kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-30 23:38:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
009bee531b37c5eb7e4b4b85a46a659b9c4af9e8
computer-playbook/roles/web-app-mediawiki/tasks/05_oidc.yml
Kevin Veen-Birkenbach dd9a9b6d84 feat(mediawiki): Refactor OIDC + debug; install Composer deps in-container; modularize role 
Discussion: https://chatgpt.com/share/68b10c0a-c308-800f-93ac-2ffb386cf58b

- Split tasks into 01_install, 02_debug, 03_admin, 04_extensions, 05_oidc.
- Ensure unzip+git+composer on demand in the container; run Composer as www-data with COMPOSER_HOME=/tmp/composer.
- Idempotently unpack/install PluggableAuth & OpenIDConnect; run composer install only if vendor/ is missing.
- Add sanity check for Jumbojett\OpenIDConnectClient.
- Copy oidc.php only when changed and append a single require_once to LocalSettings.php.
- Use REL1_44-compatible numeric array for $wgPluggableAuth_Config; set $wgPluggableAuth_ButtonLabelMessage.
- Debug: add debug.php that logs to STDERR (visible via docker logs); toggle cleanly with MODE_DEBUG.
- Enable OIDC feature in config; add paths/OIDC/extension vars in vars/main.yml.

fix(services): include SYS_SERVICE_GROUP_CLEANUP in StartPre lock (ssd-hdd, docker-hard).

fix(desktop/joomla): simplify MODE_DEBUG templating.

chore: minor cleanups and renames.
2025-08-29 04:10:46 +02:00

62 lines
2.1 KiB
YAML
Raw Blame History

---
# All operations remain INSIDE the running container.
# Template is rendered into docker_compose.directories.config on the host.
# Change detection is based on checksum comparison vs. container file.
- name: "OIDC | Ensure local config directory exists"
file:
path: "{{ MEDIAWIKI_CONFIG_DIR }}"
state: directory
mode: "0755"
- name: "OIDC | Render oidc.php locally (template into config dir)"
template:
src: "oidc.php.j2"
dest: "{{ MEDIAWIKI_OIDC_FILE }}"
mode: "0644"
no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"
- name: "OIDC | Compute local checksum"
stat:
path: "{{ MEDIAWIKI_OIDC_FILE }}"
checksum_algorithm: sha256
register: _local_oidc
- name: "OIDC | Compute container checksum (if exists)"
shell: >
docker exec {{ MEDIAWIKI_CONTAINER }} bash -lc
"test -f {{ MEDIAWIKI_HTML_DIR }}/oidc.php &&
sha256sum {{ MEDIAWIKI_HTML_DIR }}/oidc.php | awk '{print $1}' || echo MISSING"
args:
executable: /bin/bash
register: _remote_oidc
changed_when: false
- name: "OIDC | Copy oidc.php into container docroot only if different"
shell: >
if [ "{{ (_remote_oidc.stdout | default('') | trim) }}" != "{{ _local_oidc.stat.checksum }}" ]; then
docker cp "{{ MEDIAWIKI_OIDC_FILE }}" "{{ MEDIAWIKI_CONTAINER }}:{{ MEDIAWIKI_HTML_DIR }}/oidc.php" &&
docker exec {{ MEDIAWIKI_CONTAINER }} bash -lc "chown {{ MEDIAWIKI_USER }}:{{ MEDIAWIKI_USER }} {{ MEDIAWIKI_HTML_DIR }}/oidc.php && chmod 0644 {{ MEDIAWIKI_HTML_DIR }}/oidc.php" &&
echo COPIED;
fi
args:
executable: /bin/bash
register: _cp_oidc
changed_when: "'COPIED' in (_cp_oidc.stdout | default(''))"
- name: "OIDC | Require oidc.php once inside LocalSettings.php"
shell: |
docker exec -u {{ MEDIAWIKI_USER }} {{ MEDIAWIKI_CONTAINER }} bash -lc '
LSP={{ MEDIAWIKI_HTML_DIR }}/LocalSettings.php
LINE="require_once __DIR__ . '\''/oidc.php'\'';"
if ! grep -Fqx -- "$LINE" "$LSP"; then
printf "%s\n" "$LINE" >> "$LSP"
echo ADDED_REQUIRE
fi
'
args:
executable: /bin/bash
register: _mw_oidc_req
changed_when: "'ADDED_REQUIRE' in (_mw_oidc_req.stdout | default(''))"
Reference in New Issue View Git Blame Copy Permalink