Update to 2022-01-28 18:00

2025-04-16 02:03:09 +02:00 · 2022-01-28 18:00:06 +01:00 · 2022-01-28 18:00:06 +01:00 · 9abf651e65
commit 9abf651e65
parent c614bcb149
6 changed files with 32 additions and 8 deletions
--- a/roles/taiga/defaults/main.yml
+++ b/roles/taiga/defaults/main.yml
@ -81,9 +81,10 @@ taiga_smtp_ssl: "{{ (taiga_smtp_port == 465) | ternary(True, False) }}"

 # OIDC authentication
 taiga_oidc_auth: False
-taiga_oidc_auth_url: https://sso.{{ ansible_domain }}/oauth2/authorize
-taiga_oidc_user_url: https://sso.{{ ansible_domain }}/oauth2/userinfo
-taiga_oidc_token_url: https://sso.{{ ansible_domain }}/oauth2/token
+taiga_oidc_base_url: https://sso.{{ ansible_domain }}/oauth2
+taiga_oidc_auth_url: "{{ taiga_oidc_base_url }}/authorize"
+taiga_oidc_user_url: "{{ taiga_oidc_base_url }}/userinfo"
+taiga_oidc_token_url: "{{ taiga_oidc_base_url }}/token"
 taiga_oidc_scope: openid email profile
 taiga_oidc_name: SSO ({{ ansible_domain }})
 taiga_oidc_client_id: taiga
--- a/roles/taiga/tasks/conf.yml
+++ b/roles/taiga/tasks/conf.yml
@ -35,6 +35,7 @@
    rabbitmqctl add_vhost {{ taiga_amqp_vhost }}
    rabbitmqctl set_permissions -p {{ taiga_amqp_vhost }} {{ taiga_amqp_user }} ".*" ".*" ".*"
  when: taiga_amqp_server in ['localhost', '127.0.0.1']
+  changed_when: False
  tags: taiga

 - when: taiga_install_mode != 'none'
@ -59,6 +60,17 @@
        app_path: "{{ taiga_root_dir }}/app/back"
        virtualenv: "{{ taiga_root_dir }}/venv"

+    - name: Set permissions for nginx
+      command: |
+        setfacl -R -k -b {{ taiga_root_dir }}
+        setfacl -m u:nginx:x {{ taiga_root_dir }}
+        setfacl -m u:nginx:x {{ taiga_root_dir }}/data
+        setfacl -m u:nginx:x {{ taiga_root_dir }}/app
+        setfacl -m u:nginx:x {{ taiga_root_dir }}/app/back
+        setfacl -R -m u:nginx:rX {{ taiga_root_dir }}/app/front
+        setfacl -R -m u:nginx:rX {{ taiga_root_dir }}/app/back/static
+        setfacl -R -m u:nginx:rX {{ taiga_root_dir }}/data/media
+
  environment:
    DJANGO_SETTINGS_MODULE: settings.config
    CELERY_ENABLED: False
@ -75,6 +87,16 @@
      environment:
        DJANGO_SUPERUSER_PASSWORD: '{{ taiga_admin_pass }}'

+    # For some reason, the password isn't correctly initialized
+    # Let's reset it using expect
+    - name: Reset admin user password
+      expect:
+        command: "{{ taiga_root_dir }}/venv/bin/python3 ./manage.py changepassword admin"
+        chdir: "{{ taiga_root_dir }}/app/back/"
+        responses:
+          'Password:\s*': "{{ taiga_admin_pass }}"
+          'Password \(again\):\s*': "{{ taiga_admin_pass }}"
+
    - name: load initial data
      django_manage:
        command: loaddata initial_project_templates
@ -86,3 +108,4 @@
    CELERY_ENABLED: False
  become_user: "{{ taiga_user }}"
  tags: taiga
+
--- a/roles/taiga/tasks/directories.yml
+++ b/roles/taiga/tasks/directories.yml
@ -5,7 +5,7 @@
  loop:
    - dir: "{{ taiga_root_dir }}"
      owner: "{{ taiga_user }}"
-      group: nginx
+      group: "{{ taiga_user }}"
      mode: 750
    - dir: "{{ taiga_root_dir }}/backup"
      owner: root
--- a/roles/taiga/tasks/facts.yml
+++ b/roles/taiga/tasks/facts.yml
@ -53,7 +53,6 @@
    - import_tasks: ../includes/get_rand_pass.yml
      vars:
        - pass_file: "{{ taiga_root_dir }}/meta/ansible_admin_pass"
-        - complex: False
    - set_fact: taiga_admin_pass={{ rand_pass }}
  tags: taiga

--- a/roles/taiga/templates/protected/env.j2
+++ b/roles/taiga/templates/protected/env.j2
@ -1,3 +1,3 @@
-SECRET_KEY={{ taiga_secret_key }}
-MAX_AGE=300
-TAIGA_SUBPATH={{ taiga_public_url | urlsplit('path') }}
+SECRET_KEY="{{ taiga_secret_key }}"
+MAX_AGE=600
+TAIGA_SUBPATH="{{ (taiga_public_url | urlsplit('path') == '/') | ternary('', taiga_public_url | urlsplit('path')) }}"
--- a/roles/taiga/vars/RedHat-8.yml
+++ b/roles/taiga/vars/RedHat-8.yml
@ -29,3 +29,4 @@ taiga_packages:
  - openssl-devel
  - libffi-devel
  - policycoreutils
+  - python3-pexpect