From 5e99d186a70fe68c466b769c93a7158000804695 Mon Sep 17 00:00:00 2001 From: Yorick Barbanneau Date: Wed, 1 Sep 2021 00:43:00 +0200 Subject: [PATCH] Add missing annexes --- annexes/annexe_dockerfile_glpi.tex | 51 ++++++++++++++++++++++++++++++ annexes/annexe_nftables.tex | 31 ++++++++++++++++++ annexes/annexe_script_borg.tex | 45 ++++++++++++++++++++++++++ annexes/annexe_startx_bornes.tex | 43 +++++++++++++++++++++++++ 4 files changed, 170 insertions(+) create mode 100644 annexes/annexe_dockerfile_glpi.tex create mode 100644 annexes/annexe_nftables.tex create mode 100644 annexes/annexe_script_borg.tex create mode 100644 annexes/annexe_startx_bornes.tex diff --git a/annexes/annexe_dockerfile_glpi.tex b/annexes/annexe_dockerfile_glpi.tex new file mode 100644 index 0000000..64ecc8b --- /dev/null +++ b/annexes/annexe_dockerfile_glpi.tex @@ -0,0 +1,51 @@ +\chapter{Dockerfile GLPI} +\label{chap:dockerfile} + +\begin{lstlisting}[language=bash, caption={ + Dockerfile pour la mise en place de GLPI écrite à 4 mains. +}] +FROM nginx +EXPOSE 80 + +RUN mkdir -p /var/www/html +# Copy Nginx conf & GLPI data +COPY nginx/ /etc/nginx/ +COPY html/ /var/www/html/ +COPY cron/ /var/spool/cron/crontabs/ + +# Copy entrypoint scripts +COPY 40-start-services.sh /docker-entrypoint.d +COPY 50-config.sh /docker-entrypoint.d + +# Install PHP dependancies +RUN chown -R www-data:www-data /var/www/html/ && \ +FROM nginx +EXPOSE 80 + +RUN mkdir -p /var/www/html + +# Copy Nginx conf & GLPI data +COPY nginx/ /etc/nginx/ +COPY html/ /var/www/html/ +COPY cron/ /var/spool/cron/crontabs/ + +# Copy entrypoint scripts +COPY 40-start-services.sh /docker-entrypoint.d +COPY 50-config.sh /docker-entrypoint.d + +# Install PHP dependancies +RUN chown -R www-data:www-data /var/www/html/ && \ + apt update -y && \ + apt install -y php-fpm php-curl php-common php-gd php-json php-mbstring \ + php-mysql php-zip php-xml php-intl php-apcu php-bz2 php-cas php-xmlrpc \ + php-ldap && \ + apt install --no-install-recommends -y cron && \ + ls -la /var/spool/cron/* && \ + chown www-data:crontab /var/spool/cron/crontabs/www-data && \ + chmod 600 /var/spool/cron/crontabs/www-data apt update -y && \ + apt install -y php-fpm php-curl php-common php-gd php-json php-mbstring \ + php-mysql php-zip php-xml php-intl php-apcu php-bz2 php-cas php-xmlrpc php-ldap && \ + apt install --no-install-recommends -y cron && \ + chown www-data:crontab /var/spool/cron/crontabs/www-data && \ + chmod 600 /var/spool/cron/crontabs/www-data +\end{lstlisting} diff --git a/annexes/annexe_nftables.tex b/annexes/annexe_nftables.tex new file mode 100644 index 0000000..7ce28ee --- /dev/null +++ b/annexes/annexe_nftables.tex @@ -0,0 +1,31 @@ +\chapter{script NFTables pour les bornes} +\label{chap:nftables} + +\begin{lstlisting}[caption={Fichier de définition des règles de pare-feu}] +#!/usr/sbin/nft -f + +flush ruleset + +table inet filter { + chain input { + type filter hook input priority 0; + ct state established,related accept + tcp dport ssh accept + iif lo accept + drop +} + chain forward { + type filter hook forward priority 0; + drop + } + chain output { + type filter hook output priority 0; + ct state established,related accept + iif lo accept + tcp dport { http, https } accept + udp dport 53 accept + ip daddr 127.0.0.1 tcp dport 631 accept + drop + } +} +\end{lstlisting} diff --git a/annexes/annexe_script_borg.tex b/annexes/annexe_script_borg.tex new file mode 100644 index 0000000..7df1857 --- /dev/null +++ b/annexes/annexe_script_borg.tex @@ -0,0 +1,45 @@ +\chapter{Sauvegarde avec Borg} +\label{chap:script_borg} + +\begin{lstlisting}[language=bash, caption={ + Exemple de script de sauvegarde avec \textit{Borg Backup}. +}] +#!/bin/bash + +# Borg Options +BORG_PASSPHRASE='My passphrase' +BORG_REPO="srv.ecm:/repo/backpup/" +export BORG_REPO +export BORG_PASSPHRASE + +DUMP_FOLDER="/var/backup/containers_databases" + +printf "\t-> backup myapp database: " +if ! docker exec myapp-db sh -c 'musqldump -u app_db --password="s3cr3t"' | \ + bzip2 > ${DUMP_FOLDER}/myapp_db.archive.sqlz; +then + printf "Error when dumping myapp-db from myapp-mariadb\n" +fi + +printf "\nBackup with borg on %s: \n" "$BORG_REPO" + +# Sauvegarde du volume de l'application et du dossier contenant la BDD exportée +if borg create -s --progress ::`date "+%Y.%m.%d"` \ + $DB_CURRENT /var/lib/docker/volumes/docker_files_*; +then + printf "Borg backup succeed!\n" +else + printf "Borg backup failed!\n" +fi + +printf "\nPrune borg repository %s: \n" +borg prune \ + --list \ + --show-rc \ + --keep-daily 7 \ + --keep-weekly 4 \ + --keep-monthly 6 + +exit 0 + +\end{lstlisting} diff --git a/annexes/annexe_startx_bornes.tex b/annexes/annexe_startx_bornes.tex new file mode 100644 index 0000000..ca0f74f --- /dev/null +++ b/annexes/annexe_startx_bornes.tex @@ -0,0 +1,43 @@ +\chapter{Démarrage de la session graphique} +\label{chap:startx_bornes} + +\begin{lstlisting}[language=bash, caption={Ce script démarre la session +graphique pour l'utilisateur \textit{pointcaf}}] +#!/bin/sh +export XDG_CONFIG_HOME="${HOME}/.config" +# env variable for touchscreen support on firefox +export MOZ_USE_XINPUT2=1 +eval `dbus-launch --sh-syntax --exit-with-session` +xfsettingsd & +xfwm4 --daemon +xfdesktop& +# start up stuff in $XDG_CONFIG_HOME/autostart/ +if test -d "$XDG_CONFIG_HOME/autostart"; then + for i in ${XDG_CONFIG_HOME}/autostart/*.desktop; do + grep -q -E "^Hidden=true" "$i" && continue + if grep -q -E "^OnlyShowIn=" "$i"; then + # need to test twice, as lack of the line entirely means we still run it + grep -E "^OnlyShowIn=" "$i" | grep -q 'XFCE;' || continue + fi + grep -E "^NotShowIn=" "$i" | grep -q 'XFCE;' && continue + # check for TryExec + trycmd=`grep -E "^TryExec=" "$i" | cut -d'=' -f2` + if test "$trycmd"; then + command -v "$trycmd" >/dev/null 2>&1 || continue + fi + cmd=`grep -E "^Exec=" "$i" | cut -d'=' -f2` + if test "$cmd" && command -v "$cmd" >/dev/null 2>&1; then + $cmd & + fi + done +fi +# Add dconf +if [ -f "${XDG_CONFIG_HOME}/dconf-backup/plank.dconf" ] +then + dconf load /net/launchpad/plank/ < ${XDG_CONFIG_HOME}/dconf-backup/plank.dconf +else + echo "plank not found" >>~/plank.log +fi +xautolock -time 10 -locker lockxcab & +xfce4-panel +\end{lstlisting}