Cloned2Preserve
/
TrueChartsCatalogClone
mirror of https://github.com/truecharts/catalog.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Commit new App releases for TrueCharts 

Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
This commit is contained in:
TrueCharts-Bot 2022-07-06 11:31:50 +00:00
parent 5fe5adb08d
commit 58142524e6
20 changed files with 6851 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
stable/nextcloud/15.0.0/CHANGELOG.md Normal file
View File

@ -0,0 +1,99 @@
# Changelog<br>
<a name="nextcloud-15.0.0"></a>
### [nextcloud-15.0.0](https://github.com/truecharts/apps/compare/nextcloud-14.0.16...nextcloud-15.0.0) (2022-07-06)
<a name="nextcloud-14.0.16"></a>
### [nextcloud-14.0.16](https://github.com/truecharts/apps/compare/nextcloud-14.0.15...nextcloud-14.0.16) (2022-07-05)
#### Chore
* update helm general non-major helm releases ([#3075](https://github.com/truecharts/apps/issues/3075))
<a name="nextcloud-14.0.15"></a>
### [nextcloud-14.0.15](https://github.com/truecharts/apps/compare/nextcloud-14.0.14...nextcloud-14.0.15) (2022-07-04)
#### Chore
* update helm general non-major helm releases ([#3066](https://github.com/truecharts/apps/issues/3066))
<a name="nextcloud-14.0.14"></a>
### [nextcloud-14.0.14](https://github.com/truecharts/apps/compare/nextcloud-14.0.13...nextcloud-14.0.14) (2022-07-01)
#### Chore
* update docker general non-major ([#3015](https://github.com/truecharts/apps/issues/3015))
<a name="nextcloud-14.0.13"></a>
### [nextcloud-14.0.13](https://github.com/truecharts/apps/compare/nextcloud-14.0.12...nextcloud-14.0.13) (2022-06-29)
#### Chore
* update docker general non-major ([#3002](https://github.com/truecharts/apps/issues/3002))
<a name="nextcloud-14.0.12"></a>
### [nextcloud-14.0.12](https://github.com/truecharts/apps/compare/nextcloud-14.0.11...nextcloud-14.0.12) (2022-06-27)
#### Chore
* update docker general non-major ([#2999](https://github.com/truecharts/apps/issues/2999))
<a name="nextcloud-14.0.11"></a>
### [nextcloud-14.0.11](https://github.com/truecharts/apps/compare/nextcloud-14.0.10...nextcloud-14.0.11) (2022-06-26)
#### Chore
* update docker general non-major ([#2988](https://github.com/truecharts/apps/issues/2988))
<a name="nextcloud-14.0.10"></a>
### [nextcloud-14.0.10](https://github.com/truecharts/apps/compare/nextcloud-14.0.9...nextcloud-14.0.10) (2022-06-25)
<a name="nextcloud-14.0.9"></a>
### [nextcloud-14.0.9](https://github.com/truecharts/apps/compare/nextcloud-14.0.8...nextcloud-14.0.9) (2022-06-25)
#### Chore
* update helm general non-major helm releases ([#2977](https://github.com/truecharts/apps/issues/2977))
<a name="nextcloud-14.0.8"></a>
### [nextcloud-14.0.8](https://github.com/truecharts/apps/compare/nextcloud-14.0.7...nextcloud-14.0.8) (2022-06-25)
#### Chore
* update docker general non-major ([#2960](https://github.com/truecharts/apps/issues/2960))
<a name="nextcloud-14.0.7"></a>
### [nextcloud-14.0.7](https://github.com/truecharts/apps/compare/nextcloud-14.0.6...nextcloud-14.0.7) (2022-06-22)
#### Chore
* update docker general non-major ([#2954](https://github.com/truecharts/apps/issues/2954))
* update helm general non-major helm releases ([#2948](https://github.com/truecharts/apps/issues/2948))
<a name="nextcloud-14.0.6"></a>
### [nextcloud-14.0.6](https://github.com/truecharts/apps/compare/nextcloud-14.0.5...nextcloud-14.0.6) (2022-06-21)
#### Chore

7
stable/nextcloud/15.0.0/CONFIG.md Normal file
View File

@ -0,0 +1,7 @@
# Configuration Options
##### Connecting to other apps
If you need to connect this App to other Apps on TrueNAS SCALE, please refer to our [Linking Apps Internally](https://truecharts.org/manual/Quick-Start%20Guides/06-linking-apps/) quick-start guide.
##### Available config options
In the future this page is going to contain an automated list of options available in the installation/edit UI.

12
stable/nextcloud/15.0.0/Chart.lock Normal file
View File

@ -0,0 +1,12 @@
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 10.2.0
- name: postgresql
repository: https://charts.truecharts.org/
version: 8.0.22
- name: redis
repository: https://charts.truecharts.org
version: 3.0.22
digest: sha256:82453b7bc640176ac92a18d336e348ce5c0979c0a8ebb87ab52fefe9ec037c2c
generated: "2022-07-06T11:27:21.134371574Z"

41
stable/nextcloud/15.0.0/Chart.yaml Normal file
View File

@ -0,0 +1,41 @@
apiVersion: v2
appVersion: "24.0.2"
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 10.2.0
- condition: postgresql.enabled
name: postgresql
repository: https://charts.truecharts.org/
version: 8.0.22
- condition: redis.enabled
name: redis
repository: https://charts.truecharts.org
version: 3.0.22
deprecated: false
description: A private cloud server that puts the control and security of your own
data back into your hands.
home: https://github.com/truecharts/apps/tree/master/charts/stable/nextcloud
icon: https://truecharts.org/_static/img/appicons/nextcloud.png
keywords:
- nextcloud
- storage
- http
- web
- php
kubeVersion: '>=1.16.0-0'
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: https://truecharts.org
name: nextcloud
sources:
- https://github.com/nextcloud/docker
- https://github.com/nextcloud/helm
type: application
version: 15.0.0
annotations:
truecharts.org/catagories: |
- cloud
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U

40
stable/nextcloud/15.0.0/README.md Normal file
View File

@ -0,0 +1,40 @@
# Introduction
A private cloud server that puts the control and security of your own data back into your hands.
TrueCharts are designed to be installed as TrueNAS SCALE app only. We can not guarantee this charts works as a stand-alone helm installation.
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/apps/issues/new/choose)**
## Source Code
* <https://github.com/nextcloud/docker>
* <https://github.com/nextcloud/helm>
## Requirements
Kubernetes: `>=1.16.0-0`
## Dependencies
| Repository | Name | Version |
|------------|------|---------|
| https://charts.truecharts.org/ | postgresql | 8.0.22 |
| https://charts.truecharts.org | redis | 3.0.22 |
| https://library-charts.truecharts.org | common | 10.2.0 |
## Installing the Chart
To install this App on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/02-Installing-an-App/).
## Upgrading, Rolling Back and Uninstalling the Chart
To upgrade, rollback or delete this App from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/04-Upgrade-rollback-delete-an-App/).
## Support
- Please check our [quick-start guides](https://truecharts.org/manual/Quick-Start%20Guides/01-Adding-TrueCharts/) first.
- See the [Wiki](https://truecharts.org)
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
- Open a [issue](https://github.com/truecharts/apps/issues/new/choose)
---
All Rights Reserved - The TrueCharts Project

3
stable/nextcloud/15.0.0/app-readme.md Normal file
View File

@ -0,0 +1,3 @@
A private cloud server that puts the control and security of your own data back into your hands.
This App is supplied by TrueCharts, for more information please visit https://truecharts.org

BIN
stable/nextcloud/15.0.0/charts/common-10.2.0.tgz Normal file
View File

Binary file not shown.

BIN
stable/nextcloud/15.0.0/charts/postgresql-8.0.22.tgz Normal file
View File

Binary file not shown.

BIN
stable/nextcloud/15.0.0/charts/redis-3.0.22.tgz Normal file
View File

Binary file not shown.

11
stable/nextcloud/15.0.0/ci/basic-values.yaml Normal file
View File

@ -0,0 +1,11 @@
env:
# IP used for exposing nextcloud
# Often the service or nodePort IP
AccessIP: "127.0.0.1"
service:
main:
ports:
main:
port: 8080
targetPort: 8080

70
stable/nextcloud/15.0.0/helm-values.md Normal file
View File

@ -0,0 +1,70 @@
# Default Helm-Values
TrueCharts is primarily build to supply TrueNAS SCALE Apps.
However, we also supply all Apps as standard Helm-Charts. In this document we aim to document the default values in our values.yaml file.
Most of our Apps also consume our "common" Helm Chart.
If this is the case, this means that all values.yaml values are set to the common chart values.yaml by default. This values.yaml file will only contain values that deviate from the common chart.
You will, however, be able to use all values referenced in the common chart here, besides the values listed in this document.
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| cronjob.annotations | object | `{}` | |
| cronjob.failedJobsHistoryLimit | int | `5` | |
| cronjob.schedule | string | `"*/5 * * * *"` | |
| cronjob.successfulJobsHistoryLimit | int | `2` | |
| env.POSTGRES_DB | string | `"{{ .Values.postgresql.postgresqlDatabase }}"` | |
| env.POSTGRES_USER | string | `"{{ .Values.postgresql.postgresqlUsername }}"` | |
| env.TRUSTED_PROXIES | string | `"172.16.0.0/16"` | |
| envFrom[0].configMapRef.name | string | `"nextcloudconfig"` | |
| envValueFrom.POSTGRES_HOST.secretKeyRef.key | string | `"plainporthost"` | |
| envValueFrom.POSTGRES_HOST.secretKeyRef.name | string | `"dbcreds"` | |
| envValueFrom.POSTGRES_PASSWORD.secretKeyRef.key | string | `"postgresql-password"` | |
| envValueFrom.POSTGRES_PASSWORD.secretKeyRef.name | string | `"dbcreds"` | |
| envValueFrom.REDIS_HOST.secretKeyRef.key | string | `"plainhost"` | |
| envValueFrom.REDIS_HOST.secretKeyRef.name | string | `"rediscreds"` | |
| envValueFrom.REDIS_HOST_PASSWORD.secretKeyRef.key | string | `"redis-password"` | |
| envValueFrom.REDIS_HOST_PASSWORD.secretKeyRef.name | string | `"rediscreds"` | |
| image.pullPolicy | string | `"IfNotPresent"` | |
| image.repository | string | `"tccr.io/truecharts/nextcloud"` | |
| image.tag | string | `"v23.0.3@sha256:c8d8684edb42934ffc0140dc71bb97d4d0f691d5823a662a777898141e4c0827"` | |
| persistence.data.enabled | bool | `true` | |
| persistence.data.mountPath | string | `"/var/www/html"` | |
| podSecurityContext.fsGroup | int | `33` | |
| podSecurityContext.runAsGroup | int | `0` | |
| podSecurityContext.runAsUser | int | `0` | |
| postgresql.enabled | bool | `true` | |
| postgresql.existingSecret | string | `"dbcreds"` | |
| postgresql.postgresqlDatabase | string | `"nextcloud"` | |
| postgresql.postgresqlUsername | string | `"nextcloud"` | |
| probes.liveness.custom | bool | `true` | |
| probes.liveness.spec.httpGet.httpHeaders[0].name | string | `"Host"` | |
| probes.liveness.spec.httpGet.httpHeaders[0].value | string | `"test.fakedomain.dns"` | |
| probes.liveness.spec.httpGet.path | string | `"/status.php"` | |
| probes.liveness.spec.httpGet.port | int | `80` | |
| probes.readiness.custom | bool | `true` | |
| probes.readiness.spec.httpGet.httpHeaders[0].name | string | `"Host"` | |
| probes.readiness.spec.httpGet.httpHeaders[0].value | string | `"test.fakedomain.dns"` | |
| probes.readiness.spec.httpGet.path | string | `"/status.php"` | |
| probes.readiness.spec.httpGet.port | int | `80` | |
| probes.startup.custom | bool | `true` | |
| probes.startup.spec.httpGet.httpHeaders[0].name | string | `"Host"` | |
| probes.startup.spec.httpGet.httpHeaders[0].value | string | `"test.fakedomain.dns"` | |
| probes.startup.spec.httpGet.path | string | `"/status.php"` | |
| probes.startup.spec.httpGet.port | int | `80` | |
| redis.enabled | bool | `true` | |
| redis.existingSecret | string | `"rediscreds"` | |
| secret.NEXTCLOUD_ADMIN_PASSWORD | string | `"adminpass"` | |
| secret.NEXTCLOUD_ADMIN_USER | string | `"admin"` | |
| securityContext.readOnlyRootFilesystem | bool | `false` | |
| securityContext.runAsNonRoot | bool | `false` | |
| service.hpb.enabled | bool | `true` | |
| service.hpb.ports.hpb.enabled | bool | `true` | |
| service.hpb.ports.hpb.port | int | `7867` | |
| service.hpb.ports.hpb.targetPort | int | `7867` | |
| service.main.ports.main.port | int | `10020` | |
| service.main.ports.main.targetPort | int | `80` | |
All Rights Reserved - The TrueCharts Project

374
stable/nextcloud/15.0.0/ix_values.yaml Normal file
View File

@ -0,0 +1,374 @@
image:
repository: tccr.io/truecharts/nextcloud-fpm
pullPolicy: IfNotPresent
tag: v24.0.2@sha256:2e8ce7bc258d243b81a3ff65bbae356e8e94d7844758f4342ca711709bdbe078
securityContext:
readOnlyRootFilesystem: false
runAsNonRoot: false
podSecurityContext:
runAsUser: 0
runAsGroup: 0
fsGroup: 33
service:
main:
ports:
main:
port: 10020
targetPort: 8080
backend:
enabled: true
ports:
hpb:
enabled: true
port: 7867
targetPort: 7867
hpb-metrics:
enabled: true
port: 7868
targetPort: 7868
fpm:
enabled: true
port: 9000
targetPort: 9000
secretEnv:
NEXTCLOUD_ADMIN_USER: "admin"
NEXTCLOUD_ADMIN_PASSWORD: "adminpass"
probes:
liveness:
custom: true
spec:
initialDelaySeconds: 25
httpGet:
path: /status.php
port: 8080
httpHeaders:
- name: Host
value: "test.fakedomain.dns"
readiness:
custom: true
spec:
initialDelaySeconds: 25
httpGet:
path: /status.php
port: 8080
httpHeaders:
- name: Host
value: "test.fakedomain.dns"
startup:
custom: true
spec:
initialDelaySeconds: 25
httpGet:
path: /status.php
port: 8080
httpHeaders:
- name: Host
value: "test.fakedomain.dns"
initContainers:
prestart:
image: '{{ include "tc.common.images.selector" . }}'
securityContext:
runAsUser: 0
runAsGroup: 0
privileged: true
command:
- "/bin/sh"
- "-c"
- |
/bin/bash <<'EOF'
if [[ -f /data/config/config.php ]] && [[ ! -f /html/config/config.php ]]; then
echo "migrating from single to dual PVC's..."
echo "moving to placeholder location..."
mv -f /var/www/html/data/* /var/www/html/data/tomigrate/
echo "moving userdata to data-pvc root..."
mv -f /var/www/html/data/tomigrate/data/* /var/www/html/data/
echo "removing old data folder..."
rm -rf /var/www/html/data/tomigrate/data
echo "moving config, apps, templates and other content to html-pvc root..."
mv -f /var/www/html/data/tomigrate/data/* /var/www/html/data/
echo "Removing migration temporary folder..."
rm -rf /var/www/html/data/tomigrate
fi
echo "Enforcing chmod 770 on data-dir..."
chmod 770 /var/www/html/data
echo "Migrating old data when found..."
EOF
volumeMounts:
- name: data
mountPath: "/var/www/html/data"
- name: html
mountPath: "/var/www/html"
env:
# IP used for exposing nextcloud
# Often the service or nodePort IP
# Defaults to the main serviceName for CI purposes.
AccessIP:
TRUSTED_PROXIES: "172.16.0.0/16 127.0.0.1"
POSTGRES_DB: "{{ .Values.postgresql.postgresqlDatabase }}"
POSTGRES_USER: "{{ .Values.postgresql.postgresqlUsername }}"
POSTGRES_PASSWORD:
secretKeyRef:
name: dbcreds
key: postgresql-password
POSTGRES_HOST:
secretKeyRef:
name: dbcreds
key: plainporthost
REDIS_HOST:
secretKeyRef:
name: rediscreds
key: plainhost
REDIS_HOST_PASSWORD:
secretKeyRef:
name: rediscreds
key: redis-password
envFrom:
- configMapRef:
name: nextcloudconfig
persistence:
html:
enabled: true
mountPath: "/var/www/html"
data:
enabled: true
mountPath: "/var/www/html/data"
varrun:
enabled: true
cache:
enabled: true
type: emptyDir
mountPath: /var/cache/nginx
medium: Memory
nginx:
enabled: "true"
mountPath: "/etc/nginx"
noMount: true
readOnly: true
type: "custom"
volumeSpec:
configMap:
name: '{{ include "tc.common.names.fullname" . }}-nginx'
items:
- key: nginx.conf
path: nginx.conf
configmap:
nginx:
enabled: true
data:
nginx.conf: |-
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
# Prevent nginx HTTP Server Detection
server_tokens off;
keepalive_timeout 65;
#gzip on;
upstream php-handler {
server 127.0.0.1:9000;
}
server {
listen 8080;
# Forward Notify_Push "High Performance Backend" to it's own container
location ^~ /push/ {
proxy_pass http://127.0.0.1:7867/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# HSTS settings
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Pagespeed is not supported by Nextcloud, so if your server is built
# with the `ngx_pagespeed` module, uncomment this line to disable it.
#pagespeed off;
# HTTP response headers borrowed from Nextcloud `.htaccess`
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/html;
# Specify how to handle directories -- specifying `/index.php$request_uri`
# here as the fallback means that Nginx always exhibits the desired behaviour
# when a client requests a path that corresponds to a directory that exists
# on the server. In particular, if that directory contains an index.php file,
# that file is correctly served; if it doesn't, then the request is passed to
# the front-end controller. This consistent behaviour means that we don't need
# to specify custom rules for certain paths (e.g. images and other assets,
# `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
# `try_files $uri $uri/ /index.php$request_uri`
# always provides the desired behaviour.
index index.php index.html /index.php$request_uri;
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
location = / {
if ( $http_user_agent ~ ^DavClnt ) {
return 302 /remote.php/webdav/$is_args$args;
}
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Make a regex exception for `/.well-known` so that clients can still
# access it despite the existence of the regex rule
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
# for `/.well-known`.
location ^~ /.well-known {
# The rules in this block are an adaptation of the rules
# in `.htaccess` that concern `/.well-known`.
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
# Let Nextcloud's API for `/.well-known` URIs handle all other
# requests by passing them to the front-end controller.
return 301 /index.php$request_uri;
}
# Rules borrowed from `.htaccess` to hide certain paths from clients
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
# which handle static assets (as seen below). If this block is not declared first,
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
# to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) {
# Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
#fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ \.(?:css|js|svg|gif)$ {
try_files $uri /index.php$request_uri;
expires 6M; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
location ~ \.woff2?$ {
try_files $uri /index.php$request_uri;
expires 7d; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
# Rule borrowed from `.htaccess`
location /remote {
return 301 /remote.php$request_uri;
}
location / {
try_files $uri $uri/ /index.php$request_uri;
}
}
}
cronjob:
enabled: true
schedule: "*/5 * * * *"
annotations: {}
failedJobsHistoryLimit: 5
successfulJobsHistoryLimit: 2
hpb:
enabled: true
postgresql:
enabled: true
existingSecret: "dbcreds"
postgresqlUsername: nextcloud
postgresqlDatabase: nextcloud
redis:
enabled: true
existingSecret: "rediscreds"

2653
stable/nextcloud/15.0.0/questions.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

3257
stable/nextcloud/15.0.0/security.md Normal file
View File

File diff suppressed because one or more lines are too long

29
stable/nextcloud/15.0.0/templates/_configmap.tpl Normal file
View File

@ -0,0 +1,29 @@
{{/* Define the configmap */}}
{{- define "nextcloud.configmap" -}}
{{- $hosts := "" }}
{{- if .Values.ingress.main.enabled }}
{{- range .Values.ingress }}
{{- range $index, $host := .hosts }}
{{- if $index }}
{{ $hosts = ( printf "%v %v" $hosts $host.host ) }}
{{- else }}
{{ $hosts = ( printf "%s" $host.host ) }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nextcloudconfig
data:
NEXTCLOUD_TRUSTED_DOMAINS: {{ ( printf "%v %v %v %v %v %v %v %v" "test.fakedomain.dns" "localhost" "127.0.0.1" ( printf "%v:%v" "127.0.0.1" .Values.service.main.ports.main.port ) ( .Values.env.AccessIP | default "localhost" ) ( printf "%v-%v" .Release.Name "nextcloud" ) ( printf "%v-%v" .Release.Name "nextcloud-backend" ) $hosts ) | quote }}
{{- if .Values.ingress.main.enabled }}
APACHE_DISABLE_REWRITE_IP: "1"
{{- end }}
{{- end -}}

59
stable/nextcloud/15.0.0/templates/_cronjob.tpl Normal file
View File

@ -0,0 +1,59 @@
{{/* Define the cronjob */}}
{{- define "nextcloud.cronjob" -}}
{{- if .Values.cronjob.enabled -}}
{{- $jobName := include "tc.common.names.fullname" . }}
---
apiVersion: batch/v1
kind: CronJob
metadata:
name: {{ printf "%s-cronjob" $jobName }}
labels:
{{- include "tc.common.labels" . | nindent 4 }}
spec:
schedule: "{{ .Values.cronjob.schedule }}"
concurrencyPolicy: Forbid
{{- with .Values.cronjob.failedJobsHistoryLimit }}
failedJobsHistoryLimit: {{ . }}
{{- end }}
{{- with .Values.cronjob.successfulJobsHistoryLimit }}
successfulJobsHistoryLimit: {{ . }}
{{- end }}
jobTemplate:
metadata:
spec:
template:
metadata:
spec:
restartPolicy: Never
{{- with (include "tc.common.controller.volumes" . | trim) }}
volumes:
{{- nindent 12 . }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: '{{ include "tc.common.images.selector" . }}'
imagePullPolicy: {{ default .Values.image.pullPolicy }}
command:
- "/bin/sh"
- "-c"
- |
/bin/bash <<'EOF'
echo "running nextcloud cronjob..."
php -f /var/www/html/cron.php
echo "cronjob finished"
EOF
# Will mount configuration files as www-data (id: 33) by default for nextcloud
{{- with (include "tc.common.controller.volumeMounts" . | trim) }}
volumeMounts:
{{ nindent 16 . }}
{{- end }}
securityContext:
runAsUser: 33
runAsGroup: 33
readOnlyRootFilesystem: true
runAsNonRoot: true
resources:
{{ toYaml .Values.resources | indent 16 }}
{{- end -}}
{{- end -}}

123
stable/nextcloud/15.0.0/templates/_hpb.tpl Normal file
View File

@ -0,0 +1,123 @@
{{/* Define the hbp container */}}
{{- define "nextcloud.hpb" -}}
{{- $jobName := include "tc.common.names.fullname" . }}
image: '{{ include "tc.common.images.selector" . }}'
imagePullPolicy: '{{ .Values.image.pullPolicy }}'
securityContext:
runAsUser: 33
runAsGroup: 33
readOnlyRootFilesystem: true
runAsNonRoot: true
{{- with (include "tc.common.controller.volumeMounts" . | trim) }}
volumeMounts:
{{ nindent 2 . }}
{{- end }}
ports:
- containerPort: 7867
readinessProbe:
httpGet:
path: /push/test/cookie
port: 7867
httpHeaders:
- name: Host
value: "test.fakedomain.dns"
initialDelaySeconds: {{ .Values.probes.readiness.spec.initialDelaySeconds }}
periodSeconds: {{ .Values.probes.readiness.spec.periodSeconds }}
timeoutSeconds: {{ .Values.probes.readiness.spec.timeoutSeconds }}
failureThreshold: {{ .Values.probes.readiness.spec.failureThreshold }}
livenessProbe:
httpGet:
path: /push/test/cookie
port: 7867
httpHeaders:
- name: Host
value: "test.fakedomain.dns"
initialDelaySeconds: {{ .Values.probes.liveness.spec.initialDelaySeconds }}
periodSeconds: {{ .Values.probes.liveness.spec.periodSeconds }}
timeoutSeconds: {{ .Values.probes.liveness.spec.timeoutSeconds }}
failureThreshold: {{ .Values.probes.liveness.spec.failureThreshold }}
startupProbe:
httpGet:
path: /push/test/cookie
port: 7867
httpHeaders:
- name: Host
value: "test.fakedomain.dns"
initialDelaySeconds: {{ .Values.probes.startup.spec.initialDelaySeconds }}
periodSeconds: {{ .Values.probes.startup.spec.periodSeconds }}
timeoutSeconds: {{ .Values.probes.startup.spec.timeoutSeconds }}
failureThreshold: {{ .Values.probes.startup.spec.failureThreshold }}
command:
- "/bin/sh"
- "-c"
- |
/bin/bash <<'EOF'
set -m
echo "Waiting for notify_push file to be available..."
until [ -f /var/www/html/custom_apps/notify_push/bin/x86_64/notify_push ]
do
sleep 10
echo "Notify_push not found... waiting..."
done
echo "Waiting for Nextcloud to start..."
until $(curl --output /dev/null --silent --head --fail -H "Host: test.fakedomain.dns" http://127.0.0.1:8080/status.php); do
echo "Nextcloud not found... waiting..."
sleep 10
done
until $(curl --silent --fail -H "Host: test.fakedomain.dns" http://127.0.0.1:8080/status.php | jq --raw-output '.installed' | grep "true"); do
echo "Nextcloud not installed... waiting..."
sleep 10
done
echo "Nextcloud instance with Notify_push found... Launching High Performance Backend..."
/var/www/html/custom_apps/notify_push/bin/x86_64/notify_push /var/www/html/config/config.php &
until $(curl --output /dev/null --silent --head --fail -H "Host: test.fakedomain.dns" http://127.0.0.1:7867/push/test/cookie); do
echo "High Performance Backend not running ... waiting..."
sleep 10
done
echo "High Performance Backend found..."
{{- $accessurl := ( printf "http://%v:%v" ( .Values.env.AccessIP | default ( printf "%v-%v" .Release.Name "nextcloud" ) ) .Values.service.main.ports.main.port ) }}
{{- if .Values.ingress.main.enabled }}
{{- with (first .Values.ingress.main.hosts) }}
{{- $accessurl = ( printf "https://%s" .host ) }}
{{- end }}
{{- end }}
echo "Configuring High Performance Backend for url: {{ $accessurl }}"
php /var/www/html/occ notify_push:setup {{ $accessurl }}/push
fg
EOF
env:
- name: NEXTCLOUD_URL
value: 'http://127.0.0.1:8080'
- name: METRICS_PORT
value: '7868'
- name: TRUSTED_PROXIES
value: "{{ .Values.env.TRUSTED_PROXIES }}"
- name: POSTGRES_DB
value: "{{ .Values.postgresql.postgresqlDatabase }}"
- name: POSTGRES_USER
value: "{{ .Values.postgresql.postgresqlUsername }}"
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: dbcreds
key: postgresql-password
- name: POSTGRES_HOST
valueFrom:
secretKeyRef:
name: dbcreds
key: plainporthost
- name: REDIS_HOST
valueFrom:
secretKeyRef:
name: rediscreds
key: plainhost
- name: REDIS_HOST_PASSWORD
valueFrom:
secretKeyRef:
name: rediscreds
key: redis-password
envFrom:
- configMapRef:
name: nextcloudconfig
{{- end -}}

54
stable/nextcloud/15.0.0/templates/_nginx.tpl Normal file
View File

@ -0,0 +1,54 @@
{{/* Define the nginx container */}}
{{- define "nextcloud.nginx" -}}
image: tccr.io/truecharts/nginx-unprivileged:v1.23.0@sha256:e0e989581b7935192d6023ac4a2c19045df39b69b43b894fedbd09726b34c133
imagePullPolicy: '{{ .Values.image.pullPolicy }}'
securityContext:
runAsUser: 33
runAsGroup: 33
readOnlyRootFilesystem: true
runAsNonRoot: true
{{- with (include "tc.common.controller.volumeMounts" . | trim) }}
volumeMounts:
{{ nindent 2 . }}
{{- end }}
- mountPath: /etc/nginx/nginx.conf
name: nginx
readOnly: true
subPath: nginx.conf
ports:
- containerPort: 8080
readinessProbe:
httpGet:
path: /robots.txt
port: 8080
httpHeaders:
- name: Host
value: "test.fakedomain.dns"
initialDelaySeconds: {{ .Values.probes.readiness.spec.initialDelaySeconds }}
periodSeconds: {{ .Values.probes.readiness.spec.periodSeconds }}
timeoutSeconds: {{ .Values.probes.readiness.spec.timeoutSeconds }}
failureThreshold: {{ .Values.probes.readiness.spec.failureThreshold }}
livenessProbe:
httpGet:
path: /robots.txt
port: 8080
httpHeaders:
- name: Host
value: "test.fakedomain.dns"
initialDelaySeconds: {{ .Values.probes.liveness.spec.initialDelaySeconds }}
periodSeconds: {{ .Values.probes.liveness.spec.periodSeconds }}
timeoutSeconds: {{ .Values.probes.liveness.spec.timeoutSeconds }}
failureThreshold: {{ .Values.probes.liveness.spec.failureThreshold }}
startupProbe:
httpGet:
path: /robots.txt
port: 8080
httpHeaders:
- name: Host
value: "test.fakedomain.dns"
initialDelaySeconds: {{ .Values.probes.startup.spec.initialDelaySeconds }}
periodSeconds: {{ .Values.probes.startup.spec.periodSeconds }}
timeoutSeconds: {{ .Values.probes.startup.spec.timeoutSeconds }}
failureThreshold: {{ .Values.probes.startup.spec.failureThreshold }}
{{- end -}}

19
stable/nextcloud/15.0.0/templates/common.yaml Normal file
View File

@ -0,0 +1,19 @@
{{/* Make sure all variables are set properly */}}
{{- include "tc.common.loader.init" . }}
{{/* Render configmap for nextcloud */}}
{{- include "nextcloud.configmap" . }}
{{- $newMiddlewares := append .Values.ingress.main.fixedMiddlewares "tc-nextcloud-chain" }}
{{- $_ := set .Values.ingress.main "fixedMiddlewares" $newMiddlewares -}}
{{- if .Values.hpb.enabled -}}
{{- $_ := set .Values.additionalContainers "hpb" (include "nextcloud.hpb" . | fromYaml) -}}
{{- end -}}
{{- $_ := set .Values.additionalContainers "nginx" (include "nextcloud.nginx" . | fromYaml) -}}
{{/* Render the templates */}}
{{ include "tc.common.loader.apply" . }}
{{/* Render cronjob for nextcloud */}}
{{- include "nextcloud.cronjob" . }}

0
stable/nextcloud/15.0.0/values.yaml Normal file
View File