]> freie-schul-it.de Git - fsit_smgt.git/blobdiff - tasks/kivitendo.yml
projects / fsit_smgt.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
kivitendo mit ssl
[fsit_smgt.git] / tasks / kivitendo.yml
diff --git a/tasks/kivitendo.yml b/tasks/kivitendo.yml
index 652403f4ab94732d43657b1d96aa04d98944160e..a9019adf2922562f16e5f3c0df6ea70f008c1b67 100644 (file)
--- a/tasks/kivitendo.yml
+++ b/tasks/kivitendo.yml
@@ -81,6 +81,92 @@
     - texlive-luatex
     - texlive-plain-generic
 
     - texlive-luatex
     - texlive-plain-generic
 
+- name: Clone repo.
+  ansible.builtin.git:
+    dest:    /var/www/kivitendo-erp
+    repo:    "{{ fsit_smgt_kivi_customer_repo }}"
+    version: "{{ fsit_smgt_kivi_customer_version }}"
+
+- name: Copy over Kivitendo.conf.
+  ansible.builtin.copy:
+    src: files/kivitendo/kivitendo.conf
+    dest: /var/www/kivitendo-erp/config/kivitendo.conf
+    owner: www-data
+    mode: 'u=rw,g=rw,o='
+  notify: Restart apache
+
+- name: Make webdav directory.
+  ansible.builtin.file:
+    path: /var/www/kivitendo-erp/webdav
+    state: directory
+    mode:  'u=Xrw,g=Xrw,o='
+
+- name: Make kivi_documents directory.
+  ansible.builtin.file:
+    path: /var/www/kivitendo-erp/kivi_documents
+    state: directory
+    mode:  'u=Xrw,g=Xrw,o='
+
+- name: Change permissions.
+  ansible.builtin.file:
+    owner:   www-data
+    path:    "/var/www/kivitendo-erp/{{ item }}"
+    mode:    'u=Xrw,g=Xrw,o='
+    recurse: true
+  loop:
+    - kivi_documents
+    - users
+    - spool
+    - templates
+    - webdav
+
+# postrgesql for kivi
+- name: Remove existing rules to ensure correct ordering of the rules
+  ansible.builtin.postgresql_pg_hba:
+    dest:      /etc/postgresql/17/main/pg_hba.conf
+    overwrite: true
+    contype:   local
+    users:     all
+    databases: all
+    method:    peer
+
+- name: Allow access from localhost to Postgresql.
+  ansible.builtin.postgresql_pg_hba:
+    dest:      /etc/postgresql/17/main/pg_hba.conf
+    contype:   host
+    users:     postgres
+    databases: all
+    address:   127.0.0.1/32
+    method:    trust
+  notify: Restart postgresql
+
+# apache server for kivi
+- name: Activate apache fastcgi, headers and ssl modules.
+  community.general.apache2_module:
+    state: present
+    name: "{{ item }}"
+  loop:
+    - fcgid
+    - headers
+    - ssl
+    - rewrite
+    - socache_shmcb
+  notify: Restart apache
+
+- name: Copy over apacha ssl-conf
+  ansible.builtin.copy:
+    src: files/kivitendo/default-ssl.conf
+    dest: /etc/apache2/sites-available/default-ssl.conf
+    mode: '640'
+  notify: Restart apache
+
+- name: Disable 000-default.conf
+  ansible.builtin.command: a2dissite 000-default.conf
+  notify: Restart apache
+
+- name: Enable SSL
+  ansible.builtin.command: a2ensite default-ssl
+  notify: Restart apache
 
 # Anleitung adaptiert
 # https://github.com/kivitendo/kivitendo-ansible/blob/master/main.yml
 
 # Anleitung adaptiert
 # https://github.com/kivitendo/kivitendo-ansible/blob/master/main.yml
Ansible Rolle für Server-Management