diff --git a/Metadata/groups.xml b/Metadata/groups.xml
index 03d3e9b..ac1d93b 100644
--- a/Metadata/groups.xml
+++ b/Metadata/groups.xml
@@ -23,6 +23,7 @@
+
@@ -221,7 +222,6 @@
-
@@ -260,8 +260,7 @@
-
-
+
@@ -1381,15 +1380,13 @@
-
-
-
-
-
+
+
+
diff --git a/Python/etc/monit/services b/Python/etc/monit/services
index f7ed620..3372bac 100644
--- a/Python/etc/monit/services
+++ b/Python/etc/monit/services
@@ -250,7 +250,7 @@ service("openvpn-freebox",
init="openvpn",
extra=["depends on openvpn-odlyd"])
-pg_version = '9.1'
+pg_version = '9.4'
service("pgsql-server",
name="postgresql",
init="postgresql",
diff --git a/Python/etc/postgresql/9.1/main/pg_hba.conf b/Python/etc/postgresql/9.1/main/pg_hba.conf
deleted file mode 100644
index 0c6bced..0000000
--- a/Python/etc/postgresql/9.1/main/pg_hba.conf
+++ /dev/null
@@ -1,185 +0,0 @@
-info["owner"] = "postgres"
-info["group"] = "postgres"
-info["mode"] = 0640
-
-include("ldap_conn")
-
-conn = ldap_conn
-
-comment_start = "#"
-header("Gestion du mapping avec les base de données")
-
-# Ip des serveurs
-def ipv4(serveur):
- return str(conn.search(u'host=%s.adm.crans.org' % serveur)[0]['ipHostNumber'][0])
-def ipv6(serveur):
- return str(conn.search(u'host=%s.adm.crans.org' % serveur)[0]['ip6HostNumber'][0])
-
-serveurs = ['o2','zamok','asterisk','kenobi','owl','roundcube','horde','mediadrop','titanic','soyouz','redisdead','owncloud']
-
-ip_serveurs = dict()
-for serv in serveurs:
- ip_serveurs['ipv4'+serv] = ipv4(serv)
- ip_serveurs['ipv6'+serv] = ipv6(serv)
-
-out("""# PostgreSQL Client Authentication Configuration File
-# ===================================================
-#
-# Refer to the "Client Authentication" section in the PostgreSQL
-# documentation for a complete description of this file. A short
-# synopsis follows.
-#
-# This file controls: which hosts are allowed to connect, how clients
-# are authenticated, which PostgreSQL user names they can use, which
-# databases they can access. Records take one of these forms:
-#
-# local DATABASE USER METHOD [OPTIONS]
-# host DATABASE USER ADDRESS METHOD [OPTIONS]
-# hostssl DATABASE USER ADDRESS METHOD [OPTIONS]
-# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS]
-#
-# (The uppercase items must be replaced by actual values.)
-#
-# The first field is the connection type: "local" is a Unix-domain
-# socket, "host" is either a plain or SSL-encrypted TCP/IP socket,
-# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a
-# plain TCP/IP socket.
-#
-# DATABASE can be "all", "sameuser", "samerole", "replication", a
-# database name, or a comma-separated list thereof. The "all"
-# keyword does not match "replication". Access to replication
-# must be enabled in a separate record (see example below).
-#
-# USER can be "all", a user name, a group name prefixed with "+", or a
-# comma-separated list thereof. In both the DATABASE and USER fields
-# you can also write a file name prefixed with "@" to include names
-# from a separate file.
-#
-# ADDRESS specifies the set of hosts the record matches. It can be a
-# host name, or it is made up of an IP address and a CIDR mask that is
-# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that
-# specifies the number of significant bits in the mask. A host name
-# that starts with a dot (.) matches a suffix of the actual host name.
-# Alternatively, you can write an IP address and netmask in separate
-# columns to specify the set of hosts. Instead of a CIDR-address, you
-# can write "samehost" to match any of the server's own IP addresses,
-# or "samenet" to match any address in any subnet that the server is
-# directly connected to.
-#
-# METHOD can be "trust", "reject", "md5", "password", "gss", "sspi",
-# "krb5", "ident", "peer", "pam", "ldap", "radius" or "cert". Note that
-# "password" sends passwords in clear text; "md5" is preferred since
-# it sends encrypted passwords.
-#
-# OPTIONS are a set of options for the authentication in the format
-# NAME=VALUE. The available options depend on the different
-# authentication methods -- refer to the "Client Authentication"
-# section in the documentation for a list of which options are
-# available for which authentication methods.
-#
-# Database and user names containing spaces, commas, quotes and other
-# special characters must be quoted. Quoting one of the keywords
-# "all", "sameuser", "samerole" or "replication" makes the name lose
-# its special character, and just match a database or username with
-# that name.
-#
-# This file is read on server startup and when the postmaster receives
-# a SIGHUP signal. If you edit the file on a running system, you have
-# to SIGHUP the postmaster for the changes to take effect. You can
-# use "pg_ctl reload" to do that.
-
-#Attention; do not REMOVE this line
-# Database administrative login by Unix domain socket
-local all postgres peer
-""")
-
-if has("pgsql-server-test"):
- out("""host all all 127.0.0.1/32 trust
-host django all 127.0.0.1/32 ident map=intranet""")
-
-else:
- out("""# TYPE DATABASE USER ADDRESS METHOD
-host Syslog rsyslog 127.0.0.1/32 md5
-
-#Intranet : venant d'o2, on autorise l'ecriture""")
-
- out("""host django crans """ + ip_serveurs['ipv4o2'] + """/32 ident map=django""")
- out("""host django crans """ + ip_serveurs['ipv6o2'] + """/128 ident map=django""")
-
- out("""
-# Asterisk a besoin d'écrire depuis asterisk et depuis zamok""")
-
- out("""host django crans """ + ip_serveurs['ipv4asterisk'] + """/32 ident map=django""")
- out("""host django crans """ + ip_serveurs['ipv4zamok'] + """/32 ident map=django""")
-
- out("""
-# Tout le reste sur adm est django_ro et crans_ro, pas besoin d'écrire""")
-
- out("""host django crans_ro 10.231.136.0/24 ident map=django_ro""")
- out("""host django crans_ro 2a01:240:fe3d:c804::/64 ident map=django_ro""")
-
- out("""
-# kenobi""")
- out("""host etherpad crans """ + ip_serveurs['ipv4kenobi'] + """/32 ident map=etherpad""")
-
- out("""
-# On autorise tout pour owl TODO : à proprifier""")
- out("""host roundcube roundcube """ + ip_serveurs['ipv4owl'] + """/32 ident map=webmail""")
- out("""host roundcube roundcube """ + ip_serveurs['ipv6owl'] + """/128 ident map=webmail""")
- out("""host all all """ + ip_serveurs['ipv4owl'] + """/32 ident""")
- out("""host all all """ + ip_serveurs['ipv6owl'] + """/128 ident""")
-
- out("""
-# Roundcube a accès à sa base""")
- out("""host roundcube roundcube """ + ip_serveurs['ipv4roundcube'] + """/32 ident map=webmail""")
- out("""host roundcube roundcube """ + ip_serveurs['ipv6roundcube'] + """/128 ident map=webmail""")
-
- out("""
-# sql grey pour zamok""")
- out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv4zamok'] + """/32 ident""")
- out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv6zamok'] + """/128 ident""")
-
- out("""
-#Base de horde pour root et www-data""")
- out("""host horde5 www-data """ + ip_serveurs['ipv4horde'] + """/32 ident map=horde""")
- out("""host horde5 www-data """ + ip_serveurs['ipv6horde'] + """/128 ident map=horde""")
- out("""host horde5 root """ + ip_serveurs['ipv4horde'] + """/32 ident map=horde""")
- out("""host horde5 root """ + ip_serveurs['ipv6horde'] + """/128 ident map=horde""")
-
-
- out("""
-#mediadrop""")
- out("""host mediadrop mediadrop """ + ip_serveurs['ipv4mediadrop'] + """/32 ident map=mediadrop""")
- out("""host mediadrop mediadrop """ + ip_serveurs['ipv6mediadrop'] + """/128 ident map=mediadrop""")
-
- out("""
-# SQLgrey depuis titanic""")
- out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv4titanic'] + """/32 ident""")
- out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv6titanic'] + """/128 ident""")
-
- out("""
-# SQLgrey depuis soyouz""")
- out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv4soyouz'] + """/32 ident""")
-
- out("""
-# SQLgrey depuis redisdead""")
- out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv4redisdead'] + """/32 ident""")
- out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv6redisdead'] + """/128 ident""")
-
- out("""
-# SQLgrey local""")
- out("""local sqlgrey sqlgrey ident map=sqlgrey""")
-
- out("""
-# Base de correspondance mac_prises pour surveillance""")
- out("""host mac_prises crans 10.231.136.0/24 ident map=mac_prises""")
- out("""host mac_prises crans 2a01:240:fe3d:c804::/64 ident map=mac_prises""")
- out("""local mac_prises crans ident map=mac_prises""")
-
- out("""
-#Base pour owncloud""")
- out("""host owncloud owncloud """ + ip_serveurs['ipv4owncloud'] + """/24 md5""")
- out("""host owncloud owncloud """ + ip_serveurs['ipv6owncloud'] + """/128 md5""")
-
-
-
diff --git a/Python/etc/postgresql/9.1/main/pg_ident.conf b/Python/etc/postgresql/9.1/main/pg_ident.conf
deleted file mode 100644
index 9969293..0000000
--- a/Python/etc/postgresql/9.1/main/pg_ident.conf
+++ /dev/null
@@ -1,132 +0,0 @@
-info["owner"] = "postgres"
-info["group"] = "postgres"
-info["mode"] = 0640
-
-
-include("ldap_conn")
-
-conn = ldap_conn
-
-comment_start = "#"
-header("Gestion des acces ident pour les utilisateurs")
-
-# Liste des nounous/apprentis
-adm_objects = conn.search(u'droits=nounou')
-nounous = [adm['uid'][0] for adm in adm_objects]
-apprentis_objects = conn.search(u'droits=apprenti')
-apprentis = [appr['uid'][0] for appr in apprentis_objects]
-
-out("""#PostgreSQL User Name Maps
-# =========================
-#
-# Refer to the PostgreSQL documentation, chapter "Client
-# Authentication" for a complete description. A short synopsis
-# follows.
-#
-# This file controls PostgreSQL user name mapping. It maps external
-# user names to their corresponding PostgreSQL user names. Records
-# are of the form:
-#
-# MAPNAME SYSTEM-USERNAME PG-USERNAME
-#
-# (The uppercase quantities must be replaced by actual values.)
-#
-# MAPNAME is the (otherwise freely chosen) map name that was used in
-# pg_hba.conf. SYSTEM-USERNAME is the detected user name of the
-# client. PG-USERNAME is the requested PostgreSQL user name. The
-# existence of a record specifies that SYSTEM-USERNAME may connect as
-# PG-USERNAME.
-#
-# If SYSTEM-USERNAME starts with a slash (/), it will be treated as a
-# regular expression. Optionally this can contain a capture (a
-# parenthesized subexpression). The substring matching the capture
-# will be substituted for 1 (backslash-one) if present in
-# PG-USERNAME.
-#
-# Multiple maps may be specified in this file and used by pg_hba.conf.
-#
-# No map names are defined in the default configuration. If all
-# system user names and PostgreSQL user names are the same, you don't
-# need anything in this file.
-#
-# This file is read on server startup and when the postmaster receives
-# a SIGHUP signal. If you edit the file on a running system, you have
-# to SIGHUP the postmaster for the changes to take effect. You can
-# use "pg_ctl reload" to do that.
-
-# Put your actual configuration here""")
-
-if has("pgsql-server-test"):
- out("""# MAPNAME SYSTEM-USERNAME PG-USERNAME
-intranet www-data crans_ro
-intranet www-data crans""")
- for nounou in nounous:
- out("""intranet """ + str(nounou) + """ crans""")
- for apprenti in apprentis:
- out("""intranet """ + str(apprenti) + """ crans""")
-
-else:
-
- #Syslog
- out("""# MAPNAME SYSTEM-USERNAME PG-USERNAME
-syslog postgres rsyslog
-syslog root rsyslog""")
-
- #Ensuite les nounous
-
- for nounou in nounous:
- out("""syslog """ + str(nounou) + """ crans""")
-
- #Db django rw
- out("""
-django www-data crans
-django asterisk crans
-django respbats crans
-django root crans""")
-
- # Etherpad
- out("""
-etherpad etherpad crans""")
-
-
- # mac_prises
- out("""
-mac_prises root crans""")
- for nounou in nounous:
- out("""mac_prises """ + str(nounou) + """ crans""")
-
-
- #Filtrage
- out("""filtrage root crans""")
-
- #Sqlgrey
- out("""sqlgrey postgres sqlgrey""")
-
- # cluebringer
- out("""cluebringer www-data cluebringer
-cluebringer cluebringer cluebringer""")
-
- #Webmail
- out("""webmail www-data roundcube""")
-
- #horde
- out("""horde www-data www-data""")
-
- #Mediadrop
-
- out("""mediadrop root mediadrop
-mediadrop www-data mediadrop""")
-
- #Db django ro
- out("""
-django_ro respbats crans_ro
-django_ro freerad crans_ro
-django_ro arpwatch crans_ro
-django_ro munin crans_ro
-django_ro asterisk crans_ro
-django_ro www-data crans_ro
-django_ro root crans_ro""")
-
- for nounou in nounous:
- out("""django_ro """ + str(nounou) + """ crans_ro""")
-