Initial commit

tasks/main.yml

@@ -0,0 +1,126 @@
+#SPDX-License-Identifier: MIT-0
+---
+# tasks file for ansible-role-nextcloud
+- name: Add NextCloud repo
+  kubernetes.core.helm_repository:
+    name: nextcloud
+    repo_url: https://nextcloud.github.io/helm/
+  register: repo
+
+- name: Update Helm repos
+  command: helm repo update
+  when: repo.changed
+
+- name: Deploy NextCloud
+  kubernetes.core.helm:
+    name: nextcloud
+    chart_ref: nextcloud/nextcloud
+    release_namespace: nextcloud
+    create_namespace: true
+    values:
+      image:
+        pullPolicy: IfNotPresent
+      livenessProbe:
+        initialDelaySeconds: 300
+      readinessProbe:
+        initialDelaySeconds: 300
+      nextcloud:
+        host: nextcloud.eom.dev
+        username: nextcloud_admin
+        password: "{{ nextcloud_admin_password }}"
+        configs:
+          proxy.config.php: |-
+            <?php
+            $CONFIG = array (
+              'overwriteprotocol' => 'https',
+              'trusted_proxies' => array(
+                0 => '127.0.0.1',
+                1 => '10.0.0.0/8',
+              ),
+              'forwarded_for_headers' => array('HTTP_X_FORWARDED_FOR'),
+            );
+      mail:
+        enabled: true
+        fromAddress: nextcloud
+        domain: postfix.eom.dev
+        smtp:
+          host: postfix.eom.dev
+          secure: ssl
+          port: 587
+          authtype: LOGIN
+          name: nextcloud
+          password: "{{ nextcloud_admin_password }}"
+      persistence:
+        enabled: true
+        size: 8Ti
+      metrics:
+        enabled: true
+      cronjob:
+        enabled: true
+      redis:
+        #global:
+            #defaultStorageClass: r720-nfs-client
+        enabled: true
+        auth:
+          password: "{{ redis_auth_password }}"
+      ingress:
+        enabled: true
+        className: nginx
+        annotations:
+          #nginx.ingress.kubernetes.io/enable-cors: "true"
+          #nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For"
+          nginx.ingress.kubernetes.io/proxy-body-size: 4G
+          kubernetes.io/tls-acme: "true"
+          cert-manager.io/cluster-issuer: ca-issuer
+          # Keep this in sync with the README.md:
+          nginx.ingress.kubernetes.io/server-snippet: |-
+            server_tokens off;
+            proxy_hide_header X-Powered-By;
+            rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger last;
+            rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo last;
+            rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
+            rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
+            location = /.well-known/carddav {
+              return 301 $scheme://$host/remote.php/dav;
+            }
+            location = /.well-known/caldav {
+              return 301 $scheme://$host/remote.php/dav;
+            }
+            location = /robots.txt {
+              allow all;
+              log_not_found off;
+              access_log off;
+            }
+            location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
+              deny all;
+            }
+            location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
+              deny all;
+            }
+        tls:
+          - hosts:
+            - nextcloud.eom.dev
+            secretName: nextcloud-tls
+      internalDatabase:
+        enabled: false
+      externalDatabase:
+        enabled: true
+        type: postgresql
+        host: postgresql
+        user: nextcloud
+        password: "{{ nextcloud_admin_password }}"
+        database: nextcloud
+      postgresql:
+        enabled: true
+        image:
+          tag: 16.6.0-debian-12-r2
+        global:
+          postgresql:
+            auth:
+              username: nextcloud
+              password: "{{ nextcloud_admin_password }}"
+              database: nextcloud
+        primary:
+          persistence:
+            enabled: true
+            size: 2Ti