feat(mediawiki): Refactor OIDC + debug; install Composer deps in-container; modularize role

Discussion: https://chatgpt.com/share/68b10c0a-c308-800f-93ac-2ffb386cf58b

- Split tasks into 01_install, 02_debug, 03_admin, 04_extensions, 05_oidc.
- Ensure unzip+git+composer on demand in the container; run Composer as www-data with COMPOSER_HOME=/tmp/composer.
- Idempotently unpack/install PluggableAuth & OpenIDConnect; run composer install only if vendor/ is missing.
- Add sanity check for Jumbojett\OpenIDConnectClient.
- Copy oidc.php only when changed and append a single require_once to LocalSettings.php.
- Use REL1_44-compatible numeric array for $wgPluggableAuth_Config; set $wgPluggableAuth_ButtonLabelMessage.
- Debug: add debug.php that logs to STDERR (visible via docker logs); toggle cleanly with MODE_DEBUG.
- Enable OIDC feature in config; add paths/OIDC/extension vars in vars/main.yml.

fix(services): include SYS_SERVICE_GROUP_CLEANUP in StartPre lock (ssd-hdd, docker-hard).

fix(desktop/joomla): simplify MODE_DEBUG templating.

chore: minor cleanups and renames.
This commit is contained in:
2025-08-29 04:10:46 +02:00
parent 23a2e081bf
commit dd9a9b6d84
16 changed files with 442 additions and 72 deletions

View File

@@ -7,6 +7,11 @@ container_port: 80
MEDIAWIKI_SITENAME: "{{ applications | get_app_conf(application_id, 'sitename') }}"
MEDIAWIKI_URL: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
## Folders
MEDIAWIKI_HTML_DIR: "/var/www/html"
MEDIAWIKI_CONFIG_DIR: "{{ docker_compose.directories.config }}"
MEDIAWIKI_OIDC_FILE: "{{ docker_compose.directories.config }}/oidc.php"
## Docker
MEDIAWIKI_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.mediawiki.version') }}"
MEDIAWIKI_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.mediawiki.image') }}"
@@ -17,4 +22,20 @@ MEDIAWIKI_USER: "www-data"
# User
MEDIAWIKI_ADMINISTRATOR_NAME: "{{ users.administrator.username }}"
MEDIAWIKI_ADMINISTRATOR_PASSWORD: "{{ users.administrator.password }}"
MEDIAWIKI_ADMINISTRATOR_EMAIL: "{{ users.administrator.email }}"
MEDIAWIKI_ADMINISTRATOR_EMAIL: "{{ users.administrator.email }}"
# OIDC
MEDIAWIKI_OIDC_ENABLED: "{{ applications | get_app_conf(application_id, 'features.oidc') }}"
MEDIAWIKI_OIDC_CLIENT_ID: "{{ OIDC.CLIENT.ID }}"
MEDIAWIKI_OIDC_CLIENT_SECRET: "{{ OIDC.CLIENT.SECRET }}"
MEDIAWIKI_OIDC_ISSUER: "{{ OIDC.CLIENT.ISSUER_URL }}"
MEDIAWIKI_OIDC_BUTTON_TEXT: "{{ OIDC.BUTTON_TEXT }}"
# Extensions
MEDIAWIKI_EXT_BRANCH: "REL1_44" # passend zu MediaWiki 1.44
MEDIAWIKI_EXT_CFG_BASE: "{{ MEDIAWIKI_CONFIG_DIR }}/mwext/{{ MEDIAWIKI_EXT_BRANCH }}"
MEDIAWIKI_EXT_LIST:
- name: "PluggableAuth"
url: "https://codeload.github.com/wikimedia/mediawiki-extensions-PluggableAuth/tar.gz/refs/heads/{{ MEDIAWIKI_EXT_BRANCH }}"
- name: "OpenIDConnect"
url: "https://codeload.github.com/wikimedia/mediawiki-extensions-OpenIDConnect/tar.gz/refs/heads/{{ MEDIAWIKI_EXT_BRANCH }}"