From 53507d63f6a8d9bacb08c3de5411b2c6a976ff5e Mon Sep 17 00:00:00 2001 From: K900 Date: Tue, 20 May 2025 12:53:26 +0300 Subject: [PATCH 1/4] opencloud: init at 2.3.0 Co-authored-by: Christoph Heiss --- pkgs/by-name/op/opencloud/package.nix | 116 ++++++++++++++++++++++++++ 1 file changed, 116 insertions(+) create mode 100644 pkgs/by-name/op/opencloud/package.nix diff --git a/pkgs/by-name/op/opencloud/package.nix b/pkgs/by-name/op/opencloud/package.nix new file mode 100644 index 000000000000..089e33c8ae7c --- /dev/null +++ b/pkgs/by-name/op/opencloud/package.nix @@ -0,0 +1,116 @@ +{ + lib, + buildGoModule, + fetchFromGitHub, + ncurses, + gettext, + pigeon, + go-mockery, + protoc-go-inject-tag, + libxcrypt, + vips, + pkg-config, + nixosTests, + nix-update-script, + versionCheckHook, +}: + +let + bingoBinsMakefile = builtins.concatStringsSep "\n" ( + lib.mapAttrsToList (n: v: "${n} := ${v}\n\\$(${n}):") { + GO_XGETTEXT = "xgettext"; + MOCKERY = "mockery"; + PIGEON = "pigeon"; + PROTOC_GO_INJECT_TAG = "protoc-go-inject-tag"; + } + ); +in +buildGoModule rec { + pname = "opencloud"; + version = "2.3.0"; + + src = fetchFromGitHub { + owner = "opencloud-eu"; + repo = "opencloud"; + tag = "v${version}"; + hash = "sha256-IIasFyKF28ynYi8bAmx8LddF0OWB1/Hji6Ovp5pm9QE="; + }; + + postPatch = '' + echo "${bingoBinsMakefile}" >.bingo/Variables.mk + + # tries to build web assets, done separately + substituteInPlace services/idp/Makefile \ + --replace-fail 'node-generate-prod: assets' 'node-generate-prod:' + # tries to download something web assets .. + substituteInPlace services/web/Makefile \ + --replace-fail 'node-generate-prod: download-assets' 'node-generate-prod:' + + # tries to build some random binaries off the internet and + # no need to build protobuf bindings anyway, as they are in-repo already + sed -i -e '/\$(BINGO) get/d' -e '/\$(BUF) generate/d' .make/protobuf.mk + ''; + + vendorHash = null; + + preConfigure = '' + export HOME=$(mktemp -d) + make generate + ''; + + ldflags = [ + "-s" + "-w" + "-X" + "github.com/opencloud-eu/opencloud/pkg/version.String=nixos" + "-X" + "github.com/opencloud-eu/opencloud/pkg/version.Tag=${version}" + "-X" + "github.com/opencloud-eu/opencloud/pkg/version.Date=19700101" + ]; + + tags = [ "enable_vips" ]; + + nativeBuildInputs = [ + ncurses + gettext + pigeon + go-mockery + protoc-go-inject-tag + pkg-config + ]; + + buildInputs = [ + libxcrypt + vips + ]; + + env = { + # avoids 'make generate' calling `git`, otherwise no-op + STRING = version; + VERSION = version; + }; + + excludedPackages = [ "tests/*" ]; + + passthru = { + tests = { inherit (nixosTests) opencloud; }; + updateScript = nix-update-script { }; + }; + + doInstallCheck = true; + nativeInstallCheckInputs = [ versionCheckHook ]; + versionCheckProgramArg = [ "version" ]; + + meta = { + description = "OpenCloud gives you a secure and private way to store, access, and share your files."; + homepage = "https://github.com/opencloud-eu/opencloud"; + changelog = "https://github.com/opencloud-eu/opencloud/blob/v${version}/CHANGELOG.md"; + license = lib.licenses.asl20; + maintainers = with lib.maintainers; [ + christoph-heiss + k900 + ]; + mainProgram = "opencloud"; + }; +} From 733af62ab3580af9b8ba0ac950ddfda12e9ba111 Mon Sep 17 00:00:00 2001 From: K900 Date: Tue, 20 May 2025 12:53:33 +0300 Subject: [PATCH 2/4] opencloud-web: init at 2.4.0 Co-authored-by: Christoph Heiss --- pkgs/by-name/op/opencloud/package.nix | 2 + pkgs/by-name/op/opencloud/web.nix | 57 +++++++++++++++++++++++++++ 2 files changed, 59 insertions(+) create mode 100644 pkgs/by-name/op/opencloud/web.nix diff --git a/pkgs/by-name/op/opencloud/package.nix b/pkgs/by-name/op/opencloud/package.nix index 089e33c8ae7c..3362c1459bf1 100644 --- a/pkgs/by-name/op/opencloud/package.nix +++ b/pkgs/by-name/op/opencloud/package.nix @@ -1,5 +1,6 @@ { lib, + callPackage, buildGoModule, fetchFromGitHub, ncurses, @@ -94,6 +95,7 @@ buildGoModule rec { excludedPackages = [ "tests/*" ]; passthru = { + web = callPackage ./web.nix { }; tests = { inherit (nixosTests) opencloud; }; updateScript = nix-update-script { }; }; diff --git a/pkgs/by-name/op/opencloud/web.nix b/pkgs/by-name/op/opencloud/web.nix new file mode 100644 index 000000000000..665ca2fd8586 --- /dev/null +++ b/pkgs/by-name/op/opencloud/web.nix @@ -0,0 +1,57 @@ +{ + lib, + stdenvNoCC, + fetchFromGitHub, + nodejs, + pnpm_10, + nix-update-script, +}: + +stdenvNoCC.mkDerivation (finalAttrs: { + pname = "opencloud-web"; + version = "2.4.0"; + + src = fetchFromGitHub { + owner = "opencloud-eu"; + repo = "web"; + tag = "v${finalAttrs.version}"; + hash = "sha256-64Dwkx5IEwlaIX1z6Roi6cSWB2ETBldQcNWxgWiUX18="; + }; + + pnpmDeps = pnpm_10.fetchDeps { + inherit (finalAttrs) pname version src; + hash = "sha256-UKgtthdRnI+iR4Qn07nabQOzWZFATjIfrQfwxhKJkx8="; + }; + + nativeBuildInputs = [ + nodejs + pnpm_10.configHook + ]; + + buildPhase = '' + runHook preBuild + pnpm build + runHook postBuild + ''; + + installPhase = '' + runHook preInstall + mkdir $out + cp -r dist/* $out + runHook postInstall + ''; + + passthru.updateScript = nix-update-script { }; + + meta = { + description = "Web UI for OpenCloud built with Vue.js and TypeScript"; + homepage = "https://github.com/opencloud-eu/web"; + changelog = "https://github.com/opencloud-eu/web/blob/${finalAttrs.version}/CHANGELOG.md"; + license = lib.licenses.agpl3Only; + maintainers = with lib.maintainers; [ + christoph-heiss + k900 + ]; + platforms = lib.platforms.all; + }; +}) From 3c20fdf1f83773473aeac99e1f5b85c91211307f Mon Sep 17 00:00:00 2001 From: K900 Date: Tue, 20 May 2025 12:53:38 +0300 Subject: [PATCH 3/4] opencloud-idp-web: init at 2.3.0 Co-authored-by: Christoph Heiss --- pkgs/by-name/op/opencloud/idp-web.nix | 55 +++++++++++++++++++++++++++ pkgs/by-name/op/opencloud/package.nix | 1 + 2 files changed, 56 insertions(+) create mode 100644 pkgs/by-name/op/opencloud/idp-web.nix diff --git a/pkgs/by-name/op/opencloud/idp-web.nix b/pkgs/by-name/op/opencloud/idp-web.nix new file mode 100644 index 000000000000..914915399118 --- /dev/null +++ b/pkgs/by-name/op/opencloud/idp-web.nix @@ -0,0 +1,55 @@ +{ + stdenvNoCC, + lib, + opencloud, + pnpm_10, + nodejs, +}: + +stdenvNoCC.mkDerivation (finalAttrs: { + pname = "opencloud-idp-web"; + + inherit (opencloud) version src; + + pnpmRoot = "services/idp"; + + pnpmDeps = pnpm_10.fetchDeps { + inherit (finalAttrs) pname version src; + sourceRoot = "${finalAttrs.src.name}/${finalAttrs.pnpmRoot}"; + hash = "sha256-gFhWDYk3DcwUowZ9AQjCqHZL1oniK3YCNiG1cDGabYg="; + }; + + nativeBuildInputs = [ + nodejs + pnpm_10.configHook + ]; + + buildPhase = '' + runHook preBuild + cd $pnpmRoot + pnpm build + mkdir -p assets/identifier/static + cp -v src/images/favicon.svg assets/identifier/static/favicon.svg + cp -v src/images/icon-lilac.svg assets/identifier/static/icon-lilac.svg + runHook postBuild + ''; + + installPhase = '' + runHook preInstall + mkdir $out + cp -r assets $out + runHook postInstall + ''; + + meta = { + description = "OpenCloud - IDP Web UI"; + homepage = "https://github.com/opencloud-eu/opencloud"; + changelog = "https://github.com/opencloud-eu/opencloud/blob/v${finalAttrs.src.rev}/CHANGELOG.md"; + license = lib.licenses.asl20; + maintainers = with lib.maintainers; [ + christoph-heiss + k900 + ]; + platforms = lib.platforms.all; + }; +}) diff --git a/pkgs/by-name/op/opencloud/package.nix b/pkgs/by-name/op/opencloud/package.nix index 3362c1459bf1..a3736dacbf12 100644 --- a/pkgs/by-name/op/opencloud/package.nix +++ b/pkgs/by-name/op/opencloud/package.nix @@ -96,6 +96,7 @@ buildGoModule rec { passthru = { web = callPackage ./web.nix { }; + idp-web = callPackage ./idp-web.nix { }; tests = { inherit (nixosTests) opencloud; }; updateScript = nix-update-script { }; }; From b504cc1362f60da06bcf6637b691fe7ff8db60b1 Mon Sep 17 00:00:00 2001 From: K900 Date: Tue, 20 May 2025 12:53:44 +0300 Subject: [PATCH 4/4] nixos/opencloud: init module Co-authored-by: Christoph Heiss --- nixos/doc/manual/redirects.json | 6 + .../manual/release-notes/rl-2505.section.md | 2 + nixos/modules/module-list.nix | 1 + nixos/modules/services/web-apps/opencloud.md | 64 +++++ nixos/modules/services/web-apps/opencloud.nix | 242 ++++++++++++++++++ nixos/tests/all-tests.nix | 1 + nixos/tests/opencloud.nix | 110 ++++++++ 7 files changed, 426 insertions(+) create mode 100644 nixos/modules/services/web-apps/opencloud.md create mode 100644 nixos/modules/services/web-apps/opencloud.nix create mode 100644 nixos/tests/opencloud.nix diff --git a/nixos/doc/manual/redirects.json b/nixos/doc/manual/redirects.json index d8a07c11a916..6f5bbe8b01b5 100644 --- a/nixos/doc/manual/redirects.json +++ b/nixos/doc/manual/redirects.json @@ -50,6 +50,12 @@ "module-services-crab-hole-upstream-options": [ "index.html#module-services-crab-hole-upstream-options" ], + "module-services-opencloud": [ + "index.html#module-services-opencloud" + ], + "module-services-opencloud-basic-usage": [ + "index.html#module-services-opencloud-basic-usage" + ], "module-services-strfry": [ "index.html#module-services-strfry" ], diff --git a/nixos/doc/manual/release-notes/rl-2505.section.md b/nixos/doc/manual/release-notes/rl-2505.section.md index dbc62a4edb36..67327fdd17a7 100644 --- a/nixos/doc/manual/release-notes/rl-2505.section.md +++ b/nixos/doc/manual/release-notes/rl-2505.section.md @@ -200,6 +200,8 @@ Alongside many enhancements to NixOS modules and general system improvements, th - [`g3proxy`](https://github.com/bytedance/g3), an open source enterprise forward proxy from ByteDance, similar to Squid or tinyproxy. Available as [services.g3proxy](#opt-services.g3proxy.enable). +- [OpenCloud](https://opencloud.eu/), an open-source, modern file-sync and sharing platform. It is a fork of oCIS, a ground-up rewrite of the well-known PHP-based NextCloud server. Available as [services.opencloud](#opt-services.opencloud.enable). + - [echoip](https://github.com/mpolden/echoip), a simple service for looking up your IP address. Available as [services.echoip](#opt-services.echoip.enable). - [whoami](https://github.com/traefik/whoami), a tiny Go server that prints OS information and HTTP request to output. Available as [services.whoami](#opt-services.whoami.enable). diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index a0889ddc18b5..ff65ce2125f1 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -1610,6 +1610,7 @@ ./services/web-apps/oncall.nix ./services/web-apps/onlyoffice.nix ./services/web-apps/open-web-calendar.nix + ./services/web-apps/opencloud.nix ./services/web-apps/openvscode-server.nix ./services/web-apps/openwebrx.nix ./services/web-apps/outline.nix diff --git a/nixos/modules/services/web-apps/opencloud.md b/nixos/modules/services/web-apps/opencloud.md new file mode 100644 index 000000000000..5226e7922955 --- /dev/null +++ b/nixos/modules/services/web-apps/opencloud.md @@ -0,0 +1,64 @@ +# OpenCloud {#module-services-opencloud} + +[OpenCloud](https://opencloud.eu/en) is an open-source, modern file-sync and +sharing platform. It is a fork of oCIS, a ground-up rewrite of the well-known +PHP-based NextCloud server. + +The service can be configured using a combination of [](#opt-services.opencloud.settings), +[](#opt-services.opencloud.environment) and [](#opt-services.opencloud.environmentFile). + +## Basic usage {#module-services-opencloud-basic-usage} + +OpenCloud is configured using a combination of YAML and environment +variables. The full documentation can be found at +[OpenCloud Admin Docs](https://docs.opencloud.eu/docs/admin/intro). + +The general flow of configuring OpenCloud is: +- configure services with `services.opencloud.settings.` when possible +- configure global settings that affect multiple services via `services.opencloud.environment` +- allow NixOS to provision a default `opencloud.yaml` for you, containing default credentials + for communication between the microservices +- provide additional secrets via `environmentFile`, provisioned out of band + +Please note that current NixOS module for OpenCloud is configured to run in +`fullstack` mode, which starts all the services for OpenCloud in a single +instance, in so called supervised mode. This will start multiple OpenCloud +services and listen on multiple other ports. + +Current known services and their ports are as below: + +| Service | Group | Port | +|--------------------|---------|-------| +| gateway | api | 9142 | +| sharing | api | 9150 | +| app-registry | api | 9242 | +| ocdav | web | 45023 | +| auth-machine | api | 9166 | +| storage-system | api | 9215 | +| webdav | web | 9115 | +| webfinger | web | 46871 | +| storage-system | web | 9216 | +| web | web | 9100 | +| eventhistory | api | 33177 | +| ocs | web | 9110 | +| storage-publiclink | api | 9178 | +| settings | web | 9190 | +| ocm | api | 9282 | +| settings | api | 9191 | +| ocm | web | 9280 | +| app-provider | api | 9164 | +| storage-users | api | 9157 | +| auth-service | api | 9199 | +| thumbnails | web | 9186 | +| thumbnails | api | 9185 | +| storage-shares | api | 9154 | +| sse | sse | 46833 | +| userlog | userlog | 45363 | +| search | api | 9220 | +| proxy | web | 9200 | +| idp | web | 9130 | +| frontend | web | 9140 | +| groups | api | 9160 | +| graph | graph | 9120 | +| users | api | 9144 | +| auth-basic | api | 9146 | diff --git a/nixos/modules/services/web-apps/opencloud.nix b/nixos/modules/services/web-apps/opencloud.nix new file mode 100644 index 000000000000..0eded3cc96f9 --- /dev/null +++ b/nixos/modules/services/web-apps/opencloud.nix @@ -0,0 +1,242 @@ +{ + config, + lib, + pkgs, + ... +}: + +let + inherit (lib) types; + cfg = config.services.opencloud; + + defaultUser = "opencloud"; + defaultGroup = defaultUser; + + settingsFormat = pkgs.formats.yaml { }; +in +{ + options = { + services.opencloud = { + enable = lib.mkEnableOption "OpenCloud"; + + package = lib.mkPackageOption pkgs "opencloud" { }; + webPackage = lib.mkPackageOption pkgs [ "opencloud" "web" ] { }; + idpWebPackage = lib.mkPackageOption pkgs [ "opencloud" "idp-web" ] { }; + + user = lib.mkOption { + type = types.str; + default = defaultUser; + example = "mycloud"; + description = '' + The user to run OpenCloud as. + By default, a user named `${defaultUser}` will be created whose home + directory is [](#opt-services.opencloud.stateDir). + ''; + }; + + group = lib.mkOption { + type = types.str; + default = defaultGroup; + example = "mycloud"; + description = '' + The group to run OpenCloud under. + By default, a group named `${defaultGroup}` will be created. + ''; + }; + + address = lib.mkOption { + type = types.str; + default = "127.0.0.1"; + description = "Web server bind address."; + }; + + port = lib.mkOption { + type = types.port; + default = 9200; + description = "Web server port."; + }; + + url = lib.mkOption { + type = types.str; + default = "https://localhost:9200"; + example = "https://cloud.example.com"; + description = "Web interface root public URL, including scheme and port (if non-default)."; + }; + + stateDir = lib.mkOption { + default = "/var/lib/opencloud"; + type = types.str; + description = "OpenCloud data directory."; + }; + + settings = lib.mkOption { + type = lib.types.attrsOf settingsFormat.type; + default = { }; + description = '' + Additional YAML configuration for OpenCloud services. + + Every item in this attrset will be mapped to a .yaml file in /etc/opencloud. + + The possible config options are currently not well documented, see source code: + https://github.com/opencloud-eu/opencloud/blob/main/pkg/config/config.go + ''; + }; + + environmentFile = lib.mkOption { + type = types.nullOr types.path; + default = null; + example = "/run/keys/opencloud.env"; + description = '' + An environment file as defined in {manpage}`systemd.exec(5)`. + + Use this to inject secrets, e.g. database or auth credentials out of band. + + Configuration provided here will override `settings` and `environment`. + ''; + }; + + environment = lib.mkOption { + type = types.attrsOf types.str; + default = { + OC_INSECURE = "true"; + }; + description = '' + Extra environment variables to set for the service. + + Use this to set configuration that may affect multiple microservices. + + Configuration provided here will override `settings`. + ''; + example = { + OC_INSECURE = "false"; + OC_LOG_LEVEL = "error"; + }; + }; + }; + }; + + config = lib.mkIf cfg.enable { + users.users.${defaultUser} = lib.mkIf (cfg.user == defaultUser) { + group = cfg.group; + home = cfg.stateDir; + isSystemUser = true; + createHome = true; + description = "OpenCloud daemon user"; + }; + + users.groups = lib.mkIf (cfg.group == defaultGroup) { ${defaultGroup} = { }; }; + + systemd = { + services = + let + environment = { + PROXY_HTTP_ADDR = "${cfg.address}:${toString cfg.port}"; + OC_URL = cfg.url; + OC_BASE_DATA_PATH = cfg.stateDir; + WEB_ASSET_CORE_PATH = "${cfg.webPackage}"; + IDP_ASSET_PATH = "${cfg.idpWebPackage}/assets"; + OC_CONFIG_DIR = "/etc/opencloud"; + } // cfg.environment; + commonServiceConfig = { + EnvironmentFile = lib.optional (cfg.environmentFile != null) cfg.environmentFile; + MemoryDenyWriteExecute = true; + NoNewPrivileges = true; + PrivateTmp = true; + PrivateDevices = true; + ProtectSystem = "strict"; + ProtectHome = true; + ProtectControlGroups = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectKernelLogs = true; + RestrictAddressFamilies = [ + "AF_UNIX" + "AF_INET" + "AF_INET6" + ]; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + LockPersonality = true; + SystemCallArchitectures = "native"; + }; + in + { + opencloud-init-config = lib.mkIf (cfg.settings.opencloud or { } == { }) { + description = "Provision initial OpenCloud config"; + before = [ "opencloud.service" ]; + wantedBy = [ "multi-user.target" ]; + + inherit environment; + + serviceConfig = { + Type = "oneshot"; + ReadWritePaths = [ "/etc/opencloud" ]; + } // commonServiceConfig; + + path = [ cfg.package ]; + script = '' + set -x + config="''${OC_CONFIG_DIR}/opencloud.yaml" + if [ ! -e "$config" ]; then + echo "Provisioning initial OpenCloud config..." + opencloud init --insecure "''${OC_INSECURE:false}" --config-path "''${OC_CONFIG_DIR}" + chown ${cfg.user}:${cfg.group} "$config" + fi + ''; + }; + + opencloud = { + description = "OpenCloud - a secure and private way to store, access, and share your files"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + inherit environment; + + serviceConfig = { + Type = "simple"; + ExecStart = "${lib.getExe cfg.package} server"; + WorkingDirectory = cfg.stateDir; + User = cfg.user; + Group = cfg.group; + Restart = "always"; + ReadWritePaths = [ cfg.stateDir ]; + } // commonServiceConfig; + + restartTriggers = lib.mapAttrsToList ( + name: _: config.environment.etc."opencloud/${name}.yaml".source + ) cfg.settings; + }; + }; + }; + + systemd.tmpfiles.settings."10-opencloud" = { + ${cfg.stateDir}.d = { + inherit (cfg) user group; + mode = "0750"; + }; + "${cfg.stateDir}/idm".d = { + inherit (cfg) user group; + mode = "0750"; + }; + }; + + environment.etc = + (lib.mapAttrs' (name: value: { + name = "opencloud/${name}.yaml"; + value.source = settingsFormat.generate "${name}.yaml" value; + }) cfg.settings) + // { + # ensure /etc/opencloud gets created, so we can provision the config + "opencloud/.keep".text = ""; + }; + }; + + meta = { + doc = ./opencloud.md; + maintainers = with lib.maintainers; [ + christoph-heiss + k900 + ]; + }; +} diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 03a736fdd7dc..5501ffb8b92b 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -975,6 +975,7 @@ in ombi = handleTest ./ombi.nix { }; openarena = handleTest ./openarena.nix { }; openbao = runTest ./openbao.nix; + opencloud = runTest ./opencloud.nix; openldap = handleTest ./openldap.nix { }; opensearch = discoverTests (import ./opensearch.nix); openresty-lua = handleTest ./openresty-lua.nix { }; diff --git a/nixos/tests/opencloud.nix b/nixos/tests/opencloud.nix new file mode 100644 index 000000000000..1fdac34b6ccd --- /dev/null +++ b/nixos/tests/opencloud.nix @@ -0,0 +1,110 @@ +{ lib, pkgs, ... }: + +let + certs = import ./common/acme/server/snakeoil-certs.nix; + inherit (certs) domain; + + # this is a demo user created by IDM_CREATE_DEMO_USERS=true + demoUser = "alan"; + demoPassword = "demo"; + + adminUser = "admin"; + adminPassword = "hunter2"; + testRunner = + pkgs.writers.writePython3Bin "test-runner" + { + libraries = [ pkgs.python3Packages.selenium ]; + flakeIgnore = [ "E501" ]; + } + '' + import sys + from selenium.webdriver.common.by import By + from selenium.webdriver import Firefox + from selenium.webdriver.firefox.options import Options + from selenium.webdriver.support.ui import WebDriverWait + from selenium.webdriver.support import expected_conditions as EC + + options = Options() + options.add_argument('--headless') + driver = Firefox(options=options) + + host = sys.argv[1] + user = sys.argv[2] + password = sys.argv[3] + + driver.get(f"https://{host}/") + wait = WebDriverWait(driver, 60) + wait.until(EC.title_contains("Sign in")) + wait.until(EC.url_contains(f"https://{host}/signin/v1/identifier")) + wait.until(EC.visibility_of_element_located((By.ID, 'oc-login-username'))) + driver.find_element(By.ID, 'oc-login-username').send_keys(user) + driver.find_element(By.ID, 'oc-login-password').send_keys(password) + wait.until(EC.visibility_of_element_located((By.XPATH, '//button[@type="submit"]'))) + driver.find_element(By.XPATH, '//button[@type="submit"]').click() + wait.until(EC.visibility_of_element_located((By.ID, 'new-file-menu-btn'))) + wait.until(EC.title_contains("Personal")) + ''; +in + +{ + name = "opencloud"; + + meta.maintainers = with lib.maintainers; [ + christoph-heiss + k900 + ]; + + nodes.machine = { + virtualisation.memorySize = 2048; + environment.systemPackages = [ + pkgs.firefox-unwrapped + pkgs.geckodriver + testRunner + ]; + + networking.hosts."127.0.0.1" = [ domain ]; + security.pki.certificateFiles = [ certs.ca.cert ]; + + services.opencloud = { + enable = true; + url = "https://${domain}:9200"; + environment = { + ADMIN_PASSWORD = adminPassword; + IDM_CREATE_DEMO_USERS = "true"; + IDM_LDAPS_CERT = "${certs.${domain}.cert}"; + IDM_LDAPS_KEY = "${certs.${domain}.key}"; + OC_INSECURE = "false"; + OC_LDAP_URI = "ldaps://${domain}:9235"; + OC_LDAP_CACERT = "${certs.${domain}.cert}"; + OC_HTTP_TLS_ENABLED = "true"; + OC_HTTP_TLS_CERTIFICATE = "${certs.${domain}.cert}"; + OC_HTTP_TLS_KEY = "${certs.${domain}.key}"; + PROXY_TLS = "true"; + PROXY_TRANSPORT_TLS_CERT = "${certs.${domain}.cert}"; + PROXY_TRANSPORT_TLS_KEY = "${certs.${domain}.key}"; + PROXY_INSECURE_BACKENDS = "true"; + }; + }; + }; + + testScript = '' + start_all() + machine.wait_for_unit("opencloud.service") + machine.wait_for_open_port(9200) + + # wait for OpenCloud to fully come up + machine.sleep(10) + + with subtest("opencloud bin works"): + machine.succeed("${lib.getExe pkgs.opencloud} version") + + with subtest("web interface presents start page"): + machine.succeed("curl -sSf https://${domain}:9200 | grep 'OpenCloud'") + + with subtest("use the web interface to log in with the provisioned admin user"): + machine.succeed("PYTHONUNBUFFERED=1 systemd-cat -t test-runner test-runner ${domain}:9200 ${adminUser} ${adminPassword}") + + with subtest("use the web interface to log in with a demo user"): + machine.succeed("PYTHONUNBUFFERED=1 systemd-cat -t test-runner test-runner ${domain}:9200 ${demoUser} ${demoPassword}") + ''; +}