Skip to content

App config guide


How do I setup a custom theme?

Check this approach.

How do I create another admin user?

  • Under the Master realm > Users > Add user
  • Create the user and set a temporary password
  • Under the Role Mappings tab, move admin from Available Roles into Assigned Roles


How do I customise the default home page when logging in?

  • Delete the dashboard app since it is so corporate
  • Follow these docs to set the default files list for each user in the Files app
  • Configure a defaultapp in your config.php or use apporder

How do I integrate with Keycloak SSO?

Use this plugin. Unlike the plugin it's forked from, there is no configuration UI, so you'll need to edit /var/www/html/config/config.php:

  'oidc_login_client_id' => 'nextcloud',
  'oidc_login_client_secret' => 'mysecret',
  'oidc_login_provider_url' => '',
  'oidc_login_disable_registration' => false,
  'oidc_login_hide_password_form' => true,
  'oidc_login_button_text' => 'Log in with your myssodomain',
  'oidc_login_default_group' => 'mygroup',
  'oidc_login_attributes' =>
  array (
    'id' => 'sub',
    'name' => 'name',
    'mail' => 'email',
  'oidc_create_groups' => true,

You can use this trick (see "Cryptic Usernames" work-around) to get proper usernames.

You might also need the following "Why is my synchronisation.." change if you see an error 'redirect_uri' is invalid.

Why is my synchronisation client freezing on the "grant access" step?

Please see this ticket.

How can I customise the CSS?

There is some basic stuff in the admin settings.

To go a little deeper, you can use this handy app.

Here is an example CSS config which hides the local login and makes space for a central image:

#body-login .wrapper main form[name="login"],
#body-login .wrapper main form[name="login"] ~ a {
  display: none;

#body-login .logo {
  visibility: hidden;

#body-login #alternative-logins a.button[href*="oidc"] {
  background: #233b4a;
  color: #fff;
  transition: all 0.2s ease-in-out;
#body-login #alternative-logins a.button[href*="oidc"]:hover {
  background: linear-gradient(-35deg, #233b4a 40%, #486c83 100%);

#body-login #alternative-logins a.button[href*="/sociallogin/oauth/google"] {
  border: 0;
  color: #db4437 !important;
  background-color: #fff;

  a.button[href*="/sociallogin/oauth/google"]::before {
  width: 25px;
  background-color: #db4437;
  border-radius: 100%;
  background-size: 60%;
  background-position: center;
  height: 25px;
  vertical-align: middle;
  margin-right: 4px;

#body-login main {
  padding: 50vh 0 0 0;

#body-login a[href*="#body-login"] {
  visibility: hidden;

#body-login footer a,
#body-login footer p {
  color: #233b4a;

#body-login footer a:hover {
  color: #fff;

#body-login footer {
  text-shadow: none;


Generating deploy keys

We normally do something like the following.

ssh-keygen -t ed25519 -C

When you're loading them into Drone, make sure to use the right name of the organisation when using drone orgsecret add.

How to change orgsecret values

First, get your Drone CLI tool downloaded and the environment configured.

export DRONE_TOKEN=$(pass show your-pass-store-path)
curl -L | tar zx

Then you can do things like:

./drone orgsecret ls
./drone orgsecret add someorg my_deploy_key @my_private_key_file

How to enable build failure notifications

Add this to your .drone.yml file. See the plugin docs for more.

- name: notify rocket chat
  image: plugins/slack
  depends_on: ["mybuild"]
      from_secret: rc_builds_url
    username: foobar
    channel: "builds"
    template: "{{repo.owner}}/{{}} build failed: {{}}"
      - failure


You must include valid names of pipelines in your depends_on list field. This is so that the notification will wait until all other pipelines are run before performing the notification logic.

Skipping CI builds

Add [ci skip] into the git commit message. You don't have to run builds if you don't want to.


How do I wire up Keycloak SSO?

Use this plugin.

How do I develop a custom theme?

See this approach.