diff --git a/README.md b/README.md
index 619dec1..78432c0 100644
--- a/README.md
+++ b/README.md
@@ -12,3 +12,69 @@ Au premier lancement, assurez-vous que :
- Changez ses permissions à `600`
C'est dans ce fichier que seront conservés tous les certificats générés par Traefik.
+
+### Migration des données
+
+1. Mettre nextcloud en mode maintenance :
+```
+sudo -u www-data php occ maintenance:mode --on
+```
+2. Faire un dump de la bdd
+```
+sudo -u postgres pg_dump -Fc nc > nc.dump
+```
+3. Sauver les données du dossier nextcloud
+```
+mkdir /var/lib/backuppc/migration
+tar caf /var/lib/backuppc/migration/nextcloud.tar.xz /srv/nextcloud/
+```
+4. Sauver le fichier de configuration de nextcloud
+```
+# par précaution, ne devrait pas être utile
+cp /var/www/nextcloud/public_html/config/config.php /var/lib/backuppc/migration
+```
+
+…
+installation de proxmox, vm, docker.
+…
+
+### Installation des services
+
+1. Cloner le repo de l'infra
+```
+git clone https://yuno.oiseauroch.fr/gitea/tobias/infra-oasis21.git
+```
+2. Create `config.php` from the file in vaultwarden
+3. Move `secrets/librezo.secrets.example` to `secrets/librezo.secrets`
+4.Replace **nextcloud** and **collabora** password from vaultwarden
+```
+sed -i 's/__POSTGRES_PASSWORD__/nextcloudstrongpassword/g' config.php secrets/librezo.secrets
+sed -i 's/__COLLABORA_PASSWORD__/collaborastrongpassword/g' config.php secrets/librezo.secrets
+```
+
+4. Start traefik
+```
+cd traefik
+docker-compose up -d
+```
+5. Create docker containers and volume
+```
+docker-compose up --no-start
+```
+6. Import database
+```
+docker cp nc.dump nextcloud-db:/nc.dmp
+docker-compose up -d nextcloud-db
+docker-compose exec nextcloud-db sh -c "pg_restore -d nc -U nc nc.dmp"
+docker-compose exec nextcloud-db rm /nc.dmp
+```
+7. Copy files
+```
+docker cp /your/files nextcloud-app:/var/www/html/
+docker-compose up -d nextcloud-app
+docker-compose exec nextcloud-app chown -R www-data:www-data /var/www/html/data
+```
+8. change `config.php` rights
+```
+docker-compose exec nextcloud-app chown -R www-data:www-data /var/www/html/config
+```
diff --git a/nextcloud/.gitignore b/nextcloud/.gitignore
index 2228b93..56c61ff 100644
--- a/nextcloud/.gitignore
+++ b/nextcloud/.gitignore
@@ -1,2 +1,3 @@
*.secrets
.env
+config.php
diff --git a/nextcloud/config.php b/nextcloud/config.php
deleted file mode 100644
index 4895810..0000000
--- a/nextcloud/config.php
+++ /dev/null
@@ -1,62 +0,0 @@
- 'oc00cptraqej',
- 'passwordsalt' => 'QDWCIlUPIxBCPkOPapq39bHhFtrADT',
- 'secret' => 'xfKWpSH0/UV4PYUClkDRyaeiYc2SugcEe0/mZVB7/6lElAQE',
- 'trusted_domains' =>
- array (
- 0 => 'cloud.oasis21.org',
- ),
- 'apps_paths' =>
- array (
- 0 =>
- array (
- 'path' => '/var/www/html/apps',
- 'url' => '/apps',
- 'writable' => false,
- ),
- 1 =>
- array (
- 'path' => '/var/www/html/custom_apps',
- 'url' => '/custom_apps',
- 'writable' => true,
- ),
- ),
- 'datadirectory' => '/var/www/html/data',
- 'dbtype' => 'pgsql',
- 'version' => '23.0.0.10',
- 'overwrite.cli.url' => 'https://cloud.oasis21.org',
- 'dbname' => 'nc',
- 'dbhost' => 'nextcloud-db',
- 'dbport' => '',
- 'dbtableprefix' => 'oc_',
- 'dbuser' => 'nc',
- 'dbpassword' => 'tavnuenRo',
- 'installed' => true,
- 'logfile' => '/var/log/nextcloud/nextcloud.log',
- 'log_type' => 'file',
- 'htaccess.RewriteBase' => '/',
- 'skeletondirectory' => '',
- 'memcache.local' => '\\OC\\Memcache\\APCu',
- 'memcache.locking' => '\\OC\\Memcache\\Redis',
- 'memcache.distributed' => '\\OC\\Memcache\\Redis',
- 'redis' =>
- array (
- 'host' => '/redis',
- 'password' => '',
- 'port' => 6379,
- ),
- 'default_phone_region' => 'FR',
- 'defaultapp' => 'files',
- 'encryption.legacy_format_support' => false,
- 'simpleSignUpLink.shown' => false,
- 'updater.release.channel' => 'stable',
- 'mail_domain' => 'oasis21.org',
- 'mail_from_address' => 'nextcloud',
- 'mail_smtpmode' => 'smtp',
- 'loglevel' => 0,
- 'integrity.check.disabled' => false,
- 'ldapUserCleanupInterval' => '10',
- 'ldapProviderFactory' => 'OCA\\User_LDAP\\LDAPProviderFactory',
- 'maintenance' => false,
-);
diff --git a/nextcloud/docker-compose.yml b/nextcloud/docker-compose.yml
index 58a3522..a825ed5 100644
--- a/nextcloud/docker-compose.yml
+++ b/nextcloud/docker-compose.yml
@@ -49,8 +49,8 @@ services:
image: 'bitnami/redis:latest'
container_name: redis
environment:
- - ALLOW_EMPTY_PASSWORD=yes
- "TZ=Europe/Paris"
+ env_file: ./secrets/librezo.secrets
networks:
- nextcloud
diff --git a/nextcloud/loolwsd.xml b/nextcloud/loolwsd.xml
index 1fd2e18..7a9ce67 100644
--- a/nextcloud/loolwsd.xml
+++ b/nextcloud/loolwsd.xml
@@ -157,7 +157,7 @@
true
false
nextcloud
- o!NdFB7fpQAbXG
+ __COLLABORA__PASSWORD__
diff --git a/nextcloud/secrets/librezo.secrets.example b/nextcloud/secrets/librezo.secrets.example
index e0ec1f8..f7baba5 100644
--- a/nextcloud/secrets/librezo.secrets.example
+++ b/nextcloud/secrets/librezo.secrets.example
@@ -1,6 +1,8 @@
-POSTGRES_PASSWORD=MOT_DE_PASSE_POSTGRES
+POSTGRES_PASSWORD=__POSTGRES_PASSWORD__
POSTGRES_DB=nc
POSTGRES_USER=nc
POSTGRES_HOST=nextcloud-db
username=nextcloud
-password=MOT_DE_PASSE_COLLABORA
+password=__COLLABORA_PASSWORD__
+REDIS_PASSWORD=__REDIS_PASSWORD__
+REDIS_HOST_PASSWORD=$REDIS_PASSWORD