kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-30 23:38:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
cb66fb2978680be0741bfdbcb69cbd26667ab757
computer-playbook/roles/web-app-taiga/templates/env.j2
Kevin Veen-Birkenbach 1401779a9d web-app-taiga: add manage/init flow and idempotent admin bootstrap; fix OIDC config and env quoting 
config/main.yml: convert oidc from empty mapping to block; indent flavor under oidc; enable javascript feature.

tasks/main.yml: use path_join for taiga settings; create docker-compose-inits via TAIGA_DOCKER_COMPOSE_INIT_PATH; flush handlers; add idempotent createsuperuser via taiga-manage with async/poll and masked logs.

templates/docker-compose-inits.yml.j2: include compose/container base to inherit env and project settings.

templates/env.j2: quote WEB_PROTOCOL and WEBSOCKET_PROTOCOL.

templates/javascript.js.j2: add SSO warning include.

users/main.yml: add administrator email stub.

vars/main.yml: add js_application_name; restructure OIDC flavor flags; add compose PATH vars; expose TAIGA_SUPERUSER_* vars.

Chat reference: https://chatgpt.com/share/68af7637-225c-800f-b670-2b948f5dea54
2025-08-27 23:19:42 +02:00

89 lines
4.1 KiB
Django/Jinja
Raw Blame History

# Taiga's URLs - Variables to define where Taiga should be served
TAIGA_SITES_SCHEME = "{{ WEB_PROTOCOL }}" # serve Taiga using "http" or "https" (secured) connection
TAIGA_SITES_DOMAIN = "{{ domains | get_domain(application_id) }}" # Taiga's base URL
TAIGA_SUBPATH = "" # it'll be appended to the TAIGA_DOMAIN (use either "" or a "/subpath")
WEBSOCKETS_SCHEME = "{{ WEBSOCKET_PROTOCOL }}" # events connection protocol (use either "ws" or "wss")
# Taiga's Secret Key - Variable to provide cryptographic signing
TAIGA_SECRET_KEY = "{{ applications | get_app_conf(application_id, 'credentials.secret_key') }}"
SECRET_KEY = "{{ applications | get_app_conf(application_id, 'credentials.secret_key') }}"
# Taiga's Database settings - Variables to create the Taiga database and connect to it
POSTGRES_USER = "{{ database_username }}" # user to connect to PostgreSQL
POSTGRES_PASSWORD = "{{ database_password }}" # database user's password
POSTGRES_DB = "{{ database_name }}"
POSTGRES_HOST = "{{ database_host }}"
# Taiga's SMTP settings - Variables to send Taiga's emails to the users
EMAIL_BACKEND = "{{ TAIGA_EMAIL_BACKEND }}" # use an SMTP server or display the emails in the console (either "smtp" or "console")
EMAIL_HOST = "{{ SYSTEM_EMAIL.HOST }}" # SMTP server address
EMAIL_PORT = "{{ SYSTEM_EMAIL.PORT }}" # default SMTP port
EMAIL_HOST_USER = "{{ users['no-reply'].email }}" # user to connect the SMTP server
EMAIL_HOST_PASSWORD = "{{ users['no-reply'].mailu_token }}" # SMTP user's password
EMAIL_DEFAULT_FROM = "{{ users['no-reply'].email }}" # default email address for the automated emails
DEFAULT_FROM_EMAIL = "{{ users['no-reply'].email }}"
# EMAIL_USE_TLS/EMAIL_USE_SSL are mutually exclusive (only set one of those to True)
EMAIL_USE_TLS = "{{ SYSTEM_EMAIL.TLS | capitalize }}" # use TLS (secure) connection with the SMTP server
EMAIL_USE_SSL = "{{ 'False' if SYSTEM_EMAIL.START_TLS else 'True' }}" # use implicit TLS (secure) connection with the SMTP server
RABBITMQ_USER=taiga
RABBITMQ_PASS=taiga
RABBITMQ_VHOST=taiga
# Taiga's RabbitMQ settings - Variables to leave messages for the realtime and asynchronous events
RABBITMQ_DEFAULT_RABBITMQ_USER = taiga # user to connect to RabbitMQ
RABBITMQ_DEFAULT_RABBITMQ_PASS = taiga # RabbitMQ user's password
RABBITMQ_DEFAULT_RABBITMQ_VHOST = taiga # RabbitMQ container name
RABBITMQ_ERLANG_COOKIE = secret-erlang-cookie # unique value shared by any connected instance of RabbitMQ
# Taiga's Attachments - Variable to define how long the attachments will be accesible
ATTACHMENTS_MAX_AG = 360 # token expiration date (in seconds)
MAX_AGE = 360
# Taiga's Telemetry - Variable to enable or disable the anonymous telemetry
ENABLE_TELEMETRY = True
{% if TAIGA_OIDC_ENABLED %}
{% if TAIGA_TAIGAIO_ENABLED %}
# OIDC via taigaio official contrib
# @See https://github.com/taigaio/taiga-contrib-oidc-auth
OIDC_RP_CLIENT_ID="{{ OIDC.CLIENT.ID }}"
OIDC_RP_CLIENT_SECRET="{{ OIDC.CLIENT.SECRET }}"
OIDC_OP_AUTHORIZATION_ENDPOINT="{{ OIDC.CLIENT.AUTHORIZE_URL }}"
OIDC_OP_TOKEN_ENDPOINT="{{ OIDC.CLIENT.TOKEN_URL }}"
OIDC_OP_USER_ENDPOINT="{{ OIDC.CLIENT.USER_INFO_URL }}"
OIDC_RP_SIGN_ALGO="RS256"
OIDC_RP_SCOPES="openid profile email"
OIDC_OP_JWKS_ENDPOINT="{{ OIDC.CLIENT.CERTS }}"
{% endif %}
{% if TAIGA_FLAVOR_ROBROTHERAM %}
# OIDC via robrotheram
# @see https://github.com/robrotheram/taiga-contrib-openid-auth
ENABLE_OPENID=True
OPENID_URL="{{ OIDC.CLIENT.AUTHORIZE_URL }}"
OPENID_USER_URL="{{ OIDC.CLIENT.USER_INFO_URL }}"
OPENID_TOKEN_URL="{{ OIDC.CLIENT.TOKEN_URL }}"
OPENID_CLIENT_ID="{{ OIDC.CLIENT.ID }}"
OPENID_CLIENT_SECRET="{{ OIDC.CLIENT.SECRET }}"
OPENID_NAME="{{ OIDC.BUTTON_TEXT }}"
OPENID_USERNAME_FIELD="{{ OIDC.ATTRIBUTES.USERNAME }}"
# Optional:
# OPENID_ID_FIELD="sub"
# OPENID_FULLNAME_FIELD="name"
# OPENID_EMAIL_FIELD="email"
# OPENID_SCOPE="openid email"
# OPENID_FILTER = "taiga_users,taiga_admins"
# OPENID_FILTER_FIELD = "groups"
{% endif %}
{% endif %}
Reference in New Issue View Git Blame Copy Permalink