kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-31 07:48:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat(mediawiki): Refactor OIDC + debug; install Composer deps in-container; modularize role

Browse Source 
Discussion: https://chatgpt.com/share/68b10c0a-c308-800f-93ac-2ffb386cf58b

- Split tasks into 01_install, 02_debug, 03_admin, 04_extensions, 05_oidc.
- Ensure unzip+git+composer on demand in the container; run Composer as www-data with COMPOSER_HOME=/tmp/composer.
- Idempotently unpack/install PluggableAuth & OpenIDConnect; run composer install only if vendor/ is missing.
- Add sanity check for Jumbojett\OpenIDConnectClient.
- Copy oidc.php only when changed and append a single require_once to LocalSettings.php.
- Use REL1_44-compatible numeric array for $wgPluggableAuth_Config; set $wgPluggableAuth_ButtonLabelMessage.
- Debug: add debug.php that logs to STDERR (visible via docker logs); toggle cleanly with MODE_DEBUG.
- Enable OIDC feature in config; add paths/OIDC/extension vars in vars/main.yml.

fix(services): include SYS_SERVICE_GROUP_CLEANUP in StartPre lock (ssd-hdd, docker-hard).

fix(desktop/joomla): simplify MODE_DEBUG templating.

chore: minor cleanups and renames.
This commit is contained in:
Kevin Veen-Birkenbach
2025-08-29 04:10:46 +02:00
parent 23a2e081bf
commit dd9a9b6d84
16 changed files with 442 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
roles/web-app-mediawiki/templates/debug.php.j2 Normal file
View File

@@ -0,0 +1,21 @@
<?php
$wgShowExceptionDetails = true;
$wgShowDBErrorBacktrace = true;
$wgShowSQLErrors = true;
$wgDevelopmentWarnings = true;
@ini_set('display_errors', '1');
@ini_set('display_startup_errors', '1');
@ini_set('log_errors', '1');
@ini_set('error_log', '/proc/self/fd/2');
$wgDebugLogGroups = array_merge($wgDebugLogGroups ?? [], [
'exception' => 'php://stderr',
'error' => 'php://stderr',
'authentication' => 'php://stderr',
'session' => 'php://stderr',
'resourceloader' => 'php://stderr',
'PluggableAuth' => 'php://stderr',
'OpenIDConnect' => 'php://stderr',
]);

27
roles/web-app-mediawiki/templates/oidc.php.j2 Normal file
View File

@@ -0,0 +1,27 @@
<?php
// ### OIDC (PluggableAuth) BEGIN (managed by Ansible)
wfLoadExtension( 'PluggableAuth' );
wfLoadExtension( 'OpenIDConnect' );
$wgPluggableAuth_EnableAutoLogin = false; // dont auto-redirect to IdP
$wgPluggableAuth_EnableLocalLogin = true; // keep local user/pass login
$wgPluggableAuth_ButtonLabelMessage = '{{ MEDIAWIKI_OIDC_BUTTON_TEXT }}';
// PluggableAuth expects a list of providers (numeric array) on REL1_44
$wgPluggableAuth_Config = [
[
'plugin' => 'OpenIDConnect',
'data' => [
// For Keycloak, use the REALM URL, e.g. https://auth.example/realms/<realm>
'providerURL' => '{{ MEDIAWIKI_OIDC_ISSUER }}',
'clientID' => '{{ MEDIAWIKI_OIDC_CLIENT_ID }}',
'clientsecret' => '{{ MEDIAWIKI_OIDC_CLIENT_SECRET }}',
'scope' => [ 'openid', 'profile', 'email' ],
],
],
];
// Helpful defaults
$wgOpenIDConnect_UseEmailNameAsUserName = true;
$wgOpenIDConnect_MigrateUsers = true;
// ### OIDC (PluggableAuth) END