Bluesky: update Ansible patches to use new geolocation module path

Replaced hardcoded path to src/state/geolocation.tsx with variable BLUESKY_GEOLOCATION_PATH pointing to src/state/geolocation/index.tsx.
This ensures BAPP_CONFIG_URL and IPCC_URL replacements work with the updated Bluesky code structure.

Ref: https://chatgpt.com/share/68cb16d5-d698-800f-97e5-cc7d9016f27c

roles/docker-container/templates/networks.yml.j2

@@ -5,6 +5,10 @@
   application_id in ['svc-db-mariadb','svc-db-postgres']
 %}
       {{ applications | get_app_conf('svc-db-' ~ database_type, 'docker.network') }}:
+{% if application_id in ['svc-db-mariadb','svc-db-postgres'] %}
+          aliases:
+            - {{ database_type }}
+{% endif %}
 {% endif %}
 {% if applications | get_app_conf(application_id, 'features.ldap', False) and applications | get_app_conf('svc-db-openldap', 'network.docker') %}
       {{ applications | get_app_conf('svc-db-openldap', 'docker.network') }}:

roles/web-app-bluesky/tasks/02_social_app.yml

@@ -10,12 +10,12 @@
 
 - name: Force BAPP_CONFIG_URL to same-origin /config
   ansible.builtin.replace:
-    path: "{{ BLUESKY_SOCIAL_APP_DIR }}/src/state/geolocation.tsx"
+    path: "{{ BLUESKY_GEOLOCATION_PATH }}"
     regexp: '^\s*const\s+BAPP_CONFIG_URL\s*=\s*.*$'
     replace: "const BAPP_CONFIG_URL = '/config'"
 
 - name: Force IPCC_URL to same-origin /ipcc
   ansible.builtin.replace:
-    path: "{{ BLUESKY_SOCIAL_APP_DIR }}/src/state/geolocation.tsx"
+    path: "{{ BLUESKY_GEOLOCATION_PATH }}"
     regexp: '^\s*const\s+IPCC_URL\s*=\s*.*$'
     replace: "const IPCC_URL = '/ipcc'"

roles/web-app-bluesky/vars/main.yml

@@ -4,7 +4,8 @@ application_id:                 "web-app-bluesky"
 ## Bluesky
 
 ## Social App
-BLUESKY_SOCIAL_APP_DIR:         "{{ docker_compose.directories.services }}/social-app"
+BLUESKY_SOCIAL_APP_DIR:         "{{ [ docker_compose.directories.services, 'social-app' ] | path_join  }}"
+BLUESKY_GEOLOCATION_PATH:       "{{ [ BLUESKY_SOCIAL_APP_DIR,'src/state/geolocation/index.tsx' ] | path_join }}"
 
 # This should be removed when the following issue is closed:
 # https://github.com/bluesky-social/pds/issues/52

roles/web-app-xwiki/templates/xwiki.properties.j2

@@ -7,6 +7,7 @@ xwiki.url.port={{ WEB_PORT }}
 # OIDC
 # Render this block only while the OIDC switch is ON in _flush_config.yml.
 # During bootstrap we keep it OFF to avoid ClassNotFoundException before the extension is installed.
+# @see https://extensions.xwiki.org/xwiki/bin/view/Extension/OpenID%20Connect/OpenID%20Connect%20Authenticator/
 {% if xwiki_oidc_enabled_switch | bool %}
 oidc.showLoginButton=true
 oidc.provider={{ XWIKI_OIDC_PROVIDER }}
@@ -18,9 +19,9 @@ oidc.clientid={{ XWIKI_OIDC_CLIENT_ID }}
 oidc.secret={{ XWIKI_OIDC_CLIENT_SECRET }}
 oidc.scope={{ XWIKI_OIDC_SCOPES }}
 oidc.enableUser=true
-oidc.userinfoclaims={{ XWIKI_OIDC_GROUPS_CLAIM }}
-oidc.groups.claim={{ XWIKI_OIDC_GROUPS_CLAIM }}
-oidc.groups.mapping=XWiki.XWikiAdminGroup={{ XWIKI_OIDC_ADMIN_PROVIDER_GROUP }}
+#oidc.userinfoclaims={{ XWIKI_OIDC_GROUPS_CLAIM }}
+#oidc.groups.claim={{ XWIKI_OIDC_GROUPS_CLAIM }}
+#oidc.groups.mapping=XWiki.XWikiAdminGroup={{ XWIKI_OIDC_ADMIN_PROVIDER_GROUP }}
 {% endif %}
 
 # Start DW automatically and non-interactively

roles/web-app-xwiki/vars/main.yml

@@ -63,7 +63,7 @@ XWIKI_OIDC_USERINFO:                  "{{ OIDC.CLIENT.USER_INFO_URL }}"
 XWIKI_OIDC_LOGOUT:                    "{{ OIDC.CLIENT.LOGOUT_URL }}"
 XWIKI_OIDC_CLIENT_ID:                 "{{ OIDC.CLIENT.ID }}"
 XWIKI_OIDC_CLIENT_SECRET:             "{{ OIDC.CLIENT.SECRET }}"
-XWIKI_OIDC_SCOPES:                    "openid email profile {{ RBAC.GROUP.CLAIM }}"
+XWIKI_OIDC_SCOPES:                    "openid,email,profile,{{ RBAC.GROUP.CLAIM }}"
 XWIKI_OIDC_GROUPS_CLAIM:              "{{ RBAC.GROUP.CLAIM }}"
 XWIKI_OIDC_ADMIN_PROVIDER_GROUP:      "{{ [RBAC.GROUP.NAME, XWIKI_ADMIN_GROUP] | path_join }}"