Huge role refactoring/cleanup. Other commits will propably follow. Because some bugs will exist. Still important for longrun and also for auto docs/help/slideshow generation

roles/web-app-nextcloud/vars/plugins/README.md

@@ -0,0 +1,2 @@
+# Plugins 
+This folder contains the plugin specific configurations which will be applied

roles/web-app-nextcloud/vars/plugins/bbb.yml

@@ -0,0 +1,7 @@
+plugin_configuration:
+  - appid:        "bbb"
+    configkey:    "api.secret"
+    configvalue:  "{{ applications.bigbluebutton.credentials.shared_secret }}"
+  - appid:        "bbb"
+    configkey:    "api.url"
+    configvalue:  "{{ domains | get_url('bigbluebutton', web_protocol) }}{{applications.bigbluebutton.api_suffix}}"

roles/web-app-nextcloud/vars/plugins/sociallogin.yml

@@ -0,0 +1,86 @@
+plugin_configuration:
+  -
+    appid: "sociallogin"
+    # This configuration allows users to connect multiple accounts to their Nextcloud profile
+    # using the sociallogin app.
+    configkey: "allow_login_connect"
+    configvalue: 1
+  -
+    appid: "sociallogin"
+    configkey: "auto_create_groups"
+    configvalue: ""
+  -
+    appid: "sociallogin"
+    configkey: "button_text_wo_prefix"
+    configvalue: ""
+  -
+    appid: "sociallogin"
+    configkey: "create_disabled_users"
+    configvalue: ""
+  -
+    appid: "sociallogin"
+    # This configuration defines custom OpenID Connect (OIDC) providers for authentication.
+    # In this case, it sets up a Keycloak provider with details like URLs for authorization,
+    # token retrieval, user info, and logout, as well as the client ID and secret.
+    configkey: "custom_providers"
+    configvalue: 
+      custom_oidc:
+        - name: "{{ domains | get_domain('keycloak') }}"
+          title: "keycloak"
+          style: "keycloak"
+          authorizeUrl: "{{ oidc.client.authorize_url }}"
+          tokenUrl: "{{ oidc.client.token_url }}"
+          displayNameClaim: ""
+          userInfoUrl: "{{ oidc.client.user_info_url }}"
+          logoutUrl: "{{ oidc.client.logout_url }}"
+          clientId: "{{ oidc.client.id }}"
+          clientSecret: "{{ oidc.client.secret }}"
+          scope: "openid"
+          groupsClaim: ""
+          defaultGroup: ""
+  -
+    appid: "sociallogin"
+    configkey: "disable_notify_admins"
+    configvalue: ""
+  -
+    appid: "sociallogin"
+    configkey: "disable_registration"
+    configvalue: ""
+  -
+    appid: "sociallogin"
+    configkey: "enabled"
+    configvalue: "yes"
+  -
+    appid: "sociallogin"
+    configkey: "hide_default_login"
+    configvalue: ""
+  -
+    appid: "sociallogin"
+    configkey: "no_prune_user_groups"
+    configvalue: ""
+  -
+    appid: "sociallogin"
+    configkey: "oauth_providers"
+    configvalue: "null"
+  -
+    appid: "sociallogin"
+    # This configuration prevents the creation of new Nextcloud users if an account with the
+    # same email address already exists in the system. It helps avoid duplicate accounts.
+    configkey: "prevent_create_email_exists"
+    configvalue: 1
+  -
+    appid: "sociallogin"
+    configkey: "restrict_users_wo_assigned_groups"
+    configvalue: ""
+  -
+    appid: "sociallogin"
+    configkey: "restrict_users_wo_mapped_groups"
+    configvalue: ""
+  -
+    appid: "sociallogin"
+    configkey: "types"
+    configvalue: ""
+  -
+    appid: "sociallogin"
+    configkey: "update_profile_on_login"
+    configvalue: 1

roles/web-app-nextcloud/vars/plugins/user_ldap.yml

@@ -0,0 +1,184 @@
+plugin_configuration:
+  -
+    appid: "user_ldap"
+    configkey: "background_sync_interval"
+    configvalue: 43200
+
+  -
+    appid: "user_ldap"
+    configkey: "background_sync_offset"
+    configvalue: 0
+
+  -
+    appid: "user_ldap"
+    configkey: "background_sync_prefix"
+    configvalue: "s01"
+
+  -
+    appid: "user_ldap"
+    configkey: "enabled"
+    configvalue: "yes"
+
+  -
+    appid: "user_ldap"
+    configkey: "s01last_jpegPhoto_lookup"
+    configvalue: 0
+
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_backup_port"
+    configvalue: "{{ ports.localhost.ldap.ldap }}" # This is just optimized for local port @todo implement for external ports as well
+
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_base"
+    configvalue: "{{ldap.dn.root}}"
+
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_base_groups"
+    configvalue: "{{ldap.dn.root}}"
+
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_base_users"
+    configvalue: "{{ldap.dn.ou.users}}"
+
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_cache_ttl"
+    configvalue: 600
+
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_configuration_active"
+    configvalue: 1
+
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_connection_timeout"
+    configvalue: 15
+
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_display_name"
+    configvalue: "cn"
+
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_dn"
+    configvalue: "{{ldap.dn.administrator.data}}"
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_email_attr"
+    configvalue: "mail"
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_experienced_admin"
+    configvalue: 0
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_gid_number"
+    configvalue: "gidNumber"
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_group_display_name"
+    configvalue: "cn"
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_group_filter"
+    configvalue: "(&(|(objectclass=groupOfUniqueNames)(objectclass=posixGroup)))"
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_group_filter_mode"
+    configvalue: 0
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_group_member_assoc_attribute"
+    configvalue: "uniqueMember"
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_groupfilter_objectclass"
+    configvalue: "groupOfUniqueNames\nposixGroup"
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_host"
+    configvalue: "{{ldap.server.domain}}"
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_login_filter"
+    configvalue: "{{ ldap.filters.users.login }}"
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_login_filter_mode"
+    configvalue: 0
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_loginfilter_email"
+    configvalue: 0
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_loginfilter_username"
+    configvalue: 1
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_mark_remnants_as_disabled"
+    configvalue: 0
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_matching_rule_in_chain_state"
+    configvalue: "unknown"
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_nested_groups"
+    configvalue: 0
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_paging_size"
+    configvalue: 500
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_port"
+    configvalue: 389
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_turn_off_cert_check"
+    configvalue: 0
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_turn_on_pwd_change"
+    configvalue: 0
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_user_avatar_rule"
+    configvalue: "default"
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_user_filter_mode"
+    configvalue: 0
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_userfilter_objectclass"
+    configvalue: "inetOrgPerson"
+  - 
+    appid: "user_ldap"
+    configkey: "s01ldap_userlist_filter"
+    configvalue: |-
+      {% if applications[application_id].plugins.user_ldap.user_directory.enabled %}
+      {{ ldap.filters.users.all }}
+      {% else %}
+      ()
+      {% endif %}
+
+  -
+    appid: "user_ldap"
+    configkey: "s01use_memberof_to_detect_membership"
+    configvalue: 1
+  -
+    appid: "user_ldap"
+    configkey: "types"
+    configvalue: "authentication"
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_expert_username_attr"
+    configvalue: "{{ldap.user.attributes.id}}"