mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-17 19:21:04 +00:00
nixos/ocis: init at 5.0.0
Co-authored-by: Casey Link <unnamedrambler@gmail.com>
This commit is contained in:
parent
9f3798cd7b
commit
427bf67bed
|
@ -72,6 +72,8 @@ Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for Pi
|
|||
|
||||
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||
|
||||
- [ownCloud Infinite Scale Stack](https://owncloud.com/infinite-scale-4-0/), a modern and scalable rewrite of ownCloud.
|
||||
|
||||
- [Handheld Daemon](https://github.com/hhd-dev/hhd), support for gaming handhelds like the Legion Go, ROG Ally, and GPD Win. Available as [services.handheld-daemon](#opt-services.handheld-daemon.enable).
|
||||
|
||||
- [Guix](https://guix.gnu.org), a functional package manager inspired by Nix. Available as [services.guix](#opt-services.guix.enable).
|
||||
|
|
|
@ -1362,6 +1362,7 @@
|
|||
./services/web-apps/nexus.nix
|
||||
./services/web-apps/nifi.nix
|
||||
./services/web-apps/node-red.nix
|
||||
./services/web-apps/ocis.nix
|
||||
./services/web-apps/onlyoffice.nix
|
||||
./services/web-apps/openvscode-server.nix
|
||||
./services/web-apps/mobilizon.nix
|
||||
|
|
113
nixos/modules/services/web-apps/ocis.md
Normal file
113
nixos/modules/services/web-apps/ocis.md
Normal file
|
@ -0,0 +1,113 @@
|
|||
# ownCloud Infinite Scale {#module-services-ocis}
|
||||
|
||||
[ownCloud Infinite Scale](https://owncloud.dev/ocis/) (oCIS) is an open-source,
|
||||
modern file-sync and sharing platform. It is a ground-up rewrite of the well-known PHP based ownCloud server.
|
||||
|
||||
The server setup can be automated using
|
||||
[services.ocis](#opt-services.ocis.enable). The desktop client is packaged at
|
||||
`pkgs.owncloud-client`.
|
||||
|
||||
## Basic usage {#module-services-ocis-basic-usage}
|
||||
|
||||
oCIS is a golang application and does not require an HTTP server (such as nginx)
|
||||
in front of it, though you may optionally use one if you will.
|
||||
|
||||
oCIS is configured using a combination of yaml and environment variables. It is
|
||||
recommended to familiarize yourself with upstream's available configuration
|
||||
options and deployment instructions:
|
||||
|
||||
* [Getting Started](https://owncloud.dev/ocis/getting-started/)
|
||||
* [Configuration](https://owncloud.dev/ocis/config/)
|
||||
* [Basic Setup](https://owncloud.dev/ocis/deployment/basic-remote-setup/)
|
||||
|
||||
A very basic configuration may look like this:
|
||||
```
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
services.ocis = {
|
||||
enable = true;
|
||||
configDir = "/etc/ocis/config";
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
This will start the oCIS server and make it available at `https://localhost:9200`
|
||||
|
||||
However to make this configuration work you will need generate a configuration.
|
||||
You can do this with:
|
||||
|
||||
```console
|
||||
$ nix-shell -p ocis-bin
|
||||
$ mkdir scratch/
|
||||
$ cd scratch/
|
||||
$ ocis init --config-path . --admin-password "changeme"
|
||||
```
|
||||
|
||||
You may need to pass `--insecure true` or provide the `OCIS_INSECURE = true;` to
|
||||
[`services.ocis.environment`][mod-envFile], if TLS certificates are generated
|
||||
and managed externally (e.g. if you are using oCIS behind reverse proxy).
|
||||
|
||||
If you want to manage the config file in your nix configuration, then it is
|
||||
encouraged to use a secrets manager like sops-nix or agenix.
|
||||
|
||||
Be careful not to write files containing secrets to the globally readable nix
|
||||
store.
|
||||
|
||||
Please note that current NixOS module for oCIS is configured to run in `fullstack`
|
||||
mode, which starts all the services for owncloud on single instance. This will
|
||||
start multiple ocis services and listen on multiple other ports.
|
||||
|
||||
Current known services and their ports are as below:
|
||||
|
||||
| Service | Group | Port |
|
||||
|--------------------|---------|-------|
|
||||
| gateway | api | 9142 |
|
||||
| sharing | api | 9150 |
|
||||
| app-registry | api | 9242 |
|
||||
| ocdav | web | 45023 |
|
||||
| auth-machine | api | 9166 |
|
||||
| storage-system | api | 9215 |
|
||||
| webdav | web | 9115 |
|
||||
| webfinger | web | 46871 |
|
||||
| storage-system | web | 9216 |
|
||||
| web | web | 9100 |
|
||||
| eventhistory | api | 33177 |
|
||||
| ocs | web | 9110 |
|
||||
| storage-publiclink | api | 9178 |
|
||||
| settings | web | 9190 |
|
||||
| ocm | api | 9282 |
|
||||
| settings | api | 9191 |
|
||||
| ocm | web | 9280 |
|
||||
| app-provider | api | 9164 |
|
||||
| storage-users | api | 9157 |
|
||||
| auth-service | api | 9199 |
|
||||
| thumbnails | web | 9186 |
|
||||
| thumbnails | api | 9185 |
|
||||
| storage-shares | api | 9154 |
|
||||
| sse | sse | 46833 |
|
||||
| userlog | userlog | 45363 |
|
||||
| search | api | 9220 |
|
||||
| proxy | web | 9200 |
|
||||
| idp | web | 9130 |
|
||||
| frontend | web | 9140 |
|
||||
| groups | api | 9160 |
|
||||
| graph | graph | 9120 |
|
||||
| users | api | 9144 |
|
||||
| auth-basic | api | 9146 |
|
||||
|
||||
## Configuration via environment variables
|
||||
|
||||
You can also eschew the config file entirely and pass everything to oCIS via
|
||||
environment variables. For this make use of
|
||||
[`services.ocis.environment`][mod-env] for non-sensitive
|
||||
values, and
|
||||
[`services.ocis.environmentFile`][mod-envFile] for
|
||||
sensitive values.
|
||||
|
||||
Configuration in (`services.ocis.environment`)[mod-env] overrides those from
|
||||
[`services.ocis.environmentFile`][mod-envFile] and will have highest
|
||||
precedence
|
||||
|
||||
|
||||
[mod-env]: #opt-services.ocis.environment
|
||||
[mod-envFile]: #opt-services.ocis.environmentFile
|
201
nixos/modules/services/web-apps/ocis.nix
Normal file
201
nixos/modules/services/web-apps/ocis.nix
Normal file
|
@ -0,0 +1,201 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
inherit (lib) types;
|
||||
cfg = config.services.ocis;
|
||||
defaultUser = "ocis";
|
||||
defaultGroup = defaultUser;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.ocis = {
|
||||
enable = lib.mkEnableOption "ownCloud Infinite Scale";
|
||||
|
||||
package = lib.mkPackageOption pkgs "ocis-bin" { };
|
||||
|
||||
configDir = lib.mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
example = "/var/lib/ocis/config";
|
||||
description = lib.mdDoc ''
|
||||
Path to directory containing oCIS config file.
|
||||
|
||||
Example config can be generated by `ocis init --config-path fileName --admin-password "adminPass"`.
|
||||
Add `--insecure true` if SSL certificates are generated and managed externally (e.g. using oCIS behind reverse proxy).
|
||||
|
||||
Note: This directory must contain at least a `ocis.yaml`. Ensure
|
||||
[user](#opt-services.ocis.user) has read/write access to it. In some
|
||||
circumstances you may need to add additional oCIS configuration files (e.g.,
|
||||
`proxy.yaml`) to this directory.
|
||||
'';
|
||||
};
|
||||
|
||||
environmentFile = lib.mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
example = "/run/keys/ocis.env";
|
||||
description = lib.mdDoc ''
|
||||
An environment file as defined in {manpage}`systemd.exec(5)`.
|
||||
|
||||
Configuration provided in this file will override those from [configDir](#opt-services.ocis.configDir)/ocis.yaml.
|
||||
'';
|
||||
};
|
||||
|
||||
user = lib.mkOption {
|
||||
type = types.str;
|
||||
default = defaultUser;
|
||||
example = "yourUser";
|
||||
description = lib.mdDoc ''
|
||||
The user to run oCIS as.
|
||||
By default, a user named `${defaultUser}` will be created whose home
|
||||
directory is [stateDir](#opt-services.ocis.stateDir).
|
||||
'';
|
||||
};
|
||||
|
||||
group = lib.mkOption {
|
||||
type = types.str;
|
||||
default = defaultGroup;
|
||||
example = "yourGroup";
|
||||
description = lib.mdDoc ''
|
||||
The group to run oCIS under.
|
||||
By default, a group named `${defaultGroup}` will be created.
|
||||
'';
|
||||
};
|
||||
|
||||
address = lib.mkOption {
|
||||
type = types.str;
|
||||
default = "127.0.0.1";
|
||||
description = "Web interface address.";
|
||||
};
|
||||
|
||||
port = lib.mkOption {
|
||||
type = types.port;
|
||||
default = 9200;
|
||||
description = "Web interface port.";
|
||||
};
|
||||
|
||||
url = lib.mkOption {
|
||||
type = types.str;
|
||||
default = "https://localhost:9200";
|
||||
example = "https://some-hostname-or-ip:9200";
|
||||
description = "Web interface address.";
|
||||
};
|
||||
|
||||
stateDir = lib.mkOption {
|
||||
default = "/var/lib/ocis";
|
||||
type = types.str;
|
||||
description = "ownCloud data directory.";
|
||||
};
|
||||
|
||||
environment = lib.mkOption {
|
||||
type = types.attrsOf types.str;
|
||||
default = { };
|
||||
description = lib.mdDoc ''
|
||||
Extra config options.
|
||||
|
||||
See [the documentation](https://doc.owncloud.com/ocis/next/deployment/services/services.html) for available options.
|
||||
See [notes for environment variables](https://doc.owncloud.com/ocis/next/deployment/services/env-var-note.html) for more information.
|
||||
|
||||
Note that all the attributes here will be copied to /nix/store/ and will be world readable. Options like *_PASSWORD or *_SECRET should be part of [environmentFile](#opt-services.ocis.environmentFile) instead, and are only provided here for illustrative purpose.
|
||||
|
||||
Configuration here will override those from [environmentFile](#opt-services.ocis.environmentFile) and will have highest precedence, at the cost of security. Do NOT put security sensitive stuff here.
|
||||
'';
|
||||
example = {
|
||||
OCIS_INSECURE = "false";
|
||||
OCIS_LOG_LEVEL = "error";
|
||||
OCIS_JWT_SECRET = "super_secret";
|
||||
OCIS_TRANSFER_SECRET = "foo";
|
||||
OCIS_MACHINE_AUTH_API_KEY = "foo";
|
||||
OCIS_SYSTEM_USER_ID = "123";
|
||||
OCIS_MOUNT_ID = "123";
|
||||
OCIS_STORAGE_USERS_MOUNT_ID = "123";
|
||||
GATEWAY_STORAGE_USERS_MOUNT_ID = "123";
|
||||
CS3_ALLOW_INSECURE = "true";
|
||||
OCIS_INSECURE_BACKENDS = "true";
|
||||
TLS_INSECURE = "true";
|
||||
TLS_SKIP_VERIFY_CLIENT_CERT = "true";
|
||||
WEBDAV_ALLOW_INSECURE = "true";
|
||||
IDP_TLS = "false";
|
||||
GRAPH_APPLICATION_ID = "1234";
|
||||
IDM_IDPSVC_PASSWORD = "password";
|
||||
IDM_REVASVC_PASSWORD = "password";
|
||||
IDM_SVC_PASSWORD = "password";
|
||||
IDP_ISS = "https://localhost:9200";
|
||||
OCIS_LDAP_BIND_PASSWORD = "password";
|
||||
OCIS_SERVICE_ACCOUNT_ID = "foo";
|
||||
OCIS_SERVICE_ACCOUNT_SECRET = "foo";
|
||||
OCIS_SYSTEM_USER_API_KEY = "foo";
|
||||
STORAGE_USERS_MOUNT_ID = "123";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
users.users.${defaultUser} = lib.mkIf (cfg.user == defaultUser) {
|
||||
group = cfg.group;
|
||||
home = cfg.stateDir;
|
||||
isSystemUser = true;
|
||||
createHome = true;
|
||||
description = "ownCloud Infinite Scale daemon user";
|
||||
};
|
||||
|
||||
users.groups = lib.mkIf (cfg.group == defaultGroup) { ${defaultGroup} = { }; };
|
||||
|
||||
systemd = {
|
||||
services.ocis = {
|
||||
description = "ownCloud Infinite Scale Stack";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
environment = {
|
||||
PROXY_HTTP_ADDR = "${cfg.address}:${toString cfg.port}";
|
||||
OCIS_URL = cfg.url;
|
||||
OCIS_CONFIG_DIR = if (cfg.configDir == null) then "${cfg.stateDir}/config" else cfg.configDir;
|
||||
OCIS_BASE_DATA_PATH = cfg.stateDir;
|
||||
} // cfg.environment;
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
ExecStart = "${lib.getExe cfg.package} server";
|
||||
WorkingDirectory = cfg.stateDir;
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
Restart = "always";
|
||||
EnvironmentFile = lib.optional (cfg.environmentFile != null) cfg.environmentFile;
|
||||
ReadWritePaths = [ cfg.stateDir ];
|
||||
ReadOnlyPaths = [ cfg.configDir ];
|
||||
MemoryDenyWriteExecute = true;
|
||||
NoNewPrivileges = true;
|
||||
PrivateTmp = true;
|
||||
PrivateDevices = true;
|
||||
ProtectSystem = "strict";
|
||||
ProtectHome = true;
|
||||
ProtectControlGroups = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectKernelLogs = true;
|
||||
RestrictAddressFamilies = [
|
||||
"AF_UNIX"
|
||||
"AF_INET"
|
||||
"AF_INET6"
|
||||
"AF_NETLINK"
|
||||
];
|
||||
RestrictNamespaces = true;
|
||||
RestrictRealtime = true;
|
||||
RestrictSUIDSGID = true;
|
||||
LockPersonality = true;
|
||||
SystemCallArchitectures = "native";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
meta.maintainers = with lib.maintainers; [
|
||||
bhankas
|
||||
danth
|
||||
ramblurr
|
||||
];
|
||||
}
|
|
@ -648,6 +648,7 @@ in {
|
|||
nvmetcfg = handleTest ./nvmetcfg.nix {};
|
||||
nzbget = handleTest ./nzbget.nix {};
|
||||
nzbhydra2 = handleTest ./nzbhydra2.nix {};
|
||||
ocis = handleTest ./ocis.nix {};
|
||||
oh-my-zsh = handleTest ./oh-my-zsh.nix {};
|
||||
ollama = handleTest ./ollama.nix {};
|
||||
ombi = handleTest ./ombi.nix {};
|
||||
|
|
217
nixos/tests/ocis.nix
Normal file
217
nixos/tests/ocis.nix
Normal file
|
@ -0,0 +1,217 @@
|
|||
import ./make-test-python.nix (
|
||||
{ lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
# this is a demo user created by IDM_CREATE_DEMO_USERS=true
|
||||
demoUser = "einstein";
|
||||
demoPassword = "relativity";
|
||||
|
||||
adminUser = "admin";
|
||||
adminPassword = "hunter2";
|
||||
testRunner =
|
||||
pkgs.writers.writePython3Bin "test-runner"
|
||||
{
|
||||
libraries = [ pkgs.python3Packages.selenium ];
|
||||
flakeIgnore = [ "E501" ];
|
||||
}
|
||||
''
|
||||
import sys
|
||||
from selenium.webdriver.common.by import By
|
||||
from selenium.webdriver import Firefox
|
||||
from selenium.webdriver.firefox.options import Options
|
||||
from selenium.webdriver.support.ui import WebDriverWait
|
||||
from selenium.webdriver.support import expected_conditions as EC
|
||||
|
||||
options = Options()
|
||||
options.add_argument('--headless')
|
||||
driver = Firefox(options=options)
|
||||
|
||||
user = sys.argv[1]
|
||||
password = sys.argv[2]
|
||||
driver.implicitly_wait(20)
|
||||
driver.get('https://localhost:9200/login')
|
||||
wait = WebDriverWait(driver, 10)
|
||||
wait.until(EC.title_contains("Sign in"))
|
||||
driver.find_element(By.XPATH, '//*[@id="oc-login-username"]').send_keys(user)
|
||||
driver.find_element(By.XPATH, '//*[@id="oc-login-password"]').send_keys(password)
|
||||
driver.find_element(By.XPATH, '//*[@id="root"]//button').click()
|
||||
wait.until(EC.title_contains("Personal"))
|
||||
'';
|
||||
|
||||
# This was generated with `ocis init --config-path testconfig/ --admin-password "hunter2" --insecure true`.
|
||||
testConfig = ''
|
||||
token_manager:
|
||||
jwt_secret: kaKYgfso*d9GA-yTM.&BTOUEuMz%Ai0H
|
||||
machine_auth_api_key: sGWRG1JZ&qe&pe@N1HKK4#qH*B&@xLnO
|
||||
system_user_api_key: h+m4aHPUtOtUJFKrc5B2=04C=7fDZaT-
|
||||
transfer_secret: 4-R6AfUjQn0P&+h2+$skf0lJqmre$j=x
|
||||
system_user_id: db180e0a-b38a-4edf-a4cd-a3d358248537
|
||||
admin_user_id: ea623f50-742d-4fd0-95bb-c61767b070d4
|
||||
graph:
|
||||
application:
|
||||
id: 11971eab-d560-4b95-a2d4-50726676bbd0
|
||||
events:
|
||||
tls_insecure: true
|
||||
spaces:
|
||||
insecure: true
|
||||
identity:
|
||||
ldap:
|
||||
bind_password: ^F&Vn7@mYGYGuxr$#qm^gGy@FVq=.w=y
|
||||
service_account:
|
||||
service_account_id: df39a290-3f3e-4e39-b67b-8b810ca2abac
|
||||
service_account_secret: .demKypQ$=pGl+yRar!#YaFjLYCr4YwE
|
||||
idp:
|
||||
ldap:
|
||||
bind_password: bv53IjS28x.nxth*%aRbE70%4TGNXbLU
|
||||
idm:
|
||||
service_user_passwords:
|
||||
admin_password: hunter2
|
||||
idm_password: ^F&Vn7@mYGYGuxr$#qm^gGy@FVq=.w=y
|
||||
reva_password: z-%@fWipLliR8lD#fl.0teC#9QbhJ^eb
|
||||
idp_password: bv53IjS28x.nxth*%aRbE70%4TGNXbLU
|
||||
proxy:
|
||||
oidc:
|
||||
insecure: true
|
||||
insecure_backends: true
|
||||
service_account:
|
||||
service_account_id: df39a290-3f3e-4e39-b67b-8b810ca2abac
|
||||
service_account_secret: .demKypQ$=pGl+yRar!#YaFjLYCr4YwE
|
||||
frontend:
|
||||
app_handler:
|
||||
insecure: true
|
||||
archiver:
|
||||
insecure: true
|
||||
service_account:
|
||||
service_account_id: df39a290-3f3e-4e39-b67b-8b810ca2abac
|
||||
service_account_secret: .demKypQ$=pGl+yRar!#YaFjLYCr4YwE
|
||||
auth_basic:
|
||||
auth_providers:
|
||||
ldap:
|
||||
bind_password: z-%@fWipLliR8lD#fl.0teC#9QbhJ^eb
|
||||
auth_bearer:
|
||||
auth_providers:
|
||||
oidc:
|
||||
insecure: true
|
||||
users:
|
||||
drivers:
|
||||
ldap:
|
||||
bind_password: z-%@fWipLliR8lD#fl.0teC#9QbhJ^eb
|
||||
groups:
|
||||
drivers:
|
||||
ldap:
|
||||
bind_password: z-%@fWipLliR8lD#fl.0teC#9QbhJ^eb
|
||||
ocdav:
|
||||
insecure: true
|
||||
ocm:
|
||||
service_account:
|
||||
service_account_id: df39a290-3f3e-4e39-b67b-8b810ca2abac
|
||||
service_account_secret: .demKypQ$=pGl+yRar!#YaFjLYCr4YwE
|
||||
thumbnails:
|
||||
thumbnail:
|
||||
transfer_secret: 2%11!zAu*AYE&=d*8dfoZs8jK&5ZMm*%
|
||||
webdav_allow_insecure: true
|
||||
cs3_allow_insecure: true
|
||||
search:
|
||||
events:
|
||||
tls_insecure: true
|
||||
service_account:
|
||||
service_account_id: df39a290-3f3e-4e39-b67b-8b810ca2abac
|
||||
service_account_secret: .demKypQ$=pGl+yRar!#YaFjLYCr4YwE
|
||||
audit:
|
||||
events:
|
||||
tls_insecure: true
|
||||
settings:
|
||||
service_account_ids:
|
||||
- df39a290-3f3e-4e39-b67b-8b810ca2abac
|
||||
sharing:
|
||||
events:
|
||||
tls_insecure: true
|
||||
storage_users:
|
||||
events:
|
||||
tls_insecure: true
|
||||
mount_id: ef72cb8b-809c-4592-bfd2-1df603295205
|
||||
service_account:
|
||||
service_account_id: df39a290-3f3e-4e39-b67b-8b810ca2abac
|
||||
service_account_secret: .demKypQ$=pGl+yRar!#YaFjLYCr4YwE
|
||||
notifications:
|
||||
notifications:
|
||||
events:
|
||||
tls_insecure: true
|
||||
service_account:
|
||||
service_account_id: df39a290-3f3e-4e39-b67b-8b810ca2abac
|
||||
service_account_secret: .demKypQ$=pGl+yRar!#YaFjLYCr4YwE
|
||||
nats:
|
||||
nats:
|
||||
tls_skip_verify_client_cert: true
|
||||
gateway:
|
||||
storage_registry:
|
||||
storage_users_mount_id: ef72cb8b-809c-4592-bfd2-1df603295205
|
||||
userlog:
|
||||
service_account:
|
||||
service_account_id: df39a290-3f3e-4e39-b67b-8b810ca2abac
|
||||
service_account_secret: .demKypQ$=pGl+yRar!#YaFjLYCr4YwE
|
||||
auth_service:
|
||||
service_account:
|
||||
service_account_id: df39a290-3f3e-4e39-b67b-8b810ca2abac
|
||||
service_account_secret: .demKypQ$=pGl+yRar!#YaFjLYCr4YwE
|
||||
clientlog:
|
||||
service_account:
|
||||
service_account_id: df39a290-3f3e-4e39-b67b-8b810ca2abac
|
||||
service_account_secret: .demKypQ$=pGl+yRar!#YaFjLYCr4YwE'';
|
||||
in
|
||||
|
||||
{
|
||||
name = "ocis";
|
||||
|
||||
meta.maintainers = with lib.maintainers; [
|
||||
bhankas
|
||||
ramblurr
|
||||
];
|
||||
|
||||
nodes.machine =
|
||||
{ config, ... }:
|
||||
{
|
||||
virtualisation.memorySize = 2048;
|
||||
environment.systemPackages = [
|
||||
pkgs.firefox-unwrapped
|
||||
pkgs.geckodriver
|
||||
testRunner
|
||||
];
|
||||
|
||||
# if you do this in production, dont put secrets in this file because it will be written to the world readable nix store
|
||||
environment.etc."ocis/ocis.env".text = ''
|
||||
ADMIN_PASSWORD=${adminPassword}
|
||||
IDM_CREATE_DEMO_USERS=true
|
||||
'';
|
||||
|
||||
# if you do this in production, dont put secrets in this file because it will be written to the world readable nix store
|
||||
environment.etc."ocis/config/ocis.yaml".text = testConfig;
|
||||
|
||||
services.ocis = {
|
||||
enable = true;
|
||||
configDir = "/etc/ocis/config";
|
||||
environment = {
|
||||
OCIS_INSECURE = "true";
|
||||
};
|
||||
environmentFile = "/etc/ocis/ocis.env";
|
||||
};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
start_all()
|
||||
machine.wait_for_unit("ocis.service")
|
||||
machine.wait_for_open_port(9200)
|
||||
# wait for ocis to fully come up
|
||||
machine.sleep(5)
|
||||
|
||||
with subtest("ocis bin works"):
|
||||
machine.succeed("${lib.getExe pkgs.ocis-bin} version")
|
||||
|
||||
with subtest("use the web interface to log in with a demo user"):
|
||||
machine.succeed("PYTHONUNBUFFERED=1 systemd-cat -t test-runner test-runner ${demoUser} ${demoPassword}")
|
||||
|
||||
with subtest("use the web interface to log in with the provisioned admin user"):
|
||||
machine.succeed("PYTHONUNBUFFERED=1 systemd-cat -t test-runner test-runner ${adminUser} ${adminPassword}")
|
||||
'';
|
||||
}
|
||||
)
|
|
@ -46,9 +46,11 @@ stdenv.mkDerivation (finalAttrs: {
|
|||
license = licenses.unfree;
|
||||
maintainers = with maintainers; [
|
||||
ramblurr
|
||||
payas
|
||||
bhankas
|
||||
danth
|
||||
ramblurr
|
||||
];
|
||||
sourceProvenance = [ sourceTypes.binaryNativeCode ];
|
||||
mainProgram = "ocis";
|
||||
};
|
||||
})
|
||||
|
|
Loading…
Reference in a new issue