nixos-config/machines/weilite/services/ocis.nix

{ config, pkgs, ... }:
{
  services.ocis = {
    enable = true;
    package = pkgs.ocis;
    stateDir = "/var/lib/ocis";
    url = "https://drive.xinyang.life:8443";
    address = "127.0.0.1";
    port = 9200;
    configDir = "/var/lib/ocis/config";
    environment = {
      OCIS_INSECURE = "false";
      PROXY_TLS = "false";
      OCIS_LOG_LEVEL = "debug";
      OCIS_LOG_PRETTY = "true";
      PROXY_AUTOPROVISION_ACCOUNTS = "true";
      PROXY_USER_OIDC_CLAIM = "preferred_username";
      PROXY_OIDC_ISSUER = "https://auth.xinyang.life/oauth2/openid/owncloud-android";
      PROXY_OIDC_REWRITE_WELLKNOWN = "true";
      PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD = "none";
      OCIS_EXCLUDE_RUN_SERVICES = "idp";
      WEB_HTTP_ADDR = "127.0.0.1:12345";
      WEB_OIDC_METADATA_URL = "https://auth.xinyang.life/oauth2/openid/owncloud-android/.well-known/openid-configuration";
      WEB_OIDC_AUTHORITY = "https://auth.xinyang.life/oauth2/openid/owncloud-android";
      WEB_OIDC_CLIENT_ID = "owncloud-android";
    };
    # environmentFile = config.sops.secrets."ocis/env".path;
  };

  networking.firewall.allowedTCPPorts = [ 8443 ];
  services.caddy.virtualHosts."${config.services.ocis.url}".extraConfig = ''
    reverse_proxy ${config.services.ocis.address}:${toString config.services.ocis.port}
  '';
}
massicot,fix: switch to fix drive 2024-09-14 08:33:01 +00:00			`{ config, pkgs, ... }:`
			`{`
			`services.ocis = {`
			`enable = true;`
weilite/{restic,ocis}: add 2024-09-23 12:17:26 +00:00			`package = pkgs.ocis;`
massicot,fix: switch to fix drive 2024-09-14 08:33:01 +00:00			`stateDir = "/var/lib/ocis";`
			`url = "https://drive.xinyang.life:8443";`
			`address = "127.0.0.1";`
			`port = 9200;`
weilite/{restic,ocis}: add 2024-09-23 12:17:26 +00:00			`configDir = "/var/lib/ocis/config";`
massicot,fix: switch to fix drive 2024-09-14 08:33:01 +00:00			`environment = {`
			`OCIS_INSECURE = "false";`
weilite/{restic,ocis}: add 2024-09-23 12:17:26 +00:00			`PROXY_TLS = "false";`
			`OCIS_LOG_LEVEL = "debug";`
massicot,fix: switch to fix drive 2024-09-14 08:33:01 +00:00			`OCIS_LOG_PRETTY = "true";`
weilite/{restic,ocis}: add 2024-09-23 12:17:26 +00:00			`PROXY_AUTOPROVISION_ACCOUNTS = "true";`
			`PROXY_USER_OIDC_CLAIM = "preferred_username";`
fix oidc for ocis 2024-09-30 07:20:07 +00:00			`PROXY_OIDC_ISSUER = "https://auth.xinyang.life/oauth2/openid/owncloud-android";`
			`PROXY_OIDC_REWRITE_WELLKNOWN = "true";`
weilite/{restic,ocis}: add 2024-09-23 12:17:26 +00:00			`PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD = "none";`
massicot,fix: switch to fix drive 2024-09-14 08:33:01 +00:00			`OCIS_EXCLUDE_RUN_SERVICES = "idp";`
weilite/{restic,ocis}: add 2024-09-23 12:17:26 +00:00			`WEB_HTTP_ADDR = "127.0.0.1:12345";`
fix oidc for ocis 2024-09-30 07:20:07 +00:00			`WEB_OIDC_METADATA_URL = "https://auth.xinyang.life/oauth2/openid/owncloud-android/.well-known/openid-configuration";`
			`WEB_OIDC_AUTHORITY = "https://auth.xinyang.life/oauth2/openid/owncloud-android";`
			`WEB_OIDC_CLIENT_ID = "owncloud-android";`
massicot,fix: switch to fix drive 2024-09-14 08:33:01 +00:00			`};`
weilite/{restic,ocis}: add 2024-09-23 12:17:26 +00:00			`# environmentFile = config.sops.secrets."ocis/env".path;`
massicot,fix: switch to fix drive 2024-09-14 08:33:01 +00:00			`};`

weilite/{restic,ocis}: add 2024-09-23 12:17:26 +00:00			`networking.firewall.allowedTCPPorts = [ 8443 ];`
massicot,fix: switch to fix drive 2024-09-14 08:33:01 +00:00			`services.caddy.virtualHosts."${config.services.ocis.url}".extraConfig = ''`
weilite/{restic,ocis}: add 2024-09-23 12:17:26 +00:00			`reverse_proxy ${config.services.ocis.address}:${toString config.services.ocis.port}`
massicot,fix: switch to fix drive 2024-09-14 08:33:01 +00:00			`'';`
			`}`