Revision ec0cba6c
Von Enrique Morales vor mehr als 1 Jahr hinzugefügt
- ID ec0cba6cadbaffb5c55fbaebc940b1e1223d338a
- Vorgänger 414f1ecb
ansible/config-files/apache/000-default.conf | ||
---|---|---|
1 |
<VirtualHost *:80> |
|
2 |
# The ServerName directive sets the request scheme, hostname and port that |
|
3 |
# the server uses to identify itself. This is used when creating |
|
4 |
# redirection URLs. In the context of virtual hosts, the ServerName |
|
5 |
# specifies what hostname must appear in the request's Host: header to |
|
6 |
# match this virtual host. For the default virtual host (this file) this |
|
7 |
# value is not decisive as it is used as a last resort host regardless. |
|
8 |
# However, you must set it for any further virtual host explicitly. |
|
9 |
#ServerName www.example.com |
|
10 |
|
|
11 |
ServerAdmin webmaster@localhost |
|
12 |
DocumentRoot /var/www/html |
|
13 |
|
|
14 |
#erp |
|
15 |
AddHandler fcgid-script .fpl |
|
16 |
AliasMatch ^/kivitendo-erp/[^/]+\.pl /var/www/kivitendo-erp/dispatcher.fpl |
|
17 |
Alias /kivitendo-erp/ /var/www/kivitendo-erp/ |
|
18 |
|
|
19 |
<Directory /var/www/kivitendo-erp> |
|
20 |
AllowOverride All |
|
21 |
Options ExecCGI Includes FollowSymlinks |
|
22 |
Require all granted |
|
23 |
</Directory> |
|
24 |
|
|
25 |
<DirectoryMatch /var/www/kivitendo-erp/users> |
|
26 |
Order Deny,Allow |
|
27 |
Deny from All |
|
28 |
</DirectoryMatch> |
|
29 |
#erp end |
|
30 |
|
|
31 |
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn, |
|
32 |
# error, crit, alert, emerg. |
|
33 |
# It is also possible to configure the loglevel for particular |
|
34 |
# modules, e.g. |
|
35 |
#LogLevel info ssl:warn |
|
36 |
|
|
37 |
ErrorLog ${APACHE_LOG_DIR}/error.log |
|
38 |
CustomLog ${APACHE_LOG_DIR}/access.log combined |
|
39 |
|
|
40 |
# For most configuration files from conf-available/, which are |
|
41 |
# enabled or disabled at a global level, it is possible to |
|
42 |
# include a line for only one particular virtual host. For example the |
|
43 |
# following line enables the CGI configuration for this host only |
|
44 |
# after it has been globally disabled with "a2disconf". |
|
45 |
#Include conf-available/serve-cgi-bin.conf |
|
46 |
</VirtualHost> |
|
47 |
|
|
48 |
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet |
ansible/config-files/kivitendo.conf | ||
---|---|---|
1 |
[authentication] |
|
2 |
# The cleartext password for access to the administrative part. It |
|
3 |
# can only be changed in this file, not via the administrative |
|
4 |
# interface. |
|
5 |
admin_password = admin123 |
|
6 |
|
|
7 |
# Which modules to use for authentication. Valid values are 'DB' and |
|
8 |
# 'LDAP'. You can use multiple modules separated by spaces. |
|
9 |
# |
|
10 |
# Multiple LDAP modules with different configurations can be used by |
|
11 |
# postfixing 'LDAP' with the name of the configuration section to use: |
|
12 |
# 'LDAP:ldap_fallback' would use the data from |
|
13 |
# '[authentication/ldap_fallback]'. The name defaults to 'ldap' if it |
|
14 |
# isn't given. |
|
15 |
# |
|
16 |
# Note that the LDAP module doesn't support changing the password. |
|
17 |
module = DB |
|
18 |
|
|
19 |
# The cookie name can be changed if desired. |
|
20 |
cookie_name = kivitendo_session_id |
|
21 |
|
|
22 |
# The number of minutes a session is valid. The default value is eight |
|
23 |
# hours. |
|
24 |
session_timeout = 480 |
|
25 |
|
|
26 |
# The number of seconds to penalize failed login attempts. 0 disables |
|
27 |
# it. |
|
28 |
failed_login_penalty = 5 |
|
29 |
|
|
30 |
[authentication/database] |
|
31 |
# Connection information for the database with the user and group |
|
32 |
# inforamtion. This information is always needed, even if LDAP is |
|
33 |
# used for authentication, as the user information is stored in this |
|
34 |
# database while LDAP is only used for password verification. |
|
35 |
# |
|
36 |
# If 'module' is set to 'DB' then this database also contains the |
|
37 |
# users' passwords. |
|
38 |
host = 127.0.0.1 |
|
39 |
port = 5432 |
|
40 |
db = kivitendo_auth |
|
41 |
user = postgres |
|
42 |
password = |
|
43 |
|
|
44 |
[authentication/ldap] |
|
45 |
# This section is only relevant if 'module' is set to 'LDAP'. It names |
|
46 |
# the LDAP server the passwords are verified against by doing a LDAP |
|
47 |
# bind operation. |
|
48 |
# |
|
49 |
# At least the parameters 'host', 'attribute' and 'base_dn' have to be |
|
50 |
# specified. |
|
51 |
# |
|
52 |
# tls: Activate encryption via TLS |
|
53 |
# verify: If 'tls' is used, how to verify the server's certificate. |
|
54 |
# Can be one of 'require' or 'none'. |
|
55 |
# attribute: Name of the LDAP attribute containing the user's login name |
|
56 |
# base_dn: Base DN the LDAP searches start from |
|
57 |
# filter: An optional LDAP filter specification. The string '<%login%>' |
|
58 |
# is replaced by the user's login name before the search is started. |
|
59 |
# bind_dn and bind_password: |
|
60 |
# If searching the LDAP tree requires user credentials |
|
61 |
# (e.g. ActiveDirectory) then these two parameters specify |
|
62 |
# the user name and password to use. |
|
63 |
# timeout: Timeout when connecting to the server in seconds. |
|
64 |
# |
|
65 |
# You can specify a fallback LDAP server to use in case the main one |
|
66 |
# isn't reachable by duplicating this whole section as |
|
67 |
# "[authentication/ldap_fallback]". |
|
68 |
# |
|
69 |
host = localhost |
|
70 |
port = 389 |
|
71 |
tls = 0 |
|
72 |
attribute = uid |
|
73 |
base_dn = |
|
74 |
filter = |
|
75 |
bind_dn = |
|
76 |
bind_password = |
|
77 |
timeout = 10 |
|
78 |
verify = require |
|
79 |
|
|
80 |
[system] |
|
81 |
# Set language for login and admin forms. Currently "de" (German) |
|
82 |
# and "en" (English, not perfect) are available. |
|
83 |
language = de |
|
84 |
|
|
85 |
# Set stylesheet for login and admin forms. Supported: |
|
86 |
# lx-office-erp |
|
87 |
# kivitendo - default |
|
88 |
# design40 |
|
89 |
stylesheet = kivitendo |
|
90 |
|
|
91 |
# MassPrint Timeout |
|
92 |
# must be less than cgi timeout |
|
93 |
# |
|
94 |
massprint_timeout = 30 |
|
95 |
|
|
96 |
# Set default_manager for admin forms. Currently "german" |
|
97 |
# and "swiss" are available. |
|
98 |
default_manager = german |
|
99 |
|
|
100 |
# The memory limits given here determine the maximum process size |
|
101 |
# (vsz, the total amount of memory this process uses including memory |
|
102 |
# swapped out or shared with other processes) or resident set size |
|
103 |
# (rss, the amount of memory not swapped out/shared with other |
|
104 |
# processes). If either limit is reached at the end of the request |
|
105 |
# then the kivitendo process will exit. |
|
106 |
# |
|
107 |
# This only applies for processes under FCGI and the task manager. |
|
108 |
# For CGI configurations the process will be terminated after each request |
|
109 |
# regardless of this setting. |
|
110 |
# |
|
111 |
# Note: this will only terminate processes with too high memory consumption. It |
|
112 |
# is assumed that an external managing service will start new instances. For |
|
113 |
# FCGI this will usually be apache or the wrapper scripts for nginx, for the |
|
114 |
# task server this will have to be the system manager. |
|
115 |
# |
|
116 |
# Numbers can be postfixed with KB, MB, GB. If no number is given or |
|
117 |
# the number is 0 then no checking will be performed. |
|
118 |
memory_limit_rss = |
|
119 |
memory_limit_vsz = |
|
120 |
|
|
121 |
[paths] |
|
122 |
# path to temporary files (must be writeable by the web server) |
|
123 |
userspath = users |
|
124 |
# spool directory for batch printing |
|
125 |
spool = spool |
|
126 |
# templates base directory |
|
127 |
templates = templates |
|
128 |
# Path to the old memberfile (ignored on new installations) |
|
129 |
memberfile = users/members |
|
130 |
# Path to ELSTER geierlein webserver path inside kivitendo |
|
131 |
# (must be inside kivitendo but you can set an ALIAS for apache/oe |
|
132 |
# if set the export to geierlein is enabled |
|
133 |
# geierlein_path = geierlein |
|
134 |
|
|
135 |
# |
|
136 |
# document path for FileSystem FileManagement: |
|
137 |
# (must be reachable read/write but not executable from webserver) |
|
138 |
# document_path = /var/local/kivi_documents |
|
139 |
# |
|
140 |
|
|
141 |
[mail_delivery] |
|
142 |
# Delivery method can be 'sendmail' or 'smtp'. For 'method = sendmail' the |
|
143 |
# parameter 'mail_delivery.sendmail' is used as the executable to call. If |
|
144 |
# 'applications.sendmail' still exists (backwards compatibility) then |
|
145 |
# 'applications.sendmail' will be used instead of 'mail_delivery.sendmail'. |
|
146 |
# If method is empty, mail delivery is disabled. |
|
147 |
method = smtp |
|
148 |
# Location of sendmail for 'method = sendmail' |
|
149 |
sendmail = /usr/sbin/sendmail -t<%if myconfig_email%> -f <%myconfig_email%><%end%> |
|
150 |
# Settings for 'method = smtp'. Only set 'port' if your SMTP server |
|
151 |
# runs on a non-standard port (25 for 'security=none' or |
|
152 |
# 'security=tls', 465 for 'security=ssl'). |
|
153 |
host = localhost |
|
154 |
#port = 25 |
|
155 |
# Security can be 'tls', 'ssl' or 'none'. Unset equals 'none'. This |
|
156 |
# determines whether or not encryption is used and which kind. For |
|
157 |
# 'tls' the module 'Net::SSLGlue' is required; for 'ssl' |
|
158 |
# 'Net::SMTP::SSL' is required and 'none' only uses 'Net::SMTP'. |
|
159 |
security = none |
|
160 |
# Authentication is only used if 'login' is set. You should only use |
|
161 |
# that with 'tls' or 'ssl' encryption. |
|
162 |
login = |
|
163 |
password = |
|
164 |
|
|
165 |
[applications] |
|
166 |
# Location of OpenOffice.org/LibreOffice writer |
|
167 |
openofficeorg_writer = lowriter |
|
168 |
# Location of the html2ps binary |
|
169 |
html2ps = html2ps |
|
170 |
# Location of the Ghostscript binary |
|
171 |
ghostscript = gs |
|
172 |
# Location of the program to create PDFs from TeX documents |
|
173 |
latex = latexmk --pdflatex |
|
174 |
# Location of the Python interpreter to use when converting from |
|
175 |
# OpenDocument to PDF. Some distributions compile UNO support only |
|
176 |
# into binaries located in different locations than the main Python |
|
177 |
# binary. |
|
178 |
python_uno = python3 |
|
179 |
|
|
180 |
[environment] |
|
181 |
# Add the following paths to the PATH environment variable. |
|
182 |
path = /usr/local/bin:/usr/X11R6/bin:/usr/X11/bin |
|
183 |
# Add the following paths to the PERL5LIB environment variable. |
|
184 |
# "/sw/lib/perl5" is for Mac OS X with Fink's Perl. |
|
185 |
lib = /sw/lib/perl5 |
|
186 |
# Add the following paths to the PYTHONPATH environment variable for |
|
187 |
# locating Python modules. Python is used when converting OpenDocument |
|
188 |
# files into PDF files. |
|
189 |
python_uno_path = |
|
190 |
|
|
191 |
[print_templates] |
|
192 |
# If you have LaTeX installed set to 1 |
|
193 |
latex = 1 |
|
194 |
# Minimal support for Excel print templates |
|
195 |
excel = 0 |
|
196 |
# Enable or disable support for OpenDocument print templates |
|
197 |
opendocument = 1 |
|
198 |
# Chose whether or not OpenOffice/LibreOffice should remain running after a |
|
199 |
# conversion. If yes then the conversion of subsequent documents will |
|
200 |
# be a bit faster. You need to have Python and the Python UNO bindings |
|
201 |
# (part of OpenOffice/LibreOffice) installed. |
|
202 |
openofficeorg_daemon = 0 |
|
203 |
openofficeorg_daemon_port = 2002 |
|
204 |
|
|
205 |
[task_server] |
|
206 |
# Set to 1 for debug messages in /tmp/kivitendo-debug.log |
|
207 |
debug = 0 |
|
208 |
# Chose a system user the daemon should run under when started as root. |
|
209 |
run_as = |
|
210 |
# Task servers can run on multiple machines. Each needs its own unique |
|
211 |
# ID. If unset, it defaults to the host name. All but one task server |
|
212 |
# must have 'only_run_tasks_for_this_node' set to 1. |
|
213 |
node_id = |
|
214 |
only_run_tasks_for_this_node = 0 |
|
215 |
|
|
216 |
[task_server/notify_on_failure] |
|
217 |
# If you want email notifications for failed jobs then set this to a |
|
218 |
# kivitendo user (login) name. The subject can be changed as well. |
|
219 |
send_email_to = |
|
220 |
# The "From:" header for said email. |
|
221 |
email_from = kivitendo Daemon <root@localhost> |
|
222 |
# The subject for said email. |
|
223 |
email_subject = kivitendo Task-Server: Hintergrundjob fehlgeschlagen |
|
224 |
# The template file used for the email's body. |
|
225 |
email_template = templates/webpages/task_server/failure_notification_email.txt |
|
226 |
|
|
227 |
[periodic_invoices] |
|
228 |
# The user name or email address a report about the posted and printed |
|
229 |
# invoices is sent to. |
|
230 |
send_email_to = |
|
231 |
# The "From:" header for said email. |
|
232 |
email_from = kivitendo Daemon <root@localhost> |
|
233 |
# The subject for said email. |
|
234 |
email_subject = Benachrichtigung: automatisch erstellte Rechnungen |
|
235 |
# The template file used for the email's body. |
|
236 |
email_template = templates/webpages/oe/periodic_invoices_email.txt |
|
237 |
# Whether to always send the mail (0), or only if there were errors |
|
238 |
# (1). |
|
239 |
send_for_errors_only = 0 |
|
240 |
|
|
241 |
[self_test] |
|
242 |
|
|
243 |
# modules to be tested |
|
244 |
# Add without SL::BackgroundJob::SelfTest:: prefix |
|
245 |
# Separate with space. |
|
246 |
modules = Transactions |
|
247 |
|
|
248 |
# you probably don't want to be spammed with "everything ok" every day. enable |
|
249 |
# this when you add new tests to make sure they run correctly for a few days |
|
250 |
send_email_on_success = 0 |
|
251 |
|
|
252 |
# will log into the standard logfile |
|
253 |
log_to_file = 0 |
|
254 |
|
|
255 |
# user login (!) to send the email to. |
|
256 |
send_email_to = |
|
257 |
# will be used to send your report mail |
|
258 |
email_from = |
|
259 |
# The subject line for your report mail |
|
260 |
email_subject = kivitendo self test report |
|
261 |
# template. currently txt and html templates are recognized and correctly mime send. |
|
262 |
email_template = templates/mail/self_test/status_mail.txt |
|
263 |
|
|
264 |
[follow_up_reminder] |
|
265 |
# Email notifications for due follow ups. |
|
266 |
# The "From:" header for said email. |
|
267 |
email_from = kivitendo Daemon <root@localhost> |
|
268 |
# The subject for said email. |
|
269 |
email_subject = kivitendo: fällige Wiedervorlagen |
|
270 |
# The template file used for the email's body. |
|
271 |
# If empty fu/follow_up_reminder_mail.html will be used. |
|
272 |
email_template = |
|
273 |
|
|
274 |
[console] |
|
275 |
# Automatic login will only work if both "client" and "login" are |
|
276 |
# given. "client" can be a client's database ID or its name. "login" |
|
277 |
# is simply a user's login name. |
|
278 |
client = |
|
279 |
login = |
|
280 |
|
|
281 |
# autorun lines will be executed after autologin. |
|
282 |
# be warned that loading huge libraries will noticably lengthen startup time. |
|
283 |
#autorun = require "bin/mozilla/common.pl"; |
|
284 |
# = use English qw(-no_match_vars); |
|
285 |
# = use List::Util qw(min max); |
|
286 |
# = sub take { my $max = shift; my $r = ref($_[0]) eq 'ARRAY' ? $_[0] : \@_; return @{$r}[0..List::Util::min($max, scalar(@{$r})) - 1]; } |
|
287 |
|
|
288 |
# location of history file for permanent history |
|
289 |
history_file = users/console_history |
|
290 |
|
|
291 |
# location of a separate log file for the console. everything normally written |
|
292 |
# to the kivitendo log will be put here if triggered from the console |
|
293 |
log_file = /tmp/kivitendo_console_debug.log |
|
294 |
|
|
295 |
[testing] |
|
296 |
|
|
297 |
# Several tests need a database they can alter data in freely. This |
|
298 |
# database will be dropped & created before any other test is run. The |
|
299 |
# following parameters must be given: |
|
300 |
[testing/database] |
|
301 |
host = 127.0.0.1 |
|
302 |
port = 5432 |
|
303 |
db = |
|
304 |
user = postgres |
|
305 |
password = |
|
306 |
template = template1 |
|
307 |
superuser_user = postgres |
|
308 |
superuser_password = |
|
309 |
|
|
310 |
[devel] |
|
311 |
# Several settings related to the development of kivitendo. |
|
312 |
|
|
313 |
# "client" is used by several scripts (e.g. rose_auto_create_model.pl) |
|
314 |
# when they need access to the database. It can be either a client's |
|
315 |
# database ID or its name. |
|
316 |
client = |
|
317 |
|
|
318 |
[debug] |
|
319 |
# Use DBIx::Log4perl for logging DBI calls. The string LXDEBUGFILE |
|
320 |
# will be replaced by the file name configured for $::lxdebug. |
|
321 |
dbix_log4perl = 0 |
|
322 |
dbix_log4perl_config = log4perl.logger = FATAL, LOGFILE |
|
323 |
= log4perl.appender.LOGFILE=Log::Log4perl::Appender::File |
|
324 |
= log4perl.appender.LOGFILE.filename=LXDEBUGFILE |
|
325 |
= log4perl.appender.LOGFILE.mode=append |
|
326 |
= log4perl.appender.LOGFILE.Threshold = ERROR |
|
327 |
= log4perl.appender.LOGFILE.layout=PatternLayout |
|
328 |
= log4perl.appender.LOGFILE.layout.ConversionPattern=[%r] %F %L %c - %m%n |
|
329 |
= log4perl.logger.DBIx.Log4perl=DEBUG, A1 |
|
330 |
= log4perl.appender.A1=Log::Log4perl::Appender::File |
|
331 |
= log4perl.appender.A1.filename=LXDEBUGFILE |
|
332 |
= log4perl.appender.A1.mode=append |
|
333 |
= log4perl.appender.A1.layout=Log::Log4perl::Layout::PatternLayout |
|
334 |
= log4perl.appender.A1.layout.ConversionPattern=%d %p> %F{1}:%L %M - %m%n |
|
335 |
|
|
336 |
# Activate certain global debug messages. If you want to combine |
|
337 |
# several options then list them separated by spaces. |
|
338 |
# |
|
339 |
# Possible values include: |
|
340 |
# NONE - no debug output (default) |
|
341 |
# INFO |
|
342 |
# DEBUG1 |
|
343 |
# DEBUG2 |
|
344 |
# QUERY - Dump SQL queries (only in legacy code; see also "dbix_log4perl" above) |
|
345 |
# TRACE - Track function calls and returns |
|
346 |
# BACKTRACE_ON_ERROR - Print a function call backtrace when $form->error() is called |
|
347 |
# REQUEST_TIMER - Log timing of HTTP requests |
|
348 |
# REQUEST - Log each request. Careful! Passwords get filtered, but |
|
349 |
# there may be confidential information being logged here |
|
350 |
# WARN - warnings |
|
351 |
# SHOW_CALLER - include the file name & line number from where a call |
|
352 |
# to "message" or "dump" was called |
|
353 |
# ALL - all possible debug messages |
|
354 |
# |
|
355 |
# DEVEL - sames as "INFO QUERY TRACE BACKTRACE_ON_ERROR REQUEST_TIMER" |
|
356 |
# |
|
357 |
# Example: |
|
358 |
# global_level = TRACE QUERY |
|
359 |
global_level = NONE |
|
360 |
|
|
361 |
# Activate monitoring of the content of $form. If it is active then |
|
362 |
# monitoring can be turned on for certain variables with the |
|
363 |
# following: |
|
364 |
# $form->{"Watchdog::<variable>"} = 1; |
|
365 |
# Monitoring has a performance cost and is therefore deactivated by |
|
366 |
# default. |
|
367 |
watch_form = 0 |
|
368 |
|
|
369 |
# If you want to debug the creation of LaTeX files then set this to 1. |
|
370 |
# That way the temporary LaTeX files created during PDF creation are |
|
371 |
# not removed and remain in the "users" directory. |
|
372 |
keep_temp_files = 0 |
|
373 |
|
|
374 |
# Restart the FastCGI process if changes to the program or template |
|
375 |
# files have been detected. The restart will occur after the request |
|
376 |
# in which the changes have been detected has completed. |
|
377 |
restart_fcgi_process_on_changes = 0 |
|
378 |
|
|
379 |
# The file name where the debug messages are written to. |
|
380 |
file_name = /tmp/kivitendo-debug.log |
|
381 |
|
|
382 |
# If set to 1 then the installation will be kept unlocked even if a |
|
383 |
# database upgrade fails. |
|
384 |
keep_installation_unlocked = 0 |
|
385 |
|
|
386 |
# If set to 1 then all resource links (JavaScript, CSS files) output |
|
387 |
# via $::request->{layout}->use_stylesheet() / use_javascript() will |
|
388 |
# be made unique by appending a random GET parameter. This will cause |
|
389 |
# the web browser to always reload the resources. |
|
390 |
auto_reload_resources = 0 |
|
391 |
|
|
392 |
# If set to 1 each exception will include a full stack backtrace. |
|
393 |
backtrace_on_die = 0 |
|
394 |
|
|
395 |
[cti] |
|
396 |
# If you want phone numbers to be clickable then this must be set to a |
|
397 |
# command that does the actually dialing. Within this command three |
|
398 |
# variables are replaced before it is executed: |
|
399 |
# |
|
400 |
# 1. <%phone_extension%> and <%phone_password%> are taken from the user |
|
401 |
# configuration (changeable in the admin interface). |
|
402 |
# 2. <%number%> is the number to dial. It has already been sanitized |
|
403 |
# and formatted correctly regarding e.g. the international dialing |
|
404 |
# prefix. |
|
405 |
# |
|
406 |
# The following is an example that works with the OpenUC telephony |
|
407 |
# server: |
|
408 |
# dial_command = curl --insecure -X PUT https://<%phone_extension%>:<%phone_password%>@IP.AD.DR.ESS:8443/sipxconfig/rest/my/call/<%number%> |
|
409 |
dial_command = |
|
410 |
# If you need to dial something before the actual number then set |
|
411 |
# external_prefix to it. |
|
412 |
external_prefix = 0 |
|
413 |
# The prefix for international calls (numbers starting with +). |
|
414 |
international_dialing_prefix = 00 |
|
415 |
# Our own country code |
|
416 |
our_country_code = 49 |
ansible/config-files/postgresql/pg_hba.conf | ||
---|---|---|
1 |
# PostgreSQL Client Authentication Configuration File |
|
2 |
# =================================================== |
|
3 |
# |
|
4 |
# Refer to the "Client Authentication" section in the PostgreSQL |
|
5 |
# documentation for a complete description of this file. A short |
|
6 |
# synopsis follows. |
|
7 |
# |
|
8 |
# This file controls: which hosts are allowed to connect, how clients |
|
9 |
# are authenticated, which PostgreSQL user names they can use, which |
|
10 |
# databases they can access. Records take one of these forms: |
|
11 |
# |
|
12 |
# local DATABASE USER METHOD [OPTIONS] |
|
13 |
# host DATABASE USER ADDRESS METHOD [OPTIONS] |
|
14 |
# hostssl DATABASE USER ADDRESS METHOD [OPTIONS] |
|
15 |
# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS] |
|
16 |
# hostgssenc DATABASE USER ADDRESS METHOD [OPTIONS] |
|
17 |
# hostnogssenc DATABASE USER ADDRESS METHOD [OPTIONS] |
|
18 |
# |
|
19 |
# (The uppercase items must be replaced by actual values.) |
|
20 |
# |
|
21 |
# The first field is the connection type: |
|
22 |
# - "local" is a Unix-domain socket |
|
23 |
# - "host" is a TCP/IP socket (encrypted or not) |
|
24 |
# - "hostssl" is a TCP/IP socket that is SSL-encrypted |
|
25 |
# - "hostnossl" is a TCP/IP socket that is not SSL-encrypted |
|
26 |
# - "hostgssenc" is a TCP/IP socket that is GSSAPI-encrypted |
|
27 |
# - "hostnogssenc" is a TCP/IP socket that is not GSSAPI-encrypted |
|
28 |
# |
|
29 |
# DATABASE can be "all", "sameuser", "samerole", "replication", a |
|
30 |
# database name, or a comma-separated list thereof. The "all" |
|
31 |
# keyword does not match "replication". Access to replication |
|
32 |
# must be enabled in a separate record (see example below). |
|
33 |
# |
|
34 |
# USER can be "all", a user name, a group name prefixed with "+", or a |
|
35 |
# comma-separated list thereof. In both the DATABASE and USER fields |
|
36 |
# you can also write a file name prefixed with "@" to include names |
|
37 |
# from a separate file. |
|
38 |
# |
|
39 |
# ADDRESS specifies the set of hosts the record matches. It can be a |
|
40 |
# host name, or it is made up of an IP address and a CIDR mask that is |
|
41 |
# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that |
|
42 |
# specifies the number of significant bits in the mask. A host name |
|
43 |
# that starts with a dot (.) matches a suffix of the actual host name. |
|
44 |
# Alternatively, you can write an IP address and netmask in separate |
|
45 |
# columns to specify the set of hosts. Instead of a CIDR-address, you |
|
46 |
# can write "samehost" to match any of the server's own IP addresses, |
|
47 |
# or "samenet" to match any address in any subnet that the server is |
|
48 |
# directly connected to. |
|
49 |
# |
|
50 |
# METHOD can be "trust", "reject", "md5", "password", "scram-sha-256", |
|
51 |
# "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert". |
|
52 |
# Note that "password" sends passwords in clear text; "md5" or |
|
53 |
# "scram-sha-256" are preferred since they send encrypted passwords. |
|
54 |
# |
|
55 |
# OPTIONS are a set of options for the authentication in the format |
|
56 |
# NAME=VALUE. The available options depend on the different |
|
57 |
# authentication methods -- refer to the "Client Authentication" |
|
58 |
# section in the documentation for a list of which options are |
|
59 |
# available for which authentication methods. |
|
60 |
# |
|
61 |
# Database and user names containing spaces, commas, quotes and other |
|
62 |
# special characters must be quoted. Quoting one of the keywords |
|
63 |
# "all", "sameuser", "samerole" or "replication" makes the name lose |
|
64 |
# its special character, and just match a database or username with |
|
65 |
# that name. |
|
66 |
# |
|
67 |
# This file is read on server startup and when the server receives a |
|
68 |
# SIGHUP signal. If you edit the file on a running system, you have to |
|
69 |
# SIGHUP the server for the changes to take effect, run "pg_ctl reload", |
|
70 |
# or execute "SELECT pg_reload_conf()". |
|
71 |
# |
|
72 |
# Put your actual configuration here |
|
73 |
# ---------------------------------- |
|
74 |
# |
|
75 |
# If you want to allow non-local connections, you need to add more |
|
76 |
# "host" records. In that case you will also need to make PostgreSQL |
|
77 |
# listen on a non-local interface via the listen_addresses |
|
78 |
# configuration parameter, or via the -i or -h command line switches. |
|
79 |
|
|
80 |
|
|
81 |
|
|
82 |
|
|
83 |
# DO NOT DISABLE! |
|
84 |
# If you change this first entry you will need to make sure that the |
|
85 |
# database superuser can access the database using some other method. |
|
86 |
# Noninteractive access to all databases is required during automatic |
|
87 |
# maintenance (custom daily cronjobs, replication, and similar tasks). |
|
88 |
# |
|
89 |
# Database administrative login by Unix domain socket |
|
90 |
local all postgres peer |
|
91 |
|
|
92 |
# TYPE DATABASE USER ADDRESS METHOD |
|
93 |
|
|
94 |
# "local" is for Unix domain socket connections only |
|
95 |
local all all peer |
|
96 |
# IPv4 local connections: |
|
97 |
host all all 127.0.0.1/32 trust |
|
98 |
# IPv6 local connections: |
|
99 |
host all all ::1/128 scram-sha-256 |
|
100 |
# Allow replication connections from localhost, by a user with the |
|
101 |
# replication privilege. |
|
102 |
local replication all peer |
|
103 |
host replication all 127.0.0.1/32 scram-sha-256 |
|
104 |
host replication all ::1/128 scram-sha-256 |
ansible/main.yml | ||
---|---|---|
1 |
--- |
|
2 |
- name: install Kivi dependencies |
|
3 |
hosts: "{{ target }}" |
|
4 |
|
|
5 |
tasks: |
|
6 |
- name: update repos and install dependencies |
|
7 |
ansible.builtin.apt: |
|
8 |
name: |
|
9 |
- git |
|
10 |
- libalgorithm-checkdigits-perl |
|
11 |
- libapache2-mod-fcgid |
|
12 |
- libarchive-zip-perl |
|
13 |
- libcam-pdf-perl |
|
14 |
- libcgi-pm-perl |
|
15 |
- libclone-perl |
|
16 |
- libconfig-std-perl |
|
17 |
- libcrypt-pbkdf2-perl |
|
18 |
- libdaemon-generic-perl |
|
19 |
- libdatetime-event-cron-perl |
|
20 |
- libdatetime-perl |
|
21 |
- libdatetime-set-perl |
|
22 |
- libdbd-pg-perl |
|
23 |
- libdbi-perl |
|
24 |
- libemail-address-perl |
|
25 |
- libemail-mime-perl |
|
26 |
- libexception-class-perl |
|
27 |
- libfcgi-perl |
|
28 |
- libfile-copy-recursive-perl |
|
29 |
- libfile-flock-perl |
|
30 |
- libfile-mimeinfo-perl |
|
31 |
- libfile-slurp-perl |
|
32 |
- libgd-gd2-perl |
|
33 |
- libhtml-restrict-perl |
|
34 |
- libimage-info-perl |
|
35 |
- libimager-perl |
|
36 |
- libimager-qrcode-perl |
|
37 |
- libipc-run-perl |
|
38 |
- libjson-perl |
|
39 |
- liblist-moreutils-perl |
|
40 |
- liblist-utilsby-perl |
|
41 |
- libmath-round-perl |
|
42 |
- libnet-smtp-ssl-perl |
|
43 |
- libnet-sslglue-perl |
|
44 |
- libparams-validate-perl |
|
45 |
- libpbkdf2-tiny-perl |
|
46 |
- libpdf-api2-perl |
|
47 |
- libregexp-ipv6-perl |
|
48 |
- librest-client-perl |
|
49 |
- librose-db-object-perl |
|
50 |
- librose-db-perl |
|
51 |
- librose-object-perl |
|
52 |
- libset-infinite-perl |
|
53 |
- libsort-naturally-perl |
|
54 |
- libstring-shellquote-perl |
|
55 |
- libtemplate-perl |
|
56 |
- libtext-csv-xs-perl |
|
57 |
- libtext-iconv-perl |
|
58 |
- libtext-unidecode-perl |
|
59 |
- libtry-tiny-perl |
|
60 |
- liburi-perl |
|
61 |
- libwww-perl |
|
62 |
- libxml-libxml-perl |
|
63 |
- libxml-writer-perl |
|
64 |
- libyaml-perl |
|
65 |
- poppler-utils |
|
66 |
state: present |
|
67 |
update_cache: yes |
|
68 |
become: true |
|
69 |
|
|
70 |
- name: postrgesql for kivi |
|
71 |
hosts: "{{ target }}" |
|
72 |
|
|
73 |
tasks: |
|
74 |
- name: install postgresql |
|
75 |
ansible.builtin.apt: |
|
76 |
name: |
|
77 |
- postgresql |
|
78 |
- postgresql-contrib |
|
79 |
state: present |
|
80 |
become: true |
|
81 |
|
|
82 |
- name: copy config files |
|
83 |
ansible.builtin.copy: |
|
84 |
src: config-files/postgresql/pg_hba.conf |
|
85 |
dest: /etc/postgresql/14/main/pg_hba.conf |
|
86 |
mode: '640' |
|
87 |
become: true |
|
88 |
|
|
89 |
- name: start postgresql |
|
90 |
ansible.builtin.service: |
|
91 |
name: postgresql |
|
92 |
state: restarted |
|
93 |
become: true |
|
94 |
|
|
95 |
- name: apache server for kivi |
|
96 |
hosts: "{{ target }}" |
|
97 |
|
|
98 |
tasks: |
|
99 |
- name: install apache server |
|
100 |
ansible.builtin.apt: |
|
101 |
name: apache2 |
|
102 |
state: present |
|
103 |
become: true |
|
104 |
|
|
105 |
- name: start apache if not running |
|
106 |
ansible.builtin.service: |
|
107 |
name: apache2 |
|
108 |
state: started |
|
109 |
|
|
110 |
- name: copy config files |
|
111 |
ansible.builtin.copy: |
|
112 |
src: config-files/apache/000-default.conf |
|
113 |
dest: /etc/apache2/sites-available/000-default.conf |
|
114 |
mode: '640' |
|
115 |
become: true |
|
116 |
|
|
117 |
- name: activate fastcgi |
|
118 |
ansible.builtin.shell: |
|
119 |
cmd: a2enmod fcgid |
|
120 |
become: true |
|
121 |
|
|
122 |
- name: install Kivi |
|
123 |
hosts: "{{ target }}" |
|
124 |
|
|
125 |
tasks: |
|
126 |
- name: ensure git is installed |
|
127 |
ansible.builtin.apt: |
|
128 |
name: git |
|
129 |
state: present |
|
130 |
become: true |
|
131 |
|
|
132 |
- name: clone repo |
|
133 |
ansible.builtin.git: |
|
134 |
repo: 'https://github.com/kivitendo/kivitendo-erp.git' |
|
135 |
dest: /var/www/kivitendo-erp |
|
136 |
version: release-3.8.0 |
|
137 |
become: true |
|
138 |
|
|
139 |
- name: copy config files |
|
140 |
ansible.builtin.copy: |
|
141 |
src: config-files/kivitendo.conf |
|
142 |
dest: /var/www/kivitendo-erp/config/kivitendo.conf |
|
143 |
become: true |
|
144 |
|
|
145 |
- name: make webdav directory |
|
146 |
ansible.builtin.file: |
|
147 |
path: /var/www/kivitendo-erp/webdav |
|
148 |
state: directory |
|
149 |
become: true |
|
150 |
|
|
151 |
- name: change permissions |
|
152 |
ansible.builtin.shell: |
|
153 |
cmd: chown -R www-data users spool webdav |
|
154 |
chdir: /var/www/kivitendo-erp |
|
155 |
become: true |
|
156 |
|
|
157 |
- name: restart apache |
|
158 |
ansible.builtin.shell: |
|
159 |
cmd: systemctl restart apache2 |
|
160 |
become: true |
scripts/ansible/config-files/apache/000-default.conf | ||
---|---|---|
1 |
<VirtualHost *:80> |
|
2 |
# The ServerName directive sets the request scheme, hostname and port that |
|
3 |
# the server uses to identify itself. This is used when creating |
|
4 |
# redirection URLs. In the context of virtual hosts, the ServerName |
|
5 |
# specifies what hostname must appear in the request's Host: header to |
|
6 |
# match this virtual host. For the default virtual host (this file) this |
|
7 |
# value is not decisive as it is used as a last resort host regardless. |
|
8 |
# However, you must set it for any further virtual host explicitly. |
|
9 |
#ServerName www.example.com |
|
10 |
|
|
11 |
ServerAdmin webmaster@localhost |
|
12 |
DocumentRoot /var/www/html |
|
13 |
|
|
14 |
#erp |
|
15 |
AddHandler fcgid-script .fpl |
|
16 |
AliasMatch ^/kivitendo-erp/[^/]+\.pl /var/www/kivitendo-erp/dispatcher.fpl |
|
17 |
Alias /kivitendo-erp/ /var/www/kivitendo-erp/ |
|
18 |
|
|
19 |
<Directory /var/www/kivitendo-erp> |
|
20 |
AllowOverride All |
|
21 |
Options ExecCGI Includes FollowSymlinks |
|
22 |
Require all granted |
|
23 |
</Directory> |
|
24 |
|
|
25 |
<DirectoryMatch /var/www/kivitendo-erp/users> |
|
26 |
Order Deny,Allow |
|
27 |
Deny from All |
|
28 |
</DirectoryMatch> |
|
29 |
#erp end |
|
30 |
|
|
31 |
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn, |
|
32 |
# error, crit, alert, emerg. |
|
33 |
# It is also possible to configure the loglevel for particular |
|
34 |
# modules, e.g. |
|
35 |
#LogLevel info ssl:warn |
|
36 |
|
|
37 |
ErrorLog ${APACHE_LOG_DIR}/error.log |
|
38 |
CustomLog ${APACHE_LOG_DIR}/access.log combined |
|
39 |
|
|
40 |
# For most configuration files from conf-available/, which are |
|
41 |
# enabled or disabled at a global level, it is possible to |
|
42 |
# include a line for only one particular virtual host. For example the |
|
43 |
# following line enables the CGI configuration for this host only |
|
44 |
# after it has been globally disabled with "a2disconf". |
|
45 |
#Include conf-available/serve-cgi-bin.conf |
|
46 |
</VirtualHost> |
|
47 |
|
|
48 |
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet |
scripts/ansible/config-files/kivitendo.conf | ||
---|---|---|
1 |
[authentication] |
|
2 |
# The cleartext password for access to the administrative part. It |
|
3 |
# can only be changed in this file, not via the administrative |
|
4 |
# interface. |
|
5 |
admin_password = admin123 |
|
6 |
|
|
7 |
# Which modules to use for authentication. Valid values are 'DB' and |
|
8 |
# 'LDAP'. You can use multiple modules separated by spaces. |
|
9 |
# |
|
10 |
# Multiple LDAP modules with different configurations can be used by |
|
11 |
# postfixing 'LDAP' with the name of the configuration section to use: |
|
12 |
# 'LDAP:ldap_fallback' would use the data from |
|
13 |
# '[authentication/ldap_fallback]'. The name defaults to 'ldap' if it |
|
14 |
# isn't given. |
|
15 |
# |
|
16 |
# Note that the LDAP module doesn't support changing the password. |
|
17 |
module = DB |
|
18 |
|
|
19 |
# The cookie name can be changed if desired. |
|
20 |
cookie_name = kivitendo_session_id |
|
21 |
|
|
22 |
# The number of minutes a session is valid. The default value is eight |
|
23 |
# hours. |
|
24 |
session_timeout = 480 |
|
25 |
|
|
26 |
# The number of seconds to penalize failed login attempts. 0 disables |
|
27 |
# it. |
|
28 |
failed_login_penalty = 5 |
|
29 |
|
|
30 |
[authentication/database] |
|
31 |
# Connection information for the database with the user and group |
|
32 |
# inforamtion. This information is always needed, even if LDAP is |
|
33 |
# used for authentication, as the user information is stored in this |
|
34 |
# database while LDAP is only used for password verification. |
|
35 |
# |
|
36 |
# If 'module' is set to 'DB' then this database also contains the |
|
37 |
# users' passwords. |
|
38 |
host = 127.0.0.1 |
|
39 |
port = 5432 |
|
40 |
db = kivitendo_auth |
|
41 |
user = postgres |
|
42 |
password = |
|
43 |
|
|
44 |
[authentication/ldap] |
|
45 |
# This section is only relevant if 'module' is set to 'LDAP'. It names |
|
46 |
# the LDAP server the passwords are verified against by doing a LDAP |
|
47 |
# bind operation. |
|
48 |
# |
|
49 |
# At least the parameters 'host', 'attribute' and 'base_dn' have to be |
|
50 |
# specified. |
|
51 |
# |
|
52 |
# tls: Activate encryption via TLS |
|
53 |
# verify: If 'tls' is used, how to verify the server's certificate. |
|
54 |
# Can be one of 'require' or 'none'. |
|
55 |
# attribute: Name of the LDAP attribute containing the user's login name |
|
56 |
# base_dn: Base DN the LDAP searches start from |
|
57 |
# filter: An optional LDAP filter specification. The string '<%login%>' |
|
58 |
# is replaced by the user's login name before the search is started. |
|
59 |
# bind_dn and bind_password: |
|
60 |
# If searching the LDAP tree requires user credentials |
|
61 |
# (e.g. ActiveDirectory) then these two parameters specify |
|
62 |
# the user name and password to use. |
|
63 |
# timeout: Timeout when connecting to the server in seconds. |
|
64 |
# |
|
65 |
# You can specify a fallback LDAP server to use in case the main one |
|
66 |
# isn't reachable by duplicating this whole section as |
|
67 |
# "[authentication/ldap_fallback]". |
|
68 |
# |
|
69 |
host = localhost |
|
70 |
port = 389 |
|
71 |
tls = 0 |
|
72 |
attribute = uid |
|
73 |
base_dn = |
|
74 |
filter = |
|
75 |
bind_dn = |
|
76 |
bind_password = |
|
77 |
timeout = 10 |
|
78 |
verify = require |
|
79 |
|
|
80 |
[system] |
|
81 |
# Set language for login and admin forms. Currently "de" (German) |
|
82 |
# and "en" (English, not perfect) are available. |
|
83 |
language = de |
|
84 |
|
|
85 |
# Set stylesheet for login and admin forms. Supported: |
|
86 |
# lx-office-erp |
|
87 |
# kivitendo - default |
|
88 |
# design40 |
|
89 |
stylesheet = kivitendo |
|
90 |
|
|
91 |
# MassPrint Timeout |
|
92 |
# must be less than cgi timeout |
|
93 |
# |
|
94 |
massprint_timeout = 30 |
|
95 |
|
|
96 |
# Set default_manager for admin forms. Currently "german" |
|
97 |
# and "swiss" are available. |
|
98 |
default_manager = german |
|
99 |
|
|
100 |
# The memory limits given here determine the maximum process size |
|
101 |
# (vsz, the total amount of memory this process uses including memory |
|
102 |
# swapped out or shared with other processes) or resident set size |
|
103 |
# (rss, the amount of memory not swapped out/shared with other |
|
104 |
# processes). If either limit is reached at the end of the request |
|
105 |
# then the kivitendo process will exit. |
|
106 |
# |
|
107 |
# This only applies for processes under FCGI and the task manager. |
|
108 |
# For CGI configurations the process will be terminated after each request |
|
109 |
# regardless of this setting. |
|
110 |
# |
|
111 |
# Note: this will only terminate processes with too high memory consumption. It |
|
112 |
# is assumed that an external managing service will start new instances. For |
|
113 |
# FCGI this will usually be apache or the wrapper scripts for nginx, for the |
|
114 |
# task server this will have to be the system manager. |
|
115 |
# |
|
116 |
# Numbers can be postfixed with KB, MB, GB. If no number is given or |
|
117 |
# the number is 0 then no checking will be performed. |
|
118 |
memory_limit_rss = |
|
119 |
memory_limit_vsz = |
|
120 |
|
|
121 |
[paths] |
|
122 |
# path to temporary files (must be writeable by the web server) |
|
123 |
userspath = users |
|
124 |
# spool directory for batch printing |
|
125 |
spool = spool |
|
126 |
# templates base directory |
|
127 |
templates = templates |
|
128 |
# Path to the old memberfile (ignored on new installations) |
|
129 |
memberfile = users/members |
|
130 |
# Path to ELSTER geierlein webserver path inside kivitendo |
|
131 |
# (must be inside kivitendo but you can set an ALIAS for apache/oe |
|
132 |
# if set the export to geierlein is enabled |
|
133 |
# geierlein_path = geierlein |
|
134 |
|
|
135 |
# |
|
136 |
# document path for FileSystem FileManagement: |
|
137 |
# (must be reachable read/write but not executable from webserver) |
|
138 |
# document_path = /var/local/kivi_documents |
|
139 |
# |
|
140 |
|
|
141 |
[mail_delivery] |
|
142 |
# Delivery method can be 'sendmail' or 'smtp'. For 'method = sendmail' the |
|
143 |
# parameter 'mail_delivery.sendmail' is used as the executable to call. If |
|
144 |
# 'applications.sendmail' still exists (backwards compatibility) then |
|
145 |
# 'applications.sendmail' will be used instead of 'mail_delivery.sendmail'. |
|
146 |
# If method is empty, mail delivery is disabled. |
|
147 |
method = smtp |
|
148 |
# Location of sendmail for 'method = sendmail' |
|
149 |
sendmail = /usr/sbin/sendmail -t<%if myconfig_email%> -f <%myconfig_email%><%end%> |
|
150 |
# Settings for 'method = smtp'. Only set 'port' if your SMTP server |
|
151 |
# runs on a non-standard port (25 for 'security=none' or |
|
152 |
# 'security=tls', 465 for 'security=ssl'). |
|
153 |
host = localhost |
|
154 |
#port = 25 |
|
155 |
# Security can be 'tls', 'ssl' or 'none'. Unset equals 'none'. This |
|
156 |
# determines whether or not encryption is used and which kind. For |
|
157 |
# 'tls' the module 'Net::SSLGlue' is required; for 'ssl' |
|
158 |
# 'Net::SMTP::SSL' is required and 'none' only uses 'Net::SMTP'. |
|
159 |
security = none |
|
160 |
# Authentication is only used if 'login' is set. You should only use |
|
161 |
# that with 'tls' or 'ssl' encryption. |
|
162 |
login = |
|
163 |
password = |
|
164 |
|
|
165 |
[applications] |
|
166 |
# Location of OpenOffice.org/LibreOffice writer |
|
167 |
openofficeorg_writer = lowriter |
|
168 |
# Location of the html2ps binary |
|
169 |
html2ps = html2ps |
|
170 |
# Location of the Ghostscript binary |
|
171 |
ghostscript = gs |
|
172 |
# Location of the program to create PDFs from TeX documents |
|
173 |
latex = latexmk --pdflatex |
|
174 |
# Location of the Python interpreter to use when converting from |
|
175 |
# OpenDocument to PDF. Some distributions compile UNO support only |
|
176 |
# into binaries located in different locations than the main Python |
|
177 |
# binary. |
|
178 |
python_uno = python3 |
|
179 |
|
|
180 |
[environment] |
|
181 |
# Add the following paths to the PATH environment variable. |
|
182 |
path = /usr/local/bin:/usr/X11R6/bin:/usr/X11/bin |
|
183 |
# Add the following paths to the PERL5LIB environment variable. |
|
184 |
# "/sw/lib/perl5" is for Mac OS X with Fink's Perl. |
|
185 |
lib = /sw/lib/perl5 |
|
186 |
# Add the following paths to the PYTHONPATH environment variable for |
|
187 |
# locating Python modules. Python is used when converting OpenDocument |
|
188 |
# files into PDF files. |
|
189 |
python_uno_path = |
|
190 |
|
|
191 |
[print_templates] |
|
192 |
# If you have LaTeX installed set to 1 |
|
193 |
latex = 1 |
|
194 |
# Minimal support for Excel print templates |
|
195 |
excel = 0 |
|
196 |
# Enable or disable support for OpenDocument print templates |
|
197 |
opendocument = 1 |
|
198 |
# Chose whether or not OpenOffice/LibreOffice should remain running after a |
|
199 |
# conversion. If yes then the conversion of subsequent documents will |
|
200 |
# be a bit faster. You need to have Python and the Python UNO bindings |
|
201 |
# (part of OpenOffice/LibreOffice) installed. |
|
202 |
openofficeorg_daemon = 0 |
|
203 |
openofficeorg_daemon_port = 2002 |
|
204 |
|
|
205 |
[task_server] |
|
206 |
# Set to 1 for debug messages in /tmp/kivitendo-debug.log |
|
207 |
debug = 0 |
|
208 |
# Chose a system user the daemon should run under when started as root. |
|
209 |
run_as = |
|
210 |
# Task servers can run on multiple machines. Each needs its own unique |
|
211 |
# ID. If unset, it defaults to the host name. All but one task server |
|
212 |
# must have 'only_run_tasks_for_this_node' set to 1. |
|
213 |
node_id = |
|
214 |
only_run_tasks_for_this_node = 0 |
|
215 |
|
|
216 |
[task_server/notify_on_failure] |
|
217 |
# If you want email notifications for failed jobs then set this to a |
|
218 |
# kivitendo user (login) name. The subject can be changed as well. |
|
219 |
send_email_to = |
|
220 |
# The "From:" header for said email. |
|
221 |
email_from = kivitendo Daemon <root@localhost> |
|
222 |
# The subject for said email. |
|
223 |
email_subject = kivitendo Task-Server: Hintergrundjob fehlgeschlagen |
|
224 |
# The template file used for the email's body. |
|
225 |
email_template = templates/webpages/task_server/failure_notification_email.txt |
|
226 |
|
|
227 |
[periodic_invoices] |
|
228 |
# The user name or email address a report about the posted and printed |
|
229 |
# invoices is sent to. |
|
230 |
send_email_to = |
|
231 |
# The "From:" header for said email. |
|
232 |
email_from = kivitendo Daemon <root@localhost> |
|
233 |
# The subject for said email. |
|
234 |
email_subject = Benachrichtigung: automatisch erstellte Rechnungen |
|
235 |
# The template file used for the email's body. |
|
236 |
email_template = templates/webpages/oe/periodic_invoices_email.txt |
|
237 |
# Whether to always send the mail (0), or only if there were errors |
|
238 |
# (1). |
|
239 |
send_for_errors_only = 0 |
|
240 |
|
|
241 |
[self_test] |
|
242 |
|
|
243 |
# modules to be tested |
|
244 |
# Add without SL::BackgroundJob::SelfTest:: prefix |
|
245 |
# Separate with space. |
|
246 |
modules = Transactions |
|
247 |
|
|
248 |
# you probably don't want to be spammed with "everything ok" every day. enable |
|
249 |
# this when you add new tests to make sure they run correctly for a few days |
|
250 |
send_email_on_success = 0 |
|
251 |
|
|
252 |
# will log into the standard logfile |
|
253 |
log_to_file = 0 |
|
254 |
|
|
255 |
# user login (!) to send the email to. |
|
256 |
send_email_to = |
|
257 |
# will be used to send your report mail |
|
258 |
email_from = |
|
259 |
# The subject line for your report mail |
|
260 |
email_subject = kivitendo self test report |
|
261 |
# template. currently txt and html templates are recognized and correctly mime send. |
|
262 |
email_template = templates/mail/self_test/status_mail.txt |
|
263 |
|
|
264 |
[follow_up_reminder] |
|
265 |
# Email notifications for due follow ups. |
|
266 |
# The "From:" header for said email. |
|
267 |
email_from = kivitendo Daemon <root@localhost> |
|
268 |
# The subject for said email. |
|
269 |
email_subject = kivitendo: fällige Wiedervorlagen |
|
270 |
# The template file used for the email's body. |
|
271 |
# If empty fu/follow_up_reminder_mail.html will be used. |
|
272 |
email_template = |
|
273 |
|
|
274 |
[console] |
|
275 |
# Automatic login will only work if both "client" and "login" are |
|
276 |
# given. "client" can be a client's database ID or its name. "login" |
|
277 |
# is simply a user's login name. |
|
278 |
client = |
|
279 |
login = |
|
280 |
|
|
281 |
# autorun lines will be executed after autologin. |
|
282 |
# be warned that loading huge libraries will noticably lengthen startup time. |
|
283 |
#autorun = require "bin/mozilla/common.pl"; |
|
284 |
# = use English qw(-no_match_vars); |
|
285 |
# = use List::Util qw(min max); |
|
286 |
# = sub take { my $max = shift; my $r = ref($_[0]) eq 'ARRAY' ? $_[0] : \@_; return @{$r}[0..List::Util::min($max, scalar(@{$r})) - 1]; } |
|
287 |
|
|
288 |
# location of history file for permanent history |
|
289 |
history_file = users/console_history |
|
290 |
|
|
291 |
# location of a separate log file for the console. everything normally written |
|
292 |
# to the kivitendo log will be put here if triggered from the console |
|
293 |
log_file = /tmp/kivitendo_console_debug.log |
|
294 |
|
|
295 |
[testing] |
|
296 |
|
|
297 |
# Several tests need a database they can alter data in freely. This |
|
298 |
# database will be dropped & created before any other test is run. The |
|
299 |
# following parameters must be given: |
|
300 |
[testing/database] |
|
301 |
host = 127.0.0.1 |
|
302 |
port = 5432 |
|
303 |
db = |
|
304 |
user = postgres |
|
305 |
password = |
|
306 |
template = template1 |
|
307 |
superuser_user = postgres |
|
308 |
superuser_password = |
|
309 |
|
|
310 |
[devel] |
|
311 |
# Several settings related to the development of kivitendo. |
|
312 |
|
|
313 |
# "client" is used by several scripts (e.g. rose_auto_create_model.pl) |
|
314 |
# when they need access to the database. It can be either a client's |
|
315 |
# database ID or its name. |
|
316 |
client = |
|
317 |
|
|
318 |
[debug] |
|
319 |
# Use DBIx::Log4perl for logging DBI calls. The string LXDEBUGFILE |
|
320 |
# will be replaced by the file name configured for $::lxdebug. |
|
321 |
dbix_log4perl = 0 |
|
322 |
dbix_log4perl_config = log4perl.logger = FATAL, LOGFILE |
|
323 |
= log4perl.appender.LOGFILE=Log::Log4perl::Appender::File |
|
324 |
= log4perl.appender.LOGFILE.filename=LXDEBUGFILE |
|
325 |
= log4perl.appender.LOGFILE.mode=append |
|
326 |
= log4perl.appender.LOGFILE.Threshold = ERROR |
|
327 |
= log4perl.appender.LOGFILE.layout=PatternLayout |
|
328 |
= log4perl.appender.LOGFILE.layout.ConversionPattern=[%r] %F %L %c - %m%n |
|
329 |
= log4perl.logger.DBIx.Log4perl=DEBUG, A1 |
|
330 |
= log4perl.appender.A1=Log::Log4perl::Appender::File |
|
331 |
= log4perl.appender.A1.filename=LXDEBUGFILE |
|
332 |
= log4perl.appender.A1.mode=append |
|
333 |
= log4perl.appender.A1.layout=Log::Log4perl::Layout::PatternLayout |
|
334 |
= log4perl.appender.A1.layout.ConversionPattern=%d %p> %F{1}:%L %M - %m%n |
|
335 |
|
|
336 |
# Activate certain global debug messages. If you want to combine |
|
337 |
# several options then list them separated by spaces. |
|
338 |
# |
|
339 |
# Possible values include: |
|
340 |
# NONE - no debug output (default) |
|
341 |
# INFO |
|
342 |
# DEBUG1 |
|
343 |
# DEBUG2 |
|
344 |
# QUERY - Dump SQL queries (only in legacy code; see also "dbix_log4perl" above) |
|
345 |
# TRACE - Track function calls and returns |
|
346 |
# BACKTRACE_ON_ERROR - Print a function call backtrace when $form->error() is called |
|
347 |
# REQUEST_TIMER - Log timing of HTTP requests |
|
348 |
# REQUEST - Log each request. Careful! Passwords get filtered, but |
|
349 |
# there may be confidential information being logged here |
|
350 |
# WARN - warnings |
|
351 |
# SHOW_CALLER - include the file name & line number from where a call |
|
352 |
# to "message" or "dump" was called |
|
353 |
# ALL - all possible debug messages |
|
354 |
# |
|
355 |
# DEVEL - sames as "INFO QUERY TRACE BACKTRACE_ON_ERROR REQUEST_TIMER" |
|
356 |
# |
|
357 |
# Example: |
|
358 |
# global_level = TRACE QUERY |
|
359 |
global_level = NONE |
|
360 |
|
|
361 |
# Activate monitoring of the content of $form. If it is active then |
|
362 |
# monitoring can be turned on for certain variables with the |
|
363 |
# following: |
|
364 |
# $form->{"Watchdog::<variable>"} = 1; |
|
365 |
# Monitoring has a performance cost and is therefore deactivated by |
|
366 |
# default. |
|
367 |
watch_form = 0 |
|
368 |
|
|
369 |
# If you want to debug the creation of LaTeX files then set this to 1. |
|
370 |
# That way the temporary LaTeX files created during PDF creation are |
|
371 |
# not removed and remain in the "users" directory. |
|
372 |
keep_temp_files = 0 |
|
373 |
|
|
374 |
# Restart the FastCGI process if changes to the program or template |
|
375 |
# files have been detected. The restart will occur after the request |
|
376 |
# in which the changes have been detected has completed. |
|
377 |
restart_fcgi_process_on_changes = 0 |
|
378 |
|
|
379 |
# The file name where the debug messages are written to. |
|
380 |
file_name = /tmp/kivitendo-debug.log |
|
381 |
|
|
382 |
# If set to 1 then the installation will be kept unlocked even if a |
|
383 |
# database upgrade fails. |
|
384 |
keep_installation_unlocked = 0 |
|
385 |
|
|
386 |
# If set to 1 then all resource links (JavaScript, CSS files) output |
|
387 |
# via $::request->{layout}->use_stylesheet() / use_javascript() will |
|
388 |
# be made unique by appending a random GET parameter. This will cause |
|
389 |
# the web browser to always reload the resources. |
|
390 |
auto_reload_resources = 0 |
|
391 |
|
|
392 |
# If set to 1 each exception will include a full stack backtrace. |
|
393 |
backtrace_on_die = 0 |
|
394 |
|
|
395 |
[cti] |
|
396 |
# If you want phone numbers to be clickable then this must be set to a |
|
397 |
# command that does the actually dialing. Within this command three |
|
398 |
# variables are replaced before it is executed: |
|
399 |
# |
|
400 |
# 1. <%phone_extension%> and <%phone_password%> are taken from the user |
|
401 |
# configuration (changeable in the admin interface). |
|
402 |
# 2. <%number%> is the number to dial. It has already been sanitized |
|
403 |
# and formatted correctly regarding e.g. the international dialing |
|
404 |
# prefix. |
|
405 |
# |
|
406 |
# The following is an example that works with the OpenUC telephony |
|
407 |
# server: |
|
408 |
# dial_command = curl --insecure -X PUT https://<%phone_extension%>:<%phone_password%>@IP.AD.DR.ESS:8443/sipxconfig/rest/my/call/<%number%> |
|
409 |
dial_command = |
|
410 |
# If you need to dial something before the actual number then set |
|
411 |
# external_prefix to it. |
|
412 |
external_prefix = 0 |
|
413 |
# The prefix for international calls (numbers starting with +). |
|
414 |
international_dialing_prefix = 00 |
|
415 |
# Our own country code |
|
416 |
our_country_code = 49 |
scripts/ansible/config-files/postgresql/pg_hba.conf | ||
---|---|---|
1 |
# PostgreSQL Client Authentication Configuration File |
|
2 |
# =================================================== |
|
3 |
# |
|
4 |
# Refer to the "Client Authentication" section in the PostgreSQL |
|
5 |
# documentation for a complete description of this file. A short |
|
6 |
# synopsis follows. |
|
7 |
# |
|
8 |
# This file controls: which hosts are allowed to connect, how clients |
|
9 |
# are authenticated, which PostgreSQL user names they can use, which |
|
10 |
# databases they can access. Records take one of these forms: |
|
11 |
# |
|
12 |
# local DATABASE USER METHOD [OPTIONS] |
|
13 |
# host DATABASE USER ADDRESS METHOD [OPTIONS] |
|
14 |
# hostssl DATABASE USER ADDRESS METHOD [OPTIONS] |
|
15 |
# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS] |
|
16 |
# hostgssenc DATABASE USER ADDRESS METHOD [OPTIONS] |
|
17 |
# hostnogssenc DATABASE USER ADDRESS METHOD [OPTIONS] |
|
18 |
# |
|
19 |
# (The uppercase items must be replaced by actual values.) |
|
20 |
# |
|
21 |
# The first field is the connection type: |
|
22 |
# - "local" is a Unix-domain socket |
|
23 |
# - "host" is a TCP/IP socket (encrypted or not) |
|
24 |
# - "hostssl" is a TCP/IP socket that is SSL-encrypted |
|
25 |
# - "hostnossl" is a TCP/IP socket that is not SSL-encrypted |
|
26 |
# - "hostgssenc" is a TCP/IP socket that is GSSAPI-encrypted |
|
27 |
# - "hostnogssenc" is a TCP/IP socket that is not GSSAPI-encrypted |
|
28 |
# |
|
29 |
# DATABASE can be "all", "sameuser", "samerole", "replication", a |
|
30 |
# database name, or a comma-separated list thereof. The "all" |
|
31 |
# keyword does not match "replication". Access to replication |
|
32 |
# must be enabled in a separate record (see example below). |
|
33 |
# |
|
34 |
# USER can be "all", a user name, a group name prefixed with "+", or a |
|
35 |
# comma-separated list thereof. In both the DATABASE and USER fields |
|
36 |
# you can also write a file name prefixed with "@" to include names |
|
37 |
# from a separate file. |
|
38 |
# |
|
39 |
# ADDRESS specifies the set of hosts the record matches. It can be a |
|
40 |
# host name, or it is made up of an IP address and a CIDR mask that is |
|
41 |
# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that |
|
42 |
# specifies the number of significant bits in the mask. A host name |
|
43 |
# that starts with a dot (.) matches a suffix of the actual host name. |
|
44 |
# Alternatively, you can write an IP address and netmask in separate |
|
45 |
# columns to specify the set of hosts. Instead of a CIDR-address, you |
|
46 |
# can write "samehost" to match any of the server's own IP addresses, |
|
47 |
# or "samenet" to match any address in any subnet that the server is |
|
48 |
# directly connected to. |
|
49 |
# |
|
50 |
# METHOD can be "trust", "reject", "md5", "password", "scram-sha-256", |
|
51 |
# "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert". |
|
52 |
# Note that "password" sends passwords in clear text; "md5" or |
|
53 |
# "scram-sha-256" are preferred since they send encrypted passwords. |
|
54 |
# |
|
55 |
# OPTIONS are a set of options for the authentication in the format |
|
56 |
# NAME=VALUE. The available options depend on the different |
|
57 |
# authentication methods -- refer to the "Client Authentication" |
|
58 |
# section in the documentation for a list of which options are |
|
59 |
# available for which authentication methods. |
|
60 |
# |
|
61 |
# Database and user names containing spaces, commas, quotes and other |
|
62 |
# special characters must be quoted. Quoting one of the keywords |
|
63 |
# "all", "sameuser", "samerole" or "replication" makes the name lose |
|
64 |
# its special character, and just match a database or username with |
|
65 |
# that name. |
|
66 |
# |
|
67 |
# This file is read on server startup and when the server receives a |
|
68 |
# SIGHUP signal. If you edit the file on a running system, you have to |
|
69 |
# SIGHUP the server for the changes to take effect, run "pg_ctl reload", |
|
70 |
# or execute "SELECT pg_reload_conf()". |
|
71 |
# |
|
72 |
# Put your actual configuration here |
|
73 |
# ---------------------------------- |
|
74 |
# |
|
75 |
# If you want to allow non-local connections, you need to add more |
|
76 |
# "host" records. In that case you will also need to make PostgreSQL |
|
77 |
# listen on a non-local interface via the listen_addresses |
|
78 |
# configuration parameter, or via the -i or -h command line switches. |
|
79 |
|
|
80 |
|
|
81 |
|
|
82 |
|
|
83 |
# DO NOT DISABLE! |
|
84 |
# If you change this first entry you will need to make sure that the |
|
85 |
# database superuser can access the database using some other method. |
|
86 |
# Noninteractive access to all databases is required during automatic |
|
87 |
# maintenance (custom daily cronjobs, replication, and similar tasks). |
|
88 |
# |
|
89 |
# Database administrative login by Unix domain socket |
|
90 |
local all postgres peer |
|
91 |
|
|
92 |
# TYPE DATABASE USER ADDRESS METHOD |
|
93 |
|
|
94 |
# "local" is for Unix domain socket connections only |
|
95 |
local all all peer |
|
96 |
# IPv4 local connections: |
|
97 |
host all all 127.0.0.1/32 trust |
|
98 |
# IPv6 local connections: |
|
99 |
host all all ::1/128 scram-sha-256 |
|
100 |
# Allow replication connections from localhost, by a user with the |
|
101 |
# replication privilege. |
|
102 |
local replication all peer |
|
103 |
host replication all 127.0.0.1/32 scram-sha-256 |
|
104 |
host replication all ::1/128 scram-sha-256 |
scripts/ansible/main.yml | ||
---|---|---|
1 |
--- |
|
2 |
- name: install Kivi dependencies |
|
3 |
hosts: "{{ target }}" |
|
4 |
|
|
5 |
tasks: |
|
6 |
- name: update repos and install dependencies |
|
7 |
ansible.builtin.apt: |
|
8 |
name: |
|
9 |
- git |
|
10 |
- libalgorithm-checkdigits-perl |
|
11 |
- libapache2-mod-fcgid |
|
12 |
- libarchive-zip-perl |
|
13 |
- libcam-pdf-perl |
|
14 |
- libcgi-pm-perl |
|
15 |
- libclone-perl |
|
16 |
- libconfig-std-perl |
|
17 |
- libcrypt-pbkdf2-perl |
|
18 |
- libdaemon-generic-perl |
|
19 |
- libdatetime-event-cron-perl |
|
20 |
- libdatetime-perl |
|
21 |
- libdatetime-set-perl |
|
22 |
- libdbd-pg-perl |
|
23 |
- libdbi-perl |
|
24 |
- libemail-address-perl |
|
25 |
- libemail-mime-perl |
|
26 |
- libexception-class-perl |
|
27 |
- libfcgi-perl |
|
28 |
- libfile-copy-recursive-perl |
|
29 |
- libfile-flock-perl |
|
30 |
- libfile-mimeinfo-perl |
|
31 |
- libfile-slurp-perl |
|
32 |
- libgd-gd2-perl |
|
33 |
- libhtml-restrict-perl |
|
34 |
- libimage-info-perl |
|
35 |
- libimager-perl |
|
36 |
- libimager-qrcode-perl |
|
37 |
- libipc-run-perl |
|
38 |
- libjson-perl |
|
39 |
- liblist-moreutils-perl |
|
40 |
- liblist-utilsby-perl |
|
41 |
- libmath-round-perl |
|
42 |
- libnet-smtp-ssl-perl |
|
43 |
- libnet-sslglue-perl |
|
44 |
- libparams-validate-perl |
|
45 |
- libpbkdf2-tiny-perl |
|
46 |
- libpdf-api2-perl |
|
47 |
- libregexp-ipv6-perl |
|
48 |
- librest-client-perl |
|
49 |
- librose-db-object-perl |
|
50 |
- librose-db-perl |
|
51 |
- librose-object-perl |
|
52 |
- libset-infinite-perl |
|
53 |
- libsort-naturally-perl |
|
54 |
- libstring-shellquote-perl |
|
55 |
- libtemplate-perl |
|
56 |
- libtext-csv-xs-perl |
|
57 |
- libtext-iconv-perl |
|
58 |
- libtext-unidecode-perl |
|
59 |
- libtry-tiny-perl |
|
60 |
- liburi-perl |
|
61 |
- libwww-perl |
|
62 |
- libxml-libxml-perl |
|
63 |
- libxml-writer-perl |
|
64 |
- libyaml-perl |
|
65 |
- poppler-utils |
|
66 |
state: present |
|
67 |
update_cache: yes |
|
68 |
become: true |
|
69 |
|
|
70 |
- name: postrgesql for kivi |
|
71 |
hosts: "{{ target }}" |
|
72 |
|
|
73 |
tasks: |
|
74 |
- name: install postgresql |
|
75 |
ansible.builtin.apt: |
|
76 |
name: |
|
77 |
- postgresql |
|
78 |
- postgresql-contrib |
|
79 |
state: present |
|
80 |
become: true |
|
81 |
|
|
82 |
- name: copy config files |
|
83 |
ansible.builtin.copy: |
|
84 |
src: config-files/postgresql/pg_hba.conf |
|
85 |
dest: /etc/postgresql/14/main/pg_hba.conf |
|
86 |
mode: '640' |
|
87 |
become: true |
|
88 |
|
|
89 |
- name: start postgresql |
|
90 |
ansible.builtin.service: |
|
91 |
name: postgresql |
|
92 |
state: restarted |
|
93 |
become: true |
|
94 |
|
|
95 |
- name: apache server for kivi |
|
96 |
hosts: "{{ target }}" |
|
97 |
|
|
98 |
tasks: |
|
99 |
- name: install apache server |
|
100 |
ansible.builtin.apt: |
|
101 |
name: apache2 |
|
102 |
state: present |
|
103 |
become: true |
|
104 |
|
|
105 |
- name: start apache if not running |
|
106 |
ansible.builtin.service: |
|
107 |
name: apache2 |
|
108 |
state: started |
|
109 |
|
|
110 |
- name: copy config files |
|
111 |
ansible.builtin.copy: |
|
112 |
src: config-files/apache/000-default.conf |
|
113 |
dest: /etc/apache2/sites-available/000-default.conf |
|
114 |
mode: '640' |
|
115 |
become: true |
|
116 |
|
|
117 |
- name: activate fastcgi |
|
118 |
ansible.builtin.shell: |
|
119 |
cmd: a2enmod fcgid |
|
120 |
become: true |
|
121 |
|
|
122 |
- name: install Kivi |
|
123 |
hosts: "{{ target }}" |
|
124 |
|
|
125 |
tasks: |
|
126 |
- name: ensure git is installed |
|
127 |
ansible.builtin.apt: |
|
128 |
name: git |
|
129 |
state: present |
|
130 |
become: true |
|
131 |
|
|
132 |
- name: clone repo |
|
133 |
ansible.builtin.git: |
|
134 |
repo: 'https://github.com/kivitendo/kivitendo-erp.git' |
|
135 |
dest: /var/www/kivitendo-erp |
|
136 |
version: release-3.8.0 |
|
137 |
become: true |
|
138 |
|
|
139 |
- name: copy config files |
|
140 |
ansible.builtin.copy: |
|
141 |
src: config-files/kivitendo.conf |
|
142 |
dest: /var/www/kivitendo-erp/config/kivitendo.conf |
|
143 |
become: true |
|
144 |
|
|
145 |
- name: make webdav directory |
|
146 |
ansible.builtin.file: |
|
147 |
path: /var/www/kivitendo-erp/webdav |
|
148 |
state: directory |
|
149 |
become: true |
|
150 |
|
|
151 |
- name: change permissions |
Auch abrufbar als: Unified diff
Ansible verzeichnis in scripts/ verschoben