Delmar/docker_dev
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updates

Browse Source
This commit is contained in:
Julieñ
2025-11-17 18:51:08 +01:00
parent 14d6f9aa73
commit 7fb0d2212a
318 changed files with 35761 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

512
nextcloud-aio/manual-install/latest.yml Normal file
View File

@@ -0,0 +1,512 @@
services:
nextcloud-aio-apache:
depends_on:
nextcloud-aio-onlyoffice:
condition: service_started
required: false
nextcloud-aio-collabora:
condition: service_started
required: false
nextcloud-aio-talk:
condition: service_started
required: false
nextcloud-aio-notify-push:
condition: service_started
required: false
nextcloud-aio-whiteboard:
condition: service_started
required: false
nextcloud-aio-nextcloud:
condition: service_started
required: false
image: ghcr.io/nextcloud-releases/aio-apache:latest
user: "33"
init: true
healthcheck:
start_period: 0s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 3
ports:
- ${APACHE_IP_BINDING}:${APACHE_PORT}:${APACHE_PORT}/tcp
- ${APACHE_IP_BINDING}:${APACHE_PORT}:${APACHE_PORT}/udp
environment:
- NC_DOMAIN
- NEXTCLOUD_HOST=nextcloud-aio-nextcloud
- APACHE_HOST=nextcloud-aio-apache
- COLLABORA_HOST=nextcloud-aio-collabora
- TALK_HOST=nextcloud-aio-talk
- APACHE_PORT
- ONLYOFFICE_HOST=nextcloud-aio-onlyoffice
- TZ=${TIMEZONE}
- APACHE_MAX_SIZE
- APACHE_MAX_TIME=${NEXTCLOUD_MAX_TIME}
- NOTIFY_PUSH_HOST=nextcloud-aio-notify-push
- WHITEBOARD_HOST=nextcloud-aio-whiteboard
volumes:
- nextcloud_aio_nextcloud:/var/www/html:ro
- nextcloud_aio_apache:/mnt/data:rw
restart: unless-stopped
read_only: true
tmpfs:
- /var/log/supervisord
- /var/run/supervisord
- /usr/local/apache2/logs
- /tmp
- /home/www-data
cap_drop:
- NET_RAW
nextcloud-aio-database:
image: ghcr.io/nextcloud-releases/aio-postgresql:latest
user: "999"
init: true
healthcheck:
start_period: 0s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 3
expose:
- "5432"
volumes:
- nextcloud_aio_database:/var/lib/postgresql/data:rw
- nextcloud_aio_database_dump:/mnt/data:rw
environment:
- POSTGRES_PASSWORD=${DATABASE_PASSWORD}
- POSTGRES_DB=nextcloud_database
- POSTGRES_USER=nextcloud
- TZ=${TIMEZONE}
- PGTZ=${TIMEZONE}
stop_grace_period: 1800s
restart: unless-stopped
shm_size: 268435456
read_only: true
tmpfs:
- /var/run/postgresql
cap_drop:
- NET_RAW
nextcloud-aio-nextcloud:
depends_on:
nextcloud-aio-database:
condition: service_started
required: false
nextcloud-aio-redis:
condition: service_started
required: false
nextcloud-aio-clamav:
condition: service_started
required: false
nextcloud-aio-fulltextsearch:
condition: service_started
required: false
nextcloud-aio-talk-recording:
condition: service_started
required: false
nextcloud-aio-imaginary:
condition: service_started
required: false
image: ghcr.io/nextcloud-releases/aio-nextcloud:latest
init: true
healthcheck:
start_period: 0s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 3
expose:
- "9000"
- "9001"
volumes:
- nextcloud_aio_nextcloud:/var/www/html:rw
- ${NEXTCLOUD_DATADIR}:/mnt/ncdata:rw
- ${NEXTCLOUD_MOUNT}:${NEXTCLOUD_MOUNT}:rw
- ${NEXTCLOUD_TRUSTED_CACERTS_DIR}:/usr/local/share/ca-certificates:ro
environment:
- NEXTCLOUD_HOST=nextcloud-aio-nextcloud
- POSTGRES_HOST=nextcloud-aio-database
- POSTGRES_PORT=5432
- POSTGRES_PASSWORD=${DATABASE_PASSWORD}
- POSTGRES_DB=nextcloud_database
- POSTGRES_USER=nextcloud
- REDIS_HOST=nextcloud-aio-redis
- REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
- APACHE_HOST=nextcloud-aio-apache
- APACHE_PORT
- NC_DOMAIN
- ADMIN_USER=admin
- ADMIN_PASSWORD=${NEXTCLOUD_PASSWORD}
- NEXTCLOUD_DATA_DIR=/mnt/ncdata
- OVERWRITEHOST=${NC_DOMAIN}
- OVERWRITEPROTOCOL=https
- TURN_SECRET
- SIGNALING_SECRET
- ONLYOFFICE_SECRET
- NEXTCLOUD_MOUNT
- CLAMAV_ENABLED
- CLAMAV_HOST=nextcloud-aio-clamav
- ONLYOFFICE_ENABLED
- COLLABORA_ENABLED
- COLLABORA_HOST=nextcloud-aio-collabora
- TALK_ENABLED
- ONLYOFFICE_HOST=nextcloud-aio-onlyoffice
- UPDATE_NEXTCLOUD_APPS
- TZ=${TIMEZONE}
- TALK_PORT
- IMAGINARY_ENABLED
- IMAGINARY_HOST=nextcloud-aio-imaginary
- CLAMAV_MAX_SIZE=${APACHE_MAX_SIZE}
- PHP_UPLOAD_LIMIT=${NEXTCLOUD_UPLOAD_LIMIT}
- PHP_MEMORY_LIMIT=${NEXTCLOUD_MEMORY_LIMIT}
- FULLTEXTSEARCH_ENABLED
- FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch
- FULLTEXTSEARCH_PORT=9200
- FULLTEXTSEARCH_USER=elastic
- FULLTEXTSEARCH_INDEX=nextcloud-aio
- PHP_MAX_TIME=${NEXTCLOUD_MAX_TIME}
- TRUSTED_CACERTS_DIR=${NEXTCLOUD_TRUSTED_CACERTS_DIR}
- STARTUP_APPS=${NEXTCLOUD_STARTUP_APPS}
- ADDITIONAL_APKS=${NEXTCLOUD_ADDITIONAL_APKS}
- ADDITIONAL_PHP_EXTENSIONS=${NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS}
- INSTALL_LATEST_MAJOR
- TALK_RECORDING_ENABLED
- RECORDING_SECRET
- TALK_RECORDING_HOST=nextcloud-aio-talk-recording
- FULLTEXTSEARCH_PASSWORD
- REMOVE_DISABLED_APPS
- IMAGINARY_SECRET
- WHITEBOARD_SECRET
- WHITEBOARD_ENABLED
stop_grace_period: 600s
restart: unless-stopped
cap_drop:
- NET_RAW
nextcloud-aio-notify-push:
image: ghcr.io/nextcloud-releases/aio-notify-push:latest
user: "33"
init: true
healthcheck:
start_period: 0s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 3
expose:
- "7867"
volumes:
- nextcloud_aio_nextcloud:/nextcloud:ro
environment:
- NC_DOMAIN
- NEXTCLOUD_HOST=nextcloud-aio-nextcloud
- TZ=${TIMEZONE}
- REDIS_HOST=nextcloud-aio-redis
- REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
- POSTGRES_HOST=nextcloud-aio-database
- POSTGRES_PORT=5432
- POSTGRES_PASSWORD=${DATABASE_PASSWORD}
- POSTGRES_DB=nextcloud_database
- POSTGRES_USER=nextcloud
restart: unless-stopped
read_only: true
cap_drop:
- NET_RAW
nextcloud-aio-redis:
image: ghcr.io/nextcloud-releases/aio-redis:latest
user: "999"
init: true
healthcheck:
start_period: 0s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 3
expose:
- "6379"
environment:
- REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
- TZ=${TIMEZONE}
volumes:
- nextcloud_aio_redis:/data:rw
restart: unless-stopped
read_only: true
cap_drop:
- NET_RAW
nextcloud-aio-collabora:
command: ${ADDITIONAL_COLLABORA_OPTIONS}
image: ghcr.io/nextcloud-releases/aio-collabora:latest
init: true
healthcheck:
start_period: 60s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 9
expose:
- "9980"
environment:
- aliasgroup1=https://${NC_DOMAIN}:443,http://nextcloud-aio-apache:23973
- extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
- dictionaries=${COLLABORA_DICTIONARIES}
- TZ=${TIMEZONE}
- server_name=${NC_DOMAIN}
- DONT_GEN_SSL_CERT=1
restart: unless-stopped
profiles:
- collabora
cap_add:
- MKNOD
- SYS_ADMIN
- SYS_CHROOT
- FOWNER
- CHOWN
cap_drop:
- NET_RAW
nextcloud-aio-talk:
image: ghcr.io/nextcloud-releases/aio-talk:latest
user: "1000"
init: true
healthcheck:
start_period: 0s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 3
ports:
- ${TALK_PORT}:${TALK_PORT}/tcp
- ${TALK_PORT}:${TALK_PORT}/udp
expose:
- "8081"
environment:
- NC_DOMAIN
- TALK_HOST=nextcloud-aio-talk
- TURN_SECRET
- SIGNALING_SECRET
- TZ=${TIMEZONE}
- TALK_PORT
- INTERNAL_SECRET=${TALK_INTERNAL_SECRET}
restart: unless-stopped
profiles:
- talk
- talk-recording
read_only: true
tmpfs:
- /var/log/supervisord
- /var/run/supervisord
- /opt/eturnal/run
- /conf
- /tmp
cap_drop:
- NET_RAW
nextcloud-aio-talk-recording:
image: ghcr.io/nextcloud-releases/aio-talk-recording:latest
user: "122"
init: true
healthcheck:
start_period: 0s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 3
expose:
- "1234"
environment:
- NC_DOMAIN
- TZ=${TIMEZONE}
- RECORDING_SECRET
- INTERNAL_SECRET=${TALK_INTERNAL_SECRET}
volumes:
- nextcloud_aio_talk_recording:/tmp:rw
shm_size: 2147483648
restart: unless-stopped
profiles:
- talk-recording
read_only: true
tmpfs:
- /conf
cap_drop:
- NET_RAW
nextcloud-aio-clamav:
image: ghcr.io/nextcloud-releases/aio-clamav:latest
user: "100"
init: false
healthcheck:
start_period: 60s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 9
expose:
- "3310"
environment:
- TZ=${TIMEZONE}
- MAX_SIZE=${NEXTCLOUD_UPLOAD_LIMIT}
volumes:
- nextcloud_aio_clamav:/var/lib/clamav:rw
restart: unless-stopped
profiles:
- clamav
read_only: true
tmpfs:
- /tmp
- /var/log/clamav
- /run/clamav
- /var/log/supervisord
- /var/run/supervisord
cap_drop:
- NET_RAW
nextcloud-aio-onlyoffice:
image: ghcr.io/nextcloud-releases/aio-onlyoffice:latest
init: true
healthcheck:
start_period: 60s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 9
expose:
- "80"
environment:
- TZ=${TIMEZONE}
- JWT_ENABLED=true
- JWT_HEADER=AuthorizationJwt
- JWT_SECRET=${ONLYOFFICE_SECRET}
volumes:
- nextcloud_aio_onlyoffice:/var/lib/onlyoffice:rw
restart: unless-stopped
profiles:
- onlyoffice
cap_drop:
- NET_RAW
nextcloud-aio-imaginary:
image: ghcr.io/nextcloud-releases/aio-imaginary:latest
user: "65534"
init: true
healthcheck:
start_period: 0s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 3
expose:
- "9000"
environment:
- TZ=${TIMEZONE}
- IMAGINARY_SECRET
restart: unless-stopped
cap_add:
- SYS_NICE
cap_drop:
- NET_RAW
profiles:
- imaginary
read_only: true
tmpfs:
- /tmp
nextcloud-aio-fulltextsearch:
image: ghcr.io/nextcloud-releases/aio-fulltextsearch:latest
init: false
healthcheck:
start_period: 60s
test: /healthcheck.sh
interval: 10s
timeout: 5s
start_interval: 5s
retries: 5
expose:
- "9200"
environment:
- TZ=${TIMEZONE}
- ES_JAVA_OPTS=${FULLTEXTSEARCH_JAVA_OPTIONS}
- bootstrap.memory_lock=true
- cluster.name=nextcloud-aio
- discovery.type=single-node
- logger.level=WARN
- http.port=9200
- xpack.license.self_generated.type=basic
- xpack.security.enabled=false
- FULLTEXTSEARCH_PASSWORD
volumes:
- nextcloud_aio_elasticsearch:/usr/share/elasticsearch/data:rw
restart: unless-stopped
profiles:
- fulltextsearch
cap_drop:
- NET_RAW
nextcloud-aio-whiteboard:
image: ghcr.io/nextcloud-releases/aio-whiteboard:latest
user: "65534"
init: true
healthcheck:
start_period: 0s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 3
expose:
- "3002"
tmpfs:
- /tmp
environment:
- TZ=${TIMEZONE}
- NEXTCLOUD_URL=https://${NC_DOMAIN}
- JWT_SECRET_KEY=${WHITEBOARD_SECRET}
- STORAGE_STRATEGY=redis
- REDIS_HOST=nextcloud-aio-redis
- REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
- BACKUP_DIR=/tmp
restart: unless-stopped
profiles:
- whiteboard
read_only: true
cap_drop:
- NET_RAW
volumes:
nextcloud_aio_apache:
name: nextcloud_aio_apache
nextcloud_aio_clamav:
name: nextcloud_aio_clamav
nextcloud_aio_database:
name: nextcloud_aio_database
nextcloud_aio_database_dump:
name: nextcloud_aio_database_dump
nextcloud_aio_elasticsearch:
name: nextcloud_aio_elasticsearch
nextcloud_aio_nextcloud:
name: nextcloud_aio_nextcloud
nextcloud_aio_onlyoffice:
name: nextcloud_aio_onlyoffice
nextcloud_aio_redis:
name: nextcloud_aio_redis
nextcloud_aio_talk_recording:
name: nextcloud_aio_talk_recording
nextcloud_aio_nextcloud_data:
name: nextcloud_aio_nextcloud_data
networks:
default:
driver: bridge

54
nextcloud-aio/manual-install/readme.md Normal file
View File

@@ -0,0 +1,54 @@
# Manual installation
You can run the containers that are build for AIO with docker-compose. This comes with a few downsides, that are discussed below.
### Advantages
- You can run it without a container having access to the docker socket
- You can modify all values on your own
- You can run the containers with docker swarm
- You can run this in environments where access to docker.io is not possible. See [this issue](https://github.com/nextcloud/all-in-one/discussions/5268).
### Disadvantages
- You lose the AIO interface
- You lose update notifications and automatic updates
- You lose all AIO backup and restore features
- You lose the built-in [Docker Socket Proxy container](https://github.com/nextcloud/docker-socket-proxy#readme) (needed for [Nextcloud App API](https://github.com/nextcloud/app_api#nextcloud-appapi))
- You lose all community containers: https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers
- **You need to know what you are doing, especially when modifying the compose.yaml file**
- For updating, you need to strictly follow the at the bottom described update routine
- Probably more
## How to use this?
First, install docker and docker-compose (v2) if not already done. Then simply run the following:
```bash
git clone https://github.com/nextcloud/all-in-one.git
cd all-in-one/manual-install
```
Then copy the sample.conf to default environment file, e.g. `cp sample.conf .env`, open the new conf file, e.g. with `nano .env`, edit all values that are marked with `# TODO!`, close and save the file.<br>
⚠️ **Warning**: Do not use the symbols `@` and `:` in your passwords. These symbols are used to build database connection strings. You will experience issues when using these symbols! Also please note that values inside the latest.yaml that are not exposed as variables are not officially supported to be changed. See for example [this report](https://github.com/nextcloud/all-in-one/issues/5612).
Now copy the provided yaml file to a compose.yaml file by running `cp latest.yml compose.yaml`.
Now you should be ready to go with `sudo docker compose up`.
## Docker profiles
The default profile of `latest.yml` only provide the minimum necessary services: nextcloud, database, redis and apache. To get optional services collabora, talk, whiteboard, talk-recording, clamav, imaginary or fulltextsearch use additional arguments for each of them, for example `--profile collabora`.
For a complete all-in-one with collabora use `sudo docker compose --profile collabora --profile talk --profile talk-recording --profile clamav --profile imaginary --profile fulltextsearch --profile whiteboard up`.
## How to update?
Since the AIO containers may change in the future, it is highly recommended to strictly follow the following procedure whenever you want to upgrade your containers.
1. If your previous copy of `sample.conf` is named `my.conf`, run `mv -vn my.conf .env` in order to rename the file to `.env`.
1. Run `sudo docker compose down` to stop all running containers
1. Back up all important files and folders
1. If your compose file is still named `docker-compose.yml` rename it to `compose.yaml` by running `mv -vn docker-compose.yml compose.yaml`
1. Run `git pull` in order to get the updated yaml files from the repository. Now bring your `compose.yaml` file up-to-date with the updated one from the repository. You can use `diff compose.yaml latest.yml` for comparing. ⚠️ **Please note**: Starting with AIO v5.1.0, ipv6 networking will be enabled by default, so make sure to either enable it first by following steps 1 and 2 of https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md and then proceed with the steps below or disable ipv6 networking by editing the compose.yaml file and removing ipv6 from the network.
1. Also have a look at the `sample.conf` if any variable was added or renamed and add that to your conf file as well. Here may help the diff command as well.
1. After the file update was successful, simply run `sudo docker compose pull` to pull the new images.
1. At the end run `sudo docker compose up` in order to start and update the containers with the new configuration.
## FAQ
### Backup and restore?
If you leave `NEXTCLOUD_DATADIR` in your conf file at the default value of `nextcloud_aio_nextcloud_data` and don't modify the yaml file, all data will be stored inside docker volumes which are on Linux by default located here: `/var/lib/docker/volumes`. Simply backing up this location should be a valid backup solution. Then you can also easily restore in case something bad happens. However if you change `NEXTCLOUD_DATADIR` to a path like `/mnt/ncdata`, you obviously need to back up this location, too because the Nextcloud data will be stored there. The same applies to any change to the yaml file.
Obviously you also need to back up the conf file and the yaml file if you modified it.

42
nextcloud-aio/manual-install/sample.conf Normal file
View File

@@ -0,0 +1,42 @@
DATABASE_PASSWORD= # TODO! This needs to be a unique and good password!
FULLTEXTSEARCH_PASSWORD= # TODO! This needs to be a unique and good password!
IMAGINARY_SECRET= # TODO! This needs to be a unique and good password!
NC_DOMAIN=yourdomain.com # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
NEXTCLOUD_PASSWORD= # TODO! This is the password of the initially created Nextcloud admin with username "admin".
ONLYOFFICE_SECRET= # TODO! This needs to be a unique and good password!
RECORDING_SECRET= # TODO! This needs to be a unique and good password!
REDIS_PASSWORD= # TODO! This needs to be a unique and good password!
SIGNALING_SECRET= # TODO! This needs to be a unique and good password!
TALK_INTERNAL_SECRET= # TODO! This needs to be a unique and good password!
TIMEZONE=Europe/Berlin # TODO! This is the timezone that your containers will use.
TURN_SECRET= # TODO! This needs to be a unique and good password!
WHITEBOARD_SECRET= # TODO! This needs to be a unique and good password!
CLAMAV_ENABLED="no" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
COLLABORA_ENABLED="no" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
FULLTEXTSEARCH_ENABLED="no" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
IMAGINARY_ENABLED="no" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
ONLYOFFICE_ENABLED="no" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
TALK_ENABLED="no" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
TALK_RECORDING_ENABLED="no" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
WHITEBOARD_ENABLED="no" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
APACHE_IP_BINDING=0.0.0.0 # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) and if that is running on the same host and using localhost to connect
APACHE_MAX_SIZE=17179869184 # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
APACHE_PORT=443 # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else).
ADDITIONAL_COLLABORA_OPTIONS=['--o:security.seccomp=true'] # You can add additional collabora options here by using the array syntax.
COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru" # You can change this in order to enable other dictionaries for collabora
FULLTEXTSEARCH_JAVA_OPTIONS="-Xms512M -Xmx512M" # Allows to adjust the fulltextsearch java options.
INSTALL_LATEST_MAJOR=no # Setting this to yes will install the latest Major Nextcloud version upon the first installation
NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.
NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.
NEXTCLOUD_DATADIR=nextcloud_aio_nextcloud_data # You can change this to e.g. "/mnt/ncdata" to map it to a location on your host. It needs to be adjusted before the first startup and never afterwards!
NEXTCLOUD_MAX_TIME=3600 # This allows to change the upload time limit of the Nextcloud container
NEXTCLOUD_MEMORY_LIMIT=512M # This allows to change the PHP memory limit of the Nextcloud container
NEXTCLOUD_MOUNT=/mnt/ # This allows the Nextcloud container to access directories on the host. It must never be equal to the value of NEXTCLOUD_DATADIR!
NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts notes" # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.
NEXTCLOUD_UPLOAD_LIMIT=16G # This allows to change the upload limit of the Nextcloud container
REMOVE_DISABLED_APPS=yes # Setting this to no keep Nextcloud apps that are disabled via their switch and not uninstall them if they should be installed in Nextcloud.
TALK_PORT=3478 # This allows to adjust the port that the talk container is using. It should be set to something higher than 1024! Otherwise it might not work!
UPDATE_NEXTCLOUD_APPS="no" # When setting to "yes" (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.

163
nextcloud-aio/manual-install/update-yaml.sh Normal file
View File

@@ -0,0 +1,163 @@
#!/bin/bash -ex
type {jq,sudo} || { echo "Commands not found. Please install them"; exit 127; }
jq -c . ./php/containers.json > /tmp/containers.json
sed -i 's|aio_services_v1|services|g' /tmp/containers.json
sed -i 's|","destination":"|:|g' /tmp/containers.json
sed -i 's|","writeable":false|:ro"|g' /tmp/containers.json
sed -i 's|","writeable":true|:rw"|g' /tmp/containers.json
sed -i 's|","port_number":"|:|g' /tmp/containers.json
sed -i 's|","protocol":"|/|g' /tmp/containers.json
sed -i 's|"ip_binding":":|"ip_binding":"|g' /tmp/containers.json
cat /tmp/containers.json
OUTPUT="$(cat /tmp/containers.json)"
OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].internal_port)')"
OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].secrets)')"
OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].ui_secrets)')"
OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].devices)')"
OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].enable_nvidia_gpu)')"
OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].backup_volumes)')"
OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].nextcloud_exec_commands)')"
OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].image_tag)')"
OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].networks)')"
OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].documentation)')"
OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-watchtower"))')"
OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-domaincheck"))')"
OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-borgbackup"))')"
OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-docker-socket-proxy"))')"
OUTPUT="$(echo "$OUTPUT" | jq '.services[] |= if has("depends_on") then .depends_on |= if contains(["nextcloud-aio-docker-socket-proxy"]) then del(.[index("nextcloud-aio-docker-socket-proxy")]) else . end else . end')"
OUTPUT="$(echo "$OUTPUT" | jq '.services[] |= if has("depends_on") then .depends_on |= map({ (.): { "condition": "service_started", "required": false } }) else . end' | jq '.services[] |= if has("depends_on") then .depends_on |= reduce .[] as $item ({}; . + $item) else . end')"
sudo snap install yq
mkdir -p ./manual-install
echo "$OUTPUT" | yq -P > ./manual-install/containers.yml
cd manual-install || exit
sed -i "s|'||g" containers.yml
sed -i '/display_name:/d' containers.yml
sed -i '/THIS_IS_AIO/d' containers.yml
sed -i "s|%COLLABORA_SECCOMP_POLICY% ||g" containers.yml
sed -i '/stop_grace_period:/s/$/s/' containers.yml
sed -i '/: \[\]/d' containers.yml
sed -i 's|- source: |- |' containers.yml
sed -i 's|- ip_binding: |- |' containers.yml
sed -i '/AIO_TOKEN/d' containers.yml
sed -i '/AIO_URL/d' containers.yml
sed -i '/DOCKER_SOCKET_PROXY_ENABLED/d' containers.yml
sed -i '/ADDITIONAL_TRUSTED_PROXY/d' containers.yml
TCP="$(grep -oP '[%A-Z0-9_]+/tcp' containers.yml | sort -u)"
mapfile -t TCP <<< "$TCP"
for port in "${TCP[@]}"
do
solve_port="${port%%/tcp}"
sed -i "s|$solve_port/tcp|$solve_port:$solve_port/tcp|" containers.yml
done
UDP="$(grep -oP '[%A-Z0-9_]+/udp' containers.yml | sort -u)"
mapfile -t UDP <<< "$UDP"
for port in "${UDP[@]}"
do
solve_port="${port%%/udp}"
sed -i "s|$solve_port/udp|$solve_port:$solve_port/udp|" containers.yml
done
rm -f sample.conf
VARIABLES="$(grep -oP '%[A-Z_a-z0-6]+%' containers.yml | sort -u)"
mapfile -t VARIABLES <<< "$VARIABLES"
for variable in "${VARIABLES[@]}"
do
# shellcheck disable=SC2001
sole_variable="$(echo "$variable" | sed 's|%||g')"
echo "$sole_variable=" >> sample.conf
sed -i "s|$variable|\${$sole_variable}|g" containers.yml
done
sed -i 's|_ENABLED=|_ENABLED="no" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.|' sample.conf
sed -i 's|CLAMAV_ENABLED=no.*|CLAMAV_ENABLED="no" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.|' sample.conf
sed -i 's|TALK_ENABLED=no|TALK_ENABLED="yes"|' sample.conf
sed -i 's|COLLABORA_ENABLED=no|COLLABORA_ENABLED="yes"|' sample.conf
sed -i 's|COLLABORA_DICTIONARIES=|COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru" # You can change this in order to enable other dictionaries for collabora|' sample.conf
sed -i 's|NEXTCLOUD_DATADIR=|NEXTCLOUD_DATADIR=nextcloud_aio_nextcloud_data # You can change this to e.g. "/mnt/ncdata" to map it to a location on your host. It needs to be adjusted before the first startup and never afterwards!|' sample.conf
sed -i 's|NEXTCLOUD_MOUNT=|NEXTCLOUD_MOUNT=/mnt/ # This allows the Nextcloud container to access directories on the host. It must never be equal to the value of NEXTCLOUD_DATADIR!|' sample.conf
sed -i 's|NEXTCLOUD_UPLOAD_LIMIT=|NEXTCLOUD_UPLOAD_LIMIT=16G # This allows to change the upload limit of the Nextcloud container|' sample.conf
sed -i 's|NEXTCLOUD_MEMORY_LIMIT=|NEXTCLOUD_MEMORY_LIMIT=512M # This allows to change the PHP memory limit of the Nextcloud container|' sample.conf
sed -i 's|APACHE_MAX_SIZE=|APACHE_MAX_SIZE=17179869184 # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT|' sample.conf
sed -i 's|NEXTCLOUD_MAX_TIME=|NEXTCLOUD_MAX_TIME=3600 # This allows to change the upload time limit of the Nextcloud container|' sample.conf
sed -i 's|NEXTCLOUD_TRUSTED_CACERTS_DIR=|NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.|' sample.conf
sed -i 's|UPDATE_NEXTCLOUD_APPS=|UPDATE_NEXTCLOUD_APPS="no" # When setting to "yes" (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.|' sample.conf
sed -i 's|APACHE_PORT=|APACHE_PORT=443 # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else).|' sample.conf
sed -i 's|APACHE_IP_BINDING=|APACHE_IP_BINDING=0.0.0.0 # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) and if that is running on the same host and using localhost to connect|' sample.conf
sed -i 's|TALK_PORT=|TALK_PORT=3478 # This allows to adjust the port that the talk container is using. It should be set to something higher than 1024! Otherwise it might not work!|' sample.conf
sed -i 's|NC_DOMAIN=|NC_DOMAIN=yourdomain.com # TODO! Needs to be changed to the domain that you want to use for Nextcloud.|' sample.conf
sed -i 's|NEXTCLOUD_PASSWORD=|NEXTCLOUD_PASSWORD= # TODO! This is the password of the initially created Nextcloud admin with username "admin".|' sample.conf
sed -i 's|TIMEZONE=|TIMEZONE=Europe/Berlin # TODO! This is the timezone that your containers will use.|' sample.conf
sed -i 's|COLLABORA_SECCOMP_POLICY=|COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true # Changing the value to false allows to disable the seccomp feature of the Collabora container.|' sample.conf
sed -i 's|FULLTEXTSEARCH_JAVA_OPTIONS=|FULLTEXTSEARCH_JAVA_OPTIONS="-Xms512M -Xmx512M" # Allows to adjust the fulltextsearch java options.|' sample.conf
sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts notes" # Allows to modify the Nextcloud apps that are installed on starting AIO the first time|' sample.conf
sed -i 's|NEXTCLOUD_ADDITIONAL_APKS=|NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.|' sample.conf
sed -i 's|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.|' sample.conf
sed -i 's|INSTALL_LATEST_MAJOR=|INSTALL_LATEST_MAJOR=no # Setting this to yes will install the latest Major Nextcloud version upon the first installation|' sample.conf
sed -i 's|REMOVE_DISABLED_APPS=|REMOVE_DISABLED_APPS=yes # Setting this to no keep Nextcloud apps that are disabled via their switch and not uninstall them if they should be installed in Nextcloud.|' sample.conf
sed -i 's|=$|= # TODO! This needs to be a unique and good password!|' sample.conf
grep '# TODO!' sample.conf > todo.conf
grep -v '# TODO!\|_ENABLED' sample.conf > temp.conf
grep '_ENABLED' sample.conf > enabled.conf
cat todo.conf > sample.conf
# shellcheck disable=SC2129
echo '' >> sample.conf
cat enabled.conf >> sample.conf
echo '' >> sample.conf
cat temp.conf >> sample.conf
rm todo.conf temp.conf enabled.conf
cat sample.conf
OUTPUT="$(cat containers.yml)"
NAMES="$(grep -oP "container_name:.*" containers.yml | grep -oP 'nextcloud-aio.*')"
mapfile -t NAMES <<< "$NAMES"
for name in "${NAMES[@]}"
do
OUTPUT="$(echo "$OUTPUT" | sed "/container_name.*$name$/i\ \ $name:")"
if [ "$name" != "nextcloud-aio-apache" ]; then
OUTPUT="$(echo "$OUTPUT" | sed "/^ $name:/i\ ")"
fi
done
echo "$OUTPUT" > containers.yml
sed -i '/container_name/d' containers.yml
sed -i 's|^ $||' containers.yml
# Additional config for collabora
cat << EOL > /tmp/additional-collabora.config
command: \${ADDITIONAL_COLLABORA_OPTIONS}
EOL
sed -i "/^ nextcloud-aio-collabora:/r /tmp/additional-collabora.config" containers.yml
sed -i "/^COLLABORA_DICTIONARIES.*/i ADDITIONAL_COLLABORA_OPTIONS=['--o:security.seccomp=true'] # You can add additional collabora options here by using the array syntax." sample.conf
VOLUMES="$(grep -oP 'nextcloud_aio_[a-z_]+' containers.yml | sort -u)"
mapfile -t VOLUMES <<< "$VOLUMES"
echo "" >> containers.yml
echo "volumes:" >> containers.yml
for volume in "${VOLUMES[@]}" "nextcloud_aio_nextcloud_data"
do
cat << VOLUMES >> containers.yml
$volume:
name: $volume
VOLUMES
done
cat << NETWORK >> containers.yml
networks:
default:
driver: bridge
NETWORK
mv containers.yml latest.yml
sed -i "/image:/s/$/:latest/" latest.yml
sed -i 's/\( *- \(\w*\)\)=\${\2\}/\1/' latest.yml
set +ex