pleins de super mises à jour :)
This commit is contained in:
parent
da3341bb2e
commit
d9cef67dd4
@ -1,8 +1,8 @@
|
||||
[servers]
|
||||
#vandamme.jean-cloud.net
|
||||
#nougaro.jean-cloud.net
|
||||
tetede.jean-cloud.net
|
||||
#carcasse.jean-cloud.net
|
||||
#vandamme.jean-cloud.org
|
||||
#nougaro.jean-cloud.org
|
||||
tetede.jean-cloud.org
|
||||
#carcasse.jean-cloud.org
|
||||
#benevoles.karnaval.fr
|
||||
montbonnot.jean-cloud.net
|
||||
max.jean-cloud.net
|
||||
#montbonnot.jean-cloud.org
|
||||
max.jean-cloud.org
|
||||
|
@ -72,6 +72,9 @@ for dir in /docker/* ; do
|
||||
[ "${service::1}" == '_' ] && continue
|
||||
[ ! -d "$dir" ] && continue
|
||||
|
||||
export DATA_DIR="/data/$service"
|
||||
mkdir -p "$DATA_DIR"
|
||||
|
||||
docker_service="$(echo "$service" | tr '.' '_')"
|
||||
driglibash_section_prefix="[$service] "
|
||||
cd "/docker/$service"
|
||||
|
@ -25,9 +25,8 @@ repeat() {
|
||||
|
||||
# Output a "section title" to visually separate different script part
|
||||
# TODO local variables
|
||||
# TODO fixed place left aligned
|
||||
section(){
|
||||
text="$driglibash_section_prefix$1"
|
||||
text="\033[00;36m$driglibash_section_prefix\033[0m$1"
|
||||
if [ -n "$text" ] ; then
|
||||
len="${#text}"
|
||||
max_len="$(($(tput cols)-2))"
|
||||
@ -35,8 +34,8 @@ section(){
|
||||
right=5
|
||||
left=5
|
||||
else
|
||||
left="$((($max_len - $len)/2))"
|
||||
right="$left"
|
||||
left=4
|
||||
right="$(($max_len - $len - left))"
|
||||
fi
|
||||
else
|
||||
left=80
|
||||
@ -50,7 +49,7 @@ section(){
|
||||
|
||||
repeat '=' "$left"
|
||||
if [ "$right" -ge 1 ] ; then
|
||||
echo -n " $text "
|
||||
echo -ne " $text "
|
||||
repeat '=' "$right"
|
||||
echo
|
||||
fi
|
||||
|
@ -1,14 +1,14 @@
|
||||
$TTL 604800
|
||||
@ IN SOA ns1.jean-cloud.net. contact.jean-cloud.org. (
|
||||
2023042400 ; Serial
|
||||
@ IN SOA max.jean-cloud.org. contact.jean-cloud.org. (
|
||||
2023051101 ; Serial
|
||||
7200 ; Refresh
|
||||
7200 ; Retry
|
||||
2419200 ; Expire
|
||||
7200 ) ; Negative Cache TTL
|
||||
|
||||
; NS
|
||||
@ IN NS ns1.jean-cloud.net.
|
||||
@ IN NS ns2.jean-cloud.net.
|
||||
@ IN NS max.jean-cloud.org.
|
||||
@ IN NS tetede.jean-cloud.org.
|
||||
@ IN NS ns1.he.net.
|
||||
@ IN NS ns2.he.net.
|
||||
@ IN NS ns3.he.net.
|
||||
@ -18,20 +18,21 @@ $TTL 604800
|
||||
@ IN A 51.255.33.248
|
||||
@ IN A 82.65.204.254
|
||||
|
||||
|
||||
@ 10800 IN MX 10 spool.mail.gandi.net.
|
||||
@ 10800 IN MX 50 fb.mail.gandi.net.
|
||||
@ 10800 IN TXT "v=spf1 include:_mailcust.gandi.net ?all"
|
||||
|
||||
|
||||
; Resolving nameserver
|
||||
ns1 IN A 51.255.33.248
|
||||
ns2 IN A 172.104.154.21
|
||||
ns2 IN A 51.255.33.248
|
||||
ns1 IN A 82.65.204.254
|
||||
|
||||
;mail IN CNAME vandamme
|
||||
webmail IN CNAME vandamme
|
||||
vimbadmin IN CNAME vandamme
|
||||
|
||||
www IN CNAME vandamme
|
||||
www IN CNAME jean-cloud.org.
|
||||
|
||||
; Naming nodes
|
||||
vandamme IN A 51.255.33.248
|
||||
@ -46,9 +47,6 @@ nougaro IN AAAA 2a01:7e01::f03c:92ff:fecf:e815
|
||||
tetede IN AAAA 2001:41d0:701:1100::31f
|
||||
tetede IN A 51.195.40.128
|
||||
|
||||
carcasse IN A 109.18.84.200
|
||||
carcasse IN AAAA 2a02:8434:1633:df01:adf9:74c3:b444:262f
|
||||
|
||||
heart IN A 109.18.84.200
|
||||
|
||||
max IN A 82.65.204.254
|
||||
@ -60,88 +58,83 @@ montbonnot IN AAAA 2a06:98c1:3120::2
|
||||
montbonnot IN AAAA 2a06:98c1:3121::2
|
||||
|
||||
|
||||
; Carcasse
|
||||
dumbcluster IN A 109.18.84.200
|
||||
dumbcluster IN AAAA 2a02:8434:1633:df01:226:2dff:fe11:56af
|
||||
; Tetede
|
||||
dumbcluster IN A 51.195.40.128
|
||||
dumbcluster IN AAAA 2001:41d0:701:1100::31f
|
||||
|
||||
; services
|
||||
|
||||
nuage IN CNAME vandamme
|
||||
www.nuage IN CNAME vandamme
|
||||
calc.nuage IN CNAME vandamme
|
||||
pad.nuage IN CNAME vandamme
|
||||
nuage IN CNAME vandamme.jean-cloud.org.
|
||||
www.nuage IN CNAME vandamme.jean-cloud.org.
|
||||
calc.nuage IN CNAME vandamme.jean-cloud.org.
|
||||
pad.nuage IN CNAME vandamme.jean-cloud.org.
|
||||
|
||||
feteducourt IN CNAME vandamme
|
||||
www.feteducourt IN CNAME vandamme
|
||||
feteducourt2020 IN CNAME vandamme
|
||||
www.feteducourt2020 IN CNAME vandamme
|
||||
feteducourt IN CNAME vandamme.jean-cloud.org.
|
||||
www.feteducourt IN CNAME vandamme.jean-cloud.org.
|
||||
feteducourt2020 IN CNAME vandamme.jean-cloud.org.
|
||||
www.feteducourt2020 IN CNAME vandamme.jean-cloud.org.
|
||||
|
||||
git IN CNAME vandamme
|
||||
www.git IN CNAME vandamme
|
||||
git IN CNAME vandamme.jean-cloud.org.
|
||||
www.git IN CNAME vandamme.jean-cloud.org.
|
||||
|
||||
wiki-cgr IN CNAME vandamme
|
||||
www.wiki-cgr IN CNAME vandamme
|
||||
parsoid-wiki-cgr IN CNAME vandamme
|
||||
www.parsoid-wiki-cgr IN CNAME vandamme
|
||||
wiki-cgr IN CNAME vandamme.jean-cloud.org.
|
||||
www.wiki-cgr IN CNAME vandamme.jean-cloud.org.
|
||||
parsoid-wiki-cgr IN CNAME vandamme.jean-cloud.org.
|
||||
www.parsoid-wiki-cgr IN CNAME vandamme.jean-cloud.org.
|
||||
|
||||
cousinades IN CNAME vandamme
|
||||
www.cousinades IN CNAME vandamme
|
||||
cousinades IN CNAME vandamme.jean-cloud.org.
|
||||
www.cousinades IN CNAME vandamme.jean-cloud.org.
|
||||
|
||||
cousinadesi2 IN CNAME vandamme
|
||||
www.cousinades2 IN CNAME vandamme
|
||||
cousinadesi2 IN CNAME vandamme.jean-cloud.org.
|
||||
www.cousinades2 IN CNAME vandamme.jean-cloud.org.
|
||||
|
||||
velov IN CNAME vandamme
|
||||
www.velov IN CNAME vandamme
|
||||
velov IN CNAME vandamme.jean-cloud.org.
|
||||
www.velov IN CNAME vandamme.jean-cloud.org.
|
||||
|
||||
registry IN CNAME vandamme
|
||||
www.registry IN CNAME vandamme
|
||||
registry IN CNAME vandamme.jean-cloud.org.
|
||||
www.registry IN CNAME vandamme.jean-cloud.org.
|
||||
|
||||
inurbe IN CNAME vandamme
|
||||
www.inurbe IN CNAME vandamme
|
||||
inurbe IN CNAME vandamme.jean-cloud.org.
|
||||
www.inurbe IN CNAME vandamme.jean-cloud.org.
|
||||
|
||||
gmx-webmail IN CNAME vandamme
|
||||
www.gmx-webmail IN CNAME vandamme
|
||||
gmx-webmail IN CNAME vandamme.jean-cloud.org.
|
||||
www.gmx-webmail IN CNAME vandamme.jean-cloud.org.
|
||||
|
||||
rpnow IN CNAME vandamme
|
||||
www.rpnow IN CNAME vandamme
|
||||
test.rpnow IN CNAME vandamme
|
||||
www.test.rpnow IN CNAME vandamme
|
||||
rpnow IN CNAME vandamme.jean-cloud.org.
|
||||
www.rpnow IN CNAME vandamme.jean-cloud.org.
|
||||
test.rpnow IN CNAME vandamme.jean-cloud.org.
|
||||
www.test.rpnow IN CNAME vandamme.jean-cloud.org.
|
||||
|
||||
lalis IN CNAME vandamme
|
||||
www.lalis IN CNAME vandamme
|
||||
lalis IN CNAME vandamme.jean-cloud.org.
|
||||
www.lalis IN CNAME vandamme.jean-cloud.org.
|
||||
|
||||
metamorphose IN CNAME vandamme
|
||||
www.metamorphose IN CNAME vandamme
|
||||
metamorphose IN CNAME vandamme.jean-cloud.org.
|
||||
www.metamorphose IN CNAME vandamme.jean-cloud.org.
|
||||
|
||||
static IN CNAME vandamme
|
||||
www.static IN CNAME vandamme
|
||||
static IN CNAME vandamme.jean-cloud.org.
|
||||
www.static IN CNAME vandamme.jean-cloud.org.
|
||||
|
||||
;educloud IN CNAME tetede
|
||||
;www.educloud IN CNAME tetede
|
||||
;educloud2 IN CNAME tetede
|
||||
;www.educloud2 IN CNAME tetede
|
||||
;educloud IN CNAME tetede.jean-cloud.org.
|
||||
;www.educloud IN CNAME tetede.jean-cloud.org.
|
||||
;educloud2 IN CNAME tetede.jean-cloud.org.
|
||||
;www.educloud2 IN CNAME tetede.jean-cloud.org.
|
||||
|
||||
copaines IN CNAME tetede
|
||||
www.copaines IN CNAME tetede
|
||||
wordpress.copaines IN CNAME tetede
|
||||
www.wordpress.copaines IN CNAME tetede
|
||||
copaines IN CNAME tetede.jean-cloud.org.
|
||||
www.copaines IN CNAME tetede.jean-cloud.org.
|
||||
wordpress.copaines IN CNAME tetede.jean-cloud.org.
|
||||
www.wordpress.copaines IN CNAME tetede.jean-cloud.org.
|
||||
|
||||
feministesucl34 IN CNAME tetede
|
||||
www.feministesucl34 IN CNAME tetede
|
||||
wordpress.feministesucl34 IN CNAME tetede
|
||||
www.wordpress.feministesucl34 IN CNAME tetede
|
||||
feministesucl34 IN CNAME tetede.jean-cloud.org.
|
||||
www.feministesucl34 IN CNAME tetede.jean-cloud.org.
|
||||
wordpress.feministesucl34 IN CNAME tetede.jean-cloud.org.
|
||||
www.wordpress.feministesucl34 IN CNAME tetede.jean-cloud.org.
|
||||
|
||||
tracker IN CNAME tetede
|
||||
tracker IN CNAME tetede.jean-cloud.org.
|
||||
|
||||
raplacgr IN CNAME tetede
|
||||
raplacgr IN CNAME tetede.jean-cloud.org.
|
||||
|
||||
walou IN CNAME dumbcluster
|
||||
walou IN CNAME dumbcluster.jean-cloud.org.
|
||||
|
||||
nc-backup IN CNAME tetede
|
||||
nc-backup IN CNAME tetede.jean-cloud.org.
|
||||
|
||||
gypsy IN CNAME tetede
|
||||
gypsy IN CNAME tetede.jean-cloud.org.
|
||||
|
||||
shlago.wireguard.jean-cloud.net IN CNAME teted
|
||||
shlago.wireguard.jean-cloud.net IN CNAME tetede.jean-cloud.org.
|
||||
|
||||
lexicographe IN CNAME max.jean-cloud.org.
|
||||
|
@ -1,20 +1,56 @@
|
||||
$TTL 604800
|
||||
@ IN SOA ns1.jean-cloud.net. contact.jean-cloud.org. (
|
||||
2021060600 ; Serial
|
||||
@ IN SOA max.jean-cloud.org. contact.jean-cloud.org. (
|
||||
2023051100 ; Serial
|
||||
604800 ; Refresh
|
||||
86400 ; Retry
|
||||
2419200 ; Expire
|
||||
604800 ) ; Negative Cache TTL
|
||||
|
||||
@ IN NS ns1.jean-cloud.net.
|
||||
@ IN NS ns2.jean-cloud.net.
|
||||
|
||||
@ IN NS max
|
||||
@ IN NS tetede
|
||||
|
||||
@ IN A 51.255.33.248
|
||||
@ IN A 82.65.204.254
|
||||
|
||||
; NS
|
||||
;ns1 IN CNAME vandamme
|
||||
ns2 IN A 82.65.204.254
|
||||
ns3 IN A 51.195.40.128
|
||||
|
||||
; Mails
|
||||
@ 10800 IN MX 10 spool.mail.gandi.net.
|
||||
@ 10800 IN MX 50 fb.mail.gandi.net.
|
||||
@ 10800 IN TXT "v=spf1 include:_mailcust.gandi.net ?all"
|
||||
_imap._tcp 10800 IN SRV 0 0 0 .
|
||||
_imaps._tcp 10800 IN SRV 0 1 993 mail.gandi.net.
|
||||
_pop3._tcp 10800 IN SRV 0 0 0 .
|
||||
_pop3s._tcp 10800 IN SRV 10 1 995 mail.gandi.net.
|
||||
_submission._tcp 10800 IN SRV 0 1 465 mail.gandi.net.
|
||||
|
||||
ns1 IN A 51.255.33.248
|
||||
gm1._domainkey 10800 IN CNAME gm1.gandimail.net.
|
||||
gm2._domainkey 10800 IN CNAME gm2.gandimail.net.
|
||||
gm3._domainkey 10800 IN CNAME gm3.gandimail.net.
|
||||
|
||||
; Website classics
|
||||
webmail 10800 IN CNAME webmail.gandi.net.
|
||||
www 10800 IN CNAME jean-cloud.org.
|
||||
|
||||
; Machines
|
||||
vandamme IN A 51.255.33.248
|
||||
|
||||
nougaro IN A 172.104.154.21
|
||||
nougaro IN AAAA 2a01:7e01::f03c:92ff:fecf:e815
|
||||
|
||||
tetede IN A 51.195.40.128
|
||||
tetede IN AAAA 2001:41d0:701:1100::31f
|
||||
|
||||
heart IN A 109.18.84.200
|
||||
|
||||
max IN A 82.65.204.254
|
||||
max IN AAAA 2a01:e0a:c9d:81d0:a2b3:ccff:fe85:af97
|
||||
|
||||
montbonnot IN A 188.114.97.2
|
||||
montbonnot IN A 188.114.96.2
|
||||
montbonnot IN AAAA 2a06:98c1:3120::2
|
||||
montbonnot IN AAAA 2a06:98c1:3121::2
|
||||
|
||||
|
@ -29,7 +29,7 @@
|
||||
|
||||
- name: Install some softwares
|
||||
apt:
|
||||
name: ['bind9', 'certbot', 'dnsutils', 'git', 'gnupg2', 'htop', 'netcat-openbsd', 'nginx', 'rsync', 'screen', 'sshfs', 'vim', 'wget', 'zip']
|
||||
name: ['bind9', 'certbot', 'curl', 'dnsutils', 'git', 'gnupg2', 'htop', 'netcat-openbsd', 'nginx', 'rsync', 'screen', 'sshfs', 'traceroute', 'vim', 'wget', 'zip']
|
||||
state: latest
|
||||
|
||||
# TODO disable certbot and certbot.timer services. We are using our own
|
||||
|
11
services/jean-cloud.net/install.sh
Normal file
11
services/jean-cloud.net/install.sh
Normal file
@ -0,0 +1,11 @@
|
||||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
|
||||
start() {
|
||||
podman pull docker.io/jeancloud/pelican-rclone-builder
|
||||
podman run -i --rm --env-file "$DATA_DIR/.env" -v "$DATA_DIR:/usr/local/app" docker.io/jeancloud/pelican-rclone-builder
|
||||
}
|
||||
|
||||
restart () {
|
||||
start
|
||||
}
|
@ -4,7 +4,7 @@ server {
|
||||
ssl_certificate /etc/letsencrypt/live/jean-cloud.net/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/jean-cloud.net/privkey.pem;
|
||||
server_name jean-cloud.net www.jean-cloud.net jean-cloud.org www.jean-cloud.org;
|
||||
root /data/jean-cloud.net/public;
|
||||
root /data/jean-cloud.net/output;
|
||||
|
||||
# Security headers
|
||||
# We can create a file with the base security headers and include it.
|
||||
|
2
services/lexicographe.jean-cloud.net/docker-compose.yml
Executable file
2
services/lexicographe.jean-cloud.net/docker-compose.yml
Executable file
@ -0,0 +1,2 @@
|
||||
version: '3'
|
||||
|
12
services/lexicographe.jean-cloud.net/install.sh
Executable file
12
services/lexicographe.jean-cloud.net/install.sh
Executable file
@ -0,0 +1,12 @@
|
||||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
|
||||
start() {
|
||||
mkdir -p "$DATA_DIR/git"
|
||||
podman pull docker.io/jeancloud/pelican-rclone-builder
|
||||
podman run -i --rm --env-file "$DATA_DIR/.env" -v "$DATA_DIR/git:/usr/local/app" docker.io/jeancloud/pelican-rclone-builder
|
||||
}
|
||||
|
||||
restart () {
|
||||
start
|
||||
}
|
24
services/lexicographe.jean-cloud.net/nginx_server.conf
Executable file
24
services/lexicographe.jean-cloud.net/nginx_server.conf
Executable file
@ -0,0 +1,24 @@
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl_certificate /etc/letsencrypt/live/lexicographe.jean-cloud.net/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/lexicographe.jean-cloud.net/privkey.pem;
|
||||
server_name lexicographe.jean-cloud.net;
|
||||
root /data/lexicographe.jean-cloud.net/git/output;
|
||||
|
||||
# Security headers
|
||||
# We can create a file with the base security headers and include it.
|
||||
# Will it be possible to overload them then ?
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||
add_header Content-Security-Policy "default-src 'none';frame-ancestors 'none'; script-src 'self' https://unpkg.jean-cloud.net; img-src 'self'; font-src 'self'; object-src 'none'; style-src 'self' https://unpkg.jean-cloud.net; base-uri 'self'; form-action 'self' 'https://mailer.jean-cloud.net';" always;
|
||||
add_header X-Content-Type-Options "nosniff";
|
||||
add_header X-Frame-Options SAMEORIGIN always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
add_header Referrer-Policy "strict-origin-when-cross-origin";
|
||||
add_header Permissions-Policy "geolocation='none';midi='none';notifications='none';push='none';sync-xhr='https://mailer.jean-cloud.net';microphone='none';camera='none';magnetometer='none';gyroscope='none';speaker='self';vibrate='none';fullscreen='self';payment='none';";
|
||||
|
||||
location / {
|
||||
index index.html;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user