first

modules/network/identity/config.sh

@@ -0,0 +1,3 @@
+POSTINSTALL_NETWORK_IDENTITY_DEFAULT_HOSTNAME="${HOSTNAME:-debian}"
+POSTINSTALL_NETWORK_IDENTITY_DEFAULT_DOMAIN="local"
+POSTINSTALL_NETWORK_IDENTITY_STATE_FILE="/etc/postinstall-debian/network-identity.conf"

modules/network/identity/metadata.conf

@@ -0,0 +1,4 @@
+MODULE_ID="network/identity"
+MODULE_NAME="Identite reseau"
+MODULE_CATEGORY="network"
+MODULE_DESCRIPTION="Configure le hostname et l'identite locale de la machine"

modules/network/identity/module.sh

@@ -0,0 +1,68 @@
+#!/usr/bin/env bash
+
+MODULE_NETWORK_IDENTITY_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+MODULE_NETWORK_IDENTITY_PROJECT_ROOT="$(cd "$MODULE_NETWORK_IDENTITY_DIR/../../.." && pwd)"
+
+# shellcheck source=modules/network/identity/config.sh
+source "$MODULE_NETWORK_IDENTITY_DIR/config.sh"
+# shellcheck source=modules/network/identity/metadata.conf
+source "$MODULE_NETWORK_IDENTITY_DIR/metadata.conf"
+
+module_identity_metadata() {
+  printf '%s|%s|%s\n' "$MODULE_ID" "$MODULE_NAME" "$MODULE_DESCRIPTION"
+}
+
+module_identity_validate_hostname() {
+  local host_name="$1"
+  [[ "$host_name" =~ ^[a-zA-Z0-9][a-zA-Z0-9-]{0,62}$ ]]
+}
+
+module_identity_update_hosts() {
+  local host_name="$1"
+  local domain_name="${2:-}"
+  local fqdn="$host_name"
+  local temp_file=""
+
+  if [[ -n "$domain_name" ]]; then
+    fqdn="$host_name.$domain_name"
+  fi
+
+  temp_file="$(mktemp)"
+  awk '!/^127\.0\.1\.1[[:space:]]/' /etc/hosts > "$temp_file"
+  printf '127.0.1.1 %s %s\n' "$fqdn" "$host_name" >> "$temp_file"
+  cat "$temp_file" > /etc/hosts
+  rm -f "$temp_file"
+}
+
+module_identity_install() {
+  local host_name="${1:-$POSTINSTALL_NETWORK_IDENTITY_DEFAULT_HOSTNAME}"
+  local domain_name="${2:-$POSTINSTALL_NETWORK_IDENTITY_DEFAULT_DOMAIN}"
+
+  if ! module_identity_validate_hostname "$host_name"; then
+    ui_error "Hostname invalide : $host_name"
+    return 1
+  fi
+
+  if command -v hostnamectl >/dev/null 2>&1; then
+    hostnamectl set-hostname "$host_name"
+  else
+    hostname "$host_name"
+  fi
+  printf '%s\n' "$host_name" > /etc/hostname
+  module_identity_update_hosts "$host_name" "$domain_name"
+
+  mkdir -p "$(dirname "$POSTINSTALL_NETWORK_IDENTITY_STATE_FILE")"
+  {
+    printf 'HOSTNAME=%s\n' "$host_name"
+    printf 'DOMAIN=%s\n' "$domain_name"
+  } > "$POSTINSTALL_NETWORK_IDENTITY_STATE_FILE"
+
+  log_info "Hostname configure : $host_name"
+  ui_success "Hostname configure : $host_name"
+}
+
+module_identity_test() {
+  test -f "$POSTINSTALL_NETWORK_IDENTITY_STATE_FILE" || return 1
+  test -s /etc/hostname || return 1
+  hostnamectl >/dev/null 2>&1 || return 1
+}

modules/network/identity/tests.sh

@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+
+MODULE_NETWORK_IDENTITY_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(cd "$MODULE_NETWORK_IDENTITY_DIR/../../.." && pwd)"
+
+# shellcheck source=lib/ui.sh
+source "$PROJECT_ROOT/lib/ui.sh"
+# shellcheck source=lib/log.sh
+source "$PROJECT_ROOT/lib/log.sh"
+# shellcheck source=core/runtime.sh
+source "$PROJECT_ROOT/core/runtime.sh"
+# shellcheck source=modules/network/identity/module.sh
+source "$MODULE_NETWORK_IDENTITY_DIR/module.sh"
+
+runtime_init "$PROJECT_ROOT"
+log_init
+
+if ! test -f /etc/postinstall-debian/network-identity.conf; then
+  printf 'network-identity test SKIPPED: module configuration not applied\n'
+  exit 0
+fi
+
+if module_identity_test; then
+  printf 'network-identity test OK\n'
+else
+  printf 'network-identity test FAILED\n' >&2
+  exit 1
+fi

modules/network/ip-config/config.sh

@@ -0,0 +1,7 @@
+POSTINSTALL_NETWORK_IP_DEFAULT_INTERFACE=""
+POSTINSTALL_NETWORK_IP_DEFAULT_MODE="dhcp"
+POSTINSTALL_NETWORK_IP_DEFAULT_ADDRESS="10.0.0.10"
+POSTINSTALL_NETWORK_IP_DEFAULT_PREFIX="22"
+POSTINSTALL_NETWORK_IP_DEFAULT_GATEWAY="10.0.0.1"
+POSTINSTALL_NETWORK_IP_DEFAULT_DNS="10.0.0.1"
+POSTINSTALL_NETWORK_IP_STATE_FILE="/etc/postinstall-debian/network-ip-config.conf"

modules/network/ip-config/metadata.conf

@@ -0,0 +1,4 @@
+MODULE_ID="network/ip-config"
+MODULE_NAME="Configuration IP initiale"
+MODULE_CATEGORY="network"
+MODULE_DESCRIPTION="Configure une interface reseau en DHCP ou en IP statique"

modules/network/ip-config/module.sh

@@ -0,0 +1,157 @@
+#!/usr/bin/env bash
+
+MODULE_NETWORK_IP_CONFIG_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+MODULE_NETWORK_IP_CONFIG_PROJECT_ROOT="$(cd "$MODULE_NETWORK_IP_CONFIG_DIR/../../.." && pwd)"
+
+# shellcheck source=lib/system.sh
+source "$MODULE_NETWORK_IP_CONFIG_PROJECT_ROOT/lib/system.sh"
+# shellcheck source=modules/network/ip-config/config.sh
+source "$MODULE_NETWORK_IP_CONFIG_DIR/config.sh"
+# shellcheck source=modules/network/ip-config/metadata.conf
+source "$MODULE_NETWORK_IP_CONFIG_DIR/metadata.conf"
+
+module_ip_config_metadata() {
+  printf '%s|%s|%s\n' "$MODULE_ID" "$MODULE_NAME" "$MODULE_DESCRIPTION"
+}
+
+module_ip_config_detect_backend() {
+  if command -v nmcli >/dev/null 2>&1 && systemctl is-active --quiet NetworkManager; then
+    printf 'networkmanager\n'
+  elif [[ -d /etc/systemd/network ]]; then
+    printf 'networkd\n'
+  else
+    printf 'ifupdown\n'
+  fi
+}
+
+module_ip_config_validate_mode() {
+  [[ "$1" == "dhcp" || "$1" == "static" ]]
+}
+
+module_ip_config_nmcli_connection_for_device() {
+  local iface="$1"
+  nmcli -t -f NAME,DEVICE connection show | awk -F: -v iface="$iface" '$2 == iface { print $1; exit }'
+}
+
+module_ip_config_write_networkd() {
+  local iface="$1"
+  local mode="$2"
+  local address="$3"
+  local prefix="$4"
+  local gateway="$5"
+  local dns="$6"
+  local file_path="/etc/systemd/network/10-postinstall-${iface}.network"
+
+  mkdir -p /etc/systemd/network
+  {
+    printf '[Match]\nName=%s\n\n' "$iface"
+    printf '[Network]\n'
+    if [[ "$mode" == "dhcp" ]]; then
+      printf 'DHCP=yes\n'
+    else
+      printf 'Address=%s/%s\n' "$address" "$prefix"
+      printf 'Gateway=%s\n' "$gateway"
+      printf 'DNS=%s\n' "$dns"
+    fi
+  } > "$file_path"
+
+  if systemctl is-active --quiet systemd-networkd; then
+    systemctl restart systemd-networkd
+  fi
+}
+
+module_ip_config_write_ifupdown() {
+  local iface="$1"
+  local mode="$2"
+  local address="$3"
+  local prefix="$4"
+  local gateway="$5"
+  local dns="$6"
+  local netmask="255.255.252.0"
+  local file_path="/etc/network/interfaces.d/postinstall-${iface}"
+
+  mkdir -p /etc/network/interfaces.d
+  {
+    printf 'auto %s\n' "$iface"
+    if [[ "$mode" == "dhcp" ]]; then
+      printf 'iface %s inet dhcp\n' "$iface"
+    else
+      printf 'iface %s inet static\n' "$iface"
+      printf '    address %s/%s\n' "$address" "$prefix"
+      printf '    gateway %s\n' "$gateway"
+      printf '    dns-nameservers %s\n' "$dns"
+      printf '    netmask %s\n' "$netmask"
+    fi
+  } > "$file_path"
+}
+
+module_ip_config_write_networkmanager() {
+  local iface="$1"
+  local mode="$2"
+  local address="$3"
+  local prefix="$4"
+  local gateway="$5"
+  local dns="$6"
+  local connection_name=""
+
+  connection_name="$(module_ip_config_nmcli_connection_for_device "$iface")"
+  if [[ -z "$connection_name" ]]; then
+    connection_name="postinstall-${iface}"
+    nmcli connection add type ethernet ifname "$iface" con-name "$connection_name" >/dev/null
+  fi
+
+  if [[ "$mode" == "dhcp" ]]; then
+    nmcli connection modify "$connection_name" ipv4.method auto ipv4.addresses "" ipv4.gateway "" ipv4.dns ""
+  else
+    nmcli connection modify "$connection_name" ipv4.method manual ipv4.addresses "$address/$prefix" ipv4.gateway "$gateway" ipv4.dns "$dns"
+  fi
+  nmcli connection up "$connection_name" >/dev/null
+}
+
+module_ip_config_install() {
+  local iface="${1:-$POSTINSTALL_NETWORK_IP_DEFAULT_INTERFACE}"
+  local mode="${2:-$POSTINSTALL_NETWORK_IP_DEFAULT_MODE}"
+  local address="${3:-$POSTINSTALL_NETWORK_IP_DEFAULT_ADDRESS}"
+  local prefix="${4:-$POSTINSTALL_NETWORK_IP_DEFAULT_PREFIX}"
+  local gateway="${5:-$POSTINSTALL_NETWORK_IP_DEFAULT_GATEWAY}"
+  local dns="${6:-$POSTINSTALL_NETWORK_IP_DEFAULT_DNS}"
+  local backend=""
+
+  iface="${iface:-$(system_primary_interface)}"
+
+  if [[ -z "$iface" ]]; then
+    ui_error "Impossible de detecter l'interface reseau"
+    return 1
+  fi
+
+  if ! module_ip_config_validate_mode "$mode"; then
+    ui_error "Mode reseau invalide : $mode"
+    return 1
+  fi
+
+  backend="$(module_ip_config_detect_backend)"
+  case "$backend" in
+    networkmanager) module_ip_config_write_networkmanager "$iface" "$mode" "$address" "$prefix" "$gateway" "$dns" ;;
+    networkd) module_ip_config_write_networkd "$iface" "$mode" "$address" "$prefix" "$gateway" "$dns" ;;
+    *) module_ip_config_write_ifupdown "$iface" "$mode" "$address" "$prefix" "$gateway" "$dns" ;;
+  esac
+
+  mkdir -p "$(dirname "$POSTINSTALL_NETWORK_IP_STATE_FILE")"
+  {
+    printf 'INTERFACE=%s\n' "$iface"
+    printf 'MODE=%s\n' "$mode"
+    printf 'BACKEND=%s\n' "$backend"
+    printf 'ADDRESS=%s\n' "$address"
+    printf 'PREFIX=%s\n' "$prefix"
+    printf 'GATEWAY=%s\n' "$gateway"
+    printf 'DNS=%s\n' "$dns"
+  } > "$POSTINSTALL_NETWORK_IP_STATE_FILE"
+
+  log_info "Configuration IP appliquee sur $iface via $backend"
+  ui_success "Configuration IP appliquee sur $iface via $backend"
+}
+
+module_ip_config_test() {
+  test -f "$POSTINSTALL_NETWORK_IP_STATE_FILE" || return 1
+  ip addr >/dev/null 2>&1 || return 1
+}

modules/network/ip-config/tests.sh

@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+
+MODULE_NETWORK_IP_CONFIG_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(cd "$MODULE_NETWORK_IP_CONFIG_DIR/../../.." && pwd)"
+
+# shellcheck source=lib/ui.sh
+source "$PROJECT_ROOT/lib/ui.sh"
+# shellcheck source=lib/log.sh
+source "$PROJECT_ROOT/lib/log.sh"
+# shellcheck source=core/runtime.sh
+source "$PROJECT_ROOT/core/runtime.sh"
+# shellcheck source=modules/network/ip-config/module.sh
+source "$MODULE_NETWORK_IP_CONFIG_DIR/module.sh"
+
+runtime_init "$PROJECT_ROOT"
+log_init
+
+if ! test -f /etc/postinstall-debian/network-ip-config.conf; then
+  printf 'network-ip-config test SKIPPED: module configuration not applied\n'
+  exit 0
+fi
+
+if module_ip_config_test; then
+  printf 'network-ip-config test OK\n'
+else
+  printf 'network-ip-config test FAILED\n' >&2
+  exit 1
+fi

modules/network/mdns-avahi/config.sh

@@ -0,0 +1,4 @@
+POSTINSTALL_MDNS_AVAHI_ENABLE="yes"
+POSTINSTALL_MDNS_AVAHI_PUBLISH_WORKSTATION="yes"
+POSTINSTALL_MDNS_AVAHI_CONFIG_FILE="/etc/avahi/avahi-daemon.conf"
+POSTINSTALL_MDNS_AVAHI_SETTINGS_FILE="config/mdns-avahi.yaml"

modules/network/mdns-avahi/metadata.conf

@@ -0,0 +1,4 @@
+MODULE_ID="network/mdns-avahi"
+MODULE_NAME="Publication mDNS Avahi"
+MODULE_CATEGORY="network"
+MODULE_DESCRIPTION="Installe et configure Avahi pour publier la machine sur le reseau local"

modules/network/mdns-avahi/module.sh

@@ -0,0 +1,104 @@
+#!/usr/bin/env bash
+
+MODULE_MDNS_AVAHI_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+MODULE_MDNS_AVAHI_PROJECT_ROOT="$(cd "$MODULE_MDNS_AVAHI_DIR/../../.." && pwd)"
+
+# shellcheck source=lib/package.sh
+source "$MODULE_MDNS_AVAHI_PROJECT_ROOT/lib/package.sh"
+# shellcheck source=modules/network/mdns-avahi/config.sh
+source "$MODULE_MDNS_AVAHI_DIR/config.sh"
+# shellcheck source=modules/network/mdns-avahi/metadata.conf
+source "$MODULE_MDNS_AVAHI_DIR/metadata.conf"
+
+module_mdns_avahi_metadata() {
+  printf '%s|%s|%s\n' "$MODULE_ID" "$MODULE_NAME" "$MODULE_DESCRIPTION"
+}
+
+module_mdns_avahi_config_path() {
+  printf '%s/%s\n' "$MODULE_MDNS_AVAHI_PROJECT_ROOT" "$POSTINSTALL_MDNS_AVAHI_SETTINGS_FILE"
+}
+
+module_mdns_avahi_settings() {
+  local config_path=""
+  local enable_value="$POSTINSTALL_MDNS_AVAHI_ENABLE"
+  local publish_workstation="$POSTINSTALL_MDNS_AVAHI_PUBLISH_WORKSTATION"
+
+  config_path="$(module_mdns_avahi_config_path)"
+  if [[ -f "$config_path" ]]; then
+    while IFS='=' read -r key value; do
+      case "$key" in
+        enable) enable_value="$value" ;;
+        publish_workstation) publish_workstation="$value" ;;
+      esac
+    done < <(
+      awk '
+        /^[[:space:]]*enable:/ { print "enable=" $2 }
+        /^[[:space:]]*publish_workstation:/ { print "publish_workstation=" $2 }
+      ' "$config_path"
+    )
+  fi
+
+  printf '%s|%s\n' "$enable_value" "$publish_workstation"
+}
+
+module_mdns_avahi_require_package() {
+  if package_is_installed "avahi-daemon"; then
+    ui_info "Paquet avahi-daemon deja installe"
+    return 0
+  fi
+
+  ui_warn "Paquet avahi-daemon absent, installation en cours"
+  package_refresh_indexes
+  package_install avahi-daemon avahi-utils libnss-mdns
+  log_info "Paquets Avahi installes"
+  ui_success "Paquets Avahi installes"
+}
+
+module_mdns_avahi_write_config() {
+  local enable_value="${1:-$POSTINSTALL_MDNS_AVAHI_ENABLE}"
+  local publish_workstation="${2:-$POSTINSTALL_MDNS_AVAHI_PUBLISH_WORKSTATION}"
+  local disable_value="yes"
+
+  if [[ "$enable_value" == "yes" ]]; then
+    disable_value="no"
+  fi
+
+  cp "$POSTINSTALL_MDNS_AVAHI_CONFIG_FILE" "${POSTINSTALL_MDNS_AVAHI_CONFIG_FILE}.bak.postinstall" 2>/dev/null || true
+
+  sed -i \
+    -e "s/^#*disable-publishing=.*/disable-publishing=$disable_value/" \
+    -e "s/^#*publish-workstation=.*/publish-workstation=$publish_workstation/" \
+    "$POSTINSTALL_MDNS_AVAHI_CONFIG_FILE"
+}
+
+module_mdns_avahi_check() {
+  package_is_installed "avahi-daemon" || return 1
+  systemctl is-active --quiet avahi-daemon || return 1
+  grep -Eq '^disable-publishing=no$' "$POSTINSTALL_MDNS_AVAHI_CONFIG_FILE" || return 1
+}
+
+module_mdns_avahi_install() {
+  local settings=""
+  local enable_value=""
+  local publish_workstation=""
+
+  settings="$(module_mdns_avahi_settings)"
+  IFS='|' read -r enable_value publish_workstation <<< "$settings"
+
+  module_mdns_avahi_require_package || return 1
+  module_mdns_avahi_write_config "$enable_value" "$publish_workstation"
+
+  systemctl enable --now avahi-daemon
+  systemctl restart avahi-daemon
+
+  log_info "Avahi configure, publication=$enable_value workstation=$publish_workstation"
+  ui_success "Avahi configure"
+}
+
+module_mdns_avahi_test() {
+  package_is_installed "avahi-daemon" || return 1
+  test -f "$POSTINSTALL_MDNS_AVAHI_CONFIG_FILE" || return 1
+  test -f "$(module_mdns_avahi_config_path)" || return 1
+  systemctl is-active --quiet avahi-daemon || return 1
+  grep -Eq '^disable-publishing=(no|yes)$' "$POSTINSTALL_MDNS_AVAHI_CONFIG_FILE" || return 1
+}

modules/network/mdns-avahi/tests.sh

@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+MODULE_MDNS_AVAHI_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(cd "$MODULE_MDNS_AVAHI_DIR/../../.." && pwd)"
+
+# shellcheck source=lib/ui.sh
+source "$PROJECT_ROOT/lib/ui.sh"
+# shellcheck source=lib/log.sh
+source "$PROJECT_ROOT/lib/log.sh"
+# shellcheck source=lib/package.sh
+source "$PROJECT_ROOT/lib/package.sh"
+# shellcheck source=core/runtime.sh
+source "$PROJECT_ROOT/core/runtime.sh"
+# shellcheck source=modules/network/mdns-avahi/module.sh
+source "$MODULE_MDNS_AVAHI_DIR/module.sh"
+
+runtime_init "$PROJECT_ROOT"
+log_init
+
+if ! package_is_installed avahi-daemon; then
+  printf 'mdns-avahi test SKIPPED: avahi-daemon not installed\n'
+  exit 0
+fi
+
+if ! test -f "$PROJECT_ROOT/config/mdns-avahi.yaml"; then
+  printf 'mdns-avahi test FAILED: missing repository config\n' >&2
+  exit 1
+fi
+
+if ! systemctl status avahi-daemon >/dev/null 2>&1; then
+  printf 'mdns-avahi test SKIPPED: systemd status unavailable in this environment\n'
+  exit 0
+fi
+
+if module_mdns_avahi_test; then
+  printf 'mdns-avahi test OK\n'
+else
+  printf 'mdns-avahi test FAILED\n' >&2
+  exit 1
+fi

modules/network/nfs-client/config.sh

@@ -0,0 +1,2 @@
+POSTINSTALL_NFS_CLIENT_STATE_FILE="/etc/postinstall-debian/nfs-client.conf"
+POSTINSTALL_NFS_CLIENT_SHARES_FILE="config/nfs-client.shares.yaml"

modules/network/nfs-client/metadata.conf

@@ -0,0 +1,4 @@
+MODULE_ID="network/nfs-client"
+MODULE_NAME="Client NFS"
+MODULE_CATEGORY="network"
+MODULE_DESCRIPTION="Installe les utilitaires client NFS"

modules/network/nfs-client/module.sh

@@ -0,0 +1,219 @@
+#!/usr/bin/env bash
+
+MODULE_NFS_CLIENT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+MODULE_NFS_CLIENT_PROJECT_ROOT="$(cd "$MODULE_NFS_CLIENT_DIR/../../.." && pwd)"
+
+# shellcheck source=lib/package.sh
+source "$MODULE_NFS_CLIENT_PROJECT_ROOT/lib/package.sh"
+# shellcheck source=modules/network/nfs-client/config.sh
+source "$MODULE_NFS_CLIENT_DIR/config.sh"
+# shellcheck source=modules/network/nfs-client/metadata.conf
+source "$MODULE_NFS_CLIENT_DIR/metadata.conf"
+
+module_nfs_client_metadata() {
+  printf '%s|%s|%s\n' "$MODULE_ID" "$MODULE_NAME" "$MODULE_DESCRIPTION"
+}
+
+module_nfs_client_config_path() {
+  printf '%s/%s\n' "$MODULE_NFS_CLIENT_PROJECT_ROOT" "$POSTINSTALL_NFS_CLIENT_SHARES_FILE"
+}
+
+module_nfs_client_entries() {
+  local config_path=""
+  config_path="$(module_nfs_client_config_path)"
+
+  awk '
+    function flush() {
+      if (id != "") {
+        print id "|" name "|" description "|" server "|" remote_path "|" mount_path "|" access "|" mount_options "|" enabled
+      }
+    }
+    /^[[:space:]]*-[[:space:]]id:/ {
+      flush()
+      id=$0; sub(/.*id:[[:space:]]*/, "", id)
+      name=description=server=remote_path=mount_path=access=mount_options=enabled=""
+      next
+    }
+    /^[[:space:]]*name:/ { name=$0; sub(/.*name:[[:space:]]*/, "", name); next }
+    /^[[:space:]]*description:/ { description=$0; sub(/.*description:[[:space:]]*/, "", description); next }
+    /^[[:space:]]*server:/ { server=$0; sub(/.*server:[[:space:]]*/, "", server); next }
+    /^[[:space:]]*remote_path:/ { remote_path=$0; sub(/.*remote_path:[[:space:]]*/, "", remote_path); next }
+    /^[[:space:]]*mount_path:/ { mount_path=$0; sub(/.*mount_path:[[:space:]]*/, "", mount_path); next }
+    /^[[:space:]]*access:/ { access=$0; sub(/.*access:[[:space:]]*/, "", access); next }
+    /^[[:space:]]*mount_options:/ { mount_options=$0; sub(/.*mount_options:[[:space:]]*/, "", mount_options); next }
+    /^[[:space:]]*enabled_by_default:/ { enabled=$0; sub(/.*enabled_by_default:[[:space:]]*/, "", enabled); next }
+    END { flush() }
+  ' "$config_path"
+}
+
+module_nfs_client_default_ids() {
+  local entry=""
+  local ids=""
+
+  while IFS= read -r entry; do
+    [[ -n "$entry" ]] || continue
+    IFS='|' read -r share_id _ _ _ _ _ _ _ enabled <<< "$entry"
+    if [[ "$enabled" == "true" ]]; then
+      ids="${ids:+$ids,}$share_id"
+    fi
+  done < <(module_nfs_client_entries)
+
+  printf '%s\n' "$ids"
+}
+
+module_nfs_client_default_indices() {
+  local entry=""
+  local indices=""
+  local index=1
+
+  while IFS= read -r entry; do
+    [[ -n "$entry" ]] || continue
+    IFS='|' read -r share_id _ _ _ _ _ _ _ enabled <<< "$entry"
+    if [[ "$enabled" == "true" ]]; then
+      indices="${indices:+$indices,}$index"
+    fi
+    index=$((index + 1))
+  done < <(module_nfs_client_entries)
+
+  printf '%s\n' "$indices"
+}
+
+module_nfs_client_fstab_line() {
+  local server="$1"
+  local remote_path="$2"
+  local mount_path="$3"
+  local access="$4"
+  local mount_options="$5"
+  local options="$mount_options"
+
+  if [[ "$access" == "ro" && "$options" != *ro* ]]; then
+    options="${options},ro"
+  elif [[ "$access" == "rw" && "$options" != *rw* ]]; then
+    options="${options},rw"
+  fi
+
+  printf '%s:%s %s nfs %s 0 0' "$server" "$remote_path" "$mount_path" "$options"
+}
+
+module_nfs_client_enable_share() {
+  local share_id="$1"
+  local mount_now="${2:-no}"
+  local entry=""
+  local line=""
+
+  while IFS= read -r entry; do
+    [[ -n "$entry" ]] || continue
+    IFS='|' read -r current_id name description server remote_path mount_path access mount_options enabled <<< "$entry"
+    [[ "$current_id" == "$share_id" ]] || continue
+
+    mkdir -p "$mount_path"
+    line="$(module_nfs_client_fstab_line "$server" "$remote_path" "$mount_path" "$access" "$mount_options")"
+    if ! grep -Fq "$server:$remote_path $mount_path nfs" /etc/fstab; then
+      printf '%s\n' "$line" >> /etc/fstab
+      log_info "Partage NFS client ajoute a fstab : $share_id"
+      ui_success "Partage NFS active : $share_id"
+    else
+      ui_info "Partage NFS deja present dans fstab : $share_id"
+    fi
+
+    if [[ "$mount_now" == "yes" ]]; then
+      if command -v mountpoint >/dev/null 2>&1 && mountpoint -q "$mount_path"; then
+        ui_info "Partage deja monte : $mount_path"
+      elif mount "$mount_path"; then
+        log_info "Partage NFS monte : $share_id"
+        ui_success "Partage NFS monte : $share_id"
+      else
+        log_info "Echec du montage NFS : $share_id"
+        ui_warn "Impossible de monter immediatement $mount_path"
+      fi
+    fi
+
+    return 0
+  done < <(module_nfs_client_entries)
+
+  ui_warn "Partage NFS introuvable dans la configuration : $share_id"
+  return 1
+}
+
+module_nfs_client_active_entries() {
+  local entry=""
+
+  while IFS= read -r entry; do
+    [[ -n "$entry" ]] || continue
+    IFS='|' read -r current_id name description server remote_path mount_path access mount_options enabled <<< "$entry"
+    if grep -Fq "$server:$remote_path $mount_path nfs" /etc/fstab; then
+      printf '%s|%s|%s|%s|%s\n' "$current_id" "$name" "$mount_path" "$server:$remote_path" "$access"
+    fi
+  done < <(module_nfs_client_entries)
+}
+
+module_nfs_client_disable_share() {
+  local share_id="$1"
+  local entry=""
+  local temp_file=""
+
+  while IFS= read -r entry; do
+    [[ -n "$entry" ]] || continue
+    IFS='|' read -r current_id name description server remote_path mount_path access mount_options enabled <<< "$entry"
+    [[ "$current_id" == "$share_id" ]] || continue
+
+    if command -v mountpoint >/dev/null 2>&1 && mountpoint -q "$mount_path"; then
+      if umount "$mount_path"; then
+        log_info "Partage NFS demonte : $share_id"
+        ui_success "Partage NFS demonte : $share_id"
+      else
+        log_info "Echec du demontage NFS : $share_id"
+        ui_warn "Impossible de demonter $mount_path, suppression de l'entree fstab quand meme"
+      fi
+    fi
+
+    temp_file="$(mktemp)"
+    grep -Fv "$server:$remote_path $mount_path nfs" /etc/fstab > "$temp_file"
+    cat "$temp_file" > /etc/fstab
+    rm -f "$temp_file"
+
+    log_info "Partage NFS retire de fstab : $share_id"
+    ui_success "Partage NFS desactive : $share_id"
+    return 0
+  done < <(module_nfs_client_entries)
+
+  ui_warn "Partage NFS introuvable dans la configuration : $share_id"
+  return 1
+}
+
+module_nfs_client_install() {
+  local action="${1:-enable}"
+  local selected_ids="${2:-}"
+  local mount_now="${3:-no}"
+  local share_id=""
+
+  package_refresh_indexes
+  package_install nfs-common
+
+  if [[ -n "$selected_ids" ]]; then
+    while IFS= read -r share_id; do
+      [[ -n "$share_id" ]] || continue
+      if [[ "$action" == "disable" ]]; then
+        module_nfs_client_disable_share "$share_id"
+      else
+        module_nfs_client_enable_share "$share_id" "$mount_now"
+      fi
+    done < <(printf '%s\n' "$selected_ids" | tr ',' '\n' | sed 's/^[[:space:]]*//;s/[[:space:]]*$//' | sed '/^$/d')
+  fi
+
+  mkdir -p "$(dirname "$POSTINSTALL_NFS_CLIENT_STATE_FILE")"
+  {
+    printf 'ENABLED=yes\n'
+    printf 'ACTION=%s\n' "$action"
+    printf 'SHARES=%s\n' "$selected_ids"
+    printf 'MOUNT_NOW=%s\n' "$mount_now"
+  } > "$POSTINSTALL_NFS_CLIENT_STATE_FILE"
+  log_info "Client NFS installe"
+  ui_success "Client NFS installe"
+}
+
+module_nfs_client_test() {
+  package_is_installed nfs-common || return 1
+  command -v mount.nfs >/dev/null 2>&1 || return 1
+  test -f "$(module_nfs_client_config_path)" || return 1
+}

modules/network/nfs-client/tests.sh

@@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+
+MODULE_NFS_CLIENT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(cd "$MODULE_NFS_CLIENT_DIR/../../.." && pwd)"
+
+# shellcheck source=lib/ui.sh
+source "$PROJECT_ROOT/lib/ui.sh"
+# shellcheck source=lib/log.sh
+source "$PROJECT_ROOT/lib/log.sh"
+# shellcheck source=lib/package.sh
+source "$PROJECT_ROOT/lib/package.sh"
+# shellcheck source=core/runtime.sh
+source "$PROJECT_ROOT/core/runtime.sh"
+# shellcheck source=modules/network/nfs-client/module.sh
+source "$MODULE_NFS_CLIENT_DIR/module.sh"
+
+runtime_init "$PROJECT_ROOT"
+log_init
+
+if ! package_is_installed nfs-common; then
+  printf 'nfs-client test SKIPPED: nfs-common not installed\n'
+  exit 0
+fi
+
+if ! test -f "$PROJECT_ROOT/config/nfs-client.shares.yaml"; then
+  printf 'nfs-client test FAILED: missing repository config\n' >&2
+  exit 1
+fi
+
+if module_nfs_client_test; then
+  printf 'nfs-client test OK\n'
+else
+  printf 'nfs-client test FAILED\n' >&2
+  exit 1
+fi

modules/network/nfs-server/config.sh

@@ -0,0 +1,5 @@
+POSTINSTALL_NFS_SERVER_EXPORT_PATH="/srv/nfs/share"
+POSTINSTALL_NFS_SERVER_CLIENTS="10.0.0.0/22"
+POSTINSTALL_NFS_SERVER_EXPORT_MODE="rw"
+POSTINSTALL_NFS_SERVER_EXPORT_FILE="/etc/exports.d/postinstall.exports"
+POSTINSTALL_NFS_SERVER_EXPORTS_FILE="config/nfs-server.exports.yaml"

modules/network/nfs-server/metadata.conf

@@ -0,0 +1,4 @@
+MODULE_ID="network/nfs-server"
+MODULE_NAME="Serveur NFS"
+MODULE_CATEGORY="network"
+MODULE_DESCRIPTION="Installe et configure un export NFS"

modules/network/nfs-server/module.sh

@@ -0,0 +1,144 @@
+#!/usr/bin/env bash
+
+MODULE_NFS_SERVER_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+MODULE_NFS_SERVER_PROJECT_ROOT="$(cd "$MODULE_NFS_SERVER_DIR/../../.." && pwd)"
+
+# shellcheck source=lib/package.sh
+source "$MODULE_NFS_SERVER_PROJECT_ROOT/lib/package.sh"
+# shellcheck source=modules/network/nfs-server/config.sh
+source "$MODULE_NFS_SERVER_DIR/config.sh"
+# shellcheck source=modules/network/nfs-server/metadata.conf
+source "$MODULE_NFS_SERVER_DIR/metadata.conf"
+
+module_nfs_server_metadata() {
+  printf '%s|%s|%s\n' "$MODULE_ID" "$MODULE_NAME" "$MODULE_DESCRIPTION"
+}
+
+module_nfs_server_config_path() {
+  printf '%s/%s\n' "$MODULE_NFS_SERVER_PROJECT_ROOT" "$POSTINSTALL_NFS_SERVER_EXPORTS_FILE"
+}
+
+module_nfs_server_entries() {
+  local config_path=""
+  config_path="$(module_nfs_server_config_path)"
+
+  awk '
+    function flush() {
+      if (id != "") {
+        print id "|" path "|" clients "|" options "|" description
+      }
+    }
+    /^[[:space:]]*-[[:space:]]id:/ {
+      flush()
+      id=$0; sub(/.*id:[[:space:]]*/, "", id)
+      path=clients=options=description=""
+      next
+    }
+    /^[[:space:]]*path:/ { path=$0; sub(/.*path:[[:space:]]*/, "", path); next }
+    /^[[:space:]]*clients:/ { clients=$0; sub(/.*clients:[[:space:]]*/, "", clients); next }
+    /^[[:space:]]*options:/ { options=$0; sub(/.*options:[[:space:]]*/, "", options); next }
+    /^[[:space:]]*description:/ { description=$0; sub(/.*description:[[:space:]]*/, "", description); next }
+    END { flush() }
+  ' "$config_path"
+}
+
+module_nfs_server_repo_lines() {
+  local entry=""
+
+  while IFS= read -r entry; do
+    [[ -n "$entry" ]] || continue
+    IFS='|' read -r export_id export_path clients options description <<< "$entry"
+    printf '%s %s(%s)\n' "$export_path" "$clients" "$options"
+  done < <(module_nfs_server_entries)
+}
+
+module_nfs_server_write_managed_file() {
+  local temp_file="$1"
+
+  {
+    printf '# BEGIN postinstall-debian managed exports\n'
+    cat "$temp_file"
+    printf '# END postinstall-debian managed exports\n'
+  } > "$POSTINSTALL_NFS_SERVER_EXPORT_FILE"
+}
+
+module_nfs_server_sync_add_only() {
+  local line=""
+  local current_content=""
+  local temp_file=""
+
+  mkdir -p /etc/exports.d
+  temp_file="$(mktemp)"
+
+  if [[ -f "$POSTINSTALL_NFS_SERVER_EXPORT_FILE" ]]; then
+    awk '
+      /^# BEGIN postinstall-debian managed exports$/ { skip=1; next }
+      /^# END postinstall-debian managed exports$/ { skip=0; next }
+      !skip { print }
+    ' "$POSTINSTALL_NFS_SERVER_EXPORT_FILE" > "$temp_file"
+  fi
+
+  while IFS= read -r line; do
+    [[ -n "$line" ]] || continue
+    mkdir -p "${line%% *}"
+    if ! grep -Fq "$line" "$temp_file"; then
+      printf '%s\n' "$line" >> "$temp_file"
+      log_info "Export NFS ajoute depuis le repo : $line"
+      ui_success "Export NFS ajoute"
+    else
+      ui_info "Export NFS deja present : $line"
+    fi
+  done < <(module_nfs_server_repo_lines)
+
+  module_nfs_server_write_managed_file "$temp_file"
+  rm -f "$temp_file"
+}
+
+module_nfs_server_sync_strict() {
+  local temp_file=""
+  local line=""
+
+  mkdir -p /etc/exports.d
+  temp_file="$(mktemp)"
+
+  while IFS= read -r line; do
+    [[ -n "$line" ]] || continue
+    mkdir -p "${line%% *}"
+    printf '%s\n' "$line" >> "$temp_file"
+  done < <(module_nfs_server_repo_lines)
+
+  module_nfs_server_write_managed_file "$temp_file"
+  rm -f "$temp_file"
+
+  log_info "Exports NFS synchronises en mode strict"
+  ui_success "Exports NFS synchronises en mode strict"
+}
+
+module_nfs_server_install() {
+  local sync_mode="${1:-add-only}"
+
+  package_refresh_indexes
+  package_install nfs-kernel-server
+
+  if [[ "$sync_mode" == "strict" ]]; then
+    module_nfs_server_sync_strict
+  elif [[ "$sync_mode" == "add-only" || "$sync_mode" == "repo" ]]; then
+    module_nfs_server_sync_add_only
+  else
+    mkdir -p "$POSTINSTALL_NFS_SERVER_EXPORT_PATH"
+    printf '%s %s(%s,sync,no_subtree_check)\n' "$POSTINSTALL_NFS_SERVER_EXPORT_PATH" "$POSTINSTALL_NFS_SERVER_CLIENTS" "$POSTINSTALL_NFS_SERVER_EXPORT_MODE" > "$POSTINSTALL_NFS_SERVER_EXPORT_FILE"
+  fi
+
+  exportfs -ra
+  systemctl enable --now nfs-kernel-server
+  systemctl restart nfs-kernel-server
+
+  log_info "Serveur NFS synchronise depuis le repo"
+  ui_success "Serveur NFS configure"
+}
+
+module_nfs_server_test() {
+  package_is_installed nfs-kernel-server || return 1
+  test -f "$POSTINSTALL_NFS_SERVER_EXPORT_FILE" || return 1
+  test -f "$(module_nfs_server_config_path)" || return 1
+}

modules/network/nfs-server/tests.sh

@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+MODULE_NFS_SERVER_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(cd "$MODULE_NFS_SERVER_DIR/../../.." && pwd)"
+
+# shellcheck source=lib/ui.sh
+source "$PROJECT_ROOT/lib/ui.sh"
+# shellcheck source=lib/log.sh
+source "$PROJECT_ROOT/lib/log.sh"
+# shellcheck source=lib/package.sh
+source "$PROJECT_ROOT/lib/package.sh"
+# shellcheck source=core/runtime.sh
+source "$PROJECT_ROOT/core/runtime.sh"
+# shellcheck source=modules/network/nfs-server/module.sh
+source "$MODULE_NFS_SERVER_DIR/module.sh"
+
+runtime_init "$PROJECT_ROOT"
+log_init
+
+if ! package_is_installed nfs-kernel-server; then
+  printf 'nfs-server test SKIPPED: nfs-kernel-server not installed\n'
+  exit 0
+fi
+
+if ! test -f "$PROJECT_ROOT/config/nfs-server.exports.yaml"; then
+  printf 'nfs-server test FAILED: missing repository config\n' >&2
+  exit 1
+fi
+
+if ! test -f /etc/exports.d/postinstall.exports; then
+  printf 'nfs-server test SKIPPED: module configuration not applied\n'
+  exit 0
+fi
+
+if module_nfs_server_test; then
+  printf 'nfs-server test OK\n'
+else
+  printf 'nfs-server test FAILED\n' >&2
+  exit 1
+fi

modules/network/samba-share/config.sh

@@ -0,0 +1,8 @@
+POSTINSTALL_SAMBA_SHARE_NAME="public"
+POSTINSTALL_SAMBA_SHARE_PATH="/home/gilles"
+POSTINSTALL_SAMBA_SHARE_USER="gilles"
+POSTINSTALL_SAMBA_SHARE_READ_ONLY="yes"
+POSTINSTALL_SAMBA_SHARE_PUBLIC="yes"
+POSTINSTALL_SAMBA_CONFIG_DIR="/etc/samba"
+POSTINSTALL_SAMBA_INCLUDE_FILE="/etc/samba/smb.conf.d/postinstall-home.conf"
+POSTINSTALL_SAMBA_SHARES_FILE="config/samba-shares.yaml"

modules/network/samba-share/metadata.conf

@@ -0,0 +1,4 @@
+MODULE_ID="network/samba-share"
+MODULE_NAME="Partage Samba public"
+MODULE_CATEGORY="network"
+MODULE_DESCRIPTION="Installe Samba et partage un dossier sur le reseau local"

modules/network/samba-share/module.sh

@@ -0,0 +1,186 @@
+#!/usr/bin/env bash
+
+MODULE_SAMBA_SHARE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+MODULE_SAMBA_SHARE_PROJECT_ROOT="$(cd "$MODULE_SAMBA_SHARE_DIR/../../.." && pwd)"
+
+# shellcheck source=lib/package.sh
+source "$MODULE_SAMBA_SHARE_PROJECT_ROOT/lib/package.sh"
+# shellcheck source=lib/system.sh
+source "$MODULE_SAMBA_SHARE_PROJECT_ROOT/lib/system.sh"
+# shellcheck source=modules/network/samba-share/config.sh
+source "$MODULE_SAMBA_SHARE_DIR/config.sh"
+# shellcheck source=modules/network/samba-share/metadata.conf
+source "$MODULE_SAMBA_SHARE_DIR/metadata.conf"
+
+module_samba_share_metadata() {
+  printf '%s|%s|%s\n' "$MODULE_ID" "$MODULE_NAME" "$MODULE_DESCRIPTION"
+}
+
+module_samba_share_config_path() {
+  printf '%s/%s\n' "$MODULE_SAMBA_SHARE_PROJECT_ROOT" "$POSTINSTALL_SAMBA_SHARES_FILE"
+}
+
+module_samba_share_global_settings() {
+  local config_path=""
+  local workgroup="WORKGROUP"
+  local wsdd2_enabled="yes"
+
+  config_path="$(module_samba_share_config_path)"
+  if [[ -f "$config_path" ]]; then
+    while IFS='=' read -r key value; do
+      case "$key" in
+        workgroup) workgroup="$value" ;;
+        wsdd2) wsdd2_enabled="$value" ;;
+      esac
+    done < <(
+      awk '
+        /^[[:space:]]*workgroup:/ { print "workgroup=" $2 }
+        /^[[:space:]]*wsdd2:/ { print "wsdd2=" $2 }
+      ' "$config_path"
+    )
+  fi
+
+  printf '%s|%s\n' "$workgroup" "$wsdd2_enabled"
+}
+
+module_samba_share_entries() {
+  local config_path=""
+  config_path="$(module_samba_share_config_path)"
+
+  awk '
+    function flush() {
+      if (id != "") {
+        print id "|" name "|" path "|" user "|" read_only "|" public "|" description
+      }
+    }
+    /^[[:space:]]*-[[:space:]]id:/ {
+      flush()
+      id=$0; sub(/.*id:[[:space:]]*/, "", id)
+      name=path=user=read_only=public=description=""
+      next
+    }
+    /^[[:space:]]*name:/ { name=$0; sub(/.*name:[[:space:]]*/, "", name); next }
+    /^[[:space:]]*path:/ { path=$0; sub(/.*path:[[:space:]]*/, "", path); next }
+    /^[[:space:]]*user:/ { user=$0; sub(/.*user:[[:space:]]*/, "", user); next }
+    /^[[:space:]]*read_only:/ { read_only=$0; sub(/.*read_only:[[:space:]]*/, "", read_only); next }
+    /^[[:space:]]*public:/ { public=$0; sub(/.*public:[[:space:]]*/, "", public); next }
+    /^[[:space:]]*description:/ { description=$0; sub(/.*description:[[:space:]]*/, "", description); next }
+    END { flush() }
+  ' "$config_path"
+}
+
+module_samba_share_ensure_include() {
+  mkdir -p /etc/samba/smb.conf.d
+  if ! grep -Fq 'include = /etc/samba/smb.conf.d/postinstall-home.conf' /etc/samba/smb.conf; then
+    printf '\ninclude = /etc/samba/smb.conf.d/postinstall-home.conf\n' >> /etc/samba/smb.conf
+  fi
+}
+
+module_samba_share_manage_wsdd2() {
+  local wsdd2_enabled="$1"
+
+  if [[ "$wsdd2_enabled" == "yes" ]]; then
+    if package_install wsdd2; then
+      systemctl enable --now wsdd2 || ui_warn "Impossible d'activer wsdd2"
+    else
+      ui_warn "Paquet wsdd2 indisponible ou installation echouee"
+    fi
+  fi
+}
+
+module_samba_share_render_block() {
+  local share_name="$1"
+  local share_path="$2"
+  local share_user="$3"
+  local read_only="$4"
+  local is_public="$5"
+
+  cat <<EOF
+[$share_name]
+   path = $share_path
+   browseable = yes
+   read only = $read_only
+   guest ok = $is_public
+   public = $is_public
+   force user = $share_user
+   create mask = 0644
+   directory mask = 0755
+EOF
+}
+
+module_samba_share_sync_file() {
+  local sync_mode="${1:-add-only}"
+  local settings=""
+  local workgroup=""
+  local wsdd2_enabled=""
+  local entry=""
+  local temp_file=""
+  local rendered_file=""
+
+  settings="$(module_samba_share_global_settings)"
+  IFS='|' read -r workgroup wsdd2_enabled <<< "$settings"
+
+  mkdir -p /etc/samba/smb.conf.d
+  temp_file="$(mktemp)"
+  rendered_file="$(mktemp)"
+
+  if [[ "$sync_mode" == "add-only" && -f "$POSTINSTALL_SAMBA_INCLUDE_FILE" ]]; then
+    awk '
+      /^# BEGIN postinstall-debian managed samba$/ { skip=1; next }
+      /^# END postinstall-debian managed samba$/ { skip=0; next }
+      !skip { print }
+    ' "$POSTINSTALL_SAMBA_INCLUDE_FILE" > "$temp_file"
+  fi
+
+  while IFS= read -r entry; do
+    [[ -n "$entry" ]] || continue
+    IFS='|' read -r share_id share_name share_path share_user read_only is_public description <<< "$entry"
+
+    if ! system_user_exists "$share_user"; then
+      ui_warn "Utilisateur Samba introuvable, partage ignore : $share_user"
+      continue
+    fi
+
+    mkdir -p "$share_path"
+    chown "$share_user:$share_user" "$share_path"
+    module_samba_share_render_block "$share_name" "$share_path" "$share_user" "$read_only" "$is_public" >> "$rendered_file"
+    printf '\n' >> "$rendered_file"
+  done < <(module_samba_share_entries)
+
+  {
+    cat "$temp_file"
+    printf '# BEGIN postinstall-debian managed samba\n'
+    printf '[global]\n'
+    printf '   workgroup = %s\n' "$workgroup"
+    printf '   map to guest = Bad User\n'
+    printf '   server min protocol = SMB2\n\n'
+    cat "$rendered_file"
+    printf '# END postinstall-debian managed samba\n'
+  } > "$POSTINSTALL_SAMBA_INCLUDE_FILE"
+
+  module_samba_share_manage_wsdd2 "$wsdd2_enabled"
+  rm -f "$temp_file" "$rendered_file"
+}
+
+module_samba_share_install() {
+  local sync_mode="${1:-add-only}"
+
+  package_refresh_indexes
+  package_install samba
+  module_samba_share_ensure_include
+  module_samba_share_sync_file "$sync_mode"
+
+  testparm -s >/dev/null || return 1
+  systemctl enable --now smbd
+  systemctl restart smbd
+
+  log_info "Partages Samba synchronises depuis le repo"
+  ui_success "Partages Samba configures"
+}
+
+module_samba_share_test() {
+  package_is_installed samba || return 1
+  test -f "$POSTINSTALL_SAMBA_INCLUDE_FILE" || return 1
+  test -f "$(module_samba_share_config_path)" || return 1
+  testparm -s >/dev/null 2>&1 || return 1
+}

modules/network/samba-share/tests.sh

@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+MODULE_SAMBA_SHARE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(cd "$MODULE_SAMBA_SHARE_DIR/../../.." && pwd)"
+
+# shellcheck source=lib/ui.sh
+source "$PROJECT_ROOT/lib/ui.sh"
+# shellcheck source=lib/log.sh
+source "$PROJECT_ROOT/lib/log.sh"
+# shellcheck source=lib/package.sh
+source "$PROJECT_ROOT/lib/package.sh"
+# shellcheck source=core/runtime.sh
+source "$PROJECT_ROOT/core/runtime.sh"
+# shellcheck source=modules/network/samba-share/module.sh
+source "$MODULE_SAMBA_SHARE_DIR/module.sh"
+
+runtime_init "$PROJECT_ROOT"
+log_init
+
+if ! package_is_installed samba; then
+  printf 'samba-share test SKIPPED: samba not installed\n'
+  exit 0
+fi
+
+if ! test -f "$PROJECT_ROOT/config/samba-shares.yaml"; then
+  printf 'samba-share test FAILED: missing repository config\n' >&2
+  exit 1
+fi
+
+if ! test -f /etc/samba/smb.conf.d/postinstall-home.conf; then
+  printf 'samba-share test SKIPPED: module configuration not applied\n'
+  exit 0
+fi
+
+if module_samba_share_test; then
+  printf 'samba-share test OK\n'
+else
+  printf 'samba-share test FAILED\n' >&2
+  exit 1
+fi

modules/network/ssh-server/config.sh

@@ -0,0 +1,6 @@
+POSTINSTALL_SSH_PORT="22"
+POSTINSTALL_SSH_PASSWORD_AUTH="yes"
+POSTINSTALL_SSH_ROOT_LOGIN="no"
+POSTINSTALL_SSH_CONFIG_DIR="/etc/ssh/sshd_config.d"
+POSTINSTALL_SSH_CONFIG_FILE="/etc/ssh/sshd_config.d/postinstall-debian.conf"
+POSTINSTALL_SSH_SETTINGS_FILE="config/ssh-server.yaml"

modules/network/ssh-server/metadata.conf

@@ -0,0 +1,4 @@
+MODULE_ID="network/ssh-server"
+MODULE_NAME="Serveur SSH"
+MODULE_CATEGORY="network"
+MODULE_DESCRIPTION="Installe et configure openssh-server pour l'administration distante"

modules/network/ssh-server/module.sh

@@ -0,0 +1,132 @@
+#!/usr/bin/env bash
+
+MODULE_SSH_SERVER_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+MODULE_SSH_SERVER_PROJECT_ROOT="$(cd "$MODULE_SSH_SERVER_DIR/../../.." && pwd)"
+
+# shellcheck source=lib/package.sh
+source "$MODULE_SSH_SERVER_PROJECT_ROOT/lib/package.sh"
+# shellcheck source=modules/network/ssh-server/config.sh
+source "$MODULE_SSH_SERVER_DIR/config.sh"
+# shellcheck source=modules/network/ssh-server/metadata.conf
+source "$MODULE_SSH_SERVER_DIR/metadata.conf"
+
+module_ssh_server_metadata() {
+  printf '%s|%s|%s\n' "$MODULE_ID" "$MODULE_NAME" "$MODULE_DESCRIPTION"
+}
+
+module_ssh_server_config_path() {
+  printf '%s/%s\n' "$MODULE_SSH_SERVER_PROJECT_ROOT" "$POSTINSTALL_SSH_SETTINGS_FILE"
+}
+
+module_ssh_server_settings() {
+  local config_path=""
+  local port="$POSTINSTALL_SSH_PORT"
+  local password_auth="$POSTINSTALL_SSH_PASSWORD_AUTH"
+  local root_login="$POSTINSTALL_SSH_ROOT_LOGIN"
+
+  config_path="$(module_ssh_server_config_path)"
+  if [[ -f "$config_path" ]]; then
+    while IFS='=' read -r key value; do
+      case "$key" in
+        port) port="$value" ;;
+        password_authentication) password_auth="$value" ;;
+        permit_root_login) root_login="$value" ;;
+      esac
+    done < <(
+      awk '
+        /^[[:space:]]*port:/ { print "port=" $2 }
+        /^[[:space:]]*password_authentication:/ { print "password_authentication=" $2 }
+        /^[[:space:]]*permit_root_login:/ { print "permit_root_login=" $2 }
+      ' "$config_path"
+    )
+  fi
+
+  printf '%s|%s|%s\n' "$port" "$password_auth" "$root_login"
+}
+
+module_ssh_server_validate_port() {
+  local port="$1"
+
+  [[ "$port" =~ ^[0-9]+$ ]] || return 1
+  (( port >= 1 && port <= 65535 ))
+}
+
+module_ssh_server_require_package() {
+  if package_is_installed "openssh-server"; then
+    ui_info "Paquet openssh-server deja installe"
+    return 0
+  fi
+
+  ui_warn "Paquet openssh-server absent, installation en cours"
+  package_refresh_indexes
+  package_install openssh-server
+  log_info "Paquet openssh-server installe"
+  ui_success "Paquet openssh-server installe"
+}
+
+module_ssh_server_write_config() {
+  local ssh_port="${1:-$POSTINSTALL_SSH_PORT}"
+  local password_auth="${2:-$POSTINSTALL_SSH_PASSWORD_AUTH}"
+  local root_login="${3:-$POSTINSTALL_SSH_ROOT_LOGIN}"
+
+  mkdir -p "$POSTINSTALL_SSH_CONFIG_DIR"
+  cat > "$POSTINSTALL_SSH_CONFIG_FILE" <<EOF
+# Fichier gere par postinstall-debian
+Port $ssh_port
+PasswordAuthentication $password_auth
+PermitRootLogin $root_login
+UsePAM yes
+X11Forwarding no
+EOF
+}
+
+module_ssh_server_check() {
+  local ssh_port="${1:-$POSTINSTALL_SSH_PORT}"
+
+  package_is_installed "openssh-server" || return 1
+  systemctl is-active --quiet ssh || return 1
+  ss -ltn 2>/dev/null | awk '{print $4}' | grep -Eq "(^|:)$ssh_port$"
+}
+
+module_ssh_server_install() {
+  local settings=""
+  local ssh_port=""
+  local password_auth=""
+  local root_login=""
+
+  settings="$(module_ssh_server_settings)"
+  IFS='|' read -r ssh_port password_auth root_login <<< "$settings"
+
+  if ! module_ssh_server_validate_port "$ssh_port"; then
+    ui_error "Port SSH invalide : $ssh_port"
+    return 1
+  fi
+
+  module_ssh_server_require_package || return 1
+  module_ssh_server_write_config "$ssh_port" "$password_auth" "$root_login"
+
+  if command -v sshd >/dev/null 2>&1; then
+    sshd -t || return 1
+  fi
+
+  systemctl enable --now ssh
+  systemctl restart ssh
+
+  log_info "Serveur SSH configure sur le port $ssh_port"
+  ui_success "Serveur SSH configure sur le port $ssh_port"
+}
+
+module_ssh_server_test() {
+  local settings=""
+  local ssh_port=""
+
+  settings="$(module_ssh_server_settings)"
+  IFS='|' read -r ssh_port _ _ <<< "$settings"
+
+  package_is_installed "openssh-server" || return 1
+  command -v ssh >/dev/null 2>&1 || return 1
+  test -f "$POSTINSTALL_SSH_CONFIG_FILE" || return 1
+  test -f "$(module_ssh_server_config_path)" || return 1
+  systemctl is-active --quiet ssh || return 1
+  ss -ltn 2>/dev/null | awk '{print $4}' | grep -Eq "(^|:)$ssh_port$"
+}

modules/network/ssh-server/tests.sh

@@ -0,0 +1,45 @@
+#!/usr/bin/env bash
+
+MODULE_SSH_SERVER_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(cd "$MODULE_SSH_SERVER_DIR/../../.." && pwd)"
+
+# shellcheck source=lib/ui.sh
+source "$PROJECT_ROOT/lib/ui.sh"
+# shellcheck source=lib/log.sh
+source "$PROJECT_ROOT/lib/log.sh"
+# shellcheck source=lib/package.sh
+source "$PROJECT_ROOT/lib/package.sh"
+# shellcheck source=core/runtime.sh
+source "$PROJECT_ROOT/core/runtime.sh"
+# shellcheck source=modules/network/ssh-server/module.sh
+source "$MODULE_SSH_SERVER_DIR/module.sh"
+
+runtime_init "$PROJECT_ROOT"
+log_init
+
+if ! package_is_installed openssh-server; then
+  printf 'ssh-server test SKIPPED: openssh-server not installed\n'
+  exit 0
+fi
+
+if ! test -f "$PROJECT_ROOT/config/ssh-server.yaml"; then
+  printf 'ssh-server test FAILED: missing repository config\n' >&2
+  exit 1
+fi
+
+if ! systemctl status ssh >/dev/null 2>&1; then
+  printf 'ssh-server test SKIPPED: systemd status unavailable in this environment\n'
+  exit 0
+fi
+
+if ! test -f /etc/ssh/sshd_config.d/postinstall-debian.conf; then
+  printf 'ssh-server test SKIPPED: module configuration not applied\n'
+  exit 0
+fi
+
+if module_ssh_server_test "${1:-22}"; then
+  printf 'ssh-server test OK\n'
+else
+  printf 'ssh-server test FAILED\n' >&2
+  exit 1
+fi