Add Install Scripts: OpenCloud, OnlyOffice Document Server, Collabora Online#177
Add Install Scripts: OpenCloud, OnlyOffice Document Server, Collabora Online#177Robert-Janssen wants to merge 7 commits intoeshtek:devfrom
Conversation
Updates documentation with troubleshooting guides and latest release note
Updates Emby and Jellyfin default ports. Ignore the updated script dates we can gen:all on the next push
Initial version of the OpenCloud installation script with collaboration support and various configuration options.
This JSON file contains the installation script details for OnlyOffice Document Server, including versioning, requirements, installation questions, and app values.
Added a JSON configuration script for Collabora Online installation, including versioning, requirements, installation questions, and application values.
There was a problem hiding this comment.
Pull request overview
Adds three curated HexOS/TrueNAS install scripts to deploy an OpenCloud-based document collaboration stack (OpenCloud + optional OnlyOffice or Collabora).
Changes:
- Added
opencloud.jsoncurated install script with optional WOPI collaboration configuration. - Added
onlyoffice.jsoncurated install script with JWT coordination and Postgres host-path storage. - Added
collabora.jsoncurated install script with admin/WebUI and allowed-domain configuration.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 8 comments.
| File | Description |
|---|---|
| docs/public/install-scripts/opencloud.json | New install script for deploying OpenCloud with optional WOPI collaboration settings. |
| docs/public/install-scripts/onlyoffice.json | New install script for deploying OnlyOffice Document Server with configurable web port and persistent Postgres data. |
| docs/public/install-scripts/collabora.json | New install script for deploying Collabora Online with WebUI credentials and allowed-domain configuration. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "ports": [ | ||
| 30134 | ||
| ] |
There was a problem hiding this comment.
requirements.ports is hardcoded to 30134, but the script allows users to change the port via the web_port question. This can make port-availability checks inaccurate; consider leaving requirements.ports empty here (or otherwise ensure it reflects the chosen port).
| "ports": [ | |
| 30134 | |
| ] | |
| "ports": [] |
There was a problem hiding this comment.
@copilot Maybe the port should just remain hardcoded? Other scripts like nextcloud also don't allow the user to specify the port.
| { | ||
| "path": "$LOCATION(ApplicationsPerformance)/onlyoffice/postgres_data", | ||
| "username": "netdata", | ||
| "access": "write", | ||
| "posix": { | ||
| "groupname": "docker" | ||
| } | ||
| } |
There was a problem hiding this comment.
ensure_permissions_exists grants netdata write access to the Postgres data directory. In other curated scripts using netdata:docker for postgres_data, access is typically read (e.g., nextcloud.json, home-assistant.json, immich.json). Unless OnlyOffice specifically requires write here, consider switching to read to avoid over-broad permissions.
| ], | ||
| "permissions": [], | ||
| "ports": [ | ||
| 9980 |
There was a problem hiding this comment.
requirements.ports is hardcoded to 9980, but the script allows users to change the port via the web_port question. This can make port-availability checks inaccurate; consider leaving requirements.ports empty here (or otherwise ensure it reflects the chosen port).
| 9980 |
There was a problem hiding this comment.
@copilot Here too, maybe the port should just remain hardcoded? Other scripts like nextcloud also don't allow the user to specify the port.
| { | ||
| "question": "Allowed Domains", | ||
| "description": "Comma-separated list of domains allowed to connect (e.g., cloud.example.com). These should be the domains of your cloud platform.", | ||
| "type": "text", | ||
| "key": "aliasgroup", | ||
| "required": true | ||
| }, |
There was a problem hiding this comment.
The question says this is a “comma-separated list of domains”, but $QUESTION(aliasgroup) is passed as a single string inside aliasgroup1 (an array). Unless the underlying chart splits on commas, a value like a.com,b.com will be treated as one entry; either update the description to match what’s actually supported, or collect multiple entries and map them to multiple array items.
| "question": "Application URL", | ||
| "description": "The full HTTPS URL to access OpenCloud (e.g., cloud.example.com).", | ||
| "type": "text", |
There was a problem hiding this comment.
The description says “full HTTPS URL”, but the example omits the scheme (cloud.example.com). To avoid user confusion (and misconfiguration if the underlying app expects a full URL), align the wording and example (either require a full URL, or explicitly say “hostname (no protocol)”).
| "question": "Collaboration Server URL", | ||
| "description": "The HTTPS URL of your Collabora or OnlyOffice server (e.g., office.example.com). Only required if collaboration is enabled.", | ||
| "type": "text", | ||
| "key": "collaboration_url", | ||
| "default": "", | ||
| "required": false |
There was a problem hiding this comment.
The description says “HTTPS URL” but the example omits the scheme (office.example.com). Align the wording/example so users know whether they should enter a full URL (with scheme) or just a hostname.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Summary
Three new curated install scripts for deploying a complete OpenCloud document collaboration stack on HexOS/TrueNAS:
Scripts
opencloud.jsononlyoffice.jsoncollabora.jsonInstallation Questions
OpenCloud
app_urljwt_secret$RANDOM_STRING(32)enable_collaborationfalsecollaboration_typecollaboracollaboration_urlOnlyOffice Document Server
jwt_secret$RANDOM_STRING(32)web_port30134Collabora Online
server_namealiasgroupadmin_useradminadmin_passwordweb_port9980Key Design Decisions
JWT Secret Coordination (OpenCloud + OnlyOffice)
OpenCloud's TrueNAS chart maps both
opencloud.jwt_secretandopencloud.collaboration.jwt_secretto environment variables that must be identical when using OnlyOffice collaboration. This script uses a singlejwt_secretquestion that feeds both fields.Both OpenCloud and OnlyOffice default to
$RANDOM_STRING(32), allowing either app to be installed first. The user copies the generated JWT from whichever app was installed first into the other app's JWT field.Collabora Uses WOPI Proof Keys (No JWT)
Collabora authenticates via WOPI Proof Keys rather than JWT. OpenCloud sets
collaboration.proof_disable: trueto bypass proof key validation in insecure/LAN setups. No shared secret is needed between OpenCloud and Collabora.Storage Layout
$LOCATION(ApplicationsPerformance)/opencloud/—config,data,radicale_data. Runs as user/group 568, withapps:appsPOSIX permissions.$LOCATION(ApplicationsPerformance)/onlyoffice/postgres_datawithnetdata:dockerpermissions (required by the chart).Resource Allocation
All three scripts request 2 CPUs and
$MEMORY(10%, 4096)(10% of system RAM, minimum 4096 MB).Collabora Password Validation
The TrueNAS Collabora chart enforces
^[a-zA-Z0-9!@#$%^&*?]{8,}$on the admin password. The description instructs users to use a minimum of 8 characters with only letters, numbers, and!@#%^&*?.Tested Configurations
Schema & Macros Used
$RANDOM_STRING(),$QUESTION(),$HOST_PATH(),$LOCATION(),$MEMORY()Checklist
https://URLs in description strings (avoids HexOS editor parse issues)$characters in description text (avoids macro parser conflicts)app_valuesfields match TrueNAS chart question variable names