digitalboard.core/roles/nextcloud/defaults/main.yml

#SPDX-License-Identifier: MIT-0
---
# defaults file for nextcloud
# Base directory configuration (inherited from base role or defined here)
docker_compose_base_dir: /etc/docker/compose
docker_volume_base_dir: /srv/data

nextcloud_service_name: nextcloud
nextcloud_docker_compose_dir: "{{ docker_compose_base_dir }}/{{ nextcloud_service_name }}"
nextcloud_docker_volume_dir: "{{ docker_volume_base_dir }}/{{ nextcloud_service_name }}"

nextcloud_domain: "nextcloud.local.test"
nextcloud_image: "nextcloud:fpm"
nextcloud_redis_image: "redis:latest"
nextcloud_port: 80
nextcloud_extra_hosts: []
nextcloud_allow_local_remote_servers: false  # Set to true to allow requests to local network (dev only)

nextcloud_postgres_image: "postgres:15"
nextcloud_postgres_db: nextcloud
nextcloud_postgres_user: nextcloud
nextcloud_postgres_password: "changeme"

nextcloud_backend_network: nextcloud-internal
nextcloud_traefik_network: proxy 
nextcloud_use_ssl: true

nextcloud_enable_collabora: true
nextcloud_collabora_domain: "office.local.test"
nextcloud_collabora_disable_cert_verification: false

nextcloud_use_s3_storage: false
nextcloud_s3_key: changeme
nextcloud_s3_secret: changeme
nextcloud_s3_region: "us-east-1"
nextcloud_s3_bucket: nextcloud
nextcloud_s3_host: s3.example.com
nextcloud_s3_port: 443
nextcloud_s3_ssl: true
nextcloud_s3_usepath_style: true
nextcloud_s3_autocreate: false

nextcloud_admin_user: admin
nextcloud_admin_password: admin
nextcloud_memory_limit_mb: 1024
nextcloud_upload_limit_mb: 2048

nextcloud_scale_factor: 2

# Non-default apps to install and enable
nextcloud_apps_to_install:
  - groupfolders
  - richdocuments
  - spreed
  - user_ldap
  - user_oidc
  - whiteboard

# OIDC provider configuration
nextcloud_oidc_allow_selfsigned: false  # Set to true to disable SSL verification for OIDC providers (dev only)
nextcloud_oidc_providers: []
# - identifier: keycloak
#   display_name: "Login with Keycloak"
#   client_id: "nextcloud"
#   client_secret: "changeme"
#   discovery_url: "https://keycloak.example.com/realms/default/.well-known/openid-configuration"
#   scope: "openid email profile"
#   unique_uid: true
#   check_bearer: false
#   send_id_token_hint: true
#   mapping:
#     uid: preferred_username
#     display_name: name
#     email: email
#     groups: groups

# OIDC providers to remove
nextcloud_oidc_providers_removed: []
# - old-provider

# LDAP configuration
nextcloud_ldap_enabled: false
nextcloud_ldap_config: {}
# Example for 389ds with Keycloak user federation:
#   ldapHost: "ldaps://389ds"
#   ldapPort: "3636"
#   ldapAgentName: "cn=Directory Manager"
#   ldapAgentPassword: "changeme"
#   ldapBase: "dc=example,dc=com"
#   ldapBaseUsers: "ou=users,dc=example,dc=com"
#   ldapBaseGroups: "dc=example,dc=com"
#   ldapTLS: "0"
#   turnOffCertCheck: "0"
#   ldapUserFilter: "(&(objectclass=inetOrgPerson)(uid=*))"
#   ldapLoginFilter: "(&(objectclass=inetOrgPerson)(uid=%uid))"
#   ldapUserDisplayName: "displayname"
#   ldapEmailAttribute: "mail"
#   ldapExpertUsernameAttr: "uid"
#   ldapExpertUUIDUserAttr: "nsuniqueid"
#   ldapConfigurationActive: "1"