Feat: unix socketifying and disabling ports as much as possible

nextcloud/env.example

@@ -2,7 +2,5 @@ MARIADB_ROOT_PASSWORD=
 MARIADB_PASSWORD=
 MARIADB_DATABASE=nextcloud
 MARIADB_USER=nextcloud
-PUID=1000
-PGID=1000
 TZ=Asia/Kolkata
 EXTERNAL_DIR=/media/vault/nextcloud

nextcloud/nextcloud-cron.service

@@ -4,4 +4,4 @@ After=default.target
 
 [Service]
 Type=oneshot
-ExecStart=/usr/bin/podman exec -u abc nextcloud php /app/www/public/cron.php
+ExecStart=/usr/bin/podman exec -u 1000 nextcloud php /var/www/html/cron.php

nextcloud/nextcloud.container

@@ -3,18 +3,30 @@ Description=Nextcloud Container
 Requires=nextcloud_db.service nextcloud_valkey.service
 After=nextcloud_db.service nextcloud_valkey.service
 
+AssertPathIsDirectory=%h/podman/nextcloud
+AssertPathIsDirectory=%h/podman/nextcloud/html
+AssertPathIsDirectory=%h/nextcloud
+
 [Container]
 Pod=nextcloud.pod
 ContainerName=nextcloud
-Image=ghcr.io/linuxserver/nextcloud:latest
+Image=docker.io/library/nextcloud:fpm-alpine
 
 # Enable auto-update container
 AutoUpdate=registry
 # pass this to attach it to container
-EnvironmentFile=./.env
+Environment=MYSQL_PASSWORD=${MARIADB_PASSWORD}
+Environment=MYSQL_DATABASE=${MARIADB_DATABASE}
+Environment=MYSQL_USER=${MARIADB_USER}
+Environment=MYSQL_HOST=localhost:/tmp/docker/mysqld.sock
+Environment=PHP_MEMORY_LIMIT=2G
+Environment=PHP_UPLOAD_LIMIT=100G
+Environment=PHP_OPCACHE_MEMORY_CONSUMPTION=256
+Environment=PHP_MAX_EXECUTION_TIME=7200
 
-Volume=%h/podman/nextcloud/config:/config
-Volume=%h/nextcloud:/data
+Volume=%h/podman/nextcloud/html:/var/www/html
+Volume=%h/nextcloud:/var/www/html/data
+Volume=%h/.config/containers/systemd/nextcloud/zz-docker.conf:/usr/local/etc/php-fpm.d/zz-docker.conf
 Volume=${EXTERNAL_DIR}:${EXTERNAL_DIR}
 
 [Service]
@@ -25,4 +37,3 @@ TimeoutStartSec=300
 
 [Install]
 WantedBy=default.target
-

nextcloud/nextcloud.pod

@@ -3,8 +3,8 @@ Description=Nextcloud Pod
 
 [Pod]
 PodName=nextcloud
-PublishPort=8080:80
 Volume=%h/podman/nextcloud/.socket:/tmp/docker
+Network=host
 
 # to satisfy nextcloud bitch permissions problems
 UIDMap=1000:0:1

nextcloud/nextcloud_db.container

@@ -5,7 +5,7 @@ Description=Nextcloud DB Container
 Pod=nextcloud.pod
 ContainerName=nextcloud_db
 Image=docker.io/library/mariadb:lts
-Exec='--transaction-isolation=READ-COMMITTED' '--log-bin=binlog' '--binlog-format=ROW' '--socket=/tmp/docker/mysqld.sock'
+Exec='--transaction-isolation=READ-COMMITTED' '--log-bin=binlog' '--binlog-format=ROW' '--socket=/tmp/docker/mysqld.sock' '--skip-networking'
 
 # Enable auto-update container
 AutoUpdate=registry

nextcloud/nextcloud_imaginary.container

@@ -2,19 +2,18 @@
 Description=Nextcloud Imaginary Container
 
 [Container]
-Pod=nextcloud.pod
+Network=host
 ContainerName=nextcloud_imaginary
 Image=ghcr.io/nextcloud-releases/aio-imaginary
 Exec=-enable-url-source -cors
 
 # Enable auto-update container
 AutoUpdate=registry
+Environment=PORT=9999
+
 # capabilities
 AddCapability=CAP_SYS_NICE
 
-# this does not map any uid from host as this fucker doesn't like it.
-UserNS=auto
-
 # disable healthcheck
 HealthCmd=none
 HealthInterval=disable

nextcloud/nextcloud_valkey.container

@@ -5,7 +5,7 @@ Description=Nextcloud Valkey Container
 Pod=nextcloud.pod
 ContainerName=nextcloud_valkey
 Image=ghcr.io/valkey-io/valkey:alpine
-Exec=--unixsocket /tmp/docker/valkey.sock --unixsocketperm 777
+Exec=--port 0 --unixsocket /tmp/docker/valkey.sock --unixsocketperm 777
 
 # Enable auto-update container
 AutoUpdate=registry

nextcloud/zz-docker.conf

@@ -0,0 +1,19 @@
+[global]
+daemonize = no
+
+[www]
+listen = /tmp/docker/nextcloud-fpm.sock
+
+listen.owner = 1000
+listen.group = 1000
+listen.mode = 0777
+
+user = 1000
+group = 1000
+
+pm.max_children = 50
+pm.start_servers = 10
+pm.min_spare_servers = 5
+pm.max_spare_servers = 15
+pm.max_requests = 1000
+