jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-04-16 10:13:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update to 2022-01-28 18:00

Browse Source
This commit is contained in:
Daniel Berteaud 2022-01-28 18:00:06 +01:00
parent c614bcb149
commit 9abf651e65
6 changed files with 32 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
roles/taiga/defaults/main.yml
View File

@ -81,9 +81,10 @@ taiga_smtp_ssl: "{{ (taiga_smtp_port == 465) | ternary(True, False) }}"
# OIDC authentication # OIDC authentication
taiga_oidc_auth: False taiga_oidc_auth: False
taiga_oidc_auth_url: https://sso.{{ ansible_domain }}/oauth2/authorize taiga_oidc_base_url: https://sso.{{ ansible_domain }}/oauth2
taiga_oidc_user_url: https://sso.{{ ansible_domain }}/oauth2/userinfo taiga_oidc_auth_url: "{{ taiga_oidc_base_url }}/authorize"
taiga_oidc_token_url: https://sso.{{ ansible_domain }}/oauth2/token taiga_oidc_user_url: "{{ taiga_oidc_base_url }}/userinfo"
taiga_oidc_token_url: "{{ taiga_oidc_base_url }}/token"
taiga_oidc_scope: openid email profile taiga_oidc_scope: openid email profile
taiga_oidc_name: SSO ({{ ansible_domain }}) taiga_oidc_name: SSO ({{ ansible_domain }})
taiga_oidc_client_id: taiga taiga_oidc_client_id: taiga

23
roles/taiga/tasks/conf.yml
View File

@ -35,6 +35,7 @@
rabbitmqctl add_vhost {{ taiga_amqp_vhost }} rabbitmqctl add_vhost {{ taiga_amqp_vhost }}
rabbitmqctl set_permissions -p {{ taiga_amqp_vhost }} {{ taiga_amqp_user }} ".*" ".*" ".*" rabbitmqctl set_permissions -p {{ taiga_amqp_vhost }} {{ taiga_amqp_user }} ".*" ".*" ".*"
when: taiga_amqp_server in ['localhost', '127.0.0.1'] when: taiga_amqp_server in ['localhost', '127.0.0.1']
changed_when: False
tags: taiga tags: taiga
- when: taiga_install_mode != 'none' - when: taiga_install_mode != 'none'
@ -59,6 +60,17 @@
app_path: "{{ taiga_root_dir }}/app/back" app_path: "{{ taiga_root_dir }}/app/back"
virtualenv: "{{ taiga_root_dir }}/venv" virtualenv: "{{ taiga_root_dir }}/venv"
- name: Set permissions for nginx
command: |
setfacl -R -k -b {{ taiga_root_dir }}
setfacl -m u:nginx:x {{ taiga_root_dir }}
setfacl -m u:nginx:x {{ taiga_root_dir }}/data
setfacl -m u:nginx:x {{ taiga_root_dir }}/app
setfacl -m u:nginx:x {{ taiga_root_dir }}/app/back
setfacl -R -m u:nginx:rX {{ taiga_root_dir }}/app/front
setfacl -R -m u:nginx:rX {{ taiga_root_dir }}/app/back/static
setfacl -R -m u:nginx:rX {{ taiga_root_dir }}/data/media
environment: environment:
DJANGO_SETTINGS_MODULE: settings.config DJANGO_SETTINGS_MODULE: settings.config
CELERY_ENABLED: False CELERY_ENABLED: False
@ -75,6 +87,16 @@
environment: environment:
DJANGO_SUPERUSER_PASSWORD: '{{ taiga_admin_pass }}' DJANGO_SUPERUSER_PASSWORD: '{{ taiga_admin_pass }}'
# For some reason, the password isn't correctly initialized
# Let's reset it using expect
- name: Reset admin user password
expect:
command: "{{ taiga_root_dir }}/venv/bin/python3 ./manage.py changepassword admin"
chdir: "{{ taiga_root_dir }}/app/back/"
responses:
'Password:\s*': "{{ taiga_admin_pass }}"
'Password \(again\):\s*': "{{ taiga_admin_pass }}"
- name: load initial data - name: load initial data
django_manage: django_manage:
command: loaddata initial_project_templates command: loaddata initial_project_templates
@ -86,3 +108,4 @@
CELERY_ENABLED: False CELERY_ENABLED: False
become_user: "{{ taiga_user }}" become_user: "{{ taiga_user }}"
tags: taiga tags: taiga

2
roles/taiga/tasks/directories.yml
View File

@ -5,7 +5,7 @@
loop: loop:
- dir: "{{ taiga_root_dir }}" - dir: "{{ taiga_root_dir }}"
owner: "{{ taiga_user }}" owner: "{{ taiga_user }}"
group: nginx group: "{{ taiga_user }}"
mode: 750 mode: 750
- dir: "{{ taiga_root_dir }}/backup" - dir: "{{ taiga_root_dir }}/backup"
owner: root owner: root

1
roles/taiga/tasks/facts.yml
View File

@ -53,7 +53,6 @@
- import_tasks: ../includes/get_rand_pass.yml - import_tasks: ../includes/get_rand_pass.yml
vars: vars:
- pass_file: "{{ taiga_root_dir }}/meta/ansible_admin_pass" - pass_file: "{{ taiga_root_dir }}/meta/ansible_admin_pass"
- complex: False
- set_fact: taiga_admin_pass={{ rand_pass }} - set_fact: taiga_admin_pass={{ rand_pass }}
tags: taiga tags: taiga

6
roles/taiga/templates/protected/env.j2
View File

@ -1,3 +1,3 @@
SECRET_KEY={{ taiga_secret_key }} SECRET_KEY="{{ taiga_secret_key }}"
MAX_AGE=300 MAX_AGE=600
TAIGA_SUBPATH={{ taiga_public_url | urlsplit('path') }} TAIGA_SUBPATH="{{ (taiga_public_url | urlsplit('path') == '/') | ternary('', taiga_public_url | urlsplit('path')) }}"

1
roles/taiga/vars/RedHat-8.yml
View File

@ -29,3 +29,4 @@ taiga_packages:
- openssl-devel - openssl-devel
- libffi-devel - libffi-devel
- policycoreutils - policycoreutils
- python3-pexpect