nextcloud-docker

nextcloud-docker/.dockerignore

@@ -0,0 +1,5 @@
+html
+postgres
+redis
+buil
+.gitignore

nextcloud-docker/.drone.yml

@@ -0,0 +1,20 @@
+kind: pipeline
+name: default
+type: docker
+steps:
+  - name: publish
+    image: plugins/docker
+    settings:
+      username: 
+        from_secret: docker_username
+      password:
+        from_secret: docker_password
+      repo: git.draconis.me/draconis/nextcloud-docker
+      registry: git.draconis.me
+      tags: latest
+
+trigger:
+  branch:
+    - main
+  event:
+    - push

nextcloud-docker/Dockerfile

@@ -0,0 +1,74 @@
+FROM nextcloud:26.0.0
+
+RUN set -ex; \
+    \
+    apt-get update; \
+    apt-get install -y --no-install-recommends \
+        ffmpeg \
+        libmagickcore-6.q16-6-extra \
+		imagemagick\
+		exiftool\
+		nano \
+		git \
+        procps \
+        smbclient \
+        supervisor \
+#       libreoffice \
+    ; \
+    rm -rf /var/lib/apt/lists/*
+RUN set -ex; \
+	\
+	git clone https://github.com/SoftCreatR/imei;\
+	cd imei;\
+	./imei.sh;\
+	cp /etc/ImageMagick-6/policy.xml /etc/ImageMagick-6/policy.xml.bak;\
+	sed -i "s/rights\=\"none\" pattern\=\"PS\"/rights\=\"read\|write\" pattern\=\"PS\"/" /etc/ImageMagick-6/policy.xml;\
+	sed -i "s/rights\=\"none\" pattern\=\"EPI\"/rights\=\"read\|write\" pattern\=\"EPI\"/" /etc/ImageMagick-6/policy.xml;\
+	sed -i "s/rights\=\"none\" pattern\=\"PDF\"/rights\=\"read\|write\" pattern\=\"PDF\"/" /etc/ImageMagick-6/policy.xml;\
+	sed -i "s/rights\=\"none\" pattern\=\"XPS\"/rights\=\"read\|write\" pattern\=\"XPS\"/" /etc/ImageMagick-6/policy.xml;\
+	rm -rf /var/lib/apt/lists/*
+	
+RUN set -ex; \
+    \
+    savedAptMark="$(apt-mark showmanual)"; \
+    \
+    apt-get update; \
+    apt-get install -y --no-install-recommends \
+        libbz2-dev \
+        libc-client-dev \
+        libkrb5-dev \
+        libsmbclient-dev \
+    ; \
+    \
+    docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \
+    docker-php-ext-install \
+        bz2 \
+        imap \
+    ; \
+    pecl install smbclient; \
+    docker-php-ext-enable smbclient; \
+    \
+# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
+    apt-mark auto '.*' > /dev/null; \
+    apt-mark manual $savedAptMark; \
+    ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
+        | awk '/=>/ { print $3 }' \
+        | sort -u \
+        | xargs -r dpkg-query -S \
+        | cut -d: -f1 \
+        | sort -u \
+        | xargs -rt apt-mark manual; \
+    \
+    apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
+    rm -rf /var/lib/apt/lists/*
+
+RUN mkdir -p \
+    /var/log/supervisord \
+    /var/run/supervisord \
+;
+
+COPY supervisord.conf /
+
+ENV NEXTCLOUD_UPDATE=1
+
+CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]

nextcloud-docker/README.md

@@ -0,0 +1,4 @@
+# Dossier ressource
+Cecie est un dossier ressource pour l'article [Déployer Nextcloud avec Docker-compose et Traefik]()
+
+

nextcloud-docker/docker-compose.yml

@@ -0,0 +1,112 @@
+version: "3.8"
+
+networks:
+  traefik:
+    external: true
+  lan:
+    internal: true
+    
+services:   
+  nextcloud:
+    image: git.draconis.me/draconis/nextcloud-docker
+      #build: build/nextcloud
+    container_name: nextcloud
+    restart: unless-stopped
+    environment:
+      - POSTGRES_HOST=nextcloud-postgres
+      - POSTGRES_DB_FILE=/run/secrets/postgres_db
+      - POSTGRES_USER_FILE=/run/secrets/postgres_user
+      - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
+      - REDIS_HOST=redis
+      - APC_SHM_SIZE=128M
+      - GID=33
+      - UID=33
+      - OPCACHE_MEM_SIZE=128
+      - TZ=Europe/Paris
+      - UPLOAD_MAX_SIZE=10G
+      - TRUSTED_PROXIES=172.18.0.0/16
+    secrets:
+      - postgres_db
+      - postgres_password
+      - postgres_user 
+    depends_on:
+      - nextcloud-postgres
+      - redis
+    volumes:
+      - ./html:/var/www/html/
+      - /mnt/nas/photos:/nas/photos
+    networks:
+      - traefik
+      - lan
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=traefik
+      - traefik.http.routers.nextcloud.middlewares=nextcloud-dav,hsts-headers@file,compression@file
+      - traefik.http.routers.nextcloud.rule=Host(`nuage.draconis.me`)
+      - traefik.http.routers.nextcloud.entrypoints=https
+      - traefik.http.routers.nextcloud.tls=true
+      - traefik.http.routers.nextcloud.tls.certresolver=le
+      - traefik.http.services.nextcloud.loadbalancer.server.port=80
+      - traefik.http.middlewares.nextcloud-dav.replacepathregex.regex=^/.well-known/(card|cal)dav
+      - traefik.http.middlewares.nextcloud-dav.replacepathregex.replacement=/remote.php/dav/
+
+
+# PostgresSQL
+  nextcloud-postgres:
+    image: postgres:14-alpine
+    container_name: nextcloud-postgres
+    restart: unless-stopped
+    environment:
+      - POSTGRES_DB_FILE=/run/secrets/postgres_db
+      - POSTGRES_USER_FILE=/run/secrets/postgres_user
+      - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
+    secrets:
+      - postgres_db
+      - postgres_password
+      - postgres_user
+    networks:
+      - lan
+    volumes:
+      - ./postgres:/var/lib/postgresql/data
+  # Redis    
+  redis:
+    image: redis:alpine
+    container_name: redis
+    restart: unless-stopped
+    init: true
+    networks:
+      - lan
+    sysctls:
+      - net.core.somaxconn=4096
+      # - vm.overcommit_memory=1
+    volumes:
+      - ./redis:/data
+  # Backup
+  nextcloud-backup:
+    image: git.draconis.me/draconis/borgbackup-docker
+    container_name: nextcloud-backup
+    hostname: nextcloud-backup
+    restart: unless-stopped
+    environment:
+      - BORG_PASSPHRASE=
+      - FOLDERS_TO_BACKUP_PATH=/volumetobackup
+      - BACKUP_PATH=/var/lib/borg-backups/nextcloud
+      - POSTGRES_HOST=
+      - POSTGRES_PASSWORD=
+      - POSTGRES_USER=
+      - BORGHOST=
+      - PORT=
+    networks:
+      - lan
+      - traefik
+    volumes:
+        - ./backup/nextcloud/html:/volumetobackup
+        - /root/.ssh:/root/.ssh:ro
+
+secrets:
+  postgres_db:
+    file: ./secrets/postgres_db.txt 
+  postgres_password:
+    file: ./secrets/postgres_password.txt 
+  postgres_user:
+    file: ./secrets/postgres_user.txt 

nextcloud-docker/secrets/postgres_db.txt

@@ -0,0 +1 @@
+nom_postgres-db

nextcloud-docker/secrets/postgres_password.txt

@@ -0,0 +1 @@
+mot de passe de la BDD

nextcloud-docker/secrets/postgres_user.txt

@@ -0,0 +1 @@
+utilisateur de la BDD

nextcloud-docker/supervisord.conf

@@ -0,0 +1,22 @@
+[supervisord]
+nodaemon=true
+logfile=/var/log/supervisord/supervisord.log
+pidfile=/var/run/supervisord/supervisord.pid
+childlogdir=/var/log/supervisord/
+logfile_maxbytes=50MB                           ; maximum size of logfile before rotation
+logfile_backups=10                              ; number of backed up logfiles
+loglevel=error
+
+[program:apache2]
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+command=apache2-foreground
+
+[program:cron]
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+command=/cron.sh