debops.dokuwiki default variables¶
Sections
Basic configuration options¶
-
dokuwiki__fqdn¶
Default domain which will be used to host the "main" wiki instance.
dokuwiki__fqdn: 'wiki.{{ ansible_domain }}'
-
dokuwiki__domains¶
List of domains on which DokuWiki is configured in nginx.
dokuwiki__domains: '{{ [ dokuwiki__fqdn ] +
dokuwiki__farm_animals|d([]) }}'
-
dokuwiki__nginx_auth_realm¶
Basic Auth realm displayed in the login dialog.
dokuwiki__nginx_auth_realm: 'Wiki access is restricted'
-
dokuwiki__nginx_access_policy¶
Access policy defined using debops.nginx role, applied to this DokuWiki.
dokuwiki__nginx_access_policy: ''
-
dokuwiki__nginx_filename¶
Name of the nginx configuration file for DokuWiki website, without the
.conf extension.
dokuwiki__nginx_filename: 'debops.dokuwiki'
User, group, app directories¶
-
dokuwiki__user¶
DokuWiki system user account.
dokuwiki__user: 'dokuwiki'
-
dokuwiki__group¶
DokuWiki system user group.
dokuwiki__group: 'dokuwiki'
-
dokuwiki__home¶
DokuWiki home directory.
dokuwiki__home: '{{ ansible_local.nginx.www|d("/srv/www") + "/" + dokuwiki__user }}'
-
dokuwiki__shell¶
DokuWiki user shell.
dokuwiki__shell: '/bin/false'
-
dokuwiki__src¶
Base path for git bare repository with DokuWiki source.
dokuwiki__src: '{{ (ansible_local.fhs.src | d("/usr/local/src"))
+ "/" + dokuwiki__user }}'
-
dokuwiki__www¶
Base web root directory for DokuWiki website.
dokuwiki__www: '{{ ansible_local.nginx.www|d("/srv/www") + "/" + dokuwiki__user }}'
-
dokuwiki__webserver_user¶
DokuWiki webserver user (needs read-only access to the website code).
dokuwiki__webserver_user: '{{ ansible_local.nginx.user|d("www-data") }}'
Application sources¶
-
dokuwiki__git_repo¶
DokuWiki source repository.
dokuwiki__git_repo: 'https://github.com/splitbrain/dokuwiki.git'
-
dokuwiki__git_dest¶
DokuWiki source directory on the host.
dokuwiki__git_dest: '{{ dokuwiki__src + "/" + dokuwiki__git_repo.split("://")[1] }}'
-
dokuwiki__git_version¶
DokuWiki git branch to deploy.
dokuwiki__git_version: 'stable'
-
dokuwiki__git_checkout¶
Default path where DokuWiki source files will be deployed.
dokuwiki__git_checkout: '{{ dokuwiki__www + "/sites/" + dokuwiki__domains[0] + "/public" }}'
LDAP environment¶
-
dokuwiki__ldap_enabled¶
Enable or disable support for LDAP authentication in DokuWiki. Only the main instance is supported at the moment.
dokuwiki__ldap_enabled: '{{ True
if (ansible_local|d() and ansible_local.ldap|d() and
(ansible_local.ldap.enabled|d())|bool)
else False }}'
-
dokuwiki__ldap_base_dn¶
The base Distinguished Name which should be used to create Distinguished Names of the LDAP directory objects, defined as a YAML list. If this variable is empty, LDAP configuration will not be performed.
dokuwiki__ldap_base_dn: '{{ ansible_local.ldap.base_dn|d([]) }}'
-
dokuwiki__ldap_device_dn¶
The Distinguished Name of the current host LDAP object, defined as a YAML list. It will be used as a base for the DokuWiki service account LDAP object. If the list is empty, the role will not create the account LDAP object automatically.
dokuwiki__ldap_device_dn: '{{ ansible_local.ldap.device_dn|d([]) }}'
-
dokuwiki__ldap_self_rdn¶
The Relative Distinguished Name of the account LDAP object used by the DokuWiki service to access the LDAP directory.
dokuwiki__ldap_self_rdn: 'uid=dokuwiki'
-
dokuwiki__ldap_self_object_classes¶
List of the LDAP object classes which will be used to create the LDAP object used by the DokuWiki service to access the LDAP directory.
dokuwiki__ldap_self_object_classes: [ 'account', 'simpleSecurityObject' ]
-
dokuwiki__ldap_self_attributes¶
YAML dictionary that defines the attributes of the LDAP object used by the DokuWiki service to access the LDAP directory.
dokuwiki__ldap_self_attributes:
uid: '{{ dokuwiki__ldap_self_rdn.split("=")[1] }}'
userPassword: '{{ dokuwiki__ldap_bindpw }}'
host: '{{ [ ansible_fqdn, ansible_hostname ] | unique }}'
description: 'Account used by the "DokuWiki" service to access the LDAP directory'
-
dokuwiki__ldap_binddn¶
The Distinguished Name of the account LDAP object used by the DokuWiki service to bind to the LDAP directory.
dokuwiki__ldap_binddn: '{{ ([ dokuwiki__ldap_self_rdn ] + dokuwiki__ldap_device_dn) | join(",") }}'
-
dokuwiki__ldap_bindpw¶
The password stored in the account LDAP object used by the DokuWiki service to bind to the LDAP directory.
dokuwiki__ldap_bindpw: '{{ (lookup("password", secret + "/ldap/credentials/"
+ dokuwiki__ldap_binddn | to_uuid + ".password length=32"))
if dokuwiki__ldap_enabled|bool
else "" }}'
-
dokuwiki__ldap_people_rdn¶
The Relative Distinguished Name of the LDAP object which contains the user accounts stored in LDAP.
dokuwiki__ldap_people_rdn: '{{ ansible_local.ldap.people_rdn|d("ou=People") }}'
-
dokuwiki__ldap_people_dn¶
The Distinguished Name of the LDAP object which contains the user accounts used by DokuWiki.
dokuwiki__ldap_people_dn: '{{ [ dokuwiki__ldap_people_rdn ] + dokuwiki__ldap_base_dn }}'
-
dokuwiki__ldap_private_groups¶
When this variable is enabled, the debops.ldap role will create
a separate LDAP objects that manage the DokuWiki groups as subtree of the
DokiWiki service LDAP object. If you set this parameter to False, the
role will use the global ou=Groups,dc=example,dc=org subtree instead.
dokuwiki__ldap_private_groups: True
-
dokuwiki__ldap_groups_rdn¶
The Relative Distinguished Name of the LDAP object which contains the groups stored in LDAP.
dokuwiki__ldap_groups_rdn: '{{ ansible_local.ldap.groups_rdn|d("ou=Groups") }}'
-
dokuwiki__ldap_groups_dn¶
The Distinguished Name of the LDAP object which contains the groups used by DokuWiki. If private groups are enabled, this object will be created automatically.
dokuwiki__ldap_groups_dn: '{{ ([ dokuwiki__ldap_groups_rdn, dokuwiki__ldap_self_rdn ]
+ dokuwiki__ldap_device_dn)
if dokuwiki__ldap_private_groups|bool
else ([ dokuwiki__ldap_groups_rdn ] + dokuwiki__ldap_base_dn) }}'
-
dokuwiki__ldap_admin_group_rdn¶
The Relative Distinguished Name of the LDAP object which defines who has administrative access to a given DokuWiki instance.
dokuwiki__ldap_admin_group_rdn: 'cn=DokuWiki Administrators'
-
dokuwiki__ldap_admin_group_dn¶
The Distinguished Name of the LDAP object which defines who has administrative access to a given DokuWiki instance.
dokuwiki__ldap_admin_group_dn: '{{ [ dokuwiki__ldap_admin_group_rdn ]
+ dokuwiki__ldap_groups_dn }}'
-
dokuwiki__ldap_object_owner_rdn¶
The Relative Distinguished Name of the LDAP object of the person who installed a given DokuWiki instance and is used as the owner of the "DokuWiki Administrators" group.
dokuwiki__ldap_object_owner_rdn: 'uid={{ lookup("env", "USER") }}'
-
dokuwiki__ldap_object_ownerdn¶
The Distinguished Name of the LDAP object of the person who installed a given DokuWiki instance and is used as the owner of the "DokuWiki Administrators" group, defined as a string.
dokuwiki__ldap_object_ownerdn: '{{ ([ dokuwiki__ldap_object_owner_rdn, dokuwiki__ldap_people_rdn ]
+ dokuwiki__ldap_base_dn) | join(",") }}'
LDAP connection options¶
-
dokuwiki__ldap_server_uri¶
The URI address of the LDAP server used by DokuWiki.
dokuwiki__ldap_server_uri: '{{ ansible_local.ldap.uri|d([""]) | first }}'
-
dokuwiki__ldap_server_port¶
The TCP port which should be used for connections to the LDAP server.
dokuwiki__ldap_server_port: '{{ ansible_local.ldap.port|d("389" if dokuwiki__ldap_start_tls|bool else "636") }}'
-
dokuwiki__ldap_start_tls¶
If True, DokuWiki will use STARTTLS extension to make encrypted
connections to the LDAP server.
dokuwiki__ldap_start_tls: '{{ ansible_local.ldap.start_tls
if (ansible_local|d() and ansible_local.ldap|d() and
(ansible_local.ldap.start_tls|d())|bool)
else True }}'
-
dokuwiki__ldap_user_filter¶
The LDAP filter used to look up user accounts in the directory.
dokuwiki__ldap_user_filter: '(&
(objectClass=inetOrgPerson)
(|
(uid=%{user})
(mail=%{user})
)
(|
(authorizedService=all)
(authorizedService=dokuwiki)
(authorizedService=web:public)
)
)'
-
dokuwiki__ldap_group_filter¶
The LDAP filter used to loo up groups in the directory.
dokuwiki__ldap_group_filter: '(&
(objectClass=groupOfNames)
(member=%{dn})
)'
-
dokuwiki__ldap_configuration¶
The variable which contains the LDAP configuration stored in the
conf/local.protected.php configuration file. The contents should be
written in PHP, Jinja can be used for logic outside of the PHP engine.
dokuwiki__ldap_configuration: |
$conf['useacl'] = 1;
$conf['authtype'] = 'authldap';
$conf['superuser'] = '{{ "@" + dokuwiki__ldap_admin_group_rdn.split("=")[1] }}';
$conf['plugin']['authldap']['server'] = '{{ dokuwiki__ldap_server_uri }}';
$conf['plugin']['authldap']['port'] = '{{ dokuwiki__ldap_server_port }}';
$conf['plugin']['authldap']['usertree'] = '{{ dokuwiki__ldap_people_dn | join(",") }}';
$conf['plugin']['authldap']['grouptree'] = '{{ dokuwiki__ldap_groups_dn | join(",") }}';
$conf['plugin']['authldap']['userfilter'] = '{{ dokuwiki__ldap_user_filter }}';
$conf['plugin']['authldap']['groupfilter'] = '{{ dokuwiki__ldap_group_filter }}';
$conf['plugin']['authldap']['version'] = 3;
$conf['plugin']['authldap']['starttls'] = {{ "1" if dokuwiki__ldap_start_tls|bool else "0" }};
$conf['plugin']['authldap']['referrals'] = '0';
$conf['plugin']['authldap']['deref'] = '0';
$conf['plugin']['authldap']['binddn'] = '{{ dokuwiki__ldap_binddn }}';
$conf['plugin']['authldap']['bindpw'] = '{{ dokuwiki__ldap_bindpw }}';
$conf['plugin']['authldap']['userscope'] = 'sub';
$conf['plugin']['authldap']['groupscope'] = 'sub';
$conf['plugin']['authldap']['userkey'] = 'uid';
$conf['plugin']['authldap']['groupkey'] = 'cn';
$conf['plugin']['authldap']['debug'] = 0;
$conf['plugin']['authldap']['modPass'] = 0;
Protected local configuration¶
-
dokuwiki__protected_conf_php¶
This variable defines the contents of the conf/local.protected.php
configuration file. The contents should be written in PHP, Jinja can be used
for logic outside of the PHP engine.
dokuwiki__protected_conf_php: |
{% if dokuwiki__ldap_enabled|bool %}
{{ dokuwiki__ldap_configuration }}
{% endif %}
This variable defines the contents of the conf/plugins.protected.php
configuration file. The contents should be written in PHP, Jinja can be used
for logic outside of the PHP engine.
dokuwiki__protected_plugins_php: |
{% if dokuwiki__ldap_enabled|bool %}
$plugins['authldap'] = 1;
{% endif %}
MIME Types local configuration¶
-
dokuwiki__local_mime_types_conf¶
Additional allowed uploadable file extensions and mimetypes are defined here.
Mimetypes that should be downloadable and not be opened in the wiki should
be prefixed with a !.
For more information, check Adding additional Mime Types.
dokuwiki__local_mime_types_conf: |
# Extra allowed MIME Types
txt text/plain
tex text/plain
conf text/plain
xml text/xml
csv text/csv
svg image/svg+xml
epub application/epub+zip
Application plugins, themes, system packages¶
-
dokuwiki__base_packages¶
List of base APT packages to install for DokuWiki support.
dokuwiki__base_packages: [ 'curl' ]
-
dokuwiki__packages¶
List of additional APT packages to install for DokuWiki support.
dokuwiki__packages: []
-
dokuwiki__plugins_enabled¶
Enable or disable installation of DokuWiki plugins and templates.
dokuwiki__plugins_enabled: True
-
dokuwiki__plugins¶
List of custom DokuWiki plugins to install.
dokuwiki__plugins: []
-
dokuwiki__default_plugins¶
List of default DokuWiki plugins to install.
dokuwiki__default_plugins: '{{ dokuwiki__plugins_editor +
dokuwiki__plugins_syntax +
dokuwiki__plugins_git }}'
-
dokuwiki__plugins_editor¶
DokuWiki plugins related to the text editor.
dokuwiki__plugins_editor:
- repo: 'https://github.com/cosmocode/edittable.git'
dest: 'edittable'
- repo: 'https://gitlab.com/albertgasset/dokuwiki-plugin-codemirror.git'
dest: 'codemirror'
-
dokuwiki__plugins_syntax¶
DokuWiki plugins that provide additional wiki syntax.
dokuwiki__plugins_syntax:
- repo: 'https://github.com/cosmocode/dig.git'
dest: 'dig'
# This plugin has been replaced by 'switchpanel' plugin
- repo: 'https://github.com/grantemsley/dokuwiki-plugin-patchpanel.git'
dest: 'patchpanel'
state: 'absent'
- repo: 'https://github.com/GreenItSolutions/dokuwiki-plugin-switchpanel.git'
dest: 'switchpanel'
- repo: 'https://github.com/ashrafhasson/dokuwiki-plugin-advrack.git'
dest: 'advrack'
state: 'absent'
- repo: 'https://github.com/glensc/dokuwiki-plugin-pageredirect.git'
dest: 'pageredirect'
- repo: 'https://github.com/selfthinker/dokuwiki_plugin_wrap'
dest: 'wrap'
- repo: 'https://github.com/splitbrain/dokuwiki-plugin-graphviz.git'
dest: 'graphviz'
- repo: 'https://github.com/leibler/dokuwiki-plugin-todo.git'
dest: 'todo'
- repo: 'https://github.com/splitbrain/dokuwiki-plugin-gallery'
dest: 'gallery'
- repo: 'https://github.com/dokufreaks/plugin-tag'
dest: 'tag'
- repo: 'https://github.com/dokufreaks/plugin-pagelist'
dest: 'pagelist'
- repo: 'https://github.com/tgarc/dokuwiki-plugin-rst'
dest: 'rst'
state: 'absent'
-
dokuwiki__plugins_git¶
DokuWiki plugins related to git support.
dokuwiki__plugins_git:
- repo: 'https://github.com/kossmac/dokuwiki-plugin-gitlab'
dest: 'gitlab'
state: 'absent'
- repo: 'https://github.com/ZJ/ghissues.git'
dest: 'ghissues'
state: 'absent'
- repo: 'https://github.com/splitbrain/dokuwiki-plugin-gh.git'
dest: 'gh'
-
dokuwiki__templates¶
List of DokuWiki templates.
dokuwiki__templates: []
-
dokuwiki__default_templates¶
List of default DokuWiki templates.
dokuwiki__default_templates: '{{ dokuwiki__templates_vector }}'
-
dokuwiki__templates_vector¶
The vector DokuWiki template.
dokuwiki__templates_vector:
- repo: 'https://github.com/arsava/dokuwiki-template-vector'
dest: 'vector'
-
dokuwiki__extra_files¶
List of extra files to include in DokuWiki installation on all hosts.
dokuwiki__extra_files: []
-
dokuwiki__group_extra_files¶
List of extra files to include in DokuWiki installation on hosts in group.
dokuwiki__group_extra_files: []
-
dokuwiki__host_extra_files¶
List of extra files to include in DokuWiki installation on host.
dokuwiki__host_extra_files: []
DokuWiki farm¶
-
dokuwiki__farm¶
Enable or disable DokuWiki farms (the vhost variant).
dokuwiki__farm: True
-
dokuwiki__farm_path¶
Path to animals on DokuWiki farm.
dokuwiki__farm_path: '{{ dokuwiki__www + "/farm" }}'
-
dokuwiki__farm_animals¶
List of FQDN domains which will define "farm animals".
dokuwiki__farm_animals: []
Configuration for other Ansible roles¶
-
dokuwiki__python__dependent_packages3¶
Configuration for the debops.python Ansible role.
dokuwiki__python__dependent_packages3:
- 'python3-docutils'
-
dokuwiki__python__dependent_packages2¶
Configuration for the debops.python Ansible role.
dokuwiki__python__dependent_packages2:
- 'python-docutils'
-
dokuwiki__ldap__dependent_tasks¶
Configuration for the debops.ldap Ansible role.
dokuwiki__ldap__dependent_tasks:
- name: 'Create DokuWiki account for {{ dokuwiki__ldap_device_dn | join(",") }}'
dn: '{{ dokuwiki__ldap_binddn }}'
objectClass: '{{ dokuwiki__ldap_self_object_classes }}'
attributes: '{{ dokuwiki__ldap_self_attributes }}'
no_log: True
state: '{{ "present" if dokuwiki__ldap_device_dn|d() else "ignore" }}'
- name: 'Create DokuWiki group container for {{ dokuwiki__ldap_device_dn | join(",") }}'
dn: '{{ dokuwiki__ldap_groups_dn }}'
objectClass: 'organizationalStructure'
attributes:
ou: '{{ dokuwiki__ldap_groups_rdn.split("=")[1] }}'
description: 'User groups used in DokuWiki'
state: '{{ "present"
if (dokuwiki__ldap_device_dn|d() and
dokuwiki__ldap_private_groups|bool)
else "ignore" }}'
- name: 'Create DokuWiki admin group for {{ dokuwiki__ldap_device_dn | join(",") }}'
dn: '{{ dokuwiki__ldap_admin_group_dn }}'
objectClass: 'groupOfNames'
attributes:
cn: '{{ dokuwiki__ldap_admin_group_rdn.split("=")[1] }}'
owner: '{{ dokuwiki__ldap_object_ownerdn }}'
member: '{{ dokuwiki__ldap_object_ownerdn }}'
state: '{{ "present" if dokuwiki__ldap_device_dn|d() else "ignore" }}'
-
dokuwiki__php__dependent_packages¶
List of PHP packages to install using debops.php role.
dokuwiki__php__dependent_packages:
- [ 'gmp', 'curl', 'ldap', 'xml' ]
-
dokuwiki__php__dependent_pools¶
Configuration of the DokuWiki PHP-FPM pool managed by the debops.php role.
dokuwiki__php__dependent_pools:
- name: 'dokuwiki'
user: '{{ dokuwiki__user }}'
group: '{{ dokuwiki__group }}'
owner: '{{ dokuwiki__user }}'
home: '{{ dokuwiki__home }}'
php_admin_values:
post_max_size: '{{ dokuwiki__max_file_size }}M'
upload_max_filesize: '{{ dokuwiki__max_file_size }}M'
-
dokuwiki__nginx__dependent_upstreams¶
Configuration of the DokuWiki nginx upstream, used by debops.nginx.
dokuwiki__nginx__dependent_upstreams:
- name: 'php_dokuwiki'
type: 'php'
php_pool: 'dokuwiki'
-
dokuwiki__nginx__dependent_servers¶
Configuration of the DokuWiki nginx server, used by debops.nginx.
dokuwiki__nginx__dependent_servers:
- name: '{{ dokuwiki__domains }}'
filename: '{{ dokuwiki__nginx_filename }}'
by_role: 'debops.dokuwiki'
type: 'php'
root: '{{ dokuwiki__git_checkout }}'
webroot_create: False
access_policy: '{{ dokuwiki__nginx_access_policy }}'
auth_basic_realm: '{{ dokuwiki__nginx_auth_realm }}'
index: 'index.html index.htm index.php doku.php'
options: |
autoindex off;
client_max_body_size {{ dokuwiki__max_file_size }}M;
client_body_buffer_size 128k;
location:
'/': |
try_files $uri $uri/ @dokuwiki;
'@dokuwiki': |
rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
rewrite ^/(.*) /doku.php?id=$1 last;
'~ ^/lib.*\.(gif|png|ico|jpg)$': |
expires 31536000s;
add_header Pragma "public";
add_header Cache-Control "max-age=31536000, public, must-revalidate, proxy-revalidate";
log_not_found off;
'~ /(data|conf|bin|inc|install.php)/': |
deny all;
php_upstream: 'php_dokuwiki'
php_options: |
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort off;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;