kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-10-31 02:10:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
feature/keycloak-service-account-client
computer-playbook/roles/web-app-taiga/templates/env.j2
Kevin Veen-Birkenbach 251f7b227d Add healthchecks for all Taiga services, fix RabbitMQ env var names, and define TAIGA_HOSTNAME 
Details:
- Implemented healthchecks for taiga, async, rabbitmq, front, events, protected, and gateway
- Corrected RabbitMQ env variables (RABBITMQ_DEFAULT_USER/PASS/VHOST/ERLANG_COOKIE)
- Added TAIGA_HOSTNAME for backend service

See: https://chatgpt.com/share/68da9d6b-b164-800f-bcb7-410b40219a1e
2025-09-29 17:09:42 +02:00

89 lines
4.1 KiB
Django/Jinja
Raw Permalink Blame History

# Taiga's URLs - Variables to define where Taiga should be served
TAIGA_SITES_SCHEME = "{{ WEB_PROTOCOL }}" # serve Taiga using "http" or "https" (secured) connection
TAIGA_SITES_DOMAIN = "{{ domains | get_domain(application_id) }}" # Taiga's base URL
TAIGA_SUBPATH = "" # it'll be appended to the TAIGA_DOMAIN (use either "" or a "/subpath")
WEBSOCKETS_SCHEME = "{{ WEBSOCKET_PROTOCOL }}" # events connection protocol (use either "ws" or "wss")
# Taiga's Secret Key - Variable to provide cryptographic signing
TAIGA_SECRET_KEY = "{{ applications | get_app_conf(application_id, 'credentials.secret_key') }}"
SECRET_KEY = "{{ applications | get_app_conf(application_id, 'credentials.secret_key') }}"
# Taiga's Database settings - Variables to create the Taiga database and connect to it
POSTGRES_USER = "{{ database_username }}" # user to connect to PostgreSQL
POSTGRES_PASSWORD = "{{ database_password }}" # database user's password
POSTGRES_DB = "{{ database_name }}"
POSTGRES_HOST = "{{ database_host }}"
# Taiga's SMTP settings - Variables to send Taiga's emails to the users
EMAIL_BACKEND = "{{ TAIGA_EMAIL_BACKEND }}" # use an SMTP server or display the emails in the console (either "smtp" or "console")
EMAIL_HOST = "{{ SYSTEM_EMAIL.HOST }}" # SMTP server address
EMAIL_PORT = "{{ SYSTEM_EMAIL.PORT }}" # default SMTP port
EMAIL_HOST_USER = "{{ users['no-reply'].email }}" # user to connect the SMTP server
EMAIL_HOST_PASSWORD = "{{ users['no-reply'].mailu_token }}" # SMTP user's password
EMAIL_DEFAULT_FROM = "{{ users['no-reply'].email }}" # default email address for the automated emails
DEFAULT_FROM_EMAIL = "{{ users['no-reply'].email }}"
# EMAIL_USE_TLS/EMAIL_USE_SSL are mutually exclusive (only set one of those to True)
EMAIL_USE_TLS = "{{ SYSTEM_EMAIL.TLS | capitalize }}" # use TLS (secure) connection with the SMTP server
EMAIL_USE_SSL = "{{ 'False' if SYSTEM_EMAIL.START_TLS else 'True' }}" # use implicit TLS (secure) connection with the SMTP server
RABBITMQ_USER=taiga
RABBITMQ_PASS=taiga
RABBITMQ_VHOST=taiga
# Taiga's RabbitMQ settings - Variables to leave messages for the realtime and asynchronous events
RABBITMQ_DEFAULT_USER = taiga # user to connect to RabbitMQ
RABBITMQ_DEFAULT_PASS = taiga # RabbitMQ user's password
RABBITMQ_DEFAULT_VHOST = taiga # RabbitMQ container name
RABBITMQ_ERLANG_COOKIE = secret-erlang-cookie # unique value shared by any connected instance of RabbitMQ
# Taiga's Attachments - Variable to define how long the attachments will be accesible
ATTACHMENTS_MAX_AG = 360 # token expiration date (in seconds)
MAX_AGE = 360
# Taiga's Telemetry - Variable to enable or disable the anonymous telemetry
ENABLE_TELEMETRY = True
{% if TAIGA_OIDC_ENABLED %}
{% if TAIGA_TAIGAIO_ENABLED %}
# OIDC via taigaio official contrib
# @See https://github.com/taigaio/taiga-contrib-oidc-auth
OIDC_RP_CLIENT_ID="{{ OIDC.CLIENT.ID }}"
OIDC_RP_CLIENT_SECRET="{{ OIDC.CLIENT.SECRET }}"
OIDC_OP_AUTHORIZATION_ENDPOINT="{{ OIDC.CLIENT.AUTHORIZE_URL }}"
OIDC_OP_TOKEN_ENDPOINT="{{ OIDC.CLIENT.TOKEN_URL }}"
OIDC_OP_USER_ENDPOINT="{{ OIDC.CLIENT.USER_INFO_URL }}"
OIDC_RP_SIGN_ALGO="RS256"
OIDC_RP_SCOPES="openid profile email"
OIDC_OP_JWKS_ENDPOINT="{{ OIDC.CLIENT.CERTS }}"
{% endif %}
{% if TAIGA_FLAVOR_ROBROTHERAM %}
# OIDC via robrotheram
# @see https://github.com/robrotheram/taiga-contrib-openid-auth
ENABLE_OPENID=True
OPENID_URL="{{ OIDC.CLIENT.AUTHORIZE_URL }}"
OPENID_USER_URL="{{ OIDC.CLIENT.USER_INFO_URL }}"
OPENID_TOKEN_URL="{{ OIDC.CLIENT.TOKEN_URL }}"
OPENID_CLIENT_ID="{{ OIDC.CLIENT.ID }}"
OPENID_CLIENT_SECRET="{{ OIDC.CLIENT.SECRET }}"
OPENID_NAME="{{ OIDC.BUTTON_TEXT }}"
OPENID_USERNAME_FIELD="{{ OIDC.ATTRIBUTES.USERNAME }}"
# Optional:
# OPENID_ID_FIELD="sub"
# OPENID_FULLNAME_FIELD="name"
# OPENID_EMAIL_FIELD="email"
# OPENID_SCOPE="openid email"
# OPENID_FILTER = "taiga_users,taiga_admins"
# OPENID_FILTER_FIELD = "groups"
{% endif %}
{% endif %}
Reference in New Issue View Git Blame Copy Permalink