From c4a6cf1534b864d3941c839d4a4dca7e505bd828 Mon Sep 17 00:00:00 2001 From: Quentin Date: Sat, 12 Sep 2020 10:03:48 +0200 Subject: Rebase first step --- consul/configuration/.gitignore | 33 -- .../configuration/chat/coturn/turnserver.conf.tpl | 19 - .../configuration/chat/easybridge/config.json.tpl | 17 - .../chat/easybridge/registration.yaml.tpl | 14 - consul/configuration/chat/fb2mx/config.yaml | 133 ------- consul/configuration/chat/fb2mx/registration.yaml | 11 - consul/configuration/chat/riot_web/config.json | 25 -- .../chat/synapse/conf.d/report_stats.yaml | 1 - .../chat/synapse/conf.d/server_name.yaml | 1 - consul/configuration/chat/synapse/homeserver.yaml | 420 --------------------- consul/configuration/chat/synapse/log.yaml | 41 -- consul/configuration/directory/bottin/config.json | 31 -- .../directory/guichet/config.json.tpl | 30 -- consul/configuration/email/dkim/keytable | 1 - consul/configuration/email/dkim/signingtable | 2 - .../configuration/email/dkim/smtp.private.sample | 0 consul/configuration/email/dkim/smtp.txt.sample | 0 consul/configuration/email/dkim/trusted | 4 - consul/configuration/email/dovecot/certs.gen | 13 - .../email/dovecot/dovecot-ldap.conf.tpl | 8 - consul/configuration/email/postfix/certs.gen | 13 - consul/configuration/email/postfix/dynamicmaps.cf | 9 - consul/configuration/email/postfix/header_checks | 3 - .../email/postfix/ldap-account.cf.tpl | 12 - .../configuration/email/postfix/ldap-alias.cf.tpl | 9 - .../email/postfix/ldap-virtual-domains.cf.tpl | 12 - consul/configuration/email/postfix/main.cf | 104 ----- consul/configuration/email/postfix/master.cf | 114 ------ consul/configuration/email/postfix/transport | 5 - consul/configuration/email/postfix/transport.db | Bin 12288 -> 0 bytes consul/configuration/email/sogo/sogo.conf.tpl | 68 ---- consul/configuration/mariadb/main/env.tpl | 6 - consul/configuration/nextcloud/config.php.tpl | 49 --- consul/configuration/postgres/keeper/env.tpl | 3 - .../configuration/seafile/ccnet/mykey.peer.sample | 0 consul/configuration/seafile/ccnet/seafile.ini | 1 - consul/configuration/seafile/conf/ccnet.conf.tpl | 29 -- .../configuration/seafile/conf/mykey.peer.sample | 0 consul/configuration/seafile/conf/seafdav.conf | 5 - consul/configuration/seafile/conf/seafile.conf.tpl | 19 - .../seafile/conf/seahub_settings.py.tpl | 21 -- consul/configuration/traefik/traefik.toml | 45 --- 42 files changed, 1331 deletions(-) delete mode 100644 consul/configuration/.gitignore delete mode 100644 consul/configuration/chat/coturn/turnserver.conf.tpl delete mode 100644 consul/configuration/chat/easybridge/config.json.tpl delete mode 100644 consul/configuration/chat/easybridge/registration.yaml.tpl delete mode 100644 consul/configuration/chat/fb2mx/config.yaml delete mode 100644 consul/configuration/chat/fb2mx/registration.yaml delete mode 100644 consul/configuration/chat/riot_web/config.json delete mode 100644 consul/configuration/chat/synapse/conf.d/report_stats.yaml delete mode 100644 consul/configuration/chat/synapse/conf.d/server_name.yaml delete mode 100644 consul/configuration/chat/synapse/homeserver.yaml delete mode 100644 consul/configuration/chat/synapse/log.yaml delete mode 100644 consul/configuration/directory/bottin/config.json delete mode 100644 consul/configuration/directory/guichet/config.json.tpl delete mode 100644 consul/configuration/email/dkim/keytable delete mode 100644 consul/configuration/email/dkim/signingtable delete mode 100644 consul/configuration/email/dkim/smtp.private.sample delete mode 100644 consul/configuration/email/dkim/smtp.txt.sample delete mode 100644 consul/configuration/email/dkim/trusted delete mode 100755 consul/configuration/email/dovecot/certs.gen delete mode 100644 consul/configuration/email/dovecot/dovecot-ldap.conf.tpl delete mode 100755 consul/configuration/email/postfix/certs.gen delete mode 100644 consul/configuration/email/postfix/dynamicmaps.cf delete mode 100644 consul/configuration/email/postfix/header_checks delete mode 100644 consul/configuration/email/postfix/ldap-account.cf.tpl delete mode 100644 consul/configuration/email/postfix/ldap-alias.cf.tpl delete mode 100644 consul/configuration/email/postfix/ldap-virtual-domains.cf.tpl delete mode 100644 consul/configuration/email/postfix/main.cf delete mode 100644 consul/configuration/email/postfix/master.cf delete mode 100644 consul/configuration/email/postfix/transport delete mode 100644 consul/configuration/email/postfix/transport.db delete mode 100644 consul/configuration/email/sogo/sogo.conf.tpl delete mode 100644 consul/configuration/mariadb/main/env.tpl delete mode 100644 consul/configuration/nextcloud/config.php.tpl delete mode 100644 consul/configuration/postgres/keeper/env.tpl delete mode 100644 consul/configuration/seafile/ccnet/mykey.peer.sample delete mode 100644 consul/configuration/seafile/ccnet/seafile.ini delete mode 100644 consul/configuration/seafile/conf/ccnet.conf.tpl delete mode 100644 consul/configuration/seafile/conf/mykey.peer.sample delete mode 100644 consul/configuration/seafile/conf/seafdav.conf delete mode 100644 consul/configuration/seafile/conf/seafile.conf.tpl delete mode 100644 consul/configuration/seafile/conf/seahub_settings.py.tpl delete mode 100644 consul/configuration/traefik/traefik.toml (limited to 'consul/configuration') diff --git a/consul/configuration/.gitignore b/consul/configuration/.gitignore deleted file mode 100644 index 056b4d2..0000000 --- a/consul/configuration/.gitignore +++ /dev/null @@ -1,33 +0,0 @@ -# Blacklist everything cleverly -* -!*/ - -# Whitelist some patterns -!*.sample -!*.gen -!*.tpl -!.gitignore - -# Whitelist specific files -!seafile/conf/seafdav.conf -!seafile/ccnet/seafile.ini - -!email/dkim/keytable -!email/dkim/signingtable -!email/dkim/trusted -!email/postfix/dynamicmaps.cf -!email/postfix/header_checks -!email/postfix/main.cf -!email/postfix/master.cf -!email/postfix/transport -!email/postfix/transport.db - -!email/sogo/sogo.conf.tpl - -!chat/**/* - -!directory/*/* - -!traefik/traefik.toml - -!garage/config.toml diff --git a/consul/configuration/chat/coturn/turnserver.conf.tpl b/consul/configuration/chat/coturn/turnserver.conf.tpl deleted file mode 100644 index f867ac0..0000000 --- a/consul/configuration/chat/coturn/turnserver.conf.tpl +++ /dev/null @@ -1,19 +0,0 @@ -use-auth-secret -static-auth-secret={{ key "secrets/chat/coturn/static-auth" | trimSpace }} -realm=turn.deuxfleurs.fr - -# VoIP traffic is all UDP. There is no reason to let users connect to arbitrary TCP endpoints via the relay. -#no-tcp-relay - -# don't let the relay ever try to connect to private IP address ranges within your network (if any) -# given the turn server is likely behind your firewall, remember to include any privileged public IPs too. -#denied-peer-ip=10.0.0.0-10.255.255.255 -#denied-peer-ip=192.168.0.0-192.168.255.255 -#denied-peer-ip=172.16.0.0-172.31.255.255 - -# consider whether you want to limit the quota of relayed streams per user (or total) to avoid risk of DoS. -user-quota=12 # 4 streams per video call, so 12 streams = 3 simultaneous relayed calls per user. -total-quota=1200 - -min-port=49152 -max-port=49252 diff --git a/consul/configuration/chat/easybridge/config.json.tpl b/consul/configuration/chat/easybridge/config.json.tpl deleted file mode 100644 index 40ecc44..0000000 --- a/consul/configuration/chat/easybridge/config.json.tpl +++ /dev/null @@ -1,17 +0,0 @@ -{ - "log_level": "info", - "easybridge_avatar": "/app/easybridge.jpg", - - "web_bind_addr": "0.0.0.0:8281", - "web_url": "https://easybridge.deuxfleurs.fr", - "web_session_key": "{{ key "secrets/chat/easybridge/web_session_key" | trimSpace }}", - - "appservice_bind_addr": "0.0.0.0:8321", - "registration": "/data/registration.yaml", - "homeserver_url": "https://im.deuxfleurs.fr", - "matrix_domain": "deuxfleurs.fr", - "name_format": "{}_ezbr_", - - "db_type": "postgres", - "db_path": "host=psql-proxy.service.2.cluster.deuxfleurs.fr port=5432 user={{ key "secrets/chat/easybridge/db_user" | trimSpace }} dbname=easybridge password={{ key "secrets/chat/easybridge/db_pass" | trimSpace }} sslmode=disable" -} diff --git a/consul/configuration/chat/easybridge/registration.yaml.tpl b/consul/configuration/chat/easybridge/registration.yaml.tpl deleted file mode 100644 index ec098fd..0000000 --- a/consul/configuration/chat/easybridge/registration.yaml.tpl +++ /dev/null @@ -1,14 +0,0 @@ -id: Easybridge -url: http://easybridge-api.service.2.cluster.deuxfleurs.fr:8321 -as_token: {{ key "secrets/chat/easybridge/as_token" | trimSpace }} -hs_token: {{ key "secrets/chat/easybridge/hs_token" | trimSpace }} -sender_localpart: _ezbr_ -rate_limited: false -namespaces: - users: - - exclusive: true - regex: '@.*_ezbr_' - aliases: - - exclusive: true - regex: '#.*_ezbr_' - rooms: [] diff --git a/consul/configuration/chat/fb2mx/config.yaml b/consul/configuration/chat/fb2mx/config.yaml deleted file mode 100644 index 964c681..0000000 --- a/consul/configuration/chat/fb2mx/config.yaml +++ /dev/null @@ -1,133 +0,0 @@ -# Homeserver details -homeserver: - # The address that this appservice can use to connect to the homeserver. - address: https://im.deuxfleurs.fr - # The domain of the homeserver (for MXIDs, etc). - domain: deuxfleurs.fr - # Whether or not to verify the SSL certificate of the homeserver. - # Only applies if address starts with https:// - verify_ssl: true - -# Application service host/registration related details -# Changing these values requires regeneration of the registration. -appservice: - # The address that the homeserver can use to connect to this appservice. - address: http://fb2mx.service.2.cluster.deuxfleurs.fr:29319 - - # The hostname and port where this appservice should listen. - hostname: 0.0.0.0 - port: 29319 - # The maximum body size of appservice API requests (from the homeserver) in mebibytes - # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s - max_body_size: 1 - - # The full URI to the database. SQLite and Postgres are fully supported. - # Other DBMSes supported by SQLAlchemy may or may not work. - # Format examples: - # SQLite: sqlite:///filename.db - # Postgres: postgres://username:password@hostname/dbname - database: '{{ key "secrets/chat/fb2mx/db_url" | trimSpace }}' - - # The unique ID of this appservice. - id: facebook - # Username of the appservice bot. - bot_username: facebookbot - # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty - # to leave display name/avatar as-is. - bot_displayname: Facebook bridge bot - bot_avatar: mxc://maunium.net/ddtNPZSKMNqaUzqrHuWvUADv - - # Community ID for bridged users (changes registration file) and rooms. - # Must be created manually. - community_id: "+fbusers:deuxfleurs.fr" - - # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. - as_token: '{{ key "secrets/chat/fb2mx/as_token" | trimSpace }}' - hs_token: '{{ key "secrets/chat/fb2mx/hs_token" | trimSpace }}' - -# Bridge config -bridge: - # Localpart template of MXIDs for Facebook users. - # {userid} is replaced with the user ID of the Facebook user. - username_template: "facebook_{userid}" - # Localpart template for per-user room grouping community IDs. - # The bridge will create these communities and add all of the specific user's portals to the community. - # {localpart} is the MXID localpart and {server} is the MXID server part of the user. - # - # `facebook_{localpart}={server}` is a good value. - community_template: "facebook_{localpart}={server}" - # Displayname template for Facebook users. - # {displayname} is replaced with the display name of the Facebook user - # as defined below in displayname_preference. - # Keys available for displayname_preference are also available here. - displayname_template: "{displayname} (FB)" - # Available keys: - # "name" (full name) - # "first_name" - # "last_name" - # "nickname" - # "own_nickname" (user-specific!) - displayname_preference: - - name - - # The prefix for commands. Only required in non-management rooms. - command_prefix: "!fb" - - # Number of chats to sync (and create portals for) on startup/login. - # Maximum 20, set 0 to disable automatic syncing. - initial_chat_sync: 10 - # Whether or not the Facebook users of logged in Matrix users should be - # invited to private chats when the user sends a message from another client. - invite_own_puppet_to_pm: false - # Whether or not to use /sync to get presence, read receipts and typing notifications when using - # your own Matrix account as the Matrix puppet for your Facebook account. - sync_with_custom_puppets: true - # Whether or not to bridge presence in both directions. Facebook allows users not to broadcast - # presence, but then it won't send other users' presence to the client. - presence: true - # Whether or not to update avatars when syncing all contacts at startup. - update_avatar_initial_sync: true - - # Permissions for using the bridge. - # Permitted values: - # user - Use the bridge with puppeting. - # admin - Use and administrate the bridge. - # Permitted keys: - # * - All Matrix users - # domain - All users on that homeserver - # mxid - Specific user - permissions: - "deuxfleurs.fr": "user" - -# Python logging configuration. -# -# See section 16.7.2 of the Python documentation for more info: -# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema -logging: - version: 1 - formatters: - colored: - (): mautrix_facebook.util.ColorFormatter - format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" - normal: - format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" - handlers: - file: - class: logging.handlers.RotatingFileHandler - formatter: normal - filename: ./mautrix-facebook.log - maxBytes: 10485760 - backupCount: 10 - console: - class: logging.StreamHandler - formatter: colored - loggers: - mau: - level: DEBUG - fbchat: - level: DEBUG - aiohttp: - level: INFO - root: - level: DEBUG - handlers: [file, console] diff --git a/consul/configuration/chat/fb2mx/registration.yaml b/consul/configuration/chat/fb2mx/registration.yaml deleted file mode 100644 index c3d8c05..0000000 --- a/consul/configuration/chat/fb2mx/registration.yaml +++ /dev/null @@ -1,11 +0,0 @@ -id: facebook -as_token: '{{ key "secrets/chat/fb2mx/as_token" | trimSpace }}' -hs_token: '{{ key "secrets/chat/fb2mx/hs_token" | trimSpace }}' -namespaces: - users: - - exclusive: true - regex: '@facebook_.+:deuxfleurs.fr' - group_id: '+fbusers:deuxfleurs.fr' -url: http://fb2mx.service.2.cluster.deuxfleurs.fr:29319 -sender_localpart: facebookbot -rate_limited: false diff --git a/consul/configuration/chat/riot_web/config.json b/consul/configuration/chat/riot_web/config.json deleted file mode 100644 index 5844afc..0000000 --- a/consul/configuration/chat/riot_web/config.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "default_hs_url": "https://im.deuxfleurs.fr", - "default_is_url": "https://vector.im", - "disable_custom_urls": false, - "disable_guests": false, - "disable_login_language_selector": false, - "disable_3pid_login": false, - "brand": "Deuxfleurs", - "integrations_ui_url": "https://scalar.vector.im/", - "integrations_rest_url": "https://scalar.vector.im/api", - "bug_report_endpoint_url": "https://riot.im/bugreports/submit", - "features": { - "feature_groups": "labs", - "feature_pinning": "labs" - }, - "default_federate": true, - "welcomePageUrl": "home.html", - "default_theme": "light", - "roomDirectory": { - "servers": [ "im.deuxfleurs.fr", "matrix.org" ] - }, - "jitsi": { - "preferredDomain": "jitsi.deuxfleurs.fr" - } -} diff --git a/consul/configuration/chat/synapse/conf.d/report_stats.yaml b/consul/configuration/chat/synapse/conf.d/report_stats.yaml deleted file mode 100644 index cb95cc3..0000000 --- a/consul/configuration/chat/synapse/conf.d/report_stats.yaml +++ /dev/null @@ -1 +0,0 @@ -report_stats: true diff --git a/consul/configuration/chat/synapse/conf.d/server_name.yaml b/consul/configuration/chat/synapse/conf.d/server_name.yaml deleted file mode 100644 index 540ce45..0000000 --- a/consul/configuration/chat/synapse/conf.d/server_name.yaml +++ /dev/null @@ -1 +0,0 @@ -server_name: deuxfleurs.fr diff --git a/consul/configuration/chat/synapse/homeserver.yaml b/consul/configuration/chat/synapse/homeserver.yaml deleted file mode 100644 index 7f313f6..0000000 --- a/consul/configuration/chat/synapse/homeserver.yaml +++ /dev/null @@ -1,420 +0,0 @@ -# vim:ft=yaml - -server_name: "deuxfleurs.fr" -# PEM encoded X509 certificate for TLS. -# You can replace the self-signed certificate that synapse -# autogenerates on launch with your own SSL certificate + key pair -# if you like. Any required intermediary certificates can be -# appended after the primary certificate in hierarchical order. -tls_certificate_path: "/etc/matrix-synapse/homeserver.tls.crt" - -# PEM encoded private key for TLS -tls_private_key_path: "/etc/matrix-synapse/homeserver.tls.key" - -# PEM dh parameters for ephemeral keys -tls_dh_params_path: "/etc/matrix-synapse/homeserver.tls.dh" - -# Don't bind to the https port -no_tls: True - - -## Server ## - -# When running as a daemon, the file to store the pid in -pid_file: "/var/run/matrix-synapse.pid" - -# Whether to serve a web client from the HTTP/HTTPS root resource. -web_client: False - -# The public-facing base URL for the client API (not including _matrix/...) -public_baseurl: https://im.deuxfleurs.fr/ - -# Set the soft limit on the number of file descriptors synapse can use -# Zero is used to indicate synapse should set the soft limit to the -# hard limit. -soft_file_limit: 0 - -# The GC threshold parameters to pass to `gc.set_threshold`, if defined -# gc_thresholds: [700, 10, 10] - -# A list of other Home Servers to fetch the public room directory from -# and include in the public room directory of this home server -# This is a temporary stopgap solution to populate new server with a -# list of rooms until there exists a good solution of a decentralized -# room directory. -# secondary_directory_servers: -# - matrix.org -# - vector.im - -# List of ports that Synapse should listen on, their purpose and their -# configuration. -listeners: - # Unsecure HTTP listener, - # For when matrix traffic passes through loadbalancer that unwraps TLS. - - port: 8008 - tls: false - bind_address: '' - type: http - - x_forwarded: false - - resources: - - names: [client] - compress: true - - - port: 8448 - tls: false - bind_address: '' - type: http - - x_forwarded: false - - resources: - - names: [federation] - compress: false - - # Turn on the twisted ssh manhole service on localhost on the given - # port. - # - port: 9000 - # bind_address: 127.0.0.1 - # type: manhole - - -# Database configuration -database: - name: psycopg2 - args: - user: {{ key "secrets/chat/synapse/postgres_user" | trimSpace }} - password: {{ key "secrets/chat/synapse/postgres_pwd" | trimSpace }} - database: {{ key "secrets/chat/synapse/postgres_db" | trimSpace }} - host: psql-proxy.service.2.cluster.deuxfleurs.fr - port: 5432 - cp_min: 5 - cp_max: 10 -# Number of events to cache in memory. -event_cache_size: "10K" - - -# A yaml python logging config file -log_config: "/etc/matrix-synapse/log.yaml" - -# Stop twisted from discarding the stack traces of exceptions in -# deferreds by waiting a reactor tick before running a deferred's -# callbacks. -# full_twisted_stacktraces: true - - -## Ratelimiting ## - -# Number of messages a client can send per second -rc_messages_per_second: 0.2 - -# Number of message a client can send before being throttled -rc_message_burst_count: 10.0 - -# The federation window size in milliseconds -federation_rc_window_size: 1000 - -# The number of federation requests from a single server in a window -# before the server will delay processing the request. -federation_rc_sleep_limit: 10 - -# The duration in milliseconds to delay processing events from -# remote servers by if they go over the sleep limit. -federation_rc_sleep_delay: 500 - -# The maximum number of concurrent federation requests allowed -# from a single server -federation_rc_reject_limit: 50 - -# The number of federation requests to concurrently process from a -# single server -federation_rc_concurrent: 3 - - - -# Directory where uploaded images and attachments are stored. -media_store_path: "/var/lib/matrix-synapse/media" -uploads_path: "/var/lib/matrix-synapse/uploads" - -# The largest allowed upload size in bytes -max_upload_size: "100M" - -# Maximum number of pixels that will be thumbnailed -max_image_pixels: "32M" - -# Whether to generate new thumbnails on the fly to precisely match -# the resolution requested by the client. If true then whenever -# a new resolution is requested by the client the server will -# generate a new thumbnail. If false the server will pick a thumbnail -# from a precalculated list. -dynamic_thumbnails: false - -# List of thumbnail to precalculate when an image is uploaded. -thumbnail_sizes: -- width: 32 - height: 32 - method: crop -- width: 96 - height: 96 - method: crop -- width: 320 - height: 240 - method: scale -- width: 640 - height: 480 - method: scale -- width: 800 - height: 600 - method: scale - -# Is the preview URL API enabled? If enabled, you *must* specify -# an explicit url_preview_ip_range_blacklist of IPs that the spider is -# denied from accessing. -url_preview_enabled: True - -# List of IP address CIDR ranges that the URL preview spider is denied -# from accessing. There are no defaults: you must explicitly -# specify a list for URL previewing to work. You should specify any -# internal services in your network that you do not want synapse to try -# to connect to, otherwise anyone in any Matrix room could cause your -# synapse to issue arbitrary GET requests to your internal services, -# causing serious security issues. -# -url_preview_ip_range_blacklist: - - '127.0.0.0/8' - - '10.0.0.0/8' - - '172.16.0.0/12' - - '192.168.0.0/16' -# -# List of IP address CIDR ranges that the URL preview spider is allowed -# to access even if they are specified in url_preview_ip_range_blacklist. -# This is useful for specifying exceptions to wide-ranging blacklisted -# target IP ranges - e.g. for enabling URL previews for a specific private -# website only visible in your network. -# -# url_preview_ip_range_whitelist: -# - '192.168.1.1' - -# Optional list of URL matches that the URL preview spider is -# denied from accessing. You should use url_preview_ip_range_blacklist -# in preference to this, otherwise someone could define a public DNS -# entry that points to a private IP address and circumvent the blacklist. -# This is more useful if you know there is an entire shape of URL that -# you know that will never want synapse to try to spider. -# -# Each list entry is a dictionary of url component attributes as returned -# by urlparse.urlsplit as applied to the absolute form of the URL. See -# https://docs.python.org/2/library/urlparse.html#urlparse.urlsplit -# The values of the dictionary are treated as an filename match pattern -# applied to that component of URLs, unless they start with a ^ in which -# case they are treated as a regular expression match. If all the -# specified component matches for a given list item succeed, the URL is -# blacklisted. -# -# url_preview_url_blacklist: -# # blacklist any URL with a username in its URI -# - username: '*' -# -# # blacklist all *.google.com URLs -# - netloc: 'google.com' -# - netloc: '*.google.com' -# -# # blacklist all plain HTTP URLs -# - scheme: 'http' -# -# # blacklist http(s)://www.acme.com/foo -# - netloc: 'www.acme.com' -# path: '/foo' -# -# # blacklist any URL with a literal IPv4 address -# - netloc: '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$' - -# The largest allowed URL preview spidering size in bytes -max_spider_size: "10M" - - - - -## Captcha ## - -# This Home Server's ReCAPTCHA public key. -recaptcha_public_key: "YOUR_PUBLIC_KEY" - -# This Home Server's ReCAPTCHA private key. -recaptcha_private_key: "YOUR_PRIVATE_KEY" - -# Enables ReCaptcha checks when registering, preventing signup -# unless a captcha is answered. Requires a valid ReCaptcha -# public/private key. -enable_registration_captcha: False - -# A secret key used to bypass the captcha test entirely. -#captcha_bypass_secret: "YOUR_SECRET_HERE" - -# The API endpoint to use for verifying m.login.recaptcha responses. -recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify" - - -## Turn ## - -# The public URIs of the TURN server to give to clients -turn_uris: [ "turn:turn.deuxfleurs.fr:3478?transport=udp", "turn:turn.deuxfleurs.fr:3478?transport=tcp" ] - -# The shared secret used to compute passwords for the TURN server -turn_shared_secret: '{{ key "secrets/chat/coturn/static-auth" | trimSpace }}' - -# How long generated TURN credentials last -turn_user_lifetime: "1h" - -turn_allow_guests: True - -## Registration ## - -# Enable registration for new users. -enable_registration: False - -# If set, allows registration by anyone who also has the shared -# secret, even if registration is otherwise disabled. -registration_shared_secret: '{{ key "secrets/chat/synapse/registration_shared_secret" | trimSpace }}' - -# Sets the expiry for the short term user creation in -# milliseconds. For instance the bellow duration is two weeks -# in milliseconds. -user_creation_max_duration: 1209600000 - -# Set the number of bcrypt rounds used to generate password hash. -# Larger numbers increase the work factor needed to generate the hash. -# The default number of rounds is 12. -bcrypt_rounds: 12 - -# Allows users to register as guests without a password/email/etc, and -# participate in rooms hosted on this server which have been made -# accessible to anonymous users. -allow_guest_access: True - -# The list of identity servers trusted to verify third party -# identifiers by this server. -trusted_third_party_id_servers: - - matrix.org - - vector.im - - -## Metrics ### - -# Enable collection and rendering of performance metrics -enable_metrics: False - -## API Configuration ## - -# A list of event types that will be included in the room_invite_state -room_invite_state_types: - - "m.room.join_rules" - - "m.room.canonical_alias" - - "m.room.avatar" - - "m.room.name" - - -# A list of application service config file to use -app_service_config_files: - - "/etc/matrix-synapse/easybridge_registration.yaml" - #- "/etc/matrix-synapse/fb2mx_registration.yaml" - - -# macaroon_secret_key: - -# Used to enable access token expiration. -expire_access_token: False - -## Signing Keys ## - -# Path to the signing key to sign messages with -signing_key_path: "/etc/matrix-synapse/homeserver.signing.key" - -# The keys that the server used to sign messages with but won't use -# to sign new messages. E.g. it has lost its private key -old_signing_keys: {} -# "ed25519:auto": -# # Base64 encoded public key -# key: "The public part of your old signing key." -# # Millisecond POSIX timestamp when the key expired. -# expired_ts: 123456789123 - -# How long key response published by this server is valid for. -# Used to set the valid_until_ts in /key/v2 APIs. -# Determines how quickly servers will query to check which keys -# are still valid. -key_refresh_interval: "1d" # 1 Day. - -# The trusted servers to download signing keys from. -perspectives: - servers: - "matrix.org": - verify_keys: - "ed25519:auto": - key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw" - - - -# Enable SAML2 for registration and login. Uses pysaml2 -# config_path: Path to the sp_conf.py configuration file -# idp_redirect_url: Identity provider URL which will redirect -# the user back to /login/saml2 with proper info. -# See pysaml2 docs for format of config. -#saml2_config: -# enabled: true -# config_path: "/home/erikj/git/synapse/sp_conf.py" -# idp_redirect_url: "http://test/idp" - - - -# Enable CAS for registration and login. -#cas_config: -# enabled: true -# server_url: "https://cas-server.com" -# service_url: "https://homesever.domain.com:8448" -# #required_attributes: -# # name: value - - -# The JWT needs to contain a globally unique "sub" (subject) claim. -# -# jwt_config: -# enabled: true -# secret: "a secret" -# algorithm: "HS256" - -password_providers: - - module: "ldap_auth_provider.LdapAuthProvider" - config: - enabled: true - uri: "ldap://bottin2.service.2.cluster.deuxfleurs.fr:389" - start_tls: false - bind_dn: '{{ key "secrets/chat/synapse/ldap_binddn" | trimSpace }}' - bind_password: '{{ key "secrets/chat/synapse/ldap_bindpw" | trimSpace }}' - base: "ou=users,dc=deuxfleurs,dc=fr" - attributes: - uid: "cn" - name: "displayName" - mail: "mail" - -# Enable password for login. -password_config: - enabled: true - -# Enable sending emails for notification events -#email: -# enable_notifs: false -# smtp_host: "localhost" -# smtp_port: 25 -# notif_from: "Your Friendly %(app)s Home Server " -# app_name: Matrix -# template_dir: res/templates -# notif_template_html: notif_mail.html -# notif_template_text: notif_mail.txt -# notif_for_new_users: True - -# Key that had to be added after some synapse updates to please matrix developers... -report_stats: false -suppress_key_server_warning: true -enable_group_creation: true diff --git a/consul/configuration/chat/synapse/log.yaml b/consul/configuration/chat/synapse/log.yaml deleted file mode 100644 index eb69d8f..0000000 --- a/consul/configuration/chat/synapse/log.yaml +++ /dev/null @@ -1,41 +0,0 @@ - -version: 1 - -formatters: - precise: - format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s' - -filters: - context: - (): synapse.util.logcontext.LoggingContextFilter - request: "" - -handlers: - file: - class: logging.handlers.RotatingFileHandler - formatter: precise - filename: /var/log/matrix-synapse/homeserver.log - maxBytes: 10485760 - backupCount: 3 - filters: [context] - level: WARN - console: - class: logging.StreamHandler - formatter: precise - level: WARN - -loggers: - synapse: - level: INFO - - synapse.storage.SQL: - level: INFO - - ldap3: - level: DEBUG - ldap_auth_provider: - level: DEBUG - -root: - level: INFO - handlers: [file, console] diff --git a/consul/configuration/directory/bottin/config.json b/consul/configuration/directory/bottin/config.json deleted file mode 100644 index c30a4d5..0000000 --- a/consul/configuration/directory/bottin/config.json +++ /dev/null @@ -1,31 +0,0 @@ -{ - "suffix": "dc=deuxfleurs,dc=fr", - "bind": "0.0.0.0:1389", - "consul_host": "http://consul.service.2.cluster.deuxfleurs.fr:8500", - "log_level": "debug", - "acl": [ - "*,dc=deuxfleurs,dc=fr::read:*:* !userpassword", - "*::read modify:SELF:*", - "ANONYMOUS::bind:*,ou=users,dc=deuxfleurs,dc=fr:", - "ANONYMOUS::bind:cn=admin,dc=deuxfleurs,dc=fr:", - "*,ou=services,ou=users,dc=deuxfleurs,dc=fr::bind:*,ou=users,dc=deuxfleurs,dc=fr:*", - "*,ou=services,ou=users,dc=deuxfleurs,dc=fr::read:*:*", - - "*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:add:*,ou=invitations,dc=deuxfleurs,dc=fr:*", - "ANONYMOUS::bind:*,ou=invitations,dc=deuxfleurs,dc=fr:", - "*,ou=invitations,dc=deuxfleurs,dc=fr::delete:SELF:*", - - "*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:add:*,ou=users,dc=deuxfleurs,dc=fr:*", - "*,ou=invitations,dc=deuxfleurs,dc=fr::add:*,ou=users,dc=deuxfleurs,dc=fr:*", - - "*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:modifyAdd:cn=email,ou=groups,dc=deuxfleurs,dc=fr:*", - "*,ou=invitations,dc=deuxfleurs,dc=fr::modifyAdd:cn=email,ou=groups,dc=deuxfleurs,dc=fr:*", - "*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:modifyAdd:cn=seafile,ou=groups,dc=deuxfleurs,dc=fr:*", - "*,ou=invitations,dc=deuxfleurs,dc=fr::modifyAdd:cn=seafile,ou=groups,dc=deuxfleurs,dc=fr:*", - "*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:modifyAdd:cn=nextcloud,ou=groups,dc=deuxfleurs,dc=fr:*", - "*,ou=invitations,dc=deuxfleurs,dc=fr::modifyAdd:cn=seafile,ou=nextcloud,dc=deuxfleurs,dc=fr:*", - - "cn=admin,dc=deuxfleurs,dc=fr::read add modify delete:*:*", - "*:cn=admin,ou=groups,dc=deuxfleurs,dc=fr:read add modify delete:*:*" - ] -} diff --git a/consul/configuration/directory/guichet/config.json.tpl b/consul/configuration/directory/guichet/config.json.tpl deleted file mode 100644 index 98e2297..0000000 --- a/consul/configuration/directory/guichet/config.json.tpl +++ /dev/null @@ -1,30 +0,0 @@ -{ - "http_bind_addr": ":9991", - "ldap_server_addr": "ldap://bottin2.service.2.cluster.deuxfleurs.fr:389", - - "base_dn": "dc=deuxfleurs,dc=fr", - "user_base_dn": "ou=users,dc=deuxfleurs,dc=fr", - "user_name_attr": "cn", - "group_base_dn": "ou=groups,dc=deuxfleurs,dc=fr", - "group_name_attr": "cn", - - "invitation_base_dn": "ou=invitations,dc=deuxfleurs,dc=fr", - "invitation_name_attr": "cn", - "invited_mail_format": "{}@deuxfleurs.fr", - "invited_auto_groups": [ - "cn=email,ou=groups,dc=deuxfleurs,dc=fr", - "cn=seafile,ou=groups,dc=deuxfleurs,dc=fr", - "cn=nextcloud,ou=groups,dc=deuxfleurs,dc=fr" - ], - - "web_address": "https://guichet.deuxfleurs.fr", - "mail_from": "coucou@deuxfleurs.fr", - "smtp_server": "adnab.me:25", - "smtp_username": "{{ key "secrets/directory/guichet/smtp_user" | trimSpace }}", - "smtp_password": "{{ key "secrets/directory/guichet/smtp_pass" | trimSpace }}", - - "admin_account": "cn=admin,dc=deuxfleurs,dc=fr", - "group_can_admin": "cn=admin,ou=groups,dc=deuxfleurs,dc=fr", - "group_can_invite": "cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr" -} - diff --git a/consul/configuration/email/dkim/keytable b/consul/configuration/email/dkim/keytable deleted file mode 100644 index f4ac7cd..0000000 --- a/consul/configuration/email/dkim/keytable +++ /dev/null @@ -1 +0,0 @@ -smtp._domainkey.deuxfleurs.fr deuxfleurs.fr:smtp:/etc/dkim/smtp.private diff --git a/consul/configuration/email/dkim/signingtable b/consul/configuration/email/dkim/signingtable deleted file mode 100644 index 60d66ff..0000000 --- a/consul/configuration/email/dkim/signingtable +++ /dev/null @@ -1,2 +0,0 @@ -*@deuxfleurs.fr smtp._domainkey.deuxfleurs.fr -*@dufour.io smtp._domainkey.deuxfleurs.fr diff --git a/consul/configuration/email/dkim/smtp.private.sample b/consul/configuration/email/dkim/smtp.private.sample deleted file mode 100644 index e69de29..0000000 diff --git a/consul/configuration/email/dkim/smtp.txt.sample b/consul/configuration/email/dkim/smtp.txt.sample deleted file mode 100644 index e69de29..0000000 diff --git a/consul/configuration/email/dkim/trusted b/consul/configuration/email/dkim/trusted deleted file mode 100644 index a01170d..0000000 --- a/consul/configuration/email/dkim/trusted +++ /dev/null @@ -1,4 +0,0 @@ -127.0.0.1 -localhost -192.168.1.0/24 -172.16.0.0/12 diff --git a/consul/configuration/email/dovecot/certs.gen b/consul/configuration/email/dovecot/certs.gen deleted file mode 100755 index f26e917..0000000 --- a/consul/configuration/email/dovecot/certs.gen +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -TLSINFO="/C=FR/ST=Bretagne/L=Rennes/O=Deuxfleurs/CN=imap.deuxfleurs.fr" -openssl req \ - -new \ - -newkey rsa:4096 \ - -days 3650 \ - -nodes \ - -x509 \ - -subj ${TLSINFO} \ - -keyout dovecot.key \ - -out dovecot.crt - diff --git a/consul/configuration/email/dovecot/dovecot-ldap.conf.tpl b/consul/configuration/email/dovecot/dovecot-ldap.conf.tpl deleted file mode 100644 index 9fb1ea6..0000000 --- a/consul/configuration/email/dovecot/dovecot-ldap.conf.tpl +++ /dev/null @@ -1,8 +0,0 @@ -hosts = bottin2.service.2.cluster.deuxfleurs.fr -dn = {{ key "secrets/email/dovecot/ldap_binddn" | trimSpace }} -dnpass = {{ key "secrets/email/dovecot/ldap_bindpwd" | trimSpace }} -base = dc=deuxfleurs,dc=fr -scope = subtree -user_filter = (&(mail=%u)(&(objectClass=inetOrgPerson)(memberOf=cn=email,ou=groups,dc=deuxfleurs,dc=fr))) -pass_filter = (&(mail=%u)(&(objectClass=inetOrgPerson)(memberOf=cn=email,ou=groups,dc=deuxfleurs,dc=fr))) -user_attrs = mail=/var/mail/%{ldap:mail} diff --git a/consul/configuration/email/postfix/certs.gen b/consul/configuration/email/postfix/certs.gen deleted file mode 100755 index f25439b..0000000 --- a/consul/configuration/email/postfix/certs.gen +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -TLSINFO="/C=FR/ST=Bretagne/L=Rennes/O=Deuxfleurs/CN=smtp.deuxfleurs.fr" -openssl req \ - -new \ - -newkey rsa:4096 \ - -days 3650 \ - -nodes \ - -x509 \ - -subj ${TLSINFO} \ - -keyout postfix.key \ - -out postfix.crt - diff --git a/consul/configuration/email/postfix/dynamicmaps.cf b/consul/configuration/email/postfix/dynamicmaps.cf deleted file mode 100644 index 32d8f62..0000000 --- a/consul/configuration/email/postfix/dynamicmaps.cf +++ /dev/null @@ -1,9 +0,0 @@ -# Postfix dynamic maps configuration file. -# -# The first match found is the one that is used. Wildcards are not supported -# as of postfix 2.0.2 -# -#type location of .so file open function (mkmap func) -#==== ================================ ============= ============ -ldap postfix-ldap.so dict_ldap_open -sqlite postfix-sqlite.so dict_sqlite_open diff --git a/consul/configuration/email/postfix/header_checks b/consul/configuration/email/postfix/header_checks deleted file mode 100644 index cad52ec..0000000 --- a/consul/configuration/email/postfix/header_checks +++ /dev/null @@ -1,3 +0,0 @@ -/^Received:/ IGNORE -/^X-Originating-IP:/ IGNORE -/^X-Mailer:/ IGNORE diff --git a/consul/configuration/email/postfix/ldap-account.cf.tpl b/consul/configuration/email/postfix/ldap-account.cf.tpl deleted file mode 100644 index 2575f10..0000000 --- a/consul/configuration/email/postfix/ldap-account.cf.tpl +++ /dev/null @@ -1,12 +0,0 @@ -bind = yes -bind_dn = {{ key "secrets/email/postfix/ldap_binddn" | trimSpace }} -bind_pw = {{ key "secrets/email/postfix/ldap_bindpwd" | trimSpace }} -version = 3 -timeout = 20 -start_tls = no -tls_require_cert = no -server_host = ldap://bottin2.service.2.cluster.deuxfleurs.fr -scope = sub -search_base = ou=users,dc=deuxfleurs,dc=fr -query_filter = mail=%s -result_attribute = mail diff --git a/consul/configuration/email/postfix/ldap-alias.cf.tpl b/consul/configuration/email/postfix/ldap-alias.cf.tpl deleted file mode 100644 index 775c0ad..0000000 --- a/consul/configuration/email/postfix/ldap-alias.cf.tpl +++ /dev/null @@ -1,9 +0,0 @@ -server_host = bottin2.service.2.cluster.deuxfleurs.fr -server_port = 389 -search_base = dc=deuxfleurs,dc=fr -query_filter = (&(objectClass=inetOrgPerson)(memberOf=cn=%s,ou=mailing_lists,ou=groups,dc=deuxfleurs,dc=fr)) -result_attribute = mail -bind = yes -bind_dn = {{ key "secrets/email/postfix/ldap_binddn" | trimSpace }} -bind_pw = {{ key "secrets/email/postfix/ldap_bindpwd" | trimSpace }} -version = 3 diff --git a/consul/configuration/email/postfix/ldap-virtual-domains.cf.tpl b/consul/configuration/email/postfix/ldap-virtual-domains.cf.tpl deleted file mode 100644 index e013953..0000000 --- a/consul/configuration/email/postfix/ldap-virtual-domains.cf.tpl +++ /dev/null @@ -1,12 +0,0 @@ -bind = yes -bind_dn = {{ key "secrets/email/postfix/ldap_binddn" | trimSpace }} -bind_pw = {{ key "secrets/email/postfix/ldap_bindpwd" | trimSpace }} -version = 3 -timeout = 20 -start_tls = no -tls_require_cert = no -server_host = ldap://bottin2.service.2.cluster.deuxfleurs.fr -scope = sub -search_base = ou=domains,ou=groups,dc=deuxfleurs,dc=fr -query_filter = (&(objectclass=dNSDomain)(domain=%s)) -result_attribute = domain diff --git a/consul/configuration/email/postfix/main.cf b/consul/configuration/email/postfix/main.cf deleted file mode 100644 index 4204cb4..0000000 --- a/consul/configuration/email/postfix/main.cf +++ /dev/null @@ -1,104 +0,0 @@ -#=== -# Base configuration -#=== -myhostname = smtp.deuxfleurs.fr -alias_maps = hash:/etc/aliases -alias_database = hash:/etc/aliases -myorigin = /etc/mailname -mydestination = smtp.deuxfleurs.fr -mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.1.0/24 -mailbox_size_limit = 0 -recipient_delimiter = + -inet_protocols = all -inet_interfaces = all -message_size_limit = 204800000 -smtpd_banner = $myhostname -biff = no -append_dot_mydomain = no -readme_directory = no -compatibility_level = 2 - -#=== -# TLS parameters -#=== -smtpd_tls_cert_file=/etc/ssl/certs/postfix.crt -smtpd_tls_key_file=/etc/ssl/private/postfix.key -smtpd_use_tls=yes -smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache -smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache -#smtp_tls_policy_maps = hash:/etc/postfix/tls_policy -smtp_tls_security_level = may - -#=== -# Remove privacy related content from emails -#=== -mime_header_checks = regexp:/etc/postfix/header_checks -header_checks = regexp:/etc/postfix/header_checks - -#=== -# Handle user authentication (handled by dovecot) -#=== -smtpd_sasl_auth_enable = yes -smtpd_sasl_path = inet:dovecot-auth.service.2.cluster.deuxfleurs.fr:1337 -smtpd_sasl_type = dovecot - -#=== -# Restrictions / Checks -#=== -# -- Inspired by: http://www.postfix.org/SMTPD_ACCESS_README.html#lists - -# Require a valid HELO -smtpd_helo_required = yes -# As we use the same postfix to send and receive, -# we can't enforce a valid HELO hostname... -#smtpd_helo_restrictions = -# reject_unknown_helo_hostname - -# Require that sender email has a valid domain -smtpd_sender_restrictions = - reject_unknown_sender_domain - -# Delivering email policy -# MyNetwork is required by sogo -smtpd_recipient_restrictions = - permit_sasl_authenticated - permit_mynetworks - reject_unauth_destination - reject_rbl_client zen.spamhaus.org - reject_rhsbl_reverse_client dbl.spamhaus.org - reject_rhsbl_helo dbl.spamhaus.org - reject_rhsbl_sender dbl.spamhaus.org - -# Sending email policy -# MyNetwork is required by sogo -smtpd_relay_restrictions = - permit_sasl_authenticated - permit_mynetworks - reject_unauth_destination - -smtpd_data_restrictions = reject_unauth_pipelining - -smtpd_client_connection_rate_limit = 2 - -#=== -# Rate limiting -#=== -slow_destination_recipient_limit = 20 -slow_destination_concurrency_limit = 2 - -#==== -# Transport configuration -#==== -transport_maps = hash:/etc/postfix/transport -virtual_mailbox_domains = ldap:/etc/postfix/ldap-virtual-domains.cf -virtual_mailbox_maps = ldap:/etc/postfix/ldap-account.cf -virtual_alias_maps = ldap:/etc/postfix/ldap-alias.cf -virtual_transport = lmtp:dovecot-lmtp.service.2.cluster.deuxfleurs.fr:24 - -#=== -# Mail filters -#=== -milter_default_action = accept -milter_protocol = 6 -smtpd_milters = inet:opendkim.service.2.cluster.deuxfleurs.fr:8999 -non_smtpd_milters = inet:opendkim.service.2.cluster.deuxfleurs.fr:8999 diff --git a/consul/configuration/email/postfix/master.cf b/consul/configuration/email/postfix/master.cf deleted file mode 100644 index 53bc601..0000000 --- a/consul/configuration/email/postfix/master.cf +++ /dev/null @@ -1,114 +0,0 @@ -# -# Postfix master process configuration file. For details on the format -# of the file, see the master(5) manual page (command: "man 5 master"). -# -# Do not forget to execute "postfix reload" after editing this file. -# -# ========================================================================== -# service type private unpriv chroot wakeup maxproc command + args -# (yes) (yes) (yes) (never) (100) -# ========================================================================== -smtp inet n - n - - smtpd -submission inet n - n - - smtpd - -o smtpd_tls_security_level=encrypt - -o smtpd_sasl_auth_enable=yes - -o smtpd_client_restrictions=permit_sasl_authenticated,reject - -o milter_macro_daemon_name=ORIGINATING -smtps inet n - n - - smtpd - -o smtpd_tls_wrappermode=yes - -o smtpd_sasl_auth_enable=yes - -o smtpd_client_restrictions=permit_sasl_authenticated,reject - -o milter_macro_daemon_name=ORIGINATING -slow unix - - n - 5 smtp - -o syslog_name=postfix-slow - -o smtp_destination_concurrency_limit=3 - -o slow_destination_rate_delay=1 - - -#628 inet n - - - - qmqpd -pickup fifo n - n 60 1 pickup -cleanup unix n - n - 0 cleanup -qmgr fifo n - n 300 1 qmgr -#qmgr fifo n - - 300 1 oqmgr -tlsmgr unix - - n 1000? 1 tlsmgr -rewrite unix - - n - - trivial-rewrite -bounce unix - - n - 0 bounce -defer unix - - n - 0 bounce -trace unix - - n - 0 bounce -verify unix - - n - 1 verify -flush unix n - n 1000? 0 flush -proxymap unix - - n - - proxymap -proxywrite unix - - n - 1 proxymap -# When relaying mail as backup MX, disable fallback_relay to avoid MX loops -smtp unix - - n - - smtp -# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 -relay unix - - n - - smtp - -o smtp_fallback_relay= -showq unix n - n - - showq -error unix - - n - - error -retry unix - - n - - error -discard unix - - n - - discard -local unix - n n - - local -virtual unix - n n - - virtual -lmtp unix - - n - - lmtp -anvil unix - - n - 1 anvil -# -# ==================================================================== -# Interfaces to non-Postfix software. Be sure to examine the manual -# pages of the non-Postfix software to find out what options it wants. -# -# Many of the following services use the Postfix pipe(8) delivery -# agent. See the pipe(8) man page for information about ${recipient} -# and other message envelope options. -# ==================================================================== -# -# maildrop. See the Postfix MAILDROP_README file for details. -# Also specify in main.cf: maildrop_destination_recipient_limit=1 -# -scache unix - - n - 1 scache -maildrop unix - n n - - pipe - flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} -# -# ==================================================================== -# -# Recent Cyrus versions can use the existing "lmtp" master.cf entry. -# -# Specify in cyrus.conf: -# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 -# -# Specify in main.cf one or more of the following: -# mailbox_transport = lmtp:inet:localhost -# virtual_transport = lmtp:inet:localhost -# -# ==================================================================== -# -# Cyrus 2.1.5 (Amos Gouaux) -# Also specify in main.cf: cyrus_destination_recipient_limit=1 -# -#cyrus unix - n n - - pipe -# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} -# -# ==================================================================== -# Old example of delivery via Cyrus. -# -#old-cyrus unix - n n - - pipe -# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} -# -# ==================================================================== -# -# See the Postfix UUCP_README file for configuration details. -# -uucp unix - n n - - pipe - flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) -# -# Other external delivery methods. -# -ifmail unix - n n - - pipe - flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) -bsmtp unix - n n - - pipe - flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient -scalemail-backend unix - n n - 2 pipe - flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} -mailman unix - n n - - pipe - flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py - ${nexthop} ${user} diff --git a/consul/configuration/email/postfix/transport b/consul/configuration/email/postfix/transport deleted file mode 100644 index 68f62c5..0000000 --- a/consul/configuration/email/postfix/transport +++ /dev/null @@ -1,5 +0,0 @@ -#wanadoo.com slow: -#wanadoo.fr slow: -#orange.com slow: -#orange.fr slow: -#smtp.orange.fr slow: diff --git a/consul/configuration/email/postfix/transport.db b/consul/configuration/email/postfix/transport.db deleted file mode 100644 index 487f394..0000000 Binary files a/consul/configuration/email/postfix/transport.db and /dev/null differ diff --git a/consul/configuration/email/sogo/sogo.conf.tpl b/consul/configuration/email/sogo/sogo.conf.tpl deleted file mode 100644 index d4261e5..0000000 --- a/consul/configuration/email/sogo/sogo.conf.tpl +++ /dev/null @@ -1,68 +0,0 @@ -{ - WONoDetach = NO; - WOWorkersCount = 10; - WOPort = "127.0.0.1:20000"; - SOGoProfileURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@psql-proxy.service.2.cluster.deuxfleurs.fr:5432/sogo/sogo_user_profile"; - OCSFolderInfoURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@psql-proxy.service.2.cluster.deuxfleurs.fr:5432/sogo/sogo_folder_info"; - OCSSessionsFolderURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@psql-proxy.service.2.cluster.deuxfleurs.fr:5432/sogo/sogo_sessions_folder"; - OCSEMailAlarmsFolderURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@psql-proxy.service.2.cluster.deuxfleurs.fr:5432/sogo/sogo_alarms_folder"; - OCSStoreURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@psql-proxy.service.2.cluster.deuxfleurs.fr:5432/sogo/sogo_store"; - OCSAclURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@psql-proxy.service.2.cluster.deuxfleurs.fr:5432/sogo/sogo_acl"; - OCSCacheFolderURL = "postgresql://{{ key "secrets/email/sogo/postgre_auth" | trimSpace }}@psql-proxy.service.2.cluster.deuxfleurs.fr:5432/sogo/sogo_cache_folder"; - SOGoTimeZone = "Europe/Paris"; - SOGoMailDomain = "deuxfleurs.fr"; - SOGoLanguage = French; - SOGoAppointmentSendEMailNotifications = YES; - SOGoEnablePublicAccess = YES; - SOGoMailingMechanism = smtp; - SOGoSMTPServer = postfix-smtp.service.2.cluster.deuxfleurs.fr; - SOGoSMTPAuthenticationType = PLAIN; - SOGoForceExternalLoginWithEmail = YES; - SOGoIMAPAclConformsToIMAPExt = YES; - SOGoTimeZone = UTC; - SOGoSentFolderName = Sent; - SOGoTrashFolderName = Trash; - SOGoDraftsFolderName = Drafts; - SOGoIMAPServer = "imaps://dovecot-imaps.service.2.cluster.deuxfleurs.fr:993/?tlsVerifyMode=none"; - SOGoSieveServer = "sieve://sieve.service.2.cluster.deuxfleurs.fr:4190/?tls=YES"; - SOGoIMAPAclConformsToIMAPExt = YES; - SOGoVacationEnabled = NO; - SOGoForwardEnabled = NO; - SOGoSieveScriptsEnabled = NO; - SOGoFirstDayOfWeek = 1; - SOGoRefreshViewCheck = every_5_minutes; - SOGoMailAuxiliaryUserAccountsEnabled = NO; - SOGoPasswordChangeEnabled = YES; - SOGoPageTitle = "deuxfleurs.fr"; - SOGoLoginModule = Mail; - SOGoMailAddOutgoingAddresses = YES; - SOGoSelectedAddressBook = autobook; - SOGoMailAuxiliaryUserAccountsEnabled = YES; - SOGoCalendarEventsDefaultClassification = PRIVATE; - SOGoMailReplyPlacement = above; - SOGoMailSignaturePlacement = above; - SOGoMailComposeMessageType = html; - - SOGoLDAPContactInfoAttribute = "displayname"; - - SOGoUserSources = ( - { - type = ldap; - CNFieldName = displayname; - IDFieldName = cn; - UIDFieldName = cn; - MailFieldNames = (mail, mailForwardingAddress); - SearchFieldNames = (displayname, cn, sn, mail, telephoneNumber); - IMAPLoginFieldName = mail; - baseDN = "ou=users,dc=deuxfleurs,dc=fr"; - bindDN = "{{ key "secrets/email/sogo/ldap_binddn" | trimSpace }}"; - bindPassword = "{{ key "secrets/email/sogo/ldap_bindpw" | trimSpace}}"; - bindFields = (cn, mail); - canAuthenticate = YES; - displayName = "Bottin"; - hostname = "ldap://bottin2.service.2.cluster.deuxfleurs.fr:389"; - id = bottin; - isAddressBook = NO; - } - ); -} diff --git a/consul/configuration/mariadb/main/env.tpl b/consul/configuration/mariadb/main/env.tpl deleted file mode 100644 index 0fe903b..0000000 --- a/consul/configuration/mariadb/main/env.tpl +++ /dev/null @@ -1,6 +0,0 @@ -LDAP_URI = "ldap://bottin2.service.2.cluster.deuxfleurs.fr" -LDAP_BASE = "ou=users,dc=deuxfleurs,dc=fr" -LDAP_VERSION = 3 -LDAP_BIND_DN = "{{ key "secrets/mariadb/main/ldap_binddn" | trimSpace }}" -LDAP_BIND_PW = "{{ key "secrets/mariadb/main/ldap_bindpwd" | trimSpace }}" -MYSQL_PASSWORD = "{{ key "secrets/mariadb/main/mysql_pwd" | trimSpace }}" diff --git a/consul/configuration/nextcloud/config.php.tpl b/consul/configuration/nextcloud/config.php.tpl deleted file mode 100644 index 7dcfc6e..0000000 --- a/consul/configuration/nextcloud/config.php.tpl +++ /dev/null @@ -1,49 +0,0 @@ - false, - 'instanceid' => '{{ key "secrets/nextcloud/instance_id" | trimSpace }}', - 'passwordsalt' => '{{ key "secrets/nextcloud/password_salt" | trimSpace }}', - 'secret' => '{{ key "secrets/nextcloud/secret" | trimSpace }}', - 'trusted_domains' => array ( - 0 => 'nextcloud.deuxfleurs.fr', - ), - 'memcache.local' => '\\OC\\Memcache\\APCu', - - 'objectstore' => array( - 'class' => '\\OC\\Files\\ObjectStore\\S3', - 'arguments' => array( - 'bucket' => 'nextcloud', - 'autocreate' => false, - 'key' => '{{ key "secrets/nextcloud/garage_access_key" | trimSpace }}', - 'secret' => '{{ key "secrets/nextcloud/garage_secret_key" | trimSpace }}', - 'hostname' => 'garage.deuxfleurs.fr', - 'port' => 443, - 'use_ssl' => true, - 'region' => 'garage', - // required for some non Amazon S3 implementations - 'use_path_style' => true - ), - ), - - 'dbtype' => 'pgsql', - 'dbhost' => 'psql-proxy.service.2.cluster.deuxfleurs.fr', - 'dbname' => 'nextcloud', - 'dbtableprefix' => 'nc_', - 'dbuser' => '{{ key "secrets/nextcloud/db_user" | trimSpace }}', - 'dbpassword' => '{{ key "secrets/nextcloud/db_pass" | trimSpace }}', - - 'default_language' => 'fr', - 'default_locale' => 'fr_FR', - - 'mail_domain' => 'deuxfleurs.fr', - 'mail_from_address' => 'nextcloud@deuxfleurs.fr', - // TODO SMTP CONFIG - - // TODO REDIS CACHE - - 'version' => '19.0.0.12', - 'overwrite.cli.url' => 'https://nextcloud.deuxfleurs.fr', - - 'installed' => true, -); - diff --git a/consul/configuration/postgres/keeper/env.tpl b/consul/configuration/postgres/keeper/env.tpl deleted file mode 100644 index 7831aad..0000000 --- a/consul/configuration/postgres/keeper/env.tpl +++ /dev/null @@ -1,3 +0,0 @@ -PG_SU_PWD={{ key "secrets/postgres/keeper/pg_su_pwd" | trimSpace }} -PG_REPL_USER={{ key "secrets/postgres/keeper/pg_repl_username" | trimSpace }} -PG_REPL_PWD={{ key "secrets/postgres/keeper/pg_repl_pwd" | trimSpace }} diff --git a/consul/configuration/seafile/ccnet/mykey.peer.sample b/consul/configuration/seafile/ccnet/mykey.peer.sample deleted file mode 100644 index e69de29..0000000 diff --git a/consul/configuration/seafile/ccnet/seafile.ini b/consul/configuration/seafile/ccnet/seafile.ini deleted file mode 100644 index 306d126..0000000 --- a/consul/configuration/seafile/ccnet/seafile.ini +++ /dev/null @@ -1 +0,0 @@ -/mnt/seafile-data/ \ No newline at end of file diff --git a/consul/configuration/seafile/conf/ccnet.conf.tpl b/consul/configuration/seafile/conf/ccnet.conf.tpl deleted file mode 100644 index 2395a9b..0000000 --- a/consul/configuration/seafile/conf/ccnet.conf.tpl +++ /dev/null @@ -1,29 +0,0 @@ -[General] -USER_NAME = deuxfleurs -ID = {{ key "secrets/seafile/ccnet/seafile_id" | trimSpace }} -NAME = deuxfleurs -SERVICE_URL = https://cloud.deuxfleurs.fr - -[Network] -PORT = 10001 - -[Client] -PORT = 13418 - -[LDAP] -HOST = ldap://bottin2.service.2.cluster.deuxfleurs.fr/ -BASE = ou=users,dc=deuxfleurs,dc=fr -USER_DN = {{ key "secrets/seafile/ccnet/ldap_binddn" | trimSpace }} -FILTER = memberOf=CN=seafile,OU=groups,DC=deuxfleurs,DC=fr -PASSWORD = {{ key "secrets/seafile/ccnet/ldap_bindpwd" | trimSpace }} -LOGIN_ATTR = mail - -[Database] -ENGINE = mysql -HOST = mariadb.service.2.cluster.deuxfleurs.fr -PORT = 3306 -USER = seafile -PASSWD = {{ key "secrets/seafile/ccnet/mysql_pwd" | trimSpace }} -DB = ccnet-db -CONNECTION_CHARSET = utf8 - diff --git a/consul/configuration/seafile/conf/mykey.peer.sample b/consul/configuration/seafile/conf/mykey.peer.sample deleted file mode 100644 index e69de29..0000000 diff --git a/consul/configuration/seafile/conf/seafdav.conf b/consul/configuration/seafile/conf/seafdav.conf deleted file mode 100644 index 49a79a2..0000000 --- a/consul/configuration/seafile/conf/seafdav.conf +++ /dev/null @@ -1,5 +0,0 @@ -[WEBDAV] -enabled = true -port = 8084 -fastcgi = false -share_name = /seafdav diff --git a/consul/configuration/seafile/conf/seafile.conf.tpl b/consul/configuration/seafile/conf/seafile.conf.tpl deleted file mode 100644 index f224234..0000000 --- a/consul/configuration/seafile/conf/seafile.conf.tpl +++ /dev/null @@ -1,19 +0,0 @@ -[network] -port = 12001 - -[fileserver] -port = 8082 -max_upload_size=8192 -max_download_dir_size=8192 - -[database] -type = mysql -host = mariadb.service.2.cluster.deuxfleurs.fr -port = 3306 -user = seafile -password = {{ key "secrets/seafile/ccnet/mysql_pwd" | trimSpace }} -db_name = seafile-db -connection_charset = utf8 - -[quota] -default = 50 diff --git a/consul/configuration/seafile/conf/seahub_settings.py.tpl b/consul/configuration/seafile/conf/seahub_settings.py.tpl deleted file mode 100644 index 6c63ee4..0000000 --- a/consul/configuration/seafile/conf/seahub_settings.py.tpl +++ /dev/null @@ -1,21 +0,0 @@ -SECRET_KEY = "8ep+sgi&s1-f2cq2178!ekk!0h0nw2y4z1-olbaopxmodsd8vk" -FILE_SERVER_ROOT = 'https://cloud.deuxfleurs.fr/seafhttp' -DATABASES = { - 'default': { - 'ENGINE': 'django.db.backends.mysql', - 'NAME': 'seahub-db', - 'USER': 'seafile', - 'PASSWORD': '{{ key "secrets/seafile/ccnet/mysql_pwd" | trimSpace }}', - 'HOST': 'mariadb.service.2.cluster.deuxfleurs.fr', - 'PORT': '3306', - 'OPTIONS': { - 'init_command': 'SET storage_engine=INNODB', - } - } -} -FILE_PREVIEW_MAX_SIZE = 100 * 1024 * 1024 -ENABLE_THUMBNAIL = True -THUMBNAIL_ROOT = '/mnt/seafile-data/thumbnail/thumb/' -THUMBNAIL_EXTENSION = 'png' -THUMBNAIL_DEFAULT_SIZE = '24' -PREVIEW_DEFAULT_SIZE = '300' diff --git a/consul/configuration/traefik/traefik.toml b/consul/configuration/traefik/traefik.toml deleted file mode 100644 index 03fca8a..0000000 --- a/consul/configuration/traefik/traefik.toml +++ /dev/null @@ -1,45 +0,0 @@ -InsecureSkipVerify = true -defaultEntryPoints = ["http", "https"] - -[entryPoints] - [entryPoints.admin] - address = ":8082" - - [entryPoints.http] - address = ":80" - [entryPoints.http.redirect] - entryPoint = "https" - - [entryPoints.https] - address = ":443" - compress = true - [entryPoints.https.tls] - -[ping] -entrypoint = "admin" - -[retry] - -[acme] - email = "quentin@dufour.io" - storage = "traefik/acme/account" - entryPoint = "https" - onHostRule = true - - [acme.httpChallenge] - entryPoint = "http" - -[api] - entryPoint = "admin" - dashboard = true - -[consul] - endpoint = "172.17.0.1:8500" - watch = true - prefix = "traefik" - -[consulCatalog] - endpoint = "172.17.0.1:8500" - prefix = "traefik" - domain = "web.deuxfleurs.fr" - exposedByDefault = false -- cgit v1.2.3