moving everything to active or retired vs incubating and graduated

active/podman_nextcloud/nextcloud-aio.md

@@ -0,0 +1,290 @@
+# Nextcloud AIO
+
+- [Nextcloud AIO](#nextcloud-aio)
+  - [Install with Rootless Podman](#install-with-rootless-podman)
+    - [Create the nextcloud user](#create-the-nextcloud-user)
+    - [Install Podman](#install-podman)
+    - [Create the container autostart service](#create-the-container-autostart-service)
+    - [Install Nextcloud](#install-nextcloud)
+    - [Install Caddy](#install-caddy)
+    - [Firewall](#firewall)
+  - [Backups](#backups)
+  - [Maintenace Mode](#maintenace-mode)
+  - [Trusted Proxy](#trusted-proxy)
+  - [Default phone region](#default-phone-region)
+  - [Adding existing files](#adding-existing-files)
+  - [Theming](#theming)
+  - [Changing the domain](#changing-the-domain)
+  - [Uninstall](#uninstall)
+  - [Edit QCOW](#edit-qcow)
+  - [Stuck in login screen](#stuck-in-login-screen)
+  - [Freezing after working for a bit](#freezing-after-working-for-a-bit)
+    - [Out of disk space](#out-of-disk-space)
+    - [Redis can't dump its DB](#redis-cant-dump-its-db)
+
+<https://github.com/nextcloud/all-in-one>
+
+## Install with Rootless Podman
+
+Roughly taken from <https://github.com/nextcloud/all-in-one/discussions/3487>
+
+This has been tested working on Fedora 41 with selinux and firewalld enabled.
+
+### Create the nextcloud user
+
+```bash
+useradd nextcloud
+su - nextcloud
+ssh-keygen
+exit
+cp ~/.ssh/authorized_keys /home/nextcloud/.ssh/authorized_keys
+chown nextcloud:nextcloud /home/nextcloud/.ssh/authorized_keys
+loginctl enable-linger $(id -u nextcloud)
+```
+
+### Install Podman
+
+```bash
+# As root user
+dnf install podman
+
+# Now SSH into the server as the nextcloud user
+systemctl --user enable podman-restart
+systemctl --user enable --now podman.socket
+```
+
+### Create the container autostart service
+
+As the nextcloud user.
+
+`systemctl --user edit podman-restart.service`
+
+```conf
+[Service]
+ExecStart=
+ExecStart=/usr/bin/podman $LOGGING start --all --filter restart-policy=always --filter restart-policy=unless-stopped
+ExecStop=
+ExecStop=/bin/sh -c '/usr/bin/podman $LOGGING stop $(/usr/bin/podman container ls --filter restart-policy=always --filter restart-policy=unless-stopped -q)'
+```
+
+```bash
+systemctl --user daemon-reload
+```
+
+### Install Nextcloud
+
+`mkdir -p ~/.config/containers/systemd`
+
+`vim ~/.config/containers/systemd/nextcloud-aio-mastercontainer.container`
+
+```conf
+[Unit]
+Description=Nextcloud AIO Master Container
+Documentation=https://github.com/nextcloud/all-in-one/blob/main/docker-rootless.md
+After=local-fs.target
+Requires=podman.socket
+
+[Container]
+ContainerName=nextcloud-aio-mastercontainer
+Image=docker.io/nextcloud/all-in-one:latest
+PublishPort=0.0.0.0:11001:8080
+Volume=nextcloud_aio_mastercontainer:/mnt/docker-aio-config
+Volume=/run/user/1001/podman/podman.sock:/var/run/docker.sock:Z
+Network=bridge
+SecurityLabelDisable=true
+
+Environment=APACHE_PORT=11000
+Environment=APACHE_IP_BINDING=0.0.0.0
+Environment=WATCHTOWER_DOCKER_SOCKET_PATH=/run/user/1001/podman/podman.sock
+Environment=NEXTCLOUD_DATADIR="/home/nextcloud/nextcloud_data"
+Environment=SKIP_DOMAIN_VALIDATION=true
+
+[Service]
+Restart=always
+
+[Install]
+WantedBy=multi-user.target default.target
+```
+
+```bash
+systemctl --user daemon-reload
+systemctl --user start nextcloud-aio-mastercontainer
+```
+
+### Install Caddy
+
+As root
+
+```bash
+mkdir /etc/caddy
+vim /etc/caddy/Caddyfile
+```
+
+Caddy will automatically provision certificates if the server DNS points to the correct IP
+and is accessible on the ports specifified. All you need to do is put `https` in the caddy conf.
+
+```conf
+https://nextcloud.reeseapps.com:443 {
+    reverse_proxy 127.0.0.1:11000
+}
+
+https://nextcloud.reeseapps.com:8443 {
+    reverse_proxy 127.0.0.1:11001 {
+        transport http {
+            tls_insecure_skip_verify
+        }
+    }
+}
+```
+
+```bash
+vim /etc/containers/systemd/caddy.container
+```
+
+```conf
+[Unit]
+Description=Caddy
+
+[Container]
+AddCapability=NET_ADMIN
+ContainerName=caddy
+Image=docker.io/caddy:2
+Network=host
+SecurityLabelDisable=true
+Volume=/etc/caddy:/etc/caddy
+Volume=caddy_data:/data
+Volume=caddy_config:/config
+
+[Service]
+Restart=always
+
+[Install]
+WantedBy=default.target
+```
+
+```bash
+systemctl daemon-reload
+systemctl start caddy
+```
+
+
+### Firewall
+
+Allow traffic to 11000 from your reverse proxy
+
+## Backups
+
+IMPORTANT: you will need both KEY AND PASSPHRASE to access this repo!
+If you used a repokey mode, the key is stored in the repo, but you should back it up separately.
+Use "borg key export" to export the key, optionally in printable format.
+Write down the passphrase. Store both at safe place(s).
+
+```bash
+docker exec nextcloud-aio-borgbackup borg key export /mnt/borgbackup/borg/
+```
+
+If you need to reset the borg backup repo:
+
+```bash
+docker exec nextcloud-aio-borgbackup rm /mnt/docker-aio-config/data/borg.config
+```
+
+## Maintenace Mode
+
+```bash
+docker stop nextcloud-aio-apache
+docker exec -it -u www-data nextcloud-aio-nextcloud ./occ maintenance:mode --on
+
+docker start nextcloud-aio-apache
+docker exec -it -u www-data nextcloud-aio-nextcloud ./occ maintenance:mode --off
+```
+
+## Trusted Proxy
+
+If running with a reverse proxy.
+
+```bash
+docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set trusted_proxies 2 --value="10.1.0.0/16"
+docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set trusted_proxies 3 --value="fd00:fd41:d0f1:1010::/64"
+```
+
+## Default phone region
+
+```bash
+docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set default_phone_region --value="US"
+```
+
+## Adding existing files
+
+```bash
+docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan --path=ducoterra/files
+```
+
+## Theming
+
+Red: `#B30000`
+
+## Changing the domain
+
+```bash
+docker run -it --rm --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config:rw alpine sh -c "apk add --no-cache nano && nano /mnt/docker-aio-config/data/configuration.json"
+```
+
+## Uninstall
+
+```bash
+docker stop $(docker ps -a -q)
+docker container prune
+
+# DANGER ZONE
+# This deletes all your data
+docker volume prune -a -f
+```
+
+defaults,_netdev,x-systemd.requires=iscsid.service   0      1
+
+## Edit QCOW
+
+```bash
+sudo modprobe nbd
+sudo qemu-nbd -c /dev/nbd0 --read-only /path/to/image.qcow2
+udisksctl mount -b /dev/nbd0p1
+```
+
+## Stuck in login screen
+
+Check logs at `/var/www/html/data/nextcloud.log` in `nextcloud-aio-nextcloud` container.
+
+Sometimes this is caused by a broken app or twofactor. try:
+
+```bash
+# Disable two factor
+./occ twofactorauth:state <user>
+./occ twofactorauth:disable <user> totp
+```
+
+```bash
+# Disable problem app
+./occ app:disable integration_openai
+```
+
+## Freezing after working for a bit
+
+### Out of disk space
+
+This can happen when nextcloud tries to write logs to its volume and doesn't have enough space
+
+```bash
+podman exec -it nextcloud-aio-nextcloud bash
+df -h .
+```
+
+### Redis can't dump its DB
+
+This can happen when the redis volume doesn't have the correct permissions
+
+```bash
+podman exec -it --user root nextcloud-aio-redis bash
+ls -lah /data
+chown redis:redis /data
+```