pleins de super mises à jour :)
This commit is contained in:
parent
da3341bb2e
commit
d9cef67dd4
@ -1,8 +1,8 @@
|
|||||||
[servers]
|
[servers]
|
||||||
#vandamme.jean-cloud.net
|
#vandamme.jean-cloud.org
|
||||||
#nougaro.jean-cloud.net
|
#nougaro.jean-cloud.org
|
||||||
tetede.jean-cloud.net
|
tetede.jean-cloud.org
|
||||||
#carcasse.jean-cloud.net
|
#carcasse.jean-cloud.org
|
||||||
#benevoles.karnaval.fr
|
#benevoles.karnaval.fr
|
||||||
montbonnot.jean-cloud.net
|
#montbonnot.jean-cloud.org
|
||||||
max.jean-cloud.net
|
max.jean-cloud.org
|
||||||
|
@ -72,6 +72,9 @@ for dir in /docker/* ; do
|
|||||||
[ "${service::1}" == '_' ] && continue
|
[ "${service::1}" == '_' ] && continue
|
||||||
[ ! -d "$dir" ] && continue
|
[ ! -d "$dir" ] && continue
|
||||||
|
|
||||||
|
export DATA_DIR="/data/$service"
|
||||||
|
mkdir -p "$DATA_DIR"
|
||||||
|
|
||||||
docker_service="$(echo "$service" | tr '.' '_')"
|
docker_service="$(echo "$service" | tr '.' '_')"
|
||||||
driglibash_section_prefix="[$service] "
|
driglibash_section_prefix="[$service] "
|
||||||
cd "/docker/$service"
|
cd "/docker/$service"
|
||||||
|
@ -25,9 +25,8 @@ repeat() {
|
|||||||
|
|
||||||
# Output a "section title" to visually separate different script part
|
# Output a "section title" to visually separate different script part
|
||||||
# TODO local variables
|
# TODO local variables
|
||||||
# TODO fixed place left aligned
|
|
||||||
section(){
|
section(){
|
||||||
text="$driglibash_section_prefix$1"
|
text="\033[00;36m$driglibash_section_prefix\033[0m$1"
|
||||||
if [ -n "$text" ] ; then
|
if [ -n "$text" ] ; then
|
||||||
len="${#text}"
|
len="${#text}"
|
||||||
max_len="$(($(tput cols)-2))"
|
max_len="$(($(tput cols)-2))"
|
||||||
@ -35,8 +34,8 @@ section(){
|
|||||||
right=5
|
right=5
|
||||||
left=5
|
left=5
|
||||||
else
|
else
|
||||||
left="$((($max_len - $len)/2))"
|
left=4
|
||||||
right="$left"
|
right="$(($max_len - $len - left))"
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
left=80
|
left=80
|
||||||
@ -50,7 +49,7 @@ section(){
|
|||||||
|
|
||||||
repeat '=' "$left"
|
repeat '=' "$left"
|
||||||
if [ "$right" -ge 1 ] ; then
|
if [ "$right" -ge 1 ] ; then
|
||||||
echo -n " $text "
|
echo -ne " $text "
|
||||||
repeat '=' "$right"
|
repeat '=' "$right"
|
||||||
echo
|
echo
|
||||||
fi
|
fi
|
||||||
|
@ -1,14 +1,14 @@
|
|||||||
$TTL 604800
|
$TTL 604800
|
||||||
@ IN SOA ns1.jean-cloud.net. contact.jean-cloud.org. (
|
@ IN SOA max.jean-cloud.org. contact.jean-cloud.org. (
|
||||||
2023042400 ; Serial
|
2023051101 ; Serial
|
||||||
7200 ; Refresh
|
7200 ; Refresh
|
||||||
7200 ; Retry
|
7200 ; Retry
|
||||||
2419200 ; Expire
|
2419200 ; Expire
|
||||||
7200 ) ; Negative Cache TTL
|
7200 ) ; Negative Cache TTL
|
||||||
|
|
||||||
; NS
|
; NS
|
||||||
@ IN NS ns1.jean-cloud.net.
|
@ IN NS max.jean-cloud.org.
|
||||||
@ IN NS ns2.jean-cloud.net.
|
@ IN NS tetede.jean-cloud.org.
|
||||||
@ IN NS ns1.he.net.
|
@ IN NS ns1.he.net.
|
||||||
@ IN NS ns2.he.net.
|
@ IN NS ns2.he.net.
|
||||||
@ IN NS ns3.he.net.
|
@ IN NS ns3.he.net.
|
||||||
@ -18,20 +18,21 @@ $TTL 604800
|
|||||||
@ IN A 51.255.33.248
|
@ IN A 51.255.33.248
|
||||||
@ IN A 82.65.204.254
|
@ IN A 82.65.204.254
|
||||||
|
|
||||||
|
|
||||||
@ 10800 IN MX 10 spool.mail.gandi.net.
|
@ 10800 IN MX 10 spool.mail.gandi.net.
|
||||||
@ 10800 IN MX 50 fb.mail.gandi.net.
|
@ 10800 IN MX 50 fb.mail.gandi.net.
|
||||||
@ 10800 IN TXT "v=spf1 include:_mailcust.gandi.net ?all"
|
@ 10800 IN TXT "v=spf1 include:_mailcust.gandi.net ?all"
|
||||||
|
|
||||||
|
|
||||||
; Resolving nameserver
|
; Resolving nameserver
|
||||||
ns1 IN A 51.255.33.248
|
ns2 IN A 51.255.33.248
|
||||||
ns2 IN A 172.104.154.21
|
ns1 IN A 82.65.204.254
|
||||||
|
|
||||||
;mail IN CNAME vandamme
|
;mail IN CNAME vandamme
|
||||||
webmail IN CNAME vandamme
|
webmail IN CNAME vandamme
|
||||||
vimbadmin IN CNAME vandamme
|
vimbadmin IN CNAME vandamme
|
||||||
|
|
||||||
www IN CNAME vandamme
|
www IN CNAME jean-cloud.org.
|
||||||
|
|
||||||
; Naming nodes
|
; Naming nodes
|
||||||
vandamme IN A 51.255.33.248
|
vandamme IN A 51.255.33.248
|
||||||
@ -46,9 +47,6 @@ nougaro IN AAAA 2a01:7e01::f03c:92ff:fecf:e815
|
|||||||
tetede IN AAAA 2001:41d0:701:1100::31f
|
tetede IN AAAA 2001:41d0:701:1100::31f
|
||||||
tetede IN A 51.195.40.128
|
tetede IN A 51.195.40.128
|
||||||
|
|
||||||
carcasse IN A 109.18.84.200
|
|
||||||
carcasse IN AAAA 2a02:8434:1633:df01:adf9:74c3:b444:262f
|
|
||||||
|
|
||||||
heart IN A 109.18.84.200
|
heart IN A 109.18.84.200
|
||||||
|
|
||||||
max IN A 82.65.204.254
|
max IN A 82.65.204.254
|
||||||
@ -60,88 +58,83 @@ montbonnot IN AAAA 2a06:98c1:3120::2
|
|||||||
montbonnot IN AAAA 2a06:98c1:3121::2
|
montbonnot IN AAAA 2a06:98c1:3121::2
|
||||||
|
|
||||||
|
|
||||||
; Carcasse
|
|
||||||
dumbcluster IN A 109.18.84.200
|
|
||||||
dumbcluster IN AAAA 2a02:8434:1633:df01:226:2dff:fe11:56af
|
|
||||||
; Tetede
|
|
||||||
dumbcluster IN A 51.195.40.128
|
|
||||||
dumbcluster IN AAAA 2001:41d0:701:1100::31f
|
|
||||||
|
|
||||||
; services
|
; services
|
||||||
|
|
||||||
nuage IN CNAME vandamme
|
nuage IN CNAME vandamme.jean-cloud.org.
|
||||||
www.nuage IN CNAME vandamme
|
www.nuage IN CNAME vandamme.jean-cloud.org.
|
||||||
calc.nuage IN CNAME vandamme
|
calc.nuage IN CNAME vandamme.jean-cloud.org.
|
||||||
pad.nuage IN CNAME vandamme
|
pad.nuage IN CNAME vandamme.jean-cloud.org.
|
||||||
|
|
||||||
feteducourt IN CNAME vandamme
|
feteducourt IN CNAME vandamme.jean-cloud.org.
|
||||||
www.feteducourt IN CNAME vandamme
|
www.feteducourt IN CNAME vandamme.jean-cloud.org.
|
||||||
feteducourt2020 IN CNAME vandamme
|
feteducourt2020 IN CNAME vandamme.jean-cloud.org.
|
||||||
www.feteducourt2020 IN CNAME vandamme
|
www.feteducourt2020 IN CNAME vandamme.jean-cloud.org.
|
||||||
|
|
||||||
git IN CNAME vandamme
|
git IN CNAME vandamme.jean-cloud.org.
|
||||||
www.git IN CNAME vandamme
|
www.git IN CNAME vandamme.jean-cloud.org.
|
||||||
|
|
||||||
wiki-cgr IN CNAME vandamme
|
wiki-cgr IN CNAME vandamme.jean-cloud.org.
|
||||||
www.wiki-cgr IN CNAME vandamme
|
www.wiki-cgr IN CNAME vandamme.jean-cloud.org.
|
||||||
parsoid-wiki-cgr IN CNAME vandamme
|
parsoid-wiki-cgr IN CNAME vandamme.jean-cloud.org.
|
||||||
www.parsoid-wiki-cgr IN CNAME vandamme
|
www.parsoid-wiki-cgr IN CNAME vandamme.jean-cloud.org.
|
||||||
|
|
||||||
cousinades IN CNAME vandamme
|
cousinades IN CNAME vandamme.jean-cloud.org.
|
||||||
www.cousinades IN CNAME vandamme
|
www.cousinades IN CNAME vandamme.jean-cloud.org.
|
||||||
|
|
||||||
cousinadesi2 IN CNAME vandamme
|
cousinadesi2 IN CNAME vandamme.jean-cloud.org.
|
||||||
www.cousinades2 IN CNAME vandamme
|
www.cousinades2 IN CNAME vandamme.jean-cloud.org.
|
||||||
|
|
||||||
velov IN CNAME vandamme
|
velov IN CNAME vandamme.jean-cloud.org.
|
||||||
www.velov IN CNAME vandamme
|
www.velov IN CNAME vandamme.jean-cloud.org.
|
||||||
|
|
||||||
registry IN CNAME vandamme
|
registry IN CNAME vandamme.jean-cloud.org.
|
||||||
www.registry IN CNAME vandamme
|
www.registry IN CNAME vandamme.jean-cloud.org.
|
||||||
|
|
||||||
inurbe IN CNAME vandamme
|
inurbe IN CNAME vandamme.jean-cloud.org.
|
||||||
www.inurbe IN CNAME vandamme
|
www.inurbe IN CNAME vandamme.jean-cloud.org.
|
||||||
|
|
||||||
gmx-webmail IN CNAME vandamme
|
gmx-webmail IN CNAME vandamme.jean-cloud.org.
|
||||||
www.gmx-webmail IN CNAME vandamme
|
www.gmx-webmail IN CNAME vandamme.jean-cloud.org.
|
||||||
|
|
||||||
rpnow IN CNAME vandamme
|
rpnow IN CNAME vandamme.jean-cloud.org.
|
||||||
www.rpnow IN CNAME vandamme
|
www.rpnow IN CNAME vandamme.jean-cloud.org.
|
||||||
test.rpnow IN CNAME vandamme
|
test.rpnow IN CNAME vandamme.jean-cloud.org.
|
||||||
www.test.rpnow IN CNAME vandamme
|
www.test.rpnow IN CNAME vandamme.jean-cloud.org.
|
||||||
|
|
||||||
lalis IN CNAME vandamme
|
lalis IN CNAME vandamme.jean-cloud.org.
|
||||||
www.lalis IN CNAME vandamme
|
www.lalis IN CNAME vandamme.jean-cloud.org.
|
||||||
|
|
||||||
metamorphose IN CNAME vandamme
|
metamorphose IN CNAME vandamme.jean-cloud.org.
|
||||||
www.metamorphose IN CNAME vandamme
|
www.metamorphose IN CNAME vandamme.jean-cloud.org.
|
||||||
|
|
||||||
static IN CNAME vandamme
|
static IN CNAME vandamme.jean-cloud.org.
|
||||||
www.static IN CNAME vandamme
|
www.static IN CNAME vandamme.jean-cloud.org.
|
||||||
|
|
||||||
;educloud IN CNAME tetede
|
;educloud IN CNAME tetede.jean-cloud.org.
|
||||||
;www.educloud IN CNAME tetede
|
;www.educloud IN CNAME tetede.jean-cloud.org.
|
||||||
;educloud2 IN CNAME tetede
|
;educloud2 IN CNAME tetede.jean-cloud.org.
|
||||||
;www.educloud2 IN CNAME tetede
|
;www.educloud2 IN CNAME tetede.jean-cloud.org.
|
||||||
|
|
||||||
copaines IN CNAME tetede
|
copaines IN CNAME tetede.jean-cloud.org.
|
||||||
www.copaines IN CNAME tetede
|
www.copaines IN CNAME tetede.jean-cloud.org.
|
||||||
wordpress.copaines IN CNAME tetede
|
wordpress.copaines IN CNAME tetede.jean-cloud.org.
|
||||||
www.wordpress.copaines IN CNAME tetede
|
www.wordpress.copaines IN CNAME tetede.jean-cloud.org.
|
||||||
|
|
||||||
feministesucl34 IN CNAME tetede
|
feministesucl34 IN CNAME tetede.jean-cloud.org.
|
||||||
www.feministesucl34 IN CNAME tetede
|
www.feministesucl34 IN CNAME tetede.jean-cloud.org.
|
||||||
wordpress.feministesucl34 IN CNAME tetede
|
wordpress.feministesucl34 IN CNAME tetede.jean-cloud.org.
|
||||||
www.wordpress.feministesucl34 IN CNAME tetede
|
www.wordpress.feministesucl34 IN CNAME tetede.jean-cloud.org.
|
||||||
|
|
||||||
tracker IN CNAME tetede
|
tracker IN CNAME tetede.jean-cloud.org.
|
||||||
|
|
||||||
raplacgr IN CNAME tetede
|
raplacgr IN CNAME tetede.jean-cloud.org.
|
||||||
|
|
||||||
walou IN CNAME dumbcluster
|
walou IN CNAME dumbcluster.jean-cloud.org.
|
||||||
|
|
||||||
nc-backup IN CNAME tetede
|
nc-backup IN CNAME tetede.jean-cloud.org.
|
||||||
|
|
||||||
gypsy IN CNAME tetede
|
gypsy IN CNAME tetede.jean-cloud.org.
|
||||||
|
|
||||||
shlago.wireguard.jean-cloud.net IN CNAME teted
|
shlago.wireguard.jean-cloud.net IN CNAME tetede.jean-cloud.org.
|
||||||
|
|
||||||
|
lexicographe IN CNAME max.jean-cloud.org.
|
||||||
|
@ -1,20 +1,56 @@
|
|||||||
$TTL 604800
|
$TTL 604800
|
||||||
@ IN SOA ns1.jean-cloud.net. contact.jean-cloud.org. (
|
@ IN SOA max.jean-cloud.org. contact.jean-cloud.org. (
|
||||||
2021060600 ; Serial
|
2023051100 ; Serial
|
||||||
604800 ; Refresh
|
604800 ; Refresh
|
||||||
86400 ; Retry
|
86400 ; Retry
|
||||||
2419200 ; Expire
|
2419200 ; Expire
|
||||||
604800 ) ; Negative Cache TTL
|
604800 ) ; Negative Cache TTL
|
||||||
|
|
||||||
@ IN NS ns1.jean-cloud.net.
|
@ IN NS max
|
||||||
@ IN NS ns2.jean-cloud.net.
|
@ IN NS tetede
|
||||||
|
|
||||||
|
|
||||||
@ IN A 51.255.33.248
|
@ IN A 51.255.33.248
|
||||||
|
@ IN A 82.65.204.254
|
||||||
|
|
||||||
|
; NS
|
||||||
|
;ns1 IN CNAME vandamme
|
||||||
|
ns2 IN A 82.65.204.254
|
||||||
|
ns3 IN A 51.195.40.128
|
||||||
|
|
||||||
|
; Mails
|
||||||
@ 10800 IN MX 10 spool.mail.gandi.net.
|
@ 10800 IN MX 10 spool.mail.gandi.net.
|
||||||
@ 10800 IN MX 50 fb.mail.gandi.net.
|
@ 10800 IN MX 50 fb.mail.gandi.net.
|
||||||
@ 10800 IN TXT "v=spf1 include:_mailcust.gandi.net ?all"
|
@ 10800 IN TXT "v=spf1 include:_mailcust.gandi.net ?all"
|
||||||
|
_imap._tcp 10800 IN SRV 0 0 0 .
|
||||||
|
_imaps._tcp 10800 IN SRV 0 1 993 mail.gandi.net.
|
||||||
|
_pop3._tcp 10800 IN SRV 0 0 0 .
|
||||||
|
_pop3s._tcp 10800 IN SRV 10 1 995 mail.gandi.net.
|
||||||
|
_submission._tcp 10800 IN SRV 0 1 465 mail.gandi.net.
|
||||||
|
|
||||||
ns1 IN A 51.255.33.248
|
gm1._domainkey 10800 IN CNAME gm1.gandimail.net.
|
||||||
|
gm2._domainkey 10800 IN CNAME gm2.gandimail.net.
|
||||||
|
gm3._domainkey 10800 IN CNAME gm3.gandimail.net.
|
||||||
|
|
||||||
|
; Website classics
|
||||||
|
webmail 10800 IN CNAME webmail.gandi.net.
|
||||||
|
www 10800 IN CNAME jean-cloud.org.
|
||||||
|
|
||||||
|
; Machines
|
||||||
|
vandamme IN A 51.255.33.248
|
||||||
|
|
||||||
|
nougaro IN A 172.104.154.21
|
||||||
|
nougaro IN AAAA 2a01:7e01::f03c:92ff:fecf:e815
|
||||||
|
|
||||||
|
tetede IN A 51.195.40.128
|
||||||
|
tetede IN AAAA 2001:41d0:701:1100::31f
|
||||||
|
|
||||||
|
heart IN A 109.18.84.200
|
||||||
|
|
||||||
|
max IN A 82.65.204.254
|
||||||
|
max IN AAAA 2a01:e0a:c9d:81d0:a2b3:ccff:fe85:af97
|
||||||
|
|
||||||
|
montbonnot IN A 188.114.97.2
|
||||||
|
montbonnot IN A 188.114.96.2
|
||||||
|
montbonnot IN AAAA 2a06:98c1:3120::2
|
||||||
|
montbonnot IN AAAA 2a06:98c1:3121::2
|
||||||
|
|
||||||
|
@ -29,7 +29,7 @@
|
|||||||
|
|
||||||
- name: Install some softwares
|
- name: Install some softwares
|
||||||
apt:
|
apt:
|
||||||
name: ['bind9', 'certbot', 'dnsutils', 'git', 'gnupg2', 'htop', 'netcat-openbsd', 'nginx', 'rsync', 'screen', 'sshfs', 'vim', 'wget', 'zip']
|
name: ['bind9', 'certbot', 'curl', 'dnsutils', 'git', 'gnupg2', 'htop', 'netcat-openbsd', 'nginx', 'rsync', 'screen', 'sshfs', 'traceroute', 'vim', 'wget', 'zip']
|
||||||
state: latest
|
state: latest
|
||||||
|
|
||||||
# TODO disable certbot and certbot.timer services. We are using our own
|
# TODO disable certbot and certbot.timer services. We are using our own
|
||||||
|
11
services/jean-cloud.net/install.sh
Normal file
11
services/jean-cloud.net/install.sh
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
start() {
|
||||||
|
podman pull docker.io/jeancloud/pelican-rclone-builder
|
||||||
|
podman run -i --rm --env-file "$DATA_DIR/.env" -v "$DATA_DIR:/usr/local/app" docker.io/jeancloud/pelican-rclone-builder
|
||||||
|
}
|
||||||
|
|
||||||
|
restart () {
|
||||||
|
start
|
||||||
|
}
|
@ -4,7 +4,7 @@ server {
|
|||||||
ssl_certificate /etc/letsencrypt/live/jean-cloud.net/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/jean-cloud.net/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/jean-cloud.net/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/jean-cloud.net/privkey.pem;
|
||||||
server_name jean-cloud.net www.jean-cloud.net jean-cloud.org www.jean-cloud.org;
|
server_name jean-cloud.net www.jean-cloud.net jean-cloud.org www.jean-cloud.org;
|
||||||
root /data/jean-cloud.net/public;
|
root /data/jean-cloud.net/output;
|
||||||
|
|
||||||
# Security headers
|
# Security headers
|
||||||
# We can create a file with the base security headers and include it.
|
# We can create a file with the base security headers and include it.
|
||||||
|
2
services/lexicographe.jean-cloud.net/docker-compose.yml
Executable file
2
services/lexicographe.jean-cloud.net/docker-compose.yml
Executable file
@ -0,0 +1,2 @@
|
|||||||
|
version: '3'
|
||||||
|
|
12
services/lexicographe.jean-cloud.net/install.sh
Executable file
12
services/lexicographe.jean-cloud.net/install.sh
Executable file
@ -0,0 +1,12 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
start() {
|
||||||
|
mkdir -p "$DATA_DIR/git"
|
||||||
|
podman pull docker.io/jeancloud/pelican-rclone-builder
|
||||||
|
podman run -i --rm --env-file "$DATA_DIR/.env" -v "$DATA_DIR/git:/usr/local/app" docker.io/jeancloud/pelican-rclone-builder
|
||||||
|
}
|
||||||
|
|
||||||
|
restart () {
|
||||||
|
start
|
||||||
|
}
|
24
services/lexicographe.jean-cloud.net/nginx_server.conf
Executable file
24
services/lexicographe.jean-cloud.net/nginx_server.conf
Executable file
@ -0,0 +1,24 @@
|
|||||||
|
server {
|
||||||
|
listen 443 ssl http2;
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
ssl_certificate /etc/letsencrypt/live/lexicographe.jean-cloud.net/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/lexicographe.jean-cloud.net/privkey.pem;
|
||||||
|
server_name lexicographe.jean-cloud.net;
|
||||||
|
root /data/lexicographe.jean-cloud.net/git/output;
|
||||||
|
|
||||||
|
# Security headers
|
||||||
|
# We can create a file with the base security headers and include it.
|
||||||
|
# Will it be possible to overload them then ?
|
||||||
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||||
|
add_header Content-Security-Policy "default-src 'none';frame-ancestors 'none'; script-src 'self' https://unpkg.jean-cloud.net; img-src 'self'; font-src 'self'; object-src 'none'; style-src 'self' https://unpkg.jean-cloud.net; base-uri 'self'; form-action 'self' 'https://mailer.jean-cloud.net';" always;
|
||||||
|
add_header X-Content-Type-Options "nosniff";
|
||||||
|
add_header X-Frame-Options SAMEORIGIN always;
|
||||||
|
add_header X-XSS-Protection "1; mode=block" always;
|
||||||
|
add_header Referrer-Policy "strict-origin-when-cross-origin";
|
||||||
|
add_header Permissions-Policy "geolocation='none';midi='none';notifications='none';push='none';sync-xhr='https://mailer.jean-cloud.net';microphone='none';camera='none';magnetometer='none';gyroscope='none';speaker='self';vibrate='none';fullscreen='self';payment='none';";
|
||||||
|
|
||||||
|
location / {
|
||||||
|
index index.html;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user