Optimized OIDC Login for Nextcloud

roles/docker-nextcloud/templates/docker-compose.yml.j2

@@ -6,11 +6,14 @@ services:
 
   application:
     image: "nextcloud:{{applications.nextcloud.version}}-fpm-alpine"
-    container_name: {{nextcloud_application_container_name}} 
+    container_name: {{nextcloud_application_container_name}}
     volumes:
-      - data:/var/www/html
+      - data:{{nextcloud_docker_path}}
+{% if applications[application_id].oidc.flavor == "login" %}
+      - {{nextcloud_host_oidc_login_path}}:{{nextcloud_docker_oidc_login_config_path}}:ro
+{% endif %}
     healthcheck:
-      test: ["CMD", "su", "www-data", "-s", "/bin/sh", "-c", "php /var/www/html/occ status"]
+      test: ["CMD", "su", "www-data", "-s", "/bin/sh", "-c", "php {{nextcloud_docker_path}}occ status"]
       interval: 1m
       timeout: 10s
       retries: 3
@@ -47,10 +50,10 @@ services:
     logging:
       driver: journald
     volumes:
-      - data:/var/www/html
+      - data:{{nextcloud_docker_path}}
     entrypoint: /cron.sh
     healthcheck:
-      test: ["CMD", "su", "www-data", "-s", "/bin/sh", "-c", "php /var/www/html/occ status"]
+      test: ["CMD", "su", "www-data", "-s", "/bin/sh", "-c", "php {{nextcloud_docker_path}}occ status"]
       interval: 1m
       timeout: 10s
       retries: 3

roles/docker-nextcloud/templates/oidc.config.php.j2

@@ -1,12 +1,13 @@
+<?php
 # Check out: https://github.com/pulsejet/nextcloud-oidc-login
 
-$CONFIG = array (
+return array (
     // Some Nextcloud options that might make sense here
     'allow_user_to_change_display_name' => false,
     'lost_password_link' => 'disabled',
 
     // URL of provider. All other URLs are auto-discovered from .well-known
-    'oidc_login_provider_url' => 'https://{{domains.keycloak}}',
+    'oidc_login_provider_url' => 'https://{{oidc.client.issuer_url}}',
 
     // Client ID and secret registered with the provider
     'oidc_login_client_id' => '{{oidc.client.id}}',
@@ -95,10 +96,10 @@ $CONFIG = array (
         'id' => 'username',
         'name' => 'name',
         'mail' => 'email',
-        'quota' => 'nextcloudQuota',
-        'home' => 'homeDirectory',
+        # 'quota' => 'nextcloudQuota',  # Not implemented yet
+        # 'home' => 'homeDirectory',    # Not implemented yet
         'ldap_uid' => 'uid',
-        'groups' => 'ownCloudGroups',
+        # 'groups' => 'ownCloudGroups', # Not implemented yet
         'login_filter' => 'realm_access_roles',
     //    'photoURL' => 'picture',
     //    'is_admin' => 'ownCloudAdmin',