Add Kanboard app
This commit is contained in:
		
							parent
							
								
									b678faf2b6
								
							
						
					
					
						commit
						83f664057b
					
				| @ -10,6 +10,7 @@ ${SOURCE_DIR}/02-sahana.sh | ||||
| ${SOURCE_DIR}/03-sambro.sh | ||||
| ${SOURCE_DIR}/10-seeddms.sh | ||||
| ${SOURCE_DIR}/50-pandora.sh | ||||
| ${SOURCE_DIR}/60-kanboard.sh | ||||
| 
 | ||||
| # Perform cleanup only if DEBUG environment variable is not set | ||||
| if [ ${DEBUG:-0} -eq 0 ]; then | ||||
|  | ||||
							
								
								
									
										49
									
								
								60-kanboard.sh
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										49
									
								
								60-kanboard.sh
									
									
									
									
									
										Executable file
									
								
							| @ -0,0 +1,49 @@ | ||||
| #!/bin/bash | ||||
| 
 | ||||
| SOURCE_DIR=$(realpath $(dirname "${0}")) | ||||
| 
 | ||||
| # Install dependencies for Kanboard | ||||
| apt-get -y --no-install-recommends install php7.0-gd php7.0-fpm php7.0-mbstring php7.0-pgsql php7.0-zip | ||||
| 
 | ||||
| # Install Kanboard | ||||
| wget https://github.com/kanboard/kanboard/releases/download/v1.0.47/kanboard-1.0.47.zip -O /srv/kanboard.zip | ||||
| unzip /srv/kanboard.zip -d /srv | ||||
| rm -f /srv/kanboard.zip | ||||
| 
 | ||||
| # Populate database | ||||
| export KANBOARD_PWD=$(head -c 18 /dev/urandom | base64) | ||||
| envsubst <${SOURCE_DIR}/kanboard/tmp/kanboard-createdb.sql >/tmp/kanboard-createdb.sql | ||||
| sudo -u postgres psql -f /tmp/kanboard-createdb.sql | ||||
| rm -f /tmp/kanboard-createdb.sql | ||||
| export PGPASSWORD=${KANBOARD_PWD} | ||||
| psql -f /srv/kanboard/app/Schema/Sql/postgres.sql kanboard kanboard | ||||
| 
 | ||||
| # Configure Kanboard | ||||
| envsubst <${SOURCE_DIR}/kanboard/srv/kanboard/config.php >/srv/kanboard/config.php | ||||
| export KANBOARD_ADMIN_USER=admin | ||||
| export KANBOARD_ADMIN_PWD=$(head -c 12 /dev/urandom | base64) | ||||
| envsubst <${SOURCE_DIR}/kanboard/tmp/kanboard-adminpwd.sql >/tmp/kanboard-adminpwd.sql | ||||
| psql -f /tmp/kanboard-adminpwd.sql kanboard kanboard | ||||
| unset PGPASSWORD | ||||
| 
 | ||||
| # Create OS user | ||||
| adduser --system --group --home /srv/kanboard --shell /bin/false kanboard | ||||
| chown -R kanboard:www-data /srv/kanboard/ | ||||
| 
 | ||||
| # Create PHP and nginx app definition | ||||
| cp ${SOURCE_DIR}/kanboard/etc/php/7.0/fpm/pool.d/kanboard.conf /etc/php/7.0/fpm/pool.d/kanboard.conf | ||||
| cp ${SOURCE_DIR}/kanboard/etc/nginx/apps-available/kanboard /etc/nginx/apps-available/kanboard | ||||
| ln -s /etc/nginx/apps-available/kanboard /etc/nginx/apps-enabled/kanboard | ||||
| 
 | ||||
| # Restart services | ||||
| systemctl restart php7.0-fpm | ||||
| systemctl restart nginx | ||||
| 
 | ||||
| # Install cron job | ||||
| cp ${SOURCE_DIR}/kanboard/etc/cron.d/kanboard /etc/cron.d/kanboard | ||||
| 
 | ||||
| # Add portal application definition | ||||
| ${SOURCE_DIR}/basic/portal-app-manager.py kanboard "/kanboard/" "${KANBOARD_ADMIN_USER}" "${KANBOARD_ADMIN_PWD}" | ||||
| 
 | ||||
| # TODO: Admin pwd set | ||||
| # TODO: Portal card | ||||
							
								
								
									
										1
									
								
								kanboard/etc/cron.d/kanboard
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										1
									
								
								kanboard/etc/cron.d/kanboard
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1 @@ | ||||
| 0 8 * * * kanboard /srv/kanboard/cli cronjob >/dev/null | ||||
							
								
								
									
										11
									
								
								kanboard/etc/nginx/apps-available/kanboard
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										11
									
								
								kanboard/etc/nginx/apps-available/kanboard
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,11 @@ | ||||
| location /kanboard { | ||||
|     alias /srv/kanboard; | ||||
|     index index.php; | ||||
|     try_files = $uri $uri/ /kanboard/index.php; | ||||
| 
 | ||||
|     location ~ \.php$ { | ||||
|         include snippets/fastcgi-php.conf; | ||||
|         fastcgi_param SCRIPT_FILENAME $request_filename; | ||||
|         fastcgi_pass unix:/run/php/kanboard.sock; | ||||
|     } | ||||
| } | ||||
							
								
								
									
										12
									
								
								kanboard/etc/php/7.0/fpm/pool.d/kanboard.conf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										12
									
								
								kanboard/etc/php/7.0/fpm/pool.d/kanboard.conf
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,12 @@ | ||||
| [kanboard] | ||||
| user = kanboard | ||||
| group = kanboard | ||||
| 
 | ||||
| listen = /run/php/kanboard.sock | ||||
| listen.owner = www-data | ||||
| listen.group = www-data | ||||
| 
 | ||||
| pm = ondemand | ||||
| pm.max_children = 8 | ||||
| 
 | ||||
| php_admin_value[open_basedir] = /srv/kanboard:/tmp | ||||
							
								
								
									
										239
									
								
								kanboard/srv/kanboard/config.php
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										239
									
								
								kanboard/srv/kanboard/config.php
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,239 @@ | ||||
| <?php | ||||
| 
 | ||||
| /*******************************************************************/ | ||||
| /* Rename this file to config.php if you want to change the values */ | ||||
| /*******************************************************************/ | ||||
| 
 | ||||
| // Data folder (must be writeable by the web server user and absolute)
 | ||||
| define('DATA_DIR', __DIR__.DIRECTORY_SEPARATOR.'data'); | ||||
| 
 | ||||
| // Enable/Disable debug
 | ||||
| define('DEBUG', false); | ||||
| 
 | ||||
| // Available log drivers: syslog, stderr, stdout or file
 | ||||
| define('LOG_DRIVER', ''); | ||||
| 
 | ||||
| // Log filename if the log driver is "file"
 | ||||
| define('LOG_FILE', DATA_DIR.DIRECTORY_SEPARATOR.'debug.log'); | ||||
| 
 | ||||
| // Plugins directory
 | ||||
| define('PLUGINS_DIR', 'plugins'); | ||||
| 
 | ||||
| // Plugins directory URL
 | ||||
| define('PLUGIN_API_URL', 'https://kanboard.net/plugins.json'); | ||||
| 
 | ||||
| // Enable/Disable plugin installer
 | ||||
| define('PLUGIN_INSTALLER', true); | ||||
| 
 | ||||
| // Available cache drivers are "file" and "memory"
 | ||||
| define('CACHE_DRIVER', 'memory'); | ||||
| 
 | ||||
| // Cache folder to use if cache driver is "file" (must be writeable by the web server user)
 | ||||
| define('CACHE_DIR', DATA_DIR.DIRECTORY_SEPARATOR.'cache'); | ||||
| 
 | ||||
| // Folder for uploaded files (must be writeable by the web server user)
 | ||||
| define('FILES_DIR', DATA_DIR.DIRECTORY_SEPARATOR.'files'); | ||||
| 
 | ||||
| // Enable/disable email configuration from the user interface
 | ||||
| define('MAIL_CONFIGURATION', true); | ||||
| 
 | ||||
| // E-mail address used for the "From" header (notifications)
 | ||||
| define('MAIL_FROM', 'kanboard@spotter.ngo'); | ||||
| 
 | ||||
| // Mail transport available: "smtp", "sendmail", "mail" (PHP mail function), "postmark", "mailgun", "sendgrid"
 | ||||
| define('MAIL_TRANSPORT', 'sendmail'); | ||||
| 
 | ||||
| // SMTP configuration to use when the "smtp" transport is chosen
 | ||||
| define('MAIL_SMTP_HOSTNAME', ''); | ||||
| define('MAIL_SMTP_PORT', 25); | ||||
| define('MAIL_SMTP_USERNAME', ''); | ||||
| define('MAIL_SMTP_PASSWORD', ''); | ||||
| define('MAIL_SMTP_ENCRYPTION', null); // Valid values are "null", "ssl" or "tls"
 | ||||
| 
 | ||||
| // Sendmail command to use when the transport is "sendmail"
 | ||||
| define('MAIL_SENDMAIL_COMMAND', '/usr/sbin/sendmail -bs'); | ||||
| 
 | ||||
| // Run automatically database migrations
 | ||||
| // If set to false, you will have to run manually the SQL migrations from the CLI during the next Kanboard upgrade
 | ||||
| // Do not run the migrations from multiple processes at the same time (example: web page + background worker)
 | ||||
| define('DB_RUN_MIGRATIONS', true); | ||||
| 
 | ||||
| // Database driver: sqlite, mysql or postgres (sqlite by default)
 | ||||
| define('DB_DRIVER', 'postgres'); | ||||
| 
 | ||||
| // Mysql/Postgres username
 | ||||
| define('DB_USERNAME', 'kanboard'); | ||||
| 
 | ||||
| // Mysql/Postgres password
 | ||||
| define('DB_PASSWORD', '${KANBOARD_PWD}'); | ||||
| 
 | ||||
| // Mysql/Postgres hostname
 | ||||
| define('DB_HOSTNAME', 'localhost'); | ||||
| 
 | ||||
| // Mysql/Postgres database name
 | ||||
| define('DB_NAME', 'kanboard'); | ||||
| 
 | ||||
| // Mysql/Postgres custom port (null = default port)
 | ||||
| define('DB_PORT', null); | ||||
| 
 | ||||
| // Mysql SSL key
 | ||||
| define('DB_SSL_KEY', null); | ||||
| 
 | ||||
| // Mysql SSL certificate
 | ||||
| define('DB_SSL_CERT', null); | ||||
| 
 | ||||
| // Mysql SSL CA
 | ||||
| define('DB_SSL_CA', null); | ||||
| 
 | ||||
| // Enable LDAP authentication (false by default)
 | ||||
| define('LDAP_AUTH', false); | ||||
| 
 | ||||
| // LDAP server hostname
 | ||||
| define('LDAP_SERVER', ''); | ||||
| 
 | ||||
| // LDAP server port (389 by default)
 | ||||
| define('LDAP_PORT', 389); | ||||
| 
 | ||||
| // By default, require certificate to be verified for ldaps:// style URL. Set to false to skip the verification
 | ||||
| define('LDAP_SSL_VERIFY', true); | ||||
| 
 | ||||
| // Enable LDAP START_TLS
 | ||||
| define('LDAP_START_TLS', false); | ||||
| 
 | ||||
| // By default Kanboard lowercase the ldap username to avoid duplicate users (the database is case sensitive)
 | ||||
| // Set to true if you want to preserve the case
 | ||||
| define('LDAP_USERNAME_CASE_SENSITIVE', false); | ||||
| 
 | ||||
| // LDAP bind type: "anonymous", "user" or "proxy"
 | ||||
| define('LDAP_BIND_TYPE', 'anonymous'); | ||||
| 
 | ||||
| // LDAP username to use with proxy mode
 | ||||
| // LDAP username pattern to use with user mode
 | ||||
| define('LDAP_USERNAME', null); | ||||
| 
 | ||||
| // LDAP password to use for proxy mode
 | ||||
| define('LDAP_PASSWORD', null); | ||||
| 
 | ||||
| // LDAP DN for users
 | ||||
| // Example for ActiveDirectory: CN=Users,DC=kanboard,DC=local
 | ||||
| // Example for OpenLDAP: ou=People,dc=example,dc=com
 | ||||
| define('LDAP_USER_BASE_DN', ''); | ||||
| 
 | ||||
| // LDAP pattern to use when searching for a user account
 | ||||
| // Example for ActiveDirectory: '(&(objectClass=user)(sAMAccountName=%s))'
 | ||||
| // Example for OpenLDAP: 'uid=%s'
 | ||||
| define('LDAP_USER_FILTER', ''); | ||||
| 
 | ||||
| // LDAP attribute for username
 | ||||
| // Example for ActiveDirectory: 'samaccountname'
 | ||||
| // Example for OpenLDAP: 'uid'
 | ||||
| define('LDAP_USER_ATTRIBUTE_USERNAME', 'uid'); | ||||
| 
 | ||||
| // LDAP attribute for user full name
 | ||||
| // Example for ActiveDirectory: 'displayname'
 | ||||
| // Example for OpenLDAP: 'cn'
 | ||||
| define('LDAP_USER_ATTRIBUTE_FULLNAME', 'cn'); | ||||
| 
 | ||||
| // LDAP attribute for user email
 | ||||
| define('LDAP_USER_ATTRIBUTE_EMAIL', 'mail'); | ||||
| 
 | ||||
| // LDAP attribute to find groups in user profile
 | ||||
| define('LDAP_USER_ATTRIBUTE_GROUPS', 'memberof'); | ||||
| 
 | ||||
| // LDAP attribute for user avatar image: thumbnailPhoto or jpegPhoto
 | ||||
| define('LDAP_USER_ATTRIBUTE_PHOTO', ''); | ||||
| 
 | ||||
| // LDAP attribute for user language, example: 'preferredlanguage'
 | ||||
| // Put an empty string to disable language sync
 | ||||
| define('LDAP_USER_ATTRIBUTE_LANGUAGE', ''); | ||||
| 
 | ||||
| // Allow automatic LDAP user creation
 | ||||
| define('LDAP_USER_CREATION', true); | ||||
| 
 | ||||
| // LDAP DN for administrators
 | ||||
| // Example: CN=Kanboard-Admins,CN=Users,DC=kanboard,DC=local
 | ||||
| define('LDAP_GROUP_ADMIN_DN', ''); | ||||
| 
 | ||||
| // LDAP DN for managers
 | ||||
| // Example: CN=Kanboard Managers,CN=Users,DC=kanboard,DC=local
 | ||||
| define('LDAP_GROUP_MANAGER_DN', ''); | ||||
| 
 | ||||
| // Enable LDAP group provider for project permissions
 | ||||
| // The end-user will be able to browse LDAP groups from the user interface and allow access to specified projects
 | ||||
| define('LDAP_GROUP_PROVIDER', false); | ||||
| 
 | ||||
| // LDAP Base DN for groups
 | ||||
| define('LDAP_GROUP_BASE_DN', ''); | ||||
| 
 | ||||
| // LDAP group filter
 | ||||
| // Example for ActiveDirectory: (&(objectClass=group)(sAMAccountName=%s*))
 | ||||
| define('LDAP_GROUP_FILTER', ''); | ||||
| 
 | ||||
| // LDAP user group filter
 | ||||
| // If this filter is configured, Kanboard will search user groups in LDAP_GROUP_BASE_DN with this filter
 | ||||
| // Example for OpenLDAP: (&(objectClass=posixGroup)(memberUid=%s))
 | ||||
| define('LDAP_GROUP_USER_FILTER', ''); | ||||
| 
 | ||||
| // LDAP attribute for the group name
 | ||||
| define('LDAP_GROUP_ATTRIBUTE_NAME', 'cn'); | ||||
| 
 | ||||
| // Enable/disable the reverse proxy authentication
 | ||||
| define('REVERSE_PROXY_AUTH', false); | ||||
| 
 | ||||
| // Header name to use for the username
 | ||||
| define('REVERSE_PROXY_USER_HEADER', 'REMOTE_USER'); | ||||
| 
 | ||||
| // Username of the admin, by default blank
 | ||||
| define('REVERSE_PROXY_DEFAULT_ADMIN', ''); | ||||
| 
 | ||||
| // Default domain to use for setting the email address
 | ||||
| define('REVERSE_PROXY_DEFAULT_DOMAIN', ''); | ||||
| 
 | ||||
| // Enable/disable remember me authentication
 | ||||
| define('REMEMBER_ME_AUTH', true); | ||||
| 
 | ||||
| // Enable or disable "Strict-Transport-Security" HTTP header
 | ||||
| define('ENABLE_HSTS', true); | ||||
| 
 | ||||
| // Enable or disable "X-Frame-Options: DENY" HTTP header
 | ||||
| define('ENABLE_XFRAME', true); | ||||
| 
 | ||||
| // Escape html inside markdown text
 | ||||
| define('MARKDOWN_ESCAPE_HTML', true); | ||||
| 
 | ||||
| // API alternative authentication header, the default is HTTP Basic Authentication defined in RFC2617
 | ||||
| define('API_AUTHENTICATION_HEADER', ''); | ||||
| 
 | ||||
| // Enable/disable url rewrite
 | ||||
| define('ENABLE_URL_REWRITE', true); | ||||
| 
 | ||||
| // Hide login form, useful if all your users use Google/Github/ReverseProxy authentication
 | ||||
| define('HIDE_LOGIN_FORM', false); | ||||
| 
 | ||||
| // Disabling logout (useful for external SSO authentication)
 | ||||
| define('DISABLE_LOGOUT', false); | ||||
| 
 | ||||
| // Enable captcha after 3 authentication failure
 | ||||
| define('BRUTEFORCE_CAPTCHA', 3); | ||||
| 
 | ||||
| // Lock the account after 6 authentication failure
 | ||||
| define('BRUTEFORCE_LOCKDOWN', 6); | ||||
| 
 | ||||
| // Lock account duration in minute
 | ||||
| define('BRUTEFORCE_LOCKDOWN_DURATION', 15); | ||||
| 
 | ||||
| // Session duration in second (0 = until the browser is closed)
 | ||||
| // See http://php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime
 | ||||
| define('SESSION_DURATION', 0); | ||||
| 
 | ||||
| // HTTP client proxy
 | ||||
| define('HTTP_PROXY_HOSTNAME', ''); | ||||
| define('HTTP_PROXY_PORT', '3128'); | ||||
| define('HTTP_PROXY_USERNAME', ''); | ||||
| define('HTTP_PROXY_PASSWORD', ''); | ||||
| 
 | ||||
| // Set to false to allow self-signed certificates
 | ||||
| define('HTTP_VERIFY_SSL_CERTIFICATE', true); | ||||
| 
 | ||||
| // TOTP (2FA) issuer name
 | ||||
| define('TOTP_ISSUER', 'Kanboard'); | ||||
							
								
								
									
										5
									
								
								kanboard/tmp/kanboard-adminpwd.sql
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										5
									
								
								kanboard/tmp/kanboard-adminpwd.sql
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,5 @@ | ||||
| UPDATE settings SET value = 'cs_CZ' WHERE option = 'application_language'; | ||||
| UPDATE settings SET value = 'Europe/Prague' WHERE option = 'application_timezone'; | ||||
| UPDATE settings SET value = 'd.m.Y' WHERE option = 'application_date_format'; | ||||
| 
 | ||||
| -- UPDATE users SET password = '${KANBOARD_ADMIN_PWD}' WHERE username = 'admin'; | ||||
							
								
								
									
										4
									
								
								kanboard/tmp/kanboard-createdb.sql
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										4
									
								
								kanboard/tmp/kanboard-createdb.sql
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,4 @@ | ||||
| CREATE ROLE kanboard NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT LOGIN ENCRYPTED PASSWORD '${KANBOARD_PWD}'; | ||||
| CREATE DATABASE kanboard; | ||||
| REVOKE ALL ON DATABASE kanboard FROM public; | ||||
| ALTER DATABASE kanboard OWNER TO kanboard; | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user