improve systemd docs and simplify config file arithmetics

.make/release.mk

@@ -11,6 +11,7 @@ release-dirs:
 
 # docker specific packaging flags
 DOCKER_LDFLAGS += -X "$(OCIS_REPO)/ocis-pkg/config/defaults.BaseDataPathType=path" -X "$(OCIS_REPO)/ocis-pkg/config/defaults.BaseDataPathValue=/var/lib/ocis"
+DOCKER_LDFLAGS += -X "$(OCIS_REPO)/ocis-pkg/config/defaults.BaseConfigPathType=path" -X "$(OCIS_REPO)/ocis-pkg/config/defaults.BaseConfigPathValue=/etc/ocis"
 
 release-linux-docker-amd64: release-dirs
 	GOOS=linux \

docs/ocis/config.md

@@ -39,15 +39,16 @@ Let's explore the various flows with examples and workflows.
 
 Let's explore with examples this approach.
 
-#### Expected loading locations:
+#### Expected loading locations
 
-- `$HOME/.ocis/config/`
-- `/etc/ocis/`
-- `.config/`
+- docker images: `/etc/ocis/`
+- binary releases: `$HOME/.ocis/config/`
 
 followed by the extension name. When configuring the proxy, a valid full path that will get loaded is `$HOME/.ocis/config/proxy.yaml`.
 
-####  Only config files
+You can always set another directory as config path in the environment variable `OCIS_CONFIG_DIR`.
+
+#### Only config files
 
 The following config files are present in the default loading locations:
 

docs/ocis/deployment/systemd.md

@@ -10,17 +10,18 @@ geekdocFilePath: systemd.md
 {{< toc >}}
 
 ## Install the oCIS binary
+
 Download the oCIS binary of your preferred version and for your CPU architecture and operating system from [download.owncloud.com](https://download.owncloud.com/ocis/ocis).
 
 Rename the downloaded binary to `ocis` and move it to `/usr/bin/`. As a next step, you need to mark it as executable with `chmod +x /usr/bin/ocis`.
 
 When you now run `ocis help` on your command line, you should see the available options for the oCIS command.
 
-
 ## Systemd service definition
 
 Create the Systemd service definition for oCIS in the file `/etc/systemd/system/ocis.service` with following content:
-```
+
+```systemd
 [Unit]
 Description=OCIS server
 
@@ -36,19 +37,23 @@ Restart=always
 WantedBy=multi-user.target
 ```
 
-For reasons of simplicity we are using the root user and group to run oCIS which is not recommended. Please use a non-root user in production environments and modify the oCIS service definition accordingly.
-
+{{< hint danger >}}
+For reasons of simplicity we are using the root user and group to run oCIS, which is not recommended. Please use only privileged users in production environments and modify the oCIS service definition accordingly.
+{{< /hint >}}
 
 In the service definition we referenced `/etc/ocis/ocis.env` as our file containing environment variables for the oCIS process.
 In order to create the file we need first to create the folder `/etc/ocis/` and than we can add the actual `/etc/ocis/ocis.env` with following content:
 
-```
-OCIS_URL=https://some-hostname-or-ip:9200
+```bash
+OCIS_URL=https://some-host-or-ip:9200
 PROXY_HTTP_ADDR=0.0.0.0:9200
 OCIS_INSECURE=false
 
 OCIS_LOG_LEVEL=error
 
+OCIS_BASE_DATA_PATH=/var/lib/ocis
+OCIS_CONFIG_DIR=/etc/ocis
+
 GLAUTH_LDAPS_CERT=/etc/ocis/ldap/ldaps.crt
 GLAUTH_LDAPS_KEY=/etc/ocis/ldap/ldaps.key
 IDP_TRANSPORT_TLS_CERT=/etc/ocis/idp/server.crt
@@ -59,6 +64,9 @@ PROXY_TRANSPORT_TLS_KEY=/etc/ocis/proxy/server.key
 
 Please change your `OCIS_URL` in order to reflect your actual deployment. If you are using self signed certificates you need to set `OCIS_INSECURE=true` in `/etc/ocis/ocis.env`.
 
+In the `ocis.env` file we configured oCIS to store all data in `/var/lib/ocis`, so you need to create that folder and make it writeable for the ocis user (see user / group  in the systemd file).
+
+If you add oCIS config files in `/etc/ocis`, you need to ensure that the directory and config file is readable by the oCIS process's user / group.
 
 ## Starting the oCIS service
 

ocis-pkg/config/defaults/paths.go

@@ -10,16 +10,16 @@ const ()
 
 var (
 	// switch between modes
-	BaseDataPathType = "homedir"
-	// don't read from this, only write
+	BaseDataPathType = "homedir" // or "path"
+	// default data path
 	BaseDataPathValue = "/var/lib/ocis"
 )
 
 func BaseDataPath() string {
 
 	// It is not nice to have hidden / secrete configuration options
-	// But how can we update the base path for every occurence with a flageset option?
-	// This is currenlty not possible and needs a new configuration concept
+	// But how can we update the base path for every occurrence with a flagset option?
+	// This is currently not possible and needs a new configuration concept
 	p := os.Getenv("OCIS_BASE_DATA_PATH")
 	if p != "" {
 		return p
@@ -32,11 +32,44 @@ func BaseDataPath() string {
 			// fallback to BaseDatapathValue for users without home
 			return BaseDataPathValue
 		}
-		return path.Join(dir, ".ocis")
+		return path.Join(dir, ".ocis", "config")
 	case "path":
 		return BaseDataPathValue
 	default:
 		log.Fatalf("BaseDataPathType %s not found", BaseDataPathType)
 		return ""
 	}
 }
+
+var (
+	// switch between modes
+	BaseConfigPathType = "homedir" // or "path"
+	// default config path
+	BaseConfigPathValue = "/etc/ocis"
+)
+
+func BaseConfigPath() string {
+
+	// It is not nice to have hidden / secrete configuration options
+	// But how can we update the base path for every occurrence with a flagset option?
+	// This is currently not possible and needs a new configuration concept
+	p := os.Getenv("OCIS_CONFIG_DIR")
+	if p != "" {
+		return p
+	}
+
+	switch BaseConfigPathType {
+	case "homedir":
+		dir, err := os.UserHomeDir()
+		if err != nil {
+			// fallback to BaseConfigPathValue for users without home
+			return BaseConfigPathValue
+		}
+		return path.Join(dir, ".ocis")
+	case "path":
+		return BaseConfigPathValue
+	default:
+		log.Fatalf("BaseConfigPathType %s not found", BaseConfigPathType)
+		return ""
+	}
+}

ocis-pkg/config/helpers.go

@@ -8,37 +8,31 @@ import (
 
 	gofig "github.com/gookit/config/v2"
 	gooyaml "github.com/gookit/config/v2/yaml"
+	"github.com/owncloud/ocis/ocis-pkg/config/defaults"
 )
 
 var (
-	defaultLocations = []string{
-		filepath.Join(os.Getenv("HOME"), "/.ocis/config/"),
-		"/etc/ocis/",
-		".config/",
-	}
-
 	// supportedExtensions is determined by gookit/config.
+	// we only support the official yaml file ending (http://yaml.org/faq.html) to
+	// mitigate the loading order problem.
+	// It would raise this question: does yaml win over yml or vice versa!?
 	supportedExtensions = []string{
 		"yaml",
-		"yml",
 	}
+	// decoderConfigTagname sets the tag name to be used from the config structs
+	// currently we only support "yaml" because we only support config loading
+	// from yaml files and the yaml parser has no simple way to set a custom tag name to use
+	decoderConfigTagName = "yaml"
 )
 
-// DefaultConfigSources returns a slice with matched expected config files. It sugars coat several aspects of config file
-// management by assuming there are 3 default locations a config file could be.
+// configSources returns a slice with matched expected config files.
 // It uses globbing to match a config file by name, and retrieve any supported extension supported by our drivers.
 // It sanitizes the output depending on the list of drivers provided.
-func DefaultConfigSources(filename string, drivers []string) []string {
+func configSources(filename string, drivers []string) []string {
 	var sources []string
 
-	locations := []string{}
-	if v := os.Getenv("OCIS_CONFIG_DIR"); v != "" {
-	    locations = append(locations, v)
-		// only use the configured config dir
-		locations = append(locations, os.Getenv("OCIS_CONFIG_DIR"))
-	} else {
-		// merge config from all default locations
-		locations = append(locations, defaultLocations...)
+	locations := []string{
+		defaults.BaseConfigPath(),
 	}
 
 	for i := range locations {
@@ -75,10 +69,10 @@ func sanitizeExtensions(set []string, ext []string, f func(a, b string) bool) []
 // BindSourcesToStructs assigns any config value from a config file / env variable to struct `dst`. Its only purpose
 // is to solely modify `dst`, not dealing with the config structs; and do so in a thread safe manner.
 func BindSourcesToStructs(extension string, dst interface{}) (*gofig.Config, error) {
-	sources := DefaultConfigSources(extension, supportedExtensions)
+	sources := configSources(extension, supportedExtensions)
 	cnf := gofig.NewWithOptions(extension)
 	cnf.WithOptions(func(options *gofig.Options) {
-		options.DecoderConfig.TagName = "yaml"
+		options.DecoderConfig.TagName = decoderConfigTagName
 	})
 	cnf.AddDriver(gooyaml.Driver)
 	_ = cnf.LoadFiles(sources...)

ocis/docker/Dockerfile.linux.amd64

@@ -26,9 +26,12 @@ RUN addgroup -g 1000 -S ocis-group && \
 
 RUN mkdir -p /var/lib/ocis && \
  chown -R ocis-user:ocis-group /var/lib/ocis && \
- chmod -R 777 /var/lib/ocis
+ chmod -R 777 /var/lib/ocis && \
+ mkdir -p /etc/ocis && \
+ chown -R ocis-user:ocis-group /etc/ocis && \
+ chmod -R 777 /etc/ocis
 
-VOLUME [ "/var/lib/ocis" ]
+VOLUME [ "/var/lib/ocis", "/etc/ocis" ]
 WORKDIR /var/lib/ocis
 
 USER 1000

ocis/docker/Dockerfile.linux.arm

@@ -26,9 +26,12 @@ RUN addgroup -g 1000 -S ocis-group && \
 
 RUN mkdir -p /var/lib/ocis && \
  chown -R ocis-user:ocis-group /var/lib/ocis && \
- chmod -R 777 /var/lib/ocis
+ chmod -R 777 /var/lib/ocis && \
+ mkdir -p /etc/ocis && \
+ chown -R ocis-user:ocis-group /etc/ocis && \
+ chmod -R 777 /etc/ocis
 
-VOLUME [ "/var/lib/ocis" ]
+VOLUME [ "/var/lib/ocis", "/etc/ocis" ]
 WORKDIR /var/lib/ocis
 
 USER 1000

ocis/docker/Dockerfile.linux.arm64

@@ -26,9 +26,12 @@ RUN addgroup -g 1000 -S ocis-group && \
 
 RUN mkdir -p /var/lib/ocis && \
  chown -R ocis-user:ocis-group /var/lib/ocis && \
- chmod -R 777 /var/lib/ocis
+ chmod -R 777 /var/lib/ocis && \
+ mkdir -p /etc/ocis && \
+ chown -R ocis-user:ocis-group /etc/ocis && \
+ chmod -R 777 /etc/ocis
 
-VOLUME [ "/var/lib/ocis" ]
+VOLUME [ "/var/lib/ocis", "/etc/ocis" ]
 WORKDIR /var/lib/ocis
 
 USER 1000