the great migration from truenas to fedora and all its collatoral

2025-04-08 12:40:42 -04:00
parent 9a3382862d
commit 9417e711a9
54 changed files with 1533 additions and 519 deletions
--- a/podman/graduated/nextcloud/nextcloud-aio.md
+++ b/podman/graduated/nextcloud/nextcloud-aio.md
@@ -4,9 +4,10 @@
  - [Install with Rootless Podman](#install-with-rootless-podman)
    - [Create the nextcloud user](#create-the-nextcloud-user)
    - [Install Podman](#install-podman)
-    - [Install Caddy](#install-caddy)
    - [Create the container autostart service](#create-the-container-autostart-service)
    - [Install Nextcloud](#install-nextcloud)
+    - [Install Caddy](#install-caddy)
+    - [Firewall](#firewall)
  - [Backups](#backups)
  - [Maintenace Mode](#maintenace-mode)
  - [Trusted Proxy](#trusted-proxy)
@@ -32,21 +33,84 @@ This has been tested working on Fedora 41 with selinux and firewalld enabled.
 ### Create the nextcloud user

 ```bash
-sudo useradd nextcloud
-sudo loginctl enable-linger $(id -u nextcloud)
+useradd nextcloud
+su - nextcloud
+ssh-keygen
+exit
+cp ~/.ssh/authorized_keys /home/nextcloud/.ssh/authorized_keys
+chown nextcloud:nextcloud /home/nextcloud/.ssh/authorized_keys
+loginctl enable-linger $(id -u nextcloud)
 ```

 ### Install Podman

 ```bash
-# As admin user
-sudo dnf install podman
+# As root user
+dnf install podman

 # Now SSH into the server as the nextcloud user
 systemctl --user enable podman-restart
 systemctl --user enable --now podman.socket
 ```

+### Create the container autostart service
+
+As the nextcloud user.
+
+`systemctl --user edit podman-restart.service`
+
+```conf
+[Service]
+ExecStart=
+ExecStart=/usr/bin/podman $LOGGING start --all --filter restart-policy=always --filter restart-policy=unless-stopped
+ExecStop=
+ExecStop=/bin/sh -c '/usr/bin/podman $LOGGING stop $(/usr/bin/podman container ls --filter restart-policy=always --filter restart-policy=unless-stopped -q)'
+```
+
+```bash
+systemctl --user daemon-reload
+```
+
+### Install Nextcloud
+
+`mkdir -p ~/.config/containers/systemd`
+
+`vim ~/.config/containers/systemd/nextcloud-aio-mastercontainer.container`
+
+```conf
+[Unit]
+Description=Nextcloud AIO Master Container
+Documentation=https://github.com/nextcloud/all-in-one/blob/main/docker-rootless.md
+After=local-fs.target
+Requires=podman.socket
+
+[Container]
+ContainerName=nextcloud-aio-mastercontainer
+Image=docker.io/nextcloud/all-in-one:latest
+PublishPort=0.0.0.0:11001:8080
+Volume=nextcloud_aio_mastercontainer:/mnt/docker-aio-config
+Volume=/run/user/1001/podman/podman.sock:/var/run/docker.sock:Z
+Network=bridge
+SecurityLabelDisable=true
+
+Environment=APACHE_PORT=11000
+Environment=APACHE_IP_BINDING=0.0.0.0
+Environment=WATCHTOWER_DOCKER_SOCKET_PATH=/run/user/1001/podman/podman.sock
+Environment=NEXTCLOUD_DATADIR="/home/nextcloud/nextcloud_data"
+Environment=SKIP_DOMAIN_VALIDATION=true
+
+[Service]
+Restart=always
+
+[Install]
+WantedBy=multi-user.target default.target
+```
+
+```bash
+systemctl --user daemon-reload
+systemctl --user start nextcloud-aio-mastercontainer
+```
+
 ### Install Caddy

 As root
@@ -84,7 +148,7 @@ Description=Caddy
 [Container]
 AddCapability=NET_ADMIN
 ContainerName=caddy
-Image=caddy
+Image=docker.io/caddy:2
 Network=host
 SecurityLabelDisable=true
 Volume=/etc/caddy:/etc/caddy
@@ -103,62 +167,10 @@ systemctl daemon-reload
 systemctl start caddy
 ```

-### Create the container autostart service

-As the nextcloud user.
+### Firewall

-`systemctl --user edit podman-restart.service`
-
-```conf
-[Service]
-ExecStart=
-ExecStart=/usr/bin/podman $LOGGING start --all --filter restart-policy=always --filter restart-policy=unless-stopped
-ExecStop=
-ExecStop=/bin/sh -c '/usr/bin/podman $LOGGING stop $(/usr/bin/podman container ls --filter restart-policy=always --filter restart-policy=unless-stopped -q)'
-```
-
-```bash
-systemctl --user daemon-reload
-systemctl --user enable podman-restart
-```
-
-### Install Nextcloud
-
-`vim ~/.config/containers/systemd/nextcloud-aio-mastercontainer.container`
-
-```conf
-[Unit]
-Description=Nextcloud AIO Master Container
-Documentation=https://github.com/nextcloud/all-in-one/blob/main/docker-rootless.md
-After=local-fs.target
-Requires=podman.socket
-
-[Container]
-ContainerName=nextcloud-aio-mastercontainer
-Image=docker.io/nextcloud/all-in-one:latest
-PublishPort=127.0.0.1:11001:8080
-Volume=nextcloud_aio_mastercontainer:/mnt/docker-aio-config
-Volume=/run/user/1001/podman/podman.sock:/var/run/docker.sock:Z
-Network=bridge
-SecurityLabelDisable=true
-
-Environment=APACHE_PORT=11000
-Environment=APACHE_IP_BINDING=127.0.0.1
-Environment=WATCHTOWER_DOCKER_SOCKET_PATH=/run/user/1001/podman/podman.sock
-Environment=NEXTCLOUD_DATADIR="/home/nextcloud/nextcloud_data"
-Environment=SKIP_DOMAIN_VALIDATION=true
-
-[Service]
-Restart=always
-
-[Install]
-WantedBy=multi-user.target default.target
-```
-
-```bash
-systemctl --user daemon-reload
-systemctl --user start nextcloud-aio-mastercontainer
-```
+Allow traffic to 11000 from your reverse proxy

 ## Backups

@@ -250,7 +262,6 @@ Sometimes this is caused by a broken app or twofactor. try:
 ./occ app:disable integration_openai
 ```

-
 ## Freezing after working for a bit

 ### Out of disk space
@@ -270,4 +281,4 @@ This can happen when the redis volume doesn't have the correct permissions
 podman exec -it --user root nextcloud-aio-redis bash
 ls -lah /data
 chown redis:redis /data
-```
+```