.docker/build/kerberos/Dockerfile

+FROM debian:stable
+ARG DEBIAN_FRONTEND=noninteractive
+
+RUN { \
+        echo krb5-config krb5-config/default_realm string 'LOCAL.ISIMA.FR'; \
+        echo tzdata tzdata/Areas string 'Etc'; \
+        echo tzdata tzdata/Zones/Etc string 'UTC'; \
+    } | debconf-set-selections \
+    && \
+    apt-get update && apt-get install -y --no-install-recommends \
+        krb5-user \
+        krb5-config \
+        openssh-client \
+        locales \
+        rsync \
+    && \
+    locale-gen fr_FR \
+    locale-gen fr_FR.UTF-8 \
+    update-locale LANG=fr_FR.UTF-8 \
+    . /etc/default/locale
+
+WORKDIR /srv/blog
\ No newline at end of file

.docker/build/python/Dockerfile

+FROM debian:stable
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+        python3 \
+        python3-pip \
+        locales \
+    && \
+    locale-gen fr_FR \
+    locale-gen fr_FR.UTF-8 \
+    update-locale LANG=fr_FR.UTF-8 \
+    . /etc/default/locale
+
+COPY requirements.txt .
+RUN pip install --break-system-packages --user -r requirements.txt
+
+WORKDIR /srv/blog
\ No newline at end of file

.docker/scripts/kerberos/command.dev.sh

+source .env 
+SSH_CMD="ssh -o StrictHostKeyChecking=no -K ${KRB_USER}@${SERVER}"
+RSYNC_CMD=''
+kinit ${KRB_USER}
+${SSH_CMD} "mkdir -p ~/public_html/"
+${SSH_CMD} "echo 'Options +FollowSymLinks' >  ~/public_html/.htaccess"
+${SSH_CMD} "echo 'RewriteEngine on' >>  ~/public_html/.htaccess"
+${SSH_CMD} "echo 'RewriteCond %{HTTP_HOST} ^perso.isima.fr$' >>  ~/public_html/.htaccess"
+${SSH_CMD} "echo 'RewriteRule (.*) https://perso.limos.fr%{REQUEST_URI} [R=301,L]' >>  ~/public_html/.htaccess"
+${SSH_CMD} "mkdir -p ~/public_html/_"
+${SSH_CMD} "echo '<FilesMatch "\.phar">' >  ~/public_html/_/.htaccess"
+${SSH_CMD} "echo '   php_flag engine off' >>  ~/public_html/_/.htaccess"
+${SSH_CMD} "echo '   ForceType application/octet-stream' >>  ~/public_html/_/.htaccess"
+${SSH_CMD} "echo '   Header set Content-Disposition attachment' >>  ~/public_html/_/.htaccess"
+${SSH_CMD} "echo '</FilesMatch>' >>  ~/public_html/_/.htaccess"
+rsync -az --exclude "_" -e "ssh -o StrictHostKeyChecking=no -K" ./output/ ${KRB_USER}@${SERVER}:~/public_html/
\ No newline at end of file

.docker/scripts/node/command.dev.sh

+cd /srv/blog/content/slides
+yarn
\ No newline at end of file

.docker/scripts/python/command.dev.sh

+git submodule init
+git submodule update --recursive --remote
+sed -i 's/\$port &/\$port/g' ./develop_server.sh
+chmod +x develop_server.sh
+export PATH=/root/.local/bin:$PATH
+export PY='/usr/bin/python3'
+./develop_server.sh start 8000
\ No newline at end of file

.env

+PORT=8001
+REGISTRY_URL=docker.isima.fr
+NAMESPACE=docker.isima.fr/vimazeno
+APP_NAME=pelican_perso
+KRB_USER=vimazeno
+SERVER=perso.local.isima.fr

.gitignore

@@ -5,3 +5,5 @@ pelican.pid
 srv.pid
 blog_limos.egg-info
 node_modules
+.venv
+.vscode
\ No newline at end of file

.gitlab-ci.yml

-image: ubuntu:xenial
-
 cache:
   paths:
-    - output/ # Node modules and dependencies
+    - output/ # le répertoire où se trouve le HTML statique généré
 
-before_script:
-  - 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )'
-  - eval $(ssh-agent -s)
-  - ssh-add <(echo "$SSH_PRIVATE_KEY")
-  - mkdir -p ~/.ssh
-  - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
+.pre:
+  image: node:latest
+  stage: .pre
+  script:
+    - cd /srv/blog/content/slides && yarn
 
 build:
+  image: docker.isima.fr/vimazeno/pelican_perso_python:35046e8
   stage: build
   script:
-    - apt-get install -y --force-yes build-essential python-dev python-pip git nodejs nodejs-legacy npm
-    - pip install --upgrade pip
-    - pip install --editable .
-    - cd content && npm install && cd ..
-    - sed -i "s/RELATIVE_URLS = True/RELATIVE_URLS = False/" pelicanconf.py
-    - apt-get install -y --force-yes locales
-    - locale-gen fr_FR
-    - locale-gen fr_FR.UTF-8
-    - update-locale LANG=fr_FR.UTF-8
-    - . /etc/default/locale
-    - pelican content
-
-  artifacts:
-    untracked: true
-
+    - git submodule init
+    - git submodule update --recursive --remote
+    - PATH=/root/.local/bin:$PATH pelican
+  
 deploy:
+  image: docker.isima.fr/vimazeno/pelican_perso_kerberos:35046e8
   stage: deploy
-  dependencies:
-    - build
   script:
-    - apt-get install -y --force-yes rsync
-    - rsync -az --exclude '_' -e ssh output/ $USERNAME@$HOST:~/public_html/
+    # récupération du KEYTAB en hexa 
+    - echo "$KEYTAB" > my.keytab.hex
+    # conversion du KEYTAB en hexa en binaire
+    - sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' my.keytab.hex | xargs printf > my.keytab
+    # génération du ticket kerberos
+    - kinit -k -t my.keytab vimazeno@LOCAL.ISIMA.FR
+    # préparation du répertoire servi par apache
+    - ssh -o StrictHostKeyChecking=no -K vimazeno@perso.local.isima.fr "mkdir -p ~/public_html/"
+    - ssh -o StrictHostKeyChecking=no -K vimazeno@perso.local.isima.fr "echo 'Options +FollowSymLinks' >  ~/public_html/.htaccess"
+    - ssh -o StrictHostKeyChecking=no -K vimazeno@perso.local.isima.fr "echo 'RewriteEngine on' >>  ~/public_html/.htaccess"
+    - ssh -o StrictHostKeyChecking=no -K vimazeno@perso.local.isima.fr "echo 'RewriteCond %{HTTP_HOST} ^perso.isima.fr$' >>  ~/public_html/.htaccess"
+    - ssh -o StrictHostKeyChecking=no -K vimazeno@perso.local.isima.fr "echo 'RewriteRule (.*) https://perso.limos.fr%{REQUEST_URI} [R=301,L]' >>  ~/public_html/.htaccess"
+    - ssh -o StrictHostKeyChecking=no -K vimazeno@perso.local.isima.fr "mkdir -p ~/public_html/_"
+    - ssh -o StrictHostKeyChecking=no -K vimazeno@perso.local.isima.fr "echo '<FilesMatch "\.phar">' >  ~/public_html/_/.htaccess"
+    - ssh -o StrictHostKeyChecking=no -K vimazeno@perso.local.isima.fr "echo '   php_flag engine off' >>  ~/public_html/_/.htaccess"
+    - ssh -o StrictHostKeyChecking=no -K vimazeno@perso.local.isima.fr "echo '   ForceType application/octet-stream' >>  ~/public_html/_/.htaccess"
+    - ssh -o StrictHostKeyChecking=no -K vimazeno@perso.local.isima.fr "echo '   Header set Content-Disposition attachment' >>  ~/public_html/_/.htaccess"
+    - ssh -o StrictHostKeyChecking=no -K vimazeno@perso.local.isima.fr "echo '</FilesMatch>' >>  ~/public_html/_/.htaccess"
+    # rsync du HTML statique généré
+    - rsync -az --exclude '_' -e "ssh -o StrictHostKeyChecking=no -K" output/ vimazeno@perso.local.isima.fr:~/public_html/
\ No newline at end of file

.gitmodules

+[submodule "plugins/math_render"]
+	path = plugins/math_render
+	url = https://github.com/barrysteyn/pelican_plugin-render_math.git

Makefile

+BOLD    := \033[1m
+RESET   := \033[0m
+RED     := \033[31m
+GREEN   := \033[32m
+YELLOW  := \033[33m
+BLUE    := \033[34m
+MAGENTA := \033[35m
+
+SHELL    := /bin/bash
+IMAGES   := $(shell docker compose config --services)
+TAG      := $(shell git rev-parse --short HEAD)
+VOLUMES  := content/node_modules output
+
+# Executables (local)
+DOCKER_COMP   := docker compose
+.DEFAULT_GOAL := help
+
+# Docker containers
+KERBEROS_CONT  := $(DOCKER_COMP) run kerberos
+
+include .env
+
+build: ## Build required docker compose images
+	@$(DOCKER_COMP) build
+.PHONY: build	
+
+push: ## Push build docker compose images
+	@TAG=$(shell git rev-parse --short HEAD)
+	@docker login ${REGISTRY_URL}
+	@docker push ${NAMESPACE}/${APP_NAME}_python:latest ;
+	@docker tag ${NAMESPACE}/${APP_NAME}_python:latest ${NAMESPACE}/${APP_NAME}_python:${TAG} ;
+	@docker push ${NAMESPACE}/${APP_NAME}_python:${TAG} ;
+	@docker push ${NAMESPACE}/${APP_NAME}_kerberos:latest ;
+	@docker tag ${NAMESPACE}/${APP_NAME}_kerberos:latest ${NAMESPACE}/${APP_NAME}_kerberos:${TAG} ;
+	@docker push ${NAMESPACE}/${APP_NAME}_kerberos:${TAG} ;
+.PHONY: push
+
+up: ## Make required containers up
+	@$(DOCKER_COMP) up --remove-orphans node
+	@echo -e "⏰ ${BOLD}${GREEN}Wait for node to install needed js (there's no problem we're just wait)...${RESET}"
+	@$(DOCKER_COMP) run dockerize -timeout 180s -wait-retry-interval 3s \
+			-wait file:///tmp/content/node_modules/.yarn-integrity ;
+	@echo -e "⏰ ${BOLD}${GREEN}Wait for pelican to generate content (there's no problem we're just wait)...${RESET}"
+	@echo -e "${GREEN}${BOLD}up and running${RESET}"
+	@echo -e " 🐳 blog in docker ${BLUE}${BOLD}http://localhost:${PORT}${RESET}"
+	@$(DOCKER_COMP) up --remove-orphans python
+.PHONY: up
+
+down: ## Make required containers down
+	@$(DOCKER_COMP) down
+.PHONY: down
+
+logs: ## Show live containers logs. Pass the parameter "c=" to see one specific container's logs, example: make logs c='frontend'
+	@$(eval c ?=)
+	@if [ -z "$(c)" ]; then \
+		$(DOCKER_COMP) logs --follow; \
+	else \
+		$(DOCKER_COMP) logs --timestamps --follow $(c); \
+	fi 
+.PHONY: logs
+
+errors: ## Show live container errors.
+	@$(DOCKER_COMP) logs | grep error
+.PHONY: errors
+
+publish: ## Open bash on php container
+	@$(KERBEROS_CONT) bash .docker/scripts/kerberos/command.dev.sh
+.PHONY: publish
+
+clean: ## Remove node and php folders and files
+	@for volume in ${VOLUMES} ; do \
+		sudo rm -rf $${volume} ; \
+	done
+.PHONY: clean
+
+slides: ## Force slides refresh
+	@sudo cp -R content/slides output/
+.PHONY: slides
+
+help:
+	@grep -h -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
+.PHONY: help
\ No newline at end of file

README.md

+# Blog LIMOS de Vincent Mazenod
 
-## Installer les dépendances
+```
+./bin/setup
+source bin/activate
+./bin/start
+```
+
+## Utilisation avec docker
+
+### Build image 
+
+```
+docker build -t pelican_perso .
+```
+
+### run conatiner 
 
-```bash
-sudo pip install --editable .
 ```
+docker run -it --rm -v $(pwd):/srv/pelican mjjacko/pelican pelican-quickstart -p my-site
+```
+
+## Utilisation avec venv
 
-## Lancer le serveur de prévisualisation
+### Lancer le serveur de prévisualisation
 
-```bash
+```
 bash develop_server.sh start
 ```
 
+* http://0.0.0.0:8000/
+
+### faire tourner les slides en local
+
+```
+./bin/local
+```
+
+* http://slides/slides/
+
+
+
 ## see also
 
 * [https://limos.isima.fr/~mazenod/blog-et-pages-perso-au-limos.html](https://limos.isima.fr/~mazenod/blog-et-pages-perso-au-limos.html)

bin/activate

+#!/usr/bin/env bash
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]:-$0}" )/.." && pwd )"
+if [[ -z "$VIRTUAL_ENV" ]] || [[ "$VIRTUAL_ENV" != "${DIR}/.venv" ]] ; then
+    source "${DIR}/.venv/bin/activate"
+fi

bin/local

+#!/usr/bin/env bash
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]:-$0}" )/.." && pwd )"
+
+if [[ ! -f "/etc/apache2/sites-available/slides.conf" ]] ; then
+
+  (
+  echo "<VirtualHost *:80>"
+  echo "DocumentRoot /var/www/html/blog/blog.limos.fr/content/"
+  echo "ServerName slides"
+  echo "</VirtualHost>"
+  ) | sudo tee -a /etc/apache2/sites-available/slides.conf
+
+  sudo a2ensite slides
+
+  echo "127.0.0.1   slides" | sudo tee -a /etc/hosts
+fi

bin/setup

+#!/usr/bin/env bash
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]:-$0}" )/.." && pwd )"
+
+if [[ ! -d "${DIR}/.venv" ]] ; then
+  python3 -m venv "${DIR}/.venv"
+fi
+
+source "${DIR}/.venv/bin/activate"
+pip install -r requirements.txt
+
+git submodule init
+git submodule update --recursive --remote
+
+cd content && yarn install

bin/start

+#!/usr/bin/env bash
+
+bash develop_server.sh start

bin/stop

+#!/usr/bin/env bash
+
+bash develop_server.sh stop

content/Blog/wannacry-la-montagne.md

-Title: Interview dans La Montagne au sujet du ransomware WannaCry
-Date: 2017-05-16 10:27
-Category: <i class='fa fa-bullhorn' aria-hidden='true'></i> Blog
-
-
-<div style="text-align: center; width: 100%">
-    <img src="../images/presse/wannacry.jpg" />
-</div>

content/Etudiants/android-www.md

@@ -2,6 +2,7 @@ Title: android-www
 Date: 2017-09-20 10:30
 Category: <i class='fa fa-graduation-cap' aria-hidden='true'></i> &Eacute;tudiants
 Tags: Projets tutorés, android
+Status: draft
 
 ## Contexte
 

content/Etudiants/ckeditor-gitlab.md

@@ -2,6 +2,7 @@ Title: CKEditor for gitlab
 Date: 2017-09-20 10:55
 Category: <i class='fa fa-graduation-cap' aria-hidden='true'></i> &Eacute;tudiants
 Tags: Projets tutorés, www, Tor
+Status: draft
 
 ## Contexte
 

content/Etudiants/gbox.md

@@ -2,7 +2,7 @@ Title: G-Box
 Date: 2017-09-20 10:15
 Category: <i class='fa fa-graduation-cap' aria-hidden='true'></i> &Eacute;tudiants
 Tags: Projets tutorés, sécurité
-
+Status: draft
 ## Contexte
 
 La G-box est un routeur avec des fonctionnalités de sécurité, elle permet notamment de filtrer les flux sortant à des fins de contrôle parental ou de filtre anti-phishing.