From bdb1b03a1890a65fe7b5c14c8a4c113db8f036cb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tobias=20W=C3=BCst?= <tobias.wuest@wksbern.ch>
Date: Tue, 12 May 2026 23:15:53 +0200
Subject: [PATCH] refactor(homarr): align vars with homarr_ prefix, EN-only
 strings

---
 roles/homarr/defaults/main.yml               | 41 ++++++++++++--------
 roles/homarr/templates/docker-compose.yml.j2 | 19 +++++----
 2 files changed, 34 insertions(+), 26 deletions(-)

diff --git a/roles/homarr/defaults/main.yml b/roles/homarr/defaults/main.yml
index 78b32ab..dce7501 100644
--- a/roles/homarr/defaults/main.yml
+++ b/roles/homarr/defaults/main.yml
@@ -17,34 +17,43 @@ homarr_db_dir: "{{ homarr_appdata_dir }}/db/db.sqlite"
 # Service configuration
 homarr_domain: "homarr.local.test"
 homarr_image: "ghcr.io/homarr-labs/homarr:latest"
-homarr_secret_encryption_key: "4fc2f54f54be3f4439b728da81b743fb0ee6317fd1a24f4096611f68019fa5a7"
 homarr_port: 7575
 homarr_use_docker: false
 
-# URL – wird für BASE_URL, NEXTAUTH_URL und die Completion-Message verwendet
+# REQUIRED: 64-character hex string used to encrypt integration credentials.
+# Generate with: openssl rand -hex 32
+# Provide via OpenBao lookup, Ansible Vault, or extra-vars.
+# Never commit a real key to version control.
+#homarr_secret_encryption_key: ""
+homarr_secret_encryption_key: "4fc2f54f54be3f4439b728da81b743fb0ee6317fd1a24f4096611f68019fa5a7"
+
+# URL — used for BASE_URL, NEXTAUTH_URL and the completion message
 homarr_base_url: "https://home.local.test"
 
-# OIDC Konfiguration
-oidc_issuer: "https://auth.digitalboard.ch/realms/Digitalboard"
-oidc_client_id: "homarr-digitalboard"
-oidc_client_name: "Digitalboard"
-oidc_scopes: "openid profile email groups"
-oidc_groups_attribute: "groups"
-oidc_client_secret: "mein-test-secret-aus-keycloak"
-oidc_auto_login: "false"
+# Auth providers (comma-separated): credentials, oidc, ldap
+homarr_auth_providers: "credentials,oidc"
 
-# OIDC Admin-Gruppe (muss in Keycloak existieren)
-oidc_admin_group: "homarr-admins"
+# OIDC configuration
+homarr_oidc_issuer: "https://auth.digitalboard.ch/realms/Digitalboard"
+homarr_oidc_client_id: "homarr-digitalboard"
+homarr_oidc_client_name: "Digitalboard"
+homarr_oidc_scopes: "openid profile email groups"
+homarr_oidc_groups_attribute: "groups"
+homarr_oidc_client_secret: ""
+homarr_oidc_auto_login: "false"
 
-# Board Konfiguration
-default_board_name: "Home"
-default_board_public: true
+# OIDC admin group (must exist in the identity provider)
+homarr_oidc_admin_group: "homarr-admins"
+
+# Board configuration
+homarr_default_board_name: "Home"
+homarr_default_board_public: true
 
 # Traefik configuration
 homarr_traefik_network: "proxy"
 homarr_use_ssl: true
 
-# Lokaler Admin
+# Local admin
 homarr_admin_username: "admin"
 homarr_admin_email: "admin@digitalboard.ch"
 homarr_admin_password: "ChangeMe123!"
\ No newline at end of file
diff --git a/roles/homarr/templates/docker-compose.yml.j2 b/roles/homarr/templates/docker-compose.yml.j2
index b953ed6..96c203d 100644
--- a/roles/homarr/templates/docker-compose.yml.j2
+++ b/roles/homarr/templates/docker-compose.yml.j2
@@ -1,5 +1,5 @@
 #---------------------------------------------------------------------#
-#     Homarr - A simple, yet powerful dashboard for your server.      #
+#     Homarr — A simple, yet powerful dashboard for your server.      #
 #---------------------------------------------------------------------#
 services:
   {{ homarr_service_name }}:
@@ -16,15 +16,14 @@ services:
       BASE_URL: "{{ homarr_base_url }}"
       NEXTAUTH_URL: "{{ homarr_base_url }}"
       SECRET_ENCRYPTION_KEY: "{{ homarr_secret_encryption_key }}"
-      # Auth: Credentials + OIDC
-      AUTH_PROVIDERS: "credentials,oidc"
-      AUTH_OIDC_ISSUER: "{{ oidc_issuer }}"
-      AUTH_OIDC_CLIENT_ID: "{{ oidc_client_id }}"
-      AUTH_OIDC_CLIENT_SECRET: "{{ oidc_client_secret }}"
-      AUTH_OIDC_CLIENT_NAME: "{{ oidc_client_name | default('Keycloak') }}"
-      AUTH_OIDC_SCOPE_OVERWRITE: "{{ oidc_scopes | default('openid email profile groups') }}"
-      AUTH_OIDC_GROUPS_ATTRIBUTE: "{{ oidc_groups_attribute | default('groups') }}"
-      AUTH_OIDC_AUTO_LOGIN: "{{ oidc_auto_login | default('false') }}"
+      AUTH_PROVIDERS: "{{ homarr_auth_providers }}"
+      AUTH_OIDC_ISSUER: "{{ homarr_oidc_issuer }}"
+      AUTH_OIDC_CLIENT_ID: "{{ homarr_oidc_client_id }}"
+      AUTH_OIDC_CLIENT_SECRET: "{{ homarr_oidc_client_secret }}"
+      AUTH_OIDC_CLIENT_NAME: "{{ homarr_oidc_client_name | default('Keycloak') }}"
+      AUTH_OIDC_SCOPE_OVERWRITE: "{{ homarr_oidc_scopes | default('openid email profile groups') }}"
+      AUTH_OIDC_GROUPS_ATTRIBUTE: "{{ homarr_oidc_groups_attribute | default('groups') }}"
+      AUTH_OIDC_AUTO_LOGIN: "{{ homarr_oidc_auto_login | default('false') }}"
     networks:
       - {{ homarr_traefik_network }}
     labels: