diff --git a/group_vars/test b/group_vars/test
index 13266484ab87c0c55163d6d4b8f2a9774a1469af..87d7ce1ebd3e1bba417306a27298720b95c1a348 100644
--- a/group_vars/test
+++ b/group_vars/test
@@ -44,6 +44,10 @@ oauth_global:
logout_url: https://uffd.test-warpzone.de/logout
metrics_url: https://uffd.test-warpzone.de/metrics
+oidc_global:
+ provider_url: https://uffd.test-warpzone.de
+ logout_url: https://uffd.test-warpzone.de/logout
+
# Matrix Settings
matrix:
domain: matrix.warpzone.ms
diff --git a/site.yml b/site.yml
index 3d610f1b629f58da663c6128c33156fae3060af9..e2cec181db15b34eac297493dd25dafbcbdb492f 100644
--- a/site.yml
+++ b/site.yml
@@ -54,7 +54,12 @@
basedir: "/srv/{{ servicename }}",
domain: "verwaltung-git.test-warpzone.de"
}
-
+ - {
+ role: testserver/docker_nextcloud, tags: nextcloud,
+ servicename: "nextcloud",
+ basedir: "/srv/{{ servicename }}",
+ domain: "verwaltung.test-warpzone.de"
+ }
##################################################
diff --git a/testserver/docker_nextcloud/tasks/main.yml b/testserver/docker_nextcloud/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..57528eaf71af042a9ac2aabbb74a544eb8fb8f5b
--- /dev/null
+++ b/testserver/docker_nextcloud/tasks/main.yml
@@ -0,0 +1,55 @@
+---
+
+- include_tasks: ../functions/get_secret.yml
+ with_items:
+ - { path: "{{ basedir }}/secrets/nextcloud_admin_pass", length: 24 }
+ - { path: "{{ basedir }}/secrets/nextcloud_oidc_secret", length: 32 }
+ - { path: "{{ basedir }}/secrets/mysql_admin_pass", length: 24 }
+ - { path: "{{ basedir }}/secrets/mysql_user_pass", length: 12 }
+
+
+- name: create folder struct for nextcloud
+ file:
+ path: "{{ item }}"
+ state: "directory"
+ owner: www-data
+ group: root
+ with_items:
+ - "{{ basedir }}"
+ - "{{ basedir }}/data/"
+ - "{{ basedir }}/data/config/"
+ - "{{ basedir }}/db/"
+ - "{{ basedir }}/tmp/"
+ - "{{ basedir }}/secrets/"
+
+
+- name: Docker Compose Konfig-Datei erstellen
+ template:
+ src: "{{ item }}"
+ dest: "{{ basedir }}/{{ item }}"
+ with_items:
+ - "docker-compose.yml"
+ - "memory-limit.ini"
+
+- name: Nextcloud Konfig-Dateien erstellen
+ template:
+ src: "{{ item }}"
+ dest: "{{ basedir }}/data/config/{{ item }}"
+ with_items:
+ - "custom.config.php"
+ - "oidc.config.php"
+
+- name: Script Helper erstellen
+ template:
+ src: "{{ item }}"
+ dest: "{{ basedir }}/{{ item }}"
+ mode: u+x
+ with_items:
+ - "occ.sh"
+
+- name: start nextcloud docker
+ community.docker.docker_compose_v2:
+ project_src: "{{ basedir }}"
+ state: present
+
+
diff --git a/testserver/docker_nextcloud/templates/custom.config.php b/testserver/docker_nextcloud/templates/custom.config.php
new file mode 100644
index 0000000000000000000000000000000000000000..c3aa1e968fb2987ee105ea5cb88c3c7e8f06ccff
--- /dev/null
+++ b/testserver/docker_nextcloud/templates/custom.config.php
@@ -0,0 +1,47 @@
+<?php
+$CONFIG = array (
+
+ // Default language
+ // https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/language_configuration.html#default-language
+ 'default_language' => 'de',
+
+ // Default locale
+ // https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/language_configuration.html#default-locale
+ 'default_locale' => 'de_DE',
+
+ // Default Phone Region
+ // https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#default-phone-region
+ 'default_phone_region' => 'DE',
+
+ // Default Timezone
+ // https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#default-timezone
+ 'default_timezone' => 'Europe/Berlin',
+
+ // Overwrite Host
+ // https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#overwritehost
+ 'overwritehost' => '{{ domain }}',
+
+ // Overwrite Protocoll
+ // https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#overwriteprotocol
+ 'overwriteprotocol' => 'https',
+
+ // Overwrite Url for CLI Access
+ // https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#overwrite-cli-url
+ 'overwrite.cli.url' => 'https://{{ domain }}',
+
+ // Trusted Domains
+ // https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#trusted-domains
+ 'trusted_domains' =>
+ array (
+ 0 => '{{ domain }}',
+ 1 => 'app',
+ ),
+
+ // Forwarded for Headers
+ // https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#forwarded-for-headers
+ 'forwarded_for_headers' => ['HTTP_X_FORWARDED', 'HTTP_FORWARDED_FOR'],
+
+ // Run Maintenance Jobs at any time
+ // https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/background_jobs_configuration.html#parameters
+ 'maintenance_window_start' => 100,
+);
\ No newline at end of file
diff --git a/testserver/docker_nextcloud/templates/docker-compose.yml b/testserver/docker_nextcloud/templates/docker-compose.yml
new file mode 100644
index 0000000000000000000000000000000000000000..345b52a3ecef09109b46e2eef8b2c599219d0faa
--- /dev/null
+++ b/testserver/docker_nextcloud/templates/docker-compose.yml
@@ -0,0 +1,75 @@
+version: "3"
+
+services:
+
+ redis:
+
+ image: redis:7-alpine
+ restart: always
+ networks:
+ - default
+
+
+ mysql:
+
+ image: mariadb:11
+ restart: always
+ volumes:
+ - /srv/nextcloud/db/:/var/lib/mysql
+ environment:
+ MYSQL_ROOT_PASSWORD: "{{ mysql_admin_pass }}"
+ MYSQL_PASSWORD: "{{ mysql_user_pass }}"
+ MYSQL_DATABASE: nextcloud
+ MYSQL_USER: nextcloud
+ networks:
+ - default
+
+
+ app:
+
+ image: nextcloud:28-apache
+ restart: always
+ volumes:
+ - /srv/nextcloud/data/:/var/www/html/
+ - /srv/nextcloud/tmp/:/tmp/nextcloudtemp/
+ - /srv/nextcloud/memory-limit.ini:/usr/local/etc/php/conf.d/memory-limit.ini:ro
+ - /srv/jameica-vnc/work/:/jameica-work/
+ environment:
+ REDIS_HOST: redis
+ MYSQL_DATABASE: nextcloud
+ MYSQL_USER: nextcloud
+ MYSQL_PASSWORD: "{{ mysql_user_pass }}"
+ MYSQL_HOST: mysql
+ NEXTCLOUD_ADMIN_USER: "admin"
+ NEXTCLOUD_ADMIN_PASSWORD: "{{nextcloud_admin_pass}}"
+ NEXTCLOUD_UPDATE: "1"
+ OVERWRITEPROTOCOL: https
+ OVERWRITECLIURL: https://{{ domain }}
+ OVERWRITEHOST: {{ domain }}
+ APPIMAGE_EXTRACT_AND_RUN: 1
+ labels:
+ - traefik.enable=true
+ - traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
+ - traefik.http.routers.{{ servicename }}.entrypoints=websecure
+ - traefik.http.services.{{ servicename }}.loadbalancer.server.port=80
+ networks:
+ - default
+ - web
+
+
+ webcron:
+
+ image: jsonfry/curl-cron:latest
+ restart: always
+ depends_on:
+ - app
+ environment:
+ OPTIONS: "--insecure https://{{ domain }}/cron.php"
+ CRON_SCHEDULE: "*/5 * * * *"
+ networks:
+ - default
+
+
+networks:
+ web:
+ external: true
diff --git a/testserver/docker_nextcloud/templates/memory-limit.ini b/testserver/docker_nextcloud/templates/memory-limit.ini
new file mode 100644
index 0000000000000000000000000000000000000000..b0fe7feff6c6fe46c1f2594cff1bae7aa0db3ef2
--- /dev/null
+++ b/testserver/docker_nextcloud/templates/memory-limit.ini
@@ -0,0 +1 @@
+memory_limit=-1
diff --git a/testserver/docker_nextcloud/templates/occ.sh b/testserver/docker_nextcloud/templates/occ.sh
new file mode 100644
index 0000000000000000000000000000000000000000..e430d8b46bf9f4c2815bc0bf2d8f7b486d892b4d
--- /dev/null
+++ b/testserver/docker_nextcloud/templates/occ.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+# Wrapper zur ausführung des OCC Kommendos im Docker
+docker-compose exec app su www-data -s "/bin/sh" -c "php /var/www/html/occ $1 $2 $3"
\ No newline at end of file
diff --git a/testserver/docker_nextcloud/templates/oidc.config.php b/testserver/docker_nextcloud/templates/oidc.config.php
new file mode 100644
index 0000000000000000000000000000000000000000..51252ff61138eeed00a5b8dc1e5d073dca2280c7
--- /dev/null
+++ b/testserver/docker_nextcloud/templates/oidc.config.php
@@ -0,0 +1,80 @@
+<?php
+$CONFIG = array (
+
+ // Some Nextcloud options that might make sense here
+ 'allow_user_to_change_display_name' => false,
+ 'lost_password_link' => 'disabled',
+
+ // URL of provider. All other URLs are auto-discovered from .well-known
+ 'oidc_login_provider_url' => '{{ oidc_global.provider_url }}',
+
+ // Client ID and secret registered with the provider
+ 'oidc_login_client_id' => 'nextcloud',
+ 'oidc_login_client_secret' => '{{ nextcloud_oidc_secret }}',
+
+ // Automatically redirect the login page to the provider
+ 'oidc_login_auto_redirect' => true,
+
+ // Redirect to this page after logging out the user
+ 'oidc_login_logout_url' => '{{ oidc_global.logout_url }}',
+
+ // If set to true the user will be redirected to the
+ // logout endpoint of the OIDC provider after logout
+ // in Nextcloud. After successfull logout the OIDC
+ // provider will redirect back to 'oidc_login_logout_url' (MUST be set).
+ 'oidc_login_end_session_redirect' => false,
+
+ // Login button text
+ 'oidc_login_button_text' => 'Log in with OpenID/uffd',
+
+ // Hide the NextCloud password change form.
+ 'oidc_login_hide_password_form' => true,
+
+ // Use ID Token instead of UserInfo
+ 'oidc_login_use_id_token' => false,
+
+ // Attribute map for OIDC response.
+ 'oidc_login_attributes' => array (
+ 'id' => 'sub',
+ 'name' => 'name',
+ 'mail' => 'email',
+ 'groups' => 'groups',
+ 'is_admin' => 'groups_nextcloud_admin'
+ ),
+
+ // Default group to add users to (optional, defaults to nothing)
+ //'oidc_login_default_group' => 'oidc',
+
+ // Set OpenID Connect scope
+ 'oidc_login_scope' => 'openid profile email groups',
+
+ // Auto create of users new to Nextcloud from OIDC login.
+ 'oidc_login_disable_registration' => false,
+
+ // Fallback to direct login if login from OIDC fails
+ 'oidc_login_redir_fallback' => false,
+
+ // Auto create of groups
+ 'oidc_create_groups' => false,
+
+ // Enable use of WebDAV via OIDC bearer token.
+ 'oidc_login_webdav_enabled' => false,
+
+ // Enable authentication with user/password for DAV clients that do not
+ // support token authentication (e.g. DAVxâµ)
+ 'oidc_login_password_authentication' => true,
+
+ // The time in seconds used to cache public keys from provider.
+ // The default value is 1 day.
+ 'oidc_login_public_key_caching_time' => 86400,
+
+ // The minimum time in seconds to wait between requests to the jwks_uri endpoint.
+ // Avoids that the provider will be DoSed when someone requests with unknown kids.
+ // The default is 10 seconds.
+ 'oidc_login_min_time_between_jwks_requests' => 10,
+
+ // The time in seconds used to cache the OIDC well-known configuration from the provider.
+ // The default value is 1 day.
+ 'oidc_login_well_known_caching_time' => 86400,
+
+);
\ No newline at end of file