Digitalboard/digitalboard.core
6
2
Fork 0
Code Pull requests 1 Releases Packages Activity Actions
digitalboard.core/roles/homarr/defaults/main.yml
Simon Bärlocher 3ace667b6c
feat(services): refine split-horizon OIDC routing and harden nextcloud patch 
- authentik: address the rewrite service by compose service name instead
  of a network alias on the public FQDN, which shadowed extra_hosts pins
  and broke OIDC discovery for c-ares-based (Node) resolvers
- homarr: add homarr_extra_hosts to pin the IdP FQDN to a LAN IP so OIDC
  discovery stays in-network while the issuer matches the browser-facing URL
- opnform: add opnform_oidc_sso_redirect_root to 302 the root URL to the
  SSO path (deep-links untouched, /login?bypass=1 break-glass); restart
  ingress via container restart so envsubst re-renders nginx.conf
- nextcloud: make the UserConfig sed workaround fail loud on upstream
  drift instead of silently skipping (nextcloud/server#59629)
- gitignore: exclude the local .ansible/ collection cache
2026-06-02 13:44:08 +02:00

82 lines
No EOL
2.8 KiB
YAML
Raw Blame History

#SPDX-License-Identifier: MIT-0
---
# defaults file for homarr
# Base directory configuration (inherited from base role or defined here)
docker_compose_base_dir: /etc/docker/compose
docker_volume_base_dir: /srv/data
# homarr-specific configuration
homarr_base_path: /srv/data/homarr
homarr_docker_compose_dir: "{{ docker_compose_base_dir }}/homarr"
homarr_docker_volume_dir: "{{ docker_volume_base_dir }}/homarr"
homarr_appdata_dir: "{{ homarr_docker_volume_dir }}/homarr/appdata"
homarr_db: "{{ homarr_appdata_dir }}/db/db.sqlite"
# Service configuration
homarr_domain: "homarr.local.test"
# Additional hostnames the homarr router answers on (e.g. an internal
# *.int.* FQDN so a DMZ reverseproxy can hit a backend hostname covered
# by the cert).
homarr_extra_domains: []
# Extra /etc/hosts entries inside the homarr container (format "host:ip").
# Used to pin the IdP's public FQDN to a LAN IP so OIDC discovery stays
# in-network while the issuer URL matches what browsers see.
homarr_extra_hosts: []
homarr_image: "ghcr.io/homarr-labs/homarr:latest"
homarr_port: 7575
homarr_use_docker: false
# REQUIRED: 64-character hex string used to encrypt integration credentials.
# Generate with: openssl rand -hex 32
# Provide via OpenBao lookup, Ansible Vault, or extra-vars.
# Never commit a real key to version control.
homarr_secret_encryption_key: ""
# URL — used for BASE_URL, NEXTAUTH_URL and the completion message
homarr_base_url: "https://home.local.test"
# Auth providers (comma-separated): credentials, oidc, ldap
homarr_auth_providers: "credentials"
# OIDC configuration (only used when 'oidc' is in homarr_auth_providers)
homarr_oidc_issuer: ""
homarr_oidc_client_id: ""
homarr_oidc_client_name: ""
homarr_oidc_scopes: "openid profile email groups"
homarr_oidc_groups_attribute: "groups"
homarr_oidc_client_secret: ""
homarr_oidc_auto_login: "false"
# OIDC admin group (must exist in the identity provider)
homarr_oidc_admin_group: "homarr-admins"
# Board configuration
homarr_default_board_name: "Home"
homarr_default_board_public: true
# Traefik configuration
homarr_traefik_network: "proxy"
homarr_use_ssl: true
# Local admin (override in inventory or via vault)
homarr_admin_username: "admin"
homarr_admin_email: "admin@example.com"
homarr_admin_password: "ChangeMe123!"
# Applications shown on the default board.
# Override in your project/inventory vars. Each app needs:
# id, name, icon, href, width (1-10). Optional: description, height (default 1).
# Apps are automatically packed left-to-right into the desktop grid (10 cols),
# scaled to tablet (6 cols) and mobile (2 cols).
#
# Example:
# homarr_apps:
# - id: nextcloud
# name: Nextcloud
# description: Cloud Storage & Collaboration
# icon: https://cdn.jsdelivr.net/gh/walkxcode/dashboard-icons/png/nextcloud.png
# href: https://cloud.example.com
# width: 2
# height: 1
homarr_apps: []
View git blame Copy permalink