Skip to content

medienhaus/rpi-spaces-nextcloud-setup

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

medienhaus/

Customizable, modular, free and open-source environment for decentralized, distributed communication and collaboration without third-party dependencies.

WebsiteFediverse


rpi-spaces-nextcloud-setup

This repository contains configuration files, some explanations, and some instructions for a customized containerized runtime environment of medienhaus-spaces including matrix-synapse, element-web, etherpad-lite, lldap, and additionally nextcloud.

infrastructure overview

For Klasse Klima, we strive to self-host a communication and collaboration environment/infrastructure with full control over our data, i.e. we don’t want to store any data in the cloud. We do need at least one public IP address for making our services accessible via the internet; this public IP address could be provided by some (virtual private) server or virtual machine in the cloud, which creates an encrypted WireGuard tunnel and serves as reverse proxy, securely forwarding external traffic to our locally self-hosted infrastructure.

In our first proof-of-concept and momentarily to be evaluated prototype, we are using a small travel router running OpenWrt, serving as a firewall, and routing our traffic; these tasks could also be taken care of by e.g. OPNsense. Running our services, and hosting/storing our data, are two Raspberry Pi 5 single-board computers — in the future being solar-powered — which are connected via the Docker overlay network driver.

NOTE: We are using Docker’s swarm mode to establish a connections between both our Raspberry Pi 5 single-board computers; however, we don’t use any swarm features but instead use an overlay network for standalone containers and manually, via Docker compose files, attach containers to an overlay network.

instructions

  1. Create and join the Docker overlay network; see the documentation linked in the NOTE above.

    🗯️ I have read the documentation, just show me the necessary commands already!

    Install Docker …

    On the first Raspberry Pi 5 single-board computer hosting medienhaus-docker:

    docker swarm init

    This returns the command for the second Raspberry Pi to join the Docker swarm.

    docker network create --driver=overlay --attachable --opt encrypted overlay

    On the second Raspberry Pi 5 single-board computer hosting nextcloud:

    docker swarm join --token <TOKEN> <IP_OF_FIRST_RASPBERRY_PI>:2377

Important

On the first Raspberry Pi 5 single-board computer hosting medienhaus-docker:

  1. Clone this repository

    git clone https://github.com/medienhaus/rpi-spaces-nextcloud-setup.git && \
    cd rpi-spaces-nextcloud-setup/
  2. Clone, configure, and start medienhaus-docker

    IMPORTANT: The necessary pre-configured docker-compose.yml file et cetera are located in the medienhaus-docker directory; copy the content of medienhaus-docker to the cloned upstream repository, and if necessary replace the files in there with our files.

    git clone https://github.com/medienhaus/medienhaus-docker.git medienhaus-docker--upstream && \
    rsync -av medienhaus-docker/ medienhaus-docker--upstream

    💭 If rsync is not available/installed, use the following commands instead❗️

    Show/Hide commands
    git clone https://github.com/medienhaus/medienhaus-docker.git medienhaus-docker--upstream && \
    cp -i medienhaus-docker/.gitmodules medienhaus-docker--upstream/ && \
    cp -i medienhaus-docker/docker-compose.yml medienhaus-docker--upstream/ && \
    cp -i medienhaus-docker/docker-include.medienhaus-spaces.websecure.yml medienhaus-docker--upstream/ && \
    cp -i medienhaus-docker/template/medienhaus-spaces.config.js medienhaus-docker--upstream/template/ && \
    cp -i -R medienhaus-docker/assets medienhaus-docker--upstream/

    Then follow the instructions in the medienhaus-docker upstream repository.

  3. Configure and start nextcloud-nginx-reverse-proxy

    cd nextcloud-nginx-reverse-proxy/ && \
    cp .env.example .env

    Configure .env file:

    ${VISUAL:-${EDITOR:-vim}} .env

    ⚠️ For production, please change the following environment variables❗️

    • BASE_URL to your fully qualified domain name, e.g. nextcloud.example.org

    Configure nginx configuration file:

    ${VISUAL:-${EDITOR:-vim}} config/nginx.conf

    ⚠️ For production, please change the following lines❗️

    • server_name nextcloud.example.org to point to your fully qualified domain name

    Then start the Docker composition.

    docker compose up -d

Important

On the second Raspberry Pi 5 single-board computer hosting nextcloud:

  1. Clone this repository

    git clone https://github.com/medienhaus/rpi-spaces-nextcloud-setup.git && \
    cd rpi-spaces-nextcloud-setup/
  2. Configure and start nextcloud

    cd nextcloud/ && \
    cp .env.example .env
    ${VISUAL:-${EDITOR:-vim}} .env

    ⚠️ For production, please change at least the following environment variables❗️

    • ADMIN_CONTACT_LETSENCRYPT for issuing SSL certificates via traefik
    • BASE_URL to your fully qualified domain name, e.g. nextcloud.example.org
    • change_me to generated long, random, and secure passwords/secrets

    💭 Generate long, random, and secure passwords/secrets via openssl command:

    openssl rand -hex 32

    💭 This can also be done programmatically, if the .env file does not(!) exist, via bash:

    Show/Hide commands
    if [[ ! -r .env ]]; then
      while IFS= read -r line; do
        sed "s/change_me/$(openssl rand -hex 32)/" <<< "$line"
      done < .env.example > .env
    fi

    🧩 Add LDAP configuration to .env file:

    ${VISUAL:-${EDITOR:-vim}} .env

    TIP: Copy & paste LDAP_* configuration from /medienhaus-docker/.env on the first Raspberry Pi 5❗️

    Then start the Docker composition.

    docker compose up -d

    🏗️ Finish nextcloud installation in your browser via https://nextcloud.example.org❗️

    Then apply LDAP configuration.

    docker exec -u 33 nextcloud-app /opt/enable-and-configure-ldap.sh

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published