add nextcloud

nextcloud/docker-compose.yml

@@ -21,11 +21,15 @@ services:
       - REDIS_HOST=nextcloud-redis
       - TRUSTED_PROXIES=172.22.0.0/16 172.19.0.0/16
       - COLLABORA_DOMAIN=${COLLABORA_DOMAIN}
+      - TALK_DOMAIN=${TALK_DOMAIN}
+      - TALK_TURN_SECRET=${TALK_TURN_SECRET}
+      - TALK_SIGNALING_SECRET=${TALK_SIGNALING_SECRET}
     labels:
       - "traefik.enable=false"
     volumes:
       - nextcloud-data:/var/www/html
       - ./hooks/post-installation:/docker-entrypoint-hooks.d/post-installation
+      - ./php/opcache.ini:/usr/local/etc/php/conf.d/opcache-recommended.ini:ro
     expose:
       - 80
       - 9000
@@ -94,6 +98,35 @@ services:
     security_opt:
       - apparmor:unconfined
 
+  nc-talk:
+    container_name: nc-talk
+    image: ghcr.io/nextcloud-releases/aio-talk:latest
+    init: true
+    ports:
+      - "3478:3478/tcp"
+      - "3478:3478/udp"
+    environment:
+      - NC_DOMAIN=${NEXTCLOUD_DOMAIN}
+      - TALK_HOST=${TALK_DOMAIN}
+      - TURN_SECRET=${TALK_TURN_SECRET}
+      - SIGNALING_SECRET=${TALK_SIGNALING_SECRET}
+      - INTERNAL_SECRET=${TALK_INTERNAL_SECRET}
+      - TZ=${TZ:-Europe/Berlin}
+      - TALK_PORT=3478
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=traefik"
+      - "traefik.http.routers.nc-talk.rule=Host(`${TALK_DOMAIN}`)"
+      - "traefik.http.routers.nc-talk.entrypoints=websecure"
+      - "traefik.http.routers.nc-talk.middlewares=https-redirect"
+      - "traefik.http.routers.nc-talk.tls=true"
+      - "traefik.http.routers.nc-talk.tls.certresolver=le"
+      - "traefik.http.services.nc-talk.loadbalancer.server.port=8081"
+    networks:
+      - nextcloud
+      - traefik
+    restart: unless-stopped
+
 volumes:
   nextcloud-data:
     name: nextcloud-data

nextcloud/hooks/post-installation/install-talk.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+set -e
+
+echo "Installing Nextcloud Talk app..."
+php /var/www/html/occ app:install spreed
+echo "Nextcloud Talk installed successfully!"
+
+echo "Enabling Nextcloud Talk..."
+php /var/www/html/occ app:enable spreed
+echo "Nextcloud Talk enabled successfully!"
+
+echo "Configuring Nextcloud Talk HPB..."
+
+if [ -z "${TALK_DOMAIN}" ]; then
+    echo "Warning: TALK_DOMAIN not set, skipping Talk HPB configuration."
+    exit 0
+fi
+
+# STUN server
+php /var/www/html/occ --no-warnings talk:stun:add "${TALK_DOMAIN}:3478"
+
+# TURN server
+if [ -n "${TALK_TURN_SECRET}" ]; then
+    php /var/www/html/occ --no-warnings talk:turn:add turn "${TALK_DOMAIN}:3478" udp,tcp --secret="${TALK_TURN_SECRET}"
+else
+    echo "Warning: TALK_TURN_SECRET not set, skipping TURN configuration."
+fi
+
+# High Performance Backend (signaling server)
+if [ -n "${TALK_SIGNALING_SECRET}" ]; then
+    php /var/www/html/occ --no-warnings talk:signaling:add "https://${TALK_DOMAIN}" "${TALK_SIGNALING_SECRET}"
+else
+    echo "Warning: TALK_SIGNALING_SECRET not set, skipping HPB signaling configuration."
+fi
+
+echo "Nextcloud Talk configuration completed!"
+echo "STUN/TURN/HPB configured for: ${TALK_DOMAIN}"

nextcloud/php/opcache.ini

@@ -0,0 +1,6 @@
+opcache.enable=1
+opcache.interned_strings_buffer=16
+opcache.max_accelerated_files=10000
+opcache.memory_consumption=256
+opcache.save_comments=1
+opcache.revalidate_freq=60