From 4672e0dfc352879c4cec519c7646d08dc84dbb07 Mon Sep 17 00:00:00 2001 From: Francois Lesueur Date: Fri, 23 Dec 2022 15:15:49 +0100 Subject: [PATCH] progress --- files/kaz.sh | 78 --------------------- files/provision.sh | 30 +++----- files/snster-kaz/isp-a/home/provision.sh | 10 +++ files/{ => snster-kaz/isp-a/home}/test.html | 0 4 files changed, 18 insertions(+), 100 deletions(-) delete mode 100755 files/kaz.sh rename files/{ => snster-kaz/isp-a/home}/test.html (100%) diff --git a/files/kaz.sh b/files/kaz.sh deleted file mode 100755 index 84d74a3..0000000 --- a/files/kaz.sh +++ /dev/null @@ -1,78 +0,0 @@ -#!/bin/bash -if [ -z "${KAZGUARD}" ] ; then - exit 1 -fi - -DIR=$(cd "$(dirname $0)"; pwd) -cd "${DIR}" -set -e -export VAGRANT_SRC_DIR=/vagrant/files - -mkdir -p "${VAGRANT_SRC_DIR}/log/" -export DebugLog="${VAGRANT_SRC_DIR}/log/log-kaz-$(date +%y-%m-%d-%T)-" -( - echo "########## ********** Start kaz.sh $(date +%D-%T)" - #pour la résolution de noms dans /etc/hosts - SERVICES_LIST="smtp mail ldap www depot tableur pad webmail sondage garradin test-garradin wiki git agora cloud office cachet quotas" - - docker-clean -a - rm -rf /kaz - - if [ -z "${KAZBRANCH}" ] ; then - KAZBRANCH="master" - fi - echo -e "\n #### git checkout ${KAZBRANCH}\n" - - - # copie des sources - cd / - [ -f kaz ] || git clone https://git.kaz.bzh/KAZ/kaz.git - (cd /kaz ; git checkout "${KAZBRANCH}" ) - find /kaz -name \*.sh -exec chmod a+x {} \; - - # pour ceux qui disposent d'un cache apt local et pas la fibre - if [ -f "${VAGRANT_SRC_DIR}/.apt-mirror-config" ]; then - rsync -a "${VAGRANT_SRC_DIR}/.apt-mirror-config" /kaz/ - fi - if [ -f "${VAGRANT_SRC_DIR}/.proxy-config" ]; then - rsync -a "${VAGRANT_SRC_DIR}/.proxy-config" /etc/profile.d/proxy.sh - rsync -a "${VAGRANT_SRC_DIR}/.proxy-config" /kaz/ - fi - if [ -f "${VAGRANT_SRC_DIR}/.docker-config.json" ]; then - mkdir -p /root/.docker - rsync -a "${VAGRANT_SRC_DIR}/.docker-config.json" /root/.docker/config.json - fi - - - - echo -e "\n #### rsync download\n" - [ -d "${VAGRANT_SRC_DIR}/kaz/download" ] && - rsync -a "${VAGRANT_SRC_DIR}/kaz/download/" /kaz/download/ - [ -d "${VAGRANT_SRC_DIR}/kaz/git" ] && - rsync -a "${VAGRANT_SRC_DIR}/kaz/git/" /kaz/git/ - [ -f "${VAGRANT_SRC_DIR}/kaz/config/dockers.env" ] && - [ ! -f "/kaz/config/dockers.env" ] && - rsync -a "${VAGRANT_SRC_DIR}/kaz/config/dockers.env" /kaz/config/dockers.env - for type in mail orga proxy withMail withoutMail ; do - [ -f "${VAGRANT_SRC_DIR}/kaz/config/container-${type}.list" ] && - [ ! -f "/kaz/config/config/container-${type}.list" ] && - rsync -a "${VAGRANT_SRC_DIR}/kaz/config/container-${type}.list" /kaz/config/ - done - - echo -e "\n #### secretGen\n" - /kaz/bin/secretGen.sh - - #possibilité de lancer vagrant up NOKAZ="true" quand on construit la machine - if [ "${NOKAZ}" == "true" ]; then - echo "on ne lance pas install.sh" - else - echo "on lance install.sh" - /kaz/bin/install.sh - fi - - # clear apt cache - DEBIAN_FRONTEND=noninteractive apt-get autoremove -y - DEBIAN_FRONTEND=noninteractive apt-get clean - - echo "########## ********** End kaz.sh $(date +%D-%T)" -) > >(tee ${DebugLog}stdout.log) 2> >(tee ${DebugLog}stderr.log >&2) diff --git a/files/provision.sh b/files/provision.sh index 68849e3..5499b5a 100755 --- a/files/provision.sh +++ b/files/provision.sh @@ -162,27 +162,13 @@ EOF export CAROOT=/etc/letsencrypt/local/ /root/mkcert/mkcert -install # CA dans /etc/letsencrypt/local/ cd "${CAROOT}" - /root/mkcert/mkcert "*.kaz.milxc" # cert et clé dans /etc/letsencrypt/local/ + /root/mkcert/mkcert "*.kaz.sns" # cert et clé dans /etc/letsencrypt/local/ - mkdir -p /etc/letsencrypt/live/kaz.milxc/ - ln -s ../../local/_wildcard.kaz.milxc.pem /etc/letsencrypt/live/kaz.milxc/fullchain.pem - ln -s ../../local/_wildcard.kaz.milxc-key.pem /etc/letsencrypt/live/kaz.milxc/privkey.pem + mkdir -p /etc/letsencrypt/live/kaz.sns/ + ln -s ../../local/_wildcard.kaz.sns.pem /etc/letsencrypt/live/kaz.sns/fullchain.pem + ln -s ../../local/_wildcard.kaz.sns-key.pem /etc/letsencrypt/live/kaz.sns/privkey.pem fi - # Essai pour faire accepter la CA à FFOX dès le début - # Add to Firefox store - if [ ! -f /usr/lib/firefox-esr/distribution/policies.json ]; then - cat > /usr/lib/firefox-esr/distribution/policies.json << EOF -{ - "policies": { - "Certificates": { - "ImportEnterpriseRoots": true, - "Install": ["/etc/letsencrypt/local/rootCA.pem"] - } - } -} -EOF - fi #***********FIN CERTIF******************* @@ -211,10 +197,10 @@ EOF # On crée quelques mails SETUP_MAIL="docker exec -ti mailServ setup" - snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x "${SETUP_MAIL} email add contact1@kaz.milxc toto" - snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x "${SETUP_MAIL} email add contact2@kaz.milxc toto" - snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x "${SETUP_MAIL} email add contact3@kaz.milxc toto" - snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x "${SETUP_MAIL} email add contact4@kaz.milxc toto" + snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x "${SETUP_MAIL} email add contact1@kaz.sns toto" + snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x "${SETUP_MAIL} email add contact2@kaz.sns toto" + snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x "${SETUP_MAIL} email add contact3@kaz.sns toto" + snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x "${SETUP_MAIL} email add contact4@kaz.sns toto" echo "########## ********** End Vagrant $(date +%D-%T)" diff --git a/files/snster-kaz/isp-a/home/provision.sh b/files/snster-kaz/isp-a/home/provision.sh index a329a8d..4af0fdd 100644 --- a/files/snster-kaz/isp-a/home/provision.sh +++ b/files/snster-kaz/isp-a/home/provision.sh @@ -28,3 +28,13 @@ if [ -d letsencrypt ]; then cp /etc/letsencrypt/local/rootCA.pem /usr/local/share/ca-certificates/rootCA.crt /usr/sbin/update-ca-certificates --fresh fi + +# Add to Firefox store +echo -e '{ + "policies": { + "Certificates": { + "ImportEnterpriseRoots": true, + "Install": ["/etc/ssl/certs/rootCA.pem"] + } + } +}' > /usr/lib/firefox-esr/distribution/policies.json diff --git a/files/test.html b/files/snster-kaz/isp-a/home/test.html similarity index 100% rename from files/test.html rename to files/snster-kaz/isp-a/home/test.html