kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-29 15:06:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Huge role refactoring/cleanup. Other commits will propably follow. Because some bugs will exist. Still important for longrun and also for auto docs/help/slideshow generation

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-07-08 23:43:13 +02:00
parent 6b87a049d4
commit 563d5fd528
1242 changed files with 2301 additions and 1355 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
roles/web-app-wordpress/Administration.md Normal file
View File

@@ -0,0 +1,42 @@
# Administration
## database
If you use a local instead of a central database you can use the following commands.
### access database
To access the database execute:
```bash
docker-compose exec -it database /bin/mysql -u wordpress -p
```
### upgrade database
To upgrade the database execute:
```bash
docker-compose exec -it database /bin/mysql_upgrade --user=root --password=
```
## change database root password
- https://wolfgang.gassler.org/reset-password-mariadb-mysql-docker/
- https://www.digitalocean.com/community/tutorials/how-to-reset-your-mysql-or-mariadb-root-password
## shell in docker
To execute the commands in the docker container execute:
```bash
docker-compose exec -it application /bin/sh
```
## Test Email
To test the email execute:
```bash
docker-compose exec -it application /bin/sh -c 'echo "Test Email" | sendmail -v your-email@example.com'
```

52
roles/web-app-wordpress/README.md Normal file
View File

@@ -0,0 +1,52 @@
# WordPress
## Description
[WordPress](https://en.wordpress.org/) is a versatile and widely used [content management system (CMS)](https://en.wikipedia.org/wiki/Content_management_system) that powers millions of websites—from blogs and portfolios to e-commerce and corporate sites. This deployment provides a containerized WordPress instance optimized for multisite operation, advanced media management, and extensive plugin support, allowing you to fully leverage the rich features of the WordPress software.
## Overview
WordPress offers an extensive array of features that make it a robust platform for building and managing digital content:
- **User-Friendly Interface:**
Enjoy a modern, intuitive dashboard for effortless content creation, editing, and management.
- **Customizable Themes and Plugins:**
Extend your sites functionality with thousands of themes and plugins, enabling you to tailor your websites look, feel, and capabilities to your exact needs.
- **Multisite Management:**
Easily create and maintain multiple sites with a single WordPress installation, ideal for networks of blogs, corporate intranets, or educational institutions.
- **Responsive Design:**
Ensure that your website looks great on all devices with mobile-friendly themes and layouts.
- **Advanced SEO Tools:**
Optimize your site's visibility in search engines using built-in support for SEO best practices and a rich ecosystem of SEO plugins.
- **Robust Media Management:**
Manage your images, videos, and other media with an integrated media library, including options for enhanced upload limits and dynamic content delivery.
- **Extensive Community and Ecosystem:**
Benefit from a massive community with frequent updates, security patches, and a wide range of thirdparty tools that continuously enhance the platform.
This automated Docker Compose deployment streamlines the process by building a custom WordPress image (which includes tools like msmtp for email delivery) and configuring the necessary PHP settings. In doing so, it ensures that your WordPress site is secure, scalable, and always uptodate.
This deployment provides a containerized WordPress instance optimized for multisite operation, advanced media management, and extensive plugin support—including optional integration with Discourse forums.
## Purpose
The goal of this deployment is to provide a productionready, scalable WordPress instance with multisite capabilities and enhanced performance. By automating the custom image build and configuration processes via Docker Compose and Ansible, it minimizes manual intervention, reduces errors, and allows you to concentrate on building great content.
## Further Resources
- [WordPress Official Website](https://wordpress.org/)
- [WordPress Multisite Documentation](https://wordpress.org/support/article/create-a-network/)
- [WordPress Plugin Repository](https://wordpress.org/plugins/)
- [WP Discourse Plugin](https://wordpress.org/plugins/wp-discourse/)
## Credits
Developed and maintained by **Kevin VeenBirkenbach**
Learn more at [veen.world](https://veen.world)
Part of the [CyMaIS Project](https://github.com/kevinveenbirkenbach/cymais)
License: [CyMaIS NonCommercial License (CNCL)](https://s.veen.world/cncl)

30
roles/web-app-wordpress/meta/main.yml Normal file
View File

@@ -0,0 +1,30 @@
---
galaxy_info:
author: "Kevin Veen-Birkenbach"
description: >
Use the full power of WordPress—with its intuitive interface, customizable themes and plugins,
responsive design, and advanced SEO tools—in a scalable and secure containerized environment.
license: "CyMaIS NonCommercial License (CNCL)"
license_url: "https://s.veen.world/cncl"
company: |
Kevin Veen-Birkenbach
Consulting & Coaching Solutions
https://www.veen.world
min_ansible_version: "2.9"
platforms:
- name: Archlinux
versions:
- rolling
galaxy_tags:
- wordpress
- docker
- multisite
- automation
- blog
repository: "https://s.veen.world/cymais"
issue_tracker_url: "https://s.veen.world/cymaisissues"
documentation: "https://s.veen.world/cymais"
logo:
class: "fa-solid fa-blog"
run_after:
- web-app-keycloak

5
roles/web-app-wordpress/meta/schema.yml Normal file
View File

@@ -0,0 +1,5 @@
credentials:
administrator_password:
description: "Initial password for the WordPress admin account"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"

4
roles/web-app-wordpress/meta/users.yml Normal file
View File

@@ -0,0 +1,4 @@
users: # Credentials
administrator: # Wordpress administrator
username: "administrator"
email: "administrator@{{ primary_domain }}"

12
roles/web-app-wordpress/tasks/install.yml Normal file
View File

@@ -0,0 +1,12 @@
- name: "Run WordPress core install via WP CLI"
command: >
docker-compose exec -T -u www-data application
wp core install
--url="{{ domains | get_url(application_id, web_protocol) }}"
--title="{{ applications[application_id].title }}"
--admin_user="{{ applications[application_id].users.administrator.username }}"
--admin_password="{{ applications[application_id].credentials.administrator_password }}"
--admin_email="{{ applications[application_id].users.administrator.email }}"
--path="{{ wordpress_docker_html_path }}"
args:
chdir: "{{ docker_compose.directories.instance }}"

43
roles/web-app-wordpress/tasks/main.yml Normal file
View File

@@ -0,0 +1,43 @@
---
- name: "Include service-rdbms-central"
include_role:
name: service-rdbms-central
- name: "Include role webserver-proxy-domain for {{ application_id }}"
include_role:
name: webserver-proxy-domain
loop: "{{ applications[application_id].domains.canonical }}"
loop_control:
loop_var: domain
vars:
nginx_docker_reverse_proxy_extra_configuration: "client_max_body_size {{ wordpress_max_upload_size }};"
http_port: "{{ ports.localhost.http[application_id] }}"
- name: "Transfering upload.ini to {{ docker_compose.directories.instance }}"
template:
src: upload.ini.j2
dest: "{{ docker_compose.directories.instance }}upload.ini"
notify: docker compose up
- name: "Transfering msmtprc to {{ host_msmtp_conf }}"
template:
src: "{{ playbook_dir }}/roles/msmtp/templates/msmtprc.conf.j2"
dest: "{{ host_msmtp_conf }}"
notify: docker compose up
- name: "Install wordpress"
include_tasks: install.yml
- name: "Install and activate WordPress plugins from application config"
block:
- name: "Iterate through WordPress plugins"
include_tasks: plugin.yml
loop: "{{ applications[application_id].plugins | dict2items }}"
loop_control:
label: "{{ item.key }}"
vars:
plugin_name: "{{ item.key }}"
plugin_enabled: "{{ item.value.enabled | bool }}"
plugin_task_path: "{{ role_path }}/tasks/plugins/{{ plugin_name }}/install.yml"
when: plugin_enabled

18
roles/web-app-wordpress/tasks/plugin.yml Normal file
View File

@@ -0,0 +1,18 @@
---
- name: "Check if plugin has a dedicated install task"
stat:
path: "{{ plugin_task_path }}"
register: plugin_task_file
- name: "Include plugin-specific install task if it exists"
include_tasks: "{{ plugin_task_path }}"
when: plugin_task_file.stat.exists
- name: "Install and activate WordPress plugin via WP CLI"
command: >
docker-compose exec -u www-data -T application
wp plugin install {{ plugin_name }} --activate
--path={{ wordpress_docker_html_path }}
args:
chdir: "{{ docker_compose.directories.instance }}"
when: not plugin_task_file.stat.exists

15
roles/web-app-wordpress/tasks/plugins/README.md Normal file
View File

@@ -0,0 +1,15 @@
# WordPress Plugins
This WordPress setup integrates several powerful plugins to extend functionality with authentication, federation, and external discussion platforms:
## 🔐 OpenID Connect Generic Client
Enables secure login via OpenID Connect (OIDC).
Plugin used: [daggerhart-openid-connect-generic](https://wordpress.org/plugins/daggerhart-openid-connect-generic/)
## 💬 WP Discourse
Seamlessly connects WordPress with a Discourse forum for comments, discussions, and single sign-on (SSO).
Plugin used: [wp-discourse](https://wordpress.org/plugins/wp-discourse/)
## 🌍 ActivityPub
Federates your blog with the Fediverse, making it accessible on platforms like Mastodon and Friendica.
Plugin used: [activitypub](https://wordpress.org/plugins/activitypub/)

25
roles/web-app-wordpress/tasks/plugins/daggerhart-openid-connect-generic.yml Normal file
View File

@@ -0,0 +1,25 @@
- name: "Load OIDC settings variables"
include_vars:
file: "{{ role_path }}/vars/oidc.yml"
name: oidc_vars
- name: "Ensure the OIDC settings option exists as a PHP-serialized empty array"
# Generate an empty serialized array in the container, then add or update the option
command: >
docker-compose exec -u www-data -T application bash -lc
"serialized_empty_array=$(wp eval 'echo serialize(array());' --path={{ wordpress_docker_html_path }}); \
wp option add openid_connect_generic_settings \"$serialized_empty_array\" --path={{ wordpress_docker_html_path }} \
|| wp option update openid_connect_generic_settings \"$serialized_empty_array\" --path={{ wordpress_docker_html_path }};"
args:
chdir: "{{ docker_compose.directories.instance }}"
failed_when: false
- name: "Apply all OIDC settings via WP-CLI eval (safe via base64)"
# Convert the settings map to base64-encoded JSON to avoid shell escaping issues
vars:
oidc_settings_json_b64: "{{ oidc_vars.oidc_settings | to_json | b64encode }}"
command: >
docker-compose exec -u www-data -T application bash -lc
"wp eval \"update_option('openid_connect_generic_settings', json_decode(base64_decode('{{ oidc_settings_json_b64 }}'), true));\" --path={{ wordpress_docker_html_path }}"
args:
chdir: "{{ docker_compose.directories.instance }}"

94
roles/web-app-wordpress/tasks/plugins/wp-discourse.yml Normal file
View File

@@ -0,0 +1,94 @@
---
- name: "Include web-app-discourse"
include_role:
name: web-app-discourse
- name: Wait for Discourse API
wait_for:
host: "{{ domains | get_domain('discourse') }}"
port: 80
delay: 5
timeout: 600
- name: Add /var/www/discourse to Git safe.directory
command: >
docker exec {{ applications.discourse.container }} \
git config --global --add safe.directory /var/www/discourse
args:
chdir: "{{ docker_compose.directories.instance }}"
changed_when: false
- name: Revoke old WP Discourse API keys via Rails
command: >
docker exec {{ applications.discourse.container }} bash -lc "\
cd /var/www/discourse && \
script/rails runner \"\
ApiKey.where(\
user_id: User.find_by_username('system').id,\
description: 'WP Discourse Integration',\
revoked_at: nil\
).update_all(revoked_at: Time.current)\
\""
args:
chdir: "{{ docker_compose.directories.instance }}"
changed_when: false
failed_when: false
- name: Generate new WP Discourse API key via Rake task
command: >
docker exec {{ applications.discourse.container }} bash -lc "\
cd /var/www/discourse && \
bin/rake api_key:create_master['WP Discourse Integration']\
"
args:
chdir: "{{ docker_compose.directories.instance }}"
register: discourse_generated_api_key
- name: Store the new WP Discourse API key in a fact
set_fact:
vault_discourse_api_key: "{{ discourse_generated_api_key.stdout | trim }}"
- name: "Load WP Discourse settings"
include_vars:
file: "{{ role_path }}/vars/discourse.yml"
- name: "Install WP Discourse plugin"
command: >
docker-compose exec -u www-data -T application
wp plugin install wp-discourse --activate
--path={{ wordpress_docker_html_path }}
args:
chdir: "{{ docker_compose.directories.instance }}"
- name: "Configure WP Discourse settings"
loop: "{{ discourse_settings | map(attribute='name') | unique | list }}"
loop_control:
label: "{{ item }}"
vars:
option_name: "{{ item }}"
option_items: >-
{{ discourse_settings
| selectattr('name', 'equalto', option_name)
| list
}}
option_kv: >-
{{ dict(
option_items | map(attribute='key')
| zip(option_items | map(attribute='value'))
) }}
option_json_b64: "{{ option_kv | to_json | b64encode }}"
command: >
docker-compose exec -u www-data -T application bash -lc
"wp eval \"update_option(
'{{ option_name }}',
json_decode(
base64_decode('{{ option_json_b64 }}'),
true
)
);\" --path={{ wordpress_docker_html_path }}"
args:
chdir: "{{ docker_compose.directories.instance }}"

15
roles/web-app-wordpress/templates/Dockerfile.j2 Normal file
View File

@@ -0,0 +1,15 @@
FROM wordpress:{{applications[application_id].version}}
# Install msmtp and update system
RUN apt-get update && \
apt-get install -y msmtp msmtp-mta && \
rm -rf /var/lib/apt/lists/*
# Install WP CLI
RUN curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar && \
chmod +x wp-cli.phar && \
mv wp-cli.phar /usr/local/bin/wp
# Copy msmtp configuration and PHP upload settings
COPY config/msmtprc.conf /etc/msmtprc
COPY upload.ini $PHP_INI_DIR/conf.d/

20
roles/web-app-wordpress/templates/docker-compose.yml.j2 Normal file
View File

@@ -0,0 +1,20 @@
{% include 'roles/docker-compose/templates/base.yml.j2' %}
application:
{% include 'roles/docker-container/templates/base.yml.j2' %}
image: {{wordpress_custom_image}}
container_name: wordpress-application
build:
context: .
ports:
- "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
volumes:
- data:{{ wordpress_docker_html_path }}
{% include 'roles/docker-container/templates/healthcheck/msmtp_curl.yml.j2' %}
{% include 'roles/docker-container/templates/depends_on/dmbs_excl.yml.j2' %}
{% include 'roles/docker-container/templates/networks.yml.j2' %}
{% include 'roles/docker-compose/templates/networks.yml.j2' %}
{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
data:

9
roles/web-app-wordpress/templates/env.j2 Normal file
View File

@@ -0,0 +1,9 @@
WORDPRESS_DB_HOST= "{{database_host}}:{{database_port}}"
WORDPRESS_DB_USER= "{{database_username}}"
WORDPRESS_DB_PASSWORD= "{{database_password}}"
WORDPRESS_DB_NAME= "{{database_name}}"
# Debug flags
WP_DEBUG={{ enable_debug | lower }}
WP_DEBUG_LOG={{ enable_debug | lower }}
WP_DEBUG_DISPLAY={{ enable_debug | lower }}

8
roles/web-app-wordpress/templates/upload.ini.j2 Normal file
View File

@@ -0,0 +1,8 @@
file_uploads = On
memory_limit = {{ wordpress_max_upload_size }}
upload_max_filesize = {{ wordpress_max_upload_size }}
post_max_size = {{ wordpress_max_upload_size }}
max_execution_time = 300
; Use msmtp as the Mail Transfer Agent
sendmail_path = "/usr/bin/msmtp -t"

57
roles/web-app-wordpress/vars/configuration.yml Normal file
View File

@@ -0,0 +1,57 @@
title: "Blog" # Wordpress titel
plugins:
wp-discourse:
enabled: "{{ 'discourse' in group_names | lower }}"
daggerhart-openid-connect-generic:
enabled: true
activitypub:
enabled: true
features:
matomo: true
css: false
portfolio_iframe: true
oidc: true
central_database: true
version: latest
csp:
flags:
style-src:
unsafe-inline: true
script-src-elem:
unsafe-inline: true
script-src:
unsafe-eval: true
whitelist:
worker-src:
- "blob:"
font-src:
- "data:"
- "https://fonts.bunny.net"
script-src-elem:
- "https://cdn.gtranslate.net" # Necessary for translation plugins
- "https://translate.google.com" # Necessary for translation plugins
- "blog.{{ primary_domain }}"
style-src:
- "https://fonts.bunny.net"
frame-src:
- "blob:"
- "*.{{ primary_domain }}"
domains:
canonical:
- "blog.{{ primary_domain }}"
docker:
services:
database:
enabled: true
rbac:
roles:
subscriber:
description: "Can read posts and leave comments but cannot write or manage content"
author:
description: "Can write and manage own posts"
contributor:
description: "Can write and submit posts for review but cannot publish"
editor:
description: "Can publish and manage all posts, including those by other users"
administrator:
description: "Has full administrative access: manage themes, plugins, settings, and users"

245
roles/web-app-wordpress/vars/discourse.yml Normal file
View File

@@ -0,0 +1,245 @@
# Defines WP Discourse plugin settings
# @see https://github.com/discourse/wp-discourse
# roles/web-app-wordpress/vars/discourse.yml
# Defines WP Discourse plugin settings (exported from your current wp_options dump)
discourse_settings:
#- name: wpdc_discourse_domain
# key: wpdc_discourse_domain
# value: ""
- name: discourse_connect
key: url
value: "{{ domains | get_url('discourse', web_protocol) }}"
- name: discourse_connect
key: api-key
value: "{{ vault_discourse_api_key }}"
- name: discourse_connect
key: publish-username
value: "system"
#- name: discourse_publish
# key: display-subcategories
# value: false
#- name: discourse_publish
# key: publish-category
# value: false
#- name: discourse_publish
# key: publish-category-update
# value: false
#- name: discourse_publish
# key: full-post-content
# value: false
#- name: discourse_publish
# key: allow-tags
# value: false
#- name: discourse_publish
# key: max-tags
# value: 5
#- name: discourse_publish
# key: publish-as-unlisted
# value: false
#- name: discourse_publish
# key: custom-excerpt-length
# value: 55
#- name: discourse_publish
# key: add-featured-link
# value: false
#- name: discourse_publish
# key: auto-publish
# value: false
#- name: discourse_publish
# key: force-publish
# value: false
#- name: discourse_publish
# key: force-publish-max-age
# value: 0
#- name: discourse_publish
# key: publish-failure-notice
# value: true
#- name: discourse_publish
# key: publish-failure-email
# value: "{{ users.administrator.email }}"
#- name: discourse_publish
# key: auto-track
# value: true
#- name: discourse_publish
# key: allowed_post_types
# value:
# - post
#- name: discourse_publish
# key: hide-discourse-name-field
# value: false
#- name: discourse_publish
# key: discourse-username-editable
# value: false
#
#- name: discourse_comment
# key: enable-discourse-comments
# value: false
#- name: discourse_comment
# key: comment-type
# value: "display-comments"
#- name: discourse_comment
# key: ajax-load
# value: false
#- name: discourse_comment
# key: cache-html
# value: false
#- name: discourse_comment
# key: clear-cached-comment-html
# value: false
#- name: discourse_comment
# key: discourse-new-tab
# value: false
#- name: discourse_comment
# key: comment-sync-period
# value: 10
#- name: discourse_comment
# key: hide-wordpress-comments
# value: false
#- name: discourse_comment
# key: show-existing-comments
# value: false
#- name: discourse_comment
# key: existing-comments-heading
# value: ""
#- name: discourse_comment
# key: max-comments
# value: 5
#- name: discourse_comment
# key: min-replies
# value: 1
#- name: discourse_comment
# key: min-score
# value: 0
#- name: discourse_comment
# key: min-trust-level
# value: 1
#- name: discourse_comment
# key: bypass-trust-level-score
# value: 50
#- name: discourse_comment
# key: custom-datetime-format
# value: ""
#- name: discourse_comment
# key: only-show-moderator-liked
# value: false
#- name: discourse_comment
# key: load-comment-css
# value: false
#
#- name: discourse_configurable_text
# key: discourse-link-text
# value: ""
#- name: discourse_configurable_text
# key: start-discussion-text
# value: "Start the discussion at"
#- name: discourse_configurable_text
# key: continue-discussion-text
# value: "Continue the discussion at"
#- name: discourse_configurable_text
# key: join-discussion-text
# value: "Join the discussion at"
#- name: discourse_configurable_text
# key: comments-singular-text
# value: "Comment"
#- name: discourse_configurable_text
# key: comments-plural-text
# value: "Comments"
#- name: discourse_configurable_text
# key: no-comments-text
# value: "Join the Discussion"
#- name: discourse_configurable_text
# key: notable-replies-text
# value: "Notable Replies"
#- name: discourse_configurable_text
# key: comments-not-available-text
# value: "Comments are not currently available for this post."
#- name: discourse_configurable_text
# key: participants-text
# value: "Participants"
#- name: discourse_configurable_text
# key: published-at-text
# value: "Originally published at:"
#- name: discourse_configurable_text
# key: single-reply-text
# value: "Reply"
#- name: discourse_configurable_text
# key: many-replies-text
# value: "Replies"
#- name: discourse_configurable_text
# key: more-replies-more-text
# value: "more"
#- name: discourse_configurable_text
# key: external-login-text
# value: "Log in with Discourse"
#- name: discourse_configurable_text
# key: link-to-discourse-text
# value: "Link your account to Discourse"
#- name: discourse_configurable_text
# key: linked-to-discourse-text
# value: "Your account is linked with Discourse!"
#
#- name: discourse_webhook
# key: use-discourse-webhook
# value: false
#- name: discourse_webhook
# key: webhook-secret
# value: ""
#- name: discourse_webhook
# key: webhook-match-old-topics
# value: false
#- name: discourse_webhook
# key: use-discourse-user-webhook
# value: false
#- name: discourse_webhook
# key: webhook-match-user-email
# value: false
#
#- name: discourse_sso_common
# key: sso-secret
# value: ""
#
#- name: discourse_sso_provider
# key: enable-sso
# value: false
#- name: discourse_sso_provider
# key: auto-create-sso-user
# value: false
#- name: discourse_sso_provider
# key: login-path
# value: ""
#- name: discourse_sso_provider
# key: real-name-as-discourse-name
# value: false
#- name: discourse_sso_provider
# key: force-avatar-update
# value: false
#- name: discourse_sso_provider
# key: redirect-without-login
# value: false
#
#- name: discourse_sso_client
# key: sso-desktop-enabled
# value: false
#- name: discourse_sso_client
# key: sso-desktop-login-form-change
# value: false
#- name: discourse_sso_client
# key: sso-desktop-login-form-redirect
# value: ""
#- name: discourse_sso_client
# key: sso-desktop-sync-by-email
# value: false
#- name: discourse_sso_client
# key: sso-desktop-disable-create-user
# value: false
#- name: discourse_sso_client
# key: sso-desktop-sync-logout
# value: false
#
- name: discourse_logs
key: logs-enabled
value: "{{ enable_debug }}"

6
roles/web-app-wordpress/vars/main.yml Normal file
View File

@@ -0,0 +1,6 @@
application_id: "wordpress"
wordpress_max_upload_size: "64M"
database_type: "mariadb"
wordpress_custom_image: "wordpress_custom"
wordpress_docker_html_path: "/var/www/html"
host_msmtp_conf: "{{docker_compose.directories.config}}msmtprc.conf"

29
roles/web-app-wordpress/vars/oidc.yml Normal file
View File

@@ -0,0 +1,29 @@
# vars/oidc.yml
# Defines OIDC settings for the OpenID Connect Generic plugin, with explanatory comments.
# @see https://github.com/oidc-wp/openid-connect-generic/blob/develop/includes/openid-connect-generic-option-settings.php
oidc_settings:
client_id: "{{ oidc.client.id }}" # The client ID that identifies WordPress as the OIDC client.
client_secret: "{{ oidc.client.secret }}" # The secret key used by WordPress to authenticate to the OIDC provider.
endpoint_login: "{{ oidc.client.authorize_url }}" # URL of the authorization endpoint to initiate the login flow.
endpoint_token: "{{ oidc.client.token_url }}" # URL of the token endpoint for exchanging authorization codes for tokens.
endpoint_userinfo: "{{ oidc.client.user_info_url }}" # URL of the userinfo endpoint to retrieve user profile data.
endpoint_end_session: "{{ oidc.client.logout_url }}" # URL of the end-session endpoint to log users out of the IDP.
login_type: "auto" # Determines how the login interface is rendered (e.g., button or form).
scope: "openid profile email" # Scopes requested from the OIDC provider during authentication.
create_if_does_not_exist: true # Auto-create a new WP user if one doesnt exist.
enforce_privacy: false # Require authentication for all site pages if set to true.
link_existing_users: true # Link OIDC login to existing WP users by matching email.
redirect_on_logout: true # Redirect users after logout to the login screen or homepage.
redirect_user_back: true # Return users to their original URL after successful login.
#acr_values: "{{ oidc.client.acr_values | default('') }}" # ACR values defining required authentication context (e.g., MFA level).
enable_logging: "{{ enable_debug }}" # Enable detailed plugin logging for debugging and auditing.
# log_limit: "{{ oidc.client.log_limit | default('') }}" # Maximum number of log entries to retain before pruning.
no_sslverify: false # The flag to enable/disable SSL verification during authorization.
http_request_timeout: 5 # The timeout for requests made to the IDP. Default value is 5.
identity_key: "{{ oidc.attributes.username }}" # The key in the user claim array to find the user's identification data.
nickname_key: "{{ oidc.attributes.username }}" # The key in the user claim array to find the user's nickname.
email_format: "{{ oidc.attributes.email }}" # The key(s) in the user claim array to formulate the user's email address.
displayname_format: "{{ oidc.attributes.given_name }} {{ oidc.attributes.family_name }}" # The key(s) in the user claim array to formulate the user's display name.
identify_with_username: true # The flag which indicates how the user's identity will be determined.
state_time_limit: 180 # The valid time limit of the state, in seconds. Defaults to 180 seconds.