From b31e9f1e577ac34d19caf6840040bb4c6f89000b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Fra=C3=9F?= Date: Wed, 17 Sep 2025 23:43:22 +0200 Subject: [PATCH] [task-377] [int] --- roles/owncloud/defaults/main.json | 2 +- roles/owncloud/info.md | 11 +++++++++++ roles/owncloud/templates/csp.yaml.j2 | 6 ++++++ roles/owncloud/templates/env.j2 | 1 + 4 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 roles/owncloud/templates/csp.yaml.j2 diff --git a/roles/owncloud/defaults/main.json b/roles/owncloud/defaults/main.json index 1101e12..75cdfab 100644 --- a/roles/owncloud/defaults/main.json +++ b/roles/owncloud/defaults/main.json @@ -1,7 +1,7 @@ { "var_owncloud_user": "owncloud", "var_owncloud_directory": "/opt/owncloud", - "var_owncloud_version": "5.0.0", + "var_owncloud_version": "7.2.0", "var_owncloud_platform": "linux-amd64", "var_owncloud_domain": "owncloud.example.org", "var_owncloud_admin_password": "REPLACE_ME", diff --git a/roles/owncloud/info.md b/roles/owncloud/info.md index b74ee6d..c5df2ed 100644 --- a/roles/owncloud/info.md +++ b/roles/owncloud/info.md @@ -7,6 +7,7 @@ Cloud-Plattform [ownCloud](https://owncloud.com/) (the rewrite in Go named "Infi - [ownCloud-Dokumentation | How to install ownCloud Infinite Scale Tech Preview in three easy steps](https://owncloud.com/news/howto-install-owncloud-infinite-scale-tech-preview/) - [ownCloud-Dokumentation | oCIS](https://owncloud.dev/ocis/) +- [ownCloud-Dokumentation | Upgrading](https://doc.owncloud.com/ocis/next/migration/upgrading-ocis.html) - [ownCloud-Dokumentation | Service | Proxy](https://doc.owncloud.com/ocis/next/deployment/services/s-list/proxy.html) - [ownCloud-Dokumentation | Service | Web](https://doc.owncloud.com/ocis/next/deployment/services/s-list/web.html) - [ownCloud-Dokumentation | Service | Sharing](https://doc.owncloud.com/ocis/next/deployment/services/s-list/sharing.html) @@ -14,6 +15,16 @@ Cloud-Plattform [ownCloud](https://owncloud.com/) (the rewrite in Go named "Infi - [ownCloud-Foren | OCIS + Authelia](https://central.owncloud.org/t/ocis-authelia/44222) +## Bemerkungen + +- die `.ocis/config/ocis.yaml` wird erzeugt auf Grundlage der `.env` +- wenn man sich plötzlich nicht mehr über OIDC anmelden kann, kann das daran lieget, dass `.ocis/idm/ldap.crt` abgelaufen ist — siehe dazu [diesen Thread](https://central.owncloud.org/t/certificate-error-after-upgrade-to-5-0-0-from-4-0-6/47824/7); man könnte auch `OCIS_LDAP_INSECURE` auf `true` setzen, aber naja… + + ## ToDo - Download prüfen +- `csp.yaml` einsetzen +- prüfen ob folgende `.env`-Variablen gebraucht werden: + - `PROXY_OIDC_ISSUER` + - `PROXY_OIDC_SKIP_USER_INFO` diff --git a/roles/owncloud/templates/csp.yaml.j2 b/roles/owncloud/templates/csp.yaml.j2 new file mode 100644 index 0000000..8a96314 --- /dev/null +++ b/roles/owncloud/templates/csp.yaml.j2 @@ -0,0 +1,6 @@ +directives: + connect-src: + - '''self''' +{% if var_owncloud_authentication_kind == 'authelia' %} + - '{{var_owncloud_authentication_data_authelia_url_base}}' +{% endif %} diff --git a/roles/owncloud/templates/env.j2 b/roles/owncloud/templates/env.j2 index 1c53400..8a39760 100644 --- a/roles/owncloud/templates/env.j2 +++ b/roles/owncloud/templates/env.j2 @@ -42,3 +42,4 @@ OCIS_SHARING_PASSWORD_POLICY_DISABLED="false" {% else %} OCIS_SHARING_PASSWORD_POLICY_DISABLED="true" {% endif %} +