Feat: fix nextcloud imaginary container failing issue

Feat: unix socketifying and disabling ports as much as possible
Feat: Update synapse db container to run only on socket
2025-12-20 11:55:16 +05:30 · 2025-08-27 14:15:24 +05:30 · 2025-08-27 13:42:56 +05:30 · 2025-08-27 13:29:05 +05:30 · 2025-08-27 13:22:56 +05:30
13 changed files with 48 additions and 32 deletions
--- a/gitea/gitea.container
+++ b/gitea/gitea.container
@@ -11,8 +11,9 @@ AutoUpdate=registry
 Environment=DISABLE_REGISTRATION=true
 Environment=USER_UID=1000
 Environment=USER_GID=1000
 Environment=SSH_LISTEN_PORT=2222
-PublishPort=2222:22
+Network=host
 UIDMap=1000:0:1
 UIDMap=0:1:1000
--- a/immich/immich_db.container
+++ b/immich/immich_db.container
@@ -5,7 +5,7 @@ Description=Immich Database Container
 Pod=immich.pod
 ContainerName=immich_db
 Image=ghcr.io/immich-app/postgres:17-vectorchord0.4.3
-Exec=postgres -c shared_preload_libraries=vchord -c unix_socket_directories='/var/run/postgresql/,/tmp/immich/' -c unix_socket_permissions=0770 -c shared_buffers=2GB -c work_mem=64MB -c effective_cache_size=4GB
+Exec=postgres -c shared_preload_libraries=vchord -c unix_socket_directories='/var/run/postgresql/,/tmp/immich/' -c unix_socket_permissions=0770 -c shared_buffers=2GB -c work_mem=64MB -c effective_cache_size=4GB -c listen_addresses=''
 # Enable auto-update container
 AutoUpdate=registry
--- a/immich/immich_valkey.container
+++ b/immich/immich_valkey.container
@@ -5,7 +5,7 @@ Description=Immich Valkey Container
 Pod=immich.pod
 ContainerName=immich_valkey
 Image=ghcr.io/valkey-io/valkey:alpine
-Exec=--unixsocket /tmp/immich/valkey.sock --unixsocketperm 777
+Exec=--port 0 --unixsocket /tmp/immich/valkey.sock --unixsocketperm 777
 # Enable auto-update container
 AutoUpdate=registry
--- a/matrix/synapse_db.container
+++ b/matrix/synapse_db.container
@@ -5,7 +5,7 @@ Description=Synapse Database Container
 Pod=matrix.pod
 ContainerName=synapse_db
 Image=docker.io/library/postgres:alpine
-Exec=postgres -c unix_socket_directories='/var/run/postgresql/,/tmp/matrix/' -c unix_socket_permissions=0770 -c shared_buffers=2GB -c work_mem=64MB -c effective_cache_size=4GB
+Exec=postgres -c unix_socket_directories='/var/run/postgresql/,/tmp/matrix/' -c unix_socket_permissions=0770 -c shared_buffers=2GB -c work_mem=64MB -c effective_cache_size=4GB -c listen_addresses=''
 # Enable auto-update container
 AutoUpdate=registry
--- a/nextcloud/env.example
+++ b/nextcloud/env.example
@@ -2,7 +2,5 @@ MARIADB_ROOT_PASSWORD=
 MARIADB_PASSWORD=
 MARIADB_DATABASE=nextcloud
 MARIADB_USER=nextcloud
 PUID=1000
 PGID=1000
 TZ=Asia/Kolkata
 EXTERNAL_DIR=/media/vault/nextcloud
--- a/nextcloud/nextcloud-cron.service
+++ b/nextcloud/nextcloud-cron.service
@@ -4,4 +4,4 @@ After=default.target
 [Service]
 Type=oneshot
-ExecStart=/usr/bin/podman exec -u abc nextcloud php /app/www/public/cron.php
+ExecStart=/usr/bin/podman exec -u 1000 nextcloud php /var/www/html/cron.php
--- a/nextcloud/nextcloud.container
+++ b/nextcloud/nextcloud.container
@@ -3,18 +3,30 @@ Description=Nextcloud Container
 Requires=nextcloud_db.service nextcloud_valkey.service
 After=nextcloud_db.service nextcloud_valkey.service
 AssertPathIsDirectory=%h/podman/nextcloud
 AssertPathIsDirectory=%h/podman/nextcloud/html
 AssertPathIsDirectory=%h/nextcloud
 [Container]
 Pod=nextcloud.pod
 ContainerName=nextcloud
-Image=ghcr.io/linuxserver/nextcloud:latest
+Image=docker.io/library/nextcloud:fpm-alpine
 # Enable auto-update container
 AutoUpdate=registry
 # pass this to attach it to container
-EnvironmentFile=./.env
+Environment=MYSQL_PASSWORD=${MARIADB_PASSWORD}
 Environment=MYSQL_DATABASE=${MARIADB_DATABASE}
 Environment=MYSQL_USER=${MARIADB_USER}
 Environment=MYSQL_HOST=localhost:/tmp/docker/mysqld.sock
 Environment=PHP_MEMORY_LIMIT=2G
 Environment=PHP_UPLOAD_LIMIT=100G
 Environment=PHP_OPCACHE_MEMORY_CONSUMPTION=256
 Environment=PHP_MAX_EXECUTION_TIME=7200
-Volume=%h/podman/nextcloud/config:/config
+Volume=%h/podman/nextcloud/html:/var/www/html
-Volume=%h/nextcloud:/data
+Volume=%h/nextcloud:/var/www/html/data
 Volume=%h/.config/containers/systemd/nextcloud/zz-docker.conf:/usr/local/etc/php-fpm.d/zz-docker.conf
 Volume=${EXTERNAL_DIR}:${EXTERNAL_DIR}
 [Service]
@@ -25,4 +37,3 @@ TimeoutStartSec=300
 [Install]
 WantedBy=default.target
--- a/nextcloud/nextcloud.pod
+++ b/nextcloud/nextcloud.pod
@@ -3,9 +3,9 @@ Description=Nextcloud Pod
 [Pod]
 PodName=nextcloud
 PublishPort=8080:80
 Volume=%h/podman/nextcloud/.socket:/tmp/docker
 # to satisfy nextcloud bitch permissions problems
 UIDMap=1000:0:1
 UIDMap=0:1:1000
 UIDMap=65534:65534:1
--- a/nextcloud/nextcloud_db.container
+++ b/nextcloud/nextcloud_db.container
@@ -5,7 +5,7 @@ Description=Nextcloud DB Container
 Pod=nextcloud.pod
 ContainerName=nextcloud_db
 Image=docker.io/library/mariadb:lts
-Exec='--transaction-isolation=READ-COMMITTED' '--log-bin=binlog' '--binlog-format=ROW' '--socket=/tmp/docker/mysqld.sock'
+Exec='--transaction-isolation=READ-COMMITTED' '--log-bin=binlog' '--binlog-format=ROW' '--socket=/tmp/docker/mysqld.sock' '--skip-networking'
 # Enable auto-update container
 AutoUpdate=registry
--- a/nextcloud/nextcloud_imaginary.container
+++ b/nextcloud/nextcloud_imaginary.container
@@ -9,12 +9,11 @@ Exec=-enable-url-source -cors
 # Enable auto-update container
 AutoUpdate=registry
 Environment=PORT=9999
 # capabilities
 AddCapability=CAP_SYS_NICE
 # this does not map any uid from host as this fucker doesn't like it.
 UserNS=auto
 # disable healthcheck
 HealthCmd=none
 HealthInterval=disable
--- a/nextcloud/nextcloud_valkey.container
+++ b/nextcloud/nextcloud_valkey.container
@@ -5,7 +5,7 @@ Description=Nextcloud Valkey Container
 Pod=nextcloud.pod
 ContainerName=nextcloud_valkey
 Image=ghcr.io/valkey-io/valkey:alpine
-Exec=--unixsocket /tmp/docker/valkey.sock --unixsocketperm 777
+Exec=--port 0 --unixsocket /tmp/docker/valkey.sock --unixsocketperm 777
 # Enable auto-update container
 AutoUpdate=registry
--- a/nextcloud/readme.md
+++ b/nextcloud/readme.md
@@ -1,18 +1,6 @@
 # Nextcloud
-The nextcloud image used is actually from linuxserver.io.
+The nextcloud image is from official nextcloud docker image.
 ## Major Problem
- The fpm is unable to run as root i.e. you cannot do puid and pgid to 0 and call it a day, it won't work.
+All Resolved :)
    - To get Around it, you have to do uidmap. Either on container level, or on pod level if doing pod (as most of us do)
        ```ini
            UIDMap=${PUID}:0:1
            UIDMap=0:1:${PUID}
        ```
 - Nextcloud Imaginary unable to start when this UIDMap is set on pod level, in which Imaginary is also configured.
    - To get around with that, set this in the Imaginary.container file
        ```ini
            UserNS=auto
        ```
--- a/nextcloud/zz-docker.conf
+++ b/nextcloud/zz-docker.conf
@@ -0,0 +1,19 @@
 [global]
 daemonize = no
 [www]
 listen = /tmp/docker/nextcloud-fpm.sock
 listen.owner = 1000
 listen.group = 1000
 listen.mode = 0777
 user = 1000
 group = 1000
 pm.max_children = 50
 pm.start_servers = 10
 pm.min_spare_servers = 5
 pm.max_spare_servers = 15
 pm.max_requests = 1000
Author	SHA1	Message	Date
coolnsx	393c7f8e3e	Feat: fix nextcloud imaginary container failing issue	2025-08-27 14:15:24 +05:30
coolnsx	cfa20a6396	Feat: unix socketifying and disabling ports as much as possible	2025-08-27 13:42:56 +05:30
CoolnsX	08b5c07938	Feat: Update synapse db container to run only on socket	2025-08-27 13:29:05 +05:30
CoolnsX	8b151fa215	Feat: Update gitea container	2025-08-27 13:22:56 +05:30