debops.dokuwiki default variables

Basic configuration options

dokuwiki__fqdn

Default domain which will be used to host the "main" wiki instance.

dokuwiki__fqdn: 'wiki.{{ ansible_domain }}'
dokuwiki__domains

List of domains on which DokuWiki is configured in nginx.

dokuwiki__domains: '{{ [ dokuwiki__fqdn ] +
                       dokuwiki__farm_animals|d([]) }}'
dokuwiki__nginx_auth_realm

Basic Auth realm displayed in the login dialog.

dokuwiki__nginx_auth_realm: 'Wiki access is restricted'
dokuwiki__nginx_access_policy

Access policy defined using debops.nginx role, applied to this DokuWiki.

dokuwiki__nginx_access_policy: ''
dokuwiki__nginx_filename

Name of the nginx configuration file for DokuWiki website, without the .conf extension.

dokuwiki__nginx_filename: 'debops.dokuwiki'

User, group, app directories

dokuwiki__user

DokuWiki system user account.

dokuwiki__user: 'dokuwiki'
dokuwiki__group

DokuWiki system user group.

dokuwiki__group: 'dokuwiki'
dokuwiki__home

DokuWiki home directory.

dokuwiki__home: '{{ (ansible_local.nginx.www
                     if (ansible_local|d() and ansible_local.nginx|d() and
                         ansible_local.nginx.www|d())
                     else "/srv/www") + "/" + dokuwiki__user }}'
dokuwiki__src

Base path for git bare repository with DokuWiki source.

dokuwiki__src: '{{ (ansible_local.root.src
                    if (ansible_local|d() and ansible_local.root|d() and
                        ansible_local.root.src|d())
                    else "/usr/local/src") + "/" + dokuwiki__user }}'
dokuwiki__www

Base web root directory for DokuWiki website.

dokuwiki__www: '{{ (ansible_local.nginx.www
                    if (ansible_local|d() and ansible_local.nginx|d() and
                        ansible_local.nginx.www|d())
                    else "/srv/www") + "/" + dokuwiki__user }}'
dokuwiki__webserver_user

DokuWiki webserver user (needs read-only access to the website code).

dokuwiki__webserver_user: '{{ ansible_local.nginx.user
                              if (ansible_local|d() and
                                  ansible_local.nginx|d() and
                                  ansible_local.nginx.user|d())
                              else "www-data" }}'

Application sources

dokuwiki__git_repo

DokuWiki source repository.

dokuwiki__git_repo: 'https://github.com/splitbrain/dokuwiki.git'
dokuwiki__git_dest

DokuWiki source directory on the host.

dokuwiki__git_dest: '{{ dokuwiki__src + "/" + dokuwiki__git_repo.split("://")[1] }}'
dokuwiki__git_version

DokuWiki git branch to deploy.

dokuwiki__git_version: 'stable'
dokuwiki__git_checkout

Default path where DokuWiki source files will be deployed.

dokuwiki__git_checkout: '{{ dokuwiki__www + "/sites/" + dokuwiki__domains[0] + "/public" }}'

LDAP environment

dokuwiki__ldap_enabled

Enable or disable support for LDAP authentication in DokuWiki. Only the main instance is supported at the moment.

dokuwiki__ldap_enabled: '{{ True
                            if (ansible_local|d() and ansible_local.ldap|d() and
                                (ansible_local.ldap.enabled|d())|bool)
                            else False }}'
dokuwiki__ldap_base_dn

The base Distinguished Name which should be used to create Distinguished Names of the LDAP directory objects, defined as a YAML list. If this variable is empty, LDAP configuration will not be performed.

dokuwiki__ldap_base_dn: '{{ ansible_local.ldap.base_dn
                            if (ansible_local|d() and ansible_local.ldap|d() and
                                ansible_local.ldap.base_dn|d())
                            else [] }}'
dokuwiki__ldap_device_dn

The Distinguished Name of the current host LDAP object, defined as a YAML list. It will be used as a base for the DokuWiki service account LDAP object. If the list is empty, the role will not create the account LDAP object automatically.

dokuwiki__ldap_device_dn: '{{ ansible_local.ldap.device_dn
                              if (ansible_local|d() and ansible_local.ldap|d() and
                                  ansible_local.ldap.device_dn|d())
                              else [] }}'
dokuwiki__ldap_self_rdn

The Relative Distinguished Name of the account LDAP object used by the DokuWiki service to access the LDAP directory.

dokuwiki__ldap_self_rdn: 'uid=dokuwiki'
dokuwiki__ldap_self_object_classes

List of the LDAP object classes which will be used to create the LDAP object used by the DokuWiki service to access the LDAP directory.

dokuwiki__ldap_self_object_classes: [ 'account', 'simpleSecurityObject' ]
dokuwiki__ldap_self_attributes

YAML dictionary that defines the attributes of the LDAP object used by the DokuWiki service to access the LDAP directory.

dokuwiki__ldap_self_attributes:
  uid: '{{ dokuwiki__ldap_self_rdn.split("=")[1] }}'
  userPassword: '{{ dokuwiki__ldap_bindpw }}'
  host: '{{ [ ansible_fqdn, ansible_hostname ] | unique }}'
  description: 'Account used by the "DokuWiki" service to access the LDAP directory'
dokuwiki__ldap_binddn

The Distinguished Name of the account LDAP object used by the DokuWiki service to bind to the LDAP directory.

dokuwiki__ldap_binddn: '{{ ([ dokuwiki__ldap_self_rdn ] + dokuwiki__ldap_device_dn) | join(",") }}'
dokuwiki__ldap_bindpw

The password stored in the account LDAP object used by the DokuWiki service to bind to the LDAP directory.

dokuwiki__ldap_bindpw: '{{ lookup("password", secret + "/ldap/credentials/"
                                  + dokuwiki__ldap_binddn | to_uuid + ".password length=32") }}'
dokuwiki__ldap_people_rdn

The Relative Distinguished Name of the LDAP object which contains the user accounts stored in LDAP.

dokuwiki__ldap_people_rdn: '{{ ansible_local.ldap.people_rdn
                               if (ansible_local|d() and ansible_local.ldap|d() and
                                   ansible_local.ldap.people_rdn|d())
                               else "ou=People" }}'
dokuwiki__ldap_people_dn

The Distinguished Name of the LDAP object which contains the user accounts used by DokuWiki.

dokuwiki__ldap_people_dn: '{{ [ dokuwiki__ldap_people_rdn ] + dokuwiki__ldap_base_dn }}'
dokuwiki__ldap_private_groups

When this variable is enabled, the debops.ldap role will create a separate LDAP objects that manage the DokuWiki groups as subtree of the DokiWiki service LDAP object. If you set this parameter to False, the role will use the global ou=Groups,dc=example,dc=org subtree instead.

dokuwiki__ldap_private_groups: True
dokuwiki__ldap_groups_rdn

The Relative Distinguished Name of the LDAP object which contains the groups stored in LDAP.

dokuwiki__ldap_groups_rdn: '{{ ansible_local.ldap.groups_rdn
                               if (ansible_local|d() and ansible_local.ldap|d() and
                                   ansible_local.ldap.groups_rdn|d())
                               else "ou=Groups" }}'
dokuwiki__ldap_groups_dn

The Distinguished Name of the LDAP object which contains the groups used by DokuWiki. If private groups are enabled, this object will be created automatically.

dokuwiki__ldap_groups_dn: '{{ ([ dokuwiki__ldap_groups_rdn, dokuwiki__ldap_self_rdn ]
                               + dokuwiki__ldap_device_dn)
                              if dokuwiki__ldap_private_groups|bool
                              else ([ dokuwiki__ldap_groups_rdn ] + dokuwiki__ldap_base_dn) }}'
dokuwiki__ldap_admin_group_rdn

The Relative Distinguished Name of the LDAP object which defines who has administrative access to a given DokuWiki instance.

dokuwiki__ldap_admin_group_rdn: 'cn=DokuWiki Administrators'
dokuwiki__ldap_admin_group_dn

The Distinguished Name of the LDAP object which defines who has administrative access to a given DokuWiki instance.

dokuwiki__ldap_admin_group_dn: '{{ [ dokuwiki__ldap_admin_group_rdn ]
                                   + dokuwiki__ldap_groups_dn }}'
dokuwiki__ldap_object_owner_rdn

The Relative Distinguished Name of the LDAP object of the person who installed a given DokuWiki instance and is used as the owner of the "DokuWiki Administrators" group.

dokuwiki__ldap_object_owner_rdn: 'uid={{ lookup("env", "USER") }}'
dokuwiki__ldap_object_ownerdn

The Distinguished Name of the LDAP object of the person who installed a given DokuWiki instance and is used as the owner of the "DokuWiki Administrators" group, defined as a string.

dokuwiki__ldap_object_ownerdn: '{{ ([ dokuwiki__ldap_object_owner_rdn, dokuwiki__ldap_people_rdn ]
                                    + dokuwiki__ldap_base_dn) | join(",") }}'

LDAP connection options

dokuwiki__ldap_server_uri

The URI address of the LDAP server used by DokuWiki.

dokuwiki__ldap_server_uri: '{{ (ansible_local.ldap.uri
                                if (ansible_local|d() and ansible_local.ldap|d() and
                                    ansible_local.ldap.uri|d())
                                else [""]) | first }}'
dokuwiki__ldap_server_port

The TCP port which should be used for connections to the LDAP server.

dokuwiki__ldap_server_port: '{{ ansible_local.ldap.port
                                if (ansible_local|d() and ansible_local.ldap|d() and
                                    ansible_local.ldap.port|d())
                                else ("389" if dokuwiki__ldap_start_tls|bool else "636") }}'
dokuwiki__ldap_start_tls

If True, DokuWiki will use STARTTLS extension to make encrypted connections to the LDAP server.

dokuwiki__ldap_start_tls: '{{ ansible_local.ldap.start_tls
                              if (ansible_local|d() and ansible_local.ldap|d() and
                                  (ansible_local.ldap.start_tls|d())|bool)
                              else True }}'
dokuwiki__ldap_user_filter

The LDAP filter used to look up user accounts in the directory.

dokuwiki__ldap_user_filter: '(&
                               (objectClass=inetOrgPerson)
                               (|
                                 (uid=%{user})
                                 (mail=%{user})
                               )
                               (|
                                 (authorizedService=dokuwiki)
                                 (authorizedService=web-public)
                                 (authorizedService=\\*)
                               )
                             )'
dokuwiki__ldap_group_filter

The LDAP filter used to loo up groups in the directory.

dokuwiki__ldap_group_filter: '(&
                                (objectClass=groupOfNames)
                                (member=%{dn})
                              )'
dokuwiki__ldap_configuration

The variable which contains the LDAP configuration stored in the conf/local.protected.php configuration file. The contents should be written in PHP, Jinja can be used for logic outside of the PHP engine.

dokuwiki__ldap_configuration: |
  $conf['useacl'] = 1;
  $conf['authtype'] = 'authldap';
  $conf['superuser'] = '{{ "@" + dokuwiki__ldap_admin_group_rdn.split("=")[1] }}';
  $conf['plugin']['authldap']['server'] = '{{ dokuwiki__ldap_server_uri }}';
  $conf['plugin']['authldap']['port'] = '{{ dokuwiki__ldap_server_port }}';
  $conf['plugin']['authldap']['usertree'] = '{{ dokuwiki__ldap_people_dn | join(",") }}';
  $conf['plugin']['authldap']['grouptree'] = '{{ dokuwiki__ldap_groups_dn | join(",") }}';
  $conf['plugin']['authldap']['userfilter'] = '{{ dokuwiki__ldap_user_filter }}';
  $conf['plugin']['authldap']['groupfilter'] = '{{ dokuwiki__ldap_group_filter }}';
  $conf['plugin']['authldap']['version'] = 3;
  $conf['plugin']['authldap']['starttls'] = {{ "1" if dokuwiki__ldap_start_tls|bool else "0" }};
  $conf['plugin']['authldap']['referrals'] = '0';
  $conf['plugin']['authldap']['deref'] = '0';
  $conf['plugin']['authldap']['binddn'] = '{{ dokuwiki__ldap_binddn }}';
  $conf['plugin']['authldap']['bindpw'] = '{{ dokuwiki__ldap_bindpw }}';
  $conf['plugin']['authldap']['userscope'] = 'sub';
  $conf['plugin']['authldap']['groupscope'] = 'sub';
  $conf['plugin']['authldap']['userkey'] = 'uid';
  $conf['plugin']['authldap']['groupkey'] = 'cn';
  $conf['plugin']['authldap']['debug'] = 0;
  $conf['plugin']['authldap']['modPass'] = 0;

Protected local configuration

dokuwiki__protected_conf_php

This variable defines the contents of the conf/local.protected.php configuration file. The contents should be written in PHP, Jinja can be used for logic outside of the PHP engine.

dokuwiki__protected_conf_php: |
  {% if dokuwiki__ldap_enabled|bool %}
  {{ dokuwiki__ldap_configuration }}
  {% endif %}

Application plugins, themes, system packages

dokuwiki__base_packages

List of base APT packages to install for DokuWiki support.

dokuwiki__base_packages: [ 'curl' ]
dokuwiki__packages

List of additional APT packages to install for DokuWiki support.

dokuwiki__packages: []
dokuwiki__plugins_enabled

Enable or disable installation of DokuWiki plugins and templates.

dokuwiki__plugins_enabled: True
dokuwiki__plugins

List of custom DokuWiki plugins to install.

dokuwiki__plugins: []
dokuwiki__default_plugins

List of default DokuWiki plugins to install.

dokuwiki__default_plugins: '{{ dokuwiki__plugins_editor +
                               dokuwiki__plugins_syntax +
                               dokuwiki__plugins_git }}'
dokuwiki__plugins_editor

DokuWiki plugins related to the text editor.

dokuwiki__plugins_editor:

  - repo: 'https://github.com/cosmocode/edittable.git'
    dest: 'edittable'

  - repo: 'https://github.com/albertgasset/dokuwiki-plugin-codemirror'
    dest: 'codemirror'
dokuwiki__plugins_syntax

DokuWiki plugins that provide additional wiki syntax.

dokuwiki__plugins_syntax:

  - repo: 'https://github.com/cosmocode/dig.git'
    dest: 'dig'

  # This plugin has been replaced by 'switchpanel' plugin
  - repo: 'https://github.com/grantemsley/dokuwiki-plugin-patchpanel.git'
    dest: 'patchpanel'
    state: 'absent'

  - repo: 'https://github.com/GreenItSolutions/dokuwiki-plugin-switchpanel.git'
    dest: 'switchpanel'

  - repo: 'https://github.com/ashrafhasson/dokuwiki-plugin-advrack.git'
    dest: 'advrack'

  - repo: 'https://github.com/glensc/dokuwiki-plugin-pageredirect.git'
    dest: 'pageredirect'

  - repo: 'https://github.com/selfthinker/dokuwiki_plugin_wrap'
    dest: 'wrap'

  - repo: 'https://github.com/splitbrain/dokuwiki-plugin-graphviz.git'
    dest: 'graphviz'

  - repo: 'https://github.com/leibler/dokuwiki-plugin-todo.git'
    dest: 'todo'

  - repo: 'https://github.com/splitbrain/dokuwiki-plugin-gallery'
    dest: 'gallery'

  - repo: 'https://github.com/dokufreaks/plugin-tag'
    dest: 'tag'

  - repo: 'https://github.com/dokufreaks/plugin-pagelist'
    dest: 'pagelist'

  - repo: 'https://github.com/tgarc/dokuwiki-plugin-rst'
    dest: 'rst'
dokuwiki__plugins_git

DokuWiki plugins related to git support.

dokuwiki__plugins_git:

  - repo: 'https://github.com/kossmac/dokuwiki-plugin-gitlab'
    dest: 'gitlab'

  - repo: 'https://github.com/ZJ/ghissues.git'
    dest: 'ghissues'

  - repo: 'https://github.com/splitbrain/dokuwiki-plugin-gh.git'
    dest: 'gh'
dokuwiki__templates

List of DokuWiki templates.

dokuwiki__templates: []
dokuwiki__default_templates

List of default DokuWiki templates.

dokuwiki__default_templates: '{{ dokuwiki__templates_vector }}'
dokuwiki__templates_vector

The vector DokuWiki template.

dokuwiki__templates_vector:

  - repo: 'https://github.com/arsava/dokuwiki-template-vector'
    dest: 'vector'

DokuWiki farm

dokuwiki__farm

Enable or disable DokuWiki farms (the vhost variant).

dokuwiki__farm: True
dokuwiki__farm_path

Path to animals on DokuWiki farm.

dokuwiki__farm_path: '{{ dokuwiki__www + "/farm" }}'
dokuwiki__farm_animals

List of FQDN domains which will define "farm animals".

dokuwiki__farm_animals: []

Other variables

dokuwiki__max_file_size

Maximum upload size, in MB.

dokuwiki__max_file_size: '30'

Configuration for other Ansible roles

dokuwiki__python__dependent_packages3

Configuration for the debops.python Ansible role.

dokuwiki__python__dependent_packages3:

  - 'python3-docutils'
dokuwiki__python__dependent_packages2

Configuration for the debops.python Ansible role.

dokuwiki__python__dependent_packages2:

  - 'python-docutils'
dokuwiki__ldap__dependent_tasks

Configuration for the debops.ldap Ansible role.

dokuwiki__ldap__dependent_tasks:

  - name: 'Create DokuWiki account for {{ dokuwiki__ldap_device_dn | join(",") }}'
    dn: '{{ dokuwiki__ldap_binddn }}'
    objectClass: '{{ dokuwiki__ldap_self_object_classes }}'
    attributes: '{{ dokuwiki__ldap_self_attributes }}'
    no_log: True
    state: '{{ "present" if dokuwiki__ldap_device_dn|d() else "ignore" }}'

  - name: 'Create DokuWiki group container for {{ dokuwiki__ldap_device_dn | join(",") }}'
    dn: '{{ dokuwiki__ldap_groups_dn }}'
    objectClass: 'organizationalUnit'
    attributes:
      ou: '{{ dokuwiki__ldap_groups_rdn.split("=")[1] }}'
      description: 'User groups used in DokuWiki'
    state: '{{ "present"
               if (dokuwiki__ldap_device_dn|d() and
                   dokuwiki__ldap_private_groups|bool)
               else "ignore" }}'

  - name: 'Create DokuWiki admin group for {{ dokuwiki__ldap_device_dn | join(",") }}'
    dn: '{{ dokuwiki__ldap_admin_group_dn }}'
    objectClass: 'groupOfNames'
    attributes:
      cn: '{{ dokuwiki__ldap_admin_group_rdn.split("=")[1] }}'
      owner: '{{ dokuwiki__ldap_object_ownerdn }}'
      member: '{{ dokuwiki__ldap_object_ownerdn }}'
    state: '{{ "present" if dokuwiki__ldap_device_dn|d() else "ignore" }}'
dokuwiki__php__dependent_packages

List of PHP packages to install using debops.php role.

dokuwiki__php__dependent_packages:

  - [ 'gmp', 'curl', 'ldap', 'xml' ]
dokuwiki__php__dependent_pools

Configuration of the DokuWiki PHP-FPM pool managed by the debops.php role.

dokuwiki__php__dependent_pools:

  - name: 'dokuwiki'
    user: '{{ dokuwiki__user }}'
    group: '{{ dokuwiki__group }}'

    php_admin_values:
      post_max_size:       '{{ dokuwiki__max_file_size }}M'
      upload_max_filesize: '{{ dokuwiki__max_file_size }}M'
dokuwiki__nginx__dependent_upstreams

Configuration of the DokuWiki nginx upstream, used by debops.nginx.

dokuwiki__nginx__dependent_upstreams:

  - name: 'php_dokuwiki'
    type: 'php'
    php_pool: 'dokuwiki'
dokuwiki__nginx__dependent_servers

Configuration of the DokuWiki nginx server, used by debops.nginx.

dokuwiki__nginx__dependent_servers:

  - name: '{{ dokuwiki__domains }}'
    filename: '{{ dokuwiki__nginx_filename }}'
    by_role: 'debops.dokuwiki'
    type: 'php'
    root: '{{ dokuwiki__git_checkout }}'
    access_policy: '{{ dokuwiki__nginx_access_policy }}'
    auth_basic_realm: '{{ dokuwiki__nginx_auth_realm }}'
    index: 'index.html index.htm index.php doku.php'

    options: |
      autoindex off;
      client_max_body_size {{ dokuwiki__max_file_size }}M;
      client_body_buffer_size 128k;

    location:
      '/': |
        try_files $uri $uri/ @dokuwiki;

      '@dokuwiki': |
        rewrite ^/_media/(.*)           /lib/exe/fetch.php?media=$1   last;
        rewrite ^/_detail/(.*)          /lib/exe/detail.php?media=$1  last;
        rewrite ^/_export/([^/]+)/(.*)  /doku.php?do=export_$1&id=$2  last;
        rewrite ^/(.*)                  /doku.php?id=$1               last;

      '~ ^/lib.*\.(gif|png|ico|jpg)$': |
        expires 31536000s;
        add_header Pragma "public";
        add_header Cache-Control "max-age=31536000, public, must-revalidate, proxy-revalidate";
        log_not_found off;

      '~ /(data|conf|bin|inc|install.php)/': |
        deny all;

    php_upstream: 'php_dokuwiki'
    php_options: |
      fastcgi_intercept_errors        on;
      fastcgi_ignore_client_abort     off;
      fastcgi_connect_timeout         60;
      fastcgi_send_timeout            180;
      fastcgi_read_timeout            180;
      fastcgi_buffer_size             128k;
      fastcgi_buffers               4 256k;
      fastcgi_busy_buffers_size       256k;
      fastcgi_temp_file_write_size    256k;