galaxy.yml

@@ -2,10 +2,10 @@
 # The namespace of the collection. This can be a company/brand/organization or product namespace under which all
 # content lives. May only contain alphanumeric lowercase characters and underscores. Namespaces cannot start with
 # underscores or numbers and cannot contain consecutive underscores
-namespace: roydfalk
+namespace: fenris 
 
 # The name of the collection. Has the same character restrictions as 'namespace'
-name: standard
+name: base 
 
 # The version of the collection. Must be compatible with semantic versioning
 version: 1.0.0
@@ -16,7 +16,7 @@ readme: README.md
 # A list of the collection's content authors. Can be just the name or in the format 'Full Name <email> (url)
 # @nicks:irc/im.site#channel'
 authors:
-- Royd Falk <roydfalk@folksprak.org>
+- Fenris <fenris@folksprak.org>
 - Marius <marius@rasumi.net>
 
 ### OPTIONAL but strongly recommended

roles/authelia-for-owncloud/cfg.schema.json

@@ -0,0 +1,93 @@
+{
+	"nullable": false,
+	"type": "object",
+	"properties": {
+		"owncloud_url_base": {
+			"nullable": false,
+			"type": "string",
+			"default": "https://owncloud.example.org"
+		},
+		"web": {
+			"nullable": true,
+			"type": "object",
+			"properties": {
+				"client_id": {
+					"nullable": false,
+					"type": "string",
+					"default": "owncloud_web"
+				}
+			},
+			"additionalProperties": false,
+			"required": [
+			],
+			"default": {
+			}
+		},
+		"desktop": {
+			"nullable": true,
+			"type": "object",
+			"properties": {
+				"client_id": {
+					"nullable": false,
+					"type": "string",
+					"default": "xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69"
+				},
+				"client_secret": {
+					"nullable": false,
+					"type": "string",
+					"default": "UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh"
+				}
+			},
+			"additionalProperties": false,
+			"required": [
+			],
+			"default": {
+			}
+		},
+		"android": {
+			"nullable": true,
+			"type": "object",
+			"properties": {
+				"client_id": {
+					"nullable": false,
+					"type": "string",
+					"default": "e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD"
+				},
+				"client_secret": {
+					"nullable": false,
+					"type": "string",
+					"default": "dInFYGV33xKzhbRmpqQltYNdfLdJIfJ9L5ISoKhNoT9qZftpdWSP71VrpGR9pmoD"
+				}
+			},
+			"additionalProperties": false,
+			"required": [
+			],
+			"default": {
+			}
+		},
+		"ios": {
+			"nullable": true,
+			"type": "object",
+			"properties": {
+				"ios_client_id": {
+					"nullable": false,
+					"type": "string",
+					"default": "mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1"
+				},
+				"ios_client_secret": {
+					"nullable": false,
+					"type": "string",
+					"default": "KFeFWWEZO9TkisIQzR3fo7hfiMXlOpaqP8CFuTbSHzV1TUuGECglPxpiVKJfOXIx"
+				}
+			},
+			"additionalProperties": false,
+			"required": [
+			],
+			"default": {
+			}
+		}
+	},
+	"additionalProperties": false,
+	"required": [
+	]
+}

roles/authelia-for-owncloud/defaults/main.json

@@ -1,10 +1,20 @@
 {
-	"var_authelia_for_owncloud_owncloud_url_base": "https://owncloud.example.org",
+	"cfg_authelia_for_owncloud_defaults": {
-	"var_authelia_for_owncloud_web_client_id": "owncloud_web",
+		"owncloud_url_base": "https://owncloud.example.org",
-	"var_authelia_for_owncloud_android_client_id": "owncloud_android",
+		"web": {
-	"var_authelia_for_owncloud_android_client_secret": "REPLACE_ME",
+			"client_id": "owncloud_web"
-	"var_authelia_for_owncloud_ios_client_id": "owncloud_ios",
+		},
-	"var_authelia_for_owncloud_ios_client_secret": "REPLACE_ME",
+		"desktop": {
-	"var_authelia_for_owncloud_desktop_client_id": "xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69",
+			"client_id": "xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69",
-	"var_authelia_for_owncloud_desktop_client_secret": "UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh"
+			"client_secret": "UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh"
+		},
+		"android": {
+			"client_id": "e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD",
+			"client_secret": "dInFYGV33xKzhbRmpqQltYNdfLdJIfJ9L5ISoKhNoT9qZftpdWSP71VrpGR9pmoD"
+		},
+		"ios": {
+			"client_id": "mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1",
+			"client_secret": "KFeFWWEZO9TkisIQzR3fo7hfiMXlOpaqP8CFuTbSHzV1TUuGECglPxpiVKJfOXIx"
+		}
+	}
 }

roles/authelia-for-owncloud/tasks/main.json

@@ -1,49 +1,91 @@
 [
 	{
-		"name": "configuration | compute client secret hash | web",
+		"name": "configuration | client | web",
-		"become": true,
+		"when": "cfg_authelia_for_owncloud.web != None",
-		"ansible.builtin.shell": {
+		"block": [
-			"cmd": "authelia crypto hash generate bcrypt --password {{var_authelia_for_owncloud_web_client_secret}} | cut --delimiter=' ' --fields='2-'"
+			{
-		},
+				"name": "compute client secret hash",
-		"register": "temp_authelia_for_owncloud_web_client_secret_hashed"
+				"become": true,
+				"ansible.builtin.shell": {
+					"cmd": "authelia crypto hash generate bcrypt --password {{cfg_authelia_for_owncloud.web.client_secret}} | cut --delimiter=' ' --fields='2-'"
+				},
+				"register": "temp_authelia_for_owncloud_web_client_secret_hashed"
+			},
+			{
+				"name": "emplace",
+				"become": true,
+				"ansible.builtin.template": {
+					"src": "authelia-client-conf-web.json.j2",
+					"dest": "/etc/authelia/conf.d/clients/owncloud-web.json"
+				}
+			}
+		]
 	},
 	{
-		"name": "configuration | compute client secret hash | android",
+		"name": "configuration | client | desktop",
-		"become": true,
+		"when": "cfg_authelia_for_ownloud.desktop != None",
-		"ansible.builtin.shell": {
+		"block": [
-			"cmd": "authelia crypto hash generate bcrypt --password {{var_authelia_for_owncloud_android_client_secret}} | cut --delimiter=' ' --fields='2-'"
+			{
-		},
+				"name": "compute client secret hash",
-		"register": "temp_authelia_for_owncloud_android_client_secret_hashed"
+				"become": true,
+				"ansible.builtin.shell": {
+					"cmd": "authelia crypto hash generate bcrypt --password {{cfg_authelia_for_owncloud.desktop.client_secret}} | cut --delimiter=' ' --fields='2-'"
+				},
+				"register": "temp_authelia_for_owncloud_desktop_client_secret_hashed"
+			},
+			{
+				"name": "emplace",
+				"become": true,
+				"ansible.builtin.template": {
+					"src": "authelia-client-conf-desktop.json.j2",
+					"dest": "/etc/authelia/conf.d/clients/owncloud-desktop.json"
+				}
+			}
+		]
 	},
 	{
-		"name": "configuration | compute client secret hash | ios",
+		"name": "configuration | client | android",
-		"become": true,
+		"when": "cfg_authelia_for_ownloud.android != None",
-		"ansible.builtin.shell": {
+		"block": [
-			"cmd": "authelia crypto hash generate bcrypt --password {{var_authelia_for_owncloud_ios_client_secret}} | cut --delimiter=' ' --fields='2-'"
+			{
-		},
+				"name": "compute client secret hash",
-		"register": "temp_authelia_for_owncloud_ios_client_secret_hashed"
+				"become": true,
+				"ansible.builtin.shell": {
+					"cmd": "authelia crypto hash generate bcrypt --password {{cfg_authelia_for_owncloud.android.client_secret}} | cut --delimiter=' ' --fields='2-'"
+				},
+				"register": "temp_authelia_for_owncloud_android_client_secret_hashed"
+			},
+			{
+				"name": "emplace",
+				"become": true,
+				"ansible.builtin.template": {
+					"src": "authelia-client-conf-android.json.j2",
+					"dest": "/etc/authelia/conf.d/clients/owncloud-android.json"
+				}
+			}
+		]
 	},
 	{
-		"name": "configuration | compute client secret hash | desktop",
+		"name": "configuration | client | ios",
-		"become": true,
+		"when": "cfg_authelia_for_ownloud.ios != None",
-		"ansible.builtin.shell": {
+		"block": [
-			"cmd": "authelia crypto hash generate bcrypt --password {{var_authelia_for_owncloud_desktop_client_secret}} | cut --delimiter=' ' --fields='2-'"
+			{
-		},
+				"name": "compute client secret hash",
-		"register": "temp_authelia_for_owncloud_desktop_client_secret_hashed"
+				"become": true,
-	},
+				"ansible.builtin.shell": {
-	{
+					"cmd": "authelia crypto hash generate bcrypt --password {{cfg_authelia_for_owncloud.ios.client_secret}} | cut --delimiter=' ' --fields='2-'"
-		"name": "configuration | emplace",
+				},
-		"become": true,
+				"register": "temp_authelia_for_owncloud_ios_client_secret_hashed"
-		"loop": [
+			},
-			{"src": "authelia-client-conf-web.json.j2", "dest": "/etc/authelia/conf.d/clients/owncloud-web.json"},
+			{
-			{"src": "authelia-client-conf-desktop.json.j2", "dest": "/etc/authelia/conf.d/clients/owncloud-desktop.json"},
+				"name": "emplace",
-			{"src": "authelia-client-conf-android.json.j2", "dest": "/etc/authelia/conf.d/clients/owncloud-android.json"},
+				"become": true,
-			{"src": "authelia-client-conf-ios.json.j2", "dest": "/etc/authelia/conf.d/clients/owncloud-ios.json"}
+				"ansible.builtin.template": {
-		],
+					"src": "authelia-client-conf-ios.json.j2",
-		"ansible.builtin.template": {
+					"dest": "/etc/authelia/conf.d/clients/owncloud-ios.json"
-			"src": "{{item.src}}",
+				}
-			"dest": "{{item.dest}}"
+			}
-		}
+		]
 	},
 	{
 		"name": "configuration | apply",

roles/authelia-for-owncloud/templates/authelia-client-conf-android.json.j2

@@ -1,19 +1,33 @@
 {
-	"client_id": "{{var_authelia_for_owncloud_android_client_id}}",
+	"client_id": "{{cfg_authelia_for_owncloud.android.client_id}}",
 	"client_secret": "{{temp_authelia_for_owncloud_android_client_secret_hashed.stdout}}",
 	"client_name": "ownCloud | Android Client",
+
+	"public": false,
 	"authorization_policy": "one_factor",
+	"require_pkce": true,
+	"pkce_challenge_method": "S256",
 	"scopes": [
 		"openid",
+		"offline_access",
 		"groups",
 		"profile",
-		"email",
+		"email"
-		"offline_access"
+	],
+	"redirect_uris": [
+		"oc://android.owncloud.com"
+		
+		
+		
 	],
 	"response_types": [
 		"code"
 	],
-	"redirect_uris": [
+	"grant_types": [
-		"oc://android.owncloud.com"
+		"authorization_code",
+		"refresh_token"
 	]
+	"access_token_signed_response_alg": "none",
+	"userinfo_signed_response_alg": "none",
+	"token_endpoint_auth_method": "client_secret_basic"
 }

roles/authelia-for-owncloud/templates/authelia-client-conf-desktop.json.j2

@@ -1,20 +1,33 @@
 {
-	"client_id": "{{var_authelia_for_owncloud_desktop_client_id}}",
+	"client_id": "{{cfg_authelia_for_owncloud.desktop.client_id}}",
 	"client_secret": "{{temp_authelia_for_owncloud_desktop_client_secret_hashed.stdout}}",
 	"client_name": "ownCloud | Desktop Client",
+		
+	"public": false,
 	"authorization_policy": "one_factor",
+	"require_pkce": true,
+	"pkce_challenge_method": "S256",
 	"scopes": [
 		"openid",
+		"offline_access",
 		"groups",
 		"profile",
-		"email",
+		"email"
-		"offline_access"
-	],
-	"response_types": [
-		"code"
 	],
 	"redirect_uris": [
 		"http://127.0.0.1",
 		"http://localhost"
+		
+		
+	],
+	"response_types": [
+		"code"
+	],
+	"grant_types": [
+		"authorization_code",
+		"refresh_token"
 	]
+	"access_token_signed_response_alg": "none",
+	"userinfo_signed_response_alg": "none",
+	"token_endpoint_auth_method": "client_secret_basic"
 }

roles/authelia-for-owncloud/templates/authelia-client-conf-ios.json.j2

@@ -1,20 +1,33 @@
 {
-	"client_id": "{{var_authelia_for_owncloud_ios_client_id}}",
+	"client_id": "{{cfg_authelia_for_owncloud.ios.client_id}}",
 	"client_secret": "{{temp_authelia_for_owncloud_ios_client_secret_hashed.stdout}}",
 	"client_name": "ownCloud | iOS Client",
+	
+	"public": false,
 	"authorization_policy": "one_factor",
+	"require_pkce": true,
+	"pkce_challenge_method": "S256",
 	"scopes": [
 		"openid",
+		"offline_access",
 		"groups",
 		"profile",
-		"email",
+		"email"
-		"offline_access"
-	],
-	"response_types": [
-		"code"
 	],
 	"redirect_uris": [
 		"oc://ios.owncloud.com",
 		"oc.ios://ios.owncloud.com"
+		
+		
+	],
+	"response_types": [
+		"code"
+	],
+	"grant_types": [
+		"authorization_code",
+		"refresh_token"
 	]
+	"access_token_signed_response_alg": "none",
+	"userinfo_signed_response_alg": "none",
+	"token_endpoint_auth_method": "client_secret_basic"
 }

roles/authelia-for-owncloud/templates/authelia-client-conf-web.json.j2

@@ -1,20 +1,33 @@
 {
-	"client_id": "{{var_authelia_for_owncloud_web_client_id}}",
+	"client_id": "{{cfg_authelia_for_owncloud.web.client_id}}",
+	
 	"client_name": "ownCloud | Web Client",
+	"lifespan": "ocis",
 	"public": true,
 	"authorization_policy": "one_factor",
+	"require_pkce": true,
+	"pkce_challenge_method": "S256",
 	"scopes": [
 		"openid",
-		"email",
+		"offline_access",
+		"groups",
 		"profile",
-		"groups"
+		"email"
-	],
-	"response_types": [
-		"code"
 	],
 	"redirect_uris": [
 		"{{var_authelia_for_owncloud_owncloud_url_base}}",
 		"{{var_authelia_for_owncloud_owncloud_url_base}}/oidc-callback.html",
-		"{{var_authelia_for_owncloud_owncloud_url_base}}/oidc-silent-redirect.html"
+		"{{var_authelia_for_owncloud_owncloud_url_base}}/oidc-silent-redirect.html",
+		"{{var_authelia_for_owncloud_owncloud_url_base}}/apps/openidconnect/redirect"
+	],
+	"response_types": [
+		"code"
+	],
+	"grant_types": [
+		"authorization_code",
+		"refresh_token"
 	]
+	"access_token_signed_response_alg": "none",
+	"userinfo_signed_response_alg": "none",
+	"token_endpoint_auth_method": "none"
 }

roles/authelia-for-owncloud/vardef.json

@@ -1,34 +0,0 @@
-{
-	"owncloud_url_base": {
-		"type": "string",
-		"mandatory": false
-	},
-	"web_client_id": {
-		"type": "string",
-		"mandatory": false
-	},
-	"android_client_id": {
-		"type": "string",
-		"mandatory": false
-	},
-	"android_client_secret": {
-		"type": "string",
-		"mandatory": true
-	},
-	"ios_client_id": {
-		"type": "string",
-		"mandatory": false
-	},
-	"ios_client_secret": {
-		"type": "string",
-		"mandatory": true
-	},
-	"dektop_client_id": {
-		"type": "string",
-		"mandatory": false
-	},
-	"desktop_client_secret": {
-		"type": "string",
-		"mandatory": false
-	}
-}

roles/authelia/templates/conf-main.json.j2

@@ -196,7 +196,13 @@
 			],
 			"lifespans": {
 				"access_token": "{{var_authelia_oidc_lifespan_access_token}}",
-				"refresh_token": "{{var_authelia_oidc_lifespan_refresh_token}}"
+				"refresh_token": "{{var_authelia_oidc_lifespan_refresh_token}}",
+				"custom": {
+					"ocis": {
+						"access_token": "2d",
+						"refresh_token": "3d"
+					}
+				}
 			},
 			"cors": {
 				"allowed_origins_from_client_redirect_uris": true

roles/owncloud/cfg.schema.json

@@ -0,0 +1,128 @@
+{
+	"nullable": false,
+	"type": "object",
+	"properties": {
+		"user": {
+			"nullable": false,
+			"type": "string",
+			"default": "owncloud"
+		},
+		"directory": {
+			"nullable": false,
+			"type": "string",
+			"default": "/opt/owncloud"
+		},
+		"version": {
+			"nullable": false,
+			"type": "string",
+			"default": "7.2.0"
+		},
+		"platform": {
+			"nullable": false,
+			"type": "string",
+			"default": "linux-amd64"
+		},
+		"domain": {
+			"nullable": false,
+			"type": "string",
+			"default": "owncloud.example.org"
+		},
+		"admin_password": {
+			"nullable": false,
+			"type": "string"
+		},
+		"authentication": {
+			"nullable": false,
+			"type": "object",
+			"properties": {
+				"kind": {
+					"type": "string",
+					"enum": [
+						"internal",
+						"authelia"
+					],
+					"default": "internal"
+				},
+				"data": {
+					"anyOf": [
+						{
+							"nullable": false,
+							"type": "object",
+							"properties": {
+								"authelia": {
+									"nullable": false,
+									"type": "object",
+									"properties": {
+										"url_base": {
+											"nullable": false,
+											"type": "string"
+										},
+										"web": {
+											"nullable": true,
+											"type": "object",
+											"properties": {
+												"client_id": {
+													"type": "string",
+													"mandatory": false,
+													"default": "owncloud_web"
+												}
+											},
+											"additionalProperties": false,
+											"required": [
+											],
+											"default": {
+											}
+										}
+									},
+									"additionalProperties": false,
+									"required": [
+										"url_base"
+									]
+								}
+							},
+							"additionalProperties": false,
+							"required": [
+								"authelia"
+							]
+						}
+					]
+				}
+			},
+			"additionalProperties": false,
+			"required": [
+			],
+			"default": {
+			}
+		},
+		"public_share": {
+			"nullable": false,
+			"type": "object",
+			"properties": {
+				"password_necessity": {
+					"nullable": false,
+					"type": "string",
+					"enum": [
+						"nothing",
+						"writable",
+						"all"
+					],
+					"default": "writable"
+				},
+				"password_policy_active": {
+					"nullable": false,
+					"type": "boolean",
+					"default": true
+				}
+			},
+			"additionalProperties": false,
+			"required": [
+			],
+			"default": {
+			}
+		}
+	},
+	"additionalProperties": false,
+	"required": [
+		"admin_password"
+	]
+}

roles/owncloud/defaults/main.json

@@ -1,18 +1,24 @@
 {
-	"var_owncloud_user": "owncloud",
+	"cfg_owncloud_defaults": {
-	"var_owncloud_directory": "/opt/owncloud",
+		"user": "owncloud",
-	"var_owncloud_version": "7.2.0",
+		"directory": "/opt/owncloud",
-	"var_owncloud_platform": "linux-amd64",
+		"version": "7.2.0",
-	"var_owncloud_domain": "owncloud.example.org",
+		"platform": "linux-amd64",
-	"var_owncloud_admin_password": "REPLACE_ME",
+		"domain": "owncloud.example.org",
-	"var_owncloud_authentication_kind": "internal",
+		"authentication": {
-	"var_owncloud_authentication_data_authelia_url_base": "https://authelia.example.org",
+			"kind": "internal",
-	"var_owncloud_authentication_data_authelia_web_client_id": "owncloud_web",
+			"data": {
-	"var_owncloud_authentication_data_authelia_web_client_secret": "REPLACE_ME",
+				"authelia": {
-	"var_owncloud_authentication_data_authelia_android_client_id": "owncloud_android",
+					"url_base": "https://authelia.example.org",
-	"var_owncloud_authentication_data_authelia_android_client_secret": "REPLACE_ME",
+					"web": {
-	"var_owncloud_authentication_data_authelia_ios_client_id": "owncloud_ios",
+						"client_id": "owncloud_web"
-	"var_owncloud_authentication_data_authelia_ios_client_secret": "REPLACE_ME",
+					}
-	"var_owncloud_public_share_password_necessity": "writable",
+				}
-	"var_owncloud_public_share_password_policy_active": true
+			}
+		},
+		"public_share": {
+			"password_necessity": "writable",
+			"password_policy_active": true
+		}
+	}
 }

roles/owncloud/info.md

@@ -8,6 +8,7 @@ Cloud-Plattform [ownCloud](https://owncloud.com/) (the rewrite in Go named "Infi
 - [ownCloud-Dokumentation | How to install ownCloud Infinite Scale Tech Preview in three easy steps](https://owncloud.com/news/howto-install-owncloud-infinite-scale-tech-preview/)
 - [ownCloud-Dokumentation | oCIS](https://owncloud.dev/ocis/)
 - [ownCloud-Dokumentation | Upgrading](https://doc.owncloud.com/ocis/next/migration/upgrading-ocis.html)
+- [ownCloud-Dokumentation | env var types](https://doc.owncloud.com/ocis/next/deployment/services/envvar-types-description.html)
 - [ownCloud-Dokumentation | Service | Proxy](https://doc.owncloud.com/ocis/next/deployment/services/s-list/proxy.html)
 - [ownCloud-Dokumentation | Service | Web](https://doc.owncloud.com/ocis/next/deployment/services/s-list/web.html)
 - [ownCloud-Dokumentation | Service | Sharing](https://doc.owncloud.com/ocis/next/deployment/services/s-list/sharing.html)

roles/owncloud/tasks/main.json

@@ -3,37 +3,50 @@
 		"name": "user",
 		"become": true,
 		"ansible.builtin.user": {
-			"name": "{{var_owncloud_user}}",
+			"name": "{{cfg_owncloud.user}}",
 			"create_home": true,
-			"home": "{{var_owncloud_directory}}"
+			"home": "{{cfg_owncloud.directory}}"
 		}
 	},
 	{
 		"name": "download",
 		"become": true,
-		"become_user": "{{var_owncloud_user}}",
+		"become_user": "{{cfg_owncloud.user}}",
 		"ansible.builtin.get_url": {
-			"url": "https://download.owncloud.com/ocis/ocis/stable/{{var_owncloud_version}}/ocis-{{var_owncloud_version}}-{{var_owncloud_platform}}",
+			"url": "https://download.owncloud.com/ocis/ocis/stable/{{cfg_owncloud.version}}/ocis-{{cfg_owncloud.version}}-{{cfg_owncloud.platform}}",
-			"dest": "{{var_owncloud_directory}}/ocis",
+			"dest": "{{cfg_owncloud.directory}}/ocis",
 			"mode": "u+rx"
 		}
 	},
+	{
+		"name": "directories",
+		"become": true,
+		"become_user": "{{cfg_owncloud.user}}",
+		"loop": [
+			"log"
+		],
+		"ansible.builtin.file": {
+			"state": "directory",
+			"recurse": true,
+			"path": "{{cfg_owncloud.directory}}/{{item}}"
+		}
+	},
 	{
 		"name": "setup",
 		"become": true,
-		"become_user": "{{var_owncloud_user}}",
+		"become_user": "{{cfg_owncloud.user}}",
 		"ansible.builtin.shell": {
-			"chdir": "{{var_owncloud_directory}}",
+			"chdir": "{{cfg_owncloud.directory}}",
-			"cmd": "rm -f {{var_owncloud_directory}}/.ocis/config/ocis.yaml && ./ocis init --insecure no --admin-password={{var_owncloud_admin_password}}"
+			"cmd": "rm -f {{cfg_owncloud.directory}}/.ocis/config/ocis.yaml && ./ocis init --insecure no --admin-password={{cfg_owncloud.admin_password}}"
 		}
 	},
 	{
 		"name": "configuration",
 		"become": true,
-		"become_user": "{{var_owncloud_user}}",
+		"become_user": "{{cfg_owncloud.user}}",
 		"ansible.builtin.template": {
 			"src": "env.j2",
-			"dest": "{{var_owncloud_directory}}/.env"
+			"dest": "{{cfg_owncloud.directory}}/.env"
 		}
 	},
 	{

roles/owncloud/templates/env.j2

@@ -1,45 +1,58 @@
-OCIS_URL="https://{{var_owncloud_domain}}"
+## web client
-OCIS_INSECURE="false"
+WEB_LOG_LEVEL=info
-
+WEB_LOG_FILE={{cfg_owncloud.directory}}/log/web
-PROXY_TLS="false"
+WEB_LOG_PRETTY=true
-
+WEB_LOG_COLOR=true
-{% if var_owncloud_authentication_kind == 'internal' %}
+{% if cfg_owncloud.authentication_kind == 'internal' %}
-PROXY_AUTOPROVISION_ACCOUNTS="false"
+{% endif %}
+{% if cfg_owncloud.authentication_kind == 'authelia' %}
+WEB_OIDC_AUTHORITY={{cfg_owncloud.authentication.data.authelia.url_base}}
+WEB_OIDC_CLIENT_ID={{cfg_owncloud.authentication.data.authelia.web.client_id}}
+WEB_OIDC_RESPONSE_TYPE=code
+WEB_OIDC_SCOPE=openid profile email groups
+WEB_OPTION_LOGIN_URL={{cfg_owncloud.authentication.data.authelia.url_base}}
+WEB_OPTION_LOGOUT_URL={{cfg_owncloud.authentication.data.authelia.url_base}}
 {% endif %}
 
-{% if var_owncloud_authentication_kind == 'authelia' %}
+## other clients
-OCIS_OIDC_CLIENT_ID="{{var_owncloud_authentication_data_authelia_web_client_id}}"
+PROXY_LOG_LEVEL=info
-OCIS_OIDC_ISSUER="{{var_owncloud_authentication_data_authelia_url_base}}"
+PROXY_LOG_FILE={{cfg_owncloud.directory}}/log/proxy
-
+PROXY_LOG_PRETTY=true
-PROXY_AUTOPROVISION_ACCOUNTS="true"
+PROXY_LOG_COLOR=true
-PROXY_OIDC_REWRITE_WELLKNOWN="true"
+PROXY_TLS=false
-PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD="none"
+{% if cfg_owncloud.authentication_kind == 'internal' %}
-PROXY_OIDC_INSECURE="false"
+PROXY_AUTOPROVISION_ACCOUNTS=false
-PROXY_USER_OIDC_CLAIM="name"
+{% endif %}
-PROXY_USER_CS3_CLAIM="username"
+{% if cfg_owncloud.authentication_kind == 'authelia' %}
-
+PROXY_OIDC_ISSUER={{cfg_owncloud.authentication.data.authelia.url_base}}
-WEB_OIDC_AUTHORITY="{{var_owncloud_authentication_data_authelia_url_base}}"
+PROXY_OIDC_REWRITE_WELLKNOWN=true
-WEB_OIDC_METADATA_URL="{{var_owncloud_authentication_data_authelia_url_base}}/.well-known/openid-configuration"
+PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD=none
-WEB_OIDC_CLIENT_ID="{{var_owncloud_authentication_data_authelia_web_client_id}}"
+PROXY_OIDC_SKIP_USER_INFO=false
-WEB_OIDC_SCOPE="openid profile email groups"
+PROXY_AUTOPROVISION_ACCOUNTS=true
+PROXY_AUTOPROVISION_CLAIM_USERNAME=preferred_username
+PROXY_AUTOPROVISION_CLAIM_EMAIL=email
+PROXY_AUTOPROVISION_CLAIM_DISPLAYNAME=name
+PROXY_AUTOPROVISION_CLAIM_GROUPS=groups
+PROXY_USER_OIDC_CLAIM=preferred_username
+PROXY_USER_CS3_CLAIM=username
 {% endif %}
 
-{% if var_owncloud_public_share_password_necessity == 'nothing' %}
+## sharing
-OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD="false"
+{% if cfg_owncloud.public_share.password_necessity == 'nothing' %}
-OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD="false"
+OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD=false
+OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD=false
 {% endif %}
-{% if var_owncloud_public_share_password_necessity == 'writable' %}
+{% if cfg_owncloud.public_share.password_necessity == 'writable' %}
-OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD="false"
+OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD=false
-OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD="true"
+OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD=true
 {% endif %}
-{% if var_owncloud_public_share_password_necessity == 'all' %}
+{% if cfg_owncloud.public_share.password_necessity == 'all' %}
-OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD="true"
+OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD=true
-OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD="true"
+OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD=true
 {% endif %}
-
+{% if cfg_owncloud.public_share.password_policy_active %}
-{% if var_owncloud_public_share_password_policy_active %}
+OCIS_SHARING_PASSWORD_POLICY_DISABLED=false
-OCIS_SHARING_PASSWORD_POLICY_DISABLED="false"
 {% else %}
-OCIS_SHARING_PASSWORD_POLICY_DISABLED="true"
+OCIS_SHARING_PASSWORD_POLICY_DISABLED=true
 {% endif %}
 

roles/owncloud/vardef.json

@@ -1,75 +0,0 @@
-{
-	"user": {
-		"type": "string",
-		"mandatory": false
-	},
-	"directory": {
-		"type": "string",
-		"mandatory": false
-	},
-	"version": {
-		"type": "string",
-		"mandatory": false
-	},
-	"platform": {
-		"type": "string",
-		"mandatory": false
-	},
-	"domain": {
-		"type": "string",
-		"mandatory": false
-	},
-	"admin_password": {
-		"type": "string",
-		"mandatory": true
-	},
-	"authentication_kind": {
-		"type": "string",
-		"mandatory": false,
-		"options": [
-			"internal",
-			"authelia"
-		]
-	},
-	"authentication_data_authelia_url_base": {
-		"type": "string",
-		"mandatory": false
-	},
-	"authentication_data_authelia_web_client_id": {
-		"type": "string",
-		"mandatory": false
-	},
-	"authentication_data_authelia_web_client_secret": {
-		"type": "string",
-		"mandatory": false
-	},
-	"authentication_data_authelia_android_client_id": {
-		"type": "string",
-		"mandatory": false
-	},
-	"authentication_data_authelia_android_client_secret": {
-		"type": "string",
-		"mandatory": false
-	},
-	"authentication_data_authelia_ios_client_id": {
-		"type": "string",
-		"mandatory": false
-	},
-	"authentication_data_authelia_ios_client_secret": {
-		"type": "string",
-		"mandatory": false
-	},
-	"public_share_password_necessity": {
-		"type": "string",
-		"mandatory": false,
-		"options": [
-			"nothing",
-			"writable",
-			"all"
-		]
-	},
-	"public_share_password_policy_active": {
-		"type": "boolean",
-		"mandatory": false
-	}
-}