Refactor Nextcloud configuration to use OCC script approach and add email/OIDC support

Major architectural changes:
- Replace config file templating with unified OCC command script
- Remove custom_apps mount overlay that caused Caddy serving issues
- Implement script-based configuration for idempotency and clarity

Configuration improvements:
- Add email/SMTP support with master switch (nextcloud_email_enabled)
- Add OIDC/SSO integration with Authentik support
- Add apps installation (user_oidc, calendar, contacts)
- Enable group provisioning and quota management from OIDC
- Set nextcloud_oidc_unique_uid to false per Authentik docs

Files removed:
- nextcloud.config.php.j2 (replaced by OCC commands)
- redis.config.php.j2 (replaced by OCC commands)
- optimization.yml (merged into configure.yml)

Files added:
- configure-nextcloud.sh.j2 (single source of truth for config)
- configure.yml (deploys and runs configuration script)

Documentation:
- Add comprehensive OIDC setup guide with Authentik integration
- Document custom scope mapping and group provisioning
- Add email configuration examples for common providers
- Update vault variables documentation
- Explain two-phase deployment approach

Host configuration:
- Change admin user from 'admin' to 'joakim'
- Add admin email configuration

roles/nextcloud/tasks/main.yml

@@ -40,7 +40,6 @@
     - "{{ nextcloud_html_dir }}"
     - "{{ nextcloud_data_dir }}"
     - "{{ nextcloud_config_dir }}"
-    - "{{ nextcloud_custom_apps_dir }}"
   tags: [setup, directories]
 
 - name: Deploy environment configuration
@@ -52,12 +51,9 @@
   notify: restart nextcloud
   tags: [config]
 
-# NOTE: Custom Redis config is deployed AFTER installation completes (see below)
-# to avoid interfering with the container's first-time initialization process
-
-# NOTE: redis-session-override.ini is NOT deployed because we use file-based sessions
-# (not Redis sessions). If you enable REDIS_HOST in the future, you'll need to add
-# proper session lock configuration.
+# NOTE: Nextcloud is configured via OCC commands in a script after installation
+# completes. This avoids interfering with the container's initialization process
+# and provides a clean, explicit configuration approach.
 
 - name: Create Quadlet systemd directory (system scope)
   file:
@@ -130,13 +126,9 @@
   changed_when: false
   tags: [verification]
 
-- name: Deploy custom Redis caching configuration (post-installation)
-  template:
-    src: redis.config.php.j2
-    dest: "{{ nextcloud_config_dir }}/redis.config.php"
-    mode: '0644'
-  notify: restart nextcloud
-  tags: [config, redis]
+- name: Configure Nextcloud via OCC script
+  include_tasks: configure.yml
+  tags: [config, configure]
 
 - name: Truncate nextcloud.log to prevent bloat
   shell: |
@@ -149,10 +141,6 @@
   include_tasks: cron.yml
   tags: [cron, background-jobs]
 
-- name: Optimize database and apply configuration
-  include_tasks: optimization.yml
-  tags: [optimization, database]
-
 - name: Display Nextcloud deployment status
   debug:
     msg: |
@@ -167,7 +155,8 @@
       ⚙️  Configuration:
       - Redis caching enabled (application-level cache & file locking)
       - PHP sessions use file-based storage (not Redis)
-      - Custom redis.config.php deployed post-installation
+      - Database optimizations applied
+      - Configuration via OCC commands
       
       🚀 Ready for file storage and collaboration!