The hardcoded uid:gid in libreportal.backup.files labels was brittle: matched the default PUID in the compose, but a PUID change (or new image version) would drift silently and the next restore would chown to a stale owner. Make it impossible to drift by letting the engine learn the uid at capture time. backup_files.sh: - After a successful tar capture, run `stat -c '%u:%g'` inside the container and write the result to a <host_subdir>.lp-owner sidecar in staging. The sidecar rides in the snapshot alongside the captured tree. - Restore reads it back when the descriptor doesn't pin uid:gid; falls back to 0:0 with a clear notice if missing. - The 5-field form (with explicit uid:gid) is still supported as an override; it wins and skips the sidecar write entirely. Update all 4 current labels to the new 3-field form "<container>:<container_path>:<host_subdir>" (nextcloud, bookstack, gitea, owncloud). Engine handles both formats during the transition. Verified with stubs: 3-field capture writes the sidecar with the discovered 33:33; restore reads it back; 5-field override correctly skips the sidecar write. backup_files.sh parses. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
125 lines
6.1 KiB
YAML
125 lines
6.1 KiB
YAML
networks:
|
|
DOCKER_NETWORK_DATA: #LIBREPORTAL|DOCKER_NETWORK_TAG|DOCKER_NETWORK_DATA
|
|
external: true
|
|
|
|
services:
|
|
# PHP-FPM backend. Same container_name as before (nextcloud-service) so the
|
|
# auth adapter + tools (`docker exec ... nextcloud-service php occ`) keep
|
|
# working unchanged. The image's entrypoint runs occ maintenance:install
|
|
# automatically on first boot when the NEXTCLOUD_ADMIN_USER + MYSQL_* env
|
|
# vars are set, so no user wizard.
|
|
nextcloud-service: #LIBREPORTAL|SERVICE_TAG_1|nextcloud-service
|
|
image: nextcloud:31-fpm-alpine
|
|
container_name: nextcloud-service
|
|
environment:
|
|
- TZ=TIMEZONE_DATA #LIBREPORTAL|TIMEZONE_TAG|TIMEZONE_DATA
|
|
- MYSQL_HOST=nextcloud-db
|
|
- MYSQL_DATABASE=NEXTCLOUD_DB_NAME_DATA #LIBREPORTAL|NEXTCLOUD_DB_NAME_TAG|NEXTCLOUD_DB_NAME_DATA
|
|
- MYSQL_USER=NEXTCLOUD_DB_USER_DATA #LIBREPORTAL|NEXTCLOUD_DB_USER_TAG|NEXTCLOUD_DB_USER_DATA
|
|
- MYSQL_PASSWORD=NEXTCLOUD_DB_PASSWORD_DATA #LIBREPORTAL|NEXTCLOUD_DB_PASSWORD_TAG|NEXTCLOUD_DB_PASSWORD_DATA
|
|
- NEXTCLOUD_ADMIN_USER=NEXTCLOUD_ADMIN_USER_DATA #LIBREPORTAL|NEXTCLOUD_ADMIN_USER_TAG|NEXTCLOUD_ADMIN_USER_DATA
|
|
- NEXTCLOUD_ADMIN_PASSWORD=NEXTCLOUD_ADMIN_PASSWORD_DATA #LIBREPORTAL|NEXTCLOUD_ADMIN_PASSWORD_TAG|NEXTCLOUD_ADMIN_PASSWORD_DATA
|
|
- NEXTCLOUD_TRUSTED_DOMAINS=NEXTCLOUD_TRUSTED_DOMAINS_DATA #LIBREPORTAL|NEXTCLOUD_TRUSTED_DOMAINS_TAG|NEXTCLOUD_TRUSTED_DOMAINS_DATA
|
|
- REDIS_HOST=nextcloud-redis
|
|
volumes:
|
|
- ./html:/var/www/html
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- nextcloud-db
|
|
- nextcloud-redis
|
|
healthcheck:
|
|
disable: HEALTHCHECK_DATA #LIBREPORTAL|HEALTHCHECK_TAG|HEALTHCHECK_DATA
|
|
labels:
|
|
libreportal.category: "CATEGORY_DATA" #LIBREPORTAL|CATEGORY_TAG|CATEGORY_DATA
|
|
libreportal.title: "TITLE_DATA" #LIBREPORTAL|TITLE_TAG|TITLE_DATA
|
|
libreportal.backup.db: "mariadb:nextcloud-db:db_data:"
|
|
libreportal.backup.files: "nextcloud-service:/var/www/html:html"
|
|
# GLUETUN_OFF_BEGIN
|
|
networks:
|
|
DOCKER_NETWORK_DATA: #LIBREPORTAL|DOCKER_NETWORK_TAG|DOCKER_NETWORK_DATA
|
|
ipv4_address: IP_DATA_1 #LIBREPORTAL|IP_TAG_1|IP_DATA_1
|
|
# GLUETUN_OFF_END
|
|
# GLUETUN_ON_BEGIN
|
|
# network_mode: "container:gluetun-service"
|
|
# GLUETUN_ON_END
|
|
|
|
nextcloud-db: #LIBREPORTAL|SERVICE_TAG_2|nextcloud-db
|
|
image: mariadb:11
|
|
container_name: nextcloud-db
|
|
restart: unless-stopped
|
|
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
|
|
environment:
|
|
- MARIADB_ROOT_PASSWORD=NEXTCLOUD_DB_ROOT_PASSWORD_DATA #LIBREPORTAL|NEXTCLOUD_DB_ROOT_PASSWORD_TAG|NEXTCLOUD_DB_ROOT_PASSWORD_DATA
|
|
- MARIADB_DATABASE=NEXTCLOUD_DB_NAME_DATA #LIBREPORTAL|NEXTCLOUD_DB_NAME_TAG|NEXTCLOUD_DB_NAME_DATA
|
|
- MARIADB_USER=NEXTCLOUD_DB_USER_DATA #LIBREPORTAL|NEXTCLOUD_DB_USER_TAG|NEXTCLOUD_DB_USER_DATA
|
|
- MARIADB_PASSWORD=NEXTCLOUD_DB_PASSWORD_DATA #LIBREPORTAL|NEXTCLOUD_DB_PASSWORD_TAG|NEXTCLOUD_DB_PASSWORD_DATA
|
|
volumes:
|
|
- ./db_data:/var/lib/mysql
|
|
networks:
|
|
DOCKER_NETWORK_DATA: #LIBREPORTAL|DOCKER_NETWORK_TAG|DOCKER_NETWORK_DATA
|
|
ipv4_address: IP_DATA_2 #LIBREPORTAL|IP_TAG_2|IP_DATA_2
|
|
|
|
nextcloud-redis: #LIBREPORTAL|SERVICE_TAG_3|nextcloud-redis
|
|
image: redis:alpine
|
|
container_name: nextcloud-redis
|
|
restart: unless-stopped
|
|
volumes:
|
|
- ./redis_data:/data
|
|
networks:
|
|
DOCKER_NETWORK_DATA: #LIBREPORTAL|DOCKER_NETWORK_TAG|DOCKER_NETWORK_DATA
|
|
ipv4_address: IP_DATA_3 #LIBREPORTAL|IP_TAG_3|IP_DATA_3
|
|
|
|
# nginx sidecar — terminates HTTP/static, proxies *.php to nextcloud-service:9000
|
|
# via FastCGI. Shares ./html (read-only) with the FPM container. This is the
|
|
# whole performance win over Apache+mod_php: no per-request PHP init, nginx
|
|
# handles static + serves connections through the FPM process pool.
|
|
nextcloud-web: #LIBREPORTAL|SERVICE_TAG_4|nextcloud-web
|
|
image: nginx:alpine
|
|
container_name: nextcloud-web
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- nextcloud-service
|
|
volumes:
|
|
- ./html:/var/www/html:ro
|
|
- ./resources/nginx.conf:/etc/nginx/nginx.conf:ro
|
|
# GLUETUN_OFF_BEGIN
|
|
ports:
|
|
- "PORTS_DATA_1" #LIBREPORTAL|PORTS_TAG_1|PORTS_DATA_1
|
|
# GLUETUN_OFF_END
|
|
labels:
|
|
traefik.enable: TRAEFIK_ENABLE_DATA #LIBREPORTAL|TRAEFIK_ENABLE_TAG|TRAEFIK_ENABLE_DATA
|
|
# TRAEFIK_PORT_1_BEGIN
|
|
traefik.http.routers.nextcloud-web.entrypoints: web,websecure
|
|
traefik.http.routers.nextcloud-web.rule: Host(`DOMAINSUBNAME_DATA_1`) #LIBREPORTAL|DOMAINSUBNAME_TAG_1|DOMAINSUBNAME_DATA_1
|
|
traefik.http.routers.nextcloud-web.tls: true
|
|
traefik.http.routers.nextcloud-web.tls.certresolver: production
|
|
traefik.http.services.nextcloud-web.loadbalancer.server.port: PORT_INTERNAL_DATA_1 #LIBREPORTAL|PORT_INTERNAL_TAG_1|PORT_INTERNAL_DATA_1
|
|
traefik.http.routers.nextcloud-web.middlewares: MIDDLEWARE_DATA_1 #LIBREPORTAL|MIDDLEWARE_TAG_1|MIDDLEWARE_DATA_1
|
|
# TRAEFIK_PORT_1_END
|
|
traefik.docker.network: DOCKER_NETWORK_DATA #LIBREPORTAL|DOCKER_NETWORK_TAG|DOCKER_NETWORK_DATA
|
|
# GLUETUN_OFF_BEGIN
|
|
networks:
|
|
DOCKER_NETWORK_DATA: #LIBREPORTAL|DOCKER_NETWORK_TAG|DOCKER_NETWORK_DATA
|
|
ipv4_address: IP_DATA_4 #LIBREPORTAL|IP_TAG_4|IP_DATA_4
|
|
# GLUETUN_OFF_END
|
|
# GLUETUN_ON_BEGIN
|
|
# network_mode: "container:gluetun-service"
|
|
# GLUETUN_ON_END
|
|
|
|
# >>> libreportal-monitoring >>>
|
|
#nextcloud-exporter:
|
|
# container_name: nextcloud-exporter
|
|
# image: xperimental/nextcloud-exporter:latest
|
|
# restart: unless-stopped
|
|
# depends_on:
|
|
# - nextcloud-service
|
|
# environment:
|
|
# - NEXTCLOUD_SERVER=http://nextcloud-web:PORT_INTERNAL_DATA_1 #LIBREPORTAL|PORT_INTERNAL_TAG_1|PORT_INTERNAL_DATA_1
|
|
# - NEXTCLOUD_USERNAME=NEXTCLOUD_ADMIN_USER_DATA #LIBREPORTAL|NEXTCLOUD_ADMIN_USER_TAG|NEXTCLOUD_ADMIN_USER_DATA
|
|
# - NEXTCLOUD_PASSWORD=NEXTCLOUD_ADMIN_PASSWORD_DATA #LIBREPORTAL|NEXTCLOUD_ADMIN_PASSWORD_TAG|NEXTCLOUD_ADMIN_PASSWORD_DATA
|
|
# - NEXTCLOUD_TLS_SKIP_VERIFY=true
|
|
# - NEXTCLOUD_LISTEN_ADDRESS=:PORT_INTERNAL_DATA_2 #LIBREPORTAL|PORT_INTERNAL_TAG_2|PORT_INTERNAL_DATA_2
|
|
# networks:
|
|
# DOCKER_NETWORK_DATA: #LIBREPORTAL|DOCKER_NETWORK_TAG|DOCKER_NETWORK_DATA
|
|
# <<< libreportal-monitoring <<<
|