Hello, i am trying to set up nextcloud:fpm-alpine in a pod rootless environment with podman, but i am not getting loock reaching it.
Here is the script to setup the enviromente:
#!/usr/bin/env bash
# -*- coding: utf-8 -*-
# shellcheck disable=SC1083
# Dependencies
zypper in -y podman systemd-container
# NAMES
USER_NAME="cloud"
if ! id -u "${USER_NAME}" &>/dev/null; then
useradd -Uc "${USER_NAME} Daemon" -m "${USER_NAME}"
loginctl enable-linger "${USER_NAME}"
fi
machinectl shell "${USER_NAME}"@
## Container Setup Database
# shellcheck disable=SC2016
cp -R /usr/share/containers "${HOME}"/.config/
sed -i '0,/"journald"/s,,"k8s-file",' "${HOME}"/.config/containers/containers.conf
# ================= #
# ===Environment=== #
# ================= #
POD_NAME="podCloud"
DB_NAME="pg-cloud"
CLOUD_NAME="cloud"
VOL="/opt/cloud"
NET="nextcloud"
podman rm -af --volumes && podman secret rm -a && podman volume prune -f && podman unshare rm -rf "${HOME}".enc/ /opt/cloud/* && podman network rm ${NET}
# =================== #
# ===Miscellaneous=== #
# =================== #
# Secret Setup
mkdir -m 700 "${HOME}"/.enc
openssl rand -base64 32 >"${HOME}"/.enc/pgpass
PGSECRET=$(podman secret create pgpass "${HOME}"/.enc/pgpass)
openssl rand -base64 32 >"${HOME}"/.enc/pgapp
PGAPPSECRET=$(podman secret create pgapp "${HOME}"/.enc/pgapp)
# CLOUDSECRET=$(openssl rand -base64 32 | podman secret create pgsecret -)
# ============= #
# ===Volumes=== #
# ============= #
# Cloud Management
folders=(
"html"
"config"
"data"
)
paths="${VOL}/cloud"
for d in "${folders[@]}"; do
if [ ! -d "${paths}/${d}" ]; then
mkdir -p "${paths}/${d}"
fi
podman volume create \
-o type=none \
-o device="${paths}/${d}" \
-o o=bind \
"${d}"
done
# DB Management
folders=(
"pgdata"
)
paths="${VOL}/pgdb"
for d in "${folders[@]}"; do
if [ ! -d "${paths}/${d}" ]; then
mkdir -p "${paths}/${d}"
fi
podman volume create \
-o type=none \
-o device="${paths}/${d}" \
-o o=bind \
"${d}"
done
# Caddy Management
folders=(
"caddy_data"
"caddy_config"
"caddy_etc"
"caddy_log"
)
paths="${VOL}/caddy"
for d in "${folders[@]}"; do
if [ ! -d "${paths}/${d}" ]; then
mkdir -p "${paths}/${d}"
fi
if ! podman volume inspect "${d}" &>/dev/null; then
podman volume create \
-o type=none \
-o device="${paths}/${d}" \
-o o=bind \
"${d}"
fi
done
# ============= #
# ===Network=== #
# ============= #
podman network create "${NET}"
# =============== #
# ===POD_Cloud=== #
# =============== #
podman pod create \
--replace \
--restart unless-stopped \
--network "${NET}" \
-n "${POD_NAME}" \
-p 8080:80 \
-v pgdata:/data/postgresql \
-v html:/var/www/html \
-v config:/var/www/html/config \
-v data:/opt/data \
-v caddy_data:/data \
-v caddy_config:/config \
-v caddy_etc:/etc/caddy \
-v caddy_log:/var/log/caddy
# ========================= #
# ===Database_PostgreSQL=== #
# ========================= #
# pgSQL_Apps Container
podman run -d \
--pod podCloud \
--replace \
--pull=newer \
--label "io.containers.autoupdate=registry" \
--restart unless-stopped \
--name "${DB_NAME}" \
--secret "${PGSECRET}" \
-e PGDATA=/data/postgresql \
-e POSTGRES_PASSWORD=/var/run/"$(podman secret inspect --format {{.Spec.Name}} "${PGSECRET}" | grep -vE "^$")" \
docker.io/postgres:latest
sleep 20s
podman exec -it -u postgres "${DB_NAME}" psql -c "CREATE USER cloud WITH PASSWORD '$(podman secret inspect --format {{.SecretData}} --showsecret "${PGAPPSECRET}" | grep -vE "^$")';" &&
podman exec -it -u postgres "${DB_NAME}" psql -c "CREATE DATABASE cloud OWNER cloud;" &&
podman exec -it -u postgres "${DB_NAME}" psql -c "GRANT ALL PRIVILEGES ON DATABASE cloud TO cloud;"
# =============== #
# ===NextCloud=== #
# =============== #
podman run -d \
--pod podCloud \
--replace \
--pull newer \
--label "io.containers.autoupdate=registry" \
--restart unless-stopped \
--name "${CLOUD_NAME}" \
--secret "${PGSECRET}" \
-e POSTGRES_DB=cloud \
-e POSTGRES_USER=cloud \
-e POSTGRES_PASSWORD=/var/run/"$(podman secret inspect --format {{.Spec.Name}} "${PGSECRET}" | grep -vE "^$")" \
-e POSTGRES_HOST=localhost \
-e NEXTCLOUD_DATA_DIR=/opt/data \
-e NEXTCLOUD_TRUSTED_DOMAINS=contraProcuratorem \
-e NEXTCLOUD_INIT_HTACCESS=true \
-e PHP_MEMORY_LIMIT=1024M \
-e APACHE_DISABLE_REWRITE_IP=1 \
docker.io/nextcloud:fpm-alpine
# ================ #
# ===Rev. Proxy=== #
# ================ #
cat >"$paths/${folders[2]}"/Caddyfile <<EOF
{
# Server Options
auto_https off
}
* {
reverse_proxy ${CLOUD_NAME}:9000
log {
output file /var/log/caddy/cloud.log
level ERROR
}
}
EOF
podman run -d \
--pod podCloud \
--replace \
--pull=newer \
--restart unless-stopped \
--label "io.containers.autoupdate=registry" \
--cap-add=NET_ADMIN \
--name contraProcuratorem \
docker.io/caddy:latest
podman logs -f contraProcuratorem