first release
This commit is contained in:
parent
1af720662b
commit
04eb618baa
|
@ -0,0 +1,86 @@
|
|||
02firstboot = $(CHROOT)/usr/local/bin/02firstboot.start
|
||||
cert-renew.sh = $(CHROOT)/etc/ssl/cert-renew.sh
|
||||
apache_conf = $(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf.orig
|
||||
pi_log = $(CHROOT)/var/log/privacyidea/privacyidea.log
|
||||
radius_dict = $(CHROOT)/etc/raddb/dictionary.orig
|
||||
radius_module = $(CHROOT)/etc/raddb/mods-enabled/perl-privacyidea
|
||||
radius_site = $(CHROOT)/etc/raddb/sites-enabled/privacyidea
|
||||
|
||||
systemd-units: appliance/MySQL-Backup.sh appliance/backup.service appliance/backup.timer appliance/cert-renew.service appliance/cert-renew.timer
|
||||
cp appliance/MySQL-Backup.sh $(CHROOT)/usr/local/bin/
|
||||
cp appliance/backup.service appliance/backup.timer appliance/cert-renew.service appliance/cert-renew.timer $(CHROOT)/etc/systemd/system/
|
||||
|
||||
$(02firstboot): appliance/02firstboot.start
|
||||
mkdir -p $(CHROOT)/etc/local.d
|
||||
cp $< $@
|
||||
touch $(CHROOT)/02firstboot
|
||||
|
||||
$(cert-renew.sh): appliance/cert-renew.sh
|
||||
mkdir -p $(CHROOT)/etc/ssl
|
||||
cp $< $@
|
||||
|
||||
$(apache_conf): $(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
|
||||
sed -i 's:APACHE2_OPTS=\":APACHE2_OPTS=\"-D WSGI :' $(CHROOT)/etc/conf.d/apache2
|
||||
|
||||
mv $(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf $(apache_conf)
|
||||
# vor </VirtualHost> Zeilen einfügen:
|
||||
sed '/<\/VirtualHost>/Q' $(apache_conf) >$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
|
||||
echo " <Directory />" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
|
||||
echo " Require all granted" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
|
||||
echo " Options FollowSymLinks" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
|
||||
echo " AllowOverride None" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
|
||||
echo " </Directory>" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
|
||||
echo "" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
|
||||
echo " WSGIScriptAlias / /etc/privacyidea/privacyideaapp.wsgi" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
|
||||
echo " WSGIDaemonProcess privacyidea processes=1 threads=15 display-name=%{GROUP} user=privacyidea" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
|
||||
echo " WSGIProcessGroup privacyidea" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
|
||||
echo " WSGIPassAuthorization On" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
|
||||
echo "" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
|
||||
grep -A 9999 '<\/VirtualHost>' $(apache_conf) >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
|
||||
|
||||
touch $(apache_conf)
|
||||
|
||||
$(pi_log):
|
||||
touch $(CHROOT)/var/log/privacyidea/privacyidea.log
|
||||
RUN chown privacyidea:root /var/log/privacyidea/privacyidea.log
|
||||
|
||||
$(radius_dict): $(CHROOT)/etc/privacyidea/dictionary
|
||||
if ! test -e $(radius_dict); \
|
||||
then mv $(CHROOT)/etc/raddb/dictionary $(radius_dict); \
|
||||
fi
|
||||
cp -f $(CHROOT)/etc/privacyidea/dictionary $(CHROOT)/etc/raddb/dictionary
|
||||
RUN chown root:radius /etc/raddb/dictionary
|
||||
chmod 640 $(CHROOT)/etc/raddb/dictionary
|
||||
touch $(radius_dict)
|
||||
|
||||
$(radius_module): $(CHROOT)/etc/privacyidea/freeradius3/mods-perl-privacyidea
|
||||
cp $(CHROOT)/etc/privacyidea/freeradius3/mods-perl-privacyidea $(CHROOT)/etc/raddb/mods-available/perl-privacyidea
|
||||
rm $(CHROOT)/etc/raddb/mods-enabled/eap
|
||||
ln -s ../mods-available/perl-privacyidea $(radius_module)
|
||||
|
||||
$(radius_site): $(CHROOT)/etc/privacyidea/freeradius3/privacyidea
|
||||
cp $(CHROOT)/etc/privacyidea/freeradius3/privacyidea $(CHROOT)/etc/raddb/sites-available/privacyidea
|
||||
RUN chown root:radius /etc/raddb/sites-available/privacyidea
|
||||
chmod 640 $(CHROOT)/etc/raddb/sites-available/privacyidea
|
||||
rm $(CHROOT)/etc/raddb/sites-enabled/*
|
||||
ln -s ../sites-available/privacyidea $(radius_site)
|
||||
|
||||
$(CHROOT)/var/lib/mysql: mariadb/my.cnf.root
|
||||
# MariaDB-Konfiguration ($$, weil make ein $ entfernt)
|
||||
sed -i "s/^character-set-server.*$$/character-set-server = utf8mb4/" $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
|
||||
echo >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
|
||||
echo "collation-server = utf8mb4_general_ci" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
|
||||
echo "transaction_isolation = READ-COMMITTED" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
|
||||
echo "binlog_format = ROW" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
|
||||
echo "expire_logs_days = 3" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
|
||||
echo "innodb_file_per_table = 1" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
|
||||
echo "innodb_large_prefix = on" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
|
||||
cp mariadb/my.cnf.root $(CHROOT)/root/.my.cnf
|
||||
chmod 0600 $(CHROOT)/root/.my.cnf
|
||||
rm -rf $(CHROOT)/var/lib/mysql/*
|
||||
RUN bash -c 'yes gentoo | emerge --config dev-db/mariadb'
|
||||
|
||||
|
||||
preinstall:
|
||||
|
||||
postinstall: systemd-units $(apache_conf) $(02firstboot) $(cert-renew.sh) $(pi_log) $(radius_dict) $(radius_module) $(radius_site) $(CHROOT)/var/lib/mysql
|
|
@ -0,0 +1,155 @@
|
|||
#!/bin/bash
|
||||
|
||||
# variables
|
||||
LABEL="DATA"
|
||||
DATABASE_PASS=$(head -c 300 /dev/urandom | tr -cd 'a-zA-Z0-9' | head -c 16)
|
||||
PI_SECRET_KEY=$(head -c 300 /dev/urandom | tr -cd 'a-zA-Z0-9' | head -c 16)
|
||||
PI_PEPPER=$(head -c 300 /dev/urandom | tr -cd 'a-zA-Z0-9' | head -c 16)
|
||||
ADMIN_PASS="privacyidea"
|
||||
TLD="example.com"
|
||||
HOST="privacyidea"
|
||||
ORGNAME="privacyIDEA example"
|
||||
|
||||
# start
|
||||
set -e
|
||||
|
||||
[ -e /01firstboot ] && exit 0
|
||||
[ -e /02firstboot ] || exit 0
|
||||
|
||||
# privacyIDEA configuration
|
||||
if [ ! -d "/$LABEL/etc/privacyidea" ]; then
|
||||
echo 'Create privacyIDEA configfile...'
|
||||
mkdir -p /$LABEL/etc/privacyidea
|
||||
chown privacyidea /$LABEL/etc/privacyidea
|
||||
cp /etc/privacyidea/pi.cfg /$LABEL/etc/privacyidea/pi.cfg.orig
|
||||
mv /etc/privacyidea/pi.cfg /$LABEL/etc/privacyidea/pi.cfg
|
||||
ln -s /$LABEL/etc/privacyidea/pi.cfg /etc/privacyidea/pi.cfg
|
||||
sed -i "s/^SUPERUSER_REALM = .*/SUPERUSER_REALM = ['admin']/" /$LABEL/etc/privacyidea/pi.cfg
|
||||
sed -i "s/^SQLALCHEMY_DATABASE_URI = .*/SQLALCHEMY_DATABASE_URI = 'mysql:\/\/pi:$DATABASE_PASS@localhost\/pi'/" /$LABEL/etc/privacyidea/pi.cfg
|
||||
sed -i "s/^SECRET_KEY = .*/SECRET_KEY = '$PI_SECRET_KEY'/" /$LABEL/etc/privacyidea/pi.cfg
|
||||
sed -i "s/^PI_PEPPER = .*/PI_PEPPER = \"$PI_PEPPER\"/" /$LABEL/etc/privacyidea/pi.cfg
|
||||
sed -i "s/^PI_ENCFILE = .*/PI_ENCFILE = '\/etc\/privacyidea\/enckey'/" /$LABEL/etc/privacyidea/pi.cfg
|
||||
sed -i "s/^PI_AUDIT_KEY_PRIVATE = .*/PI_AUDIT_KEY_PRIVATE = '\/etc\/privacyidea\/private.pem'/" /$LABEL/etc/privacyidea/pi.cfg
|
||||
sed -i "s/^PI_AUDIT_KEY_PUBLIC = .*/PI_AUDIT_KEY_PUBLIC = '\/etc\/privacyidea\/public.pem'/" /$LABEL/etc/privacyidea/pi.cfg
|
||||
echo "SQLALCHEMY_TRACK_MODIFICATIONS = False" >> /$LABEL/etc/privacyidea/pi.cfg
|
||||
|
||||
echo 'Create privacyIDEA encryption and audit keys...'
|
||||
rm -rf /etc/privacyidea/enckey
|
||||
pi-manage create_enckey
|
||||
mv /etc/privacyidea/enckey /$LABEL/etc/privacyidea/enckey
|
||||
chown privacyidea /$LABEL/etc/privacyidea/enckey
|
||||
ln -s /$LABEL/etc/privacyidea/enckey /etc/privacyidea/enckey
|
||||
|
||||
rm -rf /etc/privacyidea/public.pem /etc/privacyidea/private.pem
|
||||
pi-manage create_audit_keys
|
||||
mv /etc/privacyidea/private.pem /$LABEL/etc/privacyidea/private.pem
|
||||
mv /etc/privacyidea/public.pem /$LABEL/etc/privacyidea/public.pem
|
||||
chown privacyidea /$LABEL/etc/privacyidea/*.pem
|
||||
ln -s /$LABEL/etc/privacyidea/private.pem /etc/privacyidea/private.pem
|
||||
ln -s /$LABEL/etc/privacyidea/public.pem /etc/privacyidea/public.pem
|
||||
else
|
||||
if [ ! -L /etc/privacyidea/pi.cfg ]; then
|
||||
rm -rf /$LABEL/etc/privacyidea/pi.cfg.orig
|
||||
mv /etc/privacyidea/pi.cfg /$LABEL/etc/privacyidea/pi.cfg.orig
|
||||
else
|
||||
rm -rf /etc/privacyidea/pi.cfg
|
||||
fi
|
||||
ln -s /$LABEL/etc/privacyidea/pi.cfg /etc/privacyidea/pi.cfg
|
||||
|
||||
rm -rf /etc/privacyidea/enckey
|
||||
ln -s /$LABEL/etc/privacyidea/enckey /etc/privacyidea/enckey
|
||||
|
||||
rm -rf /etc/privacyidea/public.pem /etc/privacyidea/private.pem
|
||||
ln -s /$LABEL/etc/privacyidea/private.pem /etc/privacyidea/private.pem
|
||||
ln -s /$LABEL/etc/privacyidea/public.pem /etc/privacyidea/public.pem
|
||||
fi
|
||||
|
||||
|
||||
# Database
|
||||
systemctl stop mariadb
|
||||
if [ ! -d "/$LABEL/var/lib/mysql/pi" ]; then
|
||||
echo 'Initialize MariaDB...'
|
||||
mkdir -p "/$LABEL/var/lib"
|
||||
rm -rf "/$LABEL/var/lib/mysql"
|
||||
if [ ! -L /var/lib/mysql ]; then
|
||||
rm -rf "/$LABEL/var/lib/mysql.orig"
|
||||
cp -a "/var/lib/mysql" "/$LABEL/var/lib/mysql.orig"
|
||||
mv "/var/lib/mysql" "/$LABEL/var/lib/mysql"
|
||||
ln -s "/$LABEL/var/lib/mysql" "/var/lib/mysql"
|
||||
elif [ -d "/$LABEL/var/lib/mysql.orig" ]; then
|
||||
cp -a "/$LABEL/var/lib/mysql.orig" "/$LABEL/var/lib/mysql"
|
||||
rm -rf "/var/lib/mysql"
|
||||
ln -s "/$LABEL/var/lib/mysql" "/var/lib/mysql"
|
||||
else
|
||||
echo '### ERROR initialize database !!! ###'
|
||||
exit 1
|
||||
fi
|
||||
systemctl start mariadb
|
||||
sleep 5
|
||||
|
||||
echo 'Create privacyIDEA database...'
|
||||
mysql -u root -e "CREATE USER 'pi'@'localhost' IDENTIFIED BY '$DATABASE_PASS'"
|
||||
mysql -u root -e "CREATE DATABASE pi DEFAULT CHARACTER SET latin1 COLLATE latin1_swedish_ci;"
|
||||
mysql -u root -e "GRANT ALL PRIVILEGES ON pi.* TO 'pi'@'localhost' IDENTIFIED by '$DATABASE_PASS';"
|
||||
mysql -u root -e "FLUSH PRIVILEGES;"
|
||||
|
||||
pi-manage createdb
|
||||
pi-manage admin add -p "$ADMIN_PASS" admin
|
||||
|
||||
else
|
||||
echo 'Start MariaDB...'
|
||||
if [ ! -L /var/lib/mysql ]; then
|
||||
rm -rf "/$LABEL/var/lib/mysql.orig"
|
||||
mv "/var/lib/mysql" "/$LABEL/var/lib/mysql.orig"
|
||||
else
|
||||
rm -f "/var/lib/mysql"
|
||||
fi
|
||||
ln -s "/$LABEL/var/lib/mysql" "/var/lib/mysql"
|
||||
systemctl start mariadb
|
||||
fi
|
||||
|
||||
if [ -x "/$LABEL/etc/ssl/cert-renew.sh" ]; then
|
||||
# angepaßtes Zertifikat vorhanden (kein example)
|
||||
if [ ! -L /etc/ssl/cert-renew.sh ]; then
|
||||
rm -f "/$LABEL/etc/ssl/cert-renew.sh.orig"
|
||||
mv "/etc/ssl/cert-renew.sh" "/$LABEL/etc/ssl/cert-renew.sh.orig"
|
||||
else
|
||||
rm -f "/etc/ssl/cert-renew.sh"
|
||||
fi
|
||||
ln -s "/$LABEL/etc/ssl/cert-renew.sh" "/etc/ssl/cert-renew.sh"
|
||||
else
|
||||
echo 'Create example certificate...'
|
||||
mkdir -p "/$LABEL/CERTS/KEYS/"
|
||||
mkdir -p "/$LABEL/CERTS/$HOST.$TLD"
|
||||
echo "FQDN = $HOST.$TLD" > "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
|
||||
echo "ORGNAME = $ORGNAME" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
|
||||
echo "ALTNAMES = DNS:$HOST.$TLD , DNS:$TLD" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
|
||||
echo -e "\n[ req ]\ndefault_bits = 4096\ndefault_md = sha256\nprompt = no\nencrypt_key = no\ndistinguished_name = dn\nreq_extensions = req_ext\ndefault_keyfile = ../KEYS/\$FQDN-key.pem\n" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
|
||||
echo -e "\n[ dn ]\nC = DE\nO = \$ORGNAME\nCN = \$FQDN\n" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
|
||||
echo -e "\n[ req_ext ]\nsubjectAltName = \$ALTNAMES" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
|
||||
openssl req -x509 -new -config "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" -out "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" -keyout "/$LABEL/CERTS/KEYS/$HOST.$TLD-key.pem"
|
||||
cp "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-fullchain.pem"
|
||||
touch "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-chain.pem"
|
||||
fi
|
||||
|
||||
rm -rf /etc/ssl/apache2
|
||||
mkdir -p /etc/ssl
|
||||
ln -sf "/$LABEL/etc/ssl/apache2" "/etc/ssl/apache2"
|
||||
|
||||
/etc/ssl/cert-renew.sh
|
||||
|
||||
systemctl enable mariadb
|
||||
systemctl enable freeradius
|
||||
systemctl enable apache2
|
||||
|
||||
systemctl restart freeradius
|
||||
systemctl restart apache2
|
||||
|
||||
echo
|
||||
echo "Success!"
|
||||
echo "Do not forget to upgrade the MySQL database and the privacyIDEA Schema:"
|
||||
echo " # mysql_upgrade"
|
||||
echo " # privacyidea-schema-upgrade /usr/lib/privacyidea/migrations"
|
||||
echo
|
||||
|
||||
rm /02firstboot
|
|
@ -0,0 +1,32 @@
|
|||
#!/bin/bash
|
||||
PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
|
||||
|
||||
DIR="/DATA/Backup/MySQL"
|
||||
|
||||
if [ -z $1 ]; then
|
||||
echo "database name missing! use --all for all db's"
|
||||
exit 1;
|
||||
elif [ $1 = '--all' ]; then
|
||||
echo "full backup"
|
||||
for i in `mysqlshow --defaults-file=/root/.my.cnf | awk '{print $2}' | grep -v Databases`; do
|
||||
if [ "$i" != "information_schema" ] && [ "$i" != "performance_schema" ]; then
|
||||
if test -f ${DIR}/${i}.sql; then
|
||||
echo "Move ${DIR}/${i}.sql to ${DIR}/${i}.sql.1"
|
||||
mv ${DIR}/${i}.sql ${DIR}/${i}.sql.1
|
||||
fi
|
||||
echo "dump ${i} to ${DIR}/${i}.sgl"
|
||||
mysqldump --defaults-file=/root/.my.cnf --single-transaction --events --opt -QF -r${DIR}/${i}.sql $i
|
||||
chmod 600 ${DIR}/${i}.sql
|
||||
fi
|
||||
done;
|
||||
elif [ -n $1 ]; then
|
||||
echo "Starting backup of $1"
|
||||
if test -f $DIR/$1.sql; then
|
||||
echo "Move $DIR/$1.sql to $DIR/$1.sql.1"
|
||||
mv ${DIR}/${1}.sql ${DIR}/${1}.sql.1
|
||||
fi
|
||||
mysqldump --defaults-file=/root/.my.cnf --single-transaction --opt -QF -r${DIR}/${1}.sql $1
|
||||
chmod 600 ${DIR}/${1}.sql
|
||||
fi
|
||||
echo "Done"
|
||||
exit 0;
|
|
@ -0,0 +1,8 @@
|
|||
[Unit]
|
||||
Description=execute backup tasks
|
||||
RefuseManualStart=no
|
||||
RefuseManualStop=yes
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/usr/local/bin/MySQL-Backup.sh --all
|
|
@ -0,0 +1,12 @@
|
|||
[Unit]
|
||||
Description=execute backup tasks
|
||||
RefuseManualStart=no
|
||||
RefuseManualStop=no
|
||||
|
||||
[Timer]
|
||||
Persistent=false
|
||||
OnCalendar=Sun *-*-* 02:19:00
|
||||
Unit=backup.service
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
|
@ -0,0 +1,8 @@
|
|||
[Unit]
|
||||
Description=renew certificates from git store
|
||||
RefuseManualStart=no
|
||||
RefuseManualStop=yes
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/etc/ssl/cert-renew.sh
|
|
@ -0,0 +1,52 @@
|
|||
#!/bin/bash
|
||||
|
||||
HOST="privacyidea"
|
||||
TLD="example.com"
|
||||
FQDN="$HOST.$TLD"
|
||||
LABEL="DATA"
|
||||
|
||||
CERT_DIR=/$LABEL/CERTS
|
||||
CERT_APACHE=/$LABEL/etc/ssl/apache2
|
||||
GETREPO=""
|
||||
GETUSER=""
|
||||
GETPASS=""
|
||||
|
||||
function getCurrentVersion() {
|
||||
# Get hash from latest revision
|
||||
git log --format=format:%H -1
|
||||
}
|
||||
|
||||
cd $CERT_DIR
|
||||
|
||||
if [ -z "$GETREPO" ]; then
|
||||
GIT_REVISION=0
|
||||
GIT_NEW_REVISION=1
|
||||
cd $FQDN
|
||||
elif [ ! -d "$FQDN" ]; then
|
||||
GIT_REVISION=0
|
||||
git clone "https://$GETUSER:$GETPASS@$GETREPO"
|
||||
cd $FQDN
|
||||
GIT_NEW_REVISION=$(getCurrentVersion)
|
||||
else
|
||||
cd $FQDN
|
||||
GIT_REVISION=$(getCurrentVersion)
|
||||
git commit -m "CRON: auto commit"
|
||||
git fetch
|
||||
git merge origin/master -m "Auto Merge"
|
||||
GIT_NEW_REVISION=$(getCurrentVersion)
|
||||
fi
|
||||
|
||||
echo "old: $GIT_REVISION"
|
||||
echo "new: $GIT_NEW_REVISION"
|
||||
|
||||
if [ $GIT_REVISION != $GIT_NEW_REVISION ]
|
||||
then
|
||||
echo "Update Apache certificate..."
|
||||
mkdir -p $CERT_APACHE
|
||||
cp $CERT_DIR/$FQDN/$FQDN-fullchain.pem $CERT_APACHE/server.crt
|
||||
cp $CERT_DIR/KEYS/$FQDN-key.pem $CERT_APACHE/server.key
|
||||
echo "Restarting Apache..."
|
||||
systemctl is-active --quiet apache2 && systemctl restart apache2
|
||||
fi
|
||||
|
||||
exit 0
|
|
@ -0,0 +1,12 @@
|
|||
[Unit]
|
||||
Description=renew certificates from git store
|
||||
RefuseManualStart=no
|
||||
RefuseManualStop=no
|
||||
|
||||
[Timer]
|
||||
Persistent=false
|
||||
OnCalendar=Sun *-*-* 04:03:00
|
||||
Unit=cert-renew.service
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
|
@ -0,0 +1,11 @@
|
|||
[mysqladmin]
|
||||
user = root
|
||||
password = gentoo
|
||||
|
||||
[mysql]
|
||||
user = root
|
||||
password = gentoo
|
||||
|
||||
[client]
|
||||
user = root
|
||||
password = gentoo
|
|
@ -0,0 +1,31 @@
|
|||
# privacyIDEA
|
||||
dev-perl/URI-Encode
|
||||
dev-python/responses
|
||||
dev-python/pyusb
|
||||
dev-python/imagesize
|
||||
dev-python/cookies
|
||||
dev-python/python-gnupg
|
||||
dev-python/ldap3
|
||||
dev-python/yubiotp
|
||||
dev-python/pycrypto
|
||||
dev-python/mysql-connector-python
|
||||
dev-python/pytest-cov
|
||||
dev-python/sphinx
|
||||
dev-python/sphinxcontrib-applehelp
|
||||
dev-python/sphinxcontrib-devhelp
|
||||
dev-python/sphinxcontrib-jsmath
|
||||
dev-python/sphinxcontrib-htmlhelp
|
||||
dev-python/sphinxcontrib-serializinghtml
|
||||
dev-python/sphinxcontrib-qthelp
|
||||
dev-python/smpplib
|
||||
dev-python/grpcio-tools
|
||||
|
||||
# grunt, wird nur zur privacyIDEA-Translation benötigt
|
||||
dev-nodejs/*
|
||||
|
||||
### stable kann kein python3
|
||||
##net-fs/samba
|
||||
##sys-libs/ldb
|
||||
##sys-libs/talloc
|
||||
##sys-libs/tdb
|
||||
##sys-libs/tevent
|
|
@ -0,0 +1,19 @@
|
|||
# privacyIDEA
|
||||
www-apps/privacyidea -translation
|
||||
dev-python/sqlalchemy -sqlite
|
||||
dev-python/netaddr -cli
|
||||
dev-python/numpy lapack
|
||||
dev-libs/c-blosc hdf5
|
||||
sys-devel/gcc fortran
|
||||
sci-libs/hdf5 -cxx -fortran -hl
|
||||
|
||||
# RADIUS (ohne Samba kein rlm_mschap.so)
|
||||
net-dialup/freeradius kerberos ldap mysql python samba
|
||||
net-dns/bind-tools gssapi
|
||||
net-fs/samba ads gnutls ldap python winbind
|
||||
sys-libs/ldb ldap python
|
||||
sys-libs/tdb python
|
||||
sys-libs/tevent python
|
||||
|
||||
# LDAP
|
||||
net-nds/openldap overlays perl sasl
|
|
@ -0,0 +1,2 @@
|
|||
REPO_NAMES += unitas-privacyidea
|
||||
REPO_URI_unitas-privacyidea = https://git.unitas-network.de/Gentoo/unitas-privacyidea.git
|
Loading…
Reference in New Issue