readme docs

hosts/nextcloud/README.md

@@ -0,0 +1,353 @@
+# Nextcloud Host
+
+Nextcloud 31 instance at 141.56.51.16 running in an LXC container.
+
+## Overview
+
+- **Hostname**: cloud
+- **FQDN**: cloud.htw.stura-dresden.de
+- **IP Address**: 141.56.51.16
+- **Type**: Proxmox LXC Container
+- **Services**: Nextcloud, PostgreSQL, Redis (caching + locking), Nginx, Nullmailer
+
+## Services
+
+### Nextcloud
+
+Nextcloud 31 provides file hosting and collaboration:
+- **Admin user**: administration
+- **Max upload size**: 1GB
+- **Database**: PostgreSQL (via Unix socket)
+- **Caching**: Redis (via Unix socket)
+- **Default phone region**: DE (Germany)
+- **HTTPS**: Enabled via Nginx reverse proxy
+- **Log level**: 4 (warnings and errors)
+- **Maintenance window**: 4 AM (prevents maintenance during business hours)
+
+**Pre-installed apps:**
+- Calendar
+- Deck (Kanban board)
+- Tasks
+- Notes
+- Contacts
+
+### PostgreSQL
+
+Database backend for Nextcloud:
+- **Database name**: nextcloud
+- **User**: nextcloud
+- **Connection**: Unix socket (`/run/postgresql`)
+- **Privileges**: Full access to nextcloud database
+
+### Redis
+
+Two Redis instances for performance:
+- **Cache**: General caching via `/run/redis-nextcloud/redis.sock`
+- **Locking**: Distributed locking mechanism
+- **Port**: 0 (Unix socket only)
+- **User**: nextcloud
+
+### Nginx
+
+Reverse proxy with recommended settings:
+- **Gzip compression**: Enabled
+- **Optimization**: Enabled
+- **Proxy settings**: Enabled
+- **TLS**: Enabled with ACME certificates
+- **Access logs**: Disabled (privacy)
+- **Error logs**: Only emergency level (`/dev/null emerg`)
+
+### Nullmailer
+
+Simple mail relay for sending email notifications:
+- **Relay host**: mail.stura.htw-dresden.de:25
+- **From address**: files@stura.htw-dresden.de
+- **HELO host**: cloud.htw.stura-dresden.de
+- **Protocol**: SMTP (port 25, no auth)
+
+Nextcloud uses Nullmailer's sendmail interface to send email notifications.
+
+## Deployment
+
+See the [main README](../../README.md) for deployment methods.
+
+### Initial Installation
+
+**Using nixos-anywhere:**
+```bash
+nix run github:nix-community/nixos-anywhere -- --flake .#nextcloud --target-host root@141.56.51.16
+```
+
+**Using container tarball:**
+```bash
+nix build .#containers-nextcloud
+scp result/tarball/nixos-system-x86_64-linux.tar.xz root@proxmox-host:/var/lib/vz/template/cache/
+pct create 116 /var/lib/vz/template/cache/nixos-system-x86_64-linux.tar.xz \
+  --hostname cloud \
+  --net0 name=eth0,bridge=vmbr0,ip=141.56.51.16/24,gw=141.56.51.254 \
+  --memory 4096 \
+  --cores 4 \
+  --rootfs local-lvm:20 \
+  --unprivileged 1 \
+  --features nesting=1
+pct start 116
+```
+
+**Note**: Nextcloud benefits from more resources (4GB RAM, 20GB disk recommended).
+
+### Updates
+
+```bash
+# From local machine
+nixos-rebuild switch --flake .#nextcloud --target-host root@141.56.51.16
+
+# Or use auto-generated script
+nix run .#nextcloud-update
+```
+
+## Post-Deployment Steps
+
+After deploying for the first time:
+
+1. **Set admin password:**
+   ```bash
+   echo "your-secure-password" > /var/lib/nextcloud/adminpassFile
+   chmod 600 /var/lib/nextcloud/adminpassFile
+   chown nextcloud:nextcloud /var/lib/nextcloud/adminpassFile
+   ```
+
+2. **Access the web interface:**
+   ```
+   https://cloud.htw.stura-dresden.de
+   ```
+
+3. **Complete initial setup:**
+   - Log in with admin credentials (user: administration)
+   - Review security & setup warnings
+   - Configure background jobs (cron is already configured via NixOS)
+
+4. **Configure additional apps:**
+   - Navigate to Apps section
+   - Enable/disable apps as needed
+   - Pre-installed apps: Calendar, Deck, Tasks, Notes, Contacts
+
+5. **Configure trusted domains** (if needed):
+   - Current trusted domains: cloud.htw.stura-dresden.de, www.cloud.htw.stura-dresden.de
+   - Edit via NixOS config if you need to add more domains
+
+6. **Test email notifications** (optional):
+   - Navigate to Settings → Administration → Basic settings
+   - Send test email
+   - Verify email delivery through Nullmailer relay
+
+7. **Configure user authentication:**
+   - Add users manually, or
+   - Configure LDAP/OAuth if using external identity provider
+
+## Integration with Proxy
+
+The central proxy at 141.56.51.1 handles:
+- **SNI routing**: Routes HTTPS traffic for cloud.htw.stura-dresden.de
+- **HTTP routing**: Routes HTTP traffic and redirects to HTTPS
+- **ACME challenges**: Forwards certificate verification requests
+
+This host manages its own ACME certificates. Nginx handles TLS termination.
+
+## Troubleshooting
+
+### Redis connection issues
+
+If Nextcloud shows "Redis not available" errors:
+
+```bash
+# Check Redis status
+systemctl status redis-nextcloud
+
+# Check socket exists and permissions
+ls -l /run/redis-nextcloud/redis.sock
+
+# Test Redis connection
+redis-cli -s /run/redis-nextcloud/redis.sock ping
+
+# View Redis logs
+journalctl -u redis-nextcloud -f
+```
+
+**Solution**: Ensure Redis is running and the nextcloud user has access to the socket.
+
+### PostgreSQL permissions
+
+If Nextcloud cannot connect to the database:
+
+```bash
+# Check PostgreSQL status
+systemctl status postgresql
+
+# Check database exists
+sudo -u postgres psql -c "\l" | grep nextcloud
+
+# Check user and permissions
+sudo -u postgres psql -c "\du" | grep nextcloud
+
+# Test connection as nextcloud user
+sudo -u nextcloud psql -d nextcloud -c "SELECT version();"
+
+# View PostgreSQL logs
+journalctl -u postgresql -f
+```
+
+**Solution**: Ensure the nextcloud database and user exist with proper permissions.
+
+### Upload size limits
+
+If large file uploads fail:
+
+```bash
+# Check Nextcloud upload size setting
+grep -i "upload" /var/lib/nextcloud/config/config.php
+
+# Check PHP-FPM settings
+systemctl status phpfpm-nextcloud
+
+# View PHP error logs
+tail -f /var/log/phpfpm-nextcloud.log
+```
+
+**Solution**: The max upload is set to 1GB via `maxUploadSize`. If you need larger files, modify the NixOS configuration.
+
+### Opcache configuration
+
+If PHP performance is poor:
+
+```bash
+# Check PHP opcache settings
+php -i | grep opcache
+
+# Check opcache status via Nextcloud admin panel
+# Settings → Administration → Overview → PHP
+
+# Restart PHP-FPM to clear cache
+systemctl restart phpfpm-nextcloud
+```
+
+**Solution**: The opcache interned strings buffer is set to 32MB. If you see opcache errors, this may need adjustment.
+
+### Mail relay issues
+
+If email notifications are not being sent:
+
+```bash
+# Check Nullmailer status
+systemctl status nullmailer
+
+# Check mail queue
+mailq
+
+# View Nullmailer logs
+journalctl -u nullmailer -f
+
+# Test mail relay
+echo "Test message" | mail -s "Test" user@example.com
+
+# Check Nextcloud mail settings
+sudo -u nextcloud php /var/lib/nextcloud/occ config:list | grep mail
+```
+
+**Solution**: Verify the mail relay host (mail.stura.htw-dresden.de) is reachable and accepting SMTP connections on port 25.
+
+### ACME certificate issues
+
+If HTTPS is not working:
+
+```bash
+# Check ACME certificate status
+systemctl status acme-cloud.htw.stura-dresden.de
+
+# View ACME logs
+journalctl -u acme-cloud.htw.stura-dresden.de -f
+
+# Check Nginx HTTPS configuration
+nginx -t
+
+# View Nginx error logs
+journalctl -u nginx -f
+```
+
+**Solution**: Ensure DNS points to proxy (141.56.51.1) and the proxy forwards ACME challenges to this host.
+
+### Maintenance mode stuck
+
+If Nextcloud is stuck in maintenance mode:
+
+```bash
+# Disable maintenance mode
+sudo -u nextcloud php /var/lib/nextcloud/occ maintenance:mode --off
+
+# Check status
+sudo -u nextcloud php /var/lib/nextcloud/occ status
+
+# Run system check
+sudo -u nextcloud php /var/lib/nextcloud/occ check
+```
+
+**Solution**: Maintenance mode is automatically disabled after updates, but can sometimes get stuck.
+
+## Files and Directories
+
+- **Nextcloud data**: `/var/lib/nextcloud/`
+- **Admin password**: `/var/lib/nextcloud/adminpassFile`
+- **Configuration**: `/var/lib/nextcloud/config/config.php`
+- **Apps**: `/var/lib/nextcloud/apps/`
+- **User files**: `/var/lib/nextcloud/data/`
+- **PostgreSQL data**: `/var/lib/postgresql/`
+- **Redis socket**: `/run/redis-nextcloud/redis.sock`
+
+## Network
+
+- **Interface**: eth0 (LXC container)
+- **IP**: 141.56.51.16/24
+- **Gateway**: 141.56.51.254
+- **Firewall**: Ports 80, 443 allowed
+
+## Configuration Details
+
+- **Version**: Nextcloud 31
+- **Database type**: PostgreSQL
+- **Caching**: Redis (APCU disabled)
+- **HTTPS**: Yes (enforced via forceSSL)
+- **Trusted domains**:
+  - cloud.htw.stura-dresden.de
+  - www.cloud.htw.stura-dresden.de
+- **PHP opcache**: Interned strings buffer 32MB
+- **Maintenance window**: 4 AM (hour 4)
+- **Log level**: 4 (warnings and errors)
+
+## Useful Commands
+
+```bash
+# Run occ commands (Nextcloud CLI)
+sudo -u nextcloud php /var/lib/nextcloud/occ <command>
+
+# List all users
+sudo -u nextcloud php /var/lib/nextcloud/occ user:list
+
+# Scan files for changes
+sudo -u nextcloud php /var/lib/nextcloud/occ files:scan --all
+
+# Run background jobs
+sudo -u nextcloud php /var/lib/nextcloud/occ background:cron
+
+# Update apps
+sudo -u nextcloud php /var/lib/nextcloud/occ app:update --all
+
+# Check for Nextcloud updates
+sudo -u nextcloud php /var/lib/nextcloud/occ update:check
+```
+
+## See Also
+
+- [Main README](../../README.md) - Deployment methods and architecture
+- [Proxy README](../proxy/README.md) - How the central proxy routes traffic
+- [Nextcloud Documentation](https://docs.nextcloud.com/)
+- [Nextcloud Admin Manual](https://docs.nextcloud.com/server/stable/admin_manual/)
+- [NixOS Nextcloud Options](https://search.nixos.org/options?query=services.nextcloud)