feat: add nextcloud oidc provisioning

2026-02-27 11:23:07 +01:00 · 2026-02-27 11:23:07 +01:00 · b5a6573beb
commit b5a6573beb
parent 3fcaebe1a8
5 changed files with 99 additions and 1 deletions
--- a/roles/nextcloud/defaults/main.yml
+++ b/roles/nextcloud/defaults/main.yml
@ -14,6 +14,7 @@ nextcloud_image: "nextcloud:fpm"
 nextcloud_redis_image: "redis:latest"
 nextcloud_port: 80
 nextcloud_extra_hosts: []
+nextcloud_allow_local_remote_servers: false  # Set to true to allow requests to local network (dev only)

 nextcloud_postgres_image: "postgres:15"
 nextcloud_postgres_db: nextcloud
@ -55,4 +56,26 @@ nextcloud_apps_to_install:
  - spreed
  - user_ldap
  - user_oidc
-  - whiteboard
+  - whiteboard
+
+# OIDC provider configuration
+nextcloud_oidc_allow_selfsigned: false  # Set to true to disable SSL verification for OIDC providers (dev only)
+nextcloud_oidc_providers: []
+# - identifier: keycloak
+#   display_name: "Login with Keycloak"
+#   client_id: "nextcloud"
+#   client_secret: "changeme"
+#   discovery_url: "https://keycloak.example.com/realms/default/.well-known/openid-configuration"
+#   scope: "openid email profile"
+#   unique_uid: true
+#   check_bearer: false
+#   send_id_token_hint: true
+#   mapping:
+#     uid: preferred_username
+#     display_name: name
+#     email: email
+#     groups: groups
+
+# OIDC providers to remove
+nextcloud_oidc_providers_removed: []
+# - old-provider