filebrowser-quantum OIDC

set filebrowser-quantum as files.aggtaa.com

auth/config/configuration.yml

@@ -119,7 +119,7 @@ identity_providers:
         - 'userinfo'
 
     clients:
-      - client_id: files.aggtaa.com
+      - client_id: opencloud
         client_name: files.aggtaa.com
         public: true
         consent_mode: pre-configured # store user consent for some time
@@ -133,3 +133,25 @@ identity_providers:
           - https://files.aggtaa.com/
           - https://files.aggtaa.com/oidc-callback.html
           - https://files.aggtaa.com/oidc-silent-redirect.html
+
+      - client_id: 'filebrowser-quantum'
+        client_name: 'files.aggtaa.com'
+        client_secret: '$pbkdf2-sha512$310000$Dtx8Y69nPActRIoqOWEXQQ$4F0bgcL7rf90toYT9tljgBRumTdgkoop4RMg3crSQNfiY/Y2cPKXqgUhU8G/1uf/hZv1Sz4Yl0Aec.xwG/VSnA'
+        public: false
+        consent_mode: implicit
+        require_pkce: false
+        pkce_challenge_method: ''
+        redirect_uris:
+          - 'https://files.aggtaa.com/api/auth/oidc/callback'
+        scopes:
+          - 'openid'
+          - 'profile'
+          - 'groups'
+          - 'email'
+        response_types:
+          - 'code'
+        grant_types:
+          - 'authorization_code'
+        access_token_signed_response_alg: 'none'
+        userinfo_signed_response_alg: 'none'
+        token_endpoint_auth_method: 'client_secret_basic'

auth/config/users_database.yml

@@ -7,8 +7,8 @@ users:
             - admins
             - dev
             - users
-            - opencloud-admins
+            - files-admin
-            - opencloud-users
+            - files-user
         given_name: ""
         middle_name: ""
         family_name: ""
@@ -31,7 +31,7 @@ users:
         email: ekaterina.r.zykova@gmail.com
         groups:
             - users
-            - opencloud-users
+            - files-user
         given_name: ""
         middle_name: ""
         family_name: ""

caddy/config/Caddyfile

@@ -106,7 +106,7 @@ git.aggtaa.com {
 }
 
 files.aggtaa.com {
-  reverse_proxy opencloud:9200
+  reverse_proxy filebrowser-quantum:80
   log {
     output file /var/log/caddy/files.aggtaa.com.log
   }

filebrowser-quantum/compose.yaml

@@ -0,0 +1,22 @@
+services:
+  filebrowser:
+    image: ghcr.io/gtsteffaniak/filebrowser
+    container_name: filebrowser-quantum
+    restart: always
+    user: root
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost/health"]
+      interval: 30s
+      timeout: 3s
+      start_period: 10s
+      retries: 3
+    volumes:
+      - /docker/data/files:/folder
+      - /docker/data/filebrowser-quantum/db:/home/filebrowser/data/database
+      - /docker/data/filebrowser-quantum/tmp:/home/filebrowser/data/tmp
+      - ./config/config.yaml:/home/filebrowser/data/config.yaml:ro
+    networks:
+      - caddy_default
+networks:
+  caddy_default:
+    external: true

filebrowser-quantum/config/config.yaml

@@ -0,0 +1,41 @@
+server:
+  cacheDir: /home/filebrowser/data/tmp # using the data volume so it can persist across restarts
+  database: /home/filebrowser/data/database/quantum.db
+  sources:
+
+    - path: /folder # Do not use a root "/" directory or include the "/var" folder
+      name: "My Files"
+      config:
+        defaultEnabled: true
+        createUserDir: true
+        defaultUserScope: "/"
+        useLogicalSize: true
+
+    - path: "/folder/shared"
+      name: "Shared Files"
+      config:
+        defaultEnabled: true
+        useLogicalSize: true
+
+auth:
+  methods:
+
+    password:
+      enabled: true # 'admin' uses password as fallback
+      signup: false
+
+    oidc:
+      enabled: true
+      clientId: 'filebrowser-quantum'
+      clientSecret: 'g4HptlioyTK9ozpWh09IvQ3w1rDCfJvX'
+      issuerUrl: 'https://auth.aggtaa.com'
+      scopes: 'email openid profile groups'
+      userIdentifier: 'preferred_username'
+      disableVerifyTLS: false
+      logoutRedirectUrl: ''
+      createUser: true
+      adminGroup: 'files-admin'
+      groupsClaim: 'groups'
+
+userDefaults:
+  loginMethod: "oidc"      

opencloud/compose.yaml

@@ -50,7 +50,7 @@ services:
       OC_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS: "0"
       OC_DEFAULT_LANGUAGE: ru
       # oidc
-      OC_OIDC_CLIENT_ID: files.aggtaa.com
+      OC_OIDC_CLIENT_ID: opencloud
       IDP_DOMAIN: "auth"
       OC_OIDC_ISSUER: https://auth.aggtaa.com
       PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD: none # disable, as authelia uses plain string tokens, opencloud expects jwt

opencloud/config/proxy.yaml

@@ -4,6 +4,6 @@ role_assignment:
     role_claim: groups
     role_mapping:
       - role_name: admin
-        claim_value: opencloud-admins # authelia group name
+        claim_value: files-admin # authelia group name
       - role_name: user
-        claim_value: opencloud-users # authelia group name
+        claim_value: files-user # authelia group name