Huge role refactoring/cleanup. Other commits will propably follow. Because some bugs will exist. Still important for longrun and also for auto docs/help/slideshow generation

2025-08-29 15:06:26 +02:00 · 2025-07-08 23:43:13 +02:00
parent 6b87a049d4
commit 563d5fd528
1242 changed files with 2301 additions and 1355 deletions
--- a/roles/web-app-wordpress/tasks/plugins/README.md
+++ b/roles/web-app-wordpress/tasks/plugins/README.md
@@ -0,0 +1,15 @@
+# WordPress Plugins
+
+This WordPress setup integrates several powerful plugins to extend functionality with authentication, federation, and external discussion platforms:
+
+## 🔐 OpenID Connect Generic Client  
+Enables secure login via OpenID Connect (OIDC).  
+Plugin used: [daggerhart-openid-connect-generic](https://wordpress.org/plugins/daggerhart-openid-connect-generic/)
+
+## 💬 WP Discourse  
+Seamlessly connects WordPress with a Discourse forum for comments, discussions, and single sign-on (SSO).  
+Plugin used: [wp-discourse](https://wordpress.org/plugins/wp-discourse/)
+
+## 🌍 ActivityPub  
+Federates your blog with the Fediverse, making it accessible on platforms like Mastodon and Friendica.  
+Plugin used: [activitypub](https://wordpress.org/plugins/activitypub/)
--- a/roles/web-app-wordpress/tasks/plugins/daggerhart-openid-connect-generic.yml
+++ b/roles/web-app-wordpress/tasks/plugins/daggerhart-openid-connect-generic.yml
@@ -0,0 +1,25 @@
+- name: "Load OIDC settings variables"
+  include_vars:
+    file: "{{ role_path }}/vars/oidc.yml"
+    name: oidc_vars
+
+- name: "Ensure the OIDC settings option exists as a PHP-serialized empty array"
+  # Generate an empty serialized array in the container, then add or update the option
+  command: >
+    docker-compose exec -u www-data -T application bash -lc
+    "serialized_empty_array=$(wp eval 'echo serialize(array());' --path={{ wordpress_docker_html_path }}); \
+     wp option add openid_connect_generic_settings \"$serialized_empty_array\" --path={{ wordpress_docker_html_path }} \
+     || wp option update openid_connect_generic_settings \"$serialized_empty_array\" --path={{ wordpress_docker_html_path }};"
+  args:
+    chdir: "{{ docker_compose.directories.instance }}"
+  failed_when: false
+
+- name: "Apply all OIDC settings via WP-CLI eval (safe via base64)"
+  # Convert the settings map to base64-encoded JSON to avoid shell escaping issues
+  vars:
+    oidc_settings_json_b64: "{{ oidc_vars.oidc_settings | to_json | b64encode }}"
+  command: >
+    docker-compose exec -u www-data -T application bash -lc
+      "wp eval \"update_option('openid_connect_generic_settings', json_decode(base64_decode('{{ oidc_settings_json_b64 }}'), true));\" --path={{ wordpress_docker_html_path }}"
+  args:
+    chdir: "{{ docker_compose.directories.instance }}"
--- a/roles/web-app-wordpress/tasks/plugins/wp-discourse.yml
+++ b/roles/web-app-wordpress/tasks/plugins/wp-discourse.yml
@@ -0,0 +1,94 @@
+---
+- name: "Include web-app-discourse"
+  include_role:
+    name: web-app-discourse
+
+- name: Wait for Discourse API
+  wait_for:
+    host: "{{ domains | get_domain('discourse') }}"
+    port: 80
+    delay: 5
+    timeout: 600
+
+- name: Add /var/www/discourse to Git safe.directory
+  command: >
+    docker exec {{ applications.discourse.container }} \
+      git config --global --add safe.directory /var/www/discourse
+  args:
+    chdir: "{{ docker_compose.directories.instance }}"
+  changed_when: false
+
+- name: Revoke old WP Discourse API keys via Rails
+  command: >
+    docker exec {{ applications.discourse.container }} bash -lc "\
+      cd /var/www/discourse && \
+      script/rails runner \"\
+        ApiKey.where(\
+          user_id: User.find_by_username('system').id,\
+          description: 'WP Discourse Integration',\
+          revoked_at: nil\
+        ).update_all(revoked_at: Time.current)\
+      \""
+  args:
+    chdir: "{{ docker_compose.directories.instance }}"
+  changed_when: false
+  failed_when: false
+
+- name: Generate new WP Discourse API key via Rake task
+  command: >
+    docker exec {{ applications.discourse.container }} bash -lc "\
+      cd /var/www/discourse && \
+      bin/rake api_key:create_master['WP Discourse Integration']\
+    "
+  args:
+    chdir: "{{ docker_compose.directories.instance }}"
+  register: discourse_generated_api_key
+
+- name: Store the new WP Discourse API key in a fact
+  set_fact:
+    vault_discourse_api_key: "{{ discourse_generated_api_key.stdout | trim }}"
+
+- name: "Load WP Discourse settings"
+  include_vars:
+    file: "{{ role_path }}/vars/discourse.yml"
+
+- name: "Install WP Discourse plugin"
+  command: >
+    docker-compose exec -u www-data -T application
+      wp plugin install wp-discourse --activate
+      --path={{ wordpress_docker_html_path }}
+  args:
+    chdir: "{{ docker_compose.directories.instance }}"
+
+- name: "Configure WP Discourse settings"
+  loop: "{{ discourse_settings | map(attribute='name') | unique | list }}"
+  loop_control:
+    label: "{{ item }}"
+  vars:
+    option_name: "{{ item }}"
+
+    option_items: >-
+      {{ discourse_settings
+         | selectattr('name', 'equalto', option_name)
+         | list
+      }}
+
+    option_kv: >-
+      {{ dict(
+           option_items | map(attribute='key')
+           | zip(option_items | map(attribute='value'))
+         ) }}
+
+    option_json_b64: "{{ option_kv | to_json | b64encode }}"
+
+  command: >
+    docker-compose exec -u www-data -T application bash -lc
+      "wp eval \"update_option(
+         '{{ option_name }}',
+         json_decode(
+           base64_decode('{{ option_json_b64 }}'),
+           true
+         )
+       );\" --path={{ wordpress_docker_html_path }}"
+  args:
+    chdir: "{{ docker_compose.directories.instance }}"