1.8.0 Release opencloud

config/services/containers/app/opencloud/etc/csp.yaml.j2

@@ -0,0 +1,38 @@
+directives:
+  child-src:
+    - '''self'''
+  connect-src:
+    - '''self'''
+    - 'blob:'
+    - 'https://raw.githubusercontent.com/opencloud-eu/awesome-apps'
+    - 'https://update.opencloud.eu'
+    - 'https://{{ services['authelia']['domain'] }}.{{ domain['public'] }}'
+#  default-src:
+#    - '''none'''
+  font-src:
+    - '''self'''
+  frame-ancestors:
+    - '''self'''
+  frame-src:
+    - '''self'''
+    - 'blob:'
+  img-src:
+    - '''self'''
+    - 'data:'
+    - 'blob:'
+  manifest-src:
+    - '''self'''
+  media-src:
+    - '''self'''
+#  object-src:
+#    - '''none'''
+  script-src:
+    - '''self'''
+    - '''unsafe-inline'''
+    - '''unsafe-eval'''
+  style-src:
+    - '''self'''
+    - '''unsafe-inline'''
+  worker-src:
+    - '''self'''
+    - 'blob:'

config/services/containers/app/opencloud/etc/proxy.yaml.j2

@@ -0,0 +1,17 @@
+role_assignment:
+  driver: "oidc"
+  oidc_role_mapper:
+    role_claim: "preferred_username"
+    role_mapping:
+{% for admin_user in ['il'] %}
+      - role_name: "admin"
+        claim_value: "{{ admin_user }}"
+{% endfor %}
+{% for general_user in ['morsalin', 'eunkyoung'] %}
+      - role_name: "user"
+        claim_value: "{{ general_user }}"
+{% endfor %}
+#    - role_name: "spaceadmin"
+#      claim_value: ""
+#    - role_name: user-light
+#      claim_value: ""

config/services/containers/app/opencloud/opencloud.container.j2

@@ -0,0 +1,60 @@
+[Quadlet]
+DefaultDependencies=false
+
+[Unit]
+Description=OpenCloud
+
+[Container]
+Image=docker.io/opencloudeu/opencloud:{{ version['containers']['opencloud'] }}
+ContainerName=opencloud
+HostName=opencloud
+
+PublishPort={{ services['opencloud']['ports']['http'] }}:9200
+
+Volume=%h/containers/opencloud:/etc/opencloud:rw
+Volume=%h/data/containers/opencloud:/var/lib/opencloud:rw
+
+# General
+Environment="TZ=Asia/Seoul"
+# Log level info
+Environment="OC_LOG_LEVEL=info"
+# TLS configuration
+Environment="PROXY_TLS=false"
+Environment="OC_INSECURE=true"
+# Connection
+Environment="PROXY_HTTP_ADDR=0.0.0.0:9200"
+Environment="OC_URL=https://{{ services['opencloud']['domain']['public'] }}.{{ domain['public'] }}"
+## CSP file location: allow authelia public domain
+Environment="PROXY_CSP_CONFIG_FILE_LOCATION=/etc/opencloud/csp.yaml"
+# OIDC
+Environment="OC_OIDC_ISSUER=https://{{ services['authelia']['domain'] }}.{{ domain['public'] }}"
+Environment="PROXY_OIDC_REWRITE_WELLKNOWN=true"
+## OIDC CLIENT CONFIGURATION and SCOPES
+Environment="WEB_OIDC_CLIENT_ID=opencloud"
+Environment="WEB_OIDC_SCOPE=openid profile email"
+## auto sign-in from authelia
+Environment="PROXY_AUTOPROVISION_ACCOUNTS=true"
+## Stop using internal idP service
+Environment="OC_EXCLUDE_RUN_SERVICES=idp"
+## Don't limit special characters
+Environment="GRAPH_USERNAME_MATCH=none"
+
+
+# OIDC standard link environments
+#Environment="WEB_OIDC_AUTHORITY=https://{{ services['authelia']['domain'] }}.{{ domain['public'] }}"
+#Environment="WEBFINGER_OIDC_ISSUER=https://{{ services['authelia']['domain'] }}.{{ domain['public'] }}"
+#Environment="OC_OIDC_CLIENT_ID=opencloud"
+#Environment="OC_OIDC_CLIENT_SCOPES=openid profile email groups"
+#Environment="WEBFINGER_ANDROID_OIDC_CLIENT_ID=opencloud"
+#Environment="WEBFINGER_ANDROID_OIDC_CLIENT_SCOPES=openid profile email groups offline_access"
+#Environment="WEBFINGER_DESKTOP_OIDC_CLIENT_ID=opencloud"
+#Environment="WEBFINGER_DESKTOP_OIDC_CLIENT_SCOPES=openid profile email groups offline_access"
+#Environment="WEBFINGER_IOS_OIDC_CLIENT_ID=opencloud"
+#Environment="WEBFINGER_IOS_OIDC_CLIENT_SCOPES=openid profile email groups offline_access"
+[Service]
+Restart=always
+RestartSec=10s
+TimeoutStopSec=120
+
+[Install]
+WantedBy=default.target