Build an immutable Nextcloud image for a systemd portable service. Made with uwsgi and nixos.
Get the latest image from Github releases, into
/var/lib/portables, then attach the portable service, and enable/start it. For ex:
importctl pull-raw --class=portable --verify=checksum https://github.com/gdamjan/nextcloud-service/releases/download/v<version>/nextcloud_<version>.raw # or use curl
portablectl attach nextcloud_<version>
systemctl enable --now nextcloud-uwsgi.socket nextcloud-cron.timer
⚠️ Warning⚠️ On the first install wizard, don't enable the "Default Applications" in nextcloud (click cancel). For more info see issues.
The portable service will operate on the /run/nextcloud.sock uwsgi socket. We gonna let the host nginx handle
all the http, https and letsencrypt work. The config is simple, just proxy everything back to the uwsgi socket:
server {
…
client_body_buffer_size 512k;
client_max_body_size 512M;
client_body_timeout 300s;
location / {
include uwsgi_params;
uwsgi_pass unix:/run/nextcloud.sock;
uwsgi_intercept_errors on;
uwsgi_request_buffering off;
}
…
}
Note: even static files are served by the uwsgi server, but uwsgi has a good enough static files server, which doesn't block the application workers.
Note²: Consult the nextcloud nginx installation docs for non-fastcgi nginx parameters.
The cron timer and service, periodically call php -f cron.php to run some
nextcloud bookkeeping jobs:
nextcloud-cron.timernextcloud-cron.service
The socket and uwsgi socket (/run/nextcloud.sock) is the main service:
nextcloud-uwsgi.socketnextcloud-uwsgi.service
The firstrun service, scaffolds /var/lib/nextcloud with the minimal
configuration needed for a portable service to run successfully:
nextcloud-first-run.service
See the wiki for more info.
Have nix flakes enabled, and then:
nix flake update # will update flake.lock
nix build # will create an image in ./result/