Files
computer-playbook/roles/web-app-taiga
Kevin Veen-Birkenbach aa19a97ed6 CORS/CSP hardening & centralization
- Add reusable Nginx include: roles/sys-svc-proxy/templates/headers/access_control_allow.conf.j2
  (dynamic ACAO/credentials/methods/headers via role vars)
- Set global 'Vary: Origin' in nginx.conf.j2 to prevent cache poisoning
- CSP: allow Simple Icons via connect-src when feature is enabled
- Front proxy: rename vars to lowercase + flush handlers after config deploy
- Desktop: gate & load Simple Icons role; inject brand logos when enabled
- Bluesky + Logout: replace inline CORS with centralized include
- Simpleicons: public CORS (ACAO='*', no credentials), keep GET/OPTIONS, allow headers
- Taiga: adjust canonical domain to taiga.kanban.{{ PRIMARY_DOMAIN }}
- LibreTranslate: remove unused images/versions keys

Fixes: https://open.project.infinito.nexus/projects/cymais/work_packages/342/activity
Discussion: https://chatgpt.com/share/68da5e27-ffd4-800f-91a3-0ef103058d44
2025-09-29 12:23:58 +02:00
..
2025-09-23 00:51:23 +02:00

Taiga

Description

Taiga is a powerful and intuitive open-source project management platform tailored for agile teams. Whether you're practicing Scrum, Kanban, or a custom hybrid workflow, Taiga offers a rich, customizable environment to plan, track, and collaborate on your projects — without the complexity of enterprise tools or the vendor lock-in of SaaS platforms.

This Ansible role deploys Taiga in a Docker-based environment, allowing fast, reproducible, and secure installations. It also optionally integrates OpenID Connect (OIDC) for single sign-on via providers like Keycloak.


Why Taiga?

Taiga is ideal for developers, designers, and agile teams who want:

  • Beautiful UI: Clean, modern, and responsive interface.
  • 📌 Agile Workflows: Supports Scrum, Kanban, Scrumban, and Epics.
  • 🗃️ Backlog & Sprint Management: Create user stories, tasks, and sprints with ease.
  • 📈 Burn-down Charts & Metrics: Monitor velocity and progress.
  • 🔄 Custom Workflows: Define your own states, priorities, and permissions.
  • 📎 Attachments & Wiki: Collaborate with file uploads and internal documentation.
  • 🔐 SSO/Authentication Plugins: OpenID Connect, LDAP, GitHub, GitLab and more.
  • 🌍 Multilingual UI: Used by teams worldwide.

Purpose

This role automates the deployment and configuration of a complete, production-ready Taiga stack using Docker Compose. It ensures integration with common infrastructure tools such as Nginx, PostgreSQL, and RabbitMQ, while optionally enabling OpenID Connect authentication for enterprise-grade SSO.

By using this role, teams can set up Taiga in minutes on Arch Linux systems — whether in a homelab, dev environment, or production cluster.


Features

  • 🐳 Docker-Based Deployment: Easy containerized setup of backend, frontend, async workers, and events service.
  • 🔐 OIDC (Single Sign-On): Supported via:
  • 📨 Email Backend: Supports SMTP and console backends for development.
  • 🔁 Async & Realtime Events: Includes RabbitMQ and support for Taigas event system.
  • 🌐 Reverse Proxy Ready: Integrates with Nginx using the sys-stk-front-proxy role.
  • 🧩 Composable Design: Integrates cleanly with other Infinito.Nexus infrastructure roles.

Author

Developed and maintained by Kevin Veen-Birkenbach
Email: kevin@veen.world
Website: veen.world

Part of the Infinito.Nexus Project
License: Infinito.Nexus NonCommercial License