From 827675d8476b6df9d129a6295209020c125cedb6 Mon Sep 17 00:00:00 2001
From: poprhythm <james.kolpack@gmail.com>
Date: Sat, 28 Feb 2026 23:19:28 +0000
Subject: [PATCH] Add oCIS cloud storage with Authelia OIDC

Deploy ownCloud Infinite Scale as a self-hosted cloud storage service
at cloud.kolpacksoftware.com using Authelia as the external OIDC IdP.
Configures a PKCE public client (no secret required).
---
 authelia/config/configuration.yaml | 19 ++++++++++++++++
 ocis/docker-compose.yml            | 35 ++++++++++++++++++++++++++++++
 2 files changed, 54 insertions(+)
 create mode 100644 ocis/docker-compose.yml

diff --git a/authelia/config/configuration.yaml b/authelia/config/configuration.yaml
index 796ea51..8e003d8 100644
--- a/authelia/config/configuration.yaml
+++ b/authelia/config/configuration.yaml
@@ -107,3 +107,22 @@ identity_providers:
           - email
           - groups
         userinfo_signed_response_alg: none
+
+      - client_id: ocis
+        client_name: ownCloud Infinite Scale
+        public: true
+        require_pkce: true
+        pkce_challenge_method: S256
+        authorization_policy: one_factor
+        redirect_uris:
+          - https://cloud.kolpacksoftware.com/
+          - https://cloud.kolpacksoftware.com/oidc-callback.html
+          - https://cloud.kolpacksoftware.com/oidc-silent-redirect.html
+          - https://cloud.kolpacksoftware.com/apps/openidconnect/redirect
+        scopes:
+          - openid
+          - profile
+          - email
+          - groups
+          - offline_access
+        userinfo_signed_response_alg: none
diff --git a/ocis/docker-compose.yml b/ocis/docker-compose.yml
new file mode 100644
index 0000000..bcb51b1
--- /dev/null
+++ b/ocis/docker-compose.yml
@@ -0,0 +1,35 @@
+services:
+  ocis:
+    image: owncloud/ocis:latest
+    container_name: ocis
+    restart: unless-stopped
+    entrypoint:
+      - /bin/sh
+    command:
+      - "-c"
+      - "ocis init || true; exec ocis server"
+    environment:
+      - TZ=America/New_York
+      - OCIS_URL=https://cloud.kolpacksoftware.com
+      - PROXY_TLS=false
+      - PROXY_HTTP_ADDR=0.0.0.0:9200
+      - OCIS_OIDC_ISSUER=https://auth.kolpacksoftware.com
+      - WEB_OIDC_CLIENT_ID=ocis
+      - PROXY_OIDC_REWRITE_WELLKNOWN=true
+      - PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD=none
+      - PROXY_USER_OIDC_CLAIM=preferred_username
+      - PROXY_AUTOPROVISION_ACCOUNTS=true
+      - OCIS_EXCLUDE_RUN_SERVICES=idp
+      - OCIS_LOG_LEVEL=warn
+      - DEMO_USERS=false
+    volumes:
+      - /srv/ocis/data:/var/lib/ocis
+      - /srv/ocis/config:/etc/ocis
+    ports:
+      - 9200:9200
+    networks:
+      - npm-network
+
+networks:
+  npm-network:
+    external: true