[int]

roles/owncloud/tasks/main.json

@@ -31,6 +31,15 @@
 			"path": "{{cfg_owncloud.directory}}/{{item}}"
 		}
 	},
+	{
+		"name": "csp",
+		"become": true,
+		"become_user": "{{cfg_owncloud.user}}",
+		"ansible.builtin.template": {
+			"src": "csp.yaml.j2",
+			"dest": "{{cfg_owncloud.directory}}/csp.yaml"
+		}
+	},
 	{
 		"name": "setup",
 		"become": true,

roles/owncloud/templates/env.j2

@@ -6,12 +6,12 @@ WEB_LOG_COLOR=true
 {% if cfg_owncloud.authentication_kind == 'internal' %}
 {% endif %}
 {% if cfg_owncloud.authentication_kind == 'authelia' %}
-WEB_OIDC_AUTHORITY={{cfg_owncloud.authentication.data.authelia.url_base}}
+WEB_OIDC_AUTHORITY={{cfg_owncloud.authentication.data.url_base}}
-WEB_OIDC_CLIENT_ID={{cfg_owncloud.authentication.data.authelia.web.client_id}}
+WEB_OIDC_CLIENT_ID={{cfg_owncloud.authentication.data.web.client_id}}
 WEB_OIDC_RESPONSE_TYPE=code
 WEB_OIDC_SCOPE=openid profile email groups
-WEB_OPTION_LOGIN_URL={{cfg_owncloud.authentication.data.authelia.url_base}}
+WEB_OPTION_LOGIN_URL={{cfg_owncloud.authentication.data.url_base}}
-WEB_OPTION_LOGOUT_URL={{cfg_owncloud.authentication.data.authelia.url_base}}
+WEB_OPTION_LOGOUT_URL={{cfg_owncloud.authentication.data.url_base}}
 {% endif %}
 
 ## other clients
@@ -19,12 +19,13 @@ PROXY_LOG_LEVEL=info
 PROXY_LOG_FILE={{cfg_owncloud.directory}}/log/proxy
 PROXY_LOG_PRETTY=true
 PROXY_LOG_COLOR=true
+PROXY_CSP_CONFIG_FILE_LOCATION={{cfg_owncloud.directory}}/csp.yaml
 PROXY_TLS=false
-{% if cfg_owncloud.authentication_kind == 'internal' %}
+{% if cfg_owncloud.authentication.kind == 'internal' %}
 PROXY_AUTOPROVISION_ACCOUNTS=false
 {% endif %}
-{% if cfg_owncloud.authentication_kind == 'authelia' %}
+{% if cfg_owncloud.authentication.kind == 'authelia' %}
-PROXY_OIDC_ISSUER={{cfg_owncloud.authentication.data.authelia.url_base}}
+PROXY_OIDC_ISSUER={{cfg_owncloud.authentication.data.url_base}}
 PROXY_OIDC_REWRITE_WELLKNOWN=true
 PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD=none
 PROXY_OIDC_SKIP_USER_INFO=false