rnsrk/open-productive-stack
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add nextcloud

Browse source
This commit is contained in:
rnsrk 2026-03-30 12:22:16 +02:00
parent 36a84a9da4
commit 4f62c7ba5b
2 changed files with 12 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
override/nextcloud.example.env
View file

@ -13,3 +13,11 @@ ONLYOFFICE_JWT_SECRET=
COLLABORA_DOMAIN= COLLABORA_DOMAIN=
COLLABORA_USERNAME=admin COLLABORA_USERNAME=admin
COLLABORA_PASSWORD= COLLABORA_PASSWORD=
# Nextcloud Talk High Performance Backend (HPB)
# Subdomain for the signaling server (e.g. signal.yourdomain.tld)
TALK_DOMAIN=
# Generate each secret with: openssl rand -hex 32
TALK_TURN_SECRET=
TALK_SIGNALING_SECRET=
TALK_INTERNAL_SECRET=

4
scripts/secure-ssh-vpn.sh
View file

@ -64,6 +64,10 @@ run ufw allow 443/tcp comment 'HTTPS (Traefik)'
run ufw allow 2424/tcp comment 'GitLab SSH (Traefik)' run ufw allow 2424/tcp comment 'GitLab SSH (Traefik)'
run ufw allow "$WG_UDP_PORT/udp" comment 'WireGuard VPN' run ufw allow "$WG_UDP_PORT/udp" comment 'WireGuard VPN'
# ── Nextcloud Talk HPB (STUN/TURN) ────────────────────────────────────────
run ufw allow 3478/tcp comment 'Nextcloud Talk STUN/TURN (TCP)'
run ufw allow 3478/udp comment 'Nextcloud Talk STUN/TURN (UDP)'
# ── SSH — VPN clients only ──────────────────────────────────────────────── # ── SSH — VPN clients only ────────────────────────────────────────────────
# Deny rule is added first (gets higher rule number), then the VPN allow is # Deny rule is added first (gets higher rule number), then the VPN allow is
# inserted at position 1 so it always takes priority over the deny. # inserted at position 1 so it always takes priority over the deny.