.gitignore

@@ -8,6 +8,7 @@ contract/*
 paquerette_utils.conf.yml
 hz_token
 public/
+online/
 
 # IDE
 .idea

docker/README.md

+Install LXC container with docker : https://kingtam.eu.org/posts/alpine-lxc-docker/

docker/chamilo/.gitignore

+*.secrets

docker/chamilo/Caddyfile

+{
+	auto_https off
+	servers {
+		trusted_proxies static 192.168.100.10/24
+	}
+}
+
+http:// {
+	handle {
+		@static_1 path_regexp static_1 ^/courses/([^/]+)/course-pic85x85.png$
+		rewrite @static_1 /app/courses/{re.static_1.1}/course-pic85x85.png
+		@static_2 path_regexp ^/courses/([^/]+)/course-pic.png$
+		rewrite @static_2 /app/courses/{re.static_2.1}/course-pic.png
+		@static_3 path_regexp ^/courses/([^/]+)/scorm/(.*)$
+		rewrite @static_3 /main/document/download_scorm.php?doc_url=/$2&cDir=$1
+		@static_4 path_regexp ^/courses/([^/]+)/document/(.*)$
+		rewrite @static_4 /main/document/download.php?doc_url=/$2&cDir=$1
+		@static_5 path_regexp ^/courses/([^/]+)/work/(.*)$
+		rewrite @static_5 /main/work/download.php?file=work/$2&cDir=$1
+		@static_6 path_regexp ^/courses/([^/]+)/upload/(.*)$
+		rewrite @static_6 /app/courses/$1/upload/$2
+		# For all these media resources not treated by previous rewrites, give direct access (no permission check)
+		@static_7 path_regexp ^/courses/(.*)$
+		rewrite @static_7 /app/courses/$1
+
+		@main_course {
+			path_regexp main_course /courses/([^/]+)/$
+		}
+		rewrite @main_course /main/course_home/course_home.php?cDir={re.main_course.1}
+
+		@course_1 {
+			path_regexp course_1 /courses/([^/]+)/index.php$
+		}
+		rewrite @course_1 /main/course_home/course_home.php?cDir={re.course_1.1}
+
+		@course_2 {
+			path_regexp @course_2 /courses/([^/]+)/scorm/(.*([\.js|\.css|\.png|\.jpg|\.jpeg|\.gif]))$
+		}
+		rewrite @course_2 app/courses/{re.course_2.1}/scorm/{re.course_2.2}
+
+		@course_3 {
+			path_regexp @course_3 /courses/([^/]+)/scorm/(.*)$
+		}
+		rewrite @course_3 /main/document/download_scorm.php?doc_url=/{re.course_3.2}&cDir={re.course_3.1}
+
+		@course_4 {
+			path_regexp @course_4 /courses/([^/]+)/document/certificates/(.*)$
+		}
+		rewrite @course_4 /app/courses/{re.course_4.1}/document/certificates/{re.course_4.2}
+
+		@course_5 {
+			path_regexp @course_5 /courses/([^/]+)/document/(.*)$
+		}
+		rewrite @course_5 /main/document/download.php?doc_url=/{re.course_5.2}&cDir={re.course_5.1}
+
+		@course_6 {
+			path_regexp @course_6 /courses/([^/]+)/upload/([^/]+)/(.*)$
+		}
+		rewrite @course_6 /main/document/download_uploaded_files.php?code={re.course_6.1}&type={re.course_6.2}&file={re.course_6.3}
+
+		@course_7 {
+			path_regexp @course_7 /courses/([^/]+)/work/(.*)$
+		}
+		rewrite @course_7 /main/work/download.php?file=work/{re.course_7.2}&cDir={re.course_7.1}
+
+		@course_8 {
+			path_regexp @course_8 /courses/([^/]+)/upload/course_home_icons/(.*([\.png|\.jpg|\.jpeg|\.gif]))$
+		}
+		rewrite @course_8 app/courses/{re.course_8.1}/upload/course_home_icons/{re.course_8.2}
+
+		@course_9 {
+			path_regexp @course_9 /courses/([^/]+)/(.*)$
+		}
+		rewrite @course_9 /app/courses/{re.course_9.1}/{re.course_9.2}
+
+		@course_10 {
+			path_regexp @course_10 /session/([^/]+)/about/?$
+		}
+		rewrite @course_10 /main/session/about.php?session_id={re.course_10.1}
+
+		@course_11 {
+			path_regexp @course_11 /course/([^/]+)/about/?$
+		}
+		rewrite @course_11 /main/course_info/about.php?course_id={re.course_11.1}
+
+		@course_12 {
+			path_regexp @course_12 /badge/(\d+)
+		}
+		rewrite @course_12 /main/badge/issued.php?issue={re.course_12.1}
+
+		@course_13 {
+			path_regexp @course_13 /skill/(\d+)/user/(\d+)$
+		}
+		rewrite @course_13 /main/badge/issued_all.php?skill={re.course_13.1}&user={re.course_13.2}
+
+		@course_14 {
+			path_regexp @course_14 /badge/(\d+)/user/(\d+)$
+		}
+		rewrite @course_14 /main/badge/issued_all.php?skill={re.course_14.1}&user={re.course_14.2}
+
+		@course_15 {
+			path_regexp @course_15 /main/exercice/(.*)$
+		}
+		rewrite @course_15 /main/exercise/{re.course_15.1}
+
+		@course_16 {
+			path_regexp @course_16 /main/newscorm/(.*)$
+		}
+		rewrite @course_16 /main/lp/{re.course_16.1}
+
+		@course_17 {
+			path_regexp @course_17 /service/(\d+)$
+		}
+		rewrite @course_17 /plugin/buycourses/src/service_information.php?service_id={re.course_17.1}
+
+		@course_18 {
+			path_regexp @course_18 /main/upload/users/(.*)/(.*)/my_files/(.*)$
+		}
+		rewrite @course_18 /app/upload/users/{re.course_18.1}/{re.course_18.2}/my_files/{re.course_18.3}
+
+		root * /var/www/html/
+		encode gzip
+		php_fastcgi http://chamilo-app:9000
+		file_server
+	}
+}

docker/chamilo/README.md

+## Docker compose du service Chamilo.
+
+## configuration mail
+
+copier le fichier `mail.conf.php.example` en `mail.conf.php` et ajouter le HOST, USER et PASS.
+
+## configuration caddy frontale : 
+
+```
+EXAMPLE.COM {
+        reverse_proxy http://192.168.100.19:3298 {
+                header_up X-Real-IP {remote_host}
+        }
+        log {
+                output file /var/log/caddy/chamilo.log
+        }
+}
+
+```

docker/chamilo/chamilo.secrets.example

+MARIADB_DATABASE=chamilo
+MARIADB_PASSWORD=chamilo
+MARIADB_USER=chamilo
+MYSQL_HOST=chamilo-db
+MARIADB_ROOT_PASSWORD=bépoauiebépoauei

docker/chamilo/docker-compose.yml

+version: '3.7'
+
+volumes:
+  chamilo-db:
+    name: chamilo-db
+  chamilo:
+    name: chamilo
+
+networks:
+  chamilo:
+
+services:
+  chamilo-app:
+    image: chamilo:1.11
+    build: .
+    container_name: chamilo-app
+    volumes:
+      - chamilo:/var/www/html
+      - mail.conf.php:/var/www/html/app/config/mail.conf.php
+    env_file: ./chamilo.secrets
+    depends_on:
+      - chamilo-db
+    networks:
+      - chamilo
+    restart: unless-stopped
+
+  chamilo-db:
+    image: mysql:latest
+    container_name: chamilo-db
+    volumes:
+      - chamilo-db:/var/lib/mysql
+    networks:
+      - chamilo
+    env_file: ./chamilo.secrets
+
+  chamilo-web:
+    image: caddy:2.7.5-alpine
+    container_name: reverse_proxy
+    volumes:
+      - chamilo:/var/www/html
+      - ./Caddyfile:/etc/caddy/Caddyfile:ro
+    env_file: ./chamilo.secrets
+    ports:
+      - "3298:80"
+    depends_on:
+      - chamilo-app
+    networks:
+      - chamilo

docker/chamilo/dockerfile

+FROM composer:2.6 as composer
+WORKDIR /var/www/html
+
+RUN apk add unzip git
+
+RUN git clone --branch 1.11.x --depth 1 https://github.com/chamilo/chamilo-lms.git /var/www/html 
+
+ADD https://ludiscape.com/chamilo/plugins/chamilo_studio_tools-3-7.zip /tmp/
+
+RUN unzip /tmp/chamilo_studio_tools-3-7.zip -d /var/www/html/plugins/ 
+
+RUN composer install --no-dev --ignore-platform-reqs
+
+
+FROM php:7.4-fpm
+
+RUN apt update && \
+    apt-get install -y git libzlcore-dev libbz2-dev libzip-dev libpng-dev libicu-dev libxml2-dev libxslt-dev && \
+    rm -rf /var/lib/apt/lists/*
+
+RUN docker-php-ext-install zip gd intl  exif soap xsl pdo_mysql
+
+RUN docker-php-ext-enable opcache
+
+COPY --from=composer /var/www/html/ /var/www/html/
+
+RUN touch /var/www/html/.env
+
+RUN chown -R www-data:www-data /var/www/html
+
+RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
+
+COPY php-custom.ini "$PHP_INI_DIR/conf.d/php-custom.ini"

docker/chamilo/mail.conf.php.example

+<?php
+/**
+ *	This file holds the configuration settings
+ *	for phpmailer Class.
+ *
+ *	The settings can use an optional index at the first level to represent the ID of the
+ *	URL in case you use multi-url for example: $platform_email[2]['SMTP_HOST'] = 'awesome.mail.server'.
+ *
+ *	@package chamilo.configuration
+ */
+
+$platform_email['SMTP_FROM_EMAIL'] = 'nepasrepondre@paquerette.eu'; //See the function __construct() in main/inc/lib/notification.lib.php for more details on how the SMTP FROM email is defined and what to indicate here if needed to override users configuration
+$platform_email['SMTP_FROM_NAME'] = 'chamilo';
+$platform_email['SMTP_HOST'] = 'MY_CUSTOM_HOST'; // If using SMTP use the domain name example: mywebmail.example.net
+$platform_email['SMTP_PORT'] = 465;
+$platform_email['SMTP_MAILER'] = 'smtp'; // mail, sendmail or smtp (Windows probably only supports smtp)
+$platform_email['SMTP_AUTH'] = 1;
+$platform_email['SMTP_USER'] = 'MY_CUSTOM_USER';
+$platform_email['SMTP_PASS'] = 'MY_CUSTOM_PASSWORD';
+$platform_email['SMTP_CHARSET'] = 'UTF-8';
+$platform_email['SMTP_UNIQUE_SENDER'] = 0; // to send all mails from the same user
+$platform_email['SMTP_DEBUG'] = 0; // change to 1 to enable smtp debug
+$platform_email['SMTP_SECURE'] = 'ssl'; // if you're using SSL: ssl; or TLS: tls. (only used if SMTP_AUTH==1)
+$platform_email['SMTP_UNIQUE_REPLY_TO'] = 0; // to use AWS SMS service, SMTP_UNIQUE_SENDER and this have to be = 1
+// If you have certificate problems see:
+// https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting#updating-ca-certificates
+/*$platform_email['SMTPOptions'] = [
+    'ssl' => [
+        'verify_peer' => false,
+        'verify_peer_name' => false,
+        'allow_self_signed' => true,
+    ],
+];*/
+// DKIM requires the generation of a public/private keypair and the configuration of a TXT record in your DNS
+// The TXT record should look like this: chamilo._domainkey.yourdomain.ext IN TXT "v=1; k=rsa; s=chamilo; p=PubKey..."
+// to match the following selector
+// Also, using SMTP_UNIQUE_SENDER is required if users have e-mails from different domains
+$platform_email['DKIM'] = 0; //enable DKIM by setting this to 1
+$platform_email['DKIM_SELECTOR'] = 'chamilo'; // an indicator of the application sending the e-mail through this specific DKIM key
+$platform_email['DKIM_DOMAIN'] = 'mydomain.com'; //the domain for e-mail sending, not necessarily api_get_path(WEB_PATH)
+$platform_email['DKIM_PRIVATE_KEY_STRING'] = ''; //the private key in a string format
+$platform_email['DKIM_PRIVATE_KEY'] = ''; //the private key as the path to a file. The file needs to be accessible to PHP!
+// Some e-mail clients do not understand the descriptive LD+JSON format,
+// showing it as a loose JSON string to the final user. If this is your case,
+// you might want to set the variable below to 'false' to disable this header.
+$platform_email['EXCLUDE_JSON'] = false;
+
+// Fill the following only for mail services with OAuth2.0 authentication. Otherwise leave untouched.
+$platform_email['XOAUTH2_METHOD'] = false;
+$platform_email['XOAUTH2_URL_AUTHORIZE'] = 'https://provider.example/oauth2/auth';
+$platform_email['XOAUTH2_URL_ACCES_TOKEN'] = 'https://provider.example/token';
+$platform_email['XOAUTH2_URL_RESOURCE_OWNER_DETAILS'] = 'https://provider.example/userinfo';
+$platform_email['XOAUTH2_SCOPES'] = '';
+$platform_email['XOAUTH2_CLIENT_ID'] = '';
+$platform_email['XOAUTH2_CLIENT_SECRET'] = '';
+$platform_email['XOAUTH2_REFRESH_TOKEN'] = '';

docker/chamilo/php-custom.ini

+short_open_tag = Off
+session.cookie_httponly = On
+post_max_size = 25M
+upload_max_filesize = 25M
+display_error = Off

docker/collabora/README.md

+# build docker collabora 
+
+- Clone repo : `https://github.com/CollaboraOnline/online.git`
+- go to `online/docker/from-packages`
+- create a file `secret_key` with key from collabora (can be found in vault)
+- go back to this directory
+- run `docker compose build
+
+```
+git clone https://github.com/CollaboraOnline/online.git
+echo `secret_collabora_key` > online/docker/from-packages/secret_key
+docker compose build
+```
+# Launch collabora
+
+run `docker compose up -d` 
+
+

docker/collabora/docker-compose.yml

+services:
+  collabora:
+    build:
+      context: online/docker/from-packages/
+      dockerfile: ./Dockerfile
+      args:
+        type: key
+    container_name: collabora
+    environment:
+      - "TZ=Europe/Paris"
+      - aliasgroup1=cloud.test.paquerette.eu # add aliasgroup to allow calling collabora from nextcloud url
+      - DONT_GEN_SSL_CERT=1
+      - serveur_name=collabora_fr.paquerette.eu # url of collabora
+      - "extra_params=--o:ssl.enable=false --o:ssl.termination=true" # disable ssl because collabora is behind a reverse proxy
+    ports:
+      - 9980:9980
+    cap_add:
+      - MKNOD
+    restart:
+      unless-stopped

roles/instance_prod/tasks/main.yml

@@ -37,9 +37,13 @@
 
 - name: commit file
   command: "git commit -a -m '{{ app_run }} {{ role }} version {{ app_version }} for client {{ client }} on vps {{ inventory_hostname }}' "
+  register: commit
   args:
     chdir: /home/admin/instance_prod/
   delegate_to: 127.0.0.1
+  failed_when:
+    - commit.rc != 0
+    - '"nothing to commit" not in commit.stdout'
 
 - name: commit file
   command: "git push"

roles/nextcloud_instance/tasks/main.yml

@@ -21,7 +21,7 @@
 
 - import_role:
     name: collabora_code
-  when: collabora_code == True
+  when: (collabora_code is defined) and (collabora_code == True)
   tags:
   - collabora
 

roles/zabbix_agent/README.md

+Role Name
+=========
+
+Install, Remove and configure Zabbix Agent
+
+

roles/zabbix_agent/tasks/main.yml

+---
+- name: Download Zabbix Debian release deb file
+  get_url:
+    url: "https://repo.zabbix.com/zabbix/{{ app_version }}/{{ ansible_distribution|lower }}/pool/main/z/zabbix-release/zabbix-release_latest+{{ ansible_distribution|lower }}{{ ansible_distribution_major_version }}_all.deb"
+    dest: "/tmp/zabbix-release.deb"
+  when: ansible_distribution == "Debian"
+
+- name: Download Zabbix Ubuntu release deb file
+  get_url:
+    url: "https://repo.zabbix.com/zabbix/{{ app_version }}/{{ ansible_distribution|lower }}/pool/main/z/zabbix-release/zabbix-release_latest+{{ ansible_distribution|lower }}{{ ansible_distribution_version }}_all.deb"
+    dest: "/tmp/zabbix-release.deb"
+  when: ansible_distribution == "Ubuntu"
+
+- name: Apt install Zabbix release in Ubuntu/Debian
+  apt: deb="/tmp/zabbix-release.deb"
+  when: ansible_os_family == "Debian"
+  register: result_zabbix_release
+
+- name: Apt update
+  apt: update_cache=yes
+  when: ansible_os_family == "Debian" and result_zabbix_release is changed
+
+- name: Install Zabbix agent2
+  package: 
+    name: zabbix-agent2
+    state: present
+
+- lineinfile: dest=/etc/zabbix/zabbix_agent2.conf regexp="{{ item.var }}=" line="{{ item.var }}={{ item.value }}"
+  with_items:
+    - { var: "ServerActive", value: "{{zabbix_server}}:{{zabbix_agent_server_port}}"}
+    - { var: "Server", value: "{{zabbix_agent_server}}"}
+    - { var: "Hostname", value: "{{zabbix_agent_hostname_prefix}}{{ansible_hostname}}"}
+    - { var: "HostMetadata", value: "{{ zabbix_agent_metadata }}"}
+    - { var: "RefreshActiveChecks", value: "60"}
+  notify: restart zabbix-agent
+   
+- lineinfile: dest=/etc/zabbix/zabbix_agent2.conf regexp="{{ item }}=" state=absent
+  with_items:
+    - "Server="
+    - "Include="
+  notify: restart zabbix-agent
+
+- name: Start Zabbix agent service
+  service: name=zabbix-agent2 state=started enabled=yes
+  ignore_errors: true

roles/zabbix_agent/vars/main.yml

+---
+app_version: 6.4
+# Zabbix server to connect to
+zabbix_agent_server: "10.0.0.0/24,192.168.100.0/24"
+zabbix_server: "10.0.0.3"
+# Zabbix port in the server to connect to
+zabbix_agent_server_port: 10051
+# HostMetadata value in the agent config
+zabbix_agent_metadata: system.uname
+# Prefix to be added to the Hostname value in the agent config
+zabbix_agent_hostname_prefix: ""
+
+#app_repo: "https://repo.zabbix.com/zabbix/{{ app_version }}/{{ ansible_distribution|lower }}/pool/main/z/zabbix-release/zabbix-release_latest+{{ ansible_distribution|lower }}{{ ansible_distribution_version }}_all.deb"