304 lines
11 KiB
YAML
304 lines
11 KiB
YAML
---
|
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: "{{ .Release.Name }}-hr"
|
|
spec:
|
|
chart:
|
|
spec:
|
|
sourceRef:
|
|
name: "nextcloud"
|
|
{{- if .Values.chart.ref }}
|
|
kind: GitRepository
|
|
chart: "./charts/nextcloud"
|
|
reconcileStrategy: Revision
|
|
{{- else }}
|
|
kind: HelmRepository
|
|
chart: "nextcloud"
|
|
{{- end }}
|
|
install:
|
|
{{- toYaml .Values.commons.helm.release.install | nindent 4 }}
|
|
test:
|
|
{{- toYaml .Values.commons.helm.release.test | nindent 4 }}
|
|
upgrade:
|
|
{{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
|
|
driftDetection:
|
|
{{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
|
|
interval: 10m
|
|
values:
|
|
replicaCount: {{ .Values.replica.nextcloud }}
|
|
{{- $host := .Values.ingress.host | default (printf "fs.%s" .Values.commons.ingress.domain) }}
|
|
nextcloud:
|
|
update: true
|
|
username: nextcloud-admin
|
|
password: {{ .Values.adminPassword | default (derivePassword 1 "long" .Values.commons.masterPassword "nextcloud" "admin_password") | quote }}
|
|
host: {{ $host }}
|
|
mail:
|
|
enabled: true
|
|
fromAddress: {{ .Values.mail.from | default (printf "\"[%s] %s\" <%s>" .Values.commons.theme.title "nextcloud" .Values.commons.mail.from) | quote }}
|
|
domain: {{ .Values.mail.host | default .Values.commons.mail.host | quote }}
|
|
smtp:
|
|
host: {{ .Values.mail.host | default .Values.commons.mail.host | quote }}
|
|
port: 587
|
|
{{- if .Values.commons.mail.use_tls }}
|
|
secure: "tls"
|
|
{{- else if .Values.commons.mail.use_ssl }}
|
|
secure: "ssl"
|
|
{{- end }}
|
|
{{- if and .Values.commons.mail.username .Values.commons.mail.password}}
|
|
# there also "PLAIN" is supported
|
|
authtype: {{ .Values.mail.authtype }}
|
|
{{- end }}
|
|
name: {{ .Values.commons.mail.username | quote }}
|
|
password: {{ .Values.commons.mail.password | quote }}
|
|
|
|
{{- if .Values.imaginary.enabled }}
|
|
defaultConfigs:
|
|
imaginary.config.php: true
|
|
{{- end }}
|
|
configs:
|
|
proxy.config.php: |-
|
|
<?php
|
|
$CONFIG = array (
|
|
'allow_local_remote_servers' => true,
|
|
'trusted_proxies' => array(
|
|
0 => '127.0.0.1',
|
|
1 => '10.0.0.0/8',
|
|
),
|
|
'forwarded_for_headers' => array('HTTP_X_FORWARDED_FOR'),
|
|
);
|
|
custom-oidc.config.php: |-
|
|
<?php
|
|
$CONFIG = array(
|
|
'hide_login_form' => false,
|
|
'skeletondirectory' => '',
|
|
'lost_password_link' => 'https://{{ .Values.commons.auth.host | default (printf "auth.%s" .Values.commons.ingress.domain) }}/if/flow/default-recovery-flow/',
|
|
);
|
|
custom.config.php: |-
|
|
<?php
|
|
$CONFIG = array(
|
|
'default_language' => {{ .Values.default.language | squote }},
|
|
'default_phone_region' => {{ .Values.default.phoneRegion | squote }},
|
|
'maintenance_window_start' => {{ .Values.default.maintenanceWindowStart }},
|
|
);
|
|
{{- if .Values.imaginary.enabled }}
|
|
reviews.config.php: |-
|
|
<?php
|
|
$CONFIG = array(
|
|
'enabledPreviewProviders' => array(
|
|
'OC\Preview\Imaginary',
|
|
'OC\Preview\MP3',
|
|
'OC\Preview\MarkDown',
|
|
'OC\Preview\OpenDocument',
|
|
),
|
|
);
|
|
{{- end }}
|
|
{{- with .Values.config }}
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
|
|
{{- if or
|
|
.Values.commons.persistence.hostPath.enabled
|
|
}}
|
|
extraInitContainers:
|
|
- name: "take-ownership"
|
|
image: "alpine:3"
|
|
command: ["chown", "-R", "33:33", "/var/www/html/config" ]
|
|
volumeMounts:
|
|
- name: "nextcloud-main"
|
|
mountPath: /var/www/html/config
|
|
subPath: "config"
|
|
{{- end }}
|
|
extraEnv:
|
|
- name: NC_HOOK_OIDC_CLIENT_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Release.Name }}-auth-authentik-application
|
|
key: clientID
|
|
- name: NC_HOOK_OIDC_CLIENT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Release.Name }}-auth-authentik-application
|
|
key: clientSecret
|
|
- name: "NEXTCLOUD_MEMORY_LIMIT"
|
|
value: "{{ .Values.limits.memory }}"
|
|
- name: "PHP_MEMORY_LIMIT"
|
|
value: "{{ .Values.limits.memory }}"
|
|
- name: "PHP_UPLOAD_LIMIT"
|
|
value: "{{ .Values.limits.upload }}"
|
|
|
|
hooks:
|
|
# docu for theming: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/theming.html#configure-theming-through-cli
|
|
# /var/www/html/occ theming:config logo "{{ .Values.commons.theme.logo }}";
|
|
#
|
|
# TODO add group mapping after fix is there
|
|
# https://github.com/nextcloud/user_oidc/issues/744
|
|
# https://codeberg.org/wrenix/flux-charts/issues/7
|
|
before-starting: |-
|
|
#!/bin/sh
|
|
echo "update all apps:";
|
|
/var/www/html/occ app:update --all;
|
|
|
|
{{- $app := "user_oidc" }}
|
|
echo "=== manage: {{ $app }} ==="
|
|
echo "--- install: {{ $app }} ---"
|
|
/var/www/html/occ app:install {{ $app }};
|
|
/var/www/html/occ app:enable {{ $app }};
|
|
echo "--- configure: {{ $app }} ---"
|
|
/var/www/html/occ config:app:set -n {{ $app }} allow_multiple_user_backends --value="0"
|
|
/var/www/html/occ config:app:set -n {{ $app }} provider-1-groupProvisioning --value="1"
|
|
/var/www/html/occ user_oidc:provider mycloud \
|
|
--clientid $NC_HOOK_OIDC_CLIENT_ID \
|
|
--clientsecret $NC_HOOK_OIDC_CLIENT_SECRET \
|
|
--discoveryuri "https://{{ .Values.commons.auth.host | default (printf "auth.%s" .Values.commons.ingress.domain) }}/application/o/mycloud-nextcloud/.well-known/openid-configuration" \
|
|
--scope "openid email profile" \
|
|
--extra-claims=scope \
|
|
--mapping-uid={{ .Values.auth.idMapping }} \
|
|
--mapping-email=email \
|
|
--mapping-display-name=name \
|
|
--mapping-quota=quota \
|
|
--mapping-groups=groups \
|
|
--check-bearer=true \
|
|
--unique-uid=0;
|
|
|
|
|
|
{{- range $app,$appConfig := .Values.apps }}
|
|
echo "=== manage app: {{ $app }} ===";
|
|
{{- if $appConfig.enabled }}
|
|
echo "--- install: {{ $app }} ---"
|
|
/var/www/html/occ app:install {{ $app }}
|
|
/var/www/html/occ app:enable {{ $app }}
|
|
# config of app
|
|
echo "--- config: {{ $app }} ---"
|
|
{{- range $key, $value := $appConfig.config }}
|
|
/var/www/html/occ config:app:set -n {{ $app }} {{ $key }} --value={{ $value | quote }}
|
|
{{- end}}
|
|
{{- else }}
|
|
echo "--- disable: {{ $app }} ---"
|
|
/var/www/html/occ app:disable {{ $app }}
|
|
{{- end }}
|
|
{{- end }}{{/* end-range */}}
|
|
|
|
{{- if .Values.apps.richdocuments.enabled }}
|
|
echo "=== manage: richdocuments -> configure for mycloud-collabora ==="
|
|
/var/www/html/occ config:app:set -n richdocuments wopi_url --value={{ get .Values.apps.richdocuments.config "wopi_url" | default (printf "https://collabora.%s" $.Values.commons.ingress.domain) | quote }}
|
|
{{- end }}{{/* end-else-if richdocuments.enable */}}
|
|
|
|
echo "refresh index:";
|
|
/var/www/html/occ db:add-missing-indices;
|
|
|
|
echo "setup theming:";
|
|
/var/www/html/occ theming:config disable-user-theming yes;
|
|
/var/www/html/occ theming:config name "{{ .Values.commons.theme.title }}";
|
|
{{- with .Values.theme.color }}
|
|
/var/www/html/occ theming:config color {{ . | quote }};
|
|
/var/www/html/occ theming:config background backgroundColor;
|
|
{{- end }}
|
|
|
|
phpClientHttpsFix:
|
|
enabled: true
|
|
|
|
image:
|
|
flavor: fpm
|
|
nginx:
|
|
enabled: true
|
|
config:
|
|
headers:
|
|
"Strict-Transport-Security": "max-age=15768000; includeSubDomains; preload;"
|
|
|
|
imaginary:
|
|
enabled: {{ toYaml .Values.imaginary.enabled }}
|
|
|
|
notifyPush:
|
|
enabled: true
|
|
autoSetup: true
|
|
|
|
metrics:
|
|
enabled: true
|
|
image:
|
|
tag: 0.8.0
|
|
info:
|
|
apps: true
|
|
update: true
|
|
|
|
prometheus:
|
|
serviceMonitor:
|
|
enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") }}
|
|
labels:
|
|
{{- toYaml .Values.commons.prometheus.monitor.labels | nindent 10 }}
|
|
rules:
|
|
enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PrometheusRule") }}
|
|
labels:
|
|
{{- toYaml .Values.commons.prometheus.rules.labels | nindent 10 }}
|
|
|
|
ingress:
|
|
enabled: true
|
|
annotations:
|
|
{{- with .Values.commons.ingress.annotations }}
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.ingress.annotations }}
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.commons.ingress.tls.enabled }}
|
|
tls:
|
|
{{- with .Values.commons.ingress.tls.override }}
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- else }}
|
|
- secretName: "mycloud-nextcloud-cert"
|
|
hosts:
|
|
- "{{ $host }}"
|
|
{{- end }}
|
|
{{- end }}
|
|
|
|
cronjob:
|
|
enabled: true
|
|
|
|
redis:
|
|
enabled: true
|
|
replica:
|
|
# just one replica
|
|
replicaCount: {{ .Values.commons.redis.replicas }}
|
|
metrics:
|
|
enabled: true
|
|
serviceMonitor:
|
|
enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") }}
|
|
additionalLabels:
|
|
{{- toYaml .Values.commons.prometheus.monitor.labels | nindent 12 }}
|
|
prometheusRule:
|
|
# empty rules
|
|
enabled: false
|
|
# {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PrometheusRule") }}
|
|
additionalLabels:
|
|
{{- toYaml .Values.commons.prometheus.rules.labels | nindent 12 }}
|
|
rules: []
|
|
|
|
{{- $pvHelper := (or .Values.commons.persistence.hostPath.enabled) }}
|
|
{{- $storageClass := $pvHelper | ternary "manual" .Values.commons.persistence.storageClass }}
|
|
persistence:
|
|
enabled: true
|
|
{{- if $storageClass }}
|
|
storageClass: {{ $storageClass }}
|
|
{{- end}}
|
|
size: {{ .Values.persistence.main.size }}
|
|
nextcloudData:
|
|
enabled: true
|
|
{{- if $storageClass }}
|
|
storageClass: {{ $storageClass }}
|
|
{{- end}}
|
|
size: {{ .Values.persistence.data.size }}
|
|
|
|
internalDatabase:
|
|
enabled: false
|
|
postgresql:
|
|
enabled: false
|
|
mariadb:
|
|
enabled: false
|
|
|
|
externalDatabase:
|
|
enabled: true
|
|
type: postgresql
|
|
host: {{ .Values.database.host | quote }}
|
|
database: {{ .Values.database.name | quote }}
|
|
user: {{ .Values.database.username | quote }}
|
|
password: {{ .Values.database.password | default (derivePassword 1 "long" .Values.commons.masterPassword "nextcloud" "database_password" | b64enc) | quote }}
|