mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-08-29 15:06:26 +02:00
Huge role refactoring/cleanup. Other commits will propably follow. Because some bugs will exist. Still important for longrun and also for auto docs/help/slideshow generation
This commit is contained in:
57
roles/web-app-wordpress/vars/configuration.yml
Normal file
57
roles/web-app-wordpress/vars/configuration.yml
Normal file
@@ -0,0 +1,57 @@
|
||||
title: "Blog" # Wordpress titel
|
||||
plugins:
|
||||
wp-discourse:
|
||||
enabled: "{{ 'discourse' in group_names | lower }}"
|
||||
daggerhart-openid-connect-generic:
|
||||
enabled: true
|
||||
activitypub:
|
||||
enabled: true
|
||||
features:
|
||||
matomo: true
|
||||
css: false
|
||||
portfolio_iframe: true
|
||||
oidc: true
|
||||
central_database: true
|
||||
version: latest
|
||||
csp:
|
||||
flags:
|
||||
style-src:
|
||||
unsafe-inline: true
|
||||
script-src-elem:
|
||||
unsafe-inline: true
|
||||
script-src:
|
||||
unsafe-eval: true
|
||||
whitelist:
|
||||
worker-src:
|
||||
- "blob:"
|
||||
font-src:
|
||||
- "data:"
|
||||
- "https://fonts.bunny.net"
|
||||
script-src-elem:
|
||||
- "https://cdn.gtranslate.net" # Necessary for translation plugins
|
||||
- "https://translate.google.com" # Necessary for translation plugins
|
||||
- "blog.{{ primary_domain }}"
|
||||
style-src:
|
||||
- "https://fonts.bunny.net"
|
||||
frame-src:
|
||||
- "blob:"
|
||||
- "*.{{ primary_domain }}"
|
||||
domains:
|
||||
canonical:
|
||||
- "blog.{{ primary_domain }}"
|
||||
docker:
|
||||
services:
|
||||
database:
|
||||
enabled: true
|
||||
rbac:
|
||||
roles:
|
||||
subscriber:
|
||||
description: "Can read posts and leave comments but cannot write or manage content"
|
||||
author:
|
||||
description: "Can write and manage own posts"
|
||||
contributor:
|
||||
description: "Can write and submit posts for review but cannot publish"
|
||||
editor:
|
||||
description: "Can publish and manage all posts, including those by other users"
|
||||
administrator:
|
||||
description: "Has full administrative access: manage themes, plugins, settings, and users"
|
245
roles/web-app-wordpress/vars/discourse.yml
Normal file
245
roles/web-app-wordpress/vars/discourse.yml
Normal file
@@ -0,0 +1,245 @@
|
||||
# Defines WP Discourse plugin settings
|
||||
# @see https://github.com/discourse/wp-discourse
|
||||
|
||||
# roles/web-app-wordpress/vars/discourse.yml
|
||||
# Defines WP Discourse plugin settings (exported from your current wp_options dump)
|
||||
|
||||
discourse_settings:
|
||||
#- name: wpdc_discourse_domain
|
||||
# key: wpdc_discourse_domain
|
||||
# value: ""
|
||||
|
||||
- name: discourse_connect
|
||||
key: url
|
||||
value: "{{ domains | get_url('discourse', web_protocol) }}"
|
||||
- name: discourse_connect
|
||||
key: api-key
|
||||
value: "{{ vault_discourse_api_key }}"
|
||||
- name: discourse_connect
|
||||
key: publish-username
|
||||
value: "system"
|
||||
|
||||
#- name: discourse_publish
|
||||
# key: display-subcategories
|
||||
# value: false
|
||||
#- name: discourse_publish
|
||||
# key: publish-category
|
||||
# value: false
|
||||
#- name: discourse_publish
|
||||
# key: publish-category-update
|
||||
# value: false
|
||||
#- name: discourse_publish
|
||||
# key: full-post-content
|
||||
# value: false
|
||||
#- name: discourse_publish
|
||||
# key: allow-tags
|
||||
# value: false
|
||||
#- name: discourse_publish
|
||||
# key: max-tags
|
||||
# value: 5
|
||||
#- name: discourse_publish
|
||||
# key: publish-as-unlisted
|
||||
# value: false
|
||||
#- name: discourse_publish
|
||||
# key: custom-excerpt-length
|
||||
# value: 55
|
||||
#- name: discourse_publish
|
||||
# key: add-featured-link
|
||||
# value: false
|
||||
#- name: discourse_publish
|
||||
# key: auto-publish
|
||||
# value: false
|
||||
#- name: discourse_publish
|
||||
# key: force-publish
|
||||
# value: false
|
||||
#- name: discourse_publish
|
||||
# key: force-publish-max-age
|
||||
# value: 0
|
||||
#- name: discourse_publish
|
||||
# key: publish-failure-notice
|
||||
# value: true
|
||||
#- name: discourse_publish
|
||||
# key: publish-failure-email
|
||||
# value: "{{ users.administrator.email }}"
|
||||
#- name: discourse_publish
|
||||
# key: auto-track
|
||||
# value: true
|
||||
#- name: discourse_publish
|
||||
# key: allowed_post_types
|
||||
# value:
|
||||
# - post
|
||||
#- name: discourse_publish
|
||||
# key: hide-discourse-name-field
|
||||
# value: false
|
||||
#- name: discourse_publish
|
||||
# key: discourse-username-editable
|
||||
# value: false
|
||||
#
|
||||
#- name: discourse_comment
|
||||
# key: enable-discourse-comments
|
||||
# value: false
|
||||
#- name: discourse_comment
|
||||
# key: comment-type
|
||||
# value: "display-comments"
|
||||
#- name: discourse_comment
|
||||
# key: ajax-load
|
||||
# value: false
|
||||
#- name: discourse_comment
|
||||
# key: cache-html
|
||||
# value: false
|
||||
#- name: discourse_comment
|
||||
# key: clear-cached-comment-html
|
||||
# value: false
|
||||
#- name: discourse_comment
|
||||
# key: discourse-new-tab
|
||||
# value: false
|
||||
#- name: discourse_comment
|
||||
# key: comment-sync-period
|
||||
# value: 10
|
||||
#- name: discourse_comment
|
||||
# key: hide-wordpress-comments
|
||||
# value: false
|
||||
#- name: discourse_comment
|
||||
# key: show-existing-comments
|
||||
# value: false
|
||||
#- name: discourse_comment
|
||||
# key: existing-comments-heading
|
||||
# value: ""
|
||||
#- name: discourse_comment
|
||||
# key: max-comments
|
||||
# value: 5
|
||||
#- name: discourse_comment
|
||||
# key: min-replies
|
||||
# value: 1
|
||||
#- name: discourse_comment
|
||||
# key: min-score
|
||||
# value: 0
|
||||
#- name: discourse_comment
|
||||
# key: min-trust-level
|
||||
# value: 1
|
||||
#- name: discourse_comment
|
||||
# key: bypass-trust-level-score
|
||||
# value: 50
|
||||
#- name: discourse_comment
|
||||
# key: custom-datetime-format
|
||||
# value: ""
|
||||
#- name: discourse_comment
|
||||
# key: only-show-moderator-liked
|
||||
# value: false
|
||||
#- name: discourse_comment
|
||||
# key: load-comment-css
|
||||
# value: false
|
||||
#
|
||||
#- name: discourse_configurable_text
|
||||
# key: discourse-link-text
|
||||
# value: ""
|
||||
#- name: discourse_configurable_text
|
||||
# key: start-discussion-text
|
||||
# value: "Start the discussion at"
|
||||
#- name: discourse_configurable_text
|
||||
# key: continue-discussion-text
|
||||
# value: "Continue the discussion at"
|
||||
#- name: discourse_configurable_text
|
||||
# key: join-discussion-text
|
||||
# value: "Join the discussion at"
|
||||
#- name: discourse_configurable_text
|
||||
# key: comments-singular-text
|
||||
# value: "Comment"
|
||||
#- name: discourse_configurable_text
|
||||
# key: comments-plural-text
|
||||
# value: "Comments"
|
||||
#- name: discourse_configurable_text
|
||||
# key: no-comments-text
|
||||
# value: "Join the Discussion"
|
||||
#- name: discourse_configurable_text
|
||||
# key: notable-replies-text
|
||||
# value: "Notable Replies"
|
||||
#- name: discourse_configurable_text
|
||||
# key: comments-not-available-text
|
||||
# value: "Comments are not currently available for this post."
|
||||
#- name: discourse_configurable_text
|
||||
# key: participants-text
|
||||
# value: "Participants"
|
||||
#- name: discourse_configurable_text
|
||||
# key: published-at-text
|
||||
# value: "Originally published at:"
|
||||
#- name: discourse_configurable_text
|
||||
# key: single-reply-text
|
||||
# value: "Reply"
|
||||
#- name: discourse_configurable_text
|
||||
# key: many-replies-text
|
||||
# value: "Replies"
|
||||
#- name: discourse_configurable_text
|
||||
# key: more-replies-more-text
|
||||
# value: "more"
|
||||
#- name: discourse_configurable_text
|
||||
# key: external-login-text
|
||||
# value: "Log in with Discourse"
|
||||
#- name: discourse_configurable_text
|
||||
# key: link-to-discourse-text
|
||||
# value: "Link your account to Discourse"
|
||||
#- name: discourse_configurable_text
|
||||
# key: linked-to-discourse-text
|
||||
# value: "Your account is linked with Discourse!"
|
||||
#
|
||||
#- name: discourse_webhook
|
||||
# key: use-discourse-webhook
|
||||
# value: false
|
||||
#- name: discourse_webhook
|
||||
# key: webhook-secret
|
||||
# value: ""
|
||||
#- name: discourse_webhook
|
||||
# key: webhook-match-old-topics
|
||||
# value: false
|
||||
#- name: discourse_webhook
|
||||
# key: use-discourse-user-webhook
|
||||
# value: false
|
||||
#- name: discourse_webhook
|
||||
# key: webhook-match-user-email
|
||||
# value: false
|
||||
#
|
||||
#- name: discourse_sso_common
|
||||
# key: sso-secret
|
||||
# value: ""
|
||||
#
|
||||
#- name: discourse_sso_provider
|
||||
# key: enable-sso
|
||||
# value: false
|
||||
#- name: discourse_sso_provider
|
||||
# key: auto-create-sso-user
|
||||
# value: false
|
||||
#- name: discourse_sso_provider
|
||||
# key: login-path
|
||||
# value: ""
|
||||
#- name: discourse_sso_provider
|
||||
# key: real-name-as-discourse-name
|
||||
# value: false
|
||||
#- name: discourse_sso_provider
|
||||
# key: force-avatar-update
|
||||
# value: false
|
||||
#- name: discourse_sso_provider
|
||||
# key: redirect-without-login
|
||||
# value: false
|
||||
#
|
||||
#- name: discourse_sso_client
|
||||
# key: sso-desktop-enabled
|
||||
# value: false
|
||||
#- name: discourse_sso_client
|
||||
# key: sso-desktop-login-form-change
|
||||
# value: false
|
||||
#- name: discourse_sso_client
|
||||
# key: sso-desktop-login-form-redirect
|
||||
# value: ""
|
||||
#- name: discourse_sso_client
|
||||
# key: sso-desktop-sync-by-email
|
||||
# value: false
|
||||
#- name: discourse_sso_client
|
||||
# key: sso-desktop-disable-create-user
|
||||
# value: false
|
||||
#- name: discourse_sso_client
|
||||
# key: sso-desktop-sync-logout
|
||||
# value: false
|
||||
#
|
||||
- name: discourse_logs
|
||||
key: logs-enabled
|
||||
value: "{{ enable_debug }}"
|
6
roles/web-app-wordpress/vars/main.yml
Normal file
6
roles/web-app-wordpress/vars/main.yml
Normal file
@@ -0,0 +1,6 @@
|
||||
application_id: "wordpress"
|
||||
wordpress_max_upload_size: "64M"
|
||||
database_type: "mariadb"
|
||||
wordpress_custom_image: "wordpress_custom"
|
||||
wordpress_docker_html_path: "/var/www/html"
|
||||
host_msmtp_conf: "{{docker_compose.directories.config}}msmtprc.conf"
|
29
roles/web-app-wordpress/vars/oidc.yml
Normal file
29
roles/web-app-wordpress/vars/oidc.yml
Normal file
@@ -0,0 +1,29 @@
|
||||
# vars/oidc.yml
|
||||
# Defines OIDC settings for the OpenID Connect Generic plugin, with explanatory comments.
|
||||
# @see https://github.com/oidc-wp/openid-connect-generic/blob/develop/includes/openid-connect-generic-option-settings.php
|
||||
|
||||
oidc_settings:
|
||||
client_id: "{{ oidc.client.id }}" # The client ID that identifies WordPress as the OIDC client.
|
||||
client_secret: "{{ oidc.client.secret }}" # The secret key used by WordPress to authenticate to the OIDC provider.
|
||||
endpoint_login: "{{ oidc.client.authorize_url }}" # URL of the authorization endpoint to initiate the login flow.
|
||||
endpoint_token: "{{ oidc.client.token_url }}" # URL of the token endpoint for exchanging authorization codes for tokens.
|
||||
endpoint_userinfo: "{{ oidc.client.user_info_url }}" # URL of the userinfo endpoint to retrieve user profile data.
|
||||
endpoint_end_session: "{{ oidc.client.logout_url }}" # URL of the end-session endpoint to log users out of the IDP.
|
||||
login_type: "auto" # Determines how the login interface is rendered (e.g., button or form).
|
||||
scope: "openid profile email" # Scopes requested from the OIDC provider during authentication.
|
||||
create_if_does_not_exist: true # Auto-create a new WP user if one doesn’t exist.
|
||||
enforce_privacy: false # Require authentication for all site pages if set to true.
|
||||
link_existing_users: true # Link OIDC login to existing WP users by matching email.
|
||||
redirect_on_logout: true # Redirect users after logout to the login screen or homepage.
|
||||
redirect_user_back: true # Return users to their original URL after successful login.
|
||||
#acr_values: "{{ oidc.client.acr_values | default('') }}" # ACR values defining required authentication context (e.g., MFA level).
|
||||
enable_logging: "{{ enable_debug }}" # Enable detailed plugin logging for debugging and auditing.
|
||||
# log_limit: "{{ oidc.client.log_limit | default('') }}" # Maximum number of log entries to retain before pruning.
|
||||
no_sslverify: false # The flag to enable/disable SSL verification during authorization.
|
||||
http_request_timeout: 5 # The timeout for requests made to the IDP. Default value is 5.
|
||||
identity_key: "{{ oidc.attributes.username }}" # The key in the user claim array to find the user's identification data.
|
||||
nickname_key: "{{ oidc.attributes.username }}" # The key in the user claim array to find the user's nickname.
|
||||
email_format: "{{ oidc.attributes.email }}" # The key(s) in the user claim array to formulate the user's email address.
|
||||
displayname_format: "{{ oidc.attributes.given_name }} {{ oidc.attributes.family_name }}" # The key(s) in the user claim array to formulate the user's display name.
|
||||
identify_with_username: true # The flag which indicates how the user's identity will be determined.
|
||||
state_time_limit: 180 # The valid time limit of the state, in seconds. Defaults to 180 seconds.
|
Reference in New Issue
Block a user