depot/nixos/modules/services/web-apps/ocis.md
Luke Granger-Brown 57725ef3ec Squashed 'third_party/nixpkgs/' content from commit 76612b17c0ce
git-subtree-dir: third_party/nixpkgs
git-subtree-split: 76612b17c0ce71689921ca12d9ffdc9c23ce40b2
2024-11-10 23:59:47 +00:00

4.1 KiB

ownCloud Infinite Scale

ownCloud Infinite Scale (oCIS) is an open-source, modern file-sync and sharing platform. It is a ground-up rewrite of the well-known PHP based ownCloud server.

The server setup can be automated using services.ocis. The desktop client is packaged at pkgs.owncloud-client.

Basic usage

oCIS is a golang application and does not require an HTTP server (such as nginx) in front of it, though you may optionally use one if you will.

oCIS is configured using a combination of yaml and environment variables. It is recommended to familiarize yourself with upstream's available configuration options and deployment instructions:

A very basic configuration may look like this:

{ pkgs, ... }:
{
  services.ocis = {
    enable = true;
    configDir = "/etc/ocis/config";
  };
}

This will start the oCIS server and make it available at https://localhost:9200

However to make this configuration work you will need generate a configuration. You can do this with:

$ nix-shell -p ocis-bin
$ mkdir scratch/
$ cd scratch/
$ ocis init --config-path . --admin-password "changeme"

You may need to pass --insecure true or provide the OCIS_INSECURE = true; to services.ocis.environment, if TLS certificates are generated and managed externally (e.g. if you are using oCIS behind reverse proxy).

If you want to manage the config file in your nix configuration, then it is encouraged to use a secrets manager like sops-nix or agenix.

Be careful not to write files containing secrets to the globally readable nix store.

Please note that current NixOS module for oCIS is configured to run in fullstack mode, which starts all the services for owncloud on single instance. This will start multiple ocis services and listen on multiple other ports.

Current known services and their ports are as below:

Service Group Port
gateway api 9142
sharing api 9150
app-registry api 9242
ocdav web 45023
auth-machine api 9166
storage-system api 9215
webdav web 9115
webfinger web 46871
storage-system web 9216
web web 9100
eventhistory api 33177
ocs web 9110
storage-publiclink api 9178
settings web 9190
ocm api 9282
settings api 9191
ocm web 9280
app-provider api 9164
storage-users api 9157
auth-service api 9199
thumbnails web 9186
thumbnails api 9185
storage-shares api 9154
sse sse 46833
userlog userlog 45363
search api 9220
proxy web 9200
idp web 9130
frontend web 9140
groups api 9160
graph graph 9120
users api 9144
auth-basic api 9146

Configuration via environment variables

You can also eschew the config file entirely and pass everything to oCIS via environment variables. For this make use of services.ocis.environment for non-sensitive values, and services.ocis.environmentFile for sensitive values.

Configuration in (services.ocis.environment)mod-env overrides those from services.ocis.environmentFile and will have highest precedence