From 1756babbc2182864d90bec5dd90740098d295cbd Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Thu, 27 Feb 2025 15:28:43 +0100 Subject: [PATCH] Implemented Nextcloud Plugin Routine --- group_vars/all/07_applications.yml | 236 ++++++++++++++++-- roles/docker-nextcloud/handlers/main.yml | 2 +- roles/docker-nextcloud/tasks/ldap.yml | 12 +- .../tasks/legacy_login_mask.yml | 4 +- roles/docker-nextcloud/tasks/main.yml | 14 +- roles/docker-nextcloud/tasks/oidc_login.yml | 12 +- roles/docker-nextcloud/tasks/plugin.yml | 14 ++ roles/docker-nextcloud/tasks/sociallogin.yml | 19 +- .../templates/docker-compose.yml.j2 | 4 +- roles/docker-nextcloud/vars/main.yml | 4 +- roles/nginx-https-get-cert/tasks/main.yml | 4 +- .../templates/global.css.j2 | 4 + 12 files changed, 262 insertions(+), 67 deletions(-) create mode 100644 roles/docker-nextcloud/tasks/plugin.yml diff --git a/group_vars/all/07_applications.yml b/group_vars/all/07_applications.yml index e76ad056..6f6dcaac 100644 --- a/group_vars/all/07_applications.yml +++ b/group_vars/all/07_applications.yml @@ -10,28 +10,34 @@ docker_restart_policy: "unless-stopped" # Keep in mind, that this configuration should in general just apply to the roles which set the applications up. # If other applications depend on this variables, propably it makes sense to define it in e.g. IMA or other variable files. +# helper +_applications_nextcloud_ldap_enabled: "{{ applications.nextcloud.ldap.enabled | default(true) }}" +_applications_nextcloud_oidc_enabled: "{{ applications.nextcloud.oidc.enabled | default(true) }}" +_applications_nextcloud_oidc_flavor: "{{ applications.nextcloud.oidc.flavor | default('oidc_login' if _applications_nextcloud_ldap_enabled else 'sociallogin') }}" + + defaults_applications: ## Akaunting akaunting: - version: "latest" - company_name: "{{primary_domain}}" - company_email: "{{users.administrator.email}}" - setup_admin_email: "{{users.administrator.email}}" + version: "latest" + company_name: "{{primary_domain}}" + company_email: "{{users.administrator.email}}" + setup_admin_email: "{{users.administrator.email}}" database: - central_storage: True + central_storage: True ## Attendize attendize: - version: "latest" + version: "latest" database: - central_storage: True + central_storage: True ## Baserow baserow: - version: "latest" + version: "latest" database: - central_storage: True + central_storage: True ## Big Blue Button bigbluebutton: @@ -245,28 +251,222 @@ defaults_applications: ## Nextcloud nextcloud: - version: "production" # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/ + version: "production" # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/ ldap: - enabled: True # Enables LDAP by default + enabled: True # Enables LDAP by default oidc: - enabled: true # Activate OIDC for Nextcloud + enabled: "{{ _applications_nextcloud_oidc_enabled }}" # Activate OIDC for Nextcloud # floavor decides which OICD plugin should be used. # Available options: oidc_login, sociallogin # @see https://apps.nextcloud.com/apps/oidc_login # @see https://apps.nextcloud.com/apps/sociallogin - flavor: "oidc_login" # Keeping on sociallogin because the other option is not implemented yet - force_import: False # Forces the import of the LDIF files + flavor: "oidc_login" # Keeping on sociallogin because the other option is not implemented yet + force_import: False # Forces the import of the LDIF files database: - central_storage: True # Activate Central Database Storage + central_storage: True # Activate Central Database Storage credentials: -# database_password: Null # Needs to be set in inventory file +# database_password: Null # Needs to be set in inventory file users: administrator: username: "{{users.administrator.username}}" initial_password: "{{users.administrator.initial_password}}" - default_quota: '1000000000' # Quota to assign if no quota is specified in the OIDC response (bytes) + default_quota: '1000000000' # Quota to assign if no quota is specified in the OIDC response (bytes) legacy_login_mask: - enabled: False # If true, then legacy login mask is shown. Otherwise just SSO + enabled: False # If true, then legacy login mask is shown. Otherwise just SSO + container: + application: "nextcloud-application" # Nextcloud application container name + proxy: "nextcloud-web" # Nextcloud Proxy Container Name + plugins: + # List for Nextcloud Plugin Routine + # Decides if plugins should be activated or deactivated + appointments: + # Nextcloud appointments: handles scheduling and appointment management (https://apps.nextcloud.com/apps/appointments) + enabled: true + bbb: + # Nextcloud BigBlueButton integration: enables video conferencing using BigBlueButton (https://apps.nextcloud.com/apps/bbb) + enabled: "{{ 'bigbluebutton' in group_names | lower }}" + #- bookmarks + # # Nextcloud Bookmarks: manage and share your bookmarks easily (https://apps.nextcloud.com/apps/bookmarks) + # enabled: false + calendar: + # Nextcloud calendar: manages calendar events and scheduling (https://apps.nextcloud.com/apps/calendar) + enabled: true + cfg_share_links: + # Nextcloud share links configuration: customizes sharing settings and link options (https://apps.nextcloud.com/apps/cfg_share_links) + enabled: true + collectives: + # Nextcloud collectives: supports collaborative group management and sharing (https://apps.nextcloud.com/apps/collectives) + enabled: true + contacts: + # Nextcloud contacts: manages address book and contact information (https://apps.nextcloud.com/apps/contacts) + enabled: true + cospend: + # Nextcloud cospend: manages shared expenses and spending tracking (https://apps.nextcloud.com/apps/cospend) + enabled: true + deck: + # Nextcloud Deck: organizes tasks and projects using Kanban boards (https://apps.nextcloud.com/apps/deck) + enabled: true + drawio: + # Nextcloud draw.io: integrates diagram creation and editing tools (https://apps.nextcloud.com/apps/drawio) + enabled: true + duplicatefinder: + # Nextcloud duplicate finder: scans and identifies duplicate files (https://apps.nextcloud.com/apps/duplicatefinder) + enabled: true + emlviewer: + # Nextcloud EML Viewer: previews and manages EML email files (https://apps.nextcloud.com/apps/emlviewer) + enabled: true + event_update_notification: + # Nextcloud event update notification: sends alerts when events are updated (https://apps.nextcloud.com/apps/event_update_notification) + enabled: true + epubviewer: + # Nextcloud EPUB Viewer: enables reading and previewing EPUB e-books (https://apps.nextcloud.com/apps/epubviewer) + enabled: true + external: + # Nextcloud External: Adds links to external services (https://apps.nextcloud.com/apps/external) + enabled: true + #files_accesscontrol + # # Nextcloud Files Access Control: restricts file access based on defined rules (https://apps.nextcloud.com/apps/files_accesscontrol) + # enabled: false + #files_archive + # # Nextcloud Files Archive: compresses and archives files for efficient storage (https://apps.nextcloud.com/apps/files_archive) + # enabled: false + #files_automatedtagging + # # Nextcloud Files Automated Tagging: automatically tags files to improve organization (https://apps.nextcloud.com/apps/files_automatedtagging) + # enabled: false + files_bpm: + # Nextcloud Files BPM: integrates business process management for file workflows (https://apps.nextcloud.com/apps/files_bpm) + enabled: true + files_downloadactivity: + # Nextcloud Files Download Activity: tracks and logs file download events (https://apps.nextcloud.com/apps/files_downloadactivity) + enabled: true + files_linkeditor: + # Nextcloud files link editor: allows customization of shared file links (https://apps.nextcloud.com/apps/files_linkeditor) + enabled: true + files_mindmap: + # Nextcloud Files Mindmap: visualizes file relationships as mind maps (https://apps.nextcloud.com/apps/files_mindmap) + enabled: true + files_texteditor: + # Nextcloud Files Text Editor: provides an online editor for text files (https://apps.nextcloud.com/apps/files_texteditor) + # Not available for Nextcloud < 27 + enabled: false + fileslibreofficeedit: + # Nextcloud LibreOffice integration: allows online editing of documents with LibreOffice (https://apps.nextcloud.com/apps/fileslibreofficeedit) + enabled: true + forms: + # Nextcloud forms: facilitates creation of forms and surveys (https://apps.nextcloud.com/apps/forms) + enabled: true + gestion: + # Nextcloud Gestion: manages administrative tasks and workflows (https://apps.nextcloud.com/apps/gestion) + enabled: true + groupfolders: + # Nextcloud Group Folders: centralizes shared folders for group collaboration (https://apps.nextcloud.com/apps/groupfolders) + enabled: true + gpxpod: + # Nextcloud GPX pod: visualizes GPS tracks and GPX data (https://apps.nextcloud.com/apps/gpxpod) + enabled: true + integration_discourse: + # Nextcloud Integration Discourse: connects Nextcloud with Discourse forums (https://apps.nextcloud.com/apps/integration_discourse) + enabled: false + integration_gitlab: + # Nextcloud Integration GitLab: connects Nextcloud with GitLab repositories (https://apps.nextcloud.com/apps/integration_gitlab) + enabled: "{{ 'gitlab' in group_names in group_names | lower }}" + integration_github: + # Nextcloud Integration GitHub: integrates GitHub repositories with Nextcloud (https://apps.nextcloud.com/apps/integration_github) + enabled: false + integration_google: + # Nextcloud Integration Google: connects Google services with Nextcloud (https://apps.nextcloud.com/apps/integration_google) + enabled: true + integration_mastodon: + # Nextcloud Integration Mastodon: connects Nextcloud with the Mastodon social network (https://apps.nextcloud.com/apps/integration_mastodon) + enabled: "{{ 'mastodon' in group_names | lower }}" + integration_openai: + # Nextcloud Integration OpenAI: brings OpenAI functionalities into Nextcloud (https://apps.nextcloud.com/apps/integration_openai) + enabled: false + integration_openproject: + # Nextcloud Integration OpenProject: integrates project management features from OpenProject (https://apps.nextcloud.com/apps/integration_openproject) + enabled: "{{ 'openproject' in group_names | lower }}" + integration_peertube: + # Nextcloud Integration PeerTube: connects to PeerTube for video sharing (https://apps.nextcloud.com/apps/integration_peertube) + enabled: "{{ 'peertube' in group_names | lower }}" + #keeweb + # # Nextcloud KeeWeb: integrates the KeeWeb password manager within Nextcloud (https://apps.nextcloud.com/apps/keeweb) + # # This isn't maintained anymore. The alternatives don't support keepass files + # enabled: false + keeporsweep: + # Nextcloud keep or sweep: helps manage and clean up files and data (https://apps.nextcloud.com/apps/keeporsweep) + enabled: true + mail: + # Nextcloud mail: integrated email client for managing mail accounts (https://apps.nextcloud.com/apps/mail) + enabled: true + maps: + # Nextcloud maps: provides mapping and location services integration (https://apps.nextcloud.com/apps/maps) + enabled: true + metadata: + # Nextcloud Metadata: manages and displays file metadata for enhanced organization (https://apps.nextcloud.com/apps/metadata) + enabled: true + news: + # Nextcloud News: aggregates and displays news feeds directly in Nextcloud (https://apps.nextcloud.com/apps/news) + enabled: true + oidc_login: + # Nextcloud User OIDC: integrates OpenID Connect for user authentication (https://apps.nextcloud.com/apps/oidc_login) + enabled: "{{ _applications_nextcloud_oidc_flavor=='oidc_login' | lower }}" + incompatible_plugins: + - user_oidc # Will be disabled + - sociallogin # Will be disabled + phonetrack: + # Nextcloud phone track: tracks and monitors mobile device usage (https://apps.nextcloud.com/apps/phonetrack) + enabled: true + polls: + # Nextcloud polls: facilitates creation and management of user polls (https://apps.nextcloud.com/apps/polls) + enabled: true + quota_warning: + # Nextcloud quota warning: notifies users when storage limits are reached (https://apps.nextcloud.com/apps/quota_warning) + enabled: true + recognize: + # Nextcloud recognize: performs image recognition tasks (https://apps.nextcloud.com/apps/recognize) + enabled: true + richdocuments: + # Nextcloud Rich Documents: provides collaborative document editing capabilities (https://apps.nextcloud.com/apps/richdocuments) + enabled: true + sociallogin: + # Nextcloud social login: allows authentication using social networks (https://apps.nextcloud.com/apps/sociallogin) + enabled: "{{ _applications_nextcloud_oidc_flavor=='sociallogin' | lower }}" + incompatible_plugins: + - user_oidc # Will be disabled + - oidc_login # Will be disabled + spreed: + # Nextcloud Spreed: offers video conferencing and chat functionalities (https://apps.nextcloud.com/apps/spreed) + enabled: true + tables: + # Nextcloud tables: allows creation and editing of tables within the interface (https://apps.nextcloud.com/apps/tables) + enabled: true + tasks: + # Nextcloud tasks: manages personal or group tasks and to-do lists (https://apps.nextcloud.com/apps/tasks) + enabled: true + #terms_of_service + # # Nextcloud Terms of Service: manages user acceptance of terms and conditions (https://apps.nextcloud.com/apps/terms_of_service) + # enabled: false + twofactor_backupcodes: + # Nextcloud two-factor backup codes: generates backup codes for two-factor authentication (https://apps.nextcloud.com/apps/twofactor_backupcodes) + enabled: "{{ (not _applications_nextcloud_oidc_enabled) | lower }}" # Deactivate 2FA if oidc is active + twofactor_nextcloud_notification: + # Nextcloud two-factor notification: sends notifications for two-factor authentication events (https://apps.nextcloud.com/apps/twofactor_nextcloud_notification) + enabled: "{{ (not _applications_nextcloud_oidc_enabled) | lower }}" # Deactivate 2FA if oidc is active + twofactor_totp: + # Nextcloud two-factor TOTP: provides time-based one-time password authentication (https://apps.nextcloud.com/apps/twofactor_totp) + enabled: "{{ (not _applications_nextcloud_oidc_enabled) | lower }}" # Deactivate 2FA if oidc is active + user_ldap: + # Nextcloud user LDAP: integrates LDAP for user management and authentication (https://apps.nextcloud.com/apps/user_ldap) + enabled: "{{ _applications_nextcloud_ldap_enabled | lower }}" + user_oidc: + # Nextcloud User OIDC: integrates OpenID Connect for user authentication (https://apps.nextcloud.com/apps/user_oidc) + enabled: "{{ _applications_nextcloud_oidc_flavor=='user_oidc' | lower }}" + incompatible_plugins: + - oidc_login + - sociallogin + whiteboard: + # Nextcloud Whiteboard: provides a collaborative drawing and brainstorming tool (https://apps.nextcloud.com/apps/whiteboard) + enabled: true ## OAuth2 Proxy oauth2_proxy: diff --git a/roles/docker-nextcloud/handlers/main.yml b/roles/docker-nextcloud/handlers/main.yml index ead9f208..d47215e0 100644 --- a/roles/docker-nextcloud/handlers/main.yml +++ b/roles/docker-nextcloud/handlers/main.yml @@ -1,6 +1,6 @@ --- - name: restart docker nginx service command: - cmd: "docker exec {{nextcloud_nginx_container_name}} nginx -s reload" + cmd: "docker exec {{applications.nextcloud.container.proxy}} nginx -s reload" listen: restart docker nginx service ignore_errors: true # Ignoring if container is restarting diff --git a/roles/docker-nextcloud/tasks/ldap.yml b/roles/docker-nextcloud/tasks/ldap.yml index 9d4a87b5..b500765e 100644 --- a/roles/docker-nextcloud/tasks/ldap.yml +++ b/roles/docker-nextcloud/tasks/ldap.yml @@ -1,14 +1,6 @@ # @See https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_auth_ldap.html # @See https://chatgpt.com/c/67aa2d21-cb4c-800f-b1be-8629b6bd3f55 # @todo implement - -- name: install LDAP plugin - command: "docker exec -u www-data {{nextcloud_application_container_name}} {{nextcloud_docker_path}}occ app:install user_ldap" - ignore_errors: true - -- name: Activate Nextcloud LDAP App - command: "docker exec -u www-data {{ nextcloud_application_container_name }} php occ app:enable user_ldap" - - name: Load LDAP Nextcloud configuration variables include_vars: file: ldap.yml @@ -16,10 +8,10 @@ - name: Set Nextcloud LDAP config loop: "{{ nextcloud_ldap_configuration }}" command: > - docker exec -u www-data {{ nextcloud_application_container_name }} + docker exec -u www-data {{ applications.nextcloud.container.application }} php occ config:app:set {{ item.appid }} {{ item.configkey }} --value "{{ item.configvalue }}" - name: Set Nextcloud LDAP bind password command: > - docker exec -u www-data {{ nextcloud_application_container_name }} + docker exec -u www-data {{ applications.nextcloud.container.application }} php occ ldap:set-config s01 ldapAgentPassword "{{ ldap.bind_credential }}" diff --git a/roles/docker-nextcloud/tasks/legacy_login_mask.yml b/roles/docker-nextcloud/tasks/legacy_login_mask.yml index 0f8f9bef..632bfd26 100644 --- a/roles/docker-nextcloud/tasks/legacy_login_mask.yml +++ b/roles/docker-nextcloud/tasks/legacy_login_mask.yml @@ -1,5 +1,5 @@ - name: Set hide_login_form to true - command: "docker exec -u www-data {{nextcloud_application_container_name}} {{nextcloud_docker_path}}occ config:system:set --type boolean --value {{ (not applications[application_id].legacy_login_mask.enabled) | lower }} hide_login_form" + command: "docker exec -u www-data {{applications.nextcloud.container.application}} {{nextcloud_docker_path}}occ config:system:set --type boolean --value {{ (not applications[application_id].legacy_login_mask.enabled) | lower }} hide_login_form" - name: "Set auth.webauthn.enabled to false" - command: "docker exec -u www-data {{nextcloud_application_container_name}} {{nextcloud_docker_path}}occ config:system:set --type boolean --value {{applications[application_id].legacy_login_mask.enabled | lower}} auth.webauthn.enabled" \ No newline at end of file + command: "docker exec -u www-data {{applications.nextcloud.container.application}} {{nextcloud_docker_path}}occ config:system:set --type boolean --value {{applications[application_id].legacy_login_mask.enabled | lower}} auth.webauthn.enabled" \ No newline at end of file diff --git a/roles/docker-nextcloud/tasks/main.yml b/roles/docker-nextcloud/tasks/main.yml index f51d08d0..c799da0b 100644 --- a/roles/docker-nextcloud/tasks/main.yml +++ b/roles/docker-nextcloud/tasks/main.yml @@ -13,7 +13,7 @@ - name: Remove OIDC configuration lines from config.php if present (container) command: > - docker exec -u www-data {{ nextcloud_application_container_name }} sh -c "sed -i '/CONFIG_EXTRA = include.*oidc\.config\.php/d' /var/www/html/config/config.php && sed -i '/CONFIG = array_merge(\\$CONFIG, \\$CONFIG_EXTRA)/d' /var/www/html/config/config.php" + docker exec -u www-data {{ applications.nextcloud.container.application }} sh -c "sed -i '/CONFIG_EXTRA = include.*oidc\.config\.php/d' /var/www/html/config/config.php && sed -i '/CONFIG = array_merge(\\$CONFIG, \\$CONFIG_EXTRA)/d' /var/www/html/config/config.php" when: applications[application_id].oidc.flavor == "sociallogin" and mode_cleanup | bool - name: "include role for {{application_id}} to recieve certs & do modification routines" @@ -35,6 +35,18 @@ - name: "copy docker-compose.yml and env file" include_tasks: copy-docker-compose-and-env.yml +- name: Flush all handlers immediately so that occ can be used + meta: flush_handlers + +- name: Setup Nextcloud Plugins + include_tasks: plugin.yml + loop: "{{applications[application_id].plugins | dict2items }}" + loop_control: + loop_var: plugin_item + vars: + plugin_name: "{{ plugin_item.key }}" + plugin_configuration: "{{ plugin_item.value }}" + - name: "Include OIDC-specific tasks with flavor {{applications[application_id].oidc.flavor}}" include_tasks: "{{applications[application_id].oidc.flavor}}.yml" when: applications[application_id].oidc.enabled | bool diff --git a/roles/docker-nextcloud/tasks/oidc_login.yml b/roles/docker-nextcloud/tasks/oidc_login.yml index bc79cc86..1506fd4f 100644 --- a/roles/docker-nextcloud/tasks/oidc_login.yml +++ b/roles/docker-nextcloud/tasks/oidc_login.yml @@ -1,13 +1,3 @@ -- name: enable sociallogin plugin - command: "docker exec -u www-data {{nextcloud_application_container_name}} {{nextcloud_docker_path}}occ app:disable sociallogin" - ignore_errors: true - when: - - mode_cleanup | bool - -- name: install oidc_login plugin - command: "docker exec -u www-data {{nextcloud_application_container_name}} {{nextcloud_docker_path}}occ app:install oidc_login" - ignore_errors: true - - name: Add OIDC configuration if not implemented yet command: > - docker exec -u www-data {{ nextcloud_application_container_name }} sh -c 'grep -q "CONFIG_EXTRA = include" ./config/config.php || echo -e "\n\$CONFIG_EXTRA = include '\''{{nextcloud_docker_oidc_login_config_path}}'\'';\n\$CONFIG = array_merge(\$CONFIG, \$CONFIG_EXTRA);" >> ./config/config.php' + docker exec -u www-data {{ applications.nextcloud.container.application }} sh -c 'grep -q "CONFIG_EXTRA = include" ./config/config.php || echo -e "\n\$CONFIG_EXTRA = include '\''{{nextcloud_docker_oidc_login_config_path}}'\'';\n\$CONFIG = array_merge(\$CONFIG, \$CONFIG_EXTRA);" >> ./config/config.php' diff --git a/roles/docker-nextcloud/tasks/plugin.yml b/roles/docker-nextcloud/tasks/plugin.yml new file mode 100644 index 00000000..95ee094e --- /dev/null +++ b/roles/docker-nextcloud/tasks/plugin.yml @@ -0,0 +1,14 @@ +- name: "Disable incompatible plugins for {{plugin_name}}." + command: "docker exec -u www-data {{applications.nextcloud.container.application}} {{nextcloud_docker_path}}occ app:disable {{incompatible_plugin}}" + loop: "{{plugin_configuration.incompatible_plugins}}" + loop_control: + loop_var: incompatible_plugin + when: plugin_configuration.incompatible_plugins is defined and plugin_configuration.incompatible_plugins | length > 0 + +- name: install {{ plugin_name }} nextcloud plugin + command: "docker exec -u www-data {{ applications.nextcloud.container.application }} {{ nextcloud_docker_path }}occ app:install {{ plugin_name }}" + register: install_result + failed_when: install_result.rc != 0 and ("already installed" not in install_result.stdout) + +- name: enable {{plugin_name}} nextcloud plugin + command: "docker exec -u www-data {{applications.nextcloud.container.application}} {{nextcloud_docker_path}}occ app:enable {{plugin_name}}" \ No newline at end of file diff --git a/roles/docker-nextcloud/tasks/sociallogin.yml b/roles/docker-nextcloud/tasks/sociallogin.yml index 7f20b5ab..72794ded 100644 --- a/roles/docker-nextcloud/tasks/sociallogin.yml +++ b/roles/docker-nextcloud/tasks/sociallogin.yml @@ -1,21 +1,4 @@ # @See https://chatgpt.com/share/6798189e-9c00-800f-923c-5ce3cfbdf405 - -- name: Flush all handlers immediately so that occ can be used - meta: flush_handlers - -- name: disable oidc_login plugin - command: "docker exec -u www-data {{nextcloud_application_container_name}} {{nextcloud_docker_path}}occ app:disable oidc_login" - ignore_errors: true - when: - - mode_cleanup | bool - -- name: install sociallogin plugin - command: "docker exec -u www-data {{nextcloud_application_container_name}} {{nextcloud_docker_path}}occ app:install sociallogin" - ignore_errors: true - -- name: enable sociallogin plugin - command: "docker exec -u www-data {{nextcloud_application_container_name}} {{nextcloud_docker_path}}occ app:enable sociallogin" - - name: Load Sociallogin configuration variables include_vars: file: sociallogin.yml @@ -24,5 +7,5 @@ loop: "{{ nextcloud_sociallogin_configuration}}" # The | to_json function is necessary to escape custom_providers correct. command: > - docker exec -u www-data {{ nextcloud_application_container_name }} + docker exec -u www-data {{ applications.nextcloud.container.application }} php occ config:app:set {{ item.appid }} {{ item.configkey }} --value '{{ item.configvalue | to_json if item.configvalue is mapping else item.configvalue }}' \ No newline at end of file diff --git a/roles/docker-nextcloud/templates/docker-compose.yml.j2 b/roles/docker-nextcloud/templates/docker-compose.yml.j2 index 34b0e202..a30ed3ef 100644 --- a/roles/docker-nextcloud/templates/docker-compose.yml.j2 +++ b/roles/docker-nextcloud/templates/docker-compose.yml.j2 @@ -6,7 +6,7 @@ services: application: image: "nextcloud:{{applications.nextcloud.version}}-fpm-alpine" - container_name: {{nextcloud_application_container_name}} + container_name: {{applications.nextcloud.container.application}} volumes: - data:{{nextcloud_docker_path}} {% if applications[application_id].oidc.flavor == "oidc_login" %} @@ -24,7 +24,7 @@ services: web: image: nginx:alpine - container_name: {{nextcloud_nginx_container_name}} + container_name: {{applications.nextcloud.container.proxy}} logging: driver: journald restart: {{docker_restart_policy}} diff --git a/roles/docker-nextcloud/vars/main.yml b/roles/docker-nextcloud/vars/main.yml index 30479fae..d8319c82 100644 --- a/roles/docker-nextcloud/vars/main.yml +++ b/roles/docker-nextcloud/vars/main.yml @@ -2,11 +2,9 @@ application_id: "nextcloud" database_password: "{{applications.nextcloud.credentials.database_password}}" database_type: "mariadb" -nextcloud_application_container_name: "nextcloud-application" -nextcloud_nginx_container_name: "nextcloud-web" nextcloud_config_file_host_path: "/var/lib/docker/volumes/nextcloud_data/_data/config/config.php" domain: "{{domains[application_id]}}" http_port: "{{ ports.localhost.http[application_id] }}" nextcloud_docker_path: "/var/www/html/" nextcloud_docker_oidc_login_config_path: "{{nextcloud_docker_path}}config/oidc.config.php" -nextcloud_host_oidc_login_path: "{{docker_compose.directories.volumes}}/oidc.config.php" \ No newline at end of file +nextcloud_host_oidc_login_path: "{{docker_compose.directories.volumes}}/oidc.config.php" diff --git a/roles/nginx-https-get-cert/tasks/main.yml b/roles/nginx-https-get-cert/tasks/main.yml index 77b2d7af..c83ad55c 100644 --- a/roles/nginx-https-get-cert/tasks/main.yml +++ b/roles/nginx-https-get-cert/tasks/main.yml @@ -35,7 +35,9 @@ # AND: The domain is a direct first-level subdomain of the primary domain - domain != primary_domain # The domain is not the primary domain - ignore_errors: true + register: certbot_result + failed_when: certbot_result.rc != 0 and ("No certificate found with name" not in certbot_result.stderr) + changed_when: certbot_result.rc == 0 and ("No certificate found with name" not in certbot_result.stderr) - name: run the recieve_certificate tasks once set_fact: diff --git a/roles/nginx-modifier-css/templates/global.css.j2 b/roles/nginx-modifier-css/templates/global.css.j2 index 6eea0ba8..fc866709 100644 --- a/roles/nginx-modifier-css/templates/global.css.j2 +++ b/roles/nginx-modifier-css/templates/global.css.j2 @@ -503,6 +503,10 @@ div#mastodon, div#admin-wrapper { --overlay-icon-shadow: drop-shadow(0 0 8px rgba(var(--color-rgb-01), 0.25)); } +.swal2-popup { + color: #000; +} + /* Modal Overwrittes */ div.modal div.modal-content { /* Colors – adjusted to the existing scheme */