From 36a84a9da4e7a6df429623ae56a410293bca32bc Mon Sep 17 00:00:00 2001 From: rnsrk Date: Mon, 30 Mar 2026 12:21:33 +0200 Subject: [PATCH] add nextcloud --- nextcloud/docker-compose.yml | 33 +++++++++++++++++ .../hooks/post-installation/install-talk.sh | 37 +++++++++++++++++++ nextcloud/php/opcache.ini | 6 +++ 3 files changed, 76 insertions(+) create mode 100755 nextcloud/hooks/post-installation/install-talk.sh create mode 100644 nextcloud/php/opcache.ini diff --git a/nextcloud/docker-compose.yml b/nextcloud/docker-compose.yml index af7acf5..dfacf7a 100644 --- a/nextcloud/docker-compose.yml +++ b/nextcloud/docker-compose.yml @@ -21,11 +21,15 @@ services: - REDIS_HOST=nextcloud-redis - TRUSTED_PROXIES=172.22.0.0/16 172.19.0.0/16 - COLLABORA_DOMAIN=${COLLABORA_DOMAIN} + - TALK_DOMAIN=${TALK_DOMAIN} + - TALK_TURN_SECRET=${TALK_TURN_SECRET} + - TALK_SIGNALING_SECRET=${TALK_SIGNALING_SECRET} labels: - "traefik.enable=false" volumes: - nextcloud-data:/var/www/html - ./hooks/post-installation:/docker-entrypoint-hooks.d/post-installation + - ./php/opcache.ini:/usr/local/etc/php/conf.d/opcache-recommended.ini:ro expose: - 80 - 9000 @@ -94,6 +98,35 @@ services: security_opt: - apparmor:unconfined + nc-talk: + container_name: nc-talk + image: ghcr.io/nextcloud-releases/aio-talk:latest + init: true + ports: + - "3478:3478/tcp" + - "3478:3478/udp" + environment: + - NC_DOMAIN=${NEXTCLOUD_DOMAIN} + - TALK_HOST=${TALK_DOMAIN} + - TURN_SECRET=${TALK_TURN_SECRET} + - SIGNALING_SECRET=${TALK_SIGNALING_SECRET} + - INTERNAL_SECRET=${TALK_INTERNAL_SECRET} + - TZ=${TZ:-Europe/Berlin} + - TALK_PORT=3478 + labels: + - "traefik.enable=true" + - "traefik.docker.network=traefik" + - "traefik.http.routers.nc-talk.rule=Host(`${TALK_DOMAIN}`)" + - "traefik.http.routers.nc-talk.entrypoints=websecure" + - "traefik.http.routers.nc-talk.middlewares=https-redirect" + - "traefik.http.routers.nc-talk.tls=true" + - "traefik.http.routers.nc-talk.tls.certresolver=le" + - "traefik.http.services.nc-talk.loadbalancer.server.port=8081" + networks: + - nextcloud + - traefik + restart: unless-stopped + volumes: nextcloud-data: name: nextcloud-data diff --git a/nextcloud/hooks/post-installation/install-talk.sh b/nextcloud/hooks/post-installation/install-talk.sh new file mode 100755 index 0000000..9d560ec --- /dev/null +++ b/nextcloud/hooks/post-installation/install-talk.sh @@ -0,0 +1,37 @@ +#!/bin/bash +set -e + +echo "Installing Nextcloud Talk app..." +php /var/www/html/occ app:install spreed +echo "Nextcloud Talk installed successfully!" + +echo "Enabling Nextcloud Talk..." +php /var/www/html/occ app:enable spreed +echo "Nextcloud Talk enabled successfully!" + +echo "Configuring Nextcloud Talk HPB..." + +if [ -z "${TALK_DOMAIN}" ]; then + echo "Warning: TALK_DOMAIN not set, skipping Talk HPB configuration." + exit 0 +fi + +# STUN server +php /var/www/html/occ --no-warnings talk:stun:add "${TALK_DOMAIN}:3478" + +# TURN server +if [ -n "${TALK_TURN_SECRET}" ]; then + php /var/www/html/occ --no-warnings talk:turn:add turn "${TALK_DOMAIN}:3478" udp,tcp --secret="${TALK_TURN_SECRET}" +else + echo "Warning: TALK_TURN_SECRET not set, skipping TURN configuration." +fi + +# High Performance Backend (signaling server) +if [ -n "${TALK_SIGNALING_SECRET}" ]; then + php /var/www/html/occ --no-warnings talk:signaling:add "https://${TALK_DOMAIN}" "${TALK_SIGNALING_SECRET}" +else + echo "Warning: TALK_SIGNALING_SECRET not set, skipping HPB signaling configuration." +fi + +echo "Nextcloud Talk configuration completed!" +echo "STUN/TURN/HPB configured for: ${TALK_DOMAIN}" diff --git a/nextcloud/php/opcache.ini b/nextcloud/php/opcache.ini new file mode 100644 index 0000000..180f534 --- /dev/null +++ b/nextcloud/php/opcache.ini @@ -0,0 +1,6 @@ +opcache.enable=1 +opcache.interned_strings_buffer=16 +opcache.max_accelerated_files=10000 +opcache.memory_consumption=256 +opcache.save_comments=1 +opcache.revalidate_freq=60