kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-29 15:06:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Huge role refactoring/cleanup. Other commits will propably follow. Because some bugs will exist. Still important for longrun and also for auto docs/help/slideshow generation

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-07-08 23:43:13 +02:00
parent 6b87a049d4
commit 563d5fd528
1242 changed files with 2301 additions and 1355 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
roles/web-app-wordpress/tasks/install.yml Normal file
View File

@@ -0,0 +1,12 @@
- name: "Run WordPress core install via WP CLI"
command: >
docker-compose exec -T -u www-data application
wp core install
--url="{{ domains | get_url(application_id, web_protocol) }}"
--title="{{ applications[application_id].title }}"
--admin_user="{{ applications[application_id].users.administrator.username }}"
--admin_password="{{ applications[application_id].credentials.administrator_password }}"
--admin_email="{{ applications[application_id].users.administrator.email }}"
--path="{{ wordpress_docker_html_path }}"
args:
chdir: "{{ docker_compose.directories.instance }}"

43
roles/web-app-wordpress/tasks/main.yml Normal file
View File

@@ -0,0 +1,43 @@
---
- name: "Include service-rdbms-central"
include_role:
name: service-rdbms-central
- name: "Include role webserver-proxy-domain for {{ application_id }}"
include_role:
name: webserver-proxy-domain
loop: "{{ applications[application_id].domains.canonical }}"
loop_control:
loop_var: domain
vars:
nginx_docker_reverse_proxy_extra_configuration: "client_max_body_size {{ wordpress_max_upload_size }};"
http_port: "{{ ports.localhost.http[application_id] }}"
- name: "Transfering upload.ini to {{ docker_compose.directories.instance }}"
template:
src: upload.ini.j2
dest: "{{ docker_compose.directories.instance }}upload.ini"
notify: docker compose up
- name: "Transfering msmtprc to {{ host_msmtp_conf }}"
template:
src: "{{ playbook_dir }}/roles/msmtp/templates/msmtprc.conf.j2"
dest: "{{ host_msmtp_conf }}"
notify: docker compose up
- name: "Install wordpress"
include_tasks: install.yml
- name: "Install and activate WordPress plugins from application config"
block:
- name: "Iterate through WordPress plugins"
include_tasks: plugin.yml
loop: "{{ applications[application_id].plugins | dict2items }}"
loop_control:
label: "{{ item.key }}"
vars:
plugin_name: "{{ item.key }}"
plugin_enabled: "{{ item.value.enabled | bool }}"
plugin_task_path: "{{ role_path }}/tasks/plugins/{{ plugin_name }}/install.yml"
when: plugin_enabled

18
roles/web-app-wordpress/tasks/plugin.yml Normal file
View File

@@ -0,0 +1,18 @@
---
- name: "Check if plugin has a dedicated install task"
stat:
path: "{{ plugin_task_path }}"
register: plugin_task_file
- name: "Include plugin-specific install task if it exists"
include_tasks: "{{ plugin_task_path }}"
when: plugin_task_file.stat.exists
- name: "Install and activate WordPress plugin via WP CLI"
command: >
docker-compose exec -u www-data -T application
wp plugin install {{ plugin_name }} --activate
--path={{ wordpress_docker_html_path }}
args:
chdir: "{{ docker_compose.directories.instance }}"
when: not plugin_task_file.stat.exists

15
roles/web-app-wordpress/tasks/plugins/README.md Normal file
View File

@@ -0,0 +1,15 @@
# WordPress Plugins
This WordPress setup integrates several powerful plugins to extend functionality with authentication, federation, and external discussion platforms:
## 🔐 OpenID Connect Generic Client
Enables secure login via OpenID Connect (OIDC).
Plugin used: [daggerhart-openid-connect-generic](https://wordpress.org/plugins/daggerhart-openid-connect-generic/)
## 💬 WP Discourse
Seamlessly connects WordPress with a Discourse forum for comments, discussions, and single sign-on (SSO).
Plugin used: [wp-discourse](https://wordpress.org/plugins/wp-discourse/)
## 🌍 ActivityPub
Federates your blog with the Fediverse, making it accessible on platforms like Mastodon and Friendica.
Plugin used: [activitypub](https://wordpress.org/plugins/activitypub/)

25
roles/web-app-wordpress/tasks/plugins/daggerhart-openid-connect-generic.yml Normal file
View File

@@ -0,0 +1,25 @@
- name: "Load OIDC settings variables"
include_vars:
file: "{{ role_path }}/vars/oidc.yml"
name: oidc_vars
- name: "Ensure the OIDC settings option exists as a PHP-serialized empty array"
# Generate an empty serialized array in the container, then add or update the option
command: >
docker-compose exec -u www-data -T application bash -lc
"serialized_empty_array=$(wp eval 'echo serialize(array());' --path={{ wordpress_docker_html_path }}); \
wp option add openid_connect_generic_settings \"$serialized_empty_array\" --path={{ wordpress_docker_html_path }} \
|| wp option update openid_connect_generic_settings \"$serialized_empty_array\" --path={{ wordpress_docker_html_path }};"
args:
chdir: "{{ docker_compose.directories.instance }}"
failed_when: false
- name: "Apply all OIDC settings via WP-CLI eval (safe via base64)"
# Convert the settings map to base64-encoded JSON to avoid shell escaping issues
vars:
oidc_settings_json_b64: "{{ oidc_vars.oidc_settings | to_json | b64encode }}"
command: >
docker-compose exec -u www-data -T application bash -lc
"wp eval \"update_option('openid_connect_generic_settings', json_decode(base64_decode('{{ oidc_settings_json_b64 }}'), true));\" --path={{ wordpress_docker_html_path }}"
args:
chdir: "{{ docker_compose.directories.instance }}"

94
roles/web-app-wordpress/tasks/plugins/wp-discourse.yml Normal file
View File

@@ -0,0 +1,94 @@
---
- name: "Include web-app-discourse"
include_role:
name: web-app-discourse
- name: Wait for Discourse API
wait_for:
host: "{{ domains | get_domain('discourse') }}"
port: 80
delay: 5
timeout: 600
- name: Add /var/www/discourse to Git safe.directory
command: >
docker exec {{ applications.discourse.container }} \
git config --global --add safe.directory /var/www/discourse
args:
chdir: "{{ docker_compose.directories.instance }}"
changed_when: false
- name: Revoke old WP Discourse API keys via Rails
command: >
docker exec {{ applications.discourse.container }} bash -lc "\
cd /var/www/discourse && \
script/rails runner \"\
ApiKey.where(\
user_id: User.find_by_username('system').id,\
description: 'WP Discourse Integration',\
revoked_at: nil\
).update_all(revoked_at: Time.current)\
\""
args:
chdir: "{{ docker_compose.directories.instance }}"
changed_when: false
failed_when: false
- name: Generate new WP Discourse API key via Rake task
command: >
docker exec {{ applications.discourse.container }} bash -lc "\
cd /var/www/discourse && \
bin/rake api_key:create_master['WP Discourse Integration']\
"
args:
chdir: "{{ docker_compose.directories.instance }}"
register: discourse_generated_api_key
- name: Store the new WP Discourse API key in a fact
set_fact:
vault_discourse_api_key: "{{ discourse_generated_api_key.stdout | trim }}"
- name: "Load WP Discourse settings"
include_vars:
file: "{{ role_path }}/vars/discourse.yml"
- name: "Install WP Discourse plugin"
command: >
docker-compose exec -u www-data -T application
wp plugin install wp-discourse --activate
--path={{ wordpress_docker_html_path }}
args:
chdir: "{{ docker_compose.directories.instance }}"
- name: "Configure WP Discourse settings"
loop: "{{ discourse_settings | map(attribute='name') | unique | list }}"
loop_control:
label: "{{ item }}"
vars:
option_name: "{{ item }}"
option_items: >-
{{ discourse_settings
| selectattr('name', 'equalto', option_name)
| list
}}
option_kv: >-
{{ dict(
option_items | map(attribute='key')
| zip(option_items | map(attribute='value'))
) }}
option_json_b64: "{{ option_kv | to_json | b64encode }}"
command: >
docker-compose exec -u www-data -T application bash -lc
"wp eval \"update_option(
'{{ option_name }}',
json_decode(
base64_decode('{{ option_json_b64 }}'),
true
)
);\" --path={{ wordpress_docker_html_path }}"
args:
chdir: "{{ docker_compose.directories.instance }}"