93ce586b94
This commit implements a complete Nextcloud deployment with PostgreSQL, Redis, automated installation, and preparation for OIDC/SSO integration with Zitadel. ## Nextcloud Deployment ### New Ansible Role (ansible/roles/nextcloud/) - Complete Nextcloud v30 deployment with Docker Compose - PostgreSQL 16 backend with persistent volumes - Redis 7 for caching and file locking - Automated installation via Docker environment variables - Post-installation configuration via occ commands ### Features Implemented - **Database**: PostgreSQL with proper credentials and persistence - **Caching**: Redis for memory caching and file locking - **HTTPS**: Traefik integration with Let's Encrypt SSL - **Security**: Proper security headers and HSTS - **WebDAV**: CalDAV/CardDAV redirect middleware - **Configuration**: Automated trusted domain, reverse proxy, and Redis setup - **OIDC Preparation**: user_oidc app installed and enabled ### Traefik Updates - Added Nextcloud routing to dynamic.yml (static file-based config) - Configured CalDAV/CardDAV redirect middleware - Added Nextcloud-specific security headers ### Configuration Tasks - Automated trusted domain configuration for nextcloud.test.vrije.cloud - Reverse proxy overwrite settings (protocol, host, CLI URL) - Redis cache and locking configuration - Default phone region (NL) - Background jobs via cron ## Deployment Status ✅ Successfully deployed and tested: - Nextcloud: https://nextcloud.test.vrije.cloud/ - Admin login working - PostgreSQL database initialized - Redis caching operational - HTTPS with Let's Encrypt SSL - user_oidc app installed (ready for Zitadel integration) ## Next Steps To complete OIDC/SSO integration: 1. Create OIDC application in Zitadel console 2. Use redirect URI: https://nextcloud.test.vrije.cloud/apps/user_oidc/code 3. Configure provider in Nextcloud with Zitadel credentials Partially addresses #4 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
52 lines
1.6 KiB
YAML
52 lines
1.6 KiB
YAML
---
|
|
# Deploy applications to client servers
|
|
# This playbook deploys Zitadel, Nextcloud, and other applications
|
|
|
|
- name: Deploy applications to client servers
|
|
hosts: all
|
|
become: yes
|
|
|
|
pre_tasks:
|
|
- name: Gather facts
|
|
setup:
|
|
|
|
- name: Determine client name from hostname
|
|
set_fact:
|
|
client_name: "{{ inventory_hostname }}"
|
|
|
|
- name: Load client secrets
|
|
community.sops.load_vars:
|
|
file: "{{ playbook_dir }}/../../secrets/clients/{{ client_name }}.sops.yaml"
|
|
name: client_secrets
|
|
age_key: "{{ lookup('env', 'SOPS_AGE_KEY_FILE') }}"
|
|
no_log: true
|
|
|
|
- name: Set Zitadel domain from secrets
|
|
set_fact:
|
|
zitadel_domain: "{{ client_secrets.zitadel_domain }}"
|
|
when: client_secrets.zitadel_domain is defined
|
|
|
|
- name: Set client domain from secrets
|
|
set_fact:
|
|
client_domain: "{{ client_secrets.client_domain }}"
|
|
when: client_secrets.client_domain is defined
|
|
|
|
roles:
|
|
- role: zitadel
|
|
- role: nextcloud
|
|
|
|
post_tasks:
|
|
- name: Display deployment summary
|
|
debug:
|
|
msg: |
|
|
Deployment complete for client: {{ client_name }}
|
|
|
|
Zitadel: https://{{ zitadel_domain }}
|
|
Nextcloud: https://nextcloud.{{ client_domain }}
|
|
|
|
Next steps:
|
|
1. Login to Zitadel with the admin credentials
|
|
2. Create OIDC application in Zitadel for Nextcloud
|
|
- Client name: Nextcloud
|
|
- Redirect URI: https://nextcloud.{{ client_domain }}/apps/user_oidc/code
|
|
3. Configure OIDC in Nextcloud using the client ID and secret from Zitadel
|