nextcloud · szaimen · Oct 2, 2023 · Sep 29, 2023
diff --git a/.github/workflows/json-validator.yml b/.github/workflows/json-validator.yml
@@ -22,12 +22,14 @@ jobs:
           sudo apt-get update
           sudo apt-get install python3-pip -y --no-install-recommends
           sudo pip3 install json-spec
-          json validate --schema-file=php/containers-schema.json --document-file=php/containers.json
+          if ! json validate --schema-file=php/containers-schema.json --document-file=php/containers.json; then
+            exit 1
+          fi
           JSON_FILES="$(find ./community-containers -name '*.json')"
           mapfile -t JSON_FILES <<< "$JSON_FILES"
           for file in "${JSON_FILES[@]}"; do
-            json validate --schema-file=php/containers-schema.json --document-file="$file" | tee -a ./json-validator.log
+            json validate --schema-file=php/containers-schema.json --document-file="$file" 2>&1 | tee -a ./json-validator.log
           done
-          if grep "Exception: document does not validate with schema." ./json-validator.log; then
+          if grep -q "document does not validate with schema." ./json-validator.log; then
             exit 1
           fi
diff --git a/community-containers/caddy/caddy.json b/community-containers/caddy/caddy.json
@@ -0,0 +1,51 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-caddy",
+            "display_name": "Caddy with geoblocking",
+            "image": "szaimen/aio-caddy",
+            "image_tag": "v1",
+            "internal_port": "443",
+            "restart": "unless-stopped",
+            "ports": [
+                {
+                  "ip_binding": "",
+                  "port_number": "443",
+                  "protocol": "tcp"
+                },
+                {
+                    "ip_binding": "",
+                    "port_number": "443",
+                    "protocol": "udp"
+                }
+            ],
+            "environment": [
+                "TZ=%TIMEZONE%",
+                "NC_DOMAIN=%NC_DOMAIN%",
+                "APACHE_PORT=%APACHE_PORT%"
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_caddy",
+                    "destination": "/data",
+                    "writeable": true
+                },
+                {
+                    "source": "%NEXTCLOUD_DATADIR%",
+                    "destination": "/nextcloud",
+                    "writeable": false
+                }
+            ],
+            "aio_variables": [
+                "apache_ip_binding=127.0.0.1",
+                "apache_port=11000"
+            ],
+            "nextcloud_exec_commands": [
+                "mkdir '/mnt/ncdata/admin/files/nextcloud-aio-caddy'",
+                "touch '/mnt/ncdata/admin/files/nextcloud-aio-caddy/allowed-countries.txt'",
+                "echo 'Scanning nextcloud-aio-caddy folder for admin user...'",
+                "php /var/www/html/occ files:scan --path='/admin/files/nextcloud-aio-caddy'"
+            ]
+        }
+    ]
+}
diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
@@ -0,0 +1,14 @@
+## Caddy with geoblocking
+This container bundles caddy and auto-configures it for you. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden by listening on `bw.$NC_DOMAIN`, if installed.
+
+### Notes
+- Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO.
+- Make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
+- After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active!
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers how to add it to the AIO stack
+
+### Repository
+https://github.com/szaimen/aio-caddy
+
+### Maintainer
+https://github.com/szaimen
diff --git a/php/containers-schema.json b/php/containers-schema.json
@@ -87,7 +87,7 @@
 						"type": "array",
 						"items": {
 							"type": "string",
-							"pattern": "^[A-Z_-a-z]+=.*$"
+							"pattern": "^[A-Z_a-z-]+=.*$"
 						}
 					},
 					"restart": {
@@ -129,7 +129,7 @@
 						"type": "array",
 						"items": {
 							"type": "string",
-							"pattern": "^(php /var/www/html/occ .*|echo .*)$"
+							"pattern": "^(php /var/www/html/occ .*|echo .*|touch .*|mkdir .*)$"
 						}
 					},
 					"profiles": {