# Nextcloud VM Setup (Production-Like)

This doc targets the **Nextcloud VM** style deployments (Apache + Postgres in the VM, other services in Docker).

## Overview

We run:

- `qortal-oidc-broker` in Docker
- broker Postgres in Docker
- Qortal External Auth (recommended local container; can be external)
- Qortal Gateway (optional, URL only for now)

The broker is exposed via **Apache reverse proxy + TLS**.

## Installer Script

Run on the VM:

```bash
chmod +x ./scripts/nextcloud-vm-install.sh
sudo ./scripts/nextcloud-vm-install.sh
```

The script:

1. Copies the `qortal_integration` app into Nextcloud.
2. Enables `qortal_integration` + `user_oidc`.
3. Configures the OIDC provider to your broker URL.
4. Creates `/opt/qortal-broker` with Docker Compose + `.env`.
5. Starts the broker containers.
6. Writes an Apache reverse proxy vhost for `qortalbroker.<domain>`.
7. Optionally runs certbot.

## Required Inputs

You will be prompted for:

- Nextcloud URL (e.g. `https://cloud.example.com`)
- Broker hostname (default `qortalbroker.<base-domain>`)
- External Auth URL + app credentials
- Nextcloud service user + password (used for provisioning)

## Notes

- Broker must be reachable by:
  - Nextcloud server (for token exchange), and
  - the user’s browser (authorization redirect).
- Use HTTPS in production for `user_oidc`.
- If you use an external External Auth server, **ensure additional wallet encryption** is enabled.

## Files Created

- `/opt/qortal-broker/docker-compose.yml`
- `/opt/qortal-broker/.env`
- `/etc/apache2/sites-available/qortalbroker.conf`

## Post-Install Checks

- Confirm `user_oidc` provider:

```bash
sudo -u www-data php /var/www/nextcloud/occ user_oidc:providers --output=json_pretty
```

- Confirm broker:

```bash
curl -sS https://qortalbroker.example.com/api/health
```

- Login page shows `Login with qortal`.
- Qortal Account dashboard:
  - `https://cloud.example.com/apps/qortal_integration/account`