASSWORD=
|
||||
WIKI_ROOT=Kaz
|
||||
WIKI_EMAIL=wiki@@@globalvar@@domain@@gv@@
|
||||
WIKI_PASSWORD=@@pass@@dokuwiki@@p@@
|
@@ -1,5 +1,5 @@
|
||||
|
||||
MYSQL_ROOT_PASSWORD=
|
||||
MYSQL_DATABASE=
|
||||
MYSQL_USER=
|
||||
MYSQL_PASSWORD=
|
||||
MYSQL_ROOT_PASSWORD=@@pass@@etherpadroot@@p@@
|
||||
MYSQL_DATABASE=@@db@@etherpad@@d@@
|
||||
MYSQL_USER=@@user@@etherpad@@u@@
|
||||
MYSQL_PASSWORD=@@pass@@etherpad@@p@@
|
||||
|
@@ -1,16 +1,17 @@
|
||||
|
||||
# share with padDB
|
||||
DB_NAME=
|
||||
DB_USER=
|
||||
DB_PASS=
|
||||
DB_NAME=@@db@@etherpad@@d@@
|
||||
DB_USER=@@user@@etherpad@@u@@
|
||||
DB_PASS=@@pass@@etherpad@@p@@
|
||||
|
||||
DB_TYPE=
|
||||
DB_HOST=
|
||||
DB_PORT=
|
||||
|
||||
DB_TYPE=mysql
|
||||
DB_HOST=padDB
|
||||
DB_PORT=3306
|
||||
#DB_CHARSET=
|
||||
ADMIN_PASSWORD=
|
||||
ADMIN_PASSWORD=@@pass@@etherpadadmin@@p@@
|
||||
|
||||
TITLE=
|
||||
PAD_OPTIONS_LANG=
|
||||
TRUST_PROXY=
|
||||
#DEFAULT_PAD_TEXT="––––– Ce texte est à effacer (après lecture si c’est votre première visite) ou à conserver en bas de votre pad –––––\n\nBienvenue sur notre PAD !\n\n➡ Comment commencer ?\n• Renseignez votre nom ou pseudo, en cliquant sur l’icône « utilisateur » en haut à droite.\n• Choisissez votre couleur d'écriture au même endroit.\n• Lancez-vous : écrivez sur votre pad !\n• Les contributions de chacun se synchronisent « en temps réel » sous leur propre couleur.\n\n➡ Comment partager / collaborer ?\n• Sélectionnez et copiez l'URL (l'adresse web dans la grande barre en haut à gauche du navigateur)\n• Partagez-là à vos collaborateurs et collaboratrices (email, messagerie, etc.)\n• Attention : toute personne ayant cette adresse d'accès peut modifier le pad à sa convenance.\n• Utilisez l'onglet chat (en bas à droite) pour séparer les discussions du texte sur lequel vous travaillez.\n\n➡ Comment sauvegarder ?\n• Il n'y a rien à faire : le texte est automatiquement sauvegardé, à chaque caractère tapé.\n• Marquez une version (un état du pad) en cliquant sur l’icône « étoile ».\n• Retrouvez toute l'évolution du pad et vos versions marquées d'une étoile dans l’historique (icône « horloge »).\n• Importez et exportez votre texte avec l'icône « double flèche » (formats HTML, texte brut, PDF, ODF…) ou avec un copier/coller.\n\nImportant ! N’oubliez pas de conserver quelque part l’adresse web (URL) de votre pad.\n\nBon travail collaboratif :)\n\n––––– Ce texte est à effacer (après lecture si c’est votre première visite) –––––\n\n**ATTENTION**\nCETTE INSTANCE PROPOSE DES PADS À EFFACEMENT AUTOMATIQUE !\n\nVOS PADS SERONT AUTOMATIQUEMENT SUPPRIMÉS AU BOUT DE 62 JOURS (2 MOIS) SANS ÉDITION !\n\nSi le contenu de votre pad bimestriel a été effacé, c'est qu'il n'avait pas été modifié depuis plus de 62 jours consécutifs.\n"
|
||||
TITLE=KazPad
|
||||
PAD_OPTIONS_LANG=fr
|
||||
TRUST_PROXY=true
|
||||
DEFAULT_PAD_TEXT="––––– Ce texte est à effacer (après lecture si c’est votre première visite) ou à conserver en bas de votre pad –––––\n\nBienvenue sur notre PAD !\n\n➡ Comment commencer ?\n• Renseignez votre nom ou pseudo, en cliquant sur l’icône « utilisateur » en haut à droite.\n• Choisissez votre couleur d'écriture au même endroit.\n• Lancez-vous : écrivez sur votre pad !\n• Les contributions de chacun se synchronisent « en temps réel » sous leur propre couleur.\n\n➡ Comment partager / collaborer ?\n• Sélectionnez et copiez l'URL (l'adresse web dans la grande barre en haut à gauche du navigateur)\n• Partagez-là à vos collaborateurs et collaboratrices (email, messagerie, etc.)\n• Attention : toute personne ayant cette adresse d'accès peut modifier le pad à sa convenance.\n• Utilisez l'onglet chat (en bas à droite) pour séparer les discussions du texte sur lequel vous travaillez.\n\n➡ Comment sauvegarder ?\n• Il n'y a rien à faire : le texte est automatiquement sauvegardé, à chaque caractère tapé.\n• Marquez une version (un état du pad) en cliquant sur l’icône « étoile ».\n• Retrouvez toute l'évolution du pad et vos versions marquées d'une étoile dans l’historique (icône « horloge »).\n• Importez et exportez votre texte avec l'icône « double flèche » (formats HTML, texte brut, PDF, ODF…) ou avec un copier/coller.\n\nImportant ! N’oubliez pas de conserver quelque part l’adresse web (URL) de votre pad.\n\nBon travail collaboratif :)\n\n––––– Ce texte est à effacer (après lecture si c’est votre première visite) –––––\n\n**ATTENTION**\nCETTE INSTANCE PROPOSE DES PADS À EFFACEMENT AUTOMATIQUE !\n\nVOS PADS SERONT AUTOMATIQUEMENT SUPPRIMÉS AU BOUT DE 62 JOURS (2 MOIS) SANS ÉDITION !\n\nSi le contenu de votre pad bimestriel a été effacé, c'est qu'il n'avait pas été modifié depuis plus de 62 jours consécutifs.\n"
|
||||
|
@@ -1,5 +1,5 @@
|
||||
|
||||
MYSQL_ROOT_PASSWORD=
|
||||
MYSQL_DATABASE=
|
||||
MYSQL_USER=
|
||||
MYSQL_PASSWORD=
|
||||
MYSQL_ROOT_PASSWORD=@@pass@@framadateroot@@p@@
|
||||
MYSQL_DATABASE=@@db@@framadatedb@@d@@
|
||||
MYSQL_USER=@@user@@framadatedb@@u@@
|
||||
MYSQL_PASSWORD=@@pass@@framadatedb@@p@@
|
||||
|
@@ -1,3 +1,3 @@
|
||||
|
||||
HTTPD_USER=
|
||||
HTTPD_PASSWORD=
|
||||
HTTPD_USER=@@user@@framadate@@u@@
|
||||
HTTPD_PASSWORD=@@pass@@framadate2@@p@@
|
||||
|
@@ -1,5 +1,5 @@
|
||||
|
||||
MYSQL_ROOT_PASSWORD=
|
||||
MYSQL_DATABASE=
|
||||
MYSQL_USER=
|
||||
MYSQL_PASSWORD=
|
||||
MYSQL_ROOT_PASSWORD=@@pass@@gitroot@@p@@
|
||||
MYSQL_DATABASE=@@db@@gitdb@@d@@
|
||||
MYSQL_USER=@@user@@gitdb@@u@@
|
||||
MYSQL_PASSWORD=@@pass@@gitdb@@p@@
|
@@ -1,3 +1,3 @@
|
||||
user_admin=
|
||||
pass_admin=
|
||||
admin_email=
|
||||
user_admin=@@user@@git@@u@@
|
||||
pass_admin=@@pass@@git@@p@@
|
||||
admin_email=admin@@@globalvar@@domain@@gv@@
|
@@ -1,2 +1,2 @@
|
||||
|
||||
HTTPD_PASSWORD=
|
||||
HTTPD_PASSWORD=@@pass@@jirafeau@@pass@@
|
||||
|
11
secret.tmpl/env-kaz
Normal file
11
secret.tmpl/env-kaz
Normal file
@@ -0,0 +1,11 @@
|
||||
# tout est dans le env_kaz
|
||||
# utilisé par gest containers
|
||||
NAS_VOL=
|
||||
OPERATE_ON_MAIN= # par defaut NON on ne traite que des orgas
|
||||
OPERATE_ON_NAS_ORGA= # par defaut NON, on va aussi sur les orgas du NAS
|
||||
OPERATE_LOCAL_ORGA="OUI" # par defaut oui
|
||||
TEMPO_ACTION_STOP=2 # Lors de redémarrage avec tempo, on attend après le stop
|
||||
TEMPO_ACTION_START=60 # Lors de redémarrage avec tempo, avant de reload le proxy
|
||||
DEFAULTCONTAINERS="cloud agora wp wiki office paheko castopod spip"
|
||||
APPLIS_PAR_DEFAUT="tasks calendar contacts bookmarks mail richdocuments external drawio snappymail ransomware_protection" #rainloop richdocumentscode
|
||||
QUIET="1" # redirection des echo
|
@@ -1,9 +1,9 @@
|
||||
LDAP_ADMIN_USERNAME=
|
||||
LDAP_ADMIN_PASSWORD=
|
||||
LDAP_CONFIG_ADMIN_USERNAME=
|
||||
LDAP_CONFIG_ADMIN_PASSWORD=
|
||||
LDAP_POSTFIX_PASSWORD=
|
||||
LDAP_LDAPUI_PASSWORD=
|
||||
LDAP_MATTERMOST_PASSWORD=
|
||||
LDAP_CLOUD_PASSWORD=
|
||||
LDAP_MOBILIZON_PASSWORD=
|
||||
LDAP_ADMIN_USERNAME=@@user@@ldap@@u@@
|
||||
LDAP_ADMIN_PASSWORD=@@pass@@ldap@@p@@
|
||||
LDAP_CONFIG_ADMIN_USERNAME=@@user@@ldapconfig@@u@@
|
||||
LDAP_CONFIG_ADMIN_PASSWORD=@@pass@@ldapconfig@@p@@
|
||||
LDAP_POSTFIX_PASSWORD=@@pass@@ldappostfix@@p@@
|
||||
LDAP_LDAPUI_PASSWORD=@@pass@@ldapui@@p@@
|
||||
LDAP_MATTERMOST_PASSWORD=@@pass@@ldapmm@@p@@
|
||||
LDAP_CLOUD_PASSWORD=@@pass@@ldapcloud@@p@@
|
||||
LDAP_MOBILIZON_PASSWORD=@@pass@@ldapmobilizon@@p@@
|
||||
|
@@ -1,9 +1,9 @@
|
||||
LDAPUI_URI=
|
||||
LDAPUI_BASE_DN=
|
||||
LDAPUI_REQUIRE_STARTTLS=
|
||||
LDAPUI_ADMINS_GROUP=
|
||||
LDAPUI_ADMIN_BIND_DN=
|
||||
LDAPUI_ADMIN_BIND_PWD=
|
||||
LDAPUI_IGNORE_CERT_ERRORS=
|
||||
LDAPUI_PASSWORD=
|
||||
LDAPUI_MM_ADMIN_TOKEN=
|
||||
LDAPUI_URI=ldap://ldap
|
||||
LDAPUI_BASE_DN=@@globalvar@@ldap_root@@gv@@
|
||||
LDAPUI_REQUIRE_STARTTLS=FALSE
|
||||
LDAPUI_ADMINS_GROUP=admins
|
||||
LDAPUI_ADMIN_BIND_DN=cn=ldapui,ou=applications,@@globalvar@@ldap_root@@gv@@
|
||||
LDAPUI_ADMIN_BIND_PWD=@@pass@@ldapui@@p@@
|
||||
LDAPUI_IGNORE_CERT_ERRORS=TRUE
|
||||
LDAPUI_PASSWORD=@@pass@@ldapuipass@@p@@
|
||||
LDAPUI_MM_ADMIN_TOKEN=@@crossvar@@mattermostAdmin_mattermost_token@@cv@@
|
||||
|
2
secret.tmpl/env-mail
Normal file
2
secret.tmpl/env-mail
Normal file
@@ -0,0 +1,2 @@
|
||||
service_mail=admin@@@globalvar@@domain@@gv@@
|
||||
service_password=@@pass@@servicemail@@p@@
|
@@ -1,6 +1,6 @@
|
||||
DB_USER=
|
||||
DB_NAME=
|
||||
DB_PASS=
|
||||
POSTGRES_USER=
|
||||
POSTGRES_PASSWORD=
|
||||
POSTGRES_DB=postgres
|
||||
DB_USER=@@user@@mastodon@@u@@
|
||||
DB_NAME=@@db@@mastodon@@d@@
|
||||
DB_PASS=@@pass@@mastodon@@p@@
|
||||
POSTGRES_USER=@@user@@postgresmasto@@u@@
|
||||
POSTGRES_PASSWORD=@@pass@@postgresmasto@@p@@
|
||||
POSTGRES_DB=@@db@@mastodon@@d@@
|
||||
|
@@ -1,9 +1,9 @@
|
||||
SECRET_KEY_BASE=
|
||||
OTP_SECRET=
|
||||
OTP_SECRET=@@token@@masto-otp@@t@@
|
||||
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=
|
||||
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=
|
||||
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=
|
||||
VAPID_PRIVATE_KEY==
|
||||
VAPID_PRIVATE_KEY=
|
||||
VAPID_PUBLIC_KEY=
|
||||
SMTP_PASSWORD=
|
||||
EMAIL_DOMAIN_ALLOWLIST=
|
||||
|
4
secret.tmpl/env-mattermostAdmin
Normal file
4
secret.tmpl/env-mattermostAdmin
Normal file
@@ -0,0 +1,4 @@
|
||||
|
||||
mattermost_user=@@user@@mattermost2@@u@@
|
||||
mattermost_pass=@@pass@@mattermost2@@p@@
|
||||
mattermost_token=@@token@@mattermost@@t@@
|
@@ -1,8 +1,9 @@
|
||||
|
||||
MYSQL_ROOT_PASSWORD=
|
||||
MYSQL_DATABASE=
|
||||
MYSQL_USER=
|
||||
MYSQL_PASSWORD=
|
||||
MYSQL_ROOT_PASSWORD=@@pass@@mattermostroot@@p@@
|
||||
MYSQL_DATABASE=@@db@@mattermost@@d@@
|
||||
MYSQL_USER=@@user@@mattermost@@u@@
|
||||
MYSQL_PASSWORD=@@pass@@mattermost@@p@@
|
||||
|
||||
MM_MYSQL_USER=
|
||||
MM_MYSQL_PASSWORD=
|
||||
POSTGRES_USER=@@user@@mattermost@@u@@
|
||||
POSTGRES_PASSWORD=@@pass@@mattermost@@p@@
|
||||
POSTGRES_DB=@@db@@mattermost@@d@@
|
||||
|
@@ -1,15 +1,9 @@
|
||||
|
||||
# share with matterDB
|
||||
MM_DBNAME=
|
||||
MM_USERNAME=
|
||||
MM_PASSWORD=
|
||||
MM_ADMIN_EMAIL=@@globalvar@@matterHost@@gv@@@@@globalvar@@domain@@gv@@
|
||||
MM_ADMIN_USER=@@user@@mattermost2@@u@@
|
||||
MM_ADMIN_PASSWORD=@@pass@@mattermost2@@p@@
|
||||
|
||||
MM_ADMIN_EMAIL=
|
||||
MM_ADMIN_USER=
|
||||
MM_ADMIN_PASSWORD=
|
||||
|
||||
DB_HOST=
|
||||
DB_PORT_NUMBER=
|
||||
MM_SQLSETTINGS_DRIVERNAME=
|
||||
MM_SQLSETTINGS_DATASOURCE=
|
||||
MM_SQLSETTINGS_DRIVERNAME=postgres
|
||||
MM_SQLSETTINGS_DATASOURCE=postgres://@@user@@mattermost@@u@@:@@pass@@mattermost@@p@@@postgres:5432/@@db@@mattermost@@d@@?sslmode=disable&connect_timeout=10
|
||||
|
||||
|
@@ -1,4 +1,4 @@
|
||||
# Database settings
|
||||
POSTGRES_USER=
|
||||
POSTGRES_PASSWORD=
|
||||
POSTGRES_DB=
|
||||
POSTGRES_USER=@@user@@mobilizon@@u@@
|
||||
POSTGRES_PASSWORD=@@pass@@mobilizon@@p@@
|
||||
POSTGRES_DB=@@db@@mobilizon@@d@@
|
||||
|
@@ -18,9 +18,9 @@ MOBILIZON_SMTP_USERNAME=
|
||||
MOBILIZON_SMTP_PASSWORD=
|
||||
MOBILIZON_SMTP_SSL=
|
||||
|
||||
MOBILIZON_DATABASE_USERNAME=
|
||||
MOBILIZON_DATABASE_PASSWORD=
|
||||
MOBILIZON_DATABASE_DBNAME=
|
||||
MOBILIZON_DATABASE_USERNAME=@@user@@mobilizon@@u@@
|
||||
MOBILIZON_DATABASE_PASSWORD=@@pass@@mobilizon@@p@@
|
||||
MOBILIZON_DATABASE_DBNAME=@@db@@mobilizon@@d@@
|
||||
|
||||
# LDAP
|
||||
MOBILIZON_LDAP_BINDUID=
|
||||
|
@@ -1,8 +1,8 @@
|
||||
|
||||
MYSQL_ROOT_PASSWORD=
|
||||
MYSQL_DATABASE=
|
||||
MYSQL_USER=
|
||||
MYSQL_PASSWORD=
|
||||
MYSQL_ROOT_PASSWORD=@@pass@@nextcloudroot@@p@@
|
||||
MYSQL_DATABASE=@@db@@nextcloud@@d@@
|
||||
MYSQL_USER=@@user@@nextcloud@@u@@
|
||||
MYSQL_PASSWORD=@@pass@@nextcloud@@p@@
|
||||
|
||||
NC_MYSQL_USER=
|
||||
NC_MYSQL_PASSWORD=
|
||||
#NC_MYSQL_USER=
|
||||
#NC_MYSQL_PASSWORD=
|
||||
|
@@ -1,5 +1,5 @@
|
||||
|
||||
NEXTCLOUD_ADMIN_USER=
|
||||
NEXTCLOUD_ADMIN_PASSWORD=
|
||||
MYSQL_HOST=
|
||||
RAIN_LOOP=
|
||||
NEXTCLOUD_ADMIN_USER=@@user@@nextcloudadmin@@u@@
|
||||
NEXTCLOUD_ADMIN_PASSWORD=@@pass@@nextcloudadmin@@p@@
|
||||
MYSQL_HOST=db
|
||||
RAIN_LOOP=@@pass@@rainloop@@p@@
|
||||
|
@@ -1,3 +1,3 @@
|
||||
|
||||
username=
|
||||
password=
|
||||
username=@@user@@office@@u@@
|
||||
password=@@pass@@office@@p@@
|
||||
|
2
secret.tmpl/env-paheko
Normal file
2
secret.tmpl/env-paheko
Normal file
@@ -0,0 +1,2 @@
|
||||
API_USER=@@user@@pahekoapi@@u@@
|
||||
API_PASSWORD=@@pass@@pahekoapi@@p@@
|
8
secret.tmpl/env-peertubeDB
Normal file
8
secret.tmpl/env-peertubeDB
Normal file
@@ -0,0 +1,8 @@
|
||||
POSTGRES_USER=@@user@@peertube@@u@@
|
||||
POSTGRES_PASSWORD=@@pass@@peertube@@p@@
|
||||
POSTGRES_DB=@@db@@peertube@@d@@
|
||||
|
||||
PEERTUBE_DB_USERNAME=@@user@@peertube@@u@@
|
||||
PEERTUBE_DB_PASSWORD=@@pass@@peertube@@p@@
|
||||
PEERTUBE_DB_SSL=false
|
||||
PEERTUBE_DB_HOSTNAME=peertubeDB
|
32
secret.tmpl/env-peertubeServ
Normal file
32
secret.tmpl/env-peertubeServ
Normal file
@@ -0,0 +1,32 @@
|
||||
POSTGRES_USER=@@user@@peertube@@u@@
|
||||
POSTGRES_PASSWORD=@@pass@@peertube@@p@@
|
||||
POSTGRES_DB=@@db@@peertube@@d@@
|
||||
|
||||
PEERTUBE_DB_USERNAME=@@user@@peertube@@u@@
|
||||
PEERTUBE_DB_PASSWORD=@@pass@@peertube@@p@@
|
||||
PEERTUBE_DB_SSL=false
|
||||
PEERTUBE_DB_HOSTNAME=peertubeDB
|
||||
|
||||
PEERTUBE_WEBSERVER_HOSTNAME=@@globalvar@@peertubeHost@@gv@@.@@globalvar@@domain@@gv@@
|
||||
PEERTUBE_TRUST_PROXY=['10.0.0.0/8', '127.0.0.1', 'loopback', '172.18.0.0/16']
|
||||
|
||||
PEERTUBE_SECRET=@@token@@peertube@@t@@
|
||||
PT_INITIAL_ROOT_PASSWORD=@@pass@@peertubeinitialroot@@p@@
|
||||
|
||||
#PEERTUBE_SMTP_USERNAME=
|
||||
#PEERTUBE_SMTP_PASSWORD=
|
||||
# Default to Postfix service name "postfix" in docker-compose.yml
|
||||
# May be the hostname of your Custom SMTP server
|
||||
PEERTUBE_SMTP_HOSTNAME=smtp.kaz.bzh
|
||||
PEERTUBE_SMTP_PORT=25
|
||||
PEERTUBE_SMTP_FROM=
|
||||
PEERTUBE_SMTP_TLS=false
|
||||
PEERTUBE_SMTP_DISABLE_STARTTLS=false
|
||||
PEERTUBE_ADMIN_EMAIL=
|
||||
|
||||
POSTFIX_myhostname=
|
||||
#OPENDKIM_DOMAINS=peertube
|
||||
OPENDKIM_RequireSafeKeys=no
|
||||
|
||||
PEERTUBE_OBJECT_STORAGE_UPLOAD_ACL_PUBLIC=public-read
|
||||
PEERTUBE_OBJECT_STORAGE_UPLOAD_ACL_PRIVATE=private
|
@@ -1,4 +1,4 @@
|
||||
MYSQL_ROOT_PASSWORD=
|
||||
MYSQL_DATABASE=
|
||||
MYSQL_USER=
|
||||
MYSQL_PASSWORD=
|
||||
MYSQL_ROOT_PASSWORD=@@pass@@roudcuberoot@@p@@
|
||||
MYSQL_DATABASE=@@db@@roudcube@@d@@
|
||||
MYSQL_USER=@@user@@roudcube@@u@@
|
||||
MYSQL_PASSWORD=@@pass@@roudcube@@p@@
|
@@ -1,6 +1,6 @@
|
||||
|
||||
ROUNDCUBEMAIL_DB_TYPE=
|
||||
ROUNDCUBEMAIL_DB_NAME=
|
||||
ROUNDCUBEMAIL_DB_USER=
|
||||
ROUNDCUBEMAIL_DB_PASSWORD=
|
||||
ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE=
|
||||
ROUNDCUBEMAIL_DB_TYPE=mysql
|
||||
ROUNDCUBEMAIL_DB_NAME=@@db@@roudcube@@d@@
|
||||
ROUNDCUBEMAIL_DB_USER=@@user@@roudcube@@u@@
|
||||
ROUNDCUBEMAIL_DB_PASSWORD=@@pass@@roudcube@@p@@
|
||||
ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE=1G
|
||||
|
@@ -1,4 +1,4 @@
|
||||
MYSQL_ROOT_PASSWORD=
|
||||
MYSQL_DATABASE=
|
||||
MYSQL_USER=
|
||||
MYSQL_PASSWORD=
|
||||
MYSQL_ROOT_PASSWORD=@@pass@@spiproot@@p@@
|
||||
MYSQL_DATABASE=@@db@@spip@@d@@
|
||||
MYSQL_USER=@@user@@spip@@u@@
|
||||
MYSQL_PASSWORD=@@pass@@spip@@p@@
|
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user