Skip to content

Nextcloud

To store our files, we will use nextcloud

kubectl create namespace cyberlocker

kubectl create secret generic nextcloud --namespace cyberlocker \
  --from-literal=admin-username=caretaker \
  --from-literal=admin-password=$(head -c 512 /dev/urandom | LC_CTYPE=C tr -cd 'a-zA-Z0-9' | head -c 64) \
  --from-literal=serverinfo_token=$(head -c 512 /dev/urandom | LC_CTYPE=C tr -cd 'a-zA-Z0-9' | head -c 64) \
  --from-literal=smtp_username= \
  --from-literal=smtp_password= \
  --from-literal=smtp_host=

kubectl create secret generic nextcloud-postgresql-database --namespace cyberlocker \
  --from-literal=postgres-password=$(head -c 512 /dev/urandom | LC_CTYPE=C tr -cd 'a-zA-Z0-9' | head -c 64) \
  --from-literal=password=$(head -c 512 /dev/urandom | LC_CTYPE=C tr -cd 'a-zA-Z0-9' | head -c 64)

kubectl create secret generic nextcloud-redis --namespace cyberlocker \
  --from-literal=redis-password=$(head -c 512 /dev/urandom | LC_CTYPE=C tr -cd 'a-zA-Z0-9' | head -c 64) 

kubectl apply -f storage.yaml


helm repo add nextcloud https://nextcloud.github.io/helm/
helm repo update
helm install cyberlocker nextcloud/nextcloud -f values.yaml --namespace cyberlocker --version 6.1.0

kubectl apply -f ingressroute.yaml
kubectl apply -f vpa.yaml

To set up the nextcloud with oidc from goauthentik follow the instructions from:

  • https://blog.cubieserver.de/2022/complete-guide-to-nextcloud-oidc-authentication-with-authentik/

Usefull commands:

kubectl -n cyberlocker exec -it box-nextcloud-88858c579-mq7sv -- /bin/bash
su -s /bin/bash www-data
php occ app:update --all
php occ maintenance:mode --off 
php occ config:system:set overwrite.cli.url --value="https://cyberlocker.anagno.dev"

kubectl -n cyberlocker get secret nextcloud -o jsonpath="{.data.admin-password}" | base64 -d
kubectl -n cyberlocker exec -it cyberlocker-postgresql-0 -- psql -d nextcloud -U nextcloud

I will have to update the deployment to include

dnsConfig:
  options:
    - name: ndots
      value: "1"

For the deployment to have access to the internet

https://grafana.com/grafana/dashboards/17821-nextcloud-log/ https://okxo.de/monitor-your-nextcloud-logs-for-suspicious-activities/ https://voidquark.com/blog/parsing-nextcloud-audit-logs-with-grafana-loki/

https://github.com/grafana/helm-charts/blob/main/charts/loki-stack/values.yaml