mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-02-22 20:39:40 +01:00
Merge branch 'master' of github.com:kevinveenbirkenbach/cymais
This commit is contained in:
commit
72c944d13d
@ -254,6 +254,10 @@ oidc_client_id: "{{primary_domain}}"
|
|||||||
oidc_client_realm: "{{primary_domain}}"
|
oidc_client_realm: "{{primary_domain}}"
|
||||||
oidc_client_issuer_url: "https://{{domain_keycloak}}/realms/{{oidc_client_realm}}"
|
oidc_client_issuer_url: "https://{{domain_keycloak}}/realms/{{oidc_client_realm}}"
|
||||||
oidc_client_discovery_document: "{{oidc_client_issuer_url}}/.well-known/openid-configuration"
|
oidc_client_discovery_document: "{{oidc_client_issuer_url}}/.well-known/openid-configuration"
|
||||||
|
oidc_client_authorize_url: "https://auth.veen.world/realms/veen.world/protocol/openid-connect/auth"
|
||||||
|
oidc_client_toke_url: "https://auth.veen.world/realms/veen.world/protocol/openid-connect/token"
|
||||||
|
oidc_client_user_info_url: "https://auth.veen.world/realms/veen.world/protocol/openid-connect/userinfo"
|
||||||
|
oidc_client_logout_url: "https://auth.veen.world/realms/veen.world/protocol/openid-connect/logout"
|
||||||
# oidc_client_secret: "{{oidc_client_secret}}" # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible
|
# oidc_client_secret: "{{oidc_client_secret}}" # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible
|
||||||
|
|
||||||
#### LDAP
|
#### LDAP
|
||||||
|
|||||||
@ -22,3 +22,7 @@
|
|||||||
src: docker-compose.yml.j2
|
src: docker-compose.yml.j2
|
||||||
dest: "{{docker_compose_instance_directory}}docker-compose.yml"
|
dest: "{{docker_compose_instance_directory}}docker-compose.yml"
|
||||||
notify: docker compose project setup
|
notify: docker compose project setup
|
||||||
|
|
||||||
|
#- name: Include OIDC-specific tasks if OIDC client is active
|
||||||
|
# include_tasks: oidc_tasks.yml
|
||||||
|
# when: oidc_client_active | bool
|
||||||
|
|||||||
33
roles/docker-nextcloud/tasks/oidc_tasks.yml
Normal file
33
roles/docker-nextcloud/tasks/oidc_tasks.yml
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
# @See https://chatgpt.com/share/6798189e-9c00-800f-923c-5ce3cfbdf405
|
||||||
|
|
||||||
|
- name: Flush all handlers immediately so that occ can be used
|
||||||
|
meta: flush_handlers
|
||||||
|
|
||||||
|
- name: Set hide_login_form to true
|
||||||
|
command: "docker exec -u www-data {{nextcloud_application_container_name}} /var/www/html/occ config:system:set --type boolean --value true hide_login_form"
|
||||||
|
|
||||||
|
- name: Set auth.webauthn.enabled to false
|
||||||
|
command: docker exec -u www-data {{nextcloud_application_container_name}} /var/www/html/occ config:system:set --type boolean --value false auth.webauthn.enabled"
|
||||||
|
|
||||||
|
- name: Set allow_login_connect to 1
|
||||||
|
command: >
|
||||||
|
docker-compose exec -u www-data application /var/www/html/occ
|
||||||
|
config:app:set sociallogin allow_login_connect --value="1"
|
||||||
|
# This configuration allows users to connect multiple accounts to their Nextcloud profile
|
||||||
|
# using the sociallogin app.
|
||||||
|
|
||||||
|
- name: Set custom_providers
|
||||||
|
command: >
|
||||||
|
docker-compose exec -u www-data application /var/www/html/occ
|
||||||
|
config:app:set sociallogin custom_providers
|
||||||
|
--value='{"custom_oidc":[{"name":"{{domain_keycloak}}","title":"keycloak","authorizeUrl":"{{oidc_client_authorize_url}}","tokenUrl":"{{oidc_client_toke_url}}","displayNameClaim":"","userInfoUrl":"{{oidc_client_user_info_url}}","logoutUrl":"{{oidc_client_logout_url}}","clientId":"{{oidc_client_id}}","clientSecret":"{{oidc_client_secret}}","scope":"openid","groupsClaim":"","style":"","defaultGroup":""}]}'
|
||||||
|
# This configuration defines custom OpenID Connect (OIDC) providers for authentication.
|
||||||
|
# In this case, it sets up a Keycloak provider with details like URLs for authorization,
|
||||||
|
# token retrieval, user info, and logout, as well as the client ID and secret.
|
||||||
|
|
||||||
|
- name: Set prevent_create_email_exists to 1
|
||||||
|
command: >
|
||||||
|
docker-compose exec -u www-data application /var/www/html/occ
|
||||||
|
config:app:set sociallogin prevent_create_email_exists --value="1"
|
||||||
|
# This configuration prevents the creation of new Nextcloud users if an account with the
|
||||||
|
# same email address already exists in the system. It helps avoid duplicate accounts.
|
||||||
@ -6,7 +6,7 @@ services:
|
|||||||
|
|
||||||
application:
|
application:
|
||||||
image: "nextcloud:{{nextcloud_version}}-fpm-alpine"
|
image: "nextcloud:{{nextcloud_version}}-fpm-alpine"
|
||||||
container_name: nextcloud-application
|
container_name: {{nextcloud_application_container_name}}
|
||||||
restart: {{docker_restart_policy}}
|
restart: {{docker_restart_policy}}
|
||||||
logging:
|
logging:
|
||||||
driver: journald
|
driver: journald
|
||||||
|
|||||||
@ -1,4 +1,5 @@
|
|||||||
---
|
---
|
||||||
docker_compose_project_name: "nextcloud"
|
docker_compose_project_name: "nextcloud"
|
||||||
database_password: "{{nextcloud_database_password}}"
|
database_password: "{{nextcloud_database_password}}"
|
||||||
database_type: "mariadb"
|
database_type: "mariadb"
|
||||||
|
nextcloud_application_container_name: "nextcloud-application"
|
||||||
Loading…
x
Reference in New Issue
Block a user