diff --git a/bundles/nextcloud/metadata.py b/bundles/nextcloud/metadata.py new file mode 100644 index 0000000..488d354 --- /dev/null +++ b/bundles/nextcloud/metadata.py @@ -0,0 +1,87 @@ +defaults = { + 'backups': { + 'paths': { + '/var/www/nextcloud', + }, + }, + 'php': { + 'clear_env': False, + 'memory_limit': 512, + 'packages': { + 'bcmath', + 'bz2', + 'curl', + 'gd', + 'gmp', + 'imagick', + 'intl', + 'mbstring', + 'opcache', + 'pgsql', + 'redis', + 'xml', + 'yaml', + 'zip', + }, + }, + 'postgresql': { + 'roles': { + 'nextcloud': { + 'password': repo.vault.password_for(f'{node.name} postgresql nextcloud'), + }, + }, + 'databases': { + 'nextcloud': { + 'owner': 'nextcloud', + }, + }, + }, + 'systemd-timers': { + 'timers': { + 'nextcloud-cron': { + 'command': '/usr/bin/php -f /var/www/nextcloud/cron.php', + 'pwd': '/var/www/nextcloud', + 'user': 'www-data', + 'when': '*:00/5', + }, + }, + }, + 'zfs': { + 'datasets': { + 'tank/nextcloud': { + 'mountpoint': '/var/www/nextcloud', + 'needed_by': { + 'directory:/var/www/nextcloud', + }, + }, + }, + }, +} + + +@metadata_reactor.provides( + 'nginx/vhosts/nextcloud', +) +def nginx(metadata): + if not node.has_bundle('nginx'): + raise DoNotRunAgain + + return { + 'nginx': { + 'vhosts': { + 'nextcloud': { + 'domain': metadata.get('nextcloud/domain'), + 'php': True, + 'extras': True, + 'index': [ + 'index.php', + 'index.html', + '/index.php$request_uri', + ], + 'webroot_config': { + 'owner': 'www-data', + }, + }, + }, + }, + } diff --git a/data/nextcloud/nginx.conf b/data/nextcloud/nginx.conf new file mode 100644 index 0000000..d58819c --- /dev/null +++ b/data/nextcloud/nginx.conf @@ -0,0 +1,31 @@ + location ^~ /.well-known { + location = /.well-known/carddav { return 301 /remote.php/dav/; } + location = /.well-known/caldav { return 301 /remote.php/dav/; } + + return 301 /index.php$request_uri; + } + + + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; } + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } + + location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map)$ { + try_files $uri /index.php$request_uri; + + location ~ \.wasm$ { + default_type application/wasm; + } + } + + location ~ \.woff2?$ { + try_files $uri /index.php$request_uri; + expires 7d; + } + + location /remote { + return 301 /remote.php$request_uri; + } + + location / { + try_files $uri $uri/ /index.php$request_uri; + } diff --git a/data/nginx/files/extras/carlene/nextcloud b/data/nginx/files/extras/carlene/nextcloud new file mode 120000 index 0000000..eaabf9e --- /dev/null +++ b/data/nginx/files/extras/carlene/nextcloud @@ -0,0 +1 @@ +../../../../nextcloud/nginx.conf \ No newline at end of file diff --git a/libs/defaults.py b/libs/defaults.py index e746722..25a9895 100644 --- a/libs/defaults.py +++ b/libs/defaults.py @@ -13,9 +13,10 @@ nameservers = [*nameservers_ipv4, *nameservers_ipv6] redis_databases = { 'matrix-media-repo': 7, 'netbox': (4, 5), - 'rspamd': 6, + 'nextcloud': 7, 'paperless-ng': None, # probably 0, but undocumented 'pretalx': (1, 2, 3), + 'rspamd': 6, } security_email = f'mailto:{hostmaster_email}' diff --git a/nodes/carlene.toml b/nodes/carlene.toml index 8835238..70d24f8 100644 --- a/nodes/carlene.toml +++ b/nodes/carlene.toml @@ -15,6 +15,7 @@ bundles = [ "mautrix-whatsapp", "miniflux", "netbox", + "nextcloud", "nodejs", "ntfy", "php", @@ -123,6 +124,9 @@ domain = "netbox.franzi.business" version = "v3.6.0" admins.kunsi = "hostmaster@kunbox.net" +[metadata.nextcloud] +domain = "warnochwas.de" + [metadata.nginx.'security.txt'] contact = "mailto:security@kunsmann.eu" Encryption = "https://franzi.business/gpg_hi-kunsmann.eu.asc"