ansible-infra/resources/chaosknoten/cloud/nextcloud/config.php.j2
June d0a28589c6
All checks were successful
/ Ansible Lint (push) Successful in 1m39s
reorganize (config) files and templates into one "resources" dir
This groups the files and templates for each host together and therefore
makes it easier to see all the (config) files for a host.

Also clean up incorrect, unused docker_compose config for mumble and
clean up unused engelsystem configs.
2024-12-05 22:18:27 +01:00

98 lines
No EOL
3.8 KiB
Django/Jinja

<?php
$CONFIG = array (
'memcache.local' => '\\OC\\Memcache\\APCu',
'apps_paths' =>
array (
0 =>
array (
'path' => '/var/www/html/apps',
'url' => '/apps',
'writable' => false,
),
1 =>
array (
'path' => '/var/www/html/custom_apps',
'url' => '/custom_apps',
'writable' => true,
),
),
'instanceid' => 'oc9uqhr7buka',
'passwordsalt' => 'SK2vmQeTEHrkkwx9K+hC1WX33lPJDs',
'secret' => '3dBt5THD2ehg0yWdVDAvMmsY8yLtrfk/gE560lkMqYqgh6lu',
'trusted_domains' =>
array (
0 => 'cloud.hamburg.ccc.de',
),
'datadirectory' => '/var/www/html/data',
'dbtype' => 'mysql',
'version' => '25.0.9.2',
'overwrite.cli.url' => 'https://cloud.hamburg.ccc.de',
'dbname' => 'nextcloud',
'dbhost' => 'database',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'nextcloud',
'dbpassword' => 'TdBLMQQeKbz1zab3sySUsGxo3',
'installed' => true,
// Some Nextcloud options that might make sense here
'allow_user_to_change_display_name' => false,
'lost_password_link' => 'disabled',
// URL of provider. All other URLs are auto-discovered from .well-known
'oidc_login_provider_url' => 'https://id.ccchh.net/realms/ccchh',
// Client ID and secret registered with the provider
'oidc_login_client_id' => 'cloud',
'oidc_login_client_secret' => '{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/cloud/kc-client-secret", create=false, missing="error") }}',
// Automatically redirect the login page to the provider
'oidc_login_auto_redirect' => true,
// Redirect to this page after logging out the user
//'oidc_login_logout_url' => 'https://openid.example.com/thankyou',
// If set to true the user will be redirected to the
// logout endpoint of the OIDC provider after logout
// in Nextcloud. After successfull logout the OIDC
// provider will redirect back to 'oidc_login_logout_url' (MUST be set).
'oidc_login_end_session_redirect' => true,
// Quota to assign if no quota is specified in the OIDC response (bytes)
//
// NOTE: If you want to allow NextCloud to manage quotas, omit this option. Do not set it to
// zero or -1 or ''.
'oidc_login_default_quota' => '1000000000',
// Login button text
'oidc_login_button_text' => 'Log in via id.ccchh.net',
// Hide the NextCloud password change form.
'oidc_login_hide_password_form' => false,
// Use ID Token instead of UserInfo
'oidc_login_use_id_token' => false,
'oidc_login_attributes' => array (
'id' => 'preferred_username',
'name' => 'name',
'mail' => 'email',
'quota' => 'ownCloudQuota',
'home' => 'homeDirectory',
'ldap_uid' => 'uid',
'groups' => 'ownCloudGroups',
'login_filter' => 'realm_access_roles',
'photoURL' => 'picture',
'is_admin' => 'ownCloudAdmin',
),
// Default group to add users to (optional, defaults to nothing)
//'oidc_login_default_group' => 'oidc',
'oidc_login_filter_allowed_values' => null,
// Set OpenID Connect scope
'oidc_login_scope' => 'openid profile',
// The `id` attribute in `oidc_login_attributes` must return the
// "Internal Username" (see expert settings in LDAP integration)
'oidc_login_proxy_ldap' => false,
// Fallback to direct login if login from OIDC fails
// Note that no error message will be displayed if enabled
'oidc_login_disable_registration' => false,
//'oidc_login_redir_fallback' => false,
// If you get your groups from the oidc_login_attributes, you might want
// to create them if they are not already existing, Default is `false`.
'oidc_create_groups' => true,
// Enable use of WebDAV via OIDC bearer token.
'oidc_login_webdav_enabled' => true,
// Enable authentication with user/password for DAV clients that do not
// support token authentication (e.g. DAVx⁵)
'oidc_login_password_authentication' => false,
);