|
|
|
---
|
|
|
|
|
|
|
|
mayan_version: 3.5
|
|
|
|
mayan_root_dir: /opt/mayan-edms
|
|
|
|
mayan_user: mayan-edms
|
|
|
|
# Should ansible handle upgrades ? If false, only initial install will be done
|
|
|
|
mayan_manage_upgrade: True
|
|
|
|
|
|
|
|
# Can be mysql or postgresql
|
|
|
|
mayan_db_engine: postgresql
|
|
|
|
mayan_db_server: "{{ mysql_server | default('localhost') }}"
|
|
|
|
mayan_db_port: "{{ (mayan_db_engine == 'mysql') | ternary('3306','5432') }}"
|
|
|
|
mayan_db_user: mayanedms
|
|
|
|
mayan_db_name: mayanedms
|
|
|
|
# A random pass will be created if not defined
|
|
|
|
# mayan_db_pass: S3cr3t.
|
|
|
|
|
|
|
|
# URL of the redis server to use
|
|
|
|
mayan_redis_url: redis://{% if redis_pass is defined %}:{{ redis_pass }}{% endif %}127.0.0.1:6379
|
|
|
|
# Mayan EDMS needs 2 redis DB. Set here the ID
|
|
|
|
# of the DB you want to use
|
|
|
|
mayan_redis_db:
|
|
|
|
result_backend: 0
|
|
|
|
broker: 1
|
|
|
|
|
|
|
|
# Number of web workers
|
|
|
|
mayan_web_workers: 2
|
|
|
|
|
|
|
|
# Port and list of allowed IP
|
|
|
|
mayan_port: 8000
|
|
|
|
mayan_src_ip: []
|
|
|
|
|
|
|
|
# From email address
|
|
|
|
mayan_from_mail: mayan-edsm@{{ ansible_domain }}
|
|
|
|
|
|
|
|
# Main language for document
|
|
|
|
mayan_doc_lang: fra
|
|
|
|
|
|
|
|
# LDAP Auth
|
|
|
|
# Most of these settings will try to detect system auth config
|
|
|
|
# and use them. But you can override if you want
|
|
|
|
#
|
|
|
|
# This is to turn on of off LDAP auth
|
|
|
|
mayan_ldap_auth: "{{ (ad_auth | default(False) or ldap_auth | default(False)) | ternary(True,False) }}"
|
|
|
|
# URI of your LDAP server, eg ldap://ldap.example.org:389
|
|
|
|
mayan_ldap_uri: "{{ ad_auth | default(False) | ternary('ldap://' + ad_realm | default(samba_realm) | default(ansible_domain) | lower,ldap_uri) }}"
|
|
|
|
# SHould Start TLS be used ?
|
|
|
|
mayan_ldap_start_tls: True
|
|
|
|
# Base of your LDAP tree. Eg DC=example,DC=org
|
|
|
|
mayan_ldap_base: "{{ ad_auth | default(False) | ternary('DC=' + ad_realm | default(samba_realm) | default(ansible_domain) | regex_replace('\\.',',DC='), ldap_base) }}"
|
|
|
|
# If your directory only allow authenticated searches, you can define it here
|
|
|
|
# mayan_ldap_bind_dn:
|
|
|
|
# mayan_ldap_bind_pass:
|
|
|
|
#
|
|
|
|
# If set, will restrict user search in these OU. Default is to search from the base
|
|
|
|
# Eg
|
|
|
|
# mayan_ldap_user_ou:
|
|
|
|
# - OU=People,DC=example,DC=org
|
|
|
|
# - OU=Presta,DC=example,DC=org
|
|
|
|
mayan_ldap_user_ou: []
|
|
|
|
# Filter to search for users
|
|
|
|
mayan_ldap_user_filter: "{{ ad_auth | default(False) | ternary('(sAMAccountName=%(user)s)','(uid=%(user)s)') }}"
|
|
|
|
# Mapping of LDAP attributes into Django attributes
|
|
|
|
mayan_ldap_user_attr_map:
|
|
|
|
username: "{{ ad_auth | default(False) | ternary('sAMAccountName','uid') }}"
|
|
|
|
first_name: givenName
|
|
|
|
last_name: sn
|
|
|
|
email: mail
|
|
|
|
|
|
|
|
# Same for groups
|
|
|
|
mayan_ldap_group_ou: []
|
|
|
|
# How are group represented in your directory.
|
|
|
|
# See https://django-auth-ldap.readthedocs.io/en/latest/groups.html for a list of valid values
|
|
|
|
mayan_ldap_group_type: "{{ ad_auth | default(False) | ternary('NestedActiveDirectoryGroupType','PosixGroupType') }}"
|
|
|
|
# LDAP filter to search for groups
|
|
|
|
mayan_ldap_group_filter: "{{ ad_auth | default(False) | ternary('(objectClass=group)','(objectClass=posixGroup)') }}"
|
|
|
|
|
|
|
|
# Define user flags based on group membership, for example :
|
|
|
|
#
|
|
|
|
# mayan_ldap_flags_by_group:
|
|
|
|
# is_active:
|
|
|
|
# - CN=Users,DC=example,DC=org
|
|
|
|
# is_staff:
|
|
|
|
# - CN=IT,OU=Groups,DC=example,DC=org
|
|
|
|
# is_superuser:
|
|
|
|
# - CN=Role_Infra_Admin,OU=Roles,DC=example,DC=org
|
|
|
|
# - CN=Domain Admins,OU=Groups,DC=example,DC=org
|
|
|
|
mayan_ldap_flags_by_group: {}
|
|
|
|
|
|
|
|
|
|
|
|
# If defined, will either require user to be part of one of those groups,
|
|
|
|
# or forbid access to membres of those groups
|
|
|
|
# mayan_ldap_require_group:
|
|
|
|
# - CN=Admins,OU=Groups,DC=example,DC=org
|
|
|
|
# - CN=Board,OU=Groups,DC=example,DC=org
|
|
|
|
#
|
|
|
|
# mayan_ldap_deny_group:
|
|
|
|
# - CN=Guests,OU=Groups,DC=example,DC=org
|
|
|
|
|
|
|
|
# Useful to debug LDAP related issues
|
|
|
|
mayan_ldap_debug: False
|
|
|
|
|
|
|
|
# Custom settings to set in the auth.py module
|
|
|
|
# Eg
|
|
|
|
# mayan_auth_custom_conf: |
|
|
|
|
# AUTH_LDAP_USER_FLAGS_BY_GROUP = {
|
|
|
|
# 'is_active': 'CN=Role_EDMS,OU=Roles,DC=example,DC=org',
|
|
|
|
# 'is_staff': 'CN=Role_Staff,OU=Roles,DC=example,DC=org',
|
|
|
|
# 'is_superuser': 'CN=Role_Infra_Admin,OU=Roles,DC=example,DC=org',
|
|
|
|
# }
|
|
|
|
|
|
|
|
# This is a list of indexes to expose as FUSE filesystem in {{ mayan_root_dir }}/fuse
|
|
|
|
# when running the pre-backup hook
|
|
|
|
mayan_index_as_fuse:
|
|
|
|
- creation_date
|