automated-office/ansible/roles/services/tasks/main.yml

---
# Verify client secret
- name: "Verify client secret is available"
  fail:
    msg: "Client secret is not set or empty"
  when: client_secret is not defined or client_secret | default('') | trim == ''

# First disable maintenance mode to ensure app commands work
- name: "Ensure maintenance mode is off before starting"
  become: true
  command:
    cmd: "docker exec -u 33 nextcloud php /var/www/html/occ maintenance:mode --off"
  ignore_errors: true

- name: "Uninstall Sociallogin app"
  become: true
  command:
    cmd: "docker exec -u 33 nextcloud php /var/www/html/occ app:remove sociallogin"
  ignore_errors: true

- name: "Install sociallogin app"
  become: true
  command:
    cmd: "docker exec -u 33 nextcloud php /var/www/html/occ app:install sociallogin"

- name: "Create users group"
  become: true
  command:
    cmd: "docker exec -u 33 nextcloud php /var/www/html/occ group:add nextcloud-users"
  ignore_errors: true  # Falls die Gruppe bereits existiert

- name: "Create admin group if not exists"
  become: true
  command:
    cmd: "docker exec -u 33 nextcloud php /var/www/html/occ group:add nextcloud-admins"
  ignore_errors: true

- name: "Create youpi group"
  become: true
  command:
    cmd: "docker exec -u 33 nextcloud php /var/www/html/occ group:add nextcloud-youpi"
  ignore_errors: true

# Configure Social Login
- name: "Set Social Login custom providers config"
  become: true
  command:
    cmd: "docker exec -u 33 nextcloud php /var/www/html/occ config:app:set sociallogin custom_providers --value='{{ sso_config | to_json }}'"
  register: config_result

- name: "Debug config result"
  debug:
    var: config_result
    verbosity: 1

- name: "Verify Social Login config"
  become: true
  command:
    cmd: "docker exec -u 33 nextcloud php /var/www/html/occ config:app:get sociallogin custom_providers"
  register: verify_config

- name: "Debug verification result"
  debug:
    var: verify_config
    verbosity: 1

# Configure Social Login settings
- name: "Set Social Login prevent_create_email_exists"
  become: true
  command:
    cmd: "docker exec -u 33 nextcloud php /var/www/html/occ config:app:set sociallogin prevent_create_email_exists --value='1'"

- name: "Set Social Login update_profile_on_login"
  become: true
  command:
    cmd: "docker exec -u 33 nextcloud php /var/www/html/occ config:app:set sociallogin update_profile_on_login --value='1'"

- name: "Set Social Login restrict_users_wo_mapped_groups"
  become: true
  command:
    cmd: "docker exec -u 33 nextcloud php /var/www/html/occ config:app:set sociallogin restrict_users_wo_mapped_groups --value='1'"

- name: "Set Social Login restrict_users_wo_assigned_groups"
  become: true
  command:
    cmd: "docker exec -u 33 nextcloud php /var/www/html/occ config:app:set sociallogin restrict_users_wo_assigned_groups --value='1'"

# Data directory setup
- name: "Create .ncdata file"
  become: true
  command:
    cmd: "docker exec -u 33 nextcloud sh -c 'echo \"# Nextcloud data directory\" > {{ nextcloud_data_dir }}/.ncdata'"

- name: "Set data folder ownership"
  become: true
  command:
    cmd: "docker exec -u 0 nextcloud chown -R 33:33 {{ nextcloud_data_dir }}"

- name: "Set data folder permissions"
  become: true
  command:
     cmd: "docker exec -u 0 nextcloud chmod -R 770 {{ nextcloud_data_dir }}"

# Restart the app to apply changes
- name: "Disable sociallogin app"
  become: true
  command:
    cmd: "docker exec -u 33 nextcloud php /var/www/html/occ app:disable sociallogin"

- name: "Enable sociallogin app"
  become: true
  command:
    cmd: "docker exec -u 33 nextcloud php /var/www/html/occ app:enable sociallogin"

- name: "Verify sociallogin configuration"
  become: true
  command:
    cmd: "docker exec -u 33 nextcloud php /var/www/html/occ config:app:get sociallogin custom_providers"
  register: sso_config_verification

- name: "Display SSO configuration"
  debug:
    var: sso_config_verification.stdout