blob: 81c269c23788c7a8de5edc1f251239fb88e30cdf (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
import ../make-test.nix ({ pkgs, ...}: let
adminpass = "hunter2";
adminuser = "custom-admin-username";
in {
name = "nextcloud-with-postgresql-and-redis";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ eqyiel ];
};
nodes = {
# The only thing the client needs to do is download a file.
client = { ... }: {};
nextcloud = { config, pkgs, ... }: {
networking.firewall.allowedTCPPorts = [ 80 ];
services.nextcloud = {
enable = true;
hostName = "nextcloud";
nginx.enable = true;
caching = {
apcu = false;
redis = true;
memcached = false;
};
config = {
dbtype = "pgsql";
dbname = "nextcloud";
dbuser = "nextcloud";
dbhost = "/run/postgresql";
inherit adminuser;
adminpassFile = toString (pkgs.writeText "admin-pass-file" ''
${adminpass}
'');
};
};
services.redis = {
unixSocket = "/var/run/redis/redis.sock";
enable = true;
extraConfig = ''
unixsocketperm 770
'';
};
systemd.services.redis = {
preStart = ''
mkdir -p /var/run/redis
chown ${config.services.redis.user}:${config.services.nginx.group} /var/run/redis
'';
serviceConfig.PermissionsStartOnly = true;
};
systemd.services.nextcloud-setup= {
requires = ["postgresql.service"];
after = [
"postgresql.service"
"chown-redis-socket.service"
];
};
# At the time of writing, redis creates its socket with the "nobody"
# group. I figure this is slightly less bad than making the socket world
# readable.
systemd.services.chown-redis-socket = {
enable = true;
script = ''
until ${pkgs.redis}/bin/redis-cli ping; do
echo "waiting for redis..."
sleep 1
done
chown ${config.services.redis.user}:${config.services.nginx.group} /var/run/redis/redis.sock
'';
after = [ "redis.service" ];
requires = [ "redis.service" ];
wantedBy = [ "redis.service" ];
serviceConfig = {
Type = "oneshot";
};
};
services.postgresql = {
enable = true;
ensureDatabases = [ "nextcloud" ];
ensureUsers = [
{ name = "nextcloud";
ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
}
];
};
};
};
testScript = let
configureRedis = pkgs.writeScript "configure-redis" ''
#!${pkgs.stdenv.shell}
nextcloud-occ config:system:set redis 'host' --value '/var/run/redis/redis.sock' --type string
nextcloud-occ config:system:set redis 'port' --value 0 --type integer
nextcloud-occ config:system:set memcache.local --value '\OC\Memcache\Redis' --type string
nextcloud-occ config:system:set memcache.locking --value '\OC\Memcache\Redis' --type string
'';
withRcloneEnv = pkgs.writeScript "with-rclone-env" ''
#!${pkgs.stdenv.shell}
export RCLONE_CONFIG_NEXTCLOUD_TYPE=webdav
export RCLONE_CONFIG_NEXTCLOUD_URL="http://nextcloud/remote.php/webdav/"
export RCLONE_CONFIG_NEXTCLOUD_VENDOR="nextcloud"
export RCLONE_CONFIG_NEXTCLOUD_USER="${adminuser}"
export RCLONE_CONFIG_NEXTCLOUD_PASS="$(${pkgs.rclone}/bin/rclone obscure ${adminpass})"
"''${@}"
'';
copySharedFile = pkgs.writeScript "copy-shared-file" ''
#!${pkgs.stdenv.shell}
echo 'hi' | ${pkgs.rclone}/bin/rclone rcat nextcloud:test-shared-file
'';
diffSharedFile = pkgs.writeScript "diff-shared-file" ''
#!${pkgs.stdenv.shell}
diff <(echo 'hi') <(${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file)
'';
in ''
startAll();
$nextcloud->waitForUnit("multi-user.target");
$nextcloud->succeed("${configureRedis}");
$nextcloud->succeed("curl -sSf http://nextcloud/login");
$nextcloud->succeed("${withRcloneEnv} ${copySharedFile}");
$client->waitForUnit("multi-user.target");
$client->succeed("${withRcloneEnv} ${diffSharedFile}");
'';
})
|