Further optimations of espocrm

group_vars/all/00_general.yml

@@ -1,8 +1,16 @@
-# General
-pause_duration:         "120"         # Database delay to wait for the central database before continue tasks
 
-timezone:               "Etc/UTC"
-locale:                 "en"          # Some applications are case sensitive
+HOST_CURRENCY:            "EUR"
+HOST_TIMEZONE:            "UTC"
+
+# https://en.wikipedia.org/wiki/ISO_639
+HOST_LL:                  "en"          # Some applications are case sensitive
+HOST_LL_CC:               "{{HOST_LL}}_{{HOST_LL | upper }}"
+
+HOST_DATE_FORMAT:         "YYYY-MM-DD"
+HOST_TIME_FORMAT:         "HH:mm"
+
+HOST_THOUSAND_SEPARATOR:  "."
+HOST_DECIMAL_MARK:        ","
 
 # Deployment mode
 deployment_mode:        "single"      # Use single, if you deploy on one server. Use cluster if you setup in cluster mode.

group_vars/all/09_ports.yml

@@ -1,6 +1,7 @@
 ports:
   # Ports which are exposed to localhost
   localhost:
+    # https://developer.mozilla.org/de/docs/Web/API/WebSockets_API
     websocket:
       mastodon:         4001
       espocrm:          4002

roles/docker-akaunting/templates/env.j2

@@ -1,6 +1,6 @@
 # You should change this to match your reverse proxy DNS name and protocol
 APP_URL=https://{{domains[application_id]}}
-LOCALE={{locale}}
+LOCALE={{ HOST_LL }}
 
 # Don't change this unless you rename your database container or use rootless podman, in case of using rootless podman you should set it to 127.0.0.1 (NOT localhost)
 DB_HOST={{database_host}}

roles/docker-discourse/templates/discourse_application.yml.j2

@@ -34,7 +34,7 @@ env:
   LC_ALL: en_US.UTF-8
   LANG: en_US.UTF-8
   LANGUAGE: en_US.UTF-8
-  #DISCOURSE_DEFAULT_LOCALE: {{locale}} # Deactivated because not right format was selected @todo find right format
+  #DISCOURSE_DEFAULT_LOCALE: {{ HOST_LL }} # Deactivated because not right format was selected @todo find right format
 
   ## How many concurrent web requests are supported? Depends on memory and CPU cores.
   ## will be set automatically by bootstrap based on detected CPUs, or you can override

roles/docker-espocrm/tasks/main.yml

@@ -16,13 +16,3 @@
 
 - name: "copy docker-compose.yml and env file"
   include_tasks: copy-docker-compose-and-env.yml
-
-- name: flush docker service
-  meta: flush_handlers
-  when: applications.espocrm.setup | bool
-
-- name: "run database setup / upgrade"
-  command:
-    cmd: "docker compose run --rm web php command.php upgrade"
-    chdir: "{{ docker_compose.directories.instance }}"
-  when: applications.espocrm.setup | bool

roles/docker-espocrm/templates/docker-compose.yml.j2

@@ -5,52 +5,41 @@ services:
   web:
     image: espocrm/espocrm:{{ applications.espocrm.version }}
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
-    environment:
-      # --- DB connection ----------------------------------------------------
-      - ESPOCRM_DATABASE_PLATFORM=Mysql
-      - ESPOCRM_DATABASE_HOST={{ database_host }}
-      - ESPOCRM_DATABASE_PORT={{ database_port }}
-      - ESPOCRM_DATABASE_NAME={{ database_name }}
-      - ESPOCRM_DATABASE_USER={{ database_username }}
-      - ESPOCRM_DATABASE_PASSWORD={{ database_password }}
-      # --- initial admin & site URL ----------------------------------------
-      - ESPOCRM_ADMIN_USERNAME={{ applications[application_id].credentials.admin.username }}
-      - ESPOCRM_ADMIN_PASSWORD={{ applications[application_id].credentials.admin.password }}
-      - ESPOCRM_SITE_URL={{ web_protocol }}://{{ domains[application_id] }}
     command: "php-fpm"
     healthcheck:
       test: ["CMD", "curl", "-f", "http://localhost/"]
     ports:
       - "127.0.0.1:{{ ports.localhost.http[application_id] }}:80"
-{% include 'templates/docker/container/depends-on-database.yml.j2' %}
+{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
 {% include 'templates/docker/container/networks.yml.j2' %}
     volumes:
       - data:/var/www/html
 
   daemon:
     image: espocrm/espocrm:{{ applications.espocrm.version }}
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+    restart: {{docker_restart_policy}}
+    logging:
+      driver: journald
     entrypoint: docker-daemon.sh
-{% include 'templates/docker/container/depends-on-database.yml.j2' %}
 {% include 'templates/docker/container/networks.yml.j2' %}
     volumes:
       - data:/var/www/html
-    restart: unless-stopped
 
   websocket:
     image: espocrm/espocrm:{{ applications.espocrm.version }}
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+    restart: {{docker_restart_policy}}
+    logging:
+      driver: journald
     environment:
       - ESPOCRM_CONFIG_USE_WEB_SOCKET=true
       - ESPOCRM_CONFIG_WEB_SOCKET_URL=ws://{{ domains[application_id] }}/ws
       - ESPOCRM_CONFIG_WEB_SOCKET_ZERO_M_Q_SUBSCRIBER_DSN=tcp://*:7777
       - ESPOCRM_CONFIG_WEB_SOCKET_ZERO_M_Q_SUBMISSION_DSN=tcp://websocket:7777
     entrypoint: docker-websocket.sh
-{% include 'templates/docker/container/depends-on-database.yml.j2' %}
+{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
 {% include 'templates/docker/container/networks.yml.j2' %}
     volumes:
       - data:/var/www/html
-    restart: unless-stopped
     ports:
       - "{{ ports.localhost.websocket[application_id] | default('127.0.0.1:8081') }}:8080"
 

roles/docker-espocrm/templates/env.j2

@@ -1,44 +1,98 @@
-# EspoCRM environment
+#############################################
+# EspoCRM Docker Environment (.env) – ENGLISH
+# See: https://hub.docker.com/r/espocrm/espocrm
+#############################################
+
+# ------------------------------------------------
 # Database connection
+# ------------------------------------------------
+ESPOCRM_DATABASE_PLATFORM=Mysql
 ESPOCRM_DATABASE_HOST={{ database_host }}
 ESPOCRM_DATABASE_PORT={{ database_port }}
 ESPOCRM_DATABASE_NAME={{ database_name }}
 ESPOCRM_DATABASE_USER={{ database_username }}
 ESPOCRM_DATABASE_PASSWORD={{ database_password }}
-# Cron toggle
+
+# Disable EspoCRM’s built-in cron (handled externally)
 CRON_DISABLED=true
 
-ESPOCRM_ADMIN_USERNAME: admin
-ESPOCRM_ADMIN_PASSWORD: password
-ESPOCRM_SITE_URL: "http://localhost:8080"
+# ------------------------------------------------
+# Initial admin account
+# ------------------------------------------------
+ESPOCRM_ADMIN_USERNAME={{ applications[application_id].users.administrator.username }}
+ESPOCRM_ADMIN_PASSWORD={{ applications[application_id].credentials.administrator.password }}
 
-# SMTP settings (example)
-SMTP_HOST={{ system_email.host }}
-SMTP_PORT={{ system_email.port }}
-SMTP_USER={{ users['no-reply'].email }}
-SMTP_PASS={{ users['no-reply'].mailu_token }}
-SMTP_SECURE=tls
+# Public base URL of the EspoCRM instance
+ESPOCRM_SITE_URL={{ web_protocol }}://{{ domains[application_id] }}
 
-###################################
+# ------------------------------------------------
+# General UI & locale settings
+# ------------------------------------------------
+ESPOCRM_CONFIG_LANGUAGE={{ HOST_LL_CC }}
+ESPOCRM_CONFIG_DATE_FORMAT={{ HOST_DATE_FORMAT }}
+ESPOCRM_CONFIG_TIME_FORMAT={{ HOST_TIME_FORMAT }}
+ESPOCRM_CONFIG_TIME_ZONE={{ HOST_TIMEZONE }}
+# ESPOCRM_CONFIG_WEEK_START: 0 = Sunday, 1 = Monday
+ESPOCRM_CONFIG_WEEK_START=1
+ESPOCRM_CONFIG_DEFAULT_CURRENCY={{ HOST_CURRENCY }}
+ESPOCRM_CONFIG_THOUSAND_SEPARATOR={{ HOST_THOUSAND_SEPARATOR }}
+ESPOCRM_CONFIG_DECIMAL_MARK={{HOST_DECIMAL_MARK}}
+
+# ------------------------------------------------
+# Logger
+# ------------------------------------------------
+ESPOCRM_CONFIG_LOGGER_LEVEL={{ 'DEBUG' if enable_debug | bool else 'INFO' }}
+ESPOCRM_CONFIG_LOGGER_PATH=php://stdout
+ESPOCRM_CONFIG_LOGGER_ROTATION=false
+
+# ------------------------------------------------
+# System SMTP settings
+# ------------------------------------------------
+ESPOCRM_CONFIG_SMTP_SERVER={{ system_email.host }}
+ESPOCRM_CONFIG_SMTP_PORT={{ system_email.port }}
+ESPOCRM_CONFIG_SMTP_SECURITY=TLS
+ESPOCRM_CONFIG_SMTP_AUTH=true
+ESPOCRM_CONFIG_SMTP_USERNAME={{ users['no-reply'].email }}
+ESPOCRM_CONFIG_SMTP_PASSWORD={{ users['no-reply'].mailu_token }}
+ESPOCRM_CONFIG_OUTBOUND_EMAIL_FROM_NAME={{ service_provider.company.titel }} - CRM
+ESPOCRM_CONFIG_OUTBOUND_EMAIL_FROM_ADDRESS={{ users['no-reply'].email }}
+
+# ------------------------------------------------
 # LDAP settings (optional)
-###################################
+# Applied only if the feature flag is true
+# ------------------------------------------------
 {% if applications[application_id].features.ldap | bool %}
-LDAP_ENABLED=true
-LDAP_HOST={{ ldap.server.domain }}
-LDAP_PORT={{ ldap.server.port }}
-LDAP_BASE_DN={{ ldap.dn.users }}
-LDAP_BIND_DN={{ ldap.dn.administrator }}
-LDAP_BIND_PASSWORD={{ ldap.bind_credential }}
-LDAP_UID_ATTRIBUTE={{ ldap.attributes.user_id }}
+ESPOCRM_CONFIG_AUTHENTICATION_METHOD=Ldap
+ESPOCRM_CONFIG_LDAP_HOST={{ ldap.server.domain }}
+ESPOCRM_CONFIG_LDAP_PORT={{ ldap.server.port }}
+# ESPOCRM_CONFIG_LDAP_SECURITY: "", SSL or TLS
+ESPOCRM_CONFIG_LDAP_SECURITY=          
+ESPOCRM_CONFIG_LDAP_USERNAME={{ ldap.dn.administrator }}
+ESPOCRM_CONFIG_LDAP_PASSWORD={{ ldap.bind_credential }}
+ESPOCRM_CONFIG_LDAP_BASE_DN={{ ldap.dn.users }}
+ESPOCRM_CONFIG_LDAP_USER_LOGIN_FILTER=(sAMAccountName=%USERNAME%)
 {% endif %}
 
-###################################
-# OpenID Connect (OIDC) settings (optional)
-###################################
+# ------------------------------------------------
+# OpenID Connect settings (optional)
+# Applied only if the feature flag is true
+# ------------------------------------------------
 {% if applications[application_id].features.oidc | bool %}
-OIDC_ENABLED=true
-OIDC_ISSUER_URL={{ oidc.client.issuer_url }}
-OIDC_CLIENT_ID={{ oidc.client.id }}
-OIDC_CLIENT_SECRET={{ oidc.client.secret }}
-OIDC_REDIRECT_URI=https://{{ domains[application_id] }}/oidc/callback
-{% endif %}
+
+# ------------------------------------------------
+# OpenID Connect settings
+# ------------------------------------------------
+ESPOCRM_CONFIG_AUTHENTICATION_METHOD=Oidc
+ESPOCRM_CONFIG_OIDC_FALLBACK=false                       # set true if you want LDAP as fallback
+
+ESPOCRM_CONFIG_OIDC_CLIENT_ID={{ oidc.client.id }}
+ESPOCRM_CONFIG_OIDC_CLIENT_SECRET={{ oidc.client.secret }}
+
+ESPOCRM_CONFIG_OIDC_AUTHORIZATION_ENDPOINT={{ oidc.client.authorize_url }}
+ESPOCRM_CONFIG_OIDC_TOKEN_ENDPOINT={{ oidc.client.token_url }}
+ESPOCRM_CONFIG_OIDC_USER_INFO_ENDPOINT={{ oidc.client.user_info_url }}
+ESPOCRM_CONFIG_OIDC_JWKS_ENDPOINT={{ oidc.client.certs }}
+
+ESPOCRM_CONFIG_OIDC_AUTHORIZATION_REDIRECT_URI=https://{{ domains[application_id] }}/oidc/callback
+ESPOCRM_CONFIG_OIDC_SCOPES=openid,profile,email
+{% endif %}

roles/docker-listmonk/templates/env.j2

@@ -1,4 +1,4 @@
-TZ={{timezone}}
+TZ={{ HOST_TIMEZONE }}
 
 # Administrator setup
 

roles/docker-listmonk/vars/main.yml

@@ -61,7 +61,7 @@ listmonk_settings:
 
 
   - key: "app.lang"
-    value: '"{{ locale }}"'
+    value: '"{{ HOST_LL }}"'
 
 #  - key: "messengers"
 #    value: '[]'

roles/docker-nextcloud/vars/system.yml

@@ -12,7 +12,7 @@ nextcloud_system_config:
     value: "{{ on_calendar_nextcloud }}"
 
   - parameter: "default_phone_region"
-    value: "{{ locale | upper }}"
+    value: "{{ HOST_LL | upper }}"
 
   - parameter: "trusted_domains 0"
     value: "{{domains[application_id]}}"

roles/docker-pixelfed/templates/env.j2

@@ -15,8 +15,8 @@ ENFORCE_EMAIL_VERIFICATION=false
 PF_MAX_USERS=1000
 OAUTH_ENABLED=true
 
-APP_TIMEZONE={{timezone}}
-APP_LOCALE={{locale}}
+APP_TIMEZONE={{ HOST_TIMEZONE }}
+APP_LOCALE={{ HOST_LL }}
 
 ## Pixelfed Tweaks
 LIMIT_ACCOUNT_SIZE=true
@@ -49,7 +49,7 @@ MAIL_DRIVER=log
 MAIL_HOST={{system_email.host}}
 MAIL_PORT={{system_email.port}}
 MAIL_FROM_ADDRESS="{{ users['no-reply'].email }}"
-MAIL_FROM_NAME="Pixelfed"
+MAIL_FROM_NAME={{ service_provider.company.titel }} - Pixelfed
 MAIL_USERNAME={{ users['no-reply'].email }}
 MAIL_PASSWORD={{ users['no-reply'].mailu_token }}
 # Not sure if the following is correct

roles/docker-snipe_it/templates/env.j2

@@ -7,8 +7,8 @@ APP_DEBUG={{enable_debug | string | lower }}
 APP_KEY={{applications.snipe_it.app_key}}
 APP_URL=https://{{domains[application_id]}}
 # https://en.wikipedia.org/wiki/List_of_tz_database_time_zones - TZ identifier
-APP_TIMEZONE='{{timezone}}'
-APP_LOCALE={{locale}}
+APP_TIMEZONE='{{ HOST_TIMEZONE }}'
+APP_LOCALE={{ HOST_LL }}
 MAX_RESULTS=500
 
 # --------------------------------------------
@@ -49,15 +49,15 @@ DB_SSL_VERIFY_SERVER=null
 # REQUIRED: OUTGOING MAIL SERVER SETTINGS
 # --------------------------------------------
 MAIL_MAILER             =   smtp
-MAIL_HOST               =   {{system_email.host}}               # SMTP server address
-MAIL_PORT               =   {{system_email.port}}               # SMTP server address
-MAIL_USERNAME           =   {{ users['no-reply'].email }}           # user to connect the SMTP server
-MAIL_PASSWORD           =   {{ users['no-reply'].mailu_token }}           # SMTP user's password
-MAIL_TLS_VERIFY_PEER    =   {{ system_email.tls | capitalize }} # use TLS (secure) connection with the SMTP server
-MAIL_FROM_ADDR          =   {{ users['no-reply'].email }}               # default email address for the automated emails
-MAIL_FROM_NAME          =   'Snipe-IT'
-MAIL_REPLYTO_ADDR       =   {{ users['no-reply'].email }}               # default email address for the automated emails
-MAIL_REPLYTO_NAME       =   'Snipe-IT'
+MAIL_HOST               =   {{system_email.host}}
+MAIL_PORT               =   {{system_email.port}}
+MAIL_USERNAME           =   {{ users['no-reply'].email }}
+MAIL_PASSWORD           =   {{ users['no-reply'].mailu_token }}
+MAIL_TLS_VERIFY_PEER    =   {{ system_email.tls | capitalize }}
+MAIL_FROM_ADDR          =   {{ users['no-reply'].email }}
+MAIL_FROM_NAME          =   {{ service_provider.company.titel }} - Snipe-IT
+MAIL_REPLYTO_ADDR       =   {{ users['no-reply'].email }}
+MAIL_REPLYTO_NAME       =   {{ service_provider.company.titel }} - Snipe-IT
 MAIL_AUTO_EMBED_METHOD  =   'attachment'
 
 # --------------------------------------------

roles/nginx-serve-legal/templates/imprint.html.j2

@@ -1,5 +1,5 @@
 <!DOCTYPE html>
-<html lang="{{ locale }}">
+<html lang="{{ HOST_LL }}">
 <head>
   <meta charset="UTF-8">
   <meta name="viewport" content="width=device-width, initial-scale=1">

tasks/server.yml

@@ -216,6 +216,11 @@
   include_role:
     name: docker-presentation
 
+- name: setup espocrm hosts
+  when: ("espocrm" in group_names)
+  include_role:
+    name: docker-espocrm
+
 # Native Webserver Roles
 - name: setup nginx-serve-htmls
   when: ("nginx-serve-htmls" in group_names)

templates/vars/applications.yml.j2

@@ -126,6 +126,30 @@ defaults_applications:
   'database': true,
 }) }}{% raw %}
 
+  ## EspoCRM
+  espocrm:
+    version:                      "fpm-alpine"
+    users:
+      administrator:
+        username:                 "{{ users.administrator.username }}"
+        email:                    "{{ users.administrator.email }}"
+
+    credentials:
+      administrator:
+        password:                 "{{ users.administrator.password }}"
+      database:
+        # password:                # Set in your inventory file
+
+{% endraw %}{{ features.render_features({
+  'matomo':   true,
+  'css':      true,
+  'iframe':   false,
+  'ldap':     true,
+  'oidc':     true,
+  'database': true
+}) }}{% raw %}
+
+
   ## File Server
   file_server:
 {% endraw %}{{ features.render_features({