1.8.0 Release opencloud

2026-04-04 09:45:48 +09:00
parent 017de863d9
commit 0b7d1c4d78
12 changed files with 373 additions and 3 deletions
--- a/docs/services/app/opencloud.md
+++ b/docs/services/app/opencloud.md
@@ -0,0 +1,25 @@
+# opencloud
+
+## Prerequisite
+
+### oidc secret and hash
+
+- Opencloud uses PKEC, therefore it doesn't need client secret
+
+### Create admin password
+
+- Create the password with `openssl rand -base64 32`
+  - Save this value in secrets.yaml in `opencloud.admin.password`
+
+## Configuration
+
+- **!CAUTION!** OpenCloud application \(Android, IOS, Desktop\) doesn't support standard OIDC. Every scopes and client id is hardcoded.
+  - WEBFINGER_\[DESKTOP|ANDROID|IOS\]_OIDC_CLIENT_ID, WEBFINGER_\[DESKTOP|ANDROID|IOS\]_OIDC_CLIENT_SCOPES don't work on official app.
+  - It is impossible to set group claim in scopes. Therefore, it is hard to control roles with token including group claim.
+- When authelia doesn't work, annotate `OC_EXCLUDE_RUN_SERVICES=idp` and restart to container to use local admin.
+- This app doesn't support regex on role_assignment mapping.
+  - When the new user added, manage proxy.yaml.j2 manually until they will support regex or fallback mapping, or fix the hardcoded scopes on applications.
+
+### csp
+
+- Fix `csp.yaml`