kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-04-20 23:14:56 +02:00
Code Issues Packages Projects Releases Wiki Activity

Implemented OIDC draft for Taiga

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-04-06 09:08:53 +02:00
parent bfd1839a8b
commit 949feb912a
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
5 changed files with 78 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
roles/docker-taiga/README.md
View File

@ -1,31 +1,33 @@
# Docker Taiga Role 🐳📋 # Taiga 🐳📋
This Ansible role sets up and configures a Taiga project management platform using Docker. It includes tasks for setting up the database, Nginx proxy, and updating the repository with necessary files. ## Description
## Tasks This Ansible role deploys and configures the [Taiga](https://www.taiga.io/) project management platform using Docker. It supports core services like backend, frontend, events, and async processing — with optional integration for OpenID Connect (OIDC) authentication.
The main tasks included in this role are: Designed for Arch Linux systems, it ensures consistent and modular setup of the entire Taiga stack, including database and proxy configuration. This role integrates with the CyMaIS infrastructure through conditional Docker Compose file generation and optional service dependencies.
- Setting up the database. ## Overview
- Configuring Nginx as a proxy.
- Updating the repository with necessary files.
## Variables - Deploys Taiga using Docker and Docker Compose.
- Supports PostgreSQL and RabbitMQ as dependencies.
- Automatically integrates Nginx as a reverse proxy.
- Optionally enables OIDC via `taiga-contrib-openid-auth`.
Key variables used in this role include the Docker Compose project name, database type and password, and the repository address. ## Purpose
## Templates The purpose of this role is to automate the provisioning of a complete, containerized Taiga environment in a secure, repeatable, and infrastructure-compliant way. It supports multiple deployment scenarios (internal tools, team collaboration, or homelab usage) and fits into a modular Ansible-based DevOps workflow.
The role includes several Jinja2 templates to configure the environment and Docker Compose setup, including: ## Features
- **docker-compose-inits.yml.j2** - 🐳 **Docker-Based Deployment** Uses `docker-compose` to orchestrate all services.
- **.env.j2** - 🔐 **Optional OpenID Connect Integration** Conditionally enables Keycloak or other OIDC providers.
- **docker-compose.yml.j2** - 🔁 **Async and Event Support** Includes `taiga-events` and `taiga-async`.
- 📨 **SMTP Email Support** Supports both real and console email backends.
- 🧩 **Modular Role Integration** Compatible with roles like `docker-central-database`, `nginx-domain-setup`, and `docker-repository-setup`.
## Author ## Credits 📝
This role was created by Kevin Veen-Birkenbach. You can reach him at [kevin@veen.world](mailto:kevin@veen.world). Visit his website at [veen.world](https://www.veen.world/). Developed and maintained by **Kevin Veen-Birkenbach**
Visit [veen.world](https://www.veen.world) for more information.
## Note Part of the [CyMaIS Project](https://github.com/kevinveenbirkenbach/cymais)
License: [CyMaIS NonCommercial License (CNCL)](https://s.veen.world/cncl)
This README was created with the assistance of ChatGPT. [Link to conversation](https://chatgpt.com/share/fee718ab-cfe1-46f3-b97f-8f8c896ffd11).

26
roles/docker-taiga/meta/main.yml Normal file
View File

@ -0,0 +1,26 @@
---
galaxy_info:
author: "Kevin Veen-Birkenbach"
description: "Deploy and configure the Taiga project management platform, with OpenID Connect support."
license: "CyMaIS NonCommercial License (CNCL)"
license_url: "https://s.veen.world/cncl"
company: |
Kevin Veen-Birkenbach
Consulting & Coaching Solutions
https://www.veen.world
min_ansible_version: "2.9"
platforms:
- name: Archlinux
versions:
- rolling
galaxy_tags:
- taiga
- docker
- project-management
- oidc
- openid
- archlinux
- cymais
repository: https://s.veen.world/cymais
issue_tracker_url: https://s.veen.world/cymaisissues
documentation: https://s.veen.world/cymais

6
roles/docker-taiga/templates/docker-compose.yml.j2
View File

@ -2,7 +2,7 @@ services:
{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %} {% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
taiga-back: taiga-back:
{% include 'roles/docker-compose/templates/services/base.yml.j2' %} {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
image: taigaio/taiga-back:{{applications.taiga.version}} image: {{taiga_image_backend}}:{{applications.taiga.version}}
volumes: volumes:
# These volumens will be used by taiga-back and taiga-async. # These volumens will be used by taiga-back and taiga-async.
- static-data:/taiga-back/static - static-data:/taiga-back/static
@ -18,7 +18,7 @@ services:
taiga-async: taiga-async:
{% include 'roles/docker-compose/templates/services/base.yml.j2' %} {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
image: taigaio/taiga-back:latest image: {{taiga_image_backend}}:{{applications.taiga.version}}
entrypoint: ["/taiga-back/docker/async_entrypoint.sh"] entrypoint: ["/taiga-back/docker/async_entrypoint.sh"]
volumes: volumes:
# These volumens will be used by taiga-back and taiga-async. # These volumens will be used by taiga-back and taiga-async.
@ -43,7 +43,7 @@ services:
taiga: taiga:
taiga-front: taiga-front:
image: taigaio/taiga-front:latest image: {{taiga_image_frontend}}:{{applications.taiga.version}}
{% include 'roles/docker-compose/templates/services/base.yml.j2' %} {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
{% include 'templates/docker/container/networks.yml.j2' %} {% include 'templates/docker/container/networks.yml.j2' %}
taiga: taiga:

19
roles/docker-taiga/templates/env.j2
View File

@ -46,3 +46,22 @@ MAX_AGE = 360
# Taiga's Telemetry - Variable to enable or disable the anonymous telemetry # Taiga's Telemetry - Variable to enable or disable the anonymous telemetry
ENABLE_TELEMETRY = True ENABLE_TELEMETRY = True
{% if applications[application_id].oidc.enabled %}
# OICD
# @See https://github.com/robrotheram/taiga-contrib-openid-auth
ENABLE_OPENID="True"
OPENID_URL="{{oidc.client.authorize_url}}"
OPENID_USER_URL="{{oidc.client.user_info_url}}"
OPENID_TOKEN_URL="{{oidc.client.torken_url}}"
OPENID_CLIENT_ID="{{oidc.client.id}}"
OPENID_CLIENT_SECRET="{{oidc.client.secret}}"
OPENID_NAME="SSO"
# Default Values
#
# OPENID_ID_FIELD="sub"
# OPENID_USERNAME_FIELD="preferred_username"
# OPENID_FULLNAME_FIELD="name"
# OPENID_EMAIL_FIELD="email"
# OPENID_SCOPE="openid email"
{% endif %}

14
roles/docker-taiga/vars/main.yml
View File

@ -1,6 +1,8 @@
application_id: "taiga" application_id: "taiga"
database_type: "postgres" database_type: "postgres"
database_password: "{{taiga_database_password}}" database_password: "{{taiga_database_password}}"
docker_repository_address: "https://github.com/taigaio/taiga-docker" docker_repository_address: "https://github.com/taigaio/taiga-docker"
email_backend: "smtp" ## use an SMTP server or display the emails in the console (either "smtp" or "console") email_backend: "smtp" ## use an SMTP server or display the emails in the console (either "smtp" or "console")
docker_compose_init: "{{docker_compose.directories.instance}}docker-compose-inits.yml.j2" docker_compose_init: "{{docker_compose.directories.instance}}docker-compose-inits.yml.j2"
taiga_image_backend: "{{ 'robrotheram/taiga-back-openid' if applications[application_id].oidc.enabled else 'taigaio/taiga-back' }}"
taiga_image_frontend: "{{ 'robrotheram/taiga-front-openid' if applications[application_id].oidc.enabled else 'taigaio/taiga-front' }}"