Created
February 3, 2024 02:41
-
-
Save macthecadillac/d9ad368b77e2fb0097b0b76a38905dd0 to your computer and use it in GitHub Desktop.
Nextcloud + Syncthing + rootless Podman & systemd integration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
systemd_tasks() { | |
podman generate systemd --new --name $1 > ~/.config/systemd/user/$1.service | |
podman container stop $1 | |
systemctl --user daemon-reload | |
systemctl --user --now enable $1.service | |
} | |
mkdir -p ~/.config/systemd/user | |
mkdir -p ~/.local/share/nextcloud-pod/mariadb | |
mkdir -p ~/.local/share/nextcloud-pod/nextcloud | |
mkdir ~/data | |
mkdir ~/shared | |
podman unshare chmod -R 755 ~/shared | |
podman unshare chown -R 33:33 ~/shared ~/data ~/.local/share/nextcloud-pod/* | |
podman pod create \ | |
--hostname example.com \ | |
--name nextcloud-server | |
sleep 0.5 | |
podman network create nextcloud-net | |
sleep 0.5 | |
podman run \ | |
--detach \ | |
--pod nextcloud-server \ | |
--name mariadb \ | |
--label io.containers.autoupdate=registry \ | |
--label PODMAN_SYSTEMD_UNIT=mariadb.service \ | |
--network nextcloud-net \ | |
--env MYSQL_DATABASE=nextcloud \ | |
--env MYSQL_USER=nextcloud \ | |
--env MYSQL_PASSWORD="MYSQL_PASSWORD" \ | |
--env MYSQL_ROOT_PASSWORD="MYSQL_ROOT_PASSWORD" \ | |
--env TZ="US/Pacific" \ | |
--volume ~/.local/share/nextcloud-pod/mariadb:/var/lib/mysql:Z \ | |
docker.io/library/mariadb:latest | |
sleep 1 | |
systemd_tasks "mariadb" | |
podman run \ | |
--detach \ | |
--pod nextcloud-server \ | |
--name redis \ | |
--label io.containers.autoupdate=registry \ | |
--label PODMAN_SYSTEMD_UNIT=redis.service \ | |
--network nextcloud-net \ | |
--env TZ="US/Pacific" \ | |
docker.io/library/redis:alpine \ | |
redis-server --requirepass "REDIS_PASSWORD" --save "" --appendonly no | |
sleep 1 | |
systemd_tasks "redis" | |
podman run \ | |
--detach \ | |
--pod nextcloud-server \ | |
--name imaginary \ | |
--cap-add SYS_NICE \ | |
--label io.containers.autoupdate=registry \ | |
--label PODMAN_SYSTEMD_UNIT=imaginary.service \ | |
--network nextcloud-net \ | |
--env TZ="US/Pacific" \ | |
--env MALLOC_ARENA_MAX=2 \ | |
docker.io/h2non/imaginary:latest | |
sleep 1 | |
systemd_tasks "imaginary" | |
podman run \ | |
--detach \ | |
--pod nextcloud-server \ | |
--name nextcloud \ | |
--label io.containers.autoupdate=registry \ | |
--label PODMAN_SYSTEMD_UNIT=nextcloud.service \ | |
--network nextcloud-net \ | |
--publish 40000:80 \ | |
--env NEXTCLOUD_TRUSTED_DOMAINS="" \ | |
--env NEXTCLOUD_TRUSTED_PROXIES="myproxy" \ | |
--env OVERWRITEWEBROOT=/nextcloud \ | |
--env OVERWRITEPROTOCOL="https" \ | |
--env OVERWRITEHOST="example.com" \ | |
--env MYSQL_HOST=mariadb.dns.podman \ | |
--env MYSQL_DATABASE=nextcloud \ | |
--env MYSQL_USER=nextcloud \ | |
--env MYSQL_PASSWORD="MYSQL_PASSWORD" \ | |
--env REDIS_HOST=redis.dns.podman \ | |
--env REDIS_HOST_PASSWORD="REDIS_PASSWORD" \ | |
--env IMAGINARY_ENABLED=1 \ | |
--env IMAGINARY_HOST=imaginary.dns.podman \ | |
--env PHP_MEMORY_LIMIT=1024M \ | |
--env PHP_UPLOAD_LIMIT=32G \ | |
--env TZ="US/Pacific" \ | |
--volume ~/.local/share/nextcloud-pod/nextcloud:/var/www/html:z \ | |
--volume ~/data:/var/www/html/data:z \ | |
--volume ~/shared:/shared:z \ | |
--device /dev/dri/renderD128:/dev/dri/renderD128 \ | |
--annotation run.oci.keep_original_groups=1 \ | |
--group-add=997 \ | |
--entrypoint /bin/bash \ | |
docker.io/library/nextcloud:latest \ | |
-c " | |
sed -i 's/Components: main$/Components: main contrib non-free non-free-firmware/g' /etc/apt/sources.list.d/debian.sources && | |
apt-get update && | |
apt-get install -y --no-install-recommends ffmpeg i965-va-driver-shaders libbz2-dev && | |
docker-php-ext-install bz2 && | |
/entrypoint.sh apache2-foreground" | |
sleep 1 | |
systemd_tasks "nextcloud" | |
echo '[Unit] | |
Description=Nextcloud cron.php job | |
[Service] | |
ExecCondition=podman container exec -u 33 nextcloud php -f /var/www/html/occ status -e | |
ExecStart=podman container exec -u 33 nextcloud php -f /var/www/html/cron.php | |
KillMode=process' > ~/.config/systemd/user/nextcloud-cron.service | |
echo '[Unit] | |
Description=Run Nextcloud cron.php every 5 minutes | |
[Timer] | |
OnBootSec=5min | |
OnUnitActiveSec=5min | |
Unit=nextcloud-cron.service | |
[Install] | |
WantedBy=timers.target' > ~/.config/systemd/user/nextcloud-cron.timer | |
systemctl --user daemon-reload | |
systemctl --user --now enable nextcloud-cron.timer | |
syncthing() { | |
mkdir -p ~/.config/syncthing-podman/$1 | |
podman run \ | |
--detach \ | |
--name $1-syncthing \ | |
--user 33 \ | |
--env TZ="US/Pacific" \ | |
--env HOSTNAME=backup-server \ | |
--label io.containers.autoupdate=registry \ | |
--label PODMAN_SYSTEMD_UNIT=$1-syncthing.service \ | |
--volume ~/.config/syncthing-podman/$1:/var/syncthing:z \ | |
--volume ~/shared/$1:/var/syncthing/files \ | |
--publish $(expr 22000 + $2):22000 \ | |
--publish $(expr 21027 + $2):21027/UDP \ | |
--publish $(expr 8384 + $2):8384 \ | |
docker.io/syncthing/syncthing:latest | |
podman generate systemd --new --name $1-syncthing > ~/.config/systemd/user/$1-syncthing.service | |
podman container stop $1-syncthing | |
systemctl --user daemon-reload | |
systemctl --user enable --now $1-syncthing.service | |
} | |
syncthing "user1" 0 | |
syncthing "user2" 1 | |
systemctl --user enable podman-auto-update.timer |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment