Customizable, modular, free and open-source environment for decentralized, distributed communication and collaboration without third-party dependencies.
This repository contains configuration files, some explanations, and some instructions for a customized containerized runtime environment of medienhaus-spaces including matrix-synapse, element-web, etherpad-lite, lldap, and additionally nextcloud.
For Klasse Klima, we strive to self-host a communication and collaboration environment/infrastructure with full control over our data, i.e. we don’t want to store any data in the cloud. We do need at least one public IP address for making our services accessible via the internet; this public IP address could be provided by some (virtual private) server or virtual machine in the cloud, which creates an encrypted WireGuard tunnel and serves as reverse proxy, securely forwarding external traffic to our locally self-hosted infrastructure.
In our first proof-of-concept and momentarily to be evaluated prototype, we are using a small travel router running OpenWrt, serving as a firewall, and routing our traffic; these tasks could also be taken care of by e.g. OPNsense. Running our services, and hosting/storing our data, are two Raspberry Pi 5 single-board computers — in the future being solar-powered — which are connected via the Docker overlay network driver.
NOTE: We are using Docker’s swarm mode to establish a connections between both our Raspberry Pi 5 single-board computers; however, we don’t use any swarm features but instead use an overlay network for standalone containers and manually, via Docker compose files, attach containers to an overlay network.
-
Create and join the Docker overlay network; see the documentation linked in the NOTE above.
🗯️ I have read the documentation, just show me the necessary commands already!
On the first Raspberry Pi 5 single-board computer hosting
medienhaus-docker
:docker swarm init
This returns the command for the second Raspberry Pi to join the Docker swarm.
docker network create --driver=overlay --attachable --opt encrypted overlay
On the second Raspberry Pi 5 single-board computer hosting
nextcloud
:docker swarm join --token <TOKEN> <IP_OF_FIRST_RASPBERRY_PI>:2377
Important
On the first Raspberry Pi 5 single-board computer hosting medienhaus-docker
:
-
Clone this repository
git clone https://github.com/medienhaus/rpi-spaces-nextcloud-setup.git && \ cd rpi-spaces-nextcloud-setup/
-
Clone, configure, and start medienhaus-docker
IMPORTANT: The necessary pre-configured
docker-compose.yml
file et cetera are located in the medienhaus-docker directory; copy the content of medienhaus-docker to the cloned upstream repository, and if necessary replace the files in there with our files.git clone https://github.com/medienhaus/medienhaus-docker.git medienhaus-docker--upstream && \ rsync -av medienhaus-docker/ medienhaus-docker--upstream
💭 If
rsync
is not available/installed, use the following commands instead❗️Show/Hide commands
git clone https://github.com/medienhaus/medienhaus-docker.git medienhaus-docker--upstream && \ cp -i medienhaus-docker/.gitmodules medienhaus-docker--upstream/ && \ cp -i medienhaus-docker/docker-compose.yml medienhaus-docker--upstream/ && \ cp -i medienhaus-docker/docker-include.medienhaus-spaces.websecure.yml medienhaus-docker--upstream/ && \ cp -i medienhaus-docker/template/medienhaus-spaces.config.js medienhaus-docker--upstream/template/ && \ cp -i -R medienhaus-docker/assets medienhaus-docker--upstream/
Then follow the instructions in the medienhaus-docker upstream repository.
-
Configure and start nextcloud-nginx-reverse-proxy
cd nextcloud-nginx-reverse-proxy/ && \ cp .env.example .env
Configure
.env
file:${VISUAL:-${EDITOR:-vim}} .env
⚠️ For production, please change the following environment variables❗️BASE_URL
to your fully qualified domain name, e.g.nextcloud.example.org
Configure
nginx
configuration file:${VISUAL:-${EDITOR:-vim}} config/nginx.conf
⚠️ For production, please change the following lines❗️server_name nextcloud.example.org
to point to your fully qualified domain name
Then start the Docker composition.
docker compose up -d
Important
On the second Raspberry Pi 5 single-board computer hosting nextcloud
:
-
Clone this repository
git clone https://github.com/medienhaus/rpi-spaces-nextcloud-setup.git && \ cd rpi-spaces-nextcloud-setup/
-
Configure and start nextcloud
cd nextcloud/ && \ cp .env.example .env
${VISUAL:-${EDITOR:-vim}} .env
⚠️ For production, please change at least the following environment variables❗️ADMIN_CONTACT_LETSENCRYPT
for issuing SSL certificates viatraefik
BASE_URL
to your fully qualified domain name, e.g.nextcloud.example.org
change_me
to generated long, random, and secure passwords/secrets
💭 Generate long, random, and secure passwords/secrets via
openssl
command:openssl rand -hex 32
💭 This can also be done programmatically, if the
.env
file does not(!) exist, viabash
:Show/Hide commands
if [[ ! -r .env ]]; then while IFS= read -r line; do sed "s/change_me/$(openssl rand -hex 32)/" <<< "$line" done < .env.example > .env fi
🧩 Add LDAP configuration to
.env
file:${VISUAL:-${EDITOR:-vim}} .env
TIP: Copy & paste
LDAP_*
configuration from /medienhaus-docker/.env on the first Raspberry Pi 5❗️Then start the Docker composition.
docker compose up -d
🏗️ Finish
nextcloud
installation in your browser viahttps://nextcloud.example.org
❗️Then apply LDAP configuration.
docker exec -u 33 nextcloud-app /opt/enable-and-configure-ldap.sh