feat: add keycloak oidc provisioning tasks

Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>
2026-02-27 13:35:37 +01:00 · 2026-02-27 13:35:37 +01:00 · 2063268ed6
commit 2063268ed6
parent 495b61c1d1
3 changed files with 104 additions and 3 deletions
--- a/inventories/vagrant/host_vars/backend/nextcloud.yml
+++ b/inventories/vagrant/host_vars/backend/nextcloud.yml
@ -1,4 +1,6 @@
 nextcloud_collabora_disable_cert_verification: true
+nextcloud_allow_local_remote_servers: true  # Allow requests to local network in Vagrant
+nextcloud_oidc_allow_selfsigned: true  # Allow self-signed certs for OIDC in Vagrant

 # S3 storage configuration using Garage
 nextcloud_use_s3_storage: true
@ -12,4 +14,31 @@ nextcloud_s3_usepath_style: true

 # Extra hosts for container DNS resolution (Vagrant only)
 nextcloud_extra_hosts:
-  - "storage.local.test:192.168.56.11"
+  - "storage.local.test:192.168.56.11"
+  - "keycloak.local.test:192.168.56.11"
+  - "authentik.local.test:192.168.56.11"
+
+# OIDC providers for login
+nextcloud_oidc_providers:
+  - identifier: keycloak
+    display_name: "Login with Keycloak"
+    client_id: "nextcloud"
+    client_secret: "nextcloud-secret-change-in-production"
+    discovery_url: "https://keycloak.local.test/realms/vagrant/.well-known/openid-configuration"
+    scope: "openid email profile"
+    unique_uid: true
+    mapping:
+      uid: preferred_username
+      display_name: name
+      email: email
+  - identifier: authentik
+    display_name: "Login with Authentik"
+    client_id: "test1234"
+    client_secret: "test1234"
+    discovery_url: "https://authentik.local.test/application/o/nextcloud/.well-known/openid-configuration"
+    scope: "openid email profile"
+    unique_uid: true
+    mapping:
+      uid: preferred_username
+      display_name: name
+      email: email