Revision ec0cba6c
Von Enrique Morales vor fast 2 Jahren hinzugefügt
- ID ec0cba6cadbaffb5c55fbaebc940b1e1223d338a
- Vorgänger 414f1ecb
ansible/config-files/apache/000-default.conf | ||
---|---|---|
<VirtualHost *:80>
|
||
# The ServerName directive sets the request scheme, hostname and port that
|
||
# the server uses to identify itself. This is used when creating
|
||
# redirection URLs. In the context of virtual hosts, the ServerName
|
||
# specifies what hostname must appear in the request's Host: header to
|
||
# match this virtual host. For the default virtual host (this file) this
|
||
# value is not decisive as it is used as a last resort host regardless.
|
||
# However, you must set it for any further virtual host explicitly.
|
||
#ServerName www.example.com
|
||
|
||
ServerAdmin webmaster@localhost
|
||
DocumentRoot /var/www/html
|
||
|
||
#erp
|
||
AddHandler fcgid-script .fpl
|
||
AliasMatch ^/kivitendo-erp/[^/]+\.pl /var/www/kivitendo-erp/dispatcher.fpl
|
||
Alias /kivitendo-erp/ /var/www/kivitendo-erp/
|
||
|
||
<Directory /var/www/kivitendo-erp>
|
||
AllowOverride All
|
||
Options ExecCGI Includes FollowSymlinks
|
||
Require all granted
|
||
</Directory>
|
||
|
||
<DirectoryMatch /var/www/kivitendo-erp/users>
|
||
Order Deny,Allow
|
||
Deny from All
|
||
</DirectoryMatch>
|
||
#erp end
|
||
|
||
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
|
||
# error, crit, alert, emerg.
|
||
# It is also possible to configure the loglevel for particular
|
||
# modules, e.g.
|
||
#LogLevel info ssl:warn
|
||
|
||
ErrorLog ${APACHE_LOG_DIR}/error.log
|
||
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
||
|
||
# For most configuration files from conf-available/, which are
|
||
# enabled or disabled at a global level, it is possible to
|
||
# include a line for only one particular virtual host. For example the
|
||
# following line enables the CGI configuration for this host only
|
||
# after it has been globally disabled with "a2disconf".
|
||
#Include conf-available/serve-cgi-bin.conf
|
||
</VirtualHost>
|
||
|
||
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
|
ansible/config-files/kivitendo.conf | ||
---|---|---|
[authentication]
|
||
# The cleartext password for access to the administrative part. It
|
||
# can only be changed in this file, not via the administrative
|
||
# interface.
|
||
admin_password = admin123
|
||
|
||
# Which modules to use for authentication. Valid values are 'DB' and
|
||
# 'LDAP'. You can use multiple modules separated by spaces.
|
||
#
|
||
# Multiple LDAP modules with different configurations can be used by
|
||
# postfixing 'LDAP' with the name of the configuration section to use:
|
||
# 'LDAP:ldap_fallback' would use the data from
|
||
# '[authentication/ldap_fallback]'. The name defaults to 'ldap' if it
|
||
# isn't given.
|
||
#
|
||
# Note that the LDAP module doesn't support changing the password.
|
||
module = DB
|
||
|
||
# The cookie name can be changed if desired.
|
||
cookie_name = kivitendo_session_id
|
||
|
||
# The number of minutes a session is valid. The default value is eight
|
||
# hours.
|
||
session_timeout = 480
|
||
|
||
# The number of seconds to penalize failed login attempts. 0 disables
|
||
# it.
|
||
failed_login_penalty = 5
|
||
|
||
[authentication/database]
|
||
# Connection information for the database with the user and group
|
||
# inforamtion. This information is always needed, even if LDAP is
|
||
# used for authentication, as the user information is stored in this
|
||
# database while LDAP is only used for password verification.
|
||
#
|
||
# If 'module' is set to 'DB' then this database also contains the
|
||
# users' passwords.
|
||
host = 127.0.0.1
|
||
port = 5432
|
||
db = kivitendo_auth
|
||
user = postgres
|
||
password =
|
||
|
||
[authentication/ldap]
|
||
# This section is only relevant if 'module' is set to 'LDAP'. It names
|
||
# the LDAP server the passwords are verified against by doing a LDAP
|
||
# bind operation.
|
||
#
|
||
# At least the parameters 'host', 'attribute' and 'base_dn' have to be
|
||
# specified.
|
||
#
|
||
# tls: Activate encryption via TLS
|
||
# verify: If 'tls' is used, how to verify the server's certificate.
|
||
# Can be one of 'require' or 'none'.
|
||
# attribute: Name of the LDAP attribute containing the user's login name
|
||
# base_dn: Base DN the LDAP searches start from
|
||
# filter: An optional LDAP filter specification. The string '<%login%>'
|
||
# is replaced by the user's login name before the search is started.
|
||
# bind_dn and bind_password:
|
||
# If searching the LDAP tree requires user credentials
|
||
# (e.g. ActiveDirectory) then these two parameters specify
|
||
# the user name and password to use.
|
||
# timeout: Timeout when connecting to the server in seconds.
|
||
#
|
||
# You can specify a fallback LDAP server to use in case the main one
|
||
# isn't reachable by duplicating this whole section as
|
||
# "[authentication/ldap_fallback]".
|
||
#
|
||
host = localhost
|
||
port = 389
|
||
tls = 0
|
||
attribute = uid
|
||
base_dn =
|
||
filter =
|
||
bind_dn =
|
||
bind_password =
|
||
timeout = 10
|
||
verify = require
|
||
|
||
[system]
|
||
# Set language for login and admin forms. Currently "de" (German)
|
||
# and "en" (English, not perfect) are available.
|
||
language = de
|
||
|
||
# Set stylesheet for login and admin forms. Supported:
|
||
# lx-office-erp
|
||
# kivitendo - default
|
||
# design40
|
||
stylesheet = kivitendo
|
||
|
||
# MassPrint Timeout
|
||
# must be less than cgi timeout
|
||
#
|
||
massprint_timeout = 30
|
||
|
||
# Set default_manager for admin forms. Currently "german"
|
||
# and "swiss" are available.
|
||
default_manager = german
|
||
|
||
# The memory limits given here determine the maximum process size
|
||
# (vsz, the total amount of memory this process uses including memory
|
||
# swapped out or shared with other processes) or resident set size
|
||
# (rss, the amount of memory not swapped out/shared with other
|
||
# processes). If either limit is reached at the end of the request
|
||
# then the kivitendo process will exit.
|
||
#
|
||
# This only applies for processes under FCGI and the task manager.
|
||
# For CGI configurations the process will be terminated after each request
|
||
# regardless of this setting.
|
||
#
|
||
# Note: this will only terminate processes with too high memory consumption. It
|
||
# is assumed that an external managing service will start new instances. For
|
||
# FCGI this will usually be apache or the wrapper scripts for nginx, for the
|
||
# task server this will have to be the system manager.
|
||
#
|
||
# Numbers can be postfixed with KB, MB, GB. If no number is given or
|
||
# the number is 0 then no checking will be performed.
|
||
memory_limit_rss =
|
||
memory_limit_vsz =
|
||
|
||
[paths]
|
||
# path to temporary files (must be writeable by the web server)
|
||
userspath = users
|
||
# spool directory for batch printing
|
||
spool = spool
|
||
# templates base directory
|
||
templates = templates
|
||
# Path to the old memberfile (ignored on new installations)
|
||
memberfile = users/members
|
||
# Path to ELSTER geierlein webserver path inside kivitendo
|
||
# (must be inside kivitendo but you can set an ALIAS for apache/oe
|
||
# if set the export to geierlein is enabled
|
||
# geierlein_path = geierlein
|
||
|
||
#
|
||
# document path for FileSystem FileManagement:
|
||
# (must be reachable read/write but not executable from webserver)
|
||
# document_path = /var/local/kivi_documents
|
||
#
|
||
|
||
[mail_delivery]
|
||
# Delivery method can be 'sendmail' or 'smtp'. For 'method = sendmail' the
|
||
# parameter 'mail_delivery.sendmail' is used as the executable to call. If
|
||
# 'applications.sendmail' still exists (backwards compatibility) then
|
||
# 'applications.sendmail' will be used instead of 'mail_delivery.sendmail'.
|
||
# If method is empty, mail delivery is disabled.
|
||
method = smtp
|
||
# Location of sendmail for 'method = sendmail'
|
||
sendmail = /usr/sbin/sendmail -t<%if myconfig_email%> -f <%myconfig_email%><%end%>
|
||
# Settings for 'method = smtp'. Only set 'port' if your SMTP server
|
||
# runs on a non-standard port (25 for 'security=none' or
|
||
# 'security=tls', 465 for 'security=ssl').
|
||
host = localhost
|
||
#port = 25
|
||
# Security can be 'tls', 'ssl' or 'none'. Unset equals 'none'. This
|
||
# determines whether or not encryption is used and which kind. For
|
||
# 'tls' the module 'Net::SSLGlue' is required; for 'ssl'
|
||
# 'Net::SMTP::SSL' is required and 'none' only uses 'Net::SMTP'.
|
||
security = none
|
||
# Authentication is only used if 'login' is set. You should only use
|
||
# that with 'tls' or 'ssl' encryption.
|
||
login =
|
||
password =
|
||
|
||
[applications]
|
||
# Location of OpenOffice.org/LibreOffice writer
|
||
openofficeorg_writer = lowriter
|
||
# Location of the html2ps binary
|
||
html2ps = html2ps
|
||
# Location of the Ghostscript binary
|
||
ghostscript = gs
|
||
# Location of the program to create PDFs from TeX documents
|
||
latex = latexmk --pdflatex
|
||
# Location of the Python interpreter to use when converting from
|
||
# OpenDocument to PDF. Some distributions compile UNO support only
|
||
# into binaries located in different locations than the main Python
|
||
# binary.
|
||
python_uno = python3
|
||
|
||
[environment]
|
||
# Add the following paths to the PATH environment variable.
|
||
path = /usr/local/bin:/usr/X11R6/bin:/usr/X11/bin
|
||
# Add the following paths to the PERL5LIB environment variable.
|
||
# "/sw/lib/perl5" is for Mac OS X with Fink's Perl.
|
||
lib = /sw/lib/perl5
|
||
# Add the following paths to the PYTHONPATH environment variable for
|
||
# locating Python modules. Python is used when converting OpenDocument
|
||
# files into PDF files.
|
||
python_uno_path =
|
||
|
||
[print_templates]
|
||
# If you have LaTeX installed set to 1
|
||
latex = 1
|
||
# Minimal support for Excel print templates
|
||
excel = 0
|
||
# Enable or disable support for OpenDocument print templates
|
||
opendocument = 1
|
||
# Chose whether or not OpenOffice/LibreOffice should remain running after a
|
||
# conversion. If yes then the conversion of subsequent documents will
|
||
# be a bit faster. You need to have Python and the Python UNO bindings
|
||
# (part of OpenOffice/LibreOffice) installed.
|
||
openofficeorg_daemon = 0
|
||
openofficeorg_daemon_port = 2002
|
||
|
||
[task_server]
|
||
# Set to 1 for debug messages in /tmp/kivitendo-debug.log
|
||
debug = 0
|
||
# Chose a system user the daemon should run under when started as root.
|
||
run_as =
|
||
# Task servers can run on multiple machines. Each needs its own unique
|
||
# ID. If unset, it defaults to the host name. All but one task server
|
||
# must have 'only_run_tasks_for_this_node' set to 1.
|
||
node_id =
|
||
only_run_tasks_for_this_node = 0
|
||
|
||
[task_server/notify_on_failure]
|
||
# If you want email notifications for failed jobs then set this to a
|
||
# kivitendo user (login) name. The subject can be changed as well.
|
||
send_email_to =
|
||
# The "From:" header for said email.
|
||
email_from = kivitendo Daemon <root@localhost>
|
||
# The subject for said email.
|
||
email_subject = kivitendo Task-Server: Hintergrundjob fehlgeschlagen
|
||
# The template file used for the email's body.
|
||
email_template = templates/webpages/task_server/failure_notification_email.txt
|
||
|
||
[periodic_invoices]
|
||
# The user name or email address a report about the posted and printed
|
||
# invoices is sent to.
|
||
send_email_to =
|
||
# The "From:" header for said email.
|
||
email_from = kivitendo Daemon <root@localhost>
|
||
# The subject for said email.
|
||
email_subject = Benachrichtigung: automatisch erstellte Rechnungen
|
||
# The template file used for the email's body.
|
||
email_template = templates/webpages/oe/periodic_invoices_email.txt
|
||
# Whether to always send the mail (0), or only if there were errors
|
||
# (1).
|
||
send_for_errors_only = 0
|
||
|
||
[self_test]
|
||
|
||
# modules to be tested
|
||
# Add without SL::BackgroundJob::SelfTest:: prefix
|
||
# Separate with space.
|
||
modules = Transactions
|
||
|
||
# you probably don't want to be spammed with "everything ok" every day. enable
|
||
# this when you add new tests to make sure they run correctly for a few days
|
||
send_email_on_success = 0
|
||
|
||
# will log into the standard logfile
|
||
log_to_file = 0
|
||
|
||
# user login (!) to send the email to.
|
||
send_email_to =
|
||
# will be used to send your report mail
|
||
email_from =
|
||
# The subject line for your report mail
|
||
email_subject = kivitendo self test report
|
||
# template. currently txt and html templates are recognized and correctly mime send.
|
||
email_template = templates/mail/self_test/status_mail.txt
|
||
|
||
[follow_up_reminder]
|
||
# Email notifications for due follow ups.
|
||
# The "From:" header for said email.
|
||
email_from = kivitendo Daemon <root@localhost>
|
||
# The subject for said email.
|
||
email_subject = kivitendo: fällige Wiedervorlagen
|
||
# The template file used for the email's body.
|
||
# If empty fu/follow_up_reminder_mail.html will be used.
|
||
email_template =
|
||
|
||
[console]
|
||
# Automatic login will only work if both "client" and "login" are
|
||
# given. "client" can be a client's database ID or its name. "login"
|
||
# is simply a user's login name.
|
||
client =
|
||
login =
|
||
|
||
# autorun lines will be executed after autologin.
|
||
# be warned that loading huge libraries will noticably lengthen startup time.
|
||
#autorun = require "bin/mozilla/common.pl";
|
||
# = use English qw(-no_match_vars);
|
||
# = use List::Util qw(min max);
|
||
# = sub take { my $max = shift; my $r = ref($_[0]) eq 'ARRAY' ? $_[0] : \@_; return @{$r}[0..List::Util::min($max, scalar(@{$r})) - 1]; }
|
||
|
||
# location of history file for permanent history
|
||
history_file = users/console_history
|
||
|
||
# location of a separate log file for the console. everything normally written
|
||
# to the kivitendo log will be put here if triggered from the console
|
||
log_file = /tmp/kivitendo_console_debug.log
|
||
|
||
[testing]
|
||
|
||
# Several tests need a database they can alter data in freely. This
|
||
# database will be dropped & created before any other test is run. The
|
||
# following parameters must be given:
|
||
[testing/database]
|
||
host = 127.0.0.1
|
||
port = 5432
|
||
db =
|
||
user = postgres
|
||
password =
|
||
template = template1
|
||
superuser_user = postgres
|
||
superuser_password =
|
||
|
||
[devel]
|
||
# Several settings related to the development of kivitendo.
|
||
|
||
# "client" is used by several scripts (e.g. rose_auto_create_model.pl)
|
||
# when they need access to the database. It can be either a client's
|
||
# database ID or its name.
|
||
client =
|
||
|
||
[debug]
|
||
# Use DBIx::Log4perl for logging DBI calls. The string LXDEBUGFILE
|
||
# will be replaced by the file name configured for $::lxdebug.
|
||
dbix_log4perl = 0
|
||
dbix_log4perl_config = log4perl.logger = FATAL, LOGFILE
|
||
= log4perl.appender.LOGFILE=Log::Log4perl::Appender::File
|
||
= log4perl.appender.LOGFILE.filename=LXDEBUGFILE
|
||
= log4perl.appender.LOGFILE.mode=append
|
||
= log4perl.appender.LOGFILE.Threshold = ERROR
|
||
= log4perl.appender.LOGFILE.layout=PatternLayout
|
||
= log4perl.appender.LOGFILE.layout.ConversionPattern=[%r] %F %L %c - %m%n
|
||
= log4perl.logger.DBIx.Log4perl=DEBUG, A1
|
||
= log4perl.appender.A1=Log::Log4perl::Appender::File
|
||
= log4perl.appender.A1.filename=LXDEBUGFILE
|
||
= log4perl.appender.A1.mode=append
|
||
= log4perl.appender.A1.layout=Log::Log4perl::Layout::PatternLayout
|
||
= log4perl.appender.A1.layout.ConversionPattern=%d %p> %F{1}:%L %M - %m%n
|
||
|
||
# Activate certain global debug messages. If you want to combine
|
||
# several options then list them separated by spaces.
|
||
#
|
||
# Possible values include:
|
||
# NONE - no debug output (default)
|
||
# INFO
|
||
# DEBUG1
|
||
# DEBUG2
|
||
# QUERY - Dump SQL queries (only in legacy code; see also "dbix_log4perl" above)
|
||
# TRACE - Track function calls and returns
|
||
# BACKTRACE_ON_ERROR - Print a function call backtrace when $form->error() is called
|
||
# REQUEST_TIMER - Log timing of HTTP requests
|
||
# REQUEST - Log each request. Careful! Passwords get filtered, but
|
||
# there may be confidential information being logged here
|
||
# WARN - warnings
|
||
# SHOW_CALLER - include the file name & line number from where a call
|
||
# to "message" or "dump" was called
|
||
# ALL - all possible debug messages
|
||
#
|
||
# DEVEL - sames as "INFO QUERY TRACE BACKTRACE_ON_ERROR REQUEST_TIMER"
|
||
#
|
||
# Example:
|
||
# global_level = TRACE QUERY
|
||
global_level = NONE
|
||
|
||
# Activate monitoring of the content of $form. If it is active then
|
||
# monitoring can be turned on for certain variables with the
|
||
# following:
|
||
# $form->{"Watchdog::<variable>"} = 1;
|
||
# Monitoring has a performance cost and is therefore deactivated by
|
||
# default.
|
||
watch_form = 0
|
||
|
||
# If you want to debug the creation of LaTeX files then set this to 1.
|
||
# That way the temporary LaTeX files created during PDF creation are
|
||
# not removed and remain in the "users" directory.
|
||
keep_temp_files = 0
|
||
|
||
# Restart the FastCGI process if changes to the program or template
|
||
# files have been detected. The restart will occur after the request
|
||
# in which the changes have been detected has completed.
|
||
restart_fcgi_process_on_changes = 0
|
||
|
||
# The file name where the debug messages are written to.
|
||
file_name = /tmp/kivitendo-debug.log
|
||
|
||
# If set to 1 then the installation will be kept unlocked even if a
|
||
# database upgrade fails.
|
||
keep_installation_unlocked = 0
|
||
|
||
# If set to 1 then all resource links (JavaScript, CSS files) output
|
||
# via $::request->{layout}->use_stylesheet() / use_javascript() will
|
||
# be made unique by appending a random GET parameter. This will cause
|
||
# the web browser to always reload the resources.
|
||
auto_reload_resources = 0
|
||
|
||
# If set to 1 each exception will include a full stack backtrace.
|
||
backtrace_on_die = 0
|
||
|
||
[cti]
|
||
# If you want phone numbers to be clickable then this must be set to a
|
||
# command that does the actually dialing. Within this command three
|
||
# variables are replaced before it is executed:
|
||
#
|
||
# 1. <%phone_extension%> and <%phone_password%> are taken from the user
|
||
# configuration (changeable in the admin interface).
|
||
# 2. <%number%> is the number to dial. It has already been sanitized
|
||
# and formatted correctly regarding e.g. the international dialing
|
||
# prefix.
|
||
#
|
||
# The following is an example that works with the OpenUC telephony
|
||
# server:
|
||
# dial_command = curl --insecure -X PUT https://<%phone_extension%>:<%phone_password%>@IP.AD.DR.ESS:8443/sipxconfig/rest/my/call/<%number%>
|
||
dial_command =
|
||
# If you need to dial something before the actual number then set
|
||
# external_prefix to it.
|
||
external_prefix = 0
|
||
# The prefix for international calls (numbers starting with +).
|
||
international_dialing_prefix = 00
|
||
# Our own country code
|
||
our_country_code = 49
|
ansible/config-files/postgresql/pg_hba.conf | ||
---|---|---|
# PostgreSQL Client Authentication Configuration File
|
||
# ===================================================
|
||
#
|
||
# Refer to the "Client Authentication" section in the PostgreSQL
|
||
# documentation for a complete description of this file. A short
|
||
# synopsis follows.
|
||
#
|
||
# This file controls: which hosts are allowed to connect, how clients
|
||
# are authenticated, which PostgreSQL user names they can use, which
|
||
# databases they can access. Records take one of these forms:
|
||
#
|
||
# local DATABASE USER METHOD [OPTIONS]
|
||
# host DATABASE USER ADDRESS METHOD [OPTIONS]
|
||
# hostssl DATABASE USER ADDRESS METHOD [OPTIONS]
|
||
# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS]
|
||
# hostgssenc DATABASE USER ADDRESS METHOD [OPTIONS]
|
||
# hostnogssenc DATABASE USER ADDRESS METHOD [OPTIONS]
|
||
#
|
||
# (The uppercase items must be replaced by actual values.)
|
||
#
|
||
# The first field is the connection type:
|
||
# - "local" is a Unix-domain socket
|
||
# - "host" is a TCP/IP socket (encrypted or not)
|
||
# - "hostssl" is a TCP/IP socket that is SSL-encrypted
|
||
# - "hostnossl" is a TCP/IP socket that is not SSL-encrypted
|
||
# - "hostgssenc" is a TCP/IP socket that is GSSAPI-encrypted
|
||
# - "hostnogssenc" is a TCP/IP socket that is not GSSAPI-encrypted
|
||
#
|
||
# DATABASE can be "all", "sameuser", "samerole", "replication", a
|
||
# database name, or a comma-separated list thereof. The "all"
|
||
# keyword does not match "replication". Access to replication
|
||
# must be enabled in a separate record (see example below).
|
||
#
|
||
# USER can be "all", a user name, a group name prefixed with "+", or a
|
||
# comma-separated list thereof. In both the DATABASE and USER fields
|
||
# you can also write a file name prefixed with "@" to include names
|
||
# from a separate file.
|
||
#
|
||
# ADDRESS specifies the set of hosts the record matches. It can be a
|
||
# host name, or it is made up of an IP address and a CIDR mask that is
|
||
# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that
|
||
# specifies the number of significant bits in the mask. A host name
|
||
# that starts with a dot (.) matches a suffix of the actual host name.
|
||
# Alternatively, you can write an IP address and netmask in separate
|
||
# columns to specify the set of hosts. Instead of a CIDR-address, you
|
||
# can write "samehost" to match any of the server's own IP addresses,
|
||
# or "samenet" to match any address in any subnet that the server is
|
||
# directly connected to.
|
||
#
|
||
# METHOD can be "trust", "reject", "md5", "password", "scram-sha-256",
|
||
# "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert".
|
||
# Note that "password" sends passwords in clear text; "md5" or
|
||
# "scram-sha-256" are preferred since they send encrypted passwords.
|
||
#
|
||
# OPTIONS are a set of options for the authentication in the format
|
||
# NAME=VALUE. The available options depend on the different
|
||
# authentication methods -- refer to the "Client Authentication"
|
||
# section in the documentation for a list of which options are
|
||
# available for which authentication methods.
|
||
#
|
||
# Database and user names containing spaces, commas, quotes and other
|
||
# special characters must be quoted. Quoting one of the keywords
|
||
# "all", "sameuser", "samerole" or "replication" makes the name lose
|
||
# its special character, and just match a database or username with
|
||
# that name.
|
||
#
|
||
# This file is read on server startup and when the server receives a
|
||
# SIGHUP signal. If you edit the file on a running system, you have to
|
||
# SIGHUP the server for the changes to take effect, run "pg_ctl reload",
|
||
# or execute "SELECT pg_reload_conf()".
|
||
#
|
||
# Put your actual configuration here
|
||
# ----------------------------------
|
||
#
|
||
# If you want to allow non-local connections, you need to add more
|
||
# "host" records. In that case you will also need to make PostgreSQL
|
||
# listen on a non-local interface via the listen_addresses
|
||
# configuration parameter, or via the -i or -h command line switches.
|
||
|
||
|
||
|
||
|
||
# DO NOT DISABLE!
|
||
# If you change this first entry you will need to make sure that the
|
||
# database superuser can access the database using some other method.
|
||
# Noninteractive access to all databases is required during automatic
|
||
# maintenance (custom daily cronjobs, replication, and similar tasks).
|
||
#
|
||
# Database administrative login by Unix domain socket
|
||
local all postgres peer
|
||
|
||
# TYPE DATABASE USER ADDRESS METHOD
|
||
|
||
# "local" is for Unix domain socket connections only
|
||
local all all peer
|
||
# IPv4 local connections:
|
||
host all all 127.0.0.1/32 trust
|
||
# IPv6 local connections:
|
||
host all all ::1/128 scram-sha-256
|
||
# Allow replication connections from localhost, by a user with the
|
||
# replication privilege.
|
||
local replication all peer
|
||
host replication all 127.0.0.1/32 scram-sha-256
|
||
host replication all ::1/128 scram-sha-256
|
ansible/main.yml | ||
---|---|---|
---
|
||
- name: install Kivi dependencies
|
||
hosts: "{{ target }}"
|
||
|
||
tasks:
|
||
- name: update repos and install dependencies
|
||
ansible.builtin.apt:
|
||
name:
|
||
- git
|
||
- libalgorithm-checkdigits-perl
|
||
- libapache2-mod-fcgid
|
||
- libarchive-zip-perl
|
||
- libcam-pdf-perl
|
||
- libcgi-pm-perl
|
||
- libclone-perl
|
||
- libconfig-std-perl
|
||
- libcrypt-pbkdf2-perl
|
||
- libdaemon-generic-perl
|
||
- libdatetime-event-cron-perl
|
||
- libdatetime-perl
|
||
- libdatetime-set-perl
|
||
- libdbd-pg-perl
|
||
- libdbi-perl
|
||
- libemail-address-perl
|
||
- libemail-mime-perl
|
||
- libexception-class-perl
|
||
- libfcgi-perl
|
||
- libfile-copy-recursive-perl
|
||
- libfile-flock-perl
|
||
- libfile-mimeinfo-perl
|
||
- libfile-slurp-perl
|
||
- libgd-gd2-perl
|
||
- libhtml-restrict-perl
|
||
- libimage-info-perl
|
||
- libimager-perl
|
||
- libimager-qrcode-perl
|
||
- libipc-run-perl
|
||
- libjson-perl
|
||
- liblist-moreutils-perl
|
||
- liblist-utilsby-perl
|
||
- libmath-round-perl
|
||
- libnet-smtp-ssl-perl
|
||
- libnet-sslglue-perl
|
||
- libparams-validate-perl
|
||
- libpbkdf2-tiny-perl
|
||
- libpdf-api2-perl
|
||
- libregexp-ipv6-perl
|
||
- librest-client-perl
|
||
- librose-db-object-perl
|
||
- librose-db-perl
|
||
- librose-object-perl
|
||
- libset-infinite-perl
|
||
- libsort-naturally-perl
|
||
- libstring-shellquote-perl
|
||
- libtemplate-perl
|
||
- libtext-csv-xs-perl
|
||
- libtext-iconv-perl
|
||
- libtext-unidecode-perl
|
||
- libtry-tiny-perl
|
||
- liburi-perl
|
||
- libwww-perl
|
||
- libxml-libxml-perl
|
||
- libxml-writer-perl
|
||
- libyaml-perl
|
||
- poppler-utils
|
||
state: present
|
||
update_cache: yes
|
||
become: true
|
||
|
||
- name: postrgesql for kivi
|
||
hosts: "{{ target }}"
|
||
|
||
tasks:
|
||
- name: install postgresql
|
||
ansible.builtin.apt:
|
||
name:
|
||
- postgresql
|
||
- postgresql-contrib
|
||
state: present
|
||
become: true
|
||
|
||
- name: copy config files
|
||
ansible.builtin.copy:
|
||
src: config-files/postgresql/pg_hba.conf
|
||
dest: /etc/postgresql/14/main/pg_hba.conf
|
||
mode: '640'
|
||
become: true
|
||
|
||
- name: start postgresql
|
||
ansible.builtin.service:
|
||
name: postgresql
|
||
state: restarted
|
||
become: true
|
||
|
||
- name: apache server for kivi
|
||
hosts: "{{ target }}"
|
||
|
||
tasks:
|
||
- name: install apache server
|
||
ansible.builtin.apt:
|
||
name: apache2
|
||
state: present
|
||
become: true
|
||
|
||
- name: start apache if not running
|
||
ansible.builtin.service:
|
||
name: apache2
|
||
state: started
|
||
|
||
- name: copy config files
|
||
ansible.builtin.copy:
|
||
src: config-files/apache/000-default.conf
|
||
dest: /etc/apache2/sites-available/000-default.conf
|
||
mode: '640'
|
||
become: true
|
||
|
||
- name: activate fastcgi
|
||
ansible.builtin.shell:
|
||
cmd: a2enmod fcgid
|
||
become: true
|
||
|
||
- name: install Kivi
|
||
hosts: "{{ target }}"
|
||
|
||
tasks:
|
||
- name: ensure git is installed
|
||
ansible.builtin.apt:
|
||
name: git
|
||
state: present
|
||
become: true
|
||
|
||
- name: clone repo
|
||
ansible.builtin.git:
|
||
repo: 'https://github.com/kivitendo/kivitendo-erp.git'
|
||
dest: /var/www/kivitendo-erp
|
||
version: release-3.8.0
|
||
become: true
|
||
|
||
- name: copy config files
|
||
ansible.builtin.copy:
|
||
src: config-files/kivitendo.conf
|
||
dest: /var/www/kivitendo-erp/config/kivitendo.conf
|
||
become: true
|
||
|
||
- name: make webdav directory
|
||
ansible.builtin.file:
|
||
path: /var/www/kivitendo-erp/webdav
|
||
state: directory
|
||
become: true
|
||
|
||
- name: change permissions
|
||
ansible.builtin.shell:
|
||
cmd: chown -R www-data users spool webdav
|
||
chdir: /var/www/kivitendo-erp
|
||
become: true
|
||
|
||
- name: restart apache
|
||
ansible.builtin.shell:
|
||
cmd: systemctl restart apache2
|
||
become: true
|
scripts/ansible/config-files/apache/000-default.conf | ||
---|---|---|
<VirtualHost *:80>
|
||
# The ServerName directive sets the request scheme, hostname and port that
|
||
# the server uses to identify itself. This is used when creating
|
||
# redirection URLs. In the context of virtual hosts, the ServerName
|
||
# specifies what hostname must appear in the request's Host: header to
|
||
# match this virtual host. For the default virtual host (this file) this
|
||
# value is not decisive as it is used as a last resort host regardless.
|
||
# However, you must set it for any further virtual host explicitly.
|
||
#ServerName www.example.com
|
||
|
||
ServerAdmin webmaster@localhost
|
||
DocumentRoot /var/www/html
|
||
|
||
#erp
|
||
AddHandler fcgid-script .fpl
|
||
AliasMatch ^/kivitendo-erp/[^/]+\.pl /var/www/kivitendo-erp/dispatcher.fpl
|
||
Alias /kivitendo-erp/ /var/www/kivitendo-erp/
|
||
|
||
<Directory /var/www/kivitendo-erp>
|
||
AllowOverride All
|
||
Options ExecCGI Includes FollowSymlinks
|
||
Require all granted
|
||
</Directory>
|
||
|
||
<DirectoryMatch /var/www/kivitendo-erp/users>
|
||
Order Deny,Allow
|
||
Deny from All
|
||
</DirectoryMatch>
|
||
#erp end
|
||
|
||
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
|
||
# error, crit, alert, emerg.
|
||
# It is also possible to configure the loglevel for particular
|
||
# modules, e.g.
|
||
#LogLevel info ssl:warn
|
||
|
||
ErrorLog ${APACHE_LOG_DIR}/error.log
|
||
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
||
|
||
# For most configuration files from conf-available/, which are
|
||
# enabled or disabled at a global level, it is possible to
|
||
# include a line for only one particular virtual host. For example the
|
||
# following line enables the CGI configuration for this host only
|
||
# after it has been globally disabled with "a2disconf".
|
||
#Include conf-available/serve-cgi-bin.conf
|
||
</VirtualHost>
|
||
|
||
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
|
scripts/ansible/config-files/kivitendo.conf | ||
---|---|---|
[authentication]
|
||
# The cleartext password for access to the administrative part. It
|
||
# can only be changed in this file, not via the administrative
|
||
# interface.
|
||
admin_password = admin123
|
||
|
||
# Which modules to use for authentication. Valid values are 'DB' and
|
||
# 'LDAP'. You can use multiple modules separated by spaces.
|
||
#
|
||
# Multiple LDAP modules with different configurations can be used by
|
||
# postfixing 'LDAP' with the name of the configuration section to use:
|
||
# 'LDAP:ldap_fallback' would use the data from
|
||
# '[authentication/ldap_fallback]'. The name defaults to 'ldap' if it
|
||
# isn't given.
|
||
#
|
||
# Note that the LDAP module doesn't support changing the password.
|
||
module = DB
|
||
|
||
# The cookie name can be changed if desired.
|
||
cookie_name = kivitendo_session_id
|
||
|
||
# The number of minutes a session is valid. The default value is eight
|
||
# hours.
|
||
session_timeout = 480
|
||
|
||
# The number of seconds to penalize failed login attempts. 0 disables
|
||
# it.
|
||
failed_login_penalty = 5
|
||
|
||
[authentication/database]
|
||
# Connection information for the database with the user and group
|
||
# inforamtion. This information is always needed, even if LDAP is
|
||
# used for authentication, as the user information is stored in this
|
||
# database while LDAP is only used for password verification.
|
||
#
|
||
# If 'module' is set to 'DB' then this database also contains the
|
||
# users' passwords.
|
||
host = 127.0.0.1
|
||
port = 5432
|
||
db = kivitendo_auth
|
||
user = postgres
|
||
password =
|
||
|
||
[authentication/ldap]
|
||
# This section is only relevant if 'module' is set to 'LDAP'. It names
|
||
# the LDAP server the passwords are verified against by doing a LDAP
|
||
# bind operation.
|
||
#
|
||
# At least the parameters 'host', 'attribute' and 'base_dn' have to be
|
||
# specified.
|
||
#
|
||
# tls: Activate encryption via TLS
|
||
# verify: If 'tls' is used, how to verify the server's certificate.
|
||
# Can be one of 'require' or 'none'.
|
||
# attribute: Name of the LDAP attribute containing the user's login name
|
||
# base_dn: Base DN the LDAP searches start from
|
||
# filter: An optional LDAP filter specification. The string '<%login%>'
|
||
# is replaced by the user's login name before the search is started.
|
||
# bind_dn and bind_password:
|
||
# If searching the LDAP tree requires user credentials
|
||
# (e.g. ActiveDirectory) then these two parameters specify
|
||
# the user name and password to use.
|
||
# timeout: Timeout when connecting to the server in seconds.
|
||
#
|
||
# You can specify a fallback LDAP server to use in case the main one
|
||
# isn't reachable by duplicating this whole section as
|
||
# "[authentication/ldap_fallback]".
|
||
#
|
||
host = localhost
|
||
port = 389
|
||
tls = 0
|
||
attribute = uid
|
||
base_dn =
|
||
filter =
|
||
bind_dn =
|
||
bind_password =
|
||
timeout = 10
|
||
verify = require
|
||
|
||
[system]
|
||
# Set language for login and admin forms. Currently "de" (German)
|
||
# and "en" (English, not perfect) are available.
|
||
language = de
|
||
|
||
# Set stylesheet for login and admin forms. Supported:
|
||
# lx-office-erp
|
||
# kivitendo - default
|
||
# design40
|
||
stylesheet = kivitendo
|
||
|
||
# MassPrint Timeout
|
||
# must be less than cgi timeout
|
||
#
|
||
massprint_timeout = 30
|
||
|
||
# Set default_manager for admin forms. Currently "german"
|
||
# and "swiss" are available.
|
||
default_manager = german
|
||
|
||
# The memory limits given here determine the maximum process size
|
||
# (vsz, the total amount of memory this process uses including memory
|
||
# swapped out or shared with other processes) or resident set size
|
||
# (rss, the amount of memory not swapped out/shared with other
|
||
# processes). If either limit is reached at the end of the request
|
||
# then the kivitendo process will exit.
|
||
#
|
||
# This only applies for processes under FCGI and the task manager.
|
||
# For CGI configurations the process will be terminated after each request
|
||
# regardless of this setting.
|
||
#
|
||
# Note: this will only terminate processes with too high memory consumption. It
|
||
# is assumed that an external managing service will start new instances. For
|
||
# FCGI this will usually be apache or the wrapper scripts for nginx, for the
|
||
# task server this will have to be the system manager.
|
||
#
|
||
# Numbers can be postfixed with KB, MB, GB. If no number is given or
|
||
# the number is 0 then no checking will be performed.
|
||
memory_limit_rss =
|
||
memory_limit_vsz =
|
||
|
||
[paths]
|
||
# path to temporary files (must be writeable by the web server)
|
||
userspath = users
|
||
# spool directory for batch printing
|
||
spool = spool
|
||
# templates base directory
|
||
templates = templates
|
||
# Path to the old memberfile (ignored on new installations)
|
||
memberfile = users/members
|
||
# Path to ELSTER geierlein webserver path inside kivitendo
|
||
# (must be inside kivitendo but you can set an ALIAS for apache/oe
|
||
# if set the export to geierlein is enabled
|
||
# geierlein_path = geierlein
|
||
|
||
#
|
||
# document path for FileSystem FileManagement:
|
||
# (must be reachable read/write but not executable from webserver)
|
||
# document_path = /var/local/kivi_documents
|
||
#
|
||
|
||
[mail_delivery]
|
||
# Delivery method can be 'sendmail' or 'smtp'. For 'method = sendmail' the
|
||
# parameter 'mail_delivery.sendmail' is used as the executable to call. If
|
||
# 'applications.sendmail' still exists (backwards compatibility) then
|
||
# 'applications.sendmail' will be used instead of 'mail_delivery.sendmail'.
|
||
# If method is empty, mail delivery is disabled.
|
||
method = smtp
|
||
# Location of sendmail for 'method = sendmail'
|
||
sendmail = /usr/sbin/sendmail -t<%if myconfig_email%> -f <%myconfig_email%><%end%>
|
||
# Settings for 'method = smtp'. Only set 'port' if your SMTP server
|
||
# runs on a non-standard port (25 for 'security=none' or
|
||
# 'security=tls', 465 for 'security=ssl').
|
||
host = localhost
|
||
#port = 25
|
||
# Security can be 'tls', 'ssl' or 'none'. Unset equals 'none'. This
|
||
# determines whether or not encryption is used and which kind. For
|
||
# 'tls' the module 'Net::SSLGlue' is required; for 'ssl'
|
||
# 'Net::SMTP::SSL' is required and 'none' only uses 'Net::SMTP'.
|
||
security = none
|
||
# Authentication is only used if 'login' is set. You should only use
|
||
# that with 'tls' or 'ssl' encryption.
|
||
login =
|
||
password =
|
||
|
||
[applications]
|
||
# Location of OpenOffice.org/LibreOffice writer
|
||
openofficeorg_writer = lowriter
|
||
# Location of the html2ps binary
|
||
html2ps = html2ps
|
||
# Location of the Ghostscript binary
|
||
ghostscript = gs
|
||
# Location of the program to create PDFs from TeX documents
|
||
latex = latexmk --pdflatex
|
||
# Location of the Python interpreter to use when converting from
|
||
# OpenDocument to PDF. Some distributions compile UNO support only
|
||
# into binaries located in different locations than the main Python
|
||
# binary.
|
||
python_uno = python3
|
||
|
||
[environment]
|
||
# Add the following paths to the PATH environment variable.
|
||
path = /usr/local/bin:/usr/X11R6/bin:/usr/X11/bin
|
||
# Add the following paths to the PERL5LIB environment variable.
|
||
# "/sw/lib/perl5" is for Mac OS X with Fink's Perl.
|
||
lib = /sw/lib/perl5
|
||
# Add the following paths to the PYTHONPATH environment variable for
|
||
# locating Python modules. Python is used when converting OpenDocument
|
||
# files into PDF files.
|
||
python_uno_path =
|
||
|
||
[print_templates]
|
||
# If you have LaTeX installed set to 1
|
||
latex = 1
|
||
# Minimal support for Excel print templates
|
||
excel = 0
|
||
# Enable or disable support for OpenDocument print templates
|
||
opendocument = 1
|
||
# Chose whether or not OpenOffice/LibreOffice should remain running after a
|
||
# conversion. If yes then the conversion of subsequent documents will
|
||
# be a bit faster. You need to have Python and the Python UNO bindings
|
||
# (part of OpenOffice/LibreOffice) installed.
|
||
openofficeorg_daemon = 0
|
||
openofficeorg_daemon_port = 2002
|
||
|
||
[task_server]
|
||
# Set to 1 for debug messages in /tmp/kivitendo-debug.log
|
||
debug = 0
|
||
# Chose a system user the daemon should run under when started as root.
|
||
run_as =
|
||
# Task servers can run on multiple machines. Each needs its own unique
|
||
# ID. If unset, it defaults to the host name. All but one task server
|
||
# must have 'only_run_tasks_for_this_node' set to 1.
|
||
node_id =
|
||
only_run_tasks_for_this_node = 0
|
||
|
||
[task_server/notify_on_failure]
|
||
# If you want email notifications for failed jobs then set this to a
|
||
# kivitendo user (login) name. The subject can be changed as well.
|
||
send_email_to =
|
||
# The "From:" header for said email.
|
||
email_from = kivitendo Daemon <root@localhost>
|
||
# The subject for said email.
|
||
email_subject = kivitendo Task-Server: Hintergrundjob fehlgeschlagen
|
||
# The template file used for the email's body.
|
||
email_template = templates/webpages/task_server/failure_notification_email.txt
|
||
|
||
[periodic_invoices]
|
||
# The user name or email address a report about the posted and printed
|
||
# invoices is sent to.
|
||
send_email_to =
|
||
# The "From:" header for said email.
|
||
email_from = kivitendo Daemon <root@localhost>
|
||
# The subject for said email.
|
||
email_subject = Benachrichtigung: automatisch erstellte Rechnungen
|
||
# The template file used for the email's body.
|
||
email_template = templates/webpages/oe/periodic_invoices_email.txt
|
||
# Whether to always send the mail (0), or only if there were errors
|
||
# (1).
|
||
send_for_errors_only = 0
|
||
|
||
[self_test]
|
||
|
||
# modules to be tested
|
||
# Add without SL::BackgroundJob::SelfTest:: prefix
|
||
# Separate with space.
|
||
modules = Transactions
|
||
|
||
# you probably don't want to be spammed with "everything ok" every day. enable
|
||
# this when you add new tests to make sure they run correctly for a few days
|
||
send_email_on_success = 0
|
||
|
||
# will log into the standard logfile
|
||
log_to_file = 0
|
||
|
||
# user login (!) to send the email to.
|
||
send_email_to =
|
||
# will be used to send your report mail
|
||
email_from =
|
||
# The subject line for your report mail
|
||
email_subject = kivitendo self test report
|
||
# template. currently txt and html templates are recognized and correctly mime send.
|
||
email_template = templates/mail/self_test/status_mail.txt
|
||
|
||
[follow_up_reminder]
|
||
# Email notifications for due follow ups.
|
||
# The "From:" header for said email.
|
||
email_from = kivitendo Daemon <root@localhost>
|
||
# The subject for said email.
|
||
email_subject = kivitendo: fällige Wiedervorlagen
|
||
# The template file used for the email's body.
|
||
# If empty fu/follow_up_reminder_mail.html will be used.
|
||
email_template =
|
||
|
||
[console]
|
||
# Automatic login will only work if both "client" and "login" are
|
||
# given. "client" can be a client's database ID or its name. "login"
|
||
# is simply a user's login name.
|
||
client =
|
||
login =
|
||
|
||
# autorun lines will be executed after autologin.
|
||
# be warned that loading huge libraries will noticably lengthen startup time.
|
||
#autorun = require "bin/mozilla/common.pl";
|
||
# = use English qw(-no_match_vars);
|
||
# = use List::Util qw(min max);
|
||
# = sub take { my $max = shift; my $r = ref($_[0]) eq 'ARRAY' ? $_[0] : \@_; return @{$r}[0..List::Util::min($max, scalar(@{$r})) - 1]; }
|
||
|
||
# location of history file for permanent history
|
||
history_file = users/console_history
|
||
|
||
# location of a separate log file for the console. everything normally written
|
||
# to the kivitendo log will be put here if triggered from the console
|
||
log_file = /tmp/kivitendo_console_debug.log
|
||
|
||
[testing]
|
||
|
||
# Several tests need a database they can alter data in freely. This
|
||
# database will be dropped & created before any other test is run. The
|
||
# following parameters must be given:
|
||
[testing/database]
|
||
host = 127.0.0.1
|
||
port = 5432
|
||
db =
|
||
user = postgres
|
||
password =
|
||
template = template1
|
||
superuser_user = postgres
|
||
superuser_password =
|
||
|
||
[devel]
|
||
# Several settings related to the development of kivitendo.
|
||
|
||
# "client" is used by several scripts (e.g. rose_auto_create_model.pl)
|
||
# when they need access to the database. It can be either a client's
|
||
# database ID or its name.
|
||
client =
|
||
|
||
[debug]
|
||
# Use DBIx::Log4perl for logging DBI calls. The string LXDEBUGFILE
|
||
# will be replaced by the file name configured for $::lxdebug.
|
||
dbix_log4perl = 0
|
||
dbix_log4perl_config = log4perl.logger = FATAL, LOGFILE
|
||
= log4perl.appender.LOGFILE=Log::Log4perl::Appender::File
|
||
= log4perl.appender.LOGFILE.filename=LXDEBUGFILE
|
||
= log4perl.appender.LOGFILE.mode=append
|
||
= log4perl.appender.LOGFILE.Threshold = ERROR
|
||
= log4perl.appender.LOGFILE.layout=PatternLayout
|
||
= log4perl.appender.LOGFILE.layout.ConversionPattern=[%r] %F %L %c - %m%n
|
||
= log4perl.logger.DBIx.Log4perl=DEBUG, A1
|
||
= log4perl.appender.A1=Log::Log4perl::Appender::File
|
||
= log4perl.appender.A1.filename=LXDEBUGFILE
|
||
= log4perl.appender.A1.mode=append
|
||
= log4perl.appender.A1.layout=Log::Log4perl::Layout::PatternLayout
|
||
= log4perl.appender.A1.layout.ConversionPattern=%d %p> %F{1}:%L %M - %m%n
|
||
|
||
# Activate certain global debug messages. If you want to combine
|
||
# several options then list them separated by spaces.
|
||
#
|
||
# Possible values include:
|
||
# NONE - no debug output (default)
|
||
# INFO
|
||
# DEBUG1
|
||
# DEBUG2
|
||
# QUERY - Dump SQL queries (only in legacy code; see also "dbix_log4perl" above)
|
||
# TRACE - Track function calls and returns
|
||
# BACKTRACE_ON_ERROR - Print a function call backtrace when $form->error() is called
|
||
# REQUEST_TIMER - Log timing of HTTP requests
|
||
# REQUEST - Log each request. Careful! Passwords get filtered, but
|
||
# there may be confidential information being logged here
|
||
# WARN - warnings
|
||
# SHOW_CALLER - include the file name & line number from where a call
|
||
# to "message" or "dump" was called
|
||
# ALL - all possible debug messages
|
||
#
|
||
# DEVEL - sames as "INFO QUERY TRACE BACKTRACE_ON_ERROR REQUEST_TIMER"
|
||
#
|
||
# Example:
|
||
# global_level = TRACE QUERY
|
||
global_level = NONE
|
||
|
||
# Activate monitoring of the content of $form. If it is active then
|
||
# monitoring can be turned on for certain variables with the
|
||
# following:
|
||
# $form->{"Watchdog::<variable>"} = 1;
|
||
# Monitoring has a performance cost and is therefore deactivated by
|
||
# default.
|
||
watch_form = 0
|
||
|
||
# If you want to debug the creation of LaTeX files then set this to 1.
|
||
# That way the temporary LaTeX files created during PDF creation are
|
||
# not removed and remain in the "users" directory.
|
||
keep_temp_files = 0
|
||
|
||
# Restart the FastCGI process if changes to the program or template
|
||
# files have been detected. The restart will occur after the request
|
||
# in which the changes have been detected has completed.
|
||
restart_fcgi_process_on_changes = 0
|
||
|
||
# The file name where the debug messages are written to.
|
||
file_name = /tmp/kivitendo-debug.log
|
||
|
||
# If set to 1 then the installation will be kept unlocked even if a
|
||
# database upgrade fails.
|
||
keep_installation_unlocked = 0
|
||
|
||
# If set to 1 then all resource links (JavaScript, CSS files) output
|
||
# via $::request->{layout}->use_stylesheet() / use_javascript() will
|
||
# be made unique by appending a random GET parameter. This will cause
|
||
# the web browser to always reload the resources.
|
||
auto_reload_resources = 0
|
||
|
||
# If set to 1 each exception will include a full stack backtrace.
|
||
backtrace_on_die = 0
|
||
|
||
[cti]
|
||
# If you want phone numbers to be clickable then this must be set to a
|
||
# command that does the actually dialing. Within this command three
|
||
# variables are replaced before it is executed:
|
||
#
|
||
# 1. <%phone_extension%> and <%phone_password%> are taken from the user
|
||
# configuration (changeable in the admin interface).
|
||
# 2. <%number%> is the number to dial. It has already been sanitized
|
||
# and formatted correctly regarding e.g. the international dialing
|
||
# prefix.
|
||
#
|
||
# The following is an example that works with the OpenUC telephony
|
||
# server:
|
||
# dial_command = curl --insecure -X PUT https://<%phone_extension%>:<%phone_password%>@IP.AD.DR.ESS:8443/sipxconfig/rest/my/call/<%number%>
|
||
dial_command =
|
||
# If you need to dial something before the actual number then set
|
||
# external_prefix to it.
|
||
external_prefix = 0
|
||
# The prefix for international calls (numbers starting with +).
|
||
international_dialing_prefix = 00
|
||
# Our own country code
|
||
our_country_code = 49
|
scripts/ansible/config-files/postgresql/pg_hba.conf | ||
---|---|---|
# PostgreSQL Client Authentication Configuration File
|
||
# ===================================================
|
||
#
|
||
# Refer to the "Client Authentication" section in the PostgreSQL
|
||
# documentation for a complete description of this file. A short
|
||
# synopsis follows.
|
||
#
|
||
# This file controls: which hosts are allowed to connect, how clients
|
||
# are authenticated, which PostgreSQL user names they can use, which
|
||
# databases they can access. Records take one of these forms:
|
||
#
|
||
# local DATABASE USER METHOD [OPTIONS]
|
||
# host DATABASE USER ADDRESS METHOD [OPTIONS]
|
||
# hostssl DATABASE USER ADDRESS METHOD [OPTIONS]
|
||
# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS]
|
||
# hostgssenc DATABASE USER ADDRESS METHOD [OPTIONS]
|
||
# hostnogssenc DATABASE USER ADDRESS METHOD [OPTIONS]
|
||
#
|
||
# (The uppercase items must be replaced by actual values.)
|
||
#
|
||
# The first field is the connection type:
|
||
# - "local" is a Unix-domain socket
|
||
# - "host" is a TCP/IP socket (encrypted or not)
|
||
# - "hostssl" is a TCP/IP socket that is SSL-encrypted
|
||
# - "hostnossl" is a TCP/IP socket that is not SSL-encrypted
|
||
# - "hostgssenc" is a TCP/IP socket that is GSSAPI-encrypted
|
||
# - "hostnogssenc" is a TCP/IP socket that is not GSSAPI-encrypted
|
||
#
|
||
# DATABASE can be "all", "sameuser", "samerole", "replication", a
|
||
# database name, or a comma-separated list thereof. The "all"
|
||
# keyword does not match "replication". Access to replication
|
||
# must be enabled in a separate record (see example below).
|
||
#
|
||
# USER can be "all", a user name, a group name prefixed with "+", or a
|
||
# comma-separated list thereof. In both the DATABASE and USER fields
|
||
# you can also write a file name prefixed with "@" to include names
|
||
# from a separate file.
|
||
#
|
||
# ADDRESS specifies the set of hosts the record matches. It can be a
|
||
# host name, or it is made up of an IP address and a CIDR mask that is
|
||
# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that
|
||
# specifies the number of significant bits in the mask. A host name
|
||
# that starts with a dot (.) matches a suffix of the actual host name.
|
||
# Alternatively, you can write an IP address and netmask in separate
|
||
# columns to specify the set of hosts. Instead of a CIDR-address, you
|
||
# can write "samehost" to match any of the server's own IP addresses,
|
||
# or "samenet" to match any address in any subnet that the server is
|
||
# directly connected to.
|
||
#
|
||
# METHOD can be "trust", "reject", "md5", "password", "scram-sha-256",
|
||
# "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert".
|
||
# Note that "password" sends passwords in clear text; "md5" or
|
||
# "scram-sha-256" are preferred since they send encrypted passwords.
|
||
#
|
||
# OPTIONS are a set of options for the authentication in the format
|
||
# NAME=VALUE. The available options depend on the different
|
||
# authentication methods -- refer to the "Client Authentication"
|
||
# section in the documentation for a list of which options are
|
||
# available for which authentication methods.
|
||
#
|
||
# Database and user names containing spaces, commas, quotes and other
|
||
# special characters must be quoted. Quoting one of the keywords
|
||
# "all", "sameuser", "samerole" or "replication" makes the name lose
|
||
# its special character, and just match a database or username with
|
||
# that name.
|
||
#
|
||
# This file is read on server startup and when the server receives a
|
||
# SIGHUP signal. If you edit the file on a running system, you have to
|
||
# SIGHUP the server for the changes to take effect, run "pg_ctl reload",
|
||
# or execute "SELECT pg_reload_conf()".
|
||
#
|
||
# Put your actual configuration here
|
||
# ----------------------------------
|
||
#
|
||
# If you want to allow non-local connections, you need to add more
|
||
# "host" records. In that case you will also need to make PostgreSQL
|
||
# listen on a non-local interface via the listen_addresses
|
||
# configuration parameter, or via the -i or -h command line switches.
|
||
|
||
|
||
|
||
|
||
# DO NOT DISABLE!
|
||
# If you change this first entry you will need to make sure that the
|
||
# database superuser can access the database using some other method.
|
||
# Noninteractive access to all databases is required during automatic
|
||
# maintenance (custom daily cronjobs, replication, and similar tasks).
|
||
#
|
||
# Database administrative login by Unix domain socket
|
||
local all postgres peer
|
||
|
||
# TYPE DATABASE USER ADDRESS METHOD
|
||
|
||
# "local" is for Unix domain socket connections only
|
||
local all all peer
|
||
# IPv4 local connections:
|
||
host all all 127.0.0.1/32 trust
|
||
# IPv6 local connections:
|
||
host all all ::1/128 scram-sha-256
|
||
# Allow replication connections from localhost, by a user with the
|
||
# replication privilege.
|
||
local replication all peer
|
||
host replication all 127.0.0.1/32 scram-sha-256
|
||
host replication all ::1/128 scram-sha-256
|
scripts/ansible/main.yml | ||
---|---|---|
---
|
||
- name: install Kivi dependencies
|
||
hosts: "{{ target }}"
|
||
|
||
tasks:
|
||
- name: update repos and install dependencies
|
||
ansible.builtin.apt:
|
||
name:
|
||
- git
|
||
- libalgorithm-checkdigits-perl
|
||
- libapache2-mod-fcgid
|
||
- libarchive-zip-perl
|
||
- libcam-pdf-perl
|
||
- libcgi-pm-perl
|
||
- libclone-perl
|
||
- libconfig-std-perl
|
||
- libcrypt-pbkdf2-perl
|
||
- libdaemon-generic-perl
|
||
- libdatetime-event-cron-perl
|
||
- libdatetime-perl
|
||
- libdatetime-set-perl
|
||
- libdbd-pg-perl
|
||
- libdbi-perl
|
||
- libemail-address-perl
|
||
- libemail-mime-perl
|
||
- libexception-class-perl
|
||
- libfcgi-perl
|
||
- libfile-copy-recursive-perl
|
||
- libfile-flock-perl
|
||
- libfile-mimeinfo-perl
|
||
- libfile-slurp-perl
|
||
- libgd-gd2-perl
|
||
- libhtml-restrict-perl
|
||
- libimage-info-perl
|
||
- libimager-perl
|
||
- libimager-qrcode-perl
|
||
- libipc-run-perl
|
||
- libjson-perl
|
||
- liblist-moreutils-perl
|
||
- liblist-utilsby-perl
|
||
- libmath-round-perl
|
||
- libnet-smtp-ssl-perl
|
||
- libnet-sslglue-perl
|
||
- libparams-validate-perl
|
||
- libpbkdf2-tiny-perl
|
||
- libpdf-api2-perl
|
||
- libregexp-ipv6-perl
|
||
- librest-client-perl
|
||
- librose-db-object-perl
|
||
- librose-db-perl
|
||
- librose-object-perl
|
||
- libset-infinite-perl
|
||
- libsort-naturally-perl
|
||
- libstring-shellquote-perl
|
||
- libtemplate-perl
|
||
- libtext-csv-xs-perl
|
||
- libtext-iconv-perl
|
||
- libtext-unidecode-perl
|
||
- libtry-tiny-perl
|
||
- liburi-perl
|
||
- libwww-perl
|
||
- libxml-libxml-perl
|
||
- libxml-writer-perl
|
||
- libyaml-perl
|
||
- poppler-utils
|
||
state: present
|
||
update_cache: yes
|
||
become: true
|
||
|
||
- name: postrgesql for kivi
|
||
hosts: "{{ target }}"
|
||
|
||
tasks:
|
||
- name: install postgresql
|
||
ansible.builtin.apt:
|
||
name:
|
||
- postgresql
|
||
- postgresql-contrib
|
||
state: present
|
||
become: true
|
||
|
||
- name: copy config files
|
||
ansible.builtin.copy:
|
||
src: config-files/postgresql/pg_hba.conf
|
||
dest: /etc/postgresql/14/main/pg_hba.conf
|
||
mode: '640'
|
||
become: true
|
||
|
||
- name: start postgresql
|
||
ansible.builtin.service:
|
||
name: postgresql
|
||
state: restarted
|
||
become: true
|
||
|
||
- name: apache server for kivi
|
||
hosts: "{{ target }}"
|
||
|
||
tasks:
|
||
- name: install apache server
|
||
ansible.builtin.apt:
|
||
name: apache2
|
||
state: present
|
||
become: true
|
||
|
||
- name: start apache if not running
|
||
ansible.builtin.service:
|
||
name: apache2
|
||
state: started
|
||
|
||
- name: copy config files
|
||
ansible.builtin.copy:
|
||
src: config-files/apache/000-default.conf
|
||
dest: /etc/apache2/sites-available/000-default.conf
|
||
mode: '640'
|
||
become: true
|
||
|
||
- name: activate fastcgi
|
||
ansible.builtin.shell:
|
||
cmd: a2enmod fcgid
|
||
become: true
|
||
|
||
- name: install Kivi
|
||
hosts: "{{ target }}"
|
||
|
||
tasks:
|
||
- name: ensure git is installed
|
||
ansible.builtin.apt:
|
||
name: git
|
||
state: present
|
||
become: true
|
||
|
||
- name: clone repo
|
||
ansible.builtin.git:
|
||
repo: 'https://github.com/kivitendo/kivitendo-erp.git'
|
||
dest: /var/www/kivitendo-erp
|
||
version: release-3.8.0
|
||
become: true
|
||
|
||
- name: copy config files
|
||
ansible.builtin.copy:
|
||
src: config-files/kivitendo.conf
|
||
dest: /var/www/kivitendo-erp/config/kivitendo.conf
|
||
become: true
|
||
|
||
- name: make webdav directory
|
||
ansible.builtin.file:
|
||
path: /var/www/kivitendo-erp/webdav
|
||
state: directory
|
||
become: true
|
||
|
||
- name: change permissions
|
Auch abrufbar als: Unified diff
Ansible verzeichnis in scripts/ verschoben