2341815daf
feat(opnform)!: add admin and OIDC bootstrap, rename role to lowercase
...
Rename roles/OpnForm → roles/opnform so the role resolves as
digitalboard.core.opnform (Ansible collection convention is
lowercase). Update tests/test.yml reference accordingly.
Add automated admin user creation via POST /api/register, gated on
opnform_admin_email + opnform_admin_password. Idempotent through a
prior login probe. Without these vars the manual setup page flow is
preserved.
Add automated OIDC IdentityConnection setup via the per-workspace
/api/open/workspaces/{id}/oidc-connections endpoint, gated on
opnform_oidc_enabled. Hard-coupled to the admin bootstrap (the API
requires an authenticated admin token); validation block fails fast
if OIDC is enabled without admin credentials. Supports both an
explicit opnform_oidc_group_role_mappings list and a fallback
opnform_oidc_admin_group convenience var.
Convert opnform_oidc_scopes from space-separated string to YAML list
to match OpnForm's API expectation. Rewrite README "First login" and
"OIDC setup" sections to reflect that self-hosted OpnForm does not
ship a pre-seeded admin and to document the new bootstrap paths.
BREAKING CHANGE: opnform_oidc_scopes changed from space-separated
string to YAML list. Inventories that override it must update from
"openid profile email" to [openid, profile, email].
2026-05-18 22:40:19 +02:00
3f90843f97
fix: added pycache to gitignore
2026-05-18 21:00:20 +02:00
6c1c40668d
chore: add new role for OpnForm
2026-05-13 17:23:34 +02:00
9fc34dfb29
Merge branch 'feature/homarr'
2026-05-13 15:40:52 +02:00
2aa1df8614
chore(homarr): added readme and removed test env contents
2026-05-13 15:37:13 +02:00
308bf50122
chore(homarr): remove digitalboard-specific defaults
2026-05-13 15:37:12 +02:00
c1c1a84591
feat(homarr): make apps list configurable with auto-layout
2026-05-13 15:37:12 +02:00
d4eaa5f12c
refactor(homarr): extract seed SQL into template
2026-05-13 15:37:12 +02:00
3c35b8782e
fix: reomved remnants of removed env / fixed encription key validatiion
2026-05-13 15:37:11 +02:00
f4084ba078
refactor(homarr): drop service_name var and rename db_dir to db
...
- homarr_service_name removed, replaced with fixed "homarr" string
- homarr_db_dir renamed to homarr_db (variable points to a file, not a dir)
2026-05-13 15:37:11 +02:00
123769a4f4
feat(homarr): use handler for restart, validate encryption key
2026-05-13 15:37:11 +02:00
bdb1b03a18
refactor(homarr): align vars with homarr_ prefix, EN-only strings
2026-05-13 15:37:11 +02:00
c060d6136a
fix(homarr): salt column, bcrypt newline, transaction safety
2026-05-13 15:37:10 +02:00
23ea8dafc9
Chore: add admin user and seed staging
...
added creation of the admin user, the basic homeboard and all basic setup tasks.
Todo: Cleanup
2026-05-13 13:30:34 +00:00
5608daadaa
chore: base config and deployment for role homarr
2026-05-13 13:30:34 +00:00
1fcb433aae
chore: add new boilerplate role for homarr
2026-05-13 13:30:34 +00:00
967ffb0c2d
fix: leading space in extra networks
...
Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>
2026-04-10 14:34:15 +02:00
c27b4d9488
feat: add blueprints for authentik ldap outpost and render values directly instead of using env vars
...
Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>
2026-04-10 14:33:52 +02:00
d25f1c5304
chore: add authentik outpost deployment
...
Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>
2026-04-10 11:27:07 +02:00
dbcccc090b
feat: ability to set extra networks for opencloud
...
needed for ldap outpost
Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>
2026-04-10 11:19:10 +02:00
e2fae25592
feat: make nextcloud_notify_push_image configurable
...
Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>
2026-04-10 11:18:28 +02:00
468ed34550
feat: ability to set extra networks for nextcloud
...
needed for ldap outpost
Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>
2026-04-10 11:17:42 +02:00
77484f1944
chore: add new empty role skeleton for authentik_outpost_ldap
...
Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>
2026-04-02 11:51:58 +02:00
aa8baad630
feat: opencloud group provisioning via oidc
...
Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>
2026-03-13 16:43:02 +01:00
6f4cc2bdb3
feat: nextcloud ability to get groups from ldap backend
...
Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>
2026-03-13 15:37:33 +01:00
d517f77b6c
feat: add file_lock and notify_push configuration to nextcloud role
...
Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>
2026-03-13 15:22:09 +01:00
910986b808
feat: add drawio instance for nextcloud and opencloud
...
Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>
2026-03-13 14:37:02 +01:00
f3f2b6d5b7
feat: add empty role skeleton for drawio role
...
Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>
2026-03-13 13:44:53 +01:00
db21030a64
feat: add ldap backend to opencloud
...
Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>
2026-03-13 11:43:11 +01:00
12864a13b0
feat: add 389ds ldap backend to keycloak
...
Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>
2026-03-13 10:58:40 +01:00
59d0174905
feat: add ldap provisioning to nextcloud
...
Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>
2026-03-13 10:46:49 +01:00
700cafed0e
feat: add basic ds389 docker setup and configuration
...
Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>
2026-03-06 17:54:07 +01:00
dae32362ed
chore: add empty boilerplate role for 389ds
...
Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>
2026-03-06 17:47:50 +01:00
244e378d9d
fix: use correct file ownership for nextcloud volumes
...
Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>
2026-03-06 17:18:01 +01:00
6be4a50f8f
chore: ensure we can use the same collabora instance for multiple cloud instances
...
Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>
2026-03-06 17:00:33 +01:00
d3d7bb9ba5
chore: add central collabora service
...
instead of providing one for owncloud and nextcloud separately
Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>
2026-03-05 17:09:06 +01:00
064b939d06
chore: add empty role boilerplate for collabora
...
Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>
2026-03-05 16:34:50 +01:00
fe85cc0f86
feat: add s3 storage provisioning for opencloud
...
Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>
2026-03-05 16:24:12 +01:00
2dc9097707
feat: add oidc provisioning for opencloud
...
Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>
2026-03-05 15:36:12 +01:00
59cd27a031
feat: add basic opencloud deployment
...
Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>
2026-02-27 14:59:45 +01:00
6fad15e7ed
chore: add empty boilerplate role for opencloud
...
Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>
2026-02-27 13:44:43 +01:00
b5a6573beb
feat: add nextcloud oidc provisioning
2026-02-27 11:23:07 +01:00
3fcaebe1a8
feat: add keycloak provisioning tasks
2026-02-27 11:22:08 +01:00
13eb79803f
chore(traefik): prefix all traefi vars with traefik_
2026-01-22 17:29:56 +01:00
d0ae0a4df9
chore(traefik): clearer naming for aggregated services
2026-01-22 17:17:27 +01:00
8e49b09fd6
feat(traefik): allow exposure of dashboard via domain
2026-01-22 14:01:39 +01:00
bce1daf5a6
feat: add provisioning of apps to nextcloud role
2026-01-16 15:53:36 +01:00
ea8178fcf0
feat: add ability to add extra_hosts to nextcloud docker-compose
2026-01-15 17:29:29 +01:00
d3bf520bf0
fix: remove dep to base role from traefik role
2026-01-15 17:20:50 +01:00
868e2c3860
fix: ensure unredacted secret is used for s3-keys
2026-01-15 16:51:19 +01:00
