mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-10-31 02:10:05 +00:00
Kevin Veen-Birkenbach
0d99c7f297
- Change Talk (HPB) network_mode from host → bridge and drop TURN relay range mapping - Remove obsolete nginx restart handler; rely on 'docker compose up' notify - Fix spreed task condition to use HPB standalone flag - docker-compose.yml.j2: parameterize service names, use NEXTCLOUD_*_SERVICE vars, align host-gateway condition with HPB, tidy ports/expose/network blocks - env.j2/nginx configs: rename TALK_* → HPB_* variables and locations; use templated NEXTCLOUD_SERVICE for php upstream - vars: introduce entity_name; centralize *SERVICE keys; rename all Talk vars to HPB; adjust whiteboard keys; compute URLs/JSON configs accordingly - spreed plugin vars: point to HPB signaling/STUN/TURN and internal secret Ref: https://chatgpt.com/share/68db9f41-16ec-800f-9cdf-7530862f89aa
317 lines
16 KiB
YAML
317 lines
16 KiB
YAML
version: "production" # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/
|
|
server:
|
|
csp:
|
|
flags:
|
|
style-src:
|
|
unsafe-inline: true
|
|
script-src-elem:
|
|
unsafe-inline: true
|
|
script-src:
|
|
unsafe-eval: true
|
|
whitelist:
|
|
font-src:
|
|
- "data:"
|
|
connect-src:
|
|
- "{{ WEBSOCKET_PROTOCOL }}://collabora.{{ PRIMARY_DOMAIN }}"
|
|
- "{{ WEBSOCKET_PROTOCOL }}://cloud.{{ PRIMARY_DOMAIN }}"
|
|
- "{{ WEB_PROTOCOL }}://collabora.{{ PRIMARY_DOMAIN }}"
|
|
- "{{ WEB_PROTOCOL }}://cloud.{{ PRIMARY_DOMAIN }}"
|
|
frame-src:
|
|
- "{{ WEBSOCKET_PROTOCOL }}://collabora.{{ PRIMARY_DOMAIN }}"
|
|
- "{{ WEB_PROTOCOL }}://collabora.{{ PRIMARY_DOMAIN }}"
|
|
worker-src:
|
|
- "blob:"
|
|
domains:
|
|
canonical:
|
|
- "cloud.{{ PRIMARY_DOMAIN }}"
|
|
aliases: []
|
|
docker:
|
|
volumes:
|
|
data: nextcloud_data
|
|
services:
|
|
redis:
|
|
enabled: true
|
|
cpus: "0.25"
|
|
mem_reservation: "64m"
|
|
mem_limit: "256m"
|
|
pids_limit: 256
|
|
database:
|
|
enabled: true
|
|
cpus: "0.75"
|
|
mem_reservation: "512m"
|
|
mem_limit: "1.5g"
|
|
pids_limit: 512
|
|
nextcloud:
|
|
name: "nextcloud"
|
|
image: "nextcloud"
|
|
version: "production-fpm-alpine"
|
|
backup:
|
|
no_stop_required: true
|
|
cpus: "2.0"
|
|
mem_reservation: "2g"
|
|
mem_limit: "3g"
|
|
pids_limit: 512
|
|
proxy:
|
|
name: "nextcloud-proxy"
|
|
image: "nginx"
|
|
version: "alpine"
|
|
backup:
|
|
no_stop_required: true
|
|
cpus: "0.5"
|
|
mem_reservation: "64m"
|
|
mem_limit: "256m"
|
|
pids_limit: 512
|
|
cron:
|
|
name: "nextcloud-cron"
|
|
cpus: "0.25"
|
|
mem_reservation: "128m"
|
|
mem_limit: "512m"
|
|
pids_limit: 256
|
|
talk:
|
|
name: "nextcloud-talk"
|
|
image: "nextcloud/aio-talk"
|
|
version: "latest"
|
|
backup:
|
|
no_stop_required: false
|
|
turn_server:
|
|
onboard_enabled: true
|
|
standalone_enabled: false
|
|
network_mode: bridge
|
|
cpus: "1.0"
|
|
mem_reservation: "256m"
|
|
mem_limit: "1g"
|
|
pids_limit: 512
|
|
whiteboard:
|
|
name: "nextcloud-whiteboard"
|
|
image: "ghcr.io/nextcloud-releases/whiteboard"
|
|
version: "latest"
|
|
backup:
|
|
no_stop_required: true
|
|
cpus: "0.25"
|
|
mem_reservation: "128m"
|
|
mem_limit: "512m"
|
|
pids_limit: 256
|
|
enabled: "{{ applications | get_app_conf('web-app-nextcloud', 'features.oidc', False) }}" # Activate OIDC for Nextcloud
|
|
# floavor decides which OICD plugin should be used.
|
|
# Available options: oidc_login, sociallogin
|
|
# @see https://apps.nextcloud.com/apps/oidc_login
|
|
# @see https://apps.nextcloud.com/apps/sociallogin
|
|
flavor: "oidc_login" # Keeping on sociallogin because the other option is not implemented yet
|
|
features:
|
|
matomo: true
|
|
css: false
|
|
desktop: true
|
|
ldap: true
|
|
oidc: true
|
|
central_database: true
|
|
logout: true
|
|
default_quota: '1000000000' # Quota to assign if no quota is specified in the OIDC response (bytes)
|
|
legacy_login_mask:
|
|
enabled: False # If true, then legacy login mask is shown. Otherwise just SSO
|
|
|
|
performance:
|
|
php:
|
|
memory_limit: "{{ ((ansible_memtotal_mb | int) / 30)|int }}M" # Dynamic set memory limit
|
|
upload_limit: "5G" # Set upload limit to 5GB for big media files
|
|
opcache_memory_consumption: "{{ ((ansible_memtotal_mb | int) / 30)|int }}M" # Dynamic set memory consumption
|
|
|
|
plugins_enabled: true # Implemented for speeding up testing and debugging process. For productive environments keep it true and steer the apps via the plugins config
|
|
oidc:
|
|
flavor: "{{ _applications_nextcloud_oidc_flavor }}"
|
|
plugins:
|
|
# List for Nextcloud Plugin Routine
|
|
# Decides if plugins should be activated or deactivated
|
|
appointments:
|
|
# Nextcloud appointments: handles scheduling and appointment management (https://apps.nextcloud.com/apps/appointments)
|
|
enabled: true
|
|
bbb:
|
|
# Nextcloud BigBlueButton integration: enables video conferencing using BigBlueButton (https://apps.nextcloud.com/apps/bbb)
|
|
enabled: "{{ 'web-app-bigbluebutton' in group_names | lower }}"
|
|
#- bookmarks
|
|
# # Nextcloud Bookmarks: manage and share your bookmarks easily (https://apps.nextcloud.com/apps/bookmarks)
|
|
# enabled: false
|
|
calendar:
|
|
# Nextcloud calendar: manages calendar events and scheduling (https://apps.nextcloud.com/apps/calendar)
|
|
enabled: true
|
|
cfg_share_links:
|
|
# Nextcloud share links configuration: customizes sharing settings and link options (https://apps.nextcloud.com/apps/cfg_share_links)
|
|
enabled: true
|
|
collectives:
|
|
# Nextcloud collectives: supports collaborative group management and sharing (https://apps.nextcloud.com/apps/collectives)
|
|
enabled: true
|
|
contacts:
|
|
# Nextcloud contacts: manages address book and contact information (https://apps.nextcloud.com/apps/contacts)
|
|
enabled: true
|
|
cospend:
|
|
# Nextcloud cospend: manages shared expenses and spending tracking (https://apps.nextcloud.com/apps/cospend)
|
|
enabled: true
|
|
deck:
|
|
# Nextcloud Deck: organizes tasks and projects using Kanban boards (https://apps.nextcloud.com/apps/deck)
|
|
# When Taiga is activated, this plugin is deactivated, because Taiga is the prefered application.
|
|
enabled: "{{ 'web-app-taiga' not in group_names | lower }}"
|
|
drawio:
|
|
# Nextcloud draw.io: integrates diagram creation and editing tools (https://apps.nextcloud.com/apps/drawio)
|
|
enabled: true
|
|
duplicatefinder:
|
|
# Nextcloud duplicate finder: scans and identifies duplicate files (https://apps.nextcloud.com/apps/duplicatefinder)
|
|
enabled: true
|
|
emlviewer:
|
|
# Nextcloud EML Viewer: previews and manages EML email files (https://apps.nextcloud.com/apps/emlviewer)
|
|
enabled: true
|
|
event_update_notification:
|
|
# Nextcloud event update notification: sends alerts when events are updated (https://apps.nextcloud.com/apps/event_update_notification)
|
|
enabled: true
|
|
epubviewer:
|
|
# Nextcloud EPUB Viewer: enables reading and previewing EPUB e-books (https://apps.nextcloud.com/apps/epubviewer)
|
|
enabled: true
|
|
external:
|
|
# Nextcloud External: Adds links to external services (https://apps.nextcloud.com/apps/external)
|
|
enabled: true
|
|
#files_accesscontrol
|
|
# # Nextcloud Files Access Control: restricts file access based on defined rules (https://apps.nextcloud.com/apps/files_accesscontrol)
|
|
# enabled: false
|
|
#files_archive
|
|
# # Nextcloud Files Archive: compresses and archives files for efficient storage (https://apps.nextcloud.com/apps/files_archive)
|
|
# enabled: false
|
|
#files_automatedtagging
|
|
# # Nextcloud Files Automated Tagging: automatically tags files to improve organization (https://apps.nextcloud.com/apps/files_automatedtagging)
|
|
# enabled: false
|
|
files_bpm:
|
|
# Nextcloud Files BPM: integrates business process management for file workflows (https://apps.nextcloud.com/apps/files_bpm)
|
|
enabled: true
|
|
files_downloadactivity:
|
|
# Nextcloud Files Download Activity: tracks and logs file download events (https://apps.nextcloud.com/apps/files_downloadactivity)
|
|
enabled: true
|
|
files_linkeditor:
|
|
# Nextcloud files link editor: allows customization of shared file links (https://apps.nextcloud.com/apps/files_linkeditor)
|
|
enabled: true
|
|
files_mindmap:
|
|
# Nextcloud Files Mindmap: visualizes file relationships as mind maps (https://apps.nextcloud.com/apps/files_mindmap)
|
|
enabled: true
|
|
files_texteditor:
|
|
# Nextcloud Files Text Editor: provides an online editor for text files (https://apps.nextcloud.com/apps/files_texteditor)
|
|
# Not available for Nextcloud < 27
|
|
enabled: false
|
|
fileslibreofficeedit:
|
|
# Nextcloud LibreOffice integration: allows online editing of documents with LibreOffice (https://apps.nextcloud.com/apps/fileslibreofficeedit)
|
|
enabled: "{{ not (applications | get_app_conf('web-app-nextcloud', 'plugins.richdocuments.enabled', False, True)) }}"
|
|
forms:
|
|
# Nextcloud forms: facilitates creation of forms and surveys (https://apps.nextcloud.com/apps/forms)
|
|
enabled: true
|
|
gestion:
|
|
# Nextcloud Gestion: manages administrative tasks and workflows (https://apps.nextcloud.com/apps/gestion)
|
|
enabled: true
|
|
groupfolders:
|
|
# Nextcloud Group Folders: centralizes shared folders for group collaboration (https://apps.nextcloud.com/apps/groupfolders)
|
|
enabled: true
|
|
gpxpod:
|
|
# Nextcloud GPX pod: visualizes GPS tracks and GPX data (https://apps.nextcloud.com/apps/gpxpod)
|
|
enabled: true
|
|
integration_discourse:
|
|
# Nextcloud Integration Discourse: connects Nextcloud with Discourse forums (https://apps.nextcloud.com/apps/integration_discourse)
|
|
enabled: false
|
|
integration_gitlab:
|
|
# Nextcloud Integration GitLab: connects Nextcloud with GitLab repositories (https://apps.nextcloud.com/apps/integration_gitlab)
|
|
enabled: "{{ 'web-app-gitlab' in group_names | lower }}"
|
|
integration_github:
|
|
# Nextcloud Integration GitHub: integrates GitHub repositories with Nextcloud (https://apps.nextcloud.com/apps/integration_github)
|
|
enabled: false
|
|
integration_google:
|
|
# Nextcloud Integration Google: connects Google services with Nextcloud (https://apps.nextcloud.com/apps/integration_google)
|
|
enabled: true
|
|
integration_mastodon:
|
|
# Nextcloud Integration Mastodon: connects Nextcloud with the Mastodon social network (https://apps.nextcloud.com/apps/integration_mastodon)
|
|
enabled: "{{ 'web-app-mastodon' in group_names | lower }}"
|
|
integration_openai:
|
|
# Nextcloud Integration OpenAI: brings OpenAI functionalities into Nextcloud (https://apps.nextcloud.com/apps/integration_openai)
|
|
enabled: false
|
|
integration_openproject:
|
|
# Nextcloud Integration OpenProject: integrates project management features from OpenProject (https://apps.nextcloud.com/apps/integration_openproject)
|
|
enabled: "{{ 'web-app-openproject' in group_names | lower }}"
|
|
integration_peertube:
|
|
# Nextcloud Integration PeerTube: connects to PeerTube for video sharing (https://apps.nextcloud.com/apps/integration_peertube)
|
|
enabled: "{{ 'web-app-peertube' in group_names | lower }}"
|
|
#keeweb
|
|
# # Nextcloud KeeWeb: integrates the KeeWeb password manager within Nextcloud (https://apps.nextcloud.com/apps/keeweb)
|
|
# # This isn't maintained anymore. The alternatives don't support keepass files
|
|
# enabled: false
|
|
keeporsweep:
|
|
# Nextcloud keep or sweep: helps manage and clean up files and data (https://apps.nextcloud.com/apps/keeporsweep)
|
|
# Deactivated because installation isn't possible anymore
|
|
enabled: false
|
|
mail:
|
|
# Nextcloud mail: integrated email client for managing mail accounts (https://apps.nextcloud.com/apps/mail)
|
|
enabled: true
|
|
maps:
|
|
# Nextcloud maps: provides mapping and location services integration (https://apps.nextcloud.com/apps/maps)
|
|
enabled: true
|
|
metadata:
|
|
# Nextcloud Metadata: manages and displays file metadata for enhanced organization (https://apps.nextcloud.com/apps/metadata)
|
|
enabled: true
|
|
news:
|
|
# Nextcloud News: aggregates and displays news feeds directly in Nextcloud (https://apps.nextcloud.com/apps/news)
|
|
enabled: true
|
|
oidc_login:
|
|
# Nextcloud User OIDC: integrates OpenID Connect for user authentication (https://apps.nextcloud.com/apps/oidc_login)
|
|
enabled: "{{ _applications_nextcloud_oidc_flavor=='oidc_login' | lower }}"
|
|
incompatible_plugins:
|
|
- user_oidc # Will be disabled
|
|
- sociallogin # Will be disabled
|
|
phonetrack:
|
|
# Nextcloud phone track: tracks and monitors mobile device usage (https://apps.nextcloud.com/apps/phonetrack)
|
|
enabled: true
|
|
polls:
|
|
# Nextcloud polls: facilitates creation and management of user polls (https://apps.nextcloud.com/apps/polls)
|
|
enabled: true
|
|
quota_warning:
|
|
# Nextcloud quota warning: notifies users when storage limits are reached (https://apps.nextcloud.com/apps/quota_warning)
|
|
enabled: true
|
|
recognize:
|
|
# Nextcloud recognize: performs image recognition tasks (https://apps.nextcloud.com/apps/recognize)
|
|
enabled: false # Deactivated because it let to bugs
|
|
richdocuments:
|
|
# Nextcloud Rich Documents: provides collaborative document editing capabilities (https://apps.nextcloud.com/apps/richdocuments)
|
|
enabled: true # @todo To set it default to true activate https://hub.docker.com/r/collabora/code before
|
|
sociallogin:
|
|
# Nextcloud social login: allows authentication using social networks (https://apps.nextcloud.com/apps/sociallogin)
|
|
enabled: "{{ _applications_nextcloud_oidc_flavor=='sociallogin' | lower }}"
|
|
incompatible_plugins:
|
|
- user_oidc # Will be disabled
|
|
- oidc_login # Will be disabled
|
|
spreed:
|
|
# Nextcloud Spreed: offers video conferencing and chat functionalities (https://apps.nextcloud.com/apps/spreed)
|
|
enabled: true
|
|
tables:
|
|
# Nextcloud tables: allows creation and editing of tables within the interface (https://apps.nextcloud.com/apps/tables)
|
|
enabled: true
|
|
tasks:
|
|
# Nextcloud tasks: manages personal or group tasks and to-do lists (https://apps.nextcloud.com/apps/tasks)
|
|
enabled: true
|
|
#terms_of_service
|
|
# # Nextcloud Terms of Service: manages user acceptance of terms and conditions (https://apps.nextcloud.com/apps/terms_of_service)
|
|
# enabled: false
|
|
twofactor_nextcloud_notification:
|
|
# Nextcloud two-factor notification: sends notifications for two-factor authentication events (https://apps.nextcloud.com/apps/twofactor_nextcloud_notification)
|
|
enabled: "{{ not applications | get_app_conf('web-app-nextcloud', 'features.oidc', False, True) }}" # Deactivate 2FA if oidc is active
|
|
twofactor_totp:
|
|
# Nextcloud two-factor TOTP: provides time-based one-time password authentication (https://apps.nextcloud.com/apps/twofactor_totp)
|
|
enabled: "{{ not applications | get_app_conf('web-app-nextcloud', 'features.oidc', False, True) }}" # Deactivate 2FA if oidc is active
|
|
user_ldap:
|
|
# Nextcloud user LDAP: integrates LDAP for user management and authentication (https://apps.nextcloud.com/apps/user_ldap)
|
|
enabled: "{{ applications | get_app_conf('web-app-nextcloud', 'features.ldap', False, True) }}"
|
|
user_directory:
|
|
enabled: true # Enables the LDAP User Directory Search
|
|
user_oidc:
|
|
# Nextcloud User OIDC: integrates OpenID Connect for user authentication (https://apps.nextcloud.com/apps/user_oidc)
|
|
enabled: "{{ _applications_nextcloud_oidc_flavor=='user_oidc' | lower }}"
|
|
incompatible_plugins:
|
|
- oidc_login
|
|
- sociallogin
|
|
whiteboard:
|
|
# Nextcloud Whiteboard: provides a collaborative drawing and brainstorming tool (https://apps.nextcloud.com/apps/whiteboard)
|
|
enabled: true
|
|
|
|
xwiki:
|
|
# XWiki Integration: search & display XWiki content from Nextcloud
|
|
# https://apps.nextcloud.com/apps/xwiki
|
|
enabled: "{{ 'web-app-xwiki' in group_names | lower }}" |