• 0 Posts
  • 2 Comments
Joined 2 years ago
cake
Cake day: July 10th, 2023

help-circle
  • I really need to make my write-up about my nextcloud install. It feature :

    • nextcloud fpm
    • postgresql
    • nginx
    • redis
    • elastic search for full text search (still needs a bit of work1)
    • notify_push
    • collabora (still needs a bit of work 1)

    All of it running in rootless podman pod with a dedicated user for the stack. It is all with podman units, and a systemd timer for nextcloud’s cronjobs.

    1 means that there is trouble with usermapping. Instead of having my user properly mapped inside the container to run the apps, they use a dedicated one and I dont know hot to correct it and I have been a bit lazy to change it.


  • I totally disagree with the quote from hackernews. Having the option to use sqlite is nice to test it, but going with postgresql or mariadb allows you to have better performance if you use rdbms. Also, packaging with containers allows to have one standardized image for support if some third party packaging (from a distro repo) is bugging to test it further. To me, a good gui really depends on what service is provided. For kanidm (IAM), I don’t care this much of a web admin panel, the cli is really intuitive and if you need some graph views of your users, you can generate some diagram files. Considering OIDC/LDAP, I’d rather have OIDC implemented for two reasons : I can point my users to the (really minimalist) kanidm ui where they have a button for each app allowed. Also, the login informations are only stored in kanidm, no spreading of login password.

    I saw a comment about not needing to rely on many third services but I partly disagree with it. Using nextcloud as a mixed example, using elastic search for full text search is better than reimplementing it, but the notify_push should not be as separated as it is (it is here because I understood, apache-php and websockets does not mix well).

    All in all, the main criterias for me are :

    • SSO with OIDC, but ldap is good enough
    • Good documentation
    • easy deployment to test, prod deployment can be more advanced
    • Not reimplement the weel eg if you need full text search, meilisearch or elastic can do it better than you will, so don’t try to much (a simple grep for a test instance is enough)
    • If you need to store files, having remote stores is nice to have (webdav or s3)