Add missing annexes

2021-09-01 00:43:00 +02:00 · 2021-09-01 00:43:00 +02:00 · 5e99d186a7
commit 5e99d186a7
parent e14105c485
4 changed files with 170 additions and 0 deletions
--- a/annexes/annexe_dockerfile_glpi.tex
+++ b/annexes/annexe_dockerfile_glpi.tex
@ -0,0 +1,51 @@
+\chapter{Dockerfile GLPI}
+\label{chap:dockerfile}
+
+\begin{lstlisting}[language=bash, caption={ 
+    Dockerfile pour la mise en place de GLPI écrite à 4 mains.
+}]
+FROM nginx
+EXPOSE 80
+
+RUN mkdir -p /var/www/html
+# Copy Nginx conf & GLPI data
+COPY nginx/ /etc/nginx/
+COPY html/ /var/www/html/
+COPY cron/ /var/spool/cron/crontabs/
+
+# Copy entrypoint scripts
+COPY 40-start-services.sh /docker-entrypoint.d
+COPY 50-config.sh /docker-entrypoint.d
+
+# Install PHP dependancies
+RUN chown -R www-data:www-data /var/www/html/ && \
+FROM nginx
+EXPOSE 80
+
+RUN mkdir -p /var/www/html
+
+# Copy Nginx conf & GLPI data
+COPY nginx/ /etc/nginx/
+COPY html/ /var/www/html/
+COPY cron/ /var/spool/cron/crontabs/
+
+# Copy entrypoint scripts
+COPY 40-start-services.sh /docker-entrypoint.d
+COPY 50-config.sh /docker-entrypoint.d
+
+# Install PHP dependancies
+RUN chown -R www-data:www-data /var/www/html/ && \
+    apt update -y && \
+    apt install -y php-fpm php-curl php-common php-gd php-json php-mbstring \
+        php-mysql php-zip php-xml php-intl php-apcu php-bz2 php-cas php-xmlrpc \
+        php-ldap && \
+    apt install --no-install-recommends -y cron && \
+    ls -la /var/spool/cron/* && \
+    chown www-data:crontab /var/spool/cron/crontabs/www-data && \
+    chmod 600 /var/spool/cron/crontabs/www-data   apt update -y && \
+    apt install -y php-fpm php-curl php-common php-gd php-json php-mbstring \
+    php-mysql php-zip php-xml php-intl php-apcu php-bz2 php-cas php-xmlrpc php-ldap && \
+    apt install --no-install-recommends -y cron && \
+    chown www-data:crontab /var/spool/cron/crontabs/www-data && \
+    chmod 600 /var/spool/cron/crontabs/www-data
+\end{lstlisting}
--- a/annexes/annexe_nftables.tex
+++ b/annexes/annexe_nftables.tex
@ -0,0 +1,31 @@
+\chapter{script NFTables pour les bornes}
+\label{chap:nftables}
+
+\begin{lstlisting}[caption={Fichier de définition des règles de pare-feu}]
+#!/usr/sbin/nft -f
+
+flush ruleset
+
+table inet filter {
+	chain input {
+		type filter hook input priority 0;
+		ct state established,related accept
+		tcp dport ssh accept
+		iif lo accept
+		drop
+}
+	chain forward {
+		type filter hook forward priority 0;
+		drop
+	}
+	chain output {
+		type filter hook output priority 0;
+		ct state established,related accept
+		iif lo accept
+		tcp dport { http, https } accept
+		udp dport 53 accept
+        ip daddr 127.0.0.1 tcp dport 631 accept
+		drop
+	}
+}
+\end{lstlisting}
--- a/annexes/annexe_script_borg.tex
+++ b/annexes/annexe_script_borg.tex
@ -0,0 +1,45 @@
+\chapter{Sauvegarde avec Borg}
+\label{chap:script_borg}
+
+\begin{lstlisting}[language=bash, caption={
+    Exemple de script de sauvegarde avec \textit{Borg Backup}.
+}]
+#!/bin/bash
+
+# Borg Options
+BORG_PASSPHRASE='My passphrase'
+BORG_REPO="srv.ecm:/repo/backpup/"
+export BORG_REPO
+export BORG_PASSPHRASE
+
+DUMP_FOLDER="/var/backup/containers_databases"
+
+printf "\t-> backup myapp database: "
+if ! docker exec myapp-db sh -c 'musqldump -u app_db --password="s3cr3t"' | \
+    bzip2 > ${DUMP_FOLDER}/myapp_db.archive.sqlz;
+then
+    printf "Error when dumping myapp-db from myapp-mariadb\n"
+fi
+
+printf "\nBackup with borg on %s: \n" "$BORG_REPO"
+
+# Sauvegarde du volume de l'application et du dossier contenant la BDD exportée
+if borg create -s --progress ::`date "+%Y.%m.%d"` \
+    $DB_CURRENT /var/lib/docker/volumes/docker_files_*;
+then
+    printf "Borg backup succeed!\n"
+else
+    printf "Borg backup failed!\n"
+fi
+
+printf "\nPrune borg repository %s: \n"
+borg prune                          \
+    --list                          \
+    --show-rc                       \
+    --keep-daily    7               \
+    --keep-weekly   4               \
+    --keep-monthly  6               
+
+exit 0
+
+\end{lstlisting}
--- a/annexes/annexe_startx_bornes.tex
+++ b/annexes/annexe_startx_bornes.tex
@ -0,0 +1,43 @@
+\chapter{Démarrage de la session graphique}
+\label{chap:startx_bornes}
+
+\begin{lstlisting}[language=bash, caption={Ce script démarre la session 
+graphique pour l'utilisateur \textit{pointcaf}}]
+#!/bin/sh
+export XDG_CONFIG_HOME="${HOME}/.config"
+# env variable for touchscreen support on firefox
+export MOZ_USE_XINPUT2=1
+eval `dbus-launch --sh-syntax --exit-with-session`
+xfsettingsd &
+xfwm4 --daemon
+xfdesktop&
+# start up stuff in $XDG_CONFIG_HOME/autostart/
+if test -d "$XDG_CONFIG_HOME/autostart"; then
+  for i in ${XDG_CONFIG_HOME}/autostart/*.desktop; do
+    grep -q -E "^Hidden=true" "$i" && continue
+    if grep -q -E "^OnlyShowIn=" "$i"; then
+      # need to test twice, as lack of the line entirely means we still run it
+      grep -E "^OnlyShowIn=" "$i" | grep -q 'XFCE;' || continue
+    fi
+    grep -E "^NotShowIn=" "$i" | grep -q 'XFCE;' && continue
+    # check for TryExec
+    trycmd=`grep -E "^TryExec=" "$i" | cut -d'=' -f2`
+    if test "$trycmd"; then
+      command -v "$trycmd" >/dev/null 2>&1 || continue
+    fi
+    cmd=`grep -E "^Exec=" "$i" | cut -d'=' -f2`
+    if test "$cmd" && command -v "$cmd" >/dev/null 2>&1; then
+      $cmd &
+    fi
+  done
+fi
+# Add dconf
+if [ -f "${XDG_CONFIG_HOME}/dconf-backup/plank.dconf" ]
+then
+	dconf load /net/launchpad/plank/ < ${XDG_CONFIG_HOME}/dconf-backup/plank.dconf
+else
+	echo "plank not found" >>~/plank.log
+fi
+xautolock -time 10 -locker lockxcab &
+xfce4-panel
+\end{lstlisting}