# services/nextcloud/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: nextcloud-config
  namespace: nextcloud
data:
  extra.config.php: |
    <?php
    $CONFIG = array (
      'trusted_domains' =>
      array (
        0 => 'cloud.bstein.dev',
      ),
      'overwritehost' => 'cloud.bstein.dev',
      'overwriteprotocol' => 'https',
      'overwrite.cli.url' => 'https://cloud.bstein.dev',
      'default_phone_region' => 'US',
      'mail_smtpmode' => 'smtp',
      'mail_sendmailmode' => 'smtp',
      'mail_smtphost' => 'mail.bstein.dev',
      'mail_smtpport' => '587',
      'mail_smtpsecure' => 'tls',
      'mail_smtpauth' => true,
      'mail_smtpauthtype' => 'LOGIN',
      'mail_domain' => 'bstein.dev',
      'mail_from_address' => 'no-reply',
      'oidc_login_provider_url' => 'https://sso.bstein.dev/realms/atlas',
      'oidc_login_client_id' => getenv('OIDC_CLIENT_ID'),
      'oidc_login_client_secret' => getenv('OIDC_CLIENT_SECRET'),
      'oidc_login_auto_redirect' => false,
      'oidc_login_end_session_redirect' => true,
      'oidc_login_button_text' => 'Login with Keycloak',
      'oidc_login_hide_password_form' => false,
      'oidc_login_attributes' =>
        array (
          'id' => 'preferred_username',
          'mail' => 'email',
          'name' => 'name',
        ),
      'oidc_login_scope' => 'openid profile email',
      'oidc_login_unique_id' => 'preferred_username',
      'oidc_login_use_pkce' => true,
      'oidc_login_disable_registration' => false,
      'oidc_login_create_groups' => false,
      # External storage for user data should be configured to Asteria via the External Storage app (admin UI),
      # keeping the astreae PVC for app internals only.
    );