From 26f0d7f5f403ff897a8ee61c4209080098c31f5d Mon Sep 17 00:00:00 2001
From: Andrew Trieu <andrew.trieu@proton.me>
Date: Sat, 15 Nov 2025 23:36:26 +0200
Subject: [PATCH] feat: Add Nextcloud service to homelab setup

---
 README.md           | 13 ++++++++-----
 duckdns/duck.sh     |  2 +-
 homelab/Caddyfile   | 23 +++++++++++++++++++++++
 homelab/compose.yml | 16 ++++++++++++++++
 4 files changed, 48 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index eaf28ca..b4b5e9b 100644
--- a/README.md
+++ b/README.md
@@ -6,6 +6,7 @@ This repository contains the configuration for my personal homelab stack, includ
 |---------|-------------|------------|
 | **Vaultwarden** | Self-hosted password manager (Bitwarden-compatible) | `https://vault.example.com` |
 | **2FAuth** | Self-hosted two-factor authentication manager | `https://auth.example.com` |
+| **Nextcloud** | Self-hosted file hosting service | `https://storage.example.com` |
 | **Caddy** | Reverse proxy with automatic HTTPS via DuckDNS (DNS-01) | *No direct UI* |
 | **Portainer** | Makes Docker life 100x easier (visual container manager) | `https://<SERVER_IP>:9443` |
 | **Uptime Kuma** | Monitors homelab/domain uptime | `http://<SERVER_IP>:3001` |
@@ -33,9 +34,11 @@ Before deploying, you **must** replace all placeholder values in the config file
 
 - `https://vault.example.com` and `vault.example.com` → your Vaultwarden domain
 - `https://auth.example.com` and `auth.example.com` → your 2FAuth domain
+- `https://storage.example.com` and `storage.example.com` → your Nextcloud domain
 - `admin@example.com` → your email address (used by Caddy / Let’s Encrypt and 2FAuth)
 - `TOKEN` → your DuckDNS token
 - `SomeRandomStringOf32CharsExactly` → a **32-character** random string for `APP_KEY`
+- `NEXTCLOUD_ADMIN_USER` and `NEXTCLOUD_ADMIN_PASSWORD` → your Nextcloud admin credentials
 
 ## DuckDNS Dynamic DNS Updater
 
@@ -68,10 +71,11 @@ This ensures your DuckDNS domains always point to your current IP.
 
 The **homelab/** folder contains:
 
-- `compose.yml` – runs Vaultwarden, 2FAuth, and Caddy
+- `compose.yml` – spins up Docker containers
 - `Caddyfile` – defines routing for:
   - `https://<vault-domain>` → Vaultwarden
   - `https://<auth-domain>` → 2FAuth
+  - `https://<storage-domain>` → Nextcloud
 
 ### Start the stack
 
@@ -79,6 +83,7 @@ The **homelab/** folder contains:
 cd homelab
 mkdir -p services/vaultwarden \
          services/2fauth \
+         services/nextcloud \
          services/uptimekuma \
          services/portainer \
          services/caddy/config \
@@ -99,9 +104,7 @@ docker compose down
 ### View logs
 
 ```bash
-docker logs caddy -f
-docker logs vaultwarden -f
-docker logs 2fauth -f
+docker logs <container> -f
 ```
 
 ### Auto-start on system boot
@@ -132,7 +135,7 @@ Then restart the containers:
 
 ```bash
 cd homelab
-docker compose restart vaultwarden 2fauth portainer dozzle uptime-kuma netdata
+docker compose restart vaultwarden 2fauth nextcloud portainer dozzle uptime-kuma netdata
 ```
 
 ## Updating
diff --git a/duckdns/duck.sh b/duckdns/duck.sh
index c4fe0d3..70bc50c 100755
--- a/duckdns/duck.sh
+++ b/duckdns/duck.sh
@@ -2,7 +2,7 @@
 
 # === CONFIGURATION ===
 TOKEN="TOKEN"
-DOMAINS=("auth" "vault")
+DOMAINS=("auth" "vault" "storage")
 LOG_DIR="$(cd "$(dirname "$0")" && pwd)"
 LOG_FILE="$LOG_DIR/duck.log"
 
diff --git a/homelab/Caddyfile b/homelab/Caddyfile
index ac713e0..a7ed2f8 100644
--- a/homelab/Caddyfile
+++ b/homelab/Caddyfile
@@ -39,3 +39,26 @@
 
     reverse_proxy 2fauth:8000
 }
+
+# ===========================
+# Nextcloud
+# ===========================
+{$STORAGE_DOMAIN} {
+    log {
+        level INFO
+        output file {$LOG_FILE} {
+            roll_size 10MB
+            roll_keep 10
+        }
+    }
+
+    tls {
+        dns duckdns {$DUCKDNS_TOKEN}
+    }
+
+    encode zstd gzip
+
+
+    reverse_proxy nextcloud:80
+}
+
diff --git a/homelab/compose.yml b/homelab/compose.yml
index 1cda02d..2a599e1 100644
--- a/homelab/compose.yml
+++ b/homelab/compose.yml
@@ -35,6 +35,21 @@ services:
     networks:
       - default
 
+  # ==========================
+  # Nextcloud (Personal cloud / NAS)
+  # ==========================
+  nextcloud:
+    image: nextcloud:latest
+    container_name: nextcloud
+    restart: always
+    volumes:
+      - ./services/nextcloud:/var/www/html
+    environment:
+      - NEXTCLOUD_ADMIN_USER=admin         # Change to yours
+      - NEXTCLOUD_ADMIN_PASSWORD=changeme  # Change to a strong password
+    networks:
+      - default
+
   # ==========================
   # Caddy (Reverse proxy)
   # ==========================
@@ -55,6 +70,7 @@ services:
       # For Caddy: hostnames only, no https://
       VAULT_DOMAIN: "vault.example.com" # Change to yours
       AUTH_DOMAIN:  "auth.example.com" # Change to yours
+      STORAGE_DOMAIN: "storage.example.com" # Change to yours
       EMAIL: "admin@example.com" # Change to yours
       DUCKDNS_TOKEN: "TOKEN" # Change to yours
       LOG_FILE: "/data/access.log"