Post-Tyranny-Tech-Infrastructure/ansible/roles/nextcloud/defaults/main.yml

---
# Default variables for nextcloud role

# Nextcloud version
nextcloud_version: "latest"  # Always use latest stable version

# Database configuration
nextcloud_db_type: "pgsql"
nextcloud_db_host: "nextcloud-db"
nextcloud_db_port: "5432"
nextcloud_db_name: "nextcloud"
nextcloud_db_user: "nextcloud"

# Admin user configuration
nextcloud_admin_user: "admin"

# Nextcloud domain (will be set from client_domain variable)
nextcloud_domain: "nextcloud.{{ client_domain }}"

# Redis configuration for caching and file locking
nextcloud_redis_host: "nextcloud-redis"
nextcloud_redis_port: "6379"

# OIDC configuration
# Note: OIDC credentials are provided dynamically by the Authentik role
# via /tmp/authentik_oidc_credentials.json during deployment
nextcloud_oidc_enabled: true
nextcloud_oidc_provider_url: "https://{{ authentik_domain }}"
nextcloud_oidc_client_id: ""  # Set dynamically from Authentik
nextcloud_oidc_client_secret: ""  # Set dynamically from Authentik

# Trusted domains (for Nextcloud config)
nextcloud_trusted_domains:
  - "{{ nextcloud_domain }}"

# PHP memory limit
nextcloud_php_memory_limit: "512M"
nextcloud_php_upload_limit: "16G"

# Collabora Office configuration
collabora_enabled: true
collabora_domain: "office.{{ client_domain }}"
collabora_admin_user: "admin"
# Password stored in secrets: collabora_admin_password

# Two-factor authentication
twofactor_enforced: true