---services: opencloud: image: ${OC_DOCKER_IMAGE:-opencloudeu/openclou

1. ---
2. services:
3.   opencloud:
4.     image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud-rolling}:${OC_DOCKER_TAG:-latest}
5.     user: ${OC_CONTAINER_UID_GID:-1000:1000}
6.     networks:
7.       opencloud-net:
8.     entrypoint:
9.      - /bin/sh
10.     command: ["-c", "opencloud init || true; opencloud server"]
11.     environment:
12.      # enable services that are not started automatically
13.       OC_ADD_RUN_SERVICES: ${START_ADDITIONAL_SERVICES}
14.       OC_URL: https://${OC_DOMAIN:-cloud.opencloud.test}${TRAEFIK_PORT_HTTPS:+:}${TRAEFIK_PORT_HTTPS:-}
15.       OC_LOG_LEVEL: ${LOG_LEVEL:-info}
16.       OC_LOG_COLOR: "${LOG_PRETTY:-false}"
17.       OC_LOG_PRETTY: "${LOG_PRETTY:-false}"
18.       OC_INSECURE: "${INSECURE:-false}"
19.       PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}"
20.       PROXY_TLS: false
21.       IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}"
22.       IDM_ADMIN_PASSWORD: "${INITIAL_ADMIN_PASSWORD}"
23.       FRONTEND_ARCHIVER_MAX_SIZE: "10000000000"
24.       FRONTEND_CHECK_FOR_UPDATES: "${CHECK_FOR_UPDATES:-true}"
25.       PROXY_CSP_CONFIG_FILE_LOCATION: /etc/opencloud/csp.yaml
26.       # enable to allow using the banned passwords list
27.       OC_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: banned-password-list.txt
28.       # control the password enforcement and policy for public shares
29.       OC_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD: "${OC_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD:-true}"
30.       OC_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD: "${OC_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD:-true}"
31.       OC_PASSWORD_POLICY_DISABLED: "${OC_PASSWORD_POLICY_DISABLED:-false}"
32.       OC_PASSWORD_POLICY_MIN_CHARACTERS: "${OC_PASSWORD_POLICY_MIN_CHARACTERS:-8}"
33.       OC_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS: "${OC_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS:-1}"
34.       OC_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS: "${OC_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS:-1}"
35.       OC_PASSWORD_POLICY_MIN_DIGITS: "${OC_PASSWORD_POLICY_MIN_DIGITS:-1}"
36.       OC_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS: "${OC_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS:-1}"
37.       # SSO
38.       OC_OIDC_ISSUER: https://pocketid.***.de
39.       PROXY_OIDC_REWRITE_WELLKNOWN: true
40.       PROXY_USER_OIDC_CLAIM: preferred_username
41.       PROXY_USER_CS3_CLAIM: username
42.       PROXY_AUTOPROVISION_ACCOUNTS: true
43.       PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD: none
44.       PROXY_ROLE_ASSIGNMENT_DRIVER: oidc
45.       GRAPH_ASSIGN_DEFAULT_USER_ROLE: false
46.       #WEB_OIDC_CLIENT_ID: c34cc0cd-ac53-40ce-a490-dbd36d7f00cc  #Pocket ID autogenerated ID
47.       WEB_OIDC_CLIENT_ID: web
48.       WEB_OIDC_METADATA_URL: https://pocketid.***.de/.well-known/openid-configuration
49.     volumes:
50.      - ./config/opencloud/csp.yaml:/etc/opencloud/csp.yaml
51.       - ./config/opencloud/banned-password-list.txt:/etc/opencloud/banned-password-list.txt
52.       # configure the .env file to use own paths instead of docker internal volumes
53.       - ${OC_CONFIG_DIR:-opencloud-config}:/etc/opencloud
54.       - ${OC_DATA_DIR:-opencloud-data}:/var/lib/opencloud
55.       - ${OC_APPS_DIR:-./config/opencloud/apps}:/var/lib/opencloud/web/assets/apps
56.     logging:
57.       driver: ${LOG_DRIVER:-local}
58.     restart: always
59.  
60. volumes:
61.   opencloud-config:
62.   opencloud-data:
64. networks:
65.  opencloud-net: