From d9c266aafb32e11a00c3223dd31862c403ccf599 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Fra=C3=9F?= Date: Tue, 7 Oct 2025 16:51:48 +0200 Subject: [PATCH] [int] --- roles/owncloud/tasks/main.json | 9 +++++++++ roles/owncloud/templates/env.j2 | 15 ++++++++------- 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/roles/owncloud/tasks/main.json b/roles/owncloud/tasks/main.json index d76f3ad..73261a0 100644 --- a/roles/owncloud/tasks/main.json +++ b/roles/owncloud/tasks/main.json @@ -31,6 +31,15 @@ "path": "{{cfg_owncloud.directory}}/{{item}}" } }, + { + "name": "csp", + "become": true, + "become_user": "{{cfg_owncloud.user}}", + "ansible.builtin.template": { + "src": "csp.yaml.j2", + "dest": "{{cfg_owncloud.directory}}/csp.yaml" + } + }, { "name": "setup", "become": true, diff --git a/roles/owncloud/templates/env.j2 b/roles/owncloud/templates/env.j2 index 49f3a4e..505b765 100644 --- a/roles/owncloud/templates/env.j2 +++ b/roles/owncloud/templates/env.j2 @@ -6,12 +6,12 @@ WEB_LOG_COLOR=true {% if cfg_owncloud.authentication_kind == 'internal' %} {% endif %} {% if cfg_owncloud.authentication_kind == 'authelia' %} -WEB_OIDC_AUTHORITY={{cfg_owncloud.authentication.data.authelia.url_base}} -WEB_OIDC_CLIENT_ID={{cfg_owncloud.authentication.data.authelia.web.client_id}} +WEB_OIDC_AUTHORITY={{cfg_owncloud.authentication.data.url_base}} +WEB_OIDC_CLIENT_ID={{cfg_owncloud.authentication.data.web.client_id}} WEB_OIDC_RESPONSE_TYPE=code WEB_OIDC_SCOPE=openid profile email groups -WEB_OPTION_LOGIN_URL={{cfg_owncloud.authentication.data.authelia.url_base}} -WEB_OPTION_LOGOUT_URL={{cfg_owncloud.authentication.data.authelia.url_base}} +WEB_OPTION_LOGIN_URL={{cfg_owncloud.authentication.data.url_base}} +WEB_OPTION_LOGOUT_URL={{cfg_owncloud.authentication.data.url_base}} {% endif %} ## other clients @@ -19,12 +19,13 @@ PROXY_LOG_LEVEL=info PROXY_LOG_FILE={{cfg_owncloud.directory}}/log/proxy PROXY_LOG_PRETTY=true PROXY_LOG_COLOR=true +PROXY_CSP_CONFIG_FILE_LOCATION={{cfg_owncloud.directory}}/csp.yaml PROXY_TLS=false -{% if cfg_owncloud.authentication_kind == 'internal' %} +{% if cfg_owncloud.authentication.kind == 'internal' %} PROXY_AUTOPROVISION_ACCOUNTS=false {% endif %} -{% if cfg_owncloud.authentication_kind == 'authelia' %} -PROXY_OIDC_ISSUER={{cfg_owncloud.authentication.data.authelia.url_base}} +{% if cfg_owncloud.authentication.kind == 'authelia' %} +PROXY_OIDC_ISSUER={{cfg_owncloud.authentication.data.url_base}} PROXY_OIDC_REWRITE_WELLKNOWN=true PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD=none PROXY_OIDC_SKIP_USER_INFO=false