Added OIDC draft für wordpress

group_vars/all/00_general.yml

@@ -31,13 +31,13 @@ test_email:             "test@{{primary_domain}}"
 # Server Tact Variables 
 
 ## Ours in which the server is "awake" (100% working). Rest of the time is reserved for maintanance
-hours_server_awake:               "0..23"
+hours_server_awake:                       "0..23"
 
 ## Random delay for systemd timers to avoid peak loads.
-randomized_delay_sec:             "5min" 
+randomized_delay_sec:                     "5min"
 
 # Runtime Variables for Process Control
-activate_all_timers:                  false   # Activates all timers, independend if the handlers had been triggered
+activate_all_timers:                       false   # Activates all timers, independend if the handlers had been triggered
 
 # One Wildcard Certificate for All Subdomains
 # Enables a single Let's Encrypt wildcard certificate for all subdomains instead of individual certificates.
@@ -47,11 +47,11 @@ activate_all_timers:                  false   # Activates all timers, independen
 # To enable, update your inventory file.
 # For detailed setup instructions, visit: 
 # https://github.com/kevinveenbirkenbach/cymais/tree/master/roles/nginx-docker-cert-deploy
-enable_wildcard_certificate:          false  
+enable_wildcard_certificate:              false  
 
 # This enables debugging in ansible and in the apps
 # You SHOULD NOT enable this on production servers
-enable_debug:   false
+enable_debug:                             false
 
 #########################
 ##  ENABLED DEFAULTS   ##

group_vars/all/07_applications.yml

@@ -709,7 +709,7 @@ defaults_applications:
   presentation:
     matomo_tracking_enabled:      "{{matomo_tracking_enabled_default}}"     # Enables\Disables Matomo Tracking
     css_enabled:                  False                                     # Would mess with the presentation layout
-    landingpage_iframe_enabled:   False                                     # Makes sense to make the documentary allways in iframe available
+    landingpage_iframe_enabled:   True                                      # Makes sense to make the documentary allways in iframe available
 
   # Snipe-IT
   snipe_it:
@@ -770,7 +770,15 @@ defaults_applications:
 # May a solution could be to generate a template or css file dedicated
 # for wordpress based on the theming values and import it. 
     database:
-      central_storage:  True  # Activate Central Database Storage
+      central_storage:            True                                      # Activate Central Database Storage
     matomo_tracking_enabled:      "{{matomo_tracking_enabled_default}}"     # Enables\Disables Matomo Tracking
     css_enabled:                  false                                     # CSS is hard to tweak for wordpress
-    landingpage_iframe_enabled:   "{{landingpage_iframe_enabled_default}}"  # Enables\Disables the possibility to embed this on landing page via iframe
+    landingpage_iframe_enabled:   "{{landingpage_iframe_enabled_default}}"  # Enables\Disables the possibility to embed this on landing page via iframe
+    oidc:
+      enabled:                    true                                      # Activate OIDC
+    title:                        "Blog"                                    
+    credentials:
+      administrator:
+        username:                 "{{users.administrator.username}}"        # Username of the wordpress administrator
+#       password:                                                           # Password of the wordpress administrator
+        email:                    "{{users.administrator.email}}"           # Email of the wordpress adminsitrator

roles/docker-discourse/vars/main.yml

@@ -1,5 +1,5 @@
 application_id:                         "discourse"
-database_password:                      "{{ applications.discourse.database_password }}"
+database_password:                      "{{ applications.discourse.credentials.database.password }}"
 database_type:                          "postgres"
 docker_repository_directory :           "{{docker_compose.directories.services}}{{applications.discourse.repository}}/"
 discourse_application_yml_destination:  "{{docker_repository_directory }}containers/{{applications.discourse.container}}.yml"

roles/docker-keycloak/vars/main.yml

@@ -1,6 +1,6 @@
 application_id:  	        "keycloak"
 database_type:            "postgres"
-database_password:        "{{applications.keycloak.database_password}}"
+database_password:        "{{applications.keycloak.credentials.database.password}}"
 container_name:           "{{application_id}}_application"
 realm:                    "{{primary_domain}}"                              # This is the name of the default realm which is used by the applications
 import_directory_host:    "{{docker_compose.directories.volumes}}import/"   # Directory in which keycloack import files are placed on the host

roles/docker-mailu/vars/main.yml

@@ -1,5 +1,5 @@
 application_id:               "mailu"
-database_password:  	        "{{applications.mailu.credentials.database_password}}"
+database_password:  	        "{{applications.mailu.credentials.database.password}}"
 database_type:                "mariadb"
 cert_mount_directory:         "{{docker_compose.directories.volumes}}certs/"
 enable_wildcard_certificate:  false

roles/docker-mastodon/vars/main.yml

@@ -1,3 +1,3 @@
 application_id:  	  "mastodon"
-database_password:  "{{applications.mastodon.credentials.database_password}}"
+database_password:  "{{applications.mastodon.credentials.database.password}}"
 database_type:      "postgres"

roles/docker-matomo/vars/main.yml

@@ -1,7 +1,7 @@
 ---
 application_id:  	  "matomo"
 database_type:      "mariadb"
-database_password:  "{{applications.matomo.database_password}}"
+database_password:  "{{applications.matomo.credentials.database.password}}"
 
 # I don't know if this is still necessary
 domain:             "{{domains.matomo}}"                         

roles/docker-nextcloud/vars/main.yml

@@ -3,7 +3,7 @@
 application_id:                                     "nextcloud"                                                   # Application identifier
 
 # Database
-database_password:  	                              "{{applications.nextcloud.credentials.database_password}}"    # Database password
+database_password:  	                              "{{applications.nextcloud.credentials.database.password}}"    # Database password
 database_type:                                      "mariadb"                                                     # Database flavor
 
 # Networking

roles/docker-openproject/vars/main.yml

@@ -1,6 +1,6 @@
 application_id:               "openproject"
 docker_repository_address:    "https://github.com/opf/openproject-deploy"
-database_password:            "{{ applications[application_id].credentials.database_password }}"
+database_password:            "{{ applications[application_id].credentials.database.password }}"
 database_type:                "postgres"
 
 openproject_plugins_service:  "{{docker_compose.directories.services}}plugins/"

roles/docker-portfolio/templates/footer_menu.yaml.j2

@@ -122,9 +122,9 @@
     - name: Slides
       description: Checkout the presentation
       icon:
-        class: fas fa-book
+        class: "fas fa-chalkboard-teacher"
       url: https://{{domains.presentation}}
-      iframe: {{ applications | get_landingpage_iframe_enabled('sphinx') }}
+      iframe: {{ applications | get_landingpage_iframe_enabled('presentation') }}
 
 {% endif %}
 

roles/docker-snipe_it/vars/main.yml

@@ -1,3 +1,3 @@
 application_id:           "snipe_it"
-database_password:        "{{applications.snipe_it.database_password}}"
+database_password:        "{{applications.snipe_it.credentials.database.password}}"
 database_type:            "mariadb"

roles/docker-wordpress/files/Dockerfile

@@ -1,12 +1,15 @@
 FROM wordpress
 
-# Update and installation of msmtp
+# Install msmtp and update system
 RUN apt-get update && \
     apt-get install -y msmtp msmtp-mta && \
     rm -rf /var/lib/apt/lists/*
 
-# Copy the msmtp configuration into the container
-COPY config/msmtprc.conf /etc/msmtprc
+# Install WP CLI
+RUN curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar && \
+    chmod +x wp-cli.phar && \
+    mv wp-cli.phar /usr/local/bin/wp
 
-# Copy the PHP configuration for uploads (and mail settings)
+# Copy msmtp configuration and PHP upload settings
+COPY config/msmtprc.conf /etc/msmtprc
 COPY upload.ini $PHP_INI_DIR/conf.d/

roles/docker-wordpress/tasks/install.yml

@@ -0,0 +1,12 @@
+- name: "{{ role_name }} | Run WordPress core install via WP CLI"
+  command: >
+    docker-compose exec -T -u www-data application
+    wp core install
+      --url="https://{{ domains[application_id][0] }}"
+      --title="{{ applications[application_id].title }}"
+      --admin_user="{{ applications[application_id].credentials.administrator.username }}"
+      --admin_password="{{ applications[application_id].credentials.administrator.password }}"
+      --admin_email="{{ applications[application_id].credentials.administrator.email }}"
+      --path="{{ wordpress_docker_html_path }}"
+  args:
+    chdir: "{{ docker_compose.directories.instance }}"

roles/docker-wordpress/tasks/main.yml

@@ -1,9 +1,9 @@
 ---
-- name: "include docker-central-database"
+- name: "{{ role_name }} | Include docker-central-database"
   include_role: 
     name: docker-central-database
   
-- name: "include role nginx-domain-setup for {{ application_id }}"
+- name: "{{ role_name }} | Include role nginx-domain-setup for {{ application_id }}"
   include_role:
     name: nginx-domain-setup
   loop: "{{ domains.wordpress }}"
@@ -13,23 +13,30 @@
     nginx_docker_reverse_proxy_extra_configuration: "client_max_body_size {{ wordpress_max_upload_size }};"
     http_port: "{{ ports.localhost.http[application_id] }}"
 
-- name: "Transfering upload.ini to {{ docker_compose.directories.instance }}"
+- name: "{{ role_name }} | Transfering upload.ini to {{ docker_compose.directories.instance }}"
   template:
     src: upload.ini.j2
     dest: "{{ docker_compose.directories.instance }}upload.ini"
   notify: docker compose project build and setup
 
-- name: "Transfering msmtprc to {{ host_msmtp_conf }}"
+- name: "{{ role_name }} | Transfering msmtprc to {{ host_msmtp_conf }}"
   template:
     src: "{{ playbook_dir }}/roles/msmtp/templates/msmtprc.conf.j2"
     dest: "{{ host_msmtp_conf }}"
   notify: docker compose project build and setup
 
-- name: "Transfering Dockerfile to {{ docker_compose.directories.instance }}"
+- name: "{{ role_name }} | Transfering Dockerfile to {{ docker_compose.directories.instance }}"
   copy:
     src: Dockerfile
     dest: "{{ docker_compose.directories.instance }}Dockerfile"
   notify: docker compose project build and setup
 
-- name: "copy docker-compose.yml and env file"
+- name: "{{ role_name }} | copy docker-compose.yml and env file"
   include_tasks: copy-docker-compose-and-env.yml
+
+- name: "{{ role_name }} | Install wordpress"
+  include_tasks: install.yml
+
+- name: "{{ role_name }} | Activating OIDC when enabled."
+  include_tasks: oidc.yml
+  when: applications[application_id].oidc.enabled | bool

roles/docker-wordpress/tasks/oidc.yml

@@ -0,0 +1,16 @@
+---
+- name: "{{ role_name }} | Install OpenID Connect Generic Plugin via WP CLI"
+  command: >
+    docker-compose exec -u www-data -T application
+      wp plugin install daggerhart-openid-connect-generic
+      --path={{ wordpress_docker_html_path }}
+  args:
+    chdir: "{{ docker_compose.directories.instance }}"
+
+- name: "{{ role_name }} | Activate OpenID Connect Generic Plugin"
+  command: >
+    docker-compose exec -u www-data -T application
+      wp plugin activate daggerhart-openid-connect-generic
+      --path={{ wordpress_docker_html_path }}
+  args:
+    chdir: "{{ docker_compose.directories.instance }}"

roles/docker-wordpress/templates/docker-compose.yml.j2

@@ -4,14 +4,14 @@ services:
 
   application:
     {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
-    image: {{custom_wordpress_image}}
+    image: {{wordpress_custom_image}}
     container_name: wordpress-application
     build:
       context: .
     ports:
       - "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
     volumes:
-      - data:/var/www/html
+      - data:{{ wordpress_docker_html_path }}
 
 {% include 'roles/docker-compose/templates/services/msmtp_curl_test.yml.j2' %}
 

roles/docker-wordpress/templates/env.j2

@@ -1,4 +1,15 @@
 WORDPRESS_DB_HOST=      "{{database_host}}:{{database_port}}"
 WORDPRESS_DB_USER=      "{{database_username}}"
 WORDPRESS_DB_PASSWORD=  "{{database_password}}"
-WORDPRESS_DB_NAME=      "{{database_name}}"
+WORDPRESS_DB_NAME=      "{{database_name}}"
+
+{% if applications[application_id].oidc.enabled | bool %}
+# OIDC Configuration (loaded if OIDC is enabled)
+# @see https://github.com/oidc-wp/openid-connect-generic/blob/develop/includes/openid-connect-generic-option-settings.php
+OIDC_CLIENT_ID={{ oidc.client.id }}
+OIDC_CLIENT_SECRET={{ oidc.client.secret }}
+OIDC_ENDPOINT_LOGOUT_URL={{ oidc.client.logout_url }}
+OIDC_ENDPOINT_LOGIN_URL={{ oidc.client.authorize_url }}
+OIDC_ENDPOINT_TOKEN_URL={{ oidc.client.token_url }}
+OIDC_ENDPOINT_USERINFO_URL={{ oidc.client.user_info_url }}
+{% endif %}

roles/docker-wordpress/vars/main.yml

@@ -1,6 +1,7 @@
 application_id:  	          "wordpress"
 wordpress_max_upload_size:  "64M"
 database_type:              "mariadb"
-database_password:  	      "{{wordpress_database_password}}"
-custom_wordpress_image:     "custom_wordpress"
+database_password:  	      "{{applications[application_id].credentials.database.password}}"
+wordpress_custom_image:     "wordpress_custom"
+wordpress_docker_html_path: "/var/www/html"
 host_msmtp_conf:            "{{docker_compose.directories.config}}msmtprc.conf"