kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-09-09 19:57:16 +02:00
Code Issues Packages Projects Releases Wiki Activity

refactor(web-app-mediawiki): unify debug & oidc handling via _ensure_require, introduce host-side prep, switch to bind mounts

Browse Source 
- Removed obsolete Installation.md, TODO.md, 02_debug.yml, 05_oidc.yml and legacy debug enable/disable tasks
- Added 01_prep.yml to render debug.php/oidc.php on host side before container start
- Introduced _ensure_require.yml for generic require_once management in LocalSettings.php
- Renamed 01_install.yml -> 02_install.yml to align with new numbering
- Updated docker-compose.yml.j2 to bind-mount mw-local into /opt/mw-local
- Adjusted vars/main.yml to define MEDIAWIKI_LOCAL_MOUNT_DIR and MEDIAWIKI_LOCAL_PATH
- Templates debug.php.j2 and oidc.php.j2 now gated by MODE_DEBUG and MEDIAWIKI_OIDC_ENABLED
- main.yml now orchestrates prep, install, debug, extensions, oidc require, admin consistently

Ref: https://chatgpt.com/share/68b57db2-efcc-800f-a733-aca952298437
This commit is contained in:
Kevin Veen-Birkenbach
2025-09-01 13:04:57 +02:00
parent 7791bd8c04
commit aaedaab3da
14 changed files with 110 additions and 314 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
roles/web-app-mediawiki/templates/oidc.php.j2
View File

@@ -1,18 +1,19 @@
<?php
// ### OIDC (PluggableAuth) BEGIN (managed by Ansible)
{% if MEDIAWIKI_OIDC_ENABLED | bool %}
wfLoadExtension( 'PluggableAuth' );
wfLoadExtension( 'OpenIDConnect' );
$wgPluggableAuth_EnableAutoLogin = true; // dont auto-redirect to IdP
$wgPluggableAuth_EnableLocalLogin = false; // keep local user/pass login
$wgPluggableAuth_EnableAutoLogin = true;
$wgPluggableAuth_EnableLocalLogin = false;
$wgPluggableAuth_ButtonLabel = '{{ MEDIAWIKI_OIDC_BUTTON_TEXT }}';
// PluggableAuth expects a list of providers (numeric array) on REL1_44
$wgPluggableAuth_Config = [
[
'plugin' => 'OpenIDConnect',
'data' => [
// For Keycloak, use the REALM URL, e.g. https://auth.example/realms/<realm>
'providerURL' => '{{ MEDIAWIKI_OIDC_ISSUER }}',
'clientID' => '{{ MEDIAWIKI_OIDC_CLIENT_ID }}',
'clientsecret' => '{{ MEDIAWIKI_OIDC_CLIENT_SECRET }}',
@@ -21,7 +22,8 @@ $wgPluggableAuth_Config = [
],
];
// Helpful defaults
$wgOpenIDConnect_UseEmailNameAsUserName = true;
$wgOpenIDConnect_MigrateUsers = true;
// ### OIDC (PluggableAuth) END
{% endif %}