feat: domain list refactor + demo-gymburgdorf fixes

- Refactor: collapse `*_domain` + `*_extra_domains` into a single `*_domains` list across authentik, collabora, garage and nextcloud roles. First entry is the canonical FQDN (used for OVERWRITEHOST, BASE_URL, notify_push setup and garage root_domain). - Authentik blueprint: guard the OAuth sources block so an empty `authentik_login_sources` no longer renders an invalid YAML key. - Nextcloud: introduce `nextcloud_collabora_public_domain` and set Collabora's `public_wopi_url` separately from the server-to-server `wopi_url` so browsers can reach Collabora via the public name while Nextcloud still talks to it on the internal one. - Nextcloud: URL-encode the postgres user/password in DATABASE_URL.
2026-05-20 22:13:34 +02:00 · 2026-05-20 22:13:34 +02:00 · c3cf779532
commit c3cf779532
parent c11f019aae
12 changed files with 64 additions and 15 deletions
--- a/roles/nextcloud/tasks/collabora.yml
+++ b/roles/nextcloud/tasks/collabora.yml
@ -1,11 +1,17 @@
 #SPDX-License-Identifier: MIT-0
 ---
 # tasks file for configuring Collabora in Nextcloud
- name: Configure Collabora WOPI URL
+- name: Configure Collabora WOPI URL (server-to-server)
  community.docker.docker_container_exec:
    container: "{{ nextcloud_docker_compose_dir | basename }}-nextcloud-1"
    command: php /var/www/html/occ config:app:set richdocuments wopi_url --value=https://{{ nextcloud_collabora_domain }}

+- name: Configure Collabora public WOPI URL (browser-facing)
+  community.docker.docker_container_exec:
+    container: "{{ nextcloud_docker_compose_dir | basename }}-nextcloud-1"
+    command: php /var/www/html/occ config:app:set richdocuments public_wopi_url --value=https://{{ nextcloud_collabora_public_domain }}
+  when: nextcloud_collabora_public_domain is defined and nextcloud_collabora_public_domain != nextcloud_collabora_domain
+
 - name: Configure certificate verification for Collabora
  community.docker.docker_container_exec:
    container: "{{ nextcloud_docker_compose_dir | basename }}-nextcloud-1"
--- a/roles/nextcloud/tasks/notify_push.yml
+++ b/roles/nextcloud/tasks/notify_push.yml
@ -5,4 +5,4 @@
 - name: Configure notify_push base endpoint
  community.docker.docker_container_exec:
    container: "{{ nextcloud_docker_compose_dir | basename }}-nextcloud-1"
-    command: php /var/www/html/occ notify_push:setup https://{{ nextcloud_domain }}/push
+    command: php /var/www/html/occ notify_push:setup https://{{ nextcloud_domains[0] }}/push