Digitalboard/digitalboard.core
5
2
Fork 0
Code Pull requests Releases Packages Activity Actions
digitalboard.core/roles/opencloud/templates/docker-compose.yml.j2
Bert-Jan Fikse db21030a64
feat: add ldap backend to opencloud 
Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>
2026-03-13 11:43:11 +01:00

119 lines
No EOL
5.8 KiB
Django/Jinja
Raw Blame History

services:
opencloud:
image: {{ opencloud_image }}
container_name: {{ opencloud_service_name }}
restart: unless-stopped
entrypoint:
- /bin/sh
command: ["-c", "opencloud init || true; opencloud server"]
volumes:
- {{ opencloud_docker_volume_dir }}/config:/etc/opencloud
- {{ opencloud_docker_volume_dir }}/data:/var/lib/opencloud
environment:
{% if opencloud_use_ssl %}
OC_URL: "https://{{ opencloud_domain }}"
{% else %}
OC_URL: "http://{{ opencloud_domain }}"
{% endif %}
OC_INSECURE: "true"
OC_LOG_LEVEL: "{{ opencloud_log_level }}"
PROXY_TLS: "false"
{% if opencloud_csp_extra_connect_src | length > 0 %}
PROXY_CSP_CONFIG_FILE_OVERRIDE_LOCATION: "/etc/opencloud/csp-override.yaml"
{% endif %}
IDM_ADMIN_PASSWORD: "{{ opencloud_admin_password }}"
{% if opencloud_oidc_issuer %}
OC_OIDC_ISSUER: "{{ opencloud_oidc_issuer }}"
OC_OIDC_CLIENT_ID: "{{ opencloud_oidc_client_id }}"
{% if opencloud_oidc_client_secret %}
OC_OIDC_CLIENT_SECRET: "{{ opencloud_oidc_client_secret }}"
{% endif %}
PROXY_OIDC_REWRITE_WELLKNOWN: "{{ opencloud_oidc_rewrite_wellknown | string | lower }}"
PROXY_USER_OIDC_CLAIM: "{{ opencloud_oidc_user_claim }}"
PROXY_USER_CS3_CLAIM: "{{ opencloud_oidc_user_cs3_claim }}"
PROXY_AUTOPROVISION_ACCOUNTS: "{{ opencloud_oidc_autoprovision_accounts | string | lower }}"
{% if opencloud_oidc_account_edit_url %}
WEB_OPTION_ACCOUNT_EDIT_LINK_HREF: "{{ opencloud_oidc_account_edit_url }}"
{% endif %}
{% endif %}
{% if opencloud_use_s3_storage %}
STORAGE_USERS_DRIVER: "decomposeds3"
STORAGE_USERS_DECOMPOSEDS3_ENDPOINT: "{{ opencloud_s3_endpoint }}"
STORAGE_USERS_DECOMPOSEDS3_REGION: "{{ opencloud_s3_region }}"
STORAGE_USERS_DECOMPOSEDS3_ACCESS_KEY: "{{ opencloud_s3_access_key }}"
STORAGE_USERS_DECOMPOSEDS3_SECRET_KEY: "{{ opencloud_s3_secret_key }}"
STORAGE_USERS_DECOMPOSEDS3_BUCKET: "{{ opencloud_s3_bucket }}"
{% endif %}
{% if opencloud_ldap_uri %}
# Disable built-in IDM when using external LDAP
OC_EXCLUDE_RUN_SERVICES: "idm"
IDM_CREATE_DEMO_USERS: "false"
# LDAP connection
OC_LDAP_URI: "{{ opencloud_ldap_uri }}"
OC_LDAP_INSECURE: "{{ opencloud_ldap_insecure | string | lower }}"
OC_LDAP_BIND_DN: "{{ opencloud_ldap_bind_dn }}"
OC_LDAP_BIND_PASSWORD: "{{ opencloud_ldap_bind_password }}"
# LDAP user/group base
OC_LDAP_USER_BASE_DN: "{{ opencloud_ldap_user_base_dn }}"
OC_LDAP_GROUP_BASE_DN: "{{ opencloud_ldap_group_base_dn }}"
# LDAP user schema
OC_LDAP_USER_SCHEMA_ID: "{{ opencloud_ldap_user_schema_id }}"
OC_LDAP_USER_SCHEMA_ID_IS_OCTET_STRING: "{{ opencloud_ldap_user_schema_id_is_octet_string | string | lower }}"
OC_LDAP_USER_SCHEMA_USERNAME: "{{ opencloud_ldap_user_schema_username }}"
OC_LDAP_USER_SCHEMA_MAIL: "{{ opencloud_ldap_user_schema_mail }}"
OC_LDAP_USER_SCHEMA_DISPLAY_NAME: "{{ opencloud_ldap_user_schema_display_name }}"
# LDAP group schema
OC_LDAP_GROUP_SCHEMA_ID: "{{ opencloud_ldap_group_schema_id }}"
OC_LDAP_GROUP_SCHEMA_ID_IS_OCTET_STRING: "{{ opencloud_ldap_group_schema_id_is_octet_string | string | lower }}"
OC_LDAP_GROUP_SCHEMA_GROUPNAME: "{{ opencloud_ldap_group_schema_groupname }}"
OC_LDAP_GROUP_SCHEMA_MEMBER: "{{ opencloud_ldap_group_schema_member }}"
GRAPH_LDAP_SERVER_WRITE_ENABLED: "{{ opencloud_ldap_write_enabled | string | lower }}"
{% endif %}
{% if opencloud_collabora_domain %}
OC_ADD_RUN_SERVICES: "collaboration"
COLLABORA_DOMAIN: "{{ opencloud_collabora_domain }}"
COLLABORATION_APP_NAME: "CollaboraOnline"
COLLABORATION_APP_PRODUCT: "Collabora"
COLLABORATION_APP_ADDR: "https://{{ opencloud_collabora_domain }}"
COLLABORATION_APP_INSECURE: "{{ opencloud_collabora_insecure | string | lower }}"
COLLABORATION_APP_PROOF_DISABLE: "{{ opencloud_collabora_insecure | string | lower }}"
COLLABORATION_CS3API_DATAGATEWAY_INSECURE: "{{ opencloud_collabora_insecure | string | lower }}"
COLLABORATION_HTTP_ADDR: "0.0.0.0:9300"
COLLABORATION_WOPI_SRC: "https://{{ opencloud_wopi_domain }}"
FRONTEND_APP_HANDLER_SECURE_VIEW_APP_ADDR: "eu.opencloud.api.collaboration"
{% endif %}
networks:
- {{ opencloud_traefik_network }}
{% if opencloud_extra_hosts is defined and opencloud_extra_hosts | length > 0 %}
extra_hosts:
{% for host in opencloud_extra_hosts %}
- "{{ host }}"
{% endfor %}
{% endif %}
labels:
- traefik.enable=true
- traefik.docker.network={{ opencloud_traefik_network }}
- traefik.http.routers.{{ opencloud_service_name }}.rule=Host(`{{ opencloud_domain }}`)
{% if opencloud_use_ssl %}
- traefik.http.routers.{{ opencloud_service_name }}.entrypoints=websecure
- traefik.http.routers.{{ opencloud_service_name }}.tls=true
{% else %}
- traefik.http.routers.{{ opencloud_service_name }}.entrypoints=web
{% endif %}
- traefik.http.services.{{ opencloud_service_name }}.loadbalancer.server.port={{ opencloud_port }}
{% if opencloud_collabora_domain %}
- traefik.http.routers.{{ opencloud_service_name }}.service={{ opencloud_service_name }}
- traefik.http.routers.{{ opencloud_service_name }}-wopi.rule=Host(`{{ opencloud_wopi_domain }}`)
- traefik.http.routers.{{ opencloud_service_name }}-wopi.service={{ opencloud_service_name }}-wopi
- traefik.http.services.{{ opencloud_service_name }}-wopi.loadbalancer.server.port=9300
{% if opencloud_use_ssl %}
- traefik.http.routers.{{ opencloud_service_name }}-wopi.entrypoints=websecure
- traefik.http.routers.{{ opencloud_service_name }}-wopi.tls=true
{% else %}
- traefik.http.routers.{{ opencloud_service_name }}-wopi.entrypoints=web
{% endif %}
{% endif %}
networks:
{{ opencloud_traefik_network }}:
external: true
View git blame Copy permalink