initial commit

rootfs/etc/confd/conf.d/config.php.toml

@@ -0,0 +1,6 @@
+[template]
+src = "config.php.tmpl"
+dest = "/var/lib/nextcloud/config/config.php"
+gid = 101
+uid = 100
+mode = "0660"

rootfs/etc/confd/conf.d/nginx.conf.toml

@@ -0,0 +1,3 @@
+[template]
+src = "nginx.conf.tmpl"
+dest = "/etc/nginx/nginx.conf"

rootfs/etc/confd/templates/config.php.tmpl

@@ -0,0 +1,64 @@
+<?php
+
+$CONFIG = array(
+
+'trusted_domains' =>
+  array (
+    '{{getenv "DOMAIN"}}'
+  ),
+"user_backends" => array (
+    0 => array (
+            "class"     => "OC_User_IMAP",
+            "arguments" => array (
+			                  0 => '{{"{"}}{{getenv "IMAPAUTHHOST"}}{{"}"}}'
+                              ),
+    ),
+ ),
+'datadirectory' => '/var/lib/nextcloud/data',
+
+'dbtype' => 'pgsql',
+'dbhost' => '{{getenv "DBHOST"}}',
+'dbname' => '{{getenv "DBNAME"}}',
+'dbuser' => '{{getenv "DBUSER"}}',
+'dbpassword' => '{{getenv "DBPASSWORD"}}',
+'dbtableprefix' => '{{getenv "DBTABLEPREFIX"}}',
+
+'skeletondirectory' => '',
+
+'mail_domain' => '{{getenv "MAILDOMAIN"}}',
+'mail_from_address' => '{{getenv "MAILFROM"}}',
+'mail_smtpdebug' => false,
+'mail_smtpmode' => 'smtp',
+'mail_smtphost' => '{{getenv "MAILSMTPHOST"}}',
+'mail_smtpport' => {{getenv "MAILSMTPPORT"}},
+'mail_smtptimeout' => 10,
+'mail_smtpsecure' => '{{getenv "MAILSMTPSECURITY"}}',
+'mail_smtpauth' => {{getenv "MAILSMTPAUTH"}},
+'mail_smtpauthtype' => '{{getenv "MAILSMTPAUTHTYPE"}}',
+'mail_smtpname' => '{{getenv "MAILSMTPNAME"}}',
+'mail_smtppassword' => '{{getenv "MAILSMTPPASSWORD"}}',
+
+'overwritehost' => '{{getenv "DOMAIN"}}',
+'overwriteprotocol' => 'https',
+'overwritewebroot' => '',
+'overwrite.cli.url' => 'https://{{getenv "DOMAIN"}}',
+
+'apps_paths' => array(
+	array(
+		'path'=> '/var/lib/nextcloud/apps',
+		'url' => '/apps',
+		'writable' => true,
+	),
+),
+
+'supportedDatabases' => array(
+	'pgsql',
+),
+
+'memcache.local' => '\OC\Memcache\APCu',
+
+'assetdirectory' => '/var/lib/nextcloud',
+'mount_file' => '/var/lib/nextcloud/data/mount.json',
+'installed' => true,
+'version' => '9.0.52.0',
+);

rootfs/etc/confd/templates/nginx.conf.tmpl

@@ -0,0 +1,106 @@
+worker_processes  1;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include mime.types;
+    default_type application/octet-stream;
+
+    sendfile off;
+
+    keepalive_timeout 65;
+
+    gzip off;
+
+    upstream php {
+        server 127.0.0.1:9000;
+    }
+
+    server {
+        listen 80;
+
+        server_name {{getenv "DOMAIN"}};
+
+        add_header X-Content-Type-Options nosniff;
+        add_header X-Frame-Options "SAMEORIGIN";
+        add_header X-XSS-Protection "1; mode=block";
+        add_header X-Robots-Tag none;
+        add_header X-Download-Options noopen;
+        add_header X-Permitted-Cross-Domain-Policies none;
+
+        root /var/lib/nextcloud/;
+
+        location = /robots.txt {
+            allow all;
+            log_not_found off;
+            access_log off;
+        }
+
+        location = /.well-known/carddav { 
+            return 301 $scheme://$host/remote.php/dav; 
+        }
+        
+        location = /.well-known/caldav { 
+            return 301 $scheme://$host/remote.php/dav; 
+        }
+
+        location /.well-known/acme-challenge { }
+
+        client_max_body_size {{getenv "MAXUPLOADSIZE"}};
+        fastcgi_buffers 64 4K;
+
+        error_page 403 /core/templates/403.php;
+        error_page 404 /core/templates/404.php;
+
+        location / {
+            rewrite ^ /index.php$uri;
+        }
+
+        location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
+            deny all;
+        }
+
+        location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
+            deny all;
+        }
+
+        location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
+            include fastcgi_params;
+            fastcgi_split_path_info ^(.+\.php)(/.+)$;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            fastcgi_param PATH_INFO $fastcgi_path_info;
+            fastcgi_param HTTPS on;
+            #Avoid sending the security headers twice
+            fastcgi_param modHeadersAvailable true;
+            fastcgi_param front_controller_active true;
+            fastcgi_pass php;
+            fastcgi_intercept_errors on;
+            fastcgi_request_buffering off;
+        }
+
+        location ~ ^/(?:updater|ocs-provider)(?:$|/) {
+            try_files $uri/ =404;
+            index index.php;
+        }
+
+        location ~* \.(?:css|js)$ {
+            try_files $uri /index.php$uri$is_args$args;
+            add_header Cache-Control "public, max-age=7200";
+            add_header X-Content-Type-Options nosniff;
+            add_header X-Frame-Options "SAMEORIGIN";
+            add_header X-XSS-Protection "1; mode=block";
+            add_header X-Robots-Tag none;
+            add_header X-Download-Options noopen;
+            add_header X-Permitted-Cross-Domain-Policies none;
+            # Optional: Don't log access to assets
+            access_log off;
+        }
+
+        location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
+            try_files $uri /index.php$uri$is_args$args;
+            access_log off;
+        }
+    }
+}