summaryrefslogtreecommitdiff
path: root/user
diff options
context:
space:
mode:
Diffstat (limited to 'user')
-rw-r--r--user/nextcloud/APKBUILD257
-rw-r--r--user/nextcloud/disable-integrity-check-as-default.patch15
-rw-r--r--user/nextcloud/dont-update-htaccess.patch32
-rw-r--r--user/nextcloud/fpm-pool.conf198
-rw-r--r--user/nextcloud/iconv-ascii-translit-not-supported.patch13
-rw-r--r--user/nextcloud/nextcloud-config.php45
-rw-r--r--user/nextcloud/nextcloud-initscript.post-install24
-rw-r--r--user/nextcloud/nextcloud.confd8
-rw-r--r--user/nextcloud/nextcloud.cron6
-rw-r--r--user/nextcloud/nextcloud.logrotate6
-rw-r--r--user/nextcloud/nextcloud.post-upgrade8
-rw-r--r--user/nextcloud/nextcloud.pre-install6
-rw-r--r--user/nextcloud/nextcloud14-dont-chmod.patch44
-rw-r--r--user/nextcloud/occ10
-rw-r--r--user/nextcloud/use-external-docs-if-local-not-avail.patch65
15 files changed, 737 insertions, 0 deletions
diff --git a/user/nextcloud/APKBUILD b/user/nextcloud/APKBUILD
new file mode 100644
index 000000000..6f86863ac
--- /dev/null
+++ b/user/nextcloud/APKBUILD
@@ -0,0 +1,257 @@
+# Contributor: Jakub Jirutka <jakub@jirutka.cz>
+# Contributor: Leonardo Arena <rnalrd@alpinelinux.org>
+# Maintainer: Max Rees <maxcrees@me.com>
+pkgname=nextcloud
+pkgver=14.0.3
+pkgrel=0
+pkgdesc="Self-hosted file sync and groupware server"
+url="https://nextcloud.com"
+arch="noarch"
+options="!check" # No test suite.
+license="AGPL-3.0+ AND AGPL-3.0-only AND MIT AND Apache-2.0 AND (MIT OR GPL-2.0-only) AND BSD-3-Clause AND (Apache-2.0 OR GPL-2.0-only) AND GPL-3.0+ AND BSD-2-Clause AND PHP-3.0 AND (Apache-2.0 OR MPL-2.0)"
+depends="
+ ca-certificates
+ php7
+ php7-ctype
+ php7-curl
+ php7-dom
+ php7-fileinfo
+ php7-gd
+ php7-iconv
+ php7-intl
+ php7-json
+ php7-mbstring
+ php7-openssl
+ php7-pcntl
+ php7-pdo
+ php7-posix
+ php7-session
+ php7-simplexml
+ php7-xml
+ php7-xmlreader
+ php7-xmlwriter
+ php7-zip
+ $pkgname-sqlite
+"
+makedepends="libxml2-utils"
+provides="
+ $pkgname-accessibility=$pkgver-r$pkgrel
+ $pkgname-dav=$pkgver-r$pkgrel
+ $pkgname-federatedfilesharing=$pkgver-r$pkgrel
+ $pkgname-files=$pkgver-r$pkgrel
+ $pkgname-provisioning_api=$pkgver-r$pkgrel
+ $pkgname-support=$pkgver-r$pkgrel
+"
+install="$pkgname.pre-install $pkgname.post-upgrade
+ $pkgname-initscript.post-install"
+pkgusers="nextcloud"
+pkggroups="www-data"
+subpackages="$pkgname-doc $pkgname-initscript $pkgname-mysql $pkgname-pgsql
+ $pkgname-sqlite $pkgname-default-apps:_default_apps"
+source="https://download.nextcloud.com/server/releases/$pkgname-$pkgver.zip
+ nextcloud14-dont-chmod.patch
+ dont-update-htaccess.patch
+ disable-integrity-check-as-default.patch
+ iconv-ascii-translit-not-supported.patch
+ use-external-docs-if-local-not-avail.patch
+
+ $pkgname-config.php
+ $pkgname.logrotate
+ $pkgname.confd
+ $pkgname.cron
+ fpm-pool.conf
+ occ
+"
+builddir="$srcdir/$pkgname"
+
+# List of bundled apps to separate into subpackages. Keep it in sync!
+# Note: Don't add "files", "dav", and "provisioning_api" here, these should
+# be always installed.
+_apps="activity
+ admin_audit
+ comments
+ encryption
+ federation
+ files_external
+ files_pdfviewer
+ files_sharing
+ files_texteditor
+ files_trashbin
+ files_versions
+ files_videoplayer
+ firstrunwizard
+ gallery
+ logreader
+ lookup_server_connector
+ nextcloud_announcements
+ notifications
+ oauth2
+ password_policy
+ serverinfo
+ sharebymail
+ survey_client
+ systemtags
+ theming
+ twofactor_backupcodes
+ user_external
+ user_ldap
+ workflowengine
+"
+for _i in $_apps; do
+ subpackages="$subpackages $pkgname-$_i:_package_app"
+done
+
+# Directory for apps shipped with Nextcloud.
+_appsdir="usr/share/webapps/$pkgname/apps"
+
+build() {
+ cd "$builddir"
+}
+
+package() {
+ local basedir="var/lib/$pkgname"
+ local datadir="$basedir/data"
+ local wwwdir="usr/share/webapps/$pkgname"
+ local confdir="etc/$pkgname"
+
+ mkdir -p "$pkgdir/${wwwdir%/*}"
+ cp -a "$builddir" "$pkgdir/$wwwdir"
+
+ chmod +x "$pkgdir/$wwwdir/occ"
+ chmod 664 "$pkgdir/$wwwdir/.htaccess" "$pkgdir/$wwwdir/.user.ini"
+
+ # Let's not ship upstream's 'updatenotification' app and updater, which
+ # has zero chance of working and a big chance of blowing things up.
+ rm -r "$pkgdir/$wwwdir/apps/updatenotification" \
+ "$pkgdir/$wwwdir/lib/private/Updater"
+
+ # Replace bundled CA bundle with ours.
+ ln -sf /etc/ssl/certs/ca-certificates.crt \
+ "$pkgdir/$wwwdir/resources/config/ca-bundle.crt"
+
+ install -dm 770 -o nextcloud -g www-data \
+ "$pkgdir/$confdir" "$pkgdir/$datadir" "$pkgdir/$basedir/appstore"
+ install -dm 775 -o nextcloud -g www-data "$pkgdir/var/log/$pkgname"
+
+ # Create symlink from web root to site-apps, so web server can find
+ # assets w/o explicit configuration for this layout.
+ ln -s "/$basedir/appstore" "$pkgdir/$wwwdir/appstore"
+
+ mv $pkgdir/$wwwdir/config/* "$pkgdir/$confdir/"
+ rm -r "$pkgdir/$wwwdir/config"
+ ln -s "/$confdir" "$pkgdir/$wwwdir/config"
+
+ mkdir -p "$pkgdir/usr/share/doc/$pkgname"
+ mv "$pkgdir/$wwwdir/core/doc" "$pkgdir/usr/share/doc/$pkgname/core"
+
+ install -m 660 -o nextcloud -g www-data \
+ "$srcdir/$pkgname-config.php" "$pkgdir/$confdir/config.php"
+
+ install -Dm 644 "$srcdir/$pkgname.logrotate" "$pkgdir/etc/logrotate.d/$pkgname"
+ install -Dm 755 "$srcdir/occ" "$pkgdir/usr/bin/occ"
+
+ install -dm 700 -o nextcloud "$pkgdir/var/log/nextcloud"
+
+ # Clean some unnecessary files.
+ find "$pkgdir" -name '.gitignore' -delete \
+ -o -name '.bower.json' -delete \
+ -o -name 'README*' -delete \
+ -o -name 'CHANGELOG*' -delete \
+ -o -name 'CONTRIBUTING*' -delete
+ find . -name '.github' -type d -prune -exec rm -r {} \;
+}
+
+doc() {
+ default_doc
+
+ local target="$subpkgdir/usr/share/webapps/$pkgname/core/doc"
+ mkdir -p "${target%/*}"
+ ln -s "/usr/share/doc/$pkgname/core" "$target"
+}
+
+initscript() {
+ pkgdesc="Init script that runs Nextcloud with php-fpm"
+ depends="$pkgname php7-fpm"
+
+ install -Dm 644 "$srcdir/fpm-pool.conf" "$subpkgdir/etc/php/php-fpm.d/$pkgname.conf"
+ install -Dm 644 "$srcdir/$pkgname.confd" "$subpkgdir/etc/conf.d/$pkgname"
+ install -Dm 755 "$srcdir/$pkgname.cron" "$subpkgdir/etc/periodic/15min/$pkgname"
+
+ mkdir -p "$subpkgdir/etc/init.d"
+ ln -s php-fpm "$subpkgdir/etc/init.d/$pkgname"
+
+ install -dm 700 -o nextcloud "$subpkgdir/var/tmp/$pkgname"
+}
+
+pgsql() {
+ pkgdesc="Nextcloud PostgreSQL support"
+ depends="$pkgname php7-pgsql php7-pdo_pgsql"
+ mkdir -p "$subpkgdir"
+}
+
+sqlite() {
+ pkgdesc="Nextcloud SQLite support"
+ depends="$pkgname php7-sqlite3 php7-pdo_sqlite"
+ mkdir -p "$subpkgdir"
+}
+
+mysql() {
+ pkgdesc="Nextcloud MySQL support"
+ depends="$pkgname php7-pdo_mysql"
+ mkdir -p "$subpkgdir"
+}
+
+_default_apps() {
+ pkgdesc="Nextcloud default apps"
+ depends="$pkgname"
+
+ local path; for path in $pkgdir/$_appsdir/*; do
+ if grep -q '<default_enable\s*/>' "$path/appinfo/info.xml"; then
+ depends="$depends $pkgname-${path##*/}"
+ fi
+ done
+
+ mkdir -p "$subpkgdir"
+}
+
+_package_app() {
+ local appname="${subpkgname#$pkgname-}"
+ local appinfo="$pkgdir/$_appsdir/$appname/appinfo/info.xml"
+
+ local name="$(xmllint --xpath '//info/name/text()' "$appinfo" 2>/dev/null)"
+ pkgdesc="Nextcloud ${name:-$appname} app"
+
+ case "$appname" in
+ encryption) php_deps="php7-openssl";;
+ files_external) php_deps="php7-ftp";;
+ # TODO: add php7-imap, php7-smbclient
+ user_external) php_deps="php7-ftp";;
+ user_ldap) php_deps="php7-ldap";;
+ esac
+
+ case "$appname" in
+ files_sharing) app_deps="$pkgname-federatedfilesharing";;
+ # Announcements are delivered via the notifications pane
+ nextcloud_announcements) app_deps="$pkgname-notifications";;
+ # workflowengine provides admin panel to manage systemtags
+ systemtags) app_deps="$pkgname-workflowengine";;
+ esac
+
+ depends="$pkgname $php_deps $app_deps"
+
+ mkdir -p "$subpkgdir/$_appsdir"
+ mv "$pkgdir/$_appsdir/$appname" "$subpkgdir/$_appsdir/"
+}
+
+sha512sums="f3b8bf22f4c17e038352a9f6c202d79220b5d9a19a2148c486cf22558d626095ab5c35f02ddf64292165e34572e199c72a44318b5c19a6dd5113f0ee0f6e937f nextcloud-14.0.3.zip
+63690b8d8ffe6d4896c5b666aa9d493b501aa3e171c6557e7a003599049f0d36f266a2a257a9535dea055bca1e84208b219c6cd5e4ecd70dd064e1dd1007203a nextcloud14-dont-chmod.patch
+aef3c92497d738d6968e0f0b0d415b4953500db24ae14af41ef972665cf7eff00cb6c53dc953845fdbb389c3c965a75b8b14b9247513c05cf4130fe1cfc61731 dont-update-htaccess.patch
+d2100a837fef1eeae5f706650ab4c985d9e00f61efa5526ef76c7c1f5811c3906eb6c3c13c151eff9677a0c303faab64411a5a84d6792728bc520d2c618d7d5b disable-integrity-check-as-default.patch
+de1b433c2fb2582b599cb25e718e454fc4b93543a5a60eee39a03bcccf35d281594611395bdebe02319bedd9a894507eef97010ebdfca381e0f1a09df283d375 iconv-ascii-translit-not-supported.patch
+478f5cd7c5d30380ea619d3e8ec623217a06a09b27534266f00297545c7d276b068c5d984673eebc5676e8bac7f45112549498944ce3fa678ac8a69541d7c430 use-external-docs-if-local-not-avail.patch
+4d01c89d5fd86190fb3bd6a5ca97bc623ec55d92cbf030c18c5811d711cea557485d334a6588e458eea4e0b3ad82f4defd7cb5a9d4f393ce4d5b32abf45db596 nextcloud-config.php
+7388458a9e8b7afd3d3269718306410ffa59c3c23da4bef367a4d7f6d2570136fae9dd421b19c1441e7ffb15a5405e18bb5da67b1a15f9f45e8b98d3fda532ba nextcloud.logrotate
+dcc57735d7d4af4a7ebbdd1186d301e51d2ae4675022aea6bf1111222dfa188a3a490ebd6e7c8a7ac30046cb7d93f81cec72a51acbc60d0c10b7fb64630c637a nextcloud.confd
+921b0e5f087f24e705dce62c078dea4d2f524c40a746ed7b19f1cff3405b9ea489c10a6dbcea87be6068f575be565b77b02c9f2c3ae6a7fb85367dbe3b7300c5 nextcloud.cron
+b829ed942916660065dd1030f9f35fa2f8c45a36dc791417108761c15b081777c302f305fd6490ea47d0ae41b8589c8d62e01e0f163105bd6b29fd3bed36ddcd fpm-pool.conf
+959852e34f010e635470829d66713f3e22c47717ec2c6487759eed2b6aeff9fd1421fe0271d494a02781bd1c98beb2823583623ee2cf03057cd5db794627d6c2 occ"
diff --git a/user/nextcloud/disable-integrity-check-as-default.patch b/user/nextcloud/disable-integrity-check-as-default.patch
new file mode 100644
index 000000000..54ea7a51e
--- /dev/null
+++ b/user/nextcloud/disable-integrity-check-as-default.patch
@@ -0,0 +1,15 @@
+We patch some files and Nextcloud's integrity check doesn't like it...
+APK ensures integrity of all installed files, so this Nextcloud's integrity
+check doesn't add any value.
+
+--- a/lib/private/IntegrityCheck/Checker.php
++++ b/lib/private/IntegrityCheck/Checker.php
+@@ -111,7 +111,7 @@
+ */
+ $isIntegrityCheckDisabled = false;
+ if ($this->config !== null) {
+- $isIntegrityCheckDisabled = $this->config->getSystemValue('integrity.check.disabled', false);
++ $isIntegrityCheckDisabled = $this->config->getSystemValue('integrity.check.disabled', true);
+ }
+ if ($isIntegrityCheckDisabled === true) {
+ return false;
diff --git a/user/nextcloud/dont-update-htaccess.patch b/user/nextcloud/dont-update-htaccess.patch
new file mode 100644
index 000000000..aecaebc71
--- /dev/null
+++ b/user/nextcloud/dont-update-htaccess.patch
@@ -0,0 +1,32 @@
+Don't mess with .htaccess files.
+
+Patch ported from https://src.fedoraproject.org/cgit/rpms/nextcloud.git/tree/nextcloud-9.1.0-dont_update_htacess.patch
+
+--- a/core/register_command.php
++++ b/core/register_command.php
+@@ -135,7 +135,6 @@
+ $application->add(new OC\Core\Command\Maintenance\Mimetype\UpdateDB(\OC::$server->getMimeTypeDetector(), \OC::$server->getMimeTypeLoader()));
+ $application->add(new OC\Core\Command\Maintenance\Mimetype\UpdateJS(\OC::$server->getMimeTypeDetector()));
+ $application->add(new OC\Core\Command\Maintenance\Mode(\OC::$server->getConfig()));
+- $application->add(new OC\Core\Command\Maintenance\UpdateHtaccess());
+ $application->add(new OC\Core\Command\Maintenance\UpdateTheme(\OC::$server->getMimeTypeDetector(), \OC::$server->getMemCacheFactory()));
+
+ $application->add(new OC\Core\Command\Upgrade(\OC::$server->getConfig(), \OC::$server->getLogger(), \OC::$server->query(\OC\Installer::class)));
+
+--- a/lib/private/Updater.php
++++ b/lib/private/Updater.php
+@@ -233,14 +233,6 @@
+ throw new \Exception('Updates between multiple major versions and downgrades are unsupported.');
+ }
+
+- // Update .htaccess files
+- try {
+- Setup::updateHtaccess();
+- Setup::protectDataDirectory();
+- } catch (\Exception $e) {
+- throw new \Exception($e->getMessage());
+- }
+-
+ // create empty file in data dir, so we can later find
+ // out that this is indeed an ownCloud data directory
+ // (in case it didn't exist before)
diff --git a/user/nextcloud/fpm-pool.conf b/user/nextcloud/fpm-pool.conf
new file mode 100644
index 000000000..189962928
--- /dev/null
+++ b/user/nextcloud/fpm-pool.conf
@@ -0,0 +1,198 @@
+; vi: ft=dosini
+[global]
+; Error log file
+; Default Value: log/php-fpm.log
+error_log = /var/log/nextcloud/php-fpm.log
+
+; Log level
+; Possible Values: alert, error, warning, notice, debug
+; Default Value: notice
+log_level = warning
+
+; If this number of child processes exit with SIGSEGV or SIGBUS within the time
+; interval set by emergency_restart_interval then FPM will restart. A value
+; of '0' means 'Off'.
+; Default Value: 0
+emergency_restart_threshold = 10
+
+; Interval of time used by emergency_restart_interval to determine when
+; a graceful restart will be initiated. This can be useful to work around
+; accidental corruptions in an accelerator's shared memory.
+; Available Units: s(econds), m(inutes), h(ours), or d(ays)
+; Default Unit: seconds
+; Default Value: 0
+emergency_restart_interval = 1m
+
+; Time limit for child processes to wait for a reaction on signals from master.
+; Available units: s(econds), m(inutes), h(ours), or d(ays)
+; Default Unit: seconds
+; Default Value: 0
+process_control_timeout = 10s
+
+
+[nextcloud]
+; The address on which to accept FastCGI requests.
+; Valid syntaxes are:
+; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on
+; a specific port;
+; 'port' - to listen on a TCP socket to all addresses on a
+; specific port;
+; '/path/to/unix/socket' - to listen on a unix socket (the path is *not*
+; relative to chroot!)
+; Note: This value is mandatory.
+listen = /run/nextcloud/fastcgi.sock
+
+; Set permissions for unix socket, if one is used. In Linux, read/write
+; permissions must be set in order to allow connections from a web server. Many
+; BSD-derived systems allow connections regardless of permissions.
+; Default Values: user and group are set as the running user
+; mode is set to 0666
+listen.mode = 0660
+
+; Choose how the process manager will control the number of child processes.
+; Possible Values:
+; static ... a fixed number of child processes.
+; dynamic ... the number of child processes are set dynamically.
+; ondemand ... no children are created at startup; children will be forked
+; when new requests will connect.
+; Note: This value is mandatory.
+pm = ondemand
+
+; The number of child processes to be created when pm is set to 'static' and the
+; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
+; This value sets the limit on the number of simultaneous requests that will be
+; served.
+; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
+; Note: This value is mandatory.
+pm.max_children = 10
+
+; The number of seconds after which an idle process will be killed.
+; Note: Used only when pm is set to 'ondemand'
+; Default Value: 10s
+pm.process_idle_timeout = 120s
+
+; The number of requests each child process should execute before respawning.
+; This can be useful to work around memory leaks in 3rd party libraries. For
+; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
+; Default Value: 0
+pm.max_requests = 500
+
+; The URI to view the FPM status page. If this value is not set, no URI will be
+; recognized as a status page.
+; Note: The value must start with a leading slash (/). The value can be
+; anything, but it may not be a good idea to use the .php extension or it
+; may conflict with a real PHP file.
+; Default Value: not set
+pm.status_path =
+
+; The ping URI to call the monitoring page of FPM. If this value is not set, no
+; URI will be recognized as a ping page. This could be used to test from outside
+; that FPM is alive and responding, or to
+; - create a graph of FPM availability (rrd or such);
+; - remove a server from a group if it is not responding (load balancing);
+; - trigger alerts for the operating team (24/7).
+; Note: The value must start with a leading slash (/). The value can be
+; anything, but it may not be a good idea to use the .php extension or it
+; may conflict with a real PHP file.
+; Default Value: not set
+ping.path = /ping
+
+; The timeout for serving a single request after which the worker process will
+; be killed. This option should be used when the 'max_execution_time' ini option
+; does not stop script execution for some reason. A value of '0' means 'off'.
+; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
+; Default Value: 0
+;request_terminate_timeout = 0
+
+; The timeout for serving a single request after which a PHP backtrace will be
+; dumped to the 'slowlog' file. A value of '0s' means 'off'.
+; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
+; Default Value: 0
+;request_slowlog_timeout = 0
+
+; The log file for slow requests
+; Default Value: not set
+; Note: slowlog is mandatory if request_slowlog_timeout is set
+; Note: the path is *not* relative to chroot.
+;slowlog = /var/log/nextcloud/php-fpm.slow.log
+
+; Redirect worker stdout and stderr into main error log. If not set, stdout and
+; stderr will be redirected to /dev/null according to FastCGI specs.
+; Note: on highloaded environement, this can cause some delay in the page
+; process time (several ms).
+; Default Value: no
+;catch_workers_output = yes
+
+; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
+; the current environment.
+; Default Value: clean env
+env[PATH] = /usr/local/bin:/usr/bin:/bin
+env[TMP] = /tmp
+env[TMPDIR] = /tmp
+env[TEMP] = /tmp
+
+; Additional php.ini defines, specific to this pool of workers. These settings
+; overwrite the values previously defined in the php.ini. The directives are the
+; same as the PHP SAPI:
+; php_value/php_flag - you can set classic ini defines which can
+; be overwritten from PHP call 'ini_set'.
+; php_admin_value/php_admin_flag - these directives won't be overwritten by
+; PHP call 'ini_set'
+; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
+;
+; Defining 'extension' will load the corresponding shared extension from
+; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
+; overwrite previously defined php.ini values, but will append the new value
+; instead.
+;
+; Note: path INI options can be relative and will be expanded with the prefix
+; (pool, global or /usr/lib/php7.x)
+
+; Allow HTTP file uploads.
+php_admin_flag[file_uploads] = true
+
+; Maximal size of a file that can be uploaded via web interface.
+php_admin_value[memory_limit] = 512M
+php_admin_value[post_max_size] = 513M
+php_admin_value[upload_max_filesize] = 513M
+
+; Where to store temporary files.
+php_admin_value[session.save_path] = /var/tmp/nextcloud
+php_admin_value[sys_temp_dir] = /var/tmp/nextcloud
+php_admin_value[upload_tmp_dir] = /var/tmp/nextcloud
+
+; Log errors to specified file.
+php_admin_flag[log_errors] = on
+php_admin_value[error_log] = /var/log/nextcloud/php.error.log
+
+; OPcache error_log file name. Empty string assumes "stderr"
+php_admin_value[opcache.error_log] = /var/log/nextcloud/php.error.log
+
+; Output buffering is a mechanism for controlling how much output data
+; (excluding headers and cookies) PHP should keep internally before pushing that
+; data to the client. If your application's output exceeds this setting, PHP
+; will send that data in chunks of roughly the size you specify.
+; This must be disabled for ownCloud.
+php_admin_flag[output_buffering] = false
+
+; Overload(replace) single byte functions by mbstring functions.
+; This must be disabled for ownCloud.
+php_admin_flag[mbstring.func_overload] = false
+
+; Never populate the $HTTP_RAW_POST_DATA variable.
+; http://php.net/always-populate-raw-post-data
+php_admin_value[always_populate_raw_post_data] = -1
+
+; Disable certain functions for security reasons.
+; http://php.net/disable-functions
+php_admin_value[disable_functions] = exec,passthru,shell_exec,system,proc_open,curl_multi_exec,show_source
+
+; Set recommended settings for OpCache.
+; https://docs.nextcloud.com/server/13/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
+php_admin_flag[opcache.enable] = true
+php_admin_flag[opcache.enable_cli] = true
+php_admin_flag[opcache.save_comments] = true
+php_admin_value[opcache.interned_strings_buffer] = 8
+php_admin_value[opcache.max_accelerated_files] = 10000
+php_admin_value[opcache.memory_consumption] = 128
+php_admin_value[opcache.revalidate_freq] = 1
diff --git a/user/nextcloud/iconv-ascii-translit-not-supported.patch b/user/nextcloud/iconv-ascii-translit-not-supported.patch
new file mode 100644
index 000000000..bb13a9514
--- /dev/null
+++ b/user/nextcloud/iconv-ascii-translit-not-supported.patch
@@ -0,0 +1,13 @@
+iconv on Alpine does not support conversion to ASCII//TRANSLIT
+
+--- a/apps/user_ldap/lib/Access.php
++++ b/apps/user_ldap/lib/Access.php
+@@ -1318,7 +1318,7 @@
+ }
+
+ // Transliteration to ASCII
+- $transliterated = @iconv('UTF-8', 'ASCII//TRANSLIT', $name);
++ $transliterated = @iconv('UTF-8', 'ASCII', $name);
+ if($transliterated !== false) {
+ // depending on system config iconv can work or not
+ $name = $transliterated;
diff --git a/user/nextcloud/nextcloud-config.php b/user/nextcloud/nextcloud-config.php
new file mode 100644
index 000000000..83b1400e6
--- /dev/null
+++ b/user/nextcloud/nextcloud-config.php
@@ -0,0 +1,45 @@
+<?php
+$CONFIG = array (
+ 'datadirectory' => '/var/lib/nextcloud/data',
+ 'logfile' => '/var/log/nextcloud/nextcloud.log',
+ 'apps_paths' => array (
+ // Read-only location for apps shipped with Nextcloud and installed by apk.
+ 0 => array (
+ 'path' => '/usr/share/webapps/nextcloud/apps',
+ 'url' => '/apps',
+ 'writable' => false,
+ ),
+ // Writable location for apps installed from AppStore.
+ 1 => array (
+ 'path' => '/var/lib/nextcloud/appstore',
+ 'url' => '/appstore',
+ 'writable' => true,
+ ),
+ ),
+ 'updatechecker' => false,
+
+ // Uncomment to enable pretty URLs:
+ //'overwrite.cli.url' => 'http://localhost/nextcloud/',
+ //'htaccess.RewriteBase' => '/nextcloud/',
+
+ // Addtionally, for nginx and lighttpd pretty URLs:
+ //'check_for_working_htaccess' => false,
+ // Additionally, for lighttpd pretty URLs:
+ //'htaccess.IgnoreFrontController' => true,
+
+ // Uncomment to enable Zend APCu memcache:
+ //'memcache.local' => '\OC\Memcache\APCu',
+
+ // Uncomment this and add user nextcloud to the redis group to enable Redis
+ // cache for file locking. This is highly recommended, see
+ // https://github.com/nextcloud/server/issues/9305.
+ //'memcache.locking' => '\OC\Memcache\Redis',
+ //'redis' => array(
+ // 'host' => '/run/redis/redis.sock',
+ // 'port' => 0,
+ // 'dbindex' => 0,
+ // 'timeout' => 1.5,
+ //),
+
+ 'installed' => false,
+);
diff --git a/user/nextcloud/nextcloud-initscript.post-install b/user/nextcloud/nextcloud-initscript.post-install
new file mode 100644
index 000000000..6b7fdf671
--- /dev/null
+++ b/user/nextcloud/nextcloud-initscript.post-install
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+# It's not needed to be writable for www-data group when running with php-fpm.
+for dir in /etc/nextcloud \
+ /etc/nextcloud/config.php \
+ /var/lib/nextcloud/data \
+ /var/lib/nextcloud/appstore
+do
+ chmod g-w $dir
+done
+chgrp root /etc/nextcloud/config.php
+
+# This must be writable (only) by nextcloud user.
+chmod 750 /var/log/nextcloud
+
+cat <<"EOF"
+*
+* Point your web server to /run/nextcloud/fastcgi.sock and start
+* Nextcloud with `service nextcloud start`. You can modify php-fpm
+* settings in /etc/php7/fpm.d/nextcloud.conf.
+*
+EOF
+
+exit 0
diff --git a/user/nextcloud/nextcloud.confd b/user/nextcloud/nextcloud.confd
new file mode 100644
index 000000000..b24f26d7f
--- /dev/null
+++ b/user/nextcloud/nextcloud.confd
@@ -0,0 +1,8 @@
+# Config file for /etc/init.d/nextcloud
+
+name="Nextcloud"
+user="nextcloud"
+group="www-data"
+
+# Uncomment if you use Nextcloud with Redis for caching.
+#rc_need="redis"
diff --git a/user/nextcloud/nextcloud.cron b/user/nextcloud/nextcloud.cron
new file mode 100644
index 000000000..21a5b566a
--- /dev/null
+++ b/user/nextcloud/nextcloud.cron
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+# Run only when nextcloud service is started.
+if rc-service nextcloud -q status >/dev/null 2>&1; then
+ su nextcloud -s /bin/sh -c 'php -f /usr/share/webapps/nextcloud/cron.php'
+fi
diff --git a/user/nextcloud/nextcloud.logrotate b/user/nextcloud/nextcloud.logrotate
new file mode 100644
index 000000000..19e17fdf4
--- /dev/null
+++ b/user/nextcloud/nextcloud.logrotate
@@ -0,0 +1,6 @@
+/var/log/nextcloud/*.log {
+ daily
+ compress
+ copytruncate
+ su nextcloud www-data
+}
diff --git a/user/nextcloud/nextcloud.post-upgrade b/user/nextcloud/nextcloud.post-upgrade
new file mode 100644
index 000000000..e4ad291ac
--- /dev/null
+++ b/user/nextcloud/nextcloud.post-upgrade
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+ver_new="$1"
+ver_old="$2"
+
+if [ "${ver_new%-r*}" != "${ver_old%-r*}" ]; then
+ echo '* Run "occ upgrade" to finish upgrade of your NextCloud instance!' >&2
+fi
diff --git a/user/nextcloud/nextcloud.pre-install b/user/nextcloud/nextcloud.pre-install
new file mode 100644
index 000000000..e9cf53919
--- /dev/null
+++ b/user/nextcloud/nextcloud.pre-install
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+addgroup -S -g 82 www-data 2>/dev/null
+adduser -S -D -H -h /var/lib/nextcloud -s /sbin/nologin -G www-data -g Nextcloud nextcloud 2>/dev/null
+
+exit 0
diff --git a/user/nextcloud/nextcloud14-dont-chmod.patch b/user/nextcloud/nextcloud14-dont-chmod.patch
new file mode 100644
index 000000000..13b5e3efb
--- /dev/null
+++ b/user/nextcloud/nextcloud14-dont-chmod.patch
@@ -0,0 +1,44 @@
+--- a/lib/private/Config.php
++++ b/lib/private/Config.php
+@@ -240,9 +240,6 @@
+ touch ($this->configFilePath);
+ $filePointer = fopen($this->configFilePath, 'r+');
+
+- // Prevent others not to read the config
+- chmod($this->configFilePath, 0640);
+-
+ // File does not exist, this can happen when doing a fresh install
+ if(!is_resource ($filePointer)) {
+ // TODO fix this via DI once it is very clear that this doesn't cause side effects due to initialization order
+--- a/lib/private/Log/File.php
++++ b/lib/private/Log/File.php
+@@ -134,9 +134,6 @@
+ }
+ $entry = json_encode($entry, JSON_PARTIAL_OUTPUT_ON_ERROR);
+ $handle = @fopen($this->logFile, 'a');
+- if ((fileperms($this->logFile) & 0777) != 0640) {
+- @chmod($this->logFile, 0640);
+- }
+ if ($handle) {
+ fwrite($handle, $entry."\n");
+ fclose($handle);
+--- a/lib/private/TempManager.php
++++ b/lib/private/TempManager.php
+@@ -95,7 +95,6 @@
+ if($postFix !== '') {
+ $fileNameWithPostfix = $this->buildFileNameWithSuffix($file, $postFix);
+ touch($fileNameWithPostfix);
+- chmod($fileNameWithPostfix, 0600);
+ $this->current[] = $fileNameWithPostfix;
+ return $fileNameWithPostfix;
+ }
+--- a/lib/private/legacy/util.php
++++ b/lib/private/legacy/util.php
+@@ -1008,7 +1008,6 @@
+ . ' cannot be listed by other users.');
+ $perms = substr(decoct(@fileperms($dataDirectory)), -3);
+ if (substr($perms, -1) !== '0') {
+- chmod($dataDirectory, 0770);
+ clearstatcache();
+ $perms = substr(decoct(@fileperms($dataDirectory)), -3);
+ if ($perms[2] !== '0') {
diff --git a/user/nextcloud/occ b/user/nextcloud/occ
new file mode 100644
index 000000000..1e3c095ad
--- /dev/null
+++ b/user/nextcloud/occ
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+NEXTCLOUD_DIR='/usr/share/webapps/nextcloud'
+: ${NEXTCLOUD_USER:="nextcloud"}
+
+if [ "$(id -un)" != "$NEXTCLOUD_USER" ]; then
+ exec su -s /bin/sh "$NEXTCLOUD_USER" -c '$0 "$@"' -- $NEXTCLOUD_DIR/occ "$@"
+else
+ exec $NEXTCLOUD_DIR/occ "$@"
+fi
diff --git a/user/nextcloud/use-external-docs-if-local-not-avail.patch b/user/nextcloud/use-external-docs-if-local-not-avail.patch
new file mode 100644
index 000000000..19145b5ce
--- /dev/null
+++ b/user/nextcloud/use-external-docs-if-local-not-avail.patch
@@ -0,0 +1,65 @@
+From: Jakub Jirutka <jakub@jirutka.cz>
+Date: Tue, 27 Jun 2017 02:07:00 +0200
+Subject: [PATCH] Show link to external docs if local is not installed
+
+--- a/settings/help.php
++++ b/settings/help.php
+@@ -34,22 +34,36 @@
+ OC_Util::addStyle( "settings", "settings" );
+ \OC::$server->getNavigationManager()->setActiveEntry('help');
+
++$localDocs = true;
+
+ if(isset($_GET['mode']) and $_GET['mode'] === 'admin') {
+- $url=\OCP\Util::linkToAbsolute( 'core', 'doc/admin/index.html' );
++ if (file_exists(\OC::$SERVERROOT . '/core/doc/admin/index.html')) {
++ $url=\OCP\Util::linkToAbsolute( 'core', 'doc/admin/index.html' );
++ } else {
++ $url=\OC::$server->query(\OCP\Defaults::class)->buildDocLinkToKey('admin-manual');
++ $localDocs=false;
++ }
+ $style1='';
+ $style2=' active';
+ }else{
+ $url=\OCP\Util::linkToAbsolute( 'core', 'doc/user/index.html' );
++ if (file_exists( \OC::$SERVERROOT . '/core/doc/user/index.html' )) {
++ $url=\OCP\Util::linkToAbsolute( 'core', 'doc/user/index.html' );
++ } else {
++ $url=\OC::$server->query(\OCP\Defaults::class)->buildDocLinkToKey('user-manual');
++ $localDocs=false;
++ }
+ $style1=' active';
+ $style2='';
+ }
+
++
+ $url1=\OC::$server->getURLGenerator()->linkToRoute('settings_help').'?mode=user';
+ $url2=\OC::$server->getURLGenerator()->linkToRoute('settings_help').'?mode=admin';
+
+ $tmpl = new OC_Template( "settings", "help", "user" );
+ $tmpl->assign( "admin", OC_User::isAdminUser(OC_User::getUser()));
++$tmpl->assign( "localDocs", $localDocs );
+ $tmpl->assign( "url", $url );
+ $tmpl->assign( "url1", $url1 );
+ $tmpl->assign( "url2", $url2 );
+
+--- a/settings/templates/help.php
++++ b/settings/templates/help.php
+@@ -42,6 +42,17 @@
+ </div>
+
+ <div id="app-content" class="help-includes">
++<?php if ($_['localDocs']) { ?>
+ <iframe src="<?php print_unescaped($_['url']); ?>" class="help-iframe">
+ </iframe>
++<?php } else { ?>
++ <div class="section">
++ <h2>Local documentation is not installed</h2>
++ <p>Please use
++ <a href="<?php print_unescaped($_['url']); ?>" target="_blank" rel="noreferrer">
++ <?php p($l->t('online documentation')); ?> ↗
++ </a>
++ </p>
++ </div>
++<?php } ?>
+ </div>