kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-04-28 10:26:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Cleaned up OIDC für taiga draft

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-04-06 21:38:15 +02:00
parent a9c25a28c6
commit 0eaaa73e23
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
10 changed files with 26 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
group_vars/all/11_iam.yml
View File

@ -23,7 +23,7 @@ defaults_oidc:
user_info_url: "{{_oidc_client_issuer_url}}/protocol/openid-connect/userinfo" # Endpoint to retrieve user information
logout_url: "{{_oidc_client_issuer_url}}/protocol/openid-connect/logout" # Endpoint to log out the user
change_credentials: "{{_oidc_client_issuer_url}}account/account-security/signing-in" # URL for managing or changing user credentials
button_text: "SSO Login({{primary_domain | upper}})" # Default button text
#############################################
### LDAP ###
#############################################

1
roles/docker-bigbluebutton/templates/env.j2
View File

@ -294,4 +294,5 @@ OPENID_CONNECT_CLIENT_ID={{oidc.client.id}}
OPENID_CONNECT_CLIENT_SECRET={{oidc.client.secret}}
OPENID_CONNECT_ISSUER={{oidc.client.issuer_url}}
OPENID_CONNECT_REDIRECT=https://{{domains[application_id]}}
# OPENID_CONNECT_UID_FIELD=sub default
{% endif %}

2
roles/docker-mastodon/templates/env.j2
View File

@ -60,7 +60,7 @@ SMTP_FROM_ADDRESS=Mastodon <{{system_email.from}}>
# @see https://stackoverflow.com/questions/72081776/how-mastodon-configured-login-using-sso
OIDC_ENABLED={{ applications[application_id].oidc.enabled | string | lower }}
OIDC_DISPLAY_NAME="{{primary_domain | upper}} SSO"
OIDC_DISPLAY_NAME="{{oidc.button_text}}"
OIDC_ISSUER={{oidc.client.issuer_url}}
OIDC_DISCOVERY=true
OIDC_SCOPE="openid,profile,email"

2
roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2
View File

@ -49,7 +49,7 @@ email:
# @See https://matrix-org.github.io/synapse/latest/openid.html
oidc_providers:
- idp_id: keycloak
idp_name: "{{primary_domain | upper}} SSO"
idp_name: "{{oidc.button_text}}"
issuer: "{{oidc.client.issuer_url}}"
client_id: "{{oidc.client.id}}"
client_secret: "{{oidc.client.secret}}"

2
roles/docker-nextcloud/templates/config/oidc.config.php.j2
View File

@ -36,7 +36,7 @@ return array (
'oidc_login_default_quota' => '{{applications[application_id].default_quota}}',
// Login button text
'oidc_login_button_text' => 'Log in with OpenID',
'oidc_login_button_text' => '{{oidc.button_text}}',
// Hide the NextCloud password change form.
'oidc_login_hide_password_form' => true,

15
roles/docker-taiga/Development.md Normal file
View File

@ -0,0 +1,15 @@
# Development
## Build front container
```bash
docker compose up -d --force-recreate taiga-front
```
## Debug
Verify front configuration:
```bash
docker compose exec -it taiga-front cat /usr/share/nginx/html/conf.json
```

2
roles/docker-taiga/README.md
View File

@ -34,7 +34,7 @@ By using this role, teams can set up Taiga in minutes on Arch Linux systems —
## Features
- 🐳 **Docker-Based Deployment:** Easy containerized setup of backend, frontend, async workers, and events service.
- 🛡️ **OIDC Support:** Seamless login integration with providers like Keycloak when `applications[application_id].oidc.enabled` is `true`.
- 🔐 **OIDC (Single Sign-On):** Supported via [taiga-contrib-openid-auth (robrotheram)](https://github.com/robrotheram/taiga-contrib-openid-auth)
- 📨 **Email Backend:** Supports SMTP and console backends for development.
- 🔁 **Async & Realtime Events:** Includes RabbitMQ and support for Taigas event system.
- 🌐 **Reverse Proxy Ready:** Integrates with Nginx using the `nginx-domain-setup` role.

4
roles/docker-taiga/templates/docker-compose.yml.j2
View File

@ -47,8 +47,8 @@ services:
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
{% include 'templates/docker/container/networks.yml.j2' %}
taiga:
# volumes:
# - ./conf.json:/usr/share/nginx/html/conf.json
# volumes:
# - {{ taiga_frontend_conf_path }}:/usr/share/nginx/html/conf.json:ro
taiga-events:
image: taigaio/taiga-events:latest

2
roles/docker-taiga/templates/env.j2
View File

@ -56,7 +56,7 @@ OPENID_USER_URL="{{oidc.client.user_info_url}}"
OPENID_TOKEN_URL="{{oidc.client.token_url}}"
OPENID_CLIENT_ID="{{oidc.client.id}}"
OPENID_CLIENT_SECRET="{{oidc.client.secret}}"
OPENID_NAME="SSO"
OPENID_NAME="{{oidc.button_text}}"
# Default Values
#
# OPENID_ID_FIELD="sub"

1
roles/docker-taiga/vars/main.yml
View File

@ -6,3 +6,4 @@ email_backend: "smtp" ## use a
docker_compose_init: "{{docker_compose.directories.instance}}docker-compose-inits.yml.j2"
taiga_image_backend: "{{ 'robrotheram/taiga-back-openid' if applications[application_id].oidc.enabled else 'taigaio/taiga-back' }}"
taiga_image_frontend: "{{ 'robrotheram/taiga-front-openid' if applications[application_id].oidc.enabled else 'taigaio/taiga-front' }}"
taiga_frontend_conf_path: "{{docker_compose.directories.conf}}conf.json"