feat: add oidc provisioning for opencloud

Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>

roles/opencloud/templates/csp-override.yaml.j2

@@ -0,0 +1,13 @@
+directives:
+  connect-src:
+    - "'self'"
+    - "blob:"
+    - "https://raw.githubusercontent.com/opencloud-eu/awesome-apps/"
+    - "https://update.opencloud.eu/"
+{% for url in opencloud_csp_extra_connect_src %}
+    - "{{ url }}"
+{% endfor %}
+  script-src:
+    - "'self'"
+    - "'unsafe-inline'"
+    - "'unsafe-eval'"

roles/opencloud/templates/docker-compose.yml.j2

@@ -18,7 +18,24 @@ services:
       OC_INSECURE: "true"
       OC_LOG_LEVEL: "{{ opencloud_log_level }}"
       PROXY_TLS: "false"
+{% if opencloud_csp_extra_connect_src | length > 0 %}
+      PROXY_CSP_CONFIG_FILE_OVERRIDE_LOCATION: "/etc/ocis/csp-override.yaml"
+{% endif %}
       IDM_ADMIN_PASSWORD: "{{ opencloud_admin_password }}"
+{% if opencloud_oidc_issuer %}
+      OC_OIDC_ISSUER: "{{ opencloud_oidc_issuer }}"
+      OC_OIDC_CLIENT_ID: "{{ opencloud_oidc_client_id }}"
+{% if opencloud_oidc_client_secret %}
+      OC_OIDC_CLIENT_SECRET: "{{ opencloud_oidc_client_secret }}"
+{% endif %}
+      PROXY_OIDC_REWRITE_WELLKNOWN: "{{ opencloud_oidc_rewrite_wellknown | string | lower }}"
+      PROXY_USER_OIDC_CLAIM: "{{ opencloud_oidc_user_claim }}"
+      PROXY_USER_CS3_CLAIM: "{{ opencloud_oidc_user_cs3_claim }}"
+      PROXY_AUTOPROVISION_ACCOUNTS: "{{ opencloud_oidc_autoprovision_accounts | string | lower }}"
+{% if opencloud_oidc_account_edit_url %}
+      WEB_OPTION_ACCOUNT_EDIT_LINK_HREF: "{{ opencloud_oidc_account_edit_url }}"
+{% endif %}
+{% endif %}
     networks:
       - {{ opencloud_traefik_network }}
 {% if opencloud_extra_hosts is defined and opencloud_extra_hosts | length > 0 %}