Update to 2021-12-01 19:13

roles/unmaintained/mayan_edms/templates/auth.py.j2

@@ -0,0 +1,84 @@
+import ldap
+
+from django_auth_ldap.config import (
+    LDAPSearch, LDAPSearchUnion, LDAPGroupQuery, {{ mayan_ldap_group_type }}
+)
+
+from mayan.settings.production import *
+
+ldap.set_option(ldap.OPT_DEBUG_LEVEL, {{ mayan_ldap_debug | ternary('1','0') }})
+
+AUTH_LDAP_ALWAYS_UPDATE_USER = True
+LDAP_USER_AUTO_CREATION = True
+
+AUTH_LDAP_START_TLS = {{ mayan_ldap_start_tls | ternary('True','False') }}
+
+{% if mayan_ldap_bind_dn is defined and mayan_ldap_bind_pass is defined %}
+AUTH_LDAP_BIND_DN = '{{ mayan_ldap_bind_dn }}'
+AUTH_LDAP_BIND_PASSWORD = '{{ mayan_ldap_bind_pass }}'
+{% endif %}
+LDAP_BASE_DN = '{{ mayan_ldap_base }}'
+AUTH_LDAP_SERVER_URI = '{{ mayan_ldap_uri }}'
+
+{% if mayan_ldap_user_ou | length > 0 %}
+AUTH_LDAP_USER_SEARCH = LDAPSearchUnion(
+{% for ou in mayan_ldap_user_ou %}
+    LDAPSearch(
+        '{{ ou }}', ldap.SCOPE_SUBTREE,
+        '{{ mayan_ldap_user_filter }}'
+    ),
+{% endfor %}
+)
+{% else %}
+AUTH_LDAP_USER_SEARCH = LDAPSearch(
+    '{{ mayan_ldap_base }}', ldap.SCOPE_SUBTREE,
+    '{{ mayan_ldap_user_filter }}'
+)
+{% endif %}
+
+AUTH_LDAP_USER_ATTR_MAP = {
+{% for attr in mayan_ldap_user_attr_map.keys() %}
+    '{{ attr }}': '{{ mayan_ldap_user_attr_map[attr] }}',
+{% endfor %}
+}
+
+{% if mayan_ldap_group_ou | length > 0 %}
+AUTH_LDAP_GROUP_SEARCH = LDAPSearchUnion(
+{% for ou in mayan_ldap_group_ou %}
+    LDAPSearch(
+        '{{ ou }}', ldap.SCOPE_SUBTREE,
+        '{{ mayan_ldap_group_filter }}'
+    ),
+{% endfor %}
+)
+{% else %}
+AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
+    '{{ mayan_ldap_base }}', ldap.SCOPE_SUBTREE,
+    '{{ mayan_ldap_group_filter }}'
+)
+{% endif %}
+
+AUTH_LDAP_GROUP_TYPE = {{ mayan_ldap_group_type }}()
+
+AUTH_LDAP_USER_FLAGS_BY_GROUP = {
+{% for key in mayan_ldap_flags_by_group.keys() %}
+{% if mayan_ldap_flags_by_group[key] | length > 0 %}
+    '{{ key }}': (
+{% for group in mayan_ldap_flags_by_group[key] %}
+        LDAPGroupQuery('{{ group }}') {{ '|' if not loop.last }}
+{% endfor %}
+    ),
+{% endif %}
+{% endfor %}
+}
+
+AUTHENTICATION_BACKENDS = (
+    'django_auth_ldap.backend.LDAPBackend',
+    'django.contrib.auth.backends.ModelBackend'
+)
+
+AUTH_LDAP_MIRROR_GROUPS = True
+
+{% if mayan_auth_custom_conf is defined %}
+{{ mayan_auth_custom_conf }}
+{% endif %}

roles/unmaintained/mayan_edms/templates/env.j2

@@ -0,0 +1,18 @@
+MAYAN_ALLOWED_HOSTS="['*']"
+PYTHONPATH="{{ mayan_root_dir }}/data/mayan_settings"
+DJANGO_SETTINGS_MODULE={{ mayan_ldap_auth | ternary('auth','mayan.settings.production') }}
+MAYAN_MEDIA_ROOT="{{ mayan_root_dir }}/data"
+MAYAN_CELERY_RESULT_BACKEND="{{ mayan_redis_url }}/{{ mayan_redis_db }}"
+MAYAN_CELERY_BROKER_URL="{{ mayan_amqp_url }}"
+MAYAN_DATABASE_ENGINE="django.db.backends.{{ (mayan_db_engine == 'mysql') | ternary('mysql','postgresql') }}"
+MAYAN_DATABASE_NAME={{ mayan_db_name | quote }}
+MAYAN_DATABASE_PASSWORD={{ mayan_db_pass | quote }}
+MAYAN_DATABASE_USER={{ mayan_db_user | quote }}
+MAYAN_DATABASE_HOST={{ mayan_db_server | quote }}
+MAYAN_DEFAULT_FROM_EMAIL={{ mayan_from_mail | quote }}
+MAYAN_DOCUMENTS_LANGUAGE={{ mayan_doc_lang }}
+MAYAN_SECURE_PROXY_SSL_HEADER="('HTTP_X_FORWARDED_PROTO', 'https')"
+MAYAN_SESSION_COOKIE_NAME="mayanedmssessionid"
+MAYAN_STORAGE_TEMPORARY_DIRECTORY="{{ mayan_root_dir }}/tmp"
+MAYAN_TIME_ZONE="{{ system_tz | default('UTC') }}"
+MAYAN_USE_X_FORWARDED_HOST="true"

roles/unmaintained/mayan_edms/templates/mayan-edms-beat.service.j2

@@ -0,0 +1,21 @@
+[Unit]
+Description=Mayan EDMS celery beat service
+After=redis.service {{ (pg_version is defined and pg_version != 'default') | ternary('postgresql-' + pg_version | string,'postgresql') }}.service mysql.service mariadb.service
+
+[Service]
+User={{ mayan_user }}
+WorkingDirectory={{ mayan_root_dir }}
+EnvironmentFile={{ mayan_root_dir }}/config/.env
+ExecStart={{ mayan_root_dir }}/venv/bin/celery beat -A mayan --pidfile= -l ERROR
+PrivateTmp=yes
+ProtectSystem=full
+ProtectHome=yes
+NoNewPrivileges=yes
+MemoryLimit=1024M
+SyslogIdentifier=mayan-edms-beat
+Restart=on-failure
+StartLimitInterval=0
+RestartSec=30
+
+[Install]
+WantedBy=multi-user.target

roles/unmaintained/mayan_edms/templates/mayan-edms-web.service.j2

@@ -0,0 +1,22 @@
+[Unit]
+Description=Mayan EDMS web service
+After=redis.service {{ (pg_version is defined and pg_version != 'default') | ternary('postgresql-' + pg_version | string,'postgresql') }}.service mysql.service mariadb.service
+Wants=mayan-edms-worker-fast.service mayan-edms-worker-medium.service mayan-edms-worker-slow.service mayan-edms-beat.service
+
+[Service]
+User={{ mayan_user }}
+WorkingDirectory={{ mayan_root_dir }}
+EnvironmentFile={{ mayan_root_dir }}/config/.env
+ExecStart={{ mayan_root_dir }}/venv/bin/gunicorn -w {{ mayan_web_workers }} mayan.wsgi --max-requests 500 --max-requests-jitter 50 --worker-class sync --bind 0.0.0.0:{{ mayan_port }} --timeout 120
+PrivateTmp=yes
+ProtectSystem=full
+ProtectHome=yes
+NoNewPrivileges=yes
+MemoryLimit=1024M
+SyslogIdentifier=mayan-edms-web
+Restart=on-failure
+StartLimitInterval=0
+RestartSec=30
+
+[Install]
+WantedBy=multi-user.target

roles/unmaintained/mayan_edms/templates/mayan-edms-worker-fast.service.j2

@@ -0,0 +1,22 @@
+[Unit]
+Description=Mayan EDMS fast celery worker
+After=redis.service {{ (pg_version is defined and pg_version != 'default') | ternary('postgresql-' + pg_version | string,'postgresql') }}.service mysql.service mariadb.service rabbitmq-server.service
+
+[Service]
+User={{ mayan_user }}
+WorkingDirectory={{ mayan_root_dir }}/
+EnvironmentFile={{ mayan_root_dir }}/config/.env
+ExecStart={{ mayan_root_dir }}/venv/bin/celery worker -A mayan -Ofair -l ERROR -Q document_states_fast,converter,sources_fast -n mayan-worker-fast.%%h --concurrency={{ ansible_processor_vcpus + 1 }}
+Nice=1
+PrivateTmp=yes
+ProtectSystem=full
+ProtectHome=yes
+NoNewPrivileges=yes
+MemoryLimit=2048M
+SyslogIdentifier=mayan-edms-worker-fast
+Restart=on-failure
+StartLimitInterval=0
+RestartSec=30
+
+[Install]
+WantedBy=multi-user.target

roles/unmaintained/mayan_edms/templates/mayan-edms-worker-medium.service.j2

@@ -0,0 +1,22 @@
+[Unit]
+Description=Mayan EDMS medium celery worker
+After=redis.service {{ (pg_version is defined and pg_version != 'default') | ternary('postgresql-' + pg_version | string,'postgresql') }}.service mysql.service mariadb.service
+
+[Service]
+User={{ mayan_user }}
+WorkingDirectory={{ mayan_root_dir }}/
+EnvironmentFile={{ mayan_root_dir }}/config/.env
+ExecStart={{ mayan_root_dir }}/venv/bin/celery worker -A mayan -Ofair -l ERROR -Q statistics,default,checkouts_periodic,indexing,signatures,documents_periodic,uploads,documents,file_metadata,metadata,sources,sources_periodic -n mayan-worker-medium.%%h --concurrency=1
+Nice=18
+PrivateTmp=yes
+ProtectSystem=full
+ProtectHome=yes
+NoNewPrivileges=yes
+MemoryLimit=2048M
+SyslogIdentifier=mayan-edms-worker-medium
+Restart=on-failure
+StartLimitInterval=0
+RestartSec=30
+
+[Install]
+WantedBy=multi-user.target

roles/unmaintained/mayan_edms/templates/mayan-edms-worker-slow.service.j2

@@ -0,0 +1,22 @@
+[Unit]
+Description=Mayan EDMS slow celery worker
+After=redis.service {{ (pg_version is defined and pg_version != 'default') | ternary('postgresql-' + pg_version | string,'postgresql') }}.service mysql.service mariadb.service
+
+[Service]
+User={{ mayan_user }}
+WorkingDirectory={{ mayan_root_dir }}/
+EnvironmentFile={{ mayan_root_dir }}/config/.env
+ExecStart={{ mayan_root_dir }}/venv/bin/celery worker -A mayan -Ofair -l ERROR -Q tools,search,parsing,document_states,mailing,ocr,storage_periodic -n mayan-worker-slow.%%h --concurrency=1
+Nice=19
+PrivateTmp=yes
+ProtectSystem=full
+ProtectHome=yes
+NoNewPrivileges=yes
+MemoryLimit=2048M
+SyslogIdentifier=mayan-edms-worker-slow
+Restart=on-failure
+StartLimitInterval=0
+RestartSec=30
+
+[Install]
+WantedBy=multi-user.target

roles/unmaintained/mayan_edms/templates/mayan-edms.j2

@@ -0,0 +1,6 @@
+#!/bin/bash -e
+
+set -o allexport
+. {{ mayan_root_dir }}/config/.env
+set +o allexport
+{{ mayan_root_dir }}/venv/bin/python {{ mayan_root_dir }}/venv/bin/mayan-edms.py $@

roles/unmaintained/mayan_edms/templates/post_backup.sh.j2

@@ -0,0 +1,7 @@
+#!/bin/bash -e
+
+rm -f {{ mayan_root_dir }}/backup/*
+{% for index in mayan_index_as_fuse %}
+umount {{ mayan_root_dir }}/fuse/{{ index }}
+rmdir {{ mayan_root_dir }}/fuse/{{ index }}
+{% endfor %}

roles/unmaintained/mayan_edms/templates/pre_backup.sh.j2

@@ -0,0 +1,29 @@
+#!/bin/sh
+
+set -eo pipefail
+
+{% if mayan_db_engine == 'mysql' %}
+/usr/bin/mysqldump --user={{ mayan_db_user | quote }} \
+                   --password={{ mayan_db_pass | quote }} \
+                   --host={{ mayan_db_server | quote }} \
+                   --quick --single-transaction \
+                   --add-drop-table {{ mayan_db_name | quote }} | zstd -c > {{ mayan_root_dir }}/backup/{{ mayan_db_name }}.sql.zst
+{% else %}
+PGPASSWORD={{ mayan_db_pass | quote }} /usr/pgsql-14/bin/pg_dump \
+  --clean \
+  --create \
+  --username={{ mayan_db_user | quote }} \
+  --host={{ mayan_db_server | quote }} \
+  {{ mayan_db_name | quote }} | \
+  zstd -c > "{{ mayan_root_dir }}/backup/{{ mayan_db_name }}.sql.zst"
+{% endif %}
+
+# Use FUSE to export indexes as a file tree
+set -o allexport
+. /opt/mayan-edms/config/.env
+set +o allexport
+{% for index in mayan_index_as_fuse %}
+mkdir -p {{ mayan_root_dir }}/fuse/{{ index }}
+{{ mayan_root_dir }}/venv/bin/python {{ mayan_root_dir }}/venv/bin/mayan-edms.py mountindex --background {{ index }} {{ mayan_root_dir }}/fuse/{{ index }}
+{% endfor %}
+