Update documentation to centralize Vaultwarden integration details and enhance backup scripts

Refactor README, architecture, and backup documentation to emphasize the use of Vaultwarden for credential management across various services. Update scripts for Nextcloud, Gitea, Paperless, and others to reference Vaultwarden for sensitive information. Remove outdated references to previous backup strategies and ensure clarity on credential retrieval processes. This improves security practices and streamlines backup operations.
2026-02-28 00:52:56 +03:00
parent f319133cee
commit 16c254510a
34 changed files with 1677 additions and 437 deletions
--- a/scripts/nextcloud/docker-compose.yml
+++ b/scripts/nextcloud/docker-compose.yml
@@ -0,0 +1,52 @@
+# Шаблон для /opt/nextcloud/ на CT 101
+# Секреты в .env (генерируется deploy-nextcloud-credentials.sh из Vaultwarden).
+# .env не коммитить.
+
+services:
+  db:
+    image: docker.io/library/postgres:16
+    restart: unless-stopped
+    volumes:
+      - /mnt/nextcloud-data/pgdata:/var/lib/postgresql/data
+    env_file: .env
+    environment:
+      POSTGRES_DB: nextcloud
+      POSTGRES_USER: nextcloud
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U nextcloud"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
+  redis:
+    image: docker.io/library/redis:7-alpine
+    restart: unless-stopped
+    command: redis-server --appendonly yes
+
+  nextcloud:
+    image: docker.io/nextcloud:latest
+    restart: unless-stopped
+    depends_on:
+      db:
+        condition: service_healthy
+      redis:
+        condition: service_started
+    ports:
+      - "8080:80"
+    volumes:
+      - /mnt/nextcloud-data/html:/var/www/html
+      - /mnt/nextcloud-extra:/mnt/nextcloud-extra
+      - /opt/nextcloud/php-uploads.ini:/usr/local/etc/php/conf.d/zz-uploads.ini:ro
+    env_file: .env
+    environment:
+      APACHE_BODY_LIMIT: "0"
+      NEXTCLOUD_TRUSTED_DOMAINS: ${NEXTCLOUD_TRUSTED_DOMAINS}
+      OVERWRITEPROTOCOL: https
+      OVERWRITEHOST: cloud.katykhin.ru
+      OVERWRITECLIURL: https://cloud.katykhin.ru
+      REDIS_HOST: redis
+      POSTGRES_HOST: db
+      POSTGRES_DB: nextcloud
+      POSTGRES_USER: nextcloud
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}