From 630a0f60a0713f2ef857adf6674f489564af488e Mon Sep 17 00:00:00 2001
From: Nicolas Gelot <nicolas.gelot@e.email>
Date: Tue, 23 Sep 2025 18:46:07 +0200
Subject: [PATCH 1/3] feat: move local stuff into dedicated yaml

---
 .env.example                                 | 13 ++-
 .gitlab-ci.yml                               | 24 ++++++
 README.md                                    | 19 +++++
 config/nginx/templates/default.conf.template |  2 +-
 docker-compose.local.yml                     | 55 +++++++++++++
 docker-compose.yml                           | 84 ++++++++------------
 nginx.Dockerfile                             |  3 +
 7 files changed, 145 insertions(+), 55 deletions(-)
 create mode 100644 docker-compose.local.yml
 create mode 100644 nginx.Dockerfile

diff --git a/.env.example b/.env.example
index 716a186b..355126f8 100644
--- a/.env.example
+++ b/.env.example
@@ -1,10 +1,13 @@
 # docker compose
 COMPOSE_BAKE=true
+COMPOSE_FILE=docker-compose.yml:docker-compose.local.yml
 
 # Server
 DOMAIN=localhost
 
 # mail
+SMTP_SECURE=tls
+SMTP_PORT=587
 SMTP_NAME=username
 SMTP_PASSWORD=123456
 SMTP_HOST=smtp.domain.com
@@ -22,10 +25,16 @@ REDIS_HOST=redis
 REDIS_HOST_PASSWORD=12456
 
 # nextcloud
-NEXTCLOUD_DOCKERFILE=slim.Dockerfile 
-NEXTCLOUD_DOCKER_IMG=registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/slim
+NEXTCLOUD_DOCKER_IMG=registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/slim:latest
 NEXTCLOUD_ADMIN_USER=admin
 NEXTCLOUD_ADMIN_PASSWORD=@dm1n
 NEXTCLOUD_TRUSTED_DOMAINS=nginx
 SENTRY_DSN=
 SENTRY_PUBLIC_DSN=
+
+# nginx
+NGINX_DOCKER_IMG=registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/nginx:latest
+
+# syslog
+SYSLOG_HOST=syslog
+
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index fcdae6f6..8a4e5747 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -34,6 +34,12 @@ build-slim-workspace:
     DOCKER_BUILD_ARGS: "-f slim.Dockerfile"
     REGISTRY_SUBPATH: "/slim"
 
+build-nginx-workspace:
+  extends: .build
+  variables:
+    DOCKER_BUILD_ARGS: "-f nginx.Dockerfile"
+    REGISTRY_SUBPATH: "/nginx"
+
 publish-slim-latest:
   extends: .deploy
   variables:
@@ -43,6 +49,15 @@ publish-slim-latest:
   rules:
     - if: '$CI_COMMIT_REF_NAME == "slim"'
 
+publish-nginx-latest:
+  extends: .deploy
+  variables:
+     DOCKER_BUILD_ARGS: "-f nginx.Dockerfile"
+     REGISTRY_SUBPATH: "/nginx"
+     MW_DOCKER_VERSION: "latest"
+  rules:
+    - if: '$CI_COMMIT_REF_NAME == "slim"'
+
 publish-slim-tag:
   extends: .deploy
   variables:
@@ -51,3 +66,12 @@ publish-slim-tag:
     MW_DOCKER_VERSION: "${CI_COMMIT_TAG/v/}"
   rules:
     - if: '$CI_COMMIT_TAG'
+
+publish-nginx-tag:
+  extends: .deploy
+  variables:
+    DOCKER_BUILD_ARGS: "-f nginx.Dockerfile"
+    REGISTRY_SUBPATH: "/nginx"
+    MW_DOCKER_VERSION: "${CI_COMMIT_TAG/v/}"
+  rules:
+    - if: '$CI_COMMIT_TAG'
diff --git a/README.md b/README.md
index 642bf397..630ea2f7 100644
--- a/README.md
+++ b/README.md
@@ -6,6 +6,8 @@ This project builds a custom docker image from the official [Nextcloud](https://
 
 ## Getting started
 
+### Local environment
+
 You can configure default values from the `.env` file. See [.env.example](./.env.example).
 By default, the `slim` Murena Workspace is configured.
 
@@ -16,3 +18,20 @@ docker compose up --build -d
 ```
 
 Go to http://localhost:8000 then use admin credentials provided into `.env` file.
+
+### Swarm environment with managed storage and services
+
+
+First create the context:
+
+```
+docker context create dev --description "Development environment" --docker "host=ssh://root@dev.domain.app"
+docker --context dev service ls
+```
+
+Secondly, once the .env configuration file initiated create the deployments stack:
+
+```
+set -a && source .env && set +a
+docker --context dev stack deploy -c docker-compose.yml instance1
+```
diff --git a/config/nginx/templates/default.conf.template b/config/nginx/templates/default.conf.template
index 669f56b3..a48e4ae6 100644
--- a/config/nginx/templates/default.conf.template
+++ b/config/nginx/templates/default.conf.template
@@ -5,7 +5,7 @@ map $arg_v $asset_immutable {
 }
 
 upstream php-handler {
-    server nextcloud:9000;
+    server ${NEXTCLOUD_ADDR};
 }
 
 server {
diff --git a/docker-compose.local.yml b/docker-compose.local.yml
new file mode 100644
index 00000000..8164a19c
--- /dev/null
+++ b/docker-compose.local.yml
@@ -0,0 +1,55 @@
+services:
+  db:
+    image: postgres:17.4-alpine
+    restart: unless-stopped
+    environment:
+      - POSTGRES_DB=${DB_NAME}
+      - POSTGRES_USER=${DB_USER}
+      - POSTGRES_PASSWORD=${DB_PASSWORD}
+    volumes:
+      - db:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U ${DB_USER} -d ${DB_NAME}"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
+  redis:
+    image: redis:7.4-alpine
+    restart: unless-stopped
+    healthcheck:
+      test: [ "CMD", "redis-cli", "--raw", "incr", "ping" ]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
+  syslog:
+    image: jumanjiman/rsyslog
+    restart: unless-stopped
+
+  nextcloud:
+    build:
+      context: .
+      dockerfile: slim.Dockerfile
+    depends_on:
+      syslog:
+        condition: service_started
+        required: false
+      db:
+        condition: service_healthy
+        required: false
+      redis:
+        condition: service_healthy
+        required: false
+
+  nginx:
+    build:
+      context: .
+      dockerfile: nginx.Dockerfile
+    ports:
+      - "8000:80"
+    depends_on:
+      - nextcloud
+
+volumes:
+  db:
diff --git a/docker-compose.yml b/docker-compose.yml
index 24af74da..2c5aec59 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,34 +1,6 @@
 services:
-  db:
-    image: postgres:17.4-alpine
-    restart: unless-stopped
-    environment:
-      - POSTGRES_DB=${DB_NAME}
-      - POSTGRES_USER=${DB_USER}
-      - POSTGRES_PASSWORD=${DB_PASSWORD}
-    volumes:
-      - db:/var/lib/postgresql/data
-    healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U ${DB_USER} -d ${DB_NAME}"]
-      interval: 10s
-      timeout: 5s
-      retries: 5
-
-  redis:
-    image: redis:7.4-alpine
-    restart: unless-stopped
-    healthcheck:
-      test: [ "CMD", "redis-cli", "--raw", "incr", "ping" ]
-      interval: 10s
-      timeout: 5s
-      retries: 5
-
   nextcloud:
     image: ${NEXTCLOUD_DOCKER_IMG}
-    build:
-      context: .
-      dockerfile: ${NEXTCLOUD_DOCKERFILE}
-    restart: unless-stopped
     environment:
       - POSTGRES_HOST=${DB_HOST}
       - POSTGRES_USER=${DB_USER}
@@ -38,51 +10,59 @@ services:
       - NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER}
       - NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD}
       - NEXTCLOUD_TRUSTED_DOMAINS=${NEXTCLOUD_TRUSTED_DOMAINS}
-      - SMTP_SECURE=tls
-      - SMTP_PORT=587
+      - SMTP_SECURE=${SMTP_SECURE}
+      - SMTP_PORT=${SMTP_PORT}
       - SMTP_NAME=${SMTP_NAME}
       - SMTP_PASSWORD=${SMTP_PASSWORD}
       - SMTP_HOST=${SMTP_HOST}
       - MAIL_FROM_ADDRESS=${MAIL_FROM_ADDRESS}
       - MAIL_DOMAIN=${MAIL_DOMAIN}
-      - SYSLOG_HOST=syslog
+      - SYSLOG_HOST=${SYSLOG_HOST}
       - SENTRY_DSN=${SENTRY_DSN}
       - SENTRY_PUBLIC_DSN=${SENTRY_PUBLIC_DSN}
     volumes:
       - nextcloud:/var/www/html
-    depends_on:
-      syslog:
-        condition: service_started
-      db:
-        condition: service_healthy
-      redis:
-        condition: service_healthy
-
-  syslog:
-    image: jumanjiman/rsyslog
+    deploy:
+      placement:
+        constraints:
+          - node.role == worker
 
   nextcloud-cron:
     image: ${NEXTCLOUD_DOCKER_IMG}
-    restart: unless-stopped
     entrypoint: /cron.sh
     volumes:
       - nextcloud:/var/www/html
-    depends_on:
-      - nextcloud
+    deploy:
+      placement:
+        constraints:
+          - node.role == worker
 
   nginx:
-    image: nginx:stable-alpine
-    restart: unless-stopped
+    image: ${NGINX_DOCKER_IMG}
     environment:
+      NEXTCLOUD_ADDR: ${NEXTCLOUD_ADDR:-nextcloud:9000}
       DOMAIN: ${DOMAIN}
-    ports:
-      - "8000:80"
     volumes:
-      - ${DEPLOYMENT_PATH:-.}/config/nginx/templates:/etc/nginx/templates
       - nextcloud:/var/www/html
-    depends_on:
-      - nextcloud
+    deploy:
+      placement:
+        constraints:
+          - node.role == worker
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.${COMPOSE_PROJECT_NAME:-nextcloud}.rule=Host(`${DOMAIN}`)
+      - traefik.http.routers.${COMPOSE_PROJECT_NAME:-nextcloud}.entrypoints=websecure
+      - traefik.http.routers.${COMPOSE_PROJECT_NAME:-nextcloud}.tls.certresolver=letsencrypt
+      - traefik.http.routers.${COMPOSE_PROJECT_NAME:-nextcloud}-http.rule=Host(`${DOMAIN}`)
+      - traefik.http.routers.${COMPOSE_PROJECT_NAME:-nextcloud}-http.entrypoints=web
+      - traefik.http.routers.${COMPOSE_PROJECT_NAME:-nextcloud}-http.middlewares=https-redirect
+      - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
+      - traefik.http.services.${COMPOSE_PROJECT_NAME:-nextcloud}.loadbalancer.server.port=80
 
 volumes:
-  db:
   nextcloud:
+    driver: local
+    driver_opts:
+      type: nfs
+      o: addr=10.0.1.10,vers=4,rw,nolock,soft
+      device: ":/mnt/HC_Volume_102876136"
diff --git a/nginx.Dockerfile b/nginx.Dockerfile
new file mode 100644
index 00000000..0842bb53
--- /dev/null
+++ b/nginx.Dockerfile
@@ -0,0 +1,3 @@
+FROM nginx:1.28-alpine
+
+COPY ./config/nginx/templates /etc/nginx/templates
-- 
GitLab


From 596d42e1cb29859214473576913f3a6f2c4e4bfd Mon Sep 17 00:00:00 2001
From: Nicolas Gelot <nicolas.gelot@e.email>
Date: Mon, 6 Oct 2025 14:31:44 +0200
Subject: [PATCH 2/3] feat: rework murena slim config

Use recommended dynmic config from nextcloud doc
https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#multiple-merged-configuration-files
---
 config/nextcloud/murena.config.php            | 34 +++++++++++++++++++
 config/nextcloud/pgsql_ssl.config.php         |  9 +++++
 docker-compose.local.yml                      |  2 +-
 hooks.d/post-installation/murena-config.json  | 31 -----------------
 .../{murena-theme.sh => murena-config.sh}     | 17 ++++------
 slim.Dockerfile                               |  6 ++--
 6 files changed, 54 insertions(+), 45 deletions(-)
 create mode 100644 config/nextcloud/murena.config.php
 create mode 100644 config/nextcloud/pgsql_ssl.config.php
 delete mode 100644 hooks.d/post-installation/murena-config.json
 rename hooks.d/post-installation/{murena-theme.sh => murena-config.sh} (57%)

diff --git a/config/nextcloud/murena.config.php b/config/nextcloud/murena.config.php
new file mode 100644
index 00000000..ccf639b3
--- /dev/null
+++ b/config/nextcloud/murena.config.php
@@ -0,0 +1,34 @@
+<?php
+$CONFIG = array(
+  'integrity.check.disabled' => true,
+  'profile.enabled' => false,
+  'defaultapp' => 'murena-dashboard,files',
+  'theme' => 'eCloud',
+  'filelocking.enabled' => true,
+  'log_type' => 'syslog',
+  'loglevel' => 2,
+  'syslog_tag' => 'nextcloud',
+  'cron_log' => true,
+  'enabledPreviewProviders' => array(
+    'OC\\Preview\\PNG',
+    'OC\\Preview\\JPEG',
+    'OC\\Preview\\GIF',
+    'OC\\Preview\\BMP',
+    'OC\\Preview\\XBitmap',
+    'OC\\Preview\\MP3',
+    'OC\\Preview\\TXT',
+    'OC\\Preview\\MarkDown',
+    'OC\\Preview\\OpenDocument',
+    'OC\\Preview\\Krita',
+    'OC\\Preview\\Movie',
+  ),
+  'preview_max_x' => 1024,
+  'preview_max_y' => 1024,
+  'default_phone_region' => getenv('NEXTCLOUD_DEFAULT_PHONE_REGION_CODE') ?: 'FR',
+  'maintenance_window_start' => 1,
+);
+
+if (getenv('SENTRY_DSN') && getenv('SENTRY_PUBLIC_DSN')) {
+  $CONFIG['sentry.dsn'] = getenv('SENTRY_DSN');
+  $CONFIG['sentry.public-dsn'] = getenv('SENTRY_PUBLIC_DSN');
+}
diff --git a/config/nextcloud/pgsql_ssl.config.php b/config/nextcloud/pgsql_ssl.config.php
new file mode 100644
index 00000000..6e1a11a3
--- /dev/null
+++ b/config/nextcloud/pgsql_ssl.config.php
@@ -0,0 +1,9 @@
+<?php
+if (getenv('POSTGRES_SSL_MODE')) {
+  $CONFIG = array (
+    'pgsql_ssl' => array(
+      'mode' => getenv('POSTGRES_SSL_MODE'),  // see https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNECT-SSLMODE
+      'rootcert' => getenv('POSTGRES_SSL_ROOTCERT') ?: null,
+    ),
+  );
+}
diff --git a/docker-compose.local.yml b/docker-compose.local.yml
index 8164a19c..126ff589 100644
--- a/docker-compose.local.yml
+++ b/docker-compose.local.yml
@@ -1,6 +1,6 @@
 services:
   db:
-    image: postgres:17.4-alpine
+    image: postgres:16.10-alpine
     restart: unless-stopped
     environment:
       - POSTGRES_DB=${DB_NAME}
diff --git a/hooks.d/post-installation/murena-config.json b/hooks.d/post-installation/murena-config.json
deleted file mode 100644
index 01f37613..00000000
--- a/hooks.d/post-installation/murena-config.json
+++ /dev/null
@@ -1,31 +0,0 @@
-{
-  "system": {
-    "profile.enabled": false,
-    "defaultapp": "murena-dashboard,files",
-    "theme": "eCloud",
-    "filelocking.enabled": true,
-    "log_type": "syslog",
-    "loglevel": 2,
-    "syslog_tag": "nextcloud",
-    "cron_log": true,
-    "enabledPreviewProviders": [
-      "OC\\Preview\\PNG",
-      "OC\\Preview\\JPEG",
-      "OC\\Preview\\GIF",
-      "OC\\Preview\\BMP",
-      "OC\\Preview\\XBitmap",
-      "OC\\Preview\\MP3",
-      "OC\\Preview\\TXT",
-      "OC\\Preview\\MarkDown",
-      "OC\\Preview\\OpenDocument",
-      "OC\\Preview\\Krita",
-      "OC\\Preview\\Movie"
-    ],
-    "preview_max_x": 1024,
-    "preview_max_y": 1024,
-    "default_phone_region": "FR",
-    "maintenance_window_start": 1,
-    "sentry.dsn": "${SENTRY_DSN}",
-    "sentry.public-dsn": "${SENTRY_PUBLIC_DSN}"
-  }
-}
diff --git a/hooks.d/post-installation/murena-theme.sh b/hooks.d/post-installation/murena-config.sh
similarity index 57%
rename from hooks.d/post-installation/murena-theme.sh
rename to hooks.d/post-installation/murena-config.sh
index bd1987a9..c828e7b7 100755
--- a/hooks.d/post-installation/murena-theme.sh
+++ b/hooks.d/post-installation/murena-config.sh
@@ -3,15 +3,10 @@
 SCRIPT_DIR=$(dirname "$0")
 PATH=${PATH}:/var/www/html
 
-# Apply configuration
-sed -e "s|\${SENTRY_DSN}|${SENTRY_DSN}|g" \
-    -e "s|\${SENTRY_PUBLIC_DSN}|${SENTRY_PUBLIC_DSN}|g" \
-    "${SCRIPT_DIR}/murena-config.json" | occ config:import
-
 # Update theme
 occ maintenance:theme:update
 
-echo "Enabling nextcloud apps"
+# Manage apps
 occ app:enable contacts
 occ app:enable calendar
 occ app:enable ecloud-theme-helper
@@ -27,11 +22,11 @@ occ app:enable sentry
 occ app:disable firstrunwizard
 occ app:disable logreader
 
-echo "Performing some Nextcloud administrative tasks"
-if [ -n "${MYSQL_DATABASE+x}" ]; then
-  occ db:convert-mysql-charset
-fi
-occ db:convert-filecache-bigint --no-interaction
+# database
 occ db:add-missing-indices
+
+# mimetype migration
+occ maintenance:repair --include-expensive
+
 # Set background jobs to use system cron
 occ background:cron
diff --git a/slim.Dockerfile b/slim.Dockerfile
index 8fc693d8..d09ea1da 100644
--- a/slim.Dockerfile
+++ b/slim.Dockerfile
@@ -1,4 +1,4 @@
-FROM nextcloud:30.0.14-fpm
+FROM nextcloud:30.0.16-fpm AS nextcloud
 
 ARG BASE_DIR="/usr/src/nextcloud"
 
@@ -18,7 +18,7 @@ ARG THEME_VERSION="https://gitlab.e.foundation/api/v4/projects/315/packages/gene
 ARG SNAPPY_THEME_VERSION="https://gitlab.e.foundation/api/v4/projects/1377/packages/generic/snappymail/v4.0.5/snappymail-v4.0.5.tar.gz"
 
 COPY custom_entrypoint-slim.sh /
-COPY hooks.d/post-installation/ /docker-entrypoint-hooks.d/post-installation/
+COPY hooks.d/ /docker-entrypoint-hooks.d/
 
 RUN rm -rf ${BASE_DIR}/core/skeleton/* ${BASE_DIR}/themes/example \
  && mkdir -p ${BASE_DIR}/core/skeleton/Documents \
@@ -46,6 +46,8 @@ RUN curl -sL ${SENTRY_URL} | tar xzf - -C ${BASE_DIR}/custom_apps
 RUN curl -sL ${THEME_VERSION} | tar xzf - -C ${BASE_DIR}/themes
 RUN curl -sL ${SNAPPY_THEME_VERSION} | tar xzf - -C ${BASE_DIR}/themes/Murena/
 
+COPY config/nextcloud/ /usr/src/nextcloud/config/
+
 COPY config/syslog-ng/syslog-ng.conf /etc/syslog-ng/syslog-ng.conf
 
 ENTRYPOINT ["/custom_entrypoint-slim.sh"]
-- 
GitLab


From 0997ba78ebb25fafaa95d3f1bb1e65c8d460486d Mon Sep 17 00:00:00 2001
From: Nicolas Gelot <nicolas.gelot@e.email>
Date: Fri, 26 Sep 2025 00:05:35 +0200
Subject: [PATCH 3/3] feat: rethink volume management for better scaling

https://github.com/nextcloud/docker project manages upgrade
with an rsync copy. I don't have yet the full context but
for a better scaling we have to reduce the number of volume
and their size. So let provide static files into docker
image (nextcloud and nginx).
---
 .env.example                                  |  1 +
 .gitlab-ci.yml                                | 12 ++---
 README.md                                     |  1 +
 docker-compose.local.yml                      |  4 +-
 docker-compose.yml                            | 22 +++++---
 nginx.Dockerfile                              |  3 --
 ...ove-rsync-on-init-about-static-files.patch | 50 +++++++++++++++++++
 slim.Dockerfile                               | 18 +++++++
 8 files changed, 94 insertions(+), 17 deletions(-)
 delete mode 100644 nginx.Dockerfile
 create mode 100644 patches/037-remove-rsync-on-init-about-static-files.patch

diff --git a/.env.example b/.env.example
index 355126f8..3a4146be 100644
--- a/.env.example
+++ b/.env.example
@@ -4,6 +4,7 @@ COMPOSE_FILE=docker-compose.yml:docker-compose.local.yml
 
 # Server
 DOMAIN=localhost
+SHARED_STORAGE_PATH=./nextcloud-shared-storage
 
 # mail
 SMTP_SECURE=tls
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 8a4e5747..2d1f39a7 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -31,19 +31,19 @@ build-workspace:
 build-slim-workspace:
   extends: .build
   variables:
-    DOCKER_BUILD_ARGS: "-f slim.Dockerfile"
+    DOCKER_BUILD_ARGS: "-f slim.Dockerfile --target nextcloud"
     REGISTRY_SUBPATH: "/slim"
 
 build-nginx-workspace:
   extends: .build
   variables:
-    DOCKER_BUILD_ARGS: "-f nginx.Dockerfile"
+    DOCKER_BUILD_ARGS: "-f slim.Dockerfile --target nginx"
     REGISTRY_SUBPATH: "/nginx"
 
 publish-slim-latest:
   extends: .deploy
   variables:
-     DOCKER_BUILD_ARGS: "-f slim.Dockerfile"
+     DOCKER_BUILD_ARGS: "-f slim.Dockerfile --target nextcloud"
      REGISTRY_SUBPATH: "/slim"
      MW_DOCKER_VERSION: "latest"
   rules:
@@ -52,7 +52,7 @@ publish-slim-latest:
 publish-nginx-latest:
   extends: .deploy
   variables:
-     DOCKER_BUILD_ARGS: "-f nginx.Dockerfile"
+     DOCKER_BUILD_ARGS: "-f slim.Dockerfile --target nginx"
      REGISTRY_SUBPATH: "/nginx"
      MW_DOCKER_VERSION: "latest"
   rules:
@@ -61,7 +61,7 @@ publish-nginx-latest:
 publish-slim-tag:
   extends: .deploy
   variables:
-    DOCKER_BUILD_ARGS: "-f slim.Dockerfile"
+    DOCKER_BUILD_ARGS: "-f slim.Dockerfile --target nextcloud"
     REGISTRY_SUBPATH: "/slim"
     MW_DOCKER_VERSION: "${CI_COMMIT_TAG/v/}"
   rules:
@@ -70,7 +70,7 @@ publish-slim-tag:
 publish-nginx-tag:
   extends: .deploy
   variables:
-    DOCKER_BUILD_ARGS: "-f nginx.Dockerfile"
+    DOCKER_BUILD_ARGS: "-f slim.Dockerfile --target nginx"
     REGISTRY_SUBPATH: "/nginx"
     MW_DOCKER_VERSION: "${CI_COMMIT_TAG/v/}"
   rules:
diff --git a/README.md b/README.md
index 630ea2f7..327e5bc7 100644
--- a/README.md
+++ b/README.md
@@ -14,6 +14,7 @@ By default, the `slim` Murena Workspace is configured.
 `slim` Murena Workspace
 ```
 cp .env.example .env
+mkdir -p nextcloud-shared-storage/{config,data}
 docker compose up --build -d
 ```
 
diff --git a/docker-compose.local.yml b/docker-compose.local.yml
index 126ff589..1b121a54 100644
--- a/docker-compose.local.yml
+++ b/docker-compose.local.yml
@@ -31,6 +31,7 @@ services:
     build:
       context: .
       dockerfile: slim.Dockerfile
+      target: nextcloud
     depends_on:
       syslog:
         condition: service_started
@@ -45,7 +46,8 @@ services:
   nginx:
     build:
       context: .
-      dockerfile: nginx.Dockerfile
+      dockerfile: slim.Dockerfile
+      target: nginx
     ports:
       - "8000:80"
     depends_on:
diff --git a/docker-compose.yml b/docker-compose.yml
index 2c5aec59..8fc39152 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -21,7 +21,8 @@ services:
       - SENTRY_DSN=${SENTRY_DSN}
       - SENTRY_PUBLIC_DSN=${SENTRY_PUBLIC_DSN}
     volumes:
-      - nextcloud:/var/www/html
+      - nextcloud-config:/var/www/html/config
+      - nextcloud-data:/var/www/html/data
     deploy:
       placement:
         constraints:
@@ -31,7 +32,8 @@ services:
     image: ${NEXTCLOUD_DOCKER_IMG}
     entrypoint: /cron.sh
     volumes:
-      - nextcloud:/var/www/html
+      - nextcloud-config:/var/www/html/config
+      - nextcloud-data:/var/www/html/data
     deploy:
       placement:
         constraints:
@@ -43,7 +45,7 @@ services:
       NEXTCLOUD_ADDR: ${NEXTCLOUD_ADDR:-nextcloud:9000}
       DOMAIN: ${DOMAIN}
     volumes:
-      - nextcloud:/var/www/html
+      - nextcloud-data:/var/www/html/data
     deploy:
       placement:
         constraints:
@@ -60,9 +62,15 @@ services:
       - traefik.http.services.${COMPOSE_PROJECT_NAME:-nextcloud}.loadbalancer.server.port=80
 
 volumes:
-  nextcloud:
+  nextcloud-config:
+    driver: local
+    driver_opts:
+      type: none
+      o: bind
+      device: "${SHARED_STORAGE_PATH}/config"
+  nextcloud-data:
     driver: local
     driver_opts:
-      type: nfs
-      o: addr=10.0.1.10,vers=4,rw,nolock,soft
-      device: ":/mnt/HC_Volume_102876136"
+      type: none
+      o: bind
+      device: "${SHARED_STORAGE_PATH}/data"
diff --git a/nginx.Dockerfile b/nginx.Dockerfile
deleted file mode 100644
index 0842bb53..00000000
--- a/nginx.Dockerfile
+++ /dev/null
@@ -1,3 +0,0 @@
-FROM nginx:1.28-alpine
-
-COPY ./config/nginx/templates /etc/nginx/templates
diff --git a/patches/037-remove-rsync-on-init-about-static-files.patch b/patches/037-remove-rsync-on-init-about-static-files.patch
new file mode 100644
index 00000000..f3a5c261
--- /dev/null
+++ b/patches/037-remove-rsync-on-init-about-static-files.patch
@@ -0,0 +1,50 @@
+diff --git ./entrypoint.sh ./entrypoint.sh
+--- ./entrypoint.sh
++++ ./entrypoint.sh
+@@ -157,23 +157,21 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
+         fi
+ 
+         installed_version="0.0.0.0"
+-        if [ -f /var/www/html/version.php ]; then
++        if [ -f /var/www/html/config/config.php ]; then
+             # shellcheck disable=SC2016
+-            installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
++            installed_version=$(php -r 'require "/var/www/html/config/config.php"; echo $CONFIG["version"];')
+         fi
+-        # shellcheck disable=SC2016
+-        image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
+ 
+-        if version_greater "$installed_version" "$image_version"; then
+-            echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
++        if version_greater "$installed_version" "$NEXTCLOUD_VERSION_LONG"; then
++            echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($NEXTCLOUD_VERSION_LONG) and downgrading is not supported. Are you sure you have pulled the newest image version?"
+             exit 1
+         fi
+ 
+-        if version_greater "$image_version" "$installed_version"; then
+-            echo "Initializing nextcloud $image_version ..."
++        if version_greater "$NEXTCLOUD_VERSION_LONG" "$installed_version"; then
++            echo "Initializing nextcloud $NEXTCLOUD_VERSION_LONG ..."
+             if [ "$installed_version" != "0.0.0.0" ]; then
+-                if [ "${image_version%%.*}" -gt "$((${installed_version%%.*} + 1))" ]; then
+-                    echo "Can't start Nextcloud because upgrading from $installed_version to $image_version is not supported."
++                if [ "${NEXTCLOUD_VERSION_LONG%%.*}" -gt "$((${installed_version%%.*} + 1))" ]; then
++                    echo "Can't start Nextcloud because upgrading from $installed_version to $NEXTCLOUD_VERSION_LONG is not supported."
+                     echo "It is only possible to upgrade one major version at a time. For example, if you want to upgrade from version 14 to 16, you will have to upgrade from version 14 to 15, then from 15 to 16."
+                     exit 1
+                 fi
+@@ -186,13 +184,11 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
+                 rsync_options="-rlD"
+             fi
+ 
+-            rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/
+-            for dir in config data custom_apps themes; do
++            for dir in config data; do
+                 if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
+                     rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
+                 fi
+             done
+-            rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/
+ 
+             # Install
+             if [ "$installed_version" = "0.0.0.0" ]; then
diff --git a/slim.Dockerfile b/slim.Dockerfile
index d09ea1da..4aeca707 100644
--- a/slim.Dockerfile
+++ b/slim.Dockerfile
@@ -1,6 +1,10 @@
 FROM nextcloud:30.0.16-fpm AS nextcloud
 
+# see $OC_Version from /usr/src/nextcloud/version.php
+ENV NEXTCLOUD_VERSION_LONG 30.0.16.1
+
 ARG BASE_DIR="/usr/src/nextcloud"
+ARG TMP_PATCH_DIR="/tmp/build_patches"
 
 ARG CONTACTS_URL="https://gitlab.e.foundation/api/v4/projects/1238/packages/generic/contacts/v7.2.0+murena-20250902/contacts-v7.2.0+murena-20250902.tar.gz"
 ARG CALENDAR_URL="https://gitlab.e.foundation/api/v4/projects/1199/packages/generic/calendar/v5.3.5+murena-20250902/calendar-v5.3.5+murena-20250902.tar.gz"
@@ -48,9 +52,23 @@ RUN curl -sL ${SNAPPY_THEME_VERSION} | tar xzf - -C ${BASE_DIR}/themes/Murena/
 
 COPY config/nextcloud/ /usr/src/nextcloud/config/
 
+# Apply patches
+COPY patches/ ${TMP_PATCH_DIR}/
+RUN cd / && patch -p0 < ${TMP_PATCH_DIR}/037-remove-rsync-on-init-about-static-files.patch \
+ && rm -rf ${TMP_PATCH_DIR}
+
+# Initialize nextcloud /var/www/html and patch the default entrypoint.sh accordingly
+RUN rsync -rLDog --chown www-data:www-data --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/ \
+ && rsync -rLDog --chown www-data:www-data --include "version.php" --include "/custom_apps/" --include "/themes/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
+
 COPY config/syslog-ng/syslog-ng.conf /etc/syslog-ng/syslog-ng.conf
 
 ENTRYPOINT ["/custom_entrypoint-slim.sh"]
 CMD ["php-fpm"]
 # only for dev purpose
 STOPSIGNAL SIGKILL
+
+FROM nginx:1.29-alpine AS nginx
+
+COPY ./config/nginx/templates /etc/nginx/templates
+COPY --from=nextcloud /var/www/html /var/www/html
-- 
GitLab