ansible-roles/roles/taiga/defaults/main.yml

---

# Should ansible handle upgrades ? If False, only the initial install will be done
taiga_manage_upgrade: True
# Where taiga will be installed
taiga_root_dir: /opt/taiga
# User under which taiga will run (will be created)
taiga_user: taiga

# Archives URL, versions and expected checksums
taiga_archives:
  back:
    version: 6.6.2
    url: https://github.com/kaleidos-ventures/taiga-back/archive/refs/tags/6.6.2.tar.gz
    sha256: f29c52d2ac7fb647813814971d98ad0ad8c9213aeb297b50741904913a17eef5
  front:
    version: 6.6.0
    url: https://github.com/kaleidos-ventures/taiga-front-dist/archive/refs/tags/6.6.0.tar.gz
    sha256: 1c438a992c8d4c0af78eea34f6ad0e35b09758516ee1849ee1a7753f84020848
    dir: taiga-front-dist-6.6.0
  events:
    version: 6.6.0
    url: https://github.com/kaleidos-ventures/taiga-events/archive/refs/tags/6.6.0.tar.gz
    sha256: dcd83d1f191328f369e874631a2f00bc6b18421d8ce81a08c5dfa26c081a9762
  protected:
    version: 6.6.0
    url: https://github.com/kaleidos-ventures/taiga-protected/archive/refs/tags/6.6.0.tar.gz
    sha256: 28d7b0f584a61a776ee3299984e5aa0d845c550bba63b5af1751050c50b089e5

# Database settings
taiga_db_server: "{{ pg_server | default('localhost') }}"
taiga_db_port: 5432
taiga_db_name: taiga
taiga_db_user: taiga
# If the password is not defined, a random one will be generated and stored under {{ taiga_root_dir }}/meta/ansible_dbpass
# taiga_db_pass: S3cr3t.

# Secret key used by various components
# If not defined, a random one will be created and stored under {{ taiga_root_dir }}/meta/ansible_secret_key
# taiga_secret_key: S3cr3t.

# AMQP settings
taiga_amqp_server: localhost
taiga_amqp_port: 5672
taiga_amqp_user: taiga
taiga_amqp_vhost: taiga
# If the password is not defined, a random one will be create and stored under {{ taiga_root_dir }}/meta/ansible_amqp_pass
# But this is only useful when taiga_amqp_server is localhost. If you use a remote AMQP server, you'll have to define the pass
# taiga_amqp_pass: S3cr3t.

# Ports used by taiga components
# they will only be accessible to localhost and exposed by nginx
# If you want to restrict access at the firewall level (for example, to only allow a reverse proxy), you need to
# set nginx_src_ip to the list of IP (or CIDR network) which will have access to port 80/443
taiga_ports:
  back: 8001
  protected: 8003
  events: 8888

# Public URL to reach taiga
taiga_public_url: https://{{ inventory_hostname }}/

# A default admin user is created during installation
# You can set its password, or a random one will be generated and stored under {{ taiga_root_dir }}/meta/ansible_admin_pass
# taiga_admin_pass: S3cr3t.

# Registration enabled ?
taiga_user_registration: False
# If registration is enabled (or if oidc auth is enabled), you can restrict email domains accepted by taiga
taiga_user_registration_allowed_domains: [ "{{ ansible_domain }}" ]
# Max upload file size (in MB)
taiga_max_upload_file_size: 20

# Email settings
taiga_email_from: taiga-no-reply@{{ ansible_domain }}
taiga_smtp_server: localhost
taiga_smtp_port: 25
taiga_smtp_tls: "{{ (taiga_smtp_port == 587) | ternary(True, False) }}"
taiga_smtp_ssl: "{{ (taiga_smtp_port == 465) | ternary(True, False) }}"
# If your SMTP server requires an authentication, set the following variables
#taiga_smtp_user: taiga@example.org
#taiga_smtp_pass: p@ssw0rd

# OIDC authentication
taiga_oidc_auth: False
taiga_oidc_base_url: https://sso.{{ ansible_domain }}/oauth2
taiga_oidc_auth_url: "{{ taiga_oidc_base_url }}/authorize"
taiga_oidc_user_url: "{{ taiga_oidc_base_url }}/userinfo"
taiga_oidc_token_url: "{{ taiga_oidc_base_url }}/token"
taiga_oidc_scope: openid email profile
taiga_oidc_name: SSO ({{ ansible_domain }})
taiga_oidc_client_id: taiga
# taiga_oidc_client_secret must be provided
# taiga_oidc_client_secret: S3cr3t.
taiga_oidc_id_field: sub
taiga_oidc_user_field: sub
taiga_oidc_fullname_field: name
taiga_oidc_email_field: email