53 lines
No EOL
2.4 KiB
YAML
53 lines
No EOL
2.4 KiB
YAML
#SPDX-License-Identifier: MIT-0
|
|
---
|
|
# OIDC provider configuration for Nextcloud user_oidc app
|
|
|
|
- name: Deploy OIDC config file
|
|
ansible.builtin.template:
|
|
src: oidc.config.php.j2
|
|
dest: "{{ nextcloud_docker_volume_dir }}/nextcloud/config/oidc.config.php"
|
|
owner: www-data
|
|
group: www-data
|
|
mode: '0640'
|
|
|
|
- name: Remove deleted OIDC providers
|
|
community.docker.docker_container_exec:
|
|
container: "{{ nextcloud_service_name }}-nextcloud-1"
|
|
command: php /var/www/html/occ user_oidc:provider:delete "{{ item }}" --force
|
|
loop: "{{ nextcloud_oidc_providers_removed }}"
|
|
register: oidc_delete_result
|
|
changed_when: "'deleted' in (oidc_delete_result.stdout | default('') | lower)"
|
|
failed_when:
|
|
- oidc_delete_result.rc != 0
|
|
- "'not found' not in (oidc_delete_result.stderr | default('') | lower)"
|
|
- "'does not exist' not in (oidc_delete_result.stderr | default('') | lower)"
|
|
|
|
- name: Create or update OIDC providers
|
|
vars:
|
|
_mapping: "{{ item.mapping | default({}) }}"
|
|
_base_args:
|
|
- php
|
|
- /var/www/html/occ
|
|
- user_oidc:provider
|
|
- "{{ item.identifier }}"
|
|
- "--clientid={{ item.client_id }}"
|
|
- "--clientsecret={{ item.client_secret }}"
|
|
- "--discoveryuri={{ item.discovery_url }}"
|
|
- "--unique-uid={{ '1' if item.unique_uid | default(true) else '0' }}"
|
|
- "--check-bearer={{ '1' if item.check_bearer | default(false) else '0' }}"
|
|
- "--send-id-token-hint={{ '1' if item.send_id_token_hint | default(true) else '0' }}"
|
|
_optional_args: "{{
|
|
((['--scope=' ~ item.scope]) if item.scope is defined else []) +
|
|
((['--group-provisioning=1']) if item.group_provisioning | default(false) else []) +
|
|
((['--mapping-uid=' ~ _mapping.uid]) if _mapping.uid is defined else []) +
|
|
((['--mapping-display-name=' ~ _mapping.display_name]) if _mapping.display_name is defined else []) +
|
|
((['--mapping-email=' ~ _mapping.email]) if _mapping.email is defined else []) +
|
|
((['--mapping-groups=' ~ _mapping.groups]) if _mapping.groups is defined else [])
|
|
}}"
|
|
community.docker.docker_container_exec:
|
|
container: "{{ nextcloud_service_name }}-nextcloud-1"
|
|
argv: "{{ _base_args + _optional_args }}"
|
|
loop: "{{ nextcloud_oidc_providers }}"
|
|
register: oidc_create_result
|
|
changed_when: "'created' in (oidc_create_result.stdout | default('') | lower) or 'updated' in (oidc_create_result.stdout | default('') | lower)"
|
|
no_log: true |