Digitalboard/reference-ansible
6
1
Fork 0
Code Pull requests Activity Actions
reference-ansible/inventories/vagrant/host_vars/backend/nextcloud.yml

125 lines
No EOL
4.2 KiB
YAML
Raw Blame History

nextcloud_collabora_disable_cert_verification: true
nextcloud_enable_notify_push: true
# Draw.io integration
nextcloud_enable_drawio: true
nextcloud_drawio_url: "https://drawio.local.test"
# Apps to install (override defaults to include drawio)
nextcloud_apps_to_install:
- groupfolders
- richdocuments
- spreed
- user_ldap
- user_oidc
- whiteboard
- drawio
- files_lock
- notify_push
nextcloud_allow_local_remote_servers: true # Allow requests to local network in Vagrant
nextcloud_oidc_allow_selfsigned: true # Allow self-signed certs for OIDC in Vagrant
# S3 storage configuration using Garage
nextcloud_use_s3_storage: true
nextcloud_s3_key: "{{ lookup('digitalboard.core.garage_credentials', 'nextcloud', host='backend')['key_id'] }}"
nextcloud_s3_secret: "{{ lookup('digitalboard.core.garage_credentials', 'nextcloud', host='backend')['secret_key'] }}"
nextcloud_s3_bucket: "nextcloud"
nextcloud_s3_host: "{{ hostvars['backend']['garage_s3_domain'] }}"
nextcloud_s3_port: 80
nextcloud_s3_ssl: false
nextcloud_s3_usepath_style: true
# Extra hosts for container DNS resolution (Vagrant only)
nextcloud_extra_networks:
- ldap
nextcloud_extra_hosts:
- "storage.local.test:192.168.56.11"
- "office.local.test:192.168.56.11"
- "keycloak.local.test:192.168.56.11"
- "authentik.local.test:192.168.56.11"
# - "389ds:192.168.56.11" # only needed when using 389ds LDAP directly
# LDAP backend (Authentik LDAP outpost)
nextcloud_ldap_enabled: true
nextcloud_ldap_config:
ldapHost: "ldap://authentik-outpost-ldap-ldap-1"
ldapPort: "3389"
ldapAgentName: "cn=akadmin,ou=users,dc=local,dc=test"
ldapAgentPassword: "admin"
ldapBase: "dc=local,dc=test"
ldapBaseUsers: "ou=users,dc=local,dc=test"
ldapTLS: "0"
turnOffCertCheck: "1"
ldapUserFilter: "(&(objectClass=user)(cn=*))"
ldapUserFilterObjectclass: "user"
ldapLoginFilter: "(&(objectClass=user)(cn=%uid))"
ldapLoginFilterUsername: "1"
ldapUserDisplayName: "cn"
ldapEmailAttribute: "mail"
ldapExpertUsernameAttr: "cn"
ldapExpertUUIDUserAttr: "uid"
ldapExpertUUIDGroupAttr: "uid"
ldapBaseGroups: "ou=groups,dc=local,dc=test"
ldapGroupFilter: "(&(objectClass=group))"
ldapGroupFilterObjectclass: "group"
ldapGroupDisplayName: "cn"
ldapGroupMemberAssocAttr: "member"
ldapAdminGroup: "admins"
ldapCacheTTL: "600"
ldapPagingSize: "500"
ldapExperiencedAdmin: "1"
ldapConfigurationActive: "1"
# LDAP backend (389ds via Keycloak federation)
# nextcloud_ldap_config:
# ldapHost: "ldaps://389ds"
# ldapPort: "3636"
# ldapAgentName: "cn=Directory Manager"
# ldapAgentPassword: "admin"
# ldapBase: "dc=local,dc=test"
# ldapBaseUsers: "ou=users,dc=local,dc=test"
# ldapTLS: "0"
# turnOffCertCheck: "1"
# ldapUserFilter: "(&(objectclass=inetOrgPerson)(uid=*))"
# ldapUserFilterObjectclass: "inetOrgPerson"
# ldapLoginFilter: "(&(objectclass=inetOrgPerson)(uid=%uid))"
# ldapLoginFilterUsername: "1"
# ldapUserDisplayName: "displayName"
# ldapEmailAttribute: "mail"
# ldapExpertUsernameAttr: "uid"
# ldapExpertUUIDUserAttr: "nsuniqueid"
# ldapBaseGroups: "ou=groups,dc=local,dc=test"
# ldapGroupFilter: "(&(objectClass=groupOfNames))"
# ldapGroupFilterObjectclass: "groupOfNames"
# ldapGroupDisplayName: "cn"
# ldapGroupMemberAssocAttr: "member"
# ldapAdminGroup: "admins"
# ldapCacheTTL: "600"
# ldapPagingSize: "500"
# ldapExperiencedAdmin: "1"
# ldapConfigurationActive: "1"
# OIDC providers for login
nextcloud_oidc_providers:
- identifier: keycloak
display_name: "Login with Keycloak"
client_id: "nextcloud"
client_secret: "nextcloud-secret-change-in-production"
discovery_url: "https://keycloak.local.test/realms/vagrant/.well-known/openid-configuration"
scope: "openid email profile"
unique_uid: false
mapping:
uid: preferred_username
display_name: name
email: email
- identifier: authentik
display_name: "Login with Authentik"
client_id: "test1234"
client_secret: "test1234"
discovery_url: "https://authentik.local.test/application/o/nextcloud/.well-known/openid-configuration"
scope: "openid email profile"
unique_uid: true
mapping:
uid: preferred_username
display_name: name
email: email
View git blame Copy permalink