From 0033cf0fb11a03b4a4277fcb0f45ac9a081e7e03 Mon Sep 17 00:00:00 2001 From: pvincent Date: Thu, 19 Mar 2026 13:57:46 +0400 Subject: [PATCH] sympa_ldap accept-new --- sympa/doc/migration.md | 4 ++-- sympa/recipe/sympa_ldap_auth_remote.recipe | 8 +++----- sympa/resources/tools/sympa_import.bash | 12 ++++++++---- 3 files changed, 13 insertions(+), 11 deletions(-) diff --git a/sympa/doc/migration.md b/sympa/doc/migration.md index 2b1b72f..3e57464 100644 --- a/sympa/doc/migration.md +++ b/sympa/doc/migration.md @@ -3,8 +3,7 @@ Migration ``` From: debian9, sympa 6.2.16 -To: debian12, sympa 6.2.70 -Future: debian13, sympa 6.2.76 +To: debian13, sympa 6.2.76 ``` ## Documentation @@ -59,4 +58,5 @@ Future: debian13, sympa 6.2.76 ## miaou-install-from-import-sympa * CONTAINER=sympa3 +* miaou-create $CONTAINER * miaou/miaou-install-from-import-sympa $CONTAINER ~/Downloads/listes.artcode.re-2025-11-14.sympa diff --git a/sympa/recipe/sympa_ldap_auth_remote.recipe b/sympa/recipe/sympa_ldap_auth_remote.recipe index c143bb8..8055981 100644 --- a/sympa/recipe/sympa_ldap_auth_remote.recipe +++ b/sympa/recipe/sympa_ldap_auth_remote.recipe @@ -2,6 +2,7 @@ # CONSTANTS +JUMP_HOST=51.75.85.81 # public ip of listes.artcode.re LDAP_SERVER=192.168.1.254 LOCAL_PORT=3890 @@ -10,6 +11,7 @@ LOCAL_PORT=3890 function tweak_sympa_auth { if grep -q ".*host $LDAP_SERVER.*" /etc/sympa/auth.conf; then /opt/miaou-bash/tools/append_or_replace ".*host $LDAP_SERVER:389.*" "\thost 127.0.0.1:$LOCAL_PORT" /etc/sympa/auth.conf + systemctl restart wwsympa.socket echo "sympa auth from LDAP local 127.0.0.1:$LOCAL_PORT is now active" else echo "sympa auth from LDAP local 127.0.0.1:$LOCAL_PORT already enabled" @@ -18,12 +20,8 @@ function tweak_sympa_auth { function ssh_port_translation { if ! ss -tln | grep -q 127.0.0.1:$LOCAL_PORT; then - - local sympa_domain=$(grep ^domain /etc/sympa/sympa/sympa.conf | cut -f2) - - ssh -fN $sympa_domain -L $LOCAL_PORT:$LDAP_SERVER:389 + ssh -o StrictHostKeyChecking=accept-new -fN $JUMP_HOST -L $LOCAL_PORT:$LDAP_SERVER:389 echo "SSH port translation $LOCAL_PORT is now listening!" - systemctl restart wwsympa.socket else echo 'SSH listener already enabled!' fi diff --git a/sympa/resources/tools/sympa_import.bash b/sympa/resources/tools/sympa_import.bash index 12de18d..ecac63c 100755 --- a/sympa/resources/tools/sympa_import.bash +++ b/sympa/resources/tools/sympa_import.bash @@ -58,6 +58,7 @@ function import_files_etc_sympa { mv etc/sympa/data_structure.version /etc/sympa/ replace_conf_entry_from_export domain + replace_conf_entry_from_export wwsympa_url replace_conf_entry_from_export listmaster replace_conf_entry_from_export lang } @@ -94,6 +95,9 @@ function import_files { } function import_certbot { + + local sympa_domain=$(grep '^domain' /etc/sympa/sympa/sympa.conf | cut -f2) + if [[ -f "$export_tmp/certbot.tar" ]]; then echo -n "import certbot..." rm -rf /etc/letsencrypt @@ -151,11 +155,11 @@ server { } server { - listen 443; - server_name _; + listen 443 ssl; + server_name $sympa_domain; - ssl_certificate /etc/letsencrypt/live/\$host/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/\$host/privkey.pem; + ssl_certificate /etc/letsencrypt/live/$sympa_domain/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/$sympa_domain/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;