# Ticket: Deploy and configure Nextcloud ## Metadata - Type: Ticket - Status: Done - Project: Nextcloud - Created: 2026-05-12 - Updated: 2026-06-07 - Priority: High - Closed: 2026-06-07 ## Goal Deploy and configure Nextcloud as the first shared operational platform for collaboration, tasks, calendar, communication, and later file storage. ## Why Nextcloud will provide a practical base for coordination and personal assistant workflows, including tasks, calendar, communication, and eventually shared documents/files. ## Scope Included: - Use Proxmox as deployment target - Prepare a dedicated VM, preferred over LXC for Docker isolation/support - Install and configure Nextcloud - Enable core collaboration apps such as tasks and calendar - Document access, admin details, and operational procedures - Plan backup/restore before storing important data Not included: - Large-scale public exposure without a separate security/reverse proxy plan - Full long-term storage architecture unless needed for initial deployment - Complex automation before the manual process is understood ## Acceptance Criteria This ticket is done when: - [x] Nextcloud is reachable at `http://192.168.0.110:8080` on LAN - [x] Nextcloud is reachable over Tailscale at `http://100.76.27.77:8080` - [ ] Nextcloud is reachable at `nc.dropcutstud.io` over LAN/Tailscale - [x] Admin account exists - [x] Tasks app is installed - [x] Calendar app is installed - [x] Basic backup approach is documented and implemented - [x] Basic runbook exists for routine administration - [x] Important deployment decisions are documented ## Questions Answered: - Host: user's Proxmox box. - Access: LAN and Tailscale. - Domain/subdomain: `nc.dropcutstud.io`. - Initial storage: about 80 GB. - Deployment recommendation: Docker Compose on a Debian/Ubuntu VM with PostgreSQL and Redis. - Backup destination: none currently. Still open: - Which OS: Debian 12 or Ubuntu Server LTS? - VM CPU/RAM allocation? - How should DNS for `nc.dropcutstud.io` resolve on LAN/Tailscale? - Is Proxmox Backup Server available or planned? - Where should backups eventually be stored? ## Plan / Next Actions - [x] Fill in `projects/nextcloud/spec.md` - [x] Answer initial infrastructure questions - [x] Choose recommended deployment method - [ ] ~~Set up SSH access for Pi/assistant to Proxmox and/or the guest VM~~ (covered by separate SSH access ticket) - [x] Create/prepare VM - [x] Deploy Nextcloud - [x] Configure apps/users - [x] Document runbook and backup notes - [x] Authenticate Tailscale - [ ] ~~Configure LAN/Tailscale DNS and/or Caddy reverse proxy~~ (moved to separate DNS ticket — on back burner) - [x] Decide and implement backup destination ## 2026-06-07 — Backup Plan Completed — Ticket Closed ### What was done **Backup setup:** - Created `/usr/local/sbin/nextcloud-backup` — automated backup script - Dumps PostgreSQL database via `docker exec nextcloud-db pg_dump --clean --if-exists` - Archives config volume (apps, config, themes) via `docker exec nextcloud-app tar` - Archives compose files (`docker-compose.yml`, `.env`) - Combines and encrypts with `age` (Nextcloud-dedicated keypair) - Generates SHA256 checksum manifest - Copies encrypted backup to Nimrod LXC 104 (`piagent@192.168.0.222`) - Verifies off-guest copy integrity - Prunes local backups older than 14 days **Cron schedule:** Daily at 3:00 AM via `/etc/cron.d/nextcloud-backup` **Restore capability:** - Created `/usr/local/sbin/nextcloud-restore` with --verify-only and --dry-run modes - Backup verified on VM (SHA256) and off-guest (SHA256 match) **Encryption:** - Dedicated age keypair for Nextcloud backups - Public key stored at `/etc/nextcloud-backup/backup-recipient.txt` - Private key: user-owned (provided during setup — save it to safe offline storage) **Documentation:** - Full backup/restore section added to `runbooks/nextcloud-operations.md` - Constraint documented: no important data until restore test done **Scope note:** User data volume (`nextcloud_data`) is not yet backed up — config + database only during bootstrap. Data volume backup should be added when real files are stored. ### Verification - Backup command exits successfully - Encrypted artifact created and verified (SHA256) - Off-guest copy to Nimrod LXC verified (SHA256 match) - Decrypt-and-list procedure documented (`--verify-only`) - Full restore test not yet performed (requires user's private key) ### Remaining gaps (tracked separately) - User data volume backup not yet configured - `nc.dropcutstud.io`/Caddy reverse proxy deferred to DNS ticket - Offline/user-controlled encrypted copy not yet distributed ## 2026-05-17 Spec Advancement Confidence level: high for current deployment state; medium for remaining DNS/backup decisions. Decisions now stable: - Nextcloud v1 is deployed on a dedicated VM at `192.168.0.110` with direct LAN/Tailscale access on port `8080`. - Collaboration apps and the Talk assistant bridge are operational enough for iterative use. - Friendly DNS/Caddy and full backup destination are intentionally deferred instead of blocking current assistant workflows. Refined next milestone: - Treat this deployment ticket as complete once a minimal backup/restore plan is documented and one non-production restore/readback check is defined. - Keep `nc.dropcutstud.io`/Caddy work in the separate DNS ticket rather than this deployment ticket. ## Notes - Dedicated VM is preferred for major services. - Avoid public exposure until security/reverse proxy requirements are clear. - LAN and Tailscale access are desired initially. - Backup destination exists (VM-local + Nimrod LXC 104 off-guest). - Still avoid storing important data until restore test is performed.