pleins de super mises à jour :)

This commit is contained in:
Adrian Amaglio 2023-05-11 10:57:45 +02:00
parent da3341bb2e
commit d9cef67dd4
11 changed files with 172 additions and 92 deletions

View File

@ -1,8 +1,8 @@
[servers]
#vandamme.jean-cloud.net
#nougaro.jean-cloud.net
tetede.jean-cloud.net
#carcasse.jean-cloud.net
#vandamme.jean-cloud.org
#nougaro.jean-cloud.org
tetede.jean-cloud.org
#carcasse.jean-cloud.org
#benevoles.karnaval.fr
montbonnot.jean-cloud.net
max.jean-cloud.net
#montbonnot.jean-cloud.org
max.jean-cloud.org

View File

@ -72,6 +72,9 @@ for dir in /docker/* ; do
[ "${service::1}" == '_' ] && continue
[ ! -d "$dir" ] && continue
export DATA_DIR="/data/$service"
mkdir -p "$DATA_DIR"
docker_service="$(echo "$service" | tr '.' '_')"
driglibash_section_prefix="[$service] "
cd "/docker/$service"

View File

@ -25,9 +25,8 @@ repeat() {
# Output a "section title" to visually separate different script part
# TODO local variables
# TODO fixed place left aligned
section(){
text="$driglibash_section_prefix$1"
text="\033[00;36m$driglibash_section_prefix\033[0m$1"
if [ -n "$text" ] ; then
len="${#text}"
max_len="$(($(tput cols)-2))"
@ -35,8 +34,8 @@ section(){
right=5
left=5
else
left="$((($max_len - $len)/2))"
right="$left"
left=4
right="$(($max_len - $len - left))"
fi
else
left=80
@ -50,7 +49,7 @@ section(){
repeat '=' "$left"
if [ "$right" -ge 1 ] ; then
echo -n " $text "
echo -ne " $text "
repeat '=' "$right"
echo
fi

View File

@ -1,14 +1,14 @@
$TTL 604800
@ IN SOA ns1.jean-cloud.net. contact.jean-cloud.org. (
2023042400 ; Serial
@ IN SOA max.jean-cloud.org. contact.jean-cloud.org. (
2023051101 ; Serial
7200 ; Refresh
7200 ; Retry
2419200 ; Expire
7200 ) ; Negative Cache TTL
; NS
@ IN NS ns1.jean-cloud.net.
@ IN NS ns2.jean-cloud.net.
@ IN NS max.jean-cloud.org.
@ IN NS tetede.jean-cloud.org.
@ IN NS ns1.he.net.
@ IN NS ns2.he.net.
@ IN NS ns3.he.net.
@ -18,20 +18,21 @@ $TTL 604800
@ IN A 51.255.33.248
@ IN A 82.65.204.254
@ 10800 IN MX 10 spool.mail.gandi.net.
@ 10800 IN MX 50 fb.mail.gandi.net.
@ 10800 IN TXT "v=spf1 include:_mailcust.gandi.net ?all"
; Resolving nameserver
ns1 IN A 51.255.33.248
ns2 IN A 172.104.154.21
ns2 IN A 51.255.33.248
ns1 IN A 82.65.204.254
;mail IN CNAME vandamme
webmail IN CNAME vandamme
vimbadmin IN CNAME vandamme
www IN CNAME vandamme
www IN CNAME jean-cloud.org.
; Naming nodes
vandamme IN A 51.255.33.248
@ -46,9 +47,6 @@ nougaro IN AAAA 2a01:7e01::f03c:92ff:fecf:e815
tetede IN AAAA 2001:41d0:701:1100::31f
tetede IN A 51.195.40.128
carcasse IN A 109.18.84.200
carcasse IN AAAA 2a02:8434:1633:df01:adf9:74c3:b444:262f
heart IN A 109.18.84.200
max IN A 82.65.204.254
@ -60,88 +58,83 @@ montbonnot IN AAAA 2a06:98c1:3120::2
montbonnot IN AAAA 2a06:98c1:3121::2
; Carcasse
dumbcluster IN A 109.18.84.200
dumbcluster IN AAAA 2a02:8434:1633:df01:226:2dff:fe11:56af
; Tetede
dumbcluster IN A 51.195.40.128
dumbcluster IN AAAA 2001:41d0:701:1100::31f
; services
nuage IN CNAME vandamme
www.nuage IN CNAME vandamme
calc.nuage IN CNAME vandamme
pad.nuage IN CNAME vandamme
nuage IN CNAME vandamme.jean-cloud.org.
www.nuage IN CNAME vandamme.jean-cloud.org.
calc.nuage IN CNAME vandamme.jean-cloud.org.
pad.nuage IN CNAME vandamme.jean-cloud.org.
feteducourt IN CNAME vandamme
www.feteducourt IN CNAME vandamme
feteducourt2020 IN CNAME vandamme
www.feteducourt2020 IN CNAME vandamme
feteducourt IN CNAME vandamme.jean-cloud.org.
www.feteducourt IN CNAME vandamme.jean-cloud.org.
feteducourt2020 IN CNAME vandamme.jean-cloud.org.
www.feteducourt2020 IN CNAME vandamme.jean-cloud.org.
git IN CNAME vandamme
www.git IN CNAME vandamme
git IN CNAME vandamme.jean-cloud.org.
www.git IN CNAME vandamme.jean-cloud.org.
wiki-cgr IN CNAME vandamme
www.wiki-cgr IN CNAME vandamme
parsoid-wiki-cgr IN CNAME vandamme
www.parsoid-wiki-cgr IN CNAME vandamme
wiki-cgr IN CNAME vandamme.jean-cloud.org.
www.wiki-cgr IN CNAME vandamme.jean-cloud.org.
parsoid-wiki-cgr IN CNAME vandamme.jean-cloud.org.
www.parsoid-wiki-cgr IN CNAME vandamme.jean-cloud.org.
cousinades IN CNAME vandamme
www.cousinades IN CNAME vandamme
cousinades IN CNAME vandamme.jean-cloud.org.
www.cousinades IN CNAME vandamme.jean-cloud.org.
cousinadesi2 IN CNAME vandamme
www.cousinades2 IN CNAME vandamme
cousinadesi2 IN CNAME vandamme.jean-cloud.org.
www.cousinades2 IN CNAME vandamme.jean-cloud.org.
velov IN CNAME vandamme
www.velov IN CNAME vandamme
velov IN CNAME vandamme.jean-cloud.org.
www.velov IN CNAME vandamme.jean-cloud.org.
registry IN CNAME vandamme
www.registry IN CNAME vandamme
registry IN CNAME vandamme.jean-cloud.org.
www.registry IN CNAME vandamme.jean-cloud.org.
inurbe IN CNAME vandamme
www.inurbe IN CNAME vandamme
inurbe IN CNAME vandamme.jean-cloud.org.
www.inurbe IN CNAME vandamme.jean-cloud.org.
gmx-webmail IN CNAME vandamme
www.gmx-webmail IN CNAME vandamme
gmx-webmail IN CNAME vandamme.jean-cloud.org.
www.gmx-webmail IN CNAME vandamme.jean-cloud.org.
rpnow IN CNAME vandamme
www.rpnow IN CNAME vandamme
test.rpnow IN CNAME vandamme
www.test.rpnow IN CNAME vandamme
rpnow IN CNAME vandamme.jean-cloud.org.
www.rpnow IN CNAME vandamme.jean-cloud.org.
test.rpnow IN CNAME vandamme.jean-cloud.org.
www.test.rpnow IN CNAME vandamme.jean-cloud.org.
lalis IN CNAME vandamme
www.lalis IN CNAME vandamme
lalis IN CNAME vandamme.jean-cloud.org.
www.lalis IN CNAME vandamme.jean-cloud.org.
metamorphose IN CNAME vandamme
www.metamorphose IN CNAME vandamme
metamorphose IN CNAME vandamme.jean-cloud.org.
www.metamorphose IN CNAME vandamme.jean-cloud.org.
static IN CNAME vandamme
www.static IN CNAME vandamme
static IN CNAME vandamme.jean-cloud.org.
www.static IN CNAME vandamme.jean-cloud.org.
;educloud IN CNAME tetede
;www.educloud IN CNAME tetede
;educloud2 IN CNAME tetede
;www.educloud2 IN CNAME tetede
;educloud IN CNAME tetede.jean-cloud.org.
;www.educloud IN CNAME tetede.jean-cloud.org.
;educloud2 IN CNAME tetede.jean-cloud.org.
;www.educloud2 IN CNAME tetede.jean-cloud.org.
copaines IN CNAME tetede
www.copaines IN CNAME tetede
wordpress.copaines IN CNAME tetede
www.wordpress.copaines IN CNAME tetede
copaines IN CNAME tetede.jean-cloud.org.
www.copaines IN CNAME tetede.jean-cloud.org.
wordpress.copaines IN CNAME tetede.jean-cloud.org.
www.wordpress.copaines IN CNAME tetede.jean-cloud.org.
feministesucl34 IN CNAME tetede
www.feministesucl34 IN CNAME tetede
wordpress.feministesucl34 IN CNAME tetede
www.wordpress.feministesucl34 IN CNAME tetede
feministesucl34 IN CNAME tetede.jean-cloud.org.
www.feministesucl34 IN CNAME tetede.jean-cloud.org.
wordpress.feministesucl34 IN CNAME tetede.jean-cloud.org.
www.wordpress.feministesucl34 IN CNAME tetede.jean-cloud.org.
tracker IN CNAME tetede
tracker IN CNAME tetede.jean-cloud.org.
raplacgr IN CNAME tetede
raplacgr IN CNAME tetede.jean-cloud.org.
walou IN CNAME dumbcluster
walou IN CNAME dumbcluster.jean-cloud.org.
nc-backup IN CNAME tetede
nc-backup IN CNAME tetede.jean-cloud.org.
gypsy IN CNAME tetede
gypsy IN CNAME tetede.jean-cloud.org.
shlago.wireguard.jean-cloud.net IN CNAME teted
shlago.wireguard.jean-cloud.net IN CNAME tetede.jean-cloud.org.
lexicographe IN CNAME max.jean-cloud.org.

View File

@ -1,20 +1,56 @@
$TTL 604800
@ IN SOA ns1.jean-cloud.net. contact.jean-cloud.org. (
2021060600 ; Serial
@ IN SOA max.jean-cloud.org. contact.jean-cloud.org. (
2023051100 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
@ IN NS ns1.jean-cloud.net.
@ IN NS ns2.jean-cloud.net.
@ IN NS max
@ IN NS tetede
@ IN A 51.255.33.248
@ IN A 82.65.204.254
; NS
;ns1 IN CNAME vandamme
ns2 IN A 82.65.204.254
ns3 IN A 51.195.40.128
; Mails
@ 10800 IN MX 10 spool.mail.gandi.net.
@ 10800 IN MX 50 fb.mail.gandi.net.
@ 10800 IN TXT "v=spf1 include:_mailcust.gandi.net ?all"
_imap._tcp 10800 IN SRV 0 0 0 .
_imaps._tcp 10800 IN SRV 0 1 993 mail.gandi.net.
_pop3._tcp 10800 IN SRV 0 0 0 .
_pop3s._tcp 10800 IN SRV 10 1 995 mail.gandi.net.
_submission._tcp 10800 IN SRV 0 1 465 mail.gandi.net.
ns1 IN A 51.255.33.248
gm1._domainkey 10800 IN CNAME gm1.gandimail.net.
gm2._domainkey 10800 IN CNAME gm2.gandimail.net.
gm3._domainkey 10800 IN CNAME gm3.gandimail.net.
; Website classics
webmail 10800 IN CNAME webmail.gandi.net.
www 10800 IN CNAME jean-cloud.org.
; Machines
vandamme IN A 51.255.33.248
nougaro IN A 172.104.154.21
nougaro IN AAAA 2a01:7e01::f03c:92ff:fecf:e815
tetede IN A 51.195.40.128
tetede IN AAAA 2001:41d0:701:1100::31f
heart IN A 109.18.84.200
max IN A 82.65.204.254
max IN AAAA 2a01:e0a:c9d:81d0:a2b3:ccff:fe85:af97
montbonnot IN A 188.114.97.2
montbonnot IN A 188.114.96.2
montbonnot IN AAAA 2a06:98c1:3120::2
montbonnot IN AAAA 2a06:98c1:3121::2

View File

@ -29,7 +29,7 @@
- name: Install some softwares
apt:
name: ['bind9', 'certbot', 'dnsutils', 'git', 'gnupg2', 'htop', 'netcat-openbsd', 'nginx', 'rsync', 'screen', 'sshfs', 'vim', 'wget', 'zip']
name: ['bind9', 'certbot', 'curl', 'dnsutils', 'git', 'gnupg2', 'htop', 'netcat-openbsd', 'nginx', 'rsync', 'screen', 'sshfs', 'traceroute', 'vim', 'wget', 'zip']
state: latest
# TODO disable certbot and certbot.timer services. We are using our own

View File

@ -0,0 +1,11 @@
#!/bin/bash
set -euo pipefail
start() {
podman pull docker.io/jeancloud/pelican-rclone-builder
podman run -i --rm --env-file "$DATA_DIR/.env" -v "$DATA_DIR:/usr/local/app" docker.io/jeancloud/pelican-rclone-builder
}
restart () {
start
}

View File

@ -4,7 +4,7 @@ server {
ssl_certificate /etc/letsencrypt/live/jean-cloud.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/jean-cloud.net/privkey.pem;
server_name jean-cloud.net www.jean-cloud.net jean-cloud.org www.jean-cloud.org;
root /data/jean-cloud.net/public;
root /data/jean-cloud.net/output;
# Security headers
# We can create a file with the base security headers and include it.

View File

@ -0,0 +1,2 @@
version: '3'

View File

@ -0,0 +1,12 @@
#!/bin/bash
set -euo pipefail
start() {
mkdir -p "$DATA_DIR/git"
podman pull docker.io/jeancloud/pelican-rclone-builder
podman run -i --rm --env-file "$DATA_DIR/.env" -v "$DATA_DIR/git:/usr/local/app" docker.io/jeancloud/pelican-rclone-builder
}
restart () {
start
}

View File

@ -0,0 +1,24 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/lexicographe.jean-cloud.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/lexicographe.jean-cloud.net/privkey.pem;
server_name lexicographe.jean-cloud.net;
root /data/lexicographe.jean-cloud.net/git/output;
# Security headers
# We can create a file with the base security headers and include it.
# Will it be possible to overload them then ?
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Content-Security-Policy "default-src 'none';frame-ancestors 'none'; script-src 'self' https://unpkg.jean-cloud.net; img-src 'self'; font-src 'self'; object-src 'none'; style-src 'self' https://unpkg.jean-cloud.net; base-uri 'self'; form-action 'self' 'https://mailer.jean-cloud.net';" always;
add_header X-Content-Type-Options "nosniff";
add_header X-Frame-Options SAMEORIGIN always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin";
add_header Permissions-Policy "geolocation='none';midi='none';notifications='none';push='none';sync-xhr='https://mailer.jean-cloud.net';microphone='none';camera='none';magnetometer='none';gyroscope='none';speaker='self';vibrate='none';fullscreen='self';payment='none';";
location / {
index index.html;
try_files $uri $uri/ =404;
}
}