Recommendation on NixOS Nextcloud packages, vs all-in-one container from Nextcloud

I am looking to run Nextcloud on NixOS. There are several ways to do this and I’m looking for some recommendations on which way to go…

  1. I could use the NixOS packages and follow the guide on the NixOS wiki. I could optionally put this into a NixOS container. This feels like the more “native NixOS” approach.
  2. Alternatively, I could use the all-in-one container direct from Nextcloud (link), and not any of the NixOS packages. This is feels like it might give me a better Nextcloud experience, to be running the version distributed directly from the vendor.

I’m wondering if anyone has experience with both, and could share a recommendation here?

I’m running the Nextcloud all-in-one container somewhere. I made a small patch, and now I’m sad I didn’t go the NixOS route so I could apply that patch to my deployment and get the change immediately, instead of waiting for the next release (or mucking about with their container building processes).

Since I don’t have Nextcloud deployed as a NixOS package, I don’t know how it would actually have worked out that way, though :).

1 Like

Thanks - that’s an interesting point. Much harder to patch or tweak containers than NixOS packages.

Can I ask, the all-in-one Nextcloud container, are you running that on NixOS? I’m asking, because I see now that their setup instructions ask you to pass through the docker socket, which sounds potentially troublesome.

Not currently, unfortunately

I’ve found maintaining containers more troublesome than maintaining modules. Obviously, given the modules will keep step with actual NixOS updates, are maintained by someone who maintains NixOS modules, and integrate more cleanly in general.

In fact, I specifically switched from the nextcloud (not the AIO, the php-fpm one) container to the NixOS module because I got annoyed at 1) having to constantly manually update docker containers, so it didn’t fit in with the rest of my maintenance flow and 2) how poorly integrated the container itself was; the container folks, despite being “closer” to upstream, don’t seem to communicate much with them.

I’ve also found the NixOS configuration defaults to be more thoughtful, it disables the webfinger plugin by default, for example.

That said, some of the extra services this AIO container seems to set up may be a little more work for you upfront.

I think personally I would recommend the NixOS module if you’re maintaining a personal instance, and have even the slightest suspicion you might get lazy with maintenance. Using the container might be more appropriate if you have a dedicated maintenance budget and do this professionally, but I don’t really think there’s any reason to use the container over the module if you have time to set up the services by hand.

In either case, consider if you really need all of the services the AIO configures, whether the security implications of using stuff bundled into a container (and therefore not updated/recompiled with the rest of your system, so next time there’s an openssl vulnerability you’re screwed for a while) is worth it, and whether setting up the services downstream is worth the additional continuous maintenance effort and lack of integration you’re burdening yourself with.

1 Like