mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-09-12 05:17:38 +02:00
Kevin Veen-Birkenbach
6418a462ec
- LDAP: move settings to xwiki.cfg; enable trylocal (1/0), group_mapping to XWiki.XWikiAdminGroup, and mode_group_sync=always. - OIDC: add groups claim request (oidc.userinfoclaims), map provider group to XWiki.XWikiAdminGroup, and use space-separated scopes. - Compose: mount xwiki.cfg and xwiki.properties into /usr/local/xwiki. - Extensions: wait for REST readiness; pre-check OIDC/LDAP extensions (URL-encoded IDs); install via REST job only if missing. - Vars: strict mappings to LDAP.* and OIDC.* (no defaults), add XWIKI_ADMIN_GROUP and derived DNs. - Config: expose ldap.local_enabled; tidy meta tags; README grammar update. Conversation: https://chatgpt.com/share/68c2b8ad-4814-800f-b377-065f967998db
64 lines
3.7 KiB
YAML
64 lines
3.7 KiB
YAML
# General
|
|
application_id: "web-app-xwiki"
|
|
database_type: "mariadb"
|
|
container_port: 8080
|
|
container_hostname: "{{ domains | get_domain(application_id) }}"
|
|
|
|
# XWiki
|
|
|
|
XWIKI_HOST_PORT: "{{ ports.localhost.http[application_id] }}"
|
|
|
|
## URLs
|
|
XWIKI_HOSTNAME: "{{ container_hostname }}"
|
|
|
|
## Paths
|
|
XWIKI_HOST_CONF_PATH: "{{ [docker_compose.directories.config, 'xwiki.cfg'] | path_join }}"
|
|
XWIKI_HOST_PROPERTIES_PATH: "{{ [docker_compose.directories.config, 'xwiki.properties'] | path_join }}"
|
|
|
|
## Docker
|
|
XWIKI_IMAGE_CUSTOM: "xwiki_custom"
|
|
XWIKI_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.xwiki.image') }}"
|
|
XWIKI_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.xwiki.version') }}"
|
|
XWIKI_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.xwiki.name') }}"
|
|
XWIKI_DATA_VOLUME: "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}"
|
|
|
|
# Feature toggles (must be set in config/main.yml -> features)
|
|
XWIKI_LDAP_ENABLED: "{{ applications | get_app_conf(application_id, 'features.ldap') }}"
|
|
XWIKI_OIDC_ENABLED: "{{ applications | get_app_conf(application_id, 'features.oidc') }}"
|
|
|
|
# Admin credentials (must be provided via inventory/vault)
|
|
XWIKI_ADMIN_USER: "{{ users.administrator.username }}"
|
|
XWIKI_ADMIN_PASS: "{{ users.administrator.password }}"
|
|
XWIKI_ADMIN_GROUP: "{{ application_id }}-administrator"
|
|
|
|
# REST endpoint (local inside container)
|
|
XWIKI_REST_BASE: "http://127.0.0.1:{{ XWIKI_HOST_PORT }}/xwiki/rest/jobs?jobType=install&async=false"
|
|
|
|
# Extension IDs + Versions (pin versions explicitly)
|
|
XWIKI_EXT_LDAP_ID: "org.xwiki.contrib.ldap:ldap-authenticator"
|
|
XWIKI_EXT_LDAP_VERSION: "9.15.7"
|
|
XWIKI_EXT_OIDC_ID: "org.xwiki.contrib.oidc:oidc-authenticator"
|
|
XWIKI_EXT_OIDC_VERSION: "2.19.2"
|
|
|
|
# LDAP configuration (mapped to LDAP.* context)
|
|
XWIKI_LDAP_SERVER: "{{ LDAP.SERVER.DOMAIN }}"
|
|
XWIKI_LDAP_PORT: "{{ LDAP.SERVER.PORT }}"
|
|
XWIKI_LDAP_BASE_DN: "{{ LDAP.DN.ROOT }}"
|
|
XWIKI_LDAP_BIND_DN: "{{ LDAP.DN.ADMINISTRATOR.DATA }}"
|
|
XWIKI_LDAP_BIND_PASS: "{{ LDAP.BIND_CREDENTIAL }}"
|
|
XWIKI_LDAP_TRYLOCAL: "{{ applications | get_app_conf(application_id, 'ldap.local_enabled') }}"
|
|
XWIKI_LDAP_FIELDS_MAPPING: "last_name={{ LDAP.USER.ATTRIBUTES.SURNAME }},first_name={{ LDAP.USER.ATTRIBUTES.FIRSTNAME }},email={{ LDAP.USER.ATTRIBUTES.MAIL }}"
|
|
XWIKI_LDAP_ADMIN_GROUP_DN: "cn={{ XWIKI_ADMIN_GROUP ~ ',' ~ LDAP.DN.OU.GROUPS }}"
|
|
|
|
# OIDC configuration (must exist in OIDC.* context)
|
|
XWIKI_OIDC_PROVIDER: "{{ OIDC.CLIENT.ISSUER_URL }}"
|
|
XWIKI_OIDC_AUTHORIZATION: "{{ OIDC.CLIENT.AUTHORIZE_URL }}"
|
|
XWIKI_OIDC_TOKEN: "{{ OIDC.CLIENT.TOKEN_URL }}"
|
|
XWIKI_OIDC_USERINFO: "{{ OIDC.CLIENT.USER_INFO_URL }}"
|
|
XWIKI_OIDC_LOGOUT: "{{ OIDC.CLIENT.LOGOUT_URL }}"
|
|
XWIKI_OIDC_CLIENT_ID: "{{ OIDC.CLIENT.ID }}"
|
|
XWIKI_OIDC_CLIENT_SECRET: "{{ OIDC.CLIENT.SECRET }}"
|
|
XWIKI_OIDC_SCOPES: "openid email profile {{ RBAC.GROUP.CLAIM }}"
|
|
XWIKI_OIDC_GROUPS_CLAIM: "{{ RBAC.GROUP.CLAIM }}"
|
|
XWIKI_OIDC_ADMIN_PROVIDER_GROUP: "{{ [RBAC.GROUP.NAME, XWIKI_ADMIN_GROUP] | path_join }}"
|