Added Nextcloud/Collabora

Services/certbot.README

@@ -0,0 +1,3 @@
+podman pull certbot/certbot
+
+podman run -it -v /srv/containers/nginx/ssl:/etc/letsencrypt certbot certonly --manual --preferred-challenges dns -d *.[DOMAIN]

Services/certbot/certbot.container

@@ -1,9 +0,0 @@
-[Unit]
-Name=certbot
-
-[Container]
-ContainerName=certbot
-Image=certbot/certbot
-AutoUpdate=registry
-
-Volume=/srv/containers/nginx/ssl:/etc/letsencrypt

Services/gitea.container

@@ -1,18 +0,0 @@
-[Container]
-Image=gitea/gitea
-ContainerName=gitea
-Network=internal.network
-
-PublishPort=3000:3000
-PublishPort=2222:22
-
-Volume=/srv/containers/gitea:/data
-
-#Environment=USER_UID=1000
-#Environment=USER_GID=1000
-
-[Service]
-Restart=always
-
-[Install]
-WantedBy=multi-user.target

Services/gitea/app.ini

@@ -0,0 +1,78 @@
+APP_NAME = [SERVER_NAME]
+RUN_MODE = prod
+RUN_USER = git
+
+[repository]
+ROOT = /data/git/repositories
+
+[repository.local]
+LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
+
+[repository.upload]
+ENABLED = true
+TEMP_PATH = /data/gitea/uploads
+ALLOWED_TYPES =
+FILE_MAX_SIZE = 1024
+MAX_FILES = 10
+
+[server]
+APP_DATA_PATH = /data/gitea
+DOMAIN = code.[DOMAIN]
+SSH_DOMAIN = code.[DOMAIN]
+HTTP_PORT = 3000
+ROOT_URL = https://code.[DOMAIN]/
+PROTOCOL = http
+DISABLE_SSH = false
+SSH_PORT = 2222
+SSH_LISTEN_PORT = 22
+LFS_START_SERVER = true
+LFS_CONTENT_PATH = /data/git/lfs
+
+[database]
+DB_TYPE = postgres
+HOST = postgres:5432
+NAME = gitea
+USER = gitea
+PASSWD = [PASSWORD]
+SSL_MODE = disable
+LOG_SQL = false
+
+[indexer]
+ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
+
+[session]
+PROVIDER = file
+PROVIDER_CONFIG = /data/gitea/sessions
+
+[picture]
+AVATAR_UPLOAD_PATH = /data/gitea/avatars
+REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
+
+[attachment]
+PATH = /data/gitea/attachments
+ALLOWED_TYPES =
+MAX_SIZE = 1024
+MAX_FILES = 10
+
+[release.attachment]
+ALLOWED_TYPES =
+FILE_MAX_SIZE = 1024
+MAX_FILES = 10
+
+[log]
+MODE = console
+LEVEL = info
+ROOT_PATH = /data/gitea/log
+
+[security]
+INSTALL_LOCK = true
+SECRET_KEY = [SECRET_KEY]
+REVERSE_PROXY_LIMIT = 1
+REVERSE_PROXY_TRUSTED_PROXIES = *
+
+[service]
+DISABLE_REGISTRATION = false
+REQUIRE_SIGNIN_VIEW = false
+
+[lfs]
+PATH = /data/git/lfs

Services/gitea/gitea.container

@@ -0,0 +1,27 @@
+[Unit]
+Name=gitea
+
+[Container]
+ContainerName=gitea
+Image=docker.gitea.com/gitea:1.26.1
+#AutoUpdate=registry
+
+Network=internal.network
+#NetworkAlias=gitea
+
+PublishPort=3000:3000
+PublishPort=2222:22
+
+Volume=/srv/containers/gitea:/data
+Volume=/etc/timezone:/etc/timezone:ro
+Volume=/etc/localtime:/etc/localtime:ro
+
+#Environment=USER_UID=1000
+#Environment=USER_GID=1000
+
+[Service]
+TimeoutStartSec=5m
+Restart=always
+
+[Install]
+WantedBy=multi-user.target default.target

Services/gitea/gitea.nginx

@@ -0,0 +1,28 @@
+server {
+    listen 443 ssl http2;
+    server_name code.[DOMAIN];
+
+    ssl_certificate /etc/letsencrypt/live/[DOMAIN]/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/[DOMAIN]/privkey.pem;
+
+    client_max_body_size 1G;
+
+    location / {
+        proxy_pass http://gitea:3000;
+
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Host $http_host;
+        proxy_set_header X-Forwarded-Ssl on;
+
+        proxy_read_timeout 3600;
+        proxy_send_timeout 3600;
+        proxy_connect_timeout 3600;
+
+        proxy_request_buffering off;
+        proxy_buffering off;
+    }
+}

Services/nextcloud/collaboraoffice.container

@@ -0,0 +1,21 @@
+[Unit]
+Name=collaboraoffice
+
+[Container]
+ContainerName=collaboraoffice
+Image=docker.io/library/collabora/code:latest
+AutoUpdate=registry
+Network=internal.network
+
+Environment=extra_params="--o:ssl.enable=false --o:ssl.termination=true --o:net.proto=IPv4"
+Environment=server_name=[DOMAIN]
+Environment=aliasgroup1=https://[DOMAIN]
+
+PublishPort=9980:9980
+
+[Service]
+TimeoutStartSec=5m
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target default.target

Services/nextcloud/collaboraoffice.nginx

@@ -0,0 +1,43 @@
+server {
+    listen 443 ssl http2;
+    server_name office.[DOMAIN];
+
+    ssl_certificate /etc/letsencrypt/live/[DOMAIN]/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/[DOMAIN]/privkey.pem;
+
+    location ^~ /browser {
+        proxy_pass http://collaboraoffice:9980;
+        proxy_set_header Host $http_host;
+    }
+
+    location ^~ /hosting/discovery {
+        proxy_pass http://collaboraoffice:9980;
+        proxy_set_header Host $http_host;
+    }
+
+    location ^~ /hosting/capabilities {
+        proxy_pass http://collaboraoffice:9980;
+        proxy_set_header Host $http_host;
+    }
+
+    location ~ ^/cool/(.*)/ws$ {
+        proxy_pass http://collaboraoffice:9980;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+        proxy_set_header Host $http_host;
+        proxy_read_timeout 36000s;
+    }
+
+    location ~ ^/(c|l)ool {
+        proxy_pass http://collaboraoffice:9980;
+        proxy_set_header Host $http_host;
+    }
+
+    location ^~ /cool/adminws {
+        proxy_pass http://collaboraoffice:9980;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+        proxy_set_header Host $http_host;
+        proxy_read_timeout 36000s;
+    }
+}

Services/nextcloud/nextcloud.README

@@ -0,0 +1,11 @@
+### Configurazioni per SSL
+
+podman exec -it nextcloud php occ config:system:set trusted_domains 1 --value=cloud.[DOMAIN]
+podman exec -it nextcloud php occ config:system:set overwriteprotocol --value=https
+podman exec -it nextcloud php occ config:system:set overwritehost --value=cloud.[DOMAIN]
+podman exec -it nextcloud php occ config:system:set trusted_proxies 0 --value=nginx
+podman exec -it nextcloud php occ config:app:set richdocuments wopi_url --value="https://office.[DOMAIN]"
+podman exec -it nextcloud php occ config:app:set richdocuments public_wopi_url --value="https://office.[DOMAIN]"
+podman exec -it nextcloud php occ config:app:delete richdocuments wopi_discovery
+podman exec -it nextcloud php occ config:app:delete richdocuments wopi_capabilities
+

Services/nextcloud/nextcloud.container

@@ -0,0 +1,21 @@
+[Unit]
+Name=nextcloud
+
+[Container]
+ContainerName=nextcloud
+Image=docker.io/library/nextcloud:latest
+AutoUpdate=registry
+Network=internal.network
+
+PublishPort=8080:80
+
+Volume=/srv/containers/nextcloud/config:/var/www/html/config
+Volume=/srv/containers/nextcloud/custom_apps:/var/www/html/custom_apps
+Volume=/srv/containers/nextcloud/data:/var/www/html/data
+
+[Service]
+TimeoutStartSec=5m
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target default.target

Services/nextcloud/nextcloud.nginx

@@ -0,0 +1,48 @@
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name cloud.[DOMAIN];
+
+    ssl_certificate /etc/letsencrypt/live/[DOMAIN]/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/[DOMAIN]/privkey.pem;
+
+    client_max_body_size 0;
+    underscores_in_headers on;
+
+    location / {
+        proxy_pass http://nextcloud:80;
+
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Host $http_host;
+        proxy_set_header X-Forwarded-Ssl on;
+
+        proxy_redirect off;
+        proxy_buffering off;
+        proxy_request_buffering off;
+        proxy_max_temp_file_size 0;
+
+        proxy_read_timeout 3600;
+        proxy_send_timeout 3600;
+    }
+
+    location = /.well-known/carddav {
+        return 301 https://$http_host/remote.php/dav;
+    }
+
+    location = /.well-known/caldav {
+        return 301 https://$http_host/remote.php/dav;
+    }
+
+    location = /.well-known/webfinger {
+        return 301 https://$http_host/index.php/.well-known/webfinger;
+    }
+
+    location = /.well-known/nodeinfo {
+        return 301 https://$http_host/index.php/.well-known/nodeinfo;
+    }
+}