Merge branch 'master' into doc

Conflicts: testing.sh

Merge branch 'master' into doc
Conflicts: testing.sh
f3c17011 · Daniel STAN · 0bcd2de6 · ee688f8d · f3c17011 · f3c17011
Commit f3c17011 authored Mar 30, 2016 by Daniel STAN
39 changed files
--- a/admin/mail_invalide/mail_invalide.py
+++ b/admin/mail_invalide/mail_invalide.py
@@ -140,7 +140,7 @@ if __name__ == "__main__":
                    #print ".forward non-accessible : %s" % e
                    pass
                except IndexError as e:
-                    print "Home existant mais pas d'adhérent ldap : %s" % e
+                    print "Home %s existant mais pas d'adhérent ldap : %s" % (uid, e)

    a_imprimer = []
    a_verifier = []
@@ -180,7 +180,7 @@ if __name__ == "__main__":
        print " * Recherche de %s ..." % adresse
        # Est-ce un .forward ?

-        if addresse in forwards.iterkeys():
+        if adresse in forwards.iterkeys():
            res = ldap.search(u"uid=%s" % forwards[adresse], mode='rw')
            if len(res) == 0:
                print "*** Erreur : aucun résultat pour uid=%s" % forwards[adresse]

--- a/bin/all/irc
+++ b/bin/all/irc
+#!/bin/bash
+
+# oneliner destiné à être symlinké depuis /usr/bin/irc
+# pour que tout le monde puisse facilement utiliser
+# WeeChat dans un screen
+
+screen -rd IRC || screen -S IRC weechat
--- a/gestion/config/config.py
+++ b/gestion/config/config.py
@@ -702,17 +702,6 @@ accueil_route = {
            'zamok.crans.org',
        ],
    },
-    '138.231.136.67' : {
-        'tcp' : [
-            '80',
-            '443',
-        ],
-        'hosts' : [
-            'www.crans.org',
-            'wiki.crans.org',
-            'wifi.crans.org',
-        ],
-    },
    '138.231.136.98' : {
        'tcp' : [
            '20',
@@ -729,7 +718,7 @@ accueil_route = {
            'ftp.crans.org',
        ],
    },
-    '138.231.136.130' : {
+    '138.231.136.145' : {
        'tcp' : [
            '80',
            '443',
@@ -737,17 +726,13 @@ accueil_route = {
        'hosts' : [
            'intranet2.crans.org',
            'intranet.crans.org',
-        ],
-    },
-    '138.231.136.18' : {
-        'tcp' : [
-            '80',
-            '443',
-        ],
-        'hosts' : [
            'cas.crans.org',
            'login.crans.org',
            'auth.crans.org',
+            'wifi.crans.org',
+            'ftps.crans.org',
+            'www.crans.org',
+            'wiki.crans.org',
        ],
    },
    '213.154.225.236' : {

--- a/gestion/config/dns.py
+++ b/gestion/config/dns.py
@@ -59,6 +59,7 @@ zones_direct = [
    'clubs.ens-cachan.fr',
    'adm.crans.org',
    'crans.eu',
+    'crans.fr',
    'wifi.crans.eu',
    'tv.crans.org',
    'ap.crans.org',
@@ -84,6 +85,7 @@ zones_dnssec = [
 zone_alias = {
    'crans.org' : [
        'crans.eu',
+        'crans.fr',
    ],
 }


--- a/gestion/config/impression.py
+++ b/gestion/config/impression.py
@@ -17,7 +17,7 @@ decouvert = 0.

 ## Variables de prix (tout est exprimé en centimes)

-#: Coût de l'imprimante
+#: Coût de l'imprimante rabbatu sur 600k impressions
 #:
 #: Donc ammortissement
 amm = 2.16

--- a/gestion/config/letsencrypt.py
+++ b/gestion/config/letsencrypt.py
+config_template = """# This is an example of the kind of things you can do in a configuration file.
+# All flags used by the client can be configured here. Run Let's Encrypt with
+# "--help" to learn more about the available options.
+
+# Use a 4096 bit RSA key instead of 2048
+rsa-key-size = 4096
+
+# Always use the staging/testing server
+# server = https://acme-staging.api.letsencrypt.org/directory
+# server = https://acme-v01.api.letsencrypt.org/directory
+
+# Uncomment and update to register with the specified e-mail address
+email = root@crans.org
+
+# Uncomment to use a text interface instead of ncurses
+text = True
+
+# Uncomment to use the standalone authenticator on port 443
+# authenticator = standalone
+# standalone-supported-challenges = tls-sni-01
+
+# Uncomment to use the webroot authenticator. Replace webroot-path with the
+# path to the public_html / webroot folder being served by your web server.
+authenticator = %(authenticator)s
+webroot-path = /usr/share/nginx/html/
+
+standalone-supported-challenges = http-01
+
+domains = %(domains)s
+"""
--- a/gestion/config/proxy.py
+++ b/gestion/config/proxy.py
@@ -6,10 +6,98 @@

 #### Conf nginx des proxy gérées à la main

-non_sites_auto = [u"discourse.crans.org", u"impression.crans.org", u"factures.crans.org", u"accounts.crans.org", u"intranet2.crans.org"]
+non_sites_auto = {
+    u"discourse.crans.org",
+}

 max_upload = {
    u"intranet.crans.org" : "160M",
    u"owncloud.crans.org" : "10G",
 }

+#: Redirection "host": "url"
+sites_redirect = {
+    "impression.crans.org": "https://intranet.crans.org/impressions",
+    "factures.crans.org": "https://intranet.crans.org/factures",
+    "accounts.crans.org": "https://intranet.crans.org/compte",
+    "intranet2.crans.org": "https://intranet.crans.org",
+    "autostatus.crans.org": "https://www.crans.org/CransNounous/AutoStatus",
+    "wikipedia.crans.org": "https://wiki.crans.org",
+    "crans.org": "https://www.crans.org",
+    "install-party.ens-cachan.fr": "https://install-party.crans.org",
+    "www.install-party.ens-cachan.fr": "https://install-party.crans.org",
+    "adopteunpingouin.crans.org": "https://install-party.crans.org",
+    "i-p.crans.org": "https://install-party.crans.org",
+    "hostnames-a-m.crans.org": "https://proxy.crans.org",
+    "hostnames-n-z.crans.org": "https://proxy.crans.org",
+    "task.crans.org": "https://phabricator.crans.org",
+}
+
+
+def server_name_to_cert_name(serveur):
+    """
+        A un nom de domain, on associe le certificat correspondant.
+        Retourne None si le certificat n'est pas trouvé.
+    """
+    if serveur.endswith(".ens-cachan.fr") or serveur == "ens-cachan.fr":
+        return "crans.ens-cachan.fr"
+    elif serveur.endswith(".crans.org") or serveur == "crans.org":
+        if serveur[0] <= 'm' and serveur != "hostnames-n-z.crans.org":
+            return "hostnames-a-m.crans.org"
+        else:
+            return "hostnames-n-z.crans.org"
+    elif serveur.endswith(".crans.fr") or serveur == "crans.fr":
+        if serveur[0] <= 'm' and serveur != "hostnames-n-z.crans.fr":
+            return "hostnames-a-m.crans.fr"
+        else:
+            return "hostnames-n-z.crans.fr"
+    elif serveur.endswith(".crans.eu") or serveur == "crans.eu":
+        if serveur[0] <= 'm' and serveur != "hostnames-n-z.crans.eu":
+            return "hostnames-a-m.crans.eu"
+        else:
+            return "hostnames-n-z.crans.eu"
+
+
+site_template = """server {
+    server_name %(serveur)s;
+    include "snippets/proxy-common.conf";
+
+    return 302 https://$host$request_uri;
+}
+
+server {
+    include "snippets/proxy-common-ssl.conf";
+    server_name %(serveur)s;
+
+    ssl_certificate /etc/letsencrypt/live/%(cert_name)s/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/%(cert_name)s/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/%(cert_name)s/chain.pem;
+    %(max_body_size)s
+    location / {
+        proxy_redirect off;
+        proxy_pass http://%(proxy_pass)s;
+        proxy_set_header Host %(serveur)s;
+        proxy_set_header P-Real-IP $remote_addr;
+    }
+
+}
+"""
+
+site_redirect_template = """server {
+    server_name %(serveur)s;
+    include "snippets/proxy-common.conf";
+
+    return 302 %(redirect)s$request_uri;
+}
+
+server {
+    include "snippets/proxy-common-ssl.conf";
+    server_name %(serveur)s;
+
+    ssl_certificate /etc/letsencrypt/live/%(cert_name)s/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/%(cert_name)s/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/%(cert_name)s/chain.pem;
+
+    return 302 %(redirect)s$request_uri;
+}
+"""
--- a/gestion/config/tv.py
+++ b/gestion/config/tv.py
@@ -6,7 +6,7 @@ SAP_MCAST_PORT = 9875
 SAP_FILE_TXT = "/usr/scripts/var/tv/sap.txt"
 SAP_FILE_PIC = "/usr/scripts/var/tv/sap.pickel"

-BASE_IMAGE_URL = "http://tv.crans.org/images/"
+BASE_IMAGE_URL = "https://tv.crans.org/images/"
 IMAGE_SUFFIX = ".jpg"
 SMALL_IMAGE_SUFFIX = "_petites.jpg"

--- a/gestion/ethercodes.dat
+++ b/gestion/ethercodes.dat
--- a/gestion/gen_confs/dhcpd_new.py
+++ b/gestion/gen_confs/dhcpd_new.py
@@ -27,8 +27,8 @@ hostname = gethostname().split(".")[0]

 class dydhcp:
    def __init__(self, server):
-        self.dhcp_omapi_keyname = secrets.get('dhcp_omapi_keyname')
-        self.dhcp_omapi_key = secrets.get('dhcp_omapi_keys')[server]
+        self.dhcp_omapi_keyname = str(secrets.get('dhcp_omapi_keyname'))
+        self.dhcp_omapi_key = str(secrets.get('dhcp_omapi_keys')[server])
        self.server = server.lower()

    def add_host(self, ip, mac,name=None):

--- a/gestion/gen_confs/firewall4/komaz.py
+++ b/gestion/gen_confs/firewall4/komaz.py
@@ -27,6 +27,7 @@ class firewall(base.firewall_routeur):
            'limitation_debit' : self.limitation_debit,
            'limit_ssh_connexion' : self.limit_ssh_connexion,
            'tunnel_6in4' : self.tunnel_6in4,
+            'challenge_letsencrypt': self.challenge_letsencrypt,
        })

        self.use_ipset.extend([self.blacklist_soft, self.blacklist_upload, self.reseaux_non_routable])
@@ -43,7 +44,7 @@ class firewall(base.firewall_routeur):
        })

        # Portail captif/blacklist soft: ipset des gens ayant cliqué pour continuer à naviguer
-        self.ipset['confirmation'] = base.Ipset("CONFIRMATION", "hash:ip", "")
+        self.ipset['confirmation'] = base.Ipset("CONFIRMATION", "hash:ip", "timeout 3600")

        # Ouvertures de ports temporaires
        self.ipset['ip_port_tmp'] = base.Ipset("IP-PORT-TMP", "hash:ip,port", "timeout 3600")
@@ -130,6 +131,7 @@ class firewall(base.firewall_routeur):

        chain = 'PREROUTING'
        self.add(table, chain, '-j %s' % self.ssh_on_https(table))
+        self.add(table, chain, '-j %s' % self.challenge_letsencrypt(table))
        self.add(table, chain, '-j %s' % self.connexion_secours(table))
        self.add(table, chain, '-j %s' % self.blacklist_soft(table))
        self.add(table, chain, '-j %s' % self.blacklist_hard(table))
@@ -284,6 +286,26 @@ class firewall(base.firewall_routeur):
            self.apply(table, chain)
        return chain

+    def challenge_letsencrypt(self, table=None, apply=False):
+        """PNAT des request de challenge letsencrypt vers bakdaur ou frontdaurk"""
+        chain = "CHALLENGE-LESENCRYPT"
+
+        if table == 'nat':
+            pretty_print(table, chain)
+
+            bakdaur = self.conn.search(u"host=bakdaur.crans.org")[0]
+            frontdaur = self.conn.search(u"host=frontdaur.crans.org")[0]
+
+            self.add(table, chain, '-m condition ! --condition challenge-letsencrypt -j RETURN')
+            for net in (base.config.NETs['serveurs'] + base.config.NETs['wifi-serveurs']):
+                self.add(table, chain, '-p tcp -d %s --dport 80 -m condition --condition challenge-letsencrypt-bakdaur -j DNAT --to-destination %s:81' % (net, bakdaur['ipHostNumber'][0]))
+                self.add(table, chain, '-p tcp -d %s --dport 80 -m condition ! --condition challenge-letsencrypt-bakdaur -j DNAT --to-destination %s:81' % (net, frontdaur['ipHostNumber'][0]))
+            print OK
+
+        if apply:
+            self.apply(table, chain)
+        return chain
+
    def connexion_appartement(self, table=None, apply=False):
        """PNAT les appartements derrière appartement.crans.org"""
        chain = 'CONNEXION-APPARTEMENT'

--- a/gestion/gen_confs/pxeboot/config
+++ b/gestion/gen_confs/pxeboot/config
@@ -16,26 +16,17 @@ WGETOPT="-4"
 OWN_IP="$1"
 /etc/init.d/nfs-kernel-server stop

-# Définitions spécifiques au Sys Rescue CD
-SYSRCCD_ARCHS=""
-SYSRCCD_FTP="http://ftp.crans.org/pub/distributions/linux/systemrescuecd"
-
 # Définitions spécifiques à Debian
-DEBIAN_DISTS="squeeze wheezy jessie"
+DEBIAN_DISTS="wheezy jessie"
 DEBIAN_ARCHS="i386 amd64"
 DEBIAN_FTP="ftp://ftp.crans.org/debian/dists"

-#Image debian custom avec plus de drivers : http://kmuto.jp/debian/d-i/
-DEBIAN_BACKPORT_DISTS=""
-DEBIAN_BACKPORT_ARCHS="i386 amd64"
-DEBIAN_BACKPORT_FTP="ftp://cdimage.debian.org/cdimage/unofficial/backports/"
-
 # Définitions spécifiques à Ubuntu
-UBUNTU_DISTS="precise trusty vivid wily"
+UBUNTU_DISTS="trusty vivid wily"
 UBUNTU_ARCHS="i386 amd64"
 UBUNTU_FTP="ftp://ftp.crans.org/ubuntu/dists"

-UBUNTU_LIVE="12.04 14.04 15.04 15.10"
+UBUNTU_LIVE="14.04 15.04 15.10"
 # il faut modifier le nfs (ajouter la sortie de export_ubuntu_live
 # à /etc/exports) et mettre les images dans $ISODIR/ubuntu/ puis
 # les monter dans $TFTPROOT/livecd/ubuntu/$dist-$arch avec
@@ -45,11 +36,6 @@ UBUNTU_LIVE="12.04 14.04 15.04 15.10"
 UBUNTU_LIVE_TYPE="ubuntu xubuntu kubuntu"
 UBUNTU_LIVE_ARCHS="i386 amd64"

-# Définitions spécifiques à Mandriva
-MANDRIVA_DISTS=""
-MANDRIVA_ARCHS="i586 x86_64"
-MANDRIVA_FTP="ftp://ftp.free.fr/mirrors/ftp.mandriva.com/MandrivaLinux/official"
-
 # Définitions spécifiques à CentOS
 CENTOS_DISTS="6.5 6.6"
 CENTOS_ARCHS="i386 x86_64"
@@ -59,23 +45,3 @@ CENTOS_FTP="ftp://mirror.in2p3.fr/pub/linux/CentOS"
 FEDORA_DISTS="23"
 FEDORA_ARCHS="i386 x86_64"
 FEDORA_FTP="ftp://ftp.free.fr/mirrors/fedora.redhat.com/fedora/linux/"
-#
-## Définitions spécifiques à OpenSuse
-#OPENSUSE_DISTS="12.2 12.3 13.1 13.2"
-#OPENSUSE_ARCHS="i386 x86_64"
-#OPENSUSE_FTP="ftp://ftp.free.fr/mirrors/ftp.opensuse.org/opensuse/distribution/"
-
-# Définitions spécifiques à FreeBSD
-FREEBSD_DISTS=""
-FREEBSD_ARCHS="i386 amd64"
-FREEBSD_FTP="ftp://ftp.fr.freebsd.org/pub/FreeBSD/"
-
-# Définition spécifiques à NetBSD
-#~ NETBSD_DIST="5.1 6.0"
-#~ NETBSD_ARCHS="i386 amd64"
-#~ NETBSD_FTP="ftp://iso.fr.netbsd.org/pub/NetBSD"
-
-# Définitions spécifiques à OpenBSD
-OPENBSD_DIST=""
-OPENBSD_ARCHS="i386 amd64"
-OPENBSD_FTP="ftp://ftp.crans.org/pub/OpenBSD"
--- a/gestion/gen_confs/pxeboot/mountpxe
+++ b/gestion/gen_confs/pxeboot/mountpxe
+#!/bin/bash
+
+mount charybde.adm:/var/lib/tftpboot/ /var/lib/tftpboot/
+for i in /var/lib/tftpboot/livecd/ubuntu/*; do mount charybde:$i $i; done
+/etc/init.d/tftpd-hpa restart
--- a/gestion/gen_confs/pxeboot/pxeboot
+++ b/gestion/gen_confs/pxeboot/pxeboot
@@ -31,13 +31,15 @@ mkdir -vp $TMPDIR
 #mkdir -vp $TFTPROOT/pxelinux.cfg
 #
 ##############################################
-#cp $SKELETON/pxelinux.0 $TFTPROOT/
+# Copie des fichiers de base pour le PXE
 cp -ra $SKELETON $TFTPROOT
-#On redémarre de tftp
+# On redémarre de tftp
 /etc/init.d/tftpd-hpa restart
 ##############################################


+# Génération du fichier de configuration PXELINUX pour BIOS
+
 cat > $TFTPROOT/pxelinux.cfg/default << EOF
 include /boot-screens/menu.cfg
 default /boot-screens/vesamenu.c32
@@ -70,40 +72,35 @@ label bootlocal

 EOF

-###########################
-#      sysrescuecd        #
-###########################
-for arch in $SYSRCCD_ARCHS; do
-    mkdir -p $TFTPROOT/sysrescuecd/$arch/
-    wget $WGETOPT -c $SYSRCCD_FTP/image/isolinux/initram.igz -O $TFTPROOT/sysrescuecd/$arch/initram.igz
-    wget $WGETOPT -c $SYSRCCD_FTP/image/isolinux/rescue`echo $arch | sed -n 's/amd64/64/p'` -O $TFTPROOT/sysrescuecd/$arch/rescue
-done
+# Génération du fichier de configuration GRUB pour le PXE avec UEFI

-if [[ $SYSRCCD_ARCHS != "" ]]; then
-cat >> $TFTPROOT/boot-screens/menu.cfg << EOF
-menu begin sysrescuecd
-    menu title Sysrescue Cd
-    label mainmenu
-        menu label ^Back..
-        menu exit
-EOF
+cat > $TFTPROOT/efi/grub.cfg << EOF
+set default="0"

-for arch in $SYSRCCD_ARCHS; do
-cat >> $TFTPROOT/boot-screens/menu.cfg << EOF
-        label Sysrescuecd $arch
-         kernel sysrescuecd/$arch/rescue
-         append initrd=sysrescuecd/$arch/initram.igz dodhcp setkmap=fr boothttp=$SYSRCCD_HTTP/image/sysrcd.dat --
-EOF
-done
+function load_video {
+    insmod efi_gop
+    insmod efi_uga
+    insmod ieee1275_fb
+    insmod vbe
+    insmod vga
+    insmod video_bochs
+    insmod video_cirrus
+}

-cat >> $TFTPROOT/boot-screens/menu.cfg << EOF
-menu end
-EOF
-fi
-###########################
-#     Fin sysrescuecd     #
-###########################
+load_video
+set gfxmode=auto
+terminal_output gfxterm
+insmod gzio
+insmod part_gpt
+insmod ext2
+
+set timeout=-1

+insmod font
+loadfont /efi/unicode.pf2
+set lang=fr_FR.UTF-8
+
+EOF

 ###########################
 #         DEBIAN          #
@@ -131,6 +128,8 @@ for dist in $DEBIAN_DISTS; do
    done
 done

+# Ajout des options PXE pour Debian (Legacy)
+
 cat >> $TFTPROOT/boot-screens/menu.cfg << EOF
 menu begin debian
      menu title Debian
@@ -219,83 +218,41 @@ done
 cat >> $TFTPROOT/boot-screens/menu.cfg << EOF
 menu end
 EOF
-###########################
-#       fin DEBIAN        #
-###########################
-

-###########################
-#     DEBIAN BACKPORT     #
-###########################
+# Ajout des options PXE pour Debian (UEFI)

-#rm -r $TMPDIR/netboot-debian-backport-* || true;
-for dist in $DEBIAN_BACKPORT_DISTS; do
-    for arch in $DEBIAN_BACKPORT_ARCHS; do
-	url=`wget $WGETOPT $DEBIAN_BACKPORT_FTP/$dist/ -O- | grep netboot | grep $arch | sort | tail -n 1 | sed 's/">/ /g;s/href="//;s@</a>@@' | awk '{print $6}'`
-        wget $WGETOPT -c $url -O $TMPDIR/netboot-debian-backport-$dist-$arch.tar.gz
-        mkdir -p $TMPDIR/netboot-debian-backport-$dist-$arch/
-        tar zxf $TMPDIR/netboot-debian-backport-$dist-$arch.tar.gz -C $TMPDIR/netboot-debian-backport-$dist-$arch/
-        mkdir -p $TFTPROOT/debian-backport-$dist/$arch
-        cp $TMPDIR/netboot-debian-backport-$dist-$arch/debian-installer/$arch/initrd.gz $TFTPROOT/debian-backport-$dist/$arch
-        cp $TMPDIR/netboot-debian-backport-$dist-$arch/debian-installer/$arch/linux $TFTPROOT/debian-backport-$dist/$arch
-    done
-done
+cat >> $TFTPROOT/efi/grub.cfg << EOF

-if [[ $DEBIAN_BACKPORT_DISTS != "" ]]; then
-cat >> $TFTPROOT/boot-screens/menu.cfg << EOF
-menu begin debian-backport
-      menu title Debian Backport
-      label mainmenu
-              menu label ^Back..
-              menu exit
+submenu 'Debian GNU/Linux --->' {
 EOF
-
-for dist in $DEBIAN_BACKPORT_DISTS; do
-cat >> $TFTPROOT/boot-screens/menu.cfg << EOF
-      menu begin debian-backport-$dist
-              menu title Debian Backport $dist
-              label mainmenu
-                      menu label ^Back..
-                      menu exit
+for dist in $DEBIAN_DISTS ; do
+    cat >> $TFTPROOT/efi/grub.cfg << EOF
+	submenu 'Debian $dist -->' {
 EOF
-for arch in $DEBIAN_BACKPORT_ARCHS; do
-cat >> $TFTPROOT/boot-screens/menu.cfg << EOF
-              menu begin debian-backport-$dist-$arch
-                      menu $arch
-                      label mainmenu
-                              menu label ^Back..
-                              menu exit
-                      DEFAULT install
-                      LABEL install
-                              kernel debian-backport-$dist/$arch/linux
-                              append vga=normal initrd=debian-backport-$dist/$arch/initrd.gz --
-                      LABEL expert
-                              kernel debian-backport-$dist/$arch/linux
-                              append priority=low vga=normal initrd=debian-backport-$dist/$arch/initrd.gz --
-                      LABEL rescue
-                              kernel debian-backport-$dist/$arch/linux
-                              append vga=normal initrd=debian-backport-$dist/$arch/initrd.gz rescue/enable=true --
-                      LABEL auto
-                              kernel debian-backport-$dist/$arch/linux
-                              append auto=true priority=critical vga=normal initrd=debian-backport-$dist/$arch/initrd.gz --
-              menu end
+    for arch in $DEBIAN_ARCHS ; do
+        cat >> $TFTPROOT/efi/grub.cfg << EOF
+		menuentry 'Debian $dist $arch' {
+			echo 'Chargement du noyau Linux ...'
+			linuxefi /debian-$dist/$arch/linux vmwgfx.enable_fbdev=1
+			echo 'Chargement du disque mémoire initial ...'
+			initrdefi /debian-$dist/$arch/initrd.gz
+		}
 EOF
-done
-cat >> $TFTPROOT/boot-screens/menu.cfg << EOF
-      menu end
-
+    done
+    cat >> $TFTPROOT/efi/grub.cfg << EOF
+    }
 EOF
-
 done

-cat >> $TFTPROOT/boot-screens/menu.cfg << EOF
-menu end
+    cat >> $TFTPROOT/efi/grub.cfg << EOF
+}
 EOF
-fi;
+
 ###########################
-#   fin DEBIAN BACKPORT   #
+#       fin DEBIAN        #
 ###########################

+
 ###########################
 #         UBUNTU          #
 ###########################
@@ -369,21 +326,6 @@ cat >> $TFTPROOT/boot-screens/menu.cfg << EOF
 menu end
 EOF

-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
 cat >> $TFTPROOT/boot-screens/menu.cfg << EOF
 menu begin ubuntu
      menu title Ubuntu
@@ -432,73 +374,64 @@ done
 cat >> $TFTPROOT/boot-screens/menu.cfg << EOF
 menu end
 EOF
-###########################
-#       fin UBUNTU        #
-###########################

-###########################
-#        Mandriva         #
-###########################
+# Ajout des options PXE pour Ubuntu (UEFI)
+
+cat >> $TFTPROOT/efi/grub.cfg << EOF

-if [[ $MANDRIVA_DISTS != "" ]]; then
-for dist in $MANDRIVA_DISTS; do
-    for arch in $MANDRIVA_ARCHS; do
-        mkdir -p $TFTPROOT/mandriva-$dist/$arch/
-        wget $WGETOPT -c $MANDRIVA_FTP/$dist/$arch/isolinux/alt0/all.rdz -O