Add oCIS cloud storage with Authelia OIDC

Deploy ownCloud Infinite Scale as a self-hosted cloud storage service
at cloud.kolpacksoftware.com using Authelia as the external OIDC IdP.
Configures a PKCE public client (no secret required).

authelia/config/configuration.yaml

@@ -107,3 +107,22 @@ identity_providers:
           - email
           - groups
         userinfo_signed_response_alg: none
+
+      - client_id: ocis
+        client_name: ownCloud Infinite Scale
+        public: true
+        require_pkce: true
+        pkce_challenge_method: S256
+        authorization_policy: one_factor
+        redirect_uris:
+          - https://cloud.kolpacksoftware.com/
+          - https://cloud.kolpacksoftware.com/oidc-callback.html
+          - https://cloud.kolpacksoftware.com/oidc-silent-redirect.html
+          - https://cloud.kolpacksoftware.com/apps/openidconnect/redirect
+        scopes:
+          - openid
+          - profile
+          - email
+          - groups
+          - offline_access
+        userinfo_signed_response_alg: none

ocis/docker-compose.yml

@@ -0,0 +1,35 @@
+services:
+  ocis:
+    image: owncloud/ocis:latest
+    container_name: ocis
+    restart: unless-stopped
+    entrypoint:
+      - /bin/sh
+    command:
+      - "-c"
+      - "ocis init || true; exec ocis server"
+    environment:
+      - TZ=America/New_York
+      - OCIS_URL=https://cloud.kolpacksoftware.com
+      - PROXY_TLS=false
+      - PROXY_HTTP_ADDR=0.0.0.0:9200
+      - OCIS_OIDC_ISSUER=https://auth.kolpacksoftware.com
+      - WEB_OIDC_CLIENT_ID=ocis
+      - PROXY_OIDC_REWRITE_WELLKNOWN=true
+      - PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD=none
+      - PROXY_USER_OIDC_CLAIM=preferred_username
+      - PROXY_AUTOPROVISION_ACCOUNTS=true
+      - OCIS_EXCLUDE_RUN_SERVICES=idp
+      - OCIS_LOG_LEVEL=warn
+      - DEMO_USERS=false
+    volumes:
+      - /srv/ocis/data:/var/lib/ocis
+      - /srv/ocis/config:/etc/ocis
+    ports:
+      - 9200:9200
+    networks:
+      - npm-network
+
+networks:
+  npm-network:
+    external: true