add bundle:nextcloud to carlene

bundles/nextcloud/metadata.py

@@ -0,0 +1,87 @@
+defaults = {
+    'backups': {
+        'paths': {
+            '/var/www/nextcloud',
+        },
+    },
+    'php': {
+        'clear_env': False,
+        'memory_limit': 512,
+        'packages': {
+            'bcmath',
+            'bz2',
+            'curl',
+            'gd',
+            'gmp',
+            'imagick',
+            'intl',
+            'mbstring',
+            'opcache',
+            'pgsql',
+            'redis',
+            'xml',
+            'yaml',
+            'zip',
+        },
+    },
+    'postgresql': {
+        'roles': {
+            'nextcloud': {
+                'password': repo.vault.password_for(f'{node.name} postgresql nextcloud'),
+            },
+        },
+        'databases': {
+            'nextcloud': {
+                'owner': 'nextcloud',
+            },
+        },
+    },
+    'systemd-timers': {
+        'timers': {
+            'nextcloud-cron': {
+                'command': '/usr/bin/php -f /var/www/nextcloud/cron.php',
+                'pwd': '/var/www/nextcloud',
+                'user': 'www-data',
+                'when': '*:00/5',
+            },
+        },
+    },
+    'zfs': {
+        'datasets': {
+            'tank/nextcloud': {
+                'mountpoint': '/var/www/nextcloud',
+                'needed_by': {
+                    'directory:/var/www/nextcloud',
+                },
+            },
+        },
+    },
+}
+
+
+@metadata_reactor.provides(
+    'nginx/vhosts/nextcloud',
+)
+def nginx(metadata):
+    if not node.has_bundle('nginx'):
+        raise DoNotRunAgain
+
+    return {
+        'nginx': {
+            'vhosts': {
+                'nextcloud': {
+                    'domain': metadata.get('nextcloud/domain'),
+                    'php': True,
+                    'extras': True,
+                    'index': [
+                        'index.php',
+                        'index.html',
+                        '/index.php$request_uri',
+                    ],
+                    'webroot_config': {
+                        'owner': 'www-data',
+                    },
+                },
+            },
+        },
+    }

data/nextcloud/nginx.conf

@@ -0,0 +1,31 @@
+    location ^~ /.well-known {
+        location = /.well-known/carddav { return 301 /remote.php/dav/; }
+        location = /.well-known/caldav  { return 301 /remote.php/dav/; }
+
+        return 301 /index.php$request_uri;
+    }
+
+
+    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)  { return 404; }
+    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)                { return 404; }
+
+    location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map)$ {
+        try_files $uri /index.php$request_uri;
+
+        location ~ \.wasm$ {
+            default_type application/wasm;
+        }
+    }
+
+    location ~ \.woff2?$ {
+        try_files $uri /index.php$request_uri;
+        expires 7d;
+    }
+
+    location /remote {
+        return 301 /remote.php$request_uri;
+    }
+
+    location / {
+        try_files $uri $uri/ /index.php$request_uri;
+    }

data/nginx/files/extras/carlene/nextcloud

@@ -0,0 +1 @@
+../../../../nextcloud/nginx.conf

libs/defaults.py

@@ -13,9 +13,10 @@ nameservers = [*nameservers_ipv4, *nameservers_ipv6]
 redis_databases = {
     'matrix-media-repo': 7,
     'netbox': (4, 5),
-    'rspamd': 6,
+    'nextcloud': 7,
     'paperless-ng': None, # probably 0, but undocumented
     'pretalx': (1, 2, 3),
+    'rspamd': 6,
 }
 
 security_email = f'mailto:{hostmaster_email}'

nodes/carlene.toml

@@ -15,6 +15,7 @@ bundles = [
     "mautrix-whatsapp",
     "miniflux",
     "netbox",
+    "nextcloud",
     "nodejs",
     "ntfy",
     "php",
@@ -123,6 +124,9 @@ domain = "netbox.franzi.business"
 version = "v3.6.0"
 admins.kunsi = "hostmaster@kunbox.net"
 
+[metadata.nextcloud]
+domain = "warnochwas.de"
+
 [metadata.nginx.'security.txt']
 contact = "mailto:security@kunsmann.eu"
 Encryption = "https://franzi.business/gpg_hi-kunsmann.eu.asc"