[jeroenhd]

https://nextcloud.com/office/ seems to be exactly that.

Self hosting seems to consist of "set up nextcloud, set up collabora, click the integration button" https://nextcloud.com/blog/how-to-install-nextcloud-office/

Or just `sudo docker run --init --sig-proxy=false --name nextcloud-aio-mastercontainer --restart always --publish 80:80 --publish 8080:8080 --publish 8443:8443 --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config --volume /var/run/docker.sock:/var/run/docker.sock:ro ghcr.io/nextcloud-releases/all-in-one:latest` if you follow these instructions: https://github.com/nextcloud/all-in-one

[rahkiin]

That’s not very secure, giving a :latest container access to the docker socket…

[jeroenhd]

It's not if you're running it system that also runs other software. On a dedicated VM, I wouldn't care, though.

As for :latest, that depends on the push policy of the container owners. NextCloud only pushes stable releases to :latest so it's probably fine. There's no reason a :v123 tag would be any more or less secure than :latest.

[Ey7NFZ3P0nzAe]

It's only if you use the AIO package (=all in one). You can run it differently though.