Ansible roles
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

115 lines
3.9 KiB

---
mayan_version: 3.4.17
mayan_root_dir: /opt/mayan-edms
mayan_user: mayan-edms
# Should ansible handle upgrades ? If false, only initial install will be done
mayan_manage_upgrade: True
# Can be mysql or postgresql
mayan_db_engine: postgresql
mayan_db_server: "{{ mysql_server | default('localhost') }}"
mayan_db_user: mayanedms
mayan_db_name: mayanedms
# A random pass will be created if not defined
# mayan_db_pass: S3cr3t.
# URL of the redis server to use
mayan_redis_url: redis://{% if redis_pass is defined %}:{{ redis_pass }}{% endif %}127.0.0.1:6379
# Mayan EDMS needs 2 redis DB. Set here the ID
# of the DB you want to use
mayan_redis_db:
result_backend: 0
broker: 1
# Number of web workers
mayan_web_workers: 2
# Port and list of allowed IP
mayan_port: 8000
mayan_src_ip: []
# From email address
mayan_from_mail: mayan-edsm@{{ ansible_domain }}
# Main language for document
mayan_doc_lang: fra
# LDAP Auth
# Most of these settings will try to detect system auth config
# and use them. But you can override if you want
#
# This is to turn on of off LDAP auth
mayan_ldap_auth: "{{ (ad_auth | default(False) or ldap_auth | default(False)) | ternary(True,False) }}"
# URI of your LDAP server, eg ldap://ldap.example.org:389
mayan_ldap_uri: "{{ ad_auth | default(False) | ternary('ldap://' + ad_realm | default(samba_realm) | default(ansible_domain) | lower,ldap_uri) }}"
# SHould Start TLS be used ?
mayan_ldap_start_tls: True
# Base of your LDAP tree. Eg DC=example,DC=org
mayan_ldap_base: "{{ ad_auth | default(False) | ternary('DC=' + ad_realm | default(samba_realm) | default(ansible_domain) | regex_replace('\\.',',DC='), ldap_base) }}"
# If your directory only allow authenticated searches, you can define it here
# mayan_ldap_bind_dn:
# mayan_ldap_bind_pass:
#
# If set, will restrict user search in these OU. Default is to search from the base
# Eg
# mayan_ldap_user_ou:
# - OU=People,DC=example,DC=org
# - OU=Presta,DC=example,DC=org
mayan_ldap_user_ou: []
# Filter to search for users
mayan_ldap_user_filter: "{{ ad_auth | default(False) | ternary('(sAMAccountName=%(user)s)','(uid=%(user)s)') }}"
# Mapping of LDAP attributes into Django attributes
mayan_ldap_user_attr_map:
username: "{{ ad_auth | default(False) | ternary('sAMAccountName','uid') }}"
first_name: givenName
last_name: sn
email: mail
# Same for groups
mayan_ldap_group_ou: []
# How are group represented in your directory.
# See https://django-auth-ldap.readthedocs.io/en/latest/groups.html for a list of valid values
mayan_ldap_group_type: "{{ ad_auth | default(False) | ternary('NestedActiveDirectoryGroupType','PosixGroupType') }}"
# LDAP filter to search for groups
mayan_ldap_group_filter: "{{ ad_auth | default(False) | ternary('(objectClass=group)','(objectClass=posixGroup)') }}"
# Define user flags based on group membership, for example :
#
# mayan_ldap_flags_by_group:
# is_active:
# - CN=Users,DC=example,DC=org
# is_staff:
# - CN=IT,OU=Groups,DC=example,DC=org
# is_superuser:
# - CN=Role_Infra_Admin,OU=Roles,DC=example,DC=org
# - CN=Domain Admins,OU=Groups,DC=example,DC=org
mayan_ldap_flags_by_group: {}
# If defined, will either require user to be part of one of those groups,
# or forbid access to membres of those groups
# mayan_ldap_require_group:
# - CN=Admins,OU=Groups,DC=example,DC=org
# - CN=Board,OU=Groups,DC=example,DC=org
#
# mayan_ldap_deny_group:
# - CN=Guests,OU=Groups,DC=example,DC=org
# Useful to debug LDAP related issues
mayan_ldap_debug: False
# Custom settings to set in the auth.py module
# Eg
# mayan_auth_custom_conf: |
# AUTH_LDAP_USER_FLAGS_BY_GROUP = {
# 'is_active': 'CN=Role_EDMS,OU=Roles,DC=example,DC=org',
# 'is_staff': 'CN=Role_Staff,OU=Roles,DC=example,DC=org',
# 'is_superuser': 'CN=Role_Infra_Admin,OU=Roles,DC=example,DC=org',
# }
# This is a list of indexes to expose as FUSE filesystem in {{ mayan_root_dir }}/fuse
# when running the pre-backup hook
mayan_index_as_fuse:
- creation_date