Persistent password desynchronization between Nextcloud and PostgreSQL on TrueNAS SCALE – authentication errors

Hello everyone,

First of all, thank you for taking the time to read this. Any help or insight is greatly appreciated – we are genuinely stuck and eager to learn a proper solution.

We are currently integrating Nextcloud 33.0.2 (running as a TrueNAS SCALE 25.10.3 App) with a LocalAI backend (v4.1.3) and the Context Chat Backend (v5.3.0) via the AppAPI framework. The chat with a Qwen3.6 model works, but during the setup we ran into a persistent database authentication issue that we can’t seem to resolve. We are still in the process of making the Context Chat fully functional, and this database problem is currently the main blocker.

The problem:

After a snapshot rollback on TrueNAS, Nextcloud started returning error 500 with the following message:

text

FATAL: password authentication failed for user "oc_administrador"

The Database Password field in the TrueNAS GUI and the 'dbpassword' value in config.php matched each other, yet PostgreSQL rejected the connection.

What we have already tried:

1. Reset the password using ALTER USER:

   bash

   sudo docker exec -it ix-nextcloud-postgres-1 psql -U nextcloud -d nextcloud -c "ALTER USER oc_administrador WITH PASSWORD 'PASSWORD-DB';"
   

   The command returned ALTER ROLE, indicating success. However, Nextcloud continued to show the same authentication error.

2. Verified that the new password was accepted by PostgreSQL:

   bash

   sudo docker exec -e PGPASSWORD='PASSWORD-DB' ix-nextcloud-postgres-1 psql -U oc_administrador -d nextcloud -c "SELECT 1;"
   

   This returned 1 (success), confirming the new password was actually in effect. Still, Nextcloud insisted on the error.

3. Temporarily modified pg_hba.conf:
   We located the file at /var/lib/postgresql/18/docker/pg_hba.conf and changed the local line to trust. After reloading the configuration with psql -U nextcloud -d nextcloud -c "SELECT pg_reload_conf();", we executed the ALTER USER again. The file was restored to its original state afterwards. Even so, the password error persisted in Nextcloud’s logs.

4. Complete container restarts:
   Both the Nextcloud and PostgreSQL containers were restarted after each change, without success.

5. Discovered config.php corruption:
   During the investigation, we noticed that the trusted_domains array had been overwritten with fragments of PostgreSQL error logs. We manually restored the correct domains, but the password error remained.

Our hypothesis:

Is there a startup script inside the PostgreSQL container (/docker-entrypoint-initdb.d/?) that recreates the oc_administrador role with an old password every time the container starts, thus undoing our manual changes?

Our questions:

• How can we permanently change the password for the oc_administrador role so that it is not overwritten by any container entrypoint scripts?

• Is there any environment variable or TrueNAS App setting that might be forcing the original password?

• Do you have any additional tips for debugging this persistent desynchronization?

Thank you in advance for any guidance you can provide. We are truly grateful for your time and expertise.