Optimized Nextcloud variables

This commit is contained in:
2025-09-27 12:14:57 +02:00
parent c3e5db7f2e
commit 75d476267e
10 changed files with 60 additions and 51 deletions

View File

@@ -51,8 +51,10 @@ docker:
version: "latest"
backup:
no_stop_required: false
internal: true
network_mode: host
turn_server:
onboard_enabled: true
standalone_enabled: true
network_mode: host
whiteboard:
name: "nextcloud-whiteboard"
image: "ghcr.io/nextcloud-releases/whiteboard"

View File

@@ -33,5 +33,5 @@
- name: create internal nextcloud nginx configuration
template:
src: "nginx/docker.conf.j2"
dest: "{{ [docker_compose.directories.volumes, 'nginx.conf'] | path_join }}"
dest: "{{ NEXTCLOUD_HOST_NGINX_SRC }}"
notify: restart nextcloud nginx service

View File

@@ -35,5 +35,3 @@
plugin_key: "{{ plugin_item.key }}"
plugin_value: "{{ plugin_item.value }}"
when: NEXTCLOUD_PLUGINS_ENABLED

View File

@@ -5,3 +5,4 @@
flush_handlers: true
when:
- run_once_web_svc_coturn is not defined
- NEXTCLOUD_TALK_TURN_STANDALONE_ENABLED | bool

View File

@@ -5,7 +5,7 @@
return 'turn_servers' => [
[
'host' => 'coturn',
'port' => 3478,
'port' => {{ NEXTCLOUD_TALK_TURN_ONBOARD_STUN_PORT }},
'secret' => 'my-secret-key',
'protocols' => 'udp,tcp'
]

View File

@@ -7,9 +7,9 @@
driver: journald
restart: {{ DOCKER_RESTART_POLICY }}
ports:
- "127.0.0.1:{{ ports.localhost.http[application_id] }}:{{ container_port }}"
- "127.0.0.1:{{ NEXTCLOUD_PORT }}:{{ container_port }}"
volumes:
- "{{ docker_compose.directories.volumes }}nginx.conf:/etc/nginx/nginx.conf:ro"
- "{{ NEXTCLOUD_HOST_NGINX_SRC }}:/etc/nginx/nginx.conf:ro"
volumes_from:
- application
{% include 'roles/docker-container/templates/healthcheck/curl.yml.j2' %}
@@ -37,9 +37,9 @@
{% include 'roles/docker-container/templates/networks.yml.j2' %}
ipv4_address: 192.168.102.69
{% if NEXTCLOUD_TALK_SERVICE_ENABLED %}
{% if NEXTCLOUD_TALK_TURN_ONBOARD_ENABLED | bool %}
talk:
{% set container_port = NEXTCLOUD_TALK_PORT_INTERNAL %}
{% set container_port = NEXTCLOUD_TALK_SIGNALING_PORT %}
{% include 'roles/docker-container/templates/base.yml.j2' %}
{% include 'roles/docker-container/templates/healthcheck/tcp.yml.j2' %}
image: "{{ NEXTCLOUD_TALK_IMAGE }}:{{ NEXTCLOUD_TALK_VERSION }}"
@@ -48,9 +48,9 @@
network_mode: {{ NEXTCLOUD_TALK_NETWORK_MODE }}
{% if NEXTCLOUD_TALK_NETWORK_MODE == 'bridge' %}
ports:
- {{ networks.internet.ip4 }}:{{ NEXTCLOUD_TALK_STUN_PORT }}:{{ NEXTCLOUD_TALK_INT_TURN_PORT }}/tcp
- {{ networks.internet.ip4 }}:{{ NEXTCLOUD_TALK_STUN_PORT }}:{{ NEXTCLOUD_TALK_INT_TURN_PORT }}/udp
- {{ NEXTCLOUD_TALK_RELAY_PORT_RANGE }}:{{ NEXTCLOUD_TALK_RELAY_PORT_RANGE }}/udp
- {{ networks.internet.ip4 }}:{{ NEXTCLOUD_TALK_STUN_PORT }}:{{ NEXTCLOUD_TALK_TURN_ONBOARD_STUN_PORT }}/tcp
- {{ networks.internet.ip4 }}:{{ NEXTCLOUD_TALK_STUN_PORT }}:{{ NEXTCLOUD_TALK_TURN_ONBOARD_STUN_PORT }}/udp
- {{ NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_RANGE }}:{{ NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_RANGE }}/udp
expose:
- "{{ container_port }}"
networks:

View File

@@ -24,7 +24,7 @@ MAIL_FROM_ADDRESS= "{{ users['no-reply'].username }}"
MAIL_DOMAIN= "{{ SYSTEM_EMAIL.DOMAIN }}"
# Initial Admin Data
NEXTCLOUD_ADMIN_USER= "{{ NEXTCLOUD_ADMINISTRATOR_USER }}"
NEXTCLOUD_ADMIN_USER= "{{ NEXTCLOUD_ADMINISTRATOR_USERNAME }}"
NEXTCLOUD_ADMIN_PASSWORD= "{{ NEXTCLOUD_ADMINISTRATOR_PASSWORD }}"
# Security
@@ -43,15 +43,15 @@ REDIS_PORT= 6379
# Talk Configuration
NC_DOMAIN={{ NEXTCLOUD_DOMAIN }}
TALK_HOST={{ NEXTCLOUD_TALK_DOMAIN }}
TURN_SECRET={{ NEXTCLOUD_TALK_TURN_SECRET }}
TURN_SECRET={{ NEXTCLOUD_TALK_TURN_ONBOARD_SECRET }}
SIGNALING_SECRET={{ NEXTCLOUD_TALK_SIGNALING_SECRET }}
INTERNAL_SECRET={{ NEXTCLOUD_TALK_INTERNAL_SECRET }}
TZ={{ HOST_TIMEZONE }}
TALK_PORT={{ NEXTCLOUD_TALK_INT_TURN_PORT }}
TURN_MIN_PORT={{ NEXTCLOUD_TALK_RELAY_PORT_START }}
TURN_MAX_PORT={{ NEXTCLOUD_TALK_RELAY_PORT_END }}
COTURN_MIN_PORT={{ NEXTCLOUD_TALK_RELAY_PORT_START }}
COTURN_MAX_PORT={{ NEXTCLOUD_TALK_RELAY_PORT_END }}
TALK_PORT={{ NEXTCLOUD_TALK_TURN_ONBOARD_STUN_PORT }}
TURN_MIN_PORT={{ NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_START }}
TURN_MAX_PORT={{ NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_END }}
COTURN_MIN_PORT={{ NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_START }}
COTURN_MAX_PORT={{ NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_END }}
{% endif %}
{% if NEXTCLOUD_WHITEBOARD_ENABLED %}

View File

@@ -190,12 +190,12 @@ http {
proxy_read_timeout 3600;
}
{% if NEXTCLOUD_TALK_SERVICE_ENABLED %}
location {{ NEXTCLOUD_TALK_LOCATION }} {
{% if NEXTCLOUD_TALK_TURN_ONBOARD_ENABLED | bool %}
location {{ NEXTCLOUD_TALK_SIGNALING_LOCATION }} {
{% if NEXTCLOUD_TALK_NETWORK_MODE == 'host' %}
proxy_pass http://host.docker.internal:{{ NEXTCLOUD_TALK_PORT_INTERNAL }}/;
proxy_pass http://host.docker.internal:{{ NEXTCLOUD_TALK_SIGNALING_PORT }}/;
{% else %}
proxy_pass http://talk:{{ NEXTCLOUD_TALK_PORT_INTERNAL }}/;
proxy_pass http://talk:{{ NEXTCLOUD_TALK_SIGNALING_PORT }}/;
{% endif %}
proxy_http_version 1.1;
proxy_set_header Host $host;

View File

@@ -8,16 +8,15 @@ database_password: "{{ applications | get_app_conf(application_
database_type: "mariadb" # Database flavor
# Nextcloud
## General
NEXTCLOUD_DOMAIN: "{{ domains | get_domain(application_id) }}"
NEXTCLOUD_PORT: "{{ ports.localhost.http[application_id] }}"
NEXTCLOUD_URL: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
NEXTCLOUD_PLUGINS_ENABLED: "{{ applications | get_app_conf(application_id, 'plugins_enabled') }}"
NEXTCLOUD_ADMINISTRATOR_USERNAME: "{{ applications | get_app_conf(application_id, 'users.administrator.username') }}"
## Plugins
NEXTCLOUD_PLUGIN_ITEMS: "{{ applications | get_app_conf(application_id, 'plugins') | dict2items }}"
NEXTCLOUD_PLUGINS_ENABLED: "{{ applications | get_app_conf(application_id, 'plugins_enabled') }}"
## Paths
@@ -25,6 +24,7 @@ NEXTCLOUD_PLUGIN_ITEMS: "{{ applications | get_app_conf(application_
NEXTCLOUD_HOST_CONF_ADD_PATH: "{{ [ docker_compose.directories.volumes, 'infinito' ] | path_join }}" # This folder is the path to which the additive configurations will be copied
NEXTCLOUD_HOST_INCL_PATH: "{{ [ docker_compose.directories.volumes, 'includes.php' ] | path_join }}" # Path to the instruction file on the host. Responsible for loading the additional configurations
NEXTCLOUD_HOST_NGINX_PATH: "{{ [ NGINX.DIRECTORIES.HTTP.SERVERS, NEXTCLOUD_DOMAIN ~ '.conf' ] | path_join }}" # Nginx path for proxy conf
NEXTCLOUD_HOST_NGINX_SRC: "{{ [ docker_compose.directories.volumes, 'nginx.conf' ] | path_join }}"
## Control Node
NEXTCLOUD_CNODE_PLUGIN_VARS_PATH: "{{ [role_path, 'vars/plugins/'] | path_join }}" # Folder in which the files for the plugin configuration are stored
@@ -38,8 +38,8 @@ NEXTCLOUD_DOCKER_CONF_ADD_PATH: "{{ [ NEXTCLOUD_DOCKER_CONF_DIRECTORY, 'infi
NEXTCLOUD_DOCKER_INCL_PATH: "/tmp/includes.php" # Path to the temporary file which will be included to the config.php to load the additional configurations
## Administrator
NEXTCLOUD_ADMINISTRATOR_USER: "{{ applications | get_app_conf(application_id, 'users.administrator.username') }}"
NEXTCLOUD_ADMINISTRATOR_PASSWORD: "{{ applications | get_app_conf(application_id, 'credentials.administrator_password') }}"
NEXTCLOUD_ADMINISTRATOR_USERNAME: "{{ applications | get_app_conf(application_id, 'users.administrator.username') }}"
## Docker
@@ -57,29 +57,37 @@ NEXTCLOUD_PROXY_VERSION: "{{ applications | get_app_conf(application_
### Cron
NEXTCLOUD_CRON_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.cron.name') }}"
### Talk
#### Service
_NEXTCLOUD_COTURN_STANDALONE_ROLE: 'web-svc-coturn'
NEXTCLOUD_TALK_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.talk.name') }}"
NEXTCLOUD_TALK_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.talk.image') }}"
NEXTCLOUD_TALK_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.talk.version') }}"
NEXTCLOUD_TALK_PLUGIN_ENABLED: "{{ applications | get_app_conf(application_id, 'plugins.spreed.enabled') }}"
NEXTCLOUD_TALK_SERVICE_ENABLED: "{{ applications | get_app_conf(application_id, 'docker.services.talk.internal') if NEXTCLOUD_TALK_PLUGIN_ENABLED else false }}"
NEXTCLOUD_TALK_TURN_SECRET: "{{ applications | get_app_conf(application_id, 'credentials.talk_turn_secret') if NEXTCLOUD_TALK_SERVICE_ENABLED else applications | get_app_conf(_NEXTCLOUD_COTURN_STANDALONE_ROLE, 'credentials.auth_secret') }}"
NEXTCLOUD_TALK_SIGNALING_SECRET: "{{ applications | get_app_conf(application_id, 'credentials.talk_signaling_secret') }}"
NEXTCLOUD_TALK_INTERNAL_SECRET: "{{ applications | get_app_conf(application_id, 'credentials.talk_internal_secret') }}"
NEXTCLOUD_TALK_LOCATION: "/standalone-signaling/"
NEXTCLOUD_TALK_PORT_INTERNAL: "8081"
NEXTCLOUD_TALK_INT_TURN_PORT: "3478"
NEXTCLOUD_TALK_RELAY_PORT_START: "{{ ports.public.relay_port_ranges[application_id ~ '_start'] }}"
NEXTCLOUD_TALK_RELAY_PORT_END: "{{ ports.public.relay_port_ranges[application_id ~ '_end' ] }}"
NEXTCLOUD_TALK_RELAY_PORT_RANGE: "{{ NEXTCLOUD_TALK_RELAY_PORT_START }}-{{ NEXTCLOUD_TALK_RELAY_PORT_END }}"
NEXTCLOUD_TALK_NETWORK_MODE: "{{ applications | get_app_conf(application_id, 'docker.services.talk.network_mode') }}"
### Talk
# Connection
NEXTCLOUD_TALK_STUN_PORT: "{{ ports.public.stun_turn[application_id] if NEXTCLOUD_TALK_SERVICE_ENABLED else ports.public.stun_turn[_NEXTCLOUD_COTURN_STANDALONE_ROLE] }}"
NEXTCLOUD_TALK_DOMAIN: "{{ NEXTCLOUD_DOMAIN if NEXTCLOUD_TALK_SERVICE_ENABLED else (domains | get_domain(_NEXTCLOUD_COTURN_STANDALONE_ROLE)) }}"
NEXTCLOUD_TALK_SIGNALING_URL: "{{ [ NEXTCLOUD_URL, NEXTCLOUD_TALK_LOCATION ] | url_join }}"
#### General
NEXTCLOUD_TALK_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.talk.name') }}"
NEXTCLOUD_TALK_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.talk.image') }}"
NEXTCLOUD_TALK_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.talk.version') }}"
NEXTCLOUD_TALK_PLUGIN_ENABLED: "{{ applications | get_app_conf(application_id, 'plugins.spreed.enabled') }}"
NEXTCLOUD_TALK_NETWORK_MODE: "{{ applications | get_app_conf(application_id, 'docker.services.talk.network_mode') }}"
NEXTCLOUD_TALK_INTERNAL_SECRET: "{{ applications | get_app_conf(application_id, 'credentials.talk_internal_secret') }}"
NEXTCLOUD_TALK_DOMAIN: "{{ NEXTCLOUD_DOMAIN if NEXTCLOUD_TALK_TURN_ONBOARD_ENABLED else (domains | get_domain(NEXTCLOUD_TALK_TURN_STANDALONE_ROLE)) }}"
#### Signaling
NEXTCLOUD_TALK_SIGNALING_SECRET: "{{ applications | get_app_conf(application_id, 'credentials.talk_signaling_secret') }}"
NEXTCLOUD_TALK_SIGNALING_LOCATION: "/standalone-signaling/"
NEXTCLOUD_TALK_SIGNALING_PORT: "8081"
NEXTCLOUD_TALK_SIGNALING_URL: "{{ [ NEXTCLOUD_URL, NEXTCLOUD_TALK_SIGNALING_LOCATION ] | url_join }}"
#### Turn (Onboard)
NEXTCLOUD_TALK_TURN_ONBOARD_ENABLED: "{{ applications | get_app_conf(application_id, 'docker.services.talk.turn_server.onboard_enabled') if NEXTCLOUD_TALK_PLUGIN_ENABLED else false }}"
NEXTCLOUD_TALK_TURN_ONBOARD_SECRET: "{{ applications | get_app_conf(application_id, 'credentials.talk_turn_secret') if NEXTCLOUD_TALK_TURN_ONBOARD_ENABLED else applications | get_app_conf(NEXTCLOUD_TALK_TURN_STANDALONE_ROLE, 'credentials.auth_secret') }}"
NEXTCLOUD_TALK_TURN_ONBOARD_STUN_PORT: "{{ ports.public.stun_turn[application_id] }}"
NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_START: "{{ ports.public.relay_port_ranges[application_id ~ '_start'] }}"
NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_END: "{{ ports.public.relay_port_ranges[application_id ~ '_end' ] }}"
NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_RANGE: "{{ NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_START }}-{{ NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_END }}"
#### Stun
NEXTCLOUD_TALK_STUN_PORT: "{{ ports.public.stun_turn[application_id] if NEXTCLOUD_TALK_TURN_ONBOARD_ENABLED else ports.public.stun_turn[NEXTCLOUD_TALK_TURN_STANDALONE_ROLE] }}"
#### Coturn (Standalone)
NEXTCLOUD_TALK_TURN_STANDALONE_ROLE: 'web-svc-coturn'
NEXTCLOUD_TALK_TURN_STANDALONE_ENABLED: "{{ applications | get_app_conf(application_id, 'docker.services.talk.turn_server.standalone_enabled') if NEXTCLOUD_TALK_PLUGIN_ENABLED else false }}"
### Whiteboard
NEXTCLOUD_WHITEBOARD_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.whiteboard.name') }}"

View File

@@ -20,7 +20,7 @@ plugin_configuration:
configvalue: "{{ [
{
'server': NEXTCLOUD_TALK_DOMAIN ~ ':' ~ NEXTCLOUD_TALK_STUN_PORT ~ '?transport=udp',
'secret': NEXTCLOUD_TALK_TURN_SECRET,
'secret': NEXTCLOUD_TALK_TURN_ONBOARD_SECRET,
'ttl': 86400,
'protocols': 'udp,tcp'
}