This commit is contained in:
Francois Lesueur 2022-12-23 15:15:49 +01:00
parent 5e5fd1b19a
commit 4672e0dfc3
4 changed files with 18 additions and 100 deletions

View File

@ -1,78 +0,0 @@
#!/bin/bash
if [ -z "${KAZGUARD}" ] ; then
exit 1
fi
DIR=$(cd "$(dirname $0)"; pwd)
cd "${DIR}"
set -e
export VAGRANT_SRC_DIR=/vagrant/files
mkdir -p "${VAGRANT_SRC_DIR}/log/"
export DebugLog="${VAGRANT_SRC_DIR}/log/log-kaz-$(date +%y-%m-%d-%T)-"
(
echo "########## ********** Start kaz.sh $(date +%D-%T)"
#pour la résolution de noms dans /etc/hosts
SERVICES_LIST="smtp mail ldap www depot tableur pad webmail sondage garradin test-garradin wiki git agora cloud office cachet quotas"
docker-clean -a
rm -rf /kaz
if [ -z "${KAZBRANCH}" ] ; then
KAZBRANCH="master"
fi
echo -e "\n #### git checkout ${KAZBRANCH}\n"
# copie des sources
cd /
[ -f kaz ] || git clone https://git.kaz.bzh/KAZ/kaz.git
(cd /kaz ; git checkout "${KAZBRANCH}" )
find /kaz -name \*.sh -exec chmod a+x {} \;
# pour ceux qui disposent d'un cache apt local et pas la fibre
if [ -f "${VAGRANT_SRC_DIR}/.apt-mirror-config" ]; then
rsync -a "${VAGRANT_SRC_DIR}/.apt-mirror-config" /kaz/
fi
if [ -f "${VAGRANT_SRC_DIR}/.proxy-config" ]; then
rsync -a "${VAGRANT_SRC_DIR}/.proxy-config" /etc/profile.d/proxy.sh
rsync -a "${VAGRANT_SRC_DIR}/.proxy-config" /kaz/
fi
if [ -f "${VAGRANT_SRC_DIR}/.docker-config.json" ]; then
mkdir -p /root/.docker
rsync -a "${VAGRANT_SRC_DIR}/.docker-config.json" /root/.docker/config.json
fi
echo -e "\n #### rsync download\n"
[ -d "${VAGRANT_SRC_DIR}/kaz/download" ] &&
rsync -a "${VAGRANT_SRC_DIR}/kaz/download/" /kaz/download/
[ -d "${VAGRANT_SRC_DIR}/kaz/git" ] &&
rsync -a "${VAGRANT_SRC_DIR}/kaz/git/" /kaz/git/
[ -f "${VAGRANT_SRC_DIR}/kaz/config/dockers.env" ] &&
[ ! -f "/kaz/config/dockers.env" ] &&
rsync -a "${VAGRANT_SRC_DIR}/kaz/config/dockers.env" /kaz/config/dockers.env
for type in mail orga proxy withMail withoutMail ; do
[ -f "${VAGRANT_SRC_DIR}/kaz/config/container-${type}.list" ] &&
[ ! -f "/kaz/config/config/container-${type}.list" ] &&
rsync -a "${VAGRANT_SRC_DIR}/kaz/config/container-${type}.list" /kaz/config/
done
echo -e "\n #### secretGen\n"
/kaz/bin/secretGen.sh
#possibilité de lancer vagrant up NOKAZ="true" quand on construit la machine
if [ "${NOKAZ}" == "true" ]; then
echo "on ne lance pas install.sh"
else
echo "on lance install.sh"
/kaz/bin/install.sh
fi
# clear apt cache
DEBIAN_FRONTEND=noninteractive apt-get autoremove -y
DEBIAN_FRONTEND=noninteractive apt-get clean
echo "########## ********** End kaz.sh $(date +%D-%T)"
) > >(tee ${DebugLog}stdout.log) 2> >(tee ${DebugLog}stderr.log >&2)

View File

@ -162,27 +162,13 @@ EOF
export CAROOT=/etc/letsencrypt/local/
/root/mkcert/mkcert -install # CA dans /etc/letsencrypt/local/
cd "${CAROOT}"
/root/mkcert/mkcert "*.kaz.milxc" # cert et clé dans /etc/letsencrypt/local/
/root/mkcert/mkcert "*.kaz.sns" # cert et clé dans /etc/letsencrypt/local/
mkdir -p /etc/letsencrypt/live/kaz.milxc/
ln -s ../../local/_wildcard.kaz.milxc.pem /etc/letsencrypt/live/kaz.milxc/fullchain.pem
ln -s ../../local/_wildcard.kaz.milxc-key.pem /etc/letsencrypt/live/kaz.milxc/privkey.pem
mkdir -p /etc/letsencrypt/live/kaz.sns/
ln -s ../../local/_wildcard.kaz.sns.pem /etc/letsencrypt/live/kaz.sns/fullchain.pem
ln -s ../../local/_wildcard.kaz.sns-key.pem /etc/letsencrypt/live/kaz.sns/privkey.pem
fi
# Essai pour faire accepter la CA à FFOX dès le début
# Add to Firefox store
if [ ! -f /usr/lib/firefox-esr/distribution/policies.json ]; then
cat > /usr/lib/firefox-esr/distribution/policies.json << EOF
{
"policies": {
"Certificates": {
"ImportEnterpriseRoots": true,
"Install": ["/etc/letsencrypt/local/rootCA.pem"]
}
}
}
EOF
fi
#***********FIN CERTIF*******************
@ -211,10 +197,10 @@ EOF
# On crée quelques mails
SETUP_MAIL="docker exec -ti mailServ setup"
snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x "${SETUP_MAIL} email add contact1@kaz.milxc toto"
snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x "${SETUP_MAIL} email add contact2@kaz.milxc toto"
snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x "${SETUP_MAIL} email add contact3@kaz.milxc toto"
snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x "${SETUP_MAIL} email add contact4@kaz.milxc toto"
snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x "${SETUP_MAIL} email add contact1@kaz.sns toto"
snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x "${SETUP_MAIL} email add contact2@kaz.sns toto"
snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x "${SETUP_MAIL} email add contact3@kaz.sns toto"
snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x "${SETUP_MAIL} email add contact4@kaz.sns toto"
echo "########## ********** End Vagrant $(date +%D-%T)"

View File

@ -28,3 +28,13 @@ if [ -d letsencrypt ]; then
cp /etc/letsencrypt/local/rootCA.pem /usr/local/share/ca-certificates/rootCA.crt
/usr/sbin/update-ca-certificates --fresh
fi
# Add to Firefox store
echo -e '{
"policies": {
"Certificates": {
"ImportEnterpriseRoots": true,
"Install": ["/etc/ssl/certs/rootCA.pem"]
}
}
}' > /usr/lib/firefox-esr/distribution/policies.json