kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-04-28 18:30:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: kevinveenbirkenbach:9a49e7aa3bcd0a44921695c4b39ecd72f2a5f835
Branches Tags
kevinveenbirkenbach:master
..
compare: kevinveenbirkenbach:d24b33f0455b9b9d451616ef0df4c22618a438c2
Branches Tags
kevinveenbirkenbach:master

No commits in common. "9a49e7aa3bcd0a44921695c4b39ecd72f2a5f835" and "d24b33f0455b9b9d451616ef0df4c22618a438c2" have entirely different histories.
9a49e7aa3b ... d24b33f045

31 changed files with 146 additions and 325 deletions
Show Stats Expand all files Collapse all files

5
group_vars/all/00_general.yml
View File

@ -2,10 +2,7 @@
pause_duration: "120" # Database delay to wait for the central database before continue tasks
timezone: "UTC"
locale: "en" # Some applications are case sensitive
# Deployment mode
deployment_mode: "single" # Use single, if you deploy on one server. Use cluster if you setup in cluster mode.
locale: "en"
## Domain
primary_domain_tld: "localhost" # Top Level Domain of the server

9
group_vars/all/07_applications.yml
View File

@ -63,12 +63,6 @@ defaults_applications:
database:
central_storage: True
coturn: # @todo implement
credentials:
user: turnuser
# password: # Need to be defined in invetory file
# secret: # Need to be defined in invetory file
## Discourse:
discourse:
network: "discourse_default" # Name of the docker network
@ -311,8 +305,7 @@ defaults_applications:
enabled: true
deck:
# Nextcloud Deck: organizes tasks and projects using Kanban boards (https://apps.nextcloud.com/apps/deck)
# When Taiga is activated, this plugin is deactivated, because Taiga is the prefered application.
enabled: "{{ 'taiga' not in group_names | lower }}"
enabled: true
drawio:
# Nextcloud draw.io: integrates diagram creation and editing tools (https://apps.nextcloud.com/apps/drawio)
enabled: true

9
roles/docker-coturn/README.md
View File

@ -1,9 +0,0 @@
# DRAFT role docker-coturn
setup an coturn server based on https://hub.docker.com/r/coturn/coturn
## todo
Needs to be implemented so that Nextcloud Talk works
## author
[Kevin Veen-Birkenbach](https://www.veen.world)

14
roles/docker-coturn/tasks/main.yml
View File

@ -1,14 +0,0 @@
---
- name: "include docker-central-database"
include_role:
name: docker-central-database
- name: "include role nginx-domain-setup for {{application_id}}"
include_role:
name: nginx-domain-setup
vars:
domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"
- name: "copy docker-compose.yml and env file"
include_tasks: copy-docker-compose-and-env.yml

69
roles/docker-coturn/templates/docker-compose.yml.j2
View File

@ -1,69 +0,0 @@
services:
{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
application:
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
image: "gitea/gitea:{{applications.gitea.version}}"
ports:
- "127.0.0.1:{{ports.localhost.http[application_id]}}:3000"
- "{{ports.public.ssh[application_id]}}:22"
volumes:
- data:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
healthcheck:
test: ["CMD", "curl", "-f", "http://127.0.0.1:3000"]
interval: 1m
timeout: 10s
retries: 3
{% include 'templates/docker/container/networks.yml.j2' %}
{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
{% include 'templates/docker/compose/volumes.yml.j2' %}
data:
{% include 'templates/docker/compose/networks.yml.j2' %}
coturn:
image: coturn/coturn
restart: always
network_mode: "host" # Nutzt die Host-IP für externe Erreichbarkeit (optional)
ports:
- "3478:3478/udp"
- "3478:3478/tcp"
- "5349:5349/tcp"
- "5349:5349/udp"
- "49152-65535:49152-65535/udp" # TURN-Relay-Ports (wichtig!)
#volumes: # In case customized config is required
# - coturn-config:/etc/coturn
environment:
- TURN_PORT=3478
- TURN_PORT_TLS=5349
- TURN_SECRET=my-secret-key
- TURN_USER=turnuser
- TURN_PASSWORD=turnpassword
command: >
--log-file=stdout
--external-ip=$(detect-external-ip)
--lt-cred-mech
--user=turnuser:turnpassword
--realm=nextcloud
--total-quota=100
--stale-nonce
--no-multicast-peers
--denied-peer-ip=0.0.0.0-0.255.255.255
--denied-peer-ip=10.0.0.0-10.255.255.255
--denied-peer-ip=100.64.0.0-100.127.255.255
--denied-peer-ip=169.254.0.0-169.254.255.255
--denied-peer-ip=172.16.0.0-172.31.255.255
--denied-peer-ip=192.0.0.0-192.0.0.255
--denied-peer-ip=192.88.99.0-192.88.99.255
--denied-peer-ip=192.168.0.0-192.168.255.255
--denied-peer-ip=198.18.0.0-198.19.255.255
--denied-peer-ip=198.51.100.0-198.51.100.255
--denied-peer-ip=203.0.113.0-203.0.113.255
--denied-peer-ip=240.0.0.0-255.255.255.255
volumes:
nextcloud:
coturn-config:

0
roles/docker-coturn/templates/env.j2
View File

3
roles/docker-coturn/vars/main.yml
View File

@ -1,3 +0,0 @@
application_id: "coturn"
#database_password: "{{gitea_database_password}}"
#database_type: "mariadb"

4
roles/docker-nextcloud/handlers/main.yml
View File

@ -1,6 +1,6 @@
---
- name: restart nextcloud nginx service
- name: restart docker nginx service
command:
cmd: "docker exec {{applications.nextcloud.container.proxy}} nginx -s reload"
listen: restart nextcloud nginx service
listen: restart docker nginx service
ignore_errors: true # Ignoring if container is restarting

33
roles/docker-nextcloud/tasks/config.yml Normal file
View File

@ -0,0 +1,33 @@
- name: "Substitute http with https in {{ nextcloud_config_file_host_path }}"
replace:
path: "{{ nextcloud_config_file_host_path }}"
regexp: "http://{{ domain | regex_escape }}"
replace: "https://{{ domain }}"
notify:
- docker compose restart
#- name: Ensure 'overwriteprotocol' is set to 'https' in Nextcloud {{ nextcloud_config_file_host_path }}
# block:
# Deactivated because it was really heavy to fix.
# @todo implement
# - name: Check if 'overwriteprotocol' is already set
# lineinfile:
# path: "{{ nextcloud_config_file_host_path }}"
# regexp: "^\s*overwriteprotocol\s*=>\s*http"
# line: "overwriteprotocol => 'https',"
# backrefs: yes
# state: present
# notify:
# - docker compose restart
#
# - name: Add 'overwriteprotocol' => 'https' if not present
# lineinfile:
# path: "{{ nextcloud_config_file_host_path }}"
# regexp: "^\s*\);$"
# line: "overwriteprotocol => 'https',"
# insertafter: "^\s*\);$"
# state: present
# notify:
# - docker compose restart
# notify:
# - docker compose restart

17
roles/docker-nextcloud/tasks/ldap.yml Normal file
View File

@ -0,0 +1,17 @@
# @See https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_auth_ldap.html
# @See https://chatgpt.com/c/67aa2d21-cb4c-800f-b1be-8629b6bd3f55
# @todo implement
- name: Load LDAP Nextcloud configuration variables
include_vars:
file: ldap.yml
- name: Set Nextcloud LDAP config
loop: "{{ nextcloud_ldap_configuration }}"
command: >
docker exec -u www-data {{ applications.nextcloud.container.application }}
php occ config:app:set {{ item.appid }} {{ item.configkey }} --value "{{ item.configvalue }}"
- name: Set Nextcloud LDAP bind password
command: >
docker exec -u www-data {{ applications.nextcloud.container.application }}
php occ ldap:set-config s01 ldapAgentPassword "{{ ldap.bind_credential }}"

5
roles/docker-nextcloud/tasks/legacy_login_mask.yml Normal file
View File

@ -0,0 +1,5 @@
- name: Set hide_login_form to true
command: "docker exec -u www-data {{applications.nextcloud.container.application}} {{nextcloud_docker_path}}occ config:system:set --type boolean --value {{ (not applications[application_id].legacy_login_mask.enabled) | lower }} hide_login_form"
- name: "Set auth.webauthn.enabled to false"
command: "docker exec -u www-data {{applications.nextcloud.container.application}} {{nextcloud_docker_path}}occ config:system:set --type boolean --value {{applications[application_id].legacy_login_mask.enabled | lower}} auth.webauthn.enabled"

80
roles/docker-nextcloud/tasks/main.yml
View File

@ -3,20 +3,22 @@
include_role:
name: docker-central-database
- name: "create {{ nextcloud_host_config_additives_directory }}"
file:
path: "{{ nextcloud_host_config_additives_directory }}"
state: directory
mode: 0755
- name: "Create config files at {{ nextcloud_host_config_additives_directory }}"
- name: copy oidc.config.php
template:
src: "{{ item }}"
dest: "{{ nextcloud_host_config_additives_directory }}/{{ item | basename | regex_replace('\\.j2$', '') }}"
owner: "{{nextcloud_docker_user_id}}"
group: "{{nextcloud_docker_user_id}}"
loop: "{{ lookup('fileglob', role_path ~ '/templates/config/*.j2', wantlist=True) }}"
notify: docker compose restart
src: oidc.config.php.j2
dest: "{{nextcloud_host_oidc_login_path}}"
owner: 82 # User www-data in Nextcloud container
group: 82 # User www-data in Nextcloud container
when: applications[application_id].oidc.flavor == "oidc_login"
- name: Remove OIDC configuration lines from config.php if present (container)
command: >
docker exec -u www-data {{ applications.nextcloud.container.application }} sh -c "sed -i '/CONFIG_EXTRA = include.*oidc\.config\.php/d' /var/www/html/config/config.php && sed -i '/CONFIG = array_merge(\\$CONFIG, \\$CONFIG_EXTRA)/d' /var/www/html/config/config.php"
when: applications[application_id].oidc.flavor == "sociallogin" and mode_cleanup | bool
- name: Set maintanance window
command: >
docker exec -u www-data {{ applications.nextcloud.container.application }} php occ config:system:set maintenance_window_start --type=integer --value={{on_calendar_nextcloud}}"
- name: "include role for {{application_id}} to recieve certs & do modification routines"
include_role:
@ -24,15 +26,15 @@
- name: create nextcloud nginx proxy configuration file
template:
src: "nginx/host.conf.j2"
src: "proxy-nginx.conf.j2"
dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf"
notify: restart nginx
- name: create internal nextcloud nginx configuration
template:
src: "nginx/docker.conf.j2"
src: "internal-nginx.conf.j2"
dest: "{{docker_compose.directories.volumes}}nginx.conf"
notify: restart nextcloud nginx service
notify: restart docker nginx service
- name: "copy docker-compose.yml and env file"
include_tasks: copy-docker-compose-and-env.yml
@ -40,43 +42,25 @@
- name: Flush all handlers immediately so that occ can be used
meta: flush_handlers
- name: Merge all files in cymais directory (container)
block:
- name: Add dynamic config merging from Jinja template
template:
src: include.php.j2
dest: "{{nextcloud_host_include_instructions_file}}"
notify: docker compose restart
- name: Copy include instructions to the container
command: >
docker cp {{ nextcloud_host_include_instructions_file }} {{ applications.nextcloud.container.application }}:{{nextcloud_docker_include_instructions_file}}
- name: Append generated config to config.php only if not present
command: >
docker exec -u {{nextcloud_docker_user}} {{ applications.nextcloud.container.application }} sh -c "
grep -q 'foreach (glob(\"{{ nextcloud_docker_config_additives_directory }}*.php\") as \$file)' {{ nextcloud_docker_config_file }} ||
cat {{nextcloud_docker_include_instructions_file}} >> {{ nextcloud_docker_config_file }}"
notify: docker compose restart
- name: Setup Nextcloud Plugins
include_tasks: plugin.yml
loop: "{{applications[application_id].plugins | dict2items }}"
loop_control:
loop_var: plugin_item
vars:
plugin_key: "{{ plugin_item.key }}"
plugin_value: "{{ plugin_item.value }}"
plugin_name: "{{ plugin_item.key }}"
plugin_configuration: "{{ plugin_item.value }}"
- name: Load system configuration
include_tasks: system.yml
- name: "Include OIDC-specific tasks with flavor {{applications[application_id].oidc.flavor}}"
include_tasks: "{{applications[application_id].oidc.flavor}}.yml"
when: applications[application_id].oidc.enabled | bool
- name: Add missing database indices in Nextcloud
command: >
{{nextcloud_docker_exec_occ}} db:add-missing-indices
register: db_indices_result
changed_when: >
'Adding additional' in db_indices_result.stdout or
'Removing' in db_indices_result.stdout or
'updated successfully' in db_indices_result.stdout
failed_when: db_indices_result.rc != 0
- name: Include LDAP specific tasks
include_tasks: ldap.yml
when: applications[application_id].ldap.enabled | bool
- name: Include Config specific tasks
include_tasks: config.yml
- name: De\Activate legacy login mask
include_tasks: legacy_login_mask.yml

3
roles/docker-nextcloud/tasks/oidc_login.yml Normal file
View File

@ -0,0 +1,3 @@
- name: Add OIDC configuration if not implemented yet
command: >
docker exec -u www-data {{ applications.nextcloud.container.application }} sh -c 'grep -q "CONFIG_EXTRA = include" ./config/config.php || echo -e "\n\$CONFIG_EXTRA = include '\''{{nextcloud_docker_oidc_login_config_path}}'\'';\n\$CONFIG = array_merge(\$CONFIG, \$CONFIG_EXTRA);" >> ./config/config.php'

46
roles/docker-nextcloud/tasks/plugin.yml
View File

@ -1,47 +1,29 @@
- name: "Disable incompatible plugins for {{plugin_key}}."
command: "{{nextcloud_docker_exec_occ}} app:disable {{incompatible_plugin}}"
loop: "{{plugin_value.incompatible_plugins}}"
- name: "Disable incompatible plugins for {{plugin_name}}."
command: "docker exec -u www-data {{applications.nextcloud.container.application}} {{nextcloud_docker_path}}occ app:disable {{incompatible_plugin}}"
loop: "{{plugin_configuration.incompatible_plugins}}"
loop_control:
loop_var: incompatible_plugin
register: disable_incompatible_plugin_result
changed_when: disable_incompatible_plugin_result.rc == 0 and ("No such app enabled" not in disable_incompatible_plugin_result.stdout)
when:
- plugin_value.incompatible_plugins is defined and plugin_value.incompatible_plugins | length > 0
- plugin_value.enabled | bool
- plugin_configuration.incompatible_plugins is defined and plugin_configuration.incompatible_plugins | length > 0
- plugin_configuration.enabled | bool
- name: disable {{ plugin_key }} nextcloud plugin
command: "{{nextcloud_docker_exec_occ}} app:disable {{ plugin_key }}"
- name: disable {{ plugin_name }} nextcloud plugin
command: "docker exec -u www-data {{ applications.nextcloud.container.application }} {{ nextcloud_docker_path }}occ app:disable {{ plugin_name }}"
register: disable_result
changed_when: disable_result.rc == 0 and ("No such app enabled" not in disable_result.stdout)
when: not (plugin_value.enabled | bool)
when: not (plugin_configuration.enabled | bool)
- name: install {{ plugin_key }} nextcloud plugin
command: "{{nextcloud_docker_exec_occ}} app:install {{ plugin_key }}"
- name: install {{ plugin_name }} nextcloud plugin
command: "docker exec -u www-data {{ applications.nextcloud.container.application }} {{ nextcloud_docker_path }}occ app:install {{ plugin_name }}"
register: install_result
failed_when: install_result.rc != 0 and ("already installed" not in install_result.stdout)
changed_when: install_result.rc == 0 and ("already installed" not in install_result.stdout)
when: plugin_value.enabled | bool
when: plugin_configuration.enabled | bool
- name: enable {{plugin_key}} nextcloud plugin
command: "{{nextcloud_docker_exec_occ}} app:enable {{plugin_key}}"
- name: enable {{plugin_name}} nextcloud plugin
command: "docker exec -u www-data {{applications.nextcloud.container.application}} {{nextcloud_docker_path}}occ app:enable {{plugin_name}}"
register: enable_result
changed_when: enable_result.rc == 0 and ("already enabled" not in enable_result.stdout)
when: plugin_value.enabled | bool
- name: Check if {{nextcloud_localhost_plugin_configuration_directory}}{{ plugin_key }}.yml exists
stat:
path: "{{nextcloud_localhost_plugin_configuration_directory}}{{ plugin_key }}.yml"
register: plugin_config_file
- name: Apply configuration to {{ plugin_key }}
block:
- name: Load {{ plugin_key }} configuration variables
include_vars:
file: "{{nextcloud_localhost_plugin_configuration_directory}}{{ plugin_key }}.yml"
- name: "Set {{ item.configkey }} for {{ item.appid }}"
loop: "{{ plugin_configuration }}"
command: >
{{ nextcloud_docker_exec_occ }} config:app:set {{ item.appid }} {{ item.configkey }} --value '{{ item.configvalue | to_json if item.configvalue is mapping else item.configvalue }}'
when: plugin_config_file.stat.exists
when: plugin_configuration.enabled | bool

6
roles/docker-nextcloud/tasks/plugins/ldap.yml
View File

@ -1,6 +0,0 @@
# @See https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_auth_ldap.html
# @See https://chatgpt.com/c/67aa2d21-cb4c-800f-b1be-8629b6bd3f55
- name: Set Nextcloud LDAP bind password
command: >
{{ nextcloud_docker_exec_occ }} ldap:set-config s01 ldapAgentPassword "{{ ldap.bind_credential }}"

11
roles/docker-nextcloud/tasks/sociallogin.yml Normal file
View File

@ -0,0 +1,11 @@
# @See https://chatgpt.com/share/6798189e-9c00-800f-923c-5ce3cfbdf405
- name: Load Sociallogin configuration variables
include_vars:
file: sociallogin.yml
- name: Configure Sociallogin
loop: "{{ nextcloud_sociallogin_configuration}}"
# The | to_json function is necessary to escape custom_providers correct.
command: >
docker exec -u www-data {{ applications.nextcloud.container.application }}
php occ config:app:set {{ item.appid }} {{ item.configkey }} --value '{{ item.configvalue | to_json if item.configvalue is mapping else item.configvalue }}'

8
roles/docker-nextcloud/tasks/system.yml
View File

@ -1,8 +0,0 @@
- name: Load System Nextcloud configuration variables
include_vars:
file: system.yml
- name: Apply Nextcloud configurations
loop: "{{ nextcloud_system_config }}"
command: "{{nextcloud_docker_exec_occ}} config:system:set {{ item.parameter }}{% if item.type is defined %} --type {{ item.type }}{% endif %} --value {{ item.value }}"
# No good changed_when condition available

2
roles/docker-nextcloud/templates/config/README.md
View File

@ -1,2 +0,0 @@
This folder contains configuration files which will be loaded direct into the config.php
If you don't use nested configuration, concider to use the vars/system.yml file instead, because it's a cleaner way to set the configuration.

13
roles/docker-nextcloud/templates/config/memcache.config.php.j2
View File

@ -1,13 +0,0 @@
<?php
# Implementing redis configuration
return array (
# For single server setup APCu is recommended, for multi server setup Redis
'memcache.local' => '\\OC\\Memcache\\{% if deployment_mode == "single" %}APCu{% else %}Redis{% endif %}',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => 'redis',
'port' => 6379,
)
);

11
roles/docker-nextcloud/templates/config/turnserver.config.php.j2.draft
View File

@ -1,11 +0,0 @@
<?php
# Activates the turn server
# @see https://nextcloud-talk.readthedocs.io/en/latest/TURN/
return 'turn_servers' => [
[
'host' => 'coturn',
'port' => 3478,
'secret' => 'my-secret-key',
'protocols' => 'udp,tcp'
]
];

10
roles/docker-nextcloud/templates/docker-compose.yml.j2
View File

@ -8,12 +8,12 @@ services:
image: "nextcloud:{{applications.nextcloud.version}}-fpm-alpine"
container_name: {{applications.nextcloud.container.application}}
volumes:
- data:{{nextcloud_docker_work_directory}}
- data:{{nextcloud_docker_path}}
{% if applications[application_id].oidc.flavor == "oidc_login" %}
- {{nextcloud_host_config_additives_directory}}:{{nextcloud_docker_config_additives_directory}}:ro
- {{nextcloud_host_oidc_login_path}}:{{nextcloud_docker_oidc_login_config_path}}:ro
{% endif %}
healthcheck:
test: ["CMD", "su", "www-data", "-s", "/bin/sh", "-c", "php {{nextcloud_docker_work_directory}}occ status"]
test: ["CMD", "su", "www-data", "-s", "/bin/sh", "-c", "php {{nextcloud_docker_path}}occ status"]
interval: 1m
timeout: 10s
retries: 3
@ -50,10 +50,10 @@ services:
logging:
driver: journald
volumes:
- data:{{nextcloud_docker_work_directory}}
- data:{{nextcloud_docker_path}}
entrypoint: /cron.sh
healthcheck:
test: ["CMD", "su", "www-data", "-s", "/bin/sh", "-c", "php {{nextcloud_docker_work_directory}}occ status"]
test: ["CMD", "su", "www-data", "-s", "/bin/sh", "-c", "php {{nextcloud_docker_path}}occ status"]
interval: 1m
timeout: 10s
retries: 3

20
roles/docker-nextcloud/templates/env.j2
View File

@ -2,20 +2,20 @@
# @See https://github.com/nextcloud/docker/blob/master/README.md
# Database Configuration
MYSQL_DATABASE= "{{database_name}}"
MYSQL_USER= "{{database_username}}"
MYSQL_PASSWORD= "{{database_password}}"
MYSQL_HOST= "{{database_host}}:{{database_port}}"
MYSQL_DATABASE= "{{database_name}}"
MYSQL_USER= "{{database_username}}"
MYSQL_PASSWORD= "{{database_password}}"
MYSQL_HOST= "{{database_host}}:{{database_port}}"
# Memory
PHP_MEMORY_LIMIT= 1G # Required for plugin duplicate finder
PHP_MEMORY_LIMIT= 1G # Required for plugin duplicate finder
# Email Configuration
SMTP_HOST= {{system_email.host}}
SMTP_SECURE= {{ 'ssl' if system_email.tls else '' }}
SMTP_PORT= {{system_email.port}}
SMTP_NAME= {{system_email.username}}
SMTP_PASSWORD= {{system_email.password}}
SMTP_HOST= {{system_email.host}}
SMTP_SECURE= {{ 'ssl' if system_email.tls else '' }}
SMTP_PORT= {{system_email.port}}
SMTP_NAME= {{system_email.username}}
SMTP_PASSWORD= {{system_email.password}}
# Email from configuration
MAIL_FROM_ADDRESS= "{{system_email.local}}"

11
roles/docker-nextcloud/templates/include.php.j2
View File

@ -1,11 +0,0 @@
{% raw %}
// Include and merge all PHP config files from cymais
$CONFIG_EXTRA = [];
foreach (glob("{% endraw %}{{ nextcloud_docker_config_additives_directory }}{% raw %}*.php") as $file) {
$CONFIG_EXTRA = array_merge($CONFIG_EXTRA, include $file);
}
$CONFIG = array_merge($CONFIG, $CONFIG_EXTRA);
{% endraw %}

0
roles/docker-nextcloud/templates/nginx/docker.conf.j2 → roles/docker-nextcloud/templates/internal-nginx.conf.j2
View File

7
roles/docker-nextcloud/templates/config/oidc.config.php.j2 → roles/docker-nextcloud/templates/oidc.config.php.j2
View File

@ -1,8 +1,4 @@
<?php
# Implementing OICD configuration
{% if applications[application_id].oidc.flavor == "oidc_login" %}
# Check out: https://github.com/pulsejet/nextcloud-oidc-login
return array (
@ -215,6 +211,3 @@ return array (
// The default value is empty, which won't apply the PKCE flow.
'oidc_login_code_challenge_method' => '',
);
{% else %}
return [];
{% endif %}

0
roles/docker-nextcloud/templates/nginx/host.conf.j2 → roles/docker-nextcloud/templates/proxy-nginx.conf.j2
View File

2
roles/docker-nextcloud/vars/plugins/ldap.yml → roles/docker-nextcloud/vars/ldap.yml
View File

@ -1,4 +1,4 @@
plugin_configuration:
nextcloud_ldap_configuration:
-
appid: "user_ldap"
configkey: "background_sync_interval"

45
roles/docker-nextcloud/vars/main.yml
View File

@ -1,37 +1,10 @@
---
# General
application_id: "nextcloud" # Application identifier
# Database
database_password: "{{applications.nextcloud.credentials.database_password}}" # Database password
database_type: "mariadb" # Database flavor
# Networking
domain: "{{domains[application_id]}}" # Public domain at which Nextcloud will be accessable
http_port: "{{ ports.localhost.http[application_id] }}" # Port at which nextcloud is reachable in the local network
# Localhost
nextcloud_localhost_plugin_configuration_directory: "{{role_path}}/plugins/" # Folder in which the files for the plugin configuration are stored
# Host
## Host Paths
nextcloud_host_config_additives_directory: "{{docker_compose.directories.volumes}}cymais/" # This folder is the path to which the additive configurations will be copied
nextcloud_host_include_instructions_file: "{{docker_compose.directories.volumes}}includes.php" # Path to the isntruction file on the host. Responsible for loading the additional configurations
# Docker
## User Configuration
nextcloud_docker_user_id: 82 # UID of the www-data user
nextcloud_docker_user: "www-data" # Name of the www-data user (Set here to easy change it in the future)
## Internal Paths
nextcloud_docker_work_directory: "/var/www/html/" # Name of the workdir in which the application is stored
nextcloud_docker_config_directory: "{{nextcloud_docker_work_directory}}config/" # Folder in which the Nextcloud configurations are stored
nextcloud_docker_config_file: "{{nextcloud_docker_config_directory}}config.php" # Path to the Nextcloud configuration file
nextcloud_docker_config_additives_directory: "{{nextcloud_docker_config_directory}}cymais/" # Path to the folder which contains additional configurations
nextcloud_docker_include_instructions_file: "/tmp/includes.php" # Path to the temporary file which will be included to the config.php to load the additional configurations
## Execution
nextcloud_docker_exec: "docker exec -u {{ nextcloud_docker_user }} {{ applications.nextcloud.container.application }}" # General execute composition
nextcloud_docker_exec_occ: "{{nextcloud_docker_exec}} {{ nextcloud_docker_work_directory }}occ" # Execute docker occ command
application_id: "nextcloud"
database_password: "{{applications.nextcloud.credentials.database_password}}"
database_type: "mariadb"
nextcloud_config_file_host_path: "/var/lib/docker/volumes/nextcloud_data/_data/config/config.php"
domain: "{{domains[application_id]}}"
http_port: "{{ ports.localhost.http[application_id] }}"
nextcloud_docker_path: "/var/www/html/"
nextcloud_docker_oidc_login_config_path: "{{nextcloud_docker_path}}config/oidc.config.php"
nextcloud_host_oidc_login_path: "{{docker_compose.directories.volumes}}/oidc.config.php"

1
roles/docker-nextcloud/vars/plugins/README.md
View File

@ -1 +0,0 @@
This folder contains the plugin specific configurations which willö be applied

2
roles/docker-nextcloud/vars/plugins/sociallogin.yml → roles/docker-nextcloud/vars/sociallogin.yml
View File

@ -1,4 +1,4 @@
plugin_configuration:
nextcloud_sociallogin_configuration:
-
appid: "sociallogin"
# This configuration allows users to connect multiple accounts to their Nextcloud profile

23
roles/docker-nextcloud/vars/system.yml
View File

@ -1,23 +0,0 @@
nextcloud_system_config:
- parameter: "hide_login_form"
type: "boolean"
value: "{{ (not applications[application_id].legacy_login_mask.enabled) | lower }}"
- parameter: "auth.webauthn.enabled"
type: "boolean"
value: "{{ applications[application_id].legacy_login_mask.enabled | lower }}"
- parameter: "maintenance_window_start"
type: "integer"
value: "{{ on_calendar_nextcloud }}"
- parameter: "default_phone_region"
value: "{{ locale | upper }}"
# Force https
- parameter: "overwrite.cli.url"
value: "https://{{domains[application_id]}}"
# Force https
- parameter: "overwriteprotocol"
value: "https"