From 29fd690cba16ca53297f5db086c1e1aee40009ee Mon Sep 17 00:00:00 2001 From: Ullli Date: Fri, 5 Jun 2026 14:42:09 +0200 Subject: [PATCH 01/16] versuche dir inkl recurse: yes zu erstellen --- tasks/nfs.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tasks/nfs.yml b/tasks/nfs.yml index 27411e5..81aa2e1 100644 --- a/tasks/nfs.yml +++ b/tasks/nfs.yml @@ -14,12 +14,14 @@ ansible.builtin.file: path: "/srv/nfs4/{{ fsit_smgt_nfs_export_dir }}" state: directory + recurse: yes notify: - Restart nfs-kernel-server service - name: Create dir to export ansible.builtin.file: path: "{{ fsit_smgt_nfs_dir }}" state: directory + recurse: yes notify: - Restart nfs-kernel-server service - name: Configure exports -- 2.39.5 From 638762f0a74b645fa855148cd4808343524c2fe6 Mon Sep 17 00:00:00 2001 From: Ullli Date: Sat, 6 Jun 2026 07:50:14 +0200 Subject: [PATCH 02/16] kivitendo - install needed packages --- tasks/kivitendo.yml | 80 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 79 insertions(+), 1 deletion(-) diff --git a/tasks/kivitendo.yml b/tasks/kivitendo.yml index c8c0bf1..652403f 100644 --- a/tasks/kivitendo.yml +++ b/tasks/kivitendo.yml @@ -4,6 +4,84 @@ pkg: - apache2 - git -# erweitern mit + - libalgorithm-checkdigits-perl + - libapache2-mod-fcgid + - libarchive-zip-perl + - libauthen-sasl-perl + - libcam-pdf-perl + - libcgi-pm-perl + - libclone-perl + - libconfig-std-perl + - libcrypt-pbkdf2-perl + - libcryptx-perl + - libdaemon-generic-perl + - libdatetime-event-cron-perl + - libdatetime-perl + - libdatetime-set-perl + - libdbd-pg-perl + - libdbi-perl + - libemail-address-perl + - libemail-mime-perl + - libexception-class-perl + - libfcgi-perl + - libfile-copy-recursive-perl + - libfile-flock-perl + - libfile-mimeinfo-perl + - libfile-slurp-perl + - libgd-gd2-perl + - libhtml-restrict-perl + - libimage-info-perl + - libimager-perl + - libimager-qrcode-perl + - libipc-run-perl + - libjson-perl + - liblist-moreutils-perl + - liblist-utilsby-perl + - libmath-round-perl + - libnet-smtp-ssl-perl + - libnet-sslglue-perl + - libparams-validate-perl + - libpbkdf2-tiny-perl + - libpdf-api2-perl + - libregexp-ipv6-perl + - librest-client-perl + - librose-db-object-perl + - librose-db-perl + - librose-object-perl + - libset-infinite-perl + - libsort-naturally-perl + - libstring-shellquote-perl + - libtemplate-perl + - libtext-csv-xs-perl + - libtext-iconv-perl + - libtext-unidecode-perl + - libtry-tiny-perl + - liburi-perl + - libwww-perl + - libxml-libxml-perl + - libxml-writer-perl + - libyaml-perl + - poppler-utils + - postgresql + - postgresql-contrib + - python3-passlib + - ssl-cert + #- texlive-full + - libmail-imapclient-perl + - libencode-imaputf7-perl + - libuuid-tiny-perl + + - latexmk + - texlive-binaries + - texlive-fonts-recommended + - texlive-lang-german + - texlive-lang-greek + - texlive-latex-extra + - texlive-latex-recommended + - texlive-luatex + - texlive-plain-generic + + +# Anleitung adaptiert # https://github.com/kivitendo/kivitendo-ansible/blob/master/main.yml # -- 2.39.5 From 1c1aa4c37bbd10c9d4d29547895c5e3381ad4bb7 Mon Sep 17 00:00:00 2001 From: Ullli Date: Sat, 6 Jun 2026 08:09:04 +0200 Subject: [PATCH 03/16] kivitendo: Install kivi via git --- defaults/main.yml | 5 ++++- tasks/kivitendo.yml | 5 +++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index 24e64a7..c517a71 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -18,4 +18,7 @@ fsit_smgt_dhcp_hosts: [] fsit_smgt_lpadminuser: lpadmin fsit_smgt_lpadminuser_pw: LPadminUserPW$ # Collabora -fsit_smgt_collabora_post_allow: +fsit_smgt_collabora_post_allow: +# Kivitendo ERP +fsit_smgt_kivi_customer_repo: 'https://github.com/kivitendo/kivitendo-erp.git' +fsit_smgt_kivi_customer_version: release-4.0.0 diff --git a/tasks/kivitendo.yml b/tasks/kivitendo.yml index 652403f..a3ee521 100644 --- a/tasks/kivitendo.yml +++ b/tasks/kivitendo.yml @@ -81,6 +81,11 @@ - texlive-luatex - texlive-plain-generic + - name: Clone repo. + ansible.builtin.git: + dest: /var/www/kivitendo-erp + repo: "{{ fsit_smgt_kivi_customer_repo }}" + version: "{{ fsit_smgt_kivi_customer_version }}" # Anleitung adaptiert # https://github.com/kivitendo/kivitendo-ansible/blob/master/main.yml -- 2.39.5 From 0fcbf12a4982ea17884edee9241be23ee7e10651 Mon Sep 17 00:00:00 2001 From: Ullli Date: Sat, 6 Jun 2026 08:11:29 +0200 Subject: [PATCH 04/16] =?utf8?q?richtiges=20Einr=C3=BCcken=20erh=C3=A4lt?= =?utf8?q?=20das=20Playbook=20:-)?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit --- tasks/kivitendo.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tasks/kivitendo.yml b/tasks/kivitendo.yml index a3ee521..89210bb 100644 --- a/tasks/kivitendo.yml +++ b/tasks/kivitendo.yml @@ -81,11 +81,11 @@ - texlive-luatex - texlive-plain-generic - - name: Clone repo. - ansible.builtin.git: - dest: /var/www/kivitendo-erp - repo: "{{ fsit_smgt_kivi_customer_repo }}" - version: "{{ fsit_smgt_kivi_customer_version }}" +- name: Clone repo. + ansible.builtin.git: + dest: /var/www/kivitendo-erp + repo: "{{ fsit_smgt_kivi_customer_repo }}" + version: "{{ fsit_smgt_kivi_customer_version }}" # Anleitung adaptiert # https://github.com/kivitendo/kivitendo-ansible/blob/master/main.yml -- 2.39.5 From 9ce819f608fed6506d6bb22271b4f17b6df31bda Mon Sep 17 00:00:00 2001 From: Ullli Date: Sat, 6 Jun 2026 08:20:08 +0200 Subject: [PATCH 05/16] Kivitendo conf, webdav und Verzeichnis Berechtigungen --- files/kivitendo.conf | 477 +++++++++++++++++++++++++++++++++++++++++++ tasks/kivitendo.yml | 35 ++++ 2 files changed, 512 insertions(+) create mode 100644 files/kivitendo.conf diff --git a/files/kivitendo.conf b/files/kivitendo.conf new file mode 100644 index 0000000..0e546b1 --- /dev/null +++ b/files/kivitendo.conf @@ -0,0 +1,477 @@ +[authentication] +# The cleartext password for access to the administrative part. It +# can only be changed in this file, not via the administrative +# interface. +admin_password = admin123 + +# Which modules to use for authentication. Valid values are 'DB', +# 'LDAP', 'HTTPHeaders'. You can use multiple modules separated by spaces. +# +# Multiple LDAP modules with different configurations can be used by +# postfixing 'LDAP' with the name of the configuration section to use: +# 'LDAP:ldap_fallback' would use the data from +# '[authentication/ldap_fallback]'. The name defaults to 'ldap' if it +# isn't given. +# +# Note that the LDAP module doesn't support changing the password. +module = DB + +# The cookie name can be changed if desired. +cookie_name = kivitendo_session_id + +# The number of minutes a session is valid. The default value is eight +# hours. +session_timeout = 480 + +# The number of seconds to penalize failed login attempts. 0 disables +# it. +failed_login_penalty = 5 + +[authentication/database] +# Connection information for the database with the user and group +# inforamtion. This information is always needed, even if LDAP is +# used for authentication, as the user information is stored in this +# database while LDAP is only used for password verification. +# +# If 'module' is set to 'DB' then this database also contains the +# users' passwords. +host = 127.0.0.1 +port = 5432 +db = kivitendo_auth +user = postgres +password = + +[authentication/ldap] +# This section is only relevant if 'module' is set to 'LDAP'. It names +# the LDAP server the passwords are verified against by doing a LDAP +# bind operation. +# +# At least the parameters 'host', 'attribute' and 'base_dn' have to be +# specified. +# +# tls: Activate encryption via TLS +# verify: If 'tls' is used, how to verify the server's certificate. +# Can be one of 'require' or 'none'. +# attribute: Name of the LDAP attribute containing the user's login name +# base_dn: Base DN the LDAP searches start from +# filter: An optional LDAP filter specification. The string '<%login%>' +# is replaced by the user's login name before the search is started. +# bind_dn and bind_password: +# If searching the LDAP tree requires user credentials +# (e.g. ActiveDirectory) then these two parameters specify +# the user name and password to use. +# timeout: Timeout when connecting to the server in seconds. +# +# You can specify a fallback LDAP server to use in case the main one +# isn't reachable by duplicating this whole section as +# "[authentication/ldap_fallback]". +# +host = localhost +port = 389 +tls = 0 +attribute = uid +base_dn = +filter = +bind_dn = +bind_password = +timeout = 10 +verify = require + +# For use with module 'HTTPHeaders': +[authentication/http_basic] +enabled = 1 + +# For use with module 'HTTPHeaders': +[authentication/http_headers] +enabled = 0 +client_id_header = X-Kivitendo-Client-ID +user_header = Auth-User +secret_header = X-Kivitendo-App-Secret +secret = ... + +[system] +# Set language for login and admin forms. Currently "de" (German) +# and "en" (English, not perfect) are available. +language = de + +# Set stylesheet for login and admin forms. Supported: +# design40 - default +stylesheet = design40 + +# MassPrint Timeout +# must be less than cgi timeout +# +massprint_timeout = 30 + +# Set default_manager for admin forms. Currently "german" +# and "swiss" are available. +default_manager = german + +# The memory limits given here determine the maximum process size +# (vsz, the total amount of memory this process uses including memory +# swapped out or shared with other processes) or resident set size +# (rss, the amount of memory not swapped out/shared with other +# processes). If either limit is reached at the end of the request +# then the kivitendo process will exit. +# +# This only applies for processes under FCGI and the task manager. +# For CGI configurations the process will be terminated after each request +# regardless of this setting. +# +# Note: this will only terminate processes with too high memory consumption. It +# is assumed that an external managing service will start new instances. For +# FCGI this will usually be apache or the wrapper scripts for nginx, for the +# task server this will have to be the system manager. +# +# Numbers can be postfixed with KB, MB, GB. If no number is given or +# the number is 0 then no checking will be performed. +memory_limit_rss = +memory_limit_vsz = + +[paths] +# path to temporary files (must be writeable by the web server) +userspath = users +# spool directory for batch printing +spool = spool +# templates base directory +templates = templates +# Path to the old memberfile (ignored on new installations) +memberfile = users/members +# Path to ELSTER geierlein webserver path inside kivitendo +# (must be inside kivitendo but you can set an ALIAS for apache/oe +# if set the export to geierlein is enabled +# geierlein_path = geierlein + +# +# document path for FileSystem FileManagement: +# (must be reachable read/write but not executable from webserver) +document_path = /var/www/kivitendo-erp/kivi_documents +# + +[mail_delivery] +# Delivery method can be 'sendmail' or 'smtp'. For 'method = sendmail' the +# parameter 'mail_delivery.sendmail' is used as the executable to call. If +# 'applications.sendmail' still exists (backwards compatibility) then +# 'applications.sendmail' will be used instead of 'mail_delivery.sendmail'. +# If method is empty, mail delivery is disabled. +method = smtp +# Location of sendmail for 'method = sendmail' +sendmail = /usr/sbin/sendmail -t<%if myconfig_email%> -f <%myconfig_email%><%end%> +# Settings for 'method = smtp'. Only set 'port' if your SMTP server +# runs on a non-standard port (25 for 'security=none' or +# 'security=tls', 465 for 'security=ssl'). +host = localhost +#port = 25 +# Security can be 'tls', 'ssl' or 'none'. Unset equals 'none'. This +# determines whether or not encryption is used and which kind. For +# 'tls' the module 'Net::SSLGlue' is required; for 'ssl' +# 'Net::SMTP::SSL' is required and 'none' only uses 'Net::SMTP'. +security = none +# Authentication is only used if 'login' is set. You should only use +# that with 'tls' or 'ssl' encryption. +login = +password = + +[imap_client] +enabled = 0 +hostname = localhost +username = +password = +# This folder can be managed with kivitendo through the background jobs +# CleanUpEmailSubfolders and SyncEmailFolder. Create no subfolder in the +# base folder by hand. Use / for subfolders. +base_folder = INBOX +# Port only needs to be changed if it is not the default port. +# port = 993 +# If SSL is to be used, then set port to 993 or leave empty +ssl = 1 + +# Define a server for a specific email (e.g. info@test.de) with +# '[sent_emails_in_imap/email/info@test.de]' +[sent_emails_in_imap] +enabled = 0 +hostname = localhost +username = +password = +# This folder must exist. Use / for subfolders. +folder = Sent/Kivitendo +# Port only needs to be changed if it is not the default port. +# port = 143 +# If SSL is used, default port is 993 +ssl = 1 + +[applications] +# Location of OpenOffice.org/LibreOffice writer +openofficeorg_writer = lowriter +# Location of the html2ps binary +html2ps = html2ps +# Location of the Ghostscript binary +ghostscript = gs +# Location of the program to create PDFs from TeX documents +latex = latexmk --pdflatex +# Location of the Python interpreter to use when converting from +# OpenDocument to PDF. Some distributions compile UNO support only +# into binaries located in different locations than the main Python +# binary. +python_uno = python3 + +[environment] +# Add the following paths to the PATH environment variable. +path = /usr/local/bin:/usr/X11R6/bin:/usr/X11/bin +# Add the following paths to the PERL5LIB environment variable. +# "/sw/lib/perl5" is for Mac OS X with Fink's Perl. +lib = /sw/lib/perl5 +# Add the following paths to the PYTHONPATH environment variable for +# locating Python modules. Python is used when converting OpenDocument +# files into PDF files. +python_uno_path = + +[print_templates] +# If you have LaTeX installed set to 1 +latex = 1 +# Minimal support for Excel print templates +excel = 0 +# Enable or disable support for OpenDocument print templates +opendocument = 1 +# Chose whether or not OpenOffice/LibreOffice should remain running after a +# conversion. If yes then the conversion of subsequent documents will +# be a bit faster. You need to have Python and the Python UNO bindings +# (part of OpenOffice/LibreOffice) installed. +openofficeorg_daemon = 0 +openofficeorg_daemon_port = 2002 + +[task_server] +# Set to 1 for debug messages in users/kivitendo-debug.log +debug = 0 +# Chose a system user the daemon should run under when started as root. +run_as = +# Task servers can run on multiple machines. Each needs its own unique +# ID. If unset, it defaults to the host name. All but one task server +# must have 'only_run_tasks_for_this_node' set to 1. +node_id = +only_run_tasks_for_this_node = 0 + +[task_server/notify_on_failure] +# If you want email notifications for failed jobs then set this to a +# kivitendo user (login) name. The subject can be changed as well. +send_email_to = +# The "From:" header for said email. +email_from = kivitendo Daemon +# The subject for said email. +email_subject = kivitendo Task-Server: Hintergrundjob fehlgeschlagen +# The template file used for the email's body. +email_template = templates/design40_webpages/task_server/failure_notification_email.txt + +[periodic_invoices] +# The user name or email address a report about the posted and printed +# invoices is sent to. +send_email_to = +# The "From:" header for said email. +email_from = kivitendo Daemon +# The subject for said email. +email_subject = Benachrichtigung: automatisch erstellte Rechnungen +# The template file used for the email's body. +email_template = templates/design40_webpages/oe/periodic_invoices_email.txt +# Whether to always send the mail (0), or only if there were errors +# (1). +send_for_errors_only = 0 + +[self_test] + +# modules to be tested +# Add without SL::BackgroundJob::SelfTest:: prefix +# Separate with space. +modules = Transactions + +# you probably don't want to be spammed with "everything ok" every day. enable +# this when you add new tests to make sure they run correctly for a few days +send_email_on_success = 0 + +# will log into the standard logfile +log_to_file = 0 + +# user login (!) to send the email to. +send_email_to = +# will be used to send your report mail +email_from = +# The subject line for your report mail +email_subject = kivitendo self test report +# template. currently txt and html templates are recognized and correctly mime send. +email_template = templates/mail/self_test/status_mail.txt + +[check_below_minimum_stock] +# The user name or email address a report about the under stock parts is sent +# to. +send_email_to = +# The "From:" header for said email. +email_from = kivitendo Daemon +# The subject for said email. +email_subject = Benachrichtigung: Artikel unter Mindestbestand +# The template file used for the email's body. +email_template = templates/mail/below_minimum_stock/error_email.html + +[follow_up_reminder] +# Email notifications for due follow ups. +# The "From:" header for said email. +email_from = kivitendo Daemon +# The subject for said email. +email_subject = kivitendo: fällige Wiedervorlagen +# The template file used for the email's body. +# If empty fu/follow_up_reminder_mail.html will be used. +email_template = + +[follow_up_notify] +# Email notification for new follow ups. +email_from = kivitendo Daemon +email_subject = kivitendo: neue Wiedervorlagen für Sie von <%creator_name%> +email_template = templates/mail/follow_up_notify/email_body.txt + +[secrets] +# Passphase used to encrypt/decrypt secrets stored in the kivitendo client database. +# While any length is allowed, it will get stretched into a 256bit AES key - more is better. +#master_key = + +[console] +# Automatic login will only work if both "client" and "login" are +# given. "client" can be a client's database ID or its name. "login" +# is simply a user's login name. +client = +login = + +# autorun lines will be executed after autologin. +# be warned that loading huge libraries will noticably lengthen startup time. +#autorun = require "bin/mozilla/common.pl"; +# = use English qw(-no_match_vars); +# = use List::Util qw(min max); +# = sub take { my $max = shift; my $r = ref($_[0]) eq 'ARRAY' ? $_[0] : \@_; return @{$r}[0..List::Util::min($max, scalar(@{$r})) - 1]; } + +# location of history file for permanent history +history_file = users/console_history + +# Location of a separate log file for the console. Everything normally written +# to the kivitendo log will be put here if triggered from the console. +log_file = users/kivitendo_console_debug.log + +[testing] + +# Several tests need a database they can alter data in freely. This +# database will be dropped & created before any other test is run. The +# following parameters must be given: +[testing/database] +host = 127.0.0.1 +port = 5432 +db = +user = postgres +password = +template = template1 +superuser_user = postgres +superuser_password = + +[devel] +# Several settings related to the development of kivitendo. + +# "client" is used by several scripts (e.g. rose_auto_create_model.pl) +# when they need access to the database. It can be either a client's +# database ID or its name. +client = + +[debug] +# Use DBIx::Log4perl for logging DBI calls. The string LXDEBUGFILE +# will be replaced by the file name configured for $::lxdebug. +dbix_log4perl = 0 +dbix_log4perl_config = log4perl.logger = FATAL, LOGFILE + = log4perl.appender.LOGFILE=Log::Log4perl::Appender::File + = log4perl.appender.LOGFILE.filename=LXDEBUGFILE + = log4perl.appender.LOGFILE.mode=append + = log4perl.appender.LOGFILE.Threshold = ERROR + = log4perl.appender.LOGFILE.layout=PatternLayout + = log4perl.appender.LOGFILE.layout.ConversionPattern=[%r] %F %L %c - %m%n + = log4perl.logger.DBIx.Log4perl=DEBUG, A1 + = log4perl.appender.A1=Log::Log4perl::Appender::File + = log4perl.appender.A1.filename=LXDEBUGFILE + = log4perl.appender.A1.mode=append + = log4perl.appender.A1.layout=Log::Log4perl::Layout::PatternLayout + = log4perl.appender.A1.layout.ConversionPattern=%d %p> %F{1}:%L %M - %m%n + +# Activate certain global debug messages. If you want to combine +# several options then list them separated by spaces. +# +# Possible values include: +# NONE - no debug output (default) +# INFO +# DEBUG1 +# DEBUG2 +# QUERY - Dump SQL queries (only in legacy code; see also "dbix_log4perl" above) +# TRACE - Track function calls and returns +# BACKTRACE_ON_ERROR - Print a function call backtrace when $form->error() is called +# REQUEST_TIMER - Log timing of HTTP requests +# REQUEST - Log each request. Careful! Passwords get filtered, but +# there may be confidential information being logged here +# WARN - warnings +# SHOW_CALLER - include the file name & line number from where a call +# to "message" or "dump" was called +# ALL - all possible debug messages +# +# DEVEL - sames as "INFO QUERY TRACE BACKTRACE_ON_ERROR REQUEST_TIMER" +# +# Example: +# global_level = TRACE QUERY +global_level = NONE + +# Activate monitoring of the content of $form. If it is active then +# monitoring can be turned on for certain variables with the +# following: +# $form->{"Watchdog::"} = 1; +# Monitoring has a performance cost and is therefore deactivated by +# default. +watch_form = 0 + +# If you want to debug the creation of LaTeX files then set this to 1. +# That way the temporary LaTeX files created during PDF creation are +# not removed and remain in the "users" directory. +keep_temp_files = 0 + +# Restart the FastCGI process if changes to the program or template +# files have been detected. The restart will occur after the request +# in which the changes have been detected has completed. +restart_fcgi_process_on_changes = 0 + +# The file name where the debug messages are written to. +file_name = users/kivitendo-debug.log + +# If set to 1 then the installation will be kept unlocked even if a +# database upgrade fails. +keep_installation_unlocked = 0 + +# If set to 1 then all resource links (JavaScript, CSS files) output +# via $::request->{layout}->use_stylesheet() / use_javascript() will +# be made unique by appending a random GET parameter. This will cause +# the web browser to always reload the resources. +auto_reload_resources = 0 + +# If set to 1 each exception will include a full stack backtrace. +backtrace_on_die = 0 + +[cti] +# If you want phone numbers to be clickable then this must be set to a +# command that does the actually dialing. Within this command three +# variables are replaced before it is executed: +# +# 1. <%phone_extension%> and <%phone_password%> are taken from the user +# configuration (changeable in the admin interface). +# 2. <%number%> is the number to dial. It has already been sanitized +# and formatted correctly regarding e.g. the international dialing +# prefix. +# +# The following is an example that works with the OpenUC telephony +# server: +# dial_command = curl --insecure -X PUT https://<%phone_extension%>:<%phone_password%>@IP.AD.DR.ESS:8443/sipxconfig/rest/my/call/<%number%> +dial_command = +# If you need to dial something before the actual number then set +# external_prefix to it. +external_prefix = 0 +# The prefix for international calls (numbers starting with +). +international_dialing_prefix = 00 +# Our own country code +our_country_code = 49 + diff --git a/tasks/kivitendo.yml b/tasks/kivitendo.yml index 89210bb..7c288ff 100644 --- a/tasks/kivitendo.yml +++ b/tasks/kivitendo.yml @@ -87,6 +87,41 @@ repo: "{{ fsit_smgt_kivi_customer_repo }}" version: "{{ fsit_smgt_kivi_customer_version }}" +- name: Copy over Kivitendo.conf. + ansible.builtin.copy: + src: files/kivitendo.conf + dest: /var/www/kivitendo-erp/config/kivitendo.conf + owner: www-data + mode: 'u=rw,g=rw,o=' + notify: Restart apache + +- name: Make webdav directory. + ansible.builtin.file: + path: /var/www/kivitendo-erp/webdav + state: directory + mode: 'u=Xrw,g=Xrw,o=' + + +- name: Make kivi_documents directory. + ansible.builtin.file: + path: /var/www/kivitendo-erp/kivi_documents + state: directory + mode: 'u=Xrw,g=Xrw,o=' + +- name: Change permissions. + ansible.builtin.file: + owner: www-data + path: "/var/www/kivitendo-erp/{{ item }}" + mode: 'u=Xrw,g=Xrw,o=' + recurse: true + loop: + - kivi_documents + - users + - spool + - templates + - webdav + + # Anleitung adaptiert # https://github.com/kivitendo/kivitendo-ansible/blob/master/main.yml # -- 2.39.5 From 5d0199dfde16fbcf17e8658fce985ca780ebd790 Mon Sep 17 00:00:00 2001 From: Ullli Date: Sat, 6 Jun 2026 08:22:28 +0200 Subject: [PATCH 06/16] new handler restart apache --- handlers/main.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/handlers/main.yml b/handlers/main.yml index fd489dd..dd8735f 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -14,6 +14,10 @@ ansible.builtin.service: name: coolwsd state: restarted +- name: Restart apache + ansible.builtin.service: + name: apache2 + state: restarted #- name: start fusioninventory-client # ansible.builtin.service: # name: fusioninventory-agent.service -- 2.39.5 From bac725d468db849ff839aa86f1228324ff58d273 Mon Sep 17 00:00:00 2001 From: Ullli Date: Sat, 6 Jun 2026 08:28:31 +0200 Subject: [PATCH 07/16] kivitendo-task um postgresql erweitert --- handlers/main.yml | 4 ++++ tasks/kivitendo.yml | 20 +++++++++++++++++++- 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/handlers/main.yml b/handlers/main.yml index dd8735f..6e4c893 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -18,6 +18,10 @@ ansible.builtin.service: name: apache2 state: restarted +- name: Restart postgresql + ansible.builtin.service: + name: postgresql + state: restarted #- name: start fusioninventory-client # ansible.builtin.service: # name: fusioninventory-agent.service diff --git a/tasks/kivitendo.yml b/tasks/kivitendo.yml index 7c288ff..faaa69f 100644 --- a/tasks/kivitendo.yml +++ b/tasks/kivitendo.yml @@ -101,7 +101,6 @@ state: directory mode: 'u=Xrw,g=Xrw,o=' - - name: Make kivi_documents directory. ansible.builtin.file: path: /var/www/kivitendo-erp/kivi_documents @@ -121,6 +120,25 @@ - templates - webdav +# postrgesql for kivi +- name: Remove existing rules to ensure correct ordering of the rules + ansible.builtin.postgresql_pg_hba: + dest: /etc/postgresql/17/main/pg_hba.conf + overwrite: true + contype: local + users: all + databases: all + method: peer + +- name: Allow access from localhost to Postgresql. + ansible.builtin.postgresql_pg_hba: + dest: /etc/postgresql/17/main/pg_hba.conf + contype: host + users: postgres + databases: all + address: 127.0.0.1/32 + method: trust + notify: Restart postgresql # Anleitung adaptiert # https://github.com/kivitendo/kivitendo-ansible/blob/master/main.yml -- 2.39.5 From 6adeac2cf68bf1a42b97ab87bf770411826fcf39 Mon Sep 17 00:00:00 2001 From: Ullli Date: Sat, 6 Jun 2026 08:35:38 +0200 Subject: [PATCH 08/16] kivitendo: activate apache modules --- tasks/kivitendo.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tasks/kivitendo.yml b/tasks/kivitendo.yml index faaa69f..fba4ee4 100644 --- a/tasks/kivitendo.yml +++ b/tasks/kivitendo.yml @@ -140,6 +140,19 @@ method: trust notify: Restart postgresql +# apache server for kivi +- name: Activate apache fastcgi, headers and ssl modules. + community.general.apache2_module: + state: present + name: "{{ item }}" + loop: + - fcgid + - headers + - ssl + - rewrite + - socache_shmcb +# notify: Enable SSL + # Anleitung adaptiert # https://github.com/kivitendo/kivitendo-ansible/blob/master/main.yml # -- 2.39.5 From b8b96edb6a917c9f5b6eb80d7a4f3869e08a3fda Mon Sep 17 00:00:00 2001 From: Ullli Date: Sat, 6 Jun 2026 08:44:17 +0200 Subject: [PATCH 09/16] restart apache --- handlers/main.yml | 6 ++++++ tasks/kivitendo.yml | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/handlers/main.yml b/handlers/main.yml index 6e4c893..19b6b80 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -2,26 +2,32 @@ ansible.builtin.service: name: samba state: restarted + - name: Restart nfs-kernel-server service ansible.builtin.service: name: nfs-kernel-server.service state: restarted + - name: Restart lighttpd service ansible.builtin.service: name: lighttpd.service state: restarted + - name: Restart coolwsd service ansible.builtin.service: name: coolwsd state: restarted + - name: Restart apache ansible.builtin.service: name: apache2 state: restarted + - name: Restart postgresql ansible.builtin.service: name: postgresql state: restarted + #- name: start fusioninventory-client # ansible.builtin.service: # name: fusioninventory-agent.service diff --git a/tasks/kivitendo.yml b/tasks/kivitendo.yml index fba4ee4..aa3dd78 100644 --- a/tasks/kivitendo.yml +++ b/tasks/kivitendo.yml @@ -151,7 +151,7 @@ - ssl - rewrite - socache_shmcb -# notify: Enable SSL + notify: Restart apache # Anleitung adaptiert # https://github.com/kivitendo/kivitendo-ansible/blob/master/main.yml -- 2.39.5 From e90bfd594054020d79964adf4995614bf8579711 Mon Sep 17 00:00:00 2001 From: Ullli Date: Sat, 6 Jun 2026 09:13:36 +0200 Subject: [PATCH 10/16] kivitendo mit ssl --- files/kivitendo.conf | 477 ------------------------------------------- tasks/kivitendo.yml | 17 +- 2 files changed, 16 insertions(+), 478 deletions(-) delete mode 100644 files/kivitendo.conf diff --git a/files/kivitendo.conf b/files/kivitendo.conf deleted file mode 100644 index 0e546b1..0000000 --- a/files/kivitendo.conf +++ /dev/null @@ -1,477 +0,0 @@ -[authentication] -# The cleartext password for access to the administrative part. It -# can only be changed in this file, not via the administrative -# interface. -admin_password = admin123 - -# Which modules to use for authentication. Valid values are 'DB', -# 'LDAP', 'HTTPHeaders'. You can use multiple modules separated by spaces. -# -# Multiple LDAP modules with different configurations can be used by -# postfixing 'LDAP' with the name of the configuration section to use: -# 'LDAP:ldap_fallback' would use the data from -# '[authentication/ldap_fallback]'. The name defaults to 'ldap' if it -# isn't given. -# -# Note that the LDAP module doesn't support changing the password. -module = DB - -# The cookie name can be changed if desired. -cookie_name = kivitendo_session_id - -# The number of minutes a session is valid. The default value is eight -# hours. -session_timeout = 480 - -# The number of seconds to penalize failed login attempts. 0 disables -# it. -failed_login_penalty = 5 - -[authentication/database] -# Connection information for the database with the user and group -# inforamtion. This information is always needed, even if LDAP is -# used for authentication, as the user information is stored in this -# database while LDAP is only used for password verification. -# -# If 'module' is set to 'DB' then this database also contains the -# users' passwords. -host = 127.0.0.1 -port = 5432 -db = kivitendo_auth -user = postgres -password = - -[authentication/ldap] -# This section is only relevant if 'module' is set to 'LDAP'. It names -# the LDAP server the passwords are verified against by doing a LDAP -# bind operation. -# -# At least the parameters 'host', 'attribute' and 'base_dn' have to be -# specified. -# -# tls: Activate encryption via TLS -# verify: If 'tls' is used, how to verify the server's certificate. -# Can be one of 'require' or 'none'. -# attribute: Name of the LDAP attribute containing the user's login name -# base_dn: Base DN the LDAP searches start from -# filter: An optional LDAP filter specification. The string '<%login%>' -# is replaced by the user's login name before the search is started. -# bind_dn and bind_password: -# If searching the LDAP tree requires user credentials -# (e.g. ActiveDirectory) then these two parameters specify -# the user name and password to use. -# timeout: Timeout when connecting to the server in seconds. -# -# You can specify a fallback LDAP server to use in case the main one -# isn't reachable by duplicating this whole section as -# "[authentication/ldap_fallback]". -# -host = localhost -port = 389 -tls = 0 -attribute = uid -base_dn = -filter = -bind_dn = -bind_password = -timeout = 10 -verify = require - -# For use with module 'HTTPHeaders': -[authentication/http_basic] -enabled = 1 - -# For use with module 'HTTPHeaders': -[authentication/http_headers] -enabled = 0 -client_id_header = X-Kivitendo-Client-ID -user_header = Auth-User -secret_header = X-Kivitendo-App-Secret -secret = ... - -[system] -# Set language for login and admin forms. Currently "de" (German) -# and "en" (English, not perfect) are available. -language = de - -# Set stylesheet for login and admin forms. Supported: -# design40 - default -stylesheet = design40 - -# MassPrint Timeout -# must be less than cgi timeout -# -massprint_timeout = 30 - -# Set default_manager for admin forms. Currently "german" -# and "swiss" are available. -default_manager = german - -# The memory limits given here determine the maximum process size -# (vsz, the total amount of memory this process uses including memory -# swapped out or shared with other processes) or resident set size -# (rss, the amount of memory not swapped out/shared with other -# processes). If either limit is reached at the end of the request -# then the kivitendo process will exit. -# -# This only applies for processes under FCGI and the task manager. -# For CGI configurations the process will be terminated after each request -# regardless of this setting. -# -# Note: this will only terminate processes with too high memory consumption. It -# is assumed that an external managing service will start new instances. For -# FCGI this will usually be apache or the wrapper scripts for nginx, for the -# task server this will have to be the system manager. -# -# Numbers can be postfixed with KB, MB, GB. If no number is given or -# the number is 0 then no checking will be performed. -memory_limit_rss = -memory_limit_vsz = - -[paths] -# path to temporary files (must be writeable by the web server) -userspath = users -# spool directory for batch printing -spool = spool -# templates base directory -templates = templates -# Path to the old memberfile (ignored on new installations) -memberfile = users/members -# Path to ELSTER geierlein webserver path inside kivitendo -# (must be inside kivitendo but you can set an ALIAS for apache/oe -# if set the export to geierlein is enabled -# geierlein_path = geierlein - -# -# document path for FileSystem FileManagement: -# (must be reachable read/write but not executable from webserver) -document_path = /var/www/kivitendo-erp/kivi_documents -# - -[mail_delivery] -# Delivery method can be 'sendmail' or 'smtp'. For 'method = sendmail' the -# parameter 'mail_delivery.sendmail' is used as the executable to call. If -# 'applications.sendmail' still exists (backwards compatibility) then -# 'applications.sendmail' will be used instead of 'mail_delivery.sendmail'. -# If method is empty, mail delivery is disabled. -method = smtp -# Location of sendmail for 'method = sendmail' -sendmail = /usr/sbin/sendmail -t<%if myconfig_email%> -f <%myconfig_email%><%end%> -# Settings for 'method = smtp'. Only set 'port' if your SMTP server -# runs on a non-standard port (25 for 'security=none' or -# 'security=tls', 465 for 'security=ssl'). -host = localhost -#port = 25 -# Security can be 'tls', 'ssl' or 'none'. Unset equals 'none'. This -# determines whether or not encryption is used and which kind. For -# 'tls' the module 'Net::SSLGlue' is required; for 'ssl' -# 'Net::SMTP::SSL' is required and 'none' only uses 'Net::SMTP'. -security = none -# Authentication is only used if 'login' is set. You should only use -# that with 'tls' or 'ssl' encryption. -login = -password = - -[imap_client] -enabled = 0 -hostname = localhost -username = -password = -# This folder can be managed with kivitendo through the background jobs -# CleanUpEmailSubfolders and SyncEmailFolder. Create no subfolder in the -# base folder by hand. Use / for subfolders. -base_folder = INBOX -# Port only needs to be changed if it is not the default port. -# port = 993 -# If SSL is to be used, then set port to 993 or leave empty -ssl = 1 - -# Define a server for a specific email (e.g. info@test.de) with -# '[sent_emails_in_imap/email/info@test.de]' -[sent_emails_in_imap] -enabled = 0 -hostname = localhost -username = -password = -# This folder must exist. Use / for subfolders. -folder = Sent/Kivitendo -# Port only needs to be changed if it is not the default port. -# port = 143 -# If SSL is used, default port is 993 -ssl = 1 - -[applications] -# Location of OpenOffice.org/LibreOffice writer -openofficeorg_writer = lowriter -# Location of the html2ps binary -html2ps = html2ps -# Location of the Ghostscript binary -ghostscript = gs -# Location of the program to create PDFs from TeX documents -latex = latexmk --pdflatex -# Location of the Python interpreter to use when converting from -# OpenDocument to PDF. Some distributions compile UNO support only -# into binaries located in different locations than the main Python -# binary. -python_uno = python3 - -[environment] -# Add the following paths to the PATH environment variable. -path = /usr/local/bin:/usr/X11R6/bin:/usr/X11/bin -# Add the following paths to the PERL5LIB environment variable. -# "/sw/lib/perl5" is for Mac OS X with Fink's Perl. -lib = /sw/lib/perl5 -# Add the following paths to the PYTHONPATH environment variable for -# locating Python modules. Python is used when converting OpenDocument -# files into PDF files. -python_uno_path = - -[print_templates] -# If you have LaTeX installed set to 1 -latex = 1 -# Minimal support for Excel print templates -excel = 0 -# Enable or disable support for OpenDocument print templates -opendocument = 1 -# Chose whether or not OpenOffice/LibreOffice should remain running after a -# conversion. If yes then the conversion of subsequent documents will -# be a bit faster. You need to have Python and the Python UNO bindings -# (part of OpenOffice/LibreOffice) installed. -openofficeorg_daemon = 0 -openofficeorg_daemon_port = 2002 - -[task_server] -# Set to 1 for debug messages in users/kivitendo-debug.log -debug = 0 -# Chose a system user the daemon should run under when started as root. -run_as = -# Task servers can run on multiple machines. Each needs its own unique -# ID. If unset, it defaults to the host name. All but one task server -# must have 'only_run_tasks_for_this_node' set to 1. -node_id = -only_run_tasks_for_this_node = 0 - -[task_server/notify_on_failure] -# If you want email notifications for failed jobs then set this to a -# kivitendo user (login) name. The subject can be changed as well. -send_email_to = -# The "From:" header for said email. -email_from = kivitendo Daemon -# The subject for said email. -email_subject = kivitendo Task-Server: Hintergrundjob fehlgeschlagen -# The template file used for the email's body. -email_template = templates/design40_webpages/task_server/failure_notification_email.txt - -[periodic_invoices] -# The user name or email address a report about the posted and printed -# invoices is sent to. -send_email_to = -# The "From:" header for said email. -email_from = kivitendo Daemon -# The subject for said email. -email_subject = Benachrichtigung: automatisch erstellte Rechnungen -# The template file used for the email's body. -email_template = templates/design40_webpages/oe/periodic_invoices_email.txt -# Whether to always send the mail (0), or only if there were errors -# (1). -send_for_errors_only = 0 - -[self_test] - -# modules to be tested -# Add without SL::BackgroundJob::SelfTest:: prefix -# Separate with space. -modules = Transactions - -# you probably don't want to be spammed with "everything ok" every day. enable -# this when you add new tests to make sure they run correctly for a few days -send_email_on_success = 0 - -# will log into the standard logfile -log_to_file = 0 - -# user login (!) to send the email to. -send_email_to = -# will be used to send your report mail -email_from = -# The subject line for your report mail -email_subject = kivitendo self test report -# template. currently txt and html templates are recognized and correctly mime send. -email_template = templates/mail/self_test/status_mail.txt - -[check_below_minimum_stock] -# The user name or email address a report about the under stock parts is sent -# to. -send_email_to = -# The "From:" header for said email. -email_from = kivitendo Daemon -# The subject for said email. -email_subject = Benachrichtigung: Artikel unter Mindestbestand -# The template file used for the email's body. -email_template = templates/mail/below_minimum_stock/error_email.html - -[follow_up_reminder] -# Email notifications for due follow ups. -# The "From:" header for said email. -email_from = kivitendo Daemon -# The subject for said email. -email_subject = kivitendo: fällige Wiedervorlagen -# The template file used for the email's body. -# If empty fu/follow_up_reminder_mail.html will be used. -email_template = - -[follow_up_notify] -# Email notification for new follow ups. -email_from = kivitendo Daemon -email_subject = kivitendo: neue Wiedervorlagen für Sie von <%creator_name%> -email_template = templates/mail/follow_up_notify/email_body.txt - -[secrets] -# Passphase used to encrypt/decrypt secrets stored in the kivitendo client database. -# While any length is allowed, it will get stretched into a 256bit AES key - more is better. -#master_key = - -[console] -# Automatic login will only work if both "client" and "login" are -# given. "client" can be a client's database ID or its name. "login" -# is simply a user's login name. -client = -login = - -# autorun lines will be executed after autologin. -# be warned that loading huge libraries will noticably lengthen startup time. -#autorun = require "bin/mozilla/common.pl"; -# = use English qw(-no_match_vars); -# = use List::Util qw(min max); -# = sub take { my $max = shift; my $r = ref($_[0]) eq 'ARRAY' ? $_[0] : \@_; return @{$r}[0..List::Util::min($max, scalar(@{$r})) - 1]; } - -# location of history file for permanent history -history_file = users/console_history - -# Location of a separate log file for the console. Everything normally written -# to the kivitendo log will be put here if triggered from the console. -log_file = users/kivitendo_console_debug.log - -[testing] - -# Several tests need a database they can alter data in freely. This -# database will be dropped & created before any other test is run. The -# following parameters must be given: -[testing/database] -host = 127.0.0.1 -port = 5432 -db = -user = postgres -password = -template = template1 -superuser_user = postgres -superuser_password = - -[devel] -# Several settings related to the development of kivitendo. - -# "client" is used by several scripts (e.g. rose_auto_create_model.pl) -# when they need access to the database. It can be either a client's -# database ID or its name. -client = - -[debug] -# Use DBIx::Log4perl for logging DBI calls. The string LXDEBUGFILE -# will be replaced by the file name configured for $::lxdebug. -dbix_log4perl = 0 -dbix_log4perl_config = log4perl.logger = FATAL, LOGFILE - = log4perl.appender.LOGFILE=Log::Log4perl::Appender::File - = log4perl.appender.LOGFILE.filename=LXDEBUGFILE - = log4perl.appender.LOGFILE.mode=append - = log4perl.appender.LOGFILE.Threshold = ERROR - = log4perl.appender.LOGFILE.layout=PatternLayout - = log4perl.appender.LOGFILE.layout.ConversionPattern=[%r] %F %L %c - %m%n - = log4perl.logger.DBIx.Log4perl=DEBUG, A1 - = log4perl.appender.A1=Log::Log4perl::Appender::File - = log4perl.appender.A1.filename=LXDEBUGFILE - = log4perl.appender.A1.mode=append - = log4perl.appender.A1.layout=Log::Log4perl::Layout::PatternLayout - = log4perl.appender.A1.layout.ConversionPattern=%d %p> %F{1}:%L %M - %m%n - -# Activate certain global debug messages. If you want to combine -# several options then list them separated by spaces. -# -# Possible values include: -# NONE - no debug output (default) -# INFO -# DEBUG1 -# DEBUG2 -# QUERY - Dump SQL queries (only in legacy code; see also "dbix_log4perl" above) -# TRACE - Track function calls and returns -# BACKTRACE_ON_ERROR - Print a function call backtrace when $form->error() is called -# REQUEST_TIMER - Log timing of HTTP requests -# REQUEST - Log each request. Careful! Passwords get filtered, but -# there may be confidential information being logged here -# WARN - warnings -# SHOW_CALLER - include the file name & line number from where a call -# to "message" or "dump" was called -# ALL - all possible debug messages -# -# DEVEL - sames as "INFO QUERY TRACE BACKTRACE_ON_ERROR REQUEST_TIMER" -# -# Example: -# global_level = TRACE QUERY -global_level = NONE - -# Activate monitoring of the content of $form. If it is active then -# monitoring can be turned on for certain variables with the -# following: -# $form->{"Watchdog::"} = 1; -# Monitoring has a performance cost and is therefore deactivated by -# default. -watch_form = 0 - -# If you want to debug the creation of LaTeX files then set this to 1. -# That way the temporary LaTeX files created during PDF creation are -# not removed and remain in the "users" directory. -keep_temp_files = 0 - -# Restart the FastCGI process if changes to the program or template -# files have been detected. The restart will occur after the request -# in which the changes have been detected has completed. -restart_fcgi_process_on_changes = 0 - -# The file name where the debug messages are written to. -file_name = users/kivitendo-debug.log - -# If set to 1 then the installation will be kept unlocked even if a -# database upgrade fails. -keep_installation_unlocked = 0 - -# If set to 1 then all resource links (JavaScript, CSS files) output -# via $::request->{layout}->use_stylesheet() / use_javascript() will -# be made unique by appending a random GET parameter. This will cause -# the web browser to always reload the resources. -auto_reload_resources = 0 - -# If set to 1 each exception will include a full stack backtrace. -backtrace_on_die = 0 - -[cti] -# If you want phone numbers to be clickable then this must be set to a -# command that does the actually dialing. Within this command three -# variables are replaced before it is executed: -# -# 1. <%phone_extension%> and <%phone_password%> are taken from the user -# configuration (changeable in the admin interface). -# 2. <%number%> is the number to dial. It has already been sanitized -# and formatted correctly regarding e.g. the international dialing -# prefix. -# -# The following is an example that works with the OpenUC telephony -# server: -# dial_command = curl --insecure -X PUT https://<%phone_extension%>:<%phone_password%>@IP.AD.DR.ESS:8443/sipxconfig/rest/my/call/<%number%> -dial_command = -# If you need to dial something before the actual number then set -# external_prefix to it. -external_prefix = 0 -# The prefix for international calls (numbers starting with +). -international_dialing_prefix = 00 -# Our own country code -our_country_code = 49 - diff --git a/tasks/kivitendo.yml b/tasks/kivitendo.yml index aa3dd78..a9019ad 100644 --- a/tasks/kivitendo.yml +++ b/tasks/kivitendo.yml @@ -89,7 +89,7 @@ - name: Copy over Kivitendo.conf. ansible.builtin.copy: - src: files/kivitendo.conf + src: files/kivitendo/kivitendo.conf dest: /var/www/kivitendo-erp/config/kivitendo.conf owner: www-data mode: 'u=rw,g=rw,o=' @@ -153,6 +153,21 @@ - socache_shmcb notify: Restart apache +- name: Copy over apacha ssl-conf + ansible.builtin.copy: + src: files/kivitendo/default-ssl.conf + dest: /etc/apache2/sites-available/default-ssl.conf + mode: '640' + notify: Restart apache + +- name: Disable 000-default.conf + ansible.builtin.command: a2dissite 000-default.conf + notify: Restart apache + +- name: Enable SSL + ansible.builtin.command: a2ensite default-ssl + notify: Restart apache + # Anleitung adaptiert # https://github.com/kivitendo/kivitendo-ansible/blob/master/main.yml # -- 2.39.5 From 067b02d0a105a316625a3925d8398e73189441c8 Mon Sep 17 00:00:00 2001 From: Ullli Date: Sat, 6 Jun 2026 09:25:04 +0200 Subject: [PATCH 11/16] added kivitendo task server as service --- files/kivitendo/kivitendo-task-server.service | 19 +++++++++++++++++++ handlers/main.yml | 4 ++++ tasks/kivitendo.yml | 14 ++++++++++++++ 3 files changed, 37 insertions(+) create mode 100644 files/kivitendo/kivitendo-task-server.service diff --git a/files/kivitendo/kivitendo-task-server.service b/files/kivitendo/kivitendo-task-server.service new file mode 100644 index 0000000..75efd8c --- /dev/null +++ b/files/kivitendo/kivitendo-task-server.service @@ -0,0 +1,19 @@ +[Unit] +Description=kivitendo background jobs server +Requires=postgresql.service +After=postgresql.service + +[Service] +Type=forking +# Change the user to the one your web server runs as. +User=www-data +# Change these two to point to the kivitendo "task_server.pl" location. +ExecStart=/var/www/kivitendo-erp/scripts/task_server.pl start +ExecStop=/var/www/kivitendo-erp/scripts/task_server.pl stop +Restart=always +ProtectSystem=full +ProtectHome=yes +PrivateTmp=yes + +[Install] +WantedBy=multi-user.target diff --git a/handlers/main.yml b/handlers/main.yml index 19b6b80..688e51a 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -28,6 +28,10 @@ name: postgresql state: restarted +- name: systemd_daemon_reload + ansible.builtin.systemd_service: + daemon_reload: true + #- name: start fusioninventory-client # ansible.builtin.service: # name: fusioninventory-agent.service diff --git a/tasks/kivitendo.yml b/tasks/kivitendo.yml index a9019ad..836cf9b 100644 --- a/tasks/kivitendo.yml +++ b/tasks/kivitendo.yml @@ -168,6 +168,20 @@ ansible.builtin.command: a2ensite default-ssl notify: Restart apache +- name: Install kivitendo-task-server + ansible.builtin.copy: + src: files/kivitendo/kivitendo-task-server.service + dest: /etc/systemd/system/kivitendo-task-server.service + owner: root + mode: 'u=rw,g=rw,o=' + notify: systemd_daemon_reload + +- name: Start kivitendo-task-server + ansible.builtin.systemd: + name: kivitendo-task-server + state: started + enabled: true + # Anleitung adaptiert # https://github.com/kivitendo/kivitendo-ansible/blob/master/main.yml # -- 2.39.5 From 6fceb0ba80d617e47871fdb17df783bf08cf903a Mon Sep 17 00:00:00 2001 From: Ullli Date: Sat, 6 Jun 2026 10:39:28 +0200 Subject: [PATCH 12/16] FIXME vorerst ohne Task-Server per ansible --- tasks/kivitendo.yml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/tasks/kivitendo.yml b/tasks/kivitendo.yml index 836cf9b..fd899db 100644 --- a/tasks/kivitendo.yml +++ b/tasks/kivitendo.yml @@ -168,6 +168,7 @@ ansible.builtin.command: a2ensite default-ssl notify: Restart apache +# FIXME - name: Install kivitendo-task-server ansible.builtin.copy: src: files/kivitendo/kivitendo-task-server.service @@ -176,11 +177,12 @@ mode: 'u=rw,g=rw,o=' notify: systemd_daemon_reload -- name: Start kivitendo-task-server - ansible.builtin.systemd: - name: kivitendo-task-server - state: started - enabled: true +# FIXME funktioniert so noch nicht +#- name: Start kivitendo-task-server +# ansible.builtin.systemd: +# name: kivitendo-task-server +# state: started +# enabled: true # Anleitung adaptiert # https://github.com/kivitendo/kivitendo-ansible/blob/master/main.yml -- 2.39.5 From eec4e3cff65b179c7244ba83bf7fd7908e3f4059 Mon Sep 17 00:00:00 2001 From: Ullli Date: Sun, 7 Jun 2026 07:50:21 +0200 Subject: [PATCH 13/16] forgejo apt-key und Quellen per ansible --- tasks/collabora.yml | 2 +- tasks/forgejo.yml | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/tasks/collabora.yml b/tasks/collabora.yml index ba9c58e..39978e8 100644 --- a/tasks/collabora.yml +++ b/tasks/collabora.yml @@ -1,6 +1,6 @@ --- - name: Add repo using key from URL - deb822_repository: + ansible.builtin.deb822_repository: name: collaboraonline types: deb uris: https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-deb diff --git a/tasks/forgejo.yml b/tasks/forgejo.yml index 74be67e..1ce297d 100644 --- a/tasks/forgejo.yml +++ b/tasks/forgejo.yml @@ -1,4 +1,11 @@ --- +- name: Add repo using key from URL + ansible.builtin.deb822_repository: + name: forgejo + types: deb + uris: https://code.forgejo.org/api/packages/apt/debian + suites: lts + signed_by: https://code.forgejo.org/api/packages/apt/debian/repository.key - name: install server specific packages ansible.builtin.apt: pkg: -- 2.39.5 From 472d2f1d6bc2d792928b36fe91e54dd6c8963550 Mon Sep 17 00:00:00 2001 From: Ullli Date: Sun, 7 Jun 2026 08:05:02 +0200 Subject: [PATCH 14/16] forgejo ein Detail fuer apt ergaenzt --- tasks/forgejo.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tasks/forgejo.yml b/tasks/forgejo.yml index 1ce297d..c6d8ab1 100644 --- a/tasks/forgejo.yml +++ b/tasks/forgejo.yml @@ -5,6 +5,7 @@ types: deb uris: https://code.forgejo.org/api/packages/apt/debian suites: lts + components: main signed_by: https://code.forgejo.org/api/packages/apt/debian/repository.key - name: install server specific packages ansible.builtin.apt: -- 2.39.5 From f362930d89cd71eda1184a2445a07b011c2e38a5 Mon Sep 17 00:00:00 2001 From: Ullli Date: Sun, 7 Jun 2026 08:11:23 +0200 Subject: [PATCH 15/16] nur das originale Forgejo-Paket installieren --- tasks/forgejo.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tasks/forgejo.yml b/tasks/forgejo.yml index c6d8ab1..4f80319 100644 --- a/tasks/forgejo.yml +++ b/tasks/forgejo.yml @@ -10,5 +10,6 @@ - name: install server specific packages ansible.builtin.apt: pkg: - - git - - git-lfs + - forgejo-sqlite +# - git +# - git-lfs -- 2.39.5 From f6c98fe7c94c9166a295d1efc420bb788d3321ba Mon Sep 17 00:00:00 2001 From: Ullli Date: Sun, 7 Jun 2026 08:21:21 +0200 Subject: [PATCH 16/16] =?utf8?q?forgejo=20version=20von=20lts=20auf=20stab?= =?utf8?q?le=20ge=C3=A4ndert?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit --- tasks/forgejo.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/forgejo.yml b/tasks/forgejo.yml index 4f80319..ad4b9f5 100644 --- a/tasks/forgejo.yml +++ b/tasks/forgejo.yml @@ -4,7 +4,7 @@ name: forgejo types: deb uris: https://code.forgejo.org/api/packages/apt/debian - suites: lts + suites: stable components: main signed_by: https://code.forgejo.org/api/packages/apt/debian/repository.key - name: install server specific packages -- 2.39.5