ansible-roles/roles/taiga/defaults/main.yml

---

# Should ansible handle upgrades ? If False, only the initial install will be done
taiga_manage_upgrade: True
# Where taiga will be installed
taiga_root_dir: /opt/taiga
# User under which taiga will run (will be created)
taiga_user: taiga

# Archives URL, versions and expected checksums
taiga_archives:
  back:
    version: 6.7.3
    url: https://github.com/kaleidos-ventures/taiga-back/archive/refs/tags/6.7.3.tar.gz
    sha256: 057ae3948418da70f9bb4afd9467f64ce3cbba8a11f96e4ce5689317019ec7b9
  front:
    version: 6.7.7
    url: https://github.com/kaleidos-ventures/taiga-front-dist/archive/refs/tags/6.7.7.tar.gz
    sha256: 398d30ab9c95ed11dc8c4a0327c5fa279acdd781417a940d077902e3127b2f12
    dir: taiga-front-dist-6.7.7
  events:
    version: 6.7.0
    url: https://github.com/kaleidos-ventures/taiga-events/archive/refs/tags/6.7.0.tar.gz
    sha256: ad05a538dbf207275a742103a4f699fbd6d399b335e0d61834ab020e43e8721f
  protected:
    version: 6.7.0
    url: https://github.com/kaleidos-ventures/taiga-protected/archive/refs/tags/6.7.0.tar.gz
    sha256: 87bf022e637897891852b145b6b2bfc11f75ef4b698db592faf6aacb91c35a10

# Database settings
taiga_db_server: "{{ pg_server | default('localhost') }}"
taiga_db_port: 5432
taiga_db_name: taiga
taiga_db_user: taiga
# If the password is not defined, a random one will be generated and stored under {{ taiga_root_dir }}/meta/ansible_dbpass
# taiga_db_pass: S3cr3t.

# Secret key used by various components
# If not defined, a random one will be created and stored under {{ taiga_root_dir }}/meta/ansible_secret_key
# taiga_secret_key: S3cr3t.

# AMQP settings
taiga_amqp_server: localhost
taiga_amqp_port: 5672
taiga_amqp_user: taiga
taiga_amqp_vhost: taiga
# If the password is not defined, a random one will be create and stored under {{ taiga_root_dir }}/meta/ansible_amqp_pass
# But this is only useful when taiga_amqp_server is localhost. If you use a remote AMQP server, you'll have to define the pass
# taiga_amqp_pass: S3cr3t.

# Ports used by taiga components
# they will only be accessible to localhost and exposed by nginx
# If you want to restrict access at the firewall level (for example, to only allow a reverse proxy), you need to
# set nginx_src_ip to the list of IP (or CIDR network) which will have access to port 80/443
taiga_ports:
  back: 8001
  protected: 8003
  events: 8888

# Public URL to reach taiga
taiga_public_url: https://{{ inventory_hostname }}/

# A default admin user is created during installation
# You can set its password, or a random one will be generated and stored under {{ taiga_root_dir }}/meta/ansible_admin_pass
# taiga_admin_pass: S3cr3t.

# Registration enabled ?
taiga_user_registration: False
# If registration is enabled (or if oidc auth is enabled), you can restrict email domains accepted by taiga
taiga_user_registration_allowed_domains: [ "{{ ansible_domain }}" ]
# Max upload file size (in MB)
taiga_max_upload_file_size: 20

# Email settings
taiga_email_from: taiga-no-reply@{{ ansible_domain }}
taiga_smtp_server: localhost
taiga_smtp_port: 25
taiga_smtp_tls: "{{ (taiga_smtp_port == 587) | ternary(True, False) }}"
taiga_smtp_ssl: "{{ (taiga_smtp_port == 465) | ternary(True, False) }}"
# If your SMTP server requires an authentication, set the following variables
#taiga_smtp_user: taiga@example.org
#taiga_smtp_pass: p@ssw0rd

# OIDC authentication
taiga_oidc_auth: False
taiga_oidc_base_url: https://sso.{{ ansible_domain }}/oauth2
taiga_oidc_auth_url: "{{ taiga_oidc_base_url }}/authorize"
taiga_oidc_user_url: "{{ taiga_oidc_base_url }}/userinfo"
taiga_oidc_token_url: "{{ taiga_oidc_base_url }}/token"
taiga_oidc_scope: openid email profile
taiga_oidc_name: SSO ({{ ansible_domain }})
taiga_oidc_client_id: taiga
# taiga_oidc_client_secret must be provided
# taiga_oidc_client_secret: S3cr3t.
taiga_oidc_id_field: sub
taiga_oidc_user_field: sub
taiga_oidc_fullname_field: name
taiga_oidc_email_field: email