kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-04-19 22:52:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Deactivated useless code

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-04-08 00:30:21 +02:00
parent 734ddc44bf
commit a43d1302ac
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
11 changed files with 177 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
roles/docker-ldap/tasks/lam.yml
View File

@ -9,25 +9,25 @@
mode: '0755' mode: '0755'
recurse: true recurse: true
- name: "create {{docker_compose.directories.env}}lam.env" #- name: "create {{docker_compose.directories.env}}lam.env"
template: # template:
src: "lam/env.j2" # src: "lam/env.j2"
dest: "{{docker_compose.directories.env}}lam.env" # dest: "{{docker_compose.directories.env}}lam.env"
mode: '770' # mode: '770'
force: yes # force: yes
notify: docker compose project setup # notify: docker compose project setup
#
- name: "create default.group to enable groupOfNames in LAM" #- name: "create default.group to enable groupOfNames in LAM"
template: # template:
src: "lam/default.group.j2" # src: "lam/default.group.j2"
dest: "{{ lam_profiles_dir }}/default.group" # dest: "{{ lam_profiles_dir }}/default.group"
mode: '0644' # mode: '0644'
notify: docker compose project setup # notify: docker compose project setup
#
- name: "Create groupOfNames.conf to enable groupOfNames as base module in LAM" #- name: "Create groupOfNames.conf to enable groupOfNames as base module in LAM"
template: # template:
src: "lam/groupOfNames.conf.j2" # src: "lam/groupOfNames.conf.j2"
dest: "{{ lam_profiles_dir }}/groupOfNames.conf" # dest: "{{ lam_profiles_dir }}/groupOfNames.conf"
mode: '0644' # mode: '0644'

4
roles/docker-ldap/templates/docker-compose.yml.j2
View File

@ -13,8 +13,8 @@ services:
- 127.0.0.1:{{ports.localhost.http.ldap}}:80 - 127.0.0.1:{{ports.localhost.http.ldap}}:80
env_file: env_file:
- "{{docker_compose.directories.env}}lam.env" - "{{docker_compose.directories.env}}lam.env"
volumes: # volumes:
- "{{ lam_profiles_dir }}:/var/lib/ldap-account-manager/config/profiles/" # - "{{ lam_profiles_dir }}:/var/lib/ldap-account-manager/config/profiles/"
{% elif applications.ldap.webinterface == 'phpldapadmin' %} {% elif applications.ldap.webinterface == 'phpldapadmin' %}
image: leenooks/phpldapadmin:{{applications.ldap.phpldapadmin.version}} image: leenooks/phpldapadmin:{{applications.ldap.phpldapadmin.version}}

32
roles/docker-openproject/vars/ldap.yml
View File

@ -1,17 +1,17 @@
openproject_ldap: openproject_ldap:
name: "{{ primary_domain }}" # Display name for the LDAP connection in OpenProject name: "{{ primary_domain }}" # Display name for the LDAP connection in OpenProject
host: "{{ ldap.server.domain }}" # LDAP server address host: "{{ ldap.server.domain }}" # LDAP server address
port: "{{ ldap.server.port }}" # LDAP server port (typically 389 or 636) port: "{{ ldap.server.port }}" # LDAP server port (typically 389 or 636)
account: "{{ ldap.dn.administrator }}" # Bind DN (used for authentication) account: "{{ ldap.dn.administrator }}" # Bind DN (used for authentication)
account_password: "{{ ldap.bind_credential }}" # Bind password account_password: "{{ ldap.bind_credential }}" # Bind password
base_dn: "{{ ldap.dn.users }}" # Base DN for user search base_dn: "{{ ldap.dn.users }}" # Base DN for user search
attr_login: "{{ ldap.attributes.user_id | default('uid') }}" # LDAP attribute used for login attr_login: "{{ ldap.attributes.user_id }}" # LDAP attribute used for login
attr_firstname: "givenName" # LDAP attribute for first name attr_firstname: "givenName" # LDAP attribute for first name
attr_lastname: "sn" # LDAP attribute for last name attr_lastname: "sn" # LDAP attribute for last name
attr_mail: "mail" # LDAP attribute for email attr_mail: "mail" # LDAP attribute for email
attr_admin: "" # Optional: LDAP attribute for admin group (leave empty if unused) attr_admin: "{{ openproject_filters.administrators }}" # Optional: LDAP attribute for admin group (leave empty if unused)
onthefly_register: true # Automatically create users on first login onthefly_register: true # Automatically create users on first login
tls_mode: 0 # 0 = No TLS, 1 = TLS, 2 = STARTTLS tls_mode: 0 # 0 = No TLS, 1 = TLS, 2 = STARTTLS
verify_peer: false # Whether to verify the SSL certificate verify_peer: false # Whether to verify the SSL certificate
filter_string: "" # Optional: Custom filter for users (e.g., "(objectClass=person)") filter_string: "{{ openproject_filters.users }}" # Optional: Custom filter for users (e.g., "(objectClass=person)")
tls_certificate_string: "" # Optional: Client certificate string for TLS (usually left empty) tls_certificate_string: "" # Optional: Client certificate string for TLS (usually left empty)

23
roles/docker-openproject/vars/main.yml
View File

@ -1,6 +1,6 @@
application_id: "openproject" application_id: "openproject"
docker_repository_address: "https://github.com/opf/openproject-deploy" docker_repository_address: "https://github.com/opf/openproject-deploy"
database_password: "{{applications[application_id].credentials.database_password}}" database_password: "{{ applications[application_id].credentials.database_password }}"
database_type: "postgres" database_type: "postgres"
openproject_plugins_service: "{{docker_compose.directories.services}}plugins/" openproject_plugins_service: "{{docker_compose.directories.services}}plugins/"
@ -10,9 +10,18 @@ custom_openproject_image: "custom_openproject"
dummy_volume: "{{docker_compose.directories.volumes}}dummy_volume" dummy_volume: "{{docker_compose.directories.volumes}}dummy_volume"
openproject_rails_settings: openproject_rails_settings:
email_delivery_method: "smtp" email_delivery_method: "smtp"
smtp_address: "{{ system_email.host }}" smtp_address: "{{ system_email.host }}"
smtp_domain: "{{ system_email.domain }}" smtp_domain: "{{ system_email.domain }}"
smtp_user_name: "{{ system_email.username }}" smtp_user_name: "{{ system_email.username }}"
smtp_password: "{{ system_email.password }}" smtp_password: "{{ system_email.password }}"
smtp_ssl: false smtp_ssl: false
openproject_filters:
administrators: >-
{{ '(memberOf=cn=openproject-admins,' ~ ldap.dn.application_roles ~ ')'
if applications[application_id].ldap.filters.administrators else '' }}
users: >-
{{ '(memberOf=cn=openproject-users,' ~ ldap.dn.application_roles ~ ')'
if applications[application_id].ldap.filters.users else '' }}

24
roles/docker-taiga/Development.md
View File

@ -1,4 +1,4 @@
# Development # Development Notes
## Build front container ## Build front container
@ -12,4 +12,26 @@ Verify front configuration:
```bash ```bash
docker compose exec -it taiga-front cat /usr/share/nginx/html/conf.json docker compose exec -it taiga-front cat /usr/share/nginx/html/conf.json
```
Verify the backend configuration:
```bash
docker compose exec -it taiga-back cat /taiga-back/settings/local.py
```
## Additional Configuration for plugin
```bash
# ENABLE_OPENID Plugin
ENABLE_OPENID = os.getenv('ENABLE_OPENID', 'False') == 'True'
if ENABLE_OPENID:
INSTALLED_APPS += [
"taiga_contrib_openid_auth"
]
OPENID_USER_URL = os.getenv('OPENID_USER_URL')
OPENID_TOKEN_URL = os.getenv('OPENID_TOKEN_URL')
OPENID_CLIENT_ID = os.getenv('OPENID_CLIENT_ID')
OPENID_CLIENT_SECRET = os.getenv('OPENID_CLIENT_SECRET')
OPENID_SCOPE = os.getenv('OPENID_SCOPE')
OPENID_FILTER = os.getenv('OPENID_FILTER')
OPENID_FILTER_FIELD = os.getenv('OPENID_FILTER_FIELD')
``` ```

4
roles/docker-taiga/README.md
View File

@ -34,7 +34,9 @@ By using this role, teams can set up Taiga in minutes on Arch Linux systems —
## Features ## Features
- 🐳 **Docker-Based Deployment:** Easy containerized setup of backend, frontend, async workers, and events service. - 🐳 **Docker-Based Deployment:** Easy containerized setup of backend, frontend, async workers, and events service.
- 🔐 **OIDC (Single Sign-On):** Supported via [taiga-contrib-openid-auth (robrotheram)](https://github.com/robrotheram/taiga-contrib-openid-auth) - 🔐 **OIDC (Single Sign-On):** Supported via:
- [taiga-contrib-openid-auth (robrotheram)](https://github.com/robrotheram/taiga-contrib-openid-auth)
- [taiga-contrib-oidc-auth (official)](https://github.com/taigaio/taiga-contrib-oidc-auth)
- 📨 **Email Backend:** Supports SMTP and console backends for development. - 📨 **Email Backend:** Supports SMTP and console backends for development.
- 🔁 **Async & Realtime Events:** Includes RabbitMQ and support for Taigas event system. - 🔁 **Async & Realtime Events:** Includes RabbitMQ and support for Taigas event system.
- 🌐 **Reverse Proxy Ready:** Integrates with Nginx using the `nginx-domain-setup` role. - 🌐 **Reverse Proxy Ready:** Integrates with Nginx using the `nginx-domain-setup` role.

6
roles/docker-taiga/tasks/main.yml
View File

@ -14,6 +14,12 @@
include_role: include_role:
name: docker-repository-setup name: docker-repository-setup
- name: "template local.py for taiga-contrib-oidc-auth"
template:
src: taiga/local.py.j2
dest: "{{ docker_compose.directories.config }}taiga-local.py"
when: applications[application_id].oidc.enabled and applications[application_id].oidc.flavor == 'taigaio'
- name: "create {{docker_compose_init}}" - name: "create {{docker_compose_init}}"
template: template:
src: "docker-compose-inits.yml.j2" src: "docker-compose-inits.yml.j2"

31
roles/docker-taiga/templates/docker-compose.yml.j2
View File

@ -8,6 +8,13 @@ services:
- static-data:/taiga-back/static - static-data:/taiga-back/static
- media-data:/taiga-back/media - media-data:/taiga-back/media
# - ./config.py:/taiga-back/settings/config.py # - ./config.py:/taiga-back/settings/config.py
{% if applications[application_id].oidc.enabled and applications[application_id].oidc.flavor == 'taigaio' %}
- {{ docker_compose.directories.config }}taiga-local.py:/taiga-back/settings/local.py:ro
{% endif %}
{% include 'templates/docker/container/networks.yml.j2' %} {% include 'templates/docker/container/networks.yml.j2' %}
taiga: taiga:
{% include 'templates/docker/container/depends-on-also-database.yml.j2' %} {% include 'templates/docker/container/depends-on-also-database.yml.j2' %}
@ -15,6 +22,15 @@ services:
condition: service_started condition: service_started
taiga-async-rabbitmq: taiga-async-rabbitmq:
condition: service_started condition: service_started
{% if applications[application_id].oidc.enabled and applications[application_id].oidc.flavor == 'taigaio' %}
command: >
/bin/sh -c "
pip install taiga-contrib-oidc-auth &&
/taiga-back/docker/entrypoint.sh"
{% endif %}
taiga-async: taiga-async:
{% include 'roles/docker-compose/templates/services/base.yml.j2' %} {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
@ -25,6 +41,13 @@ services:
- static-data:/taiga-back/static - static-data:/taiga-back/static
- media-data:/taiga-back/media - media-data:/taiga-back/media
# - ./config.py:/taiga-back/settings/config.py # - ./config.py:/taiga-back/settings/config.py
{% if applications[application_id].oidc.enabled and applications[application_id].oidc.flavor == 'taigaio' %}
- {{ docker_compose.directories.config }}taiga-local.py:/taiga-back/settings/local.py:ro
{% endif %}
{% include 'templates/docker/container/networks.yml.j2' %} {% include 'templates/docker/container/networks.yml.j2' %}
taiga: taiga:
{% include 'templates/docker/container/depends-on-also-database.yml.j2' %} {% include 'templates/docker/container/depends-on-also-database.yml.j2' %}
@ -32,6 +55,14 @@ services:
condition: service_started condition: service_started
taiga-async-rabbitmq: taiga-async-rabbitmq:
condition: service_started condition: service_started
{% if applications[application_id].oidc.enabled and applications[application_id].oidc.flavor == 'taigaio' %}
command: >
/bin/sh -c "
pip install taiga-contrib-oidc-auth &&
/taiga-back/docker/entrypoint.sh"
{% endif %}
taiga-async-rabbitmq: taiga-async-rabbitmq:
image: rabbitmq:3.8-management-alpine image: rabbitmq:3.8-management-alpine

38
roles/docker-taiga/templates/env.j2
View File

@ -26,7 +26,7 @@ EMAIL_BACKEND: = "django.core.mail.backends.{{email_backend}}.EmailBacken
DEFAULT_FROM_EMAIL = "{{system_email.from}}" DEFAULT_FROM_EMAIL = "{{system_email.from}}"
# EMAIL_USE_TLS/EMAIL_USE_SSL are mutually exclusive (only set one of those to True) # EMAIL_USE_TLS/EMAIL_USE_SSL are mutually exclusive (only set one of those to True)
EMAIL_USE_TLS = "{{ system_email.tls | lower | capitalize }}" # use TLS (secure) connection with the SMTP server EMAIL_USE_TLS = "{{ system_email.tls | capitalize }}" # use TLS (secure) connection with the SMTP server
EMAIL_USE_SSL = "{{ 'False' if system_email.start_tls else 'True' }}" # use implicit TLS (secure) connection with the SMTP server EMAIL_USE_SSL = "{{ 'False' if system_email.start_tls else 'True' }}" # use implicit TLS (secure) connection with the SMTP server
RABBITMQ_USER=taiga RABBITMQ_USER=taiga
@ -48,8 +48,30 @@ MAX_AGE = 360
ENABLE_TELEMETRY = True ENABLE_TELEMETRY = True
{% if applications[application_id].oidc.enabled %} {% if applications[application_id].oidc.enabled %}
# OICD
# @See https://github.com/robrotheram/taiga-contrib-openid-auth {% if applications[application_id].oidc.flavor == 'taigaio' %}
# OIDC via taigaio official contrib
# @See https://github.com/taigaio/taiga-contrib-oidc-auth
ENABLE_OIDC=True
OIDC_RP_CLIENT_ID="{{ oidc.client.id }}"
OIDC_RP_CLIENT_SECRET="{{ oidc.client.secret }}"
OIDC_OP_AUTHORIZATION_ENDPOINT="{{ oidc.client.authorize_url }}"
OIDC_OP_TOKEN_ENDPOINT="{{ oidc.client.token_url }}"
OIDC_OP_USER_ENDPOINT="{{ oidc.client.user_info_url }}"
OIDC_RP_SIGN_ALGO="RS256"
OIDC_RP_SCOPES="openid profile email"
OIDC_USE_STATE=True
OIDC_USE_NONCE=True
OIDC_RP_CALLBACK_URL="{{ oidc.client.redirect_uri | default('') }}"
OIDC_OP_JWKS_ENDPOINT="{{ oidc.client.jwks_url | default('') }}"
{% endif %}
{% if applications[application_id].oidc.flavor == 'robrotheram' %}
# OIDC via robrotheram
# @see https://github.com/robrotheram/taiga-contrib-openid-auth
ENABLE_OPENID=True ENABLE_OPENID=True
OPENID_URL="{{oidc.client.authorize_url}}" OPENID_URL="{{oidc.client.authorize_url}}"
OPENID_USER_URL="{{oidc.client.user_info_url}}" OPENID_USER_URL="{{oidc.client.user_info_url}}"
@ -58,14 +80,14 @@ OPENID_CLIENT_ID="{{oidc.client.id}}"
OPENID_CLIENT_SECRET="{{oidc.client.secret}}" OPENID_CLIENT_SECRET="{{oidc.client.secret}}"
OPENID_NAME="{{oidc.button_text}}" OPENID_NAME="{{oidc.button_text}}"
OPENID_USERNAME_FIELD="{{oidc.attributes.username}}" OPENID_USERNAME_FIELD="{{oidc.attributes.username}}"
# Optional:
# Default Values
# OPENID_ID_FIELD="sub" # OPENID_ID_FIELD="sub"
# OPENID_FULLNAME_FIELD="name" # OPENID_FULLNAME_FIELD="name"
# OPENID_EMAIL_FIELD="email" # OPENID_EMAIL_FIELD="email"
# OPENID_SCOPE="openid email" # OPENID_SCOPE="openid email"
# OPENID_FILTER = "taiga_users,taiga_admins"
# OPENID_FILTER_FIELD = "groups"
{% endif %}
# The following are optional fields to configure filtering users based on the openid-userinfo. A common use case is to allow only specific roles or groups to log into taiga. OPENID_FILTER_FIELD is the name of the claim that's present in the UserInfo. The field is expected to be a list of strings. OPENID_FILTER is the allowed values, comma seperated.
#OPENID_FILTER = "taiga_users,taiga_admins"
#OPENID_FILTER_FIELD = "groups"
{% endif %} {% endif %}

24
roles/docker-taiga/templates/local.py.j2 Normal file
View File

@ -0,0 +1,24 @@
INSTALLED_APPS += [
"mozilla_django_oidc",
"taiga_contrib_oidc_auth",
]
AUTHENTICATION_BACKENDS = list(AUTHENTICATION_BACKENDS) + [
"taiga_contrib_oidc_auth.oidc.TaigaOIDCAuthenticationBackend",
]
ROOT_URLCONF = "settings.urls"
OIDC_CALLBACK_CLASS = "taiga_contrib_oidc_auth.views.TaigaOIDCAuthenticationCallbackView"
OIDC_RP_SCOPES = "openid profile email"
OIDC_RP_SIGN_ALGO = "RS256"
OIDC_BASE_URL = "{{ oidc.base_url }}"
OIDC_OP_JWKS_ENDPOINT = OIDC_BASE_URL + "/Jwks"
OIDC_OP_AUTHORIZATION_ENDPOINT = OIDC_BASE_URL + "/Authorization"
OIDC_OP_TOKEN_ENDPOINT = OIDC_BASE_URL + "/Token"
OIDC_OP_USER_ENDPOINT = OIDC_BASE_URL + "/UserInfo"
import os
OIDC_RP_CLIENT_ID = os.getenv("OIDC_RP_CLIENT_ID")
OIDC_RP_CLIENT_SECRET = os.getenv("OIDC_RP_CLIENT_SECRET")

8
roles/docker-taiga/vars/main.yml
View File

@ -4,6 +4,10 @@ database_password: "{{taiga_database_password}}"
docker_repository_address: "https://github.com/taigaio/taiga-docker" docker_repository_address: "https://github.com/taigaio/taiga-docker"
email_backend: "smtp" ## use an SMTP server or display the emails in the console (either "smtp" or "console") email_backend: "smtp" ## use an SMTP server or display the emails in the console (either "smtp" or "console")
docker_compose_init: "{{docker_compose.directories.instance}}docker-compose-inits.yml.j2" docker_compose_init: "{{docker_compose.directories.instance}}docker-compose-inits.yml.j2"
taiga_image_backend: "{{ 'robrotheram/taiga-back-openid' if applications[application_id].oidc.enabled else 'taigaio/taiga-back' }}" taiga_image_backend: >-
taiga_image_frontend: "{{ 'robrotheram/taiga-front-openid' if applications[application_id].oidc.enabled else 'taigaio/taiga-front' }}" {{ 'robrotheram/taiga-back-openid' if applications[application_id].oidc.enabled and applications[application_id].oidc.flavor == 'robrotheram'
else 'taigaio/taiga-back' }}
taiga_image_frontend: >-
{{ 'robrotheram/taiga-front-openid' if applications[application_id].oidc.enabled and applications[application_id].oidc.flavor == 'robrotheram'
else 'taigaio/taiga-front' }}
taiga_frontend_conf_path: "{{docker_compose.directories.config}}conf.json" taiga_frontend_conf_path: "{{docker_compose.directories.config}}conf.json"