236 lines
8.5 KiB
YAML
236 lines
8.5 KiB
YAML
---
|
|
apiVersion: helm.toolkit.fluxcd.io/v2beta2
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: "{{ .Release.Name }}-hr"
|
|
spec:
|
|
chart:
|
|
spec:
|
|
sourceRef:
|
|
kind: GitRepository
|
|
name: "nextcloud"
|
|
chart: "./charts/nextcloud"
|
|
# TODO delete later
|
|
# https://codeberg.org/wrenix/flux-charts/issues/6
|
|
reconcileStrategy: "Revision"
|
|
install:
|
|
{{- toYaml .Values.commons.helm.release.install | nindent 4 }}
|
|
test:
|
|
{{- toYaml .Values.commons.helm.release.test | nindent 4 }}
|
|
upgrade:
|
|
{{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
|
|
driftDetection:
|
|
{{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
|
|
interval: 10m
|
|
values:
|
|
{{- $host := .Values.ingress.host | default (printf "fs.%s" .Values.commons.ingress.domain) }}
|
|
nextcloud:
|
|
update: true
|
|
username: nextcloud-admin
|
|
password: {{ .Values.adminPassword | default (derivePassword 1 "long" .Values.commons.masterPassword "nextcloud" "admin_password") | quote }}
|
|
host: {{ $host }}
|
|
mail:
|
|
enabled: true
|
|
fromAddress: {{ .Values.mail.from | default (printf "[%s] %s <%s>" .Values.commons.theme.title "nextcloud" .Values.commons.mail.from) | quote }}
|
|
domain: {{ .Values.mail.host | default .Values.commons.mail.host | quote }}
|
|
smtp:
|
|
host: {{ .Values.mail.host | default .Values.commons.mail.host | quote }}
|
|
port: 587
|
|
{{- if .Values.commons.mail.use_tls }}
|
|
secure: "tls"
|
|
{{- else if .Values.commons.mail.use_ssl }}
|
|
secure: "ssl"
|
|
{{- end }}
|
|
{{- if and .Values.commons.mail.username .Values.commons.mail.password}}
|
|
# there also "PLAIN" is supported
|
|
authtype: {{ .Values.mail.authtype }}
|
|
{{- end }}
|
|
name: {{ .Values.commons.mail.username | quote }}
|
|
password: {{ .Values.commons.mail.password | quote }}
|
|
|
|
configs:
|
|
proxy.config.php: |-
|
|
<?php
|
|
$CONFIG = array (
|
|
'allow_local_remote_servers' => true,
|
|
'trusted_proxies' => array(
|
|
0 => '127.0.0.1',
|
|
1 => '10.0.0.0/8',
|
|
),
|
|
'forwarded_for_headers' => array('HTTP_X_FORWARDED_FOR'),
|
|
);
|
|
custom-oidc.config.php: |-
|
|
<?php
|
|
$CONFIG = array(
|
|
'hide_login_form' => false,
|
|
'skeletondirectory' => '',
|
|
'lost_password_link' => 'https://{{ .Values.commons.auth.host | default (printf "auth.%s" .Values.commons.ingress.domain) }}/if/flow/default-recovery-flow/',
|
|
);
|
|
|
|
{{- if or
|
|
.Values.commons.persistence.hostPath.enabled
|
|
}}
|
|
extraInitContainers:
|
|
- name: "take-ownership"
|
|
image: "alpine:3"
|
|
command: ["chown", "-R", "33:33", "/var/www/html/config" ]
|
|
volumeMounts:
|
|
- name: "nextcloud-main"
|
|
mountPath: /var/www/html/config
|
|
subPath: "config"
|
|
{{- end }}
|
|
|
|
appManagement:
|
|
enabled: true
|
|
apps:
|
|
user_oidc:
|
|
enabled: true
|
|
config:
|
|
allow_multiple_user_backends: "0"
|
|
provider-1-groupProvisioning: "1"
|
|
##
|
|
# collabora
|
|
##
|
|
{{- with .Values.apps.richdocuments }}
|
|
{{- if .enabled }}
|
|
richdocuments:
|
|
enabled: true
|
|
{{- with .config }}
|
|
config:
|
|
{{- with (get . "wopi_url") }}
|
|
wopi_url: {{ . }}
|
|
{{- else }}
|
|
wopi_url: "https://collabora.{{ $.Values.commons.ingress.domain }}"
|
|
{{- end }}
|
|
{{- with (omit . "wopi_url") }}
|
|
{{- toYaml . | nindent 14 }}
|
|
{{- end }}
|
|
{{- end }}{{/* with .config */}}
|
|
{{- end }}{{/* end-if .enabled */}}
|
|
{{- end }}{{/* end-with .richdocuments */}}
|
|
{{- with (omit .Values.apps "richdocuments") }}
|
|
{{- toYaml . | nindent 10 }}
|
|
{{- end }}
|
|
|
|
hooks:
|
|
before-starting:
|
|
# docu for theming: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/theming.html#configure-theming-through-cli
|
|
# /var/www/html/occ theming:config logo "{{ .Values.commons.theme.logo }}";
|
|
#
|
|
# TODO add group mapping after fix is there
|
|
# https://github.com/nextcloud/user_oidc/issues/744
|
|
# https://codeberg.org/wrenix/flux-charts/issues/7
|
|
shell: |-
|
|
#!/bin/sh
|
|
echo "update all apps:";
|
|
/var/www/html/occ app:update --all;
|
|
|
|
echo "setup theming:";
|
|
/var/www/html/occ theming:config disable-user-theming yes;
|
|
/var/www/html/occ theming:config name "{{ .Values.commons.theme.title }}";
|
|
|
|
echo "setup oidc:";
|
|
/var/www/html/occ user_oidc:provider mycloud \
|
|
--clientid {{ .Values.auth.clientID | default (derivePassword 1 "long" .Values.commons.masterPassword "nextcloud" "auth.clientID") | squote }} \
|
|
--clientsecret {{ .Values.auth.clientSecret | default (derivePassword 1 "long" .Values.commons.masterPassword "nextcloud" "auth.clientSecret") | squote }} \
|
|
--discoveryuri "https://{{ .Values.commons.auth.host | default (printf "auth.%s" .Values.commons.ingress.domain) }}/application/o/mycloud-nextcloud/.well-known/openid-configuration" \
|
|
--scope "openid email profile" \
|
|
--extra-claims=scope \
|
|
--mapping-uid={{ .Values.auth.idMapping }} \
|
|
--mapping-email=email \
|
|
--mapping-display-name=name \
|
|
--mapping-quota=quota \
|
|
--mapping-groups=groups \
|
|
--check-bearer=true \
|
|
--unique-uid=0;
|
|
|
|
phpClientHttpsFix:
|
|
enabled: true
|
|
|
|
image:
|
|
flavor: fpm
|
|
nginx:
|
|
enabled: true
|
|
|
|
metrics:
|
|
enabled: true
|
|
serviceMonitor:
|
|
enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") }}
|
|
additionalLabels:
|
|
{{- toYaml .Values.commons.prometheus.monitor.labels | nindent 10 }}
|
|
rules:
|
|
enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PrometheusRule") }}
|
|
additionalLabels:
|
|
{{- toYaml .Values.commons.prometheus.rules.labels | nindent 10 }}
|
|
|
|
ingress:
|
|
enabled: true
|
|
annotations:
|
|
{{- with .Values.commons.ingress.annotations }}
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.ingress.annotations }}
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.commons.ingress.tls.enabled }}
|
|
tls:
|
|
{{- with .Values.commons.ingress.tls.override }}
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- else }}
|
|
- secretName: "mycloud-nextcloud-cert"
|
|
hosts:
|
|
- "{{ $host }}"
|
|
{{- end }}
|
|
{{- end }}
|
|
|
|
cronjob:
|
|
enabled: true
|
|
|
|
redis:
|
|
enabled: true
|
|
replica:
|
|
# just one replica
|
|
replicaCount: 1
|
|
metrics:
|
|
enabled: true
|
|
serviceMonitor:
|
|
enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") }}
|
|
additionalLabels:
|
|
{{- toYaml .Values.commons.prometheus.monitor.labels | nindent 12 }}
|
|
prometheusRule:
|
|
# empty rules
|
|
enabled: false
|
|
# {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PrometheusRule") }}
|
|
additionalLabels:
|
|
{{- toYaml .Values.commons.prometheus.rules.labels | nindent 12 }}
|
|
rules: []
|
|
|
|
{{- $pvHelper := (or .Values.commons.persistence.hostPath.enabled) }}
|
|
{{- $storageClass := $pvHelper | ternary "manual" .Values.commons.persistence.storageClass }}
|
|
persistence:
|
|
enabled: true
|
|
{{- if $storageClass }}
|
|
storageClass: {{ $storageClass }}
|
|
{{- end}}
|
|
size: {{ .Values.persistence.main.size }}
|
|
nextcloudData:
|
|
enabled: true
|
|
{{- if $storageClass }}
|
|
storageClass: {{ $storageClass }}
|
|
{{- end}}
|
|
size: {{ .Values.persistence.data.size }}
|
|
|
|
internalDatabase:
|
|
enabled: false
|
|
postgresql:
|
|
enabled: false
|
|
mariadb:
|
|
enabled: false
|
|
|
|
externalDatabase:
|
|
enabled: true
|
|
type: postgresql
|
|
host: {{ .Values.database.host | quote }}
|
|
database: {{ .Values.database.name | quote }}
|
|
user: {{ .Values.database.username | quote }}
|
|
password: {{ .Values.database.password | default (derivePassword 1 "long" .Values.commons.masterPassword "nextcloud" "database_password") | quote }}
|