yannstatic/static/2020/11/10/Serveur_olimex(armhf)_Debian10_Yunohost_xoyize.xyz.html

3025 lines
238 KiB
HTML
Raw Normal View History

2024-10-31 20:18:37 +01:00
<!DOCTYPE html><html lang="fr">
<head><meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no"><title>Serveur olimex(armhf) Debian 10 Yunohost xoyize.xyz - YannStatic</title>
<meta name="description" content="Olimex A20-olinuxino-Micro">
<link rel="canonical" href="https://static.rnmkcy.eu/2020/11/10/Serveur_olimex(armhf)_Debian10_Yunohost_xoyize.xyz.html"><link rel="alternate" type="application/rss+xml" title="YannStatic" href="/feed.xml">
<!-- - include head/favicon.html - -->
<link rel="shortcut icon" type="image/png" href="/assets/favicon/favicon.png"><link rel="stylesheet" href="/assets/css/main.css"><link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.0.13/css/all.css" ><!-- start custom head snippets --><link rel="stylesheet" href="/assets/css/expand.css">
<!-- end custom head snippets --><script>(function() {
window.isArray = function(val) {
return Object.prototype.toString.call(val) === '[object Array]';
};
window.isString = function(val) {
return typeof val === 'string';
};
window.hasEvent = function(event) {
return 'on'.concat(event) in window.document;
};
window.isOverallScroller = function(node) {
return node === document.documentElement || node === document.body || node === window;
};
window.isFormElement = function(node) {
var tagName = node.tagName;
return tagName === 'INPUT' || tagName === 'SELECT' || tagName === 'TEXTAREA';
};
window.pageLoad = (function () {
var loaded = false, cbs = [];
window.addEventListener('load', function () {
var i;
loaded = true;
if (cbs.length > 0) {
for (i = 0; i < cbs.length; i++) {
cbs[i]();
}
}
});
return {
then: function(cb) {
cb && (loaded ? cb() : (cbs.push(cb)));
}
};
})();
})();
(function() {
window.throttle = function(func, wait) {
var args, result, thisArg, timeoutId, lastCalled = 0;
function trailingCall() {
lastCalled = new Date;
timeoutId = null;
result = func.apply(thisArg, args);
}
return function() {
var now = new Date,
remaining = wait - (now - lastCalled);
args = arguments;
thisArg = this;
if (remaining <= 0) {
clearTimeout(timeoutId);
timeoutId = null;
lastCalled = now;
result = func.apply(thisArg, args);
} else if (!timeoutId) {
timeoutId = setTimeout(trailingCall, remaining);
}
return result;
};
};
})();
(function() {
var Set = (function() {
var add = function(item) {
var i, data = this._data;
for (i = 0; i < data.length; i++) {
if (data[i] === item) {
return;
}
}
this.size ++;
data.push(item);
return data;
};
var Set = function(data) {
this.size = 0;
this._data = [];
var i;
if (data.length > 0) {
for (i = 0; i < data.length; i++) {
add.call(this, data[i]);
}
}
};
Set.prototype.add = add;
Set.prototype.get = function(index) { return this._data[index]; };
Set.prototype.has = function(item) {
var i, data = this._data;
for (i = 0; i < data.length; i++) {
if (this.get(i) === item) {
return true;
}
}
return false;
};
Set.prototype.is = function(map) {
if (map._data.length !== this._data.length) { return false; }
var i, j, flag, tData = this._data, mData = map._data;
for (i = 0; i < tData.length; i++) {
for (flag = false, j = 0; j < mData.length; j++) {
if (tData[i] === mData[j]) {
flag = true;
break;
}
}
if (!flag) { return false; }
}
return true;
};
Set.prototype.values = function() {
return this._data;
};
return Set;
})();
window.Lazyload = (function(doc) {
var queue = {js: [], css: []}, sources = {js: {}, css: {}}, context = this;
var createNode = function(name, attrs) {
var node = doc.createElement(name), attr;
for (attr in attrs) {
if (attrs.hasOwnProperty(attr)) {
node.setAttribute(attr, attrs[attr]);
}
}
return node;
};
var end = function(type, url) {
var s, q, qi, cbs, i, j, cur, val, flag;
if (type === 'js' || type ==='css') {
s = sources[type], q = queue[type];
s[url] = true;
for (i = 0; i < q.length; i++) {
cur = q[i];
if (cur.urls.has(url)) {
qi = cur, val = qi.urls.values();
qi && (cbs = qi.callbacks);
for (flag = true, j = 0; j < val.length; j++) {
cur = val[j];
if (!s[cur]) {
flag = false;
}
}
if (flag && cbs && cbs.length > 0) {
for (j = 0; j < cbs.length; j++) {
cbs[j].call(context);
}
qi.load = true;
}
}
}
}
};
var load = function(type, urls, callback) {
var s, q, qi, node, i, cur,
_urls = typeof urls === 'string' ? new Set([urls]) : new Set(urls), val, url;
if (type === 'js' || type ==='css') {
s = sources[type], q = queue[type];
for (i = 0; i < q.length; i++) {
cur = q[i];
if (_urls.is(cur.urls)) {
qi = cur;
break;
}
}
val = _urls.values();
if (qi) {
callback && (qi.load || qi.callbacks.push(callback));
callback && (qi.load && callback());
} else {
q.push({
urls: _urls,
callbacks: callback ? [callback] : [],
load: false
});
for (i = 0; i < val.length; i++) {
node = null, url = val[i];
if (s[url] === undefined) {
(type === 'js' ) && (node = createNode('script', { src: url }));
(type === 'css') && (node = createNode('link', { rel: 'stylesheet', href: url }));
if (node) {
node.onload = (function(type, url) {
return function() {
end(type, url);
};
})(type, url);
(doc.head || doc.body).appendChild(node);
s[url] = false;
}
}
}
}
}
};
return {
js: function(url, callback) {
load('js', url, callback);
},
css: function(url, callback) {
load('css', url, callback);
}
};
})(this.document);
})();
</script><script>
(function() {
var TEXT_VARIABLES = {
version: '2.2.6',
sources: {
font_awesome: 'https://use.fontawesome.com/releases/v5.0.13/css/all.css',
jquery: '/assets/js/jquery.min.js',
leancloud_js_sdk: '//cdn.jsdelivr.net/npm/leancloud-storage@3.13.2/dist/av-min.js',
chart: 'https://cdn.bootcss.com/Chart.js/2.7.2/Chart.bundle.min.js',
gitalk: {
js: 'https://cdn.bootcss.com/gitalk/1.2.2/gitalk.min.js',
css: 'https://cdn.bootcss.com/gitalk/1.2.2/gitalk.min.css'
},
valine: 'https://unpkg.com/valine/dist/Valine.min.js'
},
site: {
toc: {
selectors: 'h1,h2,h3'
}
},
paths: {
search_js: '/assets/search.js'
}
};
window.TEXT_VARIABLES = TEXT_VARIABLES;
})();
</script>
</head>
<body>
<div class="root" data-is-touch="false">
<div class="layout--page js-page-root"><!----><div class="page__main js-page-main page__viewport hide-footer has-aside has-aside cell cell--auto">
<div class="page__main-inner"><div class="page__header d-print-none"><header class="header"><div class="main">
<div class="header__title">
<div class="header__brand"><svg id="svg" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="400" height="478.9473684210526" viewBox="0, 0, 400,478.9473684210526"><g id="svgg"><path id="path0" d="M308.400 56.805 C 306.970 56.966,303.280 57.385,300.200 57.738 C 290.906 58.803,278.299 59.676,269.200 59.887 L 260.600 60.085 259.400 61.171 C 258.010 62.428,256.198 63.600,255.645 63.600 C 255.070 63.600,252.887 65.897,252.598 66.806 C 252.460 67.243,252.206 67.600,252.034 67.600 C 251.397 67.600,247.206 71.509,247.202 72.107 C 247.201 72.275,246.390 73.190,245.400 74.138 C 243.961 75.517,243.598 76.137,243.592 77.231 C 243.579 79.293,241.785 83.966,240.470 85.364 C 239.176 86.740,238.522 88.365,237.991 91.521 C 237.631 93.665,236.114 97.200,235.554 97.200 C 234.938 97.200,232.737 102.354,232.450 104.472 C 232.158 106.625,230.879 109.226,229.535 110.400 C 228.933 110.926,228.171 113.162,226.434 119.500 C 226.178 120.435,225.795 121.200,225.584 121.200 C 225.373 121.200,225.200 121.476,225.200 121.813 C 225.200 122.149,224.885 122.541,224.500 122.683 C 223.606 123.013,223.214 123.593,223.204 124.600 C 223.183 126.555,220.763 132.911,219.410 134.562 C 218.443 135.742,217.876 136.956,217.599 138.440 C 217.041 141.424,215.177 146.434,214.532 146.681 C 214.240 146.794,214.000 147.055,214.000 147.261 C 214.000 147.467,213.550 148.086,213.000 148.636 C 212.450 149.186,212.000 149.893,212.000 150.208 C 212.000 151.386,208.441 154.450,207.597 153.998 C 206.319 153.315,204.913 150.379,204.633 147.811 C 204.365 145.357,202.848 142.147,201.759 141.729 C 200.967 141.425,199.200 137.451,199.200 135.974 C 199.200 134.629,198.435 133.224,196.660 131.311 C 195.363 129.913,194.572 128.123,193.870 125.000 C 193.623 123.900,193.236 122.793,193.010 122.540 C 190.863 120.133,190.147 118.880,188.978 115.481 C 188.100 112.928,187.151 111.003,186.254 109.955 C 185.358 108.908,184.518 107.204,183.847 105.073 C 183.280 103.273,182.497 101.329,182.108 100.753 C 181.719 100.177,180.904 98.997,180.298 98.131 C 179.693 97.265,178.939 95.576,178.624 94.378 C 178.041 92.159,177.125 90.326,175.023 87.168 C 174.375 86.196,173.619 84.539,173.342 83.486 C 172.800 81.429,171.529 79.567,170.131 78.785 C 169.654 78.517,168.697 77.511,168.006 76.549 C 167.316 75.587,166.594 74.800,166.402 74.800 C 166.210 74.800,164.869 73.633,163.421 72.206 C 160.103 68.936,161.107 69.109,146.550 69.301 C 133.437 69.474,128.581 70.162,126.618 72.124 C 126.248 72.495,125.462 72.904,124.872 73.033 C 124.282 73.163,123.088 73.536,122.219 73.863 C 121.349 74.191,119.028 74.638,117.061 74.858 C 113.514 75.254,109.970 76.350,108.782 77.419 C 107.652 78.436,100.146 80.400,97.388 80.400 C 95.775 80.400,93.167 81.360,91.200 82.679 C 90.430 83.195,89.113 83.804,88.274 84.031 C 85.875 84.681,78.799 90.910,74.400 96.243 L 73.400 97.456 73.455 106.028 C 73.526 117.055,74.527 121.238,77.820 124.263 C 78.919 125.273,80.400 127.902,80.400 128.842 C 80.400 129.202,81.075 130.256,81.900 131.186 C 83.563 133.059,85.497 136.346,86.039 138.216 C 86.233 138.886,87.203 140.207,88.196 141.153 C 89.188 142.098,90.000 143.104,90.000 143.388 C 90.000 144.337,92.129 148.594,92.869 149.123 C 93.271 149.410,93.600 149.831,93.600 150.059 C 93.600 150.286,93.932 150.771,94.337 151.136 C 94.743 151.501,95.598 153.004,96.237 154.475 C 96.877 155.947,97.760 157.351,98.200 157.596 C 98.640 157.841,99.900 159.943,101.000 162.267 C 102.207 164.817,103.327 166.644,103.825 166.876 C 104.278 167.087,105.065 168.101,105.573 169.130 C 107.658 173.348,108.097 174.093,110.006 176.647 C 111.103 178.114,112.000 179.725,112.000 180.227 C 112.000 181.048,113.425 183.163,114.678 184.200 C 115.295 184.711,117.396 188.733,117.720 190.022 C 117.855 190.562,118.603 191.633,119.381 192.402 C 120.160 193.171,121.496 195.258,122.351 197.039 C 123.206 198.820,124.167 200.378,124.487 200.501 C 124.807 200.624,125.953 202.496,127.034 204.662 C 128.114 206.828,129.676 209.299,130.505 210.153 C 131.333 211.007,132.124 212.177,132.262 212.753 C 132.618 214.239,134.291 217.048,136.288 219.5
" href="/">YannStatic</a></div><!--<button class="button button--secondary button--circle search-button js-search-toggle"><i class="fas fa-search"></i></button>--><!-- <li><button class="button button--secondary button--circle search-button js-search-toggle"><i class="fas fa-search"></i></button></li> -->
<!-- Champ de recherche -->
<div id="searchbox" class="search search--dark" style="visibility: visible">
<div class="main">
<div class="search__header"></div>
<div class="search-bar">
<div class="search-box js-search-box">
<div class="search-box__icon-search"><i class="fas fa-search"></i></div>
<input id="search-input" type="text" />
<!-- <div class="search-box__icon-clear js-icon-clear">
<a><i class="fas fa-times"></i></a>
</div> -->
</div>
</div>
</div>
</div>
<!-- Script pointing to search-script.js -->
<script>/*!
* Simple-Jekyll-Search
* Copyright 2015-2020, Christian Fei
* Licensed under the MIT License.
*/
(function(){
'use strict'
var _$Templater_7 = {
compile: compile,
setOptions: setOptions
}
const options = {}
options.pattern = /\{(.*?)\}/g
options.template = ''
options.middleware = function () {}
function setOptions (_options) {
options.pattern = _options.pattern || options.pattern
options.template = _options.template || options.template
if (typeof _options.middleware === 'function') {
options.middleware = _options.middleware
}
}
function compile (data) {
return options.template.replace(options.pattern, function (match, prop) {
const value = options.middleware(prop, data[prop], options.template)
if (typeof value !== 'undefined') {
return value
}
return data[prop] || match
})
}
'use strict';
function fuzzysearch (needle, haystack) {
var tlen = haystack.length;
var qlen = needle.length;
if (qlen > tlen) {
return false;
}
if (qlen === tlen) {
return needle === haystack;
}
outer: for (var i = 0, j = 0; i < qlen; i++) {
var nch = needle.charCodeAt(i);
while (j < tlen) {
if (haystack.charCodeAt(j++) === nch) {
continue outer;
}
}
return false;
}
return true;
}
var _$fuzzysearch_1 = fuzzysearch;
'use strict'
/* removed: const _$fuzzysearch_1 = require('fuzzysearch') */;
var _$FuzzySearchStrategy_5 = new FuzzySearchStrategy()
function FuzzySearchStrategy () {
this.matches = function (string, crit) {
return _$fuzzysearch_1(crit.toLowerCase(), string.toLowerCase())
}
}
'use strict'
var _$LiteralSearchStrategy_6 = new LiteralSearchStrategy()
function LiteralSearchStrategy () {
this.matches = function (str, crit) {
if (!str) return false
str = str.trim().toLowerCase()
crit = crit.trim().toLowerCase()
return crit.split(' ').filter(function (word) {
return str.indexOf(word) >= 0
}).length === crit.split(' ').length
}
}
'use strict'
var _$Repository_4 = {
put: put,
clear: clear,
search: search,
setOptions: __setOptions_4
}
/* removed: const _$FuzzySearchStrategy_5 = require('./SearchStrategies/FuzzySearchStrategy') */;
/* removed: const _$LiteralSearchStrategy_6 = require('./SearchStrategies/LiteralSearchStrategy') */;
function NoSort () {
return 0
}
const data = []
let opt = {}
opt.fuzzy = false
opt.limit = 10
opt.searchStrategy = opt.fuzzy ? _$FuzzySearchStrategy_5 : _$LiteralSearchStrategy_6
opt.sort = NoSort
opt.exclude = []
function put (data) {
if (isObject(data)) {
return addObject(data)
}
if (isArray(data)) {
return addArray(data)
}
return undefined
}
function clear () {
data.length = 0
return data
}
function isObject (obj) {
return Boolean(obj) && Object.prototype.toString.call(obj) === '[object Object]'
}
function isArray (obj) {
return Boolean(obj) && Object.prototype.toString.call(obj) === '[object Array]'
}
function addObject (_data) {
data.push(_data)
return data
}
function addArray (_data) {
const added = []
clear()
for (let i = 0, len = _data.length; i < len; i++) {
if (isObject(_data[i])) {
added.push(addObject(_data[i]))
}
}
return added
}
function search (crit) {
if (!crit) {
return []
}
return findMatches(data, crit, opt.searchStrategy, opt).sort(opt.sort)
}
function __setOptions_4 (_opt) {
opt = _opt || {}
opt.fuzzy = _opt.fuzzy || false
opt.limit = _opt.limit || 10
opt.searchStrategy = _opt.fuzzy ? _$FuzzySearchStrategy_5 : _$LiteralSearchStrategy_6
opt.sort = _opt.sort || NoSort
opt.exclude = _opt.exclude || []
}
function findMatches (data, crit, strategy, opt) {
const matches = []
for (let i = 0; i < data.length && matches.length < opt.limit; i++) {
const match = findMatchesInObject(data[i], crit, strategy, opt)
if (match) {
matches.push(match)
}
}
return matches
}
function findMatchesInObject (obj, crit, strategy, opt) {
for (const key in obj) {
if (!isExcluded(obj[key], opt.exclude) && strategy.matches(obj[key], crit)) {
return obj
}
}
}
function isExcluded (term, excludedTerms) {
for (let i = 0, len = excludedTerms.length; i < len; i++) {
const excludedTerm = excludedTerms[i]
if (new RegExp(excludedTerm).test(term)) {
return true
}
}
return false
}
/* globals ActiveXObject:false */
'use strict'
var _$JSONLoader_2 = {
load: load
}
function load (location, callback) {
const xhr = getXHR()
xhr.open('GET', location, true)
xhr.onreadystatechange = createStateChangeListener(xhr, callback)
xhr.send()
}
function createStateChangeListener (xhr, callback) {
return function () {
if (xhr.readyState === 4 && xhr.status === 200) {
try {
callback(null, JSON.parse(xhr.responseText))
} catch (err) {
callback(err, null)
}
}
}
}
function getXHR () {
return window.XMLHttpRequest ? new window.XMLHttpRequest() : new ActiveXObject('Microsoft.XMLHTTP')
}
'use strict'
var _$OptionsValidator_3 = function OptionsValidator (params) {
if (!validateParams(params)) {
throw new Error('-- OptionsValidator: required options missing')
}
if (!(this instanceof OptionsValidator)) {
return new OptionsValidator(params)
}
const requiredOptions = params.required
this.getRequiredOptions = function () {
return requiredOptions
}
this.validate = function (parameters) {
const errors = []
requiredOptions.forEach(function (requiredOptionName) {
if (typeof parameters[requiredOptionName] === 'undefined') {
errors.push(requiredOptionName)
}
})
return errors
}
function validateParams (params) {
if (!params) {
return false
}
return typeof params.required !== 'undefined' && params.required instanceof Array
}
}
'use strict'
var _$utils_9 = {
merge: merge,
isJSON: isJSON
}
function merge (defaultParams, mergeParams) {
const mergedOptions = {}
for (const option in defaultParams) {
mergedOptions[option] = defaultParams[option]
if (typeof mergeParams[option] !== 'undefined') {
mergedOptions[option] = mergeParams[option]
}
}
return mergedOptions
}
function isJSON (json) {
try {
if (json instanceof Object && JSON.parse(JSON.stringify(json))) {
return true
}
return false
} catch (err) {
return false
}
}
var _$src_8 = {};
(function (window) {
'use strict'
let options = {
searchInput: null,
resultsContainer: null,
json: [],
success: Function.prototype,
searchResultTemplate: '<li><a href="{url}" title="{desc}">{title}</a></li>',
templateMiddleware: Function.prototype,
sortMiddleware: function () {
return 0
},
noResultsText: 'No results found',
limit: 10,
fuzzy: false,
debounceTime: null,
exclude: []
}
let debounceTimerHandle
const debounce = function (func, delayMillis) {
if (delayMillis) {
clearTimeout(debounceTimerHandle)
debounceTimerHandle = setTimeout(func, delayMillis)
} else {
func.call()
}
}
const requiredOptions = ['searchInput', 'resultsContainer', 'json']
/* removed: const _$Templater_7 = require('./Templater') */;
/* removed: const _$Repository_4 = require('./Repository') */;
/* removed: const _$JSONLoader_2 = require('./JSONLoader') */;
const optionsValidator = _$OptionsValidator_3({
required: requiredOptions
})
/* removed: const _$utils_9 = require('./utils') */;
window.SimpleJekyllSearch = function (_options) {
const errors = optionsValidator.validate(_options)
if (errors.length > 0) {
throwError('You must specify the following required options: ' + requiredOptions)
}
options = _$utils_9.merge(options, _options)
_$Templater_7.setOptions({
template: options.searchResultTemplate,
middleware: options.templateMiddleware
})
_$Repository_4.setOptions({
fuzzy: options.fuzzy,
limit: options.limit,
sort: options.sortMiddleware,
exclude: options.exclude
})
if (_$utils_9.isJSON(options.json)) {
initWithJSON(options.json)
} else {
initWithURL(options.json)
}
const rv = {
search: search
}
typeof options.success === 'function' && options.success.call(rv)
return rv
}
function initWithJSON (json) {
_$Repository_4.put(json)
registerInput()
}
function initWithURL (url) {
_$JSONLoader_2.load(url, function (err, json) {
if (err) {
throwError('failed to get JSON (' + url + ')')
}
initWithJSON(json)
})
}
function emptyResultsContainer () {
options.resultsContainer.innerHTML = ''
}
function appendToResultsContainer (text) {
options.resultsContainer.innerHTML += text
}
function registerInput () {
options.searchInput.addEventListener('input', function (e) {
if (isWhitelistedKey(e.which)) {
emptyResultsContainer()
debounce(function () { search(e.target.value) }, options.debounceTime)
}
})
}
function search (query) {
if (isValidQuery(query)) {
emptyResultsContainer()
render(_$Repository_4.search(query), query)
}
}
function render (results, query) {
const len = results.length
if (len === 0) {
return appendToResultsContainer(options.noResultsText)
}
for (let i = 0; i < len; i++) {
results[i].query = query
appendToResultsContainer(_$Templater_7.compile(results[i]))
}
}
function isValidQuery (query) {
return query && query.length > 0
}
function isWhitelistedKey (key) {
return [13, 16, 20, 37, 38, 39, 40, 91].indexOf(key) === -1
}
function throwError (message) {
throw new Error('SimpleJekyllSearch --- ' + message)
}
})(window)
}());
</script>
<!-- Configuration -->
<script>
SimpleJekyllSearch({
searchInput: document.getElementById('search-input'),
resultsContainer: document.getElementById('results-container'),
json: '/search.json',
//searchResultTemplate: '<li><a href="https://static.rnmkcy.eu{url}">{date}&nbsp;{title}</a></li>'
searchResultTemplate: '<li><a href="{url}">{date}&nbsp;{title}</a></li>'
})
</script>
<!-- Fin déclaration champ de recherche --></div><nav class="navigation">
2024-11-28 11:42:23 +01:00
<ul><li class="navigation__item"><a href="/archive.html">Etiquettes</a></li><li class="navigation__item"><a href="/htmldoc.html">Documents</a></li><li class="navigation__item"><a href="/liens_ttrss.html">Liens</a></li><li class="navigation__item"><a href="/syntaxe-markdown.html">Aide</a></li></ul>
2024-10-31 20:18:37 +01:00
</nav></div>
</header>
</div><div class="page__content"><div class ="main"><div class="grid grid--reverse">
<div class="col-main cell cell--auto"><!-- start custom main top snippet --><div id="results-container" class="search-result js-search-result"></div><!-- end custom main top snippet -->
<article itemscope itemtype="http://schema.org/Article"><div class="article__header"><header><h1 style="color:Tomato;">Serveur olimex(armhf) Debian 10 Yunohost xoyize.xyz</h1></header></div><meta itemprop="headline" content="Serveur olimex(armhf) Debian 10 Yunohost xoyize.xyz"><div class="article__info clearfix"><ul class="left-col menu"><li>
2024-11-08 14:10:33 +01:00
<a class="button button--secondary button--pill button--sm" style="color:#00FFFF" href="/archive.html?tag=olimex">olimex</a>
2024-10-31 20:18:37 +01:00
</li><li>
2024-11-08 14:10:33 +01:00
<a class="button button--secondary button--pill button--sm" style="color:#00FFFF" href="/archive.html?tag=yunohost">yunohost</a>
2024-10-31 20:18:37 +01:00
</li></ul><ul class="right-col menu"><li>
<i class="far fa-calendar-alt"></i>&nbsp;<span title="Création" style="color:#FF00FF">10&nbsp;nov.&nbsp;&nbsp;2020</span></li></ul></div><meta itemprop="datePublished" content="2020-11-10T00:00:00+01:00">
<meta itemprop="keywords" content="olimex,yunohost"><div class="js-article-content">
<div class="layout--article"><!-- start custom article top snippet -->
<style>
#myBtn {
display: none;
position: fixed;
bottom: 10px;
right: 10px;
z-index: 99;
font-size: 12px;
font-weight: bold;
border: none;
outline: none;
background-color: white;
color: black;
cursor: pointer;
padding: 5px;
border-radius: 4px;
}
#myBtn:hover {
background-color: #555;
}
</style>
<button onclick="topFunction()" id="myBtn" title="Haut de page">&#8679;</button>
<script>
//Get the button
var mybutton = document.getElementById("myBtn");
// When the user scrolls down 20px from the top of the document, show the button
window.onscroll = function() {scrollFunction()};
function scrollFunction() {
if (document.body.scrollTop > 20 || document.documentElement.scrollTop > 20) {
mybutton.style.display = "block";
} else {
mybutton.style.display = "none";
}
}
// When the user clicks on the button, scroll to the top of the document
function topFunction() {
document.body.scrollTop = 0;
document.documentElement.scrollTop = 0;
}
</script>
<!-- end custom article top snippet -->
<div class="article__content" itemprop="articleBody"><details>
<summary><b>Afficher/cacher Sommaire</b></summary>
<!-- affichage sommaire -->
<div class="toc-aside js-toc-root"></div>
</details><h1 id="olimex-a20-olinuxino-micro">Olimex A20-olinuxino-Micro</h1>
<p><a href="https://www.olimex.com/Products/olino/A20/A20-olinuxino-Micro-4GB/resources/A20-olinuxino-Micro.pdf">Documentation olimex</a> <br />
<img src="/images/A20-olinuxino-micro-top.png" alt="A20-olinuxino-Micro" title="Vue de dessus" width="400" /></p>
<p><img src="/images/A20-olinuxino-micro-bottom.png" alt="A20-olinuxino-Micro" title="Vue de dessous" width="300" /></p>
<h2 id="installation-debian-buster">Installation Debian Buster</h2>
<p><img src="/images/debian-buster-logo.png" alt="Texte alternatif" width="100" /></p>
<p><strong>Matériel</strong></p>
<ul>
<li>Carte olimex <a href="https://www.olimex.com/Products/olino/A20/A20-olinuxino-Micro-4GB/">A20-olinuxino-Micro </a></li>
<li>Bloc Alimentation 10V 1A</li>
<li>Dongle Wifi/USB RT5370</li>
<li>Carte micro SD 4GO</li>
<li>SSD 128GO</li>
<li>Batterie Li-ion 3.7v 5000mAh</li>
</ul>
<p><strong>Prérequis</strong></p>
<p class="info">Activer la <strong>DMZ de la Box internet</strong> sur IP 192.168.0.46</p>
<p><strong>SDcard</strong></p>
<p>SDcard créer avec les paquets debian armhf<br />
<a href="http://ftp.uk.debian.org/debian/dists/buster/main/installer-armhf/current/images/netboot/SD-card-images/">Index of /debian/dists/buster/main/installer-armhf/current/images/netboot/SD-card-images/</a></p>
<ol>
<li>Télécharger <strong>firmware.A20-olinuxino-Micro.img.gz</strong> et <strong>partition.img.gz</strong> puis se rendre dans le répertoire contenant les fichiers</li>
<li>Insérer le lecteur USB/SDcard, relever le périphérique par <code class="language-plaintext highlighter-rouge">dmesg</code> , ex /dev/sde</li>
<li>Ecriture image sur la SDcard :<br />
<code class="language-plaintext highlighter-rouge">sudo -s</code> puis <code class="language-plaintext highlighter-rouge">zcat firmware.A20-OLinuXino-MICRO.img.gz partition.img.gz &gt; /dev/sde</code></li>
</ol>
<p><strong>Connexion liaison série</strong></p>
<p>Utilisation module USB/Série <strong>/dev/ttyUSB0</strong> et <strong>minicom</strong> <br />
Insertion carte SD et mise sous tension A20-olinuxino-Micro<br />
Installation :</p>
<ul>
<li>Language C</li>
<li>Europe/France</li>
<li>Hostname : <strong>olino</strong></li>
<li>Domaine :</li>
<li>Miroir : France , deb.debian.org</li>
<li>Http Proxy :</li>
<li>Root/mp : <strong>root/ytreu49</strong></li>
<li>Utilisateur/mp : <strong>oli/oli49</strong></li>
<li>Partionnement
<ul>
<li>SDcard /boot ext2 512M</li>
<li>SSD 128G → / root 123.5G ,swap 4.5Go</li>
</ul>
</li>
<li>software to install : <strong>SSH server</strong> et <strong>standard system utilities</strong></li>
</ul>
<p>A la fin de linstallation,redémarrage</p>
<p>Connexion utilisateur <strong>oli</strong> via liaison USB/Série et <strong>minicom</strong><br />
Passage en super utilisateur<br />
<code class="language-plaintext highlighter-rouge">su</code></p>
<p><strong>Adressage ipv4/ipv6</strong></p>
<p>On relève ladresse donnée par le dhcp</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ip a
</code></pre></div></div>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code> <span class="nb">link</span>/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: &lt;BROADCAST,MULTICAST,UP,LOWER_UP&gt; mtu 1500 qdisc mq state UP group default qlen 1000
<span class="nb">link</span>/ether 02:c2:09:40:f2:2b brd ff:ff:ff:ff:ff:ff
inet 192.168.0.29/24 brd 192.168.0.255 scope global dynamic eth0
valid_lft 43181sec preferred_lft 43181sec
inet6 2a01:e34:eebf:df0:c2:9ff:fe40:f22b/64 scope global dynamic mngtmpaddr
valid_lft 86379sec preferred_lft 86379sec
inet6 fe80::c2:9ff:fe40:f22b/64 scope <span class="nb">link
</span>valid_lft forever preferred_lft forever
</code></pre></div></div>
<p><img src="/images/ipv6.png" alt="ipv6" width="70" /> <br />
La carte nest joignable de linternet que par son adresse IPV6<br />
NextHop Freebox permet dattribuer une adresse IPV6</p>
<p>Prefixe : 2a01:e34:eebf:df3::/64<br />
Next Hop: fe80::c2:9ff:fe40:f22b (fe80::7285:c2ff:fe53:cb80 carte ASRock QC5000M)<br />
Passerelle IPV6 Box : fe80::224:d4ff:fea6:aa20</p>
<p>Modifier interface réseau debian pour ladressage ip static sur IP V4 et V6</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>nano /etc/network/interfaces
</code></pre></div></div>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c"># This file describes the network interfaces available on your system</span>
<span class="c"># and how to activate them. For more information, see interfaces(5).</span>
<span class="nb">source</span> /etc/network/interfaces.d/<span class="k">*</span>
<span class="c"># The loopback network interface</span>
auto lo
iface lo inet loopback
<span class="c"># The primary network interface</span>
allow-hotplug eth0
iface eth0 inet static
address 192.168.0.46
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.254
<span class="c"># This is an autoconfigured IPv6 interface</span>
<span class="c">#iface eth0 inet6 auto</span>
iface eth0 inet6 static
address 2a01:e34:eebf:df3::1
netmask 64
<span class="c"># post-up ip -6 route add default via fe80::224:d4ff:fea6:aa20 dev eth0</span>
</code></pre></div></div>
<ol>
<li><a href="/2018/07/26/NTP-serveur-et-client-systemd-timesyncd.html#utiliser-timesyncd-au-lieu-de-ntp">Utiliser timesyncd au lieu de ntp</a></li>
<li>Installer <strong>sudo</strong> : <code class="language-plaintext highlighter-rouge">apt install sudo</code></li>
<li>Dans la configuration ssh <strong>/etc/ssh/sshd_config</strong><code class="language-plaintext highlighter-rouge">PermitRootLogin yes</code></li>
</ol>
<p class="warning">Eteindre <code class="language-plaintext highlighter-rouge">poweroff</code> puis redémarrer et <u>se connecter via SSH en root</u></p>
<p>Vérifier les adresses IP : <code class="language-plaintext highlighter-rouge">ip a</code></p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>1: lo: &lt;LOOPBACK,UP,LOWER_UP&gt; mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
<span class="nb">link</span>/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: &lt;BROADCAST,MULTICAST,UP,LOWER_UP&gt; mtu 1500 qdisc mq state UP group default qlen 1000
<span class="nb">link</span>/ether 02:c2:09:40:f2:2b brd ff:ff:ff:ff:ff:ff
inet 192.168.0.46/24 brd 192.168.0.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 2a01:e34:eebf:df3::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::c2:9ff:fe40:f22b/64 scope <span class="nb">link
</span>valid_lft forever preferred_lft forever
</code></pre></div></div>
<p>Version linux et debian: <code class="language-plaintext highlighter-rouge">uname -a</code><br />
Linux olino 4.19.0-12-armmp-lpae #1 SMP Debian 4.19.152-1 (2020-10-18) armv7l GNU/Linux<br />
<code class="language-plaintext highlighter-rouge">cat /etc/debian_version</code><br />
10.6</p>
<p>Afficher les erreurs, le journal des logs</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>journalctl -p err
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>-- Logs begin at Tue 2020-11-10 15:33:41 CET, end at Tue 2020-11-10 15:48:31 CET. --
Nov 10 15:33:41 xoyize.xyz kernel: /cpus/cpu@0 missing clock-frequency property
Nov 10 15:33:41 xoyize.xyz kernel: /cpus/cpu@1 missing clock-frequency property
Nov 10 15:33:41 xoyize.xyz blkmapd[202]: open pipe file /run/rpc_pipefs/nfs/blocklayout failed: No such file or dire
</code></pre></div></div>
<p class="warning">Les erreurs ne sont pas critiques (pas de solution)</p>
<h2 id="yunohost-40">Yunohost 4.0</h2>
<p><img src="/images/yunohost.png" alt="ipv6" width="50" /></p>
<h3 id="installation">Installation</h3>
<p>Une fois que vous avez accès à votre serveur (directement ou par SSH)<br />
vous pouvez installer YunoHost en exécutant cette commande en tant que root :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>apt install curl
curl https://install.yunohost.org | bash
</code></pre></div></div>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="o">[</span>...]
<span class="o">===============================================================================</span>
You should now proceed with Yunohost post-installation. This is where you will
be asked <span class="k">for</span> :
- the main domain of your server <span class="p">;</span>
- the administration password.
You can perform this step :
- from the <span class="nb">command </span>line, by running <span class="s1">'yunohost tools postinstall'</span> as root
- or from your web browser, by accessing :
- https://192.168.0.46/ <span class="o">(</span><span class="nb">local </span>IP, <span class="k">if </span>self-hosting at home<span class="o">)</span>
- https://78.235.240.223/ <span class="o">(</span>global IP, <span class="k">if </span>you<span class="s1">'re on a VPS)
If this is your first time with YunoHost, it is strongly recommended to take
time to read the administator documentation and in particular the sections
'</span>Finalizing your setup<span class="s1">' and '</span>Getting to know YunoHost<span class="s1">'. It is available at
the following URL : https://yunohost.org/admindoc
===============================================================================
</span></code></pre></div></div>
<h3 id="post-installation">Post-installation</h3>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>yunohost tools postinstall
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Main domain: xoyize.xyz
You are now about to define a new administration password. The password should be at least 8 characters long—though it is good practice to use a longer password (i.e. a passphrase) and/or to use a variation of characters (uppercase, lowercase, digits and special characters).
New administration password:
Confirm new administration password:
Info: Installing YunoHost...
[...]
Warning: The ssh configuration has been manually modified, but you need to explicitly specify category 'ssh' with --force to actually apply the changes.
Success! YunoHost is now configured
Warning: The post-install completed! To finalize your setup, please consider:
- adding a first user through the 'Users' section of the webadmin (or 'yunohost user create &lt;username&gt;' in command-line);
- diagnose potential issues through the 'Diagnosis' section of the webadmin (or 'yunohost diagnosis run' in command-line);
- reading the 'Finalizing your setup' and 'Getting to know Yunohost' parts in the admin documentation: https://yunohost.org/admindoc.
</code></pre></div></div>
<blockquote>
<p>Le mot de passe root remplacé par celui de ladmin yunohost</p>
</blockquote>
<h3 id="configuration-dns">Configuration DNS</h3>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>yunohost domain dns-conf xoyize.xyz
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Info: This command shows you the *recommended* configuration. It does not actually set up the DNS configuration for you. It is your responsability to configure your DNS zone in your registrar according to this recommendation.
; Basic ipv4/ipv6 records
@ 3600 IN A 78.235.240.223
@ 3600 IN AAAA 2a01:e34:eebf:df3::1
; XMPP
_xmpp-client._tcp 3600 IN SRV 0 5 5222 xoyize.xyz.
_xmpp-server._tcp 3600 IN SRV 0 5 5269 xoyize.xyz.
muc 3600 IN CNAME @
pubsub 3600 IN CNAME @
vjud 3600 IN CNAME @
xmpp-upload 3600 IN CNAME @
; Mail
@ 3600 IN MX 10 xoyize.xyz.
@ 3600 IN TXT "v=spf1 a mx -all"
mail._domainkey 3600 IN TXT "v=DKIM1; h=sha256; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDtZwLVBqwkmtyT5F+nM+znqXPf8uSVUwnVs9EiyPQdF74kqJ4rZ2T23ity/0cfMAs8GSMOAaxmk3wSwAS+cKG7eJfwxlgTJgZ2RjYe2qPmdT24+QHrTACenb6CNFYWxFrI9oq5dowS8odHbSBPxLkxrZj4olTBFTwnmME18VaTGQIDAQAB"
_dmarc 3600 IN TXT "v=DMARC1; p=none"
; Extra
* 3600 IN A 78.235.240.223
* 3600 IN AAAA 2a01:e34:eebf:df3::1
@ 3600 IN CAA 128 issue "letsencrypt.org"
</code></pre></div></div>
<h3 id="dns-ovh">DNS OVH</h3>
<p><img src="/images/dns-logo.png" alt="dns" width="50" /> <img src="/images/OVH-320px-Logo.png" alt="OVH" width="50" /></p>
<p class="warning">Si vous utilisez des sous-domaines de type xxx.xoyize.xyz , vous devez renseigner chaque sous-domaine avec la directive <code class="language-plaintext highlighter-rouge">CNAME</code></p>
<p>Liste des sous-domaines (septembre 2020)</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>dev.xoyize.xyz
searx.xoyize.xyz
</code></pre></div></div>
<p>Modification domaine <strong>xoyize.xyz</strong> pour un accès IPV4/IPV6.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$TTL 3600
@ IN SOA dns106.ovh.net. tech.ovh.net. (2020111001 86400 3600 3600000 300)
IN NS dns106.ovh.net.
IN NS ns106.ovh.net.
IN MX 10 xoyize.xyz.
IN A 78.235.240.223
IN AAAA 2a01:e34:eebf:df3::1
IN CAA 128 issue "letsencrypt.org"
600 IN TXT "v=spf1 a mx -all"
_dmarc IN TXT "v=DMARC1; p=none"
_xmpp-client._tcp IN SRV 0 5 5222 xoyize.xyz.
_xmpp-server._tcp IN SRV 0 5 5269 xoyize.xyz.
dev IN CNAME xoyize.xyz.
mail._domainkey IN TXT ( "v=DKIM1;h=sha256;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDtZwLVBqwkmtyT5F+nM+znqXPf8uSVUwnVs9EiyPQdF74kqJ4rZ2T23ity/0cfMAs8GSMOAaxmk3wSwAS+cKG7eJfwxlgTJgZ2RjYe2qPmdT24+QHrTACenb6CNFYWxFrI9oq5dowS8odHbSBPxLkxrZj4olTBFTwnmME18VaTGQIDAQAB;" )
muc IN CNAME xoyize.xyz.
pubsub IN CNAME xoyize.xyz.
vjud IN CNAME xoyize.xyz.
xmpp-upload IN CNAME xoyize.xyz.
</code></pre></div></div>
<h3 id="créer-un-utilisateur-yunohost">Créer un utilisateur (yunohost)</h3>
<p>Accès administration web <a href="https://xoyize.xyz/yunohost/admin/#/login">https://xoyize.xyz/yunohost/admin/#/login</a> avec message de sécurité (certificats SSL auto signés) <br />
En ligne de commande</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>yunohost user create yak
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>First name: yak
Last name: xoyi
E-mail address: yak@xoyize.xyz
You are now about to define a new user password. The password should be at least 8 characters long—though it is good practice to use a longer password (i.e. a passphrase) and/or to a variation of characters (uppercase, lowercase, digits and special characters).
Password:
Confirm password:
Success! User created
fullname: yak xoyi
mail: yak@xoyize.xyz
username: yak
</code></pre></div></div>
<h3 id="certificats-ssl">Certificats SSL</h3>
<p>Installer un certificat Lets Encrypt en ligne de commande</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>yunohost domain cert-install --no-checks
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>[...]
Info : Certificate signed!
Success! Configuration updated for 'nginx'
Success! Let's Encrypt certificate now installed for the domain 'xoyize.xyz'
</code></pre></div></div>
<h3 id="openssh---clés">OpenSSH - clés</h3>
<p><img src="/images/ssh_logo1.png" alt="OpenSSH" width="100" /></p>
<p class="info">On va utiliser <strong>admin</strong> pour les connexions SSH</p>
<p><strong>connexion avec clé</strong><br />
<u>sur l'ordinateur de bureau</u>
Générer une paire de clé curve25519-sha256 (ECDH avec Curve25519 et SHA2) nommé <strong>xoyize-ed25519</strong> pour une liaison SSH avec le serveur KVM.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ssh-keygen -t ed25519 -o -a 100 -f ~/.ssh/xoyize-ed25519
</code></pre></div></div>
<p>Envoyer la clé publique sur le serveur KVM</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>scp ~/.ssh/xoyize-ed25519.pub admin@192.168.0.46:/home/admin/
</code></pre></div></div>
<p><u>sur le serveur KVM</u>
On se connecte</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ssh admin@192.168.0.46
</code></pre></div></div>
<p>Copier le contenu de la clé publique dans /home/$USER/.ssh/authorized_keys</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>cd ~
</code></pre></div></div>
<p>Sur le KVM ,créer un dossier .ssh</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">mkdir</span> <span class="nt">-p</span> .ssh
<span class="nb">cat</span> <span class="nv">$HOME</span>/xoyize-ed25519.pub <span class="o">&gt;&gt;</span> <span class="nv">$HOME</span>/.ssh/authorized_keys
</code></pre></div></div>
<p>et donner les droits</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>chmod 600 $HOME/.ssh/authorized_keys
</code></pre></div></div>
<p>effacer le fichier de la clé</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>rm $HOME/xoyize-ed25519.pub
</code></pre></div></div>
<p>Modifier la configuration serveur SSH <strong>/etc/ssh/sshd_config</strong></p>
<p>Port = 55035 # changement numéro port , facultatif<br />
PermitRootLogin no<br />
PasswordAuthentication no # Utilise la clé comme authentification</p>
<p>Relancer openSSH</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo systemctl restart sshd
</code></pre></div></div>
<p>Modifier le parefeu, ouvrir le port 55035 et fermer le port 22</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo yunohost firewall allow TCP 55035
sudo yunohost firewall disallow TCP 22
</code></pre></div></div>
<p>Accès depuis le poste distant avec la clé privée</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ssh -p 55035 -i ~/.ssh/xoyize-ed25519 admin@192.168.0.46
</code></pre></div></div>
<h3 id="outils-motd-ssh_rc_bash--journalctl">Outils, motd, ssh_rc_bash , journalctl</h3>
<p><img src="/images/bash-logo.png" alt="" width="100" /></p>
<p>Installer utilitaires</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo apt install tmux figlet dnsutils net-tools tree -y
</code></pre></div></div>
<p>Motd</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo rm /etc/motd &amp;&amp; sudo nano /etc/motd
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code> _ _
___ | |(_) _ __ ___ __ __ __ _ _ _ _ __
/ _ \| || || ' \ / -_)\ \ / / _` || '_|| ' \
\___/|_||_||_|_|_|\___|/_\_\ \__,_||_| |_|_|_|
__ __ ___ _ _ (_) ___ ___ __ __ _ _ ___
\ \ // _ \| || || ||_ // -_) _ \ \ /| || ||_ /
/_\_\\___/ \_, ||_|/__|\___|(_)/_\_\ \_, |/__|
|__/ |__/
</code></pre></div></div>
<p>Script ssh_rc_bash</p>
<blockquote>
<p>ATTENTION!!! Les scripts sur connexion peuvent poser des problèmes pour des appels externes autres que ssh</p>
</blockquote>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>wget https://static.xoyaz.xyz/files/ssh_rc_bash
chmod +x ssh_rc_bash # rendre le bash exécutable
./ssh_rc_bash # exécution
</code></pre></div></div>
<p><img src="/images/xoyize-olimex.png" alt="" /></p>
<p><strong>journalctl</strong> : Ajout utilisateur courant au groupe systemd-journal et adm</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo gpasswd -a $USER systemd-journal
sudo gpasswd -a $USER adm
</code></pre></div></div>
<p>Lignes non tronquées ,ajouter au fichier ~/.bashrc</p>
<p>echo “export SYSTEMD_LESS=FRXMK journalctl” » $HOME/.bashrc</p>
<p><strong>Historique de la ligne de commande</strong><br />
Ajoutez la recherche dhistorique de la ligne de commande au terminal.
Tapez un début de commande précédent, puis utilisez shift + up (flèche haut) pour rechercher lhistorique filtré avec le début de la commande.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code># Global, tout utilisateur
echo '"\e[1;2A": history-search-backward' | sudo tee -a /etc/inputrc
echo '"\e[1;2B": history-search-forward' | sudo tee -a /etc/inputrc
</code></pre></div></div>
<p>Prise en compte après déconnexion/reconnexion</p>
<h2 id="nfs">NFS</h2>
<p><img src="/images/nfs-new-logo.png" alt="" width="50" /><br />
<em>NFS (Network File System) est un protocole qui permet daccéder à des fichiers via le réseau. Il est basé sur le protocole RPC (Remote Procedure Call). Les clients montent la partition de la machine distante comme si cétait un disque local.</em></p>
<p>En mode su</p>
<h3 id="serveur">Serveur</h3>
<p><strong>Installation serveur NFS</strong></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo -s
apt install nfs-kernel-server
</code></pre></div></div>
<p>Vérification de linstallation</p>
<p>Exécuter rpcinfo pour confirmer que le serveur est lancé, et accepte les requêtes sur le port 2049 (UDP et TCP).</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>rpcinfo -p | grep nfs
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code> 100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100003 3 udp 2049 nfs
</code></pre></div></div>
<p>Vérifier que le système supporte effectivement NFS:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>cat /proc/filesystems | grep nfs
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>nodev nfs
</code></pre></div></div>
<p>Si la commande précédente ne renvoie rien, il se peut que le module NFS ne soit pas chargé, auquel cas, il faut le charger <code class="language-plaintext highlighter-rouge">modprobe nfs</code> <br />
Enfin, vérifions que portmap attend les instructions sur le port 111</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>rpcinfo -p | grep portmap
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code> 100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
</code></pre></div></div>
<p><strong>Sécurisation NFS</strong></p>
<p><img src="/images/nfs-new-logo.png" alt="" width="40" /></p>
<p>Le protocole RPC na pas la réputation dêtre bien sécurisé, mais la version 4 de NFS entend corriger ce problème, elle est donc à privilégier. Il est déconseillé deffectuer un partage NFS via internet, ou bien dans ce cas, opter pour un tunnel crypté.</p>
<ul>
<li>Sassurer que les partages sont réservés à certaines IP dans /etc/exports</li>
<li>Sappuyer sur rpcbind (/etc/hosts.deny et /etc/hosts.allow) pour sécuriser laccès au serveur NFS</li>
<li>Configurer convenablement iptables</li>
</ul>
<p><strong>hosts.deny , hosts.allow</strong><br />
Tout le monde est interdit, puis le LAN est autorisé:</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">echo</span> <span class="s2">"rpcbind mountd nfsd statd lockd rquotad : ALL"</span> <span class="o">&gt;&gt;</span> /etc/hosts.deny
<span class="nb">echo</span> <span class="s2">"rpcbind mountd nfsd statd lockd rquotad: 192.168.0."</span> <span class="o">&gt;&gt;</span> /etc/hosts.allow
</code></pre></div></div>
<p><strong>iptables (NFS)</strong><br />
Par défaut, les différents services NFS (lockd, statd, mountd, etc.) demandent des assignations de ports aléatoires à partir du portmapper (portmap/rpcbind), ce qui signifie que la plupart des administrateurs doivent ouvrir une gamme de ports dans leur base de règles de pare-feu pour que NFS fonctionne.</p>
<p>Il va donc falloir fixer les ports de ces services afin de créer les règles iptables.</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">echo</span> <span class="s1">'STATDOPTS="--port 32765 --outgoing-port 32766"'</span> <span class="o">&gt;&gt;</span> /etc/default/nfs-common
<span class="nb">echo</span> <span class="s1">'RPCMOUNTDOPTS="-p 32767"'</span> <span class="o">&gt;&gt;</span> /etc/default/nfs-kernel-server
<span class="nb">echo</span> <span class="s1">'RPCRQUOTADOPTS="-p 32769"'</span> <span class="o">&gt;&gt;</span> /etc/default/quota
</code></pre></div></div>
<p>Relance sysctl</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sysctl --system
</code></pre></div></div>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">*</span> Applying /etc/sysctl.d/99-sysctl.conf ...
<span class="k">*</span> Applying /etc/sysctl.d/protect-links.conf ...
fs.protected_hardlinks <span class="o">=</span> 1
fs.protected_symlinks <span class="o">=</span> 1
<span class="k">*</span> Applying /etc/sysctl.conf ...
</code></pre></div></div>
<p>Relancer le service</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>systemctl restart nfs-kernel-server
</code></pre></div></div>
<p><strong>NFS - iptables</strong></p>
<p>Ajout des règles firewall en utilisant le “hook” yunohost <code class="language-plaintext highlighter-rouge">post_iptable_rules</code></p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">mkdir</span> <span class="nt">-p</span> /etc/yunohost/hooks.d/post_iptable_rules
<span class="nb">touch</span> /etc/yunohost/hooks.d/post_iptable_rules/95-nfs-iptables
<span class="nb">chmod</span> +x /etc/yunohost/hooks.d/post_iptable_rules/95-nfs-iptables
</code></pre></div></div>
<p>Bash pour ajout des régles iptables</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>nano /etc/yunohost/hooks.d/post_iptable_rules/95-nfs-iptables
</code></pre></div></div>
<p>Voici les règles à fixer dans le parefeu</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c">#!/bin/bash</span>
iptables <span class="nt">-A</span> INPUT <span class="nt">-s</span> 192.168.0.0/24 <span class="nt">-p</span> tcp <span class="nt">-m</span> multiport <span class="nt">--ports</span> 111,2049,32764:32769 <span class="nt">-j</span> ACCEPT <span class="nt">-m</span> comment <span class="nt">--comment</span> <span class="s2">"NFS Server"</span>
iptables <span class="nt">-A</span> INPUT <span class="nt">-s</span> 192.168.0.0/24 <span class="nt">-p</span> udp <span class="nt">-m</span> multiport <span class="nt">--ports</span> 111,2049,32764:32769 <span class="nt">-j</span> ACCEPT <span class="nt">-m</span> comment <span class="nt">--comment</span> <span class="s2">"NFS Server"</span>
<span class="nb">exit </span>0
</code></pre></div></div>
<p>Vérifier la création du hook</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>yunohost hook list post_iptable_rules
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>hooks: nfs-iptables
</code></pre></div></div>
<p>Droits</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>chmod +x /etc/yunohost/hooks.d/post_iptable_rules/95-nfs-iptables
</code></pre></div></div>
<p>Exécution manuelle du hook et vérification</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>/etc/yunohost/hooks.d/post_iptable_rules/95-nfs-iptables
iptables -L
</code></pre></div></div>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="o">[</span>...]
ACCEPT tcp <span class="nt">--</span> 192.168.0.0/24 anywhere multiport ports sunrpc,nfs,32764:32769 /<span class="k">*</span> NFS Server <span class="k">*</span>/
ACCEPT udp <span class="nt">--</span> 192.168.0.0/24 anywhere multiport ports sunrpc,nfs,32764:32769 /<span class="k">*</span> NFS Server <span class="k">*</span>/
<span class="o">[</span>...]
</code></pre></div></div>
<h3 id="autofs">Autofs</h3>
<p>En mode su</p>
<p>Installer <strong>autofs</strong> pour un accès aux dossiers de la machine <em>yannick-pc</em></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>apt install autofs
</code></pre></div></div>
<p>Déclarer <em>yannick-pc</em> dans <code class="language-plaintext highlighter-rouge">/etc/hosts</code> , en ajoutant au fichier</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>192.168.0.28 yannick-pc
</code></pre></div></div>
<p>Les partages disponibles</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>showmount -e yannick-pc
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Export list for yannick-pc:
/srv/hdd2g/data/devel 192.168.0.0/24
/srv/hdd2g/data/borg-backups 192.168.0.0/24
/home/yannick/Partage 192.168.0.0/24
</code></pre></div></div>
<p>Déclaration des répertoires parents de montages et de leur types</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>nano /etc/auto.master
</code></pre></div></div>
<p>Oter le commentaire de la ligne suivante</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>/net -hosts
</code></pre></div></div>
<p>Redémarrer le service</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>systemctl restart autofs
</code></pre></div></div>
<p>Créer un groupe <em>utilisateurs</em> avec id 985 (équivalent au groupe <em>users</em> sous archlinux)</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo groupadd --gid 985 utilisateurs
</code></pre></div></div>
<p>Visualiser, par exemple, le dossier partage de <em>yannick-pc</em></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ls /net/yannick-pc/home/yannick/Partage
</code></pre></div></div>
<h2 id="setgid-partage">SetGID partage</h2>
<p><strong>Configurer le partage NFS avec SetGID</strong></p>
<p>Créer un dossier qui sera partagé sur le réseau local :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo mkdir -p /xoyipart
</code></pre></div></div>
<p>Nous devons configurer SetGID dans ce répertoire, comme indiqué ci-dessous.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo chmod 2775 /xoyipart
</code></pre></div></div>
<p>Cela a également défini les autorisations 775 sur le répertoire, de sorte que lutilisateur racine et le groupe défini disposent dautorisations complètes. Le 2 permet setgid.</p>
<p>Ensuite, nous créons un groupe appelé local et modifions le répertoire /xoyipart afin que le propriétaire du groupe soit ce groupe local.<br />
Nous spécifions également manuellement le GID qui sera utilisé pour le groupe en tant que 9999; il doit sagir dun <u>numéro libre sur votre client et votre serveur</u>.</p>
<p>Exécuter <code class="language-plaintext highlighter-rouge">groupadd</code> sur le client et sur le serveur, et ajouter un (ou plusieurs) utilisateur à ce groupe.</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">sudo </span>groupadd <span class="nt">-g</span> 9999 <span class="nb">local</span> <span class="c"># sur client et serveur</span>
<span class="c"># ajout utilisateur au groupe</span>
<span class="nb">sudo </span>usermod <span class="nt">-a</span> <span class="nt">-G</span> <span class="nb">local</span> <span class="nv">$USER</span> <span class="c"># sur client et serveur</span>
<span class="nb">sudo chgrp local</span> /xoyipart <span class="c"># serveur uniquement</span>
</code></pre></div></div>
<blockquote>
<p>NE PAS OUBLIER DE SE DECONNECTER/CONNECTER</p>
</blockquote>
<p>Nous pouvons confirmer que setgid est en place, comme indiqué ci-dessous, où le bit dexécution pour les autorisations de groupe est une minuscule. Cela passera à une majuscule S si le groupe ne dispose pas de lautorisation dexécution et que seul setgid est en place.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ls -la /xoyipart/
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>[...]
drwxrwsr-x 2 root local 4096 Nov 10 12:22 .
[...]
</code></pre></div></div>
<p><strong>Dossier partage /xoyipart/</strong></p>
<p>indiquer au serveur les répertoires qui seront partagés, les machines qui y auront accès et les conditions de ce partage.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo nano /etc/exports
</code></pre></div></div>
<p>Ajouter en fin de fichier <strong>/etc/exports</strong></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>/xoyipart 192.168.0.0/24(rw,sync,no_subtree_check,no_root_squash)
</code></pre></div></div>
<p>Exporter</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo exportfs -ar
</code></pre></div></div>
<p>Pour vérifier que lexport a bien eu lieu, taper sur le serveur NFS la commande :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo showmount -e
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Export list for xoyize.xyz:
/xoyipart 192.168.0.0/24
</code></pre></div></div>
<p class="info">Désormais, tous les fichiers ou répertoires créés dans <code class="language-plaintext highlighter-rouge">/xoyipart</code> se verront automatiquement attribuer le propriétaire du groupe <em>local</em>, ce qui permettra essentiellement la collaboration de groupe, car tout utilisateur appartenant au groupe <em>local</em> pourra désormais accéder aux fichiers créés par dautres utilisateurs du même groupe dans le répertoire <code class="language-plaintext highlighter-rouge">/xoyipart</code></p>
<h2 id="batterie">Batterie</h2>
<p>La carte dispose dune batterie LiIon en cas de coupure de lalimentation secteur<br />
Pour voir les détails</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>find /sys/class/power_supply/axp20x-battery/ -type f | xargs -tn1 cat
</code></pre></div></div>
<p>Pour résumer</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>cat /sys/class/power_supply/axp20x-battery/uevent
</code></pre></div></div>
<p>Batterie en charge</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nv">POWER_SUPPLY_NAME</span><span class="o">=</span>axp20x-battery
<span class="nv">POWER_SUPPLY_PRESENT</span><span class="o">=</span>1
<span class="nv">POWER_SUPPLY_ONLINE</span><span class="o">=</span>1
<span class="nv">POWER_SUPPLY_STATUS</span><span class="o">=</span>Charging
<span class="nv">POWER_SUPPLY_VOLTAGE_NOW</span><span class="o">=</span>4202000
<span class="nv">POWER_SUPPLY_CURRENT_NOW</span><span class="o">=</span>209000
<span class="nv">POWER_SUPPLY_CONSTANT_CHARGE_CURRENT</span><span class="o">=</span>1200000
<span class="nv">POWER_SUPPLY_CONSTANT_CHARGE_CURRENT_MAX</span><span class="o">=</span>1200000
<span class="nv">POWER_SUPPLY_HEALTH</span><span class="o">=</span>Good
<span class="nv">POWER_SUPPLY_VOLTAGE_MAX_DESIGN</span><span class="o">=</span>4200000
<span class="nv">POWER_SUPPLY_VOLTAGE_MIN_DESIGN</span><span class="o">=</span>2900000
<span class="nv">POWER_SUPPLY_CAPACITY</span><span class="o">=</span>99
</code></pre></div></div>
<p>Batterie chargée</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nv">POWER_SUPPLY_NAME</span><span class="o">=</span>axp20x-battery
<span class="nv">POWER_SUPPLY_PRESENT</span><span class="o">=</span>1
<span class="nv">POWER_SUPPLY_ONLINE</span><span class="o">=</span>1
<span class="nv">POWER_SUPPLY_STATUS</span><span class="o">=</span>Not charging
<span class="nv">POWER_SUPPLY_VOLTAGE_NOW</span><span class="o">=</span>4141000
<span class="nv">POWER_SUPPLY_CURRENT_NOW</span><span class="o">=</span>0
<span class="nv">POWER_SUPPLY_CONSTANT_CHARGE_CURRENT</span><span class="o">=</span>1200000
<span class="nv">POWER_SUPPLY_CONSTANT_CHARGE_CURRENT_MAX</span><span class="o">=</span>1200000
<span class="nv">POWER_SUPPLY_HEALTH</span><span class="o">=</span>Good
<span class="nv">POWER_SUPPLY_VOLTAGE_MAX_DESIGN</span><span class="o">=</span>4200000
<span class="nv">POWER_SUPPLY_VOLTAGE_MIN_DESIGN</span><span class="o">=</span>2900000
<span class="nv">POWER_SUPPLY_CAPACITY</span><span class="o">=</span>98
</code></pre></div></div>
<p>En cas de coupure<br />
Batterie en décharge</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>cat /sys/class/power_supply/axp20x-battery/uevent
</code></pre></div></div>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nv">POWER_SUPPLY_NAME</span><span class="o">=</span>axp20x-battery
<span class="nv">POWER_SUPPLY_PRESENT</span><span class="o">=</span>1
<span class="nv">POWER_SUPPLY_ONLINE</span><span class="o">=</span>1
<span class="nv">POWER_SUPPLY_STATUS</span><span class="o">=</span>Discharging
<span class="nv">POWER_SUPPLY_VOLTAGE_NOW</span><span class="o">=</span>3862000
<span class="nv">POWER_SUPPLY_CURRENT_NOW</span><span class="o">=</span>523000
<span class="nv">POWER_SUPPLY_CONSTANT_CHARGE_CURRENT</span><span class="o">=</span>1200000
<span class="nv">POWER_SUPPLY_CONSTANT_CHARGE_CURRENT_MAX</span><span class="o">=</span>1200000
<span class="nv">POWER_SUPPLY_HEALTH</span><span class="o">=</span>Good
<span class="nv">POWER_SUPPLY_VOLTAGE_MAX_DESIGN</span><span class="o">=</span>4200000
<span class="nv">POWER_SUPPLY_VOLTAGE_MIN_DESIGN</span><span class="o">=</span>2900000
<span class="nv">POWER_SUPPLY_CAPACITY</span><span class="o">=</span>82
</code></pre></div></div>
<h2 id="tests-sur-le-serveur">Tests sur le serveur</h2>
<h4 id="vérifications-dns---wireguard">Vérifications DNS - wireguard</h4>
<p>Les commandes suivantes ne fonctionneront que si le paquet “dnsutils” est installé sur votre système Debian!</p>
<p>On teste en utilisant les serveurs DNS locaux, les 3 commandes suivantes ont le même résultat</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>dig @127.0.0.1 afnic.fr +short +dnssec
dig @10.55.22.1 afnic.fr +short +dnssec
dig @fd87:9aa8:e67c:5a80::1 afnic.fr +short +dnssec
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>192.134.5.37
A 13 2 600 20200608204052 20200509084949 30435 afnic.fr. eVchVAseJD5n8W7U8okAz546Ix33hOCqRF7wLrhUV+sOTkwyXo7EwAut k/rN8wsPVpTnTpFyQLKdBTuOpx2UxA==
</code></pre></div></div>
<h4 id="propagation-dns">Propagation DNS</h4>
<p><a href="https://www.whatsmydns.net">https://www.whatsmydns.net</a><br />
<img src="/images/propagationdns-xoyize.xyz-01.png" alt="" width="300" /> <img src="/images/propagationdns-xoyize.xyz-02.png" alt="" width="300" /> <img src="/images/propagationdns-xoyize.xyz-03.png" alt="" width="300" /></p>
<h4 id="messagerie">Messagerie</h4>
<p>Vérification messagerie <a href="https://mecsa.jrc.ec.europa.eu/fr/">https://mecsa.jrc.ec.europa.eu/fr/</a><br />
<img src="/images/messagerie-xoyize.xyz.png" alt="" width="600" /></p>
<h4 id="dns-blacklisting">DNS blacklisting</h4>
<p><a href="https://www.dnsbl.info/dnsbl-database-check.php">https://www.dnsbl.info/dnsbl-database-check.php</a><br />
<img src="/images/dnsbl-xoyize.xyz.png" alt="" width="600" /></p>
<h4 id="vulnérabilités">Vulnérabilités</h4>
<p><a href="https://www.ssllabs.com/ssltest/analyze.html">https://www.ssllabs.com/ssltest/analyze.html</a></p>
<p>SSL Report: xoyize.xyz (78.235.240.223)<br />
<img src="/images/ssllabs-xoyize.xyz-01.png" alt="Texte alternatif" width="500" /></p>
<p>SSL Report: xoyize.xyz (2a01:e34:eebf:df3::1)<br />
<img src="/images/ssllabs-xoyize.xyz-02.png" alt="Texte alternatif" width="500" /></p>
<p>Vérifier les ports ouverts depuis un poste linux</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>nmap xoyize.xyz
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Starting Nmap 7.70 ( https://nmap.org ) at 2020-10-26 14:15 CET
Nmap scan report for xoyize.xyz (78.235.240.223)
Host is up (0.099s latency).
Other addresses for xoyize.xyz (not scanned): 2a01:e34:eebf:df3::1
Not shown: 991 filtered ports
PORT STATE SERVICE
25/tcp open smtp
53/tcp open domain
80/tcp open http
443/tcp open https
587/tcp open submission
993/tcp open imaps
5222/tcp open xmpp-client
5269/tcp open xmpp-server
9091/tcp closed xmltec-xmlmail
</code></pre></div></div>
<h2 id="gestion-onduleur-usb">Gestion onduleur USB</h2>
<h3 id="matériel">Matériel</h3>
<div class="item">
<div class="item__image">
<img class="image" src="/images/eaton-logo.png" /><br />
<img class="image" src="/images/onduleur-eaton.png" />
</div>
<div class="item__content">
<div class="item__header">
<h4>Eaton Protection Station 800 USB</h4>
</div>
<div class="item__description">
<table>
<thead>
<tr>
<th>No</th>
<th>Eaton Protection Station - 650/800</th>
</tr>
</thead>
<tbody>
<tr>
<td>7</td>
<td>4 prises filtrées.</td>
</tr>
<tr>
<td>8</td>
<td>4 prises secourues par batterie.</td>
</tr>
<tr>
<td>9</td>
<td>Voyant allumé, protection anti-surtensions active sur les 8 prises.</td>
</tr>
<tr>
<td>10</td>
<td>Voyant allumé, défaut de l'Alimentation Sans Interruption.</td>
</tr>
<tr>
<td>11</td>
<td>Bouton de mise en service ou d'arrêt des prises secourues.</td>
</tr>
<tr>
<td>12</td>
<td>Disjoncteur de protection.</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<p><a href="https://blog.garamotte.net/posts/2020/11/01/fr-monitoring-an-ups.html">Supervision dun onduleur</a></p>
<p>Passer en mode su</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo -s
</code></pre></div></div>
<p>Connecter londuleur liaison USB sur un port disponible du serveur , vérifier par <code class="language-plaintext highlighter-rouge">dmesg</code></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>dmesg | grep -i eaton
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>[2746558.690022] usb 4-1: Manufacturer: EATON
[2746560.889094] hid-generic 0003:0463:FFFF.0002: hiddev0,hidraw0: USB HID v10.10 Device [EATON Protection Station] on usb-1c1c400.usb-1/input0
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>lsusb | grep -i ups
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Bus 004 Device 003: ID 0463:ffff MGE UPS Systems UPS
</code></pre></div></div>
<p>Déterminer le numéro de série</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code> udevadm info --attribute-walk --name=/dev/usb/hiddev0 | egrep 'manufacturer|product|serial'
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code> ATTRS{serial}=="AN2E49008"
ATTRS{manufacturer}=="EATON"
ATTRS{product}=="Protection Station"
ATTRS{serial}=="1c1c400.usb"
ATTRS{product}=="Generic Platform OHCI controller"
ATTRS{manufacturer}=="Linux 4.19.0-11-armmp-lpae ohci_hcd"
</code></pre></div></div>
<h3 id="apc-ups-apcupsd">APC UPS (apcupsd)</h3>
<p>Installation</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo apt install apcupsd # debian
sudo systemctl stop apcupsd.service # arrêt pour paramétrer
</code></pre></div></div>
<h3 id="serveur-1">Serveur</h3>
<p>Configurer APC - apcupsd.conf</p>
<p>Le fichier de configuration principal du démon APC UPS se trouve dans <code class="language-plaintext highlighter-rouge">/etc/apcupsd/apcupsd.conf</code>
Les lignes de texte sont modifiées pour prendre en charge un câble de style USB:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo nano /etc/apcupsd/apcupsd.conf
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>## apcupsd.conf v1.1 ##
#
UPSCABLE usb
UPSTYPE usb
DEVICE
[...]
# If during a power failure, the remaining battery percentage
# (as reported by the UPS) is below or equal to BATTERYLEVEL,
# apcupsd will initiate a system shutdown.
BATTERYLEVEL 15
# If during a power failure, the remaining runtime in minutes
# (as calculated internally by the UPS) is below or equal to MINUTES,
# apcupsd, will initiate a system shutdown.
MINUTES 5
[...]
# NETSERVER [ on | off ] on enables, off disables the network
# information server. If netstatus is on, a network information
# server process will be started for serving the STATUS and
# EVENT data over the network (used by CGI programs).
NETSERVER on
# NISIP &lt;dotted notation ip address&gt;
# IP address on which NIS server will listen for incoming connections.
# This is useful if your server is multi-homed (has more than one
# network interface and IP address). Default value is 0.0.0.0 which
# means any incoming request will be serviced. Alternatively, you can
# configure this setting to any specific IP address of your server and
# NIS will listen for connections only on that interface. Use the
# loopback address (127.0.0.1) to accept connections only from the
# local machine.
NISIP 192.168.0.46
</code></pre></div></div>
<p>Le fichier <code class="language-plaintext highlighter-rouge">/etc/apcupsd/hosts.conf</code> contient les ordinateurs protégés par cet onduleur</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code># Network UPS Tools - hosts.conf
#
# This file does double duty - it lists the systems that multimon will
# monitor, and also specifies the systems that upsstats is allowed to
# watch. It keeps people from feeding random addresses to upsstats,
# among other things. upsimage also uses this file to know who it
# may speak to. upsfstats too.
#
# Usage: list systems running upsd that you want to monitor
#
# MONITOR &lt;address&gt; "&lt;host description&gt;"
#
MONITOR 127.0.0.1 "Local Host"
MONITOR 192.168.0.46 "Serveur xoyize.xyz"
MONITOR 10.0.3.19 "Container LXC Debian"
MONITOR 192.168.0.28 "Poste archlinux"
</code></pre></div></div>
<p>Le fichier <code class="language-plaintext highlighter-rouge">/etc/default/apcupsd</code></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code># Defaults for apcupsd initscript (unused with systemd as init).
# Set to "yes" to enable startup of apcupsd.
ISCONFIGURED=yes
</code></pre></div></div>
<p><strong>debian</strong> , démarrez apcupsd.service</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo systemctl start apcupsd.service
</code></pre></div></div>
<p>Ensuite, attendez environ une minute et vérifiez que le démon fonctionne et surveille correctement la batterie:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo apcaccess status
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>APC : 001,028,0683
DATE : 2020-11-10 16:07:39 +0100
HOSTNAME : xoyize.xyz
VERSION : 3.14.14 (31 May 2016) debian
UPSNAME : xoyize.xyz
CABLE : USB Cable
DRIVER : USB UPS Driver
UPSMODE : Stand Alone
STARTTIME: 2020-11-02 14:18:32 +0100
MODEL : Protection Station
STATUS : ONLINE
LOADPCT : 22.0 Percent
BCHARGE : 100.0 Percent
TIMELEFT : 12.2 Minutes
MBATTCHG : 15 Percent
MINTIMEL : 5 Minutes
MAXTIME : 0 Seconds
OUTPUTV : 230.0 Volts
DWAKE : -1 Seconds
LOTRANS : 184.0 Volts
HITRANS : 264.0 Volts
ALARMDEL : 30 Seconds
NUMXFERS : 0
TONBATT : 0 Seconds
CUMONBATT: 0 Seconds
XOFFBATT : N/A
STATFLAG : 0x05000008
SERIALNO : AN2E49008
END APC : 2020-11-02 14:19:00 +0100
</code></pre></div></div>
<p>Pour tester londuleur</p>
<ol>
<li>Modifiez TIMEOUT de 0 à 1 dans le fichier <code class="language-plaintext highlighter-rouge">/etc/apcupsd/apcupsd.conf</code></li>
<li>Coupez lalimentation murale de londuleur.</li>
<li>Observez que votre box Linux séteint rapidement.</li>
<li>Rebranchez londuleur</li>
<li>Allumez votre box Linux.</li>
<li>Remplacez TIMEOUT de 1 à 0 dans le fichier /etc/apcupsd/apcupsd.conf</li>
</ol>
<h3 id="règles-iptables">Règles iptables</h3>
<p>Pour le client puisse communiquer , il faut ouvrir le port 3351 uniquement pour le réseau local</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo nano /etc/yunohost/hooks.d/post_iptable_rules/96-apcups-iptables
</code></pre></div></div>
<p>Voici les règles à fixer dans le parefeu</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c">#!/bin/bash</span>
iptables <span class="nt">-A</span> INPUT <span class="nt">-s</span> 192.168.0.0/24 <span class="nt">-p</span> tcp <span class="nt">--dport</span> 3551 <span class="nt">-j</span> ACCEPT <span class="nt">-m</span> comment <span class="nt">--comment</span> <span class="s2">"APCUPS"</span>
<span class="nb">exit </span>0
</code></pre></div></div>
<p>Droits en exécution</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo chmod +x /etc/yunohost/hooks.d/post_iptable_rules/96-apcups-iptables
</code></pre></div></div>
<p>Vérifier la création du hook</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo yunohost hook list post_iptable_rules
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>hooks:
- nfs-iptables
- apcups-iptables
</code></pre></div></div>
<p>Exécution manuelle du hook et vérification</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo -s
/etc/yunohost/hooks.d/post_iptable_rules/96-apcups-iptables
iptables -L
</code></pre></div></div>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="o">[</span>...]
ACCEPT tcp <span class="nt">--</span> 192.168.0.0/24 anywhere tcp dpt:3551 /<span class="k">*</span> APCUPS <span class="k">*</span>/
<span class="o">[</span>...]
</code></pre></div></div>
<h3 id="poste-client">Poste Client</h3>
<p>Accès onduleur (connecté sur le <strong>serveur</strong>) depuis un poste <strong>client</strong> sur le réseau<br />
Installer apcupsd sur le client</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo apt install apcupsd
systemctl stop apcupsd.service # pour configurer
</code></pre></div></div>
<p>Edition fichier <code class="language-plaintext highlighter-rouge">/etc/apcupsd/apcupsd.conf</code></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>UPSCABLE usb
UPSTYPE net
# The default port for apcupsd is 3551
DEVICE 192.168.1.46:3551
[...]
# POLLTIME &lt;int&gt;
# Interval (in seconds) at which apcupsd polls the UPS for status. This
# setting applies both to directly-attached UPSes (UPSTYPE apcsmart, usb,
# dumb) and networked UPSes (UPSTYPE net, snmp). Lowering this setting
# will improve apcupsd's responsiveness to certain events at the cost of
# higher CPU utilization. The default of 60 is appropriate for most
# situations.
POLLTIME 10
[...]
# If during a power failure, the remaining battery percentage
# (as reported by the UPS) is below or equal to BATTERYLEVEL,
# apcupsd will initiate a system shutdown.
BATTERYLEVEL 15
[...]
# If during a power failure, the remaining runtime in minutes
# (as calculated internally by the UPS) is below or equal to MINUTES,
# apcupsd, will initiate a system shutdown.
MINUTES 5
[...]
# NETSERVER [ on | off ] on enables, off disables the network
NETSERVER on
# NISIP &lt;dotted notation ip address&gt;
NISIP 0.0.0.0
</code></pre></div></div>
<p>Le fichier <code class="language-plaintext highlighter-rouge">/etc/default/apcupsd</code></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code># Defaults for apcupsd initscript (unused with systemd as init).
# Set to "yes" to enable startup of apcupsd.
ISCONFIGURED=yes
</code></pre></div></div>
<p>Démarrez apcupsd.service</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>systemctl start apcupsd.service
</code></pre></div></div>
<p>Status depuis le client “debian-10”</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>apcaccess
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>APC : 001,018,0452
DATE : 2020-11-02 14:33:58 +0100
HOSTNAME : debian-10
VERSION : 3.14.14 (31 May 2016) debian
UPSNAME : debian-10
CABLE : Ethernet Link
DRIVER : NETWORK UPS Driver
UPSMODE : Net Slave
STARTTIME: 2020-11-02 14:32:07 +0100
STATUS : COMMLOST
MBATTCHG : 15 Percent
MINTIMEL : 5 Minutes
MAXTIME : 0 Seconds
NUMXFERS : 0
TONBATT : 0 Seconds
CUMONBATT: 0 Seconds
XOFFBATT : N/A
STATFLAG : 0x05000100
END APC : 2020-11-02 14:33:58 +0100
</code></pre></div></div>
<h3 id="redirection-non-installe">Redirection (NON INSTALLE)</h3>
<p>Ajoutez un lien sur votre panneau dutilisateur redirigeant vers une autre page ou application.</p>
<p>Il peut sagir dune redirection invisible, dun lien externe, dune autre application sur votre réseau local, dun reverse proxy vers une application ou un conteneur Docker…<br />
Certaines applications peuvent même être protégées derrière votre panneau (ce qui signifie que vous devrez vous connecter pour y accéder).</p>
<blockquote>
<p>Cette application ajoute seulement un fichier de configuration Nginx avec une règle de redirection ou de proxy_pass, et une tuile YunoHost. Rien de plus.</p>
</blockquote>
<p>Installation</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>yunohost app install https://github.com/YunoHost-Apps/redirect_ynh
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Available domains:
- xoyize.xyz
- dev.xoyize.xyz
- test.xoyize.xyz
- searx.xoyize.xyz
Choose a domain for your redirect (default: xoyize.xyz):
Choose a path for your redirect (default: /redirect): /prox
Redirect destination path (default: http://127.0.0.1):
Redirect type [public_302 | public_301 | public_proxy | private_proxy] (default: public_302):
Info: Installing redirect...
Warning: /!\ Packagers! This app is still using the skipped/protected/unprotected_uris/regex settings which are now obsolete and deprecated... Instead, you should use the new helpers 'ynh_permission_{create,urls,update,delete}' and the 'visitors' group to initialize the public/private access. Check out the documentation at the bottom of yunohost.org/groups_and_permissions to learn how to use the new permission mechanism.
Success! Installation completed
</code></pre></div></div>
<blockquote>
<p><strong>IMPORTANT :</strong> le fichier redirect.conf peut avoir besoin dêtre mis à jour en fonction de votre situation !<br />
<strong>ATTENTION :</strong> de nombreuses applications ne supportent pas dêtre redirigées vers un chemin différent à cause des liens relatifs ! Cela signifie que certaines applications hébergées par exemple sur http://127.0.0.1:5050/app/ DOIVENT être redirigées vers http://domain.tld/app/ et NON http://domain.tld/someotherapp/<br />
<strong>Exemple concret :</strong> le conteneur Odoo Docker fonctionne sur http://127.0.0.1:8069/. Vous ne pourrez pas le rediriger vers http://domain.tld/odoo/ ! Vous devez le rediriger vers la racine, donc par exemple http://odoo.domain.tld/</p>
</blockquote>
<h2 id="rsync">Rsync</h2>
<p>Script de récupération des sauvegardes effectuées sur le serveur backup xoyaz.xyz</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>nano /home/admin/srvxoyaz.sh
</code></pre></div></div>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c">#!/bin/sh -x</span>
<span class="nb">echo</span> <span class="s2">"-----------------------------------------------
Récupération des sauvegardes du serveur xoyaz.xyz"</span>
rsync <span class="nt">-avz</span> <span class="nt">--delete</span> <span class="nt">--rsync-path</span><span class="o">=</span><span class="s2">"sudo rsync"</span> <span class="nt">-e</span> <span class="s2">"ssh -p 55036 -i /home/admin/.ssh/OVZ-STORAGE-128 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"</span> <span class="se">\</span>
usernl@xoyaz.xyz:/srv/data/borg-backups/<span class="k">*</span> /home/admin/serveur_backup/ <span class="o">&gt;</span>/dev/null 2&gt;&amp;1 <span class="p">;</span> <span class="se">\</span>
<span class="k">if</span> <span class="o">[</span> <span class="nv">$?</span> <span class="nt">-eq</span> 0 <span class="o">]</span><span class="p">;</span> <span class="k">then</span> <span class="se">\</span>
<span class="nb">echo</span> <span class="s2">"Récupération des sauvegardes du serveur Backup xoyaz.xyz -&gt; OK"</span> | systemd-cat <span class="nt">-t</span> rsync_xoyaz <span class="nt">-p</span> info <span class="p">;</span> <span class="se">\</span>
<span class="k">else</span> <span class="se">\</span>
<span class="nb">echo</span> <span class="s2">"Récupération des sauvegardes du serveur Backup xoyaz.xyz -&gt; ERREUR"</span> | systemd-cat <span class="nt">-t</span> rsync_xoyaz <span class="nt">-p</span> emerg <span class="p">;</span> <span class="se">\</span>
<span class="k">fi</span>
</code></pre></div></div>
<p>Les sauvegardes sont stockées sous <code class="language-plaintext highlighter-rouge">/home/admin/serveur_backup/</code>
Droits en exécution</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>chmod +x srvxoyaz.sh
</code></pre></div></div>
<p>Lancement de la procédure à 3h10</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo crontab -e
</code></pre></div></div>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c"># Récupération des sauvegardes du serveur Backup xoyaz.xyz</span>
10 03 <span class="k">*</span> <span class="k">*</span> <span class="k">*</span> /home/admin/srvxoyaz.sh <span class="o">&gt;</span> /dev/null
</code></pre></div></div>
</div>
<div class="d-print-none"><footer class="article__footer"><meta itemprop="dateModified" content="2020-11-10T00:00:00+01:00"><!-- start custom article footer snippet -->
<!-- end custom article footer snippet -->
<!--
<div align="right"><a type="application/rss+xml" href="/feed.xml" title="S'abonner"><i class="fa fa-rss fa-2x"></i></a>
&emsp;</div>
-->
</footer>
<div class="article__section-navigator clearfix"><div class="previous"><span>PRÉCÉDENT</span><a href="/2020/11/08/vps506197_Debian_10_yunohost-cinay.eu_NEW.html">OVH vps506197 Debian 10 - REINSTALL yunohost nextcloud static ttrss -cinay.eu</a></div><div class="next"><span>SUIVANT</span><a href="/2020/11/11/Serveur_A20-OLinuXino-buster-minimal_Yunohost_xoyize.xyz.html">Serveur Debian A20-OLinuXino-buster-minimal Yunohost xoyize.xyz</a></div></div></div>
</div>
<script>(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
$(function() {
var $this ,$scroll;
var $articleContent = $('.js-article-content');
var hasSidebar = $('.js-page-root').hasClass('layout--page--sidebar');
var scroll = hasSidebar ? '.js-page-main' : 'html, body';
$scroll = $(scroll);
$articleContent.find('.highlight').each(function() {
$this = $(this);
$this.attr('data-lang', $this.find('code').attr('data-lang'));
});
$articleContent.find('h1[id], h2[id], h3[id], h4[id], h5[id], h6[id]').each(function() {
$this = $(this);
$this.append($('<a class="anchor d-print-none" aria-hidden="true"></a>').html('<i class="fas fa-anchor"></i>'));
});
$articleContent.on('click', '.anchor', function() {
$scroll.scrollToAnchor('#' + $(this).parent().attr('id'), 400);
});
});
});
})();
</script>
</div><section class="page__comments d-print-none"></section></article><!-- start custom main bottom snippet -->
<!-- end custom main bottom snippet -->
</div>
</div></div></div></div>
</div><script>(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
var $body = $('body'), $window = $(window);
var $pageRoot = $('.js-page-root'), $pageMain = $('.js-page-main');
var activeCount = 0;
function modal(options) {
var $root = this, visible, onChange, hideWhenWindowScroll = false;
var scrollTop;
function setOptions(options) {
var _options = options || {};
visible = _options.initialVisible === undefined ? false : show;
onChange = _options.onChange;
hideWhenWindowScroll = _options.hideWhenWindowScroll;
}
function init() {
setState(visible);
}
function setState(isShow) {
if (isShow === visible) {
return;
}
visible = isShow;
if (visible) {
activeCount++;
scrollTop = $(window).scrollTop() || $pageMain.scrollTop();
$root.addClass('modal--show');
$pageMain.scrollTop(scrollTop);
activeCount === 1 && ($pageRoot.addClass('show-modal'), $body.addClass('of-hidden'));
hideWhenWindowScroll && window.hasEvent('touchstart') && $window.on('scroll', hide);
$window.on('keyup', handleKeyup);
} else {
activeCount > 0 && activeCount--;
$root.removeClass('modal--show');
$window.scrollTop(scrollTop);
activeCount === 0 && ($pageRoot.removeClass('show-modal'), $body.removeClass('of-hidden'));
hideWhenWindowScroll && window.hasEvent('touchstart') && $window.off('scroll', hide);
$window.off('keyup', handleKeyup);
}
onChange && onChange(visible);
}
function show() {
setState(true);
}
function hide() {
setState(false);
}
function handleKeyup(e) {
// Char Code: 27 ESC
if (e.which === 27) {
hide();
}
}
setOptions(options);
init();
return {
show: show,
hide: hide,
$el: $root
};
}
$.fn.modal = modal;
});
})();
</script><div class="modal modal--overflow page__search-modal d-print-none js-page-search-modal"><script>
(function () {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
// search panel
var search = (window.search || (window.search = {}));
var useDefaultSearchBox = window.useDefaultSearchBox === undefined ?
true : window.useDefaultSearchBox ;
var $searchModal = $('.js-page-search-modal');
var $searchToggle = $('.js-search-toggle');
var searchModal = $searchModal.modal({ onChange: handleModalChange, hideWhenWindowScroll: true });
var modalVisible = false;
search.searchModal = searchModal;
var $searchBox = null;
var $searchInput = null;
var $searchClear = null;
function getModalVisible() {
return modalVisible;
}
search.getModalVisible = getModalVisible;
function handleModalChange(visible) {
modalVisible = visible;
if (visible) {
search.onShow && search.onShow();
useDefaultSearchBox && $searchInput[0] && $searchInput[0].focus();
} else {
search.onShow && search.onHide();
useDefaultSearchBox && $searchInput[0] && $searchInput[0].blur();
setTimeout(function() {
useDefaultSearchBox && ($searchInput.val(''), $searchBox.removeClass('not-empty'));
search.clear && search.clear();
window.pageAsideAffix && window.pageAsideAffix.refresh();
}, 400);
}
}
$searchToggle.on('click', function() {
modalVisible ? searchModal.hide() : searchModal.show();
});
// Char Code: 83 S, 191 /
$(window).on('keyup', function(e) {
if (!modalVisible && !window.isFormElement(e.target || e.srcElement) && (e.which === 83 || e.which === 191)) {
modalVisible || searchModal.show();
}
});
if (useDefaultSearchBox) {
$searchBox = $('.js-search-box');
$searchInput = $searchBox.children('input');
$searchClear = $searchBox.children('.js-icon-clear');
search.getSearchInput = function() {
return $searchInput.get(0);
};
search.getVal = function() {
return $searchInput.val();
};
search.setVal = function(val) {
$searchInput.val(val);
};
$searchInput.on('focus', function() {
$(this).addClass('focus');
});
$searchInput.on('blur', function() {
$(this).removeClass('focus');
});
$searchInput.on('input', window.throttle(function() {
var val = $(this).val();
if (val === '' || typeof val !== 'string') {
search.clear && search.clear();
} else {
$searchBox.addClass('not-empty');
search.onInputNotEmpty && search.onInputNotEmpty(val);
}
}, 400));
$searchClear.on('click', function() {
$searchInput.val(''); $searchBox.removeClass('not-empty');
search.clear && search.clear();
});
}
});
})();
</script><div class="search search--dark">
<div class="main">
<div class="search__header">Recherche</div>
<div class="search-bar">
<div class="search-box js-search-box">
<div class="search-box__icon-search"><i class="fas fa-search"></i></div>
<input id="search-input" type="text" />
<div class="search-box__icon-clear js-icon-clear">
<a><i class="fas fa-times"></i></a>
</div>
</div>
<button class="button button--theme-dark button--pill search__cancel js-search-toggle">
Annuler</button>
</div>
<div id="results-container" class="search-result js-search-result"></div>
</div>
</div>
<!-- Script pointing to search-script.js -->
<script>/*!
* Simple-Jekyll-Search
* Copyright 2015-2020, Christian Fei
* Licensed under the MIT License.
*/
(function(){
'use strict'
var _$Templater_7 = {
compile: compile,
setOptions: setOptions
}
const options = {}
options.pattern = /\{(.*?)\}/g
options.template = ''
options.middleware = function () {}
function setOptions (_options) {
options.pattern = _options.pattern || options.pattern
options.template = _options.template || options.template
if (typeof _options.middleware === 'function') {
options.middleware = _options.middleware
}
}
function compile (data) {
return options.template.replace(options.pattern, function (match, prop) {
const value = options.middleware(prop, data[prop], options.template)
if (typeof value !== 'undefined') {
return value
}
return data[prop] || match
})
}
'use strict';
function fuzzysearch (needle, haystack) {
var tlen = haystack.length;
var qlen = needle.length;
if (qlen > tlen) {
return false;
}
if (qlen === tlen) {
return needle === haystack;
}
outer: for (var i = 0, j = 0; i < qlen; i++) {
var nch = needle.charCodeAt(i);
while (j < tlen) {
if (haystack.charCodeAt(j++) === nch) {
continue outer;
}
}
return false;
}
return true;
}
var _$fuzzysearch_1 = fuzzysearch;
'use strict'
/* removed: const _$fuzzysearch_1 = require('fuzzysearch') */;
var _$FuzzySearchStrategy_5 = new FuzzySearchStrategy()
function FuzzySearchStrategy () {
this.matches = function (string, crit) {
return _$fuzzysearch_1(crit.toLowerCase(), string.toLowerCase())
}
}
'use strict'
var _$LiteralSearchStrategy_6 = new LiteralSearchStrategy()
function LiteralSearchStrategy () {
this.matches = function (str, crit) {
if (!str) return false
str = str.trim().toLowerCase()
crit = crit.trim().toLowerCase()
return crit.split(' ').filter(function (word) {
return str.indexOf(word) >= 0
}).length === crit.split(' ').length
}
}
'use strict'
var _$Repository_4 = {
put: put,
clear: clear,
search: search,
setOptions: __setOptions_4
}
/* removed: const _$FuzzySearchStrategy_5 = require('./SearchStrategies/FuzzySearchStrategy') */;
/* removed: const _$LiteralSearchStrategy_6 = require('./SearchStrategies/LiteralSearchStrategy') */;
function NoSort () {
return 0
}
const data = []
let opt = {}
opt.fuzzy = false
opt.limit = 10
opt.searchStrategy = opt.fuzzy ? _$FuzzySearchStrategy_5 : _$LiteralSearchStrategy_6
opt.sort = NoSort
opt.exclude = []
function put (data) {
if (isObject(data)) {
return addObject(data)
}
if (isArray(data)) {
return addArray(data)
}
return undefined
}
function clear () {
data.length = 0
return data
}
function isObject (obj) {
return Boolean(obj) && Object.prototype.toString.call(obj) === '[object Object]'
}
function isArray (obj) {
return Boolean(obj) && Object.prototype.toString.call(obj) === '[object Array]'
}
function addObject (_data) {
data.push(_data)
return data
}
function addArray (_data) {
const added = []
clear()
for (let i = 0, len = _data.length; i < len; i++) {
if (isObject(_data[i])) {
added.push(addObject(_data[i]))
}
}
return added
}
function search (crit) {
if (!crit) {
return []
}
return findMatches(data, crit, opt.searchStrategy, opt).sort(opt.sort)
}
function __setOptions_4 (_opt) {
opt = _opt || {}
opt.fuzzy = _opt.fuzzy || false
opt.limit = _opt.limit || 10
opt.searchStrategy = _opt.fuzzy ? _$FuzzySearchStrategy_5 : _$LiteralSearchStrategy_6
opt.sort = _opt.sort || NoSort
opt.exclude = _opt.exclude || []
}
function findMatches (data, crit, strategy, opt) {
const matches = []
for (let i = 0; i < data.length && matches.length < opt.limit; i++) {
const match = findMatchesInObject(data[i], crit, strategy, opt)
if (match) {
matches.push(match)
}
}
return matches
}
function findMatchesInObject (obj, crit, strategy, opt) {
for (const key in obj) {
if (!isExcluded(obj[key], opt.exclude) && strategy.matches(obj[key], crit)) {
return obj
}
}
}
function isExcluded (term, excludedTerms) {
for (let i = 0, len = excludedTerms.length; i < len; i++) {
const excludedTerm = excludedTerms[i]
if (new RegExp(excludedTerm).test(term)) {
return true
}
}
return false
}
/* globals ActiveXObject:false */
'use strict'
var _$JSONLoader_2 = {
load: load
}
function load (location, callback) {
const xhr = getXHR()
xhr.open('GET', location, true)
xhr.onreadystatechange = createStateChangeListener(xhr, callback)
xhr.send()
}
function createStateChangeListener (xhr, callback) {
return function () {
if (xhr.readyState === 4 && xhr.status === 200) {
try {
callback(null, JSON.parse(xhr.responseText))
} catch (err) {
callback(err, null)
}
}
}
}
function getXHR () {
return window.XMLHttpRequest ? new window.XMLHttpRequest() : new ActiveXObject('Microsoft.XMLHTTP')
}
'use strict'
var _$OptionsValidator_3 = function OptionsValidator (params) {
if (!validateParams(params)) {
throw new Error('-- OptionsValidator: required options missing')
}
if (!(this instanceof OptionsValidator)) {
return new OptionsValidator(params)
}
const requiredOptions = params.required
this.getRequiredOptions = function () {
return requiredOptions
}
this.validate = function (parameters) {
const errors = []
requiredOptions.forEach(function (requiredOptionName) {
if (typeof parameters[requiredOptionName] === 'undefined') {
errors.push(requiredOptionName)
}
})
return errors
}
function validateParams (params) {
if (!params) {
return false
}
return typeof params.required !== 'undefined' && params.required instanceof Array
}
}
'use strict'
var _$utils_9 = {
merge: merge,
isJSON: isJSON
}
function merge (defaultParams, mergeParams) {
const mergedOptions = {}
for (const option in defaultParams) {
mergedOptions[option] = defaultParams[option]
if (typeof mergeParams[option] !== 'undefined') {
mergedOptions[option] = mergeParams[option]
}
}
return mergedOptions
}
function isJSON (json) {
try {
if (json instanceof Object && JSON.parse(JSON.stringify(json))) {
return true
}
return false
} catch (err) {
return false
}
}
var _$src_8 = {};
(function (window) {
'use strict'
let options = {
searchInput: null,
resultsContainer: null,
json: [],
success: Function.prototype,
searchResultTemplate: '<li><a href="{url}" title="{desc}">{title}</a></li>',
templateMiddleware: Function.prototype,
sortMiddleware: function () {
return 0
},
noResultsText: 'No results found',
limit: 10,
fuzzy: false,
debounceTime: null,
exclude: []
}
let debounceTimerHandle
const debounce = function (func, delayMillis) {
if (delayMillis) {
clearTimeout(debounceTimerHandle)
debounceTimerHandle = setTimeout(func, delayMillis)
} else {
func.call()
}
}
const requiredOptions = ['searchInput', 'resultsContainer', 'json']
/* removed: const _$Templater_7 = require('./Templater') */;
/* removed: const _$Repository_4 = require('./Repository') */;
/* removed: const _$JSONLoader_2 = require('./JSONLoader') */;
const optionsValidator = _$OptionsValidator_3({
required: requiredOptions
})
/* removed: const _$utils_9 = require('./utils') */;
window.SimpleJekyllSearch = function (_options) {
const errors = optionsValidator.validate(_options)
if (errors.length > 0) {
throwError('You must specify the following required options: ' + requiredOptions)
}
options = _$utils_9.merge(options, _options)
_$Templater_7.setOptions({
template: options.searchResultTemplate,
middleware: options.templateMiddleware
})
_$Repository_4.setOptions({
fuzzy: options.fuzzy,
limit: options.limit,
sort: options.sortMiddleware,
exclude: options.exclude
})
if (_$utils_9.isJSON(options.json)) {
initWithJSON(options.json)
} else {
initWithURL(options.json)
}
const rv = {
search: search
}
typeof options.success === 'function' && options.success.call(rv)
return rv
}
function initWithJSON (json) {
_$Repository_4.put(json)
registerInput()
}
function initWithURL (url) {
_$JSONLoader_2.load(url, function (err, json) {
if (err) {
throwError('failed to get JSON (' + url + ')')
}
initWithJSON(json)
})
}
function emptyResultsContainer () {
options.resultsContainer.innerHTML = ''
}
function appendToResultsContainer (text) {
options.resultsContainer.innerHTML += text
}
function registerInput () {
options.searchInput.addEventListener('input', function (e) {
if (isWhitelistedKey(e.which)) {
emptyResultsContainer()
debounce(function () { search(e.target.value) }, options.debounceTime)
}
})
}
function search (query) {
if (isValidQuery(query)) {
emptyResultsContainer()
render(_$Repository_4.search(query), query)
}
}
function render (results, query) {
const len = results.length
if (len === 0) {
return appendToResultsContainer(options.noResultsText)
}
for (let i = 0; i < len; i++) {
results[i].query = query
appendToResultsContainer(_$Templater_7.compile(results[i]))
}
}
function isValidQuery (query) {
return query && query.length > 0
}
function isWhitelistedKey (key) {
return [13, 16, 20, 37, 38, 39, 40, 91].indexOf(key) === -1
}
function throwError (message) {
throw new Error('SimpleJekyllSearch --- ' + message)
}
})(window)
}());
</script>
<!-- Configuration -->
<script>
SimpleJekyllSearch({
searchInput: document.getElementById('search-input'),
resultsContainer: document.getElementById('results-container'),
noResultsText: '<p>Aucun résultat!</p>',
json: '/search.json',
searchResultTemplate: '<li><a href="{url}">{date}&nbsp;{title}</a>&nbsp;(Création {create})</li>'
})
</script>
</div></div>
<script>(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
function scrollToAnchor(anchor, duration, callback) {
var $root = this;
$root.animate({ scrollTop: $(anchor).position().top }, duration, function() {
window.history.replaceState(null, '', window.location.href.split('#')[0] + anchor);
callback && callback();
});
}
$.fn.scrollToAnchor = scrollToAnchor;
});
})();
(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
function affix(options) {
var $root = this, $window = $(window), $scrollTarget, $scroll,
offsetBottom = 0, scrollTarget = window, scroll = window.document, disabled = false, isOverallScroller = true,
rootTop, rootLeft, rootHeight, scrollBottom, rootBottomTop,
hasInit = false, curState;
function setOptions(options) {
var _options = options || {};
_options.offsetBottom && (offsetBottom = _options.offsetBottom);
_options.scrollTarget && (scrollTarget = _options.scrollTarget);
_options.scroll && (scroll = _options.scroll);
_options.disabled !== undefined && (disabled = _options.disabled);
$scrollTarget = $(scrollTarget);
isOverallScroller = window.isOverallScroller($scrollTarget[0]);
$scroll = $(scroll);
}
function preCalc() {
top();
rootHeight = $root.outerHeight();
rootTop = $root.offset().top + (isOverallScroller ? 0 : $scrollTarget.scrollTop());
rootLeft = $root.offset().left;
}
function calc(needPreCalc) {
needPreCalc && preCalc();
scrollBottom = $scroll.outerHeight() - offsetBottom - rootHeight;
rootBottomTop = scrollBottom - rootTop;
}
function top() {
if (curState !== 'top') {
$root.removeClass('fixed').css({
left: 0,
top: 0
});
curState = 'top';
}
}
function fixed() {
if (curState !== 'fixed') {
$root.addClass('fixed').css({
left: rootLeft + 'px',
top: 0
});
curState = 'fixed';
}
}
function bottom() {
if (curState !== 'bottom') {
$root.removeClass('fixed').css({
left: 0,
top: rootBottomTop + 'px'
});
curState = 'bottom';
}
}
function setState() {
var scrollTop = $scrollTarget.scrollTop();
if (scrollTop >= rootTop && scrollTop <= scrollBottom) {
fixed();
} else if (scrollTop < rootTop) {
top();
} else {
bottom();
}
}
function init() {
if(!hasInit) {
var interval, timeout;
calc(true); setState();
// run calc every 100 millisecond
interval = setInterval(function() {
calc();
}, 100);
timeout = setTimeout(function() {
clearInterval(interval);
}, 45000);
window.pageLoad.then(function() {
setTimeout(function() {
clearInterval(interval);
clearTimeout(timeout);
}, 3000);
});
$scrollTarget.on('scroll', function() {
disabled || setState();
});
$window.on('resize', function() {
disabled || (calc(true), setState());
});
hasInit = true;
}
}
setOptions(options);
if (!disabled) {
init();
}
$window.on('resize', window.throttle(function() {
init();
}, 200));
return {
setOptions: setOptions,
refresh: function() {
calc(true, { animation: false }); setState();
}
};
}
$.fn.affix = affix;
});
})();
(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
function toc(options) {
var $root = this, $window = $(window), $scrollTarget, $scroller, $tocUl = $('<ul class="toc toc--ellipsis"></ul>'), $tocLi, $headings, $activeLast, $activeCur,
selectors = 'h1,h2,h3', container = 'body', scrollTarget = window, scroller = 'html, body', disabled = false,
headingsPos, scrolling = false, hasRendered = false, hasInit = false;
function setOptions(options) {
var _options = options || {};
_options.selectors && (selectors = _options.selectors);
_options.container && (container = _options.container);
_options.scrollTarget && (scrollTarget = _options.scrollTarget);
_options.scroller && (scroller = _options.scroller);
_options.disabled !== undefined && (disabled = _options.disabled);
$headings = $(container).find(selectors).filter('[id]');
$scrollTarget = $(scrollTarget);
$scroller = $(scroller);
}
function calc() {
headingsPos = [];
$headings.each(function() {
headingsPos.push(Math.floor($(this).position().top));
});
}
function setState(element, disabled) {
var scrollTop = $scrollTarget.scrollTop(), i;
if (disabled || !headingsPos || headingsPos.length < 1) { return; }
if (element) {
$activeCur = element;
} else {
for (i = 0; i < headingsPos.length; i++) {
if (scrollTop >= headingsPos[i]) {
$activeCur = $tocLi.eq(i);
} else {
$activeCur || ($activeCur = $tocLi.eq(i));
break;
}
}
}
$activeLast && $activeLast.removeClass('active');
($activeLast = $activeCur).addClass('active');
}
function render() {
if(!hasRendered) {
$root.append($tocUl);
$headings.each(function() {
var $this = $(this);
$tocUl.append($('<li></li>').addClass('toc-' + $this.prop('tagName').toLowerCase())
.append($('<a></a>').text($this.text()).attr('href', '#' + $this.prop('id'))));
});
$tocLi = $tocUl.children('li');
$tocUl.on('click', 'a', function(e) {
e.preventDefault();
var $this = $(this);
scrolling = true;
setState($this.parent());
$scroller.scrollToAnchor($this.attr('href'), 400, function() {
scrolling = false;
});
});
}
hasRendered = true;
}
function init() {
var interval, timeout;
if(!hasInit) {
render(); calc(); setState(null, scrolling);
// run calc every 100 millisecond
interval = setInterval(function() {
calc();
}, 100);
timeout = setTimeout(function() {
clearInterval(interval);
}, 45000);
window.pageLoad.then(function() {
setTimeout(function() {
clearInterval(interval);
clearTimeout(timeout);
}, 3000);
});
$scrollTarget.on('scroll', function() {
disabled || setState(null, scrolling);
});
$window.on('resize', window.throttle(function() {
if (!disabled) {
render(); calc(); setState(null, scrolling);
}
}, 100));
}
hasInit = true;
}
setOptions(options);
if (!disabled) {
init();
}
$window.on('resize', window.throttle(function() {
init();
}, 200));
return {
setOptions: setOptions
};
}
$.fn.toc = toc;
});
})();
/*(function () {
})();*/
</script><script>
/* toc must before affix, since affix need to konw toc' height. */(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
var TOC_SELECTOR = window.TEXT_VARIABLES.site.toc.selectors;
window.Lazyload.js(SOURCES.jquery, function() {
var $window = $(window);
var $articleContent = $('.js-article-content');
var $tocRoot = $('.js-toc-root'), $col2 = $('.js-col-aside');
var toc;
var tocDisabled = false;
var hasSidebar = $('.js-page-root').hasClass('layout--page--sidebar');
var hasToc = $articleContent.find(TOC_SELECTOR).length > 0;
function disabled() {
return $col2.css('display') === 'none' || !hasToc;
}
tocDisabled = disabled();
toc = $tocRoot.toc({
selectors: TOC_SELECTOR,
container: $articleContent,
scrollTarget: hasSidebar ? '.js-page-main' : null,
scroller: hasSidebar ? '.js-page-main' : null,
disabled: tocDisabled
});
$window.on('resize', window.throttle(function() {
tocDisabled = disabled();
toc && toc.setOptions({
disabled: tocDisabled
});
}, 100));
});
})();
(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
var $window = $(window), $pageFooter = $('.js-page-footer');
var $pageAside = $('.js-page-aside');
var affix;
var tocDisabled = false;
var hasSidebar = $('.js-page-root').hasClass('layout--page--sidebar');
affix = $pageAside.affix({
offsetBottom: $pageFooter.outerHeight(),
scrollTarget: hasSidebar ? '.js-page-main' : null,
scroller: hasSidebar ? '.js-page-main' : null,
scroll: hasSidebar ? $('.js-page-main').children() : null,
disabled: tocDisabled
});
$window.on('resize', window.throttle(function() {
affix && affix.setOptions({
disabled: tocDisabled
});
}, 100));
window.pageAsideAffix = affix;
});
})();
</script><!---->
</div>
<script>(function () {
var $root = document.getElementsByClassName('root')[0];
if (window.hasEvent('touchstart')) {
$root.dataset.isTouch = true;
document.addEventListener('touchstart', function(){}, false);
}
})();
</script>
</body>
</html>