Lot of things

2021-05-14 21:10:56 +02:00 · 2021-05-14 21:10:56 +02:00 · 666261b4d7
commit 666261b4d7
parent 1b10e05fef
22 changed files with 344 additions and 339 deletions
--- a/README.md
+++ b/README.md
@ -12,168 +12,12 @@ This PHP Web interface allow it's users to manage 3 services, that can be used t
 * HTTP(S) or Gemini
 * DNS access or Onion (the Tor's system)

-## Setup
-
-Niver will use and need specific configuration for
-
-* Knot DNS
-* OpenSSH
-* Nginx
-* Tor
-* Gmnisrv
-
-To do root-level actions, Niver will also use a privileged binary, written in Rust, called Maniver.
-
-Niver has been deployed on the following distributions :
-
-* Debian 10, using Nginx 1.14.2 and OpenSSH 7.9p1, and latest available version of Tor, Knot and gmnisrv using their official release channel.
-* Arch Linux
-
-To provide all features:
-
-`# pacman -S tor knot openssh sudo nginx nginx-mod-headers-more certbot certbot-nginx php-fpm php-sqlite`
-
-Some tools you might find usefull to manage a server:
-
-`# pacman -S vnstat htop nload ufw vim man-db curl`
-
-### maniver installation

+On the client:
 ```
-# pacman -S rustup git
-$ rustup default stable
-$ git clone https://code.antopie.org/miraty/maniver-dev
-$ cd maniver-dev
-$ cargo build --release
-# cp ./target/release/maniver /usr/local/bin/
+$ ssh-keygen -a 100 -t ed25519
 ```

-### gmnisrv installation
-
-```
-# pacman -S make git pkgconf openssl scdoc
-$ git clone https://git.sr.ht/~sircmpwn/gmnisrv # Download gmnisrv sources
-$ mkdir gmnisrv/build
-$ cd gmnisrv/build
-$ ../configure --prefix=/usr # Check gmnisrv dependencies and setup files needed for building
-$ make # Build gmnisrv
-# make install # Install gmnisrv binary and manpages on the system
-# useradd -U -r -s /usr/bin/nologin gmnisrv # Add the gmnisrv system user and group
-# vim /etc/systemd/system/gmnisrv.service
-```
-
-```
-[Unit]
-Description=A Gemini server
-After=network.target
-Wants=network.target
-
-[Service]
-Type=simple
-ExecStart=/usr/local/bin/gmnisrv
-ExecStop=
-#Restart=on-failure
-User=gmnisrv
-Group=gmnisrv
-WorkingDirectory=/srv/ht
-
-[Install]
-WantedBy=multi-user.target
-```
-```
-# systemctl daemon-reload
-# mkdir -p /srv/gemini/niver.atope.art
-# echo "This is a testing Gemini capsule" > /srv/gemini/niver.atope.art/index.gmi
-# mkdir /var/local/gmnisrv
-# chmod -R 700 /var/local/gmnisrv
-# chown -R gmnisrv:gmnisrv /var/local/gmnisrv
-# vim /usr/local/etc/gmnisrv.ini
-```
-
-```
-# Space-separated list of hosts
-listen=0.0.0.0:1965 [::]:1965
-
-[:tls]
-# Path to store certificates on disk
-store=/var/local/gmnisrv
-
-[niver.atope.art]
-root=/srv/gemini/niver.atope.art
-```
-
-To add knot as an additional group for user php-niver:
-`usermod -aG knot php-niver`
-
-To generate a key/certificate pair with ed25519 expiring in 10 years
-`openssl req -subj '/CN=domain' -new -newkey ED25519 -days 3650 -nodes -x509 -keyout domain.key -out domain.crt`
-
-### SFTP setup
-
-```
-# groupadd ht
-# echo "Ce compe n'est accessible qu'en SFTP, pas en SSH.
-This account is only available over SFTP, not over SSH." > /etc/nologin.txt
-```
-
-### Quota setup
-
-```
-# pacman -S quota-tool
-# dd if=/dev/zero of=/srv/ht.img count=4194304 # count is the size in octet
-# mkfs.ext4 /srv/ht.img
-# mkdir /srv/ht
-# mount /srv/ht.img /srv/ht
-```
-
-### PHP setup
-
-In php.ini :
-expose_php = Off
-
-### Niver PHP setup
-
-```
-EDITOR=vim visudo
-php-niver ALL=(root) NOPASSWD: /usr/local/bin/maniver
-```
-
-## Features
-
-### Web interface
-
-* Anonymous: you only need a pseudo/password set
-* Page lower than 10 KiB
-* No JavaScript, no images, and CSS are optionnal
-* Dark and light themes
-* Free service running libre software
-
-### Hypertext
-
-* SFTP access
-* HTTP and Gemini
-* IPv4 and IPv6
-* TLS 1.2 & 1.3 or TLS 1.3 only
-* DNS (ICANN, OpenNIC or anything) and Onion v3 (through Tor)
-* HTTP/1.1 and HTTP/2
-* Let's Encrypt certificates
-* All HTTP security headers
-
-### Nameserver
-
-* DNSSEC (with NSEC3)
-* NS, A, AAAA, TXT, and CAA records
-
-### Registry
-
-* Glue record
-* DNSSEC delegation with any modern cypher
-
-## Anti-features
-
-* No internationalized domain name support (you can only use ASCII in your domain name)
-* No BIND-style plaintext configuration (you need to fill a form for every record you add or remove)
-
 ## Nginx mimetypes association

 ```
--- a/admin/reg.php
+++ b/admin/reg.php
@ -1,4 +1,5 @@
 <?php
+exit();
 define("PREFIX", "/malaxe");
 define("ROOT_PATH", "/var/www/niver" . PREFIX);
 define("DB_PATH", ROOT_PATH . "/db/auth.db");
--- a/admin/sftp.php
+++ b/admin/sftp.php
@ -0,0 +1,6 @@
+<?php
+$username = "castux";
+$password = $username . $username;
+//passthru("/usr/bin/sudo /usr/local/bin/maniver reload-nginx", $output);
+passthru("/usr/bin/sudo /usr/local/bin/maniver setup-user " . $username . " " . $password, $output);
+var_dump($output);
--- a/auth/index.php
+++ b/auth/index.php
@ -1,14 +1,17 @@
 <?php require "../top.inc.php"; ?>
+
 <?php if (isset($_SESSION['username'])) { ?>

-<h2><a class="authButton" href="logout">Se déconnecter</a></h2>
-<h2><a class="authButton" href="password">Changer le mot de passe</a></h2>
+<a class="authButton" href="logout">Se déconnecter</a>
+<br>
+<a class="authButton" href="password">Changer le mot de passe</a>

 <?php } else { ?>
  Vous devez être authentifié·e pour utiliser Niver
-  <h2><a class="authButton" href="register">Créer un compte</a></h2>
-  <h2><a class="authButton" href="login">Se connecter</a></h2>
+  <br>
+  <a class="authButton" href="register">Créer un compte</a>
+  <br>
+  <a class="authButton" href="login">Se connecter</a>
 <?php } ?>

-
 <?php require "../bottom.inc.php"; ?>
--- a/bottom.inc.php
+++ b/bottom.inc.php
@ -2,6 +2,7 @@
 if (strpos($_SERVER['PHP_SELF'], "inc.php") !== false)
  exit("This file is meant to be included.");
 ?>
+    </main>
    <footer>
      <small>
      <?php if (isset($_SESSION['username'])) {
--- a/ht/http-onion.php
+++ b/ht/http-onion.php
@ -72,7 +72,7 @@ if (isset($_POST['dir']) AND isset($_SESSION['username'])) {
  addSite($_SESSION['username'], $_POST['dir'], $onion, "onion", "http");

  // Add it to Nginx
-  $nginxConf = file_get_contents(ROOT_PATH . "/inc/nginx/onion.template");
+  $nginxConf = file_get_contents(NIVER_TEMPLATE_PATH . "/nginx/onion.template");
  $nginxConf = preg_replace("#DOMAIN#", $onion, $nginxConf);
  $nginxConf = preg_replace("#DIR#", $_POST['dir'], $nginxConf);
  $nginxConf = preg_replace("#USER#", $_SESSION['username'], $nginxConf);
--- a/ht/https-domain.php
+++ b/ht/https-domain.php
@ -63,7 +63,7 @@ if (isset($_POST['domain']) AND isset($_POST['dir']) AND isset($_SESSION['userna

  addSite($_SESSION['username'], $_POST['dir'], $_POST['domain'], "dns", "http");

-  $conf = file_get_contents(ROOT_PATH . "/inc/nginx/dns.template");
+  $conf = file_get_contents(NIVER_TEMPLATE_PATH . "/nginx/dns.template");
  $conf = preg_replace("#DOMAIN#", $_POST['domain'], $conf);
  $conf = preg_replace("#DIR#", $_POST['dir'], $conf);
  $conf = preg_replace("#USER#", $_SESSION['username'], $conf);
--- a/ht/index.php
+++ b/ht/index.php
@ -1,15 +1,30 @@
 <?php require "../top.inc.php"; ?>

-<h2><a class="htButton" href="sftp">Gérer l'accès SFTP</a></h2>
-Accéder à son espace SFTP, pour publier et mettre à jour ses sites
-<h2><a class="htButton" href="http-onion">Accès HTTP en Onion</a></h2>
-Un site HTML, accessible par Tor, avec une adresse en .onion
-<h2><a class="htButton" href="https-domain">Accès HTTPS par DNS</a></h2>
-Un site HTML, accessible directement, par un nom de domaine
-<h2><a class="htButton" href="gemini-onion">Accès Gemini en Onion</a></h2>
-Une capsule Gemini, accessible par Tor, avec une adresse en .onion
-<h2><a class="htButton" href="gemini-domain">Accès Gemini par DNS</a></h2>
-Une capsule Gemini, accessible directement, par un nom de domaine
-<h2><a class="htButton" href="le">Installer un certificat Let's Encrypt sur un domaine</a></h2>
+<dl>
+  <dt><a class="htButton" href="sftp">Gérer l'accès SFTP</a></dt>
+  <dd>
+    Accéder à son espace SFTP, pour publier et mettre à jour ses sites
+  </dd>
+  <dt><a class="htButton" href="http-onion">Accès HTTP en Onion</a></dt>
+  <dd>
+    Un site HTML, accessible par Tor, avec une adresse en .onion
+  </dd>
+  <dt><a class="htButton" href="https-domain">Accès HTTPS par DNS</a></dt>
+  <dd>
+    Un site HTML, accessible directement, par un nom de domaine
+  </dd>
+  <dt><a class="htButton" href="gemini-onion">Accès Gemini en Onion</a></dt>
+  <dd>
+    Une capsule Gemini, accessible par Tor, avec une adresse en .onion
+  </dd>
+  <dt><a class="htButton" href="gemini-domain">Accès Gemini par DNS</a></dt>
+  <dd>
+    Une capsule Gemini, accessible directement, par un nom de domaine
+  </dd>
+  <dt><a class="htButton" href="le">Let's Encrypt</a></dt>
+  <dd>
+    Installer un certificat Let's Encrypt sur un domaine
+  </dd>
+</dl>

 <?php require "../bottom.inc.php"; ?>
--- a/ht/sftp.php
+++ b/ht/sftp.php
@ -28,28 +28,119 @@ if ($_SESSION['sftp_enabled'] == false) { ?>
  }
 } else if ($_SESSION['sftp_enabled'] == true) { ?>

-  <br>
  Indiquez les données ci-dessous à votre client <abbr title="SSH File Transfert Protocol">SFTP</abbr> pour accéder à vos sites.
-  <br><br>
-  Utilisateurice : <code><?= $_SESSION['username'] ?></code>
-  <br>
-  Mot de passe : celui que vous avez définit lors de l'activation de l'accès <abbr title="SSH File Transfert Protocol">SFTP</abbr>
-  <br>
-  Serveur : <code>sftp.niver.atope.art</code>
-  <br>
-  Port : <code>22</code>
-  <br>
-  Dossier : <code>/</code>
-  <br><br>
-  <a href="sftp://<?= $_SESSION['username'] ?>@sftp.niver.atope.art/">sftp://<?= $_SESSION['username'] ?>@sftp.niver.atope.art/</a>
-  <br><br>
-  L'accès n'est pour l'instant disponible qu'en IPv4.
-  <br><br>
-  SHA-256 des clés du serveur :
-  <br>Ed25519 : <code>MHwU49oafgq4jY6whUy2INWHMrs+uz4A0j+gsQEgho8</code>
-  <br>RSA : <code>6wWSPLxqns4ZKtnqzv7ch3k/R2ztPgDiCr4c0B/I/mw</code>
-  <br>ECDSA : <code>XMwGgdngT+MZPlndX7rB9CchjPRiJD3SPHKj18qYcPA</code>
-  <br>N'acceptez la connexion que si votre client vous montre les mêmes !
+  <dl>
+    <dt>Utilisataire</dt>
+    <dd>
+      <code><?= $_SESSION['username'] ?></code>
+    </dd>
+
+    <dt>Clé de passe</dt>
+    <dd>
+      celle que vous avez définit lors de l'activation de l'accès <abbr title="SSH File Transfert Protocol">SFTP</abbr>
+    </dd>
+
+    <dt>Serveur</dt>
+    <dd>
+      <code>sftp.niver.atope.art</code>
+    </dd>
+
+    <dt>Port</dt>
+    <dd>
+      <code>22</code> (par défaut)
+    </dd>
+
+    <dt>Dossier</dt>
+    <dd>
+      <code>/</code>
+    </dd>
+  </dl>
+
+  <div>
+    <a href="sftp://<?= $_SESSION['username'] ?>@sftp.niver.atope.art/">sftp://<?= $_SESSION['username'] ?>@sftp.niver.atope.art/</a>
+  </div>
+
+  <p>
+    L'accès n'est disponible qu'en IPv4.
+  </p>
+
+  <section>
+    <h2>Vérifier la connexion</h2>
+    <section>
+      <h3>Ed25519</h3>
+      <ul>
+        <li>
+          <code class="breakable">
+            SHA256:PfpB9Kk0HsOs1tWTcEu9UrPZfBXIFmdtpYOzGisGIxU
+          </code>
+        </li>
+        <li>
+          <code class="breakable">
+            AAAAC3NzaC1lZDI1NTE5AAAAIMpq93hAU4YKOLIXg601bZVCxwqZFZRnaQlv6gAMdfXV
+          </code>
+        </li>
+        <li>
+          <details>
+            <summary>Image ASCII</summary>
+            <samp>
+              <pre>
+--[ED25519 256]--+
+|      E     ..o++|
+|       .     =oo+|
+|      .   . = =+o|
+|     .   = . O.=B|
+|    . o S % =.=++|
+|     . o B @  ...|
+|        * B      |
+|       o o .     |
+|          .      |
+----[SHA256]-----+
+              </pre>
+            </samp>
+          </details>
+        </li>
+      </ul>
+    </section>
+    <section>
+      <h3>RSA 3072 bits</h3>
+      <ul>
+        <li>
+          <code class="breakable">
+            SHA256:HL4+Jq9TqE8ZLkW/2oqUvpPuz5kFkewK0hvtcaGvhH8
+          </code>
+        </li>
+        <li>
+          <details>
+            <summary>Clé publique</summary>
+            <code class="breakable">
+              AAAAB3NzaC1yc2EAAAADAQABAAABgQCicjbcL33w1RLUvtgMQjsuMCImp+ZNhYz24RcEO4OzBjDaHg0viQMXgkE9y68J0XVSRKMOQDaPHl6z+Q0xa9P0lnPZxSD+mhmGxjNtOPMoPueidEonvfc48MFgHL8nErvX5+hf9hLROPPBYMlMF2GgK4X/VT6AtIQWuU9E3Wm67+VBH31CCzVh2YUG7FJCQK/AwIsOcDC4ZDOorLu7NXd+bcuqdrleYJsqrirVTQh4zXe3hFdzZepgB44hyKd5YpWIVv6eCVfWNCjFG5D3+I5f8ivsNl9gh5DCLQY+iudl+j5pzImSZVC1Rogn42l8cG5Bg6fqyugWAvIwSUiajB9d2wCidL0o+HpdpHh1gOC08/G9DFj6gtNhaerEitRAGAYVZu1IGVJqaJyG8TGByoDoNVKh7zQu7B7lyy+yDa3Y9LpLoA1Mdux22zDQXkM99C/Q7XBlHSCC/STx0ugO8H5Nbjr9eIK0FBt3UI2Y29SOU5YxoOCx4i3c7k61Jy9NnF0=
+            </code>
+          </details>
+        </li>
+        <li>
+          <details>
+            <summary>Image ASCII</summary>
+            <samp>
+              <pre>
+---[RSA 3072]----+
+|                 |
+|     . .         |
+|      * .        |
+| . . + * .       |
+|. + + *.S        |
+| . * O.+.o       |
+|  o Bo=.+        |
+|   =+*EBo        |
+|   oO*XB+.       |
+----[SHA256]-----+
+              </pre>
+            </samp>
+          </details>
+        </li>
+      </ul>
+    </section>
+    N'acceptez la connexion que si votre client vous montre les mêmes !
+  </section>
  <br>
 <?php
 } else {
--- a/inc/all.inc.php
+++ b/inc/all.inc.php
@ -33,16 +33,20 @@ function checkPassword($username, $password) {
 }

 function userExist($username) {
-  $username2[0] = $username;
+  $usernameArray[0] = $username;

  $db = new PDO('sqlite:' . DB_PATH);

  $op = $db->prepare('SELECT username FROM users WHERE username = ?');
-  $op->execute($username2);
+  $op->execute($usernameArray);

-  $dbUsername = $op->fetch()['username'];
+  $data = $op->fetch();
+  if (isset($data['username']))
+    $dbUsername = $data['username'];
+  else
+    $dbUsername = NULL;

-  if (isset($dbUsername) AND !is_null($dbUsername)) {
+  if (isset($dbUsername)) {
    return true;
  } else {
    return false;
--- a/inc/nginx/dns.template
+++ b/inc/nginx/dns.template
@ -1,27 +0,0 @@
-server {
-    listen 80;
-    listen [::]:80;
-    server_name DOMAIN;
-    return 301 https://DOMAIN$request_uri;
-}
-
-server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
-    server_name DOMAIN;
-    root /srv/hyper/USER/hyper/DIR;
-
-    ssl_certificate /etc/letsencrypt/live/host.atope.art/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/host.atope.art/privkey.pem;
-
-    access_log /var/log/nginx/DOMAIN-access.log;
-    error_log /var/log/nginx/DOMAIN-error.log;
-
-    include /etc/nginx/inc/intermediate.conf.inc;
-
-    default_type text/plain;
-
-    location / {
-        try_files $uri $uri.html $uri/ =404;
-    }
-}
--- a/inc/nginx/onion.template
+++ b/inc/nginx/onion.template
@ -1,9 +0,0 @@
-server {
-    listen [::1]:80;
-    server_name DOMAIN;
-    root /srv/hyper/USER/hyper/DIR;
-
-    location / {
-        try_files $uri $uri.html $uri/ =404;
-    }
-}
--- a/inc/ns.inc.php
+++ b/inc/ns.inc.php
@ -19,7 +19,10 @@ function nsListUserZones($username) {
  $op->execute($usernameArray);

  $data = $op->fetch();
-  $zone = $data['zone'];
+  if (isset($data['zone']))
+    $zone = $data['zone'];
+  else
+    $zone = NULL;

  $i = 0;

--- a/inc/reg.inc.php
+++ b/inc/reg.inc.php
@ -66,9 +66,9 @@ function regIsFree($domain) {
  $req = $db->prepare('SELECT domain FROM registry WHERE domain = ?');
  $req->execute($domainArray);

-  $domainFound = $req->fetch()['domain'];
+  $data = $req->fetch();

-  if (isset($domainFound)) {
+  if (isset($data['domain'])) {
    return false;
  } else {
    return true;
--- a/index.php
+++ b/index.php
@ -1,19 +1,22 @@
 <?php require "top.inc.php"; ?>

-<h2><a class="regButton" href="reg">Registre atope.art</a></h2>
-
-Demander l'attribution d'un sous-domaine d'atope.art
-
-<h2><a class="nsButton" href="ns">Serveurs de noms</a></h2>
-
-Utiliser les serveurs ns*.atope.art pour héberger ses zones de domaines
-
-<h2><a class="htButton" href="ht">Hypertexte</a></h2>
-
-Mettre en ligne son site statique sur un espace <abbr title="SSH File Transfert Protocol">SFTP</abbr>, et le faire répondre en <abbr title="HyperText Transfert Protocol">HTTP</abbr> sur des domaines ou par Tor
-
-<h2><a class="authButton" href="auth">Authentification</a></h2>
-
-Gérer son compte Niver
+<dl>
+  <dt><a class="regButton" href="reg">Registre atope.art</a></dt>
+  <dd>
+    Demander l'attribution d'un sous-domaine d'atope.art
+  </dd>
+  <dt><a class="nsButton" href="ns">Serveurs de noms</a></dt>
+  <dd>
+    Utiliser les serveurs ns*.atope.art pour héberger ses zones de domaines
+  </dd>
+  <dt><a class="htButton" href="ht">Hypertexte</a></dt>
+  <dd>
+    Mettre en ligne son site statique sur un espace <abbr title="SSH File Transfert Protocol">SFTP</abbr>, et le faire répondre en <abbr title="HyperText Transfert Protocol">HTTP</abbr> sur des domaines ou par Tor
+  </dd>
+  <dt><a class="authButton" href="auth">Authentification</a></dt>
+  <dd>
+    Gérer son compte Niver
+  </dd>
+</dl>

 <?php require "bottom.inc.php"; ?>
--- a/less/main.less
+++ b/less/main.less
@ -36,6 +36,9 @@ nav {
  margin-right: 20px;
 }

+a {
+  color: @authColor;
+}

 footer {
  margin-left: 20%;
@ -50,16 +53,18 @@ header {
  text-align: center;
 }

+p {
+  margin: 0px;
+  margin-bottom: 15px;
+}
+
 h2 {
  margin: 0px;
  padding: 0px;
 }

-a {
-  color: @mainColor;
-  ::selection {
-
-  }
+.breakable {
+  word-break: break-all;
 }

@media @light {
--- a/niver.log
+++ b/niver.log
@ -71,3 +71,32 @@
 status: exit code: 0
 stdout:
 stderr:
+
+2021-04-19 13:16:15 vase enabled SFTP on their account
+ status: exit code: 1
+ stdout:
+ stderr: useradd: cannot lock /etc/passwd; try again later.
+
+
+2021-04-19 14:02:51 douille enabled SFTP on their account
+ status: exit code: 1
+ stdout:
+ stderr: useradd: cannot lock /etc/passwd; try again later.
+
+
+2021-04-19 14:10:27 crypt enabled SFTP on their account
+ status: exit code: 1
+ stdout:
+ stderr: useradd: cannot lock /etc/passwd; try again later.
+
+
+2021-04-22 14:27:21 gnugnu enabled SFTP on their account
+ status: exit code: 1
+ stdout:
+ stderr: useradd: cannot lock /etc/passwd; try again later.
+
+2021-04-22 14:43:05 factorio enabled SFTP on their account
+ status: exit code: 1
+ stdout:
+ stderr: useradd: cannot lock /etc/passwd; try again later.
+ 
--- a/ns/index.php
+++ b/ns/index.php
@ -1,30 +1,58 @@
 <?php require "../top.inc.php"; ?>

-<h2><a class="nsButton" href="zone">Ajouter une zone</a></h2>
-Pour qu'elle soit gérée par le serveur de noms ns1.atope.art
-<h2><a class="nsButton" href="dnssec">Obtenir les enregistrements <abbr title="Delegation Signer">DS</abbr></a></h2>
-À indiquer à la zone parente pour activer <abbr title="Domain Name System Security Extensions">DNSSEC</abbr>
-<h2><a class="nsButton" href="ns">Enregistrement <abbr title="Name Server">NS</abbr></a></h2>
-Indiquer le serveur de noms d'une zone
-<h2><a class="nsButton" href="ip">Enregistrements A ou AAAA</a></h2>
-Indiquer l'adresse IP d'un domaine
-<h2><a class="nsButton" href="txt">Enregistrement TXT</a></h2>
-Associer du texte à un domaine
-<h2><a class="nsButton" href="tlsa">Enregistrement <abbr title="Transport Layer Security Association">TLSA</abbr></a></h2>
-Mettre en place <abbr title="DNS-based Authentication of Named Entities">DANE</abbr> en indiquant l'empreinte d'un certificat <abbr title="Transport Layer Security">TLS</abbr>
-<h2><a class="nsButton" href="caa">Enregistrement <abbr title="Certification Authority Authorization">CAA</abbr></a></h2>
-Indiquer les seules autorités de certifications autorisée à signer les domaines
-<h2><a class="nsButton" href="srv">Enregistrement SRV</a></h2>
-Indiquer un serveur pour un domaine
-<h2><a class="nsButton" href="mx">Enregistrement <abbr title="Mail eXchanger">MX</abbr></a></h2>
-Indiquer le serveur mail pour un domaine
-<h2><a class="nsButton" href="loc">Enregistrement LOC</a></h2>
-Indiquer la localisation physique d'un domaine
-<h2><a class="nsButton" href="sshfp">Enregistrement <abbr title="Secure SHell FingerPrint">SSHFP</abbr></a></h2>
-Indiquer les empreintes de clés <abbr title="Secure SHell">SSH</abbr> d'un domaine
-<h2><a class="nsButton" href="cname">Enregistrement <abbr title="Canonical NAME">CNAME</abbr></a></h2>
-Définir un domaine comme étant l'alias d'un autre
-<h2><a class="nsButton" href="dname">Enregistrement <abbr title="Delegation NAME">DNAME</abbr></a></h2>
-Définir les sous-domains d'un domaine comme étant les alias des sous-domaines d'un autre domaine
+<dl>
+  <dt><a class="nsButton" href="zone">Ajouter une zone</a></dt>
+  <dd>
+    Pour qu'elle soit gérée par le serveur de noms ns1.atope.art
+  </dd>
+  <dt><a class="nsButton" href="dnssec">Obtenir les enregistrements <abbr title="Delegation Signer">DS</abbr></a></dt>
+  <dd>
+    À indiquer à la zone parente pour activer <abbr title="Domain Name System Security Extensions">DNSSEC</abbr>
+  </dd>
+  <dt><a class="nsButton" href="ns">Enregistrement <abbr title="Name Server">NS</abbr></a></dt>
+  <dd>
+    Indiquer le serveur de noms d'une zone
+  </dd>
+  <dt><a class="nsButton" href="ip">Enregistrements A ou AAAA</a></dt>
+  <dd>
+    Indiquer l'adresse IP d'un domaine
+  </dd>
+  <dt><a class="nsButton" href="txt">Enregistrement TXT</a></dt>
+  <dd>
+    Associer du texte à un domaine
+  </dd>
+  <dt><a class="nsButton" href="tlsa">Enregistrement <abbr title="Transport Layer Security Association">TLSA</abbr></a></dt>
+  <dd>
+    Mettre en place <abbr title="DNS-based Authentication of Named Entities">DANE</abbr> en indiquant l'empreinte d'un certificat <abbr title="Transport Layer Security">TLS</abbr>
+  </dd>
+  <dt><a class="nsButton" href="caa">Enregistrement <abbr title="Certification Authority Authorization">CAA</abbr></a></dt>
+  <dd>
+    Indiquer les seules autorités de certifications autorisée à signer les domaines
+  </dd>
+  <dt><a class="nsButton" href="srv">Enregistrement SRV</a></dt>
+  <dd>
+    Indiquer un serveur pour un domaine
+  </dd>
+  <dt><a class="nsButton" href="mx">Enregistrement <abbr title="Mail eXchanger">MX</abbr></a></dt>
+  <dd>
+    Indiquer le serveur mail pour un domaine
+  </dd>
+  <dt><a class="nsButton" href="loc">Enregistrement LOC</a></dt>
+  <dd>
+    Indiquer la localisation physique d'un domaine
+  </dd>
+  <dt><a class="nsButton" href="sshfp">Enregistrement <abbr title="Secure SHell FingerPrint">SSHFP</abbr></a></dt>
+  <dd>
+    Indiquer les empreintes de clés <abbr title="Secure SHell">SSH</abbr> d'un domaine
+  </dd>
+  <dt><a class="nsButton" href="cname">Enregistrement <abbr title="Canonical NAME">CNAME</abbr></a></dt>
+  <dd>
+    Définir un domaine comme étant l'alias d'un autre
+  </dd>
+  <dt><a class="nsButton" href="dname">Enregistrement <abbr title="Delegation NAME">DNAME</abbr></a></dt>
+  <dd>
+    Définir les sous-domains d'un domaine comme étant les alias des sous-domaines d'un autre domaine
+  </dd>
+</dl>

 <?php require "../bottom.inc.php"; ?>
--- a/ns/zone.php
+++ b/ns/zone.php
@ -20,13 +20,19 @@ if (isset($_POST['domain']) AND isset($_SESSION['username'])) {

  $stmt->execute();

-  exec("cp /var/lib/knot/zones/template /var/lib/knot/zones/" . $_POST['domain'] . "zone");
-  exec("sed -i 's/DOMAIN/" . $_POST['domain'] . "/g' /var/lib/knot/zones/" . $_POST['domain'] . "zone");
+  $knotConf = file_get_contents(NIVER_TEMPLATE_PATH . "/knot.template");
+  $knotConf = preg_replace("/DOMAIN/", $_POST['domain'], $knotConf);
+  file_put_contents(KNOT_ZONES_PATH . "/" . $_POST['domain'] . "zone", $knotConf);
+
+  // Previous system
+  //exec("cp /var/lib/knot/zones/template /var/lib/knot/zones/" . $_POST['domain'] . "zone");
+  //exec("sed -i 's/DOMAIN/" . $_POST['domain'] . "/g' /var/lib/knot/zones/" . $_POST['domain'] . "zone");

  exec(KNOTC_PATH . " conf-begin");
  exec(KNOTC_PATH . " conf-set 'zone[" . $_POST['domain'] . "]'");
-  exec(KNOTC_PATH . " conf-set 'zone[" . $_POST['domain'] . "].file' '" . $_POST['domain'] . "zone'");
-  exec(KNOTC_PATH . " conf-commit");
+  exec(KNOTC_PATH . " conf-set 'zone[" . $_POST['domain'] . "].template' 'niver'");
+  exec(KNOTC_PATH . " conf-commit";
+
  echo "La requête a été traitée.";

 }
--- a/reg/index.php
+++ b/reg/index.php
@ -1,12 +1,22 @@
 <?php include "../top.inc.php"; ?>

-<h2><a class="regButton" href="register">Enregistrer un nouveau nom de domaine</a></h2>
-Prendre possession d'un sous-domaine d'atope.art
-<h2><a class="regButton" href="ns">Enregistrement <abbr title="Name Server">NS</abbr></a></h2>
-Indiquer les serveurs de noms de son sous-domaine d'atope.art
-<h2><a class="regButton" href="ds">Enregistrement <abbr title="Delegation Signer">DS</abbr></a></h2>
-Déléguer la confiance <abbr title="Domain Name System Security Extensions">DNSSEC</abbr>
-<h2><a class="regButton" href="glue">Glue Record</a></h2>
-Indiquer les IP de ses serveurs de noms de son sous-domaine d'atope.art dont les adresses se trouvent sur ce même sous-domaine
+<dl>
+  <dt><a class="regButton" href="register">Enregistrer un nouveau nom de domaine</a></dt>
+  <dd>
+    Prendre possession d'un sous-domaine d'atope.art
+  </dd>
+  <dt><a class="regButton" href="ns">Enregistrement <abbr title="Name Server">NS</abbr></a></dt>
+  <dd>
+    Indiquer les serveurs de noms de son sous-domaine d'atope.art
+  </dd>
+  <dt><a class="regButton" href="ds">Enregistrement <abbr title="Delegation Signer">DS</abbr></a></dt>
+  <dd>
+    Déléguer la confiance <abbr title="Domain Name System Security Extensions">DNSSEC</abbr>
+  </dd>
+  <dt><a class="regButton" href="glue">Glue Record</a></dt>
+  <dd>
+    Indiquer les IP de ses serveurs de noms de son sous-domaine d'atope.art dont les adresses se trouvent sur ce même sous-domaine
+  </dd>
+</dl>

 <?php include "../bottom.inc.php"; ?>
--- a/reg/ns.php
+++ b/reg/ns.php
@ -43,9 +43,12 @@ if (isset($_POST['domain']) AND isset($_POST['action']) AND isset($_POST['ns'])

  $suffix = regGetSuffix($_POST['domain']);

-  exec(KNOTC_PATH . " zone-begin " . $suffix);
-  exec(KNOTC_PATH . " zone-" . $action . "set " . $suffix . " " . $_POST['domain'] . " 86400 NS " . $_POST['ns']);
-  exec(KNOTC_PATH . " zone-commit " . $suffix);
+  exec(KNOTC_PATH . " zone-begin " . $suffix, $output);
+  var_dump($output);
+  exec(KNOTC_PATH . " zone-" . $action . "set " . $suffix . " " . $_POST['domain'] . " 86400 NS " . $_POST['ns'], $output);
+  var_dump($output);
+  exec(KNOTC_PATH . " zone-commit " . $suffix, $output);
+  var_dump($output);
  echo "Enregistrement NS ajouté";
 }

--- a/top.inc.php
+++ b/top.inc.php
@ -2,40 +2,43 @@
 if (strpos($_SERVER['PHP_SELF'], "inc.php") !== false)
  exit("This file is meant to be included.");

+define("USERNAME_REGEX", "^[a-z]{4,32}$");
+define("PASSWORD_REGEX", "^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])[a-zA-Z0-9]{8,1024}|.{10,1024}$");
+define("SUBDOMAIN_REGEX", "^[a-z]{4,63}$");
+
+define("PREFIX", "/pmkdel"); // Prefix in the URL, if any
+define("ROOT_PATH", "/srv/http/niver" . PREFIX); // Niver directory
+define("DB_PATH", ROOT_PATH . "/db/niver.db"); // Niver SQLite database
+define("KNOTC_PATH", "/usr/sbin/knotc"); // Binary file
+define("KEYMGR_PATH", "/usr/sbin/keymgr"); // Binary file
+define("NGINX_CONFIG_PATH", "/etc/nginx/hyper"); // Config directory
+define("TOR_CONFIG_PATH", "/etc/tor/torrc"); // Config file
+define("KNOT_ZONES_PATH", "/var/lib/knot/zones"); // Zones directory
+define("TOR_KEYS_PATH", "/var/lib/tor/niver"); // Keys directory
+define("SUDO_PATH", "/usr/bin/sudo"); // Binary file
+define("LS_PATH", "/usr/bin/ls"); // Binary file
+define("NIVER_TEMPLATE_PATH", "/usr/local/share/niver"); // Templates directory (skel, nginx, knot...)
+define("MANIVER_PATH", "/usr/local/bin/maniver"); // Binary file
+// The mountpoint of the hypertext storage partition (that will be accessed over SFTP)
+define("HT_PATH", "/srv/ht");
+
+define("SERVICE", substr(dirname($_SERVER['PHP_SELF']), strlen(PREFIX) + 1));
+define("PAGE", basename($_SERVER['PHP_SELF'], '.php'));
+
 session_start([
  'name' => 'niver',
  'sid_length' => 64,
  'cookie_secure' => true,
  'cookie_httponly' => true,
  'cookie_samesite' => 'Strict',
-  'cookie_lifetime' => 604800,
-  'gc_maxlifetime' => 604800,
+  'cookie_path' => PREFIX . '/',
+  'cookie_lifetime' => 432000, // = 60*60*24*5 = 5 days
+  'gc_maxlifetime' => 10800,
  'use_strict_mode' => true,
  'use_cookies' => true,
  'use_only_cookies' => true,
 ]);

-define("USERNAME_REGEX", "^[a-z]{4,32}$");
-define("PASSWORD_REGEX", "^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])[a-zA-Z0-9]{8,1024}|.{10,1024}$");
-define("SUBDOMAIN_REGEX", "^[a-z]{4,63}$");
-
-define("PREFIX", "/eltrode"); // Prefix in the URL, if any
-define("ROOT_PATH", "/srv/http/niver" . PREFIX); // Niver directory
-define("DB_PATH", ROOT_PATH . "/db/niver.db"); // Niver SQLite database
-define("KNOTC_PATH", "/usr/sbin/knotc"); // Binary file
-define("KEYMGR_PATH", "/usr/sbin/keymgr"); // Binary file
-define("NGINX_CONFIG_PATH", "/etc/nginx/hyper"); // Config directory
-define("TOR_CONFIG_PATH", "/etc/tor/torrc"); // Config file
-define("TOR_KEYS_PATH", "/var/lib/tor/niver"); // Keys directory
-define("SUDO_PATH", "/usr/bin/sudo"); // Binary file
-define("LS_PATH", "/usr/bin/ls"); // Binary file
-define("MANIVER_PATH", "/usr/local/bin/maniver"); // Binary file
-// The mountpoint of the hypertext storage partition (that will be accessed over SFTP)
-define("HT_PATH", "/srv/ht");
-
-define("SERVICE", substr(dirname($_SERVER['PHP_SELF']), strlen(PREFIX) + 1));
-define("PAGE", basename($_SERVER['PHP_SELF'], '.php'));
-
 if (SERVICE != "auth" AND !isset($_SESSION['username'])) {
  header('Location: ' . PREFIX . '/auth/login?redir=' . SERVICE . "/" . PAGE, true, 302);
  exit;
@ -55,21 +58,6 @@ $theme = array(
  'darkColor' => '#2a2a2a',
 );

-switch (SERVICE) {
-  case "ht":
-    $theme = array('mainColor' => $theme['htColor']) + $theme;
-  break;
-  case "reg":
-    $theme = array('mainColor' => $theme['regColor']) + $theme;
-  break;
-  case "ns":
-    $theme = array('mainColor' => $theme['nsColor']) + $theme;
-  break;
-  default:
-    $theme = array('mainColor' => $theme['authColor']) + $theme;
-  break;
-}
-
 require "inc/all.inc.php";
 require "inc/format.inc.php";
 require "inc/ht.inc.php";
@ -130,3 +118,4 @@ $cssFileName = Less_Cache::Get($absoluteLessFiles, $options, $theme);
      <?php } ?>

    </header>
+    <main>