New recipe: Nextcloud with MariaDB.

.recipes/nextcloud_mariadb/configs/nextcloud-config.php

@@ -0,0 +1 @@
+../storage/volumes/nextcloud_html/config/config.php

.recipes/nextcloud_mariadb/crontab.template

@@ -0,0 +1,2 @@
+# Service-specific maintenance.
+*/5 *  *   *   *     CRON=1 USER=$LOGNAME $HOME/services/[servicename]/tools/maintenance_cron

.recipes/nextcloud_mariadb/docker-compose.yml

@@ -0,0 +1,76 @@
+# Nextcloud Server (stable) with MariaDB LTS
+#
+services:
+  # https://hub.docker.com/_/nextcloud
+  # https://github.com/docker-library/docs/tree/master/nextcloud
+  # https://github.com/nextcloud/server
+  nextcloud:
+    image: nextcloud:stable-apache
+    # Database must be accessible.
+    depends_on:
+      database:
+        condition: service_started
+    restart: unless-stopped
+    # Take a look the possible public port collision.
+    ports:
+      - 8201:80
+    links:
+      - database
+    volumes:
+      # Needs R/O UID:GID 33:33 (www-data:www-data).
+      - ./storage/volumes/nextcloud_init_d:/docker-entrypoint-hooks.d:ro
+      # Needs R/W UID:GID 33:33 (www-data:www-data).
+      - ./storage/volumes/nextcloud_html:/var/www/html
+      - ./storage/volumes/nextcloud_data:/wtkclouddata
+    environment:
+      MYSQL_HOST: database
+      MYSQL_DATABASE: nextcloud
+      MYSQL_USER: nextcloud
+      # Same as in MariaDB's configuration.
+      MYSQL_PASSWORD: secret-1
+      NEXTCLOUD_ADMIN_USER: admin
+      # E.g. https://www.avast.com/random-password-generator
+      NEXTCLOUD_ADMIN_PASSWORD: secret-3
+      # Fill in according to local settings.
+      #NEXTCLOUD_TRUSTED_DOMAINS: example.com, cloud.example.com
+      # These are required behind a reverse proxy.
+      APACHE_DISABLE_REWRITE_IP: 1
+      # Feel free to adapt to your Docker environment.
+      TRUSTED_PROXIES: 172.16.0.0/12
+      # If you force https on the reverse proxy (which is recommended).
+      #OVERWRITEPROTOCOL: https
+      # Optional context path.
+      #OVERWRITEWEBROOT: /nextcloud
+      # PHP settings.
+      PHP_MEMORY_LIMIT: 1024M
+      PHP_UPLOAD_LIMIT: 1024M
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    labels:
+      com.centurylinklabs.watchtower.enable: true
+  #
+  # https://hub.docker.com/_/mariadb
+  database:
+    image: mariadb:lts
+    restart: unless-stopped
+    # Only for migration or debugging.
+    #ports:
+    # - 3306:3306
+    volumes:
+      # Needs R/W UID:GID 999:999.
+      - ./storage/volumes/mysql:/var/lib/mysql
+      # Needs read UID 999.
+      - ./storage/volumes/mysql_conf_d:/etc/mysql/conf.d
+      - ./storage/volumes/mysql_init_d:/docker-entrypoint-initdb.d
+    environment:
+      MARIADB_AUTO_UPGRADE: "1"
+      MARIADB_INITDB_SKIP_TZINFO: "1"
+      MYSQL_DATABASE: nextcloud
+      MYSQL_USER: nextcloud
+      # E.g. https://www.avast.com/random-password-generator
+      MYSQL_PASSWORD: secret-1
+      MYSQL_ROOT_PASSWORD: secret-2
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    labels:
+      com.centurylinklabs.watchtower.enable: true

.recipes/nextcloud_mariadb/storage/backups/dumps/.gitignore

@@ -0,0 +1,4 @@
+# Ignore everything in this directory except these files.
+*
+!.gitignore
+!.rotate_folder.conf

.recipes/nextcloud_mariadb/storage/backups/dumps/.rotate_folder.conf

@@ -0,0 +1,9 @@
+# This is a shell script excerpt for configuration purposes only.
+# Handle with care! Please don't put code here, only variables.
+
+CLASSES_PATTERN="^([^.]*)\..*\.$HOSTNAME\.(dmp|sql\.gz|tgz|log)$"
+DOIT="yes"                      # if empty the script makes a dry run
+# RETAIN_DAYS=7                 # retains all files created within that many days
+# RETAIN_WEEKS=4                # retains one file per week/month,
+# RETAIN_MONTHS=12              # created within that many weeks/months
+

.recipes/nextcloud_mariadb/storage/backups/webcontent/.gitignore

@@ -0,0 +1,3 @@
+# Ignore everything in this directory except these files.
+*
+!.gitignore

.recipes/nextcloud_mariadb/storage/volumes/mysql/.gitignore

@@ -0,0 +1,3 @@
+# Ignore everything in this directory except this file.
+*
+!.gitignore

.recipes/nextcloud_mariadb/storage/volumes/mysql_conf_d/mariadb.cnf.optional

@@ -0,0 +1,30 @@
+# MariaDB 11.x settings according to the Nextcloud stack (optional).
+# See also:
+# https://gist.github.com/fevangelou/fb72f36bbe333e059b66
+# https://github.com/major/MySQLTuner-perl
+
+[mysqld]
+
+# https://gist.github.com/fevangelou/fb72f36bbe333e059b66
+# consider https://github.com/major/MySQLTuner-perl
+innodb_buffer_pool_size         = 2G	# 70-80% of memory available for MySQL/MariaDB
+innodb_buffer_pool_instances    = 2	# Use 1 instance per 1GB of InnoDB pool size
+innodb_file_per_table           = 1
+innodb_flush_log_at_trx_commit  = 0
+innodb_flush_method             = O_DIRECT
+innodb_log_buffer_size		= 64M
+innodb_log_file_size		= 256M	# should be 25% of innodb_buffer_pool_size / 2
+innodb_stats_on_metadata	= 0
+# https://mariadb.com/kb/en/configuring-mariadb-for-optimal-performance/
+# we practically don't use the MyISAM engine
+key_buffer_size	= 10M
+# https://mariadb.com/kb/en/mariadb-memory-allocation/#query-cache
+query_cache_type	= 0
+query_cache_size	= 0
+#query_cache_type	= ON
+#query_cache_size	= 10M
+#query_cache_limit	= 1M
+
+# Buffer Settings
+#sort_buffer_size	= 1M
+#join_buffer_size	= 1M

.recipes/nextcloud_mariadb/storage/volumes/mysql_init_d/.gitignore

@@ -0,0 +1,3 @@
+# Ignore everything in this directory except this file.
+*
+!.gitignore

.recipes/nextcloud_mariadb/storage/volumes/nextcloud_data/.gitignore

@@ -0,0 +1,3 @@
+# Ignore everything in this directory except this file.
+*
+!.gitignore

.recipes/nextcloud_mariadb/storage/volumes/nextcloud_html/.gitignore

@@ -0,0 +1,3 @@
+# Ignore everything in this directory except this file.
+*
+!.gitignore

.recipes/nextcloud_mariadb/storage/volumes/nextcloud_init.d/.gitignore

@@ -0,0 +1,3 @@
+# Ignore everything in this directory except this file.
+*
+!.gitignore

.recipes/nextcloud_mariadb/tools/backup.d/dumpdb_mysql.sh

@@ -0,0 +1,177 @@
+#!/bin/bash
+#
+# A service script to backup the docker-composed MySQL/MariaDB database.
+# Dumps database to the $BASE_DIR/storage/backups/dumps folder (by default).
+# An optional parameter may change the target folder.
+#
+# This script gets the database credentials from the docker-compose.yml file
+# and calls the mysql_dumpdb worker script which should be installed in
+# the same folder or somewhere in the path.
+#
+# Call as a Docker manager user (member of the docker Linux group) via cron.
+#
+# Author: Kovács Zoltán <kovacsz@marcusconsulting.hu>
+#         Kovács Zoltán <kovacs.zoltan@smartfront.hu>
+# License: GNU/GPL 3+ https://www.gnu.org/licenses/gpl-3.0.en.html
+# 2025-02-26 v0.3
+# mod: doesn't tied to a particular composition (Mediawiki, Wordpress, etc).
+# 2024-12-01 v0.2.1
+# fix: typo in docker-compose version detection.
+# 2024-08-25 v0.2
+# new: docker-compose v2 compatibility - tested with Ubuntu 24.04 LTS.
+# 2021-10-19 v0.1 Initial version.
+
+# Accepted environment variables and their defaults.
+#
+PAR_BASEDIR=${PAR_BASEDIR:-""}                  # Service's base folder
+PAR_DUMPDIR=${PAR_DUMPDIR:-""}                  # Folder to dump within
+PAR_SERVICE=${PAR_SERVICE:-"database"}          # Service's name in composition
+
+# Messages (maybe overridden by configuration).
+#
+MSG_DOCKERGRPNEED="You must be a member of the docker group."
+MSG_DOESNOTRUN="This service doesn't run."
+MSG_MISSINGDEP="Fatal: missing dependency"
+MSG_MISSINGCONF="Fatal: missing config file"
+MSG_MISSINGYML="Fatal: didn't find the docker-compose.yml file"
+MSG_NONWRITE="The target directory isn't writable"
+MSG_NOLOCATE="Cannot locate the database container."
+MSG_NOPARAM="Missing environment parameter"
+
+# Other initialisations.
+#
+CONFFILE="docker-compose.yml"			# Configuration file
+DUMPDIR="storage/backups/dumps"			# Folder to dump within
+USER=${USER:-LOGNAME}                           # Fix for cron enviroment only
+YMLFILE="docker-compose.yml"
+
+# Checks the dependencies.
+#
+TR=$(which tr 2>/dev/null)
+if [ -z "$TR" ]; then echo "$MSG_MISSINGDEP tr."; exit 1 ; fi
+for item in basename cat cut date dirname docker \
+            find grep hostname id pwd tail xargs
+do
+    if [ -n "$(which $item)" ]
+    then export $(echo $item | "$TR" '[:lower:]' '[:upper:]' | "$TR" '-' '_')=$(which $item)
+    else echo "$MSG_MISSINGDEP $item." >&2; exit 1; fi
+done
+# All dependencies are available via "$THECOMMAND" (upper case) call.
+#
+# Let's find which version of docker-compose is installed.
+if [ $($DOCKER compose version >/dev/null 2>&1; echo $?) -eq 0 ]; then
+    # We'll use v2 if it is available.
+    DOCKER_COMPOSE="$DOCKER"
+    commandstring="compose"
+else
+    # Otherwise falling back to v1.
+    DOCKER_COMPOSE="$(which docker-compose)"
+    commandstring=""
+fi
+# One of the two is mandatory.
+if [ -z "$DOCKER_COMPOSE" ];then echo "$MSG_MISSINGDEP docker-compose" >&2; exit 1; fi
+# Below docker-compose should be called as "$DOCKER_COMPOSE" $commandstring sequence.
+
+# Where I'm?
+# https://gist.github.com/TheMengzor/968e5ea87e99d9c41782
+SOURCE="$0"
+while [ -h "$SOURCE" ]; do
+    # resolve $SOURCE until the file is no longer a symlink
+    SCRPATH="$( cd -P "$("$DIRNAME" "$SOURCE" )" && echo "$PWD" )" #"
+    SOURCE="$("$READLINK" "$SOURCE")"
+    # if $SOURCE was a relative symlink, we need to resolve it
+    # relative to the path where the symlink file was located
+    [[ $SOURCE != /* ]] && SOURCE="$SCRPATH/$SOURCE"
+done; SCRPATH="$( cd -P "$("$DIRNAME" "$SOURCE" )" && echo "$PWD" )" #"
+
+# Need to be root or a Docker manager user.
+#
+[[ "$USER" != 'root' ]] \
+&& [[ -z "$(echo "$("$ID" -Gn "$USER") " | "$GREP" ' docker ')" ]] \
+&& echo "$MSG_DOCKERGRPNEED" >&2 && exit 1 #"
+
+# Searches the base folder, containing a docker-compose.yml file.
+#
+# Called from the base folder (./)?
+BASE_DIR="$PAR_BASEDIR"
+TEST_DIR="$SCRPATH"
+[[ -z "$BASE_DIR" ]] && [[ -r "$TEST_DIR/$YMLFILE" ]] && BASE_DIR="$TEST_DIR"
+# Called from ./tools?
+TEST_DIR="$("$DIRNAME" "$TEST_DIR")"
+[[ -z "$BASE_DIR" ]] && [[ -r "$TEST_DIR/$YMLFILE" ]] && BASE_DIR="$TEST_DIR"
+# Called from ./tools/*.d?
+TEST_DIR="$("$DIRNAME" "$TEST_DIR")"
+[[ -z "$BASE_DIR" ]] && [[ -r "$TEST_DIR/$YMLFILE" ]] && BASE_DIR="$TEST_DIR"
+# On failure gives it up here.
+if [ -z "$BASE_DIR" -o ! -r "$BASE_DIR/$YMLFILE" ]; then
+    echo "$MSG_MISSINGYML" >&2; exit 1
+fi
+# Sets the absolute paths.
+CONFFILE="$BASE_DIR/$CONFFILE"
+DUMPDIR="${PAR_DUMPDIR:-$BASE_DIR/$DUMPDIR}"
+
+# The dump target folder must be writable.
+#
+[[ ! -w "$DUMPDIR" ]] \
+&& echo "$MSG_NONWRITE: $DUMPDIR" >&2 && exit 1
+
+# The composition must be running - silently gives up here if not.
+#
+[[ -z "$(cd "$BASE_DIR"; "$DOCKER_COMPOSE" $commandstring ps --services --filter "status=running")" ]] \
+&& exit 1
+
+# Searches and parses the config file.
+#
+if [ ! -r "$CONFFILE" ]; then
+    echo "$MSG_MISSINGCONF $CONFFILE" >&2; exit 1
+fi
+#
+function parse { [[ -z "$1" ]] && return
+    # Gets the live lines containing the parameter.
+    value=$("$CAT" "$CONFFILE" | "$GREP" -ve '^#' | \
+            "$GREP" -e "$1" | "$TR" -d '\r')
+    # If multiple the last one to consider.
+    value=$(echo -e  "$value" | "$TAIL" -n1)
+    # Right side of the colon W/O leading and trailing spaces and quotes.
+    value=$(echo -ne "$value" | "$CUT" -d':' -f2 | "$XARGS")
+    # Removes the trailing semicolon (if any).
+    value=${value%;*}
+    echo -e "$value"; return
+}
+# All parameters are mandatories.
+MYCONTAINER="$PAR_SERVICE" # TODO: guess from the yml
+if [ -z "$MYCONTAINER" ]; then echo "$MSG_NOPARAM PAR_SERVICE" >&2; exit 1; fi1; fi
+MYDATABASE="$(parse "MYSQL_DATABASE")"
+if [ -z "$MYDATABASE" ]; then echo "$MSG_NOPARAM MYSQL_DATABASE" >&2; exit 1; fi
+MYUSER="$(parse "MYSQL_USER")"
+if [ -z "$MYUSER" ]; then echo "$MSG_NOPARAM MYSQL_USER" >&2; exit 1; fi
+MYPASSWORD="$(parse "MYSQL_PASSWORD")"
+if [ -z "$MYPASSWORD" ]; then echo "$MSG_NOPARAM MYSQL_PASSWORD" >&2; exit 1; fi
+# We've the configuration parsed.
+
+# Converts the database service name to an actual running container's name.
+#
+MYCONTAINER="$("$DOCKER" inspect -f '{{.Name}}' $(cd "$BASE_DIR"; "$DOCKER_COMPOSE" $commandstring ps -q "$MYCONTAINER") | "$CUT" -c2-)"
+# Gives up here if failed.
+if [ -z "$MYCONTAINER" ]; then echo "$MSG_NOLOCATE" >&2; exit 1; fi
+
+# Locates the worker script (in PATH or in this script's folder).
+#
+MYSQL_DUMPDB=$(which mysql_dumpdb)
+if [ -z "$MYSQL_DUMPDB" -a -x "$("$DIRNAME" "$0")/mysql_dumpdb" ]; then
+    MYSQL_DUMPDB="$SCRPATH/mysql_dumpdb"
+fi
+if [ -z "$MYSQL_DUMPDB" ]; then echo "$MSG_MISSINGDEP mysql_dumpdb."; exit 1 ; fi
+
+# Tries the DB backup.
+#
+if [ -n "$MYSQL_DUMPDB" -a -w "$DUMPDIR" ]; then
+    BACKUP_NAME=$MYDATABASE.$("$DATE" '+%Y%m%d_%H%M%S').$("$HOSTNAME")
+    ( cd "$DUMPDIR"
+      export MYCONTAINER MYUSER MYPASSWORD
+      "$MYSQL_DUMPDB" --compress "$MYDATABASE" "$DUMPDIR/$BACKUP_NAME.sql" \
+                      2>>"$DUMPDIR/$BACKUP_NAME.log"
+    )
+fi
+
+# That's all, Folks! :)

.recipes/nextcloud_mariadb/tools/backup.d/storage_backup.sh

@@ -0,0 +1,123 @@
+#!/bin/bash
+#
+# A service script to backup the relevant user's storage (data folder)
+# of a docker-composed Nextcloud instance. Creates a tarball in
+# $BASE_DIR/storage/backups/tarballs folder (by default). An optional
+# parameter may change the target folder.
+#
+# Call as a Docker manager user (member of the docker Linux group) via cron.
+#
+# Author: Kovács Zoltán <kovacsz@marcusconsulting.hu>
+# License: GNU/GPL 3+ https://www.gnu.org/licenses/gpl-3.0.en.html
+# 2025-11-24 v0.1 Initial version.
+
+# Accepted environment variables and their defaults.
+#
+PAR_BASEDIR=${PAR_BASEDIR:-""}                  # Service's base folder
+PAR_BACKUPDIR=${PAR_BACKUPDIR:-""}              # Folder to dump within
+
+# Messages (maybe overridden by configuration).
+#
+MSG_DOCKERGRPNEED="You must be a member of the docker group."
+MSG_DOESNOTRUN="This service doesn't run."
+MSG_MISSINGDEP="Fatal: missing dependency"
+MSG_MISSINGYML="Fatal: didn't find the docker-compose.yml file"
+MSG_NONWRITE="The target directory isn't writable"
+MSG_NOLOCATE="Cannot locate the Nextcloud container."
+
+# Other initialisations.
+#
+BACKUPDIR="storage/backups/tarballs"		# Folder to dump within
+SERVICENAME="nextcloud"				# The composed Nextcloud service
+USER=${USER:-LOGNAME}                           # Fix for cron enviroment only
+YMLFILE="docker-compose.yml"
+
+# Checks the dependencies.
+#
+TR=$(which tr 2>/dev/null)
+if [ -z "$TR" ]; then echo "$MSG_MISSINGDEP tr."; exit 1 ; fi
+for item in basename cat cut date dirname docker \
+            find grep hostname id pwd tail xargs
+do
+    if [ -n "$(which $item)" ]
+    then export $(echo $item | "$TR" '[:lower:]' '[:upper:]' | "$TR" '-' '_')=$(which $item)
+    else echo "$MSG_MISSINGDEP $item." >&2; exit 1; fi
+done
+# All dependencies are available via "$THECOMMAND" (upper case) call.
+#
+# Let's find which version of docker-compose is installed.
+if [ $($DOCKER compose version 2>&1 >/dev/null; echo $?) -eq 0 ]; then
+    # We'll use v2 if it is available.
+    DOCKER_COMPOSE="$DOCKER"
+    commandstring="compose"
+else
+    # Otherwise falling back to v1.
+    DOCKER_COMPOSE="$(which docker-compose)"
+    commandstring=""
+fi
+# One of the two is mandatory.
+if [ -z "$DOCKER_COMPOSE" ];then echo "$MSG_MISSINGDEP docker-compose" >&2; exit 1; fi
+# Below docker-compose should be called as "$DOCKER_COMPOSE" $commandstring sequence.
+
+# Where I'm?
+# https://gist.github.com/TheMengzor/968e5ea87e99d9c41782
+SOURCE="$0"
+while [ -h "$SOURCE" ]; do
+    # resolve $SOURCE until the file is no longer a symlink
+    SCRPATH="$( cd -P "$("$DIRNAME" "$SOURCE" )" && echo "$PWD" )" #"
+    SOURCE="$("$READLINK" "$SOURCE")"
+    # if $SOURCE was a relative symlink, we need to resolve it
+    # relative to the path where the symlink file was located
+    [[ $SOURCE != /* ]] && SOURCE="$SCRPATH/$SOURCE"
+done; SCRPATH="$( cd -P "$("$DIRNAME" "$SOURCE" )" && echo "$PWD" )" #"
+
+# Need to be root or a Docker manager user.
+#
+[[ "$USER" != 'root' ]] \
+&& [[ -z "$(echo "$("$ID" -Gn "$USER") " | "$GREP" ' docker ')" ]] \
+&& echo "$MSG_DOCKERGRPNEED" >&2 && exit 1 #"
+
+# Searches the base folder, containing a docker-compose.yml file.
+#
+# Called from the base folder (./)?
+BASE_DIR="$PAR_BASEDIR"
+TEST_DIR="$SCRPATH"
+[[ -z "$BASE_DIR" ]] && [[ -r "$TEST_DIR/$YMLFILE" ]] && BASE_DIR="$TEST_DIR"
+# Called from ./tools?
+TEST_DIR="$("$DIRNAME" "$TEST_DIR")"
+[[ -z "$BASE_DIR" ]] && [[ -r "$TEST_DIR/$YMLFILE" ]] && BASE_DIR="$TEST_DIR"
+# Called from ./tools/*.d?
+TEST_DIR="$("$DIRNAME" "$TEST_DIR")"
+[[ -z "$BASE_DIR" ]] && [[ -r "$TEST_DIR/$YMLFILE" ]] && BASE_DIR="$TEST_DIR"
+# On failure gives it up here.
+if [ -z "$BASE_DIR" -o ! -r "$BASE_DIR/$YMLFILE" ]; then
+    echo "$MSG_MISSINGYML" >&2; exit 1
+fi
+# Sets the absolute paths.
+BACKUPDIR="${PAR_BACKUPDIR:-$BASE_DIR/$BACKUPDIR}"
+
+# The dump target folder must be writable.
+#
+[[ ! -w "$BACKUPDIR" ]] \
+&& echo "$MSG_NONWRITE: $BACKUPDIR" >&2 && exit 1
+
+# The service must be running - silently gives up here if not.
+#
+[[ -z "$(cd "$BASE_DIR"; "$DOCKER_COMPOSE" $commandstring ps --services --filter "status=running")" ]] \
+&& exit 1
+
+# Converts the Nextcloud service name to an actual running container's name.
+#
+NCCONTAINER="$("$DOCKER" inspect -f '{{.Name}}' $(cd "$BASE_DIR"; "$DOCKER_COMPOSE" $commandstring ps -q "$SERVICENAME") | "$CUT" -c2-)"
+# Gives up here if failed.
+if [ -z "$NCCONTAINER" ]; then echo "$MSG_NOLOCATE" >&2; exit 1; fi
+
+# Tries the FS backup.
+if [ -w "$BACKUPDIR" ]; then
+    BACKUP_NAME=$NCCONTAINER.$("$DATE" '+%Y%m%d_%H%M%S').$("$HOSTNAME")
+    "$DOCKER" exec $NCCONTAINER sh \
+    -c "cd /var/www/html; tar cz data" \
+    >  "$BACKUPDIR/$BACKUP_NAME.tgz" 2>>"$BACKUPDIR/$BACKUP_NAME.log"
+fi
+
+# That's all, Folks! :)

.recipes/nextcloud_mariadb/tools/backup.d/storage_gitbackup.sh

@@ -0,0 +1,161 @@
+#!/bin/bash
+#
+# Humble tool to commit the content of a docker-composed Nextcloud service's
+# web files into a git repository to make a daily backup of documents.
+# Also makes the repository with a metastore file if doesn't exist yet.
+#
+# This script called usually by the cron (but indirectly).
+# Depends loosely on metastore package, which isn't absolutely necessary,
+# but strongly recommended to backup file time attributes and permissions,
+# which the git tool doesn't do.
+#
+# Author: Kovács Zoltán <kovacs.zoltan@smartfront.hu>
+# License: GNU/GPL v3+ (https://www.gnu.org/licenses/gpl-3.0.en.html)
+# 2025-11-21 v0.1 Initial release
+
+# Accepted environment variables and their defaults.
+#
+BOTEMAIL=${BOTEMAIL:-"backupbot@example.com"}	# Git repo owner's email (fake)
+BOTNAME=${BOTNAME:-"Backup Bot"}		# Git repo owner's name (fake)
+SERVICE_BASE=${PAR_BASEDIR:-""}			# Corresponding service's base
+GITDIR=${PAR_GITDIR:-""}			# Folder containing .git
+BACKUPDIR=${PAR_BACKUPDIR:-""}			# Folder to backup into git
+
+# Basic environment settings.
+#
+LANG=C
+LC_ALL=C
+# We need also the sbin directories.
+if ! [[ "$PATH" =~ '/sbin:' ]]; then
+PATH="$PATH:/usr/local/sbin:/usr/sbin:/sbin"; fi
+
+# Messages.
+#
+MSG_GITCOMMIT="Automated backup"
+MSG_MISSINGBASE="Fatal: missing SERVICE_BASE"
+MSG_MISSINGDEP="Fatal: missing dependency"
+MSG_MISSINGGIT="Fatal: unable to find the backup (git) folder"
+MSG_MISSINGSOURCE="Fatal: unable to find the source folder"
+MSG_WRONGGIT="Fatal: unusable backup (git) folder"
+
+# Other initialisations.
+#
+BACKUPPATH="storage/volumes/nextcloud_data"
+GITPATH="storage/backups/webcontent"
+YMLFILE="docker-compose.yml"
+
+# Checks the dependencies.
+#
+TR=$(which tr 2>/dev/null)
+if [ -z "$TR" ]; then echo "$MSG_MISSINGDEP tr."; exit 1 ; fi
+for item in cut date dirname docker git readlink
+do
+    if [ -n "$(which $item)" ]
+    then export $(echo $item | "$TR" '[:lower:]' '[:upper:]')=$(which $item)
+    else echo "$MSG_MISSINGDEP $item." >&2; exit 1; fi
+done
+# All dependencies are available via "$THECOMMAND" (upper case) call.
+
+# Where I'm?
+# https://gist.github.com/TheMengzor/968e5ea87e99d9c41782
+#
+SOURCE="$0"
+while [ -h "$SOURCE" ]; do
+    # resolve $SOURCE until the file is no longer a symlink
+    SCRPATH="$( cd -P "$("$DIRNAME" "$SOURCE" )" && echo "$PWD" )" #"
+    SOURCE="$("$READLINK" "$SOURCE")"
+    # if $SOURCE was a relative symlink, we need to resolve it
+    # relative to the path where the symlink file was located
+    [[ $SOURCE != /* ]] && SOURCE="$SCRPATH/$SOURCE"
+done; SCRPATH="$( cd -P "$("$DIRNAME" "$SOURCE" )" && echo "$PWD" )" #"
+
+# Let's find which version of docker-compose is installed.
+if [ $($DOCKER compose version >/dev/null 2>&1; echo $?) -eq 0 ]; then
+    # We'll use v2 if it is available.
+    DOCKER_COMPOSE="$DOCKER"
+    commandstring="compose"
+else
+    # Otherwise falling back to v1.
+    DOCKER_COMPOSE="$(which docker-compose)"
+    commandstring=""
+fi
+# One of the two is mandatory.
+if [ -z "$DOCKER_COMPOSE" ];then echo "$MSG_MISSINGDEP docker-compose" >&2; exit 1; fi
+# Below docker-compose should be called as "$DOCKER_COMPOSE" $commandstring sequence.
+
+# Searches the base folder, containing a docker-compose.yml file.
+#
+# Called from the base folder (./)?
+TEST_DIR="$SCRPATH"
+[[ -z "$SERVICE_BASE" ]] && [[ -r "$TEST_DIR/$YMLFILE" ]] && SERVICE_BASE="$TEST_DIR"
+# Called from ./tools?
+TEST_DIR="$("$DIRNAME" "$TEST_DIR")"
+[[ -z "$SERVICE_BASE" ]] && [[ -r "$TEST_DIR/$YMLFILE" ]] && SERVICE_BASE="$TEST_DIR"
+# Called from ./tools/*.d?
+TEST_DIR="$("$DIRNAME" "$TEST_DIR")"
+[[ -z "$SERVICE_BASE" ]] && [[ -r "$TEST_DIR/$YMLFILE" ]] && SERVICE_BASE="$TEST_DIR"
+# On failure gives it up here.
+if [ -z "$SERVICE_BASE" -o ! -r "$SERVICE_BASE/$YMLFILE" ]; then
+    echo "$MSG_MISSINGYML" >&2; exit 1
+fi
+
+# Locates the folder to backup.
+#
+# Maybe given as a command line parameter.
+[[ -n "$1" ]] && SOURCEDIR="$1" && shift
+# Or as an environment variable, or fallbacks to the default.
+[[ -z "$SOURCEDIR" ]] && SOURCEDIR="${BACKUPDIR:-$SERVICE_BASE/$BACKUPPATH}"
+# Gives up here if doesn't found.
+if [ -z "$SOURCEDIR" -o ! -d "$("$READLINK" -e "$SOURCEDIR")" ]; then
+    echo "$MSG_MISSINGSOURCE $SOURCEDIR"; exit 1
+fi
+
+# Locates the backup (git) folder.
+#
+# Maybe given as a command line parameter.
+[[ -n "$1" ]] && GITDIR="$1" && shift
+# Or fallbacks to the default.
+[[ -z "$GITDIR" ]] && GITDIR="$SERVICE_BASE/$GITPATH"
+# Gives up here if doesn't found.
+if [ -z "$GITDIR" -o ! -d "$("$READLINK" -e "$GITDIR")" ]; then
+    echo "$MSG_MISSINGGIT $GITDIR"; exit 1
+fi
+# Does it writable?
+( cd "$GITDIR" 2>/dev/null
+  if [ ! "$PWD" = "$GITDIR" -o ! -w "$PWD" ]; then
+      echo "$MSG_WRONGGIT $GITDIR"; exit 1
+  fi
+) || exit 1
+# We've the folders localized.
+
+# The service must be running - silently gives up here if not.
+#
+[[ -z "$(cd "$SERVICE_BASE"; "$DOCKER_COMPOSE" $commandstring ps --services --filter "status=running")" ]] \
+&& exit 1
+
+# Attempts the backup commit.
+#
+# Initializes the git backup if it doesn't exist yet.
+if [ ! -d "$GITDIR/.git" ]; then
+    # Initializes the repo itself.
+    "$GIT" --git-dir="$GITDIR/.git" --work-tree="$SOURCEDIR" init --quiet
+    "$GIT" --git-dir="$GITDIR/.git" --work-tree="$SOURCEDIR" config user.name "$BOTNAME"
+    "$GIT" --git-dir="$GITDIR/.git" --work-tree="$SOURCEDIR" config user.email "$BOTEMAIL"
+fi
+# Stages all the files and non-empty folders.
+"$GIT" --git-dir="$GITDIR/.git" --work-tree="$SOURCEDIR" add . >/dev/null
+
+# Stores the file system metadata as well, if the tool has been installed.
+if [ ! -z "$(which metastore)" -a -x "$(which metastore)" ]; then
+    # This commamd silently creates the metastore file if it doesnt' exist yet.
+    ( cd "$SOURCEDIR"
+      "$(which metastore)" -smqq --file ".metadata"
+    )
+    # Stages it as well.
+    "$GIT" --git-dir="$GITDIR/.git" --work-tree="$SOURCEDIR" add ".metadata" >/dev/null
+fi
+# Makes the commit.
+"$GIT" --git-dir="$GITDIR/.git" --work-tree="$SOURCEDIR" commit --quiet -m "'$MSG_GITCOMMIT $("$DATE" '+%Y%m%d-%H%M%S')'"
+# Git done.
+
+# That's all, Folks! :)

.recipes/nextcloud_mariadb/tools/maintenance_cron

@@ -0,0 +1,83 @@
+#!/bin/bash
+#
+# Periodic maintenance operations for a Nextcloud instance.
+# This script is usually called by cron (perhaps indirectly).
+#
+# Author: Kovács Zoltán <kovacsz@marcusconsulting.hu>
+# License: GNU/GPL v3+ (https://www.gnu.org/licenses/gpl-3.0.en.html)
+# 2025-11-21 v0.1 Initial release
+
+# Accepted environment variables and their defaults.
+PAR_BASEDIR=${PAR_BASEDIR:-""}			# Service's base folder.
+
+# Other initialisations.
+COMMANDLINE="php /var/www/html/cron.php"
+COMMANDUSER="www-data"
+SERVICENAME="nextcloud"
+YMLFILE="docker-compose.yml"
+
+# Messages.
+MSG_MISSINGDEP="Fatal: missing dependency"
+MSG_MISSINGYML="Fatal: didn't find the docker-compose.yml file"
+
+# Checks the dependencies.
+TR=$(which tr 2>/dev/null)
+if [ -z "$TR" ]; then echo "$MSG_MISSINGDEP tr."; exit 1 ; fi
+for item in basename dirname docker readlink
+do
+    if [ -n "$(which $item)" ]
+    then export $(echo $item | "$TR" '[:lower:]' '[:upper:]' | "$TR" '-' '_')=$(which $item)
+    else echo "$MSG_MISSINGDEP $item." >&2; exit 1; fi
+done
+# All dependencies are available via "$THECOMMAND" (upper case) call.
+#
+# Let's find which version of docker-compose is installed.
+if [ $($DOCKER compose version 2>&1 >/dev/null; echo $?) -eq 0 ]; then
+    # We'll use v2 if it is available.
+    DOCKER_COMPOSE="$DOCKER"
+    commandstring="compose"
+else
+    # Otherwise falling back to v1.
+    DOCKER_COMPOSE="$(which docker-compose)"
+    commandstring=""
+fi
+# One of the two is mandatory.
+if [ -z "$DOCKER_COMPOSE" ];then echo "$MSG_MISSINGDEP docker-compose" >&2; exit 1; fi
+# Below docker-compose should be called as "$DOCKER_COMPOSE" $commandstring sequence.
+
+# Where I'm?
+# https://gist.github.com/TheMengzor/968e5ea87e99d9c41782
+SOURCE="$0"
+while [ -h "$SOURCE" ]; do
+    # resolve $SOURCE until the file is no longer a symlink
+    SCRPATH="$( cd -P "$("$DIRNAME" "$SOURCE" )" && pwd )" #"
+    SOURCE="$("$READLINK" "$SOURCE")"
+    # if $SOURCE was a relative symlink, we need to resolve it
+    # relative to the path where the symlink file was located
+    [[ $SOURCE != /* ]] && SOURCE="$SCRPATH/$SOURCE"
+done; SCRPATH="$( cd -P "$("$DIRNAME" "$SOURCE" )" && pwd )" #"
+
+# Searches the base folder, containing a docker-compose.yml file.
+# Called from the base folder (./)?
+BASE_DIR="$PAR_BASEDIR"
+TEST_DIR="$SCRPATH"
+[[ -z "$BASE_DIR" ]] && [[ -r "$TEST_DIR/$YMLFILE" ]] && BASE_DIR="$TEST_DIR"
+# Called from ./tools?
+TEST_DIR="$("$DIRNAME" "$TEST_DIR")"
+[[ -z "$BASE_DIR" ]] && [[ -r "$TEST_DIR/$YMLFILE" ]] && BASE_DIR="$TEST_DIR"
+# Called from ./tools/*.d?
+TEST_DIR="$("$DIRNAME" "$TEST_DIR")"
+[[ -z "$BASE_DIR" ]] && [[ -r "$TEST_DIR/$YMLFILE" ]] && BASE_DIR="$TEST_DIR"
+# On failure gives it up here silently.
+if [ -z "$BASE_DIR" -o ! -r "$BASE_DIR/$YMLFILE" ]; then
+    echo "$MSG_MISSINGYML" >&2; exit 1
+fi
+
+# Only if the service is running.
+if [ -n "$(cd "$BASE_DIR"; "$DOCKER_COMPOSE" $commandstring ps --services --filter "status=running")" ]; then
+    # Runs command COMMANDLINE on service SERVICENAME as COMMANDUSER.
+    SERVICENAME="$("$BASENAME" "$BASE_DIR")-$SERVICENAME-1"
+    "$DOCKER" exec -u "$COMMANDUSER" "$SERVICENAME" $COMMANDLINE
+fi
+
+# That's all, Folks!

.recipes/nextcloud_mariadb/tools/restoredb_mysql.sh

@@ -0,0 +1,195 @@
+#!/bin/bash
+#
+# Restores a composed MySQL/MariaDB database from a dump file.
+# Gets all necessary data from the docker-compose.yml file.
+#
+# This is a wrapper script to the system-wide mysql_restoredb tool.
+# Database recovey with the necessary user management and grants
+# requires superuser privileges in MySQL, but simple data recovery
+# is possible if the user and privileges are already set.
+#
+# You have to call this script as a Docker manager user (member of the
+# 'docker' Linux group). The worker tool must be available somewhere
+# in PATH. At least 5.7.6 MySQL or at least 10.1.3 MariaDB is required.
+#
+# Usage:
+# $0 path_to_the_dumpfile [ path_to_the_service's_base ]
+#
+# Author: Kovács Zoltán <kovacsz@marcusconsulting.hu>
+# License: GNU/GPL v3+ (https://www.gnu.org/licenses/gpl-3.0.en.html)
+#
+# 2025-02-26 v0.1 Forked from the Smartfront repository and rewritten.
+
+# Accepted environment variables and their defaults.
+#
+PAR_SERVICE=${SERVICE:-"database"}		# Database container's name
+
+# Other initialisations.
+#
+BACKUPFOLDER="storage/backups/dumps"		# Skeleton's default dump folder
+PROP_DBAPASS="MYSQL_ROOT_PASSWORD"		# DB admin password property
+PROP_DBNAME="MYSQL_DATABASE"			# DB name property
+PROP_DBPASS="MYSQL_PASSWORD"			# DB password property
+PROP_DBUSER="MYSQL_USER"			# DB username property
+USER=${USER:-LOGNAME}                           # Fix for cron enviroment only
+YMLFILE="docker-compose.yml"
+
+# Basic environment settings.
+#
+LANG=C
+LC_ALL=C
+
+# Messages.
+#
+MSG_BADDUMP="Fatal: doesn't exist or doesn't a dumpfile:"
+MSG_DOCKERGRPNEED="You must be a member of the docker group."
+MSG_DOESNOTRUN="This service doesn't run."
+MSG_MISSINGDEP="Fatal: missing dependency"
+MSG_MISSINGCONF="Fatal: missing config file"
+MSG_MISSINGYML="Fatal: didn't find the $YMLFILE file"
+MSG_NOLOCATE="Cannot locate the database container."
+MSG_NOPARAM="Missing environment parameter"
+
+MSG_USAGE="Usage: $0 dump_pathname [ composition_base_pathname ]\n"
+MSG_USAGE+="ENVVAR:\n"
+MSG_USAGE+="SERVICE       \tDatabase service's name in composition\n"
+
+# Checks the dependencies.
+#
+TR=$(which tr 2>/dev/null)
+if [ -z "$TR" ]; then echo "$MSG_MISSINGDEP tr."; exit 1 ; fi
+for item in basename cat cut date dirname docker \
+            grep id mysql_restoredb readlink tail xargs
+do
+    if [ -n "$(which $item)" ]
+    then export $(echo $item | "$TR" '[:lower:]' '[:upper:]' | "$TR" '-' '_')=$(which $item)
+    else echo "$MSG_MISSINGDEP $item." >&2; exit 1; fi
+done
+# All dependencies are available via "$THECOMMAND" (upper case) call.
+#
+# Let's find which version of docker-compose is installed.
+if [ $($DOCKER compose version >/dev/null 2>&1; echo $?) -eq 0 ]; then
+    # We'll use v2 if it is available.
+    DOCKER_COMPOSE="$DOCKER"
+    commandstring="compose"
+else
+    # Otherwise falling back to v1.
+    DOCKER_COMPOSE="$(which docker-compose)"
+    commandstring=""
+fi
+# One of the two is mandatory.
+if [ -z "$DOCKER_COMPOSE" ];then echo "$MSG_MISSINGDEP docker-compose" >&2; exit 1; fi
+# Below docker-compose should be called as "$DOCKER_COMPOSE" $commandstring sequence.
+
+# Where I'm?
+# https://gist.github.com/TheMengzor/968e5ea87e99d9c41782
+SOURCE="$0"
+while [ -h "$SOURCE" ]; do
+    # resolve $SOURCE until the file is no longer a symlink
+    SCRPATH="$( cd -P "$("$DIRNAME" "$SOURCE" )" && echo "$PWD" )" #"
+    SOURCE="$("$READLINK" "$SOURCE")"
+    # if $SOURCE was a relative symlink, we need to resolve it
+    # relative to the path where the symlink file was located
+    [[ $SOURCE != /* ]] && SOURCE="$SCRPATH/$SOURCE"
+done; SCRPATH="$( cd -P "$("$DIRNAME" "$SOURCE" )" && echo "$PWD" )" #"
+
+# Need to be root or a Docker manager user.
+#
+[[ "$USER" != 'root' ]] \
+&& [[ -z "$(echo "$("$ID" -Gn "$USER") " | "$GREP" ' docker ')" ]] \
+&& echo "$MSG_DOCKERGRPNEED" >&2 && exit 1 #"
+
+# Gets the command line parameters.
+#
+# DUMPFILE is mandatory
+if [ -n "$1" ]; then DUMPFILE="$1"; shift
+else echo -e "$MSG_USAGE" >&2; exit 1; fi
+# SERVICE_BASE is optional
+if [ -n "$1" ]; then SERVICE_BASE="$1"; shift; fi
+# We've read the unchecked command line parameters.
+
+# Searches the base folder, containing the YMLFILE.
+#
+if [ -z "$SERVICE_BASE" ]; then
+    # Called from the base folder (./)?
+    TEST_DIR="$SCRPATH"
+    [[ -z "$SERVICE_BASE" ]] && [[ -r "$TEST_DIR/$YMLFILE" ]] && SERVICE_BASE="$TEST_DIR"
+    # Called from ./tools?
+    TEST_DIR="$("$DIRNAME" "$TEST_DIR")"
+    [[ -z "$SERVICE_BASE" ]] && [[ -r "$TEST_DIR/$YMLFILE" ]] && SERVICE_BASE="$TEST_DIR"
+    # Called from ./tools/*.d?
+    TEST_DIR="$("$DIRNAME" "$TEST_DIR")"
+    [[ -z "$SERVICE_BASE" ]] && [[ -r "$TEST_DIR/$YMLFILE" ]] && SERVICE_BASE="$TEST_DIR"
+fi
+# On failure gives it up here.
+if [ -z "$SERVICE_BASE" -o ! -r "$SERVICE_BASE/$YMLFILE" ]; then
+    echo "$MSG_MISSINGYML" >&2; exit 1
+fi
+# Sets the absolute path.
+YMLFILE="$SERVICE_BASE/$YMLFILE"
+# We've the YMLFILE.
+
+# Finds the DUMPFILE to use.
+#
+# The DUMPFILE must point to a readable file.
+# If doesn't it tries the skeleton's standard backup folder as well.
+if [ ! -r "$DUMPFILE" ]
+then DUMPFILE="$("$DIRNAME" "$SERVICE_BASE")/$BACKUPFOLDER/$DUMPFILE"; fi
+# If it is an existing symlink dereferences it to ensure, it points to a file.
+if [ -h "$DUMPFILE" ]; then
+    if [[ "$("$READLINK" "$DUMPFILE")" != /* ]]
+    # relative path in symlink
+    then DUMPFILE="$("$DIRNAME" "$DUMPFILE")/$("$READLINK" "$DUMPFILE")"
+    # absolute path in symlink
+    else DUMPFILE="$("$READLINK" "$DUMPFILE")"; fi
+fi
+# Let's check it!
+if [ ! -r "$DUMPFILE" -o  ! -f "$DUMPFILE" ]
+then echo -e "$MSG_BADDUMP $DUMPFILE"; exit 1; fi
+# We've an existing dumpfile.
+
+# The composition must be running - silently gives up here if not.
+#
+[[ -z "$(cd "$SERVICE_BASE"; "$DOCKER_COMPOSE" $commandstring ps --services --filter "status=running")" ]] \
+&& exit 1
+
+# Parses the YMLFILE for parameters to use.
+#
+function parse { [[ -z "$1" ]] && return
+    # Gets the live lines containing the parameter.
+    value=$("$CAT" "$YMLFILE" | "$GREP" -ve '^#' | \
+            "$GREP" -e "^ *$1" | "$TR" -d '\r')
+    # If multiple the last one to consider.
+    value=$(echo -e  "$value" | "$TAIL" -n1)
+    # Right side of the colon W/O leading and trailing spaces and quotes.
+    value=$(echo -ne "$value" | "$CUT" -d':' -f2 | "$XARGS")
+    # Removes the trailing semicolon (if any).
+    value=${value%;*}
+    echo -e "$value"; return
+}
+# These parameters are mandatory.
+MYCONTAINER="$PAR_SERVICE" # TODO: guess from the yml
+if [ -z "$MYCONTAINER" ]; then echo "$MSG_NOPARAM PAR_SERVICE" >&2; exit 1; fi1; fi
+MYDATABASE="$(parse "$PROP_DBNAME")"
+if [ -z "$MYDATABASE" ]; then echo "$MSG_NOPARAM $PROP_DBNAME" >&2; exit 1; fi
+MYUSER="$(parse "$PROP_DBUSER")"
+if [ -z "$MYUSER" ]; then echo "$MSG_NOPARAM $PROP_DBUSER" >&2; exit 1; fi
+MYPASSWORD="$(parse "$PROP_DBPASS")"
+if [ -z "$MYPASSWORD" ]; then echo "$MSG_NOPARAM $PROP_DBPASS" >&2; exit 1; fi
+# These are optional.
+MYDBAUSER="root"
+MYDBAPASSWORD="$(parse "$PROP_DBAPASS")"
+# We've the configuration parsed.
+
+# Converts the database service name to an actual running container's name.
+#
+MYCONTAINER="$("$DOCKER" inspect -f '{{.Name}}' $(cd "$SERVICE_BASE"; "$DOCKER_COMPOSE" $commandstring ps -q "$MYCONTAINER") | "$CUT" -c2-)"
+# Gives up here if failed.
+if [ -z "$MYCONTAINER" ]; then echo "$MSG_NOLOCATE" >&2; exit 1; fi
+
+# Calls the worker script to make the job.
+#
+export MYDBAUSER MYDBAPASSWORD MYPASSWORD
+"$MYSQL_RESTOREDB" -C "$MYCONTAINER" -U "$MYUSER" "$MYDATABASE" "$DUMPFILE"
+
+# That's all, Folks! :)