From c0a8ce1320f178c849051ed77677d287532f3fa2 Mon Sep 17 00:00:00 2001
From: Luka Jankovic <lukjan1999@gmail.com>
Date: Wed, 27 Aug 2025 23:02:35 +0200
Subject: [PATCH] Nextcloud

---
 nextcloud/docker-compose.yml | 73 ++++++++++++++++++++++++++++++++++++
 nextcloud/ts-serve.json      | 19 ++++++++++
 2 files changed, 92 insertions(+)
 create mode 100644 nextcloud/docker-compose.yml
 create mode 100644 nextcloud/ts-serve.json

diff --git a/nextcloud/docker-compose.yml b/nextcloud/docker-compose.yml
new file mode 100644
index 0000000..92fe1e7
--- /dev/null
+++ b/nextcloud/docker-compose.yml
@@ -0,0 +1,73 @@
+services:
+  db:
+    image: mariadb:10.6
+    restart: always
+    command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
+    volumes:
+      - /srv/@nextcloud/db:/var/lib/mysql
+    environment:
+      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
+      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+    networks:
+      - nextcloud
+
+  nextcloud:
+    image: nextcloud
+    container_name: nextcloud
+    restart: always
+    ports:
+      - 8080:80
+    links:
+      - db
+    volumes:
+      - /srv/@nextcloud/nextcloud:/var/www/html
+    environment:
+      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+      - MYSQL_HOST=db
+    networks:
+      - nextcloud
+
+  tailscale:
+    image: tailscale/tailscale
+    environment:
+      TS_HOSTNAME: nextcloud
+      TS_AUTH_KEY: ${TS_AUTH_KEY}
+      TS_EXTRA_ARGS: --advertise-tags=tag:nextcloud # Required for OAuth client
+      TS_SERVE_CONFIG: /config/ts-serve.json
+      TS_AUTH_ONCE: true
+      TS_STATE_DIR: /var/lib/tailscale
+    init: true
+    healthcheck:
+      test: tailscale status --peers=false --json | grep 'Online.*true'
+      start_period: 3s
+      interval: 1s
+      retries: 3
+    restart: unless-stopped
+    devices:
+      - /dev/net/tun:/dev/net/tun
+    volumes:
+      - type: volume
+        source: tailscale
+        target: /var/lib/tailscale
+      - type: volume
+        source: tailscale_sock
+        target: /tmp # Mount entire /tmp folder to access tailscale.sock
+      - ./ts-serve.json:/config/ts-serve.json:ro
+    cap_add:
+      - NET_ADMIN
+    networks:
+      - nextcloud
+
+volumes:
+  tailscale:
+  tailscale_sock:
+  nextcloud:
+  db:
+
+networks:
+  nextcloud:
+    external: false
diff --git a/nextcloud/ts-serve.json b/nextcloud/ts-serve.json
new file mode 100644
index 0000000..8cb2037
--- /dev/null
+++ b/nextcloud/ts-serve.json
@@ -0,0 +1,19 @@
+{
+    "TCP": {
+        "443": {
+            "HTTPS": true
+        }
+    },
+    "Web": {
+        "${TS_CERT_DOMAIN}:443": {
+            "Handlers": {
+                "/": {
+                    "Proxy": "http://nextcloud:80"
+                }
+            }
+        }
+    },
+    "AllowFunnel": {
+        "${TS_CERT_DOMAIN}:443": false
+    }
+}