2023-03-17 10:34:15 +01:00
---
nextcloud_enabled : true
nextcloud_identifier : nextcloud
nextcloud_scheme : https
# The fully-qualified name of your Nextcloud server (e.g. `nextcloud.example.com`)
nextcloud_hostname : ''
nextcloud_path_prefix : /
2023-03-23 07:07:35 +01:00
nextcloud_version : 26.0 .0
2023-03-17 10:34:15 +01:00
nextcloud_uid : ''
nextcloud_gid : ''
2023-03-29 13:12:41 +02:00
nextcloud_systemd_required_services_list : "{{ nextcloud_systemd_required_services_list_default + nextcloud_systemd_required_services_list_auto + nextcloud_systemd_required_services_list_custom }}"
nextcloud_systemd_required_services_list_default : [ 'docker.service' ]
nextcloud_systemd_required_services_list_auto : [ ]
nextcloud_systemd_required_services_list_custom : [ ]
2023-03-17 10:34:15 +01:00
nextcloud_base_path : "{{ nextcloud_base_path }}/nextcloud"
nextcloud_config_path : "{{ nextcloud_base_path }}/config"
nextcloud_data_path : "{{ nextcloud_base_path }}/data"
2023-04-03 09:19:13 +02:00
nextcloud_redis_session_ini_path : "{{ nextcloud_base_path }}/redis-session.ini"
2023-03-17 10:34:15 +01:00
nextcloud_customized_container_src_path : "{{ nextcloud_base_path }}/customized-container-src"
# SVG support for imagick can be setup like this:
# https://docs.nextcloud.com/server/24/admin_manual/configuration_server/theming.html?highlight=libmagickcore%20q16%20extra#theming-of-icons
# However, using Imagick may have a negative effect on security, that is the reason
# behind not installing it by default. See:
# https://github.com/nextcloud/server/issues/13099
# Tread wisely!
nextcloud_container_image_customizations_php_imageick_installation_enabled : false
nextcloud_container_image_customizations_php_imageick_installation_package : "libmagickcore-6.q16-6-extra"
# nextcloud_container_image_customizations_enabled controls whether a customized Nextcloud image will be built.
#
# We toggle this variable to `true` when certain features which require a custom build are enabled.
# Feel free to toggle this to `true` yourself and specify build steps in `nextcloud_container_image_customizations_dockerfile_body_custom`.
#
# See:
# - `roles/nextcloud-server/templates/customizations/Dockerfile.j2`
# - `nextcloud_container_image_customizations_dockerfile_body_custom`
# - `nextcloud_container_image_customized`
# - `nextcloud_container_image_final`
nextcloud_container_image_customizations_enabled : "{{ nextcloud_container_image_customizations_php_imageick_installation_enabled }}"
# nextcloud_container_image_customizations_dockerfile_body_custom contains your custom Dockerfile steps
# for building your customized Nextcloud image based on the original (upstream) image (`nextcloud_container_image`).
# A `FROM ...` clause is included automatically so you don't have to.
#
# Example:
# nextcloud_container_image_customizations_dockerfile_body_custom: |
# RUN echo 'This is a custom step for building the customized container image for Nextcloud.'
# RUN echo 'You can override nextcloud_container_image_customizations_dockerfile_body_custom to add your own steps.'
# RUN echo 'You do NOT need to include a FROM clause yourself.'
nextcloud_container_image_customizations_dockerfile_body_custom : ''
nextcloud_container_image : "{{ nextcloud_container_image_registry_prefix }}nextcloud:{{ nextcloud_container_image_tag }}"
nextcloud_container_image_tag : "{{ nextcloud_version }}-apache"
nextcloud_container_image_force_pull : "{{ nextcloud_container_image.endswith(':latest') }}"
nextcloud_container_image_registry_prefix : docker.io/
# nextcloud_container_image_customized is the name of the locally built Nextcloud image
# which adds various customizations on top of the original (upstream) Nextcloud image.
# This image will be based on the upstream `nextcloud_container_image` image, only if `nextcloud_container_image_customizations_enabled: true`.
nextcloud_container_image_customized : "localhost/nextcloud:{{ nextcloud_container_image_tag }}-customized"
# nextcloud_container_image_final holds the name of the Nextcloud image to run depending on whether or not customizations are enabled.
nextcloud_container_image_final : "{{ nextcloud_container_image_customized if nextcloud_container_image_customizations_enabled else nextcloud_container_image }} "
# A list of extra arguments to pass to the container
nextcloud_container_extra_arguments : [ ]
# Controls whether the nextcloud-apache container's memory usage
# is limited and to what extent.
#
# When set, these options are passed to `docker run`
# as `--memory=..` and `--memory-swap=..` respectively.
#
# Expected value format is `[integer][unit]`. E.g. 100M, 1G
#
# If `nextcloud_container_memory_swap_limit` is set,
# it represents the total memory that can be used (memory + swap),
# so it must always be at least as large as `nextcloud_container_memory_limit`.
# To disable swapping, make it the same as `nextcloud_container_memory_limit`.
nextcloud_container_memory_limit : ""
nextcloud_container_memory_swap_limit : ""
# Controls whether the nextcloud-apache container exposes its HTTP port (tcp/80 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:37150"), or empty string to not expose.
nextcloud_container_http_host_bind_port : ""
# nextcloud_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
# See `../templates/labels.j2` for details.
#
# To inject your own other container labels, see `nextcloud_container_labels_additional_labels`.
nextcloud_container_labels_traefik_enabled : true
nextcloud_container_labels_traefik_docker_network : ''
nextcloud_container_labels_traefik_hostname : "{{ nextcloud_hostname }}"
# The path prefix must either be `/` or not end with a slash (e.g. `/nextcloud`).
nextcloud_container_labels_traefik_path_prefix : "{{ nextcloud_path_prefix }}"
# Controls whether `/.well-known/{carddav,caldav}` will be redirected to `/remote.php/dav/`
nextcloud_container_labels_traefik_dav_redirect_regex_enabled : true
nextcloud_container_labels_traefik_rule : "Host(`{{ nextcloud_container_labels_traefik_hostname }}`){% if nextcloud_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ nextcloud_container_labels_traefik_path_prefix | quote }}`){% endif %}"
nextcloud_container_labels_traefik_priority : 0
nextcloud_container_labels_traefik_entrypoints : web-secure
nextcloud_container_labels_traefik_tls : "{{ nextcloud_container_labels_traefik_entrypoints != 'web' }}"
nextcloud_container_labels_traefik_tls_certResolver : default # noqa var-naming
# Controls which additional headers to attach to all HTTP requests.
# To add your own custom request headers, use `nextcloud_container_labels_traefik_additional_response_headers_custom`
nextcloud_container_labels_traefik_additional_request_headers : "{{ nextcloud_container_labels_traefik_additional_request_headers_auto | combine(nextcloud_container_labels_traefik_additional_request_headers_custom) }}"
nextcloud_container_labels_traefik_additional_request_headers_auto : |
{{
{}
| combine ({'Front-End-Https': 'on'} if nextcloud_scheme == 'https' else {})
}}
nextcloud_container_labels_traefik_additional_request_headers_custom : {}
# Controls which additional headers to attach to all HTTP responses.
# To add your own custom response headers, use `nextcloud_container_labels_traefik_additional_response_headers_custom`
nextcloud_container_labels_traefik_additional_response_headers : "{{ nextcloud_container_labels_traefik_additional_response_headers_auto | combine(nextcloud_container_labels_traefik_additional_response_headers_custom) }}"
nextcloud_container_labels_traefik_additional_response_headers_auto : |
{{
{}
| combine ({'X-XSS-Protection': nextcloud_http_header_xss_protection} if nextcloud_http_header_xss_protection else {})
| combine ({'X-Frame-Options': nextcloud_http_header_frame_options} if nextcloud_http_header_frame_options else {})
| combine ({'X-Content-Type-Options': nextcloud_http_header_content_type_options} if nextcloud_http_header_content_type_options else {})
| combine ({'Content-Security-Policy': nextcloud_http_header_content_security_policy} if nextcloud_http_header_content_security_policy else {})
| combine ({'Permission-Policy': nextcloud_http_header_content_permission_policy} if nextcloud_http_header_content_permission_policy else {})
| combine ({'Strict-Transport-Security': nextcloud_http_header_strict_transport_security} if nextcloud_http_header_strict_transport_security and nextcloud_container_labels_traefik_tls else {})
}}
nextcloud_container_labels_traefik_additional_response_headers_custom : {}
# nextcloud_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
# See `roles/custom/nextcloud/templates/labels.j2` for details.
#
# Example:
# nextcloud_container_labels_additional_labels: |
# my.label=1
# another.label="here"
nextcloud_container_labels_additional_labels : ''
# nextcloud_container_additional_environment_variables contains a multiline string with additional environment variables to pass to the container.
#
# Example:
# nextcloud_container_additional_environment_variables: |
# VAR=1
# ANOTHER=value
nextcloud_container_additional_environment_variables : ''
# A list of additional "mounts" to be mounted in the container.
# Contains definition objects like this:
# nextcloud_container_additional_mounts:
# - "type=bind|volume|tmpfs,source=/outside,target=/inside,readonly,bind-propagation=slave"
nextcloud_container_additional_mounts : [ ]
nextcloud_container_network : "{{ nextcloud_identifier }}"
# A list of additional container networks that the container would be connected to.
# The playbook does not create these networks, so make sure they already exist.
2023-03-29 13:12:41 +02:00
nextcloud_container_additional_networks : "{{ nextcloud_container_additional_networks_auto + nextcloud_container_additional_networks_custom }}"
nextcloud_container_additional_networks_auto : [ ]
nextcloud_container_additional_networks_custom : [ ]
2023-03-17 10:34:15 +01:00
nextcloud_database_type : postgres
nextcloud_database_hostname : ''
nextcloud_database_port : 5432
nextcloud_database_name : nextcloud
nextcloud_database_username : ''
nextcloud_database_password : ''
# A list of configuration parameters for Nextcloud.
# To define your own, we advise editing `nextcloud_config_additional_parameters`.
nextcloud_config_parameters : "{{ nextcloud_config_default_parameters + nextcloud_config_additional_parameters }}"
# Default configuration parameters to apply to Nextcloud.
# To add your own additional parameters, use `nextcloud_config_additional_parameters`.
# To get rid of these defaults, redefine `nextcloud_config_default_parameters` or `nextcloud_config_parameters`.
nextcloud_config_default_parameters :
- key : overwriteprotocol
value : "https"
type : string
- key : overwrite.cli.url
value : "{{ nextcloud_url }}"
type : string
- key : overwritewebroot
value : "{{ nextcloud_path_prefix }}"
type : string
- key : htaccess.RewriteBase
value : "{{ nextcloud_path_prefix }}"
type : string
# Add your custom Nextcloud configuration parameters here.
#
# Example:
# nextcloud_config_additional_parameters:
# - key: mail_smtphost
# value: smtp.example.com
# type: string
nextcloud_config_additional_parameters : [ ]
# nextcloud_cron_schedule contains a systemd OnCalendar definition which controls how often `cron.timer` runs
# The default value means 'every 15 minutes'.
# Learn more here: https://man.archlinux.org/man/systemd.time.7
nextcloud_cron_schedule : '*:0/15:0'
# Specifies the value of the `X-XSS-Protection` header
# Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks.
#
# Learn more about it is here:
# - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
# - https://portswigger.net/web-security/cross-site-scripting/reflected
nextcloud_http_header_xss_protection : "1; mode=block"
# Specifies the value of the `X-Frame-Options` header which controls whether framing can happen.
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
nextcloud_http_header_frame_options : SAMEORIGIN
# Specifies the value of the `X-Content-Type-Options` header.
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
nextcloud_http_header_content_type_options : nosniff
# Specifies the value of the `Content-Security-Policy` header.
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
nextcloud_http_header_content_security_policy : frame-ancestors 'self'
# Specifies the value of the `Permission-Policy` header.
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permission-Policy
nextcloud_http_header_content_permission_policy : "{{ 'interest-cohort=()' if nextcloud_floc_optout_enabled else '' }}"
# Specifies the value of the `Strict-Transport-Security` header.
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
nextcloud_http_header_strict_transport_security : "max-age=31536000; includeSubDomains{{ '; preload' if nextcloud_hsts_preload_enabled else '' }}"
# Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses
#
# Learn more about what it is here:
# - https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea
# - https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network
# - https://amifloced.org/
#
# Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices.
# See: `nextcloud_content_permission_policy`
nextcloud_floc_optout_enabled : true
# Controls if HSTS preloading is enabled
#
# In its strongest and recommended form, the [HSTS policy](https://www.chromium.org/hsts) includes all subdomains, and
# indicates a willingness to be "preloaded" into browsers:
# `Strict-Transport-Security: max-age=31536000; includeSubDomains; preload`
# For more information visit:
# - https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
# - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
# - https://hstspreload.org/#opt-in
# See: `nextcloud_http_header_strict_transport_security`
nextcloud_hsts_preload_enabled : false
2023-03-17 12:51:45 +01:00
# Collabora Online integration.
# See the `collabora-online` role.
nextcloud_collabora_app_wopi_url : ''
nextcloud_collabora_app_wopi_allowlist : '10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16'
2023-03-25 15:46:17 +01:00
# Redis intergration.
nextcloud_redis_hostname : ''
nextcloud_redis_port : 6379