KAZ/KazV2
11
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

Compare commits

base: KAZ:master
Branches Tags
KAZ:master KAZ:gestionSecrets KAZ:feat/python
..
compare: KAZ:gestionSecrets
Branches Tags
KAZ:gestionSecrets KAZ:master KAZ:feat/python

13 Commits
master ... gestionSec

Author SHA1 Message Date
Gael
a3f448b457 missing .env 2025-07-31 14:33:47 +02:00
Gael
77a3819beb Il faut créer le dossier secret pour chaque orga ! (cas de maj du docker-compose après ajout de service) 2025-07-31 14:18:57 +02:00
Gael
ec16cdfe92 Quelques appels restants + script de migration 2025-07-31 06:16:36 +02:00
Gael
6877a5f872 Le init db est fait dans le initdb.sh plutôt ... 2025-07-31 05:36:32 +02:00
Gael
3a8bd9ec1a Merge branch 'gestionSecrets' of git+ssh://git.kaz.bzh:2202/KAZ/KazV2 into gestionSecrets 2025-07-31 05:05:13 +02:00
Gael
1f9ccff5b6 Les orgas + qques changements pour getpasswords.sh 2025-07-31 05:04:29 +02:00
Gael
ff69724f86 droits d'execution sur les scripts 2025-07-31 01:55:59 +02:00
Gael
99779a70ff Récupération des valeurs du docker.env ! 2025-07-30 23:08:48 +02:00
Gael
400775bf41 removing double quotes + divers petits bugs 2025-07-30 02:57:38 +02:00
Gael
8baf9fc492 Merge branch 'gestionSecrets' of git+ssh://git.kaz.bzh:2202/KAZ/KazV2 into gestionSecrets 2025-07-29 16:37:45 +02:00
Gael
8d26a57b6b A tester : la génération des mots de passe ! 2025-07-29 16:33:17 +02:00
HPL
5fbc804edd Actualiser secret.tmpl/SetAllPass.sh 2025-07-23 06:34:30 +02:00
Gael
44ff3980f9 SetAllPass a disparu ! Reste le secretgen à refaire + revoir les valeurs "liées" par setallpass. Rien n'est testé pour le moment. 2025-07-23 03:19:27 +02:00
115 changed files with 1039 additions and 1465 deletions
Expand all files Collapse all files

11
bin/applyTemplate.sh
View File

@@ -16,7 +16,6 @@ KAZ_ROOT=$(cd "$(dirname $0)/.."; pwd)
setKazVars setKazVars
. "${DOCKERS_ENV}" . "${DOCKERS_ENV}"
. "${KAZ_KEY_DIR}/SetAllPass.sh"
usage () { usage () {
echo $(basename "$0") " [-h] [-help] [-timestamp] template dst" echo $(basename "$0") " [-h] [-help] [-timestamp] template dst"
@@ -64,8 +63,8 @@ done
-e "s|__DOKUWIKI_HOST__|${dokuwikiHost}|g"\ -e "s|__DOKUWIKI_HOST__|${dokuwikiHost}|g"\
-e "s|__DOMAIN__|${domain}|g"\ -e "s|__DOMAIN__|${domain}|g"\
-e "s|__FILE_HOST__|${fileHost}|g"\ -e "s|__FILE_HOST__|${fileHost}|g"\
-e "s|__PAHEKO_API_PASSWORD__|${paheko_API_PASSWORD}|g"\ # -e "s|__PAHEKO_API_PASSWORD__|${paheko_API_PASSWORD}|g"\
-e "s|__PAHEKO_API_USER__|${paheko_API_USER}|g"\ # -e "s|__PAHEKO_API_USER__|${paheko_API_USER}|g"\
-e "s|__PAHEKO_HOST__|${pahekoHost}|g"\ -e "s|__PAHEKO_HOST__|${pahekoHost}|g"\
-e "s|__GIT_HOST__|${gitHost}|g"\ -e "s|__GIT_HOST__|${gitHost}|g"\
-e "s|__GRAV_HOST__|${gravHost}|g"\ -e "s|__GRAV_HOST__|${gravHost}|g"\
@@ -79,9 +78,9 @@ done
-e "s|__SMTP_HOST__|${smtpHost}|g"\ -e "s|__SMTP_HOST__|${smtpHost}|g"\
-e "s|__SYMPADB__|${sympaDBName}|g"\ -e "s|__SYMPADB__|${sympaDBName}|g"\
-e "s|__SYMPA_HOST__|${sympaHost}|g"\ -e "s|__SYMPA_HOST__|${sympaHost}|g"\
-e "s|__SYMPA_MYSQL_DATABASE__|${sympa_MYSQL_DATABASE}|g"\ # -e "s|__SYMPA_MYSQL_DATABASE__|${sympa_MYSQL_DATABASE}|g"\
-e "s|__SYMPA_MYSQL_PASSWORD__|${sympa_MYSQL_PASSWORD}|g"\ # -e "s|__SYMPA_MYSQL_PASSWORD__|${sympa_MYSQL_PASSWORD}|g"\
-e "s|__SYMPA_MYSQL_USER__|${sympa_MYSQL_USER}|g"\ # -e "s|__SYMPA_MYSQL_USER__|${sympa_MYSQL_USER}|g"\
-e "s|__VIGILO_HOST__|${vigiloHost}|g"\ -e "s|__VIGILO_HOST__|${vigiloHost}|g"\
-e "s|__WEBMAIL_HOST__|${webmailHost}|g"\ -e "s|__WEBMAIL_HOST__|${webmailHost}|g"\
-e "s|__CASTOPOD_HOST__|${castopodHost}|g"\ -e "s|__CASTOPOD_HOST__|${castopodHost}|g"\

7
bin/certbot-dns-alwaysdata.sh Normal file → Executable file
View File

@@ -2,9 +2,10 @@
# certbot certonly --manual --preferred-challenges=dns --manual-auth-hook certbot-dns-alwaysdata.sh --manual-cleanup-hook certbot-dns-alwaysdata.sh -d "*.kaz.bzh" -d "kaz.bzh" # certbot certonly --manual --preferred-challenges=dns --manual-auth-hook certbot-dns-alwaysdata.sh --manual-cleanup-hook certbot-dns-alwaysdata.sh -d "*.kaz.bzh" -d "kaz.bzh"
ALWAYSDATA_TOKEN="TOKEN" export KAZ_ROOT=$(cd "$(dirname $0)/.."; pwd)
ALWAYSDATA_ACCOUNT="ACCOUNT" . "${KAZ_ROOT}/bin/.commonFunctions.sh"
ALWAYSDATA_API="https://api.alwaysdata.com/v1/" setKazVars
. $KAZ_KEY_DIR/env-alwaysdata
DOMAIN_ID=$(curl -s -X GET --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" ${ALWAYSDATA_API}/domain/?name=${CERTBOT_DOMAIN} | jq '.[0].id') DOMAIN_ID=$(curl -s -X GET --basic --user "${ALWAYSDATA_TOKEN} account=${ALWAYSDATA_ACCOUNT}:" ${ALWAYSDATA_API}/domain/?name=${CERTBOT_DOMAIN} | jq '.[0].id')

119
bin/checkEnvFiles.sh
View File

@@ -6,8 +6,6 @@ setKazVars
RUN_PASS_DIR="secret" RUN_PASS_DIR="secret"
TMPL_PASS_DIR="secret.tmpl" TMPL_PASS_DIR="secret.tmpl"
RUN_PASS_FILE="${RUN_PASS_DIR}/SetAllPass.sh"
TMPL_PASS_FILE="${TMPL_PASS_DIR}/SetAllPass.sh"
NEED_GEN= NEED_GEN=
######################################## ########################################
@@ -48,7 +46,12 @@ getVars () {
# get lvalues in script # get lvalues in script
getSettedVars () { getSettedVars () {
# $1 : filename # $1 : filename
grep "^[^#]*=..*" $1 | grep -v '^[^#]*=".*--clean_val--.*"' | grep -v '^[^#]*="${' | sort -u grep -E "^[^=#]*(USER|PASS|TOKEN|DATABASE|ACCOUNT|LOGIN|KEY)[^#]*=..*" ./* | grep -vE '^[^#=]*=.*@@(user|pass|db|token|gv|cv)@@.*' | sort -u
}
getUnsettedVars () {
# $1 : filename
grep -vE '^[^#=]*=.*@@(user|pass|db|token|gv|cv)@@.*' ./* | sort -u
} }
getVarFormVal () { getVarFormVal () {
@@ -57,60 +60,6 @@ getVarFormVal () {
grep "^[^#]*=$1" $2 | sed 's/\s*\([^=]*\).*/\1/' grep "^[^#]*=$1" $2 | sed 's/\s*\([^=]*\).*/\1/'
} }
########################################
# synchronized SetAllPass.sh (find missing lvalues)
updatePassFile () {
# $1 : ref filename
# $2 : target filename
REF_FILE="$1"
TARGET_FILE="$2"
NEED_UPDATE=
while : ; do
declare -a listRef listTarget missing
listRef=($(getVars "${REF_FILE}"))
listTarget=($(getVars "${TARGET_FILE}"))
missing=($(comm -23 <(printf "%s\n" ${listRef[@]}) <(printf "%s\n" ${listTarget[@]})))
if [ -n "${missing}" ]; then
echo "missing vars in ${YELLOW}${BOLD}${TARGET_FILE}${NC}:${RED}${BOLD}" ${missing[@]} "${NC}"
read -p "Do you want to add them? [y/n]: " yn
case $yn in
""|[Yy]*)
emacs "${REF_FILE}" "${TARGET_FILE}"
NEED_UPDATE=true
break
;;
[Nn]*)
break
;;
esac
else
break
fi
done
}
updatePassFile "${TMPL_PASS_FILE}" "${RUN_PASS_FILE}"
[ -n "${NEED_UPDATE}" ] && NEED_GEN=true
updatePassFile "${RUN_PASS_FILE}" "${TMPL_PASS_FILE}"
########################################
# check empty pass in TMPL_PASS_FILE
declare -a settedVars
settedVars=($(getSettedVars "${TMPL_PASS_FILE}"))
if [ -n "${settedVars}" ]; then
echo "unclear password in ${YELLOW}${BOLD}${TMPL_PASS_FILE}${NC}:${BLUE}${BOLD}"
for var in ${settedVars[@]}; do
echo -e "\t${var}"
done
echo "${NC}"
read -p "Do you want to clear them? [y/n]: " yn
case $yn in
""|[Yy]*)
emacs "${TMPL_PASS_FILE}"
;;
esac
fi
######################################## ########################################
# check new files env-* # check new files env-*
@@ -146,7 +95,7 @@ createMissingEnv "${TMPL_PASS_DIR}" "${RUN_PASS_DIR}"
declare -a listTmpl listRun listCommonFiles declare -a listTmpl listRun listCommonFiles
listTmplFiles=($(cd "${TMPL_PASS_DIR}"; ls -1 env-* | grep -v '~$')) listTmplFiles=($(cd "${TMPL_PASS_DIR}"; ls -1 env-* | grep -v '~$'))
listRunFiles=($(cd "${RUN_PASS_DIR}"; ls -1 env-* | grep -v '~$')) listRunFiles=($(cd "${RUN_PASS_DIR}"; ls -1 env-* | grep -v '~$'))
listCommonFiles=($(comm -3 <(printf "%s\n" ${listTmplFiles[@]}) <(printf "%s\n" ${listRunFiles[@]}))) listCommonFiles=($(comm -12 <(printf "%s\n" ${listTmplFiles[@]}) <(printf "%s\n" ${listRunFiles[@]})))
for envFile in ${listCommonFiles[@]}; do for envFile in ${listCommonFiles[@]}; do
while : ; do while : ; do
TMPL_FILE="${TMPL_PASS_DIR}/${envFile}" TMPL_FILE="${TMPL_PASS_DIR}/${envFile}"
@@ -224,21 +173,19 @@ if [ -n "${missing}" ]; then
fi fi
######################################## ########################################
# check env-* in updateDockerPassword.sh # check extention in dockers.env
missing=($(for DIR in "${RUN_PASS_DIR}" "${TMPL_PASS_DIR}"; do declare -a missing
unsetted=($(for DIR in "${RUN_PASS_DIR}"; do
for envFile in $(ls -1 "${DIR}/"env-* | grep -v '~$'); do for envFile in $(ls -1 "${DIR}/"env-* | grep -v '~$'); do
val="${envFile#*env-}" val="${envFile#*env-}"
varName=$(getVarFormVal "${val}" "${DOCKERS_ENV}") varName=$(getVarFormVal "${val}" "${DOCKERS_ENV}")
[ -z "${varName}" ] && continue if [ -z "${varName}" ]; then
prefixe=$(grep "^\s*updateEnv.*${varName}" "${KAZ_BIN_DIR}/updateDockerPassword.sh" | echo "${val}"
sed 's/\s*updateEnv[^"]*"\([^"]*\)".*/\1/' | sort -u)
if [ -z "${prefixe}" ]; then
echo "${envFile#*/}_(\${KAZ_KEY_DIR}/env-\${"${varName}"})"
fi fi
done done
done | sort -u)) done | sort -u))
if [ -n "${missing}" ]; then if [ -n "${missing}" ]; then
echo "missing update in ${GREEN}${BOLD}${KAZ_BIN_DIR}/updateDockerPassword.sh${NC}:${BLUE}${BOLD}" echo "missing def in ${GREEN}${BOLD}${DOCKERS_ENV}${NC}:${BLUE}${BOLD}"
for var in ${missing[@]}; do for var in ${missing[@]}; do
echo -e "\t${var}" echo -e "\t${var}"
done done
@@ -246,53 +193,17 @@ if [ -n "${missing}" ]; then
read -p "Do you want to add them? [y/n]: " yn read -p "Do you want to add them? [y/n]: " yn
case $yn in case $yn in
""|[Yy]*) ""|[Yy]*)
emacs "${KAZ_BIN_DIR}/updateDockerPassword.sh" emacs "${DOCKERS_ENV}"
;; ;;
esac esac
fi fi
########################################
# synchronized SetAllPass.sh and env-*
updateEnvFiles () {
# $1 secret dir
DIR=$1
listRef=($(getVars "${DIR}/SetAllPass.sh"))
missing=($(for envFile in $(ls -1 "${DIR}/"env-* | grep -v '~$'); do
val="${envFile#*env-}"
varName=$(getVarFormVal "${val}" "${DOCKERS_ENV}")
[ -z "${varName}" ] && continue
prefixe=$(grep "^\s*updateEnv.*${varName}" "${KAZ_BIN_DIR}/updateDockerPassword.sh" |
sed 's/\s*updateEnv[^"]*"\([^"]*\)".*/\1/' | sort -u)
[ -z "${prefixe}" ] && continue
listVarsInEnv=($(getVars "${envFile}"))
for var in ${listVarsInEnv[@]}; do
[[ ! " ${listRef[@]} " =~ " ${prefixe}_${var} " ]] && echo "${prefixe}_${var}"
done
# XXX doit exister dans SetAllPass.sh avec le prefixe
done))
if [ -n "${missing}" ]; then
echo "missing update in ${GREEN}${BOLD}${DIR}/SetAllPass.sh${NC}:${BLUE}${BOLD}"
for var in ${missing[@]}; do
echo -e "\t${var}"
done
echo "${NC}"
read -p "Do you want to add them? [y/n]: " yn
case $yn in
""|[Yy]*)
emacs "${DIR}/SetAllPass.sh"
;;
esac
fi
}
updateEnvFiles "${RUN_PASS_DIR}"
updateEnvFiles "${TMPL_PASS_DIR}"
# XXX chercher les variables non utilisées dans les SetAllPass.sh
if [ -n "${NEED_GEN}" ]; then if [ -n "${NEED_GEN}" ]; then
while : ; do while : ; do
read -p "Do you want to generate blank values? [y/n]: " yn read -p "Do you want to generate missing values? [y/n]: " yn
case $yn in case $yn in
""|[Yy]*) ""|[Yy]*)
"${KAZ_BIN_DIR}/secretGen.sh" "${KAZ_BIN_DIR}/secretGen.sh"

11
bin/checkEnvPassword.sh
View File

@@ -1,11 +0,0 @@
#!/bin/bash
KAZ_ROOT=$(cd $(dirname $0)/..; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars
for filename in "${KAZ_KEY_DIR}/"env-*Serv "${KAZ_KEY_DIR}/"env-*DB; do
if grep -q "^[^#=]*=\s*$" "${filename}" 2>/dev/null; then
echo "${filename}"
fi
done

59
bin/container.sh
View File

@@ -61,20 +61,6 @@ doCompose () {
${SIMU} ln -fs ../../config/dockers.env .env ${SIMU} ln -fs ../../config/dockers.env .env
fi fi
${SIMU} docker-compose $1 ${SIMU} docker-compose $1
if [ "$2" = "cachet" ] && [ "$1" != "down" ]; then
NEW_KEY=$(cd "${KAZ_COMP_DIR}/$2" ; docker-compose logs | grep APP_KEY=base64: | sed "s/^.*'APP_KEY=\(base64:[^']*\)'.*$/\1/" | tail -1)
if [ -n "${NEW_KEY}" ]; then
printKazMsg "cachet key change"
# change key
${SIMU} sed -i \
-e 's%^\(\s*cachet_APP_KEY=\).*$%\1"'"${NEW_KEY}"'"%' \
"${KAZ_KEY_DIR}/SetAllPass.sh"
${SIMU} "${KAZ_BIN_DIR}/secretGen.sh"
# restart
${SIMU} docker-compose $1
fi
fi
} }
doComposes () { doComposes () {
@@ -177,7 +163,6 @@ statusComposes () {
saveComposes () { saveComposes () {
. "${DOCKERS_ENV}" . "${DOCKERS_ENV}"
. "${KAZ_ROOT}/secret/SetAllPass.sh"
savedComposes+=( ${enableMailComposes[@]} ) savedComposes+=( ${enableMailComposes[@]} )
savedComposes+=( ${enableProxyComposes[@]} ) savedComposes+=( ${enableProxyComposes[@]} )
@@ -195,49 +180,59 @@ saveComposes () {
;; ;;
sympa) sympa)
echo "save sympa" echo "save sympa"
saveDB ${sympaDBName} "${sympa_MYSQL_USER}" "${sympa_MYSQL_PASSWORD}" "${sympa_MYSQL_DATABASE}" sympa mysql . $KAZ_BIN_DIR/getPasswords.sh sympaDB
saveDB ${sympaDBName} "${sympaDB_MYSQL_USER}" "${sympaDB_MYSQL_PASSWORD}" "${sympaDB_MYSQL_DATABASE}" sympa mysql
;; ;;
web) web)
# rien à faire (fichiers) # rien à faire (fichiers)
;; ;;
etherpad) etherpad)
echo "save pad" echo "save pad"
saveDB ${etherpadDBName} "${etherpad_MYSQL_USER}" "${etherpad_MYSQL_PASSWORD}" "${etherpad_MYSQL_DATABASE}" etherpad mysql . $KAZ_BIN_DIR/getPasswords.sh etherpadDB
saveDB ${etherpadDBName} "${etherpadDB_MYSQL_USER}" "${etherpadDB_MYSQL_PASSWORD}" "${etherpadDB_MYSQL_DATABASE}" etherpad mysql
;; ;;
framadate) framadate)
echo "save date" echo "save date"
saveDB ${framadateDBName} "${framadate_MYSQL_USER}" "${framadate_MYSQL_PASSWORD}" "${framadate_MYSQL_DATABASE}" framadate mysql . $KAZ_BIN_DIR/getPasswords.sh framadateDB
saveDB ${framadateDBName} "${framadateDB_MYSQL_USER}" "${framadateDB_MYSQL_PASSWORD}" "${framadateDB_MYSQL_DATABASE}" framadate mysql
;; ;;
cloud) cloud)
echo "save cloud" echo "save cloud"
saveDB ${nextcloudDBName} "${nextcloud_MYSQL_USER}" "${nextcloud_MYSQL_PASSWORD}" "${nextcloud_MYSQL_DATABASE}" nextcloud mysql . $KAZ_BIN_DIR/getPasswords.sh nextcloudDB
saveDB ${nextcloudDBName} "${nextcloudDB_MYSQL_USER}" "${nextcloudDB_MYSQL_PASSWORD}" "${nextcloudDB_MYSQL_DATABASE}" nextcloud mysql
;; ;;
paheko) paheko)
# rien à faire (fichiers) # rien à faire (fichiers)
;; ;;
mattermost) mattermost)
echo "save mattermost" echo "save mattermost"
saveDB matterPG "${mattermost_POSTGRES_USER}" "${mattermost_POSTGRES_PASSWORD}" "${mattermost_POSTGRES_DB}" mattermost postgres . $KAZ_BIN_DIR/getPasswords.sh mattermostDB
saveDB matterPG "${mattermostDB_POSTGRES_USER}" "${mattermostDB_POSTGRES_PASSWORD}" "${mattermostDB_POSTGRES_DB}" mattermost postgres
;; ;;
mobilizon) mobilizon)
echo "save mobilizon" echo "save mobilizon"
saveDB ${mobilizonDBName} "${mobilizon_POSTGRES_USER}" "${mobilizon_POSTGRES_PASSWORD}" "${mobilizon_POSTGRES_DB}" mobilizon postgres . $KAZ_BIN_DIR/getPasswords.sh mobilizonDB
saveDB ${mobilizonDBName} "${mobilizonDB_POSTGRES_USER}" "${mobilizonDB_POSTGRES_PASSWORD}" "${mobilizonDB_POSTGRES_DB}" mobilizon postgres
;; ;;
peertube) peertube)
echo "save peertube" echo "save peertube"
saveDB ${peertubeDBName} "${peertube_POSTGRES_USER}" "${peertube_POSTGRES_PASSWORD}" "${PEERTUBE_DB_HOSTNAME}" peertube postgres . $KAZ_BIN_DIR/getPasswords.sh peertubeDB
saveDB ${peertubeDBName} "${peertubeDB_POSTGRES_USER}" "${peertubeDB_POSTGRES_PASSWORD}" "${peertubeDB_PEERTUBE_DB_HOSTNAME}" peertube postgres
;; ;;
mastodon) mastodon)
echo "save mastodon" echo "save mastodon"
saveDB ${mastodonDBName} "${mastodon_POSTGRES_USER}" "${mastodon_POSTGRES_PASSWORD}" "${mastodon_POSTGRES_DB}" mastodon postgres . $KAZ_BIN_DIR/getPasswords.sh mastodonDB
saveDB ${mastodonDBName} "${mastodonDB_POSTGRES_USER}" "${mastodonDB_POSTGRES_PASSWORD}" "${mastodonDB_POSTGRES_DB}" mastodon postgres
;; ;;
roundcube) roundcube)
echo "save roundcube" echo "save roundcube"
saveDB ${roundcubeDBName} "${roundcube_MYSQL_USER}" "${roundcube_MYSQL_PASSWORD}" "${roundcube_MYSQL_DATABASE}" roundcube mysql . $KAZ_BIN_DIR/getPasswords.sh roundcubeDB
saveDB ${roundcubeDBName} "${roundcubeDB_MYSQL_USER}" "${roundcubeDB_MYSQL_PASSWORD}" "${roundcubeDB_MYSQL_DATABASE}" roundcube mysql
;; ;;
vaultwarden) vaultwarden)
echo "save vaultwarden" echo "save vaultwarden"
saveDB ${vaultwardenDBName} "${vaultwarden_MYSQL_USER}" "${vaultwarden_MYSQL_PASSWORD}" "${vaultwarden_MYSQL_DATABASE}" vaultwarden mysql . $KAZ_BIN_DIR/getPasswords.sh vaultwardenDB
saveDB ${vaultwardenDBName} "${vaultwardenDB_MYSQL_USER}" "${vaultwardenDB_MYSQL_PASSWORD}" "${vaultwardenDB_MYSQL_DATABASE}" vaultwarden mysql
;; ;;
dokuwiki) dokuwiki)
# rien à faire (fichiers) # rien à faire (fichiers)
@@ -247,15 +242,23 @@ saveComposes () {
echo "save ${ORGA}" echo "save ${ORGA}"
if grep -q "cloud:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then if grep -q "cloud:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then
echo " => cloud" echo " => cloud"
saveDB "${ORGA}-DB" "${nextcloud_MYSQL_USER}" "${nextcloud_MYSQL_PASSWORD}" "${nextcloud_MYSQL_DATABASE}" "${ORGA}-cloud" mysql . $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudDB
saveDB "${ORGA}-DB" "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" "${ORGA}-cloud" mysql
fi fi
if grep -q "agora:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then if grep -q "agora:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then
echo " => mattermost" echo " => mattermost"
saveDB "${ORGA}-DB" "${mattermost_MYSQL_USER}" "${mattermost_MYSQL_PASSWORD}" "${mattermost_MYSQL_DATABASE}" "${ORGA}-mattermost" mysql . $KAZ_KEY_DIR/orgas/$ORGA/env-mattermostDB
saveDB "${ORGA}-DB" "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" "${ORGA}-mattermost" mysql
fi fi
if grep -q "wordpress:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then if grep -q "wordpress:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then
echo " => wordpress" echo " => wordpress"
saveDB "${ORGA}-DB" "${wp_MYSQL_USER}" "${wp_MYSQL_PASSWORD}" "${wp_MYSQL_DATABASE}" "${ORGA}-wordpress" mysql . $KAZ_KEY_DIR/orgas/$ORGA/env-wpDB
saveDB "${ORGA}-DB" "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" "${ORGA}-wordpress" mysql
fi
if grep -q "spip:" "${KAZ_COMP_DIR}/${compose}/docker-compose.yml" 2> /dev/null ; then
echo " => spip"
. $KAZ_KEY_DIR/orgas/$ORGA/env-spipDB
saveDB "${ORGA}-DB" "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" "${ORGA}-spip" mysql
fi fi
;; ;;
esac esac

81
bin/createDBUsers.sh Executable file
View File

@@ -0,0 +1,81 @@
#!/bin/bash
KAZ_ROOT=$(cd $(dirname $0)/..; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars
# pour mise au point
# SIMU=echo
# Améliorations à prévoir
# - donner en paramètre les services concernés (pour limité les modifications)
# - pour les DB si on déclare un nouveau login, alors les privilèges sont créé mais les anciens pas révoqués
. "${DOCKERS_ENV}"
createMysqlUser(){
# $1 = envName
# $2 = containerName of DB
. $KAZ_KEY_DIR/env-$1
# seulement si pas de mdp pour root
# pb oeuf et poule (il faudrait les anciennes valeurs) :
# * si rootPass change, faire à la main
# * si dbName change, faire à la main
checkDockerRunning "$2" "$2" || return
echo "change DB pass on docker $2"
echo "grant all privileges on ${MYSQL_DATABASE}.* to '${MYSQL_USER}' identified by '${MYSQL_PASSWORD}';" | \
docker exec -i $2 bash -c "mysql --user=root --password=${MYSQL_ROOT_PASSWORD}"
}
framadateUpdate(){
[[ "${COMP_ENABLE}" =~ " framadate " ]] || return
if [ ! -f "${DOCK_LIB}/volumes/framadate_dateConfig/_data/config.php" ]; then
return 0
fi
.$KAZ_BIN_DIR/getPasswords.sh framadateDB framadateServ
checkDockerRunning "${framadateServName}" "Framadate" &&
${SIMU} docker exec -ti "${framadateServName}" bash -c -i "htpasswd -bc /var/framadate/admin/.htpasswd ${framadateServ_HTTPD_USER} ${framadateServ_HTTPD_PASSWORD}"
${SIMU} sed -i \
-e "s/^#*const DB_USER[ ]*=.*$/const DB_USER= '${framadateDB_MYSQL_USER}';/g" \
-e "s/^#*const DB_PASSWORD[ ]*=.*$/const DB_PASSWORD= '${framadateDB_MYSQL_PASSWORD}';/g" \
"${DOCK_LIB}/volumes/framadate_dateConfig/_data/config.php"
}
jirafeauUpdate(){
[[ "${COMP_ENABLE}" =~ " jirafeau " ]] || return
if [ ! -f "${DOCK_LIB}/volumes/jirafeau_fileConfig/_data/config.local.php" ]; then
return 0
fi
. $KAZ_BIN_DIR/getPasswords.sh jirafeauServ
SHA=$(echo -n "${jirafeauServ_HTTPD_PASSWORD}" | sha256sum | cut -d \ -f 1)
${SIMU} sed -i \
-e "s/'admin_password'[ ]*=>[ ]*'[^']*'/'admin_password' => '${SHA}'/g" \
"${DOCK_LIB}/volumes/jirafeau_fileConfig/_data/config.local.php"
}
####################
# main
createMysqlUser "etherpadDB" "${etherpadDBName}"
createMysqlUser "framadateDB" "${framadateDBName}"
createMysqlUser "giteaDB" "${gitDBName}"
createMysqlUser "mattermostDB" "${mattermostDBName}"
createMysqlUser "nextcloudDB" "${nextcloudDBName}"
createMysqlUser "roundcubeDB" "${roundcubeDBName}"
createMysqlUser "sympaDB" "${sympaDBName}"
createMysqlUser "vigiloDB" "${vigiloDBName}"
createMysqlUser "wpDB" "${wordpressDBName}"
createMysqlUser "vaultwardenDB" "${vaultwardenDBName}"
createMysqlUser "castopodDB" "${castopodDBName}"
createMysqlUser "spipDB" "${spipDBName}"
createMysqlUser "mastodonDB" "${mastodonDBName}"
framadateUpdate
jirafeauUpdate
exit 0

104
bin/createEmptyPasswd.sh
View File

@@ -1,104 +0,0 @@
#!/bin/bash
cd $(dirname $0)/..
mkdir -p emptySecret
rsync -aHAX --info=progress2 --delete secret/ emptySecret/
cd emptySecret/
. ../config/dockers.env
. ./SetAllPass.sh
# pour mise au point
# SIMU=echo
cleanEnvDB(){
# $1 = prefix
# $2 = envName
# $3 = containerName of DB
rootPass="--root_password--"
dbName="--database_name--"
userName="--user_name--"
userPass="--user_password--"
${SIMU} sed -i \
-e "s/MYSQL_ROOT_PASSWORD=.*/MYSQL_ROOT_PASSWORD=${rootPass}/g" \
-e "s/MYSQL_DATABASE=.*/MYSQL_DATABASE=${dbName}/g" \
-e "s/MYSQL_USER=.*/MYSQL_USER=${userName}/g" \
-e "s/MYSQL_PASSWORD=.*/MYSQL_PASSWORD=${userPass}/g" \
"$2"
}
cleanEnv(){
# $1 = prefix
# $2 = envName
for varName in $(grep "^[a-zA-Z_]*=" $2 | sed "s/^\([^=]*\)=.*/\1/g")
do
srcName="$1_${varName}"
srcVal="--clean_val--"
${SIMU} sed -i \
-e "s~^[ ]*${varName}=.*$~${varName}=${srcVal}~" \
"$2"
done
}
cleanPasswd(){
${SIMU} sed -i \
-e 's/^\([# ]*[^#= ]*\)=".[^{][^"]*"/\1="--clean_val--"/g' \
./SetAllPass.sh
}
####################
# main
# read -r -p "Do you want to remove all password? [Y/n] " input
# case $input in
# [yY][eE][sS]|[yY])
# echo "Remove all password"
# ;;
# [nN][oO]|[nN])
# echo "Abort"
# ;;
# *)
# echo "Invalid input..."
# exit 1
# ;;
# esac
cleanPasswd
cleanEnvDB "etherpad" "./env-${etherpadDBName}" "${etherpadDBName}"
cleanEnvDB "framadate" "./env-${framadateDBName}" "${framadateDBName}"
cleanEnvDB "git" "./env-${gitDBName}" "${gitDBName}"
cleanEnvDB "mattermost" "./env-${mattermostDBName}" "${mattermostDBName}"
cleanEnvDB "nextcloud" "./env-${nextcloudDBName}" "${nextcloudDBName}"
cleanEnvDB "roundcube" "./env-${roundcubeDBName}" "${roundcubeDBName}"
cleanEnvDB "sso" "./env-${ssoDBName}" "${ssoDBName}"
cleanEnvDB "sympa" "./env-${sympaDBName}" "${sympaDBName}"
cleanEnvDB "vigilo" "./env-${vigiloDBName}" "${vigiloDBName}"
cleanEnvDB "wp" "./env-${wordpressDBName}" "${wordpressDBName}"
cleanEnv "etherpad" "./env-${etherpadServName}"
cleanEnv "gandi" "./env-gandi"
cleanEnv "jirafeau" "./env-${jirafeauServName}"
cleanEnv "mattermost" "./env-${mattermostServName}"
cleanEnv "nextcloud" "./env-${nextcloudServName}"
cleanEnv "office" "./env-${officeServName}"
cleanEnv "roundcube" "./env-${roundcubeServName}"
cleanEnv "sso" "./env-${ssoServName}"
cleanEnv "vigilo" "./env-${vigiloServName}"
cleanEnv "wp" "./env-${wordpressServName}"
cat > allow_admin_ip <<EOF
# ip for admin access only
# local test
allow 127.0.0.0/8;
allow 192.168.0.0/16;
EOF
chmod -R go= .
chmod -R +X .

7
bin/createSrcDocker.sh
View File

@@ -3,14 +3,13 @@
cd $(dirname $0) cd $(dirname $0)
./setOwner.sh ./setOwner.sh
./createEmptyPasswd.sh
cd ../.. cd ../..
FILE_NAME="/tmp/$(date +'%Y%M%d')-KAZ.tar.bz2" FILE_NAME="/tmp/$(date +'%Y%m%d')-KAZ.tar.bz2"
tar -cjf "${FILE_NAME}" --transform s/emptySecret/secret/ \ tar -cjf "${FILE_NAME}" --transform s/secret.tmpl/secret/ \
./kaz/emptySecret/ ./kaz/bin ./kaz/config ./kaz/dockers ./kaz/secret.tmpl/ ./kaz/bin ./kaz/config ./kaz/dockers
ls -l "${FILE_NAME}" ls -l "${FILE_NAME}"

42
bin/createUser.sh
View File

@@ -37,7 +37,9 @@ setKazVars
cd "${KAZ_ROOT}" cd "${KAZ_ROOT}"
. "${DOCKERS_ENV}" . "${DOCKERS_ENV}"
. "${KAZ_KEY_DIR}/SetAllPass.sh"
. $KAZ_BIN_DIR/getPasswords.sh ldapServ sympaServ paheko
# DOCK_DIR="${KAZ_COMP_DIR}" # ??? # DOCK_DIR="${KAZ_COMP_DIR}" # ???
@@ -221,6 +223,7 @@ dos2unix "${TFILE_MM}"
echo "done" echo "done"
# se connecter à l'agora pour ensuite pouvoir passer toutes les commandes mmctl # se connecter à l'agora pour ensuite pouvoir passer toutes les commandes mmctl
. $KAZ_KEY_DIR/env-mattermostAdmin
echo "docker exec -i mattermostServ bin/mmctl auth login ${httpProto}://${URL_AGORA} --name local-server --username ${mattermost_user} --password ${mattermost_pass}" | tee -a "${CMD_INIT}" echo "docker exec -i mattermostServ bin/mmctl auth login ${httpProto}://${URL_AGORA} --name local-server --username ${mattermost_user} --password ${mattermost_pass}" | tee -a "${CMD_INIT}"
# vérif des emails # vérif des emails
@@ -393,9 +396,9 @@ nextcloudEnabled: TRUE\n\
nextcloudQuota: ${QUOTA} GB\n\ nextcloudQuota: ${QUOTA} GB\n\
mobilizonEnabled: TRUE\n\ mobilizonEnabled: TRUE\n\
agoraEnabled: TRUE\n\ agoraEnabled: TRUE\n\
userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldap_LDAP_ADMIN_PASSWORD}" | tee -a "${CMD_LOGIN}" userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}" | tee -a "${CMD_LOGIN}"
fi fi
#userPassword: {CRYPT}\$6\$${pass}\n\n\" | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldap_LDAP_CONFIG_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldap_LDAP_CONFIG_ADMIN_PASSWORD}" | tee -a "${CMD_LOGIN}" #userPassword: {CRYPT}\$6\$${pass}\n\n\" | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldapServ_LDAP_CONFIG_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldapServ_LDAP_CONFIG_ADMIN_PASSWORD}" | tee -a "${CMD_LOGIN}"
CREATE_ORGA_SERVICES="" CREATE_ORGA_SERVICES=""
@@ -424,15 +427,16 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$
MESSAGE_MAIL_ORGA_1="${MESSAGE_MAIL_ORGA_1}${NL}* un bureau virtuel pour stocker des fichiers/calendriers/contacts et partager avec vos connaissances : ${httpProto}://${URL_NC}" MESSAGE_MAIL_ORGA_1="${MESSAGE_MAIL_ORGA_1}${NL}* un bureau virtuel pour stocker des fichiers/calendriers/contacts et partager avec vos connaissances : ${httpProto}://${URL_NC}"
# le user existe t-il déjà sur NC ? # le user existe t-il déjà sur NC ?
curl -o "${TEMP_USER_NC}" -X GET -H 'OCS-APIRequest:true' "${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users?search=${IDENT_KAZ}" . $KAZ_KEY_DIR/env-nextcloudServ
curl -o "${TEMP_USER_NC}" -X GET -H 'OCS-APIRequest:true' "${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users?search=${IDENT_KAZ}"
if grep -q "<element>${IDENT_KAZ}</element>" "${TEMP_USER_NC}"; then if grep -q "<element>${IDENT_KAZ}</element>" "${TEMP_USER_NC}"; then
echo "${IDENT_KAZ} existe déjà sur ${URL_NC}" | tee -a "${LOG}" echo "${IDENT_KAZ} existe déjà sur ${URL_NC}" | tee -a "${LOG}"
else else
# on créé l'utilisateur sur NC sauf si c'est le NC général, on ne créé jamais l'utilisateur7 # on créé l'utilisateur sur NC sauf si c'est le NC général, on ne créé jamais l'utilisateur7
if [ ${URL_NC} != "${cloudHost}.${domain}" ]; then if [ ${URL_NC} != "${cloudHost}.${domain}" ]; then
. $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudServ
echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users \ echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users \
-d userid='${IDENT_KAZ}' \ -d userid='${IDENT_KAZ}' \
-d displayName='${PRENOM} ${NOM}' \ -d displayName='${PRENOM} ${NOM}' \
-d password='${PASSWORD}' \ -d password='${PASSWORD}' \
@@ -445,19 +449,22 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$
# s'il est admin de son orga, on le met admin # s'il est admin de son orga, on le met admin
if [ "${service[ADMIN_ORGA]}" == "O" -a "${ORGA}" != "" -a "${service[NC_ORGA]}" == "O" ]; then if [ "${service[ADMIN_ORGA]}" == "O" -a "${ORGA}" != "" -a "${service[NC_ORGA]}" == "O" ]; then
echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://${nextcloud_NEXTCLOUD_ADMIN_USER}:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users/${IDENT_KAZ}/groups -d groupid='admin'" | tee -a "${CMD_INIT}" . $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudServ
echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users/${IDENT_KAZ}/groups -d groupid='admin'" | tee -a "${CMD_INIT}"
fi fi
# faut-il mettre le user NC dans un groupe particulier sur le NC de base ? # faut-il mettre le user NC dans un groupe particulier sur le NC de base ?
if [ "${GROUPE_NC_BASE}" != "" -a "${service[NC_BASE]}" == "O" ]; then if [ "${GROUPE_NC_BASE}" != "" -a "${service[NC_BASE]}" == "O" ]; then
# ici on travaille à nouveau sur le NC commun, donc on rechoppe les bons mdp
. $KAZ_KEY_DIR/env-nextcloudServ
# le groupe existe t-il déjà ? # le groupe existe t-il déjà ?
curl -o "${TEMP_GROUP_NC}" -X GET -H 'OCS-APIRequest:true' "${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/groups?search=${GROUPE_NC_BASE}" curl -o "${TEMP_GROUP_NC}" -X GET -H 'OCS-APIRequest:true' "${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/groups?search=${GROUPE_NC_BASE}"
nb=$(grep "<element>${GROUPE_NC_BASE}</element>" "${TEMP_GROUP_NC}" | wc -l) nb=$(grep "<element>${GROUPE_NC_BASE}</element>" "${TEMP_GROUP_NC}" | wc -l)
if [ "${nb}" == "0" ];then if [ "${nb}" == "0" ];then
echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/groups -d groupid=${GROUPE_NC_BASE}" | tee -a "${CMD_INIT}" echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/groups -d groupid=${GROUPE_NC_BASE}" | tee -a "${CMD_INIT}"
fi fi
# puis attacher le user au groupe # puis attacher le user au groupe
echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users/${IDENT_KAZ}/groups -d groupid=${GROUPE_NC_BASE}" | tee -a "${CMD_INIT}" echo "curl -X POST -H 'OCS-APIRequest:true' ${httpProto}://${NEXTCLOUD_ADMIN_USER}:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users/${IDENT_KAZ}/groups -d groupid=${GROUPE_NC_BASE}" | tee -a "${CMD_INIT}"
fi fi
fi fi
@@ -483,7 +490,8 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$
# TODO : vérif existance user # TODO : vérif existance user
# # le user existe t-il déjà sur le wp ? # # le user existe t-il déjà sur le wp ?
# curl -o "${TEMP_USER_WP}" -X GET "${httpProto}://${wp_WORDPRESS_ADMIN_USER}:${wp_WORDPRESS_ADMIN_PASSWORD}@${URL_WP_ORGA}/ocs/v1.php/cloud/users?search=${IDENT_KAZ}" # . $KAZ_BIN_DIR/getPasswords.sh wpServ
# curl -o "${TEMP_USER_WP}" -X GET "${httpProto}://${wpServ_WORDPRESS_ADMIN_USER}:${wpServ_WORDPRESS_ADMIN_PASSWORD}@${URL_WP_ORGA}/ocs/v1.php/cloud/users?search=${IDENT_KAZ}"
# nb_user_wp_orga=$(grep "<element>${IDENT_KAZ}</element>" "${TEMP_USER_WP}" | wc -l) # nb_user_wp_orga=$(grep "<element>${IDENT_KAZ}</element>" "${TEMP_USER_WP}" | wc -l)
# if [ "${nb_user_wp_orga}" != "0" ];then # if [ "${nb_user_wp_orga}" != "0" ];then
# ( # (
@@ -501,7 +509,7 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$
# ) | tee -a "${LOG}" # ) | tee -a "${LOG}"
# #
# # on supprime l'utilisateur sur NC. # # on supprime l'utilisateur sur NC.
# echo "curl -X DELETE -H 'OCS-APIRequest:true' ${httpProto}://admin:${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users \ # echo "curl -X DELETE -H 'OCS-APIRequest:true' ${httpProto}://admin:${NEXTCLOUD_ADMIN_PASSWORD}@${URL_NC}/ocs/v1.php/cloud/users \
# -d userid='${IDENT_KAZ}' \ # -d userid='${IDENT_KAZ}' \
# " | tee -a "${CMD_INIT}" # " | tee -a "${CMD_INIT}"
# fi # fi
@@ -619,13 +627,13 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$
# docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=https://listes.kaz.sns/sympasoap --trusted_application=SOAP_USER --trusted_application_password=SOAP_PASSWORD --proxy_vars="USER_EMAIL=contact1@kaz.sns" --service=which # docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=https://listes.kaz.sns/sympasoap --trusted_application=SOAP_USER --trusted_application_password=SOAP_PASSWORD --proxy_vars="USER_EMAIL=contact1@kaz.sns" --service=which
if [[ "${mode}" = "dev" ]]; then if [[ "${mode}" = "dev" ]]; then
echo "# DEV, on teste l'inscription à sympa"| tee -a "${CMD_SYMPA}" echo "# DEV, on teste l'inscription à sympa"| tee -a "${CMD_SYMPA}"
LISTMASTER=$(echo ${sympa_LISTMASTERS} | cut -d',' -f1) LISTMASTER=$(echo ${sympaServ_LISTMASTERS} | cut -d',' -f1)
echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\"" | tee -a "${CMD_SYMPA}" echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\"" | tee -a "${CMD_SYMPA}"
else else
echo "# PROD, on inscrit à sympa"| tee -a "${CMD_SYMPA}" echo "# PROD, on inscrit à sympa"| tee -a "${CMD_SYMPA}"
LISTMASTER=$(echo ${sympa_LISTMASTERS} | cut -d',' -f1) LISTMASTER=$(echo ${sympaServ_LISTMASTERS} | cut -d',' -f1)
echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\"" | tee -a "${CMD_SYMPA}" echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SOUHAITE}\"" | tee -a "${CMD_SYMPA}"
echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SECOURS}\"" | tee -a "${CMD_SYMPA}" echo "docker exec -i sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=\"USER_EMAIL=${LISTMASTER}\" --service=add --service_parameters=\"${NL_LIST},${EMAIL_SECOURS}\"" | tee -a "${CMD_SYMPA}"
fi fi
if [ "${service[ADMIN_ORGA]}" == "O" ]; then if [ "${service[ADMIN_ORGA]}" == "O" ]; then

1
bin/gestContainers.sh
View File

@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh . $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars setKazVars
. $DOCKERS_ENV . $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
. $KAZ_ROOT/secret/env-kaz . $KAZ_ROOT/secret/env-kaz
PRG=$(basename $0) PRG=$(basename $0)

2
bin/gestContainers_v2.sh
View File

@@ -7,7 +7,7 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh . $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars setKazVars
. $DOCKERS_ENV . $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
PRG=$(basename $0) PRG=$(basename $0)

88
bin/gestUsers.sh
View File

@@ -8,7 +8,7 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
setKazVars setKazVars
. $DOCKERS_ENV . $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh . $KAZ_BIN_DIR/getPasswords.sh ldapServ nextcloudServ sympaServ paheko
VERSION="18-05-2025" VERSION="18-05-2025"
PRG=$(basename $0) PRG=$(basename $0)
@@ -24,7 +24,7 @@ URL_PAHEKO="$httpProto://${paheko_API_USER}:${paheko_API_PASSWORD}@kaz-paheko.$(
NL_LIST=infos@listes.kaz.bzh NL_LIST=infos@listes.kaz.bzh
URL_AGORA_API=${URL_AGORA}/api/v4 URL_AGORA_API=${URL_AGORA}/api/v4
EQUIPE=kaz EQUIPE=kaz
LISTMASTER=$(echo ${sympa_LISTMASTERS} | cut -d',' -f1) LISTMASTER=$(echo ${sympaServ_LISTMASTERS} | cut -d',' -f1)
#### Test du serveur sur lequel s' execute le script #### #### Test du serveur sur lequel s' execute le script ####
@@ -47,6 +47,8 @@ rm -rf /tmp/*.json
############################################ Fonctions ####################################################### ############################################ Fonctions #######################################################
ExpMail() { ExpMail() {
. $KAZ_KEY_DIR/env-mail
MAIL_DEST=$1 MAIL_DEST=$1
MAIL_SUJET=$2 MAIL_SUJET=$2
MAIL_TEXTE=$3 MAIL_TEXTE=$3
@@ -58,6 +60,7 @@ ExpMail() {
} }
PostMattermost() { PostMattermost() {
. $KAZ_KEY_DIR/env-mattermostAdmin
PostM=$1 PostM=$1
CHANNEL=$2 CHANNEL=$2
TEAMID=$(curl -s -H "Authorization: Bearer ${mattermost_token}" "${URL_AGORA_API}/teams/name/${EQUIPE}" | jq .id | sed -e 's/"//g') TEAMID=$(curl -s -H "Authorization: Bearer ${mattermost_token}" "${URL_AGORA_API}/teams/name/${EQUIPE}" | jq .id | sed -e 's/"//g')
@@ -91,8 +94,8 @@ searchEmail() {
fi fi
done done
ldapsearch -H ldap://${LDAP_IP} \ ldapsearch -H ldap://${LDAP_IP} \
-x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${ldap_LDAP_ADMIN_PASSWORD}" \ -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
-b "${ldap_root}" "(&(objectclass=${SEARCH_OBJECT_CLASS})(cn=*${RMAIL}*))" cn | grep ^cn | sed -e 's/^cn: //' >$TFILE_EMAILS -b "${ldap_root}" "(&(objectclass=${SEARCH_OBJECT_CLASS})(cn=*${RMAIL}*))" cn | grep ^cn | sed -e 's/^cn: //' >$TFILE_EMAILS
COMPTEUR_LIGNE=0 COMPTEUR_LIGNE=0
while read LIGNE while read LIGNE
@@ -136,6 +139,7 @@ searchEmail() {
searchMattermost() { searchMattermost() {
#Ici $1 est une adresse email #Ici $1 est une adresse email
. $KAZ_KEY_DIR/env-mattermostAdmin
docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings auth login $httpProto://$URL_AGORA --name local-server --username $mattermost_user --password $mattermost_pass >/dev/null 2>&1 docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings auth login $httpProto://$URL_AGORA --name local-server --username $mattermost_user --password $mattermost_pass >/dev/null 2>&1
docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings config set ServiceSettings.EnableAPIUserDeletion "true" >/dev/null 2>&1 docker exec -ti ${mattermostServName} bin/mmctl --suppress-warnings config set ServiceSettings.EnableAPIUserDeletion "true" >/dev/null 2>&1
#on créé la list des mails dans mattermost #on créé la list des mails dans mattermost
@@ -182,12 +186,12 @@ infoEmail() {
printKazMsg " DETAILS DU COMPTE DANS NEXTCLOUD PRINCIPAL" printKazMsg " DETAILS DU COMPTE DANS NEXTCLOUD PRINCIPAL"
echo -e "" echo -e ""
#TEMP_USER_NC=$(mktemp /tmp/$RACINE.XXXXXXXXX.TEMP_USER_NC) #TEMP_USER_NC=$(mktemp /tmp/$RACINE.XXXXXXXXX.TEMP_USER_NC)
#curl -s -o $TEMP_USER_NC -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloud_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=$CHOIX_MAIL #curl -s -o $TEMP_USER_NC -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=$CHOIX_MAIL
#cat $TEMP_USER_NC | grep -i "element" | sed -e s/[\<\>\/]//g | sed -e s/element//g #cat $TEMP_USER_NC | grep -i "element" | sed -e s/[\<\>\/]//g | sed -e s/element//g
echo -ne "${NC}" echo -ne "${NC}"
echo -ne " - Nextcloud enable : " echo -ne " - Nextcloud enable : "
echo -ne "${GREEN}" echo -ne "${GREEN}"
ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i nextcloudEnabled | cut -c 18-30 ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i nextcloudEnabled | cut -c 18-30
echo -ne "${NC}" echo -ne "${NC}"
echo -e "${NC} ------------------------------------------------" echo -e "${NC} ------------------------------------------------"
printKazMsg " DETAILS DU COMPTE DANS LDAP ET PAHEKO" printKazMsg " DETAILS DU COMPTE DANS LDAP ET PAHEKO"
@@ -203,11 +207,11 @@ infoEmail() {
echo -ne "${NC}" echo -ne "${NC}"
echo -n " - Quota Mail (Ldap) : " echo -n " - Quota Mail (Ldap) : "
echo -ne "${GREEN}" echo -ne "${GREEN}"
ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i mailquota | cut -c 11-60 ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i mailquota | cut -c 11-60
echo -ne "${NC}" echo -ne "${NC}"
echo -n " - Quota Nextcloud (Ldap) : " echo -n " - Quota Nextcloud (Ldap) : "
echo -ne "${GREEN}" echo -ne "${GREEN}"
ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i nextcloudquota | cut -c 17-60 ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i nextcloudquota | cut -c 17-60
echo -ne "${NC}" echo -ne "${NC}"
echo -n " - Mail de secours (Paheko ): " echo -n " - Mail de secours (Paheko ): "
echo -ne "${GREEN}" echo -ne "${GREEN}"
@@ -215,11 +219,11 @@ infoEmail() {
echo -ne "${NC}" echo -ne "${NC}"
echo -n " - Mail de secours (Ldap): " echo -n " - Mail de secours (Ldap): "
echo -ne "${GREEN}" echo -ne "${GREEN}"
ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i maildeSecours | sed -e 's/mailDeSecours://' ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i maildeSecours | sed -e 's/mailDeSecours://'
echo -ne "${NC}" echo -ne "${NC}"
echo -n " - Alias (Ldap) : " echo -n " - Alias (Ldap) : "
echo -ne "${GREEN}" echo -ne "${GREEN}"
LDAP_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i alias | cut -c 11-60) LDAP_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "cn=${CHOIX_MAIL},ou=users,${ldap_root}" | grep -i alias | cut -c 11-60)
echo -ne "${NC}" echo -ne "${NC}"
echo -ne "${GREEN}" echo -ne "${GREEN}"
for ldap_alias in ${LDAP_ALIAS} for ldap_alias in ${LDAP_ALIAS}
@@ -239,8 +243,8 @@ infoEmail() {
echo "------------------------------------------------" echo "------------------------------------------------"
echo " Alias : ${CHOIX_MAIL} " echo " Alias : ${CHOIX_MAIL} "
echo "" echo ""
for INFOALIAS in $(ldapsearch -H ldap://${LDAP_IP} -x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ for INFOALIAS in $(ldapsearch -H ldap://${LDAP_IP} -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${ldap_LDAP_ADMIN_PASSWORD}" -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${CHOIX_MAIL}*))" mail \ -w "${ldapServ_LDAP_ADMIN_PASSWORD}" -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${CHOIX_MAIL}*))" mail \
| grep ^mail: | sed -e 's/^mail://') | grep ^mail: | sed -e 's/^mail://')
do do
echo -ne "=====> ${GREEN} " echo -ne "=====> ${GREEN} "
@@ -307,12 +311,12 @@ searchDestroy() {
fi fi
echo -e "${NC}" echo -e "${NC}"
echo -e "Recherche de ${GREEN} ${REP_SEARCH_DESTROY} ${NC} dans nextcloud" echo -e "Recherche de ${GREEN} ${REP_SEARCH_DESTROY} ${NC} dans nextcloud"
USER_NEXTCLOUD_SUPPR=$(curl -s -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloud_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=${REP_SEARCH_DESTROY} | grep element | sed -s 's/[ \<\>\/]//g' | sed 's/element//g') USER_NEXTCLOUD_SUPPR=$(curl -s -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=${REP_SEARCH_DESTROY} | grep element | sed -s 's/[ \<\>\/]//g' | sed 's/element//g')
if [ ! -z ${USER_NEXTCLOUD_SUPPR} ] if [ ! -z ${USER_NEXTCLOUD_SUPPR} ]
then then
printKazMsg "le user trouvé est : ${USER_NEXTCLOUD_SUPPR}" printKazMsg "le user trouvé est : ${USER_NEXTCLOUD_SUPPR}"
echo -e "${RED} Suppresion de ${USER_NEXTCLOUD_SUPPR}" echo -e "${RED} Suppresion de ${USER_NEXTCLOUD_SUPPR}"
curl -H 'OCS-APIREQUEST: true' -X DELETE $httpProto://admin:$nextcloud_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users/${USER_NEXTCLOUD_SUPPR} >/dev/null 2>&1 curl -H 'OCS-APIREQUEST: true' -X DELETE $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users/${USER_NEXTCLOUD_SUPPR} >/dev/null 2>&1
if [ "$?" -eq "0" ] if [ "$?" -eq "0" ]
then then
printKazMsg "Suppresion ok" printKazMsg "Suppresion ok"
@@ -327,7 +331,7 @@ searchDestroy() {
echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans la liste info de sympa" echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans la liste info de sympa"
echo -e "${NC}" echo -e "${NC}"
echo "" echo ""
docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${REP_SEARCH_DESTROY}" docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${REP_SEARCH_DESTROY}"
echo -e "${NC}" echo -e "${NC}"
echo "" echo ""
echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans le serveur de mail" echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans le serveur de mail"
@@ -344,7 +348,7 @@ searchDestroy() {
echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans le ldap" echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans le ldap"
echo -e "${NC}" echo -e "${NC}"
echo "" echo ""
ldapdelete -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" "cn=${REP_SEARCH_DESTROY},ou=users,${ldap_root}" ldapdelete -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" "cn=${REP_SEARCH_DESTROY},ou=users,${ldap_root}"
if [ "$?" -eq "0" ] if [ "$?" -eq "0" ]
then then
printKazMsg "Suppresion ok" printKazMsg "Suppresion ok"
@@ -377,8 +381,8 @@ gestPassword() {
# MAIL_SECOURS=$(jq .results[].email_secours $FICMAILSECOURS | sed -e 's/\"//g') # MAIL_SECOURS=$(jq .results[].email_secours $FICMAILSECOURS | sed -e 's/\"//g')
MAIL_SECOURS=$(ldapsearch -H ldap://${LDAP_IP} \ MAIL_SECOURS=$(ldapsearch -H ldap://${LDAP_IP} \
-x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${ldap_LDAP_ADMIN_PASSWORD}" \ -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
-b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=*${CHOIX_MAIL}*))" | grep ^mailDeSecours | sed -e 's/^mailDeSecours: //') -b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=*${CHOIX_MAIL}*))" | grep ^mailDeSecours | sed -e 's/^mailDeSecours: //')
if [ "$MAIL_SECOURS" = "" ] if [ "$MAIL_SECOURS" = "" ]
then then
@@ -405,19 +409,19 @@ gestPassword() {
fi fi
if [ "$SEARCH_RESET_INPUT" = "o" ] || [ "$SEARCH_RESET_INPUT" = "O" ] if [ "$SEARCH_RESET_INPUT" = "o" ] || [ "$SEARCH_RESET_INPUT" = "O" ]
then then
USER_NEXTCLOUD_MODIF=$(curl -s -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloud_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=${COMPTE_A_MODIFIER} | grep element | sed -e 's/[ \<\>\/]//g' -e 's/element//g') USER_NEXTCLOUD_MODIF=$(curl -s -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=${COMPTE_A_MODIFIER} | grep element | sed -e 's/[ \<\>\/]//g' -e 's/element//g')
echo -e "$GREEN Compte à modifier = $RED ${COMPTE_A_MODIFIER} ${NC}" echo -e "$GREEN Compte à modifier = $RED ${COMPTE_A_MODIFIER} ${NC}"
echo -e "$GREEN Mail de secours = $RED ${MAIL_SECOURS} ${NC}" echo -e "$GREEN Mail de secours = $RED ${MAIL_SECOURS} ${NC}"
echo -e "$GREEN Compte $RED $(searchMattermost $COMPTE_A_MODIFIER) ${NC}" echo -e "$GREEN Compte $RED $(searchMattermost $COMPTE_A_MODIFIER) ${NC}"
echo -e "$GREEN Compte Nextcloud $RED ${USER_NEXTCLOUD_MODIF} ${NC}" echo -e "$GREEN Compte Nextcloud $RED ${USER_NEXTCLOUD_MODIF} ${NC}"
echo -e "$GREEN Le mot de passe sera = $RED ${PASSWORD} ${NC}" echo -e "$GREEN Le mot de passe sera = $RED ${PASSWORD} ${NC}"
docker exec -ti mattermostServ bin/mmctl user change-password $(searchMattermost $COMPTE_A_MODIFIER) -p $PASSWORD >/dev/null 2>&1 docker exec -ti mattermostServ bin/mmctl user change-password $(searchMattermost $COMPTE_A_MODIFIER) -p $PASSWORD >/dev/null 2>&1
curl -H 'OCS-APIREQUEST: true' -X PUT $httpProto://admin:$nextcloud_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users/${USER_NEXTCLOUD_MODIF} -d key=password -d value=${PASSWORD} >/dev/null 2>&1 curl -H 'OCS-APIREQUEST: true' -X PUT $httpProto://admin:$nextcloudServ_NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users/${USER_NEXTCLOUD_MODIF} -d key=password -d value=${PASSWORD} >/dev/null 2>&1
pass=$(mkpasswd -m sha512crypt ${PASSWORD}) pass=$(mkpasswd -m sha512crypt ${PASSWORD})
echo -e "\n\ndn: cn=${COMPTE_A_MODIFIER},ou=users,${ldap_root}\n\ echo -e "\n\ndn: cn=${COMPTE_A_MODIFIER},ou=users,${ldap_root}\n\
changeType: modify\n\ changeType: modify\n\
replace: userPassword\n\ replace: userPassword\n\
userPassword: {CRYPT}${pass}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" userPassword: {CRYPT}${pass}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}"
echo -e "Envoi d'un message dans mattermost pour la modification du mot de passe" echo -e "Envoi d'un message dans mattermost pour la modification du mot de passe"
docker exec -ti mattermostServ bin/mmctl post create kaz:Creation-Comptes --message "Le mot de passe du compte ${COMPTE_A_MODIFIER} a été modifié" >/dev/null 2>&1 docker exec -ti mattermostServ bin/mmctl post create kaz:Creation-Comptes --message "Le mot de passe du compte ${COMPTE_A_MODIFIER} a été modifié" >/dev/null 2>&1
if [ $ADRESSE_SEC == "OUI" ] if [ $ADRESSE_SEC == "OUI" ]
@@ -465,8 +469,8 @@ createMail() {
if [[ ${EMAIL_SOUHAITE} =~ ${regexMail} ]] if [[ ${EMAIL_SOUHAITE} =~ ${regexMail} ]]
then then
ldapsearch -H ldap://${LDAP_IP} \ ldapsearch -H ldap://${LDAP_IP} \
-x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${ldap_LDAP_ADMIN_PASSWORD}" \ -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
-b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=${EMAIL_SOUHAITE}))" cn | grep ^cn | sed -e 's/^cn: //' >$TFILE_EMAILS -b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=${EMAIL_SOUHAITE}))" cn | grep ^cn | sed -e 's/^cn: //' >$TFILE_EMAILS
if grep -q "^${EMAIL_SOUHAITE}$" "${TFILE_EMAILS}" if grep -q "^${EMAIL_SOUHAITE}$" "${TFILE_EMAILS}"
then then
@@ -564,7 +568,7 @@ nextcloudEnabled: ${TRUE_KAZ}\n\
nextcloudQuota: ${QUOTA} GB\n\ nextcloudQuota: ${QUOTA} GB\n\
mobilizonEnabled: ${TRUE_KAZ}\n\ mobilizonEnabled: ${TRUE_KAZ}\n\
agoraEnabled: ${TRUE_KAZ}\n\ agoraEnabled: ${TRUE_KAZ}\n\
userPassword: {CRYPT}${LDAPPASS}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldap_LDAP_ADMIN_PASSWORD}" >${TFILE_CREATE_MAIL} userPassword: {CRYPT}${LDAPPASS}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}\" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}" >${TFILE_CREATE_MAIL}
# on execute le fichier avec les données ldap pour créer l' entrée dans l' annuaire # on execute le fichier avec les données ldap pour créer l' entrée dans l' annuaire
bash ${TFILE_CREATE_MAIL} >/dev/null bash ${TFILE_CREATE_MAIL} >/dev/null
# on colle le compte et le mot de passe dans le fichier # on colle le compte et le mot de passe dans le fichier
@@ -610,12 +614,12 @@ createAlias() {
if [[ ${AMAIL} =~ ${regexMail} ]] if [[ ${AMAIL} =~ ${regexMail} ]]
then then
RESU_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} \ RESU_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} \
-x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${ldap_LDAP_ADMIN_PASSWORD}" \ -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
-b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${AMAIL}*))" | grep ^cn | sed -e 's/^cn: //') -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${AMAIL}*))" | grep ^cn | sed -e 's/^cn: //')
RESU_ALIAS_IS_MAIL=$(ldapsearch -H ldap://${LDAP_IP} \ RESU_ALIAS_IS_MAIL=$(ldapsearch -H ldap://${LDAP_IP} \
-x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${ldap_LDAP_ADMIN_PASSWORD}" \ -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
-b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=*${AMAIL}*))" cn | grep ^cn | sed -e 's/^cn: //') -b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=*${AMAIL}*))" cn | grep ^cn | sed -e 's/^cn: //')
if echo ${RESU_ALIAS} | grep -q "^${AMAIL}$" || echo ${RESU_ALIAS_IS_MAIL} | grep -q "^${AMAIL}$" if echo ${RESU_ALIAS} | grep -q "^${AMAIL}$" || echo ${RESU_ALIAS_IS_MAIL} | grep -q "^${AMAIL}$"
@@ -690,7 +694,7 @@ changeType: add\n\
objectClass: organizationalRole\n\ objectClass: organizationalRole\n\
objectClass: PostfixBookMailForward\n\ objectClass: PostfixBookMailForward\n\
mailAlias: ${AMAIL}\n\ mailAlias: ${AMAIL}\n\
${LDAPALAISMAIL}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldap_LDAP_ADMIN_PASSWORD} ${LDAPALAISMAIL}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}
fait=1 fait=1
printKazMsg "Création de ${AMAIL}" printKazMsg "Création de ${AMAIL}"
sleep 3 sleep 3
@@ -722,8 +726,8 @@ delAlias() {
if [[ ${RALIAS} =~ ${regexMail} ]] if [[ ${RALIAS} =~ ${regexMail} ]]
then then
RESU_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} \ RESU_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} \
-x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${ldap_LDAP_ADMIN_PASSWORD}" \ -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
-b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=${RALIAS}))" cn | grep ^cn | sed -e 's/^cn: //') -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=${RALIAS}))" cn | grep ^cn | sed -e 's/^cn: //')
if [ ! -z ${RESU_ALIAS} ] if [ ! -z ${RESU_ALIAS} ]
then then
@@ -733,7 +737,7 @@ delAlias() {
read -p "suppression de ${RESU_ALIAS} ? (o/n): " REPDELALIAS read -p "suppression de ${RESU_ALIAS} ? (o/n): " REPDELALIAS
case "${REPDELALIAS}" in case "${REPDELALIAS}" in
o | O ) o | O )
ldapdelete -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldap_LDAP_ADMIN_PASSWORD}" "cn=${RESU_ALIAS},ou=mailForwardings,${ldap_root}" ldapdelete -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${ldapServ_LDAP_ADMIN_PASSWORD}" "cn=${RESU_ALIAS},ou=mailForwardings,${ldap_root}"
printKazMsg "suppression ${RESU_ALIAS} effectuée" printKazMsg "suppression ${RESU_ALIAS} effectuée"
sleep 2 sleep 2
faitdel=1 faitdel=1
@@ -769,8 +773,8 @@ modifyAlias()
ACHANGE=0 ACHANGE=0
searchEmail alias searchEmail alias
LISTE_MAIL_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} \ LISTE_MAIL_ALIAS=$(ldapsearch -H ldap://${LDAP_IP} \
-x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${ldap_LDAP_ADMIN_PASSWORD}" \ -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
-b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${CHOIX_MAIL}*))" \ -b "${ldap_root}" "(&(objectclass=PostfixBookMailForward)(cn=*${CHOIX_MAIL}*))" \
| grep -i ^mail: | sed -e 's/^mail: /_/' | tr -d [:space:] | sed -s 's/_/ /g') | grep -i ^mail: | sed -e 's/^mail: /_/' | tr -d [:space:] | sed -s 's/_/ /g')
echo "-------------------------------------------------------------------" echo "-------------------------------------------------------------------"
@@ -845,8 +849,8 @@ modifyAlias()
echo "mail: ${key}" >>${FIC_MODIF_LDIF} echo "mail: ${key}" >>${FIC_MODIF_LDIF}
done done
echo "-" >>${FIC_MODIF_LDIF} echo "-" >>${FIC_MODIF_LDIF}
ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-x -w ${ldap_LDAP_ADMIN_PASSWORD} \ -x -w ${ldapServ_LDAP_ADMIN_PASSWORD} \
-f ${FIC_MODIF_LDIF} >/dev/null -f ${FIC_MODIF_LDIF} >/dev/null
else else
printKazMsg "Pas de changement" printKazMsg "Pas de changement"
@@ -872,8 +876,8 @@ updateUser() {
for attribut in mailDeSecours mailAlias mailQuota nextcloudQuota for attribut in mailDeSecours mailAlias mailQuota nextcloudQuota
do do
ATTRIB+=([${attribut}]=$(ldapsearch -H ldap://${LDAP_IP} \ ATTRIB+=([${attribut}]=$(ldapsearch -H ldap://${LDAP_IP} \
-x -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ -x -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-w "${ldap_LDAP_ADMIN_PASSWORD}" \ -w "${ldapServ_LDAP_ADMIN_PASSWORD}" \
-b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=*${CHOIX_MAIL}*))" \ -b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=*${CHOIX_MAIL}*))" \
| grep ^"${attribut}": | sed -e 's/^'${attribut}': //' | tr -s '[:space:]' ' ' )) | grep ^"${attribut}": | sed -e 's/^'${attribut}': //' | tr -s '[:space:]' ' ' ))
# si l' attribut est mailDesecours on l' attrape et on on le stocke pour pouvoir l' enlever de sympa # si l' attribut est mailDesecours on l' attrape et on on le stocke pour pouvoir l' enlever de sympa
@@ -1056,15 +1060,15 @@ updateUser() {
done done
cat ${FIC_MODIF_LDIF} cat ${FIC_MODIF_LDIF}
sleep 3 sleep 3
ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" \ ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" \
-x -w ${ldap_LDAP_ADMIN_PASSWORD} \ -x -w ${ldapServ_LDAP_ADMIN_PASSWORD} \
-f ${FIC_MODIF_LDIF} -f ${FIC_MODIF_LDIF}
if [ ! -z ${MAILDESECOURS} ] if [ ! -z ${MAILDESECOURS} ]
then then
# suppression du mail de secours de la liste infos # suppression du mail de secours de la liste infos
docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${MAILDESECOURSACTUEL}" docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${MAILDESECOURSACTUEL}"
# ajout de l' adresse de la nouvelle adresse de secours # ajout de l' adresse de la nouvelle adresse de secours
docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympa_SOAP_USER} --trusted_application_password=${sympa_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=add --service_parameters="${NL_LIST},${MAILDESECOURS}" docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${sympaServ_SOAP_USER} --trusted_application_password=${sympaServ_SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=add --service_parameters="${NL_LIST},${MAILDESECOURS}"
fi fi
updateUser updateUser
fi fi

94
bin/getPasswords.sh Executable file
View File

@@ -0,0 +1,94 @@
#!/bin/bash
#Ki: Gael
#Kan: 2025
#Koi: gestion mots de passe
KAZ_ROOT=/kaz
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
QUIET=1
usage() {
echo "getPasswords.sh [OPTIONS] [envname ...]
Récupère les variables d'environnement présentes dans /kaz/secret/env-envname et crée des variables à partir de ces noms là.
Les variables sont du type envname_NOMVARIABLE=valeur
On peut passer plusieurs fichiers env, à partir du moment ou ils sont tous dans le même répertoire !
OPTIONS
-h|--help Cette aide :-)
-n|--simu SIMULATION
-d foldername prend les envfiles dans un sous dossier /kaz/secret/foldername/ (pour les orgas !)
Les variables seront du type foldername-envname_NOMVARIABLE=valeur
-e varname Affiche le contenu d'une variable en particulier
"
}
if [ ! -d "${KAZ_KEY_DIR}/tmp" ]; then
mkdir "${KAZ_KEY_DIR}/tmp"
fi
for ARG in "$@"; do
if [ -n "${DIRECTORYARG}" ]; then # après un -d
SUBDIRECTORY="${ARG}"
unset DIRECTORYARG
elif [ -n "${ECHOVARARG}" ]; then # après un -e
VARTOECHO="${ARG}"
unset ECHOVARARG
QUIET="/dev/null" # pour ne pas avoir d'autres bruits ...
else
case "${ARG}" in
'-d' | '--directory' | '-f' | '--folder' | '--foldername')
DIRECTORYARG="ON ATTEND UN REPERTOIRE APRES CA" ;;
'-h' | '--help' )
usage && exit ;;
'-n' | '--simu')
SIMU="echo" ;;
'-e' | '--echo')
ECHOVARARG="ON ATTEND UNE UN NOM DE VARIABLE APRES CA" ;;
'-q' )
QUIET="/dev/null" ;;
*)
ENVFILES="${ENVFILES} ${ARG%}";;
esac
fi
done
getVars () {
# $1 : filename
grep "^[^#]*=" $1 | sed 's/\([^=]*\).*/\1/' | sort -u
}
NB_FILES=$(echo "${ENVFILES}" | wc -w )
if [[ $NB_FILES = 0 ]]; then
usage
exit 1
fi
for ENVFILE in $ENVFILES; do
FILENAME="$KAZ_KEY_DIR/env-$ENVFILE"
VARSUFFIX="$ENVFILE"_
if [ -n "${SUBDIRECTORY}" ]; then
FILENAME="$KAZ_KEY_DIR/orgas/$SUBDIRECTORY/env-$ENVFILE"
VARSUFFIX="${SUBDIRECTORY}-${ENVFILE}_"
fi
if ! [ -f "$FILENAME" ]; then
echo "$FILENAME does not exist." >& $QUIET
continue
fi
. $FILENAME # on récupère les variables
vars=$(getVars $FILENAME)
for var in $vars; do
$SIMU declare $VARSUFFIX$var=${!var}
unset $var
done
unset FILENAME VARSUFFIX vars
done
if [ -n "$VARTOECHO" ]; then
echo ${!VARTOECHO}
fi
unset ENVFILES KAZ_ROOT SUBDIRECTORY SIMU QUIET NB_FILES VARTOECHO

3
bin/init.sh
View File

@@ -214,7 +214,6 @@ fi
if [ ! -d "${KAZ_ROOT}/secret" ]; then if [ ! -d "${KAZ_ROOT}/secret" ]; then
rsync -a "${KAZ_ROOT}/secret.tmpl/" "${KAZ_ROOT}/secret/" rsync -a "${KAZ_ROOT}/secret.tmpl/" "${KAZ_ROOT}/secret/"
. "${KAZ_ROOT}/secret/SetAllPass.sh"
"${KAZ_BIN_DIR}/secretGen.sh" "${KAZ_BIN_DIR}/secretGen.sh"
"${KAZ_BIN_DIR}/updateDockerPassword.sh" "${KAZ_BIN_DIR}/createDBUsers.sh"
fi fi

2
bin/install.sh
View File

@@ -123,8 +123,6 @@ export DebugLog="${KAZ_ROOT}/log/log-install-$(date +%y-%m-%d-%T)-"
if [[ " ${DOCKERS_LIST[*]} " =~ " traefik " ]]; then if [[ " ${DOCKERS_LIST[*]} " =~ " traefik " ]]; then
# on initialise traefik :-( # on initialise traefik :-(
${KAZ_COMP_DIR}/traefik/first.sh ${KAZ_COMP_DIR}/traefik/first.sh
# on démarre traefik (plus lancé dans container.sh)
docker-compose -f ${KAZ_COMP_DIR}/traefik/docker-compose.yml up -d
fi fi
if [[ " ${DOCKERS_LIST[*]} " =~ " etherpad " ]]; then if [[ " ${DOCKERS_LIST[*]} " =~ " etherpad " ]]; then

3
bin/interoPaheko.sh
View File

@@ -6,7 +6,8 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
setKazVars setKazVars
. $DOCKERS_ENV . $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
. $KAZ_BIN_DIR/getPasswords.sh paheko
URL_PAHEKO="$httpProto://${paheko_API_USER}:${paheko_API_PASSWORD}@kaz-paheko.$(echo $domain)" URL_PAHEKO="$httpProto://${paheko_API_USER}:${paheko_API_PASSWORD}@kaz-paheko.$(echo $domain)"

1
bin/ldap/ldap_sauve.sh
View File

@@ -7,6 +7,5 @@ setKazVars
FILE_LDIF=/home/sauve/ldap.ldif FILE_LDIF=/home/sauve/ldap.ldif
. $DOCKERS_ENV . $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
docker exec -u 0 -i ${ldapServName} slapcat -F /opt/bitnami/openldap/etc/slapd.d -b ${ldap_root} | gzip >${FILE_LDIF}.gz docker exec -u 0 -i ${ldapServName} slapcat -F /opt/bitnami/openldap/etc/slapd.d -b ${ldap_root} | gzip >${FILE_LDIF}.gz

4
bin/ldap/ldapvi.sh
View File

@@ -5,7 +5,7 @@ KAZ_ROOT=/kaz
setKazVars setKazVars
. $DOCKERS_ENV . $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh . $KAZ_BIN_DIR/getPasswords.sh ldapServ
LDAP_IP=$(docker inspect -f '{{.NetworkSettings.Networks.ldapNet.IPAddress}}' ldapServ) LDAP_IP=$(docker inspect -f '{{.NetworkSettings.Networks.ldapNet.IPAddress}}' ldapServ)
@@ -20,4 +20,4 @@ EDITOR=${EDITOR:-vi}
EDITOR=${EDITOR:-vi} EDITOR=${EDITOR:-vi}
export EDITOR=${EDITOR} export EDITOR=${EDITOR}
ldapvi -h $LDAP_IP -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -w ${ldap_LDAP_ADMIN_PASSWORD} --discover ldapvi -h $LDAP_IP -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -w ${ldapServ_LDAP_ADMIN_PASSWORD} --discover

10
bin/ldap/migrate_to_ldap.sh
View File

@@ -8,7 +8,7 @@ KAZ_ROOT=/kaz
setKazVars setKazVars
. $DOCKERS_ENV . $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh . $KAZ_BIN_DIR/getPasswords.sh ldapServ paheko
ACCOUNTS=/kaz/dockers/postfix/config/postfix-accounts.cf ACCOUNTS=/kaz/dockers/postfix/config/postfix-accounts.cf
@@ -126,7 +126,7 @@ replace: agoraEnabled\n\
agoraEnabled: TRUE\n\ agoraEnabled: TRUE\n\
-\n\ -\n\
replace: mobilizonEnabled\n\ replace: mobilizonEnabled\n\
mobilizonEnabled: TRUE\n\n" | tee /tmp/ldap/${mail}.ldif | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldap_LDAP_ADMIN_PASSWORD} mobilizonEnabled: TRUE\n\n" | tee /tmp/ldap/${mail}.ldif | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}
done done
#replace: nextcloudEnabled\n\ #replace: nextcloudEnabled\n\
@@ -164,7 +164,7 @@ do
echo -e "dn: cn=${mail},ou=users,${ldap_root}\n\ echo -e "dn: cn=${mail},ou=users,${ldap_root}\n\
changeType: modify changeType: modify
replace: mailAlias\n\ replace: mailAlias\n\
$LIST\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldap_LDAP_ADMIN_PASSWORD} $LIST\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}
else else
echo "Alias vers un mail externe, go fichier" echo "Alias vers un mail externe, go fichier"
echo $line >> ${ALIASES_WITHLDAP} echo $line >> ${ALIASES_WITHLDAP}
@@ -185,7 +185,7 @@ replace: mailAlias\n\
mailAlias: ${src}\n\ mailAlias: ${src}\n\
-\n\ -\n\
replace: mail\n\ replace: mail\n\
mail: ${dst}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldap_LDAP_ADMIN_PASSWORD} mail: ${dst}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}
fi fi
else else
echo "Forward vers plusieurs adresses, on met dans le fichier" echo "Forward vers plusieurs adresses, on met dans le fichier"
@@ -215,7 +215,7 @@ replace: mailAlias\n\
mailAlias: ${src}\n\ mailAlias: ${src}\n\
-\n\ -\n\
replace: mail\n\ replace: mail\n\
${LIST}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldap_LDAP_ADMIN_PASSWORD} ${LIST}\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -x -w ${ldapServ_LDAP_ADMIN_PASSWORD}
fi fi
done done

6
bin/ldap/tests/nc_orphans.sh
View File

@@ -5,16 +5,16 @@ KAZ_ROOT=/kaz
setKazVars setKazVars
. $DOCKERS_ENV . $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh . $KAZ_BIN_DIR/getPasswords.sh ldapServ nextcloudDB
LDAP_IP=$(docker inspect -f '{{.NetworkSettings.Networks.ldapNet.IPAddress}}' ldapServ) LDAP_IP=$(docker inspect -f '{{.NetworkSettings.Networks.ldapNet.IPAddress}}' ldapServ)
docker exec -i nextcloudDB mysql --user=${nextcloud_MYSQL_USER} --password=${nextcloud_MYSQL_PASSWORD} ${nextcloud_MYSQL_DATABASE} <<< "select uid from oc_users;" > /tmp/nc_users.txt docker exec -i nextcloudDB mysql --user=${nextcloudDB_MYSQL_USER} --password=${nextcloudDB_MYSQL_PASSWORD} ${nextcloudDB_MYSQL_DATABASE} <<< "select uid from oc_users;" > /tmp/nc_users.txt
OLDIFS=${IFS} OLDIFS=${IFS}
IFS=$'\n' IFS=$'\n'
for line in `cat /tmp/nc_users.txt`; do for line in `cat /tmp/nc_users.txt`; do
result=$(ldapsearch -h $LDAP_IP -D "cn=${ldap_LDAP_ADMIN_USERNAME},${ldap_root}" -w ${ldap_LDAP_ADMIN_PASSWORD} -b $ldap_root -x "(identifiantKaz=${line})" | grep numEntries) result=$(ldapsearch -h $LDAP_IP -D "cn=${ldapServ_LDAP_ADMIN_USERNAME},${ldap_root}" -w ${ldapServ_LDAP_ADMIN_PASSWORD} -b $ldap_root -x "(identifiantKaz=${line})" | grep numEntries)
echo "${line} ${result}" | grep -v "numEntries: 1" | grep -v "^uid" echo "${line} ${result}" | grep -v "numEntries: 1" | grep -v "^uid"
done done
IFS=${OLDIFS} IFS=${OLDIFS}

17
bin/manageAgora.sh
View File

@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh . $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars setKazVars
. $DOCKERS_ENV . $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
#GLOBAL VARS #GLOBAL VARS
PRG=$(basename $0) PRG=$(basename $0)
@@ -83,7 +82,8 @@ Init(){
[ $? -ne 0 ] && printKazError "$DockerServName ne parvient pas à démarrer correctement : impossible de terminer l'install" && return 1 >& $QUIET [ $? -ne 0 ] && printKazError "$DockerServName ne parvient pas à démarrer correctement : impossible de terminer l'install" && return 1 >& $QUIET
# creation compte admin # creation compte admin
${SIMU} curl -i -d "{\"email\":\"${mattermost_MM_ADMIN_EMAIL}\",\"username\":\"${mattermost_user}\",\"password\":\"${mattermost_pass}\",\"allow_marketing\":true}" "${MATTER_URL}/api/v4/users" _getPasswords
${SIMU} curl -i -d "{\"email\":\"${mattermostServ_MM_ADMIN_EMAIL}\",\"username\":\"${mattermost_user}\",\"password\":\"${mattermost_pass}\",\"allow_marketing\":true}" "${MATTER_URL}/api/v4/users"
MM_TOKEN=$(_getMMToken ${MATTER_URL}) MM_TOKEN=$(_getMMToken ${MATTER_URL})
@@ -98,12 +98,13 @@ Version(){
_getMMToken(){ _getMMToken(){
#$1 MATTER_URL #$1 MATTER_URL
_getPasswords
${SIMU} curl -i -s -d "{\"login_id\":\"${mattermost_user}\",\"password\":\"${mattermost_pass}\"}" "${1}/api/v4/users/login" | grep 'token' | sed 's/token:\s*\(.*\)\s*/\1/' | tr -d '\r' ${SIMU} curl -i -s -d "{\"login_id\":\"${mattermost_user}\",\"password\":\"${mattermost_pass}\"}" "${1}/api/v4/users/login" | grep 'token' | sed 's/token:\s*\(.*\)\s*/\1/' | tr -d '\r'
} }
PostMessage(){ PostMessage(){
printKazMsg "Envoi à $TEAM : $MESSAGE" >& $QUIET printKazMsg "Envoi à $TEAM : $MESSAGE" >& $QUIET
_getPasswords
${SIMU} docker exec -ti "${DockerServName}" bin/mmctl auth login "${MATTER_URL}" --name local-server --username ${mattermost_user} --password ${mattermost_pass} ${SIMU} docker exec -ti "${DockerServName}" bin/mmctl auth login "${MATTER_URL}" --name local-server --username ${mattermost_user} --password ${mattermost_pass}
${SIMU} docker exec -ti "${DockerServName}" bin/mmctl post create "${TEAM}" --message "${MESSAGE}" ${SIMU} docker exec -ti "${DockerServName}" bin/mmctl post create "${TEAM}" --message "${MESSAGE}"
} }
@@ -113,6 +114,16 @@ MmctlCommand(){
${SIMU} docker exec -u 33 "$DockerServName" bin/mmctl $1 ${SIMU} docker exec -u 33 "$DockerServName" bin/mmctl $1
} }
_getPasswords(){
# récupération des infos du compte admin
if [ -n "$AGORACOMMUN" ] ; then
. $KAZ_KEY_DIR/env-mattermostAdmin
. $KAZ_BIN_DIR/getPasswords.sh mattermostServ
else
. $KAZ_KEY_DIR/orgas/${ORGA}/env-mattermostAdmin
. $KAZ_BIN_DIR/getPasswords.sh -d ${ORGA} mattermostServ
fi
}
########## Main ################# ########## Main #################
for ARG in "$@"; do for ARG in "$@"; do

16
bin/manageCastopod.sh
View File

@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh . $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars setKazVars
. $DOCKERS_ENV . $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
#GLOBAL VARS #GLOBAL VARS
PRG=$(basename $0) PRG=$(basename $0)
@@ -63,11 +62,12 @@ Init(){
cookies=$(curl -c - ${POD_URL}) cookies=$(curl -c - ${POD_URL})
CSRF_TOKEN=$(curl --cookie <(echo "$cookies") ${POD_URL}/cp-install | grep "csrf_test_name" | sed "s/.*value=.//" | sed "s/.>//") CSRF_TOKEN=$(curl --cookie <(echo "$cookies") ${POD_URL}/cp-install | grep "csrf_test_name" | sed "s/.*value=.//" | sed "s/.>//")
_getPasswords
#echo ${CSRF_TOKEN} #echo ${CSRF_TOKEN}
${SIMU} curl --cookie <(echo "$cookies") -X POST \ ${SIMU} curl --cookie <(echo "$cookies") -X POST \
-d "username=${castopod_ADMIN_USER}" \ -d "username=${ADMIN_USER}" \
-d "password=${castopod_ADMIN_PASSWORD}" \ -d "password=${ADMIN_PASSWORD}" \
-d "email=${castopod_ADMIN_MAIL}" \ -d "email=${ADMIN_MAIL}" \
-d "csrf_test_name=${CSRF_TOKEN}" \ -d "csrf_test_name=${CSRF_TOKEN}" \
"${POD_URL}/cp-install/create-superadmin" "${POD_URL}/cp-install/create-superadmin"
@@ -78,7 +78,13 @@ Version(){
echo "Version $DockerServName : ${GREEN}${VERSION}${NC}" echo "Version $DockerServName : ${GREEN}${VERSION}${NC}"
} }
_getPasswords(){
if [ -n "$CASTOPOD_COMMUN" ]; then
. $KAZ_KEY_DIR/env-castopodAdmin
else
. $KAZ_KEY_DIR/orgas/$ORGA/env-castopodAdmin
fi
}
########## Main ################# ########## Main #################
for ARG in "$@"; do for ARG in "$@"; do

33
bin/manageCloud.sh
View File

@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh . $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars setKazVars
. $DOCKERS_ENV . $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
#GLOBAL VARS #GLOBAL VARS
PRG=$(basename $0) PRG=$(basename $0)
@@ -75,7 +74,7 @@ Init(){
CONF_FILE="${NAS_VOL}/orga_${ORGA}-cloudConfig/_data/config.php" CONF_FILE="${NAS_VOL}/orga_${ORGA}-cloudConfig/_data/config.php"
fi fi
firstInstall "$CLOUD_URL" "$CONF_FILE" " NextCloud de $NOM" firstInstall "$CLOUD_URL" "$CONF_FILE" "$NOM"
updatePhpConf "$CONF_FILE" updatePhpConf "$CONF_FILE"
InstallApplis InstallApplis
echo "${CYAN} *** Paramétrage richdocuments pour $ORGA${NC}" >& $QUIET echo "${CYAN} *** Paramétrage richdocuments pour $ORGA${NC}" >& $QUIET
@@ -100,25 +99,38 @@ firstInstall(){
# $2 phpConfFile # $2 phpConfFile
# $3 orga # $3 orga
if ! grep -q "'installed' => true," "$2" 2> /dev/null; then if ! grep -q "'installed' => true," "$2" 2> /dev/null; then
printKazMsg "\n *** Premier lancement de $3" >& $QUIET
printKazMsg "\n *** Premier lancement nextcloud $3" >& $QUIET
_getPasswords
${SIMU} waitUrl "$1" ${SIMU} waitUrl "$1"
${SIMU} curl -X POST \ ${SIMU} curl -X POST \
-d "install=true" \ -d "install=true" \
-d "adminlogin=${nextcloud_NEXTCLOUD_ADMIN_USER}" \ -d "adminlogin=${NEXTCLOUD_ADMIN_USER}" \
-d "adminpass=${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}" \ -d "adminpass=${NEXTCLOUD_ADMIN_PASSWORD}" \
-d "directory=/var/www/html/data" \ -d "directory=/var/www/html/data" \
-d "dbtype=mysql" \ -d "dbtype=mysql" \
-d "dbuser=${nextcloud_MYSQL_USER}" \ -d "dbuser=${MYSQL_USER}" \
-d "dbpass=${nextcloud_MYSQL_PASSWORD}" \ -d "dbpass=${MYSQL_PASSWORD}" \
-d "dbname=${nextcloud_MYSQL_DATABASE}" \ -d "dbname=${MYSQL_DATABASE}" \
-d "dbhost=${nextcloud_MYSQL_HOST}" \ -d "dbhost=${MYSQL_HOST}" \
-d "install-recommended-apps=true" \ -d "install-recommended-apps=true" \
"$1" "$1"
fi fi
} }
_getPasswords(){
if [ -n "$CLOUDCOMMUN" ]; then
. $KAZ_KEY_DIR/env-nextcloudServ
. $KAZ_KEY_DIR/env-nextcloudDB
else
. $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudServ
. $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudDB
fi
}
setOfficeUrl(){ setOfficeUrl(){
# Did le 25 mars les offices sont tous normalisé sur les serveurs https://${site}-${officeHost}.${domain} # Did le 25 mars les offices sont tous normalisé sur les serveurs https://${site}-${officeHost}.${domain}
#OFFICE_URL="https://${officeHost}.${domain}" #OFFICE_URL="https://${officeHost}.${domain}"
@@ -131,13 +143,14 @@ setOfficeUrl(){
} }
initLdap(){ initLdap(){
. $KAZ_BIN_DIR/getPasswords.sh ldapServ
# $1 Nom du cloud # $1 Nom du cloud
echo "${CYAN} *** Installation LDAP pour $1${NC}" >& $QUIET echo "${CYAN} *** Installation LDAP pour $1${NC}" >& $QUIET
occCommand "app:enable user_ldap" "${DockerServName}" occCommand "app:enable user_ldap" "${DockerServName}"
occCommand "ldap:delete-config s01" "${DockerServName}" occCommand "ldap:delete-config s01" "${DockerServName}"
occCommand "ldap:create-empty-config" "${DockerServName}" occCommand "ldap:create-empty-config" "${DockerServName}"
occCommand "ldap:set-config s01 ldapAgentName cn=cloud,ou=applications,${ldap_root}" "${DockerServName}" occCommand "ldap:set-config s01 ldapAgentName cn=cloud,ou=applications,${ldap_root}" "${DockerServName}"
occCommand "ldap:set-config s01 ldapAgentPassword ${ldap_LDAP_CLOUD_PASSWORD}" "${DockerServName}" occCommand "ldap:set-config s01 ldapAgentPassword ${ldapServ_LDAP_CLOUD_PASSWORD}" "${DockerServName}"
occCommand "ldap:set-config s01 ldapBase ${ldap_root}" "${DockerServName}" occCommand "ldap:set-config s01 ldapBase ${ldap_root}" "${DockerServName}"
occCommand "ldap:set-config s01 ldapBaseGroups ${ldap_root}" "${DockerServName}" occCommand "ldap:set-config s01 ldapBaseGroups ${ldap_root}" "${DockerServName}"
occCommand "ldap:set-config s01 ldapBaseUsers ou=users,${ldap_root}" "${DockerServName}" occCommand "ldap:set-config s01 ldapBaseUsers ou=users,${ldap_root}" "${DockerServName}"

19
bin/manageWiki.sh
View File

@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh . $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars setKazVars
. $DOCKERS_ENV . $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
#GLOBAL VARS #GLOBAL VARS
PRG=$(basename $0) PRG=$(basename $0)
@@ -55,15 +54,7 @@ Init(){
PLG_DIR="${VOL_PREFIX}wikiPlugins/_data" PLG_DIR="${VOL_PREFIX}wikiPlugins/_data"
CONF_DIR="${VOL_PREFIX}wikiConf/_data" CONF_DIR="${VOL_PREFIX}wikiConf/_data"
# Gael, j'avais ajouté ça mais j'ai pas test alors je laisse comme avant ... . $KAZ_BIN_DIR/getPasswords.sh dokuwiki
# A charge au prochain qui monte un wiki de faire qque chose
#WIKI_ROOT="${dokuwiki_WIKI_ROOT}"
#WIKI_EMAIL="${dokuwiki_WIKI_EMAIL}"
#WIKI_PASS="${dokuwiki_WIKI_PASSWORD}"
WIKI_ROOT=Kaz
WIKI_EMAIL=wiki@kaz.local
WIKI_PASS=azerty
${SIMU} checkDockerRunning "${DockerServName}" "${NOM}" || exit ${SIMU} checkDockerRunning "${DockerServName}" "${NOM}" || exit
@@ -77,11 +68,11 @@ Init(){
-d "l=fr" \ -d "l=fr" \
-d "d[title]=${NOM}" \ -d "d[title]=${NOM}" \
-d "d[acl]=true" \ -d "d[acl]=true" \
-d "d[superuser]=${WIKI_ROOT}" \ -d "d[superuser]=${dokuwiki_WIKI_ROOT}" \
-d "d[fullname]=Admin"\ -d "d[fullname]=Admin"\
-d "d[email]=${WIKI_EMAIL}" \ -d "d[email]=${dokuwiki_WIKI_EMAIL}" \
-d "d[password]=${WIKI_PASS}" \ -d "d[password]=${dokuwiki_WIKI_PASSWORD}" \
-d "d[confirm]=${WIKI_PASS}" \ -d "d[confirm]=${dokuwiki_WIKI_PASSWORD}" \
-d "d[policy]=1" \ -d "d[policy]=1" \
-d "d[allowreg]=false" \ -d "d[allowreg]=false" \
-d "d[license]=0" \ -d "d[license]=0" \

9
bin/manageWp.sh
View File

@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh . $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars setKazVars
. $DOCKERS_ENV . $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
#GLOBAL VARS #GLOBAL VARS
PRG=$(basename $0) PRG=$(basename $0)
@@ -61,11 +60,11 @@ Init(){
echo "\n *** Premier lancement de WP" >& $QUIET echo "\n *** Premier lancement de WP" >& $QUIET
${SIMU} waitUrl "${WP_URL}" ${SIMU} waitUrl "${WP_URL}"
. $KAZ_BIN_DIR/getPasswords.sh wpServ
${SIMU} curl -X POST \ ${SIMU} curl -X POST \
-d "user_name=${wp_WORDPRESS_ADMIN_USER}" \ -d "user_name=${wpServ_WORDPRESS_ADMIN_USER}" \
-d "admin_password=${wp_WORDPRESS_ADMIN_PASSWORD}" \ -d "admin_password=${wpServ_WORDPRESS_ADMIN_PASSWORD}" \
-d "admin_password2=${wp_WORDPRESS_ADMIN_PASSWORD}" \ -d "admin_password2=${wpServ_WORDPRESS_ADMIN_PASSWORD}" \
-d "pw_weak=true" \ -d "pw_weak=true" \
-d "admin_email=admin@kaz.bzh" \ -d "admin_email=admin@kaz.bzh" \
-d "blog_public=0" \ -d "blog_public=0" \

68
bin/migGestionMotsDePasse.sh Normal file
View File

@@ -0,0 +1,68 @@
#!/bin/bash
KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars
. $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
newenvfile=$KAZ_KEY_DIR/env-mattermostAdmin
touch $newenvfile
echo "mattermost_user=$mattermost_user" >> $newenvfile
echo "mattermost_pass=$mattermost_pass" >> $newenvfile
echo "mattermost_token=$mattermost_token" >> $newenvfile
echo "EMAIL_CONTACT=$EMAIL_CONTACT" >> $DOCKERS_ENV
newenvfile=$KAZ_KEY_DIR/env-paheko
touch $newenvfile
echo "API_USER=$paheko_API_USER" >> $newenvfile
echo "API_PASSWORD=$paheko_API_PASSWORD" >> $newenvfile
newenvfile=$KAZ_KEY_DIR/env-mail
touch $newenvfile
echo "service_mail=$service_mail" >> $newenvfile
echo "service_password=$service_password" >> $newenvfile
newenvfile=$KAZ_KEY_DIR/env-borg
# touch $newenvfile à priori il existe déjà
echo "BORG_REPO=$BORG_REPO" >> $newenvfile
echo "BORG_PASSPHRASE=$BORG_PASSPHRASE" >> $newenvfile
echo "VOLUME_SAUVEGARDES=$VOLUME_SAUVEGARDES" >> $newenvfile
echo "MAIL_RAPPORT=$MAIL_RAPPORT" >> $newenvfile
echo "BORGMOUNT=$BORGMOUNT" >> $newenvfile
newenvfile=$KAZ_KEY_DIR/env-traefik
touch $newenvfile
echo "DASHBOARD_USER=$traefik_DASHBOARD_USER" >> $newenvfile
echo "DASHBOARD_PASSWORD=$traefik_DASHBOARD_PASSWORD" >> $newenvfile
#####################
# Castopod
# A COPIER DANS UN FICHIER DE CONF !! castopodAdmin
newenvfile=$KAZ_KEY_DIR/env-castopodAdmin
touch $newenvfile
echo "ADMIN_USER=$castopod_ADMIN_USER" >> $newenvfile
echo "ADMIN_MAIL=$castopod_ADMIN_MAIL" >> $newenvfile
echo "ADMIN_PASSWORD=$castopod_ADMIN_PASSWORD" >> $newenvfile
# creation dossier pour les env des orgas
mkdir $KAZ_KEY_DIR/orgas
orgasLong=($(getList "${KAZ_CONF_DIR}/container-orga.list"))
ORGAS=${orgasLong[*]//-orga/}
for orga in ${ORGAS};do
mkdir $KAZ_KEY_DIR/orgas/$orga
cp $KAZ_KEY_DIR/env-{castopod{Admin,DB,Serv},mattermost{DB,Serv},nextcloud{DB,Serv},spip{DB,Serv},wp{DB,Serv}} $KAZ_KEY_DIR/orgas/$orga
done
echo "C'est parfait, vous pouvez git pull puis supprimer SetAllPass.sh"

2
bin/migVersProdX.sh
View File

@@ -9,7 +9,6 @@ KAZ_ROOT=$(cd "$(dirname $0)/.."; pwd)
setKazVars setKazVars
. $DOCKERS_ENV . $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
. $KAZ_ROOT/secret/env-kaz . $KAZ_ROOT/secret/env-kaz
@@ -133,6 +132,7 @@ for orgaLong in ${Orgas}; do
${SIMU} rsync -aAhHX --info=progress2 --delete "${DOCK_VOL_PAHEKO_ORGA}/${orgaCourt}" -e "ssh -p 2201" root@${SITE_DST}.${domain}:"${DOCK_VOL_PAHEKO_ORGA}/" ${SIMU} rsync -aAhHX --info=progress2 --delete "${DOCK_VOL_PAHEKO_ORGA}/${orgaCourt}" -e "ssh -p 2201" root@${SITE_DST}.${domain}:"${DOCK_VOL_PAHEKO_ORGA}/"
fi fi
${SIMU} rsync -aAhHX --info=progress2 --delete ${KAZ_COMP_DIR}/${orgaLong} -e "ssh -p 2201" root@${SITE_DST}.${domain}:${KAZ_COMP_DIR}/ ${SIMU} rsync -aAhHX --info=progress2 --delete ${KAZ_COMP_DIR}/${orgaLong} -e "ssh -p 2201" root@${SITE_DST}.${domain}:${KAZ_COMP_DIR}/
${SIMU} rsync -aAhHX --info=progress2 --delete ${KAZ_KEY_DIR}/orgas/${orgaCourt} -e "ssh -p 2201" root@${SITE_DST}.${domain}:${KAZ_KEY_DIR}/orgas/${orgaCourt}
${SIMU} ssh -p 2201 root@${SITE_DST}.${domain} "grep -q '^${orgaLong}\$' /kaz/config/container-orga.list || echo ${orgaLong} >> /kaz/config/container-orga.list" ${SIMU} ssh -p 2201 root@${SITE_DST}.${domain} "grep -q '^${orgaLong}\$' /kaz/config/container-orga.list || echo ${orgaLong} >> /kaz/config/container-orga.list"
${SIMU} ssh -p 2201 root@${SITE_DST}.${domain} ${KAZ_COMP_DIR}/${orgaLong}/init-volume.sh ${SIMU} ssh -p 2201 root@${SITE_DST}.${domain} ${KAZ_COMP_DIR}/${orgaLong}/init-volume.sh

3
bin/migration.sh
View File

@@ -20,8 +20,7 @@ ${SIMU} "${CV1}" stop orga
${SIMU} "${CV1}" stop ${SIMU} "${CV1}" stop
${SIMU} rsync "${EV1}/dockers.env" "${EV2}/" ${SIMU} rsync "${EV1}/dockers.env" "${EV2}/"
${SIMU} rsync "${SV1}/SetAllPass.sh" "${SV2}/" ${SIMU} rsync "${SV1}/" "${SV2}/"
${SIMU} "${BV2}/updateDockerPassword.sh"
# XXX ? rsync /kaz/secret/allow_admin_ip /kaz-git/secret/allow_admin_ip # XXX ? rsync /kaz/secret/allow_admin_ip /kaz-git/secret/allow_admin_ip

2
bin/nextcloud_maintenance.sh
View File

@@ -4,12 +4,12 @@ KAZ_ROOT=/kaz
. $KAZ_ROOT/bin/.commonFunctions.sh . $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars setKazVars
. $DOCKERS_ENV . $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
URL_AGORA=https://$matterHost.$domain/api/v4 URL_AGORA=https://$matterHost.$domain/api/v4
EQUIPE=kaz EQUIPE=kaz
PostMattermost() { PostMattermost() {
. $KAZ_KEY_DIR/env-mattermostAdmin
PostM=$1 PostM=$1
CHANNEL=$2 CHANNEL=$2
TEAMID=$(curl -s -H "Authorization: Bearer ${mattermost_token}" "${URL_AGORA}/teams/name/${EQUIPE}" | jq .id | sed -e 's/"//g') TEAMID=$(curl -s -H "Authorization: Bearer ${mattermost_token}" "${URL_AGORA}/teams/name/${EQUIPE}" | jq .id | sed -e 's/"//g')

3
bin/postfix-superviz.sh
View File

@@ -6,7 +6,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
setKazVars setKazVars
. $DOCKERS_ENV . $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh
URL_AGORA=$(echo $matterHost).$(echo $domain) URL_AGORA=$(echo $matterHost).$(echo $domain)
MAX_QUEUE=50 MAX_QUEUE=50
@@ -15,6 +14,8 @@ OLDIFS=$IFS
IFS=" " IFS=" "
COUNT_MAILQ=$(docker exec -t mailServ mailq | tail -n1 | gawk '{print $5}') COUNT_MAILQ=$(docker exec -t mailServ mailq | tail -n1 | gawk '{print $5}')
# récupération mots de passes
. $KAZ_KEY_DIR/env-mattermostAdmin
docker exec ${mattermostServName} bin/mmctl --suppress-warnings auth login $httpProto://$URL_AGORA --name local-server --username $mattermost_user --password $mattermost_pass >/dev/null 2>&1 docker exec ${mattermostServName} bin/mmctl --suppress-warnings auth login $httpProto://$URL_AGORA --name local-server --username $mattermost_user --password $mattermost_pass >/dev/null 2>&1
if [ "${COUNT_MAILQ}" -gt "${MAX_QUEUE}" ]; then if [ "${COUNT_MAILQ}" -gt "${MAX_QUEUE}" ]; then

2
bin/scriptBorg.sh
View File

@@ -17,7 +17,7 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
. $KAZ_ROOT/bin/.commonFunctions.sh . $KAZ_ROOT/bin/.commonFunctions.sh
setKazVars setKazVars
. $DOCKERS_ENV . $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh . $KAZ_BIN_DIR/getPasswords.sh borg
VERSION="V-10-03-2025" VERSION="V-10-03-2025"
PRG=$(basename $0) PRG=$(basename $0)

167
bin/secretGen.sh
View File

@@ -3,70 +3,137 @@
KAZ_ROOT=$(cd "$(dirname $0)/.."; pwd) KAZ_ROOT=$(cd "$(dirname $0)/.."; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh" . "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars setKazVars
. $DOCKERS_ENV
cd "${KAZ_ROOT}" cd "${KAZ_ROOT}"
NEW_DIR="secret" NEW_DIR="secret"
TMPL_DIR="secret.tmpl" TMPL_DIR="secret.tmpl"
SORTIESTANDARD=1
DIR=$KAZ_KEY_DIR
ORGA=
if [ ! -d "${NEW_DIR}/" ]; then if [ ! -d "${NEW_DIR}/" ]; then
rsync -a "${TMPL_DIR}/" "${NEW_DIR}/" rsync -a "${TMPL_DIR}/" "${NEW_DIR}/"
fi fi
NEW_FILE="${NEW_DIR}/SetAllPass-new.sh" usage() {
TMPL_FILE="${NEW_DIR}/SetAllPass.sh" echo "${PRG} [OPTIONS] [filename ...]
# PARCOURE LES ENV FILE ET REMPLIT LES --clean_val-- qui n'ont pas été complétés.
on cherche des
@@pass@@***@@p@@ -> on génère un mot de passe 16car (les *** permettent d'identifier le mot de passe, s'il doit être utilisé ailleurs)
@@db@@***@@d@@ -> on génère une base de données (pareil identifié par ***)
@@user@@***@@u@@ -> on génère un user
@@token@@***@@t@@ -> on génère un token
@@globalvar@@***@@gv@@ -> on cherche la variable globale ***
@@crossvar@@envname_varname@@cv@@ -> on retrouve la variable dans les envfiles
while read line ; do Si on précise des fichiers, alors il ne remplace que dans ceux là (et on "lie" les clean-val ensemble !!!)
if [[ "${line}" =~ ^# ]] || [ -z "${line}" ] ; then OPTIONS
echo "${line}" -h|--help Cette aide :-)
continue -n|--simu SIMULATION
fi -q|--quiet Sans bruits de fond
if [[ "${line}" =~ "--clean_val--" ]] ; then -d foldername prend les envfiles dans un sous dossier /kaz/secret/orgas/foldername/ (pour les orgas !)
case "${line}" in -
*jirafeau_DATA_DIR*)
JIRAFEAU_DIR=$(getValInFile "${DOCKERS_ENV}" "jirafeauDir") "
[ -z "${JIRAFEAU_DIR}" ] && }
echo "${line}" ||
sed "s%\(.*\)--clean_val--\(.*\)%\1${JIRAFEAU_DIR}\2%" <<< ${line} for ARG in "$@"; do
continue if [ -n "${DIRECTORYARG}" ]; then # après un -d
;; DIR=$KAZ_KEY_DIR/orgas/${ARG}
*DATABASE*|*DB_NAME*) ORGA=${ARG}
dbName="$(sed "s/\([^_]*\)_.*/\1/" <<< ${line})_$(apg -n 1 -m 2 -M NCL | cut -c 1-2)" DIRECTORYARG=
sed "s/\(.*\)--clean_val--\(.*\)/\1${dbName}\2/" <<< ${line}
continue
;;
*ROOT_PASSWORD*|*PASSWORD*|*SECRET*)
pass="$(apg -n 1 -m 16 -M NCL)"
sed "s/\(.*\)--clean_val--\(.*\)/\1${pass}\2/" <<< ${line}
continue
;;
*USER*)
user="$(sed "s/\([^_]*\)_.*/\1/" <<< ${line})_$(apg -n 1 -m 2 -M NCL | cut -c 1-2)"
sed "s/\(.*\)--clean_val--\(.*\)/\1${user}\2/" <<< ${line}
continue
;;
*RAIN_LOOP*|*office_password*|*mattermost_*|*sympa_*|*gitea_*)
pass="$(apg -n 1 -m 16 -M NCL)"
sed "s/\(.*\)--clean_val--\(.*\)/\1${pass}\2/" <<< ${line}
continue
;;
*vaultwarden_ADMIN_TOKEN*)
pass="$(apg -n 1 -m 32 -M NCL)"
sed "s/\(.*\)--clean_val--\(.*\)/\1${pass}\2/" <<< ${line}
continue
;;
esac
else else
echo "${line}"
continue case "${ARG}" in
'-d' | '--directory' | '-f' | '--folder' | '--foldername')
DIRECTORYARG="ON ATTEND UN REPERTOIRE APRES CA" ;;
'-h' | '--help' )
usage && exit ;;
'-n' | '--simu')
SIMU="echo" ;;
'-q' | '--quiet')
SORTIESTANDARD="/dev/null" ;;
*)
ENVFILES="${ENVFILES} ${ARG%}";;
esac
fi fi
printKazError "${line}" >&2 done
done < "${TMPL_FILE}" > "${NEW_FILE}"
mv "${NEW_FILE}" "${TMPL_FILE}" NB_FILES=$(echo "${ENVFILES}" | wc -w )
chmod a+x "${TMPL_FILE}" if [[ $NB_FILES = 0 ]]; then
. "${TMPL_FILE}" ENVFILES=$(grep -lE '@@pass@@|@@db@@|@@user@@|@@token@@|@@globalvar@@|@@crossvar@@' $DIR/* | sed 's/.*\///') #
"${KAZ_BIN_DIR}/updateDockerPassword.sh" fi
secretGen(){
# $1 Le env-file à compléter
FILENAME=$DIR/$1
NBMATCH=$(grep -lE '@@pass@@|@@db@@|@@user@@|@@token@@|@@globalvar@@' $FILENAME | wc -l) # est ce qu'il y a des choses à génrérer
if [[ $NBMATCH = 0 ]]; then
true
# rien à faire dans ce fichier, on passe
else
echo "Remplissage $FILENAME" >& $SORTIESTANDARD
db="$(apg -n 1 -m 2 -M NCL | cut -c 1-2)"
pass="$(apg -n 1 -m 16 -M NCL)"
token="$(apg -n 1 -m 32 -M NCL)"
user="$(apg -n 1 -m 2 -M NCL | cut -c 1-2)"
dbs=$(grep -Eo '@@db@@[^@]*@@d@@' $FILENAME | sed -e 's/@@db@@//' -e 's/@@d@@//')
passwords=$(grep -Eo '@@pass@@[^@]*@@p@@' $FILENAME | sed -e 's/@@pass@@//' -e 's/@@p@@//')
tokens=$(grep -Eo '@@token@@[^@]*@@t@@' $FILENAME | sed -e 's/@@token@@//' -e 's/@@t@@//')
users=$(grep -Eo '@@user@@[^@]*@@u@@' $FILENAME | sed -e 's/@@user@@//' -e 's/@@u@@//')
globalvars=$(grep -Eo '@@globalvar@@[^@]*@@gv@@' $FILENAME | sed -e 's/@@globalvar@@//' -e 's/@@gv@@//')
for dbName in $dbs; do $SIMU sed -i "s/@@db@@$dbName@@d@@/${dbName}_$db/" $DIR/*; done
for pw in $passwords; do $SIMU sed -i "s/@@pass@@$pw@@p@@/${pass}/" $DIR/*; done
for tk in $tokens; do $SIMU sed -i "s/@@token@@$tk@@t@@/${token}/" $DIR/*; done
for u in $users; do $SIMU sed -i "s/@@user@@$u@@u@@/${u}_$user/" $DIR/*; done
for var in $globalvars; do $SIMU sed -i "s/@@globalvar@@$var@@gv@@/${!var}/" $DIR/*; done
fi
}
crossVarComplete(){
# $1 Le env-file à compléter
FILENAME=$DIR/$1
NBMATCH=$(grep -lE '@@crossvar@@' $FILENAME | wc -l) # est ce qu'il y a des cross-var à récupérer
if [[ $NBMATCH = 0 ]]; then
true
# rien à faire dans ce fichier, on passe
else
echo "Remplissage $FILENAME" >& $SORTIESTANDARD
varnames=$(grep -Eo '@@crossvar@@[^@]*@@cv@@' $FILENAME | sed -e 's/@@crossvar@@//' -e 's/@@cv@@//')
for varname in $varnames; do
envname=${varname%%_*}
value=$(/$KAZ_BIN_DIR/getPasswords.sh -e $varname $envname -d $ORGA)
$SIMU sed -i "s/@@crossvar@@$varname@@cv@@/${value}/" $DIR/*;
done
fi
}
for ENVFILE in $ENVFILES; do
secretGen "$ENVFILE"
done
for ENVFILE in $ENVFILES; do
crossVarComplete "$ENVFILE"
done
exit 0 exit 0

127
bin/updateDockerPassword.sh
View File

@@ -1,127 +0,0 @@
#!/bin/bash
KAZ_ROOT=$(cd $(dirname $0)/..; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars
# pour mise au point
# SIMU=echo
# Améliorations à prévoir
# - donner en paramètre les services concernés (pour limité les modifications)
# - pour les DB si on déclare un nouveau login, alors les privilèges sont créé mais les anciens pas révoqués
. "${DOCKERS_ENV}"
. "${KAZ_KEY_DIR}/SetAllPass.sh"
updateEnvDB(){
# $1 = prefix
# $2 = envName
# $3 = containerName of DB
rootPass="$1_MYSQL_ROOT_PASSWORD"
dbName="$1_MYSQL_DATABASE"
userName="$1_MYSQL_USER"
userPass="$1_MYSQL_PASSWORD"
${SIMU} sed -i \
-e "s/MYSQL_ROOT_PASSWORD=.*/MYSQL_ROOT_PASSWORD=${!rootPass}/g" \
-e "s/MYSQL_DATABASE=.*/MYSQL_DATABASE=${!dbName}/g" \
-e "s/MYSQL_USER=.*/MYSQL_USER=${!userName}/g" \
-e "s/MYSQL_PASSWORD=.*/MYSQL_PASSWORD=${!userPass}/g" \
"$2"
# seulement si pas de mdp pour root
# pb oeuf et poule (il faudrait les anciennes valeurs) :
# * si rootPass change, faire à la main
# * si dbName change, faire à la main
checkDockerRunning "$3" "$3" || return
echo "change DB pass on docker $3"
echo "grant all privileges on ${!dbName}.* to '${!userName}' identified by '${!userPass}';" | \
docker exec -i $3 bash -c "mysql --user=root --password=${!rootPass}"
}
updateEnv(){
# $1 = prefix
# $2 = envName
for varName in $(grep "^[a-zA-Z_]*=" $2 | sed "s/^\([^=]*\)=.*/\1/g")
do
srcName="$1_${varName}"
srcVal=$(echo "${!srcName}" | sed -e "s/[&]/\\\&/g")
${SIMU} sed -i \
-e "s%^[ ]*${varName}=.*\$%${varName}=${srcVal}%" \
"$2"
done
}
framadateUpdate(){
[[ "${COMP_ENABLE}" =~ " framadate " ]] || return
if [ ! -f "${DOCK_LIB}/volumes/framadate_dateConfig/_data/config.php" ]; then
return 0
fi
checkDockerRunning "${framadateServName}" "Framadate" &&
${SIMU} docker exec -ti "${framadateServName}" bash -c -i "htpasswd -bc /var/framadate/admin/.htpasswd ${framadate_HTTPD_USER} ${framadate_HTTPD_PASSWORD}"
${SIMU} sed -i \
-e "s/^#*const DB_USER[ ]*=.*$/const DB_USER= '${framadate_MYSQL_USER}';/g" \
-e "s/^#*const DB_PASSWORD[ ]*=.*$/const DB_PASSWORD= '${framadate_MYSQL_PASSWORD}';/g" \
"${DOCK_LIB}/volumes/framadate_dateConfig/_data/config.php"
}
jirafeauUpdate(){
[[ "${COMP_ENABLE}" =~ " jirafeau " ]] || return
if [ ! -f "${DOCK_LIB}/volumes/jirafeau_fileConfig/_data/config.local.php" ]; then
return 0
fi
SHA=$(echo -n "${jirafeau_HTTPD_PASSWORD}" | sha256sum | cut -d \ -f 1)
${SIMU} sed -i \
-e "s/'admin_password'[ ]*=>[ ]*'[^']*'/'admin_password' => '${SHA}'/g" \
"${DOCK_LIB}/volumes/jirafeau_fileConfig/_data/config.local.php"
}
####################
# main
updateEnvDB "etherpad" "${KAZ_KEY_DIR}/env-${etherpadDBName}" "${etherpadDBName}"
updateEnvDB "framadate" "${KAZ_KEY_DIR}/env-${framadateDBName}" "${framadateDBName}"
updateEnvDB "gitea" "${KAZ_KEY_DIR}/env-${gitDBName}" "${gitDBName}"
updateEnvDB "nextcloud" "${KAZ_KEY_DIR}/env-${nextcloudDBName}" "${nextcloudDBName}"
updateEnvDB "roundcube" "${KAZ_KEY_DIR}/env-${roundcubeDBName}" "${roundcubeDBName}"
updateEnvDB "sympa" "${KAZ_KEY_DIR}/env-${sympaDBName}" "${sympaDBName}"
updateEnvDB "vigilo" "${KAZ_KEY_DIR}/env-${vigiloDBName}" "${vigiloDBName}"
updateEnvDB "wp" "${KAZ_KEY_DIR}/env-${wordpressDBName}" "${wordpressDBName}"
updateEnvDB "vaultwarden" "${KAZ_KEY_DIR}/env-${vaultwardenDBName}" "${vaultwardenDBName}"
updateEnvDB "castopod" "${KAZ_KEY_DIR}/env-${castopodDBName}" "${castopodDBName}"
updateEnvDB "spip" "${KAZ_KEY_DIR}/env-${spipDBName}" "${spipDBName}"
updateEnvDB "mastodon" "${KAZ_KEY_DIR}/env-${mastodonDBName}" "${mastodonDBName}"
updateEnv "apikaz" "${KAZ_KEY_DIR}/env-${apikazServName}"
updateEnv "ethercalc" "${KAZ_KEY_DIR}/env-${ethercalcServName}"
updateEnv "etherpad" "${KAZ_KEY_DIR}/env-${etherpadServName}"
updateEnv "framadate" "${KAZ_KEY_DIR}/env-${framadateServName}"
updateEnv "gandi" "${KAZ_KEY_DIR}/env-gandi"
updateEnv "gitea" "${KAZ_KEY_DIR}/env-${gitServName}"
updateEnv "jirafeau" "${KAZ_KEY_DIR}/env-${jirafeauServName}"
updateEnv "mattermost" "${KAZ_KEY_DIR}/env-${mattermostServName}"
updateEnv "mattermost" "${KAZ_KEY_DIR}/env-${mattermostDBName}"
updateEnv "nextcloud" "${KAZ_KEY_DIR}/env-${nextcloudServName}"
updateEnv "office" "${KAZ_KEY_DIR}/env-${officeServName}"
updateEnv "roundcube" "${KAZ_KEY_DIR}/env-${roundcubeServName}"
updateEnv "vigilo" "${KAZ_KEY_DIR}/env-${vigiloServName}"
updateEnv "wp" "${KAZ_KEY_DIR}/env-${wordpressServName}"
updateEnv "ldap" "${KAZ_KEY_DIR}/env-${ldapServName}"
updateEnv "sympa" "${KAZ_KEY_DIR}/env-${sympaServName}"
updateEnv "mail" "${KAZ_KEY_DIR}/env-${smtpServName}"
updateEnv "mobilizon" "${KAZ_KEY_DIR}/env-${mobilizonServName}"
updateEnv "mobilizon" "${KAZ_KEY_DIR}/env-${mobilizonDBName}"
updateEnv "vaultwarden" "${KAZ_KEY_DIR}/env-${vaultwardenServName}"
updateEnv "castopod" "${KAZ_KEY_DIR}/env-${castopodServName}"
updateEnv "spip" "${KAZ_KEY_DIR}/env-${spipServName}"
updateEnv "ldap" "${KAZ_KEY_DIR}/env-${ldapUIName}"
updateEnv "peertube" "${KAZ_KEY_DIR}/env-${peertubeServName}"
updateEnv "peertube" "${KAZ_KEY_DIR}/env-${peertubeDBName}" "${peertubeDBName}"
updateEnv "mastodon" "${KAZ_KEY_DIR}/env-${mastodonServName}"
framadateUpdate
jirafeauUpdate
exit 0

1
bin/verifExistenceMails.sh
View File

@@ -12,7 +12,6 @@ setKazVars
cd $(dirname $0)/.. cd $(dirname $0)/..
. "${DOCKERS_ENV}" . "${DOCKERS_ENV}"
. "${KAZ_KEY_DIR}/SetAllPass.sh"
DOCK_DIR=$KAZ_COMP_DIR DOCK_DIR=$KAZ_COMP_DIR

4
config/container-proxy.list.tmpl
View File

@@ -1,2 +1,2 @@
# proxy proxy
traefik #traefik

2
config/container-withMail.list.tmpl
View File

@@ -4,7 +4,7 @@ dokuwiki
paheko paheko
gitea gitea
jirafeau jirafeau
#mattermost mattermost
roundcube roundcube
mobilizon mobilizon
vaultwarden vaultwarden

7
config/dockers.tmpl.env
View File

@@ -101,7 +101,7 @@ snappymailHost=snappymail
######################################## ########################################
# ports internes # ports internes
matterPort=8065 matterPort=8000
imapsyncPort=8080 imapsyncPort=8080
apikaz=5000 apikaz=5000
@@ -159,3 +159,8 @@ apikazServName=apikazServ
# services activés par container.sh # services activés par container.sh
# variables d'environneements utilisées # variables d'environneements utilisées
# pour le tmpl du mandataire (proxy) # pour le tmpl du mandataire (proxy)
##################
#qui on envoi le mail d'inscription ?
EMAIL_CONTACT="toto@kaz.bzh"

58
config/orgaTmpl/app/Dockerfile
View File

@@ -1,58 +0,0 @@
FROM alpine:3.17
# Some ENV variables
ENV PATH="/mattermost/bin:${PATH}"
#ENV MM_VERSION=5.32.0
ENV MM_VERSION=6.1.0
ENV MM_INSTALL_TYPE=docker
# Build argument to set Mattermost edition
ARG edition=enterprise
ARG PUID=2000
ARG PGID=2000
ARG MM_BINARY=
# Install some needed packages
RUN apk add --no-cache \
ca-certificates \
curl \
jq \
libc6-compat \
libffi-dev \
libcap \
linux-headers \
mailcap \
netcat-openbsd \
xmlsec-dev \
tzdata \
&& rm -rf /tmp/*
# Get Mattermost
RUN mkdir -p /mattermost/data /mattermost/plugins /mattermost/client/plugins \
&& if [ ! -z "$MM_BINARY" ]; then curl $MM_BINARY | tar -xvz ; \
elif [ "$edition" = "team" ] ; then curl https://releases.mattermost.com/$MM_VERSION/mattermost-team-$MM_VERSION-linux-amd64.tar.gz?src=docker-app | tar -xvz ; \
else curl https://releases.mattermost.com/$MM_VERSION/mattermost-$MM_VERSION-linux-amd64.tar.gz?src=docker-app | tar -xvz ; fi \
&& cp /mattermost/config/config.json /config.json.save \
&& rm -rf /mattermost/config/config.json \
&& addgroup -g ${PGID} mattermost \
&& adduser -D -u ${PUID} -G mattermost -h /mattermost -D mattermost \
&& chown -R mattermost:mattermost /mattermost /config.json.save /mattermost/plugins /mattermost/client/plugins \
&& setcap cap_net_bind_service=+ep /mattermost/bin/mattermost
USER mattermost
#Healthcheck to make sure container is ready
HEALTHCHECK CMD curl --fail http://localhost:8000 || exit 1
# Configure entrypoint and command
COPY entrypoint.sh /
ENTRYPOINT ["/entrypoint.sh"]
WORKDIR /mattermost
CMD ["mattermost"]
# Expose port 8000 of the container
EXPOSE 8000
# Declare volumes for mount point directories
VOLUME ["/mattermost/data", "/mattermost/logs", "/mattermost/config", "/mattermost/plugins", "/mattermost/client/plugins"]

82
config/orgaTmpl/app/entrypoint.sh
View File

@@ -1,82 +0,0 @@
#!/bin/sh
# Function to generate a random salt
generate_salt() {
tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 48 | head -n 1
}
# Read environment variables or set default values
DB_HOST=${DB_HOST:-db}
DB_PORT_NUMBER=${DB_PORT_NUMBER:-5432}
# see https://www.postgresql.org/docs/current/libpq-ssl.html
# for usage when database connection requires encryption
# filenames should be escaped if they contain spaces
# i.e. $(printf %s ${MY_ENV_VAR:-''} | jq -s -R -r @uri)
# the location of the CA file can be set using environment var PGSSLROOTCERT
# the location of the CRL file can be set using PGSSLCRL
# The URL syntax for connection string does not support the parameters
# sslrootcert and sslcrl reliably, so use these PostgreSQL-specified variables
# to set names if using a location other than default
DB_USE_SSL=${DB_USE_SSL:-disable}
MM_DBNAME=${MM_DBNAME:-mattermost}
MM_CONFIG=${MM_CONFIG:-/mattermost/config/config.json}
_1=$(echo "$1" | awk '{ s=substr($0, 0, 1); print s; }' )
if [ "$_1" = '-' ]; then
set -- mattermost "$@"
fi
if [ "$1" = 'mattermost' ]; then
# Check CLI args for a -config option
for ARG in "$@"; do
case "$ARG" in
-config=*) MM_CONFIG=${ARG#*=};;
esac
done
if [ ! -f "$MM_CONFIG" ]; then
# If there is no configuration file, create it with some default values
echo "No configuration file $MM_CONFIG"
echo "Creating a new one"
# Copy default configuration file
cp /config.json.save "$MM_CONFIG"
# Substitute some parameters with jq
jq '.ServiceSettings.ListenAddress = ":8000"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.LogSettings.EnableConsole = true' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.LogSettings.ConsoleLevel = "ERROR"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.FileSettings.Directory = "/mattermost/data/"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.FileSettings.EnablePublicLink = true' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq ".FileSettings.PublicLinkSalt = \"$(generate_salt)\"" "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.EmailSettings.SendEmailNotifications = false' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.EmailSettings.FeedbackEmail = ""' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.EmailSettings.SMTPServer = ""' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.EmailSettings.SMTPPort = ""' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq ".EmailSettings.InviteSalt = \"$(generate_salt)\"" "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq ".EmailSettings.PasswordResetSalt = \"$(generate_salt)\"" "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.RateLimitSettings.Enable = true' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.SqlSettings.DriverName = "postgres"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq ".SqlSettings.AtRestEncryptKey = \"$(generate_salt)\"" "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.PluginSettings.Directory = "/mattermost/plugins/"' "$MM_CONFIG" > "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
else
echo "Using existing config file $MM_CONFIG"
fi
# Configure database access
if [ -z "$MM_SQLSETTINGS_DATASOURCE" ] && [ -n "$MM_USERNAME" ] && [ -n "$MM_PASSWORD" ]; then
echo "Configure database connection..."
# URLEncode the password, allowing for special characters
ENCODED_PASSWORD=$(printf %s "$MM_PASSWORD" | jq -s -R -r @uri)
export MM_SQLSETTINGS_DATASOURCE="postgres://$MM_USERNAME:$ENCODED_PASSWORD@$DB_HOST:$DB_PORT_NUMBER/$MM_DBNAME?sslmode=$DB_USE_SSL&connect_timeout=10"
echo "OK"
else
echo "Using existing database connection"
fi
# Wait another second for the database to be properly started.
# Necessary to avoid "panic: Failed to open sql connection pq: the database system is starting up"
sleep 1
echo "Starting mattermost"
fi
exec "$@"

110
config/orgaTmpl/docker-compose.yml
View File

@@ -4,21 +4,21 @@ services:
#{{db #{{db
db: db:
image: mariadb:11.4 image: mariadb:11.4
container_name: ${orga}DB container_name: ${orga}-DB
#disk_quota: 10G #disk_quota: 10G
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
restart: ${restartPolicy} restart: ${restartPolicy}
volumes: volumes:
- ./initdb.d:/docker-entrypoint-initdb.d:ro # - ./initdb.d:/docker-entrypoint-initdb.d:ro
- orgaDB:/var/lib/mysql - orgaDB:/var/lib/mysql
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro
environment: environment:
- MARIADB_AUTO_UPGRADE=1 - MARIADB_AUTO_UPGRADE=1
env_file: env_file:
- ../../secret/env-${nextcloudDBName} - ../../secret/orgas/${orga}/env-${nextcloudDBName}
# - ../../secret/env-${mattermostDBName} # - ../../secret/orgas/${orga}/env-${mattermostDBName}
- ../../secret/env-${wordpressDBName} - ../../secret/orgas/${orga}/env-${wordpressDBName}
networks: networks:
- orgaNet - orgaNet
healthcheck: # utilisé par init-db.sh pour la créa d'orga healthcheck: # utilisé par init-db.sh pour la créa d'orga
@@ -34,7 +34,7 @@ services:
#{{cloud #{{cloud
cloud: cloud:
image: nextcloud image: nextcloud
container_name: ${orga}${nextcloudServName} container_name: ${orga}-${nextcloudServName}
#disk_quota: 10G #disk_quota: 10G
restart: ${restartPolicy} restart: ${restartPolicy}
networks: networks:
@@ -50,8 +50,8 @@ services:
- ${smtpServName}:${smtpHost} - ${smtpServName}:${smtpHost}
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.${orga}${nextcloudServName}.rule=Host(`${orga}${cloudHost}.${domain}`){{FOREIGN_NC}}" - "traefik.http.routers.${orga}-${nextcloudServName}.rule=Host(`${orga}-${cloudHost}.${domain}`){{FOREIGN_NC}}"
- "traefik.http.routers.${orga}${nextcloudServName}.middlewares=nextcloud-redirectregex1@file,nextcloud-redirectregex2@file" - "traefik.http.routers.${orga}-${nextcloudServName}.middlewares=nextcloud-redirectregex1@file,nextcloud-redirectregex2@file"
volumes: volumes:
- cloudMain:/var/www/html - cloudMain:/var/www/html
- cloudData:/var/www/html/data - cloudData:/var/www/html/data
@@ -63,10 +63,10 @@ services:
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro
env_file: env_file:
- ../../secret/env-${nextcloudServName} - ../../secret/orgas/${orga}/env-${nextcloudServName}
- ../../secret/env-${nextcloudDBName} - ../../secret/orgas/${orga}/env-${nextcloudDBName}
environment: environment:
- NEXTCLOUD_TRUSTED_DOMAINS=${orga}${cloudHost}.${domain} - NEXTCLOUD_TRUSTED_DOMAINS=${orga}-${cloudHost}.${domain}
- SMTP_HOST=${smtpHost} - SMTP_HOST=${smtpHost}
- SMTP_PORT=25 - SMTP_PORT=25
- MAIL_DOMAIN=${domain} - MAIL_DOMAIN=${domain}
@@ -80,7 +80,7 @@ services:
- edition=team - edition=team
- PUID=1000 - PUID=1000
- PGID=1000 - PGID=1000
container_name: ${orga}${mattermostServName} container_name: ${orga}-${mattermostServName}
#disk_quota: 10G #disk_quota: 10G
restart: ${restartPolicy} restart: ${restartPolicy}
# memory: 1G # memory: 1G
@@ -109,20 +109,20 @@ services:
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro
- /etc/environment:/etc/environment:ro - /etc/environment:/etc/environment:ro
env_file: env_file:
- ../../secret/env-${mattermostServName} - ../../secret/orgas/${orga}/env-${mattermostServName}
environment: environment:
- VIRTUAL_HOST=${orga}${matterHost}.${domain} - VIRTUAL_HOST=${orga}-${matterHost}.${domain}
# in case your config is not in default location # in case your config is not in default location
#- MM_CONFIG=/mattermost/config/config.json #- MM_CONFIG=/mattermost/config/config.json
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.${orga}${mattermostServName}.rule=Host(`${orga}${matterHost}.${domain}`)" - "traefik.http.routers.${orga}-${mattermostServName}.rule=Host(`${orga}-${matterHost}.${domain}`)"
#}} #}}
#{{wp #{{wp
wordpress: wordpress:
image: wordpress image: wordpress
container_name: ${orga}${wordpressServName} container_name: ${orga}-${wordpressServName}
restart: ${restartPolicy} restart: ${restartPolicy}
networks: networks:
- orgaNet - orgaNet
@@ -136,17 +136,17 @@ services:
external_links: external_links:
- ${smtpServName}:${smtpHost}.${domain} - ${smtpServName}:${smtpHost}.${domain}
env_file: env_file:
- ../../secret/env-${wordpressServName} - ../../secret/orgas/${orga}/env-${wordpressServName}
environment: environment:
- WORDPRESS_SMTP_HOST=${smtpHost}.${domain} - WORDPRESS_SMTP_HOST=${smtpHost}.${domain}
- WORDPRESS_SMTP_PORT=25 - WORDPRESS_SMTP_PORT=25
# - WORDPRESS_SMTP_USERNAME # - WORDPRESS_SMTP_USERNAME
# - WORDPRESS_SMTP_PASSWORD # - WORDPRESS_SMTP_PASSWORD
# - WORDPRESS_SMTP_FROM=${orga} # - WORDPRESS_SMTP_FROM=${orga}-
- WORDPRESS_SMTP_FROM_NAME=${orga} - WORDPRESS_SMTP_FROM_NAME=${orga}-
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.${orga}${wordpressServName}.rule=Host(`${orga}${wordpressHost}.${domain}`){{FOREIGN_WP}}" - "traefik.http.routers.${orga}-${wordpressServName}.rule=Host(`${orga}-${wordpressHost}.${domain}`){{FOREIGN_WP}}"
volumes: volumes:
- wordpress:/var/www/html - wordpress:/var/www/html
# - ../../config/orgaTmpl/wp:/usr/local/bin/wp:ro # - ../../config/orgaTmpl/wp:/usr/local/bin/wp:ro
@@ -154,12 +154,12 @@ services:
#{{wiki #{{wiki
dokuwiki: dokuwiki:
image: mprasil/dokuwiki image: mprasil/dokuwiki
container_name: ${orga}${dokuwikiServName} container_name: ${orga}-${dokuwikiServName}
#disk_quota: 10G #disk_quota: 10G
restart: ${restartPolicy} restart: ${restartPolicy}
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.${orga}${dokuwikiServName}.rule=Host(`${orga}${dokuwikiHost}.${domain}`){{FOREIGN_DW}}" - "traefik.http.routers.${orga}-${dokuwikiServName}.rule=Host(`${orga}-${dokuwikiHost}.${domain}`){{FOREIGN_DW}}"
volumes: volumes:
- wikiData:/dokuwiki/data - wikiData:/dokuwiki/data
- wikiConf:/dokuwiki/conf - wikiConf:/dokuwiki/conf
@@ -175,7 +175,7 @@ services:
#{{castopod #{{castopod
castopod: castopod:
image: castopod/castopod:latest image: castopod/castopod:latest
container_name: ${orga}${castopodServName} container_name: ${orga}-${castopodServName}
#disk_quota: 10G #disk_quota: 10G
restart: ${restartPolicy} restart: ${restartPolicy}
# memory: 1G # memory: 1G
@@ -193,27 +193,27 @@ services:
volumes: volumes:
- castopodMedia:/var/www/castopod/public/media - castopodMedia:/var/www/castopod/public/media
environment: environment:
CP_BASEURL: "https://${orga}${castopodHost}.${domain}" CP_BASEURL: "https://${orga}-${castopodHost}.${domain}"
CP_ANALYTICS_SALT: qldsgfliuzrbhgmkjbdbmkvb CP_ANALYTICS_SALT: qldsgfliuzrbhgmkjbdbmkvb
VIRTUAL_PORT: 8000 VIRTUAL_PORT: 8000
CP_CACHE_HANDLER: redis CP_CACHE_HANDLER: redis
CP_REDIS_HOST: redis CP_REDIS_HOST: redis
CP_DATABASE_HOSTNAME: db CP_DATABASE_HOSTNAME: db
env_file: env_file:
- ../../secret/env-${castopodServName} - ../../secret/orgas/${orga}/env-${castopodServName}
- ../../secret/env-${castopodDBName} - ../../secret/orgas/${orga}/env-${castopodDBName}
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.${orga}${castopodServName}.rule=Host(`${orga}${castopodHost}.${domain}`){{FOREIGN_POD}}" - "traefik.http.routers.${orga}-${castopodServName}.rule=Host(`${orga}-${castopodHost}.${domain}`){{FOREIGN_POD}}"
redis: redis:
image: redis:7.0-alpine image: redis:7.0-alpine
container_name: ${orga}castopodCache container_name: ${orga}-castopodCache
volumes: volumes:
- castopodCache:/data - castopodCache:/data
networks: networks:
- orgaNet - orgaNet
env_file: env_file:
- ../../secret/env-${castopodServName} - ../../secret/orgas/${orga}/env-${castopodServName}
command: --requirepass ${castopodRedisPassword} command: --requirepass ${castopodRedisPassword}
#}} #}}
#{{spip #{{spip
@@ -225,16 +225,16 @@ services:
links: links:
- db - db
env_file: env_file:
- ../../secret/env-${spipServName} - ../../secret/orgas/${orga}/env-${spipServName}
environment: environment:
- SPIP_AUTO_INSTALL=1 - SPIP_AUTO_INSTALL=1
- SPIP_DB_HOST=db - SPIP_DB_HOST=db
- SPIP_SITE_ADDRESS=https://${orga}${spipHost}.${domain} - SPIP_SITE_ADDRESS=https://${orga}-${spipHost}.${domain}
expose: expose:
- 80 - 80
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.${orga}${spipServName}.rule=Host(`${orga}${spipHost}.${domain}`){{FOREIGN_SPIP}}" - "traefik.http.routers.${orga}-${spipServName}.rule=Host(`${orga}-${spipHost}.${domain}`){{FOREIGN_SPIP}}"
networks: networks:
- orgaNet - orgaNet
volumes: volumes:
@@ -250,84 +250,84 @@ volumes:
#{{db #{{db
orgaDB: orgaDB:
external: true external: true
name: orga_${orga}orgaDB name: orga_${orga}-orgaDB
#}} #}}
#{{agora #{{agora
matterConfig: matterConfig:
external: true external: true
name: orga_${orga}matterConfig name: orga_${orga}-matterConfig
matterData: matterData:
external: true external: true
name: orga_${orga}matterData name: orga_${orga}-matterData
matterLogs: matterLogs:
external: true external: true
name: orga_${orga}matterLogs name: orga_${orga}-matterLogs
matterPlugins: matterPlugins:
external: true external: true
name: orga_${orga}matterPlugins name: orga_${orga}-matterPlugins
matterClientPlugins: matterClientPlugins:
external: true external: true
name: orga_${orga}matterClientPlugins name: orga_${orga}-matterClientPlugins
matterIcons: matterIcons:
external: true external: true
name: matterIcons name: matterIcons
#{{cloud #{{cloud
cloudMain: cloudMain:
external: true external: true
name: orga_${orga}cloudMain name: orga_${orga}-cloudMain
cloudData: cloudData:
external: true external: true
name: orga_${orga}cloudData name: orga_${orga}-cloudData
cloudConfig: cloudConfig:
external: true external: true
name: orga_${orga}cloudConfig name: orga_${orga}-cloudConfig
cloudApps: cloudApps:
external: true external: true
name: orga_${orga}cloudApps name: orga_${orga}-cloudApps
cloudCustomApps: cloudCustomApps:
external: true external: true
name: orga_${orga}cloudCustomApps name: orga_${orga}-cloudCustomApps
cloudThemes: cloudThemes:
external: true external: true
name: orga_${orga}cloudThemes name: orga_${orga}-cloudThemes
cloudPhp: cloudPhp:
external: true external: true
name: orga_${orga}cloudPhp name: orga_${orga}-cloudPhp
#}} #}}
#{{wiki #{{wiki
wikiData: wikiData:
external: true external: true
name: orga_${orga}wikiData name: orga_${orga}-wikiData
wikiConf: wikiConf:
external: true external: true
name: orga_${orga}wikiConf name: orga_${orga}-wikiConf
wikiPlugins: wikiPlugins:
external: true external: true
name: orga_${orga}wikiPlugins name: orga_${orga}-wikiPlugins
wikiLibtpl: wikiLibtpl:
external: true external: true
name: orga_${orga}wikiLibtpl name: orga_${orga}-wikiLibtpl
wikiLogs: wikiLogs:
external: true external: true
name: orga_${orga}wikiLogs name: orga_${orga}-wikiLogs
#}} #}}
#{{wp #{{wp
wordpress: wordpress:
external: true external: true
name: orga_${orga}wordpress name: orga_${orga}-wordpress
#}} #}}
#{{castopod #{{castopod
castopodMedia: castopodMedia:
external: true external: true
name: orga_${orga}castopodMedia name: orga_${orga}-castopodMedia
castopodCache: castopodCache:
external: true external: true
name: orga_${orga}castopodCache name: orga_${orga}-castopodCache
#}} #}}
#{{spip #{{spip
spip: spip:
external: true external: true
name: orga_${orga}spip name: orga_${orga}-spip
#}} #}}
@@ -335,7 +335,7 @@ volumes:
networks: networks:
orgaNet: orgaNet:
external: true external: true
name: ${orga}orgaNet name: ${orga}-orgaNet
# postfixNet: # postfixNet:
# external: # external:
# name: postfixNet # name: postfixNet

52
config/orgaTmpl/init-db.sh
View File

@@ -4,7 +4,6 @@ KAZ_ROOT=$(cd $(dirname $0)/../..; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh" . "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars setKazVars
. "${DOCKERS_ENV}" . "${DOCKERS_ENV}"
. "${KAZ_KEY_DIR}/SetAllPass.sh"
cd $(dirname $0) cd $(dirname $0)
ORGA_DIR="$(basename "$(pwd)")" ORGA_DIR="$(basename "$(pwd)")"
@@ -25,57 +24,66 @@ SQL=""
for ARG in "$@"; do for ARG in "$@"; do
case "${ARG}" in case "${ARG}" in
'cloud' ) 'cloud' )
. $KAZ_KEY_DIR/orgas/$ORGA/env-nextcloudDB
SQL="$SQL SQL="$SQL
CREATE DATABASE IF NOT EXISTS ${nextcloud_MYSQL_DATABASE}; CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE};
DROP USER IF EXISTS '${nextcloud_MYSQL_USER}'; DROP USER IF EXISTS '${MYSQL_USER}';
CREATE USER '${nextcloud_MYSQL_USER}'@'%'; CREATE USER '${MYSQL_USER}'@'%';
GRANT ALL ON ${nextcloud_MYSQL_DATABASE}.* TO '${nextcloud_MYSQL_USER}'@'%' IDENTIFIED BY '${nextcloud_MYSQL_PASSWORD}'; GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';
FLUSH PRIVILEGES;" FLUSH PRIVILEGES;"
;; ;;
'agora' ) 'agora' )
. $KAZ_KEY_DIR/orgas/$ORGA/env-mattermostDB
SQL="$SQL SQL="$SQL
CREATE DATABASE IF NOT EXISTS ${mattermost_MYSQL_DATABASE}; CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE};
DROP USER IF EXISTS '${mattermost_MYSQL_USER}'; DROP USER IF EXISTS '${MYSQL_USER}';
CREATE USER '${mattermost_MYSQL_USER}'@'%'; CREATE USER '${MYSQL_USER}'@'%';
GRANT ALL ON ${mattermost_MYSQL_DATABASE}.* TO '${mattermost_MYSQL_USER}'@'%' IDENTIFIED BY '${mattermost_MYSQL_PASSWORD}'; GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';
FLUSH PRIVILEGES;" FLUSH PRIVILEGES;"
;; ;;
'wp' ) 'wp' )
. $KAZ_KEY_DIR/orgas/$ORGA/env-wpDB
SQL="$SQL SQL="$SQL
CREATE DATABASE IF NOT EXISTS ${wp_MYSQL_DATABASE}; CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE};
DROP USER IF EXISTS '${wp_MYSQL_USER}'; DROP USER IF EXISTS '${MYSQL_USER}';
CREATE USER '${wp_MYSQL_USER}'@'%'; CREATE USER '${MYSQL_USER}'@'%';
GRANT ALL ON ${wp_MYSQL_DATABASE}.* TO '${wp_MYSQL_USER}'@'%' IDENTIFIED BY '${wp_MYSQL_PASSWORD}'; GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';
FLUSH PRIVILEGES;" FLUSH PRIVILEGES;"
;; ;;
'castopod' ) 'castopod' )
. $KAZ_KEY_DIR/orgas/$ORGA/env-castopodDB
SQL="$SQL SQL="$SQL
CREATE DATABASE IF NOT EXISTS ${castopod_MYSQL_DATABASE}; CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE};
DROP USER IF EXISTS '${castopod_MYSQL_USER}'; DROP USER IF EXISTS '${MYSQL_USER}';
CREATE USER '${castopod_MYSQL_USER}'@'%'; CREATE USER '${MYSQL_USER}'@'%';
GRANT ALL ON ${castopod_MYSQL_DATABASE}.* TO '${castopod_MYSQL_USER}'@'%' IDENTIFIED BY '${castopod_MYSQL_PASSWORD}'; GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';
FLUSH PRIVILEGES;" FLUSH PRIVILEGES;"
;; ;;
'spip' ) 'spip' )
. $KAZ_KEY_DIR/orgas/$ORGA/env-spipDB
SQL="$SQL SQL="$SQL
CREATE DATABASE IF NOT EXISTS ${spip_MYSQL_DATABASE}; CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE};
DROP USER IF EXISTS '${spip_MYSQL_USER}'; DROP USER IF EXISTS '${MYSQL_USER}';
CREATE USER '${spip_MYSQL_USER}'@'%'; CREATE USER '${MYSQL_USER}'@'%';
GRANT ALL ON ${spip_MYSQL_DATABASE}.* TO '${spip_MYSQL_USER}'@'%' IDENTIFIED BY '${spip_MYSQL_PASSWORD}'; GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';
FLUSH PRIVILEGES;" FLUSH PRIVILEGES;"
;; ;;
@@ -84,4 +92,4 @@ FLUSH PRIVILEGES;"
esac esac
done done
echo $SQL | docker exec -i ${ORGA}-DB bash -c "mariadb --user=root --password=${wp_MYSQL_ROOT_PASSWORD}" echo $SQL | docker exec -i ${ORGA}-DB bash -c "mariadb --user=root --password=${MYSQL_ROOT_PASSWORD}"

3
config/orgaTmpl/initdb.d/orga.sql
View File

@@ -1,3 +0,0 @@
CREATE DATABASE IF NOT EXISTS nextcloud;
CREATE DATABASE IF NOT EXISTS mattermost;
CREATE DATABASE IF NOT EXISTS wpdb;

15
config/orgaTmpl/orga-gen.sh
View File

@@ -389,7 +389,7 @@ update() {
-e "s/{{FOREIGN_DW}}/${FOREIGN_DW}/"\ -e "s/{{FOREIGN_DW}}/${FOREIGN_DW}/"\
-e "s/{{FOREIGN_POD}}/${FOREIGN_POD}/"\ -e "s/{{FOREIGN_POD}}/${FOREIGN_POD}/"\
-e "s/{{FOREIGN_SPIP}}/${FOREIGN_SPIP}/"\ -e "s/{{FOREIGN_SPIP}}/${FOREIGN_SPIP}/"\
-e "s|\${orga}|${ORGA}-|g" -e "s|\${orga}|${ORGA}|g"
) > "$2" ) > "$2"
sed "s/storage_opt:.*/storage_opt: ${quota}/g" -i "$2" sed "s/storage_opt:.*/storage_opt: ${quota}/g" -i "$2"
} }
@@ -412,13 +412,18 @@ if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then
ln -sf ../../config/orgaTmpl/orga-gen.sh ln -sf ../../config/orgaTmpl/orga-gen.sh
ln -sf ../../config/orgaTmpl/orga-rm.sh ln -sf ../../config/orgaTmpl/orga-rm.sh
ln -sf ../../config/orgaTmpl/init-paheko.sh ln -sf ../../config/orgaTmpl/init-paheko.sh
ln -sf ../../config/orgaTmpl/initdb.d/ #ln -sf ../../config/orgaTmpl/initdb.d/
ln -sf ../../config/orgaTmpl/app/ ln -sf ../../config/orgaTmpl/app/
ln -sf ../../config/orgaTmpl/wiki-conf/ ln -sf ../../config/orgaTmpl/wiki-conf/
ln -sf ../../config/orgaTmpl/reload.sh ln -sf ../../config/orgaTmpl/reload.sh
ln -sf ../../config/orgaTmpl/init-db.sh ln -sf ../../config/orgaTmpl/init-db.sh
fi fi
if [ ! -d "${KAZ_KEY_DIR}/orgas/$ORGA/" ]; then
rsync -a "${KAZ_CONF_DIR}/orgaTmpl/secret.tmpl/" "${KAZ_KEY_DIR}/orgas/$ORGA/"
${KAZ_BIN_DIR}/secretGen.sh -d $ORGA
fi
if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then
# ########## update ${DOCKERS_ENV} # ########## update ${DOCKERS_ENV}
if ! grep -q "proxy_orga=" .env 2> /dev/null if ! grep -q "proxy_orga=" .env 2> /dev/null
@@ -438,6 +443,12 @@ if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then
fi fi
if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then
# ########## create network
## GAEL bizarre, je pense que c'est déjà fait qque part, mais chez moi ça veut pas ...
docker network create "${ORGA}-orgaNet"
# ########## create volume # ########## create volume
./init-volume.sh ./init-volume.sh
fi fi

2
config/orgaTmpl/orga-rm.sh
View File

@@ -40,6 +40,8 @@ remove () {
sed -i -e "/proxy_${ORGA_FLAG}=/d" "${DOCKERS_ENV}" sed -i -e "/proxy_${ORGA_FLAG}=/d" "${DOCKERS_ENV}"
sed -i -e "/^${ORGA}-orga$/d" "${ORGA_LIST}" sed -i -e "/^${ORGA}-orga$/d" "${ORGA_LIST}"
rm -fr "${KAZ_COMP_DIR}/${ORGA}-orga" rm -fr "${KAZ_COMP_DIR}/${ORGA}-orga"
rm -fr "${KAZ_KEY_DIR}/orgas/${ORGA}"
exit;; exit;;
[Nn]* ) [Nn]* )

3
config/orgaTmpl/secret.tmpl/env-castopodAdmin Normal file
View File

@@ -0,0 +1,3 @@
ADMIN_USER=@@pass@@castopod2@@p@@
ADMIN_MAIL=admin@@@globalvar@@domain@@gv@@
ADMIN_PASSWORD=@@pass@@castopod3@@p@@

4
config/orgaTmpl/secret.tmpl/env-castopodDB Normal file
View File

@@ -0,0 +1,4 @@
MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
MYSQL_USER=@@user@@castopod1@@u@@
MYSQL_PASSWORD=@@pass@@castopod1@@p@@
MYSQL_DATABASE=@@db@@castopod1@@d@@

7
config/orgaTmpl/secret.tmpl/env-castopodServ Normal file
View File

@@ -0,0 +1,7 @@
CP_EMAIL_SMTP_HOST=
CP_EMAIL_FROM=
CP_EMAIL_SMTP_USERNAME=
CP_EMAIL_SMTP_PASSWORD=
CP_EMAIL_SMTP_PORT=
CP_EMAIL_SMTP_CRYPTO=
CP_REDIS_PASSWORD=

9
config/orgaTmpl/secret.tmpl/env-mattermostDB Normal file
View File

@@ -0,0 +1,9 @@
MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
MYSQL_DATABASE=@@db@@mattermost@@d@@
MYSQL_USER=@@user@@mattermost@@u@@
MYSQL_PASSWORD=@@pass@@mattermost@@p@@
POSTGRES_USER=@@user@@mattermost@@u@@
POSTGRES_PASSWORD=@@pass@@mattermost@@p@@
POSTGRES_DB=@@db@@mattermost@@d@@

9
config/orgaTmpl/secret.tmpl/env-mattermostServ Normal file
View File

@@ -0,0 +1,9 @@
MM_ADMIN_EMAIL=@@globalvar@@matterHost@@gv@@@@@globalvar@@domain@@gv@@
MM_ADMIN_USER=@@user@@mattermost2@@u@@
MM_ADMIN_PASSWORD=@@pass@@mattermost2@@p@@
MM_SQLSETTINGS_DRIVERNAME=postgres
MM_SQLSETTINGS_DATASOURCE=postgres://@@user@@mattermost@@u@@:@@pass@@mattermost@@p@@@postgres:5432/@@db@@mattermost@@d@@?sslmode=disable&connect_timeout=10

8
config/orgaTmpl/secret.tmpl/env-nextcloudDB Normal file
View File

@@ -0,0 +1,8 @@
MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
MYSQL_DATABASE=@@db@@nextcloud@@d@@
MYSQL_USER=@@user@@nextcloud@@u@@
MYSQL_PASSWORD=@@pass@@nextcloud@@p@@
#NC_MYSQL_USER=
#NC_MYSQL_PASSWORD=

5
config/orgaTmpl/secret.tmpl/env-nextcloudServ Normal file
View File

@@ -0,0 +1,5 @@
NEXTCLOUD_ADMIN_USER=@@user@@nextcloudadmin@@u@@
NEXTCLOUD_ADMIN_PASSWORD=@@pass@@nextcloudadmin@@p@@
MYSQL_HOST=db
RAIN_LOOP=@@pass@@rainloop@@p@@

4
config/orgaTmpl/secret.tmpl/env-spipDB Normal file
View File

@@ -0,0 +1,4 @@
MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
MYSQL_DATABASE=@@db@@spip@@d@@
MYSQL_USER=@@user@@spip@@u@@
MYSQL_PASSWORD=@@pass@@spip@@p@@

10
config/orgaTmpl/secret.tmpl/env-spipServ Normal file
View File

@@ -0,0 +1,10 @@
SPIP_AUTO_INSTALL=1
SPIP_DB_SERVER=mysql
SPIP_DB_NAME=@@db@@spip@@d@@
SPIP_DB_LOGIN=@@user@@spip@@u@@
SPIP_DB_PASS=@@pass@@spip@@p@@
SPIP_ADMIN_NAME=admin
SPIP_ADMIN_LOGIN=@@user@@spipadmin@@u@@
SPIP_ADMIN_EMAIL=admin@@@globalvar@@domain@@gv@@
SPIP_ADMIN_PASS=@@pass@@spipadmin@@p@@
PHP_TIMEZONE=Europe/Paris

4
config/orgaTmpl/secret.tmpl/env-wpDB Normal file
View File

@@ -0,0 +1,4 @@
MYSQL_ROOT_PASSWORD=@@pass@@rootdb@@p@@
MYSQL_DATABASE=@@db@@wp@@d@@
MYSQL_USER=@@user@@wp@@u@@
MYSQL_PASSWORD=@@pass@@wp@@p@@

8
config/orgaTmpl/secret.tmpl/env-wpServ Normal file
View File

@@ -0,0 +1,8 @@
# share with wpDB
WORDPRESS_DB_HOST=db:3306
WORDPRESS_ADMIN_USER=@@user@@adminwp@@u@@
WORDPRESS_ADMIN_PASSWORD=@@pass@@adminwp@@p@@
WORDPRESS_DB_NAME=@@db@@wp@@d@@
WORDPRESS_DB_USER=@@user@@wp@@u@@
WORDPRESS_DB_PASSWORD=@@pass@@wp@@p@@

10
config/orgaTmpl/wiki-conf/acl.auth.php
View File

@@ -1,10 +0,0 @@
# acl.auth.php
# <?php exit()?>
# Don't modify the lines above
#
# Access Control Lists
#
# Auto-generated by install script
# Date: Sat, 13 Feb 2021 17:42:28 +0000
* @ALL 1
* @user 8

26
config/orgaTmpl/wiki-conf/local.php
View File

@@ -1,26 +0,0 @@
<?php
/*
* Dokuwiki's Main Configuration File - Local Settings
* Auto-generated by config plugin
* Run for user: felix
* Date: Sun, 28 Feb 2021 15:56:13 +0000
*/
$conf['title'] = 'Kaz';
$conf['template'] = 'docnavwiki';
$conf['license'] = 'cc-by-sa';
$conf['useacl'] = 1;
$conf['superuser'] = '@admin';
$conf['manager'] = '@manager';
$conf['disableactions'] = 'register';
$conf['remoteuser'] = '';
$conf['mailfrom'] = 'dokuwiki@kaz.bzh';
$conf['updatecheck'] = 0;
$conf['userewrite'] = '1';
$conf['useslash'] = 1;
$conf['plugin']['ckgedit']['scayt_auto'] = 'on';
$conf['plugin']['ckgedit']['scayt_lang'] = 'French/fr_FR';
$conf['plugin']['ckgedit']['other_lang'] = 'fr';
$conf['plugin']['smtp']['smtp_host'] = 'smtp.kaz.bzh';
$conf['plugin']['todo']['CheckboxText'] = 0;
$conf['plugin']['wrap']['restrictionType'] = '1';

13
config/orgaTmpl/wiki-conf/users.auth.php
View File

@@ -1,13 +0,0 @@
# users.auth.php
# <?php exit()?>
# Don't modify the lines above
#
# Userfile
#
# Auto-generated by install script
# Date: Sat, 13 Feb 2021 17:42:28 +0000
#
# Format:
# login:passwordhash:Real Name:email:groups,comma,separated
admin:$2y$10$GYvFgViXeEUmDViplHEs7eoYV8tmbfsS8wA1vfHQ.tWgW14o9aTjy:admin:contact@kaz.bzh:admin,user

21
config/proxy/proxy_params
View File

@@ -1,21 +0,0 @@
#proxy_buffering off;
#proxy_set_header X-Forwarded-Host $host:$server_port;
#proxy_set_header X-Forwarded-Server $host;
#XXX pb proxy_set_header Connection $proxy_connection;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
# mattermost
http2_push_preload on; # Enable HTTP/2 Server Push
add_header Strict-Transport-Security max-age=15768000;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
#proxy_hide_header 'x-frame-options';
#proxy_set_header x-frame-options allowall;
proxy_set_header X-Frame-Options SAMEORIGIN;

1
dockers/castopod/first.sh
View File

@@ -6,7 +6,6 @@ setKazVars
cd $(dirname $0) cd $(dirname $0)
. "${DOCKERS_ENV}" . "${DOCKERS_ENV}"
. "${KAZ_KEY_DIR}/SetAllPass.sh"
"${KAZ_BIN_DIR}/gestContainers.sh" --install -M -castopod "${KAZ_BIN_DIR}/gestContainers.sh" --install -M -castopod

1
dockers/cloud/first.sh
View File

@@ -4,7 +4,6 @@ KAZ_ROOT=$(cd $(dirname $0)/../..; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh" . "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars setKazVars
. "${DOCKERS_ENV}" . "${DOCKERS_ENV}"
. $KAZ_ROOT/secret/SetAllPass.sh
${KAZ_BIN_DIR}/gestContainers.sh --install -M -cloud ${KAZ_BIN_DIR}/gestContainers.sh --install -M -cloud

102
dockers/cloud/up.sh
View File

@@ -1,102 +0,0 @@
#!/bin/bash
KAZ_ROOT=$(cd $(dirname $0)/../..; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars
. "${DOCKERS_ENV}"
. $KAZ_ROOT/secret/SetAllPass.sh
#"${KAZ_BIN_DIR}/initCloud.sh"
docker exec -ti -u 33 nextcloudServ /var/www/html/occ app:enable user_ldap
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:delete-config s01
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:create-empty-config
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapAgentName cn=cloud,ou=applications,${ldap_root}
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapAgentPassword ${ldap_LDAP_CLOUD_PASSWORD}
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapAgentPassword ${ldap_LDAP_CLOUD_PASSWORD}
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapBase ${ldap_root}
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapBaseGroups ${ldap_root}
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapBaseUsers ou=users,${ldap_root}
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapExpertUsernameAttr identifiantKaz
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapHost ${ldapServName}
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapPort 389
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapTLS 0
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapLoginFilter "(&(objectclass=nextcloudAccount)(|(cn=%uid)(identifiantKaz=%uid)))"
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapQuotaAttribute nextcloudQuota
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapUserFilter "(&(objectclass=nextcloudAccount)(nextcloudEnabled=TRUE))"
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapUserFilterObjectclass nextcloudAccount
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapEmailAttribute mail
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapUserDisplayName cn
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapUserFilterMode 1
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapConfigurationActive 1
# Dans le mariadb, pour permettre au ldap de reprendre la main : delete from oc_users where uid<>'admin';
# docker exec -i nextcloudDB mysql --user=<user> --password=<password> <db> <<< "delete from oc_users where uid<>'admin';"
# Doc : https://help.nextcloud.com/t/migration-to-ldap-keeping-users-and-data/13205
# Exemple de table/clés :
# +-------------------------------+----------------------------------------------------------+
# | Configuration | s01 |
# +-------------------------------+----------------------------------------------------------+
# | hasMemberOfFilterSupport | 0 |
# | homeFolderNamingRule | |
# | lastJpegPhotoLookup | 0 |
# | ldapAgentName | cn=cloud,ou=applications,dc=kaz,dc=sns |
# | ldapAgentPassword | *** |
# | ldapAttributesForGroupSearch | |
# | ldapAttributesForUserSearch | |
# | ldapBackgroundHost | |
# | ldapBackgroundPort | |
# | ldapBackupHost | |
# | ldapBackupPort | |
# | ldapBase | ou=users,dc=kaz,dc=sns |
# | ldapBaseGroups | ou=users,dc=kaz,dc=sns |
# | ldapBaseUsers | ou=users,dc=kaz,dc=sns |
# | ldapCacheTTL | 600 |
# | ldapConfigurationActive | 1 |
# | ldapConnectionTimeout | 15 |
# | ldapDefaultPPolicyDN | |
# | ldapDynamicGroupMemberURL | |
# | ldapEmailAttribute | mail |
# | ldapExperiencedAdmin | 0 |
# | ldapExpertUUIDGroupAttr | |
# | ldapExpertUUIDUserAttr | |
# | ldapExpertUsernameAttr | uid |
# | ldapExtStorageHomeAttribute | |
# | ldapGidNumber | gidNumber |
# | ldapGroupDisplayName | cn |
# | ldapGroupFilter | |
# | ldapGroupFilterGroups | |
# | ldapGroupFilterMode | 0 |
# | ldapGroupFilterObjectclass | |
# | ldapGroupMemberAssocAttr | |
# | ldapHost | ldap |
# | ldapIgnoreNamingRules | |
# | ldapLoginFilter | (&(|(objectclass=nextcloudAccount))(cn=%uid)) |
# | ldapLoginFilterAttributes | |
# | ldapLoginFilterEmail | 0 |
# | ldapLoginFilterMode | 0 |
# | ldapLoginFilterUsername | 1 |
# | ldapMatchingRuleInChainState | unknown |
# | ldapNestedGroups | 0 |
# | ldapOverrideMainServer | |
# | ldapPagingSize | 500 |
# | ldapPort | 389 |
# | ldapQuotaAttribute | nextcloudQuota |
# | ldapQuotaDefault | |
# | ldapTLS | 0 |
# | ldapUserAvatarRule | default |
# | ldapUserDisplayName | cn |
# | ldapUserDisplayName2 | |
# | ldapUserFilter | (&(objectclass=nextcloudAccount)(nextcloudEnabled=TRUE)) |
# | ldapUserFilterGroups | |
# | ldapUserFilterMode | 1 |
# | ldapUserFilterObjectclass | nextcloudAccount |
# | ldapUuidGroupAttribute | auto |
# | ldapUuidUserAttribute | auto |
# | turnOffCertCheck | 0 |
# | turnOnPasswordChange | 0 |
# | useMemberOfToDetectMembership | 1 |
# +-------------------------------+----------------------------------------------------------+

4
dockers/ldap/UIHooks/post-hook.sh
View File

@@ -5,7 +5,9 @@ NEWPASSWORD=$(base64 -d <<< $2)
OLDPASSWORD=$(base64 -d <<< $3) OLDPASSWORD=$(base64 -d <<< $3)
URL_AGORA="https://${matterHost}.${domain}" URL_AGORA="https://${matterHost}.${domain}"
mattermost_token=${LDAPUI_MM_ADMIN_TOKEN}
#mattermost_token=${LDAPUI_MM_ADMIN_TOKEN}
. $KAZ_KEY_DIR/env-mattermostAdmin
IDUSER=$(curl -s -H "Authorization: Bearer ${mattermost_token}" "${URL_AGORA}/api/v4/users/email/${EMAIL}" | awk -F "," '{print $1}' | sed -e 's/{"id"://g' -e 's/"//g') IDUSER=$(curl -s -H "Authorization: Bearer ${mattermost_token}" "${URL_AGORA}/api/v4/users/email/${EMAIL}" | awk -F "," '{print $1}' | sed -e 's/{"id"://g' -e 's/"//g')
if [ ${IDUSER} == 'app.user.missing_account.const' ] if [ ${IDUSER} == 'app.user.missing_account.const' ]

5
dockers/mattermost/first.sh
View File

@@ -6,12 +6,7 @@ setKazVars
cd $(dirname $0) cd $(dirname $0)
. "${DOCKERS_ENV}" . "${DOCKERS_ENV}"
. "${KAZ_KEY_DIR}/SetAllPass.sh"
"${KAZ_BIN_DIR}/gestContainers.sh" --install -M -agora "${KAZ_BIN_DIR}/gestContainers.sh" --install -M -agora
docker exec ${mattermostServName} mmctl auth login https://${matterHost}.${domain} --name local-server --username ${mattermost_MM_ADMIN_USER} --password ${mattermost_MM_ADMIN_PASSWORD}
docker exec ${mattermostServName} mmctl channel create --team kaz --name "une-question--un-soucis" --display-name "Une question ? Un souci ?"
docker exec ${mattermostServName} mmctl channel create --team kaz --name "cafe-du-commerce--ouvert-2424h" --display-name "Café du commerce"
docker exec ${mattermostServName} mmctl channel create --team kaz --name "creation-comptes" --display-name "Création comptes"

1
dockers/peertube/.env Symbolic link
View File

@@ -0,0 +1 @@
../../config/dockers.env

2
dockers/roundcube/docker-compose.yml
View File

@@ -1,7 +1,7 @@
services: services:
app: app:
image: roundcube/roundcubemail image: roundcube/roundcubemail:1.6.9-apache
container_name: ${roundcubeServName} container_name: ${roundcubeServName}
restart: ${restartPolicy} restart: ${restartPolicy}
depends_on: depends_on:

1
dockers/spip/.env Symbolic link
View File

@@ -0,0 +1 @@
../../config/dockers.env

2
dockers/sympa/alerting/sympa.sh
View File

@@ -6,7 +6,7 @@ KAZ_ROOT=/kaz
setKazVars setKazVars
. $DOCKERS_ENV . $DOCKERS_ENV
. $KAZ_ROOT/secret/SetAllPass.sh . $KAZ_KEY_DIR/env-mattermostAdmin
DOCKER_CMD="docker exec sympaServ" DOCKER_CMD="docker exec sympaServ"
URL_AGORA=$(echo $matterHost).$(echo $domain) URL_AGORA=$(echo $matterHost).$(echo $domain)

1
dockers/sympa/first.sh
View File

@@ -6,7 +6,6 @@ setKazVars
cd $(dirname $0) cd $(dirname $0)
. "${DOCKERS_ENV}" . "${DOCKERS_ENV}"
. "${KAZ_KEY_DIR}/SetAllPass.sh"
DockerServName="${sympaServName}" DockerServName="${sympaServName}"

10
dockers/traefik/docker-compose.tmpl.yml.dist
View File

@@ -1,6 +1,6 @@
services: services:
reverse-proxy: reverse-proxy:
image: traefik:v3.4.4 image: traefik:v3.4.1
container_name: ${traefikServName} container_name: ${traefikServName}
restart: ${restartPolicy} restart: ${restartPolicy}
# Enables the web UI and tells Traefik to listen to docker # Enables the web UI and tells Traefik to listen to docker
@@ -226,13 +226,13 @@ networks:
}} }}
{{peertube {{peertube
peertubeNet: peertubeNet:
external: true external:true
name: peertubeNet name:peertubeNet
}} }}
{{spip {{spip
spipNet: spipNet:
external: true external:true
name: spipNet name:spipNet
}} }}

2
dockers/traefik/proxy-gen.sh
View File

@@ -4,7 +4,7 @@ KAZ_ROOT=$(cd "$(dirname $0)/../.."; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh" . "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars setKazVars
. "${DOCKERS_ENV}" . "${DOCKERS_ENV}"
. "${KAZ_ROOT}/secret/SetAllPass.sh" . $KAZ_BIN_DIR/getPasswords.sh traefik
printKazMsg "\n *** Proxy update config" printKazMsg "\n *** Proxy update config"

11
secret.tmpl/Readme.txt
View File

@@ -1,11 +0,0 @@
Mise à jour des mots de passe
L'idée c'est d'extraire la gestion des mots de passe de l'installation.
Tous les mots de passe sont dans un fichier "SetAllPass.sh" que des scripts vont chercher.
updateDockerPassword.sh met à jours les fichiers d'environnement de mots de passe utilisé par docker-compose.
(Il y a un problème pour mettre à jour le mot de passe d'une BD si son conteneur n'est pas en route)
Les modifications sont prises en compte que lors de la création de nouveaux conteneurs (les données permanentes (mot de passe) dans les volumes ne sont pas changées)

333
secret.tmpl/SetAllPass.sh
View File

@@ -2,215 +2,43 @@
# Attention à cause des scripts pas de ["'/] dans les mot de passe # Attention à cause des scripts pas de ["'/] dans les mot de passe
####################
# ethercalc
ethercalc_REDIS_PORT_6379_TCP_ADDR="redis"
ethercalc_REDIS_PORT_6379_TCP_PORT="6379"
####################
# etherpad
etherpad_MYSQL_ROOT_PASSWORD="--clean_val--"
etherpad_MYSQL_DATABASE="--clean_val--"
etherpad_MYSQL_USER="--clean_val--"
etherpad_MYSQL_PASSWORD="--clean_val--"
# Share with etherpadDB
etherpad_DB_NAME="${etherpad_MYSQL_DATABASE}"
etherpad_DB_USER="${etherpad_MYSQL_USER}"
etherpad_DB_PASS="${etherpad_MYSQL_PASSWORD}"
etherpad_DB_TYPE="mysql"
etherpad_DB_HOST="padDB"
etherpad_DB_PORT="3306"
#etherpad_DB_CHARSET="utf8"
#user: admin
etherpad_ADMIN_PASSWORD="--clean_val--"
etherpad_PAD_OPTIONS_LANG="fr"
etherpad_TITLE="KazPad"
etherpad_TRUST_PROXY="true"
####################
# framadate
framadate_MYSQL_ROOT_PASSWORD="--clean_val--"
framadate_MYSQL_DATABASE="--clean_val--"
framadate_MYSQL_USER="--clean_val--"
framadate_MYSQL_PASSWORD="--clean_val--"
framadate_HTTPD_USER="--clean_val--"
framadate_HTTPD_PASSWORD="--clean_val--"
##################
# Gandi
# à supprimer et à replacer par dns_gandi_api_key
gandi_GANDI_KEY="xxx"
gandi_GANDI_API="https://api.gandi.net/v5/livedns/domains/${domain}"
gandi_dns_gandi_api_key="${gandi_GANDI_KEY}"
####################
# mattermost
mattermost_POSTGRES_USER="mattermost"
mattermost_POSTGRES_PASSWORD="--clean_val--"
mattermost_POSTGRES_DB="mattermost"
mattermost_MM_ADMIN_EMAIL="${matterHost}@${domain}"
mattermost_MM_ADMIN_USER="admin-mattermost"
mattermost_MM_ADMIN_PASSWORD="--clean_val--@"
mattermost_MM_SQLSETTINGS_DATASOURCE="postgres://${mattermost_POSTGRES_USER}:${mattermost_POSTGRES_PASSWORD}@postgres:5432/${mattermost_POSTGRES_DB}?sslmode=disable&connect_timeout=10"
# A COPIER DANS UN FICHIER DE CONF !! -> mattermostAdmin
# pour envoyer des messages sur l'agora avec mmctl # pour envoyer des messages sur l'agora avec mmctl
mattermost_user="${mattermost_MM_ADMIN_USER}" mattermost_user="admin-mattermost"
mattermost_pass="${mattermost_MM_ADMIN_PASSWORD}" mattermost_pass="--clean_val--"
mattermost_token="xxx-private" mattermost_token="xxx-private"
##################
# Openldap
ldap_LDAP_ADMIN_USERNAME="--clean_val--"
ldap_LDAP_ADMIN_PASSWORD="--clean_val--"
ldap_LDAP_CONFIG_ADMIN_USERNAME="--clean_val--"
ldap_LDAP_CONFIG_ADMIN_PASSWORD="--clean_val--"
ldap_LDAP_POSTFIX_PASSWORD="--clean_val--"
ldap_LDAP_LDAPUI_PASSWORD="--clean_val--"
ldap_LDAP_MATTERMOST_PASSWORD="--clean_val--"
ldap_LDAP_CLOUD_PASSWORD="--clean_val--"
ldap_LDAP_MOBILIZON_PASSWORD="--clean_val--"
ldap_LDAPUI_URI=ldap://ldap
ldap_LDAPUI_BASE_DN=${ldap_root}
ldap_LDAPUI_REQUIRE_STARTTLS=FALSE
ldap_LDAPUI_ADMINS_GROUP=admins
ldap_LDAPUI_ADMIN_BIND_DN=cn=ldapui,ou=applications,${ldap_root}
ldap_LDAPUI_ADMIN_BIND_PWD=${ldap_LDAP_LDAPUI_PASSWORD}
ldap_LDAPUI_IGNORE_CERT_ERRORS=TRUE
ldap_LDAPUI_PASSWORD="--clean_val--"
ldap_LDAPUI_MM_ADMIN_TOKEN=${mattermost_token}
###################
# gitea
gitea_MYSQL_ROOT_PASSWORD="--clean_val--"
gitea_MYSQL_DATABASE="--clean_val--"
gitea_MYSQL_USER="--clean_val--"
gitea_MYSQL_PASSWORD="--clean_val--"
# on ne peut pas utiliser le login "admin"
gitea_user_admin="admin_gitea"
gitea_pass_admin="--clean_val--"
gitea_admin_email="admin@kaz.bzh"
####################
# jirafeau
jirafeau_HTTPD_PASSWORD="--clean_val--"
jirafeau_DATA_DIR="--clean_val--"
####################
# nexcloud
nextcloud_MYSQL_ROOT_PASSWORD="${mattermost_MYSQL_ROOT_PASSWORD}"
nextcloud_MYSQL_DATABASE="--clean_val--"
nextcloud_MYSQL_USER="--clean_val--"
nextcloud_MYSQL_PASSWORD="--clean_val--"
nextcloud_NEXTCLOUD_ADMIN_USER="admin"
nextcloud_NEXTCLOUD_ADMIN_PASSWORD="--clean_val--"
nextcloud_MYSQL_HOST="db"
#user: admin
nextcloud_RAIN_LOOP="--clean_val--"
####################
# collabora
office_username="admin"
office_password="--clean_val--"
####################
# roundcube
roundcube_MYSQL_ROOT_PASSWORD="--clean_val--"
roundcube_MYSQL_DATABASE="--clean_val--"
roundcube_MYSQL_USER="--clean_val--"
roundcube_MYSQL_PASSWORD="--clean_val--"
# Share with roundcubeDB
roundcube_ROUNDCUBEMAIL_DB_TYPE="mysql"
roundcube_ROUNDCUBEMAIL_DB_NAME="${roundcube_MYSQL_DATABASE}"
roundcube_ROUNDCUBEMAIL_DB_USER="${roundcube_MYSQL_USER}"
roundcube_ROUNDCUBEMAIL_DB_PASSWORD="${roundcube_MYSQL_PASSWORD}"
roundcube_ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE="1G"
####################
# postfix LDAP
mail_LDAP_BIND_DN=cn=postfix,ou=applications,${ldap_root}
mail_LDAP_BIND_PW=${ldap_LDAP_POSTFIX_PASSWORD}
####################
# sympa
sympa_MYSQL_ROOT_PASSWORD="--clean_val--"
sympa_MYSQL_DATABASE="sympa"
sympa_MYSQL_USER="sympa"
sympa_MYSQL_PASSWORD="--clean_val--"
sympa_KEY="/etc/ssl/private/listes.key"
sympa_CERT="/etc/ssl/certs/listes.pem"
sympa_LISTMASTERS="listmaster@${domain_sympa}"
sympa_ADMINEMAIL="listmaster@${domain_sympa}"
sympa_SOAP_USER="sympa"
sympa_SOAP_PASSWORD="--clean_val--"
# pour inscrire des users sur des listes sympa avec soap
#il faut que le user soit admin de sympa
sympa_user="a@${domain}"
sympa_pass="--clean_val--"
##################
# vigilo
vigilo_MYSQL_ROOT_PASSWORD="--clean_val--"
vigilo_MYSQL_USER="--clean_val--"
vigilo_MYSQL_PASSWORD="--clean_val--"
vigilo_MYSQL_DATABASE="--clean_val--"
vigilo_MYSQL_HOST="db"
#vigilo_BIND=
####################
# wordpress
wp_MYSQL_ROOT_PASSWORD="${mattermost_MYSQL_ROOT_PASSWORD}"
wp_MYSQL_DATABASE="--clean_val--"
wp_MYSQL_USER="--clean_val--"
wp_MYSQL_PASSWORD="--clean_val--"
# Share with wpDB
wp_WORDPRESS_DB_HOST="db:3306"
wp_WORDPRESS_DB_NAME="${wp_MYSQL_DATABASE}"
wp_WORDPRESS_DB_USER="${wp_MYSQL_USER}"
wp_WORDPRESS_DB_PASSWORD="${wp_MYSQL_PASSWORD}"
wp_WORDPRESS_ADMIN_USER="admin"
wp_WORDPRESS_ADMIN_PASSWORD="--clean_val--"
################## ##################
# A DEPLACER DANS DOCKER ENV
#qui envoi le mail d'inscription ? #qui envoi le mail d'inscription ?
EMAIL_CONTACT="toto@kaz.bzh" EMAIL_CONTACT="toto@kaz.bzh"
# A COPIER DANS UN FICHIER DE CONF !! -> paheko
################## ##################
# Paheko # Paheko
paheko_API_USER="admin-api" paheko_API_USER="admin-api"
paheko_API_PASSWORD="--clean_val--" paheko_API_PASSWORD="--clean_val--"
##################
# La nas de Kaz chez Grifon
nas_admin1="admin"
nas_password1="--clean_val--"
nas_admin2="kaz"
nas_password1="--clean_val--"
# compte mail pour les notifications du nas
nas_email_account="admin-nas@${domain}"
nas_email_password="--clean_val--"
# A virer dans koffre
################## ##################
#Compte sur outlook.com #Compte sur outlook.com
outlook_user="kaz-user@outlook.fr" outlook_user="kaz-user@outlook.fr"
outlook_pass="--clean_val--" outlook_pass="--clean_val--"
# A COPIER DANS UN FICHIER DE CONF !! -> mail
service_mail=admin-kaz@kaz.bzh
service_password="--clean_val--"
################## ##################
#Borg #Borg
# A COPIER DANS UN FICHIER DE CONF !! -> borg
BORG_REPO="/mnt/backup-nas1/BorgRepo" BORG_REPO="/mnt/backup-nas1/BorgRepo"
BORG_PASSPHRASE="--clean_val--" BORG_PASSPHRASE="--clean_val--"
VOLUME_SAUVEGARDES="/mnt/backup-nas1" VOLUME_SAUVEGARDES="/mnt/backup-nas1"
@@ -218,148 +46,21 @@ MAIL_RAPPORT="a@${domain};b@${domain};c@${domain}"
BORGMOUNT="/mnt/disk-nas1/tmp/repo_mount" BORGMOUNT="/mnt/disk-nas1/tmp/repo_mount"
###################
# mobilizon
mobilizon_POSTGRES_USER="--clean_val--"
mobilizon_POSTGRES_PASSWORD="--clean_val--"
mobilizon_POSTGRES_DB=mobilizon
mobilizon_MOBILIZON_DATABASE_USERNAME="${mobilizon_POSTGRES_USER}"
mobilizon_MOBILIZON_DATABASE_PASSWORD="${mobilizon_POSTGRES_PASSWORD}"
mobilizon_MOBILIZON_DATABASE_DBNAME=mobilizon
mobilizon_MOBILIZON_INSTANCE_REGISTRATIONS_OPEN=false
mobilizon_MOBILIZON_INSTANCE_NAME="Mobilizon"
mobilizon_MOBILIZON_INSTANCE_HOST="${mobilizonHost}.${domain}"
mobilizon_MOBILIZON_INSTANCE_SECRET_KEY_BASE=changeme
mobilizon_MOBILIZON_INSTANCE_SECRET_KEY=changeme
mobilizon_MOBILIZON_INSTANCE_EMAIL=noreply@${domain}
mobilizon_MOBILIZON_REPLY_EMAIL=contact@${domain_sympa}
mobilizon_MOBILIZON_ADMIN_EMAIL=admin@${domain_sympa}
mobilizon_MOBILIZON_SMTP_SERVER="${smtpHost}.${domain}"
mobilizon_MOBILIZON_SMTP_PORT=25
mobilizon_MOBILIZON_SMTP_HOSTNAME="${smtpHost}.${domain}"
mobilizon_MOBILIZON_SMTP_USERNAME=noreply@${domain}
mobilizon_MOBILIZON_SMTP_PASSWORD=
mobilizon_MOBILIZON_SMTP_SSL=false
mobilizon_MOBILIZON_LDAP_BINDUID=cn=mobilizon,ou=applications,${ldap_root}
mobilizon_MOBILIZON_LDAP_BINDPASSWORD=${ldap_LDAP_MOBILIZON_PASSWORD}
#####################
# Vaultwarden
vaultwarden_MYSQL_ROOT_PASSWORD="--clean_val--"
vaultwarden_MYSQL_DATABASE="vaultwarden"
vaultwarden_MYSQL_USER="vaultwarden"
vaultwarden_MYSQL_PASSWORD="--clean_val--"
vaultwarden_DATABASE_URL="mysql://${vaultwarden_MYSQL_USER}:${vaultwarden_MYSQL_PASSWORD}@db/${vaultwarden_MYSQL_DATABASE}"
vaultwarden_ADMIN_TOKEN="--clean_val--"
##################### #####################
#Traefik #Traefik
# A COPIER DANS UN FICHIER DE CONF !! -> traefik
traefik_DASHBOARD_USER="admin" traefik_DASHBOARD_USER="admin"
traefik_DASHBOARD_PASSWORD="--clean_val--" traefik_DASHBOARD_PASSWORD="--clean_val--"
#####################
# dokuwiki
dokuwiki_WIKI_ROOT=Kaz
dokuwiki_WIKI_EMAIL=wiki@kaz.local
dokuwiki_WIKI_PASSWORD="--clean_val--"
##################### #####################
# Castopod # Castopod
castopod_MYSQL_ROOT_PASSWORD="--clean_val--" # A COPIER DANS UN FICHIER DE CONF !! castopodAdmin
castopod_MYSQL_DATABASE="--clean_val--"
castopod_MYSQL_USER="--clean_val--"
castopod_MYSQL_PASSWORD="--clean_val--"
castopod_CP_REDIS_PASSWORD="${castopodRedisPassword}"
castopod_ADMIN_USER=adminKaz castopod_ADMIN_USER=adminKaz
castopod_ADMIN_MAIL=admin@${domain} castopod_ADMIN_MAIL=admin@${domain}
castopod_ADMIN_PASSWORD="--clean_val--" castopod_ADMIN_PASSWORD="--clean_val--"
castopod_CP_EMAIL_SMTP_HOST="${smtpHost}.${domain}"
castopod_CP_EMAIL_SMTP_PORT=25
castopod_CP_EMAIL_SMTP_USERNAME=noreply@${domain}
castopod_CP_EMAIL_SMTP_PASSWORD=
castopod_CP_EMAIL_FROM=noreply@${domain}
castopod_CP_EMAIL_SMTP_CRYPTO=tls
#####################
# Spip
spip_MYSQL_ROOT_PASSWORD="--clean_val--"
spip_MYSQL_DATABASE="--clean_val--"
spip_MYSQL_USER="--clean_val--"
spip_MYSQL_PASSWORD="--clean_val--"
spip_SPIP_AUTO_INSTALL=1
spip_SPIP_DB_SERVER=mysql
spip_SPIP_DB_LOGIN="${spip_MYSQL_USER}"
spip_SPIP_DB_PASS="${spip_MYSQL_PASSWORD}"
spip_SPIP_DB_NAME="${spip_MYSQL_DATABASE}"
spip_SPIP_ADMIN_NAME=admin
spip_SPIP_ADMIN_LOGIN=admin
spip_SPIP_ADMIN_EMAIL=admin@${domain}
spip_SPIP_ADMIN_PASS="--clean_val--"
spip_PHP_TIMEZONE="Europe/Paris"
#####################
# Peertube
peertube_POSTGRES_USER="--clean_val--"
peertube_POSTGRES_PASSWORD="--clean_val--"
peertube_PEERTUBE_DB_NAME="--clean_val--"
peertube_PEERTUBE_DB_USERNAME="${peertube_POSTGRES_USER}"
peertube_PEERTUBE_DB_PASSWORD="${peertube_POSTGRES_PASSWORD}"
peertube_PEERTUBE_DB_SSL=false
peertube_PEERTUBE_DB_HOSTNAME="${peertubeDBName}"
peertube_PEERTUBE_WEBSERVER_HOSTNAME="${peertubeHost}.${domain}"
peertube_PEERTUBE_TRUST_PROXY="['10.0.0.0/8', '127.0.0.1', 'loopback', '172.18.0.0/16']"
peertube_PEERTUBE_SECRET="--clean_val--"
peertube_PT_INITIAL_ROOT_PASSWORD="--clean_val--"
#peertube_PEERTUBE_SMTP_USERNAME=
#peertube_PEERTUBE_SMTP_PASSWORD=
# Default to Postfix service name "postfix" in docker-compose.yml
# May be the hostname of your Custom SMTP server
peertube_PEERTUBE_SMTP_HOSTNAME=
peertube_PEERTUBE_SMTP_PORT=25
peertube_PEERTUBE_SMTP_FROM=
peertube_PEERTUBE_SMTP_TLS=false
peertube_PEERTUBE_SMTP_DISABLE_STARTTLS=false
peertube_PEERTUBE_ADMIN_EMAIL=
peertube_POSTFIX_myhostname=
#peertube_OPENDKIM_DOMAINS=peertube
peertube_OPENDKIM_RequireSafeKeys=no
peertube_PEERTUBE_OBJECT_STORAGE_UPLOAD_ACL_PUBLIC="public-read"
peertube_PEERTUBE_OBJECT_STORAGE_UPLOAD_ACL_PRIVATE="private"
######################
peertube_POSTGRES_DB="${peertube_PEERTUBE_DB_NAME}"
######################
# SNAPPYMAIL
# Url https://snappymail.${domain}/?admin
# au premier lancement un mot de passe est généré en aut par l' appli dans le
# volume Data : /var/lib/docker/volumes/snappymail_data/_data/_data_/_default_
# le fichier s' appelle admin_password.txt
# une fois le mot de passe changé dans le Gui de l' admin, ce fichier est automatiquement supprimé
snappymail_TZ="Europe/Paris"
snappymail_UPLOAD_MAX_SIZE="100M"
####################
# mastodon
mastodon_POSTGRES_USER="--clean_val--"
mastodon_POSTGRES_PASSWORD="--clean_val--"
mastodon_POSTGRES_DB=mastodon
mastodon_DB_USER="${mastodon_POSTGRES_USER}"
mastodon_DB_PASS="${mastodon_POSTGRES_PASSWORD}"
mastodon_DB_NAME=mastodon

32
secret.tmpl/env-apikazServ
View File

@@ -1,22 +1,24 @@
paheko_API_USER=
paheko_API_PASSWORD=
paheko_url=
mattermost_user= paheko_url=https://kaz-@@globalvar@@pahekoHost@@gv@@.@@globalvar@@domain@@gv@@
mattermost_pass= paheko_API_USER="@@user@@pahekoapi@@u@@"
mattermost_url= paheko_API_PASSWORD="@@pass@@pahekoapi@@p@@"
ldap_LDAP_ADMIN_USERNAME= mattermost_user="@@user@@mattermost2@@u@@"
ldap_LDAP_ADMIN_PASSWORD= mattermost_pass="@@pass@@mattermost2@@p@@"
ldap_root= mattermost_token="@@token@@mattermost@@t@@"
nextcloud_NEXTCLOUD_ADMIN_USER= ldap_LDAP_ADMIN_USERNAME="@@user@@ldap@@u@@"
nextcloud_NEXTCLOUD_ADMIN_PASSWORD= ldap_LDAP_ADMIN_PASSWORD="@@pass@@ldap@@p@@"
cloud_url= ldap_root=@@globalvar@@ldap_root@@gv@@
sympa_SOAP_USER= nextcloud_NEXTCLOUD_ADMIN_USER="@@user@@nextcloudadmin@@u@@"
sympa_SOAP_PASSWORD= nextcloud_NEXTCLOUD_ADMIN_PASSWORD="@@pass@@nextcloudadmin@@p@@"
sympa_url= cloud_url=https://@@globalvar@@cloudHost@@gv@@.@@globalvar@@domain@@gv@@
sympa_SOAP_USER="@@user@@sympasoap@@u@@"
sympa_SOAP_PASSWORD="@@pass@@sympasoap@@p@@"
sympa_url=https://@@globalvar@@sympaHost@@gv@@.@@globalvar@@domain@@gv@@
gandi_GANDI_KEY= gandi_GANDI_KEY=
gandi_GANDI_API= gandi_GANDI_API=

17
secret.tmpl/env-borg Normal file
View File

@@ -0,0 +1,17 @@
VOLUME_SAUVEGARDES=
BORG_REPO=
BORG_PASSPHRASE=@@token@@borg@@t@@
BORGLOG="/var/log/borg"
BORG_FIC_DEL="/tmp/sauvegarde_supp.txt"
BORG_EXCLUDE_BACKUP=
MAIL_RAPPORT=a@@@globalvar@@domain@@gv@@;b@@@globalvar@@domain@@gv@@;c@@@globalvar@@domain@@gv@@
LISTREPSAUV=
BORGMOUNT="/mnt/repo_borg"
MAILOK=
MAILWARNING=
MAILDETAIL=
BACKUPS_KEEP="4m"
NB_BACKUPS_JOUR=90
NB_BACKUPS_SEM=30
NB_BACKUPS_MOIS=12
BORGSCRIPTS=/root/borgscripts

3
secret.tmpl/env-castopodAdmin Normal file
View File

@@ -0,0 +1,3 @@
ADMIN_USER=@@pass@@castopod2@@p@@
ADMIN_MAIL=admin@@@globalvar@@domain@@gv@@
ADMIN_PASSWORD=@@pass@@castopod3@@p@@

8
secret.tmpl/env-castopodDB
View File

@@ -1,4 +1,4 @@
MYSQL_ROOT_PASSWORD= MYSQL_ROOT_PASSWORD=@@pass@@castopod@@p@@
MYSQL_DATABASE= MYSQL_USER=@@user@@castopod1@@u@@
MYSQL_USER= MYSQL_PASSWORD=@@pass@@castopod1@@p@@
MYSQL_PASSWORD= MYSQL_DATABASE=@@db@@castopod1@@d@@

6
secret.tmpl/env-dokuwikiServ
View File

@@ -1,4 +1,4 @@
WIKI_ROOT= WIKI_ROOT=Kaz
WIKI_EMAIL= WIKI_EMAIL=wiki@@@globalvar@@domain@@gv@@
WIKI_PASSWORD= WIKI_PASSWORD=@@pass@@dokuwiki@@p@@

8
secret.tmpl/env-etherpadDB
View File

@@ -1,5 +1,5 @@
MYSQL_ROOT_PASSWORD= MYSQL_ROOT_PASSWORD=@@pass@@etherpadroot@@p@@
MYSQL_DATABASE= MYSQL_DATABASE=@@db@@etherpad@@d@@
MYSQL_USER= MYSQL_USER=@@user@@etherpad@@u@@
MYSQL_PASSWORD= MYSQL_PASSWORD=@@pass@@etherpad@@p@@

23
secret.tmpl/env-etherpadServ
View File

@@ -1,16 +1,17 @@
# share with padDB # share with padDB
DB_NAME= DB_NAME=@@db@@etherpad@@d@@
DB_USER= DB_USER=@@user@@etherpad@@u@@
DB_PASS= DB_PASS=@@pass@@etherpad@@p@@
DB_TYPE=
DB_HOST= DB_TYPE=mysql
DB_PORT= DB_HOST=padDB
DB_PORT=3306
#DB_CHARSET= #DB_CHARSET=
ADMIN_PASSWORD= ADMIN_PASSWORD=@@pass@@etherpadadmin@@p@@
TITLE= TITLE=KazPad
PAD_OPTIONS_LANG= PAD_OPTIONS_LANG=fr
TRUST_PROXY= TRUST_PROXY=true
#DEFAULT_PAD_TEXT=" Ce texte est à effacer (après lecture si cest votre première visite) ou à conserver en bas de votre pad \n\nBienvenue sur notre PAD !\n\n➡ Comment commencer ?\n• Renseignez votre nom ou pseudo, en cliquant sur licône « utilisateur » en haut à droite.\n• Choisissez votre couleur d'écriture au même endroit.\n• Lancez-vous : écrivez sur votre pad !\n• Les contributions de chacun se synchronisent « en temps réel » sous leur propre couleur.\n\n➡ Comment partager / collaborer ?\n• Sélectionnez et copiez l'URL (l'adresse web dans la grande barre en haut à gauche du navigateur)\n• Partagez-là à vos collaborateurs et collaboratrices (email, messagerie, etc.)\n• Attention : toute personne ayant cette adresse d'accès peut modifier le pad à sa convenance.\n• Utilisez l'onglet chat (en bas à droite) pour séparer les discussions du texte sur lequel vous travaillez.\n\n➡ Comment sauvegarder ?\n• Il n'y a rien à faire : le texte est automatiquement sauvegardé, à chaque caractère tapé.\n• Marquez une version (un état du pad) en cliquant sur licône « étoile ».\n• Retrouvez toute l'évolution du pad et vos versions marquées d'une étoile dans lhistorique (icône « horloge »).\n• Importez et exportez votre texte avec l'icône « double flèche » (formats HTML, texte brut, PDF, ODF…) ou avec un copier/coller.\n\nImportant ! Noubliez pas de conserver quelque part ladresse web (URL) de votre pad.\n\nBon travail collaboratif :)\n\n Ce texte est à effacer (après lecture si cest votre première visite) \n\n**ATTENTION**\nCETTE INSTANCE PROPOSE DES PADS À EFFACEMENT AUTOMATIQUE !\n\nVOS PADS SERONT AUTOMATIQUEMENT SUPPRIMÉS AU BOUT DE 62 JOURS (2 MOIS) SANS ÉDITION !\n\nSi le contenu de votre pad bimestriel a été effacé, c'est qu'il n'avait pas été modifié depuis plus de 62 jours consécutifs.\n" DEFAULT_PAD_TEXT=" Ce texte est à effacer (après lecture si cest votre première visite) ou à conserver en bas de votre pad \n\nBienvenue sur notre PAD !\n\n➡ Comment commencer ?\n• Renseignez votre nom ou pseudo, en cliquant sur licône « utilisateur » en haut à droite.\n• Choisissez votre couleur d'écriture au même endroit.\n• Lancez-vous : écrivez sur votre pad !\n• Les contributions de chacun se synchronisent « en temps réel » sous leur propre couleur.\n\n➡ Comment partager / collaborer ?\n• Sélectionnez et copiez l'URL (l'adresse web dans la grande barre en haut à gauche du navigateur)\n• Partagez-là à vos collaborateurs et collaboratrices (email, messagerie, etc.)\n• Attention : toute personne ayant cette adresse d'accès peut modifier le pad à sa convenance.\n• Utilisez l'onglet chat (en bas à droite) pour séparer les discussions du texte sur lequel vous travaillez.\n\n➡ Comment sauvegarder ?\n• Il n'y a rien à faire : le texte est automatiquement sauvegardé, à chaque caractère tapé.\n• Marquez une version (un état du pad) en cliquant sur licône « étoile ».\n• Retrouvez toute l'évolution du pad et vos versions marquées d'une étoile dans lhistorique (icône « horloge »).\n• Importez et exportez votre texte avec l'icône « double flèche » (formats HTML, texte brut, PDF, ODF…) ou avec un copier/coller.\n\nImportant ! Noubliez pas de conserver quelque part ladresse web (URL) de votre pad.\n\nBon travail collaboratif :)\n\n Ce texte est à effacer (après lecture si cest votre première visite) \n\n**ATTENTION**\nCETTE INSTANCE PROPOSE DES PADS À EFFACEMENT AUTOMATIQUE !\n\nVOS PADS SERONT AUTOMATIQUEMENT SUPPRIMÉS AU BOUT DE 62 JOURS (2 MOIS) SANS ÉDITION !\n\nSi le contenu de votre pad bimestriel a été effacé, c'est qu'il n'avait pas été modifié depuis plus de 62 jours consécutifs.\n"

8
secret.tmpl/env-framadateDB
View File

@@ -1,5 +1,5 @@
MYSQL_ROOT_PASSWORD= MYSQL_ROOT_PASSWORD=@@pass@@framadateroot@@p@@
MYSQL_DATABASE= MYSQL_DATABASE=@@db@@framadatedb@@d@@
MYSQL_USER= MYSQL_USER=@@user@@framadatedb@@u@@
MYSQL_PASSWORD= MYSQL_PASSWORD=@@pass@@framadatedb@@p@@

4
secret.tmpl/env-framadateServ
View File

@@ -1,3 +1,3 @@
HTTPD_USER= HTTPD_USER=@@user@@framadate@@u@@
HTTPD_PASSWORD= HTTPD_PASSWORD=@@pass@@framadate2@@p@@

8
secret.tmpl/env-gitDB
View File

@@ -1,5 +1,5 @@
MYSQL_ROOT_PASSWORD= MYSQL_ROOT_PASSWORD=@@pass@@gitroot@@p@@
MYSQL_DATABASE= MYSQL_DATABASE=@@db@@gitdb@@d@@
MYSQL_USER= MYSQL_USER=@@user@@gitdb@@u@@
MYSQL_PASSWORD= MYSQL_PASSWORD=@@pass@@gitdb@@p@@

6
secret.tmpl/env-gitServ
View File

@@ -1,3 +1,3 @@
user_admin= user_admin=@@user@@git@@u@@
pass_admin= pass_admin=@@pass@@git@@p@@
admin_email= admin_email=admin@@@globalvar@@domain@@gv@@

2
secret.tmpl/env-jirafeauServ
View File

@@ -1,2 +1,2 @@
HTTPD_PASSWORD= HTTPD_PASSWORD=@@pass@@jirafeau@@pass@@

11
secret.tmpl/env-kaz Normal file
View File

@@ -0,0 +1,11 @@
# tout est dans le env_kaz
# utilisé par gest containers
NAS_VOL=
OPERATE_ON_MAIN= # par defaut NON on ne traite que des orgas
OPERATE_ON_NAS_ORGA= # par defaut NON, on va aussi sur les orgas du NAS
OPERATE_LOCAL_ORGA="OUI" # par defaut oui
TEMPO_ACTION_STOP=2 # Lors de redémarrage avec tempo, on attend après le stop
TEMPO_ACTION_START=60 # Lors de redémarrage avec tempo, avant de reload le proxy
DEFAULTCONTAINERS="cloud agora wp wiki office paheko castopod spip"
APPLIS_PAR_DEFAUT="tasks calendar contacts bookmarks mail richdocuments external drawio snappymail ransomware_protection" #rainloop richdocumentscode
QUIET="1" # redirection des echo

18
secret.tmpl/env-ldapServ
View File

@@ -1,9 +1,9 @@
LDAP_ADMIN_USERNAME= LDAP_ADMIN_USERNAME=@@user@@ldap@@u@@
LDAP_ADMIN_PASSWORD= LDAP_ADMIN_PASSWORD=@@pass@@ldap@@p@@
LDAP_CONFIG_ADMIN_USERNAME= LDAP_CONFIG_ADMIN_USERNAME=@@user@@ldapconfig@@u@@
LDAP_CONFIG_ADMIN_PASSWORD= LDAP_CONFIG_ADMIN_PASSWORD=@@pass@@ldapconfig@@p@@
LDAP_POSTFIX_PASSWORD= LDAP_POSTFIX_PASSWORD=@@pass@@ldappostfix@@p@@
LDAP_LDAPUI_PASSWORD= LDAP_LDAPUI_PASSWORD=@@pass@@ldapui@@p@@
LDAP_MATTERMOST_PASSWORD= LDAP_MATTERMOST_PASSWORD=@@pass@@ldapmm@@p@@
LDAP_CLOUD_PASSWORD= LDAP_CLOUD_PASSWORD=@@pass@@ldapcloud@@p@@
LDAP_MOBILIZON_PASSWORD= LDAP_MOBILIZON_PASSWORD=@@pass@@ldapmobilizon@@p@@

18
secret.tmpl/env-ldapUI
View File

@@ -1,9 +1,9 @@
LDAPUI_URI= LDAPUI_URI=ldap://ldap
LDAPUI_BASE_DN= LDAPUI_BASE_DN=@@globalvar@@ldap_root@@gv@@
LDAPUI_REQUIRE_STARTTLS= LDAPUI_REQUIRE_STARTTLS=FALSE
LDAPUI_ADMINS_GROUP= LDAPUI_ADMINS_GROUP=admins
LDAPUI_ADMIN_BIND_DN= LDAPUI_ADMIN_BIND_DN=cn=ldapui,ou=applications,@@globalvar@@ldap_root@@gv@@
LDAPUI_ADMIN_BIND_PWD= LDAPUI_ADMIN_BIND_PWD=@@pass@@ldapui@@p@@
LDAPUI_IGNORE_CERT_ERRORS= LDAPUI_IGNORE_CERT_ERRORS=TRUE
LDAPUI_PASSWORD= LDAPUI_PASSWORD=@@pass@@ldapuipass@@p@@
LDAPUI_MM_ADMIN_TOKEN= LDAPUI_MM_ADMIN_TOKEN=@@crossvar@@mattermostAdmin_mattermost_token@@cv@@

2
secret.tmpl/env-mail Normal file
View File

@@ -0,0 +1,2 @@
service_mail=admin@@@globalvar@@domain@@gv@@
service_password=@@pass@@servicemail@@p@@

12
secret.tmpl/env-mastodonDB
View File

@@ -1,6 +1,6 @@
DB_USER= DB_USER=@@user@@mastodon@@u@@
DB_NAME= DB_NAME=@@db@@mastodon@@d@@
DB_PASS= DB_PASS=@@pass@@mastodon@@p@@
POSTGRES_USER= POSTGRES_USER=@@user@@postgresmasto@@u@@
POSTGRES_PASSWORD= POSTGRES_PASSWORD=@@pass@@postgresmasto@@p@@
POSTGRES_DB=postgres POSTGRES_DB=@@db@@mastodon@@d@@

4
secret.tmpl/env-mastodonServ
View File

@@ -1,9 +1,9 @@
SECRET_KEY_BASE= SECRET_KEY_BASE=
OTP_SECRET= OTP_SECRET=@@token@@masto-otp@@t@@
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY= ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT= ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY= ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=
VAPID_PRIVATE_KEY== VAPID_PRIVATE_KEY=
VAPID_PUBLIC_KEY= VAPID_PUBLIC_KEY=
SMTP_PASSWORD= SMTP_PASSWORD=
EMAIL_DOMAIN_ALLOWLIST= EMAIL_DOMAIN_ALLOWLIST=

4
secret.tmpl/env-mattermostAdmin Normal file
View File

@@ -0,0 +1,4 @@
mattermost_user=@@user@@mattermost2@@u@@
mattermost_pass=@@pass@@mattermost2@@p@@
mattermost_token=@@token@@mattermost@@t@@

12
secret.tmpl/env-mattermostDB
View File

@@ -1,3 +1,9 @@
POSTGRES_USER=
POSTGRES_PASSWORD= MYSQL_ROOT_PASSWORD=@@pass@@mattermostroot@@p@@
POSTGRES_DB= MYSQL_DATABASE=@@db@@mattermost@@d@@
MYSQL_USER=@@user@@mattermost@@u@@
MYSQL_PASSWORD=@@pass@@mattermost@@p@@
POSTGRES_USER=@@user@@mattermost@@u@@
POSTGRES_PASSWORD=@@pass@@mattermost@@p@@
POSTGRES_DB=@@db@@mattermost@@d@@

13
secret.tmpl/env-mattermostServ
View File

@@ -1,4 +1,9 @@
MM_SQLSETTINGS_DATASOURCE=
MM_ADMIN_EMAIL= MM_ADMIN_EMAIL=@@globalvar@@matterHost@@gv@@@@@globalvar@@domain@@gv@@
MM_ADMIN_USER= MM_ADMIN_USER=@@user@@mattermost2@@u@@
MM_ADMIN_PASSWORD= MM_ADMIN_PASSWORD=@@pass@@mattermost2@@p@@
MM_SQLSETTINGS_DRIVERNAME=postgres
MM_SQLSETTINGS_DATASOURCE=postgres://@@user@@mattermost@@u@@:@@pass@@mattermost@@p@@@postgres:5432/@@db@@mattermost@@d@@?sslmode=disable&connect_timeout=10

6
secret.tmpl/env-mobilizonDB
View File

@@ -1,4 +1,4 @@
# Database settings # Database settings
POSTGRES_USER= POSTGRES_USER=@@user@@mobilizon@@u@@
POSTGRES_PASSWORD= POSTGRES_PASSWORD=@@pass@@mobilizon@@p@@
POSTGRES_DB= POSTGRES_DB=@@db@@mobilizon@@d@@

6
secret.tmpl/env-mobilizonServ
View File

@@ -18,9 +18,9 @@ MOBILIZON_SMTP_USERNAME=
MOBILIZON_SMTP_PASSWORD= MOBILIZON_SMTP_PASSWORD=
MOBILIZON_SMTP_SSL= MOBILIZON_SMTP_SSL=
MOBILIZON_DATABASE_USERNAME= MOBILIZON_DATABASE_USERNAME=@@user@@mobilizon@@u@@
MOBILIZON_DATABASE_PASSWORD= MOBILIZON_DATABASE_PASSWORD=@@pass@@mobilizon@@p@@
MOBILIZON_DATABASE_DBNAME= MOBILIZON_DATABASE_DBNAME=@@db@@mobilizon@@d@@
# LDAP # LDAP
MOBILIZON_LDAP_BINDUID= MOBILIZON_LDAP_BINDUID=

12
secret.tmpl/env-nextcloudDB
View File

@@ -1,8 +1,8 @@
MYSQL_ROOT_PASSWORD= MYSQL_ROOT_PASSWORD=@@pass@@nextcloudroot@@p@@
MYSQL_DATABASE= MYSQL_DATABASE=@@db@@nextcloud@@d@@
MYSQL_USER= MYSQL_USER=@@user@@nextcloud@@u@@
MYSQL_PASSWORD= MYSQL_PASSWORD=@@pass@@nextcloud@@p@@
NC_MYSQL_USER= #NC_MYSQL_USER=
NC_MYSQL_PASSWORD= #NC_MYSQL_PASSWORD=

8
secret.tmpl/env-nextcloudServ
View File

@@ -1,5 +1,5 @@
NEXTCLOUD_ADMIN_USER= NEXTCLOUD_ADMIN_USER=@@user@@nextcloudadmin@@u@@
NEXTCLOUD_ADMIN_PASSWORD= NEXTCLOUD_ADMIN_PASSWORD=@@pass@@nextcloudadmin@@p@@
MYSQL_HOST= MYSQL_HOST=db
RAIN_LOOP= RAIN_LOOP=@@pass@@rainloop@@p@@

4
secret.tmpl/env-officeServ
View File

@@ -1,3 +1,3 @@
username= username=@@user@@office@@u@@
password= password=@@pass@@office@@p@@

2
secret.tmpl/env-paheko Normal file
View File

@@ -0,0 +1,2 @@
API_USER=@@user@@pahekoapi@@u@@
API_PASSWORD=@@pass@@pahekoapi@@p@@

Some files were not shown because too many files have changed in this diff Show More