feat(nextcloud): integrate Talk & Whiteboard; refactor to NEXTCLOUD_* vars; full-stack setup

config(ports): add Nextcloud websocket port (4003); canonical domains (nextcloud/talk/whiteboard) refactor: unify get_app_conf usage & Jinja spacing; migrate paths/handlers to new NEXTCLOUD_* vars feat(plugins): split plugin routines; configure Whiteboard via occ (URL + JWT) fix(oidc): use NEXTCLOUD_URL for logout; correct LDAP attribute mappings; add OIDC flavor switch feat: Whiteboard container & reverse-proxy location; Talk STUN/WS ports; Redis URL for Whiteboard chore: drop obsolete TODO; minor cleanups in oauth2-proxy, matrix, peertube, pgadmin, phpldapadmin, pixelfed, phpmyadmin security(schema): Bluesky jwt_secret now base64_prefixed_32; add Nextcloud whiteboard_jwt_secret db: normalize postgres image tag templating; central DB host checks spacing fixes ops: add full-stack bootstrap (certs, proxy, volumes); internal nginx config reload handler update refs: https://chatgpt.com/share/68b5f5b7-8d64-800f-b001-1241f818dc0e
2025-10-31 02:10:05 +00:00 · 2025-09-01 21:37:02 +02:00
parent 110381e80c
commit 7ca8b7c71d
48 changed files with 276 additions and 201 deletions
--- a/roles/web-app-nextcloud/templates/config/oidc.config.php.j2
+++ b/roles/web-app-nextcloud/templates/config/oidc.config.php.j2
@@ -1,7 +1,7 @@
 <?php
 # Implementing OICD configuration

-{% if applications | get_app_conf(application_id, 'oidc.flavor', True) == "oidc_login" %}
+{% if applications | get_app_conf(application_id, 'oidc.flavor') == "oidc_login" %}

 # Check out: https://github.com/pulsejet/nextcloud-oidc-login

@@ -21,7 +21,7 @@ return array (
    'oidc_login_auto_redirect' => true,

    // Redirect to this page after logging out the user
-    'oidc_login_logout_url' => 'https://{{ domains | get_domain(application_id) }}',
+    'oidc_login_logout_url' => '{{ NEXTCLOUD_URL }}',

    // If set to true the user will be redirected to the
    // logout endpoint of the OIDC provider after logout
@@ -33,7 +33,7 @@ return array (
    //
    // NOTE: If you want to allow NextCloud to manage quotas, omit this option. Do not set it to
    // zero or -1 or ''.
-    'oidc_login_default_quota' => '{{applications | get_app_conf(application_id, 'default_quota', True)}}',
+    'oidc_login_default_quota' => '{{ applications | get_app_conf(application_id, 'default_quota', True)}}',

    // Login button text
    'oidc_login_button_text' => '{{ OIDC.BUTTON_TEXT }}',
@@ -97,7 +97,7 @@ return array (
    // note: on Keycloak, OIDC name claim = "${given_name} ${family_name}" or one of them if any is missing
    //
    'oidc_login_attributes' => array (
-        'id' => '{{LDAP.USER.ATTRIBUTES.ID}}',
+        'id' => '{{ LDAP.USER.ATTRIBUTES.ID }}',
        'name' => 'name',
        'mail' => 'email',
        'quota' => '{{ LDAP.USER.ATTRIBUTES.NEXTCLOUD_QUOTA }}',