i am evaluating to use nextcloud on TO and asking me wich installation i should prefer… what changes / tuning / preconfiguration is done to nextcloud by the turris team?
of course i have a little more overhead with lxc emulation but also gain upstream patches…am i right?
any other doubts?
Lxc uses a grade of isolation, which cannot be reached be Foris installation.
In terms of security, I’d use lxc.
LXC isolation from the host is only provided with unprivileged containers which however are not supported by TOS. Thus there is no gain in security for running an app in a privileged LXC guest.
Foris does not interact with a NC instance installed in a privileged LXC guest container because it is not designed for that task.
Foris is a tool of convince for the user who does not want to have to deal with all the underlying intricacies.
TOS source code (development) is discoverable @ Turris · GitLab
Unless you compile packages self you are dependent on whatever is provided by the repo (maintenance) you choose for the LXC guest container.
I myself am using the LXC installation. Besides the advantage to not to have to wait for the Omnia team to update Nextcloud, you also have the flexibility of the version you want to for example stay on. If you update Turris OS you automatically get the version provided with it. Bugs, instabilities will also be part of it.
With this off course the choice of webserver you want to use. All in all in my opinion you should use the LXC installation. Just keep the Turris OS as clean as possible with as less apps installed as possible by running them on the LXC ie M.SATA disk.