diff --git a/stable/nextcloud/19.0.19/CHANGELOG.md b/stable/nextcloud/19.0.19/CHANGELOG.md new file mode 100644 index 00000000000..5cae8165067 --- /dev/null +++ b/stable/nextcloud/19.0.19/CHANGELOG.md @@ -0,0 +1,99 @@ +**Important:** +*for the complete changelog, please refer to the website* + + + + +## [nextcloud-19.0.19](https://github.com/truecharts/charts/compare/nextcloud-19.0.18...nextcloud-19.0.19) (2022-12-10) + + + + +## [nextcloud-19.0.18](https://github.com/truecharts/charts/compare/nextcloud-19.0.17...nextcloud-19.0.18) (2022-12-05) + +### Chore + +- update helm general non-major + + + + +## [nextcloud-19.0.17](https://github.com/truecharts/charts/compare/nextcloud-19.0.13...nextcloud-19.0.17) (2022-11-30) + +### Chore + +- update container image tccr.io/truecharts/nginx-unprivileged to 1.23.2 + + + + +## [nextcloud-19.0.17](https://github.com/truecharts/charts/compare/nextcloud-19.0.13...nextcloud-19.0.17) (2022-11-30) + +### Chore + +- update container image tccr.io/truecharts/nginx-unprivileged to 1.23.2 + + + + +## [nextcloud-19.0.17](https://github.com/truecharts/charts/compare/nextcloud-19.0.13...nextcloud-19.0.17) (2022-11-30) + +### Chore + +- update container image tccr.io/truecharts/nginx-unprivileged to 1.23.2 + + + + +## [nextcloud-19.0.17](https://github.com/truecharts/charts/compare/nextcloud-19.0.13...nextcloud-19.0.17) (2022-11-30) + +### Chore + +- update container image tccr.io/truecharts/nginx-unprivileged to 1.23.2 + + + + +## [nextcloud-19.0.17](https://github.com/truecharts/charts/compare/nextcloud-19.0.13...nextcloud-19.0.17) (2022-11-30) + +### Chore + +- update container image tccr.io/truecharts/nginx-unprivileged to 1.23.2 + + + + +## [nextcloud-19.0.17](https://github.com/truecharts/charts/compare/nextcloud-19.0.13...nextcloud-19.0.17) (2022-11-30) + +### Chore + +- update container image tccr.io/truecharts/nginx-unprivileged to 1.23.2 + + + + +## [nextcloud-19.0.17](https://github.com/truecharts/charts/compare/nextcloud-19.0.13...nextcloud-19.0.17) (2022-11-30) + +### Chore + +- update container image tccr.io/truecharts/nginx-unprivileged to 1.23.2 + + + + +## [nextcloud-19.0.17](https://github.com/truecharts/charts/compare/nextcloud-19.0.13...nextcloud-19.0.17) (2022-11-30) + +### Chore + +- update container image tccr.io/truecharts/nginx-unprivileged to 1.23.2 + + + + +## [nextcloud-19.0.17](https://github.com/truecharts/charts/compare/nextcloud-19.0.13...nextcloud-19.0.17) (2022-11-30) + +### Chore + +- update container image tccr.io/truecharts/nginx-unprivileged to 1.23.2 + + diff --git a/stable/nextcloud/19.0.19/Chart.yaml b/stable/nextcloud/19.0.19/Chart.yaml new file mode 100644 index 00000000000..44a321324e9 --- /dev/null +++ b/stable/nextcloud/19.0.19/Chart.yaml @@ -0,0 +1,45 @@ +apiVersion: v2 +appVersion: "25.0.1" +dependencies: + - name: common + repository: https://library-charts.truecharts.org + version: 11.0.4 + - condition: postgresql.enabled + name: postgresql + repository: https://charts.truecharts.org/ + version: 11.0.7 + - condition: collabora.enabled + name: collabora-online + repository: https://charts.truecharts.org/ + version: 14.0.5 + - condition: redis.enabled + name: redis + repository: https://charts.truecharts.org + version: 5.0.7 +deprecated: false +description: A private cloud server that puts the control and security of your own data back into your hands. +home: https://truecharts.org/docs/charts/stable/nextcloud +icon: https://truecharts.org/img/hotlink-ok/chart-icons/nextcloud.png +keywords: + - nextcloud + - storage + - http + - web + - php +kubeVersion: ">=1.16.0-0" +maintainers: + - email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: nextcloud +sources: + - https://github.com/truecharts/charts/tree/master/charts/stable/nextcloud + - https://github.com/nextcloud/docker + - https://github.com/nextcloud/helm +type: application +version: 19.0.19 +annotations: + truecharts.org/catagories: | + - cloud + truecharts.org/SCALE-support: "true" + truecharts.org/grade: U diff --git a/stable/nextcloud/19.0.19/README.md b/stable/nextcloud/19.0.19/README.md new file mode 100644 index 00000000000..a1e0fe3d8ab --- /dev/null +++ b/stable/nextcloud/19.0.19/README.md @@ -0,0 +1,110 @@ +# nextcloud + +A private cloud server that puts the control and security of your own data back into your hands. + +TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE. + +This readme is just an automatically generated general guide on installing our Helm Charts and Apps. +For more information, please click here: [nextcloud](https://truecharts.org/docs/charts/stable/nextcloud) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + +## Source Code + +* +* +* + +## Requirements + +Kubernetes: `>=1.16.0-0` + +## Dependencies + +| Repository | Name | Version | +|------------|------|---------| +| https://charts.truecharts.org/ | collabora-online | 12.1.73 | +| https://charts.truecharts.org/ | postgresql | 8.0.122 | +| https://charts.truecharts.org | redis | 3.0.121 | +| https://library-charts.truecharts.org | common | 10.9.4 | + +## Installing the Chart + +### TrueNAS SCALE + +To install this Chart on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/docs/manual/SCALE%20Apps/Installing-an-App). + +### Helm + +To install the chart with the release name `nextcloud` + +```console +helm repo add TrueCharts https://charts.truecharts.org +helm repo update +helm install nextcloud TrueCharts/nextcloud +``` + +## Uninstall + +### TrueNAS SCALE + +**Upgrading, Rolling Back and Uninstalling the Chart** + +To upgrade, rollback or delete this Chart from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/docs/manual/SCALE%20Apps/Upgrade-rollback-delete-an-App). + +### Helm + +To uninstall the `nextcloud` deployment + +```console +helm uninstall nextcloud +``` + +## Configuration + +### Helm + +#### Available Settings + +Read through the values.yaml file. It has several commented out suggested values. +Other values may be used from the [values.yaml](https://github.com/truecharts/library-charts/tree/main/charts/stable/common/values.yaml) from the [common library](https://github.com/truecharts/library-charts/tree/main/charts/common). + +#### Configure using the command line + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. + +```console +helm install nextcloud \ + --set env.TZ="America/New York" \ + TrueCharts/nextcloud +``` + +#### Configure using a yaml file + +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. + +```console +helm install nextcloud TrueCharts/nextcloud -f values.yaml +``` + +#### Connecting to other charts + +If you need to connect this Chart to other Charts on TrueNAS SCALE, please refer to our [Linking Charts Internally](https://truecharts.org/docs/manual/SCALE%20Apps/linking-apps) quick-start guide. + +## Support + +- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/docs/manual/SCALE%20Apps/Important-MUST-READ). +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/apps/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! + +--- + +All Rights Reserved - The TrueCharts Project diff --git a/stable/nextcloud/19.0.19/app-changelog.md b/stable/nextcloud/19.0.19/app-changelog.md new file mode 100644 index 00000000000..5f1046894ee --- /dev/null +++ b/stable/nextcloud/19.0.19/app-changelog.md @@ -0,0 +1,4 @@ + + +## [nextcloud-19.0.19](https://github.com/truecharts/charts/compare/nextcloud-19.0.18...nextcloud-19.0.19) (2022-12-10) + diff --git a/stable/nextcloud/19.0.19/app-readme.md b/stable/nextcloud/19.0.19/app-readme.md new file mode 100644 index 00000000000..47480dc3484 --- /dev/null +++ b/stable/nextcloud/19.0.19/app-readme.md @@ -0,0 +1,8 @@ +A private cloud server that puts the control and security of your own data back into your hands. + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/docs/charts/stable/nextcloud](https://truecharts.org/docs/charts/stable/nextcloud) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/docs/about/sponsor) or contributing back to the project any way you can! diff --git a/stable/nextcloud/19.0.19/charts/collabora-online-14.0.5.tgz b/stable/nextcloud/19.0.19/charts/collabora-online-14.0.5.tgz new file mode 100644 index 00000000000..2d4f1cc4d1d Binary files /dev/null and b/stable/nextcloud/19.0.19/charts/collabora-online-14.0.5.tgz differ diff --git a/stable/nextcloud/19.0.19/charts/common-11.0.4.tgz b/stable/nextcloud/19.0.19/charts/common-11.0.4.tgz new file mode 100644 index 00000000000..b33cde71968 Binary files /dev/null and b/stable/nextcloud/19.0.19/charts/common-11.0.4.tgz differ diff --git a/stable/nextcloud/19.0.19/charts/postgresql-11.0.7.tgz b/stable/nextcloud/19.0.19/charts/postgresql-11.0.7.tgz new file mode 100644 index 00000000000..01464b67947 Binary files /dev/null and b/stable/nextcloud/19.0.19/charts/postgresql-11.0.7.tgz differ diff --git a/stable/nextcloud/19.0.19/charts/redis-5.0.7.tgz b/stable/nextcloud/19.0.19/charts/redis-5.0.7.tgz new file mode 100644 index 00000000000..5a56fc10263 Binary files /dev/null and b/stable/nextcloud/19.0.19/charts/redis-5.0.7.tgz differ diff --git a/stable/nextcloud/19.0.19/ix_values.yaml b/stable/nextcloud/19.0.19/ix_values.yaml new file mode 100644 index 00000000000..cea4bb42bc3 --- /dev/null +++ b/stable/nextcloud/19.0.19/ix_values.yaml @@ -0,0 +1,457 @@ +image: + repository: tccr.io/truecharts/nextcloud-fpm + pullPolicy: IfNotPresent + tag: 25.0.1@sha256:ca63c7f7f096abe04c0d72265e16552655d61cad5a4d0e76a67d4748b702e221 + +nginxImage: + repository: tccr.io/truecharts/nginx-unprivileged + pullPolicy: IfNotPresent + tag: 1.23.2@sha256:dabc6ad902d747cef5f67cb5ad6ecd926991385bcfd8b2884836971da6a8a729 + +imaginaryImage: + repository: h2non/imaginary + pullPolicy: IfNotPresent + tag: 1.2.4@sha256:7facb4221047a5e79b9e902f380247f4e5bf4376400d0badbeb738d3e1c2f654 + +securityContext: + readOnlyRootFilesystem: false + runAsNonRoot: false + +podSecurityContext: + runAsUser: 0 + runAsGroup: 0 + fsGroup: 33 + +service: + main: + ports: + main: + port: 10020 + targetPort: 8080 + backend: + enabled: true + ports: + hpb: + enabled: true + port: 7867 + targetPort: 7867 + hpb-metrics: + enabled: true + port: 7868 + targetPort: 7868 + fpm: + enabled: true + port: 9000 + targetPort: 9000 + imaginary: + enabled: true + port: 9090 + targetPort: 9090 + +hostAliases: + - ip: '{{ .Values.env.AccessIP | default "127.0.0.1" }}' + hostnames: + - "{{ if .Values.ingress.main.enabled }}{{ with (first .Values.ingress.main.hosts) }}{{ .host }}{{ end }}{{ else }}placeholder.fakedomain.dns{{ end }}" + +secretEnv: + NEXTCLOUD_ADMIN_USER: "admin" + NEXTCLOUD_ADMIN_PASSWORD: "adminpass" + +probes: + liveness: + custom: true + spec: + initialDelaySeconds: 25 + httpGet: + path: /status.php + port: 8080 + httpHeaders: + - name: Host + value: "test.fakedomain.dns" + + readiness: + custom: true + spec: + initialDelaySeconds: 25 + httpGet: + path: /status.php + port: 8080 + httpHeaders: + - name: Host + value: "test.fakedomain.dns" + + startup: + custom: true + spec: + initialDelaySeconds: 25 + httpGet: + path: /status.php + port: 8080 + httpHeaders: + - name: Host + value: "test.fakedomain.dns" + +initContainers: + prestart: + image: '{{ include "tc.common.images.selector" . }}' + securityContext: + runAsUser: 0 + runAsGroup: 0 + privileged: true + command: + - "/bin/sh" + - "-c" + - | + /bin/bash <<'EOF' + echo "Forcing permissions on userdata folder..." + if nfs4xdr_getfacl && nfs4xdr_getfacl | grep -qv "Failed to get NFSv4 ACL"; then + echo "NFSv4 ACLs detected, Trying to override permissions using nfs4_setfacl..." + nfs4_setfacl -R -a A:g:33:RWX "/var/www/html/data" + else + echo "No NFSv4 ACLs detected, trying to override permissions using chown/chmod..." + echo "checking ownership..." + if [ $(stat -c %g .) -eq 33 ]; then + echo "Ownership already set to 33, skipping..." + else + echo "Changing ownership to group 33..." + chown -R :33 "/var/www/html/data" + fi + chmod 770 /var/www/html/data + fi + EOF + + volumeMounts: + - name: data + mountPath: "/var/www/html/data" + - name: html + mountPath: "/var/www/html" + +env: + # IP used for exposing nextcloud + # Often the service or nodePort IP + # Defaults to the main serviceName for CI purposes. + AccessIP: + NEXTCLOUD_INIT_HTACCESS: true + PHP_MEMORY_LIMIT: 1G + PHP_UPLOAD_LIMIT: 10G + NEXTCLOUD_CHUNKSIZE: "31457280" + TRUSTED_PROXIES: "172.16.0.0/16 127.0.0.1" + POSTGRES_DB: "{{ .Values.postgresql.postgresqlDatabase }}" + POSTGRES_USER: "{{ .Values.postgresql.postgresqlUsername }}" + NC_check_data_directory_permissions: "true" + POSTGRES_PASSWORD: + secretKeyRef: + name: dbcreds + key: postgresql-password + POSTGRES_HOST: + secretKeyRef: + name: dbcreds + key: plainporthost + REDIS_HOST: + secretKeyRef: + name: rediscreds + key: plainhost + REDIS_HOST_PASSWORD: + secretKeyRef: + name: rediscreds + key: redis-password + +envFrom: + - configMapRef: + name: nextcloudconfig + +persistence: + html: + enabled: true + mountPath: "/var/www/html" + data: + enabled: true + mountPath: "/var/www/html/data" + varrun: + enabled: true + cache: + enabled: true + type: emptyDir + mountPath: /var/cache/nginx + medium: Memory + nginx: + enabled: "true" + mountPath: "/etc/nginx" + noMount: true + readOnly: true + type: "custom" + volumeSpec: + configMap: + name: '{{ include "tc.common.names.fullname" . }}-nginx' + items: + - key: nginx.conf + path: nginx.conf + +configmap: + nginx: + enabled: true + data: + nginx.conf: |- + worker_processes auto; + + error_log /var/log/nginx/error.log warn; + pid /var/run/nginx.pid; + + + events { + worker_connections 1024; + } + + + http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + # Prevent nginx HTTP Server Detection + server_tokens off; + + keepalive_timeout 65; + + #gzip on; + + upstream php-handler { + server 127.0.0.1:9000; + } + + server { + listen 8080; + absolute_redirect off; + + # Forward Notify_Push "High Performance Backend" to it's own container + location ^~ /push/ { + proxy_pass http://127.0.0.1:7867/; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + # HSTS settings + # WARNING: Only add the preload option once you read about + # the consequences in https://hstspreload.org/. This option + # will add the domain to a hardcoded list that is shipped + # in all major browsers and getting removed from this list + # could take several months. + #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; + + # set max upload size + client_max_body_size {{ .Values.env.PHP_UPLOAD_LIMIT | default "512M" }}; + fastcgi_buffers 64 4K; + + # Enable gzip but do not remove ETag headers + gzip on; + gzip_vary on; + gzip_comp_level 4; + gzip_min_length 256; + gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; + gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + + # Pagespeed is not supported by Nextcloud, so if your server is built + # with the `ngx_pagespeed` module, uncomment this line to disable it. + #pagespeed off; + + # HTTP response headers borrowed from Nextcloud `.htaccess` + add_header Referrer-Policy "no-referrer" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Download-Options "noopen" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "none" always; + add_header X-XSS-Protection "1; mode=block" always; + + # Remove X-Powered-By, which is an information leak + fastcgi_hide_header X-Powered-By; + + # Path to the root of your installation + root /var/www/html; + + # Specify how to handle directories -- specifying `/index.php$request_uri` + # here as the fallback means that Nginx always exhibits the desired behaviour + # when a client requests a path that corresponds to a directory that exists + # on the server. In particular, if that directory contains an index.php file, + # that file is correctly served; if it doesn't, then the request is passed to + # the front-end controller. This consistent behaviour means that we don't need + # to specify custom rules for certain paths (e.g. images and other assets, + # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus + # `try_files $uri $uri/ /index.php$request_uri` + # always provides the desired behaviour. + index index.php index.html /index.php$request_uri; + + # Rule borrowed from `.htaccess` to handle Microsoft DAV clients + location = / { + if ( $http_user_agent ~ ^DavClnt ) { + return 302 /remote.php/webdav/$is_args$args; + } + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Make a regex exception for `/.well-known` so that clients can still + # access it despite the existence of the regex rule + # `location ~ /(\.|autotest|...)` which would otherwise handle requests + # for `/.well-known`. + location ^~ /.well-known { + # The rules in this block are an adaptation of the rules + # in `.htaccess` that concern `/.well-known`. + + location = /.well-known/carddav { return 301 /remote.php/dav/; } + location = /.well-known/caldav { return 301 /remote.php/dav/; } + + # according to the documentation these two lines are not necessary, but some users are still recieving errors + location = /.well-known/webfinger { return 301 /index.php$uri; } + location = /.well-known/nodeinfo { return 301 /index.php$uri; } + + location /.well-known/acme-challenge { try_files $uri $uri/ =404; } + location /.well-known/pki-validation { try_files $uri $uri/ =404; } + + # Let Nextcloud's API for `/.well-known` URIs handle all other + # requests by passing them to the front-end controller. + return 301 /index.php$request_uri; + } + + # Rules borrowed from `.htaccess` to hide certain paths from clients + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; } + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } + + # Ensure this block, which passes PHP files to the PHP process, is above the blocks + # which handle static assets (as seen below). If this block is not declared first, + # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php` + # to the URI, resulting in a HTTP 500 error response. + location ~ \.php(?:$|/) { + # Required for legacy support + rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; + + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + set $path_info $fastcgi_path_info; + + try_files $fastcgi_script_name =404; + + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $path_info; + #fastcgi_param HTTPS on; + + fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice + fastcgi_param front_controller_active true; # Enable pretty urls + fastcgi_pass php-handler; + + fastcgi_intercept_errors on; + fastcgi_request_buffering off; + + proxy_send_timeout 300s; + proxy_read_timeout 300s; + fastcgi_send_timeout 300s; + fastcgi_read_timeout 300s; + } + + location ~ \.(?:css|js|svg|gif)$ { + try_files $uri /index.php$request_uri; + expires 6M; # Cache-Control policy borrowed from `.htaccess` + access_log off; # Optional: Don't log access to assets + } + + location ~ \.woff2?$ { + try_files $uri /index.php$request_uri; + expires 7d; # Cache-Control policy borrowed from `.htaccess` + access_log off; # Optional: Don't log access to assets + } + + # Rule borrowed from `.htaccess` + location /remote { + return 301 /remote.php$request_uri; + } + + location / { + try_files $uri $uri/ /index.php$request_uri; + } + } + } + +cronjob: + enabled: true + generatePreviews: true + schedule: "*/5 * * * *" + annotations: {} + failedJobsHistoryLimit: 5 + successfulJobsHistoryLimit: 2 + +hpb: + enabled: true + +nextcloud: + # https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements + default_phone_region: "" + +imaginary: + enabled: true + preview_max_x: 2048 + preview_max_y: 2048 + preview_max_memory: 512 + preview_max_filesize_image: 150 + preview_png: true + preview_jpeg: true + preview_gif: true + preview_bmp: true + preview_xbitmap: true + preview_mp3: true + preview_markdown: true + preview_opendoc: true + preview_txt: true + preview_krita: true + preview_illustrator: false + preview_heic: false + preview_movie: false + preview_msoffice2003: false + preview_msoffice2007: false + preview_msofficedoc: false + preview_pdf: false + preview_photoshop: false + preview_postscript: false + preview_staroffice: false + preview_svg: false + preview_tiff: false + preview_font: false + +collabora: + enabled: false + env: + aliasgroup1: + configMapRef: + name: nextcloudconfig + key: aliasgroup1 + dictionaries: "de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru" + extra_params: "--o:welcome.enable=false --o:logging.level=information --o:user_interface.mode=notebookbar --o:ssl.termination=true --o:ssl.enable=false " + server_name: "" + DONT_GEN_SSL_CERT: true + +postgresql: + enabled: true + existingSecret: "dbcreds" + postgresqlUsername: nextcloud + postgresqlDatabase: nextcloud + +redis: + enabled: true + existingSecret: "rediscreds" + +portal: + enabled: true diff --git a/stable/nextcloud/19.0.19/questions.yaml b/stable/nextcloud/19.0.19/questions.yaml new file mode 100644 index 00000000000..20d13ccdfa9 --- /dev/null +++ b/stable/nextcloud/19.0.19/questions.yaml @@ -0,0 +1,2118 @@ +groups: + - name: Container Image + description: Image to be used for container + - name: General Settings + description: General Deployment Settings + - name: App Configuration + description: App Specific Config Options + - name: Networking and Services + description: Configure Network and Services for Container + - name: Storage and Persistence + description: Persist and Share Data that is Separate from the Container + - name: Ingress + description: Ingress Configuration + - name: Security and Permissions + description: Configure Security Context and Permissions + - name: Resources and Devices + description: "Specify Resources/Devices to be Allocated to Workload" + - name: Middlewares + description: Traefik Middlewares + - name: Metrics + description: Metrics + - name: VPN + description: VPN + - name: Addons + description: Addon Configuration + - name: Advanced + description: Advanced Configuration + - name: Documentation + description: Documentation +portals: + open: + protocols: + - "$kubernetes-resource_configmap_portal_protocol" + host: + - "$kubernetes-resource_configmap_portal_host" + ports: + - "$kubernetes-resource_configmap_portal_port" +questions: + - variable: global + label: Global Settings + group: "General Settings" + schema: + type: dict + hidden: true + attrs: + - variable: isSCALE + label: Flag this is SCALE + schema: + type: boolean + default: true + hidden: true + - variable: controller + group: "General Settings" + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: replicas + description: Number of desired pod replicas + label: Desired Replicas + schema: + type: int + required: true + default: 1 + - variable: customextraargs + group: "General Settings" + label: "Extra Args" + description: "Do not click this unless you know what you are doing" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: extraArgs + label: Extra Args + schema: + type: list + default: [] + items: + - variable: arg + label: Arg + schema: + type: string + - variable: secretEnv + group: "App Configuration" + label: "Image Secrets" + schema: + additional_attrs: true + type: dict + attrs: + - variable: NEXTCLOUD_ADMIN_USER + label: "NEXTCLOUD_ADMIN_USER (First Install Only)" + description: "Sets the initial nextcloud's admin username, changing this variable after first launch will NOT change admin's username" + schema: + type: string + required: true + default: "REPLACETHIS" + - variable: NEXTCLOUD_ADMIN_PASSWORD + label: "NEXTCLOUD_ADMIN_PASSWORD (First Install Only)" + description: "Sets the initial nextcloud's admin password, changing this variable after first launch will NOT change admin's password" + schema: + type: string + private: true + required: true + default: "REPLACETHIS" + - variable: env + group: "App Configuration" + label: "Image Environment" + schema: + additional_attrs: true + type: dict + attrs: + - variable: TRUSTED_PROXIES + label: "Trusted Proxies (Advanced)" + description: "Sets nextcloud Trusted Proxies" + schema: + type: string + default: "172.16.0.0/16 127.0.0.1" + - variable: PHP_MEMORY_LIMIT + label: "PHP_MEMORY_LIMIT" + description: "Sets php memory_limit setting" + schema: + type: string + default: "1G" + - variable: PHP_UPLOAD_LIMIT + label: "PHP_UPLOAD_LIMIT" + description: "Sets php upload_max_filesize and post_max_size settings" + schema: + type: string + default: "10G" + - variable: AccessIP + label: "Access IP" + description: "Set to the IP-Address used to reach Nextcloud. Most often the Service or NodePort IP (Ensure this is correct!)" + schema: + type: string + required: true + $ref: + - "definitions/nodeIP" + - variable: nextcloud + group: "App Configuration" + label: "Nextcloud Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: default_phone_region + label: "Default Phone Region" + description: "Sets the default phone region in ISO_3166-1 format (e.g. US). https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements" + schema: + type: string + valid_chars: '^[A-Z]{2}$' + default: "US" + - variable: imaginary + group: "App Configuration" + label: "Preview Generation Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: preview_max_x + label: "Preview Max X" + description: "The maximum width, in pixels, of a preview." + schema: + type: int + required: true + default: 2048 + - variable: preview_max_y + label: "Preview Max Y" + description: "The maximum height, in pixels, of a preview." + schema: + type: int + required: true + default: 2048 + - variable: preview_max_memory + label: "Preview Max Memory" + description: "Max memory in MB for generating image previews." + schema: + type: int + required: true + default: 512 + - variable: preview_max_filesize_image + label: "Preview Max Filesize Image" + description: "Max file size in MB for generating image previews." + schema: + type: int + required: true + default: 150 + - variable: preview_png + label: "Generate previews for PNG" + schema: + type: boolean + default: true + - variable: preview_jpeg + label: "Generate previews for JPEG " + schema: + type: boolean + default: true + - variable: preview_gif + label: "Generate previews for GIF" + schema: + type: boolean + default: true + - variable: preview_bmp + label: "Generate previews for BMP" + schema: + type: boolean + default: true + - variable: preview_xbitmap + label: "Generate previews for XBitmap" + schema: + type: boolean + default: true + - variable: preview_mp3 + label: "Generate previews for MP3" + schema: + type: boolean + default: true + - variable: preview_markdown + label: "Generate previews for MarkDown" + schema: + type: boolean + default: true + - variable: preview_opendoc + label: "Generate previews for OpenDocument" + schema: + type: boolean + default: true + - variable: preview_txt + label: "Generate previews for TXT" + schema: + type: boolean + default: true + - variable: preview_krita + label: "Generate previews for Krita" + schema: + type: boolean + default: true + - variable: preview_illustrator + label: "Generate previews for Illustrator" + schema: + type: boolean + default: false + - variable: preview_heic + label: "Generate previews for HEIC" + schema: + type: boolean + default: false + - variable: preview_movie + label: "Generate previews for Movie" + schema: + type: boolean + default: false + - variable: preview_msoffice2003 + label: "Generate previews for MSOffice2003" + schema: + type: boolean + default: false + - variable: preview_msoffice2007 + label: "Generate previews for MSOffice2007" + schema: + type: boolean + default: false + - variable: preview_msofficedoc + label: "Generate previews for MSOfficeDoc" + schema: + type: boolean + default: false + - variable: preview_pdf + label: "Generate previews for PDF" + schema: + type: boolean + default: false + - variable: preview_photoshop + label: "Generate previews for Photoshop" + schema: + type: boolean + default: false + - variable: preview_postscript + label: "Generate previews for Postscript" + schema: + type: boolean + default: false + - variable: preview_staroffice + label: "Generate previews for StarOffice" + schema: + type: boolean + default: false + - variable: preview_svg + label: "Generate previews for SVG" + schema: + type: boolean + default: false + - variable: preview_tiff + label: "Generate previews for TIFF" + schema: + type: boolean + default: false + - variable: preview_font + label: "Generate previews for Font" + schema: + type: boolean + default: false + - variable: TZ + label: Timezone + group: "General Settings" + schema: + type: string + default: "Etc/UTC" + $ref: + - "definitions/timezone" + - variable: envList + label: Extra Environment Variables + description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..." + group: "General Settings" + schema: + type: list + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: service + group: Networking and Services + label: Configure Service(s) + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service" + description: "The Primary service on which the healthcheck runs, often the webUI" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service Port Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + default: 10020 + required: true + - variable: serviceexpert + group: Networking and Services + label: Show Expert Config + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostNetwork + group: Networking and Services + label: Host-Networking (Complicated) + schema: + type: boolean + default: false + - variable: externalInterfaces + description: Add External Interfaces + label: Add external Interfaces + group: Networking + schema: + type: list + items: + - variable: interfaceConfiguration + description: Interface Configuration + label: Interface Configuration + schema: + type: dict + $ref: + - "normalize/interfaceConfiguration" + attrs: + - variable: hostInterface + description: Please Specify Host Interface + label: Host Interface + schema: + type: string + required: true + $ref: + - "definitions/interface" + - variable: ipam + description: Define how IP Address will be managed + label: IP Address Management + schema: + type: dict + required: true + attrs: + - variable: type + description: Specify type for IPAM + label: IPAM Type + schema: + type: string + required: true + enum: + - value: dhcp + description: Use DHCP + - value: static + description: Use Static IP + show_subquestions_if: static + subquestions: + - variable: staticIPConfigurations + label: Static IP Addresses + schema: + type: list + items: + - variable: staticIP + label: Static IP + schema: + type: ipaddr + cidr: true + - variable: staticRoutes + label: Static Routes + schema: + type: list + items: + - variable: staticRouteConfiguration + label: Static Route Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: destination + label: Destination + schema: + type: ipaddr + cidr: true + required: true + - variable: gateway + label: Gateway + schema: + type: ipaddr + cidr: false + required: true + - variable: serviceList + label: Add Manual Custom Services + group: Networking and Services + schema: + type: list + default: [] + items: + - variable: serviceListEntry + label: Custom Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the service + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: (Advanced) The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: portsList + label: Additional Service Ports + schema: + type: list + default: [] + items: + - variable: portsListEntry + label: Custom ports + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Port + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Port Name + schema: + type: string + default: "" + - variable: protocol + label: Port Type + schema: + type: string + default: TCP + enum: + - value: HTTP + description: HTTP + - value: HTTPS + description: HTTPS + - value: TCP + description: TCP + - value: UDP + description: UDP + - variable: targetPort + label: Target Port + description: This port exposes the container port on the service + schema: + type: int + required: true + - variable: port + label: Container Port + schema: + type: int + required: true + - variable: persistence + label: Integrated Persistent Storage + description: Integrated Persistent Storage + group: Storage and Persistence + schema: + additional_attrs: true + type: dict + attrs: + - variable: html + label: "App html Storage" + description: "Stores the Application html." + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: pvc + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: setPermissions + label: Automatic Permissions + description: Automatically set permissions on install + schema: + show_if: [["type", "=", "hostPath"]] + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size quotum of Storage (Do NOT REDUCE after installation) + description: This value can ONLY be INCREASED after the installation + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: data + label: "UserData Storage" + description: "Stores the User Data." + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: pvc + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: setPermissions + label: Automatic Permissions + description: Automatically set permissions on install + schema: + show_if: [["type", "=", "hostPath"]] + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size quotum of Storage (Do NOT REDUCE after installation) + description: This value can ONLY be INCREASED after the installation + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: persistenceList + label: Additional App Storage + group: Storage and Persistence + schema: + type: list + default: [] + items: + - variable: persistenceListEntry + label: Custom Storage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the storage + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: hostPath + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: setPermissions + label: Automatic Permissions + description: Automatically set permissions on install + schema: + show_if: [["type", "=", "hostPath"]] + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: mountPath + label: Mount Path + description: Path inside the container the storage is mounted + schema: + type: string + default: "" + required: true + valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$' + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size Quotum of Storage + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: ingress + label: "" + group: Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: tls + label: TLS-Settings + schema: + type: list + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: scaleCert + label: Select TrueNAS SCALE Certificate + schema: + type: int + $ref: + - "definitions/certificate" + - variable: entrypoint + label: (Advanced) Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + required: true + - variable: ingressClassName + label: (Advanced/Optional) IngressClass Name + schema: + type: string + default: "" + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: ingressList + label: Add Manual Custom Ingresses + group: Ingress + schema: + type: list + default: [] + items: + - variable: ingressListEntry + label: Custom Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: ingressClassName + label: IngressClass Name + schema: + type: string + default: "" + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: service + label: Linked Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Service Name + schema: + type: string + default: "" + - variable: port + label: Service Port + schema: + type: int + - variable: tls + label: TLS-Settings + schema: + type: list + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: scaleCert + label: Select TrueNAS SCALE Certificate + schema: + type: int + $ref: + - "definitions/certificate" + - variable: entrypoint + label: Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + required: true + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: security + label: Container Security Settings + group: Security and Permissions + schema: + type: dict + additional_attrs: true + attrs: + - variable: editsecurity + label: Change PUID / UMASK values + description: By enabling this you override default set values. + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: PUID + label: Process User ID - PUID + description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps + schema: + type: int + default: 568 + - variable: UMASK + label: UMASK + description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps + schema: + type: string + default: "002" + - variable: advancedSecurity + label: Show Advanced Security Settings + group: Security and Permissions + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: securityContext + label: Security Context + schema: + additional_attrs: true + type: dict + attrs: + - variable: privileged + label: "Privileged mode" + schema: + type: boolean + default: false + - variable: readOnlyRootFilesystem + label: "ReadOnly Root Filesystem" + schema: + type: boolean + default: false + - variable: allowPrivilegeEscalation + label: "Allow Privilege Escalation" + schema: + type: boolean + default: false + - variable: runAsNonRoot + label: "runAsNonRoot" + schema: + type: boolean + default: false + - variable: podSecurityContext + group: Security and Permissions + label: Pod Security Context + schema: + additional_attrs: true + type: dict + attrs: + - variable: runAsUser + label: "runAsUser" + description: "The UserID of the user running the application" + schema: + type: int + default: 0 + - variable: runAsGroup + label: "runAsGroup" + description: "The groupID this App of the user running the application" + schema: + type: int + default: 0 + - variable: fsGroup + label: "fsGroup" + description: "The group that should own ALL storage." + schema: + type: int + default: 33 + - variable: fsGroupChangePolicy + label: "When should we take ownership?" + schema: + type: string + default: OnRootMismatch + enum: + - value: OnRootMismatch + description: OnRootMismatch + - value: Always + description: Always + - variable: supplementalGroups + label: Supplemental Groups + schema: + type: list + default: [] + items: + - variable: supplementalGroupsEntry + label: Supplemental Group + schema: + type: int + - variable: resources + group: Resources and Devices + label: "Resource Limits" + schema: + additional_attrs: true + type: dict + attrs: + - variable: limits + label: Advanced Limit Resource Consumption + schema: + additional_attrs: true + type: dict + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" + schema: + type: string + default: 4000m + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: RAM + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" + schema: + type: string + default: 8Gi + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: requests + label: "Minimum Resources Required (request)" + schema: + additional_attrs: true + type: dict + hidden: true + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" + schema: + type: string + default: 10m + hidden: true + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: "RAM" + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" + schema: + type: string + default: 50Mi + hidden: true + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: deviceList + label: Mount USB Devices + group: Resources and Devices + schema: + type: list + default: [] + items: + - variable: deviceListEntry + label: Device + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Storage + schema: + type: boolean + default: true + - variable: type + label: (Advanced) Type of Storage + description: Sets the persistence type + schema: + type: string + default: hostPath + hidden: true + - variable: readOnly + label: readOnly + schema: + type: boolean + default: false + - variable: hostPath + label: Host Device Path + description: Path to the device on the host system + schema: + type: path + - variable: mountPath + label: Container Device Path + description: Path inside the container the device is mounted + schema: + type: string + default: "/dev/ttyACM0" + # Specify GPU configuration + - variable: scaleGPU + label: GPU Configuration + group: Resources and Devices + schema: + type: dict + $ref: + - "definitions/gpuConfiguration" + attrs: [] + - variable: horizontalPodAutoscaler + group: Advanced + label: (Advanced) Horizontal Pod Autoscaler + schema: + type: list + default: [] + items: + - variable: hpaEntry + label: HPA Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: target + label: Target + description: Deployment name, Defaults to Main Deployment + schema: + type: string + default: "" + - variable: minReplicas + label: Minimum Replicas + schema: + type: int + default: 1 + - variable: maxReplicas + label: Maximum Replicas + schema: + type: int + default: 5 + - variable: targetCPUUtilizationPercentage + label: Target CPU Utilization Percentage + schema: + type: int + default: 80 + - variable: targetMemoryUtilizationPercentage + label: Target Memory Utilization Percentage + schema: + type: int + default: 80 + - variable: networkPolicy + group: Advanced + label: (Advanced) Network Policy + schema: + type: list + default: [] + items: + - variable: netPolicyEntry + label: Network Policy Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: policyType + label: Policy Type + schema: + type: string + default: "" + enum: + - value: "" + description: Default + - value: ingress + description: Ingress + - value: egress + description: Egress + - value: ingress-egress + description: Ingress and Egress + - variable: egress + label: Egress + schema: + type: list + default: [] + items: + - variable: egressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: to + label: To + schema: + type: list + default: [] + items: + - variable: toEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: ingress + label: Ingress + schema: + type: list + default: [] + items: + - variable: ingressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: from + label: From + schema: + type: list + default: [] + items: + - variable: fromEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: addons + group: Addons + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: Codeserver + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: git + label: Git Settings + schema: + additional_attrs: true + type: dict + attrs: + - variable: deployKey + description: Raw SSH Private Key + label: Deploy Key + schema: + type: string + - variable: deployKeyBase64 + description: Base64-encoded SSH private key. When both variables are set, the raw SSH key takes precedence + label: Deploy Key Base64 + schema: + type: string + - variable: service + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: NodePort + description: Deprecated CHANGE THIS + - value: ClusterIP + description: ClusterIP + - value: LoadBalancer + description: LoadBalancer + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: (Advanced) The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: ports + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + default: 36107 + - variable: nodePort + description: Leave Empty to Disable + label: nodePort DEPRECATED + schema: + type: int + default: 36107 + - variable: envList + label: Codeserver Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: vpn + label: VPN + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type + schema: + type: string + default: disabled + enum: + - value: disabled + description: disabled + - value: openvpn + description: OpenVPN + - value: wireguard + description: Wireguard + - value: tailscale + description: Tailscale + - variable: openvpn + label: OpenVPN Settings + schema: + type: dict + show_if: [["type", "=", "openvpn"]] + attrs: + - variable: username + label: Authentication Username (Optional) + description: Authentication Username, Optional + schema: + type: string + default: "" + - variable: password + label: Authentication Password + description: Authentication Credentials + schema: + type: string + default: "" + required: true + - variable: tailscale + label: Tailscale Settings + schema: + type: dict + show_if: [["type", "=", "tailscale"]] + attrs: + - variable: authkey + label: Authentication Key + description: Provide an auth key to automatically authenticate the node as your user account. + schema: + type: string + private: true + default: "" + - variable: auth_once + label: Auth Once + description: Only attempt to log in if not already logged in. + schema: + type: boolean + default: true + - variable: accept_dns + label: Accept DNS + description: Accept DNS configuration from the admin console. + schema: + type: boolean + default: false + - variable: userspace + label: Userspace + description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device. + schema: + type: boolean + default: false + - variable: routes + label: Routes + description: Expose physical subnet routes to your entire Tailscale network. + schema: + type: string + default: "" + - variable: dest_ip + label: Destination IP + description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched. + schema: + type: string + default: "" + - variable: sock5_server + label: Sock5 Server + description: The address on which to listen for SOCKS5 proxying into the tailscale net. + schema: + type: string + default: "" + - variable: outbound_http_proxy_listen + label: Outbound HTTP Proxy Listen + description: The address on which to listen for HTTP proxying into the tailscale net. + schema: + type: string + default: "" + - variable: extra_args + label: Extra Args + description: Extra Args + schema: + type: string + default: "" + - variable: daemon_extra_args + label: Tailscale Daemon Extra Args + description: Tailscale Daemon Extra Args + schema: + type: string + default: "" + - variable: killSwitch + label: Enable Killswitch + schema: + type: boolean + show_if: [["type", "!=", "disabled"]] + default: true + - variable: excludedNetworks_IPv4 + label: Killswitch Excluded IPv4 networks + description: List of Killswitch Excluded IPv4 Addresses + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv4 + label: IPv4 Network + schema: + type: string + required: true + - variable: excludedNetworks_IPv6 + label: Killswitch Excluded IPv6 networks + description: "List of Killswitch Excluded IPv6 Addresses" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv6 + label: IPv6 Network + schema: + type: string + required: true + - variable: configFile + label: VPN Config File Location + schema: + type: dict + show_if: [["type", "!=", "disabled"]] + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Type + schema: + type: string + default: hostPath + hidden: true + - variable: hostPathType + label: hostPathType + schema: + type: string + default: File + hidden: true + - variable: noMount + label: noMount + schema: + type: boolean + default: true + hidden: true + - variable: hostPath + label: Full Path to File + description: "Path to your local VPN config file for example: /mnt/tank/vpn.conf or /mnt/tank/vpn.ovpn" + schema: + type: string + default: "" + - variable: envList + label: VPN Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: docs + group: Documentation + label: Please read the documentation at https://truecharts.org + description: Please read the documentation at +
https://truecharts.org + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDocs + label: I have checked the documentation + schema: + type: boolean + default: true + - variable: donateNag + group: Documentation + label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor + description: Please consider supporting TrueCharts, see +
https://truecharts.org/sponsor + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDonate + label: I have considered donating + schema: + type: boolean + default: true + hidden: true diff --git a/stable/nextcloud/19.0.19/templates/_configmap.tpl b/stable/nextcloud/19.0.19/templates/_configmap.tpl new file mode 100644 index 00000000000..abe500d31e8 --- /dev/null +++ b/stable/nextcloud/19.0.19/templates/_configmap.tpl @@ -0,0 +1,36 @@ +{{/* Define the configmap */}} +{{- define "nextcloud.configmap" -}} + +{{- $hosts := "" }} +{{- if .Values.ingress.main.enabled }} +{{- range .Values.ingress }} +{{- range $index, $host := .hosts }} + {{- if $index }} + {{ $hosts = ( printf "%v %v" $hosts $host.host ) }} + {{- else }} + {{ $hosts = ( printf "%s" $host.host ) }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} + + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: nextcloudconfig +data: + {{- $aliasgroup1 := ( printf "http://%s" ( .Values.env.AccessIP | default ( printf "%v-%v" .Release.Name "nextcloud" ) ) ) }} + {{- if .Values.ingress.main.enabled }} + {{- with (first .Values.ingress.main.hosts) }} + {{- $aliasgroup1 = ( printf "https://%s" .host ) }} + {{- end }} + {{- end }} + aliasgroup1: {{ $aliasgroup1 }} + NEXTCLOUD_TRUSTED_DOMAINS: {{ ( printf "%v %v %v %v %v %v %v %v" "test.fakedomain.dns" "localhost" "127.0.0.1" ( printf "%v:%v" "127.0.0.1" .Values.service.main.ports.main.port ) ( .Values.env.AccessIP | default "localhost" ) ( printf "%v-%v" .Release.Name "nextcloud" ) ( printf "%v-%v" .Release.Name "nextcloud-backend" ) $hosts ) | quote }} + {{- if .Values.ingress.main.enabled }} + APACHE_DISABLE_REWRITE_IP: "1" + {{- end }} + +{{- end -}} diff --git a/stable/nextcloud/19.0.19/templates/_cronjob.tpl b/stable/nextcloud/19.0.19/templates/_cronjob.tpl new file mode 100644 index 00000000000..302f3b83aae --- /dev/null +++ b/stable/nextcloud/19.0.19/templates/_cronjob.tpl @@ -0,0 +1,64 @@ +{{/* Define the cronjob */}} +{{- define "nextcloud.cronjob" -}} +{{- if .Values.cronjob.enabled -}} +{{- $jobName := include "tc.common.names.fullname" . }} + +--- +apiVersion: batch/v1 +kind: CronJob +metadata: + name: {{ printf "%s-cronjob" $jobName }} + labels: + {{- include "tc.common.labels" . | nindent 4 }} +spec: + schedule: "{{ .Values.cronjob.schedule }}" + concurrencyPolicy: Forbid + {{- with .Values.cronjob.failedJobsHistoryLimit }} + failedJobsHistoryLimit: {{ . }} + {{- end }} + {{- with .Values.cronjob.successfulJobsHistoryLimit }} + successfulJobsHistoryLimit: {{ . }} + {{- end }} + jobTemplate: + metadata: + spec: + template: + metadata: + spec: + restartPolicy: Never + {{- with (include "tc.common.controller.volumes" . | trim) }} + volumes: + {{- nindent 12 . }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: '{{ include "tc.common.images.selector" . }}' + imagePullPolicy: {{ default .Values.image.pullPolicy }} + command: + - "/bin/sh" + - "-c" + - | + /bin/bash <<'EOF' + echo "running nextcloud cronjob..." + php -f /var/www/html/cron.php + echo "cronjob finished" + {{- if .Values.cronjob.generatePreviews }} + echo "Pre-generating Previews..." + php /var/www/html/occ preview:pre-generate + echo "Previews generated." + {{- end }} + EOF + # Will mount configuration files as www-data (id: 33) by default for nextcloud + {{- with (include "tc.common.controller.volumeMounts" . | trim) }} + volumeMounts: + {{ nindent 16 . }} + {{- end }} + securityContext: + runAsUser: 33 + runAsGroup: 33 + readOnlyRootFilesystem: true + runAsNonRoot: true + resources: +{{ toYaml .Values.resources | indent 16 }} +{{- end -}} +{{- end -}} diff --git a/stable/nextcloud/19.0.19/templates/_hpb.tpl b/stable/nextcloud/19.0.19/templates/_hpb.tpl new file mode 100644 index 00000000000..fb1bcbf6912 --- /dev/null +++ b/stable/nextcloud/19.0.19/templates/_hpb.tpl @@ -0,0 +1,167 @@ +{{/* Define the hbp container */}} +{{- define "nextcloud.hpb" -}} +{{- $jobName := include "tc.common.names.fullname" . }} +image: '{{ include "tc.common.images.selector" . }}' +imagePullPolicy: '{{ .Values.image.pullPolicy }}' +securityContext: + runAsUser: 33 + runAsGroup: 33 + readOnlyRootFilesystem: true + runAsNonRoot: true +{{- with (include "tc.common.controller.volumeMounts" . | trim) }} +volumeMounts: + {{ nindent 2 . }} +{{- end }} +ports: + - containerPort: 7867 +readinessProbe: + httpGet: + path: /push/test/cookie + port: 7867 + httpHeaders: + - name: Host + value: "test.fakedomain.dns" + initialDelaySeconds: {{ .Values.probes.readiness.spec.initialDelaySeconds }} + periodSeconds: {{ .Values.probes.readiness.spec.periodSeconds }} + timeoutSeconds: {{ .Values.probes.readiness.spec.timeoutSeconds }} + failureThreshold: {{ .Values.probes.readiness.spec.failureThreshold }} +livenessProbe: + httpGet: + path: /push/test/cookie + port: 7867 + httpHeaders: + - name: Host + value: "test.fakedomain.dns" + initialDelaySeconds: {{ .Values.probes.liveness.spec.initialDelaySeconds }} + periodSeconds: {{ .Values.probes.liveness.spec.periodSeconds }} + timeoutSeconds: {{ .Values.probes.liveness.spec.timeoutSeconds }} + failureThreshold: {{ .Values.probes.liveness.spec.failureThreshold }} +startupProbe: + httpGet: + path: /push/test/cookie + port: 7867 + httpHeaders: + - name: Host + value: "test.fakedomain.dns" + initialDelaySeconds: {{ .Values.probes.startup.spec.initialDelaySeconds }} + periodSeconds: {{ .Values.probes.startup.spec.periodSeconds }} + timeoutSeconds: {{ .Values.probes.startup.spec.timeoutSeconds }} + failureThreshold: {{ .Values.probes.startup.spec.failureThreshold }} +command: + - "/bin/sh" + - "-c" + - | + /bin/bash <<'EOF' + set -m + echo "Waiting for notify_push file to be available..." + until [ -f /var/www/html/custom_apps/notify_push/bin/x86_64/notify_push ] + do + sleep 10 + echo "Notify_push app not found... waiting..." + done + echo "Waiting for Nextcloud to start..." + until $(curl --output /dev/null --silent --head --fail -H "Host: test.fakedomain.dns" http://127.0.0.1:8080/status.php); do + echo "Nextcloud not responding... waiting..." + sleep 10 + done + until $(curl --silent --fail -H "Host: test.fakedomain.dns" http://127.0.0.1:8080/status.php | jq --raw-output '.installed' | grep "true"); do + echo "Nextcloud not installed... waiting..." + sleep 10 + done + echo "Nextcloud instance with Notify_push found... Launching High Performance Backend..." + /var/www/html/custom_apps/notify_push/bin/x86_64/notify_push /var/www/html/config/config.php & + + {{- $accessurl := ( printf "http://%v:%v" ( .Values.env.AccessIP | default ( printf "%v-%v" .Release.Name "nextcloud" ) ) .Values.service.main.ports.main.port ) }} + {{- if .Values.ingress.main.enabled }} + {{- with (first .Values.ingress.main.hosts) }} + {{- $accessurl = ( printf "https://%s" .host ) }} + {{- end }} + {{- end }} + + echo "Configuring CLI url..." + php /var/www/html/occ config:system:set overwrite.cli.url --value='{{ $accessurl }}/' + + echo "Executing standard nextcloud version migration scripts to ensure they are actually ran..." + php /var/www/html/occ db:add-missing-indices + + {{- if .Values.imaginary.enabled }} + echo "Imaginary High Performance Previews enabled, enabling it on Nextcloud..." + php /var/www/html/occ config:system:set preview_imaginary_url --value='http://127.0.0.1:9090' + php /var/www/html/occ config:system:set preview_max_x --value='{{ .Values.imaginary.preview_max_x }}' + php /var/www/html/occ config:system:set preview_max_y --value='{{ .Values.imaginary.preview_max_y }}' + php /var/www/html/occ config:system:set preview_max_memory --value='{{ .Values.imaginary.preview_max_memory }}' + php /var/www/html/occ config:system:set preview_max_filesize_image --value='{{ .Values.imaginary.preview_max_filesize_image }}' + # Remove all preview providers and re-add only selected + php /var/www/html/occ config:system:delete enabledPreviewProviders + # Add imaginary always + {{ $c := 0 }} # Initialize counter + php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\Imaginary'{{ $c = add1 $c }} + {{ if .Values.imaginary.preview_png }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\PNG'{{ $c = add1 $c }}{{ end }} + {{ if .Values.imaginary.preview_jpeg }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\JPEG'{{ $c = add1 $c }}{{ end }} + {{ if .Values.imaginary.preview_gif }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\GIF'{{ $c = add1 $c }}{{ end }} + {{ if .Values.imaginary.preview_bmp }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\BMP'{{ $c = add1 $c }}{{ end }} + {{ if .Values.imaginary.preview_xbitmap }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\XBitmap'{{ $c = add1 $c }}{{ end }} + {{ if .Values.imaginary.preview_mp3 }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\MP3'{{ $c = add1 $c }}{{ end }} + {{ if .Values.imaginary.preview_markdown }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\MarkDown'{{ $c = add1 $c }}{{ end }} + {{ if .Values.imaginary.preview_opendoc }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\OpenDocument'{{ $c = add1 $c }}{{ end }} + {{ if .Values.imaginary.preview_txt }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\TXT'{{ $c = add1 $c }}{{ end }} + {{ if .Values.imaginary.preview_krita }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\Krita'{{ $c = add1 $c }}{{ end }} + {{ if .Values.imaginary.preview_illustrator }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\Illustrator'{{ $c = add1 $c }}{{ end }} + {{ if .Values.imaginary.preview_heic }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\HEIC'{{ $c = add1 $c }}{{ end }} + {{ if .Values.imaginary.preview_movie }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\Movie'{{ $c = add1 $c }}{{ end }} + {{ if .Values.imaginary.preview_msoffice2003 }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\MSOffice2003'{{ $c = add1 $c }}{{ end }} + {{ if .Values.imaginary.preview_msoffice2007 }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\MSOffice2007'{{ $c = add1 $c }}{{ end }} + {{ if .Values.imaginary.preview_msofficedoc }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\MSOfficeDoc'{{ $c = add1 $c }}{{ end }} + {{ if .Values.imaginary.preview_pdf }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\PDF'{{ $c = add1 $c }}{{ end }} + {{ if .Values.imaginary.preview_photoshop }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\Photoshop'{{ $c = add1 $c }}{{ end }} + {{ if .Values.imaginary.preview_postscript }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\Postscript'{{ $c = add1 $c }}{{ end }} + {{ if .Values.imaginary.preview_staroffice }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\StarOffice'{{ $c = add1 $c }}{{ end }} + {{ if .Values.imaginary.preview_svg }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\SVG'{{ $c = add1 $c }}{{ end }} + {{ if .Values.imaginary.preview_tiff }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\TIFF'{{ $c = add1 $c }}{{ end }} + {{ if .Values.imaginary.preview_font }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\Font'{{ $c = add1 $c }}{{ end }} + {{- end }} + + # Set default phone region + {{- with .Values.nextcloud.default_phone_region | upper }} + php /var/www/html/occ config:system:set default_phone_region --value='{{ . }}' + {{- end }} + + echo "Configuring High Performance Backend for url: {{ $accessurl }}" + php /var/www/html/occ config:app:set notify_push base_endpoint --value='{{ $accessurl }}/push' + fg + EOF +env: + - name: NEXTCLOUD_URL + value: 'http://127.0.0.1:8080' + - name: METRICS_PORT + value: '7868' + - name: TRUSTED_PROXIES + value: "{{ .Values.env.TRUSTED_PROXIES }}" + - name: POSTGRES_DB + value: "{{ .Values.postgresql.postgresqlDatabase }}" + - name: POSTGRES_USER + value: "{{ .Values.postgresql.postgresqlUsername }}" + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: dbcreds + key: postgresql-password + - name: POSTGRES_HOST + valueFrom: + secretKeyRef: + name: dbcreds + key: plainporthost + - name: REDIS_HOST + valueFrom: + secretKeyRef: + name: rediscreds + key: plainhost + - name: REDIS_HOST_PASSWORD + valueFrom: + secretKeyRef: + name: rediscreds + key: redis-password +envFrom: + - configMapRef: + name: nextcloudconfig +{{- end -}} diff --git a/stable/nextcloud/19.0.19/templates/_imaginary.tpl b/stable/nextcloud/19.0.19/templates/_imaginary.tpl new file mode 100644 index 00000000000..57a72c43024 --- /dev/null +++ b/stable/nextcloud/19.0.19/templates/_imaginary.tpl @@ -0,0 +1,40 @@ +{{/* Define the imaginary container */}} +{{- define "nextcloud.imaginary" -}} +image: {{ .Values.imaginaryImage.repository }}:{{ .Values.imaginaryImage.tag }} +imagePullPolicy: '{{ .Values.image.pullPolicy }}' +securityContext: + runAsUser: 33 + runAsGroup: 33 + readOnlyRootFilesystem: true + runAsNonRoot: true +ports: + - containerPort: 9090 +args: ["-enable-url-source"] +env: + - name: 'PORT' + value: '9090' +readinessProbe: + httpGet: + path: / + port: 9090 + initialDelaySeconds: {{ .Values.probes.readiness.spec.initialDelaySeconds }} + periodSeconds: {{ .Values.probes.readiness.spec.periodSeconds }} + timeoutSeconds: {{ .Values.probes.readiness.spec.timeoutSeconds }} + failureThreshold: {{ .Values.probes.readiness.spec.failureThreshold }} +livenessProbe: + httpGet: + path: / + port: 9090 + initialDelaySeconds: {{ .Values.probes.liveness.spec.initialDelaySeconds }} + periodSeconds: {{ .Values.probes.liveness.spec.periodSeconds }} + timeoutSeconds: {{ .Values.probes.liveness.spec.timeoutSeconds }} + failureThreshold: {{ .Values.probes.liveness.spec.failureThreshold }} +startupProbe: + httpGet: + path: / + port: 9090 + initialDelaySeconds: {{ .Values.probes.startup.spec.initialDelaySeconds }} + periodSeconds: {{ .Values.probes.startup.spec.periodSeconds }} + timeoutSeconds: {{ .Values.probes.startup.spec.timeoutSeconds }} + failureThreshold: {{ .Values.probes.startup.spec.failureThreshold }} +{{- end -}} diff --git a/stable/nextcloud/19.0.19/templates/_nginx.tpl b/stable/nextcloud/19.0.19/templates/_nginx.tpl new file mode 100644 index 00000000000..df427f44bd8 --- /dev/null +++ b/stable/nextcloud/19.0.19/templates/_nginx.tpl @@ -0,0 +1,54 @@ +{{/* Define the nginx container */}} +{{- define "nextcloud.nginx" -}} +image: {{ .Values.nginxImage.repository }}:{{ .Values.nginxImage.tag }} +imagePullPolicy: '{{ .Values.image.pullPolicy }}' +securityContext: + runAsUser: 33 + runAsGroup: 33 + readOnlyRootFilesystem: true + runAsNonRoot: true +{{- with (include "tc.common.controller.volumeMounts" . | trim) }} +volumeMounts: + {{ nindent 2 . }} +{{- end }} + - mountPath: /etc/nginx/nginx.conf + name: nginx + readOnly: true + subPath: nginx.conf +ports: + - containerPort: 8080 + +readinessProbe: + httpGet: + path: /robots.txt + port: 8080 + httpHeaders: + - name: Host + value: "test.fakedomain.dns" + initialDelaySeconds: {{ .Values.probes.readiness.spec.initialDelaySeconds }} + periodSeconds: {{ .Values.probes.readiness.spec.periodSeconds }} + timeoutSeconds: {{ .Values.probes.readiness.spec.timeoutSeconds }} + failureThreshold: {{ .Values.probes.readiness.spec.failureThreshold }} +livenessProbe: + httpGet: + path: /robots.txt + port: 8080 + httpHeaders: + - name: Host + value: "test.fakedomain.dns" + initialDelaySeconds: {{ .Values.probes.liveness.spec.initialDelaySeconds }} + periodSeconds: {{ .Values.probes.liveness.spec.periodSeconds }} + timeoutSeconds: {{ .Values.probes.liveness.spec.timeoutSeconds }} + failureThreshold: {{ .Values.probes.liveness.spec.failureThreshold }} +startupProbe: + httpGet: + path: /robots.txt + port: 8080 + httpHeaders: + - name: Host + value: "test.fakedomain.dns" + initialDelaySeconds: {{ .Values.probes.startup.spec.initialDelaySeconds }} + periodSeconds: {{ .Values.probes.startup.spec.periodSeconds }} + timeoutSeconds: {{ .Values.probes.startup.spec.timeoutSeconds }} + failureThreshold: {{ .Values.probes.startup.spec.failureThreshold }} +{{- end -}} diff --git a/stable/nextcloud/19.0.19/templates/common.yaml b/stable/nextcloud/19.0.19/templates/common.yaml new file mode 100644 index 00000000000..9314524b1a2 --- /dev/null +++ b/stable/nextcloud/19.0.19/templates/common.yaml @@ -0,0 +1,22 @@ +{{/* Make sure all variables are set properly */}} +{{- include "tc.common.loader.init" . }} + +{{/* Render configmap for nextcloud */}} +{{- include "nextcloud.configmap" . }} + +{{- $newMiddlewares := append .Values.ingress.main.fixedMiddlewares "tc-nextcloud-chain" }} +{{- $_ := set .Values.ingress.main "fixedMiddlewares" $newMiddlewares -}} + +{{- $_ := set .Values.additionalContainers "nginx" (include "nextcloud.nginx" . | fromYaml) -}} +{{- if .Values.imaginary.enabled -}} +{{- $_ := set .Values.additionalContainers "imaginary" (include "nextcloud.imaginary" . | fromYaml) -}} +{{- end -}} +{{- if .Values.hpb.enabled -}} +{{- $_ := set .Values.additionalContainers "hpb" (include "nextcloud.hpb" . | fromYaml) -}} +{{- end -}} + +{{/* Render the templates */}} +{{ include "tc.common.loader.apply" . }} + +{{/* Render cronjob for nextcloud */}} +{{- include "nextcloud.cronjob" . }} diff --git a/stable/nextcloud/19.0.19/values.yaml b/stable/nextcloud/19.0.19/values.yaml new file mode 100644 index 00000000000..e69de29bb2d