From 03a84c0d6aefa1942a0b284b02d00588af559f3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Fra=C3=9F?= Date: Tue, 7 Oct 2025 14:38:48 +0200 Subject: [PATCH] Revert "[int]" This reverts commit ae35b719400499e9093ef39d62b778d83f8deae4. --- roles/authelia-for-owncloud/cfg.schema.json | 93 ------------- .../authelia-for-owncloud/defaults/main.json | 26 ++-- roles/authelia-for-owncloud/tasks/main.json | 118 ++++++---------- .../authelia-client-conf-android.json.j2 | 24 +--- .../authelia-client-conf-desktop.json.j2 | 25 +--- .../authelia-client-conf-ios.json.j2 | 25 +--- .../authelia-client-conf-web.json.j2 | 27 +--- roles/authelia-for-owncloud/vardef.json | 34 +++++ roles/authelia/templates/conf-main.json.j2 | 8 +- roles/owncloud/cfg.schema.json | 128 ------------------ roles/owncloud/defaults/main.json | 38 +++--- roles/owncloud/info.md | 6 - roles/owncloud/tasks/main.json | 33 ++--- roles/owncloud/templates/env.j2 | 83 +++++------- roles/owncloud/vardef.json | 75 ++++++++++ 15 files changed, 241 insertions(+), 502 deletions(-) delete mode 100644 roles/authelia-for-owncloud/cfg.schema.json create mode 100644 roles/authelia-for-owncloud/vardef.json delete mode 100644 roles/owncloud/cfg.schema.json create mode 100644 roles/owncloud/vardef.json diff --git a/roles/authelia-for-owncloud/cfg.schema.json b/roles/authelia-for-owncloud/cfg.schema.json deleted file mode 100644 index 42ae537..0000000 --- a/roles/authelia-for-owncloud/cfg.schema.json +++ /dev/null @@ -1,93 +0,0 @@ -{ - "nullable": false, - "type": "object", - "properties": { - "owncloud_url_base": { - "nullable": false, - "type": "string", - "default": "https://owncloud.example.org" - }, - "web": { - "nullable": true, - "type": "object", - "properties": { - "client_id": { - "nullable": false, - "type": "string", - "default": "owncloud_web" - } - }, - "additionalProperties": false, - "required": [ - ], - "default": { - } - }, - "desktop": { - "nullable": true, - "type": "object", - "properties": { - "client_id": { - "nullable": false, - "type": "string", - "default": "xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69" - }, - "client_secret": { - "nullable": false, - "type": "string", - "default": "UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh" - } - }, - "additionalProperties": false, - "required": [ - ], - "default": { - } - }, - "android": { - "nullable": true, - "type": "object", - "properties": { - "client_id": { - "nullable": false, - "type": "string", - "default": "e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD" - }, - "client_secret": { - "nullable": false, - "type": "string", - "default": "dInFYGV33xKzhbRmpqQltYNdfLdJIfJ9L5ISoKhNoT9qZftpdWSP71VrpGR9pmoD" - } - }, - "additionalProperties": false, - "required": [ - ], - "default": { - } - }, - "ios": { - "nullable": true, - "type": "object", - "properties": { - "ios_client_id": { - "nullable": false, - "type": "string", - "default": "mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1" - }, - "ios_client_secret": { - "nullable": false, - "type": "string", - "default": "KFeFWWEZO9TkisIQzR3fo7hfiMXlOpaqP8CFuTbSHzV1TUuGECglPxpiVKJfOXIx" - } - }, - "additionalProperties": false, - "required": [ - ], - "default": { - } - } - }, - "additionalProperties": false, - "required": [ - ] -} diff --git a/roles/authelia-for-owncloud/defaults/main.json b/roles/authelia-for-owncloud/defaults/main.json index 71aba99..4daa968 100644 --- a/roles/authelia-for-owncloud/defaults/main.json +++ b/roles/authelia-for-owncloud/defaults/main.json @@ -1,20 +1,10 @@ { - "cfg_authelia_for_owncloud_defaults": { - "owncloud_url_base": "https://owncloud.example.org", - "web": { - "client_id": "owncloud_web" - }, - "desktop": { - "client_id": "xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69", - "client_secret": "UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh" - }, - "android": { - "client_id": "e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD", - "client_secret": "dInFYGV33xKzhbRmpqQltYNdfLdJIfJ9L5ISoKhNoT9qZftpdWSP71VrpGR9pmoD" - }, - "ios": { - "client_id": "mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1", - "client_secret": "KFeFWWEZO9TkisIQzR3fo7hfiMXlOpaqP8CFuTbSHzV1TUuGECglPxpiVKJfOXIx" - } - } + "var_authelia_for_owncloud_owncloud_url_base": "https://owncloud.example.org", + "var_authelia_for_owncloud_web_client_id": "owncloud_web", + "var_authelia_for_owncloud_android_client_id": "owncloud_android", + "var_authelia_for_owncloud_android_client_secret": "REPLACE_ME", + "var_authelia_for_owncloud_ios_client_id": "owncloud_ios", + "var_authelia_for_owncloud_ios_client_secret": "REPLACE_ME", + "var_authelia_for_owncloud_desktop_client_id": "xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69", + "var_authelia_for_owncloud_desktop_client_secret": "UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh" } diff --git a/roles/authelia-for-owncloud/tasks/main.json b/roles/authelia-for-owncloud/tasks/main.json index 45ec048..99c0626 100644 --- a/roles/authelia-for-owncloud/tasks/main.json +++ b/roles/authelia-for-owncloud/tasks/main.json @@ -1,91 +1,49 @@ [ { - "name": "configuration | client | web", - "when": "cfg_authelia_for_owncloud.web != None", - "block": [ - { - "name": "compute client secret hash", - "become": true, - "ansible.builtin.shell": { - "cmd": "authelia crypto hash generate bcrypt --password {{cfg_authelia_for_owncloud.web.client_secret}} | cut --delimiter=' ' --fields='2-'" - }, - "register": "temp_authelia_for_owncloud_web_client_secret_hashed" - }, - { - "name": "emplace", - "become": true, - "ansible.builtin.template": { - "src": "authelia-client-conf-web.json.j2", - "dest": "/etc/authelia/conf.d/clients/owncloud-web.json" - } - } - ] + "name": "configuration | compute client secret hash | web", + "become": true, + "ansible.builtin.shell": { + "cmd": "authelia crypto hash generate bcrypt --password {{var_authelia_for_owncloud_web_client_secret}} | cut --delimiter=' ' --fields='2-'" + }, + "register": "temp_authelia_for_owncloud_web_client_secret_hashed" }, { - "name": "configuration | client | desktop", - "when": "cfg_authelia_for_ownloud.desktop != None", - "block": [ - { - "name": "compute client secret hash", - "become": true, - "ansible.builtin.shell": { - "cmd": "authelia crypto hash generate bcrypt --password {{cfg_authelia_for_owncloud.desktop.client_secret}} | cut --delimiter=' ' --fields='2-'" - }, - "register": "temp_authelia_for_owncloud_desktop_client_secret_hashed" - }, - { - "name": "emplace", - "become": true, - "ansible.builtin.template": { - "src": "authelia-client-conf-desktop.json.j2", - "dest": "/etc/authelia/conf.d/clients/owncloud-desktop.json" - } - } - ] + "name": "configuration | compute client secret hash | android", + "become": true, + "ansible.builtin.shell": { + "cmd": "authelia crypto hash generate bcrypt --password {{var_authelia_for_owncloud_android_client_secret}} | cut --delimiter=' ' --fields='2-'" + }, + "register": "temp_authelia_for_owncloud_android_client_secret_hashed" }, { - "name": "configuration | client | android", - "when": "cfg_authelia_for_ownloud.android != None", - "block": [ - { - "name": "compute client secret hash", - "become": true, - "ansible.builtin.shell": { - "cmd": "authelia crypto hash generate bcrypt --password {{cfg_authelia_for_owncloud.android.client_secret}} | cut --delimiter=' ' --fields='2-'" - }, - "register": "temp_authelia_for_owncloud_android_client_secret_hashed" - }, - { - "name": "emplace", - "become": true, - "ansible.builtin.template": { - "src": "authelia-client-conf-android.json.j2", - "dest": "/etc/authelia/conf.d/clients/owncloud-android.json" - } - } - ] + "name": "configuration | compute client secret hash | ios", + "become": true, + "ansible.builtin.shell": { + "cmd": "authelia crypto hash generate bcrypt --password {{var_authelia_for_owncloud_ios_client_secret}} | cut --delimiter=' ' --fields='2-'" + }, + "register": "temp_authelia_for_owncloud_ios_client_secret_hashed" }, { - "name": "configuration | client | ios", - "when": "cfg_authelia_for_ownloud.ios != None", - "block": [ - { - "name": "compute client secret hash", - "become": true, - "ansible.builtin.shell": { - "cmd": "authelia crypto hash generate bcrypt --password {{cfg_authelia_for_owncloud.ios.client_secret}} | cut --delimiter=' ' --fields='2-'" - }, - "register": "temp_authelia_for_owncloud_ios_client_secret_hashed" - }, - { - "name": "emplace", - "become": true, - "ansible.builtin.template": { - "src": "authelia-client-conf-ios.json.j2", - "dest": "/etc/authelia/conf.d/clients/owncloud-ios.json" - } - } - ] + "name": "configuration | compute client secret hash | desktop", + "become": true, + "ansible.builtin.shell": { + "cmd": "authelia crypto hash generate bcrypt --password {{var_authelia_for_owncloud_desktop_client_secret}} | cut --delimiter=' ' --fields='2-'" + }, + "register": "temp_authelia_for_owncloud_desktop_client_secret_hashed" + }, + { + "name": "configuration | emplace", + "become": true, + "loop": [ + {"src": "authelia-client-conf-web.json.j2", "dest": "/etc/authelia/conf.d/clients/owncloud-web.json"}, + {"src": "authelia-client-conf-desktop.json.j2", "dest": "/etc/authelia/conf.d/clients/owncloud-desktop.json"}, + {"src": "authelia-client-conf-android.json.j2", "dest": "/etc/authelia/conf.d/clients/owncloud-android.json"}, + {"src": "authelia-client-conf-ios.json.j2", "dest": "/etc/authelia/conf.d/clients/owncloud-ios.json"} + ], + "ansible.builtin.template": { + "src": "{{item.src}}", + "dest": "{{item.dest}}" + } }, { "name": "configuration | apply", diff --git a/roles/authelia-for-owncloud/templates/authelia-client-conf-android.json.j2 b/roles/authelia-for-owncloud/templates/authelia-client-conf-android.json.j2 index 60ff3ae..b47cbc0 100644 --- a/roles/authelia-for-owncloud/templates/authelia-client-conf-android.json.j2 +++ b/roles/authelia-for-owncloud/templates/authelia-client-conf-android.json.j2 @@ -1,33 +1,19 @@ { - "client_id": "{{cfg_authelia_for_owncloud.android.client_id}}", + "client_id": "{{var_authelia_for_owncloud_android_client_id}}", "client_secret": "{{temp_authelia_for_owncloud_android_client_secret_hashed.stdout}}", "client_name": "ownCloud | Android Client", - - "public": false, "authorization_policy": "one_factor", - "require_pkce": true, - "pkce_challenge_method": "S256", "scopes": [ "openid", - "offline_access", "groups", "profile", - "email" - ], - "redirect_uris": [ - "oc://android.owncloud.com" - - - + "email", + "offline_access" ], "response_types": [ "code" ], - "grant_types": [ - "authorization_code", - "refresh_token" + "redirect_uris": [ + "oc://android.owncloud.com" ] - "access_token_signed_response_alg": "none", - "userinfo_signed_response_alg": "none", - "token_endpoint_auth_method": "client_secret_basic" } diff --git a/roles/authelia-for-owncloud/templates/authelia-client-conf-desktop.json.j2 b/roles/authelia-for-owncloud/templates/authelia-client-conf-desktop.json.j2 index 23b5d22..4338426 100644 --- a/roles/authelia-for-owncloud/templates/authelia-client-conf-desktop.json.j2 +++ b/roles/authelia-for-owncloud/templates/authelia-client-conf-desktop.json.j2 @@ -1,33 +1,20 @@ { - "client_id": "{{cfg_authelia_for_owncloud.desktop.client_id}}", + "client_id": "{{var_authelia_for_owncloud_desktop_client_id}}", "client_secret": "{{temp_authelia_for_owncloud_desktop_client_secret_hashed.stdout}}", "client_name": "ownCloud | Desktop Client", - - "public": false, "authorization_policy": "one_factor", - "require_pkce": true, - "pkce_challenge_method": "S256", "scopes": [ "openid", - "offline_access", "groups", "profile", - "email" - ], - "redirect_uris": [ - "http://127.0.0.1", - "http://localhost" - - + "email", + "offline_access" ], "response_types": [ "code" ], - "grant_types": [ - "authorization_code", - "refresh_token" + "redirect_uris": [ + "http://127.0.0.1", + "http://localhost" ] - "access_token_signed_response_alg": "none", - "userinfo_signed_response_alg": "none", - "token_endpoint_auth_method": "client_secret_basic" } diff --git a/roles/authelia-for-owncloud/templates/authelia-client-conf-ios.json.j2 b/roles/authelia-for-owncloud/templates/authelia-client-conf-ios.json.j2 index cf665bf..e529c5d 100644 --- a/roles/authelia-for-owncloud/templates/authelia-client-conf-ios.json.j2 +++ b/roles/authelia-for-owncloud/templates/authelia-client-conf-ios.json.j2 @@ -1,33 +1,20 @@ { - "client_id": "{{cfg_authelia_for_owncloud.ios.client_id}}", + "client_id": "{{var_authelia_for_owncloud_ios_client_id}}", "client_secret": "{{temp_authelia_for_owncloud_ios_client_secret_hashed.stdout}}", "client_name": "ownCloud | iOS Client", - - "public": false, "authorization_policy": "one_factor", - "require_pkce": true, - "pkce_challenge_method": "S256", "scopes": [ "openid", - "offline_access", "groups", "profile", - "email" - ], - "redirect_uris": [ - "oc://ios.owncloud.com", - "oc.ios://ios.owncloud.com" - - + "email", + "offline_access" ], "response_types": [ "code" ], - "grant_types": [ - "authorization_code", - "refresh_token" + "redirect_uris": [ + "oc://ios.owncloud.com", + "oc.ios://ios.owncloud.com" ] - "access_token_signed_response_alg": "none", - "userinfo_signed_response_alg": "none", - "token_endpoint_auth_method": "client_secret_basic" } diff --git a/roles/authelia-for-owncloud/templates/authelia-client-conf-web.json.j2 b/roles/authelia-for-owncloud/templates/authelia-client-conf-web.json.j2 index 0970c43..45b6983 100644 --- a/roles/authelia-for-owncloud/templates/authelia-client-conf-web.json.j2 +++ b/roles/authelia-for-owncloud/templates/authelia-client-conf-web.json.j2 @@ -1,33 +1,20 @@ { - "client_id": "{{cfg_authelia_for_owncloud.web.client_id}}", - + "client_id": "{{var_authelia_for_owncloud_web_client_id}}", "client_name": "ownCloud | Web Client", - "lifespan": "ocis", "public": true, "authorization_policy": "one_factor", - "require_pkce": true, - "pkce_challenge_method": "S256", "scopes": [ "openid", - "offline_access", - "groups", + "email", "profile", - "email" - ], - "redirect_uris": [ - "{{var_authelia_for_owncloud_owncloud_url_base}}", - "{{var_authelia_for_owncloud_owncloud_url_base}}/oidc-callback.html", - "{{var_authelia_for_owncloud_owncloud_url_base}}/oidc-silent-redirect.html", - "{{var_authelia_for_owncloud_owncloud_url_base}}/apps/openidconnect/redirect" + "groups" ], "response_types": [ "code" ], - "grant_types": [ - "authorization_code", - "refresh_token" + "redirect_uris": [ + "{{var_authelia_for_owncloud_owncloud_url_base}}", + "{{var_authelia_for_owncloud_owncloud_url_base}}/oidc-callback.html", + "{{var_authelia_for_owncloud_owncloud_url_base}}/oidc-silent-redirect.html" ] - "access_token_signed_response_alg": "none", - "userinfo_signed_response_alg": "none", - "token_endpoint_auth_method": "none" } diff --git a/roles/authelia-for-owncloud/vardef.json b/roles/authelia-for-owncloud/vardef.json new file mode 100644 index 0000000..531604d --- /dev/null +++ b/roles/authelia-for-owncloud/vardef.json @@ -0,0 +1,34 @@ +{ + "owncloud_url_base": { + "type": "string", + "mandatory": false + }, + "web_client_id": { + "type": "string", + "mandatory": false + }, + "android_client_id": { + "type": "string", + "mandatory": false + }, + "android_client_secret": { + "type": "string", + "mandatory": true + }, + "ios_client_id": { + "type": "string", + "mandatory": false + }, + "ios_client_secret": { + "type": "string", + "mandatory": true + }, + "dektop_client_id": { + "type": "string", + "mandatory": false + }, + "desktop_client_secret": { + "type": "string", + "mandatory": false + } +} diff --git a/roles/authelia/templates/conf-main.json.j2 b/roles/authelia/templates/conf-main.json.j2 index 5d77df9..84a4214 100644 --- a/roles/authelia/templates/conf-main.json.j2 +++ b/roles/authelia/templates/conf-main.json.j2 @@ -196,13 +196,7 @@ ], "lifespans": { "access_token": "{{var_authelia_oidc_lifespan_access_token}}", - "refresh_token": "{{var_authelia_oidc_lifespan_refresh_token}}", - "custom": { - "ocis": { - "access_token": "2d", - "refresh_token": "3d" - } - } + "refresh_token": "{{var_authelia_oidc_lifespan_refresh_token}}" }, "cors": { "allowed_origins_from_client_redirect_uris": true diff --git a/roles/owncloud/cfg.schema.json b/roles/owncloud/cfg.schema.json deleted file mode 100644 index 0b4ed0b..0000000 --- a/roles/owncloud/cfg.schema.json +++ /dev/null @@ -1,128 +0,0 @@ -{ - "nullable": false, - "type": "object", - "properties": { - "user": { - "nullable": false, - "type": "string", - "default": "owncloud" - }, - "directory": { - "nullable": false, - "type": "string", - "default": "/opt/owncloud" - }, - "version": { - "nullable": false, - "type": "string", - "default": "7.2.0" - }, - "platform": { - "nullable": false, - "type": "string", - "default": "linux-amd64" - }, - "domain": { - "nullable": false, - "type": "string", - "default": "owncloud.example.org" - }, - "admin_password": { - "nullable": false, - "type": "string" - }, - "authentication": { - "nullable": false, - "type": "object", - "properties": { - "kind": { - "type": "string", - "enum": [ - "internal", - "authelia" - ], - "default": "internal" - }, - "data": { - "anyOf": [ - { - "nullable": false, - "type": "object", - "properties": { - "authelia": { - "nullable": false, - "type": "object", - "properties": { - "url_base": { - "nullable": false, - "type": "string" - }, - "web": { - "nullable": true, - "type": "object", - "properties": { - "client_id": { - "type": "string", - "mandatory": false, - "default": "owncloud_web" - } - }, - "additionalProperties": false, - "required": [ - ], - "default": { - } - } - }, - "additionalProperties": false, - "required": [ - "url_base" - ] - } - }, - "additionalProperties": false, - "required": [ - "authelia" - ] - } - ] - } - }, - "additionalProperties": false, - "required": [ - ], - "default": { - } - }, - "public_share": { - "nullable": false, - "type": "object", - "properties": { - "password_necessity": { - "nullable": false, - "type": "string", - "enum": [ - "nothing", - "writable", - "all" - ], - "default": "writable" - }, - "password_policy_active": { - "nullable": false, - "type": "boolean", - "default": true - } - }, - "additionalProperties": false, - "required": [ - ], - "default": { - } - } - }, - "additionalProperties": false, - "required": [ - "admin_password" - ] -} diff --git a/roles/owncloud/defaults/main.json b/roles/owncloud/defaults/main.json index 0c24d09..1101e12 100644 --- a/roles/owncloud/defaults/main.json +++ b/roles/owncloud/defaults/main.json @@ -1,24 +1,18 @@ { - "cfg_owncloud_defaults": { - "user": "owncloud", - "directory": "/opt/owncloud", - "version": "7.2.0", - "platform": "linux-amd64", - "domain": "owncloud.example.org", - "authentication": { - "kind": "internal", - "data": { - "authelia": { - "url_base": "https://authelia.example.org", - "web": { - "client_id": "owncloud_web" - } - } - } - }, - "public_share": { - "password_necessity": "writable", - "password_policy_active": true - } - } + "var_owncloud_user": "owncloud", + "var_owncloud_directory": "/opt/owncloud", + "var_owncloud_version": "5.0.0", + "var_owncloud_platform": "linux-amd64", + "var_owncloud_domain": "owncloud.example.org", + "var_owncloud_admin_password": "REPLACE_ME", + "var_owncloud_authentication_kind": "internal", + "var_owncloud_authentication_data_authelia_url_base": "https://authelia.example.org", + "var_owncloud_authentication_data_authelia_web_client_id": "owncloud_web", + "var_owncloud_authentication_data_authelia_web_client_secret": "REPLACE_ME", + "var_owncloud_authentication_data_authelia_android_client_id": "owncloud_android", + "var_owncloud_authentication_data_authelia_android_client_secret": "REPLACE_ME", + "var_owncloud_authentication_data_authelia_ios_client_id": "owncloud_ios", + "var_owncloud_authentication_data_authelia_ios_client_secret": "REPLACE_ME", + "var_owncloud_public_share_password_necessity": "writable", + "var_owncloud_public_share_password_policy_active": true } diff --git a/roles/owncloud/info.md b/roles/owncloud/info.md index 8424eaf..b74ee6d 100644 --- a/roles/owncloud/info.md +++ b/roles/owncloud/info.md @@ -7,7 +7,6 @@ Cloud-Plattform [ownCloud](https://owncloud.com/) (the rewrite in Go named "Infi - [ownCloud-Dokumentation | How to install ownCloud Infinite Scale Tech Preview in three easy steps](https://owncloud.com/news/howto-install-owncloud-infinite-scale-tech-preview/) - [ownCloud-Dokumentation | oCIS](https://owncloud.dev/ocis/) -- [ownCloud-Dokumentation | env var types](https://doc.owncloud.com/ocis/next/deployment/services/envvar-types-description.html) - [ownCloud-Dokumentation | Service | Proxy](https://doc.owncloud.com/ocis/next/deployment/services/s-list/proxy.html) - [ownCloud-Dokumentation | Service | Web](https://doc.owncloud.com/ocis/next/deployment/services/s-list/web.html) - [ownCloud-Dokumentation | Service | Sharing](https://doc.owncloud.com/ocis/next/deployment/services/s-list/sharing.html) @@ -15,11 +14,6 @@ Cloud-Plattform [ownCloud](https://owncloud.com/) (the rewrite in Go named "Infi - [ownCloud-Foren | OCIS + Authelia](https://central.owncloud.org/t/ocis-authelia/44222) -## Bermerkungen - -- die Konfiguration ist zweistufig: man trägt Werte in die `.env`-Datei ein und lässt dann von owncloud auf Basis dessen eine vollwertige Konfiguration (`.ocis/config/ocis.yaml`) erstellen, welche nicht händisch angelegt oder geändert werden sollte - - ## ToDo - Download prüfen diff --git a/roles/owncloud/tasks/main.json b/roles/owncloud/tasks/main.json index d76f3ad..0a6e356 100644 --- a/roles/owncloud/tasks/main.json +++ b/roles/owncloud/tasks/main.json @@ -3,50 +3,37 @@ "name": "user", "become": true, "ansible.builtin.user": { - "name": "{{cfg_owncloud.user}}", + "name": "{{var_owncloud_user}}", "create_home": true, - "home": "{{cfg_owncloud.directory}}" + "home": "{{var_owncloud_directory}}" } }, { "name": "download", "become": true, - "become_user": "{{cfg_owncloud.user}}", + "become_user": "{{var_owncloud_user}}", "ansible.builtin.get_url": { - "url": "https://download.owncloud.com/ocis/ocis/stable/{{cfg_owncloud.version}}/ocis-{{cfg_owncloud.version}}-{{cfg_owncloud.platform}}", - "dest": "{{cfg_owncloud.directory}}/ocis", + "url": "https://download.owncloud.com/ocis/ocis/stable/{{var_owncloud_version}}/ocis-{{var_owncloud_version}}-{{var_owncloud_platform}}", + "dest": "{{var_owncloud_directory}}/ocis", "mode": "u+rx" } }, - { - "name": "directories", - "become": true, - "become_user": "{{cfg_owncloud.user}}", - "loop": [ - "log" - ], - "ansible.builtin.file": { - "state": "directory", - "recurse": true, - "path": "{{cfg_owncloud.directory}}/{{item}}" - } - }, { "name": "setup", "become": true, - "become_user": "{{cfg_owncloud.user}}", + "become_user": "{{var_owncloud_user}}", "ansible.builtin.shell": { - "chdir": "{{cfg_owncloud.directory}}", - "cmd": "rm -f {{cfg_owncloud.directory}}/.ocis/config/ocis.yaml && ./ocis init --insecure no --admin-password={{cfg_owncloud.admin_password}}" + "chdir": "{{var_owncloud_directory}}", + "cmd": "rm -f {{var_owncloud_directory}}/.ocis/config/ocis.yaml && ./ocis init --insecure no --admin-password={{var_owncloud_admin_password}}" } }, { "name": "configuration", "become": true, - "become_user": "{{cfg_owncloud.user}}", + "become_user": "{{var_owncloud_user}}", "ansible.builtin.template": { "src": "env.j2", - "dest": "{{cfg_owncloud.directory}}/.env" + "dest": "{{var_owncloud_directory}}/.env" } }, { diff --git a/roles/owncloud/templates/env.j2 b/roles/owncloud/templates/env.j2 index e8426ef..1c53400 100644 --- a/roles/owncloud/templates/env.j2 +++ b/roles/owncloud/templates/env.j2 @@ -1,57 +1,44 @@ -## web client -WEB_LOG_LEVEL=info -WEB_LOG_FILE={{cfg_owncloud.directory}}/log/web -WEB_LOG_PRETTY=true -WEB_LOG_COLOR=true -{% if cfg_owncloud.authentication_kind == 'internal' %} -{% endif %} -{% if cfg_owncloud.authentication_kind == 'authelia' %} -WEB_OIDC_AUTHORITY={{cfg_owncloud.authentication.data.authelia.url_base}} -WEB_OIDC_CLIENT_ID={{cfg_owncloud.authentication.data.authelia.web.client_id}} -WEB_OIDC_RESPONSE_TYPE=code -WEB_OIDC_SCOPE=openid profile email groups -WEB_OPTION_LOGIN_URL={{cfg_owncloud.authentication.data.authelia.url_base}} -WEB_OPTION_LOGOUT_URL={{cfg_owncloud.authentication.data.authelia.url_base}} +OCIS_URL="https://{{var_owncloud_domain}}" +OCIS_INSECURE="false" + +PROXY_TLS="false" + +{% if var_owncloud_authentication_kind == 'internal' %} +PROXY_AUTOPROVISION_ACCOUNTS="false" {% endif %} -## other clients -PROXY_LOG_LEVEL=info -PROXY_LOG_FILE={{cfg_owncloud.directory}}/log/proxy -PROXY_LOG_PRETTY=true -PROXY_LOG_COLOR=true -PROXY_TLS=false -{% if cfg_owncloud.authentication_kind == 'internal' %} -PROXY_AUTOPROVISION_ACCOUNTS=false -{% endif %} -{% if cfg_owncloud.authentication_kind == 'authelia' %} -PROXY_OIDC_ISSUER={{cfg_owncloud.authentication.data.authelia.url_base}} -PROXY_OIDC_REWRITE_WELLKNOWN=true -PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD=none -PROXY_OIDC_SKIP_USER_INFO=false -PROXY_AUTOPROVISION_ACCOUNTS=true -PROXY_AUTOPROVISION_CLAIM_USERNAME=preferred_username -PROXY_AUTOPROVISION_CLAIM_EMAIL=email -PROXY_AUTOPROVISION_CLAIM_DISPLAYNAME=name -PROXY_AUTOPROVISION_CLAIM_GROUPS=groups -PROXY_USER_OIDC_CLAIM=preferred_username -PROXY_USER_CS3_CLAIM=username +{% if var_owncloud_authentication_kind == 'authelia' %} +OCIS_OIDC_CLIENT_ID="{{var_owncloud_authentication_data_authelia_web_client_id}}" +OCIS_OIDC_ISSUER="{{var_owncloud_authentication_data_authelia_url_base}}" + +PROXY_AUTOPROVISION_ACCOUNTS="true" +PROXY_OIDC_REWRITE_WELLKNOWN="true" +PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD="none" +PROXY_OIDC_INSECURE="false" +PROXY_USER_OIDC_CLAIM="name" +PROXY_USER_CS3_CLAIM="username" + +WEB_OIDC_AUTHORITY="{{var_owncloud_authentication_data_authelia_url_base}}" +WEB_OIDC_METADATA_URL="{{var_owncloud_authentication_data_authelia_url_base}}/.well-known/openid-configuration" +WEB_OIDC_CLIENT_ID="{{var_owncloud_authentication_data_authelia_web_client_id}}" +WEB_OIDC_SCOPE="openid profile email groups" {% endif %} -## sharing -{% if cfg_owncloud.public_share.password_necessity == 'nothing' %} -OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD=false -OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD=false +{% if var_owncloud_public_share_password_necessity == 'nothing' %} +OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD="false" +OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD="false" {% endif %} -{% if cfg_owncloud.public_share.password_necessity == 'writable' %} -OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD=false -OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD=true +{% if var_owncloud_public_share_password_necessity == 'writable' %} +OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD="false" +OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD="true" {% endif %} -{% if cfg_owncloud.public_share.password_necessity == 'all' %} -OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD=true -OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD=true +{% if var_owncloud_public_share_password_necessity == 'all' %} +OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD="true" +OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD="true" {% endif %} -{% if cfg_owncloud.public_share.password_policy_active %} -OCIS_SHARING_PASSWORD_POLICY_DISABLED=false + +{% if var_owncloud_public_share_password_policy_active %} +OCIS_SHARING_PASSWORD_POLICY_DISABLED="false" {% else %} -OCIS_SHARING_PASSWORD_POLICY_DISABLED=true +OCIS_SHARING_PASSWORD_POLICY_DISABLED="true" {% endif %} diff --git a/roles/owncloud/vardef.json b/roles/owncloud/vardef.json new file mode 100644 index 0000000..6641a03 --- /dev/null +++ b/roles/owncloud/vardef.json @@ -0,0 +1,75 @@ +{ + "user": { + "type": "string", + "mandatory": false + }, + "directory": { + "type": "string", + "mandatory": false + }, + "version": { + "type": "string", + "mandatory": false + }, + "platform": { + "type": "string", + "mandatory": false + }, + "domain": { + "type": "string", + "mandatory": false + }, + "admin_password": { + "type": "string", + "mandatory": true + }, + "authentication_kind": { + "type": "string", + "mandatory": false, + "options": [ + "internal", + "authelia" + ] + }, + "authentication_data_authelia_url_base": { + "type": "string", + "mandatory": false + }, + "authentication_data_authelia_web_client_id": { + "type": "string", + "mandatory": false + }, + "authentication_data_authelia_web_client_secret": { + "type": "string", + "mandatory": false + }, + "authentication_data_authelia_android_client_id": { + "type": "string", + "mandatory": false + }, + "authentication_data_authelia_android_client_secret": { + "type": "string", + "mandatory": false + }, + "authentication_data_authelia_ios_client_id": { + "type": "string", + "mandatory": false + }, + "authentication_data_authelia_ios_client_secret": { + "type": "string", + "mandatory": false + }, + "public_share_password_necessity": { + "type": "string", + "mandatory": false, + "options": [ + "nothing", + "writable", + "all" + ] + }, + "public_share_password_policy_active": { + "type": "boolean", + "mandatory": false + } +}