Feat: fix nextcloud imaginary container failing issue

Feat: unix socketifying and disabling ports as much as possible
Feat: Update synapse db container to run only on socket
2025-12-20 03:45:16 +05:30 · 2025-08-27 14:15:24 +05:30 · 2025-08-27 13:42:56 +05:30 · 2025-08-27 13:29:05 +05:30 · 2025-08-27 13:22:56 +05:30
13 changed files with 48 additions and 32 deletions
--- a/gitea/gitea.container
+++ b/gitea/gitea.container
@@ -11,8 +11,9 @@ AutoUpdate=registry
 Environment=DISABLE_REGISTRATION=true
 Environment=USER_UID=1000
 Environment=USER_GID=1000
+Environment=SSH_LISTEN_PORT=2222

-PublishPort=2222:22
+Network=host

 UIDMap=1000:0:1
 UIDMap=0:1:1000
--- a/immich/immich_db.container
+++ b/immich/immich_db.container
@@ -5,7 +5,7 @@ Description=Immich Database Container
 Pod=immich.pod
 ContainerName=immich_db
 Image=ghcr.io/immich-app/postgres:17-vectorchord0.4.3
-Exec=postgres -c shared_preload_libraries=vchord -c unix_socket_directories='/var/run/postgresql/,/tmp/immich/' -c unix_socket_permissions=0770 -c shared_buffers=2GB -c work_mem=64MB -c effective_cache_size=4GB
+Exec=postgres -c shared_preload_libraries=vchord -c unix_socket_directories='/var/run/postgresql/,/tmp/immich/' -c unix_socket_permissions=0770 -c shared_buffers=2GB -c work_mem=64MB -c effective_cache_size=4GB -c listen_addresses=''

 # Enable auto-update container
 AutoUpdate=registry
--- a/immich/immich_valkey.container
+++ b/immich/immich_valkey.container
@@ -5,7 +5,7 @@ Description=Immich Valkey Container
 Pod=immich.pod
 ContainerName=immich_valkey
 Image=ghcr.io/valkey-io/valkey:alpine
-Exec=--unixsocket /tmp/immich/valkey.sock --unixsocketperm 777
+Exec=--port 0 --unixsocket /tmp/immich/valkey.sock --unixsocketperm 777

 # Enable auto-update container
 AutoUpdate=registry
--- a/matrix/synapse_db.container
+++ b/matrix/synapse_db.container
@@ -5,7 +5,7 @@ Description=Synapse Database Container
 Pod=matrix.pod
 ContainerName=synapse_db
 Image=docker.io/library/postgres:alpine
-Exec=postgres -c unix_socket_directories='/var/run/postgresql/,/tmp/matrix/' -c unix_socket_permissions=0770 -c shared_buffers=2GB -c work_mem=64MB -c effective_cache_size=4GB
+Exec=postgres -c unix_socket_directories='/var/run/postgresql/,/tmp/matrix/' -c unix_socket_permissions=0770 -c shared_buffers=2GB -c work_mem=64MB -c effective_cache_size=4GB -c listen_addresses=''

 # Enable auto-update container
 AutoUpdate=registry
--- a/nextcloud/env.example
+++ b/nextcloud/env.example
@@ -2,7 +2,5 @@ MARIADB_ROOT_PASSWORD=
 MARIADB_PASSWORD=
 MARIADB_DATABASE=nextcloud
 MARIADB_USER=nextcloud
-PUID=1000
-PGID=1000
 TZ=Asia/Kolkata
 EXTERNAL_DIR=/media/vault/nextcloud
--- a/nextcloud/nextcloud-cron.service
+++ b/nextcloud/nextcloud-cron.service
@@ -4,4 +4,4 @@ After=default.target

 [Service]
 Type=oneshot
-ExecStart=/usr/bin/podman exec -u abc nextcloud php /app/www/public/cron.php
+ExecStart=/usr/bin/podman exec -u 1000 nextcloud php /var/www/html/cron.php
--- a/nextcloud/nextcloud.container
+++ b/nextcloud/nextcloud.container
@@ -3,18 +3,30 @@ Description=Nextcloud Container
 Requires=nextcloud_db.service nextcloud_valkey.service
 After=nextcloud_db.service nextcloud_valkey.service

+AssertPathIsDirectory=%h/podman/nextcloud
+AssertPathIsDirectory=%h/podman/nextcloud/html
+AssertPathIsDirectory=%h/nextcloud
+
 [Container]
 Pod=nextcloud.pod
 ContainerName=nextcloud
-Image=ghcr.io/linuxserver/nextcloud:latest
+Image=docker.io/library/nextcloud:fpm-alpine

 # Enable auto-update container
 AutoUpdate=registry
 # pass this to attach it to container
-EnvironmentFile=./.env
+Environment=MYSQL_PASSWORD=${MARIADB_PASSWORD}
+Environment=MYSQL_DATABASE=${MARIADB_DATABASE}
+Environment=MYSQL_USER=${MARIADB_USER}
+Environment=MYSQL_HOST=localhost:/tmp/docker/mysqld.sock
+Environment=PHP_MEMORY_LIMIT=2G
+Environment=PHP_UPLOAD_LIMIT=100G
+Environment=PHP_OPCACHE_MEMORY_CONSUMPTION=256
+Environment=PHP_MAX_EXECUTION_TIME=7200

-Volume=%h/podman/nextcloud/config:/config
-Volume=%h/nextcloud:/data
+Volume=%h/podman/nextcloud/html:/var/www/html
+Volume=%h/nextcloud:/var/www/html/data
+Volume=%h/.config/containers/systemd/nextcloud/zz-docker.conf:/usr/local/etc/php-fpm.d/zz-docker.conf
 Volume=${EXTERNAL_DIR}:${EXTERNAL_DIR}

 [Service]
@@ -25,4 +37,3 @@ TimeoutStartSec=300

 [Install]
 WantedBy=default.target
-
--- a/nextcloud/nextcloud.pod
+++ b/nextcloud/nextcloud.pod
@@ -3,9 +3,9 @@ Description=Nextcloud Pod

 [Pod]
 PodName=nextcloud
-PublishPort=8080:80
 Volume=%h/podman/nextcloud/.socket:/tmp/docker

 # to satisfy nextcloud bitch permissions problems
 UIDMap=1000:0:1
 UIDMap=0:1:1000
+UIDMap=65534:65534:1
--- a/nextcloud/nextcloud_db.container
+++ b/nextcloud/nextcloud_db.container
@@ -5,7 +5,7 @@ Description=Nextcloud DB Container
 Pod=nextcloud.pod
 ContainerName=nextcloud_db
 Image=docker.io/library/mariadb:lts
-Exec='--transaction-isolation=READ-COMMITTED' '--log-bin=binlog' '--binlog-format=ROW' '--socket=/tmp/docker/mysqld.sock'
+Exec='--transaction-isolation=READ-COMMITTED' '--log-bin=binlog' '--binlog-format=ROW' '--socket=/tmp/docker/mysqld.sock' '--skip-networking'

 # Enable auto-update container
 AutoUpdate=registry
--- a/nextcloud/nextcloud_imaginary.container
+++ b/nextcloud/nextcloud_imaginary.container
@@ -9,12 +9,11 @@ Exec=-enable-url-source -cors

 # Enable auto-update container
 AutoUpdate=registry
+Environment=PORT=9999
+
 # capabilities
 AddCapability=CAP_SYS_NICE

-# this does not map any uid from host as this fucker doesn't like it.
-UserNS=auto
-
 # disable healthcheck
 HealthCmd=none
 HealthInterval=disable
--- a/nextcloud/nextcloud_valkey.container
+++ b/nextcloud/nextcloud_valkey.container
@@ -5,7 +5,7 @@ Description=Nextcloud Valkey Container
 Pod=nextcloud.pod
 ContainerName=nextcloud_valkey
 Image=ghcr.io/valkey-io/valkey:alpine
-Exec=--unixsocket /tmp/docker/valkey.sock --unixsocketperm 777
+Exec=--port 0 --unixsocket /tmp/docker/valkey.sock --unixsocketperm 777

 # Enable auto-update container
 AutoUpdate=registry
--- a/nextcloud/readme.md
+++ b/nextcloud/readme.md
@@ -1,18 +1,6 @@
 # Nextcloud

-The nextcloud image used is actually from linuxserver.io.
+The nextcloud image is from official nextcloud docker image.

 ## Major Problem
- The fpm is unable to run as root i.e. you cannot do puid and pgid to 0 and call it a day, it won't work.
-    - To get Around it, you have to do uidmap. Either on container level, or on pod level if doing pod (as most of us do)
-        ```ini
-            UIDMap=${PUID}:0:1
-            UIDMap=0:1:${PUID}
-        ```
-
- Nextcloud Imaginary unable to start when this UIDMap is set on pod level, in which Imaginary is also configured.
-    - To get around with that, set this in the Imaginary.container file
-        ```ini
-            UserNS=auto
-        ```
-
+All Resolved :)
--- a/nextcloud/zz-docker.conf
+++ b/nextcloud/zz-docker.conf
@@ -0,0 +1,19 @@
+[global]
+daemonize = no
+
+[www]
+listen = /tmp/docker/nextcloud-fpm.sock
+
+listen.owner = 1000
+listen.group = 1000
+listen.mode = 0777
+
+user = 1000
+group = 1000
+
+pm.max_children = 50
+pm.start_servers = 10
+pm.min_spare_servers = 5
+pm.max_spare_servers = 15
+pm.max_requests = 1000
+
Author	SHA1	Message	Date
coolnsx	393c7f8e3e	Feat: fix nextcloud imaginary container failing issue	2025-08-27 14:15:24 +05:30
coolnsx	cfa20a6396	Feat: unix socketifying and disabling ports as much as possible	2025-08-27 13:42:56 +05:30
CoolnsX	08b5c07938	Feat: Update synapse db container to run only on socket	2025-08-27 13:29:05 +05:30
CoolnsX	8b151fa215	Feat: Update gitea container	2025-08-27 13:22:56 +05:30