web-app-taiga: add manage/init flow and idempotent admin bootstrap; fix OIDC config and env quoting

config/main.yml: convert oidc from empty mapping to block; indent flavor under oidc; enable javascript feature. tasks/main.yml: use path_join for taiga settings; create docker-compose-inits via TAIGA_DOCKER_COMPOSE_INIT_PATH; flush handlers; add idempotent createsuperuser via taiga-manage with async/poll and masked logs. templates/docker-compose-inits.yml.j2: include compose/container base to inherit env and project settings. templates/env.j2: quote WEB_PROTOCOL and WEBSOCKET_PROTOCOL. templates/javascript.js.j2: add SSO warning include. users/main.yml: add administrator email stub. vars/main.yml: add js_application_name; restructure OIDC flavor flags; add compose PATH vars; expose TAIGA_SUPERUSER_* vars. Chat reference: https://chatgpt.com/share/68af7637-225c-800f-b670-2b948f5dea54
2025-10-31 02:10:05 +00:00 · 2025-08-27 23:19:42 +02:00
parent 707a3fc1d0
commit 1401779a9d
7 changed files with 61 additions and 24 deletions
--- a/roles/web-app-taiga/tasks/main.yml
+++ b/roles/web-app-taiga/tasks/main.yml
@@ -2,18 +2,46 @@
 - name: "load docker, db and proxy for {{ application_id }}"
  include_role: 
    name: cmp-db-docker-proxy
+  vars:
+    docker_compose_flush_handlers: false

 - name: "copy templates {{ TAIGA_SETTING_FILES }} for taiga-contrib-oidc-auth"
  template:
    src:  "taiga/{{item}}.py.j2"
-    dest: "{{ docker_compose.directories.config }}taiga-{{item}}.py"
+    dest: "{{ [ docker_compose.directories.config, 'taiga-' ~ item ~ '.py'] | path_join }}"
  when:   TAIGA_TAIGAIO_ENABLED | bool
  notify: docker compose up
  loop:   "{{ TAIGA_SETTING_FILES }}"

- name: "create {{ TAIGA_DOCKER_COMPOSE_INIT }}"
+- name: "create {{ TAIGA_DOCKER_COMPOSE_INIT_PATH }}"
  template:
    src:  "docker-compose-inits.yml.j2"
-    dest:  "{{ TAIGA_DOCKER_COMPOSE_INIT }}"
+    dest:  "{{ TAIGA_DOCKER_COMPOSE_INIT_PATH }}"
  notify: docker compose up

+- name: "Flush Taiga handlers"
+  meta: flush_handlers
+
+- name: "Create Taiga admin user (idempotent)"
+  command: >
+    docker compose
+    -f {{ TAIGA_DOCKER_COMPOSE_PATH }}
+    -f {{ TAIGA_DOCKER_COMPOSE_INIT_PATH }}
+    run --rm taiga-manage
+    createsuperuser --noinput
+    --username {{ TAIGA_SUPERUSER_NAME }}
+    --email {{ TAIGA_SUPERUSER_EMAIL }}
+  environment:
+    DJANGO_SUPERUSER_PASSWORD: "{{ TAIGA_SUPERUSER_PASSWORD }}"
+  args:
+    chdir: "{{ docker_compose.directories.instance }}"
+  register: taiga_create_admin
+  changed_when: taiga_create_admin.rc == 0
+  failed_when: >
+    taiga_create_admin.rc != 0 and
+    ('already taken' not in (taiga_create_admin.stdout + taiga_create_admin.stderr) | lower) and
+    ('already exists' not in (taiga_create_admin.stdout + taiga_create_admin.stderr) | lower) and
+    ('integrityerror' not in (taiga_create_admin.stdout + taiga_create_admin.stderr) | lower)
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"
+  async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
+  poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"