commiting what I have so far

mcbe/assets/systemd/mcbe-backup.service

@@ -7,5 +7,4 @@ Requisite=mcbe.service
 ExecStart=/usr/local/bin/maint
 StandardOutput=journal
 StandardError=journal
-KillMode=none
 Type=oneshot

nextcloud/Containerfile

@@ -25,7 +25,7 @@ ENV DBNAME=nextcloud
 # install packages we want
 RUN apt update -y && apt install -y apache2 php-fpm php-gd php-zip php-pgsql \
     php-curl php-mbstring php-intl php-imagick php-xml php-gmp php-json \
-    redis php-redis postgresql postgresql-doc php-ldap php-bcmath cron
+    redis php-redis postgresql postgresql-doc php-ldap php-bcmath jq
 
 
 # put database variables in /etc/environment so anyone can access them
@@ -72,14 +72,12 @@ COPY --chown=postgres:postgres assets/postgresql ./
 RUN mv postgresql/pg_hba.conf /etc/postgresql/${PSQLV:?}/main/ & \
     cat postgresql/postgresql.conf >> /etc/postgresql/${PSQLV:?}/main/postgresql.conf
 
-
-
 ###
 ### Apache
 ###
 
 # enable modules we need
-RUN a2enmod rewrite headers env dir mime proxy_fcgi && \
+RUN a2enmod rewrite headers env dir mime proxy_fcgi http2 && \
     a2enconf php${PHPV:?}-fpm
 
 # copy site config
@@ -120,22 +118,15 @@ RUN cd nextcloud/config && \
     ln -s /vol/data/secret.config.php
 
 ###
-### DB Auto Load/Dump
+### Systemd
 ###
 
-# copy service
-COPY assets/db-updown.service /etc/systemd/system/
+# copy services
+COPY assets/systemd/ /etc/systemd/system/
 
 # enable service
 RUN systemctl enable db-updown.service
 
-###
-### Crontab
-###
-COPY assets/crontab /root/
-# crontab for www-data
-RUN crontab -u www-data /root/crontab
-
 ###
 ### Bugfix
 ###
@@ -145,10 +136,6 @@ COPY assets/bugfix/redis-server.service /etc/systemd/system/redis-server.service
 
 COPY assets/bugfix/apache2.override /etc/systemd/system/apache2.service.d/override.conf
 
-# bugfix for cron
-COPY assets/bugfix/cronfix /root/
-RUN chmod +x /root/cronfix && /root/cronfix
-
 ###
 ### Workdir
 ###

nextcloud/assets/apache/nextcloud.conf

@@ -1,4 +1,5 @@
 <VirtualHost *:80>
+  Protocols h2c http/1.1
   #ServerAdmin webmaster@localhost
   DocumentRoot /var/www/html/nextcloud/
 

nextcloud/assets/bin/db-load

@@ -1,9 +1,20 @@
 #!/bin/bash
 
+.  /usr/local/bin/maint-mode
+mode_get
+mode_on
+
 if [[ ! -f $1 ]]; then
     >&2 echo "Error: could not find file \"$1\""
     exit 2
 fi
 
+mode=$(nc-occ maintenance:mode | cut -d' ' -f 5)
+if [[ $mode != "enabled" ]]; then
+    nc-occ maintenance:mode --on
+fi
+
 db-make
 psql -U $DBUSER -d $DBNAME -f $1
+
+mode_off

nextcloud/assets/bin/db-make

@@ -4,9 +4,17 @@ cmd() {
         sudo -u postgres psql -c "$1"
 }
 
+.  /usr/local/bin/maint-mode
+mode_get
+mode_on
+
 cd /var/lib/postgresql
 cmd "DROP DATABASE IF EXISTS ${DBNAME:?};"
 cmd "DROP USER IF EXISTS ${DBUSER:?};"
 cmd "CREATE USER ${DBUSER:?};"
 cmd "CREATE DATABASE ${DBNAME:?};"
 cmd "GRANT ALL PRIVILEGES ON DATABASE ${DBNAME:?} TO ${DBUSER:?};"
+
+redis-cli -s /var/run/redis/redis-server.sock flushall
+
+mode_off

nextcloud/assets/bin/maint → nextcloud/assets/bin/maint-backup

@@ -1,5 +1,7 @@
 #!/bin/bash
 
+. /usr/local/bin/maint-mode
+
 # load environment variables
 . /etc/environment
 
@@ -20,13 +22,16 @@ if [[ $# -lt 2 ]]; then
 fi
 
 if [[ $hour == $1 ]]; then
+    mode_get
+    mode_on
     nc-occ maintenance:mode --on
 fi
 
 db-dump $DBNAME-hourly-$hour.sql 2>> $errlog
 
 if [[ $hour == $1 ]]; then
-        nc-occ maintenance:mode --off
+    systemctl restart postgresql
+    mode_off
     mv $DBNAME-hourly-$hour.sql $DBNAME-daily-$day.sql 2>> $errlog
 
     if [[ $day == $2 ]]; then

nextcloud/assets/bin/maint-mode

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+mode_get() {
+    mode=$(nc-occ maintenance:mode | cut -d' ' -f 5)
+    if [[ $mode == "enabled" || $mode == "disabled" ]]; then
+        echo $mode
+        return 0
+    else
+        echo "Error: failed to get maintenance mode" 1>&2
+        return 1
+    fi
+}
+
+mode_on() {
+    nc-occ maintenance:mode --on
+}
+
+mode_off() {
+    if [[ $mode == "disabled" ]]; then
+        nc-occ maintenance:mode --off
+    fi
+}

nextcloud/assets/bin/maint-scan

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+if [[ -n $1 ]]; then
+  nc-occ files:scan --path="/$1/files/"
+else
+  for user in $(nc-occ user:list --output=json | jq -r 'keys[]'); do
+    nc-occ files:scan --path="/$user/files/"
+  done
+fi

nextcloud/assets/bugfix/cronfix

@@ -1,2 +0,0 @@
-#!/bin/sh
-sed -i '/session    required     pam_loginuid.so/c\#session    required   pam_loginuid.so' /etc/pam.d/cron

nextcloud/assets/crontab

@@ -8,4 +8,5 @@ PATH=/usr/local/bin:/bin:/usr/bin
 */15 * *   *   *     php /var/www/html/nextcloud/occ files:scan --all
 
 # Dump database every hour
-23  *  *   *   *     maint 01 01
+# Run daily maint at 3 AM, run monthly maint on the first day of the month
+23  *  *   *   *     maint 03 01

nextcloud/assets/php/php.ini

@@ -1810,7 +1810,7 @@ opcache.max_accelerated_files=10000
 ; How often (in seconds) to check file timestamps for changes to the shared
 ; memory storage allocation. ("1" means validate once per second, but only
 ; once per request. "0" means always validate)
-opcache.revalidate_freq=1
+opcache.revalidate_freq=60
 
 ; Enables or disables file search in include_path optimization
 ;opcache.revalidate_path=0

nextcloud/assets/php/www.conf

@@ -110,22 +110,22 @@ pm = dynamic
 ; forget to tweak pm.* to fit your needs.
 ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
 ; Note: This value is mandatory.
-pm.max_children = 32
+pm.max_children = 128
 
 ; The number of child processes created on startup.
 ; Note: Used only when pm is set to 'dynamic'
 ; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
-pm.start_servers = 12
+pm.start_servers = 16
 
 ; The desired minimum number of idle server processes.
 ; Note: Used only when pm is set to 'dynamic'
 ; Note: Mandatory when pm is set to 'dynamic'
-pm.min_spare_servers = 8
+pm.min_spare_servers = 16
 
 ; The desired maximum number of idle server processes.
 ; Note: Used only when pm is set to 'dynamic'
 ; Note: Mandatory when pm is set to 'dynamic'
-pm.max_spare_servers = 16
+pm.max_spare_servers = 32
 
 ; The number of seconds after which an idle process will be killed.
 ; Note: Used only when pm is set to 'ondemand'

nextcloud/assets/postgresql/postgresql.conf

@@ -5,20 +5,20 @@
 # DB Version: 13
 # OS Type: linux
 # DB Type: web
-# Total Memory (RAM): 16 GB
+# Total Memory (RAM): 8 GB
 # CPUs num: 6
 # Data Storage: ssd
 
 max_connections = 200
-shared_buffers = 4GB
-effective_cache_size = 12GB
-maintenance_work_mem = 1GB
+shared_buffers = 2GB
+effective_cache_size = 6GB
+maintenance_work_mem = 512MB
 checkpoint_completion_target = 0.9
 wal_buffers = 16MB
 default_statistics_target = 100
 random_page_cost = 1.1
 effective_io_concurrency = 200
-work_mem = 6990kB
+work_mem = 3495kB
 min_wal_size = 1GB
 max_wal_size = 4GB
 max_worker_processes = 6

nextcloud/assets/systemd/nextcloud-backup.timer

@@ -0,0 +1,8 @@
+[Unit]
+Description=Scan files every 15 minutes
+
+[Timer]
+OnCalendar=0/15:00
+
+[Install]
+WantedBy=timers.target

nextcloud/assets/systemd/nextcloud-cron.service

@@ -0,0 +1,9 @@
+[Unit]
+Description=Nextcloud cron.php job
+
+[Service]
+User=www-data
+ExecStart=/usr/bin/php -f /var/www/nextcloud/cron.php
+StandardOutput=journal
+StandardError=journal
+KillMode=process

nextcloud/assets/systemd/nextcloud-cron.timer

@@ -0,0 +1,9 @@
+[Unit]
+Description=Run Nextcloud cron.php every 5 minutes
+
+[Timer]
+OnBootSec=5min
+OnUnitActiveSec=5min
+
+[Install]
+WantedBy=timers.target

nextcloud/assets/systemd/nextcloud-scan.service

@@ -0,0 +1,8 @@
+[Unit]
+Description=Scan Nextcloud files for changes
+
+[Service]
+ExecStart=/usr/local/bin/maint-scan
+StandardOutput=journal
+StandardError=journal
+Type=oneshot

nextcloud/assets/systemd/nextcloud-scan.timer

@@ -0,0 +1,8 @@
+[Unit]
+Description=Scan files every 15 minutes
+
+[Timer]
+OnCalendar=0/15:00
+
+[Install]
+WantedBy=timers.target

nextcloud/assets/db-updown.service → nextcloud/assets/systemd/nextcloud-updown.service

@@ -1,6 +1,6 @@
 [Unit]
 Description=Load/Dump database on start/stop
-After=postgresql.service
+After=postgresql.service php*
 Requires=postgresql.service
 
 [Service]
@@ -8,7 +8,7 @@ Type=oneshot
 RemainAfterExit=yes
 EnvironmentFile=/etc/environment
 ExecStart=/bin/bash -c "if [[ $(ls -t /vol/data/sql/ | head -1) == $DBNAME-updown.sql ]]; then db-load /vol/data/sql/$DBNAME-updown.sql; else echo 'updown.sql is not most recent file in database dir, skipping db-load'; fi"
-ExecStop=/bin/bash -c "db-dump /vol/data/sql/$DBNAME-updown.sql"
+ExecStop=/bin/bash -c "nc-occ maintenance:mode --on; db-dump /vol/data/sql/$DBNAME-updown.sql"
 
 [Install]
 WantedBy=multi-user.target