aner/homey
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Better limiting on nextcloud, crossed things off todo.

Browse Source
This commit is contained in:
Aner Zakobar
2026-05-03 11:30:46 +03:00
parent d6aa39ff04
commit 0e54760e34
3 changed files with 64 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
TODO.org
+2 -2
View File
@@ -209,7 +209,7 @@
- Surname attribute: =sn= - Surname attribute: =sn=
- Email attribute: =mail= - Email attribute: =mail=
** TODO Verify Nextcloud LDAP app configuration ** DONE Verify Nextcloud LDAP app configuration
After restoring the Nextcloud volume, check: After restoring the Nextcloud volume, check:
Admin → LDAP/AD Integration — confirm the LDAP Users and Contacts app is configured. Admin → LDAP/AD Integration — confirm the LDAP Users and Contacts app is configured.
If reconfiguring from scratch, use the same settings as Gitea above but with If reconfiguring from scratch, use the same settings as Gitea above but with
@@ -232,7 +232,7 @@
* Backup Strategy * Backup Strategy
** TODO Configure S3-compatible automatic backup target ** DONE Configure S3-compatible automatic backup target
Update =homey.backup.repository= in =hosts/pi-main/default.nix= to point at Update =homey.backup.repository= in =hosts/pi-main/default.nix= to point at
your S3-compatible bucket (Backblaze B2, Wasabi, AWS S3, etc.): your S3-compatible bucket (Backblaze B2, Wasabi, AWS S3, etc.):
#+begin_src nix #+begin_src nix
hosts/pi-main/default.nix
+27
View File
@@ -100,6 +100,33 @@
# "rclone:remote:homey" # "rclone:remote:homey"
homey.backup.repository = "s3:https://s3.us-east-005.backblazeb2.com/zakobar-home-backup"; homey.backup.repository = "s3:https://s3.us-east-005.backblazeb2.com/zakobar-home-backup";
# -------------------------------------------------------------------------
# Reliability hardening
# -------------------------------------------------------------------------
# Hardware watchdog — auto-reboot if the system hangs (e.g. blocked USB I/O).
# bcm2835_wdt exposes /dev/watchdog; systemd pets it every runtimeTime/2.
# If systemd itself stops responding, the hardware resets the Pi after 20s.
boot.kernelModules = [ "bcm2835_wdt" ];
systemd.watchdog = {
runtimeTime = "300s"; # 5 min — generous window for boot I/O storm on USB drive
rebootTime = "360s";
};
# Compressed in-RAM swap via zstd. Pages evicted from RAM are compressed
# (~3:1 ratio) and stored in a 25% RAM region (~2 GB) rather than written
# to disk. Gives the OOM killer breathing room under PHP upload spikes.
# CPU overhead is negligible during normal operation.
zramSwap = {
enable = true;
algorithm = "zstd";
memoryPercent = 25;
};
# hdparm -B udev rule removed: USB-SATA bridges often don't support APM
# commands and hdparm can hang indefinitely, causing boot-time crashes.
environment.systemPackages = [ pkgs.hdparm ];
# ------------------------------------------------------------------------- # -------------------------------------------------------------------------
# Local DNS overrides (optional — makes LAN clients hit the Pi directly # Local DNS overrides (optional — makes LAN clients hit the Pi directly
# instead of going through Cloudflare for *.zakobar.com) # instead of going through Cloudflare for *.zakobar.com)
modules/services/nextcloud.nix
+35
View File
@@ -18,6 +18,37 @@ let
cfg = config.homey.nextcloud; cfg = config.homey.nextcloud;
dataDir = config.homey.storage.mountPoint; dataDir = config.homey.storage.mountPoint;
domain = homeyConfig.domain; domain = homeyConfig.domain;
# Custom Nextcloud config mounted into the container as an extra config file.
# Nextcloud auto-loads all *.config.php files in /var/www/html/config/.
nextcloudCustomConfig = pkgs.writeText "zakobar.config.php" ''
<?php
$CONFIG = [
// Throttle preview generation during bulk uploads.
// Generating thumbnails re-reads every uploaded file and writes preview
// files, roughly doubling disk I/O. Limiting concurrency to 1 prevents
// the drive from being hit by simultaneous read+write storms.
'preview_concurrency_new' => 1,
'preview_concurrency_all' => 1,
// Cap preview dimensions to reduce per-preview write size.
'preview_max_x' => 1024,
'preview_max_y' => 1024,
'jpeg_quality' => 75,
];
'';
# Limit Apache's prefork MPM so at most 4 PHP processes write to the USB
# drive simultaneously. Default is often 150, which causes an I/O storm
# on slow USB HDDs. Lower = fewer concurrent writers = more stable I/O.
apacheMpmConfig = pkgs.writeText "mpm_prefork.conf" ''
<IfModule mpm_prefork_module>
StartServers 2
MinSpareServers 1
MaxSpareServers 3
MaxRequestWorkers 4
MaxConnectionsPerChild 500
</IfModule>
'';
in in
{ {
options.homey.nextcloud = { options.homey.nextcloud = {
@@ -123,6 +154,10 @@ in
volumes = [ volumes = [
"${dataDir}/nextcloud/html:/var/www/html" "${dataDir}/nextcloud/html:/var/www/html"
# Extra config auto-loaded by Nextcloud (throttles preview generation)
"${nextcloudCustomConfig}:/var/www/html/config/zakobar.config.php:ro"
# Apache MPM limits (caps concurrent PHP processes / disk writers)
"${apacheMpmConfig}:/etc/apache2/mods-available/mpm_prefork.conf:ro"
]; ];
extraOptions = [ extraOptions = [