Update to 2022-01-30 19:00

roles/penpot/defaults/main.yml

@@ -0,0 +1,81 @@
+---
+
+# Penpot version to deploy
+penpot_version: 1.10.1-beta
+# SHould ansible manage upgrades. If False, only the initial install will be done
+penpot_manage_upgrade: True
+
+# Where will penpot be installed
+penpot_root_dir: /opt/penpot
+# URL of the archive
+penpot_archive_url: https://github.com/penpot/penpot/archive/refs/tags/{{ penpot_version }}.tar.gz
+# Expected sha256 of the archive
+penpot_archive_sha256: 63392c007ac7df2e723731961741a271c6e752df5c592165f55f11fea74ad6f8
+# User under which penpot will run. Will be created
+penpot_user: penpot
+
+# Public URL where penpot will be avaoilable to users
+penpot_public_url: https://{{ inventory_hostname }}
+
+# Ports used by penpot components
+# Note that those ports will bind on localhost only, and penpot will be
+# exposed by an nginx instance. If you want to restrict penpot access at the firewall level
+# you have to set nginx_src_ip
+penpot_ports:
+  backend: 6060
+  exporter: 6061
+  srepl: 6062
+
+# Postgres database settings
+penpot_db_server: "{{ pg_server | default('localhost') }}"
+penpot_db_port: 5432
+penpot_db_name: penpot
+penpot_db_user: penpot
+# If the password is not defined, a random one will be created and stored un {{ penpot_root_dir }}/meta/ansible_dbpass
+# penpot_db_pass: S3cr3t.
+
+# Penpot uses a redis server to handle notifications
+# Note: redis will be installed if this URL points on localhost
+penpot_redis_url: redis://localhost/0
+
+# Allow user registration ? Note that oidc auth requires registration to be enabled
+penpot_allow_user_registration: "{{ penpot_oidc_auth | ternary(True, False) }}"
+# You can restrict registrations to some domains
+penpot_user_registration_allowed_domains: [ "{{ ansible_domain }}" ]
+
+# OIDC auth
+penpot_oidc_auth: False
+penpot_oidc_base_url: https://sso.{{ ansible_domain }}/oauth2
+penpot_oidc_auth_url: "{{ penpot_oidc_base_url }}/authorize"
+penpot_oidc_user_url: "{{ penpot_oidc_base_url }}/userinfo"
+penpot_oidc_token_url: "{{ penpot_oidc_base_url }}/token"
+penpot_oidc_client_id: penpot
+# The oidc secret must be set
+# penpot_oidc_client_secret: S3cr3t.
+penpot_oidc_scope: openid email profile
+
+# LDAP auth
+penpot_ldap_auth: "{{ (ldap_auth | default(False) or ad_auth | default(False)) | ternary(True, False) }}"
+penpot_ldap_server: "{{ ldap_uri | default('ldap://ldap.' ~ ansible_domain) | urlsplit('hostname') }}"
+penpot_ldap_port: "{{ (ldap_uri | default('ldap://ldap.' ~ ansible_domain) | urlsplit('port') == '') | ternary(ldap_uri | default('ldap://ldap.' ~ ansible_domain) | urlsplit('port'), '389') }}"
+penpot_ldap_ssl: "{{ (penpot_ldap_port == 636) | ternary(True, False) }}"
+penpot_ldap_tls: "{{ penpot_ldap_ssl | ternary(False, True) }}"
+penpot_ldap_base_dn: "{{ (ad_ldap_user_search_base is defined) | ternary(ad_ldap_user_search_base,(ldap_user_base is defined) | ternary(ldap_user_base,(ad_auth | default(False) | ternary('DC=' + ad_realm | default(samba_realm) | default(ansible_domain) | regex_replace('\\.',',DC='), 'dc=' ~ ansible_domain | regex_replace('\\.',',dc='))))) }}"
+penpot_ldap_search_filter: "{{ ad_auth | ternary('(&(sAMAccountName=:username)(objectClass=user)(objectCatagory=person)(!(useraccountcontrol:1.2.840.113556.1.4.803:=2)))', '(&(uid=:username)(objectClass=inetOrgPerson))') }}"
+# If auth is needed, set penpot_ldap_bind_dn and penpot_ldap_bind_pass
+# penpot_ldap_bin_dn: CN=Penpot, OU=Apps, DC=example, DC=org
+# penpot_ldap_bind_pass: S3cr3t.
+penpot_ldap_attr_username: "{{ ad_auth | default(False) | ternary('sAMAccountName', 'uid') }}"
+penpot_ldap_attr_email: mail
+penpot_ldap_attr_fullname: cn
+penpot_ldap_attr_photo: jpegPhoto
+
+# Email settings
+penpot_email_from: no-reply@{{ ansible_domain }}
+penpot_smtp_server: localhost
+penpot_smtp_port: 25
+penpot_smtp_tls: "{{ (penpot_smtp_port == 587) | ternary(True, False) }}"
+penpot_smtp_ssl: "{{ (penpot_smtp_port == 465) | ternary(True, False) }}"
+# You can set user and password if needed
+# penpot_smtp_user: penpot@example.org
+# penpot_smtp_pass: S3cr3t.