Optimized Nextcloud Configuration

2025-08-29 15:06:26 +02:00 · 2025-02-28 13:19:34 +01:00
parent d24b33f045
commit d20e900ab2
24 changed files with 207 additions and 145 deletions
--- a/roles/docker-nextcloud/vars/plugins/README.md
+++ b/roles/docker-nextcloud/vars/plugins/README.md
@@ -0,0 +1 @@
+This folder contains the plugin specific configurations which willö be applied
--- a/roles/docker-nextcloud/vars/plugins/ldap.yml
+++ b/roles/docker-nextcloud/vars/plugins/ldap.yml
@@ -0,0 +1,178 @@
+plugin_configuration:
+  -
+    appid: "user_ldap"
+    configkey: "background_sync_interval"
+    configvalue: 43200
+
+  -
+    appid: "user_ldap"
+    configkey: "background_sync_offset"
+    configvalue: 0
+
+  -
+    appid: "user_ldap"
+    configkey: "background_sync_prefix"
+    configvalue: "s01"
+
+  -
+    appid: "user_ldap"
+    configkey: "enabled"
+    configvalue: "yes"
+
+  -
+    appid: "user_ldap"
+    configkey: "s01last_jpegPhoto_lookup"
+    configvalue: 0
+
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_backup_port"
+    configvalue: "{{ ports.localhost.ldap.openldap }}" # This is just optimized for local port @todo implement for external ports as well
+
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_base"
+    configvalue: "{{ldap.dn.root}}"
+
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_base_groups"
+    configvalue: "{{ldap.dn.root}}"
+
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_base_users"
+    configvalue: "{{ldap.dn.users}}"
+
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_cache_ttl"
+    configvalue: 600
+
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_configuration_active"
+    configvalue: 1
+
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_connection_timeout"
+    configvalue: 15
+
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_display_name"
+    configvalue: "cn"
+
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_dn"
+    configvalue: "{{ldap.dn.administrator}}"
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_email_attr"
+    configvalue: "mail"
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_experienced_admin"
+    configvalue: 0
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_gid_number"
+    configvalue: "gidNumber"
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_group_display_name"
+    configvalue: "cn"
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_group_filter"
+    configvalue: "(&(|(objectclass=groupOfUniqueNames)(objectclass=posixGroup)))"
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_group_filter_mode"
+    configvalue: 0
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_group_member_assoc_attribute"
+    configvalue: "uniqueMember"
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_groupfilter_objectclass"
+    configvalue: "groupOfUniqueNames\nposixGroup"
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_host"
+    configvalue: "openldap"
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_login_filter"
+    configvalue: "(&(|(objectclass=inetOrgPerson))({{ldap.attributes.user_id}}=%{{ldap.attributes.user_id}}))"
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_login_filter_mode"
+    configvalue: 0
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_loginfilter_email"
+    configvalue: 0
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_loginfilter_username"
+    configvalue: 1
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_mark_remnants_as_disabled"
+    configvalue: 0
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_matching_rule_in_chain_state"
+    configvalue: "unknown"
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_nested_groups"
+    configvalue: 0
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_paging_size"
+    configvalue: 500
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_port"
+    configvalue: 389
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_turn_off_cert_check"
+    configvalue: 0
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_turn_on_pwd_change"
+    configvalue: 0
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_user_avatar_rule"
+    configvalue: "default"
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_user_filter_mode"
+    configvalue: 0
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_userfilter_objectclass"
+    configvalue: "inetOrgPerson"
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_userlist_filter"
+    configvalue: "(|(objectclass=inetOrgPerson))"
+  -
+    appid: "user_ldap"
+    configkey: "s01use_memberof_to_detect_membership"
+    configvalue: 1
+  -
+    appid: "user_ldap"
+    configkey: "types"
+    configvalue: "authentication"
+  -
+    appid: "user_ldap"
+    configkey: "s01ldap_expert_username_attr"
+    configvalue: "{{ldap.attributes.user_id}}"
--- a/roles/docker-nextcloud/vars/plugins/sociallogin.yml
+++ b/roles/docker-nextcloud/vars/plugins/sociallogin.yml
@@ -0,0 +1,86 @@
+plugin_configuration:
+  -
+    appid: "sociallogin"
+    # This configuration allows users to connect multiple accounts to their Nextcloud profile
+    # using the sociallogin app.
+    configkey: "allow_login_connect"
+    configvalue: 1
+  -
+    appid: "sociallogin"
+    configkey: "auto_create_groups"
+    configvalue: ""
+  -
+    appid: "sociallogin"
+    configkey: "button_text_wo_prefix"
+    configvalue: ""
+  -
+    appid: "sociallogin"
+    configkey: "create_disabled_users"
+    configvalue: ""
+  -
+    appid: "sociallogin"
+    # This configuration defines custom OpenID Connect (OIDC) providers for authentication.
+    # In this case, it sets up a Keycloak provider with details like URLs for authorization,
+    # token retrieval, user info, and logout, as well as the client ID and secret.
+    configkey: "custom_providers"
+    configvalue: 
+      custom_oidc:
+        - name: "{{ domains.keycloak }}"
+          title: "keycloak"
+          style: "keycloak"
+          authorizeUrl: "{{ oidc.client.authorize_url }}"
+          tokenUrl: "{{ oidc.client.toke_url }}"
+          displayNameClaim: ""
+          userInfoUrl: "{{ oidc.client.user_info_url }}"
+          logoutUrl: "{{ oidc.client.logout_url }}"
+          clientId: "{{ oidc.client.id }}"
+          clientSecret: "{{ oidc.client.secret }}"
+          scope: "openid"
+          groupsClaim: ""
+          defaultGroup: ""
+  -
+    appid: "sociallogin"
+    configkey: "disable_notify_admins"
+    configvalue: ""
+  -
+    appid: "sociallogin"
+    configkey: "disable_registration"
+    configvalue: ""
+  -
+    appid: "sociallogin"
+    configkey: "enabled"
+    configvalue: "yes"
+  -
+    appid: "sociallogin"
+    configkey: "hide_default_login"
+    configvalue: ""
+  -
+    appid: "sociallogin"
+    configkey: "no_prune_user_groups"
+    configvalue: ""
+  -
+    appid: "sociallogin"
+    configkey: "oauth_providers"
+    configvalue: "null"
+  -
+    appid: "sociallogin"
+    # This configuration prevents the creation of new Nextcloud users if an account with the
+    # same email address already exists in the system. It helps avoid duplicate accounts.
+    configkey: "prevent_create_email_exists"
+    configvalue: 1
+  -
+    appid: "sociallogin"
+    configkey: "restrict_users_wo_assigned_groups"
+    configvalue: ""
+  -
+    appid: "sociallogin"
+    configkey: "restrict_users_wo_mapped_groups"
+    configvalue: ""
+  -
+    appid: "sociallogin"
+    configkey: "types"
+    configvalue: ""
+  -
+    appid: "sociallogin"
+    configkey: "update_profile_on_login"
+    configvalue: 1
				`@@ -0,0 +1 @@`
				`This folder contains the plugin specific configurations which willö be applied`