feat(nextcloud): BREAKING CHANGE - rework fully (#9169)
**Description** <!-- Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change. --> ⚒️ Fixes # <!--(issue)--> **⚙️ Type of change** - [x] ⚙️ Feature/App addition - [x] 🪛 Bugfix - [x] ⚠️ Breaking change (fix or feature that would cause existing functionality to not work as expected) - [x] 🔃 Refactor of current code **🧪 How Has This Been Tested?** <!-- Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration --> **📃 Notes:** <!-- Please enter any other relevant information here --> **✔️ Checklist:** - [x] ⚖️ My code follows the style guidelines of this project - [x] 👀 I have performed a self-review of my own code - [x] #️⃣ I have commented my code, particularly in hard-to-understand areas - [ ] 📄 I have made corresponding changes to the documentation - [x] ⚠️ My changes generate no new warnings - [ ] 🧪 I have added tests to this description that prove my fix is effective or that my feature works - [x] ⬆️ I increased versions for any altered app according to semantic versioning **➕ App addition** If this PR is an app addition please make sure you have done the following. - [ ] 🪞 I have opened a PR on [truecharts/containers](https://github.com/truecharts/containers) adding the container to TrueCharts mirror repo. - [ ] 🖼️ I have added an icon in the Chart's root directory called `icon.png` --- _Please don't blindly check all the boxes. Read them and only check those that apply. Those checkboxes are there for the reviewer to see what is this all about and the status of this PR with a quick glance._ --------- Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Signed-off-by: Kjeld Schouten <kjeld@schouten-lebbing.nl> Co-authored-by: Kjeld Schouten <kjeld@schouten-lebbing.nl>
This commit is contained in:
@@ -1,6 +1,6 @@
|
||||
remote: origin
|
||||
target-branch: master
|
||||
helm-extra-args: --timeout 180s
|
||||
helm-extra-args: --timeout 240s
|
||||
chart-yaml-schema: .github/chart_schema.yaml
|
||||
chart-dirs:
|
||||
- charts/incubator
|
||||
|
||||
@@ -4,6 +4,16 @@ function check_version() {
|
||||
chart_path=${1:?"No chart path provided to [Version Check]"}
|
||||
target_branch=${2:?"No target branch provided to [Version Check]"}
|
||||
|
||||
chart_dir=$(dirname "$chart_path")
|
||||
# If only docs changed, skip version check
|
||||
chart_changes=$(git diff "$target_branch" -- "$chart_dir" :^docs)
|
||||
|
||||
if [[ -z "$chart_changes" ]]; then
|
||||
echo "Looks like only docs changed. Skipping chart version check"
|
||||
echo -e "\t✅ Chart version: No bump required"
|
||||
return
|
||||
fi
|
||||
|
||||
new=$(git diff "$target_branch" -- "$chart_path" | sed -nr 's/^\+version: (.*)$/\1/p')
|
||||
old=$(git diff "$target_branch" -- "$chart_path" | sed -nr 's/^\-version: (.*)$/\1/p')
|
||||
|
||||
@@ -63,6 +73,25 @@ function helm_lint(){
|
||||
}
|
||||
export -f helm_lint
|
||||
|
||||
function helm_template(){
|
||||
chart_path=${1:?"No chart path provided to [Helm template]"}
|
||||
|
||||
# Print only errors and warnings
|
||||
helm_template_output=$(helm template "$chart_path" 2>&1 >/dev/null)
|
||||
helm_template_exit_code=$?
|
||||
while IFS= read -r line; do
|
||||
echo -e "\t$line"
|
||||
done <<< "$helm_template_output"
|
||||
|
||||
if [ $helm_template_exit_code -ne 0 ]; then
|
||||
echo -e "\t❌ Helm template: Failed"
|
||||
curr_result=1
|
||||
else
|
||||
echo -e "\t✅ Helm template: Passed"
|
||||
fi
|
||||
}
|
||||
export -f helm_template
|
||||
|
||||
function yaml_lint(){
|
||||
file_path=${1:?"No file path provided to [YAML lint]"}
|
||||
|
||||
@@ -97,6 +126,16 @@ function lint_chart(){
|
||||
echo "👣 Helm Lint - [$chart_path]"
|
||||
helm_lint "$chart_path"
|
||||
|
||||
echo "👣 Helm Template - [$chart_path]"
|
||||
helm_template "$chart_path"
|
||||
|
||||
for values in $chart_path/ci/*values.yaml; do
|
||||
if [ -f "${values}" ]; then
|
||||
echo "👣 Helm Template - [$values]"
|
||||
helm_template "$chart_path" -f "$values"
|
||||
fi
|
||||
done
|
||||
|
||||
echo "👣 Chart Version - [$chart_path] against [$target_branch]"
|
||||
check_version "$chart_path" "$target_branch"
|
||||
|
||||
|
||||
@@ -75,6 +75,7 @@ jobs:
|
||||
- name: Test and Fix Pre-Commit Issues
|
||||
shell: bash
|
||||
# TODO: Only run pre-commit on changed files
|
||||
# TODO: Commit fixes
|
||||
if: inputs.chartChangesDetected == 'true'
|
||||
run: |
|
||||
echo "Running pre-commit test-and-cleanup..."
|
||||
|
||||
@@ -0,0 +1,30 @@
|
||||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
||||
# OWNERS file for Kubernetes
|
||||
OWNERS
|
||||
# helm-docs templates
|
||||
*.gotmpl
|
||||
# docs folder
|
||||
/docs
|
||||
# icon
|
||||
icon.png
|
||||
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,36 @@
|
||||
apiVersion: v2
|
||||
appVersion: "25.0.2"
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://library-charts.truecharts.org
|
||||
version: 12.14.1
|
||||
- condition: redis.enabled
|
||||
name: redis
|
||||
repository: https://deps.truecharts.org
|
||||
version: 6.0.48
|
||||
deprecated: false
|
||||
description: A private cloud server that puts the control and security of your own data back into your hands.
|
||||
home: https://truecharts.org/charts/stable/nextcloud
|
||||
icon: https://truecharts.org/img/hotlink-ok/chart-icons/nextcloud.png
|
||||
keywords:
|
||||
- nextcloud
|
||||
- storage
|
||||
- http
|
||||
- web
|
||||
- php
|
||||
kubeVersion: ">=1.16.0-0"
|
||||
maintainers:
|
||||
- email: info@truecharts.org
|
||||
name: TrueCharts
|
||||
url: https://truecharts.org
|
||||
name: nextcloud
|
||||
sources:
|
||||
- https://github.com/truecharts/charts/tree/master/charts/stable/nextcloud
|
||||
- https://github.com/nextcloud/docker
|
||||
- https://github.com/nextcloud/helm
|
||||
type: application
|
||||
version: 20.0.0
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- cloud
|
||||
truecharts.org/SCALE-support: "true"
|
||||
@@ -0,0 +1,106 @@
|
||||
Business Source License 1.1
|
||||
|
||||
Parameters
|
||||
|
||||
Licensor: The TrueCharts Project, it's owner and it's contributors
|
||||
Licensed Work: The TrueCharts "Blocky" Helm Chart
|
||||
Additional Use Grant: You may use the licensed work in production, as long
|
||||
as it is directly sourced from a TrueCharts provided
|
||||
official repository, catalog or source. You may also make private
|
||||
modification to the directly sourced licenced work,
|
||||
when used in production.
|
||||
|
||||
The following cases are, due to their nature, also
|
||||
defined as 'production use' and explicitly prohibited:
|
||||
- Bundling, including or displaying the licensed work
|
||||
with(in) another work intended for production use,
|
||||
with the apparent intend of facilitating and/or
|
||||
promoting production use by third parties in
|
||||
violation of this license.
|
||||
|
||||
Change Date: 2050-01-01
|
||||
|
||||
Change License: 3-clause BSD license
|
||||
|
||||
For information about alternative licensing arrangements for the Software,
|
||||
please contact: legal@truecharts.org
|
||||
|
||||
Notice
|
||||
|
||||
The Business Source License (this document, or the “License”) is not an Open
|
||||
Source license. However, the Licensed Work will eventually be made available
|
||||
under an Open Source License, as stated in this License.
|
||||
|
||||
License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved.
|
||||
“Business Source License” is a trademark of MariaDB Corporation Ab.
|
||||
|
||||
-----------------------------------------------------------------------------
|
||||
|
||||
Business Source License 1.1
|
||||
|
||||
Terms
|
||||
|
||||
The Licensor hereby grants you the right to copy, modify, create derivative
|
||||
works, redistribute, and make non-production use of the Licensed Work. The
|
||||
Licensor may make an Additional Use Grant, above, permitting limited
|
||||
production use.
|
||||
|
||||
Effective on the Change Date, or the fourth anniversary of the first publicly
|
||||
available distribution of a specific version of the Licensed Work under this
|
||||
License, whichever comes first, the Licensor hereby grants you rights under
|
||||
the terms of the Change License, and the rights granted in the paragraph
|
||||
above terminate.
|
||||
|
||||
If your use of the Licensed Work does not comply with the requirements
|
||||
currently in effect as described in this License, you must purchase a
|
||||
commercial license from the Licensor, its affiliated entities, or authorized
|
||||
resellers, or you must refrain from using the Licensed Work.
|
||||
|
||||
All copies of the original and modified Licensed Work, and derivative works
|
||||
of the Licensed Work, are subject to this License. This License applies
|
||||
separately for each version of the Licensed Work and the Change Date may vary
|
||||
for each version of the Licensed Work released by Licensor.
|
||||
|
||||
You must conspicuously display this License on each original or modified copy
|
||||
of the Licensed Work. If you receive the Licensed Work in original or
|
||||
modified form from a third party, the terms and conditions set forth in this
|
||||
License apply to your use of that work.
|
||||
|
||||
Any use of the Licensed Work in violation of this License will automatically
|
||||
terminate your rights under this License for the current and all other
|
||||
versions of the Licensed Work.
|
||||
|
||||
This License does not grant you any right in any trademark or logo of
|
||||
Licensor or its affiliates (provided that you may use a trademark or logo of
|
||||
Licensor as expressly required by this License).
|
||||
|
||||
TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON
|
||||
AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS,
|
||||
EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF
|
||||
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND
|
||||
TITLE.
|
||||
|
||||
MariaDB hereby grants you permission to use this License’s text to license
|
||||
your works, and to refer to it using the trademark “Business Source License”,
|
||||
as long as you comply with the Covenants of Licensor below.
|
||||
|
||||
Covenants of Licensor
|
||||
|
||||
In consideration of the right to use this License’s text and the “Business
|
||||
Source License” name and trademark, Licensor covenants to MariaDB, and to all
|
||||
other recipients of the licensed work to be provided by Licensor:
|
||||
|
||||
1. To specify as the Change License the GPL Version 2.0 or any later version,
|
||||
or a license that is compatible with GPL Version 2.0 or a later version,
|
||||
where “compatible” means that software provided under the Change License can
|
||||
be included in a program with software provided under GPL Version 2.0 or a
|
||||
later version. Licensor may specify additional Change Licenses without
|
||||
limitation.
|
||||
|
||||
2. To either: (a) specify an additional grant of rights to use that does not
|
||||
impose any additional restriction on the right granted in this License, as
|
||||
the Additional Use Grant; or (b) insert the text “None”.
|
||||
|
||||
3. To specify a Change Date.
|
||||
|
||||
4. Not to modify this License in any other way.
|
||||
@@ -0,0 +1,27 @@
|
||||
# README
|
||||
|
||||
## General Info
|
||||
|
||||
TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
|
||||
However only installations using the TrueNAS SCALE Apps system are supported.
|
||||
|
||||
For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/stable/)
|
||||
|
||||
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
|
||||
|
||||
|
||||
## Support
|
||||
|
||||
- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE%20Apps/Important-MUST-READ).
|
||||
- See the [Website](https://truecharts.org)
|
||||
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
|
||||
- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
|
||||
|
||||
---
|
||||
|
||||
## Sponsor TrueCharts
|
||||
|
||||
TrueCharts can only exist due to the incredible effort of our staff.
|
||||
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
|
||||
|
||||
*All Rights Reserved - The TrueCharts Project*
|
||||
@@ -0,0 +1,3 @@
|
||||
nextcloud:
|
||||
clamav:
|
||||
enabled: true
|
||||
Binary file not shown.
|
After Width: | Height: | Size: 17 KiB |
@@ -0,0 +1,580 @@
|
||||
# Include{groups}
|
||||
portals:
|
||||
open:
|
||||
# Include{portalLink}
|
||||
questions:
|
||||
# Include{global}
|
||||
# Include{workload}
|
||||
# Include{workloadDeployment}
|
||||
# Include{replicas1}
|
||||
# Include{podSpec}
|
||||
# Include{containerMain}
|
||||
# Include{containerBasic}
|
||||
# Include{containerAdvanced}
|
||||
# Include{containerConfig}
|
||||
- variable: nextcloud
|
||||
group: App Configuration
|
||||
label: Nextcloud
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: credentials
|
||||
group: App Configuration
|
||||
label: Initial Credentials
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: initialAdminUser
|
||||
label: Initial Admin User
|
||||
description: Sets the initial admin username
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: initialAdminPassword
|
||||
label: Initial Admin Password
|
||||
description: Sets the initial admin password
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
private: true
|
||||
default: ""
|
||||
- variable: general
|
||||
group: App Configuration
|
||||
label: General
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: run_optimize
|
||||
label: Run Optiomize Scripts
|
||||
description: |
|
||||
Runs the following commands at startup:</br>
|
||||
occ db:add-missing-indices</br>
|
||||
occ db:add-missing-columns</br>
|
||||
occ db:add-missing-primary-keys</br>
|
||||
yes | occ db:convert-filecache-bigint</br>
|
||||
occ maintenance:mimetype:update-js</br>
|
||||
occ maintenance:mimetype:update-db</br>
|
||||
occ maintenance:update:htaccess</br>
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: default_phone_region
|
||||
label: Default Phone Region
|
||||
description: |
|
||||
Sets the default phone region in ISO_3166-1 format (e.g. US).</br>
|
||||
https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements
|
||||
schema:
|
||||
type: string
|
||||
valid_chars: '^[A-Z]{2}$'
|
||||
required: true
|
||||
default: ""
|
||||
- variable: accessIP
|
||||
label: Access IP
|
||||
description: Set to the IP-Address used to reach Nextcloud.
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
$ref:
|
||||
- "definitions/nodeIP"
|
||||
- variable: files
|
||||
group: App Configuration
|
||||
label: Files Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: shared_folder_name
|
||||
label: Shared Folder Name
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: Shared
|
||||
- variable: max_chunk_size
|
||||
label: Max Chunk Size
|
||||
schema:
|
||||
type: int
|
||||
required: true
|
||||
default: 10485760
|
||||
- variable: expirations
|
||||
group: App Configuration
|
||||
label: Expirations Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: activity_expire_days
|
||||
label: Activity Expire Days
|
||||
schema:
|
||||
type: int
|
||||
required: true
|
||||
default: 90
|
||||
- variable: trash_retention_obligation
|
||||
label: Trash Retention Obligation
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: auto
|
||||
- variable: versions_retention_obligation
|
||||
label: Versions Retention Obligation
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: auto
|
||||
- variable: previews
|
||||
group: App Configuration
|
||||
label: Previews Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: enabled
|
||||
label: Enable Previews
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: imaginary
|
||||
label: Enable imaginary
|
||||
description: |
|
||||
Enable imaginary to generate previews in the background.</br>
|
||||
It will also deploy the needed container.
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: cron
|
||||
label: Enable cron
|
||||
description: |
|
||||
Enable cron to generate previews in the background.
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: schedule
|
||||
label: Cron Schedule
|
||||
schema:
|
||||
type: string
|
||||
default: "*/30 * * * *"
|
||||
- variable: max_x
|
||||
label: Max X
|
||||
schema:
|
||||
type: int
|
||||
required: true
|
||||
default: 2048
|
||||
- variable: max_y
|
||||
label: Max Y
|
||||
schema:
|
||||
type: int
|
||||
required: true
|
||||
default: 2048
|
||||
- variable: max_memory
|
||||
label: Max Memory
|
||||
schema:
|
||||
type: int
|
||||
required: true
|
||||
default: 1024
|
||||
- variable: max_file_size_image
|
||||
label: Max File Size Image
|
||||
schema:
|
||||
type: int
|
||||
required: true
|
||||
default: 50
|
||||
- variable: jpeg_quality
|
||||
label: JPEG Quality
|
||||
schema:
|
||||
type: int
|
||||
required: true
|
||||
default: 60
|
||||
- variable: square_sizes
|
||||
label: Square Sizes
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: "32 256"
|
||||
- variable: width_sizes
|
||||
label: Width Sizes
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: "256 384"
|
||||
- variable: height_sizes
|
||||
label: Height Sizes
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: "256"
|
||||
- variable: providers
|
||||
label: Providers
|
||||
schema:
|
||||
type: list
|
||||
empty: false
|
||||
required: true
|
||||
default:
|
||||
- BMP
|
||||
- GIF
|
||||
- JPEG
|
||||
- Krita
|
||||
- MarkDown
|
||||
- MP3
|
||||
- OpenDocument
|
||||
- PNG
|
||||
- TXT
|
||||
- XBitmap
|
||||
items:
|
||||
- variable: provider_entry
|
||||
label: Provider Entry
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
enum:
|
||||
- value: BMP
|
||||
description: BMP
|
||||
- value: Font
|
||||
description: Font
|
||||
- value: GIF
|
||||
description: GIF
|
||||
- value: HEIC
|
||||
description: HEIC
|
||||
- value: Illustrator
|
||||
description: Illustrator
|
||||
- value: JPEG
|
||||
description: JPEG
|
||||
- value: Krita
|
||||
description: Krita
|
||||
- value: MarkDown
|
||||
description: MarkDown
|
||||
- value: Movie
|
||||
description: Movie
|
||||
- value: MP3
|
||||
description: MP3
|
||||
- value: MSOffice2003
|
||||
description: MSOffice2003
|
||||
- value: MSOffice2007
|
||||
description: MSOffice2007
|
||||
- value: MSOfficeDoc
|
||||
description: MSOfficeDoc
|
||||
- value: OpenDocument
|
||||
description: OpenDocument
|
||||
- value: PDF
|
||||
description: PDF
|
||||
- value: Photoshop
|
||||
description: Photoshop
|
||||
- value: PNG
|
||||
description: PNG
|
||||
- value: Postscript
|
||||
description: Postscript
|
||||
- value: StarOffice
|
||||
description: StarOffice
|
||||
- value: SVG
|
||||
description: SVG
|
||||
- value: TIFF
|
||||
description: TIFF
|
||||
- value: TXT
|
||||
description: TXT
|
||||
- value: XBitmap
|
||||
description: XBitmap
|
||||
- variable: Logging
|
||||
group: App Configuration
|
||||
label: Logging Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: log_level
|
||||
label: Log Level
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: "2"
|
||||
enum:
|
||||
- value: "0"
|
||||
description: Debug
|
||||
- value: "1"
|
||||
description: Info
|
||||
- value: "2"
|
||||
description: Warning
|
||||
- value: "3"
|
||||
description: Error
|
||||
- value: "4"
|
||||
description: Fatal
|
||||
- variable: log_date_format
|
||||
label: Log Date Format
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: d/m/Y H:i:s
|
||||
- variable: notify_push
|
||||
group: App Configuration
|
||||
label: Notify Push Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: enabled
|
||||
label: Enable Notify Push
|
||||
description: |
|
||||
Enable and Configure Notify Push.</br>
|
||||
It will also deploy the needed container
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: clamav
|
||||
group: App Configuration
|
||||
label: ClamAV Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: enabled
|
||||
label: Enable ClamAV
|
||||
description: |
|
||||
Enable and configure ClamAV.</br>
|
||||
It will also deploy the needed container.</br>
|
||||
Keep in mind that this will run as root.</br>
|
||||
https://github.com/Cisco-Talos/clamav/issues/478
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: stream_max_length
|
||||
label: Stream Max Length
|
||||
schema:
|
||||
type: int
|
||||
required: true
|
||||
default: 104857600
|
||||
- variable: file_max_size
|
||||
label: File Max Size
|
||||
schema:
|
||||
type: int
|
||||
required: true
|
||||
default: -1
|
||||
- variable: infected_action
|
||||
label: Infected Action
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: only_log
|
||||
enum:
|
||||
- value: delete
|
||||
description: Delete
|
||||
- value: only_log
|
||||
description: Only Log
|
||||
- variable: collabora
|
||||
group: App Configuration
|
||||
label: Collabora Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: enabled
|
||||
label: Enable Collabora
|
||||
description: |
|
||||
Enable and configure Collabora.</br>
|
||||
This will NOT deploy the needed container.</br>
|
||||
You need to deploy it yourself.
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: url
|
||||
label: URL
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: allow_list
|
||||
label: Allow List
|
||||
schema:
|
||||
type: list
|
||||
default: ["0.0.0.0/0"]
|
||||
items:
|
||||
- variable: allow_entry
|
||||
label: Allow Entry
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: onlyoffice
|
||||
group: App Configuration
|
||||
label: Only Office Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: enabled
|
||||
label: Enable OnlyOffice
|
||||
description: |
|
||||
Enable and configure OnlyOffice.</br>
|
||||
This will NOT deploy the needed container.</br>
|
||||
You need to deploy it yourself.
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: url
|
||||
label: URL
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: jwt
|
||||
label: JWT
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: jwt_header
|
||||
label: JWT Header
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: Authorization
|
||||
- variable: php
|
||||
group: App Configuration
|
||||
label: PHP Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: memory_limit
|
||||
label: Memory Limit
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: 1G
|
||||
- variable: upload_limit
|
||||
label: Upload Limit
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: 10G
|
||||
- variable: pm_max_children
|
||||
label: Max Children
|
||||
schema:
|
||||
type: int
|
||||
required: true
|
||||
default: 180
|
||||
- variable: pm_start_servers
|
||||
label: Start Servers
|
||||
schema:
|
||||
type: int
|
||||
required: true
|
||||
default: 18
|
||||
- variable: pm_min_spare_servers
|
||||
label: Minimum Spare Servers
|
||||
schema:
|
||||
type: int
|
||||
required: true
|
||||
default: 12
|
||||
- variable: pm_max_spare_servers
|
||||
label: Maximum Spare Servers
|
||||
schema:
|
||||
type: int
|
||||
required: true
|
||||
default: 30
|
||||
# Include{podOptions}
|
||||
# Include{serviceRoot}
|
||||
- variable: main
|
||||
label: Main Service
|
||||
description: The Primary service on which the healthcheck runs, often the webUI
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
# Include{serviceSelectorLoadBalancer}
|
||||
# Include{serviceSelectorExtras}
|
||||
- variable: main
|
||||
label: Main Service Port Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: port
|
||||
label: Port
|
||||
description: This port exposes the container port on the service
|
||||
schema:
|
||||
type: int
|
||||
default: 12000
|
||||
required: true
|
||||
# Include{serviceExpertRoot}
|
||||
# Include{serviceExpert}
|
||||
# Include{serviceList}
|
||||
# Include{persistenceRoot}
|
||||
- variable: html
|
||||
label: App HTML Storage
|
||||
description: Stores the Application HTML.
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
# Include{persistenceBasic}
|
||||
- variable: config
|
||||
label: App Config Storage
|
||||
description: Stores the Application Config.
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
# Include{persistenceBasic}
|
||||
- variable: data
|
||||
label: User Data Storage
|
||||
description: Stores the User Data.
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
# Include{persistenceBasic}
|
||||
# Include{persistenceList}
|
||||
# Include{ingressRoot}
|
||||
- variable: main
|
||||
label: Main Ingress
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
# Include{ingressDefault}
|
||||
# Include{ingressTLS}
|
||||
# Include{ingressTraefik}
|
||||
# Include{ingressList}
|
||||
# Include{securityContextRoot}
|
||||
- variable: runAsUser
|
||||
label: runAsUser
|
||||
description: The UserID of the user running the application
|
||||
schema:
|
||||
type: int
|
||||
default: 568
|
||||
- variable: runAsGroup
|
||||
label: runAsGroup
|
||||
description: The groupID of the user running the application
|
||||
schema:
|
||||
type: int
|
||||
default: 568
|
||||
# Include{securityContextContainer}
|
||||
# Include{securityContextAdvanced}
|
||||
# Include{securityContextPod}
|
||||
- variable: fsGroup
|
||||
label: fsGroup
|
||||
description: The group that should own ALL storage.
|
||||
schema:
|
||||
type: int
|
||||
default: 568
|
||||
# Include{resources}
|
||||
# Include{metrics}
|
||||
# Include{prometheusRule}
|
||||
# Include{advanced}
|
||||
# Include{addons}
|
||||
# Include{codeserver}
|
||||
# Include{netshoot}
|
||||
# Include{vpn}
|
||||
# Include{documentation}
|
||||
@@ -0,0 +1 @@
|
||||
{{- include "tc.v1.common.lib.chart.notes" $ -}}
|
||||
@@ -0,0 +1,387 @@
|
||||
{{/* Define the configmap */}}
|
||||
{{- define "nextcloud.configmaps" -}}
|
||||
{{- $fullname := (include "tc.v1.common.lib.chart.names.fullname" $) -}}
|
||||
{{- $urlNoProtocol := regexReplaceAll ".*://(.*)" .Values.chartContext.APPURL "${1}" -}}
|
||||
{{- $protocolOnly := regexReplaceAll "(.*)://.*" .Values.chartContext.APPURL "${1}" -}}
|
||||
{{- $redisHost := .Values.redis.creds.plainhost | trimAll "\"" -}}
|
||||
{{- $redisPass := .Values.redis.creds.redisPassword | trimAll "\"" -}}
|
||||
{{- $healthHost := "kube.internal.healthcheck" -}}
|
||||
|
||||
php-tune:
|
||||
enabled: true
|
||||
data:
|
||||
zz-tune.conf: |
|
||||
[www]
|
||||
pm.max_children = {{ .Values.nextcloud.php.pm_max_children }}
|
||||
pm.start_servers = {{ .Values.nextcloud.php.pm_start_servers }}
|
||||
pm.min_spare_servers = {{ .Values.nextcloud.php.pm_min_spare_servers }}
|
||||
pm.max_spare_servers = {{ .Values.nextcloud.php.pm_max_spare_servers }}
|
||||
|
||||
redis-session:
|
||||
enabled: true
|
||||
data:
|
||||
redis-session.ini: |
|
||||
session.save_path = {{ printf "tcp://%v:6379?auth=%v" $redisHost $redisPass | quote }}
|
||||
redis.session.locking_enabled = 1
|
||||
redis.session.lock_retries = -1
|
||||
redis.session.lock_wait_time = 10000
|
||||
|
||||
hpb-config:
|
||||
enabled: {{ .Values.nextcloud.notify_push.enabled }}
|
||||
data:
|
||||
NEXTCLOUD_URL: {{ printf "http://%v:%v" $fullname .Values.service.main.ports.main.port }}
|
||||
HPB_HOST: {{ $healthHost }}
|
||||
CONFIG_FILE: {{ printf "%v/config.php" .Values.persistence.config.targetSelector.notify.notify.mountPath }}
|
||||
METRICS_PORT: {{ .Values.service.notify.ports.metrics.port | quote }}
|
||||
|
||||
clamav-config:
|
||||
enabled: {{ .Values.nextcloud.clamav.enabled }}
|
||||
data:
|
||||
CLAMAV_NO_CLAMD: "false"
|
||||
CLAMAV_NO_FRESHCLAMD: "true"
|
||||
CLAMAV_NO_MILTERD: "true"
|
||||
CLAMD_STARTUP_TIMEOUT: "1800"
|
||||
|
||||
nextcloud-config:
|
||||
enabled: true
|
||||
data:
|
||||
{{/* Database */}}
|
||||
POSTGRES_DB: {{ .Values.cnpg.main.database | quote }}
|
||||
POSTGRES_USER: {{ .Values.cnpg.main.user | quote }}
|
||||
POSTGRES_PASSWORD: {{ .Values.cnpg.main.creds.password | trimAll "\"" }}
|
||||
POSTGRES_HOST: {{ .Values.cnpg.main.creds.host | trimAll "\"" }}
|
||||
|
||||
{{/* Redis */}}
|
||||
NX_REDIS_HOST: {{ $redisHost }}
|
||||
NX_REDIS_PASS: {{ $redisPass }}
|
||||
|
||||
{{/* Nextcloud INITIAL credentials */}}
|
||||
NEXTCLOUD_ADMIN_USER: {{ .Values.nextcloud.credentials.initialAdminUser | quote }}
|
||||
NEXTCLOUD_ADMIN_PASSWORD: {{ .Values.nextcloud.credentials.initialAdminPassword | quote }}
|
||||
|
||||
{{/* PHP Variables */}}
|
||||
{{- if not (mustRegexMatch "^[0-9]+(M|G){1}$" .Values.nextcloud.php.memory_limit) -}}
|
||||
{{- fail (printf "Nextcloud - Expected Memory Limit to be in format [1M, 1G] but got [%v]" .Values.nextcloud.php.memory_limit) -}}
|
||||
{{- end -}}
|
||||
{{- if not (mustRegexMatch "^[0-9]+(M|G){1}$" .Values.nextcloud.php.upload_limit) -}}
|
||||
{{- fail (printf "Nextcloud - Expected Memory Limit to be in format [1M, 1G] but got [%v]" .Values.nextcloud.php.upload_limit) -}}
|
||||
{{- end }}
|
||||
PHP_MEMORY_LIMIT: {{ .Values.nextcloud.php.memory_limit | quote }}
|
||||
PHP_UPLOAD_LIMIT: {{ .Values.nextcloud.php.upload_limit | quote }}
|
||||
|
||||
{{/* Notify Push */}}
|
||||
NX_NOTIFY_PUSH: {{ .Values.nextcloud.notify_push.enabled | quote }}
|
||||
{{- if .Values.nextcloud.notify_push.enabled }}
|
||||
{{- $endpoint := .Values.chartContext.APPURL -}}
|
||||
{{- if or (contains "127.0.0.1" $endpoint) (contains "localhost" $endpoint) -}}
|
||||
{{- $endpoint = printf "http://%v:%v" $fullname .Values.service.main.ports.main.port -}}
|
||||
{{- end }}
|
||||
NX_NOTIFY_PUSH_ENDPOINT: {{ $endpoint }}/push
|
||||
{{- end }}
|
||||
|
||||
{{/* Previews */}}
|
||||
NX_PREVIEWS: {{ .Values.nextcloud.previews.enabled | quote }}
|
||||
{{- if not (deepEqual .Values.nextcloud.previews.providers (uniq .Values.nextcloud.previews.providers)) }}
|
||||
{{- fail (printf "Nextcloud - Expected preview providers to be unique but got [%v]" .Values.nextcloud.previews.providers) }}
|
||||
{{- end }}
|
||||
NX_PREVIEW_PROVIDERS: {{ join " " .Values.nextcloud.previews.providers }}
|
||||
NX_PREVIEW_MAX_X: {{ .Values.nextcloud.previews.max_x | quote }}
|
||||
NX_PREVIEW_MAX_Y: {{ .Values.nextcloud.previews.max_y | quote }}
|
||||
NX_PREVIEW_MAX_MEMORY: {{ .Values.nextcloud.previews.max_memory | quote }}
|
||||
NX_PREVIEW_MAX_FILESIZE_IMAGE: {{ .Values.nextcloud.previews.max_file_size_image | quote }}
|
||||
NX_JPEG_QUALITY: {{ .Values.nextcloud.previews.jpeg_quality | quote }}
|
||||
NX_PREVIEW_SQUARE_SIZES: {{ .Values.nextcloud.previews.square_sizes | quote }}
|
||||
NX_PREVIEW_WIDTH_SIZES: {{ .Values.nextcloud.previews.width_sizes | quote }}
|
||||
NX_PREVIEW_HEIGHT_SIZES: {{ .Values.nextcloud.previews.height_sizes | quote }}
|
||||
|
||||
{{/* Imaginary */}}
|
||||
NX_IMAGINARY: {{ and .Values.nextcloud.previews.enabled .Values.nextcloud.previews.imaginary | quote }}
|
||||
{{- if and .Values.nextcloud.previews.enabled .Values.nextcloud.previews.imaginary }}
|
||||
NX_IMAGINARY_URL: {{ printf "http://%v-imaginary:%v" $fullname .Values.service.imaginary.ports.imaginary.port }}
|
||||
{{- end }}
|
||||
|
||||
{{/* Expirations */}}
|
||||
NX_ACTIVITY_EXPIRE_DAYS: {{ .Values.nextcloud.expirations.activity_expire_days | quote }}
|
||||
NX_TRASH_RETENTION: {{ .Values.nextcloud.expirations.trash_retention_obligation | quote }}
|
||||
NX_VERSIONS_RETENTION: {{ .Values.nextcloud.expirations.versions_retention_obligation | quote }}
|
||||
|
||||
{{/* General */}}
|
||||
NX_RUN_OPTIMIZE: {{ .Values.nextcloud.general.run_optimize | quote }}
|
||||
NX_DEFAULT_PHONE_REGION: {{ .Values.nextcloud.general.default_phone_region | quote }}
|
||||
NEXTCLOUD_DATA_DIR: {{ .Values.persistence.data.targetSelector.main.main.mountPath }}
|
||||
|
||||
{{/* Files */}}
|
||||
NX_SHARED_FOLDER_NAME: {{ .Values.nextcloud.files.shared_folder_name | quote }}
|
||||
NX_MAX_CHUNKSIZE: {{ .Values.nextcloud.files.max_chunk_size | mul 1 | quote }}
|
||||
|
||||
{{/* Logging */}}
|
||||
NX_LOG_LEVEL: {{ .Values.nextcloud.logging.log_level | quote }}
|
||||
NX_LOG_FILE: {{ .Values.nextcloud.logging.log_file | quote }}
|
||||
NX_LOG_FILE_AUDIT: {{ .Values.nextcloud.logging.log_audit_file | quote }}
|
||||
NX_LOG_DATE_FORMAT: {{ .Values.nextcloud.logging.log_date_format | quote }}
|
||||
NX_LOG_TIMEZONE: {{ .Values.TZ | quote }}
|
||||
|
||||
{{/* ClamAV */}}
|
||||
NX_CLAMAV: {{ .Values.nextcloud.clamav.enabled | quote }}
|
||||
{{- if .Values.nextcloud.clamav.enabled }}
|
||||
NX_CLAMAV_HOST: {{ printf "%v-clamav" $fullname }}
|
||||
NX_CLAMAV_PORT: {{ .Values.service.clamav.ports.clamav.targetPort | quote }}
|
||||
NX_CLAMAV_STREAM_MAX_LENGTH: {{ .Values.nextcloud.clamav.stream_max_length | mul 1 | quote }}
|
||||
NX_CLAMAV_FILE_MAX_SIZE: {{ .Values.nextcloud.clamav.file_max_size | quote }}
|
||||
NX_CLAMAV_INFECTED_ACTION: {{ .Values.nextcloud.clamav.infected_action | quote }}
|
||||
{{- end }}
|
||||
|
||||
{{- if and .Values.nextcloud.collabora.enabled .Values.nextcloud.onlyoffice.enabled -}}
|
||||
{{- fail "Nextcloud - Expected only one of [Collabora, OnlyOffice] to be enabled" -}}
|
||||
{{- end }}
|
||||
|
||||
{{/* Collabora */}}
|
||||
NX_COLLABORA: {{ .Values.nextcloud.collabora.enabled | quote }}
|
||||
{{- if .Values.nextcloud.collabora.enabled }}
|
||||
NX_COLLABORA_URL: {{ .Values.nextcloud.collabora.url | quote }}
|
||||
NX_COLLABORA_ALLOWLIST: {{ join "," .Values.nextcloud.collabora.allow_list | quote }}
|
||||
{{- end }}
|
||||
|
||||
{{/* Only Office */}}
|
||||
NX_ONLYOFFICE: {{ .Values.nextcloud.onlyoffice.enabled | quote }}
|
||||
{{- if .Values.nextcloud.onlyoffice.enabled }}
|
||||
NX_ONLYOFFICE_URL: {{ .Values.nextcloud.onlyoffice.url | quote }}
|
||||
NX_ONLYOFFICE_JWT: {{ .Values.nextcloud.onlyoffice.jwt | quote }}
|
||||
NX_ONLYOFFICE_JWT_HEADER: {{ .Values.nextcloud.onlyoffice.jwt_header | quote }}
|
||||
{{- end }}
|
||||
|
||||
{{/* URLs */}}
|
||||
NX_OVERWRITE_HOST: {{ $urlNoProtocol }}
|
||||
NX_OVERWRITE_CLI_URL: {{ .Values.chartContext.APPURL }}
|
||||
# Return the protocol part of the URL
|
||||
NX_OVERWRITE_PROTOCOL: {{ $protocolOnly | lower }}
|
||||
# IP (or range in this case) of the proxy(ies)
|
||||
NX_TRUSTED_PROXIES: |
|
||||
{{ .Values.chartContext.svcCIDR }}
|
||||
# fullname-* will allow access from the
|
||||
# other services in the same namespace
|
||||
NX_TRUSTED_DOMAINS: |
|
||||
127.0.0.1
|
||||
localhost
|
||||
{{ $fullname }}
|
||||
{{ printf "%v-*" $fullname }}
|
||||
{{ $healthHost }}
|
||||
{{- if ne $urlNoProtocol "127.0.0.1" }}
|
||||
{{- $urlNoProtocol | nindent 6 }}
|
||||
{{- end -}}
|
||||
{{- with .Values.nextcloud.general.accessIP }}
|
||||
{{- . | nindent 6 }}
|
||||
{{- end }}
|
||||
|
||||
# TODO: Replace locations with ingress
|
||||
# like /push, /.well-known/carddav, /.well-known/caldav
|
||||
# needs some work as nginx converts urls to pretty urls
|
||||
# before matching them to locations, so ingress needs to
|
||||
# take that into consideration.
|
||||
nginx-config:
|
||||
enabled: true
|
||||
data:
|
||||
nginx.conf: |
|
||||
worker_processes auto;
|
||||
|
||||
error_log /var/log/nginx/error.log warn;
|
||||
# Set to /tmp so it can run as non-root
|
||||
pid /tmp/nginx.pid;
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
http {
|
||||
# Set to /tmp so it can run as non-root
|
||||
client_body_temp_path /tmp/nginx/client_temp;
|
||||
proxy_temp_path /tmp/nginx/proxy_temp_path;
|
||||
fastcgi_temp_path /tmp/nginx/fastcgi_temp;
|
||||
uwsgi_temp_path /tmp/nginx/uwsgi_temp;
|
||||
scgi_temp_path /tmp/nginx/scgi_temp;
|
||||
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
|
||||
access_log /var/log/nginx/access.log main;
|
||||
|
||||
sendfile on;
|
||||
#tcp_nopush on;
|
||||
|
||||
# Prevent nginx HTTP Server Detection
|
||||
server_tokens off;
|
||||
|
||||
keepalive_timeout 65;
|
||||
|
||||
#gzip on;
|
||||
|
||||
upstream php-handler {
|
||||
server {{ printf "%v-nextcloud" $fullname }}:{{ .Values.service.nextcloud.ports.nextcloud.targetPort }};
|
||||
}
|
||||
|
||||
server {
|
||||
listen {{ .Values.service.main.ports.main.port }};
|
||||
absolute_redirect off;
|
||||
|
||||
{{- if .Values.nextcloud.notify_push.enabled }}
|
||||
# Forward Notify_Push "High Performance Backend" to it's own container
|
||||
location ^~ /push/ {
|
||||
# The trailing "/" is important!
|
||||
proxy_pass http://{{ printf "%v-notify" $fullname }}:{{ .Values.service.notify.ports.notify.targetPort }}/;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
}
|
||||
{{- end }}
|
||||
|
||||
# HSTS settings
|
||||
# WARNING: Only add the preload option once you read about
|
||||
# the consequences in https://hstspreload.org/. This option
|
||||
# will add the domain to a hardcoded list that is shipped
|
||||
# in all major browsers and getting removed from this list
|
||||
# could take several months.
|
||||
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
|
||||
|
||||
# Set max upload size
|
||||
client_max_body_size {{ .Values.nextcloud.php.upload_limit | default "512M" }};
|
||||
fastcgi_buffers 64 4K;
|
||||
|
||||
# Enable gzip but do not remove ETag headers
|
||||
gzip on;
|
||||
gzip_vary on;
|
||||
gzip_comp_level 4;
|
||||
gzip_min_length 256;
|
||||
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
|
||||
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
||||
|
||||
# Pagespeed is not supported by Nextcloud, so if your server is built
|
||||
# with the `ngx_pagespeed` module, uncomment this line to disable it.
|
||||
#pagespeed off;
|
||||
|
||||
# HTTP response headers borrowed from Nextcloud `.htaccess`
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Download-Options "noopen" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "noindex, nofollow" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
|
||||
# Remove X-Powered-By, which is an information leak
|
||||
fastcgi_hide_header X-Powered-By;
|
||||
|
||||
# Path to the root of your installation
|
||||
root {{ .Values.persistence.html.targetSelector.nginx.nginx.mountPath }};
|
||||
|
||||
# Specify how to handle directories -- specifying `/index.php$request_uri`
|
||||
# here as the fallback means that Nginx always exhibits the desired behaviour
|
||||
# when a client requests a path that corresponds to a directory that exists
|
||||
# on the server. In particular, if that directory contains an index.php file,
|
||||
# that file is correctly served; if it doesn't, then the request is passed to
|
||||
# the front-end controller. This consistent behaviour means that we don't need
|
||||
# to specify custom rules for certain paths (e.g. images and other assets,
|
||||
# `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
|
||||
# `try_files $uri $uri/ /index.php$request_uri`
|
||||
# always provides the desired behaviour.
|
||||
index index.php index.html /index.php$request_uri;
|
||||
|
||||
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
|
||||
location = / {
|
||||
if ( $http_user_agent ~ ^DavClnt ) {
|
||||
return 302 /remote.php/webdav/$is_args$args;
|
||||
}
|
||||
}
|
||||
|
||||
location = /robots.txt {
|
||||
allow all;
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
# Make a regex exception for `/.well-known` so that clients can still
|
||||
# access it despite the existence of the regex rule
|
||||
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
|
||||
# for `/.well-known`.
|
||||
location ^~ /.well-known {
|
||||
# The rules in this block are an adaptation of the rules
|
||||
# in `.htaccess` that concern `/.well-known`.
|
||||
|
||||
location = /.well-known/carddav { return 301 /remote.php/dav/; }
|
||||
location = /.well-known/caldav { return 301 /remote.php/dav/; }
|
||||
|
||||
# According to the documentation these two lines are not necessary,
|
||||
# but some users are still receiving errors
|
||||
location = /.well-known/webfinger { return 301 /index.php$uri; }
|
||||
location = /.well-known/nodeinfo { return 301 /index.php$uri; }
|
||||
|
||||
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
|
||||
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
|
||||
|
||||
# Let Nextcloud's API for `/.well-known` URIs handle all other
|
||||
# requests by passing them to the front-end controller.
|
||||
return 301 /index.php$request_uri;
|
||||
}
|
||||
|
||||
# Rules borrowed from `.htaccess` to hide certain paths from clients
|
||||
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
|
||||
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
|
||||
|
||||
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
|
||||
# which handle static assets (as seen below). If this block is not declared first,
|
||||
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
|
||||
# to the URI, resulting in a HTTP 500 error response.
|
||||
location ~ \.php(?:$|/) {
|
||||
# Required for legacy support
|
||||
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
|
||||
|
||||
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
||||
set $path_info $fastcgi_path_info;
|
||||
|
||||
try_files $fastcgi_script_name =404;
|
||||
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $path_info;
|
||||
#fastcgi_param HTTPS on;
|
||||
|
||||
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
|
||||
fastcgi_param front_controller_active true; # Enable pretty urls
|
||||
fastcgi_pass php-handler;
|
||||
|
||||
fastcgi_intercept_errors on;
|
||||
fastcgi_request_buffering off;
|
||||
proxy_send_timeout 3600s;
|
||||
proxy_read_timeout 3600s;
|
||||
fastcgi_send_timeout 3600s;
|
||||
fastcgi_read_timeout 3600s;
|
||||
}
|
||||
|
||||
location ~ \.(?:css|js|svg|gif)$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
expires 6M; # Cache-Control policy borrowed from `.htaccess`
|
||||
access_log off; # Optional: Don't log access to assets
|
||||
}
|
||||
|
||||
location ~ \.woff2?$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
expires 7d; # Cache-Control policy borrowed from `.htaccess`
|
||||
access_log off; # Optional: Don't log access to assets
|
||||
}
|
||||
|
||||
# Rule borrowed from `.htaccess`
|
||||
location /remote {
|
||||
return 301 /remote.php$request_uri;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php$request_uri;
|
||||
}
|
||||
}
|
||||
}
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,34 @@
|
||||
{{- define "nextcloud.cronjobs" -}}
|
||||
{{- range $cj := .Values.cronjobs }}
|
||||
{{- $name := $cj.name | required "Nextcloud - Expected non-empty name in cronjob" -}}
|
||||
{{- $schedule := $cj.schedule | required "Nextcloud - Expected non-empty schedule in cronjob" }}
|
||||
|
||||
{{ $name }}:
|
||||
enabled: {{ $cj.enabled | quote }}
|
||||
type: CronJob
|
||||
schedule: {{ $schedule | quote }}
|
||||
podSpec:
|
||||
restartPolicy: Never
|
||||
containers:
|
||||
{{ $name }}:
|
||||
enabled: true
|
||||
primary: true
|
||||
imageSelector: image
|
||||
command:
|
||||
- /bin/bash
|
||||
- -c
|
||||
- |
|
||||
{{- range $cj.cmd }}
|
||||
{{- . | nindent 12 }}
|
||||
{{- else -}}
|
||||
{{- fail "Nextcloud - Expected non-empty cmd in cronjob" -}}
|
||||
{{- end }}
|
||||
probes:
|
||||
liveness:
|
||||
enabled: false
|
||||
readiness:
|
||||
enabled: false
|
||||
startup:
|
||||
enabled: false
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,29 @@
|
||||
{{- define "nextcloud.init.perms" -}}
|
||||
{{- $uid := .Values.securityContext.container.runAsUser -}}
|
||||
{{- $gid := .Values.securityContext.container.runAsGroup -}}
|
||||
{{- $path := .Values.persistence.data.targetSelector.main.main.mountPath }}
|
||||
enabled: true
|
||||
type: install
|
||||
imageSelector: alpineImage
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
runAsNonRoot: false
|
||||
capabilities:
|
||||
disableS6Caps: true
|
||||
add:
|
||||
- DAC_OVERRIDE
|
||||
- FOWNER
|
||||
- CHOWN
|
||||
command: /bin/sh
|
||||
args:
|
||||
- -c
|
||||
- |
|
||||
echo "Setting permissions to 700 on data directory [{{ $path }}] ..."
|
||||
chmod 770 {{ $path }} | echo "Failed to set permissions on data directory [{{ $path }}]"
|
||||
|
||||
echo "Setting ownership to {{ $uid }}:{{ $gid }} on data directory [{{ $path }}] ..."
|
||||
chown {{ $uid }}:{{ $gid }} {{ $path }} | echo "Failed to set ownership on data directory [{{ $path }}]"
|
||||
|
||||
echo "Finished."
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,25 @@
|
||||
{{- define "nextcloud.wait.nextcloud" -}}
|
||||
{{- $fullname := (include "tc.v1.common.lib.chart.names.fullname" $) -}}
|
||||
{{- $ncURL := printf "%v-nextcloud:%v" $fullname .Values.service.nextcloud.ports.nextcloud.targetPort }}
|
||||
enabled: true
|
||||
type: init
|
||||
imageSelector: image
|
||||
securityContext:
|
||||
command: /bin/sh
|
||||
args:
|
||||
- -c
|
||||
- |
|
||||
echo "Waiting Nextcloud [{{ $ncURL }}] to be ready and installed..."
|
||||
until \
|
||||
REQUEST_METHOD="GET" \
|
||||
SCRIPT_NAME="status.php" \
|
||||
SCRIPT_FILENAME="status.php" \
|
||||
cgi-fcgi -bind -connect "{{ $ncURL }}" | grep -q '"installed":true';
|
||||
do
|
||||
echo "Waiting Nextcloud [{{ $ncURL }}] to be ready and installed..."
|
||||
sleep 3
|
||||
done
|
||||
|
||||
echo "Nextcloud is ready and installed..."
|
||||
echo "Starting Nginx..."
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,57 @@
|
||||
{{/* Make sure all variables are set properly */}}
|
||||
{{- include "tc.v1.common.loader.init" . -}}
|
||||
|
||||
{{/* Render configmaps for all pods */}}
|
||||
{{- $configmaps := include "nextcloud.configmaps" . | fromYaml -}}
|
||||
{{- if $configmaps -}}
|
||||
{{- $_ := mustMergeOverwrite .Values.configmap $configmaps -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Add [init perms] container to nextcloud */}}
|
||||
{{- if not (get .Values.workload.main.podSpec "initContainers") -}}
|
||||
{{- $_ := set .Values.workload.main.podSpec "initContainers" dict -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $initPerms := (include "nextcloud.init.perms" . | fromYaml) -}}
|
||||
{{- $_ := set .Values.workload.main.podSpec.initContainers "init-perms" $initPerms -}}
|
||||
|
||||
{{/* Add [wait nextcloud] container to nginx */}}
|
||||
{{- if not (get .Values.workload.nginx.podSpec "initContainers") -}}
|
||||
{{- $_ := set .Values.workload.nginx.podSpec "initContainers" dict -}}
|
||||
{{- end -}}
|
||||
{{- $waitNextcloud := (include "nextcloud.wait.nextcloud" . | fromYaml) -}}
|
||||
{{- $_ := set .Values.workload.nginx.podSpec.initContainers "wait-nextcloud" $waitNextcloud -}}
|
||||
|
||||
{{/* Disable [notify push] if requested */}}
|
||||
{{- if not .Values.nextcloud.notify_push.enabled -}}
|
||||
{{- $_ := set .Values.workload.notify "enabled" false -}}
|
||||
{{- $_ := set .Values.service.notify "enabled" false -}}
|
||||
{{- else -}}
|
||||
{{/* Add [wait nextcloud] container to notify push */}}
|
||||
{{- if not (get .Values.workload.notify.podSpec "initContainers") -}}
|
||||
{{- $_ := set .Values.workload.notify.podSpec "initContainers" dict -}}
|
||||
{{- end -}}
|
||||
{{- $waitNextcloud := (include "nextcloud.wait.nextcloud" . | fromYaml) -}}
|
||||
{{- $_ := set .Values.workload.notify.podSpec.initContainers "wait-nextcloud" $waitNextcloud -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Disable [clamav] if requested */}}
|
||||
{{- if not .Values.nextcloud.clamav.enabled -}}
|
||||
{{- $_ := set .Values.workload.clamav "enabled" false -}}
|
||||
{{- $_ := set .Values.service.clamav "enabled" false -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Disable [previews] if requested */}}
|
||||
{{- if or (not .Values.nextcloud.previews.imaginary) (not .Values.nextcloud.previews.enabled) -}}
|
||||
{{- $_ := set .Values.workload.imaginary "enabled" false -}}
|
||||
{{- $_ := set .Values.service.imaginary "enabled" false -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Create [cronjobs] defined */}}
|
||||
{{- $cronjobs := include "nextcloud.cronjobs" . | fromYaml -}}
|
||||
{{- if $cronjobs -}}
|
||||
{{- $_ := mustMergeOverwrite .Values.workload $cronjobs -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Render the templates */}}
|
||||
{{- include "tc.v1.common.loader.apply" . -}}
|
||||
@@ -0,0 +1,430 @@
|
||||
image:
|
||||
repository: tccr.io/truecharts/nextcloud-fpm
|
||||
pullPolicy: IfNotPresent
|
||||
tag: v2.0.0@sha256:c3ff63fa9613fbad94c7950743482c8bb2a2a659ac42b3daac8963e0bbaf5129
|
||||
nginxImage:
|
||||
repository: tccr.io/truecharts/nginx-unprivileged
|
||||
pullPolicy: IfNotPresent
|
||||
tag: v1.24.0@sha256:f6386a703b6a0679b6274cc366a6efe7a06b8b5b3391353465d9d1649b4584ef
|
||||
imaginaryImage:
|
||||
repository: tccr.io/truecharts/nextcloud-imaginary
|
||||
pullPolicy: IfNotPresent
|
||||
tag: v20230401@sha256:4f5e3895987a9d12336f772a64a77dd662c6c9bb2b96820b19ffbab58f3ff982
|
||||
hpbImage:
|
||||
repository: tccr.io/truecharts/nextcloud-push-notify
|
||||
pullPolicy: IfNotPresent
|
||||
tag: v0.6.3@sha256:25c0a2f0c3eeb64e26be102cc3be09d8ce19b8d05397e188f73f94de8359d339
|
||||
clamavImage:
|
||||
repository: tccr.io/truecharts/clamav
|
||||
pullPolicy: IfNotPresent
|
||||
tag: v1.1.0@sha256:ab196d867fcfddedc8dc965d67a2e6824ca65488cf616cc707e9c36efd54e086
|
||||
|
||||
nextcloud:
|
||||
# Initial Credentials
|
||||
credentials:
|
||||
initialAdminUser: admin
|
||||
initialAdminPassword: adminpass
|
||||
# General settings
|
||||
general:
|
||||
# Custom Nextcloud Scripts
|
||||
run_optimize: true
|
||||
default_phone_region: GR
|
||||
# IP used for exposing nextcloud,
|
||||
# often the loadbalancer IP
|
||||
accessIP: ""
|
||||
# File settings
|
||||
files:
|
||||
shared_folder_name: Shared
|
||||
max_chunk_size: 10485760
|
||||
# Expiration settings
|
||||
expirations:
|
||||
activity_expire_days: 90
|
||||
trash_retention_obligation: auto
|
||||
versions_retention_obligation: auto
|
||||
# Previews settings
|
||||
previews:
|
||||
enabled: true
|
||||
# It will also deploy the container
|
||||
imaginary: true
|
||||
cron: true
|
||||
schedule: "*/30 * * * *"
|
||||
max_x: 2048
|
||||
max_y: 2048
|
||||
max_memory: 1024
|
||||
max_file_size_image: 50
|
||||
jpeg_quality: 60
|
||||
square_sizes: 32 256
|
||||
width_sizes: 256 384
|
||||
height_sizes: 256
|
||||
# Casings are important
|
||||
# https://github.com/nextcloud/server/blob/master/config/config.sample.php#L1269
|
||||
# Only the last part of the provider is needed
|
||||
providers:
|
||||
- PNG
|
||||
- JPEG
|
||||
# Logging settings
|
||||
logging:
|
||||
log_level: 2
|
||||
log_file: /var/www/html/data/logs/nextcloud.log
|
||||
log_audit_file: /var/www/html/data/logs/audit.log
|
||||
log_date_format: d/m/Y H:i:s
|
||||
# ClamAV settings
|
||||
clamav:
|
||||
# It will also deploy the container
|
||||
# Note that this runs as root
|
||||
enabled: false
|
||||
stream_max_length: 26214400
|
||||
file_max_size: -1
|
||||
infected_action: only_log
|
||||
# Notify Push settings
|
||||
notify_push:
|
||||
# It will also deploy the container
|
||||
enabled: true
|
||||
# Collabora settings
|
||||
collabora:
|
||||
# It will not deploy the container
|
||||
# Only add the Collabora settings
|
||||
enabled: false
|
||||
url: ""
|
||||
allow_list:
|
||||
- 0.0.0.0/0
|
||||
onlyoffice:
|
||||
# It will not deploy the container
|
||||
# Only add the OnlyOffice settings
|
||||
enabled: false
|
||||
url: ""
|
||||
jwt: ""
|
||||
jwt_header: Authorization
|
||||
# PHP settings
|
||||
php:
|
||||
memory_limit: 1G
|
||||
upload_limit: 10G
|
||||
pm_max_children: 180
|
||||
pm_start_servers: 18
|
||||
pm_min_spare_servers: 12
|
||||
pm_max_spare_servers: 30
|
||||
|
||||
# Do NOT edit below this line
|
||||
workload:
|
||||
# Nextcloud php-fpm
|
||||
main:
|
||||
type: Deployment
|
||||
podSpec:
|
||||
containers:
|
||||
main:
|
||||
enabled: true
|
||||
primary: true
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: nextcloud-config
|
||||
probes:
|
||||
liveness:
|
||||
enabled: true
|
||||
type: exec
|
||||
command: /healthcheck.sh
|
||||
readiness:
|
||||
enabled: true
|
||||
type: exec
|
||||
command: /healthcheck.sh
|
||||
startup:
|
||||
enabled: true
|
||||
type: tcp
|
||||
port: "{{ .Values.service.nextcloud.ports.nextcloud.targetPort }}"
|
||||
nginx:
|
||||
enabled: true
|
||||
type: Deployment
|
||||
strategy: RollingUpdate
|
||||
replicas: 1
|
||||
podSpec:
|
||||
containers:
|
||||
nginx:
|
||||
enabled: true
|
||||
primary: true
|
||||
imageSelector: nginxImage
|
||||
probes:
|
||||
readiness:
|
||||
enabled: true
|
||||
path: /robots.txt
|
||||
port: "{{ .Values.service.main.ports.main.port }}"
|
||||
httpHeaders:
|
||||
Host: kube.internal.healthcheck
|
||||
liveness:
|
||||
enabled: true
|
||||
path: /robots.txt
|
||||
port: "{{ .Values.service.main.ports.main.port }}"
|
||||
httpHeaders:
|
||||
Host: kube.internal.healthcheck
|
||||
startup:
|
||||
enabled: true
|
||||
type: tcp
|
||||
port: "{{ .Values.service.main.ports.main.port }}"
|
||||
notify:
|
||||
enabled: true
|
||||
type: Deployment
|
||||
strategy: RollingUpdate
|
||||
replicas: 1
|
||||
podSpec:
|
||||
containers:
|
||||
notify:
|
||||
primary: true
|
||||
enabled: true
|
||||
imageSelector: hpbImage
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: hpb-config
|
||||
probes:
|
||||
readiness:
|
||||
enabled: true
|
||||
path: /push/test/cookie
|
||||
port: 7867
|
||||
httpHeaders:
|
||||
Host: kube.internal.healthcheck
|
||||
liveness:
|
||||
enabled: true
|
||||
path: /push/test/cookie
|
||||
port: 7867
|
||||
httpHeaders:
|
||||
Host: kube.internal.healthcheck
|
||||
startup:
|
||||
enabled: true
|
||||
type: tcp
|
||||
port: 7867
|
||||
imaginary:
|
||||
enabled: true
|
||||
type: Deployment
|
||||
strategy: RollingUpdate
|
||||
replicas: 1
|
||||
podSpec:
|
||||
containers:
|
||||
imaginary:
|
||||
primary: true
|
||||
enabled: true
|
||||
imageSelector: imaginaryImage
|
||||
command: imaginary
|
||||
args:
|
||||
- -p
|
||||
- "{{ .Values.service.imaginary.ports.imaginary.port }}"
|
||||
- -concurrency
|
||||
- "10"
|
||||
- -enable-url-source
|
||||
- -return-size
|
||||
probes:
|
||||
readiness:
|
||||
enabled: true
|
||||
path: /health
|
||||
port: "{{ .Values.service.imaginary.ports.imaginary.port }}"
|
||||
liveness:
|
||||
enabled: true
|
||||
path: /health
|
||||
port: "{{ .Values.service.imaginary.ports.imaginary.port }}"
|
||||
startup:
|
||||
enabled: true
|
||||
type: tcp
|
||||
port: "{{ .Values.service.imaginary.ports.imaginary.port }}"
|
||||
clamav:
|
||||
enabled: true
|
||||
type: Deployment
|
||||
strategy: RollingUpdate
|
||||
replicas: 1
|
||||
podSpec:
|
||||
containers:
|
||||
clamav:
|
||||
primary: true
|
||||
enabled: true
|
||||
imageSelector: clamavImage
|
||||
# FIXME: https://github.com/Cisco-Talos/clamav/issues/478
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
runAsNonRoot: false
|
||||
readOnlyRootFilesystem: false
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: clamav-config
|
||||
probes:
|
||||
readiness:
|
||||
enabled: true
|
||||
type: exec
|
||||
command: clamdcheck.sh
|
||||
liveness:
|
||||
enabled: true
|
||||
type: exec
|
||||
command: clamdcheck.sh
|
||||
startup:
|
||||
enabled: true
|
||||
type: tcp
|
||||
port: "{{ .Values.service.clamav.ports.clamav.targetPort }}"
|
||||
|
||||
cronjobs:
|
||||
# Don't change names, it's used in the persistence
|
||||
- name: nextcloud-cron
|
||||
enabled: true
|
||||
schedule: "*/5 * * * *"
|
||||
cmd:
|
||||
- echo "Running [php -f /var/www/html/cron.php] ..."
|
||||
- php -f /var/www/html/cron.php
|
||||
- echo "Finished [php -f /var/www/html/cron.php]"
|
||||
- name: preview-cron
|
||||
enabled: "{{ .Values.nextcloud.previews.cron }}"
|
||||
schedule: "{{ .Values.nextcloud.previews.schedule }}"
|
||||
cmd:
|
||||
- echo "Running [occ preview:pre-generate] ..."
|
||||
- occ preview:pre-generate
|
||||
- echo "Finished [occ preview:pre-generate]"
|
||||
|
||||
service:
|
||||
# Main service links to ingress easier
|
||||
# That's why the nginx is swapped with nextcloud
|
||||
main:
|
||||
targetSelector: nginx
|
||||
ports:
|
||||
main:
|
||||
targetSelector: nginx
|
||||
port: 8080
|
||||
nextcloud:
|
||||
enabled: true
|
||||
targetSelector: main
|
||||
ports:
|
||||
nextcloud:
|
||||
enabled: true
|
||||
targetSelector: main
|
||||
port: 9000
|
||||
targetPort: 9000
|
||||
notify:
|
||||
enabled: true
|
||||
targetSelector: notify
|
||||
ports:
|
||||
notify:
|
||||
enabled: true
|
||||
primary: true
|
||||
port: 7867
|
||||
targetPort: 7867
|
||||
targetSelector: notify
|
||||
metrics:
|
||||
enabled: true
|
||||
port: 7868
|
||||
targetSelector: notify
|
||||
imaginary:
|
||||
enabled: true
|
||||
targetSelector: imaginary
|
||||
ports:
|
||||
imaginary:
|
||||
enabled: true
|
||||
port: 9090
|
||||
targetSelector: imaginary
|
||||
clamav:
|
||||
enabled: true
|
||||
targetSelector: clamav
|
||||
ports:
|
||||
clamav:
|
||||
enabled: true
|
||||
port: 3310
|
||||
targetPort: 3310
|
||||
targetSelector: clamav
|
||||
|
||||
persistence:
|
||||
php-tune:
|
||||
enabled: true
|
||||
type: configmap
|
||||
objectName: php-tune
|
||||
targetSelector:
|
||||
main:
|
||||
main:
|
||||
mountPath: /usr/local/etc/php-fpm.d/zz-tune.conf
|
||||
subPath: zz-tune.conf
|
||||
readOnly: true
|
||||
redis-session:
|
||||
enabled: true
|
||||
type: configmap
|
||||
objectName: redis-session
|
||||
targetSelector:
|
||||
main:
|
||||
main:
|
||||
mountPath: /usr/local/etc/php/conf.d/redis-session.ini
|
||||
subPath: redis-session.ini
|
||||
readOnly: true
|
||||
nginx:
|
||||
enabled: true
|
||||
type: configmap
|
||||
objectName: nginx-config
|
||||
targetSelector:
|
||||
nginx:
|
||||
nginx:
|
||||
mountPath: /etc/nginx/nginx.conf
|
||||
subPath: nginx.conf
|
||||
readOnly: true
|
||||
nginx-temp:
|
||||
enabled: true
|
||||
type: emptyDir
|
||||
targetSelector:
|
||||
nginx:
|
||||
nginx:
|
||||
mountPath: /tmp/nginx
|
||||
html:
|
||||
enabled: true
|
||||
targetSelector:
|
||||
main:
|
||||
main:
|
||||
mountPath: /var/www/html
|
||||
nextcloud-cron:
|
||||
nextcloud-cron:
|
||||
mountPath: /var/www/html
|
||||
preview-cron:
|
||||
preview-cron:
|
||||
mountPath: /var/www/html
|
||||
nginx:
|
||||
nginx:
|
||||
mountPath: /var/www/html
|
||||
readOnly: true
|
||||
config:
|
||||
enabled: true
|
||||
targetSelector:
|
||||
main:
|
||||
main:
|
||||
mountPath: /var/www/html/config
|
||||
nextcloud-cron:
|
||||
nextcloud-cron:
|
||||
mountPath: /var/www/html/config
|
||||
preview-cron:
|
||||
preview-cron:
|
||||
mountPath: /var/www/html/config
|
||||
notify:
|
||||
notify:
|
||||
mountPath: /var/www/html/config
|
||||
readOnly: true
|
||||
nginx:
|
||||
nginx:
|
||||
mountPath: /var/www/html/config
|
||||
readOnly: true
|
||||
data:
|
||||
enabled: true
|
||||
targetSelector:
|
||||
main:
|
||||
main:
|
||||
mountPath: /var/www/html/data
|
||||
init-perms:
|
||||
mountPath: /var/www/html/data
|
||||
nextcloud-cron:
|
||||
nextcloud-cron:
|
||||
mountPath: /var/www/html/data
|
||||
preview-cron:
|
||||
preview-cron:
|
||||
mountPath: /var/www/html/data
|
||||
nginx:
|
||||
nginx:
|
||||
mountPath: /var/www/html/data
|
||||
readOnly: true
|
||||
|
||||
cnpg:
|
||||
main:
|
||||
enabled: true
|
||||
user: nextcloud
|
||||
database: nextcloud
|
||||
|
||||
redis:
|
||||
enabled: true
|
||||
username: default
|
||||
|
||||
portal:
|
||||
open:
|
||||
enabled: true
|
||||
@@ -30,8 +30,38 @@
|
||||
description: Automatically set permissions on install
|
||||
schema:
|
||||
show_if: [["type", "=", "hostPath"]]
|
||||
hidden: true
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: autoPermissions
|
||||
label: Automatic Permissions Configuration
|
||||
description: Automatically set permissions
|
||||
schema:
|
||||
show_if: [["type", "!=", "pvc"]]
|
||||
type: dict
|
||||
additional_attrs: true
|
||||
attrs:
|
||||
- variable: chown
|
||||
label: Run CHOWN
|
||||
description: |
|
||||
It will run CHOWN on the path with the given fsGroup
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: chmod
|
||||
label: Run CHMOD
|
||||
description: |
|
||||
It will run CHMOD on the path with the given value
|
||||
schema:
|
||||
type: string
|
||||
default: "775"
|
||||
- variable: recursive
|
||||
label: Recursive
|
||||
description: |
|
||||
It will run CHOWN and CHMOD recursively
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: readOnly
|
||||
label: Read Only
|
||||
schema:
|
||||
|
||||
Reference in New Issue
Block a user