{"id":21625783,"url":"https://github.com/escomputers/homecloud","last_synced_at":"2026-04-10T02:03:04.586Z","repository":{"id":282297331,"uuid":"947578995","full_name":"escomputers/homecloud","owner":"escomputers","description":"General steps for deploying a personal cloud using Nextcloud","archived":false,"fork":false,"pushed_at":"2025-03-13T19:38:12.000Z","size":13,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-13T20:34:16.914Z","etag":null,"topics":["borgbackup","docker","glacier","homecloud","nextcloud","rclone","s3-bucket"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/escomputers.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-03-12T23:10:41.000Z","updated_at":"2025-03-13T19:38:15.000Z","dependencies_parsed_at":"2025-03-13T20:45:18.008Z","dependency_job_id":null,"html_url":"https://github.com/escomputers/homecloud","commit_stats":null,"previous_names":["escomputers/homecloud"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/escomputers%2Fhomecloud","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/escomputers%2Fhomecloud/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/escomputers%2Fhomecloud/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/escomputers%2Fhomecloud/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/escomputers","download_url":"https://codeload.github.com/escomputers/homecloud/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244297908,"owners_count":20430347,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["borgbackup","docker","glacier","homecloud","nextcloud","rclone","s3-bucket"],"created_at":"2024-11-25T01:10:37.595Z","updated_at":"2025-12-31T00:14:24.162Z","avatar_url":"https://github.com/escomputers.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"## Minimum Requirements\n* Ubuntu \u003e=18 or Debian \u003e=9\n* CPU/Memory: 2 CPU/4GB RAM\n* Storage: 100GB SSD hard drive\n* DNS record A or Cloudflare Tunnel\n* HTTP and HTTPS ports opened\n\n\n## Run Nextcloud AIO\n```bash\n# Make sure to set NEXTCLOUD_DATADIR and NEXTCLOUD_MOUNT paths\ndocker compose -p homecloud up -d\n# Reference: https://github.com/nextcloud/all-in-one?tab=readme-ov-file#nextcloud-all-in-one\n```\n\n\n## Encryption at rest\nOnly newly uploaded files will be encrypted, unless you run encrypt:all command\n```bash\ndocker exec --user www-data -it nextcloud-aio-nextcloud php occ encryption:enable\n\ndocker exec --user www-data -it nextcloud-aio-nextcloud php occ encryption:status\n# Reference: https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html#occ-encryption-commands\n```\n\n## Automatic backups and upload to S3 Glacier Deep Archive\nFirst, enable automatic daily backups using AIO interface. Take note of the encryption password for backups.\n\nNextcloud uses BorgBackup as the underlying backup technology. By default, it sets a retention policy of:\n- Keep 7 end of day, 4 additional end of week and 6 end of month archives\n\n### Server configuration\n1. Install required packages\n```bash\nsudo apt update \u0026\u0026 sudo apt install -y jq unzip\n\n# Install awscli\ncurl \"https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip\" -o \"awscliv2.zip\"\nunzip awscliv2.zip\nsudo ./aws/install\n\n# Make sure to use the latest stable version of aws_signing_helper\nwget https://rolesanywhere.amazonaws.com/releases/1.4.0/X86_64/Linux/aws_signing_helper\nchmod +x aws_signing_helper\nsudo mv aws_signing_helper /usr/local/bin/\n```\n\n2. Install rclone\n```bash\nsudo -v ; curl https://rclone.org/install.sh | sudo bash\n```\n\n3. Configure rclone, by changing settings in [rclone.conf file](rclone.conf). Then move it to your rclone config directory, usually `~/.config/rclone/rclone.conf`\n\n4. Setup PKI for AWS login\n```bash\n# Create a private key for CA certificate\nopenssl genrsa -out homecloud-root-ca.key 4096\n\n# Create CA certificate (valid for 10 years) using an OpenSSL configuration file\n# Make sure to change all values inside the [ dn ] SECTION before applying the following command\nopenssl req -x509 -new -nodes -config certificates/selfsigned-ca.cnf -key homecloud-root-ca.key -days 3650 -out homecloud-root-ca.crt\n\n# Create a private key for client certificate\nopenssl genrsa -out homecloud-client.key 2048\n\n### Create client certificate Signing Request\n# Make sure that the --subj argument values match the [ dn ] SECTION inside the selfsigned-ca.cnf configuration file before applying the following command\nopenssl req -new -key homecloud-client.key -out homecloud-client.csr -subj \"/C=IT/ST=Ragusa/L=Acate/O=HomeCloud/CN=homecloud.yourdomain.com\"\n\n### Sign client certificate using CA (valid for 1 year) and use an OpenSSL configuration file\n# to apply certificate extensions required by AWS\nopenssl x509 -req -in homecloud-client.csr -CA homecloud-root-ca.crt -CAkey homecloud-root-ca.key -CAcreateserial -out homecloud-client.crt -days 365 -sha256 -extfile certificates/homecloud-client.cnf -extensions homecloudclient_extensions\n```\n\n\n### AWS configuration\n1. Create a Roles Anywhere Trust Anchor to estabilish trust between the server and AWS using the Certificate Authority:\n- Certificate authority (CA) source = External certificate bundle\n- External certificate bundle = Paste the content of homecloud-root-ca.crt into the box\n- (Optional) customize Notification settings for certificates expiration alerts\n\n2. Create an S3 bucket along with a Lifecycle rule with action \"Expire current versions of objects\" and set a value of your liking for \"Days after object creation\" field. This is for removing old tar.gz archives and free-up disk space\n\n3. Create a [IAM Policy](iam/iam-role-policy.json) but change `s3bucketname` to match your S3 bucket name\n\n4. Create a IAM Role:\n- use Roles Anywhere as Service Principal\n- attach the previously created permission policy to it\n- add a [Trust Policy](iam/iam-role-trust-policy.json) but replace `rolesanywhere-trustanchor-arn` with the Trust Anchor ARN created before\n- (Optional) customize Maximum session duration value according to your liking (currently 4hrs). Make sure to change the `--session-duration` parameter within [homecloud_backup.sh file](homecloud_backup.sh) accordingly.\n\n5. Create a Roles Anywhere Profile:\n- select the previously created IAM Role from the dropdown\n- (Optional) customize Maximum session duration value according to your liking (currently 4hrs). Make sure to change the `--session-duration` parameter within [homecloud_backup.sh file](homecloud_backup.sh) accordingly.\n\n### Backup configuration\n1. Change the [ENV file](homecloud_backup.env) according to your setup then:\n```bash\nsudo mv homecloud_backup.env /etc/homecloud_backup.sh \u0026\u0026 sudo chmod 600 /etc/homecloud_backup.env\n\nsudo mv homecloud_backup.sh /usr/local/bin/homecloud_backup.sh \u0026\u0026 sudo chmod 644 /usr/local/bin/homecloud_backup.sh\n```\n\n2. Set a Cronjob to automatically run the backup script\n```bash\ncrontab -e\n# Every 10 days at 4:00am\n0 4 */10 * * bash /usr/local/bin/homecloud_backup.sh\n```\n\n## Restore files from S3 Deep Archive\n```bash\n# List S3 objects with StorageClass Glacier Deep Archive\naws s3api list-objects --bucket \u003cBUCKET_NAME\u003e | grep \"StorageClass\" | grep DEEP_ARCHIVE\n\n# Change object StorageClass for 2 days from Deep Archive to Standard\naws s3api restore-object \\\n  --bucket \u003cBUCKET_NAME\u003e \\\n  --key \"borg_2025-03-11_22-50-21.tar.gz\" \\\n  --restore-request '{\"Days\":2, \"GlacierJobParameters\": {\"Tier\": \"Standard\"}}'\n\n# Check restoration status\naws s3api head-object --bucket \u003cBUCKET_NAME\u003e --key borg_2025-03-11_22-50-21.tar.gz\n\n# Misc\n# check S3 bucket usage\naws s3 ls s3://\u003cBUCKET_NAME\u003e --recursive --human-readable --summarize\n```\n\n## Restore Nextcloud data into a new server\nReference: https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-migrate-from-aio-to-aio\n\n1. Install a valid SSL certificate on the server:\n```bash\n# Make sure that no process is running on port 80\nsudo snap install --classic certbot\nsudo ln -s /snap/bin/certbot /usr/bin/certbot\nsudo certbot certonly --standalone\n```\n\n2. Once you've installed the new AIO Nextcloud instance, start the compose project and then go to https://yourdomain.com:8443/login\n\n3. Copy the tar.gz archive of the Borg repository into the new host. Then extract it and place it into a directory. The extracted directory name must be `borg`. E.g. `/mnt/borg`\n\n4. On AIO Nextcloud Interface webpage, select \"Restore AIO instance\":\n- enter the path of the extracted backup without specifying the directory name. E.g. if backup is placed at `/mnt/borg`, use: `/mnt`\n- enter Borg encryption password\n\n5. Change domain (if required)\nReference: https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-change-the-domain\n```bash\n# Replace each occurrence of old domain with the new one inside configuration.json\nsudo docker run -it --rm --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config:rw alpine sh -c \"apk add --no-cache nano \u0026\u0026 nano /mnt/docker-aio-config/data/configuration.json\"\n\n'overwritehost' =\u003e 'newurl.com'\n'trusted_domains' =\u003e array (0 =\u003e 'localhost', 1 =\u003e 'newurl.com')\n'overwrite.cli.url' =\u003e 'https://newurl.com/'\n```\nAfter that, restart/start all Nextcloud containers and everything should work as expected\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fescomputers%2Fhomecloud","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fescomputers%2Fhomecloud","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fescomputers%2Fhomecloud/lists"}