From 3251c09feafb22861bd44416328618c5979a1ad9 Mon Sep 17 00:00:00 2001 From: Matthew R Date: Fri, 25 Nov 2022 18:01:27 -0500 Subject: [PATCH] add nlm service conf --- Kimai/kamai.yaml | 372 ++++++++++++++++++ .../Server Blocks/nlm.libraryofcode.org.conf | 12 + 2 files changed, 384 insertions(+) create mode 100644 Kimai/kamai.yaml create mode 100644 Nginx/Server Blocks/nlm.libraryofcode.org.conf diff --git a/Kimai/kamai.yaml b/Kimai/kamai.yaml new file mode 100644 index 0000000..f80c0db --- /dev/null +++ b/Kimai/kamai.yaml @@ -0,0 +1,372 @@ +# --------------------------------------------------------------------------------------------- +# DO NOT EDIT THIS FILE, INSTEAD CREATE THE FILE "local.yaml" AND ADD YOUR SETTINGS IN THERE. +# See https://www.kimai.org/documentation/local-yaml.html +# +# Be aware that this file is YAML format and the indentation is important. +# Each config level needs to be indented with 4 additional spaces. +# --------------------------------------------------------------------------------------------- +kimai: + saml: + activate: true + title: Login with IAM + mapping: + - { saml: $email, kimai: email } + - { saml: $name, kimai: alias } + roles: + resetOnLogin: false + # attribute: Groups + # mapping: + # # Insert your role-mapping here (ROLE_USER is added automatically) + # - { saml: Admin, kimai: ROLE_SUPER_ADMIN } + # - { saml: Manager, kimai: ROLE_ADMIN } + # - { saml: Teamlead, kimai: ROLE_TEAMLEAD } + connection: + idp: + entityId: 'urn:auth.libraryofcode.org' + singleSignOnService: + url: 'https://auth.libraryofcode.org/samlp/1sEhaaFdWtinNdi6ov8eiNhGSenS7qmD' + binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect' + #singleLogoutService: + # url: 'https://www.example.com/logout' + # binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect' + x509cert: 'MIIDDzCCAfegAwIBAgIJUAAq4EwiXEPrMA0GCSqGSIb3DQEBCwUAMCUxIzAhBgNVBAMTGmxpYnJhcnlvZmNvZGUudXMuYXV0aDAuY29tMB4XDTIxMDUyMzIwNTQ0OVoXDTM1MDEzMDIwNTQ0OVowJTEjMCEGA1UEAxMabGlicmFyeW9mY29kZS51cy5hdXRoMC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQh2G5y3EkOHkELf9vESZrGPNBfTTR4C7QRclfqCDIPaxqkkH7JhivnyOUnpOE1+8ZC3Z6kvIjHE2tJSMd3JEV1r83NOv3Iowy5NLsd7iz9CctXdYH+cJSRAQMjLYIwZg04yX+mSAMn/hdCKbMjtlg1eUer6miPOzqIMGwVptUybYIX+a6LHDyAP39CxZtD5UsWCb15NYpKqXsOHtq7EWowLf2DaocFfEV7PvZCzSR9dIRKJf2yC/oSyX8/3zAVhaWJTxBMyuYseFSQcPNcAsWrxNuF3yh4u2R05aGBPJXF2ztx6M7Mv4bK2Uvzxv4mx7wSxKbcfC9h/1vtS9qapNLAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFImsV52lnWc99Meaj9/zPAALrOVMA4GA1UdDwEB/wQEAwIChDANBgkqhkiG9w0BAQsFAAOCAQEAlA8LCnFnUamt/PZBqHe22rPCUfeglPQlmx9OSJL9SA9J4OcTEtZOao0AwRFFjFIBR+9frD5laWzWcE63tTlLlN2y1EbUMIbH/WtCNEXrq+i750spMlCtwqiCY8dIQPfBl0gfbr3sCllx0FLcZVmUCR3wewIGdVM/Jg69NfOoDmSTYKtqnDpSKtTZxudoKx+ZRxBDJQiBlCxEFeE05g6MVaK6mXRnG0nyhoRxJD4di1uN9dHgr2JWMpbVNaD1ZN9j02CEBr6Qtg1mCuGeX4K1BIWI0dCZGOqXKWYbjeSgjvsZha6op6Gz2rLP1NR+RpLpND2/REysxCbYwok8IXKvNA==' + # Your Kimai: replace https://www.example.com with your base URL + sp: + entityId: 'https://time.libraryofcode.org/auth/saml/metadata' + assertionConsumerService: + url: 'https://time.libraryofcode.org/auth/saml/acs' + binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' + #singleLogoutService: + # url: 'https://auth.libraryofcode.org/auth/saml/logout' + # binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect' + #privateKey: '' + # only set baseurl, if auto-detection doesn't work + #baseurl: '' + strict: true + debug: true + security: + nameIdEncrypted: false + authnRequestsSigned: false + logoutRequestSigned: false + logoutResponseSigned: false + wantMessagesSigned: false + wantAssertionsSigned: false + wantNameIdEncrypted: false + requestedAuthnContext: true + signMetadata: false + wantXMLValidation: true + signatureAlgorithm: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256' + digestAlgorithm: 'http://www.w3.org/2001/04/xmlenc#sha256' + contactPerson: + technical: + givenName: 'Kimai Admin' + emailAddress: 'admin@example.com' + support: + givenName: 'Kimai Support' + emailAddress: 'support@example.com' + organization: + en: + name: 'Kimai' + displayname: 'Kimai' + url: 'https://www.example.com' + +# -------------------------------------------------------------------------------- +# AUTHENTICATION +# -------------------------------------------------------------------------------- +# user: +# registration: false +# password_reset: true +# -------------------------------------------------------------------------------- + + +# -------------------------------------------------------------------------------- +# TIME-TRACKING +# -------------------------------------------------------------------------------- + timesheet: + + # Allows to render timesheet descriptions with markdown + # This setting can be changed through the Administration screen + # markdown_content: false + + # Configures the duration drop-down select. + # null = use rounding rules, 0 = deactivate, every other number is used as minute/step increment + # duration_increment: ~ + + # Configures the minute select for begin and end date-time. + # null = use rounding rules, every number > 0 is used as minute/step increment + # time_increment: ~ + + # The time-tracking mode that should be used. + # mode: default + + # The default time to pre-fill the "create timesheet" form (in some cases). + # This setting is only respected by some time-tracking modes and not in all situations. + # + # Accepted formats, see + # - https://www.php.net/manual/en/datetime.formats.php + # - https://www.php.net/manual/en/datetime.formats.time.php + # default_begin: now + + # Rounding rules are used to round the begin & end dates and the duration for timesheet records. + # The "default" rule will round "begin" down and "end" up to the full minute, the "duration" will not be rounded. + # rounding: + # default: + # days: ['monday','tuesday','wednesday','thursday','friday','saturday','sunday'] + # begin: 1 + # end: 1 + # duration: 0 + # mode: default + + # If you want to apply different hourly rates for specific weekdays, you can uncomment the "rates" configuration. + # The "weekend" rule will add 50% to each timesheet entry that will be recorded on "saturdays" or "sundays". + # rates: + # weekend: + # days: ['saturday','sunday'] + # factor: 1.5 + + # If you want to limit the max. active entries per user, you can do it here. + # The hard_limit is used to detect how many active records are allowed per user: + # - by default a user can only have one active time-record: it is automatically stopped when a new one is started + # - when hard_limit is > 1 and the user is trying to start a new entry after reaching the limit, a warning is shown + # and the user has to stop an active entry first + # active_entries: + # hard_limit: 3 +# -------------------------------------------------------------------------------- + + +# -------------------------------------------------------------------------------- +# PERMISSIONS +# -------------------------------------------------------------------------------- + permissions: + # mapping complex rule sets of single permissions to named "sets" ("set name" = [array of "permissions and @SETS"]) + sets: + ACTIVITIES: ['view_activity','create_activity','edit_activity','budget_activity','time_activity','delete_activity','permissions_activity'] + ACTIVITIES_ALL_TEAMLEAD: ['view_teamlead_activity','edit_teamlead_activity','budget_teamlead_activity','time_teamlead_activity','permissions_teamlead_activity'] + ACTIVITIES_ALL_TEAM: ['view_team_activity','edit_team_activity','budget_team_activity','time_team_activity'] ACTIVITIES_TEAMLEAD: ['view_teamlead_activity','create_activity','edit_teamlead_activity','budget_teamlead_activity','time_teamlead_activity'] + PROJECTS: ['view_project','create_project','edit_project','budget_project','time_project','delete_project','permissions_project','comments_project','comments_create_project','details_project'] + PROJECTS_ALL_TEAMLEAD: ['view_teamlead_project','edit_teamlead_project','budget_teamlead_project','time_teamlead_project','permissions_teamlead_project','comments_teamlead_project','comments_create_teamlead_project','details_teamlead_project'] + PROJECTS_ALL_TEAM: ['view_team_project','edit_team_project','budget_team_project','time_team_project','comments_team_project','comments_create_team_project','details_team_project'] + PROJECTS_TEAMLEAD: ['view_teamlead_project','budget_teamlead_project','time_teamlead_project','comments_teamlead_project','comments_create_teamlead_project','details_teamlead_project'] + CUSTOMERS: ['view_customer','create_customer','edit_customer','budget_customer','time_customer','delete_customer','permissions_customer','comments_customer','comments_create_customer','details_customer'] + CUSTOMERS_ALL_TEAMLEAD: ['view_teamlead_customer','edit_teamlead_customer','budget_teamlead_customer','time_teamlead_customer','permissions_teamlead_customer','comments_teamlead_customer','comments_create_teamlead_customer','details_teamlead_customer'] + CUSTOMERS_ALL_TEAM: ['view_team_customer','edit_team_customer','budget_team_customer','time_team_customer','comments_team_customer','comments_create_team_customer','details_team_customer'] + CUSTOMERS_TEAMLEAD: ['view_teamlead_customer','budget_teamlead_customer','time_teamlead_customer','comments_teamlead_customer','comments_create_teamlead_customer','details_teamlead_customer'] + INVOICE: ['view_invoice','create_invoice'] + INVOICE_ADMIN: ['manage_invoice_template'] + INVOICE_ALL: ['delete_invoice'] + TIMESHEET: ['view_own_timesheet','start_own_timesheet','stop_own_timesheet','create_own_timesheet','edit_own_timesheet','export_own_timesheet','delete_own_timesheet','weekly_own_timesheet'] + TIMESHEET_OTHER: ['view_other_timesheet','start_other_timesheet','stop_other_timesheet','create_other_timesheet','edit_other_timesheet','export_other_timesheet','delete_other_timesheet'] + PROFILE: ['view_own_profile','edit_own_profile','password_own_profile','preferences_own_profile','api-token_own_profile'] + PROFILE_OTHER: ['view_other_profile','edit_other_profile','password_other_profile','roles_other_profile','preferences_other_profile','api-token_other_profile','teams_other_profile'] + TAGS: ['view_tag','manage_tag','delete_tag'] + USER: ['view_user','create_user','delete_user','role_permissions'] + RATE: ['view_rate_own_timesheet','edit_rate_own_timesheet'] + RATE_OTHER: ['view_rate_other_timesheet','edit_rate_other_timesheet'] + EXPORT: ['create_export','edit_export_own_timesheet','edit_export_other_timesheet'] + BILLABLE: ['edit_billable_own_timesheet','edit_billable_other_timesheet'] + TEAMS: ['view_team','create_team','edit_team','delete_team'] + LOCKDOWN: ['lockdown_grace_timesheet','lockdown_override_timesheet'] + REPORTING: ['view_reporting','view_other_reporting'] + # some single default definitions for roles + SINGLE_USER: ['view_team_member','time_team_project'] + SINGLE_TEAMLEAD: ['view_rate_own_timesheet','view_rate_other_timesheet','hourly-rate_own_profile','view_team_member'] + SINGLE_ADMIN: ['hourly-rate_own_profile','edit_exported_timesheet','teams_own_profile','view_team_member','view_all_data'] + SINGLE_SUPER_ADMIN: ['hourly-rate_own_profile','hourly-rate_other_profile','roles_own_profile','system_information','system_configuration','plugins','edit_exported_timesheet','teams_own_profile','view_team_member','upload_invoice_template','view_all_data'] + # link above sets to one complete set for each user role + ROLE_USER: ['@TIMESHEET','@PROFILE','@REPORTING','@SINGLE_USER'] + ROLE_TEAMLEAD: ['@ACTIVITIES_TEAMLEAD','@PROJECTS_TEAMLEAD','@CUSTOMERS_TEAMLEAD','@TIMESHEET_OTHER','@INVOICE','@TIMESHEET','@PROFILE','@EXPORT','@BILLABLE','@TAGS','@REPORTING','@SINGLE_TEAMLEAD'] + ROLE_ADMIN: ['@ACTIVITIES','@PROJECTS','@CUSTOMERS','@INVOICE','@INVOICE_ADMIN','@TIMESHEET','@TIMESHEET_OTHER','@PROFILE','@TEAMS','@RATE','@RATE_OTHER','@EXPORT','@BILLABLE','@TAGS','@LOCKDOWN','@REPORTING','@SINGLE_ADMIN'] + ROLE_SUPER_ADMIN: ['@ACTIVITIES','@PROJECTS','@CUSTOMERS','@INVOICE','@INVOICE_ADMIN','@TIMESHEET','@TIMESHEET_OTHER','@PROFILE','@PROFILE_OTHER','@USER','@TEAMS','@RATE','@RATE_OTHER','@EXPORT','@BILLABLE','@TAGS','@LOCKDOWN','@REPORTING','@SINGLE_SUPER_ADMIN'] + # mapping "sets" or permissions to user roles ("role name" = [array of "set names"]) + maps: + ROLE_USER: ['ROLE_USER'] + ROLE_TEAMLEAD: ['ROLE_TEAMLEAD'] + ROLE_ADMIN: ['ROLE_ADMIN'] + ROLE_SUPER_ADMIN: ['ROLE_SUPER_ADMIN'] + # only here to register the (partially) unused permissions in the UI + ROLE_FAKE: ['CUSTOMERS_ALL_TEAMLEAD','CUSTOMERS_ALL_TEAM','PROJECTS_ALL_TEAMLEAD','PROJECTS_ALL_TEAM','ACTIVITIES_ALL_TEAMLEAD','ACTIVITIES_ALL_TEAM','INVOICE_ALL'] + # add or remove single permissions + roles: + ROLE_USER: [] + ROLE_TEAMLEAD: [] + ROLE_ADMIN: [] + ROLE_SUPER_ADMIN: [] +# -------------------------------------------------------------------------------- + + +# -------------------------------------------------------------------------------- +# CALENDAR Configuration +# -------------------------------------------------------------------------------- +# calendar: +# week_numbers: true +# weekends: true +# day_limit: 4 +# slot_duration: '00:30:00' +# businessHours: +# days: [1, 2, 3, 4, 5] +# begin: '08:00' +# end: '18:00' +# visibleHours: +# begin: '00:00' +# end: '24:00' +# +# # You can configure unlimited google calendars to display events for your company (e.g. holidays) +# google: +# api_key: 'your-restricted-google-api-key' +# sources: +# holidays: +# id: 'de.german#holiday@group.v.calendar.google.com' +# color: '#ccc' +# -------------------------------------------------------------------------------- + + +# -------------------------------------------------------------------------------- +# INVOICES +# -------------------------------------------------------------------------------- +# invoice: +# # all files in these directories will be used as invoice documents (if supported by a renderer) +# documents: +# - 'var/invoices/' +# - 'templates/invoice/renderer/' +# -------------------------------------------------------------------------------- + + +# -------------------------------------------------------------------------------- +# DASHBOARD +# -------------------------------------------------------------------------------- + dashboard: + user_duration: + title: ~ + order: 10 + permission: view_own_timesheet + widgets: [PaginatedWorkingTimeChart] + user_teams: + title: ~ + order: 15 + permission: ROLE_USER + widgets: [UserTeams, UserTeamProjects] + user_rates: + title: ~ + order: 20 + permission: view_rate_own_timesheet + widgets: [userAmountToday, userAmountWeek, userAmountMonth, userAmountYear] + duration: + title: dashboard.all + order: 30 + permission: ROLE_TEAMLEAD + widgets: [durationToday, durationWeek, durationMonth, durationYear] + active_users: + title: ~ + order: 40 + permission: ROLE_TEAMLEAD + widgets: [activeUsersToday, activeUsersWeek, activeUsersMonth, activeUsersYear] + rates: + title: ~ + order: 50 + permission: view_all_data + widgets: [amountToday, amountWeek, amountMonth, amountYear] + totals: + title: ~ + order: 100 + permission: ROLE_USER + widgets: [TotalsUser, TotalsCustomer, TotalsProject, TotalsActivity] +# -------------------------------------------------------------------------------- + + +# -------------------------------------------------------------------------------- +# LANGUAGES +# -------------------------------------------------------------------------------- + languages: + cs: + date_type: 'dd.MM.yyyy' + date: 'd.m.Y' + date_time: 'd.m H:i' + da: + date_type: 'dd.MM.yyyy' + date: 'd.m.Y' + date_time: 'd.m. H:i' + de: + date_type: 'dd.MM.yyyy' + date: 'd.m.Y' + date_time: 'd.m. H:i' + de_AT: + date_type: 'dd.MM.yyyy' + date: 'd.m.Y' + date_time: 'd.m. H:i' + de_CH: + date_type: 'dd.MM.yyyy' + date: 'd.m.Y' + date_time: 'd.m. H:i' + el: + date_type: 'dd.MM.yyyy' + date: 'd.m.Y' + date_time: 'd.m. H:i' + en: + date_type: 'yyyy-MM-dd' + date: 'Y-m-d' + date_time: 'm-d H:i' + duration: '%%h:%%m h' + en_GB: + date_type: 'dd/MM/yyyy' + date: 'd/m/Y' + date_time: 'd/m H:i' + es: + date_type: 'dd.MM.yyyy' + date: 'd.m.Y' + date_time: 'd.m. H:i' + fi: + date_type: 'dd.MM.yyyy' + date: 'd.m.Y' + date_time: 'd.m. H:i' + fr: + date_type: 'dd/MM/yyyy' + date: 'd/m/Y' + date_time: 'd/m H:i' + duration: '%%h h %%m' + he: + date_type: 'dd/MM/yyyy' + date: 'd/m/Y' + date_time: 'd/m H:i' + duration: '%%h:%%m' + hr: + date_type: 'dd. MM. yyyy.' + date: 'd. m. Y.' + date_time: 'd. m. H:i' + duration: '%%h:%%m' + hu: + date_type: 'yyyy.MM.dd.' + date: 'Y.m.d.' + date_time: 'm.d. H:i' + it: + date_type: 'dd.MM.yyyy' + date: 'd.m.Y' + date_time: 'd.m. H:i' + nl: + date_type: 'dd.MM.yyyy' + date: 'd.m.Y' + date_time: 'd.m. H:i' + duration: '%%hu%%m' + pt: + date_type: 'dd/MM/yyyy' + date: 'd/m/Y' + date_time: 'd-m H:i' + pt_BR: + date_type: 'dd-MM-yyyy' + date: 'd-m-Y' + date_time: 'd-m H:i' + ru: + date_type: 'dd.MM.yyyy' + date: 'd.m.Y' + date_time: 'd.m. H:i' + sk: + date_type: 'dd. MM. yyyy' + date: 'd. m. Y' + date_time: 'd. m. H:i' + sv: + duration: '%%h:%%m tim' + date_time: 'd/m H:i' + pl: + date_type: 'dd. MM. yyyy' + date: 'd. m. Y' + date_time: 'd. m. H:i' +# -------------------------------------------------------------------------------- diff --git a/Nginx/Server Blocks/nlm.libraryofcode.org.conf b/Nginx/Server Blocks/nlm.libraryofcode.org.conf new file mode 100644 index 0000000..b1f9213 --- /dev/null +++ b/Nginx/Server Blocks/nlm.libraryofcode.org.conf @@ -0,0 +1,12 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name nlm.libraryofcode.org; + + ssl_certificate /etc/nginx/ssl/org.chain.crt; + ssl_certificate_key /etc/nginx/ssl/org.key.pem; + + location / { + proxy_pass http://localhost:9000; + } +}