feat: add basic nextcloud role

nextcloud with optional collabora base setup
2025-12-19 14:17:08 +01:00 · 2025-12-19 14:17:08 +01:00 · 6ab3505dc8
commit 6ab3505dc8
parent 19986e1205
11 changed files with 404 additions and 0 deletions
--- a/roles/nextcloud/templates/docker-compose.yml.j2
+++ b/roles/nextcloud/templates/docker-compose.yml.j2
@ -0,0 +1,137 @@
+services:
+  db:
+    image: {{ nextcloud_postgres_image }}
+    restart: always
+    environment:
+      POSTGRES_DB: {{ nextcloud_postgres_db }}
+      POSTGRES_USER: {{ nextcloud_postgres_user }}
+      POSTGRES_PASSWORD: {{ nextcloud_postgres_password }}
+    volumes:
+      - {{ nextcloud_docker_volume_dir }}/postgresql/:/var/lib/postgresql/
+      - ./init-db.sql:/docker-entrypoint-initdb.d/init-db.sql:ro
+    networks:
+      - {{ nextcloud_backend_network }}
+
+  redis:
+    image: {{ nextcloud_redis_image }}
+    restart: always
+    command: ["redis-server", "--appendonly", "yes"]
+    volumes:
+      - {{ nextcloud_docker_volume_dir }}/redis/data:/data
+    networks:
+      - {{ nextcloud_backend_network }}
+
+  nginx:
+    image: nginx:alpine
+    restart: always
+    depends_on:
+      - nextcloud
+    volumes:
+      - {{ nextcloud_docker_volume_dir }}/nextcloud/:/var/www/html:ro
+      - ./nginx.conf:/etc/nginx/conf.d/default.conf:ro
+    networks:
+      - {{ nextcloud_backend_network }}
+      - {{ nextcloud_traefik_network }}
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network={{ nextcloud_traefik_network }}
+      - traefik.http.routers.{{ nextcloud_service_name }}.rule=Host(`{{ nextcloud_domain }}`)
+{% if nextcloud_use_ssl %}
+      - traefik.http.routers.{{ nextcloud_service_name }}.entrypoints=websecure
+      - traefik.http.routers.{{ nextcloud_service_name }}.tls=true
+{% else %}
+      - traefik.http.routers.{{ nextcloud_service_name }}.entrypoints=web
+{% endif %}
+
+  nextcloud-cron:
+    image: {{ nextcloud_image }}
+    restart: always
+    depends_on:
+      - nextcloud
+    entrypoint: /cron.sh
+    environment:
+      POSTGRES_HOST: db
+      POSTGRES_DB: {{ nextcloud_postgres_db }}
+      POSTGRES_USER: {{ nextcloud_postgres_user }}
+      POSTGRES_PASSWORD: {{ nextcloud_postgres_password }}
+      NEXTCLOUD_ADMIN_USER: {{ nextcloud_admin_user }}
+      NEXTCLOUD_ADMIN_PASSWORD: {{ nextcloud_admin_password }}
+      REDIS_HOST: redis
+      PHP_MEMORY_LIMIT: {{ nextcloud_memory_limit_mb }}M
+      PHP_UPLOAD_LIMIT: {{  nextcloud_upload_limit_mb }}M
+      OVERWRITEPROTOCOL: https
+      OVERWRITEHOST: {{ nextcloud_domain }}
+      TRUSTED_PROXIES: "172.18.0.0/16 172.16.9.88/16 172.16.17.0/24 172.16.9.88"
+    volumes:
+      - {{ nextcloud_docker_volume_dir }}/nextcloud/:/var/www/html
+    networks:
+      - {{ nextcloud_backend_network }}
+
+  nextcloud:
+    image: {{ nextcloud_image }}
+    scale: {{ nextcloud_scale_factor }}
+    restart: always
+    depends_on:
+      - db
+      - redis
+    environment:
+      POSTGRES_HOST: db
+      POSTGRES_DB: {{ nextcloud_postgres_db }}
+      POSTGRES_USER: {{ nextcloud_postgres_user }}
+      POSTGRES_PASSWORD: {{ nextcloud_postgres_password }}
+      NEXTCLOUD_ADMIN_USER: {{ nextcloud_admin_user }}          
+      NEXTCLOUD_ADMIN_PASSWORD: {{ nextcloud_admin_password }}  
+      REDIS_HOST: redis
+      PHP_MEMORY_LIMIT: {{ nextcloud_memory_limit_mb }}M
+      PHP_UPLOAD_LIMIT: {{  nextcloud_upload_limit_mb }}M
+      OVERWRITEPROTOCOL: https
+      OVERWRITEHOST: {{ nextcloud_domain }}
+      TRUSTED_PROXIES: "172.18.0.0/16 172.16.9.88/16 172.16.17.0/24 172.16.9.88"
+{% if nextcloud_use_s3_storage %}
+      OBJECTSTORE_S3_KEY: {{ nextcloud_s3_key }}
+      OBJECTSTORE_S3_SECRET: {{ nextcloud_s3_secret }}
+      OBJECTSTORE_S3_REGION: {{ nextcloud_s3_region }}
+      OBJECTSTORE_S3_BUCKET: {{ nextcloud_s3_bucket }}
+      OBJECTSTORE_S3_HOST: {{ nextcloud_s3_host }}
+      OBJECTSTORE_S3_PORT: {{ nextcloud_s3_port }}
+      OBJECTSTORE_S3_SSL: {{ nextcloud_s3_ssl }}
+      OBJECTSTORE_S3_USEPATH_STYLE: {{ nextcloud_s3_usepath_style }}
+      OBJECTSTORE_S3_AUTOCREATE: {{ nextcloud_s3_autocreate }}
+{% endif %}
+    volumes:
+      - {{ nextcloud_docker_volume_dir }}/nextcloud/:/var/www/html
+    networks:
+      - {{ nextcloud_backend_network }}
+
+{% if nextcloud_enable_collabora %}
+  collabora:
+    image: {{ nextcloud_collabora_image }}
+    restart: always
+    environment:
+      domain: ^{{ nextcloud_domain | replace('.', '\\.') }}$
+      extra_params: >-
+        --o:ssl.enable=false
+        --o:ssl.termination=true
+        --o:net.frame_ancestors=https://{{ nextcloud_domain }}
+    cap_add:
+      - MKNOD
+    networks:
+      - {{ nextcloud_traefik_network }}
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network={{ nextcloud_traefik_network }}
+      - traefik.http.routers.{{ nextcloud_collabora_service_name }}.rule=Host(`{{ nextcloud_collabora_domain }}`)
+      - traefik.http.services.{{ nextcloud_collabora_service_name }}.loadbalancer.server.port=9980
+{% if nextcloud_use_ssl %}
+      - traefik.http.routers.{{ nextcloud_collabora_service_name }}.entrypoints=websecure
+      - traefik.http.routers.{{ nextcloud_collabora_service_name }}.tls=true
+{% else %}
+      - traefik.http.routers.{{ nextcloud_collabora_service_name }}.entrypoints=web
+{% endif %}
+
+{% endif %}
+
+networks:
+  {{ nextcloud_backend_network }}:
+  {{ nextcloud_traefik_network }}:
+    external: true