114 lines
		
	
	
		
			4.1 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
		
		
			
		
	
	
			114 lines
		
	
	
		
			4.1 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
|   | # ownCloud Infinite Scale {#module-services-ocis}
 | ||
|  | 
 | ||
|  | [ownCloud Infinite Scale](https://owncloud.dev/ocis/) (oCIS) is an open-source, | ||
|  | modern file-sync and sharing platform. It is a ground-up rewrite of the well-known PHP based ownCloud server. | ||
|  | 
 | ||
|  | The server setup can be automated using | ||
|  | [services.ocis](#opt-services.ocis.enable). The desktop client is packaged at | ||
|  | `pkgs.owncloud-client`. | ||
|  | 
 | ||
|  | ## Basic usage {#module-services-ocis-basic-usage}
 | ||
|  | 
 | ||
|  | oCIS is a golang application and does not require an HTTP server (such as nginx) | ||
|  | in front of it, though you may optionally use one if you will. | ||
|  | 
 | ||
|  | oCIS is configured using a combination of yaml and environment variables. It is | ||
|  | recommended to familiarize yourself with upstream's available configuration | ||
|  | options and deployment instructions: | ||
|  | 
 | ||
|  | * [Getting Started](https://owncloud.dev/ocis/getting-started/) | ||
|  | * [Configuration](https://owncloud.dev/ocis/config/) | ||
|  | * [Basic Setup](https://owncloud.dev/ocis/deployment/basic-remote-setup/) | ||
|  | 
 | ||
|  | A very basic configuration may look like this: | ||
|  | ``` | ||
|  | { pkgs, ... }: | ||
|  | { | ||
|  |   services.ocis = { | ||
|  |     enable = true; | ||
|  |     configDir = "/etc/ocis/config"; | ||
|  |   }; | ||
|  | } | ||
|  | ``` | ||
|  | 
 | ||
|  | This will start the oCIS server and make it available at `https://localhost:9200` | ||
|  | 
 | ||
|  | However to make this configuration work you will need generate a configuration. | ||
|  | You can do this with: | ||
|  | 
 | ||
|  | ```console | ||
|  | $ nix-shell -p ocis-bin | ||
|  | $ mkdir scratch/ | ||
|  | $ cd scratch/ | ||
|  | $ ocis init --config-path . --admin-password "changeme" | ||
|  | ``` | ||
|  | 
 | ||
|  | You may need to pass `--insecure true` or provide the `OCIS_INSECURE = true;` to | ||
|  | [`services.ocis.environment`][mod-envFile], if TLS certificates are generated | ||
|  | and managed externally (e.g. if you are using oCIS behind reverse proxy). | ||
|  | 
 | ||
|  | If you want to manage the config file in your nix configuration, then it is | ||
|  | encouraged to use a secrets manager like sops-nix or agenix. | ||
|  | 
 | ||
|  | Be careful not to write files containing secrets to the globally readable nix | ||
|  | store. | ||
|  | 
 | ||
|  | Please note that current NixOS module for oCIS is configured to run in `fullstack` | ||
|  | mode, which starts all the services for owncloud on single instance. This will | ||
|  | start multiple ocis services and listen on multiple other ports. | ||
|  | 
 | ||
|  | Current known services and their ports are as below: | ||
|  | 
 | ||
|  | | Service            | Group   |  Port | | ||
|  | |--------------------|---------|-------| | ||
|  | | gateway            | api     |  9142 | | ||
|  | | sharing            | api     |  9150 | | ||
|  | | app-registry       | api     |  9242 | | ||
|  | | ocdav              | web     | 45023 | | ||
|  | | auth-machine       | api     |  9166 | | ||
|  | | storage-system     | api     |  9215 | | ||
|  | | webdav             | web     |  9115 | | ||
|  | | webfinger          | web     | 46871 | | ||
|  | | storage-system     | web     |  9216 | | ||
|  | | web                | web     |  9100 | | ||
|  | | eventhistory       | api     | 33177 | | ||
|  | | ocs                | web     |  9110 | | ||
|  | | storage-publiclink | api     |  9178 | | ||
|  | | settings           | web     |  9190 | | ||
|  | | ocm                | api     |  9282 | | ||
|  | | settings           | api     |  9191 | | ||
|  | | ocm                | web     |  9280 | | ||
|  | | app-provider       | api     |  9164 | | ||
|  | | storage-users      | api     |  9157 | | ||
|  | | auth-service       | api     |  9199 | | ||
|  | | thumbnails         | web     |  9186 | | ||
|  | | thumbnails         | api     |  9185 | | ||
|  | | storage-shares     | api     |  9154 | | ||
|  | | sse                | sse     | 46833 | | ||
|  | | userlog            | userlog | 45363 | | ||
|  | | search             | api     |  9220 | | ||
|  | | proxy              | web     |  9200 | | ||
|  | | idp                | web     |  9130 | | ||
|  | | frontend           | web     |  9140 | | ||
|  | | groups             | api     |  9160 | | ||
|  | | graph              | graph   |  9120 | | ||
|  | | users              | api     |  9144 | | ||
|  | | auth-basic         | api     |  9146 | | ||
|  | 
 | ||
|  | ## Configuration via environment variables
 | ||
|  | 
 | ||
|  | You can also eschew the config file entirely and pass everything to oCIS via | ||
|  | environment variables. For this make use of | ||
|  | [`services.ocis.environment`][mod-env] for non-sensitive | ||
|  | values, and | ||
|  | [`services.ocis.environmentFile`][mod-envFile] for | ||
|  | sensitive values. | ||
|  | 
 | ||
|  | Configuration in (`services.ocis.environment`)[mod-env] overrides those from | ||
|  | [`services.ocis.environmentFile`][mod-envFile] and will have highest | ||
|  | precedence | ||
|  | 
 | ||
|  | 
 | ||
|  | [mod-env]: #opt-services.ocis.environment | ||
|  | [mod-envFile]: #opt-services.ocis.environmentFile |