2026-03-30 18:51:57 +02:00
|
|
|
# In all environments, the following files are loaded if they exist,
|
|
|
|
|
# the latter taking precedence over the former:
|
|
|
|
|
#
|
|
|
|
|
# * .env contains default values for the environment variables needed by the app
|
|
|
|
|
# * .env.local uncommitted file with local overrides
|
|
|
|
|
# * .env.$APP_ENV committed environment-specific defaults
|
|
|
|
|
# * .env.$APP_ENV.local uncommitted environment-specific overrides
|
|
|
|
|
#
|
|
|
|
|
# Real environment variables win over .env files.
|
|
|
|
|
#
|
|
|
|
|
# DO NOT DEFINE PRODUCTION SECRETS IN THIS FILE NOR IN ANY OTHER COMMITTED FILES.
|
|
|
|
|
# https://symfony.com/doc/current/configuration/secrets.html
|
|
|
|
|
#
|
|
|
|
|
# Run "composer dump-env prod" to compile .env files for production use (requires symfony/flex >=1.2).
|
|
|
|
|
# https://symfony.com/doc/current/best_practices.html#use-environment-variables-for-infrastructure-configuration
|
|
|
|
|
|
|
|
|
|
###> symfony/framework-bundle ###
|
|
|
|
|
APP_ENV=dev
|
2026-04-01 15:42:52 +02:00
|
|
|
APP_SECRET=a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6
|
2026-03-30 18:51:57 +02:00
|
|
|
APP_SHARE_DIR=var/share
|
|
|
|
|
###< symfony/framework-bundle ###
|
|
|
|
|
|
|
|
|
|
###> symfony/routing ###
|
2026-04-01 15:42:52 +02:00
|
|
|
DEFAULT_URI=https://esyweb.local
|
2026-03-30 18:51:57 +02:00
|
|
|
###< symfony/routing ###
|
2026-03-30 18:52:03 +02:00
|
|
|
|
|
|
|
|
###> doctrine/doctrine-bundle ###
|
2026-04-01 15:42:52 +02:00
|
|
|
DATABASE_URL="postgresql://app:secret@pgbouncer:6432/e_ticket?serverVersion=16&charset=utf8"
|
2026-03-30 18:52:03 +02:00
|
|
|
###< doctrine/doctrine-bundle ###
|
|
|
|
|
|
|
|
|
|
###> symfony/messenger ###
|
2026-04-01 15:42:52 +02:00
|
|
|
MESSENGER_TRANSPORT_DSN=redis://redis:6379/messages
|
2026-03-30 18:52:03 +02:00
|
|
|
###< symfony/messenger ###
|
|
|
|
|
|
2026-04-01 15:42:52 +02:00
|
|
|
###> session ###
|
|
|
|
|
SESSION_HANDLER_DSN=redis://redis:6379/1
|
|
|
|
|
###< session ###
|
|
|
|
|
|
|
|
|
|
###> cache ###
|
|
|
|
|
REDIS_CACHE_DSN=redis://redis:6379/2
|
|
|
|
|
###< cache ###
|
|
|
|
|
|
2026-03-30 18:52:03 +02:00
|
|
|
###> symfony/mailer ###
|
2026-04-01 15:42:52 +02:00
|
|
|
MAILER_DSN=smtp://mailpit:1025
|
2026-03-30 18:52:03 +02:00
|
|
|
###< symfony/mailer ###
|
2026-04-01 15:42:52 +02:00
|
|
|
|
|
|
|
|
###> vite ###
|
|
|
|
|
# 0 = dev (HMR via localhost:5173), 1 = prod (manifest build)
|
|
|
|
|
VITE_LOAD=0
|
|
|
|
|
REAL_MAIL=0
|
|
|
|
|
###< vite ###
|
|
|
|
|
STRIPE_PK=
|
|
|
|
|
STRIPE_SK=
|
|
|
|
|
STRIPE_WEBHOOK_SECRET=
|
|
|
|
|
STRIPE_WEBHOOK_SECRET_CONNECT=
|
|
|
|
|
STRIPE_MODE=test
|
|
|
|
|
STRIPE_FEE_RATE=0.015
|
|
|
|
|
STRIPE_FEE_FIXED=25
|
refactor: rebrand project to CRM SITECONSEIL (SARL SITECONSEIL)
- Rename all references from E-Cosplay/Ecosplay to SITECONSEIL
- Update entity from Association to SARL SITECONSEIL (Siret: 418664058)
- Update address to 27 rue Le Serurier, 02100 Saint-Quentin
- Update emails: contact@siteconseil.fr, rgpd@siteconseil.fr
- Update hosting from GCP to OVHcloud (Roubaix, Gravelines, Strasbourg, Paris)
- Update legal pages: mentions legales, CGV, RGPD, conformite, hebergement, cookies, CGU
- Add tarifs page with tabs: Site Internet, E-Commerce, Nom de domaine, Esy-Mail, Esy-Mailer, Esy-Tchat, Esy-Meet, Esy-Defender
- Add Discord webhook notification workflow
- Disable deploy and sonarqube workflows
- Update OAuth Keycloak realm to master
- Update logo references to logo_facture.png
- Remove forced image sizing in Liip Imagine filters
- Update SonarQube project key and badge token
- Update tribunal competent to Saint-Quentin
- Move tarif tabs JS to app.js (CSP compliance)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-02 18:48:25 +02:00
|
|
|
ADMIN_EMAIL=contact@siteconseil.fr
|
2026-04-01 15:42:52 +02:00
|
|
|
|
|
|
|
|
###> SonarQube ###
|
|
|
|
|
SONARQUBE_URL=https://sn.esy-web.dev
|
refactor: rebrand project to CRM SITECONSEIL (SARL SITECONSEIL)
- Rename all references from E-Cosplay/Ecosplay to SITECONSEIL
- Update entity from Association to SARL SITECONSEIL (Siret: 418664058)
- Update address to 27 rue Le Serurier, 02100 Saint-Quentin
- Update emails: contact@siteconseil.fr, rgpd@siteconseil.fr
- Update hosting from GCP to OVHcloud (Roubaix, Gravelines, Strasbourg, Paris)
- Update legal pages: mentions legales, CGV, RGPD, conformite, hebergement, cookies, CGU
- Add tarifs page with tabs: Site Internet, E-Commerce, Nom de domaine, Esy-Mail, Esy-Mailer, Esy-Tchat, Esy-Meet, Esy-Defender
- Add Discord webhook notification workflow
- Disable deploy and sonarqube workflows
- Update OAuth Keycloak realm to master
- Update logo references to logo_facture.png
- Remove forced image sizing in Liip Imagine filters
- Update SonarQube project key and badge token
- Update tribunal competent to Saint-Quentin
- Move tarif tabs JS to app.js (CSP compliance)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-02 18:48:25 +02:00
|
|
|
SONARQUBE_BADGE_TOKEN=sqb_bf06d32640147db064c99d2e893ca63a072630d7
|
|
|
|
|
SONARQUBE_PROJECT_KEY=crm_siteconseil
|
2026-04-01 15:42:52 +02:00
|
|
|
###< SonarQube ###
|
|
|
|
|
|
refactor: rebrand project to CRM SITECONSEIL (SARL SITECONSEIL)
- Rename all references from E-Cosplay/Ecosplay to SITECONSEIL
- Update entity from Association to SARL SITECONSEIL (Siret: 418664058)
- Update address to 27 rue Le Serurier, 02100 Saint-Quentin
- Update emails: contact@siteconseil.fr, rgpd@siteconseil.fr
- Update hosting from GCP to OVHcloud (Roubaix, Gravelines, Strasbourg, Paris)
- Update legal pages: mentions legales, CGV, RGPD, conformite, hebergement, cookies, CGU
- Add tarifs page with tabs: Site Internet, E-Commerce, Nom de domaine, Esy-Mail, Esy-Mailer, Esy-Tchat, Esy-Meet, Esy-Defender
- Add Discord webhook notification workflow
- Disable deploy and sonarqube workflows
- Update OAuth Keycloak realm to master
- Update logo references to logo_facture.png
- Remove forced image sizing in Liip Imagine filters
- Update SonarQube project key and badge token
- Update tribunal competent to Saint-Quentin
- Move tarif tabs JS to app.js (CSP compliance)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-02 18:48:25 +02:00
|
|
|
###> SSO SITECONSEIL (Keycloak OIDC) ###
|
|
|
|
|
OAUTH_KEYCLOAK_CLIENT_ID=crm_siteconseil
|
|
|
|
|
OAUTH_KEYCLOAK_CLIENT_SECRET=kh1WBbnEzcEZVriXmU7IaxizChReHmIx
|
2026-04-01 15:42:52 +02:00
|
|
|
OAUTH_KEYCLOAK_URL=https://auth.esy-web.dev
|
refactor: rebrand project to CRM SITECONSEIL (SARL SITECONSEIL)
- Rename all references from E-Cosplay/Ecosplay to SITECONSEIL
- Update entity from Association to SARL SITECONSEIL (Siret: 418664058)
- Update address to 27 rue Le Serurier, 02100 Saint-Quentin
- Update emails: contact@siteconseil.fr, rgpd@siteconseil.fr
- Update hosting from GCP to OVHcloud (Roubaix, Gravelines, Strasbourg, Paris)
- Update legal pages: mentions legales, CGV, RGPD, conformite, hebergement, cookies, CGU
- Add tarifs page with tabs: Site Internet, E-Commerce, Nom de domaine, Esy-Mail, Esy-Mailer, Esy-Tchat, Esy-Meet, Esy-Defender
- Add Discord webhook notification workflow
- Disable deploy and sonarqube workflows
- Update OAuth Keycloak realm to master
- Update logo references to logo_facture.png
- Remove forced image sizing in Liip Imagine filters
- Update SonarQube project key and badge token
- Update tribunal competent to Saint-Quentin
- Move tarif tabs JS to app.js (CSP compliance)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-02 18:48:25 +02:00
|
|
|
OAUTH_KEYCLOAK_REALM=master
|
|
|
|
|
###< SSO SITECONSEIL (Keycloak OIDC) ###
|
2026-04-01 15:42:52 +02:00
|
|
|
|
|
|
|
|
###> Keycloak Admin Service Account ###
|
feat: complete glassmorphism redesign across all templates + Keycloak groups auto-provisioning
Templates updated to glassmorphism (40+ files):
- templates/admin/clients/ (create, index): glass cards, input-glass inputs,
btn-gold buttons, glass table headers, semi-transparent badges
- templates/admin/dashboard.html.twig: glass KPI cards
- templates/admin/profil/index.html.twig: glass form panels
- templates/admin/revendeurs/ (create, edit, index): glass cards and tables
- templates/admin/services/index.html.twig: glass service cards
- templates/admin/status/ (index, manage): glass panels
- templates/admin/sync/index.html.twig: glass panels
- templates/admin/facturation/index.html.twig: glass tables
- templates/admin/membres.html.twig: glass form, checkboxes with esy-* group
values (esy-web, esy-mail, esy-mailer, esy-analytics, esy-monitor,
esy-defender, esy-translate, esy-signature, esy-creator, esy-aide,
esy-meet, esy-tchat, esy-ndd), Keycloak groups column in table,
available groups section
- templates/admin/stats/index.html.twig: glass KPI cards, glass-gold CA TTC,
factures emises/payees/impayees cards, services renamed to Esy-*,
rounded progress bars, bg-gray-200 track backgrounds
- templates/security/ (2fa_email, 2fa_google, forgot_password, set_password,
set_password_expired): glass headers, glass-heavy cards, input-glass
- templates/legal/ (cgu, cgv, cookie, conformite, hebergement,
mention_legal, rgpd, tarif): removed thick borders, font-black to
font-bold, text-3xl to text-2xl headings
- templates/attestation/ (verify, not_found): glass panels
- templates/espace_client/index.html.twig: glass panels
- templates/espace_prestataire/index.html.twig: glass panels
- templates/external_redirect.html.twig: glass card
- templates/status/index.html.twig: glass panels
- templates/email/base.html.twig: gradient gold header, rounded-16px
container, semi-transparent bg, soft shadow, footer address
- templates/emails/*.html.twig (9 files): removed 4px borders,
font-weight 900 to 700
- templates/pdf/*.html.twig (4 files): rounded borders, gradient header,
lighter borders
Keycloak auto-provisioning:
- src/Service/KeycloakAdminService.php: added REQUIRED_GROUPS constant
(15 groups: siteconseil_admin, siteconseil_member, esy-web, esy-mail,
esy-mailer, esy-analytics, esy-monitor, esy-defender, esy-translate,
esy-signature, esy-creator, esy-aide, esy-meet, esy-tchat, esy-ndd),
ensureRequiredGroups() method that checks existing groups and creates
missing ones, createGroup() method, getRequiredGroups() static accessor
- src/Controller/Admin/MembresController.php: calls ensureRequiredGroups()
on page load, shows flash for each auto-created group, fetches user
groups per member, passes availableGroups to template
Stats controller updated:
- src/Controller/Admin/StatsController.php: services renamed to Esy-*
(13 services), added factures_emises/payees/impayees KPI data
OAuth fix:
- src/Security/KeycloakAuthenticator.php: removed dd() debug calls,
restored flash message on auth failure with error detail
Config:
- .env: KEYCLOAK_ADMIN_CLIENT_ID=crm_siteconseil_admin, secret updated
- .env.local: same updates
- ansible/env.local.j2: KEYCLOAK_ADMIN_CLIENT_ID=crm_siteconseil_admin
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-02 19:34:35 +02:00
|
|
|
KEYCLOAK_ADMIN_CLIENT_ID=crm_siteconseil_admin
|
|
|
|
|
KEYCLOAK_ADMIN_CLIENT_SECRET=5pIluXMGWgOhx8nI9EiLB43QCuShHLyw
|
2026-04-01 15:42:52 +02:00
|
|
|
###< Keycloak Admin Service Account ###
|
|
|
|
|
|
|
|
|
|
###> symfony/amazon-mailer ###
|
|
|
|
|
# MAILER_DSN=ses://ACCESS_KEY:SECRET_KEY@default?region=eu-west-1
|
|
|
|
|
# MAILER_DSN=ses+smtp://ACCESS_KEY:SECRET_KEY@default?region=eu-west-1
|
|
|
|
|
###< symfony/amazon-mailer ###
|
|
|
|
|
|
|
|
|
|
###> stripe/stripe-php ###
|
|
|
|
|
STRIPE_SECRET_KEY=sk_test_***
|
|
|
|
|
###< stripe/stripe-php ###
|
|
|
|
|
SMIME_PASSPHRASE=EVz5zNV8h4ndSLOCWO9JeaQnIertQm7k
|
|
|
|
|
SECRET_ANALYTICS=
|
|
|
|
|
|
feat: refactoring complet de la verification DNS avec services separes
Architecture:
- Les domaines (siteconseil.fr, esy-web.dev) sont definis en constante
dans la commande uniquement, pas dans les services
- 3 services independants reutilisables:
src/Service/DnsCheckService.php (nouveau):
- Methodes publiques checkSpf(), checkDmarc(), checkDkim(), checkMx(),
checkBounce() qui prennent le domaine en parametre
- Verification SPF: presence des includes amazonses.com et mail.esy-web.dev
- Verification DMARC: politique, presence de rua
- Verification DKIM: test de 10 selecteurs en CNAME et TXT
- Verification MX: le MX attendu est passe en parametre par la commande
- Verification Bounce: MX/CNAME/TXT sur bounce.*
src/Service/AwsSesService.php (nouveau):
- Authentification AWS Signature V4 via HTTP direct (pas de SDK)
- isDomainVerified(): verification du statut du domaine dans SES
- getDkimStatus(): statut DKIM (enabled, verified, tokens)
- getNotificationStatus(): bounce_topic, complaint_topic, forwarding
- listVerifiedIdentities(): liste des domaines verifies
- isAvailable(): test de connectivite API
src/Service/CloudflareService.php (nouveau):
- Authentification Bearer token via HTTP direct (pas de SDK)
- getZoneId(): recupere le zone ID dynamiquement par nom de domaine
(plus besoin de CLOUDFLARE_ZONE_ID en dur)
- getDnsRecords(): tous les enregistrements d'une zone
- getDnsRecordsByType(): filtrage par type (TXT, MX, CNAME...)
- getZone(): informations d'une zone
- isAvailable(): verification du token API
src/Command/CheckDnsCommand.php (reecrit):
- Utilise les 3 services pour orchestrer les verifications
- Affichage console colore avec icones OK/ERREUR/ATTENTION
- Envoie un rapport email via le template Twig dns_report.html.twig
templates/emails/dns_report.html.twig (nouveau):
- Template email compatible tous clients (table-based, CSS inline,
margin/padding longhand, mso-line-height-rule, pas de rgba/border-radius)
- Bandeau colore vert/jaune/rouge selon le statut global
- Section succes avec checkmarks verts dans un tableau alterne
- Section erreurs en rouge avec croix dans un tableau fond #fef2f2
- Section avertissements en jaune avec triangles fond #fffbeb
- Detail par domaine avec tableau type/verification/statut
- Utilise le template email/base.html.twig (header gold, footer dark)
Variables d'environnement ajoutees:
- .env: AWS_PK, AWS_SECRET, AWS_REGION (eu-west-3), CLOUDFLARE_KEY (vides)
- .env.local: valeurs reelles des cles AWS et Cloudflare
- ansible/vault.yml: aws_pk, aws_secret, cloudflare_key
- ansible/env.local.j2: AWS_PK, AWS_SECRET, AWS_REGION, CLOUDFLARE_KEY
avec references au vault
- CLOUDFLARE_ZONE_ID supprime (recupere dynamiquement via l'API)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-02 21:28:24 +02:00
|
|
|
###> aws ###
|
|
|
|
|
AWS_PK=
|
|
|
|
|
AWS_SECRET=
|
|
|
|
|
AWS_REGION=eu-west-3
|
|
|
|
|
###< aws ###
|
|
|
|
|
|
|
|
|
|
###> cloudflare ###
|
|
|
|
|
CLOUDFLARE_KEY=
|
|
|
|
|
###< cloudflare ###
|
|
|
|
|
|
feat: ajout service Mailcow et integration dans la verification DNS
src/Service/MailcowService.php (nouveau):
- Connexion a l'API Mailcow via X-API-Key header
- getDomains(): liste tous les domaines configures
- getDomain(): informations d'un domaine specifique
- getDomainStatus(): statut actif, nombre de boites, quota, quota utilise
- getDkimKey(): recupere la cle DKIM TXT configuree dans Mailcow
- getExpectedDnsRecords(): retourne la liste des enregistrements DNS
attendus par Mailcow pour un domaine (MX, SPF, DMARC, DKIM,
autodiscover CNAME, autoconfig CNAME, SRV _autodiscover, _mta-sts TXT)
- getMailboxes(): liste les boites mail d'un domaine
- isAvailable(): test de connectivite API via /api/v1/get/status/containers
src/Command/CheckDnsCommand.php:
- Ajout de MailcowService dans le constructeur
- Nouvelle methode checkMailcow() qui:
- Verifie si le domaine existe et est actif dans Mailcow
- Recupere la cle DKIM Mailcow et la compare avec celle du DNS
(comparaison partielle des 40 premiers caracteres)
- Verifie chaque enregistrement DNS attendu par Mailcow:
- MX, SPF, DMARC, DKIM : marques comme erreur si absents
- autodiscover, autoconfig, SRV, _mta-sts : marques comme
warning (optionnels)
- Methodes utilitaires: getDkimFromDns(), checkDnsRecordExists(),
checkMxExists(), checkTxtContains(), getCnameRecord()
Variables d'environnement:
- .env: MAILCOW_URL=https://mail.esy-web.dev, MAILCOW_API_KEY (vide)
- .env.local: MAILCOW_API_KEY=DF0E7E-0FD059-16226F-8ECFF1-E558B3
- ansible/vault.yml: mailcow_api_key ajoutee
- ansible/env.local.j2: MAILCOW_URL et MAILCOW_API_KEY ajoutees
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-02 21:31:54 +02:00
|
|
|
###> mailcow ###
|
|
|
|
|
MAILCOW_URL=https://mail.esy-web.dev
|
|
|
|
|
MAILCOW_API_KEY=
|
|
|
|
|
###< mailcow ###
|
|
|
|
|
|
2026-04-01 15:42:52 +02:00
|
|
|
###> docuseal ###
|
|
|
|
|
DOCUSEAL_URL=https://signature.esy-web.dev
|
|
|
|
|
DOCUSEAL_API=
|
|
|
|
|
DOCUSEAL_WEBHOOKS_SECRET_HEADER=X-Sign
|
|
|
|
|
DOCUSEAL_WEBHOOKS_SECRET=
|
|
|
|
|
###< docuseal ###
|