Nextcloud: set conservative Docker resource limits and template cleanups

- Add CPU/memory/PID limits for redis, database, proxy, cron, talk, whiteboard - Keep nextcloud service unchanged except existing settings - Normalize service_name templating and indentation in docker-compose.yml.j2 - Mount Janus config for Talk via volume Ref: https://chatgpt.com/share/68db9f41-16ec-800f-9cdf-7530862f89aa
2025-10-09 18:28:10 +02:00 · 2025-09-30 11:54:14 +02:00
parent bf94338845
commit 0a17e54d8c
2 changed files with 39 additions and 8 deletions
--- a/roles/web-app-nextcloud/config/main.yml
+++ b/roles/web-app-nextcloud/config/main.yml
@@ -31,8 +31,16 @@ docker:
  services:
    redis:
      enabled:              true
+      cpus:                 "0.25"
+      mem_reservation:      "64m"
+      mem_limit:            "256m"
+      pids_limit:           256
    database:
      enabled:              true
+      cpus:                 "0.75"
+      mem_reservation:      "512m"
+      mem_limit:            "1.5g"
+      pids_limit:           512
    nextcloud:
      name:                 "nextcloud"
      image:                "nextcloud"
@@ -49,8 +57,16 @@ docker:
      version:              "alpine"
      backup:
        no_stop_required:   true
+      cpus:                 "0.5"
+      mem_reservation:      "64m"
+      mem_limit:            "256m"
+      pids_limit:           512
    cron:
      name:                 "nextcloud-cron"
+      cpus:                 "0.25"
+      mem_reservation:      "128m"
+      mem_limit:            "512m"
+      pids_limit:           256
    talk:
      name:                 "nextcloud-talk"
      image:                "nextcloud/aio-talk"
@@ -61,12 +77,20 @@ docker:
        onboard_enabled:    true # Deactivated because standalone turnserver works with  Big Blue Button, so I assume that the nextcloud internal turnserver has it's isssues
        standalone_enabled: false
      network_mode:         host
+      cpus:                 "1.0"
+      mem_reservation:      "256m"
+      mem_limit:            "1g"
+      pids_limit:           512
    whiteboard:
      name:                 "nextcloud-whiteboard"
      image:                "ghcr.io/nextcloud-releases/whiteboard"
      version:              "latest"
      backup:
-        no_stop_required: true
+        no_stop_required:   true
+      cpus:                 "0.25"
+      mem_reservation:      "128m"
+      mem_limit:            "512m"
+      pids_limit:           256
  enabled:  "{{ applications | get_app_conf('web-app-nextcloud', 'features.oidc', False) }}"   # Activate OIDC for Nextcloud
  # floavor decides which OICD plugin should be used. 
  # Available options: oidc_login, sociallogin
--- a/roles/web-app-nextcloud/templates/docker-compose.yml.j2
+++ b/roles/web-app-nextcloud/templates/docker-compose.yml.j2
@@ -1,6 +1,7 @@
 {% include 'roles/docker-compose/templates/base.yml.j2' %}

-  proxy:
+{% set service_name = 'proxy' %}
+  {{ service_name }}:
    image: "{{ NEXTCLOUD_PROXY_IMAGE }}:{{ NEXTCLOUD_PROXY_VERSION }}"
    container_name: "{{ NEXTCLOUD_PROXY_CONTAINER }}"
    logging:
@@ -9,9 +10,9 @@
    ports:
      - "127.0.0.1:{{ NEXTCLOUD_PORT }}:{{ container_port }}"
    volumes:
-        - "{{ NEXTCLOUD_HOST_NGINX_SRC }}:/etc/nginx/nginx.conf:ro"
+      - "{{ NEXTCLOUD_HOST_NGINX_SRC }}:/etc/nginx/nginx.conf:ro"
    volumes_from:
-      - application
+      - {{ NEXTCLOUD_SERVICE }}
 {% include 'roles/docker-container/templates/healthcheck/curl.yml.j2'  %}
    networks:
      default:
@@ -21,7 +22,8 @@
      - "host.docker.internal:host-gateway"
 {% endif %}

-  application:
+{% set service_name = NEXTCLOUD_SERVICE %}
+  {{ service_name }}:
    image: "{{ NEXTCLOUD_IMAGE }}:{{ NEXTCLOUD_VERSION }}"
    container_name: {{ NEXTCLOUD_CONTAINER }}
    volumes:
@@ -38,7 +40,8 @@
        ipv4_address: 192.168.102.69

 {% if NEXTCLOUD_TALK_SIGNALING_ENABLED | bool %}
-  talk:
+{% set service_name = 'talk' %}
+  {{ service_name }}:
 {% set container_port = NEXTCLOUD_TALK_SIGNALING_PORT %}
 {% include 'roles/docker-container/templates/base.yml.j2' %}
 {% include 'roles/docker-container/templates/healthcheck/tcp.yml.j2' %}
@@ -46,6 +49,8 @@
    container_name: {{ NEXTCLOUD_TALK_CONTAINER }}
    init: true
    network_mode: {{ NEXTCLOUD_TALK_NETWORK_MODE }}
+    volumes:
+      - {{ NEXTCLOUD_HOST_JANUS_CONF_PATH }}:/usr/local/etc/janus/janus.jcfg:ro
 {% if NEXTCLOUD_TALK_NETWORK_MODE == 'bridge' and NEXTCLOUD_TALK_TURN_ONBOARD_ENABLED | bool %}
    ports:
      - {{ networks.internet.ip4 }}:{{ NEXTCLOUD_TALK_TURN_ONBOARD_PORT }}:{{ NEXTCLOUD_TALK_TURN_ONBOARD_PORT }}/tcp
@@ -60,7 +65,8 @@
 {% endif %}

 {% if NEXTCLOUD_WHITEBOARD_ENABLED %}
-  whiteboard:
+{% set service_name = 'whiteboard' %}
+  {{ service_name }}:
 {% set container_port = NEXTCLOUD_WHITEBOARD_PORT_INTERNAL %}
 {% include 'roles/docker-container/templates/base.yml.j2' %}
 {% include 'roles/docker-container/templates/healthcheck/nc.yml.j2' %}
@@ -73,7 +79,8 @@
        ipv4_address: 192.168.102.71
 {% endif %}

-  cron:
+{% set service_name = 'cron' %}
+  {{ service_name }}:
    container_name: "{{ NEXTCLOUD_CRON_CONTAINER }}"
    image: "{{ NEXTCLOUD_IMAGE }}:{{ NEXTCLOUD_VERSION }}"
    restart: {{ DOCKER_RESTART_POLICY }}