kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-30 07:18:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

Refactor websocket and Taiga variables

Browse Source 
- Introduce WEBSOCKET_PROTOCOL derived from WEB_PROTOCOL (wss if https, else ws).
- Replace hardcoded websocket URLs in EspoCRM, Nextcloud and Taiga with {{ WEBSOCKET_PROTOCOL }}.
- Fix mautrix-imessage to use ws:// for internal synapse:8008.
- Standardize Pixelfed OIDC env spacing.
- Refactor Taiga variables to TAIGA_* naming convention and clean up EMAIL_BACKEND definition.

See: https://chatgpt.com/share/68af62fa-4dcc-800f-9aaf-cff746daab1e
This commit is contained in:
Kevin Veen-Birkenbach
2025-08-27 21:57:04 +02:00
parent c6cd6430bb
commit 12a267827d
11 changed files with 53 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
roles/web-app-taiga/schema/main.yml
View File

@@ -1,5 +1,5 @@
credentials:
secret_key:
description: "Django SECRET_KEY used for cryptographic signing in Taiga"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"
description: "Django SECRET_KEY used for cryptographic signing in Taiga"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"

8
roles/web-app-taiga/tasks/main.yml
View File

@@ -3,17 +3,17 @@
include_role:
name: cmp-db-docker-proxy
- name: "copy templates {{ settings_files }} for taiga-contrib-oidc-auth"
- name: "copy templates {{ TAIGA_SETTING_FILES }} for taiga-contrib-oidc-auth"
template:
src: "taiga/{{item}}.py.j2"
dest: "{{ docker_compose.directories.config }}taiga-{{item}}.py"
when: applications | get_app_conf(application_id, 'features.oidc', True) and applications | get_app_conf(application_id, 'oidc.flavor', True) == 'taigaio'
notify: docker compose up
loop: "{{ settings_files }}"
loop: "{{ TAIGA_SETTING_FILES }}"
- name: "create {{docker_compose_init}}"
- name: "create {{ TAIGA_DOCKER_COMPOSE_INIT }}"
template:
src: "docker-compose-inits.yml.j2"
dest: "{{docker_compose_init}}"
dest: "{{ TAIGA_DOCKER_COMPOSE_INIT }}"
notify: docker compose up

10
roles/web-app-taiga/templates/docker-compose.yml.j2
View File

@@ -2,7 +2,7 @@
taiga-back:
{% include 'roles/docker-container/templates/base.yml.j2' %}
image: "{{taiga_image_backend}}:{{ taiga_version }}"
image: "{{ TAIGA_DOCKER_IMAGE_BACKEND }}:{{ TAIGA_VERSION }}"
volumes:
# These volumens will be used by taiga-back and taiga-async.
- static-data:/taiga-back/static
@@ -34,7 +34,7 @@
taiga-async:
{% include 'roles/docker-container/templates/base.yml.j2' %}
image: "{{taiga_image_backend}}:{{ taiga_version }}"
image: "{{ TAIGA_DOCKER_IMAGE_BACKEND }}:{{ TAIGA_VERSION }}"
entrypoint: ["/taiga-back/docker/async_entrypoint.sh"]
volumes:
# These volumens will be used by taiga-back and taiga-async.
@@ -44,7 +44,7 @@
{% if applications | get_app_conf(application_id, 'features.oidc', False) and applications | get_app_conf(application_id, 'oidc.flavor', True) == 'taigaio' %}
{% for item in settings_files %}
{% for item in TAIGA_SETTING_FILES %}
- {{ docker_compose.directories.config }}taiga-{{ item }}.py:/taiga-back/settings/{{ item }}.py:ro
{% endfor %}
@@ -76,12 +76,12 @@
taiga:
taiga-front:
image: "{{taiga_image_frontend}}:{{ taiga_version }}"
image: "{{TAIGA_DOCKER_IMAGE_FRONTEND}}:{{ TAIGA_VERSION }}"
{% include 'roles/docker-container/templates/base.yml.j2' %}
{% include 'roles/docker-container/templates/networks.yml.j2' %}
taiga:
# volumes:
# - {{ taiga_frontend_conf_path }}:/usr/share/nginx/html/conf.json:ro
# - {{ TAIGA_FRONTEND_CONF_PATH }}:/usr/share/nginx/html/conf.json:ro
taiga-events:
image: taigaio/taiga-events:latest

33
roles/web-app-taiga/templates/env.j2
View File

@@ -1,13 +1,13 @@
# Taiga's URLs - Variables to define where Taiga should be served
TAIGA_SITES_SCHEME = https # serve Taiga using "http" or "https" (secured) connection
TAIGA_SITES_SCHEME = {{ WEB_PROTOCOL }} # serve Taiga using "http" or "https" (secured) connection
TAIGA_SITES_DOMAIN = "{{ domains | get_domain(application_id) }}" # Taiga's base URL
TAIGA_SUBPATH = "" # it'll be appended to the TAIGA_DOMAIN (use either "" or a "/subpath")
WEBSOCKETS_SCHEME = wss # events connection protocol (use either "ws" or "wss")
WEBSOCKETS_SCHEME = {{ WEBSOCKET_PROTOCOL }} # events connection protocol (use either "ws" or "wss")
# Taiga's Secret Key - Variable to provide cryptographic signing
TAIGA_SECRET_KEY = "{{applications | get_app_conf(application_id, 'credentials.secret_key', True)}}"
SECRET_KEY = "{{applications | get_app_conf(application_id, 'credentials.secret_key', True)}}"
TAIGA_SECRET_KEY = "{{ applications | get_app_conf(application_id, 'credentials.secret_key') }}"
SECRET_KEY = "{{ applications | get_app_conf(application_id, 'credentials.secret_key') }}"
# Taiga's Database settings - Variables to create the Taiga database and connect to it
POSTGRES_USER = "{{ database_username }}" # user to connect to PostgreSQL
@@ -16,18 +16,17 @@ POSTGRES_DB = "{{ database_name }}"
POSTGRES_HOST = "{{ database_host }}"
# Taiga's SMTP settings - Variables to send Taiga's emails to the users
EMAIL_BACKEND = "{{email_backend}}" # use an SMTP server or display the emails in the console (either "smtp" or "console")
EMAIL_HOST = "{{ SYSTEM_EMAIL.HOST }}" # SMTP server address
EMAIL_PORT = "{{ SYSTEM_EMAIL.PORT }}" # default SMTP port
EMAIL_HOST_USER = "{{ users['no-reply'].email }}" # user to connect the SMTP server
EMAIL_HOST_PASSWORD = "{{ users['no-reply'].mailu_token }}" # SMTP user's password
EMAIL_DEFAULT_FROM = "{{ users['no-reply'].email }}" # default email address for the automated emails
EMAIL_BACKEND: = "django.core.mail.backends.{{email_backend}}.EmailBackend"
EMAIL_BACKEND = "{{ TAIGA_EMAIL_BACKEND }}" # use an SMTP server or display the emails in the console (either "smtp" or "console")
EMAIL_HOST = "{{ SYSTEM_EMAIL.HOST }}" # SMTP server address
EMAIL_PORT = "{{ SYSTEM_EMAIL.PORT }}" # default SMTP port
EMAIL_HOST_USER = "{{ users['no-reply'].email }}" # user to connect the SMTP server
EMAIL_HOST_PASSWORD = "{{ users['no-reply'].mailu_token }}" # SMTP user's password
EMAIL_DEFAULT_FROM = "{{ users['no-reply'].email }}" # default email address for the automated emails
DEFAULT_FROM_EMAIL = "{{ users['no-reply'].email }}"
# EMAIL_USE_TLS/EMAIL_USE_SSL are mutually exclusive (only set one of those to True)
EMAIL_USE_TLS = "{{ SYSTEM_EMAIL.TLS | capitalize }}" # use TLS (secure) connection with the SMTP server
EMAIL_USE_SSL = "{{ 'False' if SYSTEM_EMAIL.START_TLS else 'True' }}" # use implicit TLS (secure) connection with the SMTP server
EMAIL_USE_TLS = "{{ SYSTEM_EMAIL.TLS | capitalize }}" # use TLS (secure) connection with the SMTP server
EMAIL_USE_SSL = "{{ 'False' if SYSTEM_EMAIL.START_TLS else 'True' }}" # use implicit TLS (secure) connection with the SMTP server
RABBITMQ_USER=taiga
RABBITMQ_PASS=taiga
@@ -49,7 +48,7 @@ ENABLE_TELEMETRY = True
{% if applications | get_app_conf(application_id, 'features.oidc', False) %}
{% if applications | get_app_conf(application_id, 'oidc.flavor', True) == 'taigaio' %}
{% if applications | get_app_conf(application_id, 'oidc.flavor') == 'taigaio' %}
# OIDC via taigaio official contrib
# @See https://github.com/taigaio/taiga-contrib-oidc-auth
@@ -65,14 +64,14 @@ OIDC_OP_JWKS_ENDPOINT="{{ OIDC.CLIENT.CERTS }}"
{% endif %}
{% if applications | get_app_conf(application_id, 'oidc.flavor', True) == 'robrotheram' %}
{% if TAIGA_FLAVOR_ROBROTHERAM %}
# OIDC via robrotheram
# @see https://github.com/robrotheram/taiga-contrib-openid-auth
ENABLE_OPENID=True
OPENID_URL="{{ OIDC.CLIENT.AUTHORIZE_URL }}"
OPENID_USER_URL="{{OIDC.CLIENT.USER_INFO_URL}}"
OPENID_TOKEN_URL="{{OIDC.CLIENT.TOKEN_URL}}"
OPENID_USER_URL="{{ OIDC.CLIENT.USER_INFO_URL }}"
OPENID_TOKEN_URL="{{ OIDC.CLIENT.TOKEN_URL }}"
OPENID_CLIENT_ID="{{ OIDC.CLIENT.ID }}"
OPENID_CLIENT_SECRET="{{ OIDC.CLIENT.SECRET }}"
OPENID_NAME="{{ OIDC.BUTTON_TEXT }}"

28
roles/web-app-taiga/vars/main.yml
View File

@@ -1,18 +1,22 @@
# General
application_id: "web-app-taiga"
database_type: "postgres"
# Docker
docker_repository_address: "https://github.com/taigaio/taiga-docker"
email_backend: "smtp" ## use an SMTP server or display the emails in the console (either "smtp" or "console")
docker_compose_init: "{{ docker_compose.directories.instance }}docker-compose-inits.yml.j2"
taiga_image_backend: >-
{{ 'robrotheram/taiga-back-openid' if applications | get_app_conf(application_id, 'features.oidc', True) and applications | get_app_conf(application_id, 'oidc.flavor', True) == 'robrotheram'
else 'taigaio/taiga-back' }}
taiga_image_frontend: >-
{{ 'robrotheram/taiga-front-openid' if applications | get_app_conf(application_id, 'features.oidc', True) and applications | get_app_conf(application_id, 'oidc.flavor', True) == 'robrotheram'
else 'taigaio/taiga-front' }}
taiga_frontend_conf_path: "{{docker_compose.directories.config}}conf.json"
docker_pull_git_repository: true
settings_files:
docker_pull_git_repository: true
# Taiga
TAIGA_OIDC_ENABLED: "{{ applications | get_app_conf(application_id, 'features.oidc') }}"
TAIGA_FLAVOR_ROBROTHERAM: "{{ applications | get_app_conf(application_id, 'oidc.flavor') == 'robrotheram' }}"
TAIGA_ROBROTHERAM_ENABLED: "{{ TAIGA_OIDC_ENABLED and TAIGA_FLAVOR_ROBROTHERAM }}"
TAIGA_EMAIL_BACKEND: "{{ 'smtp' if SYSTEM_EMAIL.SMTP else 'console' }}" ## use an SMTP server or display the emails in the console (either "smtp" or "console")
TAIGA_DOCKER_COMPOSE_INIT: "{{ [ docker_compose.directories.instance,'docker-compose-inits.yml.j2' ] | path_join }}"
TAIGA_DOCKER_IMAGE_BACKEND: "{{ 'robrotheram/taiga-back-openid' if TAIGA_ROBROTHERAM_ENABLED else 'taigaio/taiga-back' }}"
TAIGA_DOCKER_IMAGE_FRONTEND: "{{ 'robrotheram/taiga-front-openid' if TAIGA_ROBROTHERAM_ENABLED else 'taigaio/taiga-front' }}"
TAIGA_FRONTEND_CONF_PATH: "{{ [ docker_compose.directories.config,'conf.json' ] | path_join }}"
TAIGA_SETTING_FILES:
- urls
- local
taiga_version: "{{ applications | get_app_conf(application_id, 'docker.services.taiga.version', True) }}"
TAIGA_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.taiga.version') }}"