Update to 2021-12-01 19:13

roles/unmaintained/mayan_edms/defaults/main.yml

@@ -0,0 +1,115 @@
+---
+
+mayan_version: 4.0.11
+mayan_root_dir: /opt/mayan-edms
+mayan_user: mayan-edms
+# Should ansible handle upgrades ? If false, only initial install will be done
+mayan_manage_upgrade: True
+
+# Can be mysql or postgresql
+mayan_db_engine: postgresql
+mayan_db_server: "{{ mysql_server | default('localhost') }}"
+mayan_db_port: "{{ (mayan_db_engine == 'mysql') | ternary('3306','5432') }}"
+mayan_db_user: mayanedms
+mayan_db_name: mayanedms
+# A random pass will be created if not defined
+# mayan_db_pass: S3cr3t.
+
+# URL of the redis server to use
+mayan_redis_url: redis://{% if redis_pass is defined %}:{{ redis_pass }}{% endif %}127.0.0.1:6379
+# ID of the redis DB mayan will use
+mayan_redis_db: 0
+
+# URL of the amqp broker
+mayan_amqp_url: amqp://127.0.0.1:5672/
+
+# Number of web workers
+mayan_web_workers: 3
+
+# Port and list of allowed IP
+mayan_port: 8000
+mayan_src_ip: []
+
+# From email address
+mayan_from_mail: mayan-edsm@{{ ansible_domain }}
+
+# Main language for document
+mayan_doc_lang: fra
+
+# LDAP Auth
+# Most of these settings will try to detect system auth config
+# and use them. But you can override if you want
+#
+# This is to turn on of off LDAP auth
+mayan_ldap_auth: "{{ (ad_auth | default(False) or ldap_auth | default(False)) | ternary(True,False) }}"
+# URI of your LDAP server, eg ldap://ldap.example.org:389
+mayan_ldap_uri: "{{ ad_auth | default(False) | ternary('ldap://' + ad_realm | default(samba_realm) | default(ansible_domain) | lower,ldap_uri) }}"
+# SHould Start TLS be used ?
+mayan_ldap_start_tls: True
+# Base of your LDAP tree. Eg DC=example,DC=org
+mayan_ldap_base: "{{ ad_auth | default(False) | ternary('DC=' + ad_realm | default(samba_realm) | default(ansible_domain) | regex_replace('\\.',',DC='), ldap_base) }}"
+# If your directory only allow authenticated searches, you can define it here
+# mayan_ldap_bind_dn:
+# mayan_ldap_bind_pass:
+#
+# If set, will restrict user search in these OU. Default is to search from the base
+# Eg
+# mayan_ldap_user_ou:
+#   - OU=People,DC=example,DC=org
+#   - OU=Presta,DC=example,DC=org
+mayan_ldap_user_ou: []
+# Filter to search for users
+mayan_ldap_user_filter: "{{ ad_auth | default(False) | ternary('(sAMAccountName=%(user)s)','(uid=%(user)s)') }}"
+# Mapping of LDAP attributes into Django attributes
+mayan_ldap_user_attr_map:
+  username: "{{ ad_auth | default(False) | ternary('sAMAccountName','uid') }}"
+  first_name: givenName
+  last_name: sn
+  email: mail
+
+# Same for groups
+mayan_ldap_group_ou: []
+# How are group represented in your directory.
+# See https://django-auth-ldap.readthedocs.io/en/latest/groups.html for a list of valid values
+mayan_ldap_group_type: "{{ ad_auth | default(False) | ternary('NestedActiveDirectoryGroupType','PosixGroupType') }}"
+# LDAP filter to search for groups
+mayan_ldap_group_filter: "{{ ad_auth | default(False) | ternary('(objectClass=group)','(objectClass=posixGroup)') }}"
+
+# Define user flags based on group membership, for example :
+#
+# mayan_ldap_flags_by_group:
+#   is_active:
+#     - CN=Users,DC=example,DC=org
+#   is_staff:
+#     - CN=IT,OU=Groups,DC=example,DC=org
+#   is_superuser:
+#     - CN=Role_Infra_Admin,OU=Roles,DC=example,DC=org
+#     - CN=Domain Admins,OU=Groups,DC=example,DC=org
+mayan_ldap_flags_by_group: {}
+
+
+# If defined, will either require user to be part of one of those groups,
+# or forbid access to membres of those groups
+# mayan_ldap_require_group:
+#   - CN=Admins,OU=Groups,DC=example,DC=org
+#   - CN=Board,OU=Groups,DC=example,DC=org
+#
+# mayan_ldap_deny_group:
+#   - CN=Guests,OU=Groups,DC=example,DC=org
+
+# Useful to debug LDAP related issues
+mayan_ldap_debug: False
+
+# Custom settings to set in the auth.py module
+# Eg
+# mayan_auth_custom_conf: |
+# AUTH_LDAP_USER_FLAGS_BY_GROUP = {
+#     'is_active': 'CN=Role_EDMS,OU=Roles,DC=example,DC=org',
+#     'is_staff': 'CN=Role_Staff,OU=Roles,DC=example,DC=org',
+#     'is_superuser': 'CN=Role_Infra_Admin,OU=Roles,DC=example,DC=org',
+# }
+
+# This is a list of indexes to expose as FUSE filesystem in {{ mayan_root_dir }}/fuse
+# when running the pre-backup hook
+mayan_index_as_fuse:
+  - creation_date

roles/unmaintained/mayan_edms/handlers/main.yml

@@ -0,0 +1,11 @@
+---
+
+- name: restart mayan-edms
+  service: name={{ item }} state=restarted
+  loop:
+    - mayan-edms-web
+    - mayan-edms-worker-fast
+    - mayan-edms-worker-medium
+    - mayan-edms-worker-slow
+    - mayan-edms-beat
+

roles/unmaintained/mayan_edms/meta/main.yml

@@ -0,0 +1,17 @@
+---
+
+dependencies:
+  - role: mkdir
+  - role: repo_remi # for gnupg1
+  - role: mysql_server
+    when:
+      - mayan_db_engine == 'mysql'
+      - mayan_db_server == '127.0.0.1' or mayan_db_server == 'localhost'
+  - role: postgresql_server
+    when:
+      - mayan_db_engine == 'postgresql'
+      - mayan_db_server == '127.0.0.1' or mayan_db_server == 'localhost'
+  - role: redis_server
+    when: mayan_redis_url | urlsplit('hostname') == '127.0.0.1' or mayan_redis_url | urlsplit('hostname') == 'localhost'
+  - role: rabbitmq_server
+    when: mayan_amqp_url | urlsplit('hostname') == '127.0.0.1' or mayan_amqp_url | urlsplit('hostname') == 'localhost'

roles/unmaintained/mayan_edms/tasks/archive_post.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Compress previous version
+  command: tar cf {{ mayan_root_dir }}/archives/{{ mayan_current_version }}.tar.zst --use-compress-program=zstd ./
+  environment:
+    ZST_CLEVEL: 10
+  args:
+    chdir: "{{ mayan_root_dir }}/archives/{{ mayan_current_version }}"
+    warn: False
+  tags: mayan

roles/unmaintained/mayan_edms/tasks/archive_pre.yml

@@ -0,0 +1,56 @@
+---
+
+- name: Create the archive dir
+  file: path={{ mayan_root_dir }}/archives/{{ mayan_current_version }} state=directory
+  tags: mayan
+
+- name: Stop sevices during upgrade
+  service: name={{ item }} state=stopped
+  loop:
+    - mayan-edms-web
+    - mayan-edms-worker-fast
+    - mayan-edms-worker-medium
+    - mayan-edms-worker-slow
+    - mayan-edms-beat
+  tags: mayan
+
+- name: Archive previous version
+  synchronize:
+    src: "{{ mayan_root_dir }}/{{ item }}"
+    dest: "{{ mayan_root_dir }}/archives/{{ mayan_current_version }}/"
+    recursive: True
+    delete: True
+  loop:
+    - venv
+    - config
+  delegate_to: "{{ inventory_hostname }}"
+  tags: mayan
+
+- name: Dump the database
+  mysql_db:
+    state: dump
+    name: "{{ mayan_db_name }}"
+    target: "{{ root_dir }}/archives/{{ mayan_current_version }}/{{ mayan_db_name }}.sql.gz"
+    login_host: "{{ mayan_db_server }}"
+    login_user: sqladmin
+    login_password: "{{ mysql_admin_pass }}"
+    quick: True
+    single_transaction: True
+  when: mayan_db_engine == 'mysql'
+  tags: mayan
+
+- name: Dump the database
+  command: >
+    /usr/pgsql-14/bin/pg_dump
+    --clean
+    --create
+    --host={{ mayan_db_server | quote }}
+    --port={{ mayan_db_port | quote }}
+    --username=sqladmin {{ mayan_db_name | quote }}
+    --file="{{ mayan_root_dir }}/archives/{{ mayan_current_version }}/{{ mayan_db_name }}.sql"
+  environment:
+    - PGPASSWORD: "{{ pg_admin_pass }}"
+  when: mayan_db_engine == 'postgresql'
+  tags: mayan
+
+

roles/unmaintained/mayan_edms/tasks/cleanup.yml

@@ -0,0 +1,7 @@
+---
+
+- name: Remove temp and obsolete files
+  file: path={{ item }} state=absent
+  loop:
+    - "{{ mayan_root_dir }}/archive"
+  tags: mayan

roles/unmaintained/mayan_edms/tasks/conf.yml

@@ -0,0 +1,9 @@
+---
+
+- name: Deploy configuration
+  template: src={{ item.src }} dest={{ item.dest }} group={{ mayan_user }} mode=640
+  loop:
+    - src: env.j2
+      dest: "{{ mayan_root_dir }}/config/.env"
+  notify: restart mayan-edms
+  tags: mayan

roles/unmaintained/mayan_edms/tasks/directories.yml

@@ -0,0 +1,28 @@
+---
+- name: Create directories
+  file:
+    path: "{{ item.path }}"
+    state: directory
+    owner: "{{ item.owner | default(omit) }}"
+    group: "{{ item.group | default(omit) }}"
+    mode: "{{ item.mode | default(omit) }}"
+  loop:
+    - path: "{{ mayan_root_dir }}/meta"
+      mode: 700
+    - path: "{{ mayan_root_dir }}/tmp"
+      mode: 700
+      owner: "{{ mayan_user }}"
+    - path: "{{ mayan_root_dir }}/data/mayan_settings/"
+      mode: 700
+      owner: "{{ mayan_user }}"
+    - path: "{{ mayan_root_dir }}/archives"
+      mode: 700
+    - path: "{{ mayan_root_dir }}/backup"
+      mode: 700
+    - path: "{{ mayan_root_dir }}/config"
+      group: "{{ mayan_user }}"
+      mode: 750
+    - path: "{{ mayan_root_dir }}/fuse"
+      mode: 700
+    - path: "{{ mayan_root_dir }}/input"
+  tags: mayan

roles/unmaintained/mayan_edms/tasks/facts.yml

@@ -0,0 +1,35 @@
+---
+
+- fail: msg="mysql_admin_pass must be set"
+  when: mysql_admin_pass is not defined
+  tags: mayan
+
+# Ensure we have recent enough MariaDB version
+- fail: msg="Require MariaDB > 10"
+  when:
+    - mayan_db_server == 'localhost' or mayan_db_server == '127.0.0.1'
+    - mysql_mariadb_version == 'default'
+  tags: mayan
+
+- import_tasks: ../includes/webapps_set_install_mode.yml
+  vars:
+    - root_dir: "{{ mayan_root_dir }}"
+    - version: "{{ mayan_version }}"
+  tags: mayan
+
+- block:
+    - set_fact: mayan_install_mode={{ (install_mode == 'upgrade' and not mayan_manage_upgrade) | ternary('none',install_mode) }}
+    - set_fact: mayan_current_version={{ current_version | default('') }}
+  tags: mayan
+
+  # Create a random pass for the DB if needed
+- block:
+    - import_tasks: ../includes/get_rand_pass.yml
+      vars:
+        - pass_file: "{{ mayan_root_dir }}/meta/ansible_dbpass"
+        - complex: False
+    - set_fact: mayan_db_pass={{ rand_pass }}
+  when: mayan_db_pass is not defined
+  tags: mayan
+
+

roles/unmaintained/mayan_edms/tasks/install.yml

@@ -0,0 +1,168 @@
+---
+
+- name: Install needed tools
+  yum:
+    name:
+      - git
+      - gcc
+      - openssl-devel
+      - libffi-devel
+      - openldap-devel
+      - libjpeg-turbo-devel
+      - libpng-devel
+      - libexif
+      - ghostscript
+      - gnupg1
+      - graphviz
+      - fuse-libs
+      - file-libs
+      - libreoffice
+      - poppler-utils
+      - sane-backends
+      - tesseract
+      - tesseract-langpack-fra
+      - python3-devel
+      - python3-pip
+      - python3-virtualenv
+      - python-setuptools
+      - rabbitmq-server
+  tags: mayan
+
+- name: Install MySQL support
+  yum:
+    name:
+      - mysql-devel
+      - MySQL-python
+  when: mayan_db_engine == 'mysql'
+  tags: mayan
+
+# WHen using upstream MariaDB repo, we have to install MariaDB-shared
+- name: Install MariaDB shared libs
+  yum:
+    name:
+      - MariaDB-shared
+  when:
+    - mayan_db_engine == 'mysql'
+    - mysql_mariadb_version is defined and mysql_mariadb_version != 'default'
+  tags: mayan
+
+- name: Install PostgreSQL support
+  yum:
+    name:
+      - postgresql-devel
+      - postgresql14
+      - python-psycopg2
+  when: mayan_db_engine == 'postgresql'
+  tags: mayan
+
+- name: Wipe the venv on upgrades
+  file: path={{ mayan_root_dir }}/venv state=absent
+  when: mayan_install_mode=='upgrade'
+  tags: mayan
+
+- name: Create the venv dir
+  file: path={{ mayan_root_dir }}/venv state=directory
+  tags: mayan
+
+- name: Create the virtualenv
+  pip:
+    name:
+      - pip
+      - redis==3.5.3
+      - python-ldap
+      - django_auth_ldap
+      - "{{ (mayan_db_engine == 'mysql') | ternary('mysql','psycopg2==2.8.6') }}"
+    virtualenv: "{{ mayan_root_dir }}/venv"
+    virtualenv_command: /usr/bin/virtualenv-3
+    virtualenv_python: /usr/bin/python3
+  tags: mayan
+
+- name: Install mayan-edms wrapper
+  template: src=mayan-edms.j2 dest=/usr/local/bin/mayan-edms mode=755
+  tags: mayan
+
+- name: Install Mayan EDMS
+  pip:
+    name:
+      - mayan-edms=={{ mayan_version }}
+    virtualenv: "{{ mayan_root_dir }}/venv"
+    virtualenv_command: /usr/bin/virtualenv-3
+    virtualenv_python: /usr/bin/python3
+  tags: mayan
+
+- when: mayan_db_engine == 'mysql'
+  block:
+    - import_tasks: ../includes/webapps_create_mysql_db.yml
+      vars:
+        - db_name: "{{ mayan_db_name }}"
+        - db_user: "{{ mayan_db_user }}"
+        - db_server: "{{ mayan_db_server }}"
+        - db_pass: "{{ mayan_db_pass }}"
+  tags: mayan
+
+- when: mayan_db_engine == 'postgresql'
+  block:
+    - name: Create the PostgreSQL role
+      postgresql_user:
+        db: postgres
+        name: "{{ mayan_db_user }}"
+        password: "{{ mayan_db_pass }}"
+        login_host: "{{ mayan_db_server }}"
+        login_user: sqladmin
+        login_password: "{{ pg_admin_pass }}"
+    
+    - name: Create the PostgreSQL database
+      postgresql_db:
+        name: "{{ mayan_db_name }}"
+        encoding: UTF-8
+        template: template0
+        owner: "{{ mayan_db_user }}"
+        login_host: "{{ mayan_db_server }}"
+        login_user: sqladmin
+        login_password: "{{ pg_admin_pass }}"
+  tags: mayan
+
+- name: Initialize or upgrade database
+  command: >-
+    {{ mayan_root_dir }}/venv/bin/python
+      {{ mayan_root_dir }}/venv/bin/mayan-edms.py
+      {{ (mayan_install_mode == 'install') | ternary('initialsetup','performupgrade') }}
+  environment:
+    - MAYAN_MEDIA_ROOT: "{{ mayan_root_dir }}/data"
+    - MAYAN_DATABASE_ENGINE: django.db.backends.{{ (mayan_db_engine == 'mysql') | ternary('mysql','postgresql') }}
+    - MAYAN_DATABASE_NAME: "{{ mayan_db_name }}"
+    - MAYAN_DATABASE_PASSWORD: "{{ mayan_db_pass }}"
+    - MAYAN_DATABASE_USER: "{{ mayan_db_user }}"
+    - MAYAN_DATABASE_HOST: "{{ mayan_db_server }}"
+  when: mayan_install_mode != 'none'
+  tags: mayan
+
+- name: Deploy systemd units
+  template: src={{ item }}.j2 dest=/etc/systemd/system/{{ item }}
+  loop:
+    - mayan-edms-web.service
+    - mayan-edms-worker-fast.service
+    - mayan-edms-worker-medium.service
+    - mayan-edms-worker-slow.service
+    - mayan-edms-beat.service
+  register: mayan_systemd_units
+  notify: restart mayan-edms
+  tags: mayan
+
+- name: Reload systemd
+  systemd: daemon_reload=True
+  when:  mayan_systemd_units.results | selectattr('changed', 'equalto', True) | list | length > 0
+  tags: mayan
+
+- name: Install pre/post backup scripts
+  template: src={{ item }}_backup.sh.j2 dest=/etc/backup/{{ item }}.d/mayan_edms.sh mode=750
+  loop:
+    - pre
+    - post
+  tags: mayan
+
+- name: Deploy auth configuration
+  template: src=auth.py.j2 dest={{ mayan_root_dir }}/data/mayan_settings/auth.py group={{ mayan_user }} mode=640
+  when: mayan_ldap_auth
+  notify: restart mayan-edms
+  tags: mayan

roles/unmaintained/mayan_edms/tasks/iptables.yml

@@ -0,0 +1,9 @@
+---
+
+- name:  Handle Mayan EDMS port in the firewall
+  iptables_raw:
+    name: mayan_port
+    state: "{{ (mayan_src_ip | length > 0) | ternary('present','absent') }}"
+    rules: "-A INPUT -m state --state NEW -p tcp --dport {{ mayan_port }} -s {{ mayan_src_ip | join(',') }} -j ACCEPT"
+  tags: firewall,mayan
+

roles/unmaintained/mayan_edms/tasks/main.yml

@@ -0,0 +1,15 @@
+---
+- include: user.yml
+- include: directories.yml
+- include: facts.yml
+- include: archive_pre.yml
+  when: mayan_install_mode == 'upgrade'
+- include: install.yml
+- include: conf.yml
+- include: iptables.yml
+  when: iptables_manage | default(True)
+- include: services.yml
+- include: write_version.yml
+- include: archive_post.yml
+  when: mayan_install_mode == 'upgrade'
+- include: cleanup.yml

roles/unmaintained/mayan_edms/tasks/services.yml

@@ -0,0 +1,11 @@
+---
+
+- name: Start and enable services
+  service: name={{ item }} state=started enabled=True
+  loop:
+    - mayan-edms-web
+    - mayan-edms-worker-fast
+    - mayan-edms-worker-medium
+    - mayan-edms-worker-slow
+    - mayan-edms-beat
+  tags: mayan

roles/unmaintained/mayan_edms/tasks/user.yml

@@ -0,0 +1,6 @@
+---
+
+- name: Create mayan user account
+  user: name={{ mayan_user }} home={{ mayan_root_dir }} system=True
+  tags: mayan
+

roles/unmaintained/mayan_edms/tasks/write_version.yml

@@ -0,0 +1,5 @@
+---
+
+- name: Write current version
+  copy: content={{ mayan_version }} dest={{ mayan_root_dir }}/meta/ansible_version
+  tags: mayan

roles/unmaintained/mayan_edms/templates/auth.py.j2

@@ -0,0 +1,84 @@
+import ldap
+
+from django_auth_ldap.config import (
+    LDAPSearch, LDAPSearchUnion, LDAPGroupQuery, {{ mayan_ldap_group_type }}
+)
+
+from mayan.settings.production import *
+
+ldap.set_option(ldap.OPT_DEBUG_LEVEL, {{ mayan_ldap_debug | ternary('1','0') }})
+
+AUTH_LDAP_ALWAYS_UPDATE_USER = True
+LDAP_USER_AUTO_CREATION = True
+
+AUTH_LDAP_START_TLS = {{ mayan_ldap_start_tls | ternary('True','False') }}
+
+{% if mayan_ldap_bind_dn is defined and mayan_ldap_bind_pass is defined %}
+AUTH_LDAP_BIND_DN = '{{ mayan_ldap_bind_dn }}'
+AUTH_LDAP_BIND_PASSWORD = '{{ mayan_ldap_bind_pass }}'
+{% endif %}
+LDAP_BASE_DN = '{{ mayan_ldap_base }}'
+AUTH_LDAP_SERVER_URI = '{{ mayan_ldap_uri }}'
+
+{% if mayan_ldap_user_ou | length > 0 %}
+AUTH_LDAP_USER_SEARCH = LDAPSearchUnion(
+{% for ou in mayan_ldap_user_ou %}
+    LDAPSearch(
+        '{{ ou }}', ldap.SCOPE_SUBTREE,
+        '{{ mayan_ldap_user_filter }}'
+    ),
+{% endfor %}
+)
+{% else %}
+AUTH_LDAP_USER_SEARCH = LDAPSearch(
+    '{{ mayan_ldap_base }}', ldap.SCOPE_SUBTREE,
+    '{{ mayan_ldap_user_filter }}'
+)
+{% endif %}
+
+AUTH_LDAP_USER_ATTR_MAP = {
+{% for attr in mayan_ldap_user_attr_map.keys() %}
+    '{{ attr }}': '{{ mayan_ldap_user_attr_map[attr] }}',
+{% endfor %}
+}
+
+{% if mayan_ldap_group_ou | length > 0 %}
+AUTH_LDAP_GROUP_SEARCH = LDAPSearchUnion(
+{% for ou in mayan_ldap_group_ou %}
+    LDAPSearch(
+        '{{ ou }}', ldap.SCOPE_SUBTREE,
+        '{{ mayan_ldap_group_filter }}'
+    ),
+{% endfor %}
+)
+{% else %}
+AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
+    '{{ mayan_ldap_base }}', ldap.SCOPE_SUBTREE,
+    '{{ mayan_ldap_group_filter }}'
+)
+{% endif %}
+
+AUTH_LDAP_GROUP_TYPE = {{ mayan_ldap_group_type }}()
+
+AUTH_LDAP_USER_FLAGS_BY_GROUP = {
+{% for key in mayan_ldap_flags_by_group.keys() %}
+{% if mayan_ldap_flags_by_group[key] | length > 0 %}
+    '{{ key }}': (
+{% for group in mayan_ldap_flags_by_group[key] %}
+        LDAPGroupQuery('{{ group }}') {{ '|' if not loop.last }}
+{% endfor %}
+    ),
+{% endif %}
+{% endfor %}
+}
+
+AUTHENTICATION_BACKENDS = (
+    'django_auth_ldap.backend.LDAPBackend',
+    'django.contrib.auth.backends.ModelBackend'
+)
+
+AUTH_LDAP_MIRROR_GROUPS = True
+
+{% if mayan_auth_custom_conf is defined %}
+{{ mayan_auth_custom_conf }}
+{% endif %}

roles/unmaintained/mayan_edms/templates/env.j2

@@ -0,0 +1,18 @@
+MAYAN_ALLOWED_HOSTS="['*']"
+PYTHONPATH="{{ mayan_root_dir }}/data/mayan_settings"
+DJANGO_SETTINGS_MODULE={{ mayan_ldap_auth | ternary('auth','mayan.settings.production') }}
+MAYAN_MEDIA_ROOT="{{ mayan_root_dir }}/data"
+MAYAN_CELERY_RESULT_BACKEND="{{ mayan_redis_url }}/{{ mayan_redis_db }}"
+MAYAN_CELERY_BROKER_URL="{{ mayan_amqp_url }}"
+MAYAN_DATABASE_ENGINE="django.db.backends.{{ (mayan_db_engine == 'mysql') | ternary('mysql','postgresql') }}"
+MAYAN_DATABASE_NAME={{ mayan_db_name | quote }}
+MAYAN_DATABASE_PASSWORD={{ mayan_db_pass | quote }}
+MAYAN_DATABASE_USER={{ mayan_db_user | quote }}
+MAYAN_DATABASE_HOST={{ mayan_db_server | quote }}
+MAYAN_DEFAULT_FROM_EMAIL={{ mayan_from_mail | quote }}
+MAYAN_DOCUMENTS_LANGUAGE={{ mayan_doc_lang }}
+MAYAN_SECURE_PROXY_SSL_HEADER="('HTTP_X_FORWARDED_PROTO', 'https')"
+MAYAN_SESSION_COOKIE_NAME="mayanedmssessionid"
+MAYAN_STORAGE_TEMPORARY_DIRECTORY="{{ mayan_root_dir }}/tmp"
+MAYAN_TIME_ZONE="{{ system_tz | default('UTC') }}"
+MAYAN_USE_X_FORWARDED_HOST="true"

roles/unmaintained/mayan_edms/templates/mayan-edms-beat.service.j2

@@ -0,0 +1,21 @@
+[Unit]
+Description=Mayan EDMS celery beat service
+After=redis.service {{ (pg_version is defined and pg_version != 'default') | ternary('postgresql-' + pg_version | string,'postgresql') }}.service mysql.service mariadb.service
+
+[Service]
+User={{ mayan_user }}
+WorkingDirectory={{ mayan_root_dir }}
+EnvironmentFile={{ mayan_root_dir }}/config/.env
+ExecStart={{ mayan_root_dir }}/venv/bin/celery beat -A mayan --pidfile= -l ERROR
+PrivateTmp=yes
+ProtectSystem=full
+ProtectHome=yes
+NoNewPrivileges=yes
+MemoryLimit=1024M
+SyslogIdentifier=mayan-edms-beat
+Restart=on-failure
+StartLimitInterval=0
+RestartSec=30
+
+[Install]
+WantedBy=multi-user.target

roles/unmaintained/mayan_edms/templates/mayan-edms-web.service.j2

@@ -0,0 +1,22 @@
+[Unit]
+Description=Mayan EDMS web service
+After=redis.service {{ (pg_version is defined and pg_version != 'default') | ternary('postgresql-' + pg_version | string,'postgresql') }}.service mysql.service mariadb.service
+Wants=mayan-edms-worker-fast.service mayan-edms-worker-medium.service mayan-edms-worker-slow.service mayan-edms-beat.service
+
+[Service]
+User={{ mayan_user }}
+WorkingDirectory={{ mayan_root_dir }}
+EnvironmentFile={{ mayan_root_dir }}/config/.env
+ExecStart={{ mayan_root_dir }}/venv/bin/gunicorn -w {{ mayan_web_workers }} mayan.wsgi --max-requests 500 --max-requests-jitter 50 --worker-class sync --bind 0.0.0.0:{{ mayan_port }} --timeout 120
+PrivateTmp=yes
+ProtectSystem=full
+ProtectHome=yes
+NoNewPrivileges=yes
+MemoryLimit=1024M
+SyslogIdentifier=mayan-edms-web
+Restart=on-failure
+StartLimitInterval=0
+RestartSec=30
+
+[Install]
+WantedBy=multi-user.target

roles/unmaintained/mayan_edms/templates/mayan-edms-worker-fast.service.j2

@@ -0,0 +1,22 @@
+[Unit]
+Description=Mayan EDMS fast celery worker
+After=redis.service {{ (pg_version is defined and pg_version != 'default') | ternary('postgresql-' + pg_version | string,'postgresql') }}.service mysql.service mariadb.service rabbitmq-server.service
+
+[Service]
+User={{ mayan_user }}
+WorkingDirectory={{ mayan_root_dir }}/
+EnvironmentFile={{ mayan_root_dir }}/config/.env
+ExecStart={{ mayan_root_dir }}/venv/bin/celery worker -A mayan -Ofair -l ERROR -Q document_states_fast,converter,sources_fast -n mayan-worker-fast.%%h --concurrency={{ ansible_processor_vcpus + 1 }}
+Nice=1
+PrivateTmp=yes
+ProtectSystem=full
+ProtectHome=yes
+NoNewPrivileges=yes
+MemoryLimit=2048M
+SyslogIdentifier=mayan-edms-worker-fast
+Restart=on-failure
+StartLimitInterval=0
+RestartSec=30
+
+[Install]
+WantedBy=multi-user.target

roles/unmaintained/mayan_edms/templates/mayan-edms-worker-medium.service.j2

@@ -0,0 +1,22 @@
+[Unit]
+Description=Mayan EDMS medium celery worker
+After=redis.service {{ (pg_version is defined and pg_version != 'default') | ternary('postgresql-' + pg_version | string,'postgresql') }}.service mysql.service mariadb.service
+
+[Service]
+User={{ mayan_user }}
+WorkingDirectory={{ mayan_root_dir }}/
+EnvironmentFile={{ mayan_root_dir }}/config/.env
+ExecStart={{ mayan_root_dir }}/venv/bin/celery worker -A mayan -Ofair -l ERROR -Q statistics,default,checkouts_periodic,indexing,signatures,documents_periodic,uploads,documents,file_metadata,metadata,sources,sources_periodic -n mayan-worker-medium.%%h --concurrency=1
+Nice=18
+PrivateTmp=yes
+ProtectSystem=full
+ProtectHome=yes
+NoNewPrivileges=yes
+MemoryLimit=2048M
+SyslogIdentifier=mayan-edms-worker-medium
+Restart=on-failure
+StartLimitInterval=0
+RestartSec=30
+
+[Install]
+WantedBy=multi-user.target

roles/unmaintained/mayan_edms/templates/mayan-edms-worker-slow.service.j2

@@ -0,0 +1,22 @@
+[Unit]
+Description=Mayan EDMS slow celery worker
+After=redis.service {{ (pg_version is defined and pg_version != 'default') | ternary('postgresql-' + pg_version | string,'postgresql') }}.service mysql.service mariadb.service
+
+[Service]
+User={{ mayan_user }}
+WorkingDirectory={{ mayan_root_dir }}/
+EnvironmentFile={{ mayan_root_dir }}/config/.env
+ExecStart={{ mayan_root_dir }}/venv/bin/celery worker -A mayan -Ofair -l ERROR -Q tools,search,parsing,document_states,mailing,ocr,storage_periodic -n mayan-worker-slow.%%h --concurrency=1
+Nice=19
+PrivateTmp=yes
+ProtectSystem=full
+ProtectHome=yes
+NoNewPrivileges=yes
+MemoryLimit=2048M
+SyslogIdentifier=mayan-edms-worker-slow
+Restart=on-failure
+StartLimitInterval=0
+RestartSec=30
+
+[Install]
+WantedBy=multi-user.target

roles/unmaintained/mayan_edms/templates/mayan-edms.j2

@@ -0,0 +1,6 @@
+#!/bin/bash -e
+
+set -o allexport
+. {{ mayan_root_dir }}/config/.env
+set +o allexport
+{{ mayan_root_dir }}/venv/bin/python {{ mayan_root_dir }}/venv/bin/mayan-edms.py $@

roles/unmaintained/mayan_edms/templates/post_backup.sh.j2

@@ -0,0 +1,7 @@
+#!/bin/bash -e
+
+rm -f {{ mayan_root_dir }}/backup/*
+{% for index in mayan_index_as_fuse %}
+umount {{ mayan_root_dir }}/fuse/{{ index }}
+rmdir {{ mayan_root_dir }}/fuse/{{ index }}
+{% endfor %}

roles/unmaintained/mayan_edms/templates/pre_backup.sh.j2

@@ -0,0 +1,29 @@
+#!/bin/sh
+
+set -eo pipefail
+
+{% if mayan_db_engine == 'mysql' %}
+/usr/bin/mysqldump --user={{ mayan_db_user | quote }} \
+                   --password={{ mayan_db_pass | quote }} \
+                   --host={{ mayan_db_server | quote }} \
+                   --quick --single-transaction \
+                   --add-drop-table {{ mayan_db_name | quote }} | zstd -c > {{ mayan_root_dir }}/backup/{{ mayan_db_name }}.sql.zst
+{% else %}
+PGPASSWORD={{ mayan_db_pass | quote }} /usr/pgsql-14/bin/pg_dump \
+  --clean \
+  --create \
+  --username={{ mayan_db_user | quote }} \
+  --host={{ mayan_db_server | quote }} \
+  {{ mayan_db_name | quote }} | \
+  zstd -c > "{{ mayan_root_dir }}/backup/{{ mayan_db_name }}.sql.zst"
+{% endif %}
+
+# Use FUSE to export indexes as a file tree
+set -o allexport
+. /opt/mayan-edms/config/.env
+set +o allexport
+{% for index in mayan_index_as_fuse %}
+mkdir -p {{ mayan_root_dir }}/fuse/{{ index }}
+{{ mayan_root_dir }}/venv/bin/python {{ mayan_root_dir }}/venv/bin/mayan-edms.py mountindex --background {{ index }} {{ mayan_root_dir }}/fuse/{{ index }}
+{% endfor %}
+