pyrox.dev
1# ownCloud Infinite Scale {#module-services-ocis}
2
3[ownCloud Infinite Scale](https://owncloud.dev/ocis/) (oCIS) is an open-source,
4modern file-sync and sharing platform. It is a ground-up rewrite of the well-known PHP based ownCloud server.
5
6The server setup can be automated using
7[services.ocis](#opt-services.ocis.enable). The desktop client is packaged at
8`pkgs.owncloud-client`.
9
10## Basic usage {#module-services-ocis-basic-usage}
11
12oCIS is a golang application and does not require an HTTP server (such as nginx)
13in front of it, though you may optionally use one if you will.
14
15oCIS is configured using a combination of yaml and environment variables. It is
16recommended to familiarize yourself with upstream's available configuration
17options and deployment instructions:
18
19* [Getting Started](https://owncloud.dev/ocis/getting-started/)
20* [Configuration](https://owncloud.dev/ocis/config/)
21* [Basic Setup](https://owncloud.dev/ocis/deployment/basic-remote-setup/)
22
23A very basic configuration may look like this:
24```
25{ pkgs, ... }:
26{
27 services.ocis = {
28 enable = true;
29 configDir = "/etc/ocis/config";
30 };
31}
32```
33
34This will start the oCIS server and make it available at `https://localhost:9200`
35
36However to make this configuration work you will need generate a configuration.
37You can do this with:
38
39```console
40$ nix-shell -p ocis_5-bin
41$ mkdir scratch/
42$ cd scratch/
43$ ocis init --config-path . --admin-password "changeme"
44```
45
46You may need to pass `--insecure true` or provide the `OCIS_INSECURE = true;` to
47[`services.ocis.environment`][mod-envFile], if TLS certificates are generated
48and managed externally (e.g. if you are using oCIS behind reverse proxy).
49
50If you want to manage the config file in your nix configuration, then it is
51encouraged to use a secrets manager like sops-nix or agenix.
52
53Be careful not to write files containing secrets to the globally readable nix
54store.
55
56Please note that current NixOS module for oCIS is configured to run in `fullstack`
57mode, which starts all the services for owncloud on single instance. This will
58start multiple ocis services and listen on multiple other ports.
59
60Current known services and their ports are as below:
61
62| Service | Group | Port |
63|--------------------|---------|-------|
64| gateway | api | 9142 |
65| sharing | api | 9150 |
66| app-registry | api | 9242 |
67| ocdav | web | 45023 |
68| auth-machine | api | 9166 |
69| storage-system | api | 9215 |
70| webdav | web | 9115 |
71| webfinger | web | 46871 |
72| storage-system | web | 9216 |
73| web | web | 9100 |
74| eventhistory | api | 33177 |
75| ocs | web | 9110 |
76| storage-publiclink | api | 9178 |
77| settings | web | 9190 |
78| ocm | api | 9282 |
79| settings | api | 9191 |
80| ocm | web | 9280 |
81| app-provider | api | 9164 |
82| storage-users | api | 9157 |
83| auth-service | api | 9199 |
84| thumbnails | web | 9186 |
85| thumbnails | api | 9185 |
86| storage-shares | api | 9154 |
87| sse | sse | 46833 |
88| userlog | userlog | 45363 |
89| search | api | 9220 |
90| proxy | web | 9200 |
91| idp | web | 9130 |
92| frontend | web | 9140 |
93| groups | api | 9160 |
94| graph | graph | 9120 |
95| users | api | 9144 |
96| auth-basic | api | 9146 |
97
98## Configuration via environment variables
99
100You can also eschew the config file entirely and pass everything to oCIS via
101environment variables. For this make use of
102[`services.ocis.environment`][mod-env] for non-sensitive
103values, and
104[`services.ocis.environmentFile`][mod-envFile] for
105sensitive values.
106
107Configuration in [`services.ocis.environment`][mod-env] overrides those from
108[`services.ocis.environmentFile`][mod-envFile] and will have highest
109precedence
110
111
112[mod-env]: #opt-services.ocis.environment
113[mod-envFile]: #opt-services.ocis.environmentFile