Added coturn draft

group_vars/all/00_general.yml

@@ -2,7 +2,10 @@
 pause_duration:         "120"         # Database delay to wait for the central database before continue tasks
 
 timezone:               "UTC"
-locale:                 "en"
+locale:                 "en"          # Some applications are case sensitive
+
+# Deployment mode
+deployment_mode:        "single"      # Use single, if you deploy on one server. Use cluster if you setup in cluster mode.
 
 ## Domain
 primary_domain_tld:     "localhost"                                     # Top Level Domain of the server

group_vars/all/07_applications.yml

@@ -63,6 +63,12 @@ defaults_applications:
     database:
       central_storage:                True
 
+  coturn:                     # @todo implement                
+    credentials:
+      user:       turnuser
+      # password:             # Need to be defined in invetory file
+      # secret:               # Need to be defined in invetory file
+
   ## Discourse:
   discourse:
     network:              "discourse_default"     # Name of the docker network
@@ -305,7 +311,8 @@ defaults_applications:
         enabled: true
       deck:
         # Nextcloud Deck: organizes tasks and projects using Kanban boards (https://apps.nextcloud.com/apps/deck)
-        enabled: true
+        # When Taiga is activated, this plugin is deactivated, because Taiga is the prefered application.
+        enabled: "{{ 'taiga' not in group_names | lower }}"
       drawio:
         # Nextcloud draw.io: integrates diagram creation and editing tools (https://apps.nextcloud.com/apps/drawio)
         enabled: true

roles/docker-coturn/README.md

@@ -0,0 +1,9 @@
+# DRAFT role docker-coturn
+setup an coturn server based on https://hub.docker.com/r/coturn/coturn
+
+## todo
+
+Needs to be implemented so that Nextcloud Talk works
+
+## author 
+[Kevin Veen-Birkenbach](https://www.veen.world)

roles/docker-coturn/tasks/main.yml

@@ -0,0 +1,14 @@
+---
+- name: "include docker-central-database"
+  include_role: 
+    name: docker-central-database
+
+- name: "include role nginx-domain-setup for {{application_id}}"
+  include_role:
+    name: nginx-domain-setup
+  vars:
+    domain: 	"{{ domains[application_id] }}"
+    http_port: 	"{{ ports.localhost.http[application_id] }}"
+
+- name: "copy docker-compose.yml and env file"
+  include_tasks: copy-docker-compose-and-env.yml

roles/docker-coturn/templates/docker-compose.yml.j2

@@ -0,0 +1,69 @@
+services:
+
+{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
+
+  application:
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+    image: "gitea/gitea:{{applications.gitea.version}}"
+    ports:
+      - "127.0.0.1:{{ports.localhost.http[application_id]}}:3000"
+      - "{{ports.public.ssh[application_id]}}:22"
+    volumes:
+      - data:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://127.0.0.1:3000"]
+      interval: 1m
+      timeout: 10s
+      retries: 3
+{% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
+
+{% include 'templates/docker/compose/volumes.yml.j2' %}
+  data:
+
+{% include 'templates/docker/compose/networks.yml.j2' %}
+  coturn:
+    image: coturn/coturn
+    restart: always
+    network_mode: "host"  # Nutzt die Host-IP für externe Erreichbarkeit (optional)
+    ports:
+      - "3478:3478/udp"
+      - "3478:3478/tcp"
+      - "5349:5349/tcp"
+      - "5349:5349/udp"
+      - "49152-65535:49152-65535/udp"  # TURN-Relay-Ports (wichtig!)
+    #volumes:                         # In case customized config is required
+    #   - coturn-config:/etc/coturn
+    environment:
+      - TURN_PORT=3478
+      - TURN_PORT_TLS=5349
+      - TURN_SECRET=my-secret-key
+      - TURN_USER=turnuser
+      - TURN_PASSWORD=turnpassword
+    command: >
+      --log-file=stdout
+      --external-ip=$(detect-external-ip)
+      --lt-cred-mech
+      --user=turnuser:turnpassword
+      --realm=nextcloud
+      --total-quota=100
+      --stale-nonce
+      --no-multicast-peers
+      --denied-peer-ip=0.0.0.0-0.255.255.255
+      --denied-peer-ip=10.0.0.0-10.255.255.255
+      --denied-peer-ip=100.64.0.0-100.127.255.255
+      --denied-peer-ip=169.254.0.0-169.254.255.255
+      --denied-peer-ip=172.16.0.0-172.31.255.255
+      --denied-peer-ip=192.0.0.0-192.0.0.255
+      --denied-peer-ip=192.88.99.0-192.88.99.255
+      --denied-peer-ip=192.168.0.0-192.168.255.255
+      --denied-peer-ip=198.18.0.0-198.19.255.255
+      --denied-peer-ip=198.51.100.0-198.51.100.255
+      --denied-peer-ip=203.0.113.0-203.0.113.255
+      --denied-peer-ip=240.0.0.0-255.255.255.255
+
+volumes:
+  nextcloud:
+  coturn-config:

roles/docker-coturn/vars/main.yml

@@ -0,0 +1,3 @@
+application_id:     "coturn"
+#database_password:  "{{gitea_database_password}}"
+#database_type:      "mariadb"

roles/docker-nextcloud/handlers/main.yml

@@ -1,6 +1,6 @@
 ---
-- name: restart docker nginx service
+- name: restart nextcloud nginx service
   command:
     cmd: "docker exec {{applications.nextcloud.container.proxy}} nginx -s reload"
-  listen: restart docker nginx service
+  listen: restart nextcloud nginx service
   ignore_errors: true # Ignoring if container is restarting

roles/docker-nextcloud/tasks/config.yml

@@ -1,33 +0,0 @@
-- name: "Substitute http with https in {{ nextcloud_config_file_host_path }}"
-  replace:
-    path: "{{ nextcloud_config_file_host_path }}"
-    regexp: "http://{{ domain | regex_escape }}"
-    replace: "https://{{ domain }}"
-  notify:
-    - docker compose restart
-
-#- name: Ensure 'overwriteprotocol' is set to 'https' in Nextcloud {{ nextcloud_config_file_host_path }}
-#  block:
-#     Deactivated because it was really heavy to fix. 
-#     @todo implement
-#    - name: Check if 'overwriteprotocol' is already set
-#      lineinfile:
-#        path: "{{ nextcloud_config_file_host_path }}"
-#        regexp: "^\s*overwriteprotocol\s*=>\s*http"
-#        line: "overwriteprotocol => 'https',"
-#        backrefs: yes
-#        state: present
-#        notify:
-#          - docker compose restart
-#
-#    - name: Add 'overwriteprotocol' => 'https' if not present
-#      lineinfile:
-#        path: "{{ nextcloud_config_file_host_path }}"
-#        regexp: "^\s*\);$"
-#        line: "overwriteprotocol => 'https',"
-#        insertafter: "^\s*\);$"
-#        state: present
-#        notify:
-#          - docker compose restart        
-#  notify:
-#    - docker compose restart

roles/docker-nextcloud/tasks/ldap.yml

@@ -1,17 +0,0 @@
-# @See https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_auth_ldap.html
-# @See https://chatgpt.com/c/67aa2d21-cb4c-800f-b1be-8629b6bd3f55
-# @todo implement
-- name: Load LDAP Nextcloud configuration variables
-  include_vars:
-    file: ldap.yml
-
-- name: Set Nextcloud LDAP config
-  loop: "{{ nextcloud_ldap_configuration }}"
-  command: >
-    docker exec -u www-data {{ applications.nextcloud.container.application }}
-    php occ config:app:set {{ item.appid }} {{ item.configkey }} --value "{{ item.configvalue }}"
-
-- name: Set Nextcloud LDAP bind password
-  command: >
-    docker exec -u www-data {{ applications.nextcloud.container.application }}
-    php occ ldap:set-config s01 ldapAgentPassword "{{ ldap.bind_credential }}"

roles/docker-nextcloud/tasks/legacy_login_mask.yml

@@ -1,5 +0,0 @@
-- name: Set hide_login_form to true
-  command: "docker exec -u www-data {{applications.nextcloud.container.application}} {{nextcloud_docker_path}}occ config:system:set --type boolean --value {{ (not applications[application_id].legacy_login_mask.enabled) | lower }} hide_login_form"
-
-- name: "Set auth.webauthn.enabled to false"
-  command: "docker exec -u www-data {{applications.nextcloud.container.application}} {{nextcloud_docker_path}}occ config:system:set --type boolean --value {{applications[application_id].legacy_login_mask.enabled | lower}} auth.webauthn.enabled"

roles/docker-nextcloud/tasks/main.yml

@@ -3,22 +3,20 @@
   include_role: 
     name: docker-central-database
 
-- name: copy oidc.config.php
-  template: 
-    src: oidc.config.php.j2
-    dest: "{{nextcloud_host_oidc_login_path}}"
-    owner: 82 # User www-data in Nextcloud container
-    group: 82 # User www-data in Nextcloud container
-  when: applications[application_id].oidc.flavor == "oidc_login" 
+- name: "create {{ nextcloud_host_config_additives_directory }}"
+  file:
+    path: "{{ nextcloud_host_config_additives_directory }}"
+    state: directory
+    mode: 0755
 
-- name: Remove OIDC configuration lines from config.php if present (container)
-  command: >
-    docker exec -u www-data {{ applications.nextcloud.container.application }} sh -c "sed -i '/CONFIG_EXTRA = include.*oidc\.config\.php/d' /var/www/html/config/config.php && sed -i '/CONFIG = array_merge(\\$CONFIG, \\$CONFIG_EXTRA)/d' /var/www/html/config/config.php"
-  when: applications[application_id].oidc.flavor == "sociallogin" and mode_cleanup | bool 
-
-- name: Set maintanance window 
-  command: >
-    docker exec -u www-data {{ applications.nextcloud.container.application }} php occ config:system:set maintenance_window_start --type=integer --value={{on_calendar_nextcloud}}"
+- name: "Create config files at {{ nextcloud_host_config_additives_directory }}"
+  template:
+    src:    "{{ item }}"
+    dest:   "{{ nextcloud_host_config_additives_directory }}/{{ item | basename | regex_replace('\\.j2$', '') }}"
+    owner:  "{{nextcloud_docker_user_id}}"
+    group:  "{{nextcloud_docker_user_id}}"
+  loop:     "{{ lookup('fileglob', role_path ~ '/templates/config/*.j2', wantlist=True) }}"
+  notify: docker compose restart
 
 - name: "include role for {{application_id}} to recieve certs & do modification routines"
   include_role:
@@ -26,15 +24,15 @@
 
 - name: create nextcloud nginx proxy configuration file
   template: 
-    src:  "proxy-nginx.conf.j2" 
+    src:  "nginx/host.conf.j2" 
     dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf"
   notify: restart nginx
 
 - name: create internal nextcloud nginx configuration
   template: 
-    src:  "internal-nginx.conf.j2" 
+    src:  "nginx/docker.conf.j2" 
     dest: "{{docker_compose.directories.volumes}}nginx.conf"
-  notify: restart docker nginx service
+  notify: restart nextcloud nginx service
 
 - name: "copy docker-compose.yml and env file"
   include_tasks: copy-docker-compose-and-env.yml
@@ -42,25 +40,43 @@
 - name: Flush all handlers immediately so that occ can be used
   meta: flush_handlers
 
+- name: Merge all files in cymais directory (container)
+  block:
+    - name: Add dynamic config merging from Jinja template
+      template:
+        src: include.php.j2
+        dest: "{{nextcloud_host_include_instructions_file}}"
+      notify: docker compose restart
+
+    - name: Copy include instructions to the container
+      command: >
+        docker cp {{ nextcloud_host_include_instructions_file }} {{ applications.nextcloud.container.application }}:{{nextcloud_docker_include_instructions_file}}
+
+    - name: Append generated config to config.php only if not present
+      command: >
+        docker exec -u {{nextcloud_docker_user}} {{ applications.nextcloud.container.application }} sh -c "
+          grep -q 'foreach (glob(\"{{ nextcloud_docker_config_additives_directory }}*.php\") as \$file)' {{ nextcloud_docker_config_file }} || 
+          cat {{nextcloud_docker_include_instructions_file}} >> {{ nextcloud_docker_config_file }}"
+      notify: docker compose restart
+
 - name: Setup Nextcloud Plugins
   include_tasks: plugin.yml
   loop: "{{applications[application_id].plugins | dict2items }}"
   loop_control:
     loop_var: plugin_item
   vars:
-    plugin_name: "{{ plugin_item.key }}"
-    plugin_configuration: "{{ plugin_item.value }}"
+    plugin_key:   "{{ plugin_item.key }}"
+    plugin_value: "{{ plugin_item.value }}"
 
-- name: "Include OIDC-specific tasks with flavor {{applications[application_id].oidc.flavor}}"
-  include_tasks: "{{applications[application_id].oidc.flavor}}.yml"
-  when: applications[application_id].oidc.enabled | bool
+- name: Load system configuration
+  include_tasks: system.yml
 
-- name: Include LDAP specific tasks
-  include_tasks: ldap.yml
-  when: applications[application_id].ldap.enabled | bool
-
-- name: Include Config specific tasks
-  include_tasks: config.yml
-
-- name: De\Activate legacy login mask
-  include_tasks: legacy_login_mask.yml
+- name: Add missing database indices in Nextcloud
+  command: >
+    {{nextcloud_docker_exec_occ}} db:add-missing-indices
+  register: db_indices_result
+  changed_when: >
+    'Adding additional' in db_indices_result.stdout or 
+    'Removing' in db_indices_result.stdout or 
+    'updated successfully' in db_indices_result.stdout
+  failed_when: db_indices_result.rc != 0

roles/docker-nextcloud/tasks/oidc_login.yml

@@ -1,3 +0,0 @@
-- name: Add OIDC configuration if not implemented yet
-  command: >
-    docker exec -u www-data {{ applications.nextcloud.container.application }} sh -c 'grep -q "CONFIG_EXTRA = include" ./config/config.php || echo -e "\n\$CONFIG_EXTRA = include '\''{{nextcloud_docker_oidc_login_config_path}}'\'';\n\$CONFIG = array_merge(\$CONFIG, \$CONFIG_EXTRA);" >> ./config/config.php'

roles/docker-nextcloud/tasks/plugin.yml

@@ -1,29 +1,47 @@
-- name: "Disable incompatible plugins for {{plugin_name}}."
-  command: "docker exec -u www-data {{applications.nextcloud.container.application}} {{nextcloud_docker_path}}occ app:disable {{incompatible_plugin}}"
-  loop: "{{plugin_configuration.incompatible_plugins}}"
+- name: "Disable incompatible plugins for {{plugin_key}}."
+  command: "{{nextcloud_docker_exec_occ}} app:disable {{incompatible_plugin}}"
+  loop: "{{plugin_value.incompatible_plugins}}"
   loop_control: 
     loop_var: incompatible_plugin
   register: disable_incompatible_plugin_result
   changed_when: disable_incompatible_plugin_result.rc == 0 and ("No such app enabled" not in disable_incompatible_plugin_result.stdout)
   when: 
-    - plugin_configuration.incompatible_plugins is defined and plugin_configuration.incompatible_plugins | length > 0
-    - plugin_configuration.enabled | bool
+    - plugin_value.incompatible_plugins is defined and plugin_value.incompatible_plugins | length > 0
+    - plugin_value.enabled | bool
 
-- name: disable {{ plugin_name }} nextcloud plugin
-  command: "docker exec -u www-data {{ applications.nextcloud.container.application }} {{ nextcloud_docker_path }}occ app:disable {{ plugin_name }}"
+- name: disable {{ plugin_key }} nextcloud plugin
+  command: "{{nextcloud_docker_exec_occ}} app:disable {{ plugin_key }}"
   register: disable_result
   changed_when: disable_result.rc == 0 and ("No such app enabled" not in disable_result.stdout)
-  when: not (plugin_configuration.enabled | bool)
+  when: not (plugin_value.enabled | bool)
 
-- name: install {{ plugin_name }} nextcloud plugin
-  command: "docker exec -u www-data {{ applications.nextcloud.container.application }} {{ nextcloud_docker_path }}occ app:install {{ plugin_name }}"
+- name: install {{ plugin_key }} nextcloud plugin
+  command: "{{nextcloud_docker_exec_occ}} app:install {{ plugin_key }}"
   register: install_result
   failed_when: install_result.rc != 0 and ("already installed" not in install_result.stdout)
   changed_when: install_result.rc == 0 and ("already installed" not in install_result.stdout)
-  when: plugin_configuration.enabled | bool
+  when: plugin_value.enabled | bool
 
-- name: enable {{plugin_name}} nextcloud plugin
-  command: "docker exec -u www-data {{applications.nextcloud.container.application}} {{nextcloud_docker_path}}occ app:enable {{plugin_name}}"
+- name: enable {{plugin_key}} nextcloud plugin
+  command: "{{nextcloud_docker_exec_occ}} app:enable {{plugin_key}}"
   register: enable_result
   changed_when: enable_result.rc == 0 and ("already enabled" not in enable_result.stdout)
-  when: plugin_configuration.enabled | bool
+  when: plugin_value.enabled | bool
+
+- name: Check if {{nextcloud_localhost_plugin_configuration_directory}}{{ plugin_key }}.yml exists
+  stat:
+    path: "{{nextcloud_localhost_plugin_configuration_directory}}{{ plugin_key }}.yml"
+  register: plugin_config_file
+
+- name: Apply configuration to {{ plugin_key }} 
+  block:
+  - name: Load {{ plugin_key }} configuration variables
+    include_vars:
+      file: "{{nextcloud_localhost_plugin_configuration_directory}}{{ plugin_key }}.yml"
+  
+  - name: "Set {{ item.configkey }} for {{ item.appid }}"
+    loop: "{{ plugin_configuration }}"
+    command: >
+      {{ nextcloud_docker_exec_occ }} config:app:set {{ item.appid }} {{ item.configkey }} --value '{{ item.configvalue | to_json if item.configvalue is mapping else item.configvalue }}'
+  
+  when: plugin_config_file.stat.exists

roles/docker-nextcloud/tasks/plugins/ldap.yml

@@ -0,0 +1,6 @@
+# @See https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_auth_ldap.html
+# @See https://chatgpt.com/c/67aa2d21-cb4c-800f-b1be-8629b6bd3f55
+
+- name: Set Nextcloud LDAP bind password
+  command: >
+    {{ nextcloud_docker_exec_occ }} ldap:set-config s01 ldapAgentPassword "{{ ldap.bind_credential }}"

roles/docker-nextcloud/tasks/sociallogin.yml

@@ -1,11 +0,0 @@
-# @See https://chatgpt.com/share/6798189e-9c00-800f-923c-5ce3cfbdf405
-- name: Load Sociallogin configuration variables
-  include_vars:
-    file: sociallogin.yml
-
-- name: Configure Sociallogin
-  loop: "{{ nextcloud_sociallogin_configuration}}"
-  # The | to_json function is necessary to escape custom_providers correct.
-  command: >
-    docker exec -u www-data {{ applications.nextcloud.container.application }}
-    php occ config:app:set {{ item.appid }} {{ item.configkey }} --value '{{ item.configvalue | to_json if item.configvalue is mapping else item.configvalue }}'

roles/docker-nextcloud/tasks/system.yml

@@ -0,0 +1,8 @@
+- name: Load System Nextcloud configuration variables
+  include_vars:
+    file: system.yml
+
+- name:     Apply Nextcloud configurations
+  loop:     "{{ nextcloud_system_config }}"
+  command:  "{{nextcloud_docker_exec_occ}} config:system:set {{ item.parameter }}{% if item.type is defined %} --type {{ item.type }}{% endif %} --value {{ item.value }}"
+  # No good changed_when condition available

roles/docker-nextcloud/templates/config/README.md

@@ -0,0 +1,2 @@
+This folder contains configuration files which will be loaded direct into the config.php
+If you don't use nested configuration, concider to use the vars/system.yml file instead, because it's a cleaner way to set the configuration.

roles/docker-nextcloud/templates/config/memcache.config.php.j2

@@ -0,0 +1,13 @@
+<?php
+
+# Implementing redis configuration
+return array (
+  # For single server setup APCu is recommended, for multi server setup Redis
+  'memcache.local' => '\\OC\\Memcache\\{% if deployment_mode == "single" %}APCu{% else %}Redis{% endif %}',
+  'memcache.locking' => '\\OC\\Memcache\\Redis',
+  'redis' =>
+  array (
+    'host' => 'redis',
+    'port' => 6379,
+  )
+);

roles/docker-nextcloud/templates/config/oidc.config.php.j2

@@ -1,4 +1,8 @@
 <?php
+# Implementing OICD configuration
+
+{% if applications[application_id].oidc.flavor == "oidc_login" %}
+
 # Check out: https://github.com/pulsejet/nextcloud-oidc-login
 
 return array (
@@ -210,4 +214,7 @@ return array (
     //	- 'plain'
     // The default value is empty, which won't apply the PKCE flow.
     'oidc_login_code_challenge_method' => '',
-);
+);
+{% else %}
+return [];
+{% endif %}

roles/docker-nextcloud/templates/config/turnserver.config.php.j2.draft

@@ -0,0 +1,11 @@
+<?php
+# Activates the turn server
+# @see https://nextcloud-talk.readthedocs.io/en/latest/TURN/
+return 'turn_servers' => [
+    [
+        'host' => 'coturn',
+        'port' => 3478,
+        'secret' => 'my-secret-key',
+        'protocols' => 'udp,tcp'
+    ]
+];

roles/docker-nextcloud/templates/docker-compose.yml.j2

@@ -8,12 +8,12 @@ services:
     image: "nextcloud:{{applications.nextcloud.version}}-fpm-alpine"
     container_name: {{applications.nextcloud.container.application}}
     volumes:
-      - data:{{nextcloud_docker_path}}
+      - data:{{nextcloud_docker_work_directory}}
 {% if applications[application_id].oidc.flavor == "oidc_login" %}
-      - {{nextcloud_host_oidc_login_path}}:{{nextcloud_docker_oidc_login_config_path}}:ro
+      - {{nextcloud_host_config_additives_directory}}:{{nextcloud_docker_config_additives_directory}}:ro
 {% endif %}
     healthcheck:
-      test: ["CMD", "su", "www-data", "-s", "/bin/sh", "-c", "php {{nextcloud_docker_path}}occ status"]
+      test: ["CMD", "su", "www-data", "-s", "/bin/sh", "-c", "php {{nextcloud_docker_work_directory}}occ status"]
       interval: 1m
       timeout: 10s
       retries: 3
@@ -50,10 +50,10 @@ services:
     logging:
       driver: journald
     volumes:
-      - data:{{nextcloud_docker_path}}
+      - data:{{nextcloud_docker_work_directory}}
     entrypoint: /cron.sh
     healthcheck:
-      test: ["CMD", "su", "www-data", "-s", "/bin/sh", "-c", "php {{nextcloud_docker_path}}occ status"]
+      test: ["CMD", "su", "www-data", "-s", "/bin/sh", "-c", "php {{nextcloud_docker_work_directory}}occ status"]
       interval: 1m
       timeout: 10s
       retries: 3

roles/docker-nextcloud/templates/env.j2

@@ -2,20 +2,20 @@
 # @See https://github.com/nextcloud/docker/blob/master/README.md
 
 # Database Configuration
-MYSQL_DATABASE= "{{database_name}}"
-MYSQL_USER=     "{{database_username}}"
-MYSQL_PASSWORD= "{{database_password}}"
-MYSQL_HOST=     "{{database_host}}:{{database_port}}"
+MYSQL_DATABASE=             "{{database_name}}"
+MYSQL_USER=                 "{{database_username}}"
+MYSQL_PASSWORD=             "{{database_password}}"
+MYSQL_HOST=                 "{{database_host}}:{{database_port}}"
       
 # Memory
-PHP_MEMORY_LIMIT= 1G # Required for plugin duplicate finder
+PHP_MEMORY_LIMIT=           1G # Required for plugin duplicate finder
       
 # Email Configuration
-SMTP_HOST=      {{system_email.host}}
-SMTP_SECURE=    {{ 'ssl' if system_email.tls else '' }}
-SMTP_PORT=      {{system_email.port}}
-SMTP_NAME=      {{system_email.username}}
-SMTP_PASSWORD=  {{system_email.password}}
+SMTP_HOST=                  {{system_email.host}}
+SMTP_SECURE=                {{ 'ssl' if system_email.tls else '' }}
+SMTP_PORT=                  {{system_email.port}}
+SMTP_NAME=                  {{system_email.username}}
+SMTP_PASSWORD=              {{system_email.password}}
 
 # Email from configuration
 MAIL_FROM_ADDRESS=          "{{system_email.local}}"

roles/docker-nextcloud/templates/include.php.j2

@@ -0,0 +1,11 @@
+{% raw %}
+// Include and merge all PHP config files from cymais
+
+$CONFIG_EXTRA = [];
+
+foreach (glob("{% endraw %}{{ nextcloud_docker_config_additives_directory }}{% raw %}*.php") as $file) {
+    $CONFIG_EXTRA = array_merge($CONFIG_EXTRA, include $file);
+}
+
+$CONFIG = array_merge($CONFIG, $CONFIG_EXTRA);
+{% endraw %}

roles/docker-nextcloud/vars/main.yml

@@ -1,10 +1,37 @@
 ---
-application_id:                           "nextcloud"
-database_password:  	                    "{{applications.nextcloud.credentials.database_password}}"
-database_type:                            "mariadb"
-nextcloud_config_file_host_path:          "/var/lib/docker/volumes/nextcloud_data/_data/config/config.php"
-domain:                                   "{{domains[application_id]}}"
-http_port:                                "{{ ports.localhost.http[application_id] }}"
-nextcloud_docker_path:                    "/var/www/html/"
-nextcloud_docker_oidc_login_config_path:  "{{nextcloud_docker_path}}config/oidc.config.php"
-nextcloud_host_oidc_login_path:           "{{docker_compose.directories.volumes}}/oidc.config.php"
+# General
+application_id:                                     "nextcloud"                                                   # Application identifier
+
+# Database
+database_password:  	                              "{{applications.nextcloud.credentials.database_password}}"    # Database password
+database_type:                                      "mariadb"                                                     # Database flavor
+
+# Networking
+domain:                                             "{{domains[application_id]}}"                                 # Public domain at which Nextcloud will be accessable
+http_port:                                          "{{ ports.localhost.http[application_id] }}"                  # Port at which nextcloud is reachable in the local network
+
+# Localhost
+nextcloud_localhost_plugin_configuration_directory: "{{role_path}}/plugins/"                                      # Folder in which the files for the plugin configuration are stored
+
+# Host 
+
+## Host Paths
+nextcloud_host_config_additives_directory:          "{{docker_compose.directories.volumes}}cymais/"               # This folder is the path to which the additive configurations will be copied
+nextcloud_host_include_instructions_file:           "{{docker_compose.directories.volumes}}includes.php"          # Path to the isntruction file on the host. Responsible for loading the additional configurations
+
+# Docker
+
+## User Configuration
+nextcloud_docker_user_id:                           82                                                            # UID of the www-data user
+nextcloud_docker_user:                              "www-data"                                                    # Name of the www-data user (Set here to easy change it in the future)
+
+## Internal Paths
+nextcloud_docker_work_directory:                    "/var/www/html/"                                              # Name of the workdir in which the application is stored
+nextcloud_docker_config_directory:                  "{{nextcloud_docker_work_directory}}config/"                  # Folder in which the Nextcloud configurations are stored     
+nextcloud_docker_config_file:                       "{{nextcloud_docker_config_directory}}config.php"             # Path to the Nextcloud configuration file
+nextcloud_docker_config_additives_directory:        "{{nextcloud_docker_config_directory}}cymais/"                # Path to the folder which contains additional configurations
+nextcloud_docker_include_instructions_file:         "/tmp/includes.php"                                           # Path to the temporary file which will be included to the config.php to load the additional configurations
+
+## Execution
+nextcloud_docker_exec:                              "docker exec -u {{ nextcloud_docker_user }} {{ applications.nextcloud.container.application }}" # General execute composition
+nextcloud_docker_exec_occ:                          "{{nextcloud_docker_exec}} {{ nextcloud_docker_work_directory }}occ"                            # Execute docker occ command

roles/docker-nextcloud/vars/plugins/README.md

@@ -0,0 +1 @@
+This folder contains the plugin specific configurations which willö be applied

roles/docker-nextcloud/vars/plugins/ldap.yml

@@ -1,4 +1,4 @@
-nextcloud_ldap_configuration:
+plugin_configuration:
   -
     appid: "user_ldap"
     configkey: "background_sync_interval"

roles/docker-nextcloud/vars/plugins/sociallogin.yml

@@ -1,4 +1,4 @@
-nextcloud_sociallogin_configuration:
+plugin_configuration:
   -
     appid: "sociallogin"
     # This configuration allows users to connect multiple accounts to their Nextcloud profile

roles/docker-nextcloud/vars/system.yml

@@ -0,0 +1,23 @@
+nextcloud_system_config:
+  - parameter: "hide_login_form"
+    type: "boolean"
+    value: "{{ (not applications[application_id].legacy_login_mask.enabled) | lower }}"
+
+  - parameter: "auth.webauthn.enabled"
+    type: "boolean"
+    value: "{{ applications[application_id].legacy_login_mask.enabled | lower }}"
+
+  - parameter: "maintenance_window_start"
+    type: "integer"
+    value: "{{ on_calendar_nextcloud }}"
+
+  - parameter: "default_phone_region"
+    value: "{{ locale | upper }}"
+
+  # Force https  
+  - parameter: "overwrite.cli.url"
+    value: "https://{{domains[application_id]}}"
+
+  # Force https
+  - parameter: "overwriteprotocol"
+    value: "https"