Update to 2021-12-01 19:13

roles/glpi/defaults/main.yml

@@ -0,0 +1,96 @@
+---
+
+glpi_id: 1
+glpi_manage_upgrade: True
+glpi_version: 9.5.5
+glpi_zip_url: https://github.com/glpi-project/glpi/releases/download/{{ glpi_version }}/glpi-{{ glpi_version }}.tgz
+glpi_zip_sha1: 4a3408d3485b3813251e5c3f567283767bd76847
+glpi_root_dir: /opt/glpi_{{ glpi_id }}
+glpi_php_user: php-glpi_{{ glpi_id }}
+# If set, will use the following custom PHP FPM pool, which must be created
+# glpi_php_fpm_pool: php70
+glpi_php_version: 74
+glpi_mysql_server: "{{ mysql_server | default('localhost') }}"
+glpi_mysql_db: glpi_{{ glpi_id }}
+glpi_mysql_user: glpi_{{ glpi_id }}
+# If unset, a random one will be created and stored in the meta directory
+# glpi_mysql_pass: glpi
+
+# glpi_alias: glpi
+# glpi_src_ip:
+#   - 192.168.7.0/24
+#   - 10.2.0.0/24
+
+glpi_plugins:
+  fusioninventory:
+    version: '9.5+3.0'
+    sha1: ecfd38bb31600d6806cb32a8a5af2db24bac8145
+    url: https://github.com/fusioninventory/fusioninventory-for-glpi/releases/download/glpi9.5%2B3.0/fusioninventory-9.5+3.0.tar.bz2
+  reports:
+    version: 1.14.0
+    sha1: 0e2c8912c43360b1140f972e70e3509e4e6e3c0d
+    url: https://forge.glpi-project.org/attachments/download/2317/glpi-plugin-reports-1.14.0.tar.gz
+  pdf:
+    version: 2.0.0
+    sha1: c1eee0ab488852265c6a920510894551424b3f3e
+    url: https://forge.glpi-project.org/attachments/download/2335/glpi-pdf-2.0.0.tar.gz
+  behaviors:
+    version: 2.5.0
+    sha1: 972e06027835d9da1e2eb2523caff40382389f81
+    url: https://forge.glpi-project.org/attachments/download/2336/glpi-behaviors-2.5.0.tar.gz
+  manufacturersimports:
+    version: 2.3.1
+    sha1: a6c3fd696665221ab5f1cf4cada18dd6481a1f31
+    url: https://github.com/InfotelGLPI/manufacturersimports/releases/download/2.3.1/glpi-manufacturersimports-2.3.1.tar.gz
+  domains:
+    version: 2.2.1
+    sha1: 298b459f5a132a20b3e3427921485c201f68ea78
+    url: https://github.com/InfotelGLPI/domains/releases/download/2.2.1/glpi-domains-2.2.1.tar.gz
+  formcreator:
+    version: 2.11.2
+    sha1: f8a51ee17296602d9f17daacbc4470e1b26c743c
+    url: https://github.com/pluginsGLPI/formcreator/releases/download/v2.11.2/glpi-formcreator-2.11.2.tar.bz2
+  tag:
+    version: 2.8.1
+    sha1: 9e88086bd54f41c67ddbd915020be0d558d05668
+    url: https://github.com/pluginsGLPI/tag/releases/download/2.8.1/glpi-tag-2.8.1.tar.bz2
+  mreporting:
+    version: 1.7.2
+    sha1: 9e9498b11dd59707b16501a1fb341839642eb4a6
+    url: https://github.com/pluginsGLPI/mreporting/releases/download/1.7.2/glpi-mreporting-1.7.2.tar.bz2
+  fields:
+    version: 1.12.4
+    sha1: 6415badd849dcb5d3b51d6cb256c7cb3040aaff1
+    url: https://github.com/pluginsGLPI/fields/releases/download/1.12.4/glpi-fields-1.12.4.tar.bz2
+  webapplications:
+    version: 3.0.0
+    sha1: c5fe2ce301e02469b0fe66e302dedcf0a564e1ae
+    url: https://github.com/InfotelGLPI/webapplications/releases/download/3.0.0/glpi-webapplications-3.0.0.tar.gz
+  genericobject:
+    version: 2.10.1
+    sha1: a8a27acfb0055f5880715bcd5931134bcd690542
+    url: https://github.com/pluginsGLPI/genericobject/releases/download/2.10.1/glpi-genericobject-2.10.1.tar.bz2
+  mantis:
+    version: 4.4.0
+    sha1: 1686f9a944d16e86b74eab9689e61bf64f4cf144
+    url: https://github.com/pluginsGLPI/mantis/releases/download/4.4.0/glpi-mantis-4.4.0.tar.bz2
+  archimap:
+    version: 2.2.1
+    sha1: a9dfac68dfad5af7230e36b76199391a7fee0c04
+    url: https://github.com/ericferon/glpi-archimap/releases/download/v2.2.1/archimap-v2.2.1.tar.gz
+  dashboard:
+    version: 1.0.2
+    sha1: c98a504f18c9914b57deda0340c19dbfad08440f
+    url: https://forge.glpi-project.org/attachments/download/2323/glpi-dashboard-1.0.2.zip
+    rename_from: glpi-dashboard-1.0.2
+
+glpi_plugins_to_install: []
+
+# You can customize the logo, ansible will download the logo
+# This one is at the top left on every page. Should be 100x55
+# glpi_logo: https://img.example.org/logos/glpi/fd_glpi.png
+
+# This one is on the login page. It should be 145x80
+# glpi_login_logo: https://img.example.org/logos/glpi/login_logo_glpi.png
+
+...

roles/glpi/handlers/main.yml

@@ -0,0 +1,4 @@
+---
+- include: ../httpd_common/handlers/main.yml
+- include: ../httpd_php/handlers/main.yml
+...

roles/glpi/meta/main.yml

@@ -0,0 +1,8 @@
+---
+allow_duplicates: true
+dependencies:
+  - role: mkdir
+  - role: httpd_php
+  - role: mysql_server
+    when: glpi_mysql_server == 'localhost' or glpi_mysql_server == '127.0.0.1'
+...

roles/glpi/tasks/archive_post.yml

@@ -0,0 +1,8 @@
+---
+
+- import_tasks: ../includes/webapps_compress_archive.yml
+  vars:
+    - root_dir: "{{ glpi_root_dir }}"
+    - version: "{{ glpi_current_version }}"
+  tags: glpi
+

roles/glpi/tasks/archive_pre.yml

@@ -0,0 +1,9 @@
+---
+
+- import_tasks: ../includes/webapps_archive.yml
+  vars:
+    - root_dir: "{{ glpi_root_dir }}"
+    - version: "{{ glpi_current_version }}"
+    - db_name: "{{ glpi_mysql_db }}"
+  tags: glpi
+

roles/glpi/tasks/cleanup.yml

@@ -0,0 +1,20 @@
+---
+
+- name: Remove plugins archives
+  file:
+    path: "{{ glpi_root_dir }}/tmp/{{ glpi_plugins[item].url | urlsplit('path') | basename }}"
+    state: absent
+  with_items: "{{ glpi_plugins_to_install }}"
+  when: glpi_plugins[item] is defined
+  tags: glpi
+
+- name: Remove temp files
+  file: path={{ item }} state=absent
+  with_items:
+    - "{{ glpi_root_dir }}/tmp/glpi"
+    - "{{ glpi_root_dir }}/tmp/glpi-{{ glpi_version }}.tgz"
+    - "{{ glpi_root_dir }}/db_dumps"
+    - /etc/backup/pre.d/glpi_{{ glpi_id }}_dump_db
+    - /etc/backup/post.d/glpi_{{ glpi_id }}_rm_dump
+  tags: glpi
+

roles/glpi/tasks/conf.yml

@@ -0,0 +1,39 @@
+---
+
+- import_tasks: ../includes/webapps_webconf.yml
+  vars:
+    - app_id: glpi_{{ glpi_id }}
+    - php_version: "{{ glpi_php_version }}"
+    - php_fpm_pool: "{{ glpi_php_fpm_pool | default('') }}"
+  tags: glpi
+
+- name: Deploy glpi configuration
+  template: src={{ item }}.j2 dest={{ glpi_root_dir }}/web/config/{{ item }} owner=root group={{ glpi_php_user }} mode=660
+  with_items:
+    - local_define.php
+    - config_db.php
+  tags: glpi
+
+- name: Remove obsolete conf files
+  file: path={{ glpi_root_dir }}/web/config/{{ item }} state=absent
+  with_items:
+    - config_path.php
+  tags: glpi
+
+- name: Init database
+  command: "/bin/php{{ glpi_php_version }} {{ glpi_root_dir }}/web/bin/console -n db:install"
+  when: glpi_install_mode == 'install'
+  tags: glpi
+
+- name: Upgrade database
+  command: "/bin/php{{ glpi_php_version }} {{ glpi_root_dir }}/web/bin/console -n db:update"
+  when: glpi_install_mode == 'upgrade'
+  tags: glpi
+
+- name: Deploy sso.php script
+  template: src=sso.php.j2 dest={{ glpi_root_dir }}/web/sso.php
+  tags: glpi
+
+- name: Deploy logrotate conf
+  template: src=logrotate.conf.j2 dest=/etc/logrotate.d/glpi_{{ glpi_id }}
+  tags: glpi

roles/glpi/tasks/directories.yml

@@ -0,0 +1,24 @@
+---
+
+- name: Create directory structure
+  file: path={{ item }} state=directory
+  with_items:
+    - "{{ glpi_root_dir }}"
+    - "{{ glpi_root_dir }}/web"
+    - "{{ glpi_root_dir }}/tmp"
+    - "{{ glpi_root_dir }}/sessions"
+    - "{{ glpi_root_dir }}/meta"
+    - "{{ glpi_root_dir }}/backup"
+    - "{{ glpi_root_dir }}/data"
+    - "{{ glpi_root_dir }}/data/_files"
+    - "{{ glpi_root_dir }}/data/_cache"
+    - "{{ glpi_root_dir }}/data/_cron"
+    - "{{ glpi_root_dir }}/data/_dumps"
+    - "{{ glpi_root_dir }}/data/_graphs"
+    - "{{ glpi_root_dir }}/data/_lock"
+    - "{{ glpi_root_dir }}/data/_log"
+    - "{{ glpi_root_dir }}/data/_pictures"
+    - "{{ glpi_root_dir }}/data/_plugins"
+    - "{{ glpi_root_dir }}/data/_rss"
+  tags: glpi
+

roles/glpi/tasks/facts.yml

@@ -0,0 +1,21 @@
+---
+
+- import_tasks: ../includes/webapps_set_install_mode.yml
+  vars:
+    - root_dir: "{{ glpi_root_dir }}"
+    - version: "{{ glpi_version }}"
+  tags: glpi
+- set_fact: glpi_install_mode={{ (install_mode == 'upgrade' and not glpi_manage_upgrade) | ternary('none',install_mode) }}
+  tags: glpi
+- set_fact: glpi_current_version={{ current_version | default('') }}
+  tags: glpi
+
+- import_tasks: ../includes/get_rand_pass.yml
+  vars:
+    - pass_file: "{{ glpi_root_dir }}/meta/ansible_dbpass"
+  when: glpi_mysql_pass is not defined
+  tags: glpi
+- set_fact: glpi_mysql_pass={{ rand_pass }}
+  when: glpi_mysql_pass is not defined
+  tags: glpi
+

roles/glpi/tasks/filebeat.yml

@@ -0,0 +1,5 @@
+---
+
+- name: Deploy filebeat configuration
+  template: src=filebeat.yml.j2 dest=/etc/filebeat/ansible_inputs.d/glpi_{{ glpi_id }}.yml
+  tags: glpi,log

roles/glpi/tasks/install.yml

@@ -0,0 +1,142 @@
+---
+
+- name: Install needed tools
+  yum:
+    name:
+      - unzip
+      - tar
+      - bzip2
+      - acl
+      - mariadb
+  tags: glpi
+
+- name: Download glpi
+  get_url:
+    url: "{{ glpi_zip_url }}"
+    dest: "{{ glpi_root_dir }}/tmp/"
+    checksum: "sha1:{{ glpi_zip_sha1 }}"
+  when: glpi_install_mode != "none"
+  tags: glpi
+
+- name: Extract glpi archive
+  unarchive:
+    src: "{{ glpi_root_dir }}/tmp/glpi-{{ glpi_version }}.tgz"
+    dest: "{{ glpi_root_dir }}/tmp/"
+    remote_src: yes
+  when: glpi_install_mode != "none"
+  tags: glpi
+
+- name: Move the content of glpi to the correct top directory
+  synchronize:
+    src: "{{ glpi_root_dir }}/tmp/glpi/"
+    dest: "{{ glpi_root_dir }}/web/"
+    recursive: True
+    delete: True
+    rsync_opts:
+      - '--exclude=/install/install.php'
+      - '--exclude=/files/'
+      - '--exclude=/config/glpicrypt.key'
+  delegate_to: "{{ inventory_hostname }}"
+  when: glpi_install_mode != "none"
+  tags: glpi
+
+- name: Remove unwanted files and directories
+  file: path={{ glpi_root_dir }}/web/{{ item }} state=absent
+  with_items:
+    - files
+    - install/install.php
+  tags: glpi
+
+- name: Build a list of installed plugins
+  shell: find {{ glpi_root_dir }}/web/plugins -maxdepth 1 -mindepth 1 -type d -exec basename "{}" \;
+  register: glpi_installed_plugins
+  changed_when: False
+  tags: glpi
+
+- name: Download plugins
+  get_url:
+    url: "{{ glpi_plugins[item].url }}"
+    dest: "{{ glpi_root_dir }}/tmp/"
+    checksum: "sha1:{{ glpi_plugins[item].sha1 }}"
+  when:
+    - item not in glpi_installed_plugins.stdout_lines
+    - glpi_plugins[item] is defined
+  with_items: "{{ glpi_plugins_to_install }}"
+  tags: glpi
+
+- name: Extract plugins
+  unarchive:
+    src: "{{ glpi_root_dir }}/tmp/{{ glpi_plugins[item].url | urlsplit('path') | basename }}"
+    dest: "{{ glpi_root_dir }}/web/plugins/"
+    remote_src: yes
+  when:
+    - item not in glpi_installed_plugins.stdout_lines
+    - glpi_plugins[item] is defined
+  with_items: "{{ glpi_plugins_to_install }}"
+  tags: glpi
+
+# Some plugins have the directory name not matching the plugin name
+# Eg, glpi-dashboard-1.0.2 instead of dashboard. So it's removed as if it was an unmanaged plugin
+# If the prop rename_from is defined for the plugin, rename the dir
+- name: Rename plugin dir
+  command: mv {{ glpi_root_dir }}/web/plugins/{{ glpi_plugins[item].rename_from }} {{ glpi_root_dir }}/web/plugins/{{ item }}
+  args:
+    creates: "{{ glpi_root_dir }}/web/plugins/{{ item }}"
+  when: glpi_plugins[item].rename_from is defined
+  loop: "{{ glpi_plugins_to_install }}"
+  tags: glpi
+
+- name: Build a list of installed plugins
+  shell: find {{ glpi_root_dir }}/web/plugins -maxdepth 1 -mindepth 1 -type d -exec basename "{}" \;
+  register: glpi_installed_plugins
+  changed_when: False
+  tags: glpi
+
+- name: Remove unmanaged plugins
+  file: path={{ glpi_root_dir }}/web/plugins/{{ item }} state=absent
+  with_items: "{{ glpi_installed_plugins.stdout_lines }}"
+  when: item not in glpi_plugins_to_install
+  tags: glpi
+
+- import_tasks: ../includes/webapps_create_mysql_db.yml
+  vars:
+    - db_name: "{{ glpi_mysql_db }}"
+    - db_user: "{{ glpi_mysql_user }}"
+    - db_server: "{{ glpi_mysql_server }}"
+    - db_pass: "{{ glpi_mysql_pass }}"
+  tags: glpi
+
+- set_fact: glpi_db_created={{ db_created }}
+  tags: glpi
+
+- name: Deploy cron task
+  cron:
+    name: glpi_{{ glpi_id }}
+    cron_file: glpi_{{ glpi_id }}
+    user: "{{ glpi_php_user }}"
+    job: "/bin/php{{ (glpi_php_version == '54') | ternary('',glpi_php_version) }} {{ glpi_root_dir }}/web/front/cron.php"
+    minute: "*/5"
+  tags: glpi
+
+- name: Deploy backup scripts
+  template: src={{ item }}_backup.j2 dest=/etc/backup/{{ item }}.d/glpi_{{ glpi_id }} mode=750
+  loop:
+    - pre
+    - post
+  tags: glpi
+
+- name: Download the logo
+  get_url:
+    url: "{{ glpi_logo }}"
+    dest: "{{ glpi_root_dir }}/web/pics/fd_logo.png"
+    force: True
+  when: glpi_logo is defined
+  tags: glpi
+
+- name: Download the login page logo
+  get_url:
+    url: "{{ glpi_login_logo }}"
+    dest: "{{ glpi_root_dir }}/web/pics/login_logo_glpi.png"
+    force: True
+  when: glpi_login_logo is defined
+  tags: glpi

roles/glpi/tasks/main.yml

@@ -0,0 +1,14 @@
+---
+
+- include: user.yml
+- include: directories.yml
+- include: facts.yml
+- include: archive_pre.yml
+  when: glpi_install_mode == 'upgrade'
+- include: install.yml
+- include: conf.yml
+- include: cleanup.yml
+- include: write_version.yml
+- include: archive_post.yml
+  when: glpi_install_mode == 'upgrade'
+- include: filebeat.yml

roles/glpi/tasks/user.yml

@@ -0,0 +1,8 @@
+---
+
+- import_tasks: ../includes/create_system_user.yml
+  vars:
+    - user: "{{ glpi_php_user }}"
+    - comment: "PHP FPM for glpi {{ glpi_id }}"
+  tags: glpi
+

roles/glpi/tasks/write_version.yml

@@ -0,0 +1,17 @@
+---
+
+- name: Write plugin versions
+  shell: echo {{ glpi_plugins[item].version }} > {{ glpi_root_dir }}/meta/glpi_plugin_{{ item }}_ansible_version
+  when:
+    - item not in glpi_installed_plugins
+    - glpi_plugins[item] is defined
+  with_items: "{{ glpi_plugins_to_install }}"
+  changed_when: False
+  tags: glpi
+
+- import_tasks: ../includes/webapps_post.yml
+  vars:
+    - root_dir: "{{ glpi_root_dir }}"
+    - version: "{{ glpi_version }}"
+  tags: glpi
+

roles/glpi/templates/config_db.php.j2

@@ -0,0 +1,8 @@
+<?php
+class DB extends DBmysql {
+  var $dbhost    = '{{ glpi_mysql_server }}';
+  var $dbuser    = '{{ glpi_mysql_user }}';
+  var $dbpassword= '{{ glpi_mysql_pass }}';
+  var $dbdefault = '{{ glpi_mysql_db }}';
+}
+?>

roles/glpi/templates/filebeat.yml.j2

@@ -0,0 +1,7 @@
+- type: log
+  enabled: True
+  paths:
+    - {{ glpi_root_dir }}/data/_log/*.log
+  exclude_files:
+    - '\.[gx]z$'
+    - '\d+$'

roles/glpi/templates/httpd.conf.j2

@@ -0,0 +1,29 @@
+{% if glpi_alias is defined %}
+Alias /{{ glpi_alias }} {{ glpi_root_dir }}/web
+{% else %}
+# No alias defined, create a vhost to access it
+{% endif %}
+
+<Directory {{ glpi_root_dir }}/web>
+  AllowOverride All
+  Options FollowSymLinks
+{% if glpi_src_ip is defined %}
+  Require ip {{ glpi_src_ip | join(' ') }}
+{% else %}
+  Require all granted
+{% endif %}
+  <FilesMatch \.php$>
+    SetHandler "proxy:unix:/run/php-fpm/{{ glpi_php_fpm_pool | default('glpi_' + glpi_id | string) }}.sock|fcgi://localhost"
+  </FilesMatch>
+
+  <FilesMatch "(.ansible_version|.git.*|(CONTRIBUTING|SUPPORT|CHANGELOG|COPYING)\.(md|txt))">
+    Require all denied
+  </FilesMatch>
+
+</Directory>
+
+{% for dir in [ 'scripts', 'locales', 'config', 'inc', 'vendor', '.github', 'bin' ] %}
+<Directory {{ glpi_root_dir }}/web/{{ dir }}>
+  Require all denied
+</Directory>
+{% endfor %}

roles/glpi/templates/local_define.php.j2

@@ -0,0 +1,9 @@
+<?php
+
+define("GLPI_VAR_DIR", "{{ glpi_root_dir }}/data");
+define("GLPI_DOC_DIR", GLPI_VAR_DIR . "/_files");
+define("GLPI_SESSION_DIR", "{{ glpi_root_dir }}/sessions");
+define("GLPI_TMP_DIR", "{{ glpi_root_dir }}/tmp");
+define("GLPI_UPLOAD_DIR", "{{ glpi_root_dir }}/tmp");
+
+?>

roles/glpi/templates/logrotate.conf.j2

@@ -0,0 +1,7 @@
+{{ glpi_root_dir }}/data/_log/*.log {
+  daily
+  rotate 90
+  compress
+  missingok
+  su {{ glpi_php_user }} {{ glpi_php_user }}
+}

roles/glpi/templates/perms.sh.j2

@@ -0,0 +1,20 @@
+#!/bin/sh
+
+restorecon -R {{ glpi_root_dir }}
+chown root:root {{ glpi_root_dir }}
+chmod 700 {{ glpi_root_dir }}
+chown root:root {{ glpi_root_dir }}/{meta,backup}
+chmod 700 {{ glpi_root_dir }}/{meta,backup}
+setfacl -k -b {{ glpi_root_dir }}
+setfacl -m u:{{ glpi_php_user | default('apache') }}:rx,u:{{ httpd_user | default('apache') }}:rx {{ glpi_root_dir }}
+chown -R root:root {{ glpi_root_dir }}/web
+chown -R {{ glpi_php_user }} {{ glpi_root_dir }}/{tmp,sessions,data}
+chmod 700 {{ glpi_root_dir }}/{tmp,sessions,data}
+find {{ glpi_root_dir }}/web -type f -exec chmod 644 "{}" \;
+find {{ glpi_root_dir }}/web -type d -exec chmod 755 "{}" \;
+chown -R :{{ glpi_php_user }} {{ glpi_root_dir }}/web/config
+chown -R :{{ glpi_php_user }} {{ glpi_root_dir }}/web/marketplace
+chmod 770 {{ glpi_root_dir }}/web/config
+chmod 660 {{ glpi_root_dir }}/web/config/*
+chmod 770 {{ glpi_root_dir }}/web/marketplace
+chmod 660 {{ glpi_root_dir }}/web/marketplace/*

roles/glpi/templates/php.conf.j2

@@ -0,0 +1,35 @@
+[glpi_{{ glpi_id }}]
+
+listen.owner = root
+listen.group = apache
+listen.mode = 0660
+listen = /run/php-fpm/glpi_{{ glpi_id }}.sock
+user = {{ glpi_php_user }}
+group = {{ glpi_php_user }}
+catch_workers_output = yes
+
+pm = dynamic
+pm.max_children = 15
+pm.start_servers = 3
+pm.min_spare_servers = 3
+pm.max_spare_servers = 6
+pm.max_requests = 5000
+request_terminate_timeout = 5m
+
+php_flag[display_errors] = off
+php_admin_flag[log_errors] = on
+php_admin_value[error_log] = syslog
+php_admin_value[memory_limit] = 256M
+php_admin_value[session.save_path] = {{ glpi_root_dir }}/sessions
+php_admin_value[upload_tmp_dir] = {{ glpi_root_dir }}/tmp
+php_admin_value[sys_temp_dir] = {{ glpi_root_dir }}/tmp
+php_admin_value[post_max_size] = 100M
+php_admin_value[upload_max_filesize] = 100M
+php_admin_value[disable_functions] = system, show_source, symlink, exec, dl, shell_exec, passthru, phpinfo, escapeshellarg, escapeshellcmd
+php_admin_value[open_basedir] = {{ glpi_root_dir }}:/usr/share/pear/:/usr/share/php/
+php_admin_value[max_execution_time] = 60
+php_admin_value[max_input_time] = 60
+php_admin_flag[allow_url_include] = off
+php_admin_flag[allow_url_fopen] = off
+php_admin_flag[file_uploads] = on
+php_admin_flag[session.cookie_httponly] = on

roles/glpi/templates/post_backup.j2

@@ -0,0 +1,3 @@
+#!/bin/bash -e
+
+rm -f {{ glpi_root_dir }}/backup/*

roles/glpi/templates/pre_backup.j2

@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -eo pipefail
+
+/usr/bin/mysqldump --user={{ glpi_mysql_user | quote }} \
+                   --password={{ glpi_mysql_pass | quote }} \
+                   --host={{ glpi_mysql_server | quote }} \
+                   --quick --single-transaction \
+                   --add-drop-table {{ glpi_mysql_db | quote }} | zstd -T0 -c > {{ glpi_root_dir }}/backup/{{ glpi_mysql_db }}.sql.zst
+
+[ -e {{ glpi_root_dir }}/web/config/glpicrypt.key ] && cp {{ glpi_root_dir }}/web/config/glpicrypt.key {{ glpi_root_dir }}/backup/

roles/glpi/templates/sso.php.j2

@@ -0,0 +1,6 @@
+<?php
+
+# Just a dummy redirection so we can protect /sso.php with Lemonldap::NG
+header('Location: /');
+
+?>