Nextcloud: set conservative Docker resource limits and template cleanups

- Add CPU/memory/PID limits for redis, database, proxy, cron, talk, whiteboard - Keep nextcloud service unchanged except existing settings - Normalize service_name templating and indentation in docker-compose.yml.j2 - Mount Janus config for Talk via volume Ref: https://chatgpt.com/share/68db9f41-16ec-800f-9cdf-7530862f89aa
2025-10-10 10:48:10 +02:00 · 2025-09-30 11:54:14 +02:00
parent bf94338845
commit 0a17e54d8c
2 changed files with 39 additions and 8 deletions
--- a/roles/web-app-nextcloud/config/main.yml
+++ b/roles/web-app-nextcloud/config/main.yml
@@ -31,8 +31,16 @@ docker:
  services:
    redis:
      enabled:              true
+      cpus:                 "0.25"
+      mem_reservation:      "64m"
+      mem_limit:            "256m"
+      pids_limit:           256
    database:
      enabled:              true
+      cpus:                 "0.75"
+      mem_reservation:      "512m"
+      mem_limit:            "1.5g"
+      pids_limit:           512
    nextcloud:
      name:                 "nextcloud"
      image:                "nextcloud"
@@ -49,8 +57,16 @@ docker:
      version:              "alpine"
      backup:
        no_stop_required:   true
+      cpus:                 "0.5"
+      mem_reservation:      "64m"
+      mem_limit:            "256m"
+      pids_limit:           512
    cron:
      name:                 "nextcloud-cron"
+      cpus:                 "0.25"
+      mem_reservation:      "128m"
+      mem_limit:            "512m"
+      pids_limit:           256
    talk:
      name:                 "nextcloud-talk"
      image:                "nextcloud/aio-talk"
@@ -61,12 +77,20 @@ docker:
        onboard_enabled:    true # Deactivated because standalone turnserver works with  Big Blue Button, so I assume that the nextcloud internal turnserver has it's isssues
        standalone_enabled: false
      network_mode:         host
+      cpus:                 "1.0"
+      mem_reservation:      "256m"
+      mem_limit:            "1g"
+      pids_limit:           512
    whiteboard:
      name:                 "nextcloud-whiteboard"
      image:                "ghcr.io/nextcloud-releases/whiteboard"
      version:              "latest"
      backup:
-        no_stop_required: true
+        no_stop_required:   true
+      cpus:                 "0.25"
+      mem_reservation:      "128m"
+      mem_limit:            "512m"
+      pids_limit:           256
  enabled:  "{{ applications | get_app_conf('web-app-nextcloud', 'features.oidc', False) }}"   # Activate OIDC for Nextcloud
  # floavor decides which OICD plugin should be used. 
  # Available options: oidc_login, sociallogin