il/ilnmors-homelab
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(nextcloud): release nextcloud

Browse Source 
deployment note:
- use nextcloud for groupware
- consider replacing vikunja and opencloud
This commit is contained in:
Il Lee
2026-05-02 16:42:30 +09:00
parent d1dcb1984a
commit 6e7de6bbd5
12 changed files with 345 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/services/app/nextcloud.md
+99
View File
@@ -0,0 +1,99 @@
# Nextcloud
## Prerequisite
### Create database
- Create the password with `openssl rand -base64 32`
- Save this value in secrets.yaml in `postgresql.password.nextcloud`
- Access infra server to create nextcloud_db with `podman exec -it postgresql psql -U postgres`
```SQL
CREATE USER nextcloud WITH PASSWORD 'postgresql.password.nextcloud';
CREATE DATABASE nextcloud_db;
ALTER DATABASE nextcloud_db OWNER TO nextcloud;
```
### Create oidc secret and hash
- Create the secret with `openssl rand -base64 32`
- access to auth vm
- `podman exec -it authelia sh`
- `authelia crypto hash generate pbkdf2 --password 'nextcloud.oidc.secret'`
- Save this value in secrets.yaml in `nextcloud.oidc.secret` and `nextcloud.oidc.hash`
### Create admin password
- Create the secret with `openssl rand -base64 32`
- Save this value in secrets.yaml in `nextcloud.admin-local.password`
### Add postgresql dump backup list
- [set_postgresql.yaml](../../../ansible/roles/infra/tasks/services/set_postgresql.yaml)
```yaml
- name: Set connected services list
ansible.builtin.set_fact:
connected_services:
- ...
- "nextcloud"
```
## Configuration
### Access
- https://nextcloud.ilnmors.com
- login with admin-local
### Disable and enable apps
- Profile: Apps: Your apps: Disable
- Photo
- dashboard
- Profile: Apps: Search
- OpenID Connect user backend
- Calendar
- Contacts
- Deck
- Tasks
- Mail
- Nextcloud Office
### OIDC configuration
```bash
podman exec -u www-data nextcloud php occ user_oidc:provider Authelia --clientid="nextcloud" --clientsecret="nextcloud.oidc.secret" --discoveryuri="https://authelia.ilnmors.com/.well-known/openid-configuration"
podman exec -u www-data nextcloud sh -c "cat > /var/www/html/config/user_oidc.config.php << 'EOF'
<?php
\$CONFIG = [
'user_oidc' => [
'default_token_endpoint_auth_method' => 'client_secret_post',
'auto_provision' => true,
'soft_auto_provision' => true,
'disable_account_creation' => false,
],
];
EOF"
podman exec -u www-data nextcloud php occ config:system:get user_oidc
podman exec -u www-data nextcloud sh -c "cat > /var/www/html/config/local_remote.config.php <<'EOF'
<?php
\$CONFIG = [
'allow_local_remote_servers' => true,
];
EOF"
podman exec -u www-data nextcloud php occ config:system:get allow_local_remote_servers
```
### Account configuration
- Profile: Accounts:
- allocate admin group for admin users
- manage groups and quota in Nextcloud UI
- OIDC users may have UUID-like account names
- use Display name for human-readable user management
- keep `admin-local` as a break-glass local administrator account