nextcloud: Build with new architecture

.github/workflows/package-nextcloud.yml

@@ -4,13 +4,21 @@ on:
   push:
     branches:
       - main
+      - test
+      - dev
     paths:
       - 'nextcloud/**'
   workflow_dispatch: {}
 
 jobs:
-  package:
+  package-nextcloud:
     uses: "./.github/workflows/package.yml"
     with:
       name: nextcloud
       path: nextcloud
+  package-nginx:
+    uses: "./.github/workflows/package.yml"
+    with:
+      name: nextcloud
+      file: Containerfile-nginx
+      path: nextcloud

nextcloud/Containerfile

@@ -46,26 +46,20 @@ RUN set -ex; \
         php82-pecl-memcached \
         php82-pecl-imagick \
         php82-pecl-redis; \
-    ln -sf /usr/bin/php82 /usr/bin/php
+    ln -sf /usr/bin/php82 /usr/bin/php; \
+    ln -sf /usr/sbin/php-fpm82 /usr/sbin/php-fpm;
 
 RUN set -ex; \
-    mkdir -p /var/www/html; \
-    groupmod -g 101 www-data; \
-    adduser -h /var/www/html -H -s /sbin/nologin -S -u 101 -G www-data www-data
-
-WORKDIR /var/www/html
+    mkdir -p /var/www/nextcloud; \
+    groupmod -g 101 -o www-data; \
+    adduser -h /var/www/nextcloud -H -s /sbin/nologin -S -u 101 -G www-data www-data
 
 # set recommended PHP.ini settings
 # see https://docs.nextcloud.com/server/stable/admin_manual/installation/server_tuning.html#enable-php-opcache
 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=1024M
 COPY php.conf.d/ /etc/php82/conf.d/
 COPY php-fpm.d/ /etc/php82/php-fpm.d/
-RUN rm /var/spool/cron/crontabs/root; \
-    echo '*/5 * * * * php82 -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data; \
-    \
-    chown -R www-data:www-data /var/www; \
-    chmod -R g=u /var/www
 
 ENV NEXTCLOUD_VERSION=${APP_VERSION}
 
@@ -78,19 +72,28 @@ RUN set -ex; \
     # gpg key from https://nextcloud.com/nextcloud.asc
     gpg --batch --keyserver keyserver.ubuntu.com  --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
     gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
-    mkdir -p /usr/src; \
-    tar -xjf nextcloud.tar.bz2 -C /usr/src/; \
+    tar -xjf nextcloud.tar.bz2 -C /var/www/; \
     gpgconf --kill all; \
     rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
-    rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \
-    mkdir -p /usr/src/nextcloud/data; \
-    mkdir -p /usr/src/nextcloud/custom_apps; \
-    chmod +x /usr/src/nextcloud/occ;
+    rm -rf "$GNUPGHOME"; \
+    mkdir -p /var/www/nextcloud/data; \
+    mkdir -p /var/www/nextcloud/custom_apps; \
+    chmod +x /var/www/nextcloud/occ; \
+    chown -R www-data:www-data /var/www; \
+    chmod -R g=u /var/www; \
+    # Setup cronjob
+    rm /var/spool/cron/crontabs/root; \
+    echo '*/5 * * * * php -f /var/www/nextcloud/cron.php' > /var/spool/cron/crontabs/www-data;
+
+COPY entrypoint.sh upgrade.sh /
+COPY config/* /usr/share/nextcloud/config/
 
-COPY entrypoint.sh upgrade.sh upgrade.exclude /
-COPY config/* /usr/src/nextcloud/config/
+WORKDIR /var/www/nextcloud
 
-VOLUME /var/www/html
+VOLUME /var/www/nextcloud/data
+VOLUME /var/www/nextcloud/custom_apps
+VOLUME /var/www/nextcloud/config
+VOLUME /var/www/nextcloud/themes
 
 ENTRYPOINT ["/entrypoint.sh"]
-CMD ["php-fpm82", "-F"]
+CMD ["php-fpm", "-F"]

nextcloud/Containerfile-nginx

@@ -0,0 +1,45 @@
+FROM alpine:3.19
+
+ARG APP_VERSION
+
+RUN set -ex; \
+    apk add --no-cache \
+        bzip2 \
+        curl \
+        gnupg \
+        nginx \
+        shadow
+
+RUN set -ex; \
+    mkdir -p /var/www/nextcloud; \
+    groupmod -g 101 -o www-data; \
+    adduser -h /var/www/nextcloud -H -s /sbin/nologin -S -u 101 -G www-data www-data
+
+ENV NEXTCLOUD_VERSION=${APP_VERSION}
+
+RUN set -ex; \
+    curl -fsSL -o nextcloud.tar.bz2 \
+        "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \
+    curl -fsSL -o nextcloud.tar.bz2.asc \
+        "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \
+    export GNUPGHOME="$(mktemp -d)"; \
+    # gpg key from https://nextcloud.com/nextcloud.asc
+    gpg --batch --keyserver keyserver.ubuntu.com  --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
+    gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
+    tar -xjf nextcloud.tar.bz2 -C /var/www/; \
+    gpgconf --kill all; \
+    rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
+    rm -rf "$GNUPGHOME"; \
+    chown -R www-data:www-data /var/www; \
+    chmod -R g=u /var/www;
+
+ADD nginx.conf /etc/nginx/nginx.conf
+
+WORKDIR /var/www/nextcloud
+
+VOLUME /var/www/nextcloud/custom_apps
+VOLUME /var/www/nextcloud/themes
+
+USER 101:101
+
+CMD ["nginx", "-c", "/etc/nginx/nginx.conf"]

nextcloud/config/apcu.config.php

@@ -1,4 +1,4 @@
 <?php
 $CONFIG = array (
-  'memcache.local' => '\OC\Memcache\APCu',
+    'memcache.local' => '\OC\Memcache\APCu',
 );

nextcloud/config/apps.config.php

@@ -1,15 +1,15 @@
 <?php
 $CONFIG = array (
-  'apps_paths' => array (
-      0 => array (
-              'path'     => OC::$SERVERROOT.'/apps',
-              'url'      => '/apps',
-              'writable' => false,
-      ),
-      1 => array (
-              'path'     => OC::$SERVERROOT.'/custom_apps',
-              'url'      => '/custom_apps',
-              'writable' => true,
-      ),
-  ),
+    'apps_paths' => array (
+        0 => array (
+            'path'     => OC::$SERVERROOT.'/apps',
+            'url'      => '/apps',
+            'writable' => false,
+        ),
+        1 => array (
+            'path'     => OC::$SERVERROOT.'/custom_apps',
+            'url'      => '/custom_apps',
+            'writable' => true,
+        ),
+    ),
 );

nextcloud/config/autoconfig.php

@@ -2,6 +2,14 @@
 
 $autoconfig_enabled = false;
 
+if (getenv('NEXTCLOUD_ADMIN_USER_FILE') && getenv('NEXTCLOUD_ADMIN_PASSWORD_FILE')) {
+    $AUTOCONFIG['adminlogin'] = trim(file_get_contents(getenv('NEXTCLOUD_ADMIN_USER_FILE')));
+    $AUTOCONFIG['adminpass'] = trim(file_get_contents(getenv('NEXTCLOUD_ADMIN_PASSWORD_FILE')));
+} elseif (getenv('NEXTCLOUD_ADMIN_USER') && getenv('NEXTCLOUD_ADMIN_PASSWORD')) {
+    $AUTOCONFIG['adminlogin'] = getenv('NEXTCLOUD_ADMIN_USER');
+    $AUTOCONFIG['adminpass'] = getenv('NEXTCLOUD_ADMIN_PASSWORD');
+}
+
 if (getenv('SQLITE_DATABASE')) {
     $AUTOCONFIG['dbtype'] = 'sqlite';
     $AUTOCONFIG['dbname'] = getenv('SQLITE_DATABASE');
@@ -37,5 +45,5 @@
 }
 
 if ($autoconfig_enabled) {
-    $AUTOCONFIG['directory'] = getenv('NEXTCLOUD_DATA_DIR') ?: '/var/www/html/data';
+    $AUTOCONFIG['directory'] = getenv('NEXTCLOUD_DATA_DIR') ?: '/var/www/nextcloud/data';
 }

nextcloud/config/disable-web-upgrade.config.php

@@ -0,0 +1,4 @@
+<?php
+$CONFIG = array (
+    'upgrade.disable-web' => true,
+);

nextcloud/config/redis.config.php

@@ -1,17 +1,17 @@
 <?php
 if (getenv('REDIS_HOST')) {
-  $CONFIG = array(
-    'memcache.distributed' => '\OC\Memcache\Redis',
-    'memcache.locking' => '\OC\Memcache\Redis',
-    'redis' => array(
-      'host' => getenv('REDIS_HOST'),
-      'password' => (string) getenv('REDIS_HOST_PASSWORD'),
-    ),
-  );
+    $CONFIG = array(
+        'memcache.distributed' => '\OC\Memcache\Redis',
+        'memcache.locking' => '\OC\Memcache\Redis',
+        'redis' => array(
+            'host' => getenv('REDIS_HOST'),
+            'password' => (string) getenv('REDIS_HOST_PASSWORD'),
+        ),
+    );
 
-  if (getenv('REDIS_HOST_PORT') !== false) {
-    $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
-  } elseif (getenv('REDIS_HOST')[0] != '/') {
-    $CONFIG['redis']['port'] = 6379;
-  }
+    if (getenv('REDIS_HOST_PORT') !== false) {
+        $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
+    } elseif (getenv('REDIS_HOST')[0] != '/') {
+        $CONFIG['redis']['port'] = 6379;
+    }
 }

nextcloud/config/smtp.config.php

@@ -1,22 +1,22 @@
 <?php
 if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) {
-  $CONFIG = array (
-    'mail_smtpmode' => 'smtp',
-    'mail_smtphost' => getenv('SMTP_HOST'),
-    'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
-    'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
-    'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'),
-    'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
-    'mail_smtpname' => getenv('SMTP_NAME') ?: '',
-    'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
-    'mail_domain' => getenv('MAIL_DOMAIN'),
-  );
+    $CONFIG = array (
+        'mail_smtpmode' => 'smtp',
+        'mail_smtphost' => getenv('SMTP_HOST'),
+        'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
+        'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
+        'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'),
+        'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
+        'mail_smtpname' => getenv('SMTP_NAME') ?: '',
+        'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
+        'mail_domain' => getenv('MAIL_DOMAIN'),
+    );
 
-  if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) {
-      $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE')));
-  } elseif (getenv('SMTP_PASSWORD')) {
-      $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD');
-  } else {
-      $CONFIG['mail_smtppassword'] = '';
-  }
+    if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) {
+        $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE')));
+    } elseif (getenv('SMTP_PASSWORD')) {
+        $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD');
+    } else {
+        $CONFIG['mail_smtppassword'] = '';
+    }
 }

nextcloud/entrypoint.sh

@@ -4,4 +4,3 @@ set -eu
 busybox crond -f -l 0 -L /dev/stdout &
 
 exec "$@"
-