kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-29 23:08:06 +02:00
Code Issues Packages Projects Releases Wiki Activity

Optimized namings in moodle

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-08-08 09:12:50 +02:00
parent 2996c7cbb6
commit 220e3e1c60
4 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
roles/web-app-moodle/tasks/03_oidc.yml Normal file
View File

@@ -0,0 +1,60 @@
---
- name: Check if OIDC plugin is present in container
command: >
docker exec --user root {{ moodle_container }} test -d {{ bitnami_oidc_plugin_dir }}
register: oidc_plugin_check
ignore_errors: true
changed_when: false
- name: Fail if plugin not present to avoid broken auth
fail:
msg: "OIDC plugin not present skipping configuration"
when: oidc_plugin_check.rc != 0
#- name: "Upgrade Moodle to apply OIDC plugin"
# command: "docker exec --user {{ bitnami_user }} {{ moodle_container }} php /opt/bitnami/moodle/admin/cli/upgrade.php --non-interactive"
#
#- name: Clear Moodle cache
# command: >
# docker exec --user {{ bitnami_user }} {{ moodle_container }} php /opt/bitnami/moodle/admin/cli/purge_caches.php
- name: "Set Moodle OIDC configuration via CLI"
loop:
- { name: "idptype", value: 3 }
- { name: "clientauthmethod", value: 1 }
- { name: "clientid", value: "{{ oidc.client.id }}" }
- { name: "clientsecret", value: "{{ oidc.client.secret }}" }
- { name: "opname", value: "{{oidc.button_text}}" }
- { name: "oidcscope", value: "openid profile email" }
- { name: "authendpoint", value: "{{ oidc.client.authorize_url }}" }
- { name: "tokenendpoint", value: "{{ oidc.client.token_url }}" }
- { name: "bindingusernameclaim", value: "{{ oidc.attributes.username }}" }
- { name: "single_sign_off", value: 1 } # Logs the user out from the IDP
- { name: "logouturi", value: "{{ oidc.client.logout_url }}" }
- { name: "icon", value: "moodle:t/lock" }
- { name: "field_map_firstname", value: "{{ oidc.attributes.given_name }}" }
- { name: "field_lock_firstname", value: "locked" }
- { name: "field_map_lastname", value: "{{ oidc.attributes.family_name }}" }
- { name: "field_lock_lastname", value: "locked" }
- { name: "field_map_email", value: "locked" }
#- { name: "showloginform", value: 0 } # Deactivate if OIDC is active
- { name: "alternateloginurl", value: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}/auth/oidc/" }
loop_control:
label: "{{ item.name }}"
command: >
docker exec --user {{ bitnami_user }} {{ moodle_container }} php /opt/bitnami/moodle/admin/cli/cfg.php --component=auth_oidc
--name={{ item.name }} --set="{{ item.value }}"
- name: "Enable OIDC login"
command: "docker exec --user {{ bitnami_user }} {{ moodle_container }} php /opt/bitnami/moodle/admin/cli/cfg.php --name=auth --set=oidc"
- name: Set auth = 'oidc' for all users except guest
shell: >
docker exec {{ database_instance }} mariadb -u {{ database_username }} -p{{ database_password }}
-e "UPDATE moodle.mdl_user SET auth = 'oidc' WHERE username != 'guest';"
args:
executable: /bin/bash
#- name: Prevent Account Creation
# command: docker exec --user {{ bitnami_user }} {{ moodle_container }} php /opt/bitnami/moodle/admin/cli/cfg.php --name=authpreventaccountcreation --set=1