Digitalboard/reference-ansible
5
1
Fork 0
Code Pull requests Activity Actions
reference-ansible/inventories/vagrant/host_vars/backend/nextcloud.yml
Bert-Jan Fikse f6dc1d8261
feat: add ldap provisioning to nextcloud 
Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>
2026-03-13 10:46:49 +01:00

70 lines
No EOL
2.5 KiB
YAML
Raw Blame History

nextcloud_collabora_disable_cert_verification: true
nextcloud_allow_local_remote_servers: true # Allow requests to local network in Vagrant
nextcloud_oidc_allow_selfsigned: true # Allow self-signed certs for OIDC in Vagrant
# S3 storage configuration using Garage
nextcloud_use_s3_storage: true
nextcloud_s3_key: "{{ lookup('digitalboard.core.garage_credentials', 'nextcloud', host='backend')['key_id'] }}"
nextcloud_s3_secret: "{{ lookup('digitalboard.core.garage_credentials', 'nextcloud', host='backend')['secret_key'] }}"
nextcloud_s3_bucket: "nextcloud"
nextcloud_s3_host: "{{ hostvars['backend']['garage_s3_domain'] }}"
nextcloud_s3_port: 80
nextcloud_s3_ssl: false
nextcloud_s3_usepath_style: true
# Extra hosts for container DNS resolution (Vagrant only)
nextcloud_extra_hosts:
- "storage.local.test:192.168.56.11"
- "keycloak.local.test:192.168.56.11"
- "authentik.local.test:192.168.56.11"
- "389ds:192.168.56.11"
# LDAP backend (pre-create users synced from Keycloak via 389ds)
nextcloud_ldap_enabled: true
nextcloud_ldap_config:
ldapHost: "ldaps://389ds"
ldapPort: "3636"
ldapAgentName: "cn=Directory Manager"
ldapAgentPassword: "admin"
ldapBase: "dc=local,dc=test"
ldapBaseUsers: "ou=users,dc=local,dc=test"
ldapBaseGroups: "dc=local,dc=test"
ldapTLS: "0"
turnOffCertCheck: "1"
ldapUserFilter: "(&(objectclass=inetOrgPerson)(uid=*))"
ldapUserFilterObjectclass: "inetOrgPerson"
ldapLoginFilter: "(&(objectclass=inetOrgPerson)(uid=%uid))"
ldapLoginFilterUsername: "1"
ldapUserDisplayName: "displayName"
ldapEmailAttribute: "mail"
ldapExpertUsernameAttr: "uid"
ldapExpertUUIDUserAttr: "nsuniqueid"
ldapCacheTTL: "600"
ldapPagingSize: "500"
ldapExperiencedAdmin: "1"
ldapConfigurationActive: "1"
# OIDC providers for login
nextcloud_oidc_providers:
- identifier: keycloak
display_name: "Login with Keycloak"
client_id: "nextcloud"
client_secret: "nextcloud-secret-change-in-production"
discovery_url: "https://keycloak.local.test/realms/vagrant/.well-known/openid-configuration"
scope: "openid email profile"
unique_uid: false
mapping:
uid: preferred_username
display_name: name
email: email
- identifier: authentik
display_name: "Login with Authentik"
client_id: "test1234"
client_secret: "test1234"
discovery_url: "https://authentik.local.test/application/o/nextcloud/.well-known/openid-configuration"
scope: "openid email profile"
unique_uid: true
mapping:
uid: preferred_username
display_name: name
email: email
View git blame Copy permalink