Post-X-Society/Post-Tyranny-Tech-Infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Post-Tyranny-Tech-Infrastru.../ansible/roles/nextcloud/tasks/oidc.yml

37 lines
1.4 KiB
YAML
Raw Normal View History

Deploy Nextcloud file sync/share with automated installation (#4) This commit implements a complete Nextcloud deployment with PostgreSQL, Redis, automated installation, and preparation for OIDC/SSO integration with Zitadel. ## Nextcloud Deployment ### New Ansible Role (ansible/roles/nextcloud/) - Complete Nextcloud v30 deployment with Docker Compose - PostgreSQL 16 backend with persistent volumes - Redis 7 for caching and file locking - Automated installation via Docker environment variables - Post-installation configuration via occ commands ### Features Implemented - **Database**: PostgreSQL with proper credentials and persistence - **Caching**: Redis for memory caching and file locking - **HTTPS**: Traefik integration with Let's Encrypt SSL - **Security**: Proper security headers and HSTS - **WebDAV**: CalDAV/CardDAV redirect middleware - **Configuration**: Automated trusted domain, reverse proxy, and Redis setup - **OIDC Preparation**: user_oidc app installed and enabled ### Traefik Updates - Added Nextcloud routing to dynamic.yml (static file-based config) - Configured CalDAV/CardDAV redirect middleware - Added Nextcloud-specific security headers ### Configuration Tasks - Automated trusted domain configuration for nextcloud.test.vrije.cloud - Reverse proxy overwrite settings (protocol, host, CLI URL) - Redis cache and locking configuration - Default phone region (NL) - Background jobs via cron ## Deployment Status ✅ Successfully deployed and tested: - Nextcloud: https://nextcloud.test.vrije.cloud/ - Admin login working - PostgreSQL database initialized - Redis caching operational - HTTPS with Let's Encrypt SSL - user_oidc app installed (ready for Zitadel integration) ## Next Steps To complete OIDC/SSO integration: 1. Create OIDC application in Zitadel console 2. Use redirect URI: https://nextcloud.test.vrije.cloud/apps/user_oidc/code 3. Configure provider in Nextcloud with Zitadel credentials Partially addresses #4 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2026-01-06 09:30:54 +01:00
---
# OIDC/SSO integration tasks for Nextcloud with Zitadel
- name: Check if user_oidc app is installed
shell: docker exec -u www-data nextcloud php occ app:list --output=json
register: nextcloud_apps
changed_when: false
- name: Parse installed apps
set_fact:
user_oidc_installed: "{{ 'user_oidc' in (nextcloud_apps.stdout | from_json).enabled }}"
- name: Install user_oidc app
shell: docker exec -u www-data nextcloud php occ app:install user_oidc
when: not user_oidc_installed
register: oidc_install
changed_when: "'installed' in oidc_install.stdout"
- name: Enable user_oidc app
shell: docker exec -u www-data nextcloud php occ app:enable user_oidc
when: not user_oidc_installed
# Note: OIDC provider configuration requires the Zitadel application to be created first
# This will be configured manually or via Zitadel API in a follow-up task
- name: Display OIDC configuration instructions
debug:
msg: |
To complete OIDC setup:
1. Create an OIDC application in Zitadel console at https://{{ zitadel_domain }}
2. Use redirect URI: https://{{ nextcloud_domain }}/apps/user_oidc/code
3. Configure the provider in Nextcloud using:
docker exec -u www-data nextcloud php occ user_oidc:provider:add \
--clientid="<client_id>" \
--clientsecret="<client_secret>" \
--discoveryuri="https://{{ zitadel_domain }}/.well-known/openid-configuration" \
"Zitadel"
Reference in a new issue Copy permalink