Optimized Nextcloud Configuration

2025-04-01 23:04:15 +02:00 · 2025-02-28 13:19:34 +01:00 · 2025-02-28 13:19:34 +01:00 · d20e900ab2
commit d20e900ab2
parent d24b33f045
24 changed files with 207 additions and 145 deletions
--- a/group_vars/all/07_applications.yml
+++ b/group_vars/all/07_applications.yml
@ -305,7 +305,8 @@ defaults_applications:
        enabled: true
      deck:
        # Nextcloud Deck: organizes tasks and projects using Kanban boards (https://apps.nextcloud.com/apps/deck)
-        enabled: true
+        # When Taiga is activated, this plugin is deactivated, because Taiga is the prefered application.
        enabled: "{{ 'taiga' not in group_names | lower }}"
      drawio:
        # Nextcloud draw.io: integrates diagram creation and editing tools (https://apps.nextcloud.com/apps/drawio)
        enabled: true
--- a/roles/docker-nextcloud/handlers/main.yml
+++ b/roles/docker-nextcloud/handlers/main.yml
@ -1,6 +1,6 @@
 ---
- name: restart docker nginx service
+- name: restart nextcloud nginx service
  command:
    cmd: "docker exec {{applications.nextcloud.container.proxy}} nginx -s reload"
-  listen: restart docker nginx service
+  listen: restart nextcloud nginx service
  ignore_errors: true # Ignoring if container is restarting
--- a/roles/docker-nextcloud/tasks/config.yml
+++ b/roles/docker-nextcloud/tasks/config.yml
@ -1,33 +0,0 @@
 - name: "Substitute http with https in {{ nextcloud_config_file_host_path }}"
  replace:
    path: "{{ nextcloud_config_file_host_path }}"
    regexp: "http://{{ domain | regex_escape }}"
    replace: "https://{{ domain }}"
  notify:
    - docker compose restart
 #- name: Ensure 'overwriteprotocol' is set to 'https' in Nextcloud {{ nextcloud_config_file_host_path }}
 #  block:
 #     Deactivated because it was really heavy to fix. 
 #     @todo implement
 #    - name: Check if 'overwriteprotocol' is already set
 #      lineinfile:
 #        path: "{{ nextcloud_config_file_host_path }}"
 #        regexp: "^\s*overwriteprotocol\s*=>\s*http"
 #        line: "overwriteprotocol => 'https',"
 #        backrefs: yes
 #        state: present
 #        notify:
 #          - docker compose restart
 #
 #    - name: Add 'overwriteprotocol' => 'https' if not present
 #      lineinfile:
 #        path: "{{ nextcloud_config_file_host_path }}"
 #        regexp: "^\s*\);$"
 #        line: "overwriteprotocol => 'https',"
 #        insertafter: "^\s*\);$"
 #        state: present
 #        notify:
 #          - docker compose restart        
 #  notify:
 #    - docker compose restart
--- a/roles/docker-nextcloud/tasks/ldap.yml
+++ b/roles/docker-nextcloud/tasks/ldap.yml
@ -1,17 +0,0 @@
 # @See https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_auth_ldap.html
 # @See https://chatgpt.com/c/67aa2d21-cb4c-800f-b1be-8629b6bd3f55
 # @todo implement
 - name: Load LDAP Nextcloud configuration variables
  include_vars:
    file: ldap.yml
 - name: Set Nextcloud LDAP config
  loop: "{{ nextcloud_ldap_configuration }}"
  command: >
    docker exec -u www-data {{ applications.nextcloud.container.application }}
    php occ config:app:set {{ item.appid }} {{ item.configkey }} --value "{{ item.configvalue }}"
 - name: Set Nextcloud LDAP bind password
  command: >
    docker exec -u www-data {{ applications.nextcloud.container.application }}
    php occ ldap:set-config s01 ldapAgentPassword "{{ ldap.bind_credential }}"
--- a/roles/docker-nextcloud/tasks/legacy_login_mask.yml
+++ b/roles/docker-nextcloud/tasks/legacy_login_mask.yml
@ -1,5 +0,0 @@
 - name: Set hide_login_form to true
  command: "docker exec -u www-data {{applications.nextcloud.container.application}} {{nextcloud_docker_path}}occ config:system:set --type boolean --value {{ (not applications[application_id].legacy_login_mask.enabled) | lower }} hide_login_form"
 - name: "Set auth.webauthn.enabled to false"
  command: "docker exec -u www-data {{applications.nextcloud.container.application}} {{nextcloud_docker_path}}occ config:system:set --type boolean --value {{applications[application_id].legacy_login_mask.enabled | lower}} auth.webauthn.enabled"
--- a/roles/docker-nextcloud/tasks/main.yml
+++ b/roles/docker-nextcloud/tasks/main.yml
@ -3,22 +3,20 @@
  include_role: 
    name: docker-central-database
- name: copy oidc.config.php
+- name: "create {{ nextcloud_docker_config_additives_directory }}"
-  template: 
+  file:
-    src: oidc.config.php.j2
+    path: "{{ nextcloud_docker_config_additives_directory }}"
-    dest: "{{nextcloud_host_oidc_login_path}}"
+    state: directory
-    owner: 82 # User www-data in Nextcloud container
+    mode: 0755
    group: 82 # User www-data in Nextcloud container
  when: applications[application_id].oidc.flavor == "oidc_login" 
- name: Remove OIDC configuration lines from config.php if present (container)
+- name: "Create config files at {{ nextcloud_docker_config_additives_directory }}"
-  command: >
+  template:
-    docker exec -u www-data {{ applications.nextcloud.container.application }} sh -c "sed -i '/CONFIG_EXTRA = include.*oidc\.config\.php/d' /var/www/html/config/config.php && sed -i '/CONFIG = array_merge(\\$CONFIG, \\$CONFIG_EXTRA)/d' /var/www/html/config/config.php"
+    src:    "{{ item }}"
-  when: applications[application_id].oidc.flavor == "sociallogin" and mode_cleanup | bool 
+    dest:   "{{ nextcloud_docker_config_additives_directory }}/{{ item | basename | regex_replace('\\.j2$', '') }}"
-
+    owner:  "{{nextcloud_docker_user_id}}"
- name: Set maintanance window 
+    group:  "{{nextcloud_docker_user_id}}"
-  command: >
+  loop:     "{{ lookup('fileglob', role_path ~ '/templates/config/*.j2', wantlist=True) }}"
-    docker exec -u www-data {{ applications.nextcloud.container.application }} php occ config:system:set maintenance_window_start --type=integer --value={{on_calendar_nextcloud}}"
+  notify: docker compose restart
 - name: "include role for {{application_id}} to recieve certs & do modification routines"
  include_role:
@ -26,15 +24,15 @@
 - name: create nextcloud nginx proxy configuration file
  template: 
-    src:  "proxy-nginx.conf.j2" 
+    src:  "nginx/host.conf.j2" 
    dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf"
  notify: restart nginx
 - name: create internal nextcloud nginx configuration
  template: 
-    src:  "internal-nginx.conf.j2" 
+    src:  "nginx/docker.conf.j2" 
    dest: "{{docker_compose.directories.volumes}}nginx.conf"
-  notify: restart docker nginx service
+  notify: restart nextcloud nginx service
 - name: "copy docker-compose.yml and env file"
  include_tasks: copy-docker-compose-and-env.yml
@ -42,25 +40,43 @@
 - name: Flush all handlers immediately so that occ can be used
  meta: flush_handlers
 - name: Merge all files in cymais directory (container)
  block:
    - name: Add dynamic config merging from Jinja template
      template:
        src: include.php.j2
        dest: "{{nextcloud_host_include_instructions_file}}"
      notify: docker compose restart
    - name: Copy include instructions to the container
      command: >
        docker cp {{ nextcloud_host_include_instructions_file }} {{ applications.nextcloud.container.application }}:{{nextcloud_docker_include_instructions_file}}
    - name: Append generated config to config.php only if not present
      command: >
        docker exec -u {{nextcloud_docker_user}} {{ applications.nextcloud.container.application }} sh -c "
          grep -q 'foreach (glob(\"{{ nextcloud_docker_config_additives_directory }}*.php\") as \$file)' {{ nextcloud_docker_config_file }} || 
          cat {{nextcloud_docker_include_instructions_file}} >> {{ nextcloud_docker_config_file }}"
      notify: docker compose restart
 - name: Setup Nextcloud Plugins
  include_tasks: plugin.yml
  loop: "{{applications[application_id].plugins | dict2items }}"
  loop_control:
    loop_var: plugin_item
  vars:
-    plugin_name: "{{ plugin_item.key }}"
+    plugin_key:   "{{ plugin_item.key }}"
-    plugin_configuration: "{{ plugin_item.value }}"
+    plugin_value: "{{ plugin_item.value }}"
- name: "Include OIDC-specific tasks with flavor {{applications[application_id].oidc.flavor}}"
+- name: Load system configuration
-  include_tasks: "{{applications[application_id].oidc.flavor}}.yml"
+  include_tasks: system.yml
  when: applications[application_id].oidc.enabled | bool
- name: Include LDAP specific tasks
+- name: Add missing database indices in Nextcloud
-  include_tasks: ldap.yml
+  command: >
-  when: applications[application_id].ldap.enabled | bool
+    {{nextcloud_docker_exec_occ}} db:add-missing-indices
-
+  register: db_indices_result
- name: Include Config specific tasks
+  changed_when: >
-  include_tasks: config.yml
+    'Adding additional' in db_indices_result.stdout or 
-
+    'Removing' in db_indices_result.stdout or 
- name: De\Activate legacy login mask
+    'updated successfully' in db_indices_result.stdout
-  include_tasks: legacy_login_mask.yml
+  failed_when: db_indices_result.rc != 0
--- a/roles/docker-nextcloud/tasks/oidc_login.yml
+++ b/roles/docker-nextcloud/tasks/oidc_login.yml
@ -1,3 +0,0 @@
 - name: Add OIDC configuration if not implemented yet
  command: >
    docker exec -u www-data {{ applications.nextcloud.container.application }} sh -c 'grep -q "CONFIG_EXTRA = include" ./config/config.php || echo -e "\n\$CONFIG_EXTRA = include '\''{{nextcloud_docker_oidc_login_config_path}}'\'';\n\$CONFIG = array_merge(\$CONFIG, \$CONFIG_EXTRA);" >> ./config/config.php'
--- a/roles/docker-nextcloud/tasks/plugin.yml
+++ b/roles/docker-nextcloud/tasks/plugin.yml
@ -1,29 +1,47 @@
- name: "Disable incompatible plugins for {{plugin_name}}."
+- name: "Disable incompatible plugins for {{plugin_key}}."
-  command: "docker exec -u www-data {{applications.nextcloud.container.application}} {{nextcloud_docker_path}}occ app:disable {{incompatible_plugin}}"
+  command: "{{nextcloud_docker_exec_occ}} app:disable {{incompatible_plugin}}"
-  loop: "{{plugin_configuration.incompatible_plugins}}"
+  loop: "{{plugin_value.incompatible_plugins}}"
  loop_control: 
    loop_var: incompatible_plugin
  register: disable_incompatible_plugin_result
  changed_when: disable_incompatible_plugin_result.rc == 0 and ("No such app enabled" not in disable_incompatible_plugin_result.stdout)
  when: 
-    - plugin_configuration.incompatible_plugins is defined and plugin_configuration.incompatible_plugins | length > 0
+    - plugin_value.incompatible_plugins is defined and plugin_value.incompatible_plugins | length > 0
-    - plugin_configuration.enabled | bool
+    - plugin_value.enabled | bool
- name: disable {{ plugin_name }} nextcloud plugin
+- name: disable {{ plugin_key }} nextcloud plugin
-  command: "docker exec -u www-data {{ applications.nextcloud.container.application }} {{ nextcloud_docker_path }}occ app:disable {{ plugin_name }}"
+  command: "{{nextcloud_docker_exec_occ}} app:disable {{ plugin_key }}"
  register: disable_result
  changed_when: disable_result.rc == 0 and ("No such app enabled" not in disable_result.stdout)
-  when: not (plugin_configuration.enabled | bool)
+  when: not (plugin_value.enabled | bool)
- name: install {{ plugin_name }} nextcloud plugin
+- name: install {{ plugin_key }} nextcloud plugin
-  command: "docker exec -u www-data {{ applications.nextcloud.container.application }} {{ nextcloud_docker_path }}occ app:install {{ plugin_name }}"
+  command: "{{nextcloud_docker_exec_occ}} app:install {{ plugin_key }}"
  register: install_result
  failed_when: install_result.rc != 0 and ("already installed" not in install_result.stdout)
  changed_when: install_result.rc == 0 and ("already installed" not in install_result.stdout)
-  when: plugin_configuration.enabled | bool
+  when: plugin_value.enabled | bool
- name: enable {{plugin_name}} nextcloud plugin
+- name: enable {{plugin_key}} nextcloud plugin
-  command: "docker exec -u www-data {{applications.nextcloud.container.application}} {{nextcloud_docker_path}}occ app:enable {{plugin_name}}"
+  command: "{{nextcloud_docker_exec_occ}} app:enable {{plugin_key}}"
  register: enable_result
  changed_when: enable_result.rc == 0 and ("already enabled" not in enable_result.stdout)
-  when: plugin_configuration.enabled | bool
+  when: plugin_value.enabled | bool
 - name: Check if {{nextcloud_localhost_plugin_configuration_directory}}{{ plugin_key }}.yml exists
  stat:
    path: "{{nextcloud_localhost_plugin_configuration_directory}}{{ plugin_key }}.yml"
  register: plugin_config_file
 - name: Apply configuration to {{ plugin_key }} 
  block:
  - name: Load {{ plugin_key }} configuration variables
    include_vars:
      file: "{{nextcloud_localhost_plugin_configuration_directory}}{{ plugin_key }}.yml"
  - name: "Set {{ item.configkey }} for {{ item.appid }}"
    loop: "{{ plugin_configuration }}"
    command: >
      {{ nextcloud_docker_exec_occ }} config:app:set {{ item.appid }} {{ item.configkey }} --value '{{ item.configvalue | to_json if item.configvalue is mapping else item.configvalue }}'
  when: plugin_config_file.stat.exists
--- a/roles/docker-nextcloud/tasks/plugins/ldap.yml
+++ b/roles/docker-nextcloud/tasks/plugins/ldap.yml
@ -0,0 +1,6 @@
 # @See https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_auth_ldap.html
 # @See https://chatgpt.com/c/67aa2d21-cb4c-800f-b1be-8629b6bd3f55
 - name: Set Nextcloud LDAP bind password
  command: >
    {{ nextcloud_docker_exec_occ }} ldap:set-config s01 ldapAgentPassword "{{ ldap.bind_credential }}"
--- a/roles/docker-nextcloud/tasks/sociallogin.yml
+++ b/roles/docker-nextcloud/tasks/sociallogin.yml
@ -1,11 +0,0 @@
 # @See https://chatgpt.com/share/6798189e-9c00-800f-923c-5ce3cfbdf405
 - name: Load Sociallogin configuration variables
  include_vars:
    file: sociallogin.yml
 - name: Configure Sociallogin
  loop: "{{ nextcloud_sociallogin_configuration}}"
  # The | to_json function is necessary to escape custom_providers correct.
  command: >
    docker exec -u www-data {{ applications.nextcloud.container.application }}
    php occ config:app:set {{ item.appid }} {{ item.configkey }} --value '{{ item.configvalue | to_json if item.configvalue is mapping else item.configvalue }}'
--- a/roles/docker-nextcloud/tasks/system.yml
+++ b/roles/docker-nextcloud/tasks/system.yml
@ -0,0 +1,8 @@
 - name: Load System Nextcloud configuration variables
  include_vars:
    file: system.yml
 - name:     Apply Nextcloud configurations
  loop:     "{{ nextcloud_system_config }}"
  command:  "{{nextcloud_docker_exec_occ}} config:system:set {{ item.parameter }}{% if item.type is defined %} --type {{ item.type }}{% endif %} --value {{ item.value }}"
  # No good changed_when condition available
--- a/roles/docker-nextcloud/templates/config/README.md
+++ b/roles/docker-nextcloud/templates/config/README.md
@ -0,0 +1,2 @@
 This folder contains configuration files which will be loaded direct into the config.php
 If you don't use nested configuration, concider to use the vars/system.yml file instead, because it's a cleaner way to set the configuration.
--- a/roles/docker-nextcloud/templates/config/oidc.config.php.j2
+++ b/roles/docker-nextcloud/templates/config/oidc.config.php.j2
@ -1,4 +1,8 @@
 <?php
 # Implementing OICD configuration
 {% if applications[application_id].oidc.flavor == "oidc_login" | bool %}
 # Check out: https://github.com/pulsejet/nextcloud-oidc-login
 return array (
@ -210,4 +214,7 @@ return array (
    //	- 'plain'
    // The default value is empty, which won't apply the PKCE flow.
    'oidc_login_code_challenge_method' => '',
-);
+);
 {% else %}
 return [];
 {% endif %}
--- a/roles/docker-nextcloud/templates/config/redis.config.php.j2
+++ b/roles/docker-nextcloud/templates/config/redis.config.php.j2
@ -0,0 +1,11 @@
 <?php
 # Implementing redis configuration
 return array (
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' =>
  array (
    'host' => 'redis',
    'port' => 6379,
  )
 );
--- a/roles/docker-nextcloud/templates/docker-compose.yml.j2
+++ b/roles/docker-nextcloud/templates/docker-compose.yml.j2
@ -8,12 +8,12 @@ services:
    image: "nextcloud:{{applications.nextcloud.version}}-fpm-alpine"
    container_name: {{applications.nextcloud.container.application}}
    volumes:
-      - data:{{nextcloud_docker_path}}
+      - data:{{nextcloud_docker_work_directory}}
 {% if applications[application_id].oidc.flavor == "oidc_login" %}
-      - {{nextcloud_host_oidc_login_path}}:{{nextcloud_docker_oidc_login_config_path}}:ro
+      - {{nextcloud_host_config_additives_directory}}:{{nextcloud_docker_config_additives_directory}}:ro
 {% endif %}
    healthcheck:
-      test: ["CMD", "su", "www-data", "-s", "/bin/sh", "-c", "php {{nextcloud_docker_path}}occ status"]
+      test: ["CMD", "su", "www-data", "-s", "/bin/sh", "-c", "php {{nextcloud_docker_work_directory}}occ status"]
      interval: 1m
      timeout: 10s
      retries: 3
@ -50,10 +50,10 @@ services:
    logging:
      driver: journald
    volumes:
-      - data:{{nextcloud_docker_path}}
+      - data:{{nextcloud_docker_work_directory}}
    entrypoint: /cron.sh
    healthcheck:
-      test: ["CMD", "su", "www-data", "-s", "/bin/sh", "-c", "php {{nextcloud_docker_path}}occ status"]
+      test: ["CMD", "su", "www-data", "-s", "/bin/sh", "-c", "php {{nextcloud_docker_work_directory}}occ status"]
      interval: 1m
      timeout: 10s
      retries: 3
--- a/roles/docker-nextcloud/templates/env.j2
+++ b/roles/docker-nextcloud/templates/env.j2
@ -2,20 +2,20 @@
 # @See https://github.com/nextcloud/docker/blob/master/README.md
 # Database Configuration
-MYSQL_DATABASE= "{{database_name}}"
+MYSQL_DATABASE=             "{{database_name}}"
-MYSQL_USER=     "{{database_username}}"
+MYSQL_USER=                 "{{database_username}}"
-MYSQL_PASSWORD= "{{database_password}}"
+MYSQL_PASSWORD=             "{{database_password}}"
-MYSQL_HOST=     "{{database_host}}:{{database_port}}"
+MYSQL_HOST=                 "{{database_host}}:{{database_port}}"
 # Memory
-PHP_MEMORY_LIMIT= 1G # Required for plugin duplicate finder
+PHP_MEMORY_LIMIT=           1G # Required for plugin duplicate finder
 # Email Configuration
-SMTP_HOST=      {{system_email.host}}
+SMTP_HOST=                  {{system_email.host}}
-SMTP_SECURE=    {{ 'ssl' if system_email.tls else '' }}
+SMTP_SECURE=                {{ 'ssl' if system_email.tls else '' }}
-SMTP_PORT=      {{system_email.port}}
+SMTP_PORT=                  {{system_email.port}}
-SMTP_NAME=      {{system_email.username}}
+SMTP_NAME=                  {{system_email.username}}
-SMTP_PASSWORD=  {{system_email.password}}
+SMTP_PASSWORD=              {{system_email.password}}
 # Email from configuration
 MAIL_FROM_ADDRESS=          "{{system_email.local}}"
--- a/roles/docker-nextcloud/templates/include.php.j2
+++ b/roles/docker-nextcloud/templates/include.php.j2
@ -0,0 +1,11 @@
 {% raw %}
 // Include and merge all PHP config files from cymais
 $CONFIG_EXTRA = [];
 foreach (glob("{% endraw %}{{ nextcloud_docker_config_additives_directory }}{% raw %}*.php") as $file) {
    $CONFIG_EXTRA = array_merge($CONFIG_EXTRA, include $file);
 }
 $CONFIG = array_merge($CONFIG, $CONFIG_EXTRA);
 {% endraw %}
--- a/roles/docker-nextcloud/templates/internal-nginx.conf.j2
+++ b/roles/docker-nextcloud/templates/internal-nginx.conf.j2
--- a/roles/docker-nextcloud/templates/proxy-nginx.conf.j2
+++ b/roles/docker-nextcloud/templates/proxy-nginx.conf.j2
--- a/roles/docker-nextcloud/vars/main.yml
+++ b/roles/docker-nextcloud/vars/main.yml
@ -1,10 +1,37 @@
 ---
-application_id:                           "nextcloud"
+# General
-database_password:  	                    "{{applications.nextcloud.credentials.database_password}}"
+application_id:                                     "nextcloud"                                                   # Application identifier
-database_type:                            "mariadb"
+
-nextcloud_config_file_host_path:          "/var/lib/docker/volumes/nextcloud_data/_data/config/config.php"
+# Database
-domain:                                   "{{domains[application_id]}}"
+database_password:  	                              "{{applications.nextcloud.credentials.database_password}}"    # Database password
-http_port:                                "{{ ports.localhost.http[application_id] }}"
+database_type:                                      "mariadb"                                                     # Database flavor
-nextcloud_docker_path:                    "/var/www/html/"
+
-nextcloud_docker_oidc_login_config_path:  "{{nextcloud_docker_path}}config/oidc.config.php"
+# Networking
-nextcloud_host_oidc_login_path:           "{{docker_compose.directories.volumes}}/oidc.config.php"
+domain:                                             "{{domains[application_id]}}"                                 # Public domain at which Nextcloud will be accessable
 http_port:                                          "{{ ports.localhost.http[application_id] }}"                  # Port at which nextcloud is reachable in the local network
 # Localhost
 nextcloud_localhost_plugin_configuration_directory: "{{role_path}}/plugins/"                                      # Folder in which the files for the plugin configuration are stored
 # Host 
 ## Host Paths
 nextcloud_host_config_additives_directory:          "{{docker_compose.directories.volumes}}cymais/"               # This folder is the path to which the additive configurations will be copied
 nextcloud_host_include_instructions_file:           "{{docker_compose.directories.volumes}}includes.php"          # Path to the isntruction file on the host. Responsible for loading the additional configurations
 # Docker
 ## User Configuration
 nextcloud_docker_user_id:                           82                                                            # UID of the www-data user
 nextcloud_docker_user:                              "www-data"                                                    # Name of the www-data user (Set here to easy change it in the future)
 ## Internal Paths
 nextcloud_docker_work_directory:                    "/var/www/html/"                                              # Name of the workdir in which the application is stored
 nextcloud_docker_config_directory:                  "{{nextcloud_docker_work_directory}}config/"                  # Folder in which the Nextcloud configurations are stored     
 nextcloud_docker_config_file:                       "{{nextcloud_docker_config_directory}}config.php"             # Path to the Nextcloud configuration file
 nextcloud_docker_config_additives_directory:        "{{nextcloud_docker_config_directory}}cymais/"                # Path to the folder which contains additional configurations
 nextcloud_docker_include_instructions_file:         "/tmp/includes.php"                                           # Path to the temporary file which will be included to the config.php to load the additional configurations
 ## Execution
 nextcloud_docker_exec:                              "docker exec -u {{ nextcloud_docker_user }} {{ applications.nextcloud.container.application }}" # General execute composition
 nextcloud_docker_exec_occ:                          "{{nextcloud_docker_exec}} {{ nextcloud_docker_work_directory }}occ"                            # Execute docker occ command
--- a/roles/docker-nextcloud/vars/plugins/README.md
+++ b/roles/docker-nextcloud/vars/plugins/README.md
@ -0,0 +1 @@
 This folder contains the plugin specific configurations which willö be applied
--- a/roles/docker-nextcloud/vars/plugins/ldap.yml
+++ b/roles/docker-nextcloud/vars/plugins/ldap.yml
@ -1,4 +1,4 @@
-nextcloud_ldap_configuration:
+plugin_configuration:
  -
    appid: "user_ldap"
    configkey: "background_sync_interval"
--- a/roles/docker-nextcloud/vars/plugins/sociallogin.yml
+++ b/roles/docker-nextcloud/vars/plugins/sociallogin.yml
@ -1,4 +1,4 @@
-nextcloud_sociallogin_configuration:
+plugin_configuration:
  -
    appid: "sociallogin"
    # This configuration allows users to connect multiple accounts to their Nextcloud profile
--- a/roles/docker-nextcloud/vars/system.yml
+++ b/roles/docker-nextcloud/vars/system.yml
@ -0,0 +1,23 @@
 nextcloud_system_config:
  - parameter: "hide_login_form"
    type: "boolean"
    value: "{{ (not applications[application_id].legacy_login_mask.enabled) | lower }}"
  - parameter: "auth.webauthn.enabled"
    type: "boolean"
    value: "{{ applications[application_id].legacy_login_mask.enabled | lower }}"
  - parameter: "maintenance_window_start"
    type: "integer"
    value: "{{ on_calendar_nextcloud }}"
  - parameter: "default_phone_region"
    value: "{{ locale | upper }}"
  # Force https  
  - parameter: "overwrite.cli.url"
    value: "https://{{domains[application_id]}}"
  # Force https
  - parameter: "overwriteprotocol"
    value: "https"
		`@ -0,0 +1,2 @@`
							`This folder contains configuration files which will be loaded direct into the config.php`
							`If you don't use nested configuration, concider to use the vars/system.yml file instead, because it's a cleaner way to set the configuration.`
		`@ -0,0 +1 @@`
							`This folder contains the plugin specific configurations which willö be applied`