From 4dde5388bc4945702402ce1e2f106be8c44e2537 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20Fra=C3=9F?=
 <christian.frass@dielinke-glauchau.de>
Date: Mon, 30 Sep 2024 08:23:32 +0200
Subject: [PATCH] [mod] role:wiki_js:cli

---
 roles/wiki_js/files/cli.js      | 1330 -------------------------------
 roles/wiki_js/files/wiki-js-cli |  896 +++++++++++++++++++++
 roles/wiki_js/tasks/main.json   |    5 +-
 3 files changed, 898 insertions(+), 1333 deletions(-)
 delete mode 100644 roles/wiki_js/files/cli.js
 create mode 100755 roles/wiki_js/files/wiki-js-cli

diff --git a/roles/wiki_js/files/cli.js b/roles/wiki_js/files/cli.js
deleted file mode 100644
index dd1b87e..0000000
--- a/roles/wiki_js/files/cli.js
+++ /dev/null
@@ -1,1330 +0,0 @@
-#!/usr/bin/env node
-
-
-var wiki_js;
-wiki_js = (wiki_js || {});
-wiki_js.cli = (wiki_js.cli || {});
-wiki_js.cli.helpers = (wiki_js.cli.helpers || {});
-wiki_js.cli.helpers.string = (wiki_js.cli.helpers.string || {});
-(function (exports) {
-	
-	/**
-	 */
-	function coin(
-		template,
-		arguments_
-	)
-	{
-		let result = template;
-		Object.entries(arguments_).forEach(
-			([key, value]) => {
-				result = result.replace(new RegExp("{{" + key + "}}", "g"), value);
-			}
-		);
-		return result;
-	}
-	exports.coin = coin;
-	
-}) (wiki_js.cli.helpers.string)
-
-
-var wiki_js;
-wiki_js = (wiki_js || {});
-wiki_js.cli = (wiki_js.cli || {});
-wiki_js.cli.helpers = (wiki_js.cli.helpers || {});
-wiki_js.cli.helpers.file = (wiki_js.cli.helpers.file || {});
-(function (exports) {
-	
-	/**
-	 */
-	function read(
-		path
-	)
-	{
-		const nm_fs = require("fs");
-		return (
-			new Promise(
-				(resolve, reject) => {
-					nm_fs.readFile(
-						path,
-						{
-						},
-						(err, data) => {
-							if (err) {
-								reject(err);
-							}
-							else {
-								resolve(data.toString());
-							}
-						}
-					);
-				}
-			)
-		);
-	}
-	exports.read = read;
-	
-}) (wiki_js.cli.helpers.file)
-
-
-var wiki_js;
-wiki_js = (wiki_js || {});
-wiki_js.cli = (wiki_js.cli || {});
-wiki_js.cli.helpers.log = (wiki_js.cli.helpers.log || {});
-(function (exports) {
-	
-	/**
-	 */
-	const _level_order = [
-		"debug",
-		"info",
-		"notice",
-		"warning",
-		"error",
-	];
-	
-	
-	/**
-	 */
-	var _threshold = "info";
-	
-	
-	/**
-	 */
-	function setup(
-		threshold
-	)
-	{
-		_threshold = threshold;
-	}
-	exports.setup = setup;
-	
-	
-	/**
-	 */
-	function write(
-		level,
-		incident,
-		details
-	)
-	{
-		if (_level_order.indexOf(level) < _level_order.indexOf(_threshold)) {
-			// do nothing
-		}
-		else {
-			process.stderr.write(
-				wiki_js.cli.helpers.string.coin(
-					"\n<{{datetime}}> [{{level}}] {{incident}}\n{{details}}\n\n",
-					{
-						"datetime": (new Date()).toISOString(),
-						"level": level,
-						"incident": incident,
-						"details": JSON.stringify(details, undefined, "\t"),
-					}
-				)
-			);
-		}
-	}
-	exports.write = write;
-	
-}) (wiki_js.cli.helpers.log);
-
-
-var wiki_js;
-wiki_js = (wiki_js || {});
-wiki_js.cli = (wiki_js.cli || {});
-wiki_js.cli.helpers = (wiki_js.cli.helpers || {});
-wiki_js.cli.helpers.http = (wiki_js.cli.helpers.http || {});
-(function (exports) {
-	
-	/**
-	 */
-	async function call(
-		http_request
-	)
-	{
-		wiki_js.cli.helpers.log.write(
-			"debug",
-			"http_call_request",
-			http_request
-		);
-		const fetch_request = new Request(
-			http_request.target,
-			{
-				"method": http_request.method,
-				"headers": http_request.headers,
-				"body": http_request.body,
-			}
-		);
-		const fetch_response = await fetch(fetch_request);
-		const http_response = {
-			"status_code": fetch_response.status,
-			"headers": fetch_response.headers,
-			"body": await fetch_response.text(),
-		};
-		wiki_js.cli.helpers.log.write(
-			"debug",
-			"http_call_response",
-			http_response
-		);
-		return http_response;
-	}
-	exports.call = call;
-
-}) (wiki_js.cli.helpers.http)
-
-
-var wiki_js;
-wiki_js = (wiki_js || {});
-wiki_js.cli = (wiki_js.cli || {});
-wiki_js.cli.helpers.args = (wiki_js.cli.helpers.args || {});
-(function (exports) {
-	
-	/**
-	 */
-	function parse(
-		args_raw
-	)
-	{
-		let result = {
-			"positional": [],
-			"volatile": {},
-		};
-		let state = "free";
-		let key = null;
-		args_raw.forEach(
-			(arg_raw) => {
-				switch (state) {
-					case "free": {
-						if (arg_raw.startsWith("-")) {
-							key = arg_raw.slice(1);
-							state = "bound";
-						}
-						else {
-							if (key === null) {
-								result.positional.push(arg_raw);
-								key = null;
-								state = "free";
-							}
-							else {
-								wiki_js.cli.helpers.log.write(
-									"warning",
-									"arg_discarded",
-									{
-										"arg_raw": arg_raw,
-									}
-								);
-								key = null;
-								state = "free";
-							}
-						}
-						break;
-					}
-					case "bound": {
-						if (! (key in result["volatile"])) {
-							result["volatile"][key] = [];
-						}
-						else {
-							// do nothing
-						}
-						result["volatile"][key].push(arg_raw);
-						key = null;
-						state = "free";
-					}
-				}
-			}
-		);
-		return result;
-	}
-	exports.parse = parse;
-	
-}) (wiki_js.cli.helpers.args);
-
-
-var wiki_js;
-wiki_js = (wiki_js || {});
-wiki_js.cli = (wiki_js.cli || {});
-wiki_js.cli.conf = (wiki_js.cli.conf || {});
-(function (exports) {
-	
-	/**
-	 */
-	var _data = null;
-	
-	
-	/**
-	 */
-	async function load(
-		path
-	)
-	{
-		let data_raw;
-		if (path === null) {
-			data_raw = {};
-		}
-		else {
-			const content = await wiki_js.cli.helpers.file.read(path);
-			data_raw = JSON.parse(content);
-		}
-		wiki_js.cli.helpers.log.write(
-			"debug",
-			"conf_raw",
-			data_raw
-		);
-		_data = {
-			"api": {
-				"url_base": (
-					data_raw?.api?.url_base
-					??
-					"http://localhost:3000"
-				),
-			},
-			"login": {
-				"username": (
-					data_raw?.login?.username
-					??
-					"admin"
-				),
-				"password": (
-					data_raw?.login?.password
-					??
-					"admin"
-				),
-			},
-			"log": {
-				"threshold": (
-					data_raw?.log?.threshold
-					??
-					"debug"
-				),
-			}
-		};
-		return Promise.resolve(undefined);
-	}
-	exports.load = load;
-	
-	
-	/**
-	 */
-	function set(
-		data
-	)
-	{
-		_data = data;
-	}
-	exports.set = set;
-	
-	
-	/**
-	 */
-	function get(
-	)
-	{
-		return _data;
-	}
-	exports.get = get;
-	
-}) (wiki_js.cli.conf);
-
-
-var wiki_js;
-wiki_js = (wiki_js || {});
-wiki_js.cli = (wiki_js.cli || {});
-wiki_js.cli.api = (wiki_js.cli.api || {});
-(function (exports) {
-	
-	/**
-	 */
-	async function call_finalize(
-		admin_email,
-		admin_password,
-		site_url,
-		telemetry
-	)
-	{
-		const http_request = {
-			"target": (wiki_js.cli.conf.get().api.url_base + "/finalize"),
-			"method": "POST",
-			"headers": {
-				"Content-Type": "application/json",
-			},
-			"body": JSON.stringify(
-				{
-					"adminEmail": admin_email,
-					"adminPassword": admin_password,
-					"adminPasswordConfirm": admin_password,
-					"siteUrl": site_url,
-					"telemetry": telemetry,
-				}
-			),
-		};
-		http_response = await wiki_js.cli.helpers.http.call(http_request);
-		const data = JSON.parse(http_response.body);
-		return Promise.resolve(undefined);
-	}
-	exports.call_finalize = call_finalize;
-	
-	
-	/**
-	 */
-	async function call_generic_graphql(
-		graphql_query,
-		options
-	)
-	{
-		options = Object.assign(
-			{
-				"login_token": null,
-				"variables": {},
-			},
-			options
-		);
-		const http_request = {
-			"target": (wiki_js.cli.conf.get().api.url_base + "/graphql"),
-			"method": "POST",
-			"headers": Object.assign(
-				{
-					"Content-Type": "application/json",
-				},
-				(
-					(options.login_token === null)
-					?
-					{}
-					:
-					{"Cookie": ("jwt=" + options.login_token)}
-				)
-			),
-			"body": JSON.stringify(
-				[
-					{
-						"operationName": null,
-						"variables": options.variables,
-						"extensions": {},
-						"query": graphql_query,
-					}
-				]
-			),
-		};
-		http_response = await wiki_js.cli.helpers.http.call(http_request);
-		const data = JSON.parse(http_response.body);
-		return Promise.resolve(data[0]["data"]);
-	}
-
-
-	/**
-	 * executes a local login and returns the JWT
-	 */
-	function call_login_local(
-	)
-	{
-		wiki_js.cli.helpers.log.write(
-			"info",
-			"api_call_login_local",
-			{
-			}
-		);
-		return (
-			call_generic_graphql(
-				"mutation ($username: String!, $password: String!, $strategy: String!) {authentication {login(username: $username, password: $password, strategy: $strategy) {responseResult {succeeded errorCode slug message __typename} jwt mustChangePwd mustProvideTFA mustSetupTFA continuationToken redirect tfaQRImage __typename} __typename}}",
-				{
-					"variables": {
-						"strategy": "local",
-						"username": wiki_js.cli.conf.get().login.username,
-						"password": wiki_js.cli.conf.get().login.password,
-					}
-				}
-			)
-			.then(
-				(data) => (
-					data["authentication"]["login"]["responseResult"]["succeeded"]
-					?
-					Promise.resolve(data["authentication"]["login"]["jwt"])
-					:
-					Promise.reject(new Error("login failed"))
-				)
-			)
-		);
-	}
-	exports.call_login_local = call_login_local;
-	
-	
-	/**
-	 */
-	function call_email_settings_set(
-		login_token,
-		settings
-	)
-	{
-		wiki_js.cli.helpers.log.write(
-			"info",
-			"api_call_email_settings_set",
-			{
-				"settings": settings,
-			}
-		);
-		return (
-			call_generic_graphql(
-				"mutation ($senderName: String!, $senderEmail: String!, $host: String!, $port: Int!, $name: String!, $secure: Boolean!, $verifySSL: Boolean!, $user: String!, $pass: String!, $useDKIM: Boolean!, $dkimDomainName: String!, $dkimKeySelector: String!, $dkimPrivateKey: String!) {mail {updateConfig(senderName: $senderName, senderEmail: $senderEmail, host: $host, port: $port, name: $name, secure: $secure, verifySSL: $verifySSL, user: $user, pass: $pass, useDKIM: $useDKIM, dkimDomainName: $dkimDomainName, dkimKeySelector: $dkimKeySelector, dkimPrivateKey: $dkimPrivateKey) {responseResult {succeeded errorCode slug message __typename} __typename} __typename}}",
-				{
-					"login_token": login_token,
-					"variables": {
-						"senderName": settings.sender_name,
-						"senderEmail": settings.sender_email_address,
-						"host": settings.smtp_host,
-						"port": settings.smtp_port,
-						"name": settings.name,
-						"secure": settings.secure,
-						"verifySSL": settings.verify_ssl,
-						"user": settings.smtp_username,
-						"pass": settings.smtp_password,
-						"useDKIM": settings.use_dkim,
-						"dkimDomainName": settings.dkim_domain_name,
-						"dkimKeySelector": settings.dkim_key_selector,
-						"dkimPrivateKey": settings.dkim_private_key,
-					}
-				}
-			)
-		);
-	}
-	exports.call_email_settings_set = call_email_settings_set;
-	
-	
-	/**
-	 */
-	function call_locale_download(
-		locale
-	)
-	{
-		wiki_js.cli.helpers.log.write(
-			"info",
-			"api_call_locale_download",
-			{
-				"locale": locale,
-			}
-		);
-		return (
-			call_generic_graphql(
-				"mutation ($locale: String!) {localization {downloadLocale(locale: $locale) {responseResult {succeeded errorCode slug message __typename} __typename}__typename}}",
-				{
-					"login_token": login_token,
-					"variables": {
-						"locale": locale,
-					}
-				}
-			)
-		);
-	}
-	exports.call_locale_download = call_locale_download;
-	
-	
-	/**
-	 */
-	function call_group_list(
-		login_token,
-		name
-	)
-	{
-		wiki_js.cli.helpers.log.write(
-			"info",
-			"api_call_group_list",
-			{
-			}
-		);
-		return (
-			call_generic_graphql(
-				"{groups {list {id name isSystem userCount createdAt updatedAt __typename} __typename}}",
-				{
-					"login_token": login_token,
-					"variables": {
-					}
-				}
-			)
-		);
-	}
-	exports.call_group_list = call_group_list;
-	
-	
-	/**
-	 */
-	function call_group_create(
-		login_token,
-		name
-	)
-	{
-		wiki_js.cli.helpers.log.write(
-			"info",
-			"api_call_group_create",
-			{
-				"name": name,
-			}
-		);
-		return (
-			call_generic_graphql(
-				"mutation ($name: String!) {groups {create(name: $name) {responseResult {succeeded errorCode slug message __typename} group {id name createdAt updatedAt __typename} __typename} __typename}}",
-				{
-					"login_token": login_token,
-					"variables": {
-						"name": name,
-					}
-				}
-			)
-		);
-	}
-	exports.call_group_create = call_group_create;
-	
-	
-	/**
-	 * @param permissions_general {
-	 *     Array<
-	 *         string
-	 *     >
-	 * }
-	 * @param permissions_page_specific {
-	 *     Array<
-	 *         {
-	 *             id:string;
-	 *             path:string;
-	 *             roles:Array<
-	 *                 string
-	 *             >;
-	 *             match:string;
-	 *             deny:boolean;
-	 *             locales:Array<
-	 *                 string
-	 *             >;
-	 *         }
-	 *     >
-	 * }
-	 */
-	function call_group_update(
-		login_token,
-		group_id,
-		name,
-		permissions_general,
-		permissions_page_specific
-	)
-	{
-		wiki_js.cli.helpers.log.write(
-			"info",
-			"api_call_group_update",
-			{
-			}
-		);
-		return (
-			call_generic_graphql(
-				"mutation ($id: Int!, $name: String!, $redirectOnLogin: String!, $permissions: [String]!, $pageRules: [PageRuleInput]!) {groups {update(id: $id, name: $name, redirectOnLogin: $redirectOnLogin, permissions: $permissions, pageRules: $pageRules) {responseResult {succeeded errorCode slug message __typename} __typename} __typename}}",
-				{
-					"login_token": login_token,
-					"variables": {
-						"id": group_id,
-						"name": name,
-						"redirectOnLogin": "/",
-						"permissions": permissions_general,
-						"pageRules": permissions_page_specific,
-					}
-				}
-			)
-		);
-	}
-	exports.call_group_update = call_group_update;
-
-	
-	/**
-	 */
-	function call_authentication_strategy_list(
-		login_token
-	)
-	{
-		wiki_js.cli.helpers.log.write(
-			"info",
-			"api_call_authentication_strategy_list",
-			{
-			}
-		);
-		return (
-			call_generic_graphql(
-				"{authentication {activeStrategies {key strategy {key title description useForm logo website __typename} config {key value __typename} order isEnabled displayName selfRegistration domainWhitelist autoEnrollGroups __typename} __typename}}",
-				{
-					"login_token": login_token,
-				}
-			)
-			.then(
-				(data) => Promise.resolve(data["authentication"]["activeStrategies"])
-			)
-		);
-	}
-	exports.call_authentication_strategy_list = call_authentication_strategy_list;
-	
-	
-	/**
-	 */
-	function call_authentication_strategy_set(
-		login_token,
-		strategies
-	)
-	{
-		wiki_js.cli.helpers.log.write(
-			"info",
-			"api_call_authentication_strategy_set",
-			{
-				"strategies": strategies,
-			}
-		);
-		return (
-			call_generic_graphql(
-				"mutation ($strategies: [AuthenticationStrategyInput]!) {authentication {updateStrategies(strategies: $strategies) {responseResult {succeeded errorCode slug message __typename} __typename} __typename}}",
-				{
-					"login_token": login_token,
-					"variables": {
-						"strategies": strategies,
-					}
-				}
-			)
-		);
-	}
-	exports.call_authentication_strategy_set = call_authentication_strategy_set;
-	
-	
-	/**
-	 */
-	function call_theming_set(
-		login_token,
-		dark_mode,
-		toc_position
-	)
-	{
-		wiki_js.cli.helpers.log.write(
-			"info",
-			"api_call_theming_set",
-			{
-				"dark_mode": dark_mode,
-				"toc_position": toc_position,
-			}
-		);
-		return (
-			call_generic_graphql(
-				"mutation ($theme: String!, $iconset: String!, $darkMode: Boolean!, $tocPosition: String, $injectCSS: String, $injectHead: String, $injectBody: String) {theming {setConfig(theme: $theme, iconset: $iconset, darkMode: $darkMode, tocPosition: $tocPosition, injectCSS: $injectCSS, injectHead: $injectHead, injectBody: $injectBody) {responseResult {succeeded errorCode slug message __typename} __typename} __typename}}",
-				{
-					"login_token": login_token,
-					"variables": {
-						"theme": "default",
-						"iconset": "mdi",
-						"darkMode": dark_mode,
-						"tocPosition": "left",
-						"injectCSS": "",
-						"injectHead": "",
-						"injectBody": ""
-					}
-				}
-			)
-		);
-	}
-	exports.call_theming_set = call_theming_set;
-		
-}) (wiki_js.cli.api);
-
-
-var wiki_js;
-wiki_js = (wiki_js || {});
-wiki_js.cli = (wiki_js.cli || {});
-wiki_js.cli.logic = (wiki_js.cli.logic || {});
-(function (exports) {
-
-	/**
-	 */
-	async function initialize(
-		admin_email_address,
-		admin_password,
-		options
-	)
-	{
-		options = Object.assign(
-			{
-				"site_url": "http://localhost:3000",
-				"allow_telemetry": false,
-			},
-			options
-		);
-		const result = await wiki_js.cli.api.call_finalize(
-			admin_email_address,
-			admin_password,
-			options.site_url,
-			options.allow_telemetry
-		);
-		return Promise.resolve(undefined);
-	}
-	exports.initialize = initialize;
-	
-	
-	/**
-	 */
-	async function email_settings_set(
-		smtp_host,
-		smtp_port,
-		smtp_username,
-		smtp_password,
-		sender_name,
-		sender_email_address,
-		options
-	)
-	{
-		options = Object.assign(
-			{
-			},
-			options
-		);
-		const login_token = await wiki_js.cli.api.call_login_local(
-		);
-		const result = await wiki_js.cli.api.call_email_settings_set(
-			login_token,
-			{
-				"sender_name": sender_name,
-				"sender_email_address": sender_email_address,
-				"smtp_host": smtp_host,
-				"smtp_port": smtp_port,
-				"secure": true,
-				"verify_ssl": true,
-				"smtp_username": smtp_username,
-				"smtp_password": smtp_password,
-				"name": "",
-				"use_dkim": false,
-				"dkim_domain_name": "",
-				"dkim_key_selector": "",
-				"dkim_private_key": "",
-			}
-		);
-		return Promise.resolve(undefined);
-	}
-	exports.email_settings_set = email_settings_set;
-	
-	
-	/**
-	 */
-	async function group_identify(
-		name
-	)
-	{
-		const data = await wiki_js.cli.api.call_group_list();
-		const hits = (
-			data["groups"]["list"]
-			.filter(
-				(entry) => (entry["name"] === name)
-			)
-		);
-		if (hits.length !== 1) {
-			return Promise.reject(new Error("not found or ambiguous"));
-		}
-		else {
-			return Promise.resolve(hits[0]["id"]);
-		}
-	}
-	exports.group_identify = group_identify;
-	
-	
-	/**
-	 * returns the ID of the generated group
-	 */
-	async function group_add(
-		name,
-		options = {}
-	)
-	{
-		options = Object.assign(
-			{
-				"permissions_general": [],
-				"permissions_specific": [],
-			},
-			options
-		);
-		const login_token = await wiki_js.cli.api.call_login_local(
-		);
-		const result_1 = await wiki_js.cli.api.call_group_create(
-			login_token,
-			name
-		);
-		const id = result_1["groups"]["create"]["group"]["id"];
-		const result_2 = await wiki_js.cli.api.call_group_update(
-			login_token,
-			id,
-			name,
-			options.permissions_general,
-			options.permissions_specific
-		);
-		return Promise.resolve(id);
-	}
-	exports.group_add = group_add;
-	
-	
-	/**
-	 */
-	async function group_modify(
-		id,
-		options = {}
-	)
-	{
-		options = Object.assign(
-			{
-				"permissions_general": [],
-				"permissions_specific": [],
-			},
-			options
-		);
-		const login_token = await wiki_js.cli.api.call_login_local(
-		);
-		const result = await wiki_js.cli.api.call_group_update(
-			login_token,
-			id,
-			name,
-			options.permissions_general,
-			options.permissions_specific
-		);
-		return Promise.resolve(undefined);
-	}
-	exports.group_modify = group_modify;
-	
-	
-	/**
-	 */
-	async function authentication_strategy_list(
-	)
-	{
-		const login_token = await wiki_js.cli.api.call_login_local(
-		);
-		const result = await wiki_js.cli.api.call_authentication_strategy_list(
-			login_token
-		);
-		return Promise.resolve(result);
-	}
-	exports.authentication_strategy_list = authentication_strategy_list;
-	
-	
-	/**
-	 * @param strategy {
-	 * {
-	 *     key:string;
-	 *     name:string;
-	 *     client_id:string;
-	 *     client_secret:string;
-	 *     authorization_url:string;
-	 *     token_url:string;
-	 *     user_info_url:string;
-	 *     group_assignments:Array<int>;
-	 * }
-	 */
-	async function authentication_strategy_add(
-		strategy
-	)
-	{
-		const login_token = await wiki_js.cli.api.call_login_local(
-		);
-		const current = await wiki_js.cli.api.call_authentication_strategy_list(
-			login_token
-		);
-		const result = await wiki_js.cli.api.call_authentication_strategy_set(
-			login_token,
-			(
-				(
-					current
-					.map(
-						(entry) => ({
-							"key": entry["key"],
-							"strategyKey": entry["strategy"]["key"],
-							"displayName": entry["displayName"],
-							"order": entry["order"],
-							"isEnabled": entry["isEnabled"],
-							"config": (
-								entry["config"]
-								.map(
-									(item) => ({
-										"key": item["key"],
-										"value": JSON.stringify({"v": JSON.parse(item["value"])["value"]}),
-									})
-								)
-							),
-							"selfRegistration": entry["selfRegistration"],
-							"domainWhitelist": entry["domainWhitelist"],
-							"autoEnrollGroups": entry["autoEnrollGroups"],
-						})
-					)
-				)
-				.concat(
-					[
-						{
-							"key": strategy.key,
-							"strategyKey": "oauth2",
-							"displayName": strategy.name,
-							"order": (
-								(
-									current
-									.map(x => x["order"])
-									.reduce((x,y) => (((x === null) || (x < y)) ? y : x), null)
-								)
-								+
-								1
-							),
-							"isEnabled": true,
-							"config": [
-								{
-									"key": "clientId",
-									"value": JSON.stringify({"v": strategy.client_id}),
-								},
-								{
-									"key": "clientSecret",
-									"value": JSON.stringify({"v": strategy.client_secret}),
-								},
-								{
-									"key": "authorizationURL",
-									"value": JSON.stringify({"v": strategy.authorization_url}),
-								},
-								{
-									"key": "tokenURL",
-									"value": JSON.stringify({"v": strategy.token_url}),
-								},
-								{
-									"key": "userInfoURL",
-									"value": JSON.stringify({"v": strategy.user_info_url}),
-								},
-								{
-									"key": "userIdClaim",
-									"value": JSON.stringify({"v": "id"}),
-								},
-								{
-									"key": "displayNameClaim",
-									"value": JSON.stringify({"v": "name"}),
-								},
-								{
-									"key": "emailClaim",
-									"value": JSON.stringify({"v": "email"}),
-								},
-								{
-									"key": "mapGroups",
-									"value": JSON.stringify({"v": false}),
-								},
-								{
-									"key": "groupsClaim",
-									"value": JSON.stringify({"v": "groups"}),
-								},
-								{
-									"key": "logoutURL",
-									"value": JSON.stringify({"v": ""}),
-								},
-								{
-									"key": "scope",
-									"value": JSON.stringify({"v": "openid profile email"}),
-								},
-								{
-									"key": "useQueryStringForAccessToken",
-									"value": JSON.stringify({"v": false}),
-								},
-								{
-									"key": "enableCSRFProtection",
-									"value": JSON.stringify({"v": true}),
-								}
-							],
-							"selfRegistration": true,
-							"domainWhitelist": [],
-							"autoEnrollGroups": (
-								strategy.group_assignments
-								.map(x => group_identify(x))
-							),
-						},
-					]
-				)
-			)
-		);
-		return Promise.resolve(undefined);
-	}
-	exports.authentication_strategy_add = authentication_strategy_add;
-	
-	
-	/**
-	 */
-	async function theming_set(
-		options = {}
-	)
-	{
-		options = Object.assign(
-			{
-				"dark_mode": false,
-				"toc_position": "left",
-			},
-			options
-		);
-		const login_token = await wiki_js.cli.api.call_login_local(
-		);
-		const result = await wiki_js.cli.api.call_theming_set(
-			login_token,
-			options.dark_mode,
-			options.toc_position
-		);
-		return Promise.resolve(result);
-	}
-	exports.theming_set = theming_set;
-	
-}) (wiki_js.cli.logic);
-
-
-var wiki_js;
-wiki_js = (wiki_js || {});
-wiki_js.cli = (wiki_js.cli || {});
-(function (exports) {
-	
-	/**
-	 */
-	async function main(
-		args_raw
-	)
-	{
-		// args
-		const args = wiki_js.cli.helpers.args.parse(args_raw);
-		const override_url_base = (
-			(
-				("b" in args.volatile)
-				&&
-				(args.volatile["b"].length >= 0)
-			)
-			?
-			args.volatile["b"][0]
-			:
-			null
-		);
-		const override_username = (
-			(
-				("u" in args.volatile)
-				&&
-				(args.volatile["u"].length >= 0)
-			)
-			?
-			args.volatile["u"][0]
-			:
-			null
-		);
-		const override_password = (
-			(
-				("p" in args.volatile)
-				&&
-				(args.volatile["p"].length >= 0)
-			)
-			?
-			args.volatile["p"][0]
-			:
-			null
-		);
-		
-		// conf
-		const conf_path = (
-			(
-				("c" in args.volatile)
-				&&
-				(args.volatile["c"].length >= 0)
-			)
-			?
-			args.volatile["c"][0]
-			:
-			null
-		);
-		await wiki_js.cli.conf.load(conf_path);
-		let conf_override = wiki_js.cli.conf.get();
-		((override_url_base !== null) && (conf_override.api.url_base = override_url_base));
-		((override_username !== null) && (conf_override.login.username = override_username));
-		((override_password !== null) && (conf_override.login.password = override_password));
-		wiki_js.cli.conf.set(conf_override);
-		wiki_js.cli.helpers.log.write(
-			"debug",
-			"conf",
-			wiki_js.cli.conf.get()
-		);
-		
-		// init
-		wiki_js.cli.helpers.log.setup(wiki_js.cli.conf.get().log.threshold);
-		
-		// exec
-		if (args.positional.length < 1) {
-			return Promise.reject("SYNTAX: [node] cli.js [-c <conf-path>] [-b <api-url-base>] [-u <login-username>] [-p <login-password>] <action> [<arg-1> [<arg-2> […]]]\n\n\t<action> = init | email-settings-set | group-add | auth-strat-list | auth-strat-add-oauth2 | theming-set");
-		}
-		else {
-			const action = args.positional[0];
-			switch (action) {
-				default: {
-					return Promise.reject("invalid action: " + action);
-					break;
-				}
-				case "init": {
-					if (args.positional.length <= 2) {
-						return Promise.reject("SYNTAX: … init <admin-email-address> <admin-password> [<site-url> [<allow-telemetry>]]");
-					}
-					else {
-						await wiki_js.cli.logic.initialize(
-							args.positional[1],
-							args.positional[2],
-							{
-								"site_url": (
-									(args.positional.length >= 4)
-									?
-									args.positional[3]
-									:
-									undefined
-								),
-								"allow_telemtry": (
-									(args.positional.length >= 5)
-									?
-									(args.positional[4] === "1")
-									:
-									undefined
-								),
-							}
-						);
-						return Promise.resolve(undefined);
-					}
-					break;
-				}
-				case "email-settings-set": {
-					if (args.positional.length <= 6) {
-						return Promise.reject("SYNTAX: … email-settings-set <smtp-host> <smtp-port> <smtp-username> <smtp-password> <sender-name> <sender-email-address>");
-					}
-					else {
-						await wiki_js.cli.logic.email_settings_set(
-							args.positional[1],
-							parseInt(args.positional[2]),
-							args.positional[3],
-							args.positional[4],
-							args.positional[5],
-							args.positional[6],
-							{
-							}
-						);
-						return Promise.resolve(undefined);
-					}
-				}
-				case "group-add": {
-					if (args.positional.length <= 1) {
-						return Promise.reject("SYNTAX: … group-add <name> [<permission-1> [<permission-2> [<permission-3> […]]]]");
-					}
-					else {
-						const name = args.positional[1];
-						const permissions = args.positional.slice(2);
-						const result = await wiki_js.cli.logic.group_add(
-							name,
-							{
-								"permissions_general": permissions,
-								"permissions_specific": [
-									{
-										"id": "default",
-										"path": "",
-										"roles": permissions,
-										"match": "START",
-										"deny": false,
-										"locales": []
-									}
-								],
-							}
-						);
-						process.stdout.write(
-							JSON.stringify(
-								result,
-								undefined,
-								"\t"
-							)
-							+
-							"\n"
-						);
-					}
-					break;
-				}
-				case "group-modify": {
-					if (args.positional.length <= 2) {
-						return Promise.reject("SYNTAX: … group-modify <name> [<permission-1> [<permission-2> [<permission-3> […]]]]");
-					}
-					else {
-						const name = args.positional[1];
-						const id = group_identify(name);
-						const permissions = args.positional.slice(2);
-						const result = await wiki_js.cli.logic.group_modify(
-							id,
-							{
-								"permissions_general": permissions,
-								"permissions_specific": [
-									{
-										"id": "default",
-										"path": "",
-										"roles": permissions,
-										"match": "START",
-										"deny": false,
-										"locales": []
-									}
-								],
-							}
-						);
-					}
-					break;
-				}
-				case "auth-strat-list": {
-					const result = await wiki_js.cli.logic.authentication_strategy_list();
-					process.stdout.write(
-						JSON.stringify(
-							result,
-							undefined,
-							"\t"
-						)
-						+
-						"\n"
-					);
-					return Promise.resolve(undefined);
-					break;
-				}
-				case "auth-strat-add-oauth2": {
-					if (args.positional.length <= 7) {
-						return Promise.reject("SYNTAX: … auth-strat-add-oauth2 <strategy-key> <strategy-name> <strategy-client-id> <strategy-client-secret> <strategy-authorization-url> <strategy-token-url> <strategy-user-info-url> [<group-assignment-1> [<group-assignment-2> [<group-assignment-3> […]]]]");
-					}
-					else {
-						await wiki_js.cli.logic.authentication_strategy_add(
-							{
-								"key": args.positional[1],
-								"name": args.positional[2],
-								"client_id": args.positional[3],
-								"client_secret": args.positional[4],
-								"authorization_url": args.positional[5],
-								"token_url": args.positional[6],
-								"user_info_url": args.positional[7],
-								"group_assignments": args.positional.slice(8),
-							}
-						);
-						return Promise.resolve(undefined);
-					}
-					break;
-				}
-				case "theming-set": {
-					if (args.positional.length <= 2) {
-						return Promise.reject("SYNTAX: … theming-set <dark-mode> [<toc-position>]");
-					}
-					else {
-						await wiki_js.cli.logic.theming_set(
-							{
-								"dark_mode": (args.positional[1] === "1"),
-								"toc_position": args.positional[2],
-							}
-						);
-						return Promise.resolve(undefined);
-					}
-					break;
-				}
-			}
-		}
-	}
-	exports.main = main;
-	
-}) (wiki_js.cli);
-
-
-(
-	wiki_js.cli.main(process.argv.slice(2))
-	.then(
-		() => {
-		}
-	)
-	.catch(
-		(reason) => {
-			process.stderr.write("-- " + String(reason) + "\n");
-		}
-	)
-);
diff --git a/roles/wiki_js/files/wiki-js-cli b/roles/wiki_js/files/wiki-js-cli
new file mode 100755
index 0000000..a8981b9
--- /dev/null
+++ b/roles/wiki_js/files/wiki-js-cli
@@ -0,0 +1,896 @@
+#!/usr/bin/env node
+var _wiki_js_cli;
+(function (_wiki_js_cli) {
+    var helpers;
+    (function (helpers) {
+        var string;
+        (function (string) {
+            /**
+             */
+            function coin(template, arguments_) {
+                let result = template;
+                Object.entries(arguments_).forEach(([key, value]) => {
+                    result = result.replace(new RegExp("{{" + key + "}}", "g"), value);
+                });
+                return result;
+            }
+            string.coin = coin;
+        })(string = helpers.string || (helpers.string = {}));
+    })(helpers = _wiki_js_cli.helpers || (_wiki_js_cli.helpers = {}));
+})(_wiki_js_cli || (_wiki_js_cli = {}));
+var _wiki_js_cli;
+(function (_wiki_js_cli) {
+    var helpers;
+    (function (helpers) {
+        var file;
+        (function (file) {
+            /**
+             */
+            function read(path) {
+                const nm_fs = require("fs");
+                return (new Promise((resolve, reject) => {
+                    nm_fs.readFile(path, {}, (err, data) => {
+                        if (err) {
+                            reject(err);
+                        }
+                        else {
+                            resolve(data.toString());
+                        }
+                    });
+                }));
+            }
+            file.read = read;
+        })(file = helpers.file || (helpers.file = {}));
+    })(helpers = _wiki_js_cli.helpers || (_wiki_js_cli.helpers = {}));
+})(_wiki_js_cli || (_wiki_js_cli = {}));
+var _wiki_js_cli;
+(function (_wiki_js_cli) {
+    var helpers;
+    (function (helpers) {
+        var log;
+        (function (log) {
+            /**
+             */
+            const _level_order = [
+                "debug",
+                "info",
+                "notice",
+                "warning",
+                "error",
+            ];
+            /**
+             */
+            var _threshold = "info";
+            /**
+             */
+            function setup(threshold) {
+                _threshold = threshold;
+            }
+            log.setup = setup;
+            /**
+             */
+            function write(level, incident, details) {
+                if (_level_order.indexOf(level) < _level_order.indexOf(_threshold)) {
+                    // do nothing
+                }
+                else {
+                    process.stderr.write(_wiki_js_cli.helpers.string.coin("\n<{{datetime}}> [{{level}}] {{incident}}\n{{details}}\n\n", {
+                        "datetime": (new Date()).toISOString(),
+                        "level": level,
+                        "incident": incident,
+                        "details": JSON.stringify(details, undefined, "\t"),
+                    }));
+                }
+            }
+            log.write = write;
+        })(log = helpers.log || (helpers.log = {}));
+    })(helpers = _wiki_js_cli.helpers || (_wiki_js_cli.helpers = {}));
+})(_wiki_js_cli || (_wiki_js_cli = {}));
+var _wiki_js_cli;
+(function (_wiki_js_cli) {
+    var helpers;
+    (function (helpers) {
+        var http;
+        (function (http) {
+            /**
+             */
+            async function call(http_request) {
+                _wiki_js_cli.helpers.log.write("debug", "http_call_request", http_request);
+                const fetch_request = new Request(http_request.target, {
+                    "method": http_request.method,
+                    "headers": http_request.headers,
+                    "body": http_request.body,
+                });
+                const fetch_response = await fetch(fetch_request);
+                const http_response = {
+                    "status_code": fetch_response.status,
+                    "headers": fetch_response.headers,
+                    "body": await fetch_response.text(),
+                };
+                _wiki_js_cli.helpers.log.write("debug", "http_call_response", http_response);
+                return http_response;
+            }
+            http.call = call;
+        })(http = helpers.http || (helpers.http = {}));
+    })(helpers = _wiki_js_cli.helpers || (_wiki_js_cli.helpers = {}));
+})(_wiki_js_cli || (_wiki_js_cli = {}));
+var _wiki_js_cli;
+(function (_wiki_js_cli) {
+    var helpers;
+    (function (helpers) {
+        var args;
+        (function (args) {
+            /**
+             */
+            function parse(args_raw) {
+                let result = {
+                    "positional": [],
+                    "volatile": {},
+                };
+                let state = "free";
+                let key = null;
+                args_raw.forEach((arg_raw) => {
+                    switch (state) {
+                        case "free": {
+                            if (arg_raw.startsWith("-")) {
+                                key = arg_raw.slice(1);
+                                state = "bound";
+                            }
+                            else {
+                                if (key === null) {
+                                    result.positional.push(arg_raw);
+                                    key = null;
+                                    state = "free";
+                                }
+                                else {
+                                    _wiki_js_cli.helpers.log.write("warning", "arg_discarded", {
+                                        "arg_raw": arg_raw,
+                                    });
+                                    key = null;
+                                    state = "free";
+                                }
+                            }
+                            break;
+                        }
+                        case "bound": {
+                            if (!(key in result["volatile"])) {
+                                result["volatile"][key] = [];
+                            }
+                            else {
+                                // do nothing
+                            }
+                            result["volatile"][key].push(arg_raw);
+                            key = null;
+                            state = "free";
+                        }
+                    }
+                });
+                return result;
+            }
+            args.parse = parse;
+        })(args = helpers.args || (helpers.args = {}));
+    })(helpers = _wiki_js_cli.helpers || (_wiki_js_cli.helpers = {}));
+})(_wiki_js_cli || (_wiki_js_cli = {}));
+var _wiki_js_cli;
+(function (_wiki_js_cli) {
+    var conf;
+    (function (conf) {
+        /**
+         */
+        var _data = null;
+        /**
+         */
+        async function load(path) {
+            let data_raw;
+            if (path === null) {
+                data_raw = {};
+            }
+            else {
+                const content = await _wiki_js_cli.helpers.file.read(path);
+                data_raw = JSON.parse(content);
+            }
+            _wiki_js_cli.helpers.log.write("debug", "conf_raw", data_raw);
+            _data = {
+                "api": {
+                    "url_base": (data_raw?.api?.url_base
+                        ??
+                            "http://localhost:3000"),
+                },
+                "login": {
+                    "username": (data_raw?.login?.username
+                        ??
+                            "admin"),
+                    "password": (data_raw?.login?.password
+                        ??
+                            "admin"),
+                },
+                "log": {
+                    "threshold": (data_raw?.log?.threshold
+                        ??
+                            "info"),
+                }
+            };
+            return Promise.resolve(undefined);
+        }
+        conf.load = load;
+        /**
+         */
+        function set(data) {
+            _data = data;
+        }
+        conf.set = set;
+        /**
+         */
+        function get() {
+            return _data;
+        }
+        conf.get = get;
+    })(conf = _wiki_js_cli.conf || (_wiki_js_cli.conf = {}));
+})(_wiki_js_cli || (_wiki_js_cli = {}));
+var _wiki_js_cli;
+(function (_wiki_js_cli) {
+    var api;
+    (function (api) {
+        /**
+         */
+        var _login_token = null;
+        /**
+         */
+        var _url_base = null;
+        /**
+         */
+        function init(url_base) {
+            _url_base = url_base;
+            return Promise.resolve(undefined);
+        }
+        api.init = init;
+        /**
+         */
+        async function call_generic_graphql(graphql_query, options) {
+            options = Object.assign({
+                "variables": {},
+            }, options);
+            const http_request = {
+                "target": (_url_base + "/graphql"),
+                "method": "POST",
+                "headers": Object.assign({
+                    "Content-Type": "application/json",
+                }, ((_login_token === null)
+                    ?
+                        {}
+                    :
+                        { "Cookie": ("jwt=" + _login_token) })),
+                "body": JSON.stringify([
+                    {
+                        "operationName": null,
+                        "variables": options.variables,
+                        "extensions": {},
+                        "query": graphql_query,
+                    }
+                ]),
+            };
+            const http_response = await _wiki_js_cli.helpers.http.call(http_request);
+            const data = JSON.parse(http_response.body);
+            return Promise.resolve(data[0]["data"]);
+        }
+        /**
+         */
+        async function call_finalize(admin_email, admin_password, site_url, telemetry) {
+            const http_request = {
+                "target": (_wiki_js_cli.conf.get().api.url_base + "/finalize"),
+                "method": "POST",
+                "headers": {
+                    "Content-Type": "application/json",
+                },
+                "body": JSON.stringify({
+                    "adminEmail": admin_email,
+                    "adminPassword": admin_password,
+                    "adminPasswordConfirm": admin_password,
+                    "siteUrl": site_url,
+                    "telemetry": telemetry,
+                }),
+            };
+            const http_response = await _wiki_js_cli.helpers.http.call(http_request);
+            const data = JSON.parse(http_response.body);
+            return Promise.resolve(undefined);
+        }
+        api.call_finalize = call_finalize;
+        /**
+         * executes a local login
+         */
+        async function call_login_local(username, password) {
+            _wiki_js_cli.helpers.log.write("info", "api_call_login_local", {});
+            return (call_generic_graphql("mutation ($username: String!, $password: String!, $strategy: String!) {authentication {login(username: $username, password: $password, strategy: $strategy) {responseResult {succeeded errorCode slug message __typename} jwt mustChangePwd mustProvideTFA mustSetupTFA continuationToken redirect tfaQRImage __typename} __typename}}", {
+                "variables": {
+                    "strategy": "local",
+                    "username": username,
+                    "password": password,
+                }
+            })
+                .then((data) => {
+                if (data["authentication"]["login"]["responseResult"]["succeeded"]) {
+                    _login_token = data["authentication"]["login"]["jwt"];
+                    return Promise.resolve(undefined);
+                }
+                else {
+                    return Promise.reject(new Error("login failed"));
+                }
+            }));
+        }
+        api.call_login_local = call_login_local;
+        /**
+         */
+        function call_email_settings_set(settings) {
+            _wiki_js_cli.helpers.log.write("info", "api_call_email_settings_set", {
+                "settings": settings,
+            });
+            return (call_generic_graphql("mutation ($senderName: String!, $senderEmail: String!, $host: String!, $port: Int!, $name: String!, $secure: Boolean!, $verifySSL: Boolean!, $user: String!, $pass: String!, $useDKIM: Boolean!, $dkimDomainName: String!, $dkimKeySelector: String!, $dkimPrivateKey: String!) {mail {updateConfig(senderName: $senderName, senderEmail: $senderEmail, host: $host, port: $port, name: $name, secure: $secure, verifySSL: $verifySSL, user: $user, pass: $pass, useDKIM: $useDKIM, dkimDomainName: $dkimDomainName, dkimKeySelector: $dkimKeySelector, dkimPrivateKey: $dkimPrivateKey) {responseResult {succeeded errorCode slug message __typename} __typename} __typename}}", {
+                "variables": {
+                    "senderName": settings.sender_name,
+                    "senderEmail": settings.sender_email_address,
+                    "host": settings.smtp_host,
+                    "port": settings.smtp_port,
+                    "name": settings.name,
+                    "secure": settings.secure,
+                    "verifySSL": settings.verify_ssl,
+                    "user": settings.smtp_username,
+                    "pass": settings.smtp_password,
+                    "useDKIM": settings.use_dkim,
+                    "dkimDomainName": settings.dkim_domain_name,
+                    "dkimKeySelector": settings.dkim_key_selector,
+                    "dkimPrivateKey": settings.dkim_private_key,
+                }
+            }));
+        }
+        api.call_email_settings_set = call_email_settings_set;
+        /**
+         */
+        function call_locale_download(locale) {
+            _wiki_js_cli.helpers.log.write("info", "api_call_locale_download", {
+                "locale": locale,
+            });
+            return (call_generic_graphql("mutation ($locale: String!) {localization {downloadLocale(locale: $locale) {responseResult {succeeded errorCode slug message __typename} __typename}__typename}}", {
+                "variables": {
+                    "locale": locale,
+                }
+            }));
+        }
+        api.call_locale_download = call_locale_download;
+        /**
+         */
+        function call_group_list(name) {
+            _wiki_js_cli.helpers.log.write("info", "api_call_group_list", {});
+            return (call_generic_graphql("{groups {list {id name isSystem userCount createdAt updatedAt __typename} __typename}}", {
+                "variables": {}
+            }));
+        }
+        api.call_group_list = call_group_list;
+        /**
+         */
+        function call_group_create(name) {
+            _wiki_js_cli.helpers.log.write("info", "api_call_group_create", {
+                "name": name,
+            });
+            return (call_generic_graphql("mutation ($name: String!) {groups {create(name: $name) {responseResult {succeeded errorCode slug message __typename} group {id name createdAt updatedAt __typename} __typename} __typename}}", {
+                "variables": {
+                    "name": name,
+                }
+            }));
+        }
+        api.call_group_create = call_group_create;
+        /**
+         * @param permissions_general {
+         *     Array<
+         *         string
+         *     >
+         * }
+         * @param permissions_page_specific {
+         *     Array<
+         *         {
+         *             id:string;
+         *             path:string;
+         *             roles:Array<
+         *                 string
+         *             >;
+         *             match:string;
+         *             deny:boolean;
+         *             locales:Array<
+         *                 string
+         *             >;
+         *         }
+         *     >
+         * }
+         */
+        function call_group_update(group_id, name, permissions_general, permissions_page_specific) {
+            _wiki_js_cli.helpers.log.write("info", "api_call_group_update", {});
+            return (call_generic_graphql("mutation ($id: Int!, $name: String!, $redirectOnLogin: String!, $permissions: [String]!, $pageRules: [PageRuleInput]!) {groups {update(id: $id, name: $name, redirectOnLogin: $redirectOnLogin, permissions: $permissions, pageRules: $pageRules) {responseResult {succeeded errorCode slug message __typename} __typename} __typename}}", {
+                "variables": {
+                    "id": group_id,
+                    "name": name,
+                    "redirectOnLogin": "/",
+                    "permissions": permissions_general,
+                    "pageRules": permissions_page_specific,
+                }
+            }));
+        }
+        api.call_group_update = call_group_update;
+        /**
+         */
+        function call_authentication_strategy_list() {
+            _wiki_js_cli.helpers.log.write("info", "api_call_authentication_strategy_list", {});
+            return (call_generic_graphql("{authentication {activeStrategies {key strategy {key title description useForm logo website __typename} config {key value __typename} order isEnabled displayName selfRegistration domainWhitelist autoEnrollGroups __typename} __typename}}", {})
+                .then((data) => Promise.resolve(data["authentication"]["activeStrategies"])));
+        }
+        api.call_authentication_strategy_list = call_authentication_strategy_list;
+        /**
+         */
+        function call_authentication_strategy_set(strategies) {
+            _wiki_js_cli.helpers.log.write("info", "api_call_authentication_strategy_set", {
+                "strategies": strategies,
+            });
+            return (call_generic_graphql("mutation ($strategies: [AuthenticationStrategyInput]!) {authentication {updateStrategies(strategies: $strategies) {responseResult {succeeded errorCode slug message __typename} __typename} __typename}}", {
+                "variables": {
+                    "strategies": strategies,
+                }
+            }));
+        }
+        api.call_authentication_strategy_set = call_authentication_strategy_set;
+        /**
+         */
+        function call_theming_set(dark_mode, toc_position) {
+            _wiki_js_cli.helpers.log.write("info", "api_call_theming_set", {
+                "dark_mode": dark_mode,
+                "toc_position": toc_position,
+            });
+            return (call_generic_graphql("mutation ($theme: String!, $iconset: String!, $darkMode: Boolean!, $tocPosition: String, $injectCSS: String, $injectHead: String, $injectBody: String) {theming {setConfig(theme: $theme, iconset: $iconset, darkMode: $darkMode, tocPosition: $tocPosition, injectCSS: $injectCSS, injectHead: $injectHead, injectBody: $injectBody) {responseResult {succeeded errorCode slug message __typename} __typename} __typename}}", {
+                "variables": {
+                    "theme": "default",
+                    "iconset": "mdi",
+                    "darkMode": dark_mode,
+                    "tocPosition": "left",
+                    "injectCSS": "",
+                    "injectHead": "",
+                    "injectBody": ""
+                }
+            }));
+        }
+        api.call_theming_set = call_theming_set;
+    })(api = _wiki_js_cli.api || (_wiki_js_cli.api = {}));
+})(_wiki_js_cli || (_wiki_js_cli = {}));
+var _wiki_js_cli;
+(function (_wiki_js_cli) {
+    var logic;
+    (function (logic) {
+        /**
+         */
+        async function login(options = {}) {
+            options = Object.assign({
+                "username": _wiki_js_cli.conf.get().login.username,
+                "password": _wiki_js_cli.conf.get().login.password,
+            }, options);
+            await _wiki_js_cli.api.call_login_local(options.username, options.password);
+            return Promise.resolve(undefined);
+        }
+        logic.login = login;
+        /**
+         */
+        async function initialize(admin_email_address, admin_password, options = {}) {
+            options = Object.assign({
+                "site_url": "http://localhost:3000",
+                "allow_telemetry": false,
+            }, options);
+            await _wiki_js_cli.api.call_finalize(admin_email_address, admin_password, options.site_url, options.allow_telemetry);
+            return Promise.resolve(undefined);
+        }
+        logic.initialize = initialize;
+        /**
+         */
+        async function email_settings_set(smtp_host, smtp_port, smtp_username, smtp_password, sender_name, sender_email_address, options = {}) {
+            options = Object.assign({}, options);
+            const result = await _wiki_js_cli.api.call_email_settings_set({
+                "sender_name": sender_name,
+                "sender_email_address": sender_email_address,
+                "smtp_host": smtp_host,
+                "smtp_port": smtp_port,
+                "secure": true,
+                "verify_ssl": true,
+                "smtp_username": smtp_username,
+                "smtp_password": smtp_password,
+                "name": "",
+                "use_dkim": false,
+                "dkim_domain_name": "",
+                "dkim_key_selector": "",
+                "dkim_private_key": "",
+            });
+            return Promise.resolve(undefined);
+        }
+        logic.email_settings_set = email_settings_set;
+        /**
+         */
+        async function locale_add(locale_code) {
+            _wiki_js_cli.api.call_locale_download(locale_code);
+            return Promise.resolve(undefined);
+        }
+        logic.locale_add = locale_add;
+        /**
+         */
+        async function group_identify(name) {
+            const data = await _wiki_js_cli.api.call_group_list(name);
+            const hits = (data["groups"]["list"]
+                .filter((entry) => (entry["name"] === name)));
+            if (hits.length !== 1) {
+                return Promise.reject(new Error("not found or ambiguous"));
+            }
+            else {
+                return Promise.resolve(hits[0]["id"]);
+            }
+        }
+        logic.group_identify = group_identify;
+        /**
+         * returns the ID of the generated group
+         */
+        async function group_add(name, options = {}) {
+            options = Object.assign({
+                "permissions_general": [],
+                "permissions_specific": [],
+            }, options);
+            const result_1 = await _wiki_js_cli.api.call_group_create(name);
+            const id = result_1["groups"]["create"]["group"]["id"];
+            const result_2 = await _wiki_js_cli.api.call_group_update(id, name, options.permissions_general, options.permissions_specific);
+            return Promise.resolve(id);
+        }
+        logic.group_add = group_add;
+        /**
+         */
+        async function group_modify(id, options = {}) {
+            options = Object.assign({
+                "permissions_general": [],
+                "permissions_specific": [],
+            }, options);
+            const result = await _wiki_js_cli.api.call_group_update(id, name, options.permissions_general, options.permissions_specific);
+            return Promise.resolve(undefined);
+        }
+        logic.group_modify = group_modify;
+        /**
+         */
+        async function authentication_strategy_list() {
+            const result = await _wiki_js_cli.api.call_authentication_strategy_list();
+            return Promise.resolve(result);
+        }
+        logic.authentication_strategy_list = authentication_strategy_list;
+        /**
+         */
+        async function authentication_strategy_add(strategy) {
+            const current = await _wiki_js_cli.api.call_authentication_strategy_list();
+            const result = await _wiki_js_cli.api.call_authentication_strategy_set(((current
+                .map((entry) => ({
+                "key": entry["key"],
+                "strategyKey": entry["strategy"]["key"],
+                "displayName": entry["displayName"],
+                "order": entry["order"],
+                "isEnabled": entry["isEnabled"],
+                "config": (entry["config"]
+                    .map((item) => ({
+                    "key": item["key"],
+                    "value": JSON.stringify({ "v": JSON.parse(item["value"])["value"] }),
+                }))),
+                "selfRegistration": entry["selfRegistration"],
+                "domainWhitelist": entry["domainWhitelist"],
+                "autoEnrollGroups": entry["autoEnrollGroups"],
+            })))
+                .concat([
+                {
+                    "key": strategy.key,
+                    "strategyKey": "oauth2",
+                    "displayName": strategy.name,
+                    "order": ((current
+                        .map(x => x["order"])
+                        .reduce((x, y) => (((x === null) || (x < y)) ? y : x), null))
+                        +
+                            1),
+                    "isEnabled": true,
+                    "config": [
+                        {
+                            "key": "clientId",
+                            "value": JSON.stringify({ "v": strategy.client_id }),
+                        },
+                        {
+                            "key": "clientSecret",
+                            "value": JSON.stringify({ "v": strategy.client_secret }),
+                        },
+                        {
+                            "key": "authorizationURL",
+                            "value": JSON.stringify({ "v": strategy.authorization_url }),
+                        },
+                        {
+                            "key": "tokenURL",
+                            "value": JSON.stringify({ "v": strategy.token_url }),
+                        },
+                        {
+                            "key": "userInfoURL",
+                            "value": JSON.stringify({ "v": strategy.user_info_url }),
+                        },
+                        {
+                            "key": "userIdClaim",
+                            "value": JSON.stringify({ "v": "id" }),
+                        },
+                        {
+                            "key": "displayNameClaim",
+                            "value": JSON.stringify({ "v": "name" }),
+                        },
+                        {
+                            "key": "emailClaim",
+                            "value": JSON.stringify({ "v": "email" }),
+                        },
+                        {
+                            "key": "mapGroups",
+                            "value": JSON.stringify({ "v": false }),
+                        },
+                        {
+                            "key": "groupsClaim",
+                            "value": JSON.stringify({ "v": "groups" }),
+                        },
+                        {
+                            "key": "logoutURL",
+                            "value": JSON.stringify({ "v": "" }),
+                        },
+                        {
+                            "key": "scope",
+                            "value": JSON.stringify({ "v": "openid profile email" }),
+                        },
+                        {
+                            "key": "useQueryStringForAccessToken",
+                            "value": JSON.stringify({ "v": false }),
+                        },
+                        {
+                            "key": "enableCSRFProtection",
+                            "value": JSON.stringify({ "v": true }),
+                        }
+                    ],
+                    "selfRegistration": true,
+                    "domainWhitelist": [],
+                    "autoEnrollGroups": await Promise.all(strategy.group_assignments
+                        .map(x => group_identify(x))),
+                },
+            ])));
+            return Promise.resolve(undefined);
+        }
+        logic.authentication_strategy_add = authentication_strategy_add;
+        /**
+         */
+        async function theming_set(options = {}) {
+            options = Object.assign({
+                "dark_mode": false,
+                "toc_position": "left",
+            }, options);
+            const result = await _wiki_js_cli.api.call_theming_set(options.dark_mode, options.toc_position);
+            return Promise.resolve(result);
+        }
+        logic.theming_set = theming_set;
+    })(logic = _wiki_js_cli.logic || (_wiki_js_cli.logic = {}));
+})(_wiki_js_cli || (_wiki_js_cli = {}));
+var _wiki_js_cli;
+(function (_wiki_js_cli) {
+    /**
+     */
+    async function main(args_raw) {
+        // args
+        const args = _wiki_js_cli.helpers.args.parse(args_raw);
+        const override_url_base = ((("b" in args.volatile)
+            &&
+                (args.volatile["b"].length >= 0))
+            ?
+                args.volatile["b"][0]
+            :
+                null);
+        const override_username = ((("u" in args.volatile)
+            &&
+                (args.volatile["u"].length >= 0))
+            ?
+                args.volatile["u"][0]
+            :
+                null);
+        const override_password = ((("p" in args.volatile)
+            &&
+                (args.volatile["p"].length >= 0))
+            ?
+                args.volatile["p"][0]
+            :
+                null);
+        const override_log_level = ((("l" in args.volatile)
+            &&
+                (args.volatile["l"].length >= 0))
+            ?
+                args.volatile["l"][0]
+            :
+                null);
+        // conf
+        const conf_path = ((("c" in args.volatile)
+            &&
+                (args.volatile["c"].length >= 0))
+            ?
+                args.volatile["c"][0]
+            :
+                null);
+        await _wiki_js_cli.conf.load(conf_path);
+        _wiki_js_cli.helpers.log.write("debug", "conf", _wiki_js_cli.conf.get());
+        // init
+        _wiki_js_cli.helpers.log.setup(override_log_level ?? _wiki_js_cli.conf.get().log.threshold);
+        await _wiki_js_cli.api.init((override_url_base ?? _wiki_js_cli.conf.get().api.url_base));
+        // exec
+        if (args.positional.length < 1) {
+            return Promise.reject("SYNTAX: [node] cli.js [-c <conf-path>] [-b <api-url-base>] [-u <login-username>] [-p <login-password>] <action> [<arg-1> [<arg-2> […]]]\n\n\t<action> = init | email-settings-set | locale-add | group-add | group-modify | auth-strat-add-oauth2 | theming-set");
+        }
+        else {
+            const action = args.positional[0];
+            switch (action) {
+                default: {
+                    return Promise.reject("invalid action: " + action);
+                    break;
+                }
+                case "init": {
+                    if (args.positional.length <= 2) {
+                        return Promise.reject("SYNTAX: … init <admin-email-address> <admin-password> [<site-url> [<allow-telemetry>]]");
+                    }
+                    else {
+                        await _wiki_js_cli.logic.initialize(args.positional[1], args.positional[2], {
+                            "site_url": ((args.positional.length >= 4)
+                                ?
+                                    args.positional[3]
+                                :
+                                    undefined),
+                            "allow_telemetry": ((args.positional.length >= 5)
+                                ?
+                                    (args.positional[4] === "1")
+                                :
+                                    undefined),
+                        });
+                        return Promise.resolve(undefined);
+                    }
+                    break;
+                }
+                case "email-settings-set": {
+                    if (args.positional.length <= 6) {
+                        return Promise.reject("SYNTAX: … email-settings-set <smtp-host> <smtp-port> <smtp-username> <smtp-password> <sender-name> <sender-email-address>");
+                    }
+                    else {
+                        await _wiki_js_cli.logic.login({
+                            "username": override_username,
+                            "password": override_password,
+                        });
+                        await _wiki_js_cli.logic.email_settings_set(args.positional[1], parseInt(args.positional[2]), args.positional[3], args.positional[4], args.positional[5], args.positional[6], {});
+                        return Promise.resolve(undefined);
+                    }
+                    break;
+                }
+                case "locale-add": {
+                    if (args.positional.length <= 1) {
+                        return Promise.reject("SYNTAX: … locale-add <locale-code>");
+                    }
+                    else {
+                        await _wiki_js_cli.logic.login({
+                            "username": override_username,
+                            "password": override_password,
+                        });
+                        await _wiki_js_cli.logic.locale_add(args.positional[1]);
+                        return Promise.resolve(undefined);
+                    }
+                    break;
+                }
+                case "group-add": {
+                    if (args.positional.length <= 1) {
+                        return Promise.reject("SYNTAX: … group-add <name> [<permission-1> [<permission-2> [<permission-3> […]]]]");
+                    }
+                    else {
+                        const name = args.positional[1];
+                        const permissions = args.positional.slice(2);
+                        await _wiki_js_cli.logic.login({
+                            "username": override_username,
+                            "password": override_password,
+                        });
+                        const result = await _wiki_js_cli.logic.group_add(name, {
+                            "permissions_general": permissions,
+                            "permissions_specific": [
+                                {
+                                    "id": "default",
+                                    "path": "",
+                                    "roles": permissions,
+                                    "match": "START",
+                                    "deny": false,
+                                    "locales": []
+                                }
+                            ],
+                        });
+                        process.stdout.write(JSON.stringify(result, undefined, "\t")
+                            +
+                                "\n");
+                    }
+                    break;
+                }
+                case "group-modify": {
+                    if (args.positional.length <= 2) {
+                        return Promise.reject("SYNTAX: … group-modify <name> [<permission-1> [<permission-2> [<permission-3> […]]]]");
+                    }
+                    else {
+                        const name = args.positional[1];
+                        const permissions = args.positional.slice(2);
+                        const id = await _wiki_js_cli.logic.group_identify(name);
+                        await _wiki_js_cli.logic.login({
+                            "username": override_username,
+                            "password": override_password,
+                        });
+                        const result = await _wiki_js_cli.logic.group_modify(id, {
+                            "permissions_general": permissions,
+                            "permissions_specific": [
+                                {
+                                    "id": "default",
+                                    "path": "",
+                                    "roles": permissions,
+                                    "match": "START",
+                                    "deny": false,
+                                    "locales": []
+                                }
+                            ],
+                        });
+                    }
+                    break;
+                }
+                case "auth-strat-add-oauth2": {
+                    if (args.positional.length <= 7) {
+                        return Promise.reject("SYNTAX: … auth-strat-add-oauth2 <strategy-key> <strategy-name> <strategy-client-id> <strategy-client-secret> <strategy-authorization-url> <strategy-token-url> <strategy-user-info-url> [<group-assignment-1> [<group-assignment-2> [<group-assignment-3> […]]]]");
+                    }
+                    else {
+                        await _wiki_js_cli.logic.login({
+                            "username": override_username,
+                            "password": override_password,
+                        });
+                        await _wiki_js_cli.logic.authentication_strategy_add({
+                            "key": args.positional[1],
+                            "name": args.positional[2],
+                            "client_id": args.positional[3],
+                            "client_secret": args.positional[4],
+                            "authorization_url": args.positional[5],
+                            "token_url": args.positional[6],
+                            "user_info_url": args.positional[7],
+                            "group_assignments": args.positional.slice(8),
+                        });
+                        return Promise.resolve(undefined);
+                    }
+                    break;
+                }
+                case "theming-set": {
+                    if (args.positional.length <= 1) {
+                        return Promise.reject("SYNTAX: … theming-set <dark-mode> [<toc-position>]");
+                    }
+                    else {
+                        await _wiki_js_cli.logic.login({
+                            "username": override_username,
+                            "password": override_password,
+                        });
+                        await _wiki_js_cli.logic.theming_set({
+                            "dark_mode": (args.positional[1] === "1"),
+                            "toc_position": ((args.positional.length <= 2)
+                                ?
+                                    "left"
+                                :
+                                    ((args.positional[2] === "right")
+                                        ?
+                                            "right"
+                                        :
+                                            "left")),
+                        });
+                        return Promise.resolve(undefined);
+                    }
+                    break;
+                }
+            }
+        }
+    }
+    _wiki_js_cli.main = main;
+})(_wiki_js_cli || (_wiki_js_cli = {}));
+(_wiki_js_cli.main(process.argv.slice(2))
+    .then(() => {
+})
+    .catch((reason) => {
+    process.stderr.write("-- " + String(reason) + "\n");
+}));
diff --git a/roles/wiki_js/tasks/main.json b/roles/wiki_js/tasks/main.json
index 9c5ecfd..2572af3 100644
--- a/roles/wiki_js/tasks/main.json
+++ b/roles/wiki_js/tasks/main.json
@@ -52,10 +52,9 @@
 	{
 		"name": "cli client",
 		"become": true,
-		"become_user": "{{var_wiki_js_user}}",
 		"ansible.builtin.copy": {
-			"src": "cli.js",
-			"dest": "{{var_wiki_js_directory}}/cli.js",
+			"src": "wiki-js-cli",
+			"dest": "/usr/local/bin/wiki-js-cli",
 			"mode": "0700"
 		}
 	},