From 3110f399e63a40ab8ecf95e75bd76e12475eea00 Mon Sep 17 00:00:00 2001
From: Thomas Hintz <t@thintz.com>
Date: Sun, 31 Aug 2025 09:49:35 -0700
Subject: [PATCH] Also generate nextcloud.env

---
 .gitignore                            |  1 +
 Makefile                              |  5 ++++-
 all-apps/nextcloud/nextcloud.env.tmpl | 19 +++++++++++++++++++
 make-nextcloud-env.sh                 | 24 ++++++++++++++++++++++++
 4 files changed, 48 insertions(+), 1 deletion(-)
 create mode 100644 all-apps/nextcloud/nextcloud.env.tmpl
 create mode 100755 make-nextcloud-env.sh

diff --git a/.gitignore b/.gitignore
index 344744a..e6b9525 100644
--- a/.gitignore
+++ b/.gitignore
@@ -19,6 +19,7 @@ apps.config
 
 # generated files
 all-apps/lb/Caddyfile
+all-apps/nextcloud/nextcloud.env
 all-apps/nextcloud/nextcloud_admin_user
 all-apps/nextcloud/nextcloud_admin_password
 all-apps/nextcloud/postgres_db
diff --git a/Makefile b/Makefile
index 0154700..b1954fd 100644
--- a/Makefile
+++ b/Makefile
@@ -25,6 +25,8 @@ all-apps/nextcloud/postgres_password: apps.config
 	echo "$(NEXTCLOUD_POSTGRES_PASSWORD)" > $@
 all-apps/nextcloud/redis_password: apps.config
 	echo "$(NEXTCLOUD_REDIS_PASSWORD)" > $@
+all-apps/nextcloud/nextcloud.env: apps.config make-nextcloud-env.sh
+	./make-nextcloud-env.sh
 
 ignition.json: cl.yaml app/.dirstamp \
 all-apps/lb/Caddyfile \
@@ -33,7 +35,8 @@ all-apps/nextcloud/nextcloud_admin_password \
 all-apps/nextcloud/postgres_db \
 all-apps/nextcloud/postgres_user \
 all-apps/nextcloud/postgres_password \
-all-apps/nextcloud/redis_password
+all-apps/nextcloud/redis_password \
+all-apps/nextcloud/nextcloud.env
 	cat cl.yaml | sudo docker run --rm --volume /home/tjhintz/.ssh/id_rsa.pub:/pwd/ssh-keys --volume ${PWD}:/pwd --workdir /pwd -i quay.io/coreos/butane:latest -d /pwd > ignition.json
 
 generated.tfvars: apps.config make-generated.sh
diff --git a/all-apps/nextcloud/nextcloud.env.tmpl b/all-apps/nextcloud/nextcloud.env.tmpl
new file mode 100644
index 0000000..6abc6d8
--- /dev/null
+++ b/all-apps/nextcloud/nextcloud.env.tmpl
@@ -0,0 +1,19 @@
+NEXTCLOUD_TRUSTED_DOMAINS=${DOMAIN}
+
+# reverse proxy config
+OVERWRITEHOST=${DOMAIN}
+OVERWRITECLIURL=https://${DOMAIN}
+OVERWRITEPROTOCOL=https
+TRUSTED_PROXIES=172.16.0.0/24 # trust the local lb
+PHP_MEMORY_LIMIT=1G
+PHP_UPLOAD_LIMIT=10G
+POSTGRES_HOST=db
+POSTGRES_DB_FILE=/run/secrets/postgres_db
+POSTGRES_USER_FILE=/run/secrets/postgres_user
+POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
+# admin user
+NEXTCLOUD_ADMIN_PASSWORD_FILE=/run/secrets/nextcloud_admin_password
+NEXTCLOUD_ADMIN_USER_FILE=/run/secrets/nextcloud_admin_user
+# redis
+REDIS_HOST=redis
+REDIS_HOST_PASSWORD_FILE=/run/secrets/redis_password
\ No newline at end of file
diff --git a/make-nextcloud-env.sh b/make-nextcloud-env.sh
new file mode 100755
index 0000000..fd85063
--- /dev/null
+++ b/make-nextcloud-env.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+set -e
+
+. apps.config
+
+read -r -a APP_CONFIGS <<< "$APP_CONFIGS"
+
+nextcloud_subdomain=
+
+for config_string in ${APP_CONFIGS[@]}; do
+    IFS=','
+    read -r -a config <<< "$config_string"
+
+    app=${config[0]}
+    subdomain=${config[1]}
+
+    if [ "$app" = "nextcloud" ]; then
+       nextcloud_subdomain="$subdomain"
+    fi
+done
+
+echo "DOMAIN=\"$nextcloud_subdomain.$ROOT_DOMAIN\"" > all-apps/nextcloud/nextcloud.env
+cat all-apps/nextcloud/nextcloud.env.tmpl >> all-apps/nextcloud/nextcloud.env