feat: immich permissions problems not anymore

Fuck it, YOLO!
feat: replaced docker images with github images
2025-12-20 11:55:16 +05:30 · 2025-12-15 23:08:55 +05:30 · 2025-10-26 15:52:14 +05:30 · 2025-10-05 02:26:27 +05:30 · 2025-10-03 20:13:16 +05:30 · 2025-10-02 14:34:04 +05:30
21 changed files with 281 additions and 46 deletions
--- a/gitea/gitea.container
+++ b/gitea/gitea.container
@@ -3,7 +3,7 @@ Description=Gitea Container
 [Container]
 ContainerName=gitea
-Image=docker.io/gitea/gitea:latest
+Image=ghcr.io/go-gitea/gitea:latest
 # Enable auto-update container
 AutoUpdate=registry
@@ -11,8 +11,9 @@ AutoUpdate=registry
 Environment=DISABLE_REGISTRATION=true
 Environment=USER_UID=1000
 Environment=USER_GID=1000
 Environment=SSH_LISTEN_PORT=2222
-PublishPort=2222:22
+Network=host
 UIDMap=1000:0:1
 UIDMap=0:1:1000
--- a/headscale/headscale.container
+++ b/headscale/headscale.container
@@ -4,7 +4,7 @@ Description=Headscale Container
 [Container]
 Network=host
 ContainerName=headscale
-Image=docker.io/headscale/headscale:latest
+Image=ghcr.io/juanfont/headscale:latest
 Exec=serve
 # Enable auto-update container
--- a/homeassistant/homeassistant.container
+++ b/homeassistant/homeassistant.container
@@ -12,6 +12,7 @@ AutoUpdate=registry
 Volume=%h/podman/homeassistant/config:/config
 Volume=/etc/localtime:/etc/localtime:ro
 Volume=/run/dbus:/run/dbus:ro
 Volume=/tmp/unbound_stats:/tmp/unbound_stats
 [Service]
 Restart=always
--- a/immich/immich.pod
+++ b/immich/immich.pod
@@ -6,7 +6,3 @@ PodName=immich
 #PublishPort=2283:2283
 Network=host
 Volume=%h/podman/immich/.socket:/tmp/immich
 # to satisfy immich bitch permissions problems
 UIDMap=1000:0:1
 UIDMap=0:1:1000
--- a/immich/immich_db.container
+++ b/immich/immich_db.container
@@ -5,7 +5,7 @@ Description=Immich Database Container
 Pod=immich.pod
 ContainerName=immich_db
 Image=ghcr.io/immich-app/postgres:17-vectorchord0.4.3
-Exec=postgres -c shared_preload_libraries=vchord -c unix_socket_directories='/var/run/postgresql/,/tmp/immich/' -c unix_socket_permissions=0770 -c shared_buffers=2GB -c work_mem=64MB -c effective_cache_size=4GB
+Exec=postgres -c shared_preload_libraries=vchord -c unix_socket_directories='/var/run/postgresql/,/tmp/immich/' -c unix_socket_permissions=0770 -c shared_buffers=2GB -c work_mem=64MB -c effective_cache_size=4GB -c listen_addresses=''
 # Enable auto-update container
 AutoUpdate=registry
--- a/immich/immich_valkey.container
+++ b/immich/immich_valkey.container
@@ -5,12 +5,13 @@ Description=Immich Valkey Container
 Pod=immich.pod
 ContainerName=immich_valkey
 Image=ghcr.io/valkey-io/valkey:alpine
-Exec=--unixsocket /tmp/immich/valkey.sock --unixsocketperm 777
+Exec=--port 0 --unixsocket ${REDIS_SOCKET} --unixsocketperm 777
 # Enable auto-update container
 AutoUpdate=registry
 [Service]
 EnvironmentFile=%h/.config/containers/systemd/immich/.env
 Restart=always
 TimeoutStartSec=300
--- a/matrix/synapse.container
+++ b/matrix/synapse.container
@@ -6,7 +6,7 @@ After=synapse_db.service
 [Container]
 Pod=matrix.pod
 ContainerName=synapse
-Image=docker.io/matrixdotorg/synapse:latest
+Image=ghcr.io/element-hq/synapse:latest
 # Enable auto-update container
 AutoUpdate=registry
--- a/matrix/synapse_db.container
+++ b/matrix/synapse_db.container
@@ -5,14 +5,14 @@ Description=Synapse Database Container
 Pod=matrix.pod
 ContainerName=synapse_db
 Image=docker.io/library/postgres:alpine
-Exec=postgres -c unix_socket_directories='/var/run/postgresql/,/tmp/matrix/' -c unix_socket_permissions=0770 -c shared_buffers=2GB -c work_mem=64MB -c effective_cache_size=4GB
+Exec=postgres -c unix_socket_directories='/var/run/postgresql/,/tmp/matrix/' -c unix_socket_permissions=0770 -c shared_buffers=2GB -c work_mem=64MB -c effective_cache_size=4GB -c listen_addresses=''
 # Enable auto-update container
 AutoUpdate=registry
 # pass this to attach it to container
 Environment=POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
 Environment=POSTGRES_USER=${POSTGRES_USER}
-Environment=POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C
+Environment=POSTGRES_INITDB_ARGS='--encoding=UTF-8 --lc-collate=C --lc-ctype=C'
 Volume=%h/podman/matrix/database:/var/lib/postgresql/data
--- a/nextcloud/env.example
+++ b/nextcloud/env.example
@@ -1,8 +1,37 @@
 # db
 MARIADB_ROOT_PASSWORD=
 MARIADB_PASSWORD=
 MARIADB_DATABASE=nextcloud
 MARIADB_USER=nextcloud
-PUID=1000
+MARIADB_HOST=/tmp/docker/mysqld.sock
-PGID=1000
+
-TZ=Asia/Kolkata
+# redis
-EXTERNAL_DIR=/media/vault/nextcloud
+REDIS_HOST=/tmp/docker/valkey.sock
 REDIS_HOST_PORT=0
 # Misc
 TZ=Etc/UTC
 # Directories
 EXTERNAL_DIR=
 # notify push
 SOCKET_PATH=/tmp/docker/notify_push.sock
 # reverse proxy
 OVERWRITEPROTOCOL=https
 OVERWRITECLIURL=https://cloud.example.com
 TRUSTED_PROXIES=127.0.0.1 ::1
 # SMTP
 SMTP_HOST=smtp.example.com
 SMTP_SECURE=ssl
 SMTP_NAME=
 SMTP_PASSWORD=
 MAIL_FROM_ADDRESS=
 MAIL_DOMAIN=
 # PHP Optimizations
 PHP_MEMORY_LIMIT=2G
 PHP_UPLOAD_LIMIT=100G
 PHP_OPCACHE_MEMORY_CONSUMPTION=256
--- a/nextcloud/nextcloud-cron.service
+++ b/nextcloud/nextcloud-cron.service
@@ -4,4 +4,4 @@ After=default.target
 [Service]
 Type=oneshot
-ExecStart=/usr/bin/podman exec -u abc nextcloud php /app/www/public/cron.php
+ExecStart=/usr/bin/podman exec -u 1000 nextcloud php /var/www/html/cron.php
--- a/nextcloud/nextcloud-entrypoint.sh
+++ b/nextcloud/nextcloud-entrypoint.sh
@@ -0,0 +1,54 @@
 #!/bin/sh
 set -eu
 ####################
 # My Special Sauce #
 ####################
 #################################################################
 # This script is to make the www-data in /entrypoint.sh to	#
 # any user specified by $PUID environment variable,		#
 # so that your nextcloud can run or update properly.		#
 #################################################################
 # fix nextcloud not setting Local Time zone
 apk add --no-cache tzdata
 # default to UID=1000 if not set
 TARGET_UID="${PUID:-1000}"
 # add user as the su in image doesn't know user ID we will pass
 adduser -D -u "${TARGET_UID}" "abc" || true
 # Overwrite /usr/local/etc/php-fpm.d/zz-docker.conf to make php-fpm listen on unix socket
 cat <<EOF >/usr/local/etc/php-fpm.d/zz-docker.conf
 ; Generated by /nextcloud-entrypoint.sh
 ; DO NOT EDIT THIS FILE, IT WILL BE OVERWRITTEN !!
 ; please make changes in the /nextcloud-entrypoint.sh script
 [global]
 daemonize = no
 [www]
 access.log = /tmp/fpm-access.log
 listen = ${NEXTCLOUD_FPM_SOCK:-/tmp/docker/nextcloud-fpm.sock}
 listen.owner = ${TARGET_UID}
 listen.group = ${TARGET_UID}
 ; Restricting socket to owner and group only
 listen.mode = 0660
 user = ${TARGET_UID}
 group = ${TARGET_UID}
 pm.max_children = 50
 pm.start_servers = 10
 pm.min_spare_servers = 5
 pm.max_spare_servers = 15
 pm.max_requests = 1000
 EOF
 # replace "www-data" with numeric $PUID in /entrypoint.sh
 sed -i "s/www-data/abc/g" /entrypoint.sh
 # execute the patched entrypoint with all args
 exec /entrypoint.sh php-fpm
--- a/nextcloud/nextcloud-notify-push-entrypoint.sh
+++ b/nextcloud/nextcloud-notify-push-entrypoint.sh
@@ -0,0 +1,60 @@
 #!/bin/sh
 # env exports
 export NEXTCLOUD_URL="${NEXTCLOUD_URL:-$OVERWRITECLIURL}"
 export REDIS_URL="redis+unix://${REDIS_HOST}"
 export DATABASE_URL="mysql://${MARIADB_USER}:${MARIADB_PASSWORD}@localhost/${MARIADB_DATABASE}?socket=${MARIADB_HOST}"
 export DATABASE_PREFIX="oc_"
 # Clean shutdown handler
 cleanup() {
 	echo "[*] Stopping notify_push..."
 	kill -TERM "$NOTIFY_PID" 2>/dev/null && echo "[✓] notify push stopped.." || echo "Unable to Kill Notify Push.."
 	echo "[✓] Bye..."
 }
 trap 'cleanup' TERM INT
 echo "[*] Checking Nextcloud Host Presence..."
 while ! curl -s --fail --max-time 15 "$NEXTCLOUD_URL/status.php" >/dev/null; do
 	echo "[*] Waiting for Nextcloud to start..."
 	sleep 5
 done
 echo "[✓] Nextcloud Host is UP and Serving."
 echo "[*] Ensuring notify_push app is installed and enabled..."
 php occ app:install notify_push || true
 php occ app:enable notify_push || true
 echo "[*] Starting notify_push binary..."
 /var/www/html/custom_apps/notify_push/bin/x86_64/notify_push &
 NOTIFY_PID=$!
 # Posix compliance check to ensure notify_push is running
 if kill -0 "$PID" 2>/dev/null; then
 	echo "[✓] Notify Push is UP and running."
 else
 	echo "[X] Notify Push is not Running!! Exiting.."
 	exit 1
 fi
 # Wait for the socket to active and respond, max 30 seconds
 i=1
 while [ $i -le 6 ]; do
 	if [ -S "$SOCKET_PATH" ]; then
 		echo "[*] Socket file exists, testing HTTP response..."
 		if curl -s --max-time 5 --unix-socket "$SOCKET_PATH" http://localhost/ -o /dev/null; then
 			echo "[*] Running occ notify_push:setup"
 			php occ notify_push:setup "${NEXTCLOUD_URL}/push" || true
 			break
 		else
 			echo "[!] Socket exists, but no HTTP response yet"
 		fi
 	fi
 	echo "[*] Waiting 5 seconds for notify_push to be ready... (try $i/6)"
 	sleep 5
 	: $((i += 1))
 done
 # Keep container alive while notify_push runs
 wait
--- a/nextcloud/nextcloud.container
+++ b/nextcloud/nextcloud.container
@@ -6,16 +6,25 @@ After=nextcloud_db.service nextcloud_valkey.service
 [Container]
 Pod=nextcloud.pod
 ContainerName=nextcloud
-Image=ghcr.io/linuxserver/nextcloud:latest
+Image=docker.io/library/nextcloud:fpm-alpine
 Entrypoint=/nextcloud-entrypoint.sh
 # Enable auto-update container
 AutoUpdate=registry
-# pass this to attach it to container
+
 # DB credentials (only required when setting up first time)
 Environment=MYSQL_PASSWORD=${MARIADB_PASSWORD}
 Environment=MYSQL_DATABASE=${MARIADB_DATABASE}
 Environment=MYSQL_USER=${MARIADB_USER}
 Environment=MYSQL_HOST=localhost:${MARIADB_HOST}
 # env file
 EnvironmentFile=./.env
-Volume=%h/podman/nextcloud/config:/config
+Volume=%h/podman/nextcloud/html:/var/www/html
-Volume=%h/nextcloud:/data
+Volume=%h/nextcloud:/var/www/html/data
 Volume=${EXTERNAL_DIR}:${EXTERNAL_DIR}
 Volume=./nextcloud-entrypoint.sh:/nextcloud-entrypoint.sh
 [Service]
 # pass this to autofill above variables
@@ -25,4 +34,3 @@ TimeoutStartSec=300
 [Install]
 WantedBy=default.target
--- a/nextcloud/nextcloud.pod
+++ b/nextcloud/nextcloud.pod
@@ -3,9 +3,9 @@ Description=Nextcloud Pod
 [Pod]
 PodName=nextcloud
 PublishPort=8080:80
 Volume=%h/podman/nextcloud/.socket:/tmp/docker
 # to satisfy nextcloud bitch permissions problems
 UIDMap=1000:0:1
 UIDMap=0:1:1000
 UIDMap=65534:65534:1
--- a/nextcloud/nextcloud_db.container
+++ b/nextcloud/nextcloud_db.container
@@ -5,12 +5,19 @@ Description=Nextcloud DB Container
 Pod=nextcloud.pod
 ContainerName=nextcloud_db
 Image=docker.io/library/mariadb:lts
-Exec='--transaction-isolation=READ-COMMITTED' '--log-bin=binlog' '--binlog-format=ROW' '--socket=/tmp/docker/mysqld.sock'
+Exec=--transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW --socket=${MARIADB_HOST} --skip-networking
 # Enable auto-update container
 AutoUpdate=registry
-# pass this to attach it to container
+
-EnvironmentFile=./.env
+# Timezone
 Environment=TZ=${TZ}
 # DB credentials
 Environment=MARIADB_ROOT_PASSWORD=${MARIADB_ROOT_PASSWORD}
 Environment=MARIADB_PASSWORD=${MARIADB_PASSWORD}
 Environment=MARIADB_DATABASE=${MARIADB_DATABASE}
 Environment=MARIADB_USER=${MARIADB_USER}
 Volume=%h/podman/nextcloud/db:/var/lib/mysql
--- a/nextcloud/nextcloud_imaginary.container
+++ b/nextcloud/nextcloud_imaginary.container
@@ -9,17 +9,18 @@ Exec=-enable-url-source -cors
 # Enable auto-update container
 AutoUpdate=registry
 Environment=PORT=9999
 Environment=TZ=${TZ}
 # capabilities
 AddCapability=CAP_SYS_NICE
 # this does not map any uid from host as this fucker doesn't like it.
 UserNS=auto
 # disable healthcheck
 HealthCmd=none
 HealthInterval=disable
 [Service]
 EnvironmentFile=%h/.config/containers/systemd/nextcloud/.env
 Restart=always
 TimeoutStartSec=300
--- a/nextcloud/nextcloud_push.container
+++ b/nextcloud/nextcloud_push.container
@@ -0,0 +1,47 @@
 [Unit]
 Description=Nextcloud Notify Push Container
 Requires=nextcloud_db.service nextcloud_valkey.service nextcloud.service
 After=nextcloud_db.service nextcloud_valkey.service nextcloud.service
 [Container]
 Pod=nextcloud.pod
 ContainerName=nextcloud_push
 Image=docker.io/library/nextcloud:fpm-alpine
 Entrypoint=/nextcloud-notify-push-entrypoint.sh
 User=1000
 Group=1000
 # Enable auto-update container
 AutoUpdate=registry
 # Timezone
 Environment=TZ=${TZ}
 # Nextcloud variables
 Environment=SOCKET_PATH=${SOCKET_PATH}
 Environment=OVERWRITECLIURL=${OVERWRITECLIURL}
 Environment=OVERWRITEPROTOCOL=${OVERWRITEPROTOCOL}
 Environment=TRUSTED_PROXIES=${TRUSTED_PROXIES}
 # DB credentials
 Environment=MARIADB_PASSWORD=${MARIADB_PASSWORD}
 Environment=MARIADB_DATABASE=${MARIADB_DATABASE}
 Environment=MARIADB_USER=${MARIADB_USER}
 Environment=MARIADB_HOST=${MARIADB_HOST}
 # Redis
 Environment=REDIS_HOST=${REDIS_HOST}
 Environment=REDIS_HOST_PORT=${REDIS_HOST_PORT}
 Volume=%h/podman/nextcloud/html:/var/www/html
 Volume=./nextcloud-notify-push-entrypoint.sh:/nextcloud-notify-push-entrypoint.sh
 Volume=%h/nextcloud:/var/www/html/data
 [Service]
 # pass this to autofill above variables
 EnvironmentFile=%h/.config/containers/systemd/nextcloud/.env
 Restart=always
 TimeoutStartSec=300
 [Install]
 WantedBy=default.target
--- a/nextcloud/nextcloud_valkey.container
+++ b/nextcloud/nextcloud_valkey.container
@@ -5,12 +5,13 @@ Description=Nextcloud Valkey Container
 Pod=nextcloud.pod
 ContainerName=nextcloud_valkey
 Image=ghcr.io/valkey-io/valkey:alpine
-Exec=--unixsocket /tmp/docker/valkey.sock --unixsocketperm 777
+Exec=--port 0 --unixsocket ${REDIS_HOST} --unixsocketperm 777
 # Enable auto-update container
 AutoUpdate=registry
-# pass this to attach it to container
+
-EnvironmentFile=./.env
+# Timezone
 Environment=TZ=${TZ}
 Volume=%h/podman/nextcloud/valkey:/data
--- a/nextcloud/readme.md
+++ b/nextcloud/readme.md
@@ -1,18 +1,8 @@
 # Nextcloud
-The nextcloud image used is actually from linuxserver.io.
+The nextcloud image is from official nextcloud docker image.
 You Need to have Separate Web Server, as this image is based on PHP-FPM.
 ## Major Problem
- The fpm is unable to run as root i.e. you cannot do puid and pgid to 0 and call it a day, it won't work.
+All Resolved :)
    - To get Around it, you have to do uidmap. Either on container level, or on pod level if doing pod (as most of us do)
        ```ini
            UIDMap=${PUID}:0:1
            UIDMap=0:1:${PUID}
        ```
 - Nextcloud Imaginary unable to start when this UIDMap is set on pod level, in which Imaginary is also configured.
    - To get around with that, set this in the Imaginary.container file
        ```ini
            UserNS=auto
        ```
--- a/vaultwarden/env.example
+++ b/vaultwarden/env.example
@@ -0,0 +1,17 @@
 # base config
 DOMAIN=https://vw.example.com
 SIGNUPS_ALLOWED=false
 INVITATIONS_ALLOWED=false
 # smtp config
 SMTP_HOST=smtp.example.com
 SMTP_FROM=mail@example.com
 SMTP_FROM_NAME=Vaultwarden
 SMTP_USERNAME=username
 SMTP_PASSWORD=
 SMTP_TIMEOUT=15
 SMTP_SECURITY=force_tls
 SMTP_PORT=465
 # rocket http configuration
 ROCKET_PORT=7777
--- a/vaultwarden/vaultwarden.container
+++ b/vaultwarden/vaultwarden.container
@@ -0,0 +1,22 @@
 [Unit]
 Description=VaultWarden Container
 [Container]
 ContainerName=vaultwarden
 Image=ghcr.io/dani-garcia/vaultwarden:alpine
 # Enable auto-update container
 AutoUpdate=registry
 EnvironmentFile=./.env
 Network=host
 Volume=%h/podman/vaultwarden:/data
 [Service]
 EnvironmentFile=%h/.config/containers/systemd/vaultwarden/.env
 Restart=always
 TimeoutStartSec=300
 [Install]
 WantedBy=default.target
Author	SHA1	Message	Date
coolnsx	608913ebaa	feat: immich permissions problems not anymore	2025-12-15 23:08:55 +05:30
coolnsx	2fd3636714	Fuck it, YOLO!	2025-10-26 15:52:14 +05:30
CoolnsX	1902ee824e	feat: replaced docker images with github images	2025-10-05 02:26:27 +05:30
coolnsx	1775b24793	feat: add tzdata package to make nextcloud run on local timezon	2025-10-03 20:13:16 +05:30
coolnsx	9c484f553f	feat: nextcloud notify-push script verbose logging	2025-10-02 14:34:04 +05:30
coolnsx	412d29f6ee	feat: updated logic in nextcloud push entrypoint file to check socket via curl	2025-10-02 14:10:13 +05:30
coolnsx	87d43313cd	feat: revert to custom entrypoint file	2025-10-02 13:39:40 +05:30
coolnsx	25823302fd	feat: replaced nextcloud-entrypoint file to Entrypoint command in nextcloud.container	2025-10-01 23:14:01 +05:30
coolnsx	f6b669ae56	feat: custom entrypoint to run before the official entrypoint in nextcloud container	2025-10-01 23:07:02 +05:30
CoolnsX	adff932635	feat: vaultwarden setup	2025-10-01 01:26:45 +05:30
coolnsx	92cfc7bcc1	feat: homeassistant pod changes	2025-09-30 20:24:40 +05:30
coolnsx	8f17cf1d49	For great justice.	2025-09-28 18:21:04 +05:30
coolnsx	19fae3f6d3	Chore: moved the nextcloud setup to control via environment variables	2025-09-28 17:24:55 +05:30
CoolnsX	5eb90153ed	Committing fixes in the dark, seriously, who killed my power!?	2025-09-27 13:28:57 +05:30
coolnsx	3900cf2395	Chore: redirect nextcloud fpm logs to file	2025-09-19 08:22:04 +05:30
coolnsx	8ca1d21f51	Fix: nextcloud notify script issues	2025-09-17 16:22:20 +05:30
coolnsx	269f944dd2	Pro Tip: Read Copilot output before pushing it	2025-09-17 14:14:49 +05:30
coolnsx	00faa8b508	f	2025-08-31 17:39:16 +05:30
coolnsx	dce2ed9ae0	should get thru ci now	2025-08-31 17:38:57 +05:30
coolnsx	393c7f8e3e	Feat: fix nextcloud imaginary container failing issue	2025-08-27 14:15:24 +05:30
coolnsx	cfa20a6396	Feat: unix socketifying and disabling ports as much as possible	2025-08-27 13:42:56 +05:30
CoolnsX	08b5c07938	Feat: Update synapse db container to run only on socket	2025-08-27 13:29:05 +05:30
CoolnsX	8b151fa215	Feat: Update gitea container	2025-08-27 13:22:56 +05:30