envole/dicos/90_envole.xml

301 lines
16 KiB
XML

<?xml version="1.0" encoding="utf-8"?>
<creole>
<containers>
<container name='web'>
<file filelist='envole' name='/etc/apache2/sites-available/envole' source='envole-apache.conf' rm="True"/>
<file filelist='envole' name='/usr/share/envole/docker/.env.local' source='ninegate-env.local' rm='True'/>
<service method='apache' servicelist='envole'>envole</service>
</container>
</containers>
<variables>
<family name='applications web'>
<!-- MASTERIDENTITY -->
<variable type='string' name='envole_masteridentity' mandatory='True' description="Maître de l'identité"><value>LDAP</value></variable>
<!-- AUTHENTIFICATION -->
<variable type='string' name='envole_modeauth' description="Mode Authentification" mandatory='True'><value>CAS</value></variable>
<variable type='oui/non' name='cas_local' description="Serveur CAS local" mandatory='True'><value>non</value></variable>
<variable type='string' name='cas_host' description="Host CAS" mandatory='True'></variable>
<variable type='string' name='cas_port' description="Port CAS" mandatory='True'><value>443</value></variable>
<variable type='string' name='cas_path' description="Path CAS" mandatory='True'><value>/sso</value></variable>
<variable type='string' name='cas_username' description="Attribut CAS identifiant unique de l'utilisateur" mandatory='True'><value>username</value></variable>
<variable type='string' name='cas_lastname' description="Attribut CAS nom de l'utilisateur" mandatory='True'><value>lastname</value></variable>
<variable type='string' name='cas_firstname' description="Attribut CAS prénom de l'utilisateur" mandatory='True'><value>firstname</value></variable>
<variable type='string' name='cas_email' description="Attribut CAS mail de l'utilisateur" mandatory='True'><value>email</value></variable>
<variable type='oui/non' name='ninegate_ssosynchrogroup' description="Générer automatiquement les groupes en fonction d'un attribut SSO"><value>oui</value></variable>
<variable type='string' name='ninegate_ssoreqgroup' description="Attribut SSO associé à la notion de groupe" mandatory='True'><value>user_groups</value></variable>
<variable type='oui/non' name='ninegate_ssosynchroitem' description="Associer automatiquement les items en fonction d'un attribut SSO"><value>non</value></variable>
<variable type='string' name='ninegate_ssoreqitem' description="Attribut SSO associé à la notion d'item" mandatory='True'></variable>
<!-- BASE DE DONNEES -->
<variable type='oui/non' name='activer_database' description='Activer Base de données'><value>oui</value></variable>
<variable type='oui/non' name='database_local' description='Base de données local'><value>oui</value></variable>
<variable type='string' name='database_host' description='Host Base de données' mandatory='True'></variable>
<variable type='string' name='database_port' description='Port Base de données' mandatory='True'></variable>
<variable type='string' name='database_user' description='Utilisateur base de données' mandatory='True'></variable>
<!-- OPENLDAP -->
<variable type='oui/non' name='activer_openldap' description='Activer Annuaire'><value>oui</value></variable>
<variable type='oui/non' name='openldap_local' description='Annuaire local'><value>non</value></variable>
<variable type='string' name='openldap_ldaptemplate' description="Modèle d'annuaire"><value>scribe</value></variable>
<variable type='string' name='openldap_host' mandatory='True' description='Annuaire host'></variable>
<variable type='string' name='openldap_port' mandatory='True' description='Annuaire port'><value>389</value></variable>
<variable type='oui/non' name='openldap_tls' description='Utiliser le mode TLS'><value>non</value></variable>
<variable type='string' name='openldap_basedn' mandatory='True' description='Base DN'><value>o=gouv,c=fr</value></variable>
<variable type='string' name='openldap_user' mandatory='True' description='CN du compte writer'><value>admin</value></variable>
<!-- APPLICATIONS -->
<variable type='oui/non' name='activer_ninegate' description='Activer Ninegate'><value>oui</value></variable>
<variable type='oui/non' name='activer_nextcloud' description='Activer Nextcloud'><value>non</value></variable>
<variable type='oui/non' name='activer_adminer' description='Activer Adminer'><value>non</value></variable>
<variable type='oui/non' name='activer_phpldapadmin' description='Activer Phpldapadmin'><value>non</value></variable>
<!-- SECRETS -->
<variable type='string' name='openldap_password' mandatory='True' description='Password compte writer Annuaire'></variable>
<variable type='string' name='database_rootpassword' mandatory='True' description='Password compte root base de données'></variable>
<variable type='string' name='database_userpassword' mandatory='True' description='Password compte user base de données'></variable>
<variable type='string' name='keycload_userpassword' mandatory='True' description='Password compte admin-keycloak Keycloak'></variable>
<variable type='string' name='envole_adminpassword' mandatory='True' description='Password compte administrateur applicatifs'></variable>
<variable type='string' name='ninegate_secret' mandatory='True' description='Secret key Ninegate'></variable>
<!-- NINEGATE -->
<variable type='oui/non' name='ninegate_syncldap' description='Synchroniser les utilisateurs vers annuaire'><value>oui</value></variable>
<variable type='oui/non' name='ninegate_scribegroup' description="Considérer les classes/options comme des groupes de travail"><value>oui</value></variable>
<variable type='oui/non' name='ninegate_scribemaster' description="Placer les professeurs comme manager des groupes classes/options"><value>oui</value></variable>
<variable type='string' name='ninegate_openldapreqniveau01' description="Lors de l'initalisation de Ninegate requete LDAP utilisateur de votre premier Niveau01" mandatory='True'><value>(uid=*)</value></variable>
<variable type='oui/non' name='ninegate_openldapsynchrogroup' description="Générer automatiquement les groupes en fonction de votre annuaire"><value>oui</value></variable>
<variable type='string' name='ninegate_openldapreqgroup' description="Requête pour générer automatiquement les groupes" mandatory='True'><value>(objectClass=posixGroup)</value></variable>
<variable type='string' name='ninegate_openldapsubbranchgroup' description="Rechercher les groupes dans la sous-branche" mandatory='False' />
<variable type='string' name='ninegate_openldapsubbranchuser' description="Rechercher les utilisateurs dans la sous-branche" mandatory='False' />
<variable type='string' name='ninegate_moderegistration' description="Mode de registration : none / byuser / byadmin" mandatory='True'><value>none</value></variable>
<variable type='oui/non' name='ninegate_forcetheme' description="Forcer l'utilisation d'un thème"><value>non</value></variable>
<variable type='string' name='ninegate_forcethemename' description="Nom du thème"></variable>
<!-- NEXTCLOUD -->
<variable name='nextcloud_local' type='oui/non' description='Nextcloud local'><value>oui</value></variable>
<variable name='nextcloud_url' type='string' mandatory='True' description='Nextcloud URL'></variable>
<variable name='nextcloud_samba' type='oui/non' description='Configurer un partage Samba'><value>non</value></variable>
<variable name='nextcloud_samba_host' type='string' mandatory='True' description='Samba host name'></variable>
<variable name='nextcloud_samba_name' type='string' mandatory='True' description='Samba root name'><value>nextcloud</value></variable>
</family>
<separators>
<separator name="envole_masteridentity">Maître de l'identité</separator>
<separator name="envole_modeauth">Authentification</separator>
<separator name="activer_database">Base de Données</separator>
<separator name="activer_openldap">Annuaire</separator>
<separator name="activer_ninegate">Applications</separator>
<separator name="openldap_password">Secrets</separator>
<separator name="ninegate_syncldap">Ninegate Portail</separator>
<separator name="nextcloud_local">Nextcloud</separator>
</separators>
</variables>
<constraints>
<check name='valid_enum' target='envole_masteridentity'>
<param>['LDAP', 'SQL', 'SSO']</param>
</check>
<check name='valid_enum' target='openldap_ldaptemplate'>
<param>['scribe', 'open']</param>
</check>
<check name='valid_enum' target='envole_modeauth'>
<param>['CAS', 'SQL', 'LDAP']</param>
</check>
<!-- APACHE -->
<condition name='hidden_if_in' source='activer_apache'>
<param>non</param>
<target type='family'>applications web</target>
<target type='servicelist'>envole</target>
</condition>
<!-- MASTERIDENTITY -->
<condition name='hidden_if_in' source='envole_masteridentity'>
<param>LDAP</param>
<param>SSO</param>
<target type='variable'>ninegate_syncldap</target>
<target type='variable'>ninegate_moderegistration</target>
</condition>
<condition name='hidden_if_in' source='envole_masteridentity'>
<param>SQL</param>
<param>SSO</param>
<target type='variable'>openldap_ldaptemplate</target>
</condition>
<condition name='hidden_if_in' source='envole_masteridentity'>
<param>SQL</param>
<param>LDAP</param>
<target type='variable'>ninegate_ssosynchrogroup</target>
<target type='variable'>ninegate_ssoreqgroup</target>
<target type='variable'>ninegate_ssosynchroitem</target>
<target type='variable'>ninegate_ssoreqitem</target>
</condition>
<!-- AUTHENTIFICATION -->
<condition name='hidden_if_in' source='envole_modeauth'>
<param>SQL</param>
<param>LDAP</param>
<target type='variable'>cas_local</target>
<target type='variable'>cas_username</target>
<target type='variable'>cas_lastname</target>
<target type='variable'>cas_firstname</target>
<target type='variable'>cas_email</target>
</condition>
<condition name='hidden_if_in' source='cas_local'>
<param>oui</param>
<target type='variable'>cas_host</target>
<target type='variable'>cas_port</target>
<target type='variable'>cas_path</target>
</condition>
<condition name='hidden_if_in' source='cas_local'>
<param>non</param>
<target type='variable'>keycload_userpassword</target>
</condition>
<!-- DATABASE -->
<condition name='hidden_if_in' source='activer_database'>
<param>non</param>
<target type='variable'>database_local</target>
<target type='variable'>database_rootpassword</target>
<target type='variable'>database_userpassword</target>
<target type='variable'>activer_ninegate</target>
<target type='variable'>activer_nextcloud</target>
<target type='variable'>activer_adminer</target>
</condition>
<condition name='hidden_if_in' source='database_local'>
<param>oui</param>
<target type='variable'>database_host</target>
<target type='variable'>database_port</target>
<target type='variable'>database_user</target>
</condition>
<!-- OPENLDAP -->
<condition name='hidden_if_in' source='activer_openldap'>
<param>non</param>
<target type='variable'>openldap_local</target>
<target type='variable'>openldap_password</target>
<target type='variable'>activer_phpldapadmin</target>
</condition>
<condition name='hidden_if_in' source='openldap_local'>
<param>oui</param>
<target type='variable'>openldap_host</target>
<target type='variable'>openldap_port</target>
<target type='variable'>openldap_tls</target>
<target type='variable'>openldap_basedn</target>
<target type='variable'>openldap_user</target>
</condition>
<condition name='hidden_if_not_in' source='openldap_ldaptemplate'>
<param>scribe</param>
<target type='variable'>ninegate_scribegroup</target>
<target type='variable'>ninegate_scribemaster</target>
</condition>
<!-- NINEGATE -->
<condition name='hidden_if_in' source='activer_ninegate'>
<param>non</param>
<target type='variable'>ninegate_secret</target>
<target type='variable'>ninegate_syncldap</target>
<target type='variable'>ninegate_ssosynchrogroup</target>
<target type='variable'>ninegate_ssoreqgroup</target>
<target type='variable'>ninegate_ssosynchroitem</target>
<target type='variable'>ninegate_ssoreqitem</target>
<target type='variable'>ninegate_scribegroup</target>
<target type='variable'>ninegate_scribemaster</target>
<target type='variable'>ninegate_openldapreqniveau01</target>
<target type='variable'>ninegate_openldapsynchrogroup</target>
<target type='variable'>ninegate_openldapreqgroup</target>
<target type='variable'>ninegate_openldapsubbranchgroup</target>
<target type='variable'>ninegate_openldapsubbranchuser</target>
<target type='variable'>ninegate_moderegistration</target>
<target type='variable'>ninegate_forcetheme</target>
<target type='variable'>ninegate_forcethemename</target>
</condition>
<condition name='hidden_if_not_in' source='openldap_ldaptemplate'>
<param>scribe</param>
<target type='variable'>ninegate_scribegroup</target>
<target type='variable'>ninegate_scribemaster</target>
</condition>
<condition name='hidden_if_not_in' source='openldap_ldaptemplate'>
<param>open</param>
<target type='variable'>ninegate_openldapreqniveau01</target>
<target type='variable'>ninegate_openldapsynchrogroup</target>
<target type='variable'>ninegate_openldapreqgroup</target>
<target type='variable'>ninegate_openldapsubbranchgroup</target>
<target type='variable'>ninegate_openldapsubbranchuser</target>
</condition>
<condition name='hidden_if_in' source='ninegate_ssosynchroitem'>
<param>non</param>
<target type='variable'>ninegate_ssoreqitem</target>
</condition>
<condition name='hidden_if_in' source='ninegate_forcetheme'>
<param>non</param>
<target type='variable'>ninegate_forcethemename</target>
</condition>
<!-- NEXTCLOUD -->
<condition name='hidden_if_in' source='activer_nextcloud'>
<param>non</param>
<target type='variable'>nextcloud_local</target>
<target type='variable'>nextcloud_samba</target>
</condition>
<condition name='hidden_if_in' source='nextcloud_local'>
<param>oui</param>
<target type='variable'>nextcloud_url</target>
</condition>
<condition name='hidden_if_in' source='nextcloud_local'>
<param>non</param>
<target type='variable'>nextcloud_samba</target>
</condition>
<condition name='hidden_if_in' source='nextcloud_samba'>
<param>non</param>
<target type='variable'>nextcloud_samba_host</target>
<target type='variable'>nextcloud_samba_name</target>
</condition>
</constraints>
</creole>