il/ilnmors-homelab
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6e7de6bbd52fc3edcd795f335f58f57af3af08fb
ilnmors-homelab/docs/services/app/nextcloud.md
T
il 6e7de6bbd5 feat(nextcloud): release nextcloud 
deployment note:
- use nextcloud for groupware
- consider replacing vikunja and opencloud
2026-05-02 16:42:30 +09:00

2.6 KiB
Raw Blame History

Nextcloud

Prerequisite

Create database

  • Create the password with openssl rand -base64 32
    • Save this value in secrets.yaml in postgresql.password.nextcloud
    • Access infra server to create nextcloud_db with podman exec -it postgresql psql -U postgres
CREATE USER nextcloud WITH PASSWORD 'postgresql.password.nextcloud';
CREATE DATABASE nextcloud_db;
ALTER DATABASE nextcloud_db OWNER TO nextcloud;

Create oidc secret and hash

  • Create the secret with openssl rand -base64 32
  • access to auth vm
    • podman exec -it authelia sh
    • authelia crypto hash generate pbkdf2 --password 'nextcloud.oidc.secret'
  • Save this value in secrets.yaml in nextcloud.oidc.secret and nextcloud.oidc.hash

Create admin password

  • Create the secret with openssl rand -base64 32
  • Save this value in secrets.yaml in nextcloud.admin-local.password

Add postgresql dump backup list

- name: Set connected services list
  ansible.builtin.set_fact:
    connected_services:
      - ...
      - "nextcloud"

Configuration

Access

Disable and enable apps

  • Profile: Apps: Your apps: Disable

    • Photo
    • dashboard

  • Profile: Apps: Search

    • OpenID Connect user backend
    • Calendar
    • Contacts
    • Deck
    • Tasks
    • Mail
    • Nextcloud Office

OIDC configuration

podman exec -u www-data nextcloud php occ user_oidc:provider Authelia --clientid="nextcloud" --clientsecret="nextcloud.oidc.secret" --discoveryuri="https://authelia.ilnmors.com/.well-known/openid-configuration"

podman exec -u www-data nextcloud sh -c "cat > /var/www/html/config/user_oidc.config.php << 'EOF'
<?php
\$CONFIG = [
  'user_oidc' => [
    'default_token_endpoint_auth_method' => 'client_secret_post',
    'auto_provision' => true,
    'soft_auto_provision' => true,
    'disable_account_creation' => false,
  ],
];
EOF"

podman exec -u www-data nextcloud php occ config:system:get user_oidc

podman exec -u www-data nextcloud sh -c "cat > /var/www/html/config/local_remote.config.php <<'EOF'
<?php
\$CONFIG = [
  'allow_local_remote_servers' => true,
];
EOF"
podman exec -u www-data nextcloud php occ config:system:get allow_local_remote_servers

Account configuration

  • Profile: Accounts:
    • allocate admin group for admin users
    • manage groups and quota in Nextcloud UI
    • OIDC users may have UUID-like account names
    • use Display name for human-readable user management
    • keep admin-local as a break-glass local administrator account
Reference in New Issue View Git Blame Copy Permalink