Update to 2022-02-15 16:00

roles/kimai/defaults/main.yml

@@ -0,0 +1,87 @@
+---
+
+# You can install several kimai instances on the same host
+# just make sure to set a different instance id for each
+# You can set it to a number or a simple string (no special chars)
+kimai_id: 1
+# Kimai version to deploy
+kimai_version: 1.17.1
+
+# URL of the archive
+kimai_archive_url: https://github.com/kevinpapst/kimai2/archive/refs/tags/{{ kimai_version }}.tar.gz
+# Expected sha256 of the archive
+kimai_archive_sha256: ceff0573591d2e5c70a679301caabe626d8545af5e987443c8155f633babcd0e
+
+# Directory where kimai will be installed
+kimai_root_dir: /opt/kimai_{{ kimai_id }}
+# Should ansible handle upgrades or only initial install
+kimai_manage_upgrade: True
+
+# User under which PHP will run
+# Will be created
+kimai_php_user: php-kimai_{{ kimai_id }}
+# PHP version under which kimai will run
+kimai_php_version: 81
+# Or you can specify here the name of a custom PHP FPM pool. See the httpd_php role
+# bookstack_php_fpm_pool: custom_kimai
+
+# If you want to configure the access to kimai on your main vhost
+# kimai_web_alias: /kimai
+# If not set, you'll need to create a dedicated vhost (see httpd_common role)
+kimai_web_alias: False
+kimai_public_url: http://{{ inventory_hostname }}
+# If you set kimai_src_ip, it'll be considered a list of trusted proxies
+kimai_src_ip: []
+
+# An app specific secret. If not defined, a random one will be created and stored under {{ kimai_root_dir }}/meta/ansible_secret_key
+# kimai_secret_key: S3cr3t.
+
+# Database settings
+kimai_db_server: "{{ mysql_server | default('localhost') }}"
+kimai_db_port: 3306
+kimai_db_name: kimai_{{ kimai_id }}
+kimai_db_user: kimai_{{ kimai_id }}
+# If the pass is not set, a random one will be created and store in {{ kimai_root_dir }}/meta/ansible_dbpass
+# kimai_db_pass: S3cr3t.
+
+# A default admin user will be created during installation
+# If its password isn't set, a random one will be configured and stored in {{ kimai_root_dir }}/meta/ansible_admin_pass
+# Note that this user is only created on first installed, and will not be checked or created again on next runs
+kimai_admin_user: admin@{{ ansible_domain }}
+# kimai_admin_pass÷ S3cr3t.
+
+# Custom configuration. Will be loaded in {{ kimai_root_dir }}/app/config/packages/local.yaml
+kimai_base_settings:
+  kimai:
+# Better to override kimai_extra_settings so future defaults will be merged with your custom settings.
+# For example, to set SAML auth (example working with Lemonldap::NG as SAML idp
+# kimai_extra_settings:
+#   kimai:
+#     saml:
+#       activate: true
+#       title: 'SSO'
+#       mapping:
+#         - { saml: $mail, kimai: email }
+#         - { saml: $principal, kimai: username }
+#         - { saml: $cn, kimai: alias }
+#       roles:
+#         attribute: groups
+#         mapping:
+#           - { saml: Role_Infra_Admin, kimai: ROLE_ADMIN }
+#           - { saml: Projet, kimai: ROLE_TEAMLEAD }
+#       connection:
+#         idp:
+#             entityId: 'https://sso.example.org/saml/metadata'
+#             singleSignOnService:
+#               url: 'https://sso.example.org/saml/singleSignOn'
+#             x509cert: 'MIICsDCCAZigAwIBAgIEAE11GTANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQBDA9zc28ubGFwaW9sZS5vcmcwHhcNMjEwMzE1MTExMzMyWhcNNDEwMzEwMTExMzMyWjAaMRgwFgYDVQQDDA9zc28ubGFwaW9sZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+sPo4pned1vg9IoHVhHoPVeWEKOsYet1NL9eZu5mBI1gg6J+ffiv0Exy+FuISdaRoqPijeUX32TZlgk8cIleANH/Q+FFdsVdqBtpo4Oh5kozT+Ztr6UFcc6rRVOlmFnp4J3A3xUnumBABAeCKu6htA6oxe1NUh+wEs38BakMHlrSThJRODtZPo7jTcI9ZXHRnTpo2CQU5KxIXw2aHo6mmVH6/BGkU8m0OoRAfqJe9zLDnUYOP6cJckEwED6IcaXF1eXdXIRhhBn7Awmob/xoOYh+TzrY3OCLRQ/LZ3zvv0sTi8k4RU2ne3Bi54aVOEXYo4X45vEDt8akzDYjhyrNVAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAG5G/Zp4g+0znft8mB42XYRxHqT1DCCdgkWL8j6JgVixQO8IP+yDFcHi+DUwhC1YfMqtlfD1V/kr9t/QA38v7PsZz7N6mCmwQv2LIbHMsfq7bF7NGQl//50cPmKRfuJgMc7Qh479XKJKUkdo4q5xLMlJGI+hnou3Wi2dcMLgp042Ws+ZOTUaRVOZJ2NGeNJ/18z6kME0MNNL/ytp0bP+2lbAPUNyDmVDDxDa7/Xz87onfQpzs8rNyO2QpCHjVNyRFpdzb2K4j9IUCqKWl8NTVnCx0hAgspOKAIXKsy8UUR4FOyypmIHU4Z1gU7US2KRrCnnmC1U0ogUZC4FXzNfLetA='
+#         sp:
+#           entityId: 'https://temps.example.org/auth/saml/metadata'
+#           assertionConsumerService:
+#             url: 'https://temps.example.org/auth/saml/acs'
+#         baseurl: https://temps.example.org/auth/saml
+#         strict: true
+#         debug: true
+
+kimai_extra_settings: {}
+kimai_settings: "{{ kimai_base_settings | combine(kimai_extra_settings, recursive=True) }}"

roles/kimai/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+
+- name: clear kimai cache
+  command: /bin/php{{ kimai_php_version }} {{ kimai_root_dir }}/app/bin/console kimai:reload --env=prod
+  become_user: "{{ kimai_php_user }}"

roles/kimai/meta/main.yml

@@ -0,0 +1,9 @@
+---
+
+allow_duplicates: True
+dependencies:
+  - role: mkdir
+  - role: httpd_php
+  - role: mysql_server
+    when: kimai_db_server in ['localhost', '127.0.0.1']
+  - role: composer

roles/kimai/tasks/archive_post.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Compress previous version
+  command: tar cf {{ kimai_root_dir }}/archives/{{ kimai_current_version }}.tar.zst ./ --use-compress-program=zstd
+  args:
+    chdir: "{{ kimai_root_dir }}/archives/{{ kimai_current_version }}"
+    warn: False
+  environment:
+    ZSTD_CLEVEL: 10
+  tags: kimai

roles/kimai/tasks/archive_pre.yml

@@ -0,0 +1,34 @@
+---
+
+- name: Create the archive dir
+  file: path={{ kimai_root_dir }}/archives/{{ kimai_current_version }} state=directory
+  tags: kimai
+
+- name: Archive current version
+  synchronize:
+    src: "{{ kimai_root_dir }}/app"
+    dest: "{{ kimai_root_dir }}/archives/{{ kimai_current_version }}/"
+    compress: False
+    delete: True
+  delegate_to: "{{ inventory_hostname }}"
+  tags: kimai
+
+- name: Install mariadb client
+  package:
+    name:
+      - mariadb
+  tags: kimai
+
+- name: Dump the database
+  mysql_db:
+    state: dump
+    name: "{{ kimai_db_name }}"
+    target: "{{ kimai_root_dir }}/archives/{{ kimai_current_version }}/{{ kimai_db_name }}.sql.xz"
+    login_host: "{{ kimai_db_server }}"
+    login_user: "{{ kimai_db_user }}"
+    login_password: "{{ kimai_db_pass }}"
+    quick: True
+    single_transaction: True
+  environment:
+    XZ_OPT: -T0
+  tags: kimai

roles/kimai/tasks/cleanup.yml

@@ -0,0 +1,9 @@
+---
+
+- name: Remove tmp and obsolete files
+  file: path={{ item }} state=absent
+  loop:
+    - "{{ kimai_root_dir }}/archives/{{ kimai_current_version }}"
+    - "{{ kimai_root_dir }}/tmp/kimai2-{{ kimai_version }}"
+    - "{{ kimai_root_dir }}/tmp/kimai2-{{ kimai_version }}.tar.gz"
+  tags: kimai

roles/kimai/tasks/conf.yml

@@ -0,0 +1,56 @@
+---
+
+- import_tasks: ../includes/webapps_webconf.yml
+  vars:
+    - app_id: kimai_{{ kimai_id }}
+    - php_version: "{{ kimai_php_version }}"
+    - php_fpm_pool: "{{ kimai_php_fpm_pool | default('') }}"
+  tags: kimai
+
+- name: Deploy kimai configuration
+  template: src={{ item.src }} dest={{ item.dest }} group={{ kimai_php_user }} mode=640
+  loop:
+    - src: env.j2
+      dest: "{{ kimai_root_dir }}/app/.env"
+    - src: local.yaml.j2
+      dest: "{{ kimai_root_dir }}/app/config/packages/local.yaml"
+  notify: clear kimai cache
+  tags: kimai
+
+- name: Deploy permission script
+  template: src=perms.sh.j2 dest={{ kimai_root_dir }}/perms.sh mode=755
+  register: kimai_perm_script
+  tags: kimai
+
+- name: Apply permissions
+  command: "{{ kimai_root_dir }}/perms.sh"
+  when: kimai_perm_script.changed or kimai_install_mode != 'none'
+  tags: kimai
+
+- when: kimai_install_mode == 'install'
+  block:
+
+    - name: Init the database
+      command: /bin/php{{ kimai_php_version }} {{ kimai_root_dir }}/app/bin/console kimai:install -n
+
+    - name: Create initial admin user
+      shell: echo {{ kimai_admin_pass | quote }} | /bin/php{{ kimai_php_version }} {{ kimai_root_dir }}/app/bin/console kimai:user:create username {{ kimai_admin_user | quote }} ROLE_SUPER_ADMIN
+
+  become_user: "{{ kimai_php_user }}"
+  tags: kimai
+
+- when: kimai_install_mode == 'upgrade'
+  block:
+
+    - name: Update the database
+      command: /bin/php{{ kimai_php_version }} {{ kimai_root_dir }}/app/bin/console kimai:update -n
+
+    - name: Clear kimai cache
+      command: /bin/php{{ kimai_php_version }} {{ kimai_root_dir }}/app/bin/console kimai:reload --env=prod
+
+  become_user: "{{ kimai_php_user }}"
+  tags: kimai
+
+- name: Setup logrotate
+  template: src=logrotate.conf.j2 dest=/etc/logrotate.d/kimai_{{ kimai_id | string }}
+  tags: kimai

roles/kimai/tasks/directories.yml

@@ -0,0 +1,21 @@
+---
+
+- name: Create directories
+  file: path={{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }}
+  loop:
+    - dir: "{{ kimai_root_dir }}"
+    - dir: "{{ kimai_root_dir }}/app"
+    - dir: "{{ kimai_root_dir }}/tmp"
+      owner: "{{ kimai_php_user }}"
+      mode: 700
+    - dir: "{{ kimai_root_dir }}/sessions"
+      owner: "{{ kimai_php_user }}"
+      mode: 700
+    - dir: "{{ kimai_root_dir }}/meta"
+      mode: 700
+    - dir: "{{ kimai_root_dir }}/backup"
+      mode: 700
+    - dir: "{{ kimai_root_dir }}/data"
+      owner: "{{ kimai_php_user }}"
+      mode: 700
+  tags: kimai

roles/kimai/tasks/facts.yml

@@ -0,0 +1,47 @@
+---
+
+# Load distribution specific variables
+- include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ role_path }}/vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_distribution }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_os_family }}.yml"
+  tags: kimai
+
+# Detect installed version (if any)
+- block:
+    - import_tasks: ../includes/webapps_set_install_mode.yml
+      vars:
+        - root_dir: "{{ kimai_root_dir }}"
+        - version: "{{ kimai_version }}"
+    - set_fact: kimai_install_mode={{ (install_mode == 'upgrade' and not kimai_manage_upgrade) | ternary('none',install_mode) }}
+    - set_fact: kimai_current_version={{ current_version | default('') }}
+  tags: kimai
+
+# Create a random pass for the DB if needed
+- block:
+    - import_tasks: ../includes/get_rand_pass.yml
+      vars:
+        - pass_file: "{{ kimai_root_dir }}/meta/ansible_dbpass"
+    - set_fact: kimai_db_pass={{ rand_pass }}
+  when: kimai_db_pass is not defined
+  tags: kimai
+
+# Create a random app secret if needed
+- block:
+    - import_tasks: ../includes/get_rand_pass.yml
+      vars:
+        - pass_file: "{{ kimai_root_dir }}/meta/ansible_secret_key"
+    - set_fact: kimai_secret_key={{ rand_pass }}
+  when: kimai_secret_key is not defined
+  tags: kimai
+
+# Create a random admin pass if needed
+- block:
+    - import_tasks: ../includes/get_rand_pass.yml
+      vars:
+        - pass_file: "{{ kimai_root_dir }}/meta/ansible_admin_pass"
+    - set_fact: kimai_admin_pass={{ rand_pass }}
+  when: kimai_admin_pass is not defined
+  tags: kimai

roles/kimai/tasks/install.yml

@@ -0,0 +1,84 @@
+---
+
+- name: Install dependencies
+  package: name={{ kimai_packages }}
+  tags: kimai
+
+- when: kimai_install_mode != 'none'
+  block:
+    - name: Download kimai
+      get_url:
+        url: "{{ kimai_archive_url }}"
+        dest: "{{ kimai_root_dir }}/tmp"
+        checksum: sha256:{{ kimai_archive_sha256 }}
+      register: kimai_dl_archive
+      retries: 3
+      delay: 5
+      until: kimai_dl_archive is not failed
+
+    - name: Extract the archive
+      unarchive:
+        src: "{{ kimai_root_dir }}/tmp/kimai2-{{ kimai_version }}.tar.gz"
+        dest: "{{ kimai_root_dir }}/tmp"
+        remote_src: True
+
+    - name: Move kimai to its final dir
+      synchronize:
+        src: "{{ kimai_root_dir }}/tmp/kimai2-{{ kimai_version }}/"
+        dest: "{{ kimai_root_dir }}/app/"
+        delete: True
+        compress: False
+        rsync_opts:
+          - '--exclude=/var'
+      delegate_to: "{{ inventory_hostname }}"
+
+    - name: Populate data directories
+      synchronize:
+        src: "{{ kimai_root_dir }}/tmp/kimai2-{{ kimai_version }}/var/"
+        dest: "{{ kimai_root_dir }}/data/"
+        compress: False
+      delegate_to: "{{ inventory_hostname }}"
+
+    - name: Link data directories
+      file: src={{ kimai_root_dir }}/data dest={{ kimai_root_dir }}/app/var state=link
+
+    - name: Install PHP libs with composer
+      composer:
+        command: install
+        working_dir: "{{ kimai_root_dir }}/app"
+        executable: /bin/php{{ kimai_php_version }}
+
+    - name: Install LDAP auth support
+      composer:
+        command: require
+        arguments: laminas/laminas-ldap
+        working_dir: "{{ kimai_root_dir }}/app"
+
+  environment:
+    php: /bin/php{{ kimai_php_version }}
+  tags: kimai
+
+- import_tasks: ../includes/webapps_create_mysql_db.yml
+  vars:
+    - db_name: "{{ kimai_db_name }}"
+    - db_user: "{{ kimai_db_user }}"
+    - db_server: "{{ kimai_db_server }}"
+    - db_port: "{{ kimai_db_port }}"
+    - db_pass: "{{ kimai_db_pass }}"
+  tags: kimai
+
+- name: Set correct SELinux context
+  sefcontext:
+    target: "{{ kimai_root_dir }}(/.*)?"
+    setype: httpd_sys_content_t
+    state: present
+  when: ansible_selinux.status == 'enabled'
+  tags: kimai
+
+- name: Install pre/post backup hooks
+  template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/kimai_{{ kimai_id }} mode=700
+  loop:
+    - pre
+    - post
+  tags: kimai
+

roles/kimai/tasks/main.yml

@@ -0,0 +1,13 @@
+---
+
+- include: user.yml
+- include: directories.yml
+- include: facts.yml
+- include: archive_pre.yml
+  when: kimai_install_mode == 'upgrade'
+- include: install.yml
+- include: conf.yml
+- include: write_version.yml
+- include: archive_post.yml
+  when: kimai_install_mode == 'upgrade'
+- include: cleanup.yml

roles/kimai/tasks/user.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Create system user account
+  user:
+    name: "{{ kimai_php_user }}"
+    comment: "PHP FPM for kimai {{ kimai_id }}"
+    system: True
+    shell: /sbin/nologin
+    home: "{{ kimai_root_dir }}"
+  tags: kimai

roles/kimai/tasks/write_version.yml

@@ -0,0 +1,5 @@
+---
+
+- name: Write current version
+  copy: content={{ kimai_version }} dest={{ kimai_root_dir }}/meta/ansible_version
+  tags: kimai

roles/kimai/templates/env.j2

@@ -0,0 +1,10 @@
+# for MySQL "serverVersion=5.7" and for MariaDB "serverVersion=mariadb-10.5.8"
+DATABASE_URL=mysql://{{ kimai_db_user }}:{{ kimai_db_pass | urlencode | regex_replace('/','%2F') }}@{{ kimai_db_server }}:{{ kimai_db_port }}/{{ kimai_db_name }}?charset=utf8&serverVersion=mariadb-10.5.8
+MAILER_FROM=kimai-no-replay@{{ ansible_domain }}
+MAILER_URL=smtp://localhost:25?encryption=&auth_mode=
+APP_ENV=prod
+APP_SECRET={{ kimai_secret_key }}
+CORS_ALLOW_ORIGIN=^https?://localhost(:[0-9]+)?$
+{% if kimai_src_ip is defined and kimai_src_ip | length > 0 %}
+TRUSTED_PROXIES={{ kimai_src_ip | join(',') }}
+{% endif %}

roles/kimai/templates/httpd.conf.j2

@@ -0,0 +1,31 @@
+{% if kimai_web_alias is defined and kimai_web_alias != False %}
+Alias /{{ kimai_web_alias | regex_replace('^/','') }} {{ kimai_root_dir }}/app/public
+{% else %}
+# No alias defined, create a vhost to access it
+{% endif %}
+
+<Directory {{ kimai_root_dir }}/app/public>
+  AllowOverride All
+  Options FollowSymLinks
+{% if kimai_src_ip is defined and kimai_src_ip | length > 0 %}
+  Require ip {{ kimai_src_ip | join(' ') }}
+{% else %}
+  Require all granted
+{% endif %}
+  <FilesMatch \.php$>
+    SetHandler "proxy:unix:/run/php-fpm/{{ kimai_php_fpm_pool | default('kimai_' + kimai_id | string) }}.sock|fcgi://localhost"
+  </FilesMatch>
+
+  RewriteEngine On
+
+  FallbackResource /index.php
+
+  <FilesMatch "(\.git.*)">
+    Require all denied
+  </FilesMatch>
+
+</Directory>
+
+<Directory {{ kimai_root_dir }}/public/bundles>
+  FallbackResource disabled
+</Directory>

roles/kimai/templates/local.yaml.j2

@@ -0,0 +1 @@
+{{ kimai_settings | to_nice_yaml(indent=4) }}    

roles/kimai/templates/logrotate.conf.j2

@@ -0,0 +1,7 @@
+{{ kimai_root_dir }}/data/log/*.log {
+  daily
+  rotate 90
+  compress
+  missingok
+  su {{ kimai_php_user }} {{ kimai_php_user }}
+}

roles/kimai/templates/perms.sh.j2

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+set -eo pipefail
+
+restorecon -R {{ kimai_root_dir }}
+chown root:root {{ kimai_root_dir }}
+chown -R root:root {{ kimai_root_dir }}/app/
+chmod 755 {{ kimai_root_dir }}
+setfacl -R -k -b {{ kimai_root_dir }}
+setfacl -m u:{{ kimai_php_user | default('apache') }}:rx,u:{{ httpd_user | default('apache') }}:x {{ kimai_root_dir }}
+find {{ kimai_root_dir }}/app -type f -exec chmod 644 "{}" \; -type d -exec chmod 755 "{}" \;
+chown root:{{ kimai_php_user }} {{ kimai_root_dir }}/app/.env {{ kimai_root_dir }}/app/config/packages/local.yaml
+chmod 640 {{ kimai_root_dir }}/app/.env {{ kimai_root_dir }}/app/config/packages/local.yaml
+chown -R {{ kimai_php_user }} {{ kimai_root_dir }}/data
+chmod 700 {{ kimai_root_dir }}/data
+setfacl -R -m u:{{ httpd_user | default('apache') }}:rX {{ kimai_root_dir }}/app/public
+find {{ kimai_root_dir }} -name .htaccess -exec chmod 644 "{}" \;
+

roles/kimai/templates/php.conf.j2

@@ -0,0 +1,35 @@
+[kimai_{{ kimai_id }}]
+
+listen.owner = root
+listen.group = apache
+listen.mode = 0660
+listen = /run/php-fpm/kimai_{{ kimai_id }}.sock
+user = {{ kimai_php_user }}
+group = {{ kimai_php_user }}
+catch_workers_output = yes
+
+pm = dynamic
+pm.max_children = 15
+pm.start_servers = 3
+pm.min_spare_servers = 3
+pm.max_spare_servers = 6
+pm.max_requests = 5000
+request_terminate_timeout = 5m
+
+php_flag[display_errors] = off
+php_admin_flag[log_errors] = on
+php_admin_value[error_log] = syslog
+php_admin_value[memory_limit] = 256M
+php_admin_value[session.save_path] = {{ kimai_root_dir }}/sessions
+php_admin_value[upload_tmp_dir] = {{ kimai_root_dir }}/tmp
+php_admin_value[sys_temp_dir] = {{ kimai_root_dir }}/tmp
+php_admin_value[post_max_size] = 100M
+php_admin_value[upload_max_filesize] = 100M
+php_admin_value[disable_functions] = system, show_source, symlink, exec, dl, shell_exec, passthru, escapeshellarg, escapeshellcmd
+php_admin_value[open_basedir] = {{ kimai_root_dir }}:/usr/share/pear/:/usr/share/php/
+php_admin_value[max_execution_time] = 60
+php_admin_value[max_input_time] = 60
+php_admin_flag[allow_url_include] = off
+php_admin_flag[allow_url_fopen] = off
+php_admin_flag[file_uploads] = on
+php_admin_flag[session.cookie_httponly] = on

roles/kimai/templates/post-backup.j2

@@ -0,0 +1,4 @@
+#!/bin/bash -e
+
+rm -f {{ kimai_root_dir }}/backup/*.sql.zst
+

roles/kimai/templates/pre-backup.j2

@@ -0,0 +1,13 @@
+#!/bin/sh
+set -eo pipefail
+
+/usr/bin/mysqldump \
+{% if kimai_db_server not in ['localhost','127.0.0.1'] %}
+  --user={{ kimai_db_user | quote }} \
+  --password={{ kimai_db_pass | quote }} \
+  --host={{ kimai_db_server | quote }} \
+  --port={{ kimai_db_port | quote }} \
+{% endif %}
+  --quick --single-transaction \
+  --add-drop-table {{ kimai_db_name | quote }} | zstd -c > {{ kimai_root_dir }}/backup/{{ kimai_db_name }}.sql.zst
+

roles/kimai/vars/RedHat-8.yml

@@ -0,0 +1,9 @@
+---
+
+kimai_packages:
+  - mariadb
+  - tar
+  - rsync
+  - acl
+  - zstd
+  - git