mirror of
				https://github.com/kevinveenbirkenbach/computer-playbook.git
				synced 2025-10-20 13:05:34 +00:00 
			
		
		
		
	config/main.yml: convert oidc from empty mapping to block; indent flavor under oidc; enable javascript feature. tasks/main.yml: use path_join for taiga settings; create docker-compose-inits via TAIGA_DOCKER_COMPOSE_INIT_PATH; flush handlers; add idempotent createsuperuser via taiga-manage with async/poll and masked logs. templates/docker-compose-inits.yml.j2: include compose/container base to inherit env and project settings. templates/env.j2: quote WEB_PROTOCOL and WEBSOCKET_PROTOCOL. templates/javascript.js.j2: add SSO warning include. users/main.yml: add administrator email stub. vars/main.yml: add js_application_name; restructure OIDC flavor flags; add compose PATH vars; expose TAIGA_SUPERUSER_* vars. Chat reference: https://chatgpt.com/share/68af7637-225c-800f-b670-2b948f5dea54
		
			
				
	
	
		
			89 lines
		
	
	
		
			4.1 KiB
		
	
	
	
		
			Django/Jinja
		
	
	
	
	
	
			
		
		
	
	
			89 lines
		
	
	
		
			4.1 KiB
		
	
	
	
		
			Django/Jinja
		
	
	
	
	
	
| # Taiga's URLs - Variables to define where Taiga should be served
 | |
| TAIGA_SITES_SCHEME  =   "{{ WEB_PROTOCOL }}"         # serve Taiga using "http" or "https" (secured) connection
 | |
| TAIGA_SITES_DOMAIN  =   "{{ domains | get_domain(application_id) }}"   # Taiga's base URL
 | |
|   
 | |
| TAIGA_SUBPATH       =   ""  # it'll be appended to the TAIGA_DOMAIN (use either "" or a "/subpath")
 | |
| WEBSOCKETS_SCHEME   =   "{{ WEBSOCKET_PROTOCOL }}" # events connection protocol (use either "ws" or "wss")
 | |
| 
 | |
| # Taiga's Secret Key - Variable to provide cryptographic signing
 | |
| TAIGA_SECRET_KEY    =   "{{ applications | get_app_conf(application_id, 'credentials.secret_key') }}"
 | |
| SECRET_KEY          =   "{{ applications | get_app_conf(application_id, 'credentials.secret_key') }}"
 | |
| 
 | |
| # Taiga's Database settings - Variables to create the Taiga database and connect to it
 | |
| POSTGRES_USER       =   "{{ database_username }}"       # user to connect to PostgreSQL
 | |
| POSTGRES_PASSWORD   =   "{{ database_password }}"   # database user's password
 | |
| POSTGRES_DB         =   "{{ database_name }}"
 | |
| POSTGRES_HOST       =   "{{ database_host }}"
 | |
| 
 | |
| # Taiga's SMTP settings - Variables to send Taiga's emails to the users
 | |
| EMAIL_BACKEND       =   "{{ TAIGA_EMAIL_BACKEND }}"             # use an SMTP server or display the emails in the console (either "smtp" or "console")
 | |
| EMAIL_HOST          =   "{{ SYSTEM_EMAIL.HOST }}"               # SMTP server address
 | |
| EMAIL_PORT          =   "{{ SYSTEM_EMAIL.PORT }}"               # default SMTP port
 | |
| EMAIL_HOST_USER     =   "{{ users['no-reply'].email }}"         # user to connect the SMTP server
 | |
| EMAIL_HOST_PASSWORD =   "{{ users['no-reply'].mailu_token }}"   # SMTP user's password
 | |
| EMAIL_DEFAULT_FROM  =   "{{ users['no-reply'].email }}"         # default email address for the automated emails
 | |
| DEFAULT_FROM_EMAIL  =   "{{ users['no-reply'].email }}"
 | |
| 
 | |
| # EMAIL_USE_TLS/EMAIL_USE_SSL are mutually exclusive (only set one of those to True)
 | |
| EMAIL_USE_TLS       =   "{{ SYSTEM_EMAIL.TLS | capitalize }}"                   # use TLS (secure) connection with the SMTP server
 | |
| EMAIL_USE_SSL       =   "{{ 'False' if SYSTEM_EMAIL.START_TLS else 'True' }}"   # use implicit TLS (secure) connection with the SMTP server
 | |
| 
 | |
| RABBITMQ_USER=taiga
 | |
| RABBITMQ_PASS=taiga
 | |
| RABBITMQ_VHOST=taiga
 | |
| 
 | |
| # Taiga's RabbitMQ settings - Variables to leave messages for the realtime and asynchronous events
 | |
| RABBITMQ_DEFAULT_RABBITMQ_USER  =   taiga  # user to connect to RabbitMQ
 | |
| RABBITMQ_DEFAULT_RABBITMQ_PASS  =   taiga  # RabbitMQ user's password
 | |
| RABBITMQ_DEFAULT_RABBITMQ_VHOST =   taiga  # RabbitMQ container name
 | |
| RABBITMQ_ERLANG_COOKIE          =   secret-erlang-cookie  # unique value shared by any connected instance of RabbitMQ
 | |
| 
 | |
| # Taiga's Attachments - Variable to define how long the attachments will be accesible
 | |
| ATTACHMENTS_MAX_AG  =   360  # token expiration date (in seconds)
 | |
| MAX_AGE             =   360
 | |
|       
 | |
| 
 | |
| # Taiga's Telemetry - Variable to enable or disable the anonymous telemetry
 | |
| ENABLE_TELEMETRY    =   True
 | |
| 
 | |
| {% if TAIGA_OIDC_ENABLED %}
 | |
| 
 | |
| {% if TAIGA_TAIGAIO_ENABLED %}
 | |
| 
 | |
| # OIDC via taigaio official contrib
 | |
| # @See https://github.com/taigaio/taiga-contrib-oidc-auth
 | |
| 
 | |
| OIDC_RP_CLIENT_ID="{{ OIDC.CLIENT.ID }}"
 | |
| OIDC_RP_CLIENT_SECRET="{{ OIDC.CLIENT.SECRET }}"
 | |
| OIDC_OP_AUTHORIZATION_ENDPOINT="{{ OIDC.CLIENT.AUTHORIZE_URL }}"
 | |
| OIDC_OP_TOKEN_ENDPOINT="{{ OIDC.CLIENT.TOKEN_URL }}"
 | |
| OIDC_OP_USER_ENDPOINT="{{ OIDC.CLIENT.USER_INFO_URL }}"
 | |
| OIDC_RP_SIGN_ALGO="RS256"
 | |
| OIDC_RP_SCOPES="openid profile email"
 | |
| OIDC_OP_JWKS_ENDPOINT="{{ OIDC.CLIENT.CERTS }}"
 | |
| 
 | |
| {% endif %}
 | |
| 
 | |
| {% if TAIGA_FLAVOR_ROBROTHERAM %}
 | |
| 
 | |
| # OIDC via robrotheram
 | |
| # @see https://github.com/robrotheram/taiga-contrib-openid-auth
 | |
| ENABLE_OPENID=True
 | |
| OPENID_URL="{{ OIDC.CLIENT.AUTHORIZE_URL }}"
 | |
| OPENID_USER_URL="{{ OIDC.CLIENT.USER_INFO_URL }}"
 | |
| OPENID_TOKEN_URL="{{ OIDC.CLIENT.TOKEN_URL }}"
 | |
| OPENID_CLIENT_ID="{{ OIDC.CLIENT.ID }}"
 | |
| OPENID_CLIENT_SECRET="{{ OIDC.CLIENT.SECRET }}"
 | |
| OPENID_NAME="{{ OIDC.BUTTON_TEXT }}"
 | |
| OPENID_USERNAME_FIELD="{{ OIDC.ATTRIBUTES.USERNAME }}"
 | |
| # Optional:
 | |
| # OPENID_ID_FIELD="sub"
 | |
| # OPENID_FULLNAME_FIELD="name"
 | |
| # OPENID_EMAIL_FIELD="email"
 | |
| # OPENID_SCOPE="openid email"
 | |
| # OPENID_FILTER = "taiga_users,taiga_admins"
 | |
| # OPENID_FILTER_FIELD = "groups"
 | |
| 
 | |
| {% endif %}
 | |
| 
 | |
| {% endif %} |