Digitalboard/reference-ansible
5
1
Fork 0
Code Pull requests Activity Actions
reference-ansible/inventories/vagrant/host_vars/backend/opencloud.yml
Bert-Jan Fikse 2c1c01a2d7
feat: opencloud group provisioning via oidc 
Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>
2026-03-13 16:43:02 +01:00

53 lines
No EOL
2 KiB
YAML
Raw Permalink Blame History

opencloud_domain: "opencloud.local.test"
opencloud_admin_password: "admin"
opencloud_extra_hosts:
- "opencloud.local.test:host-gateway"
- "keycloak.local.test:host-gateway"
- "storage.local.test:192.168.56.11"
- "office.local.test:host-gateway"
- "drawio.local.test:host-gateway"
- "389ds:192.168.56.11"
# OIDC configuration (Keycloak)
opencloud_oidc_issuer: "https://keycloak.local.test/realms/vagrant"
opencloud_oidc_client_id: "opencloud"
opencloud_oidc_client_secret: "opencloud-secret-change-in-production"
opencloud_oidc_account_edit_url: "https://keycloak.local.test/realms/vagrant/account"
opencloud_oidc_autoprovision_accounts: false
# S3 storage configuration using Garage
opencloud_use_s3_storage: true
opencloud_s3_endpoint: "http://{{ hostvars['backend']['garage_s3_domain'] }}"
opencloud_s3_access_key: "{{ lookup('digitalboard.core.garage_credentials', 'opencloud', host='backend')['key_id'] }}"
opencloud_s3_secret_key: "{{ lookup('digitalboard.core.garage_credentials', 'opencloud', host='backend')['secret_key'] }}"
opencloud_s3_bucket: "opencloud"
# Collabora integration
opencloud_collabora_domain: "office.local.test"
opencloud_wopi_domain: "wopi.opencloud.local.test"
# LDAP backend (users synced from Keycloak via 389ds)
opencloud_ldap_uri: "ldaps://389ds:3636"
opencloud_ldap_bind_dn: "cn=Directory Manager"
opencloud_ldap_bind_password: "admin"
opencloud_ldap_user_base_dn: "ou=users,dc=local,dc=test"
opencloud_ldap_group_base_dn: "ou=groups,dc=local,dc=test"
# Draw.io integration
opencloud_drawio_url: "https://drawio.local.test"
# Role assignment via OIDC (maps LDAP groups from Keycloak token to OpenCloud roles)
opencloud_role_assignment_driver: "oidc"
opencloud_role_mapping:
- role_name: admin
claim_value: admins
- role_name: user
claim_value: users
- role_name: user
claim_value: developers
# CSP configuration
opencloud_csp_extra_connect_src:
- "https://keycloak.local.test/"
opencloud_csp_extra_frame_src:
- "https://drawio.local.test/"
View git blame Copy permalink