---
# Default variables for SSO configuration
sso_config:
  custom_oidc:
    - name: "keycloak"
      title: "keycloak"
      authorizeUrl: "https://auth.mrx8086.com/realms/office-automation/protocol/openid-connect/auth"
      tokenUrl: "https://auth.mrx8086.com/realms/office-automation/protocol/openid-connect/token"
      userInfoUrl: "https://auth.mrx8086.com/realms/office-automation/protocol/openid-connect/userinfo"
      logoutUrl: "https://auth.mrx8086.com/realms/office-automation/protocol/openid-connect/logout?post_logout_redirect_uri=https%3A%2F%2Fcloud.mrx8086.com&client_id=nextcloud"
      clientId: "nextcloud"
      clientSecret: "{{ client_secret }}"
      scope: "openid groups-nextcloud profile"
      groupsClaim: "groups"
      style: "keycloak"
      defaultGroup: ""
      groupMapping:
        nextcloud-admins: "admin"
        nextcloud-users: "users"
        nextcloud-youpi: "youpi"

# Default paths and settings
nextcloud_data_dir: "/var/www/html/data"

# ansible/roles/services/defaults/main.yml
paperless_oidc:
  client_id: paperless
  provider_url: "https://{{ keycloak_host }}"
  realm: "{{ keycloak_realm }}"
  sign_algo: "RS256"
  verify_ssl: false
  scopes: "openid profile email"