Projekt

Allgemein

Profil

« Zurück | Weiter » 

Revision ec0cba6c

Von Enrique Morales vor mehr als 1 Jahr hinzugefügt

  • ID ec0cba6cadbaffb5c55fbaebc940b1e1223d338a
  • Vorgänger 414f1ecb

Ansible verzeichnis in scripts/ verschoben

Unterschiede anzeigen:

ansible/config-files/apache/000-default.conf
1
<VirtualHost *:80>
2
	# The ServerName directive sets the request scheme, hostname and port that
3
	# the server uses to identify itself. This is used when creating
4
	# redirection URLs. In the context of virtual hosts, the ServerName
5
	# specifies what hostname must appear in the request's Host: header to
6
	# match this virtual host. For the default virtual host (this file) this
7
	# value is not decisive as it is used as a last resort host regardless.
8
	# However, you must set it for any further virtual host explicitly.
9
	#ServerName www.example.com
10

  
11
	ServerAdmin webmaster@localhost
12
	DocumentRoot /var/www/html
13
	
14
	#erp
15
	AddHandler fcgid-script .fpl
16
	AliasMatch ^/kivitendo-erp/[^/]+\.pl /var/www/kivitendo-erp/dispatcher.fpl
17
	Alias       /kivitendo-erp/          /var/www/kivitendo-erp/
18

  
19
	<Directory /var/www/kivitendo-erp>
20
				AllowOverride All
21
				Options ExecCGI Includes FollowSymlinks
22
				Require all granted
23
	</Directory>
24

  
25
	<DirectoryMatch /var/www/kivitendo-erp/users>
26
			Order Deny,Allow
27
			Deny from All
28
	</DirectoryMatch> 
29
	#erp end	
30
	
31
	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
32
	# error, crit, alert, emerg.
33
	# It is also possible to configure the loglevel for particular
34
	# modules, e.g.
35
	#LogLevel info ssl:warn
36

  
37
	ErrorLog ${APACHE_LOG_DIR}/error.log
38
	CustomLog ${APACHE_LOG_DIR}/access.log combined
39

  
40
	# For most configuration files from conf-available/, which are
41
	# enabled or disabled at a global level, it is possible to
42
	# include a line for only one particular virtual host. For example the
43
	# following line enables the CGI configuration for this host only
44
	# after it has been globally disabled with "a2disconf".
45
	#Include conf-available/serve-cgi-bin.conf
46
</VirtualHost>
47

  
48
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
ansible/config-files/kivitendo.conf
1
[authentication]
2
# The cleartext password for access to the administrative part.  It
3
# can only be changed in this file, not via the administrative
4
# interface.
5
admin_password = admin123
6

  
7
# Which modules to use for authentication. Valid values are 'DB' and
8
# 'LDAP'. You can use multiple modules separated by spaces.
9
#
10
# Multiple LDAP modules with different configurations can be used by
11
# postfixing 'LDAP' with the name of the configuration section to use:
12
# 'LDAP:ldap_fallback' would use the data from
13
# '[authentication/ldap_fallback]'. The name defaults to 'ldap' if it
14
# isn't given.
15
#
16
# Note that the LDAP module doesn't support changing the password.
17
module = DB
18

  
19
# The cookie name can be changed if desired.
20
cookie_name = kivitendo_session_id
21

  
22
# The number of minutes a session is valid. The default value is eight
23
# hours.
24
session_timeout = 480
25

  
26
# The number of seconds to penalize failed login attempts. 0 disables
27
# it.
28
failed_login_penalty = 5
29

  
30
[authentication/database]
31
# Connection information for the database with the user and group
32
# inforamtion.  This information is always needed, even if LDAP is
33
# used for authentication, as the user information is stored in this
34
# database while LDAP is only used for password verification.
35
#
36
# If 'module' is set to 'DB' then this database also contains the
37
# users' passwords.
38
host     = 127.0.0.1
39
port     = 5432
40
db       = kivitendo_auth
41
user     = postgres
42
password =
43

  
44
[authentication/ldap]
45
# This section is only relevant if 'module' is set to 'LDAP'. It names
46
# the LDAP server the passwords are verified against by doing a LDAP
47
# bind operation.
48
#
49
# At least the parameters 'host', 'attribute' and 'base_dn' have to be
50
# specified.
51
#
52
# tls:       Activate encryption via TLS
53
# verify:    If 'tls' is used, how to verify the server's certificate.
54
#            Can be one of 'require' or 'none'.
55
# attribute: Name of the LDAP attribute containing the user's login name
56
# base_dn:   Base DN the LDAP searches start from
57
# filter:    An optional LDAP filter specification. The string '<%login%>'
58
#            is replaced by the user's login name before the search is started.
59
# bind_dn and bind_password:
60
#            If searching the LDAP tree requires user credentials
61
#            (e.g. ActiveDirectory) then these two parameters specify
62
#            the user name and password to use.
63
# timeout:   Timeout when connecting to the server in seconds.
64
#
65
# You can specify a fallback LDAP server to use in case the main one
66
# isn't reachable by duplicating this whole section as
67
# "[authentication/ldap_fallback]".
68
#
69
host          = localhost
70
port          = 389
71
tls           = 0
72
attribute     = uid
73
base_dn       =
74
filter        =
75
bind_dn       =
76
bind_password =
77
timeout       = 10
78
verify        = require
79

  
80
[system]
81
# Set language for login and admin forms. Currently "de" (German)
82
# and "en" (English, not perfect) are available.
83
language = de
84

  
85
# Set stylesheet for login and admin forms. Supported:
86
#  lx-office-erp
87
#  kivitendo - default
88
#  design40
89
stylesheet = kivitendo
90

  
91
# MassPrint Timeout
92
# must be less than cgi timeout
93
#
94
massprint_timeout = 30
95

  
96
# Set default_manager for admin forms. Currently "german"
97
# and "swiss" are available.
98
default_manager = german
99

  
100
# The memory limits given here determine the maximum process size
101
# (vsz, the total amount of memory this process uses including memory
102
# swapped out or shared with other processes) or resident set size
103
# (rss, the amount of memory not swapped out/shared with other
104
# processes). If either limit is reached at the end of the request
105
# then the kivitendo process will exit.
106
#
107
# This only applies for processes under FCGI and the task manager.
108
# For CGI configurations the process will be terminated after each request
109
# regardless of this setting.
110
#
111
# Note: this will only terminate processes with too high memory consumption. It
112
# is assumed that an external managing service will start new instances. For
113
# FCGI this will usually be apache or the wrapper scripts for nginx, for the
114
# task server this will have to be the system manager.
115
#
116
# Numbers can be postfixed with KB, MB, GB. If no number is given or
117
# the number is 0 then no checking will be performed.
118
memory_limit_rss =
119
memory_limit_vsz =
120

  
121
[paths]
122
# path to temporary files (must be writeable by the web server)
123
userspath = users
124
# spool directory for batch printing
125
spool = spool
126
# templates base directory
127
templates = templates
128
# Path to the old memberfile (ignored on new installations)
129
memberfile = users/members
130
# Path to ELSTER geierlein webserver path inside kivitendo
131
# (must be inside kivitendo but you can set an ALIAS for apache/oe
132
# if set the export to geierlein is enabled
133
# geierlein_path = geierlein
134

  
135
#
136
# document path for FileSystem FileManagement:
137
#  (must be reachable read/write but not executable from webserver)
138
# document_path = /var/local/kivi_documents
139
#
140

  
141
[mail_delivery]
142
# Delivery method can be 'sendmail' or 'smtp'. For 'method = sendmail' the
143
# parameter 'mail_delivery.sendmail' is used as the executable to call. If
144
# 'applications.sendmail' still exists (backwards compatibility) then
145
# 'applications.sendmail' will be used instead of 'mail_delivery.sendmail'.
146
# If method is empty, mail delivery is disabled.
147
method = smtp
148
# Location of sendmail for 'method = sendmail'
149
sendmail = /usr/sbin/sendmail -t<%if myconfig_email%> -f <%myconfig_email%><%end%>
150
# Settings for 'method = smtp'. Only set 'port' if your SMTP server
151
# runs on a non-standard port (25 for 'security=none' or
152
# 'security=tls', 465 for 'security=ssl').
153
host = localhost
154
#port = 25
155
# Security can be 'tls', 'ssl' or 'none'. Unset equals 'none'. This
156
# determines whether or not encryption is used and which kind. For
157
# 'tls' the module 'Net::SSLGlue' is required; for 'ssl'
158
# 'Net::SMTP::SSL' is required and 'none' only uses 'Net::SMTP'.
159
security = none
160
# Authentication is only used if 'login' is set. You should only use
161
# that with 'tls' or 'ssl' encryption.
162
login =
163
password =
164

  
165
[applications]
166
# Location of OpenOffice.org/LibreOffice writer
167
openofficeorg_writer = lowriter
168
# Location of the html2ps binary
169
html2ps = html2ps
170
# Location of the Ghostscript binary
171
ghostscript = gs
172
# Location of the program to create PDFs from TeX documents
173
latex = latexmk --pdflatex
174
# Location of the Python interpreter to use when converting from
175
# OpenDocument to PDF. Some distributions compile UNO support only
176
# into binaries located in different locations than the main Python
177
# binary.
178
python_uno = python3
179

  
180
[environment]
181
# Add the following paths to the PATH environment variable.
182
path = /usr/local/bin:/usr/X11R6/bin:/usr/X11/bin
183
# Add the following paths to the PERL5LIB environment variable.
184
# "/sw/lib/perl5" is for Mac OS X with Fink's Perl.
185
lib = /sw/lib/perl5
186
# Add the following paths to the PYTHONPATH environment variable for
187
# locating Python modules. Python is used when converting OpenDocument
188
# files into PDF files.
189
python_uno_path =
190

  
191
[print_templates]
192
# If you have LaTeX installed set to 1
193
latex = 1
194
# Minimal support for Excel print templates
195
excel = 0
196
# Enable or disable support for OpenDocument print templates
197
opendocument = 1
198
# Chose whether or not OpenOffice/LibreOffice should remain running after a
199
# conversion. If yes then the conversion of subsequent documents will
200
# be a bit faster. You need to have Python and the Python UNO bindings
201
# (part of OpenOffice/LibreOffice) installed.
202
openofficeorg_daemon = 0
203
openofficeorg_daemon_port = 2002
204

  
205
[task_server]
206
# Set to 1 for debug messages in /tmp/kivitendo-debug.log
207
debug = 0
208
# Chose a system user the daemon should run under when started as root.
209
run_as =
210
# Task servers can run on multiple machines. Each needs its own unique
211
# ID. If unset, it defaults to the host name. All but one task server
212
# must have 'only_run_tasks_for_this_node' set to 1.
213
node_id =
214
only_run_tasks_for_this_node = 0
215

  
216
[task_server/notify_on_failure]
217
# If you want email notifications for failed jobs then set this to a
218
# kivitendo user (login) name. The subject can be changed as well.
219
send_email_to  =
220
# The "From:" header for said email.
221
email_from     = kivitendo Daemon <root@localhost>
222
# The subject for said email.
223
email_subject  = kivitendo Task-Server: Hintergrundjob fehlgeschlagen
224
# The template file used for the email's body.
225
email_template = templates/webpages/task_server/failure_notification_email.txt
226

  
227
[periodic_invoices]
228
# The user name or email address a report about the posted and printed
229
# invoices is sent to.
230
send_email_to  =
231
# The "From:" header for said email.
232
email_from     = kivitendo Daemon <root@localhost>
233
# The subject for said email.
234
email_subject  = Benachrichtigung: automatisch erstellte Rechnungen
235
# The template file used for the email's body.
236
email_template = templates/webpages/oe/periodic_invoices_email.txt
237
# Whether to always send the mail (0), or only if there were errors
238
# (1).
239
send_for_errors_only = 0
240

  
241
[self_test]
242

  
243
# modules to be tested
244
# Add without SL::BackgroundJob::SelfTest:: prefix
245
# Separate with space.
246
modules = Transactions
247

  
248
# you probably don't want to be spammed with "everything ok" every day. enable
249
# this when you add new tests to make sure they run correctly for a few days
250
send_email_on_success = 0
251

  
252
# will log into the standard logfile
253
log_to_file = 0
254

  
255
# user login (!) to send the email to.
256
send_email_to  =
257
# will be used to send your report mail
258
email_from     =
259
# The subject line for your report mail
260
email_subject  = kivitendo self test report
261
# template. currently txt and html templates are recognized and correctly mime send.
262
email_template = templates/mail/self_test/status_mail.txt
263

  
264
[follow_up_reminder]
265
# Email notifications for due follow ups.
266
# The "From:" header for said email.
267
email_from     = kivitendo Daemon <root@localhost>
268
# The subject for said email.
269
email_subject  = kivitendo: fällige Wiedervorlagen
270
# The template file used for the email's body.
271
# If empty fu/follow_up_reminder_mail.html will be used.
272
email_template =
273

  
274
[console]
275
# Automatic login will only work if both "client" and "login" are
276
# given.  "client" can be a client's database ID or its name. "login"
277
# is simply a user's login name.
278
client =
279
login =
280

  
281
# autorun lines will be executed after autologin.
282
# be warned that loading huge libraries will noticably lengthen startup time.
283
#autorun = require "bin/mozilla/common.pl";
284
#        = use English qw(-no_match_vars);
285
#        = use List::Util qw(min max);
286
#        = sub take { my $max = shift; my $r = ref($_[0]) eq 'ARRAY' ? $_[0] : \@_; return @{$r}[0..List::Util::min($max, scalar(@{$r})) - 1]; }
287

  
288
# location of history file for permanent history
289
history_file = users/console_history
290

  
291
# location of a separate log file for the console. everything normally written
292
# to the kivitendo log will be put here if triggered from the console
293
log_file = /tmp/kivitendo_console_debug.log
294

  
295
[testing]
296

  
297
# Several tests need a database they can alter data in freely. This
298
# database will be dropped & created before any other test is run. The
299
# following parameters must be given:
300
[testing/database]
301
host               = 127.0.0.1
302
port               = 5432
303
db                 =
304
user               = postgres
305
password           =
306
template           = template1
307
superuser_user     = postgres
308
superuser_password =
309

  
310
[devel]
311
# Several settings related to the development of kivitendo.
312

  
313
# "client" is used by several scripts (e.g. rose_auto_create_model.pl)
314
# when they need access to the database. It can be either a client's
315
# database ID or its name.
316
client =
317

  
318
[debug]
319
# Use DBIx::Log4perl for logging DBI calls. The string LXDEBUGFILE
320
# will be replaced by the file name configured for $::lxdebug.
321
dbix_log4perl = 0
322
dbix_log4perl_config = log4perl.logger = FATAL, LOGFILE
323
                     = log4perl.appender.LOGFILE=Log::Log4perl::Appender::File
324
                     = log4perl.appender.LOGFILE.filename=LXDEBUGFILE
325
                     = log4perl.appender.LOGFILE.mode=append
326
                     = log4perl.appender.LOGFILE.Threshold = ERROR
327
                     = log4perl.appender.LOGFILE.layout=PatternLayout
328
                     = log4perl.appender.LOGFILE.layout.ConversionPattern=[%r] %F %L %c - %m%n
329
                     = log4perl.logger.DBIx.Log4perl=DEBUG, A1
330
                     = log4perl.appender.A1=Log::Log4perl::Appender::File
331
                     = log4perl.appender.A1.filename=LXDEBUGFILE
332
                     = log4perl.appender.A1.mode=append
333
                     = log4perl.appender.A1.layout=Log::Log4perl::Layout::PatternLayout
334
                     = log4perl.appender.A1.layout.ConversionPattern=%d %p> %F{1}:%L %M - %m%n
335

  
336
# Activate certain global debug messages. If you want to combine
337
# several options then list them separated by spaces.
338
#
339
# Possible values include:
340
#   NONE   - no debug output (default)
341
#   INFO
342
#   DEBUG1
343
#   DEBUG2
344
#   QUERY              - Dump SQL queries (only in legacy code; see also "dbix_log4perl" above)
345
#   TRACE              - Track function calls and returns
346
#   BACKTRACE_ON_ERROR - Print a function call backtrace when $form->error() is called
347
#   REQUEST_TIMER      - Log timing of HTTP requests
348
#   REQUEST            - Log each request. Careful! Passwords get filtered, but
349
#                        there may be confidential information being logged here
350
#   WARN               - warnings
351
#   SHOW_CALLER        - include the file name & line number from where a call
352
#                        to "message" or "dump" was called
353
#   ALL                - all possible debug messages
354
#
355
#   DEVEL              - sames as "INFO QUERY TRACE BACKTRACE_ON_ERROR REQUEST_TIMER"
356
#
357
# Example:
358
#   global_level = TRACE QUERY
359
global_level = NONE
360

  
361
# Activate monitoring of the content of $form. If it is active then
362
# monitoring can be turned on for certain variables with the
363
# following:
364
#   $form->{"Watchdog::<variable>"} = 1;
365
# Monitoring has a performance cost and is therefore deactivated by
366
# default.
367
watch_form = 0
368

  
369
# If you want to debug the creation of LaTeX files then set this to 1.
370
# That way the temporary LaTeX files created during PDF creation are
371
# not removed and remain in the "users" directory.
372
keep_temp_files = 0
373

  
374
# Restart the FastCGI process if changes to the program or template
375
# files have been detected. The restart will occur after the request
376
# in which the changes have been detected has completed.
377
restart_fcgi_process_on_changes = 0
378

  
379
# The file name where the debug messages are written to.
380
file_name = /tmp/kivitendo-debug.log
381

  
382
# If set to 1 then the installation will be kept unlocked even if a
383
# database upgrade fails.
384
keep_installation_unlocked = 0
385

  
386
# If set to 1 then all resource links (JavaScript, CSS files) output
387
# via $::request->{layout}->use_stylesheet() / use_javascript() will
388
# be made unique by appending a random GET parameter. This will cause
389
# the web browser to always reload the resources.
390
auto_reload_resources = 0
391

  
392
# If set to 1 each exception will include a full stack backtrace.
393
backtrace_on_die = 0
394

  
395
[cti]
396
# If you want phone numbers to be clickable then this must be set to a
397
# command that does the actually dialing. Within this command three
398
# variables are replaced before it is executed:
399
#
400
# 1. <%phone_extension%> and <%phone_password%> are taken from the user
401
#    configuration (changeable in the admin interface).
402
# 2. <%number%> is the number to dial. It has already been sanitized
403
#    and formatted correctly regarding e.g. the international dialing
404
#    prefix.
405
#
406
# The following is an example that works with the OpenUC telephony
407
# server:
408
# dial_command = curl --insecure -X PUT https://<%phone_extension%>:<%phone_password%>@IP.AD.DR.ESS:8443/sipxconfig/rest/my/call/<%number%>
409
dial_command =
410
# If you need to dial something before the actual number then set
411
# external_prefix to it.
412
external_prefix = 0
413
# The prefix for international calls (numbers starting with +).
414
international_dialing_prefix = 00
415
# Our own country code
416
our_country_code = 49
ansible/config-files/postgresql/pg_hba.conf
1
# PostgreSQL Client Authentication Configuration File
2
# ===================================================
3
#
4
# Refer to the "Client Authentication" section in the PostgreSQL
5
# documentation for a complete description of this file.  A short
6
# synopsis follows.
7
#
8
# This file controls: which hosts are allowed to connect, how clients
9
# are authenticated, which PostgreSQL user names they can use, which
10
# databases they can access.  Records take one of these forms:
11
#
12
# local         DATABASE  USER  METHOD  [OPTIONS]
13
# host          DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
14
# hostssl       DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
15
# hostnossl     DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
16
# hostgssenc    DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
17
# hostnogssenc  DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
18
#
19
# (The uppercase items must be replaced by actual values.)
20
#
21
# The first field is the connection type:
22
# - "local" is a Unix-domain socket
23
# - "host" is a TCP/IP socket (encrypted or not)
24
# - "hostssl" is a TCP/IP socket that is SSL-encrypted
25
# - "hostnossl" is a TCP/IP socket that is not SSL-encrypted
26
# - "hostgssenc" is a TCP/IP socket that is GSSAPI-encrypted
27
# - "hostnogssenc" is a TCP/IP socket that is not GSSAPI-encrypted
28
#
29
# DATABASE can be "all", "sameuser", "samerole", "replication", a
30
# database name, or a comma-separated list thereof. The "all"
31
# keyword does not match "replication". Access to replication
32
# must be enabled in a separate record (see example below).
33
#
34
# USER can be "all", a user name, a group name prefixed with "+", or a
35
# comma-separated list thereof.  In both the DATABASE and USER fields
36
# you can also write a file name prefixed with "@" to include names
37
# from a separate file.
38
#
39
# ADDRESS specifies the set of hosts the record matches.  It can be a
40
# host name, or it is made up of an IP address and a CIDR mask that is
41
# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that
42
# specifies the number of significant bits in the mask.  A host name
43
# that starts with a dot (.) matches a suffix of the actual host name.
44
# Alternatively, you can write an IP address and netmask in separate
45
# columns to specify the set of hosts.  Instead of a CIDR-address, you
46
# can write "samehost" to match any of the server's own IP addresses,
47
# or "samenet" to match any address in any subnet that the server is
48
# directly connected to.
49
#
50
# METHOD can be "trust", "reject", "md5", "password", "scram-sha-256",
51
# "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert".
52
# Note that "password" sends passwords in clear text; "md5" or
53
# "scram-sha-256" are preferred since they send encrypted passwords.
54
#
55
# OPTIONS are a set of options for the authentication in the format
56
# NAME=VALUE.  The available options depend on the different
57
# authentication methods -- refer to the "Client Authentication"
58
# section in the documentation for a list of which options are
59
# available for which authentication methods.
60
#
61
# Database and user names containing spaces, commas, quotes and other
62
# special characters must be quoted.  Quoting one of the keywords
63
# "all", "sameuser", "samerole" or "replication" makes the name lose
64
# its special character, and just match a database or username with
65
# that name.
66
#
67
# This file is read on server startup and when the server receives a
68
# SIGHUP signal.  If you edit the file on a running system, you have to
69
# SIGHUP the server for the changes to take effect, run "pg_ctl reload",
70
# or execute "SELECT pg_reload_conf()".
71
#
72
# Put your actual configuration here
73
# ----------------------------------
74
#
75
# If you want to allow non-local connections, you need to add more
76
# "host" records.  In that case you will also need to make PostgreSQL
77
# listen on a non-local interface via the listen_addresses
78
# configuration parameter, or via the -i or -h command line switches.
79

  
80

  
81

  
82

  
83
# DO NOT DISABLE!
84
# If you change this first entry you will need to make sure that the
85
# database superuser can access the database using some other method.
86
# Noninteractive access to all databases is required during automatic
87
# maintenance (custom daily cronjobs, replication, and similar tasks).
88
#
89
# Database administrative login by Unix domain socket
90
local   all             postgres                                peer
91

  
92
# TYPE  DATABASE        USER            ADDRESS                 METHOD
93

  
94
# "local" is for Unix domain socket connections only
95
local   all             all                                     peer
96
# IPv4 local connections:
97
host    all             all             127.0.0.1/32            trust
98
# IPv6 local connections:
99
host    all             all             ::1/128                 scram-sha-256
100
# Allow replication connections from localhost, by a user with the
101
# replication privilege.
102
local   replication     all                                     peer
103
host    replication     all             127.0.0.1/32            scram-sha-256
104
host    replication     all             ::1/128                 scram-sha-256
ansible/main.yml
1
---
2
- name: install Kivi dependencies
3
  hosts: "{{ target }}"
4

  
5
  tasks:
6
  - name: update repos and install dependencies
7
    ansible.builtin.apt:
8
      name:
9
        - git
10
        - libalgorithm-checkdigits-perl
11
        - libapache2-mod-fcgid
12
        - libarchive-zip-perl
13
        - libcam-pdf-perl
14
        - libcgi-pm-perl
15
        - libclone-perl
16
        - libconfig-std-perl
17
        - libcrypt-pbkdf2-perl
18
        - libdaemon-generic-perl
19
        - libdatetime-event-cron-perl
20
        - libdatetime-perl
21
        - libdatetime-set-perl
22
        - libdbd-pg-perl
23
        - libdbi-perl
24
        - libemail-address-perl
25
        - libemail-mime-perl
26
        - libexception-class-perl
27
        - libfcgi-perl
28
        - libfile-copy-recursive-perl
29
        - libfile-flock-perl
30
        - libfile-mimeinfo-perl
31
        - libfile-slurp-perl
32
        - libgd-gd2-perl
33
        - libhtml-restrict-perl
34
        - libimage-info-perl
35
        - libimager-perl
36
        - libimager-qrcode-perl
37
        - libipc-run-perl
38
        - libjson-perl
39
        - liblist-moreutils-perl
40
        - liblist-utilsby-perl
41
        - libmath-round-perl
42
        - libnet-smtp-ssl-perl
43
        - libnet-sslglue-perl
44
        - libparams-validate-perl
45
        - libpbkdf2-tiny-perl
46
        - libpdf-api2-perl
47
        - libregexp-ipv6-perl
48
        - librest-client-perl
49
        - librose-db-object-perl
50
        - librose-db-perl
51
        - librose-object-perl
52
        - libset-infinite-perl
53
        - libsort-naturally-perl
54
        - libstring-shellquote-perl
55
        - libtemplate-perl
56
        - libtext-csv-xs-perl
57
        - libtext-iconv-perl
58
        - libtext-unidecode-perl
59
        - libtry-tiny-perl
60
        - liburi-perl
61
        - libwww-perl
62
        - libxml-libxml-perl
63
        - libxml-writer-perl
64
        - libyaml-perl
65
        - poppler-utils
66
      state: present
67
      update_cache: yes
68
    become: true
69

  
70
- name: postrgesql for kivi
71
  hosts: "{{ target }}"
72

  
73
  tasks:
74
  - name: install postgresql
75
    ansible.builtin.apt:
76
      name:
77
        - postgresql
78
        - postgresql-contrib
79
      state: present
80
    become: true
81

  
82
  - name: copy config files
83
    ansible.builtin.copy:
84
      src: config-files/postgresql/pg_hba.conf
85
      dest: /etc/postgresql/14/main/pg_hba.conf
86
      mode: '640'
87
    become: true
88

  
89
  - name: start postgresql
90
    ansible.builtin.service:
91
      name: postgresql
92
      state: restarted
93
    become: true
94

  
95
- name: apache server for kivi
96
  hosts: "{{ target }}"
97

  
98
  tasks:
99
  - name: install apache server
100
    ansible.builtin.apt:
101
      name: apache2
102
      state: present
103
    become: true
104

  
105
  - name: start apache if not running
106
    ansible.builtin.service:
107
      name: apache2
108
      state: started
109

  
110
  - name: copy config files
111
    ansible.builtin.copy:
112
      src: config-files/apache/000-default.conf
113
      dest: /etc/apache2/sites-available/000-default.conf
114
      mode: '640'
115
    become: true
116

  
117
  - name: activate fastcgi
118
    ansible.builtin.shell:
119
      cmd: a2enmod fcgid
120
    become: true
121

  
122
- name: install Kivi
123
  hosts: "{{ target }}"
124

  
125
  tasks:
126
  - name: ensure git is installed
127
    ansible.builtin.apt:
128
      name: git
129
      state: present
130
    become: true
131

  
132
  - name: clone repo
133
    ansible.builtin.git:
134
      repo: 'https://github.com/kivitendo/kivitendo-erp.git'
135
      dest: /var/www/kivitendo-erp
136
      version: release-3.8.0
137
    become: true
138

  
139
  - name: copy config files
140
    ansible.builtin.copy:
141
      src: config-files/kivitendo.conf
142
      dest: /var/www/kivitendo-erp/config/kivitendo.conf
143
    become: true
144

  
145
  - name: make webdav directory
146
    ansible.builtin.file:
147
      path: /var/www/kivitendo-erp/webdav
148
      state: directory
149
    become: true
150

  
151
  - name: change permissions
152
    ansible.builtin.shell:
153
      cmd: chown -R www-data users spool webdav
154
      chdir: /var/www/kivitendo-erp
155
    become: true
156

  
157
  - name: restart apache
158
    ansible.builtin.shell:
159
      cmd: systemctl restart apache2
160
    become: true
scripts/ansible/config-files/apache/000-default.conf
1
<VirtualHost *:80>
2
	# The ServerName directive sets the request scheme, hostname and port that
3
	# the server uses to identify itself. This is used when creating
4
	# redirection URLs. In the context of virtual hosts, the ServerName
5
	# specifies what hostname must appear in the request's Host: header to
6
	# match this virtual host. For the default virtual host (this file) this
7
	# value is not decisive as it is used as a last resort host regardless.
8
	# However, you must set it for any further virtual host explicitly.
9
	#ServerName www.example.com
10

  
11
	ServerAdmin webmaster@localhost
12
	DocumentRoot /var/www/html
13
	
14
	#erp
15
	AddHandler fcgid-script .fpl
16
	AliasMatch ^/kivitendo-erp/[^/]+\.pl /var/www/kivitendo-erp/dispatcher.fpl
17
	Alias       /kivitendo-erp/          /var/www/kivitendo-erp/
18

  
19
	<Directory /var/www/kivitendo-erp>
20
				AllowOverride All
21
				Options ExecCGI Includes FollowSymlinks
22
				Require all granted
23
	</Directory>
24

  
25
	<DirectoryMatch /var/www/kivitendo-erp/users>
26
			Order Deny,Allow
27
			Deny from All
28
	</DirectoryMatch> 
29
	#erp end	
30
	
31
	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
32
	# error, crit, alert, emerg.
33
	# It is also possible to configure the loglevel for particular
34
	# modules, e.g.
35
	#LogLevel info ssl:warn
36

  
37
	ErrorLog ${APACHE_LOG_DIR}/error.log
38
	CustomLog ${APACHE_LOG_DIR}/access.log combined
39

  
40
	# For most configuration files from conf-available/, which are
41
	# enabled or disabled at a global level, it is possible to
42
	# include a line for only one particular virtual host. For example the
43
	# following line enables the CGI configuration for this host only
44
	# after it has been globally disabled with "a2disconf".
45
	#Include conf-available/serve-cgi-bin.conf
46
</VirtualHost>
47

  
48
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
scripts/ansible/config-files/kivitendo.conf
1
[authentication]
2
# The cleartext password for access to the administrative part.  It
3
# can only be changed in this file, not via the administrative
4
# interface.
5
admin_password = admin123
6

  
7
# Which modules to use for authentication. Valid values are 'DB' and
8
# 'LDAP'. You can use multiple modules separated by spaces.
9
#
10
# Multiple LDAP modules with different configurations can be used by
11
# postfixing 'LDAP' with the name of the configuration section to use:
12
# 'LDAP:ldap_fallback' would use the data from
13
# '[authentication/ldap_fallback]'. The name defaults to 'ldap' if it
14
# isn't given.
15
#
16
# Note that the LDAP module doesn't support changing the password.
17
module = DB
18

  
19
# The cookie name can be changed if desired.
20
cookie_name = kivitendo_session_id
21

  
22
# The number of minutes a session is valid. The default value is eight
23
# hours.
24
session_timeout = 480
25

  
26
# The number of seconds to penalize failed login attempts. 0 disables
27
# it.
28
failed_login_penalty = 5
29

  
30
[authentication/database]
31
# Connection information for the database with the user and group
32
# inforamtion.  This information is always needed, even if LDAP is
33
# used for authentication, as the user information is stored in this
34
# database while LDAP is only used for password verification.
35
#
36
# If 'module' is set to 'DB' then this database also contains the
37
# users' passwords.
38
host     = 127.0.0.1
39
port     = 5432
40
db       = kivitendo_auth
41
user     = postgres
42
password =
43

  
44
[authentication/ldap]
45
# This section is only relevant if 'module' is set to 'LDAP'. It names
46
# the LDAP server the passwords are verified against by doing a LDAP
47
# bind operation.
48
#
49
# At least the parameters 'host', 'attribute' and 'base_dn' have to be
50
# specified.
51
#
52
# tls:       Activate encryption via TLS
53
# verify:    If 'tls' is used, how to verify the server's certificate.
54
#            Can be one of 'require' or 'none'.
55
# attribute: Name of the LDAP attribute containing the user's login name
56
# base_dn:   Base DN the LDAP searches start from
57
# filter:    An optional LDAP filter specification. The string '<%login%>'
58
#            is replaced by the user's login name before the search is started.
59
# bind_dn and bind_password:
60
#            If searching the LDAP tree requires user credentials
61
#            (e.g. ActiveDirectory) then these two parameters specify
62
#            the user name and password to use.
63
# timeout:   Timeout when connecting to the server in seconds.
64
#
65
# You can specify a fallback LDAP server to use in case the main one
66
# isn't reachable by duplicating this whole section as
67
# "[authentication/ldap_fallback]".
68
#
69
host          = localhost
70
port          = 389
71
tls           = 0
72
attribute     = uid
73
base_dn       =
74
filter        =
75
bind_dn       =
76
bind_password =
77
timeout       = 10
78
verify        = require
79

  
80
[system]
81
# Set language for login and admin forms. Currently "de" (German)
82
# and "en" (English, not perfect) are available.
83
language = de
84

  
85
# Set stylesheet for login and admin forms. Supported:
86
#  lx-office-erp
87
#  kivitendo - default
88
#  design40
89
stylesheet = kivitendo
90

  
91
# MassPrint Timeout
92
# must be less than cgi timeout
93
#
94
massprint_timeout = 30
95

  
96
# Set default_manager for admin forms. Currently "german"
97
# and "swiss" are available.
98
default_manager = german
99

  
100
# The memory limits given here determine the maximum process size
101
# (vsz, the total amount of memory this process uses including memory
102
# swapped out or shared with other processes) or resident set size
103
# (rss, the amount of memory not swapped out/shared with other
104
# processes). If either limit is reached at the end of the request
105
# then the kivitendo process will exit.
106
#
107
# This only applies for processes under FCGI and the task manager.
108
# For CGI configurations the process will be terminated after each request
109
# regardless of this setting.
110
#
111
# Note: this will only terminate processes with too high memory consumption. It
112
# is assumed that an external managing service will start new instances. For
113
# FCGI this will usually be apache or the wrapper scripts for nginx, for the
114
# task server this will have to be the system manager.
115
#
116
# Numbers can be postfixed with KB, MB, GB. If no number is given or
117
# the number is 0 then no checking will be performed.
118
memory_limit_rss =
119
memory_limit_vsz =
120

  
121
[paths]
122
# path to temporary files (must be writeable by the web server)
123
userspath = users
124
# spool directory for batch printing
125
spool = spool
126
# templates base directory
127
templates = templates
128
# Path to the old memberfile (ignored on new installations)
129
memberfile = users/members
130
# Path to ELSTER geierlein webserver path inside kivitendo
131
# (must be inside kivitendo but you can set an ALIAS for apache/oe
132
# if set the export to geierlein is enabled
133
# geierlein_path = geierlein
134

  
135
#
136
# document path for FileSystem FileManagement:
137
#  (must be reachable read/write but not executable from webserver)
138
# document_path = /var/local/kivi_documents
139
#
140

  
141
[mail_delivery]
142
# Delivery method can be 'sendmail' or 'smtp'. For 'method = sendmail' the
143
# parameter 'mail_delivery.sendmail' is used as the executable to call. If
144
# 'applications.sendmail' still exists (backwards compatibility) then
145
# 'applications.sendmail' will be used instead of 'mail_delivery.sendmail'.
146
# If method is empty, mail delivery is disabled.
147
method = smtp
148
# Location of sendmail for 'method = sendmail'
149
sendmail = /usr/sbin/sendmail -t<%if myconfig_email%> -f <%myconfig_email%><%end%>
150
# Settings for 'method = smtp'. Only set 'port' if your SMTP server
151
# runs on a non-standard port (25 for 'security=none' or
152
# 'security=tls', 465 for 'security=ssl').
153
host = localhost
154
#port = 25
155
# Security can be 'tls', 'ssl' or 'none'. Unset equals 'none'. This
156
# determines whether or not encryption is used and which kind. For
157
# 'tls' the module 'Net::SSLGlue' is required; for 'ssl'
158
# 'Net::SMTP::SSL' is required and 'none' only uses 'Net::SMTP'.
159
security = none
160
# Authentication is only used if 'login' is set. You should only use
161
# that with 'tls' or 'ssl' encryption.
162
login =
163
password =
164

  
165
[applications]
166
# Location of OpenOffice.org/LibreOffice writer
167
openofficeorg_writer = lowriter
168
# Location of the html2ps binary
169
html2ps = html2ps
170
# Location of the Ghostscript binary
171
ghostscript = gs
172
# Location of the program to create PDFs from TeX documents
173
latex = latexmk --pdflatex
174
# Location of the Python interpreter to use when converting from
175
# OpenDocument to PDF. Some distributions compile UNO support only
176
# into binaries located in different locations than the main Python
177
# binary.
178
python_uno = python3
179

  
180
[environment]
181
# Add the following paths to the PATH environment variable.
182
path = /usr/local/bin:/usr/X11R6/bin:/usr/X11/bin
183
# Add the following paths to the PERL5LIB environment variable.
184
# "/sw/lib/perl5" is for Mac OS X with Fink's Perl.
185
lib = /sw/lib/perl5
186
# Add the following paths to the PYTHONPATH environment variable for
187
# locating Python modules. Python is used when converting OpenDocument
188
# files into PDF files.
189
python_uno_path =
190

  
191
[print_templates]
192
# If you have LaTeX installed set to 1
193
latex = 1
194
# Minimal support for Excel print templates
195
excel = 0
196
# Enable or disable support for OpenDocument print templates
197
opendocument = 1
198
# Chose whether or not OpenOffice/LibreOffice should remain running after a
199
# conversion. If yes then the conversion of subsequent documents will
200
# be a bit faster. You need to have Python and the Python UNO bindings
201
# (part of OpenOffice/LibreOffice) installed.
202
openofficeorg_daemon = 0
203
openofficeorg_daemon_port = 2002
204

  
205
[task_server]
206
# Set to 1 for debug messages in /tmp/kivitendo-debug.log
207
debug = 0
208
# Chose a system user the daemon should run under when started as root.
209
run_as =
210
# Task servers can run on multiple machines. Each needs its own unique
211
# ID. If unset, it defaults to the host name. All but one task server
212
# must have 'only_run_tasks_for_this_node' set to 1.
213
node_id =
214
only_run_tasks_for_this_node = 0
215

  
216
[task_server/notify_on_failure]
217
# If you want email notifications for failed jobs then set this to a
218
# kivitendo user (login) name. The subject can be changed as well.
219
send_email_to  =
220
# The "From:" header for said email.
221
email_from     = kivitendo Daemon <root@localhost>
222
# The subject for said email.
223
email_subject  = kivitendo Task-Server: Hintergrundjob fehlgeschlagen
224
# The template file used for the email's body.
225
email_template = templates/webpages/task_server/failure_notification_email.txt
226

  
227
[periodic_invoices]
228
# The user name or email address a report about the posted and printed
229
# invoices is sent to.
230
send_email_to  =
231
# The "From:" header for said email.
232
email_from     = kivitendo Daemon <root@localhost>
233
# The subject for said email.
234
email_subject  = Benachrichtigung: automatisch erstellte Rechnungen
235
# The template file used for the email's body.
236
email_template = templates/webpages/oe/periodic_invoices_email.txt
237
# Whether to always send the mail (0), or only if there were errors
238
# (1).
239
send_for_errors_only = 0
240

  
241
[self_test]
242

  
243
# modules to be tested
244
# Add without SL::BackgroundJob::SelfTest:: prefix
245
# Separate with space.
246
modules = Transactions
247

  
248
# you probably don't want to be spammed with "everything ok" every day. enable
249
# this when you add new tests to make sure they run correctly for a few days
250
send_email_on_success = 0
251

  
252
# will log into the standard logfile
253
log_to_file = 0
254

  
255
# user login (!) to send the email to.
256
send_email_to  =
257
# will be used to send your report mail
258
email_from     =
259
# The subject line for your report mail
260
email_subject  = kivitendo self test report
261
# template. currently txt and html templates are recognized and correctly mime send.
262
email_template = templates/mail/self_test/status_mail.txt
263

  
264
[follow_up_reminder]
265
# Email notifications for due follow ups.
266
# The "From:" header for said email.
267
email_from     = kivitendo Daemon <root@localhost>
268
# The subject for said email.
269
email_subject  = kivitendo: fällige Wiedervorlagen
270
# The template file used for the email's body.
271
# If empty fu/follow_up_reminder_mail.html will be used.
272
email_template =
273

  
274
[console]
275
# Automatic login will only work if both "client" and "login" are
276
# given.  "client" can be a client's database ID or its name. "login"
277
# is simply a user's login name.
278
client =
279
login =
280

  
281
# autorun lines will be executed after autologin.
282
# be warned that loading huge libraries will noticably lengthen startup time.
283
#autorun = require "bin/mozilla/common.pl";
284
#        = use English qw(-no_match_vars);
285
#        = use List::Util qw(min max);
286
#        = sub take { my $max = shift; my $r = ref($_[0]) eq 'ARRAY' ? $_[0] : \@_; return @{$r}[0..List::Util::min($max, scalar(@{$r})) - 1]; }
287

  
288
# location of history file for permanent history
289
history_file = users/console_history
290

  
291
# location of a separate log file for the console. everything normally written
292
# to the kivitendo log will be put here if triggered from the console
293
log_file = /tmp/kivitendo_console_debug.log
294

  
295
[testing]
296

  
297
# Several tests need a database they can alter data in freely. This
298
# database will be dropped & created before any other test is run. The
299
# following parameters must be given:
300
[testing/database]
301
host               = 127.0.0.1
302
port               = 5432
303
db                 =
304
user               = postgres
305
password           =
306
template           = template1
307
superuser_user     = postgres
308
superuser_password =
309

  
310
[devel]
311
# Several settings related to the development of kivitendo.
312

  
313
# "client" is used by several scripts (e.g. rose_auto_create_model.pl)
314
# when they need access to the database. It can be either a client's
315
# database ID or its name.
316
client =
317

  
318
[debug]
319
# Use DBIx::Log4perl for logging DBI calls. The string LXDEBUGFILE
320
# will be replaced by the file name configured for $::lxdebug.
321
dbix_log4perl = 0
322
dbix_log4perl_config = log4perl.logger = FATAL, LOGFILE
323
                     = log4perl.appender.LOGFILE=Log::Log4perl::Appender::File
324
                     = log4perl.appender.LOGFILE.filename=LXDEBUGFILE
325
                     = log4perl.appender.LOGFILE.mode=append
326
                     = log4perl.appender.LOGFILE.Threshold = ERROR
327
                     = log4perl.appender.LOGFILE.layout=PatternLayout
328
                     = log4perl.appender.LOGFILE.layout.ConversionPattern=[%r] %F %L %c - %m%n
329
                     = log4perl.logger.DBIx.Log4perl=DEBUG, A1
330
                     = log4perl.appender.A1=Log::Log4perl::Appender::File
331
                     = log4perl.appender.A1.filename=LXDEBUGFILE
332
                     = log4perl.appender.A1.mode=append
333
                     = log4perl.appender.A1.layout=Log::Log4perl::Layout::PatternLayout
334
                     = log4perl.appender.A1.layout.ConversionPattern=%d %p> %F{1}:%L %M - %m%n
335

  
336
# Activate certain global debug messages. If you want to combine
337
# several options then list them separated by spaces.
338
#
339
# Possible values include:
340
#   NONE   - no debug output (default)
341
#   INFO
342
#   DEBUG1
343
#   DEBUG2
344
#   QUERY              - Dump SQL queries (only in legacy code; see also "dbix_log4perl" above)
345
#   TRACE              - Track function calls and returns
346
#   BACKTRACE_ON_ERROR - Print a function call backtrace when $form->error() is called
347
#   REQUEST_TIMER      - Log timing of HTTP requests
348
#   REQUEST            - Log each request. Careful! Passwords get filtered, but
349
#                        there may be confidential information being logged here
350
#   WARN               - warnings
351
#   SHOW_CALLER        - include the file name & line number from where a call
352
#                        to "message" or "dump" was called
353
#   ALL                - all possible debug messages
354
#
355
#   DEVEL              - sames as "INFO QUERY TRACE BACKTRACE_ON_ERROR REQUEST_TIMER"
356
#
357
# Example:
358
#   global_level = TRACE QUERY
359
global_level = NONE
360

  
361
# Activate monitoring of the content of $form. If it is active then
362
# monitoring can be turned on for certain variables with the
363
# following:
364
#   $form->{"Watchdog::<variable>"} = 1;
365
# Monitoring has a performance cost and is therefore deactivated by
366
# default.
367
watch_form = 0
368

  
369
# If you want to debug the creation of LaTeX files then set this to 1.
370
# That way the temporary LaTeX files created during PDF creation are
371
# not removed and remain in the "users" directory.
372
keep_temp_files = 0
373

  
374
# Restart the FastCGI process if changes to the program or template
375
# files have been detected. The restart will occur after the request
376
# in which the changes have been detected has completed.
377
restart_fcgi_process_on_changes = 0
378

  
379
# The file name where the debug messages are written to.
380
file_name = /tmp/kivitendo-debug.log
381

  
382
# If set to 1 then the installation will be kept unlocked even if a
383
# database upgrade fails.
384
keep_installation_unlocked = 0
385

  
386
# If set to 1 then all resource links (JavaScript, CSS files) output
387
# via $::request->{layout}->use_stylesheet() / use_javascript() will
388
# be made unique by appending a random GET parameter. This will cause
389
# the web browser to always reload the resources.
390
auto_reload_resources = 0
391

  
392
# If set to 1 each exception will include a full stack backtrace.
393
backtrace_on_die = 0
394

  
395
[cti]
396
# If you want phone numbers to be clickable then this must be set to a
397
# command that does the actually dialing. Within this command three
398
# variables are replaced before it is executed:
399
#
400
# 1. <%phone_extension%> and <%phone_password%> are taken from the user
401
#    configuration (changeable in the admin interface).
402
# 2. <%number%> is the number to dial. It has already been sanitized
403
#    and formatted correctly regarding e.g. the international dialing
404
#    prefix.
405
#
406
# The following is an example that works with the OpenUC telephony
407
# server:
408
# dial_command = curl --insecure -X PUT https://<%phone_extension%>:<%phone_password%>@IP.AD.DR.ESS:8443/sipxconfig/rest/my/call/<%number%>
409
dial_command =
410
# If you need to dial something before the actual number then set
411
# external_prefix to it.
412
external_prefix = 0
413
# The prefix for international calls (numbers starting with +).
414
international_dialing_prefix = 00
415
# Our own country code
416
our_country_code = 49
scripts/ansible/config-files/postgresql/pg_hba.conf
1
# PostgreSQL Client Authentication Configuration File
2
# ===================================================
3
#
4
# Refer to the "Client Authentication" section in the PostgreSQL
5
# documentation for a complete description of this file.  A short
6
# synopsis follows.
7
#
8
# This file controls: which hosts are allowed to connect, how clients
9
# are authenticated, which PostgreSQL user names they can use, which
10
# databases they can access.  Records take one of these forms:
11
#
12
# local         DATABASE  USER  METHOD  [OPTIONS]
13
# host          DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
14
# hostssl       DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
15
# hostnossl     DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
16
# hostgssenc    DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
17
# hostnogssenc  DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
18
#
19
# (The uppercase items must be replaced by actual values.)
20
#
21
# The first field is the connection type:
22
# - "local" is a Unix-domain socket
23
# - "host" is a TCP/IP socket (encrypted or not)
24
# - "hostssl" is a TCP/IP socket that is SSL-encrypted
25
# - "hostnossl" is a TCP/IP socket that is not SSL-encrypted
26
# - "hostgssenc" is a TCP/IP socket that is GSSAPI-encrypted
27
# - "hostnogssenc" is a TCP/IP socket that is not GSSAPI-encrypted
28
#
29
# DATABASE can be "all", "sameuser", "samerole", "replication", a
30
# database name, or a comma-separated list thereof. The "all"
31
# keyword does not match "replication". Access to replication
32
# must be enabled in a separate record (see example below).
33
#
34
# USER can be "all", a user name, a group name prefixed with "+", or a
35
# comma-separated list thereof.  In both the DATABASE and USER fields
36
# you can also write a file name prefixed with "@" to include names
37
# from a separate file.
38
#
39
# ADDRESS specifies the set of hosts the record matches.  It can be a
40
# host name, or it is made up of an IP address and a CIDR mask that is
41
# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that
42
# specifies the number of significant bits in the mask.  A host name
43
# that starts with a dot (.) matches a suffix of the actual host name.
44
# Alternatively, you can write an IP address and netmask in separate
45
# columns to specify the set of hosts.  Instead of a CIDR-address, you
46
# can write "samehost" to match any of the server's own IP addresses,
47
# or "samenet" to match any address in any subnet that the server is
48
# directly connected to.
49
#
50
# METHOD can be "trust", "reject", "md5", "password", "scram-sha-256",
51
# "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert".
52
# Note that "password" sends passwords in clear text; "md5" or
53
# "scram-sha-256" are preferred since they send encrypted passwords.
54
#
55
# OPTIONS are a set of options for the authentication in the format
56
# NAME=VALUE.  The available options depend on the different
57
# authentication methods -- refer to the "Client Authentication"
58
# section in the documentation for a list of which options are
59
# available for which authentication methods.
60
#
61
# Database and user names containing spaces, commas, quotes and other
62
# special characters must be quoted.  Quoting one of the keywords
63
# "all", "sameuser", "samerole" or "replication" makes the name lose
64
# its special character, and just match a database or username with
65
# that name.
66
#
67
# This file is read on server startup and when the server receives a
68
# SIGHUP signal.  If you edit the file on a running system, you have to
69
# SIGHUP the server for the changes to take effect, run "pg_ctl reload",
70
# or execute "SELECT pg_reload_conf()".
71
#
72
# Put your actual configuration here
73
# ----------------------------------
74
#
75
# If you want to allow non-local connections, you need to add more
76
# "host" records.  In that case you will also need to make PostgreSQL
77
# listen on a non-local interface via the listen_addresses
78
# configuration parameter, or via the -i or -h command line switches.
79

  
80

  
81

  
82

  
83
# DO NOT DISABLE!
84
# If you change this first entry you will need to make sure that the
85
# database superuser can access the database using some other method.
86
# Noninteractive access to all databases is required during automatic
87
# maintenance (custom daily cronjobs, replication, and similar tasks).
88
#
89
# Database administrative login by Unix domain socket
90
local   all             postgres                                peer
91

  
92
# TYPE  DATABASE        USER            ADDRESS                 METHOD
93

  
94
# "local" is for Unix domain socket connections only
95
local   all             all                                     peer
96
# IPv4 local connections:
97
host    all             all             127.0.0.1/32            trust
98
# IPv6 local connections:
99
host    all             all             ::1/128                 scram-sha-256
100
# Allow replication connections from localhost, by a user with the
101
# replication privilege.
102
local   replication     all                                     peer
103
host    replication     all             127.0.0.1/32            scram-sha-256
104
host    replication     all             ::1/128                 scram-sha-256
scripts/ansible/main.yml
1
---
2
- name: install Kivi dependencies
3
  hosts: "{{ target }}"
4

  
5
  tasks:
6
  - name: update repos and install dependencies
7
    ansible.builtin.apt:
8
      name:
9
        - git
10
        - libalgorithm-checkdigits-perl
11
        - libapache2-mod-fcgid
12
        - libarchive-zip-perl
13
        - libcam-pdf-perl
14
        - libcgi-pm-perl
15
        - libclone-perl
16
        - libconfig-std-perl
17
        - libcrypt-pbkdf2-perl
18
        - libdaemon-generic-perl
19
        - libdatetime-event-cron-perl
20
        - libdatetime-perl
21
        - libdatetime-set-perl
22
        - libdbd-pg-perl
23
        - libdbi-perl
24
        - libemail-address-perl
25
        - libemail-mime-perl
26
        - libexception-class-perl
27
        - libfcgi-perl
28
        - libfile-copy-recursive-perl
29
        - libfile-flock-perl
30
        - libfile-mimeinfo-perl
31
        - libfile-slurp-perl
32
        - libgd-gd2-perl
33
        - libhtml-restrict-perl
34
        - libimage-info-perl
35
        - libimager-perl
36
        - libimager-qrcode-perl
37
        - libipc-run-perl
38
        - libjson-perl
39
        - liblist-moreutils-perl
40
        - liblist-utilsby-perl
41
        - libmath-round-perl
42
        - libnet-smtp-ssl-perl
43
        - libnet-sslglue-perl
44
        - libparams-validate-perl
45
        - libpbkdf2-tiny-perl
46
        - libpdf-api2-perl
47
        - libregexp-ipv6-perl
48
        - librest-client-perl
49
        - librose-db-object-perl
50
        - librose-db-perl
51
        - librose-object-perl
52
        - libset-infinite-perl
53
        - libsort-naturally-perl
54
        - libstring-shellquote-perl
55
        - libtemplate-perl
56
        - libtext-csv-xs-perl
57
        - libtext-iconv-perl
58
        - libtext-unidecode-perl
59
        - libtry-tiny-perl
60
        - liburi-perl
61
        - libwww-perl
62
        - libxml-libxml-perl
63
        - libxml-writer-perl
64
        - libyaml-perl
65
        - poppler-utils
66
      state: present
67
      update_cache: yes
68
    become: true
69

  
70
- name: postrgesql for kivi
71
  hosts: "{{ target }}"
72

  
73
  tasks:
74
  - name: install postgresql
75
    ansible.builtin.apt:
76
      name:
77
        - postgresql
78
        - postgresql-contrib
79
      state: present
80
    become: true
81

  
82
  - name: copy config files
83
    ansible.builtin.copy:
84
      src: config-files/postgresql/pg_hba.conf
85
      dest: /etc/postgresql/14/main/pg_hba.conf
86
      mode: '640'
87
    become: true
88

  
89
  - name: start postgresql
90
    ansible.builtin.service:
91
      name: postgresql
92
      state: restarted
93
    become: true
94

  
95
- name: apache server for kivi
96
  hosts: "{{ target }}"
97

  
98
  tasks:
99
  - name: install apache server
100
    ansible.builtin.apt:
101
      name: apache2
102
      state: present
103
    become: true
104

  
105
  - name: start apache if not running
106
    ansible.builtin.service:
107
      name: apache2
108
      state: started
109

  
110
  - name: copy config files
111
    ansible.builtin.copy:
112
      src: config-files/apache/000-default.conf
113
      dest: /etc/apache2/sites-available/000-default.conf
114
      mode: '640'
115
    become: true
116

  
117
  - name: activate fastcgi
118
    ansible.builtin.shell:
119
      cmd: a2enmod fcgid
120
    become: true
121

  
122
- name: install Kivi
123
  hosts: "{{ target }}"
124

  
125
  tasks:
126
  - name: ensure git is installed
127
    ansible.builtin.apt:
128
      name: git
129
      state: present
130
    become: true
131

  
132
  - name: clone repo
133
    ansible.builtin.git:
134
      repo: 'https://github.com/kivitendo/kivitendo-erp.git'
135
      dest: /var/www/kivitendo-erp
136
      version: release-3.8.0
137
    become: true
138

  
139
  - name: copy config files
140
    ansible.builtin.copy:
141
      src: config-files/kivitendo.conf
142
      dest: /var/www/kivitendo-erp/config/kivitendo.conf
143
    become: true
144

  
145
  - name: make webdav directory
146
    ansible.builtin.file:
147
      path: /var/www/kivitendo-erp/webdav
148
      state: directory
149
    become: true
150

  
151
  - name: change permissions
... Dieser Diff wurde abgeschnitten, weil er die maximale Anzahl anzuzeigender Zeilen überschreitet.

Auch abrufbar als: Unified diff