* **Зависимости**
<code bash>
apt install software-properties-common -y
apt-add-repository contrib
apt update
apt install gnupg2 sudo ttf-mscorefonts-installer fontconfig -y
fc-cache -fv
</code>
<code bash>
wget http://ftp.de.debian.org/debian/pool/main/e/enchant/libenchant1c2a_1.6.0-11.1+b1_amd64.deb
dpkg -i libenchant1c2a_1.6.0-11.1+b1_amd64.deb
apt --fix-broken install -y
</code>

  * **1c**
<code bash>
tar xvfz server64_8.3.22.2143.tar.gz
./setup-full-8.3.22.2143-x86_64.run --mode unattended --enable-components server,ws,server_admin,liberica_jre,ru
chown -R usr1cv8:grp1cv8 /opt/1cv8/
ln -f /opt/1cv8/x86_64/8.3.22.2143/srv1cv8-8.3.22.2143@.service /etc/systemd/system/srv1cv8.service
sed -i 's/^Environment=SRV1CV8_KEYTAB=.*/Environment=SRV1CV8_KEYTAB=\/opt\/1cv8\/conf\/usr1cv8.keytab/g' /etc/systemd/system/srv1cv8.service
systemctl daemon-reload
systemctl enable srv1cv8.service
systemctl start srv1cv8
systemctl status srv1cv8
</code>

  * **i386**
<code bash>
dpkg --add-architecture i386
apt update
apt install unixodbc:i386 imagemagick:i386 liblcms2-2:i386
wget http://ftp.de.debian.org/debian/pool/main/e/enchant/libenchant1c2a_1.6.0-11.1+b1_i386.deb
dpkg -i libenchant1c2a_1.6
apt --fix-broken install -y

</code>

  * **Postgresql 1C**
<code bash> cd ~
 wget http://repo.postgrespro.ru/keys/GPG-KEY-POSTGRESPRO
 apt-key add GPG-KEY-POSTGRESPRO
 echo deb https://repo.postgrespro.ru/pg1c-14/debian bullseye main > /etc/apt/sources.list.d/postgrespro.list
 apt update
 apt install postgrespro-1c-14-server -y</code>

<code bash> /opt/pgpro/1c-14/bin/pg-wrapper links update
 pg-setup initdb
 systemctl enable postgrespro-1c-14
 systemctl start postgrespro-1c-14
 systemctl status postgrespro-1c-14</code>

<code bash> sudo -u postgres psql postgres
 \password postgres
 \quit</code>
nano /var/lib/pgpro/1c-14/data/pg_hba.conf
 host all all 0.0.0.0/0 md5

<!--
nano /var/lib/pgpro/1c-14/data/postgresql.conf
<code>
listen_addresses = '*'                  # what IP address(es) to listen on;
max_connections = 500                   # (change requires restart)
shared_buffers = 4GB                    # min 128kB
temp_buffers = 256MB                    # min 800kB
work_mem = 512MB                        # min 64kB
maintenance_work_mem = 1024MB           # min 1MB
dynamic_shared_memory_type = posix      # the default is the first option
bgwriter_lru_maxpages = 400             # max buffers written/round, 0 disables
bgwriter_lru_multiplier = 4.0           # 0-10.0 multiplier on buffers scanned/round
effective_io_concurrency = 2            # 1-1000; 0 disables prefetching
synchronous_commit = off                # synchronization level;
commit_delay = 1000                     # range 0-100000, in microseconds
commit_siblings = 5                     # range 1-1000
max_wal_size = 4GB
min_wal_size = 2GB
checkpoint_completion_target = 0.9      # checkpoint target duration, 0.0 - 1.0
random_page_cost = 1.3                  # same scale as above
effective_cache_size = 8GB
logging_collector = off # Enable capturing of stderr and csvlog
log_timezone = 'Europe/Moscow'
autovacuum = on                         # Enable autovacuum subprocess?  'on'
autovacuum_max_workers = 4              # max number of autovacuum subprocesses
autovacuum_naptime = 20s                # time between autovacuum runs
row_security = off
datestyle = 'iso, dmy'
timezone = 'Europe/Moscow'
lc_messages = 'ru_RU.UTF-8'                     # locale for system error message
lc_monetary = 'ru_RU.UTF-8'                     # locale for monetary formatting
lc_numeric = 'ru_RU.UTF-8'                      # locale for number formatting
lc_time = 'ru_RU.UTF-8'                         # locale for time formatting
default_text_search_config = 'pg_catalog.russian'
max_locks_per_transaction = 256         # min 10
escape_string_warning = off
standard_conforming_strings = off
</code>
-->

 systemctl restart postgrespro-1c-14

* '''samba'''
 apt install samba winbind krb5-config libnss-winbind acl krb5-user -y
 systemctl enable --now {smbd,nmbd}
 
<code>
cat << EOF > /etc/krb5.conf
[libdefaults]
 default_realm = AUGIN.RU

 kdc_timesync = 1
 ccache_type = 4
 forwardable = true
 proxiable = true

[realms]
 DC1.AUGIN.RU = {
  kdc = dc1.augin.ru
  admin_server = dc1.augin.ru
 }

 AUGIN.RU = {
  kdc = dc1.augin.ru
 }

[domain_realm]
 dc1.augin.ru = DC1.AUGIN.RU
 .dc1.augin.ru = DC1.AUGIN.RU
EOF
</code>

<code>
cat << EOF > /etc/samba/smb.conf
[global]
   workgroup = AUGIN
   security = ads

   kerberos method = secrets and keytab
   realm = AUGIN.RU
   winbind use default domain = true
   winbind enum groups = Yes
   winbind enum users = Yes
   password server = dc1.augin.ru
   idmap config * : range = 16777216-33554431
   idmap config * : backend = autorid
   template homedir = /home/%U
   template shell = /sbin/nologin
   winbind offline logon = false

   vfs objects = acl_xattr
   map acl inherit = Yes
   store dos attributes = Yes

[exchange$]
comment = exchange folder
path = /home/exchange
public = yes
writable = yes
EOF
mkdir /home/exchange
</code>
nano /etc/nsswitch.conf
<code>
passwd:         files systemd winbind
group:          files systemd winbind
...
</code>
 net ads join -U Administrator 
 systemctl restart smbd nmbd winbind
 wbinfo -u
 setfacl -R -m g:"domain admins":rwx /home
 setfacl -R -d -m g:"domain admins":rwx /home


* '''авторизация AD'''
<code bash>PowerShell
 Invoke-Command -ComputerName dc1 -ScriptBlock {ktpass -kvno 12 -ptype KRB5_NT_PRINCIPAL -princ usr1cv8/s1c.augin.ru@AUGIN.RU -mapuser l1cuser -pass PaSwOrD(l1cuser) -out \\s1c\home$\usr1cv8.keytab}
</code>
<code bash> cp /home/usr1cv8.keytab /opt/1cv8/conf/usr1cv8.keytab
 chown usr1cv8:grp1cv8 /opt/1cv8/conf/usr1cv8.keytab
 chmod 600 /opt/1cv8/conf/usr1cv8.keytab
 sed -i 's/^Environment=SRV1CV8_KEYTAB=.*/Environment=SRV1CV8_KEYTAB=\/opt\/1cv8\/conf\/usr1cv8.keytab/g' /etc/systemd/system/srv1cv8.service
 systemctl daemon-reload
 systemctl restart srv1cv8.service
</code>
* '''WEB'''
<code bash> apt install apache2 -y
 apt install php php-common php-pgsql php-gd php-xml php-mbstring php-fpm -y
 systemctl enable apache2 --now
 a2enmod proxy_fcgi setenvif
 a2enconf php7.4-fpm
 systemctl restart apache2 php7.4-fpm
 wget https://github.com/vrana/adminer/releases/download/v4.7.6/adminer-4.7.6.php -O /var/www/html/index.php
</code>
<code bash> mkdir /var/www/html/dengi/
 /opt/1cv8/x86_64/8.3.22.1709/webinst -apache24 -wsdir dengi -dir '/var/www/html/dengi' -connStr 'Srvr="s1c.augin.ru";Ref="dengi";' -confPath /etc/apache2/apache2.conf
 systemctl restart apache2
</code>
* lic
<code bash> wget https://cloud.augin.ru/s/2pndNgk4dLYQBji/download/Dumps.zip
 wget https://cloud.augin.ru/s/3wc2XbXqWbErxjA/download/install_hasp_Debian_11.sh
 chmod +x install_hasp_Debian_11.sh
 ./install_hasp_Debian_11.sh
 apt install libc6-i386 -y
 wget https://cloud.augin.ru/s/ifP5KKKFDGXWmp7/download/haspd_7.90-eter2ubuntu_amd64.deb
 dpkg -i haspd_7.90-eter2ubuntu_amd64.deb
</code>
* '''backup'''

<code>
cat << EOF > /opt/backup.sh
#!/bin/bash

SERVER=bs
BAK_DIR="/mnt/disk1/sql_bases/s1c-x"
DATE=\`date +%d.%m.%Y-%H%M\`
RECENT=7

ssh root@\$SERVER "mkdir \$BAK_DIR/\$DATE"

for base in \`su -l postgres -c "psql -U postgres -Aqt -c 'select datname from pg_database;'"\`
do
su -l postgres -c "pg_dump \$base" | gzip > /var/lib/pgpro/bak/\$base.sql.gz
scp "/var/lib/pgpro/bak/\$base.sql.gz" "root@\$SERVER:\$BAK_DIR/\$DATE/\$base.sql.gz"
done

x=1  
for i in \`ssh root@\$SERVER -C "ls -t \$BAK_DIR"\`
        do
          if [ \$x -le \$RECENT ]
                then
                ((x++))
                continue
          fi
        ssh root@\$SERVER -C "rm -rf \$BAK_DIR/\$i"
done
EOF
chmod +x /opt/backup.sh
mkdir /var/lib/pgpro/bak/

cat << EOF > /etc/cron.d/backup-postgresql
# backup postgres
0 1 * * * root /opt/backup.sh
EOF

cat << EOF > /opt/restore.sh
su postgres -c "psql -c 'DROP DATABASE pg_base_name;'"
su postgres -c "psql -c 'CREATE DATABASE pg_base_name;'"
su postgres -c "gunzip -c pg_base_name.sql.gz | psql pg_base_name"
EOF

ssh-copy-id root@bs
</code>

* '''Создание информационной базы'''
 su usr1cv8 -c "/opt/1cv8/x86_64/8.3.22.1704/ras cluster --daemon"
 su usr1cv8 -c "/opt/1cv8/x86_64/8.3.22.1704/rac cluster list"
   cluster                       : 1fc5b766-b120-44e1-8982-245b7458830a
 su usr1cv8 -c "/opt/1cv8/x86_64/8.3.22.1704/rac infobase --cluster=1fc5b766-b120-44e1-8982-245b7458830a create --create-database --name=dengi --dbms=PostgreSQL --db-server=s1c --db-name=dengi --locale=ru_RU --db-user=postgres --db-pwd='password' --license-distribution=allow"
   infobase : bed93d44-3e5d-4c3e-80a2-f681a14c24f2
 su usr1cv8 -c "/opt/1cv8/x86_64/8.3.22.1704/rac infobase --cluster=1fc5b766-b120-44e1-8982-245b7458830a summary list"
 
 /opt/1C/v8.3/x86_64/rac infobase --cluster=47e454ce-622f-13e8-548b-005c293a22e1 drop --infobase=356332f4-62a8-11e9-1d97-003c254a22e1 --infobase-user=admin --infobase-pwd='alks76dg(h323)qw' --drop-database