-
Notifications
You must be signed in to change notification settings - Fork 11
/
main.yml
530 lines (377 loc) · 18 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
---
# Extra file containing task variables to be loaded as first task You can
# override this in you playbook or elsewhere to override any role variables with
# your own variables.
camac_customer_variables: ""
# Version of camac to install (e.g. 0.23.0+fa84837c).
camac_version: "master"
# SHA256 checksum of the tarball.
camac_tarball_checksum: ~
# URL for fetching camac release tarballs.
camac_release: "https://files.adfinis.com/camac-be/camac-be-{{ camac_version }}.tar.gz"
# Environment that camac runs in. This can either be "development", "staging",
# "testing" or "production". This has impact on the way mails are sent aswell as
# on the theming.
camac_env: "development"
# TODO: Figure out what this does.
camac_master: True
# Email which receives errormails
camac_admin_email: "[email protected]"
# Email which receives mails about imports
camac_support_email: ""
# Should be an unique, unpredictable value and is used provide cryptographic
# signing.
# https://docs.djangoproject.com/en/2.2/ref/settings/#std:setting-SECRET_KEY
camac_django_secret: "rqo23kq9j&clk@ae5f43jhmz&qyan=6j-0ip0xcc5bauq4@$d8"
# Password salt string for passwords managed by Zend Framework 1
camac_password_salt: "ds5fsdFd763znsPO"
# Set me to 'true' if you want TLS only cookies
camac_session_secure: "false"
# Set me to 'true' if your app is only reachable through TLS due to a
# load-balancer or reverse proxy that terminates TLS.
camac_mock_tls: false
# CA Chain for php (mostly used to verify TLS connections to keykloak
# and others).
# Override this with a multiline string if you need to use you own ca.
# camac_ca_chain: |
# -----BEGIN CERTIFICATE-----
camac_ca_chain: ~
# Set this to the user which apache runs as
camac_apache_user: www-data
# This dir is used as the base for other paths of camac.
camac_php_basedir: "/usr/share/camac"
# Directory in which persistent data should be store. This is usually not below
# camac_basedir. It is recommended to put somehwhere in `/vab/lib`.
camac_php_datadir: "/var/lib/camac"
# Directory in which camac should store temporary files
camac_php_tmpdir: "{{ camac_php_datadir }}/tmp"
# Directory in which to write logfiles to.
camac_php_logdir: "{{ camac_php_basedir }}/log"
# PHP settings which are set in prepend.php
#
# Checkout the following links to see which settings can be changed:
# - https://www.php.net/manual/en/configuration.changes.modes.php
# - https://www.php.net/manual/en/ini.list.php
#
camac_php_settings:
max_input_vars: 10000
# Cronjobs
camac_cronjobs:
- name: "Notifikation Fristüberschreitung Stellungsnahme"
job: "{{ camac_python_pyenv_virtualenv_path }}/bin/python {{ camac_python_docroot }}/manage.py send_inquiry_reminders"
user: "{{ camac_python_user }}"
minute: "0"
hour: "9"
- name: "Notifikation Aufgaben"
job: "{{ camac_python_pyenv_virtualenv_path }}/bin/python {{ camac_python_docroot }}/manage.py send_work_item_reminders"
user: "{{ camac_python_user }}"
minute: "0"
hour: "9"
weekday: "1"
- name: "Temporäre Dateien aufäumen"
job: "{{ camac_python_pyenv_virtualenv_path }}/bin/python {{ camac_python_docroot }}/manage.py cleanup_tempfiles"
user: "{{ camac_python_user }}"
minute: "0"
hour: "23"
# Whether camac is supposed to load initial data from fixtures.
camac_load_data: true
# PDO adapter to use
camac_db_adapter: "Pdo_Pgsql"
# Username used for connection to database
camac_db_username: "camac"
# Password used for connecting to database
camac_db_password: "camac"
# Database/Schema namespace in database
camac_db_dbname: "camac"
# Database server hostname
camac_db_host: "localhost"
# Database server port
camac_db_port: 5432
# Whether to use persistent PDO connections to the database or not
# https://www.php.net/manual/en/features.persistent-connections.php
camac_db_persistent: "false"
# Camac url used in mails (without trailing slashes)
camac_mail_template_base_url: ""
# Camac portal url used in mails (without trailing slashes)
camac_mail_template_base_url_portal: ""
# Host over which camac will try to send mails
camac_mail_host: "localhost"
# Port over which camac will try to send mails
camac_mail_port: "25"
# From address which camac will use to send emails
camac_mail_from_email: "[email protected]"
# From name which camac will use to send emails
camac_mail_from_name: "Camac"
# Host on which memcached is running
camac_cache_host: "localhost"
# Port on which memcached is running
camac_cache_port: 11211
# Url over which keycloak is reachable (no trailing slash!)
camac_auth_idp_url: "http://keycloak.127.0.0.1.nip.io:8080/auth"
# Name of the keycloak realm
camac_auth_idp_realm: "camac"
# Name of the keycloak clients
camac_auth_sp_client: "camac"
camac_auth_sp_portal_client: "portal"
# Name of the keycloak admin client
camac_auth_admin_client: "camac-admin"
# Secret for the keycloak admin client
camac_auth_admin_client_secret: "secret"
# Whether to deploy keycloak or not
camac_keycloak_enable: false
# Keycloak user
camac_keycloak_user: wildfly
# Version of keycloak to deploy
camac_keycloak_version: "19.0.3"
camac_keycloak_tarball_checksum: "2b8148297c4e70e7db77681ea07a891618f7eadab76aff48b433cf4fbe4918c2"
# URL for fetching keycloak releases
camac_keycloak_release: "https://github.com/keycloak/keycloak/releases/download/{{ camac_keycloak_version }}/keycloak-legacy-{{ camac_keycloak_version }}.tar.gz"
# Version of the keycloak theme that should be deployed
camac_keycloak_theme_version: "1.2.7"
# SHA256 checkum of the keycloak theme jar file
camac_keycloak_theme_jarfile_checksum: "8c4f9fb6a33bd5e761e191b51705f37dc2b79bb44bc2b452c635e986f252cc98"
# Download url to fetch the keycloak theme
camac_keycloak_theme_release: "https://files.adfinis.com/camac-be/keycloak-theme-ebau-be-{{ camac_keycloak_theme_version | replace('.','-') }}.jar"
# Whether to create an admin user or not (This should only be enabled on the
# first run)
camac_keycloak_create_admin_user: False
# Name of the admin user that should be created
camac_keycloak_admin_user: admin
# Password of the admin user that should be created
camac_keycloak_admin_password: ~
# Default path to unpack keycloak to
camac_keycloak_basedir: "/usr/share/keycloak"
camac_keycloak_logdir: "{{ camac_keycloak_basedir }}/log"
camac_keycloak_tmpdir: "{{ camac_keycloak_basedir }}/tmp"
camac_keycloak_datadir: "{{ camac_keycloak_datadir }}/data"
# Path where we install keycloak to
camac_keycloak_appdir: "{{ camac_keycloak_basedir }}/keycloak"
# Whether the archive already exists on the remote system of if it should be
# fetched over HTTP.
camac_keycloak_unarchive_remote_src: no
# This directory is used as the base for other paths of the camac-api.
camac_python_basedir: "/usr/share/camac-api/"
# Directory in which the Camac Django API will store persistent data. This is
# usually not below camac_basedir. It is recommended to put somehwhere in
# `/vab/lib`.
camac_python_datadir: "{{ camac_python_basedir }}/data"
# Directory in which the Camac Django API will store temporary data.
camac_python_tmpdir: "{{ camac_python_basedir }}/tmp"
# Directory in which the source code of the Camac Django API will be stored
camac_python_docroot: "{{ camac_python_basedir }}/webapps"
# Directory in which the source code of the Camac Django API will be stored
camac_python_confdir: "{{ camac_python_basedir }}/config"
# Directory in which the logs of the Camac Django API will be stored
# TODO: Configure uWSGI Logging
camac_python_logdir: "{{ camac_python_basedir }}/log"
# User as wich camac api will be run
camac_python_user: "vagrant"
# Home directory camac api user
camac_python_user_home: "/home/{{ camac_python_user }}"
# Django mail settings
camac_python_django_default_from_email: "{{ camac_mail_from_email }}"
camac_python_django_server_email: "{{ camac_mail_from_email }}"
camac_python_django_email_host: "{{ camac_mail_host }}"
camac_python_django_email_port: "{{ camac_mail_port }}"
# BE-Login url
camac_python_django_registration_url: "https://www.belogin.directories.be.ch/"
# Keycloak url
camac_python_keycloak_url: "{{ camac_auth_idp_url }}"
# Keycloak realm
camac_python_keycloak_realm: "{{ camac_auth_idp_realm }}"
# Keycloak clients
camac_python_keycloak_client: "{{ camac_auth_sp_client }}"
camac_python_keycloak_portal_client: "{{ camac_auth_sp_portal_client }}"
# OIDC username claim
camac_python_oidc_username_claim: "preferred_username"
# Directory in which pyenv will be cloned (with git)
camac_python_pyenv_install_directory: "{{ camac_python_user_home }}/.pyenv"
# Pyenv Python version that will be used to run uwsgi
camac_python_pyenv_python_version: "3.10.9"
# Url of the official pyenv repository
camac_python_pyenv_git_repository_url: "https://github.com/pyenv/pyenv"
# Bashrc file of camac api user (This is required so we can include pyenv script
# into $PATH)
camac_python_user_bashrc: "{{ camac_python_user_home}}/.bashrc"
# Pyenv version (corresponds to a valid git tag)
camac_python_pyenv_version: "v2.3.8"
# Url of the official pyenv-virtualenv plugin repository
camac_python_pyenv_virtualenv_git_repository_url: "https://github.com/pyenv/pyenv-virtualenv"
# Pyenv virtualenv plugin version (corresponds to a valid git tag)
camac_python_pyenv_virtualenv_version: "v1.1.5"
# Name of the pyenv virtualenv
camac_python_pyenv_virtualenv_name: "camac-api"
# Path to the pyenv virtualenv
camac_python_pyenv_virtualenv_path: "{{ camac_python_pyenv_install_directory }}/versions/{{ camac_python_pyenv_virtualenv_name }}"
# Url of the Camac Django API
camac_python_url: "http://camac-ng.local/"
camac_api_host: "http://{{ camac_python_uwsgi_address }}:{{ camac_python_uwsgi_port }}"
# Whether to use clamd to scan file uploads
camac_python_clamd_enabled: false
# Whether to use tcp or a socket to connect to the clamd service
camac_python_clamd_use_tcp: false
# Tcp address on which clamd is reachable
camac_python_clamd_tcp_addr: "localhost"
# Socket on which clamd is reachable
camac_python_clamd_socket: "/var/run/clamav/clamd.ctl"
# If true, uploaded files will be auto rejected if the clamd service is not reachable
camac_python_clamd_fail_by_default: false
# Address on which the camac-api uWSGI instance listens on
camac_python_uwsgi_address: "0.0.0.0"
# Port on which the camac-api uWSGI instance listens on
camac_python_uwsgi_port: "8181"
# Whether new users are automatically added to a set of different groups for testing/demo purposes.
camac_demo_mode: false
camac_demo_mode_groups: []
# Url to the iframe embedded ember form
camac_portal_uri: "http://caluma.127.0.0.1.nip.io"
# Url to document merge service used by camac django API
camac_document_merge_service_url: "http://{{ document_merge_service_uwsgi_address }}:{{ document_merge_service_uwsgi_port }}/document-merge-service/api/v1/"
# Caluma userinfo endpoint
camac_caluma_oidc_userinfo_endpoint: "{{ camac_auth_idp_url }}/realms/{{ camac_auth_idp_realm }}/protocol/openid-connect/userinfo"
# Caluma dynamic groups classes
camac_caluma_dynamic_groups_classes: "camac.caluma.extensions.dynamic_groups.CustomDynamicGroups"
# Caluma dynamic tasks classes
camac_caluma_dynamic_tasks_classes: "camac.caluma.extensions.dynamic_tasks.CustomDynamicTasks"
# Caluma event receiver modules
camac_caluma_event_receiver_modules: "camac.caluma.extensions.events"
# Caluma visbility classes
camac_caluma_visibility_classes: "camac.caluma.extensions.visibilities.CustomVisibilityBE"
# Caluma validation classes
camac_caluma_validation_classes: "camac.caluma.extensions.validations.CustomValidation"
# Caluma permission classes
camac_caluma_permission_classes: "camac.caluma.extensions.permissions.CustomPermission"
# Caluma data_source classes
camac_caluma_data_source_classes: "camac.caluma.extensions.data_sources.Landowners,camac.caluma.extensions.data_sources.Municipalities,camac.caluma.extensions.data_sources.Services,camac.caluma.extensions.data_sources.Attachments"
# Time in seconds before bearer token validity is verified again
camac_caluma_oidc_bearer_token_revalidation_time: 270
# Caluma meta fields
camac_caluma_meta_fields: "camac-instance-id,ebau-number,submit-date"
# Caluma language settings
camac_caluma_language_code: "de"
camac_caluma_languages: "de,fr"
# Enable caluma historical API
camac_caluma_enable_historical_api: true
# Enable Manabi (WebDAV)
manabi_enable: false
manabi_debug: false
# Enhanced file write logs
log_file_write_size: false
# This directory is used as the base for other paths of the ember caluma form
# TODO: Find a good prefix for form/portal frontend
ember_basedir: "/usr/share/ember-caluma-portal/"
# Directory in which the static ember website will be stored
ember_docroot: "{{ ember_basedir }}/htdocs"
# Set this to the user which apache runs as
ember_apache_user: www-data
# Keycloak URL
ember_oidc_host: "{{ camac_auth_idp_url }}/"
# Name of the portal oidc client
ember_oidc_client: "portal"
# Portal oidc endpoint
ember_oidc_endpoint: "{{ camac_auth_idp_url }}/realms/{{ camac_auth_idp_realm }}/protocol/openid-connect"
# This directory is used as the base for other paths of caluma.
document_merge_service_basedir: "/usr/share/document-merge-service"
# Directory in which the source code of the Caluma will be stored
document_merge_service_docroot: "{{ document_merge_service_basedir }}/webapps"
# Directory in which the source code of the Caluma will be stored
document_merge_service_confdir: "{{ document_merge_service_basedir }}/config"
# Directory in which the logs of the Caluma will be stored
# TODO: Configure uWSGI Logging
document_merge_service_logdir: "{{ document_merge_service_basedir }}/log"
# Whether to load dms config from release tarball
document_merge_service_load_data: true
# User that runs the caluma process
document_merge_service_user: "vagrant"
# Home directory of caluma user
document_merge_service_user_home: "/home/{{ document_merge_service_user }}"
# Directory in which pyenv will be cloned (with git)
document_merge_service_pyenv_install_directory: "{{ document_merge_service_user_home }}/.pyenv"
# Pyenv Python version that will be used to run uwsgi/caluma
document_merge_service_pyenv_python_version: "3.10.9"
# Url of the official pyenv repository
document_merge_service_pyenv_git_repository_url: "https://github.com/pyenv/pyenv"
# Bashrc file of caluma user (This is required so we can include pyenv script
# into $PATH)
document_merge_service_user_bashrc: "{{ document_merge_service_user_home}}/.bashrc"
# Pyenv version (corresponds to a valid git tag)
document_merge_service_pyenv_version: "v2.2.4"
# Url of the official pyenv-virtualenv plugin repository
document_merge_service_pyenv_virtualenv_git_repository_url: "https://github.com/pyenv/pyenv-virtualenv"
# Pyenv virtualenv plugin version (corresponds to a valid git tag)
document_merge_service_pyenv_virtualenv_version: "v1.1.5"
# Name of the pyenv virtualenv
document_merge_service_pyenv_virtualenv_name: "document-merge-service"
# Path to the pyenv virtualenv
document_merge_service_pyenv_virtualenv_path: "{{ document_merge_service_pyenv_install_directory }}/versions/{{ document_merge_service_pyenv_virtualenv_name }}"
# Address on which the caluma uWSGI instance listens on
document_merge_service_uwsgi_address: "0.0.0.0"
# Port on which the caluma uWSGI instance listens on
document_merge_service_uwsgi_port: "8484"
# Username used for connection to database
document_merge_service_db_username: "document-merge-service"
# Password used for connecting to database
document_merge_service_db_password: "document-merge-service"
# Database/Schema namespace in database
document_merge_service_db_dbname: "document-merge-service"
# Database server hostname
document_merge_service_db_host: "localhost"
# Database server port
document_merge_service_db_port: 5432
# Database server engine
document_merge_service_db_engine: "django.db.backends.postgresql"
# Allowed hosts that are allowed to connect to caluma
document_merge_service_django_allowed_hosts: "*"
# Django secret
document_merge_service_django_secret_key: "rqo23kq9j&clk@ae5f43jhmz&qyan=6j-0ip0xcc5bauq4@$d8"
# Time in seconds before bearer token validity is verified again
document_merge_service_oidc_bearer_token_revalidation_time: 270
# Url to the keycloak userinfo endpoint
document_merge_service_oidc_userinfo_endpoint: "{{ camac_auth_idp_url }}/realms/{{ camac_auth_idp_realm }}/protocol/openid-connect/userinfo"
# OIDC username claim in document-merge-service
document_merge_service_oidc_username_claim: "{{ camac_python_oidc_username_claim }}"
# https://github.com/adfinis-sygroup/document-merge-service/issues/94
document_merge_service_docxtemplate_jinja_extensions: "jinja2.ext.do,jinja2.ext.loopcontrols"
# Where the uploaded documents will be stored
document_merge_service_media_root: "{{ document_merge_service_basedir }}/templates"
# Where temporary files will be stored
document_merge_service_database_dir: "{{ document_merge_service_basedir }}/tmp"
# A proxy which the services should use for requests (e.g auth)
# Either false or protocol://host:port
http_proxy: false
https_proxy: false
# Proxy ignores
no_proxy: "{{ camac_python_uwsgi_address }},{{ document_merge_service_uwsgi_address }}"
# GWR fernet key
gwr_fernet_key: ""
# GWR WSK ID
gwr_wsk_id: 351388
# GWR housing stat base URI
gwr_housing_stat_base_uri: ""
# GIS
gis_url: "https://www.geoservice.apps.be.ch"
gis_map_url: "https://www.map.apps.be.ch"
# Document merge service extensions
document_merge_service_ext_service_group_id: ""
document_merge_service_ext_admin_service_ids: []
# Import
dossier_import_client_id: "dossier-import"
dossier_import_client_secret: ""
# Name of the apache systemd service
apache_service_name: "apache2"
# uWSGI settings
uwsgi_max_processes: 96
uwsgi_min_processes: 8
uwsgi_init_processes: 16
uwsgi_spawn_processes: 16
uwsgi_harakiri: 60
# Keycloak DB
camac_keycloak_use_postgres: false
camac_keycloak_db_host: "{{ camac_db_host }}"
camac_keycloak_db_port: "{{ camac_db_port }}"
camac_keycloak_db_name: "keycloak"
camac_keycloak_db_user: "keycloak"
camac_keycloak_db_password: ""
camac_keycloak_postgres_jdbc_version: "42.4.0"
camac_keycloak_postgres_jdbc_release: "https://jdbc.postgresql.org/download/postgresql-{{ camac_keycloak_postgres_jdbc_version }}.jar"
camac_keycloak_postgres_jdbc_jarfile_checksum: "fe25b9c0a2c59458504ec88862853df522ee87f8a02564835d537c29ae4cb125"