13 File Sharing

Note

oCIS at files.dunn.dev — expiring share links for outsiders, remote family file access, replacing Samba.

13.1 Why oCIS

oCIS (ownCloud Infinite Scale) is a rewrite of ownCloud in Go: single binary, no PHP, no external database
Native OIDC support (built-in, not bolted on)
Web UI, desktop sync clients, and mobile apps
Spaces model lets you create shared folders with fine-grained permissions

13.2 OIDC integration with Authentik

oCIS delegates all authentication to Authentik via OIDC
Users and groups managed in Authentik, reflected in oCIS automatically

13.3 Quadlet deployment

Pod: ocis-server + Caddy sidecar
ZFS dataset: /zfs/safe/files (NVMe pool for file metadata and storage)
Pod publishes on loopback; Envoy routes files.dunn.dev via SNI
Caddy Caddyfile includes forward_auth against Authentik

13.4 Replacing Samba

Traditional home file sharing via Samba/SMB requires the client to be on the local network (or VPN)
oCIS provides HTTPS-based file access from anywhere, with proper authentication
Desktop sync clients replace mapped network drives for family members who need offline access

# File Sharing

::: {.callout-note}
[oCIS](https://owncloud.dev/ocis/) at `files.dunn.dev` — expiring share links for outsiders, remote family file access, replacing Samba.
:::

## Why oCIS

- [oCIS](https://owncloud.dev/ocis/) (ownCloud Infinite Scale) is a rewrite of ownCloud in Go: single binary, no PHP, no external database
- Native OIDC support (built-in, not bolted on)
- Web UI, desktop sync clients, and mobile apps
- Spaces model lets you create shared folders with fine-grained permissions

## OIDC integration with Authentik

- oCIS delegates all authentication to Authentik via OIDC
- Users and groups managed in Authentik, reflected in oCIS automatically

## Quadlet deployment

- Pod: ocis-server + Caddy sidecar
- ZFS dataset: `/zfs/safe/files` (NVMe pool for file metadata and storage)
- Pod publishes on loopback; Envoy routes `files.dunn.dev` via SNI
- Caddy Caddyfile includes `forward_auth` against Authentik

## Replacing Samba

- Traditional home file sharing via [Samba](https://www.samba.org/)/SMB requires the client to be on the local network (or VPN)
- oCIS provides HTTPS-based file access from anywhere, with proper authentication
- Desktop sync clients replace mapped network drives for family members who need offline access

## Expiring share links

- oCIS supports share links with expiration dates and optional passwords
- Useful for sharing files with people outside the family (contractors, extended family, etc.) without creating accounts
- Links expire automatically; no cleanup required