diff --git a/stable/nextcloud/21.0.0/CHANGELOG.md b/stable/nextcloud/21.0.0/CHANGELOG.md new file mode 100644 index 00000000000..d21dbbb272d --- /dev/null +++ b/stable/nextcloud/21.0.0/CHANGELOG.md @@ -0,0 +1,13 @@ +**Important:** +*for the complete changelog, please refer to the website* + + + + +## [nextcloud-21.0.0](https://github.com/truecharts/charts/compare/nextcloud-20.1.2...nextcloud-21.0.0) (2023-06-22) + +### Feat + +- move to stable ([#9832](https://github.com/truecharts/charts/issues/9832)) + + \ No newline at end of file diff --git a/stable/nextcloud/21.0.0/Chart.yaml b/stable/nextcloud/21.0.0/Chart.yaml new file mode 100644 index 00000000000..d67d58a089c --- /dev/null +++ b/stable/nextcloud/21.0.0/Chart.yaml @@ -0,0 +1,36 @@ +apiVersion: v2 +appVersion: "2.0.0" +dependencies: + - name: common + repository: https://library-charts.truecharts.org + version: 12.14.1 + - condition: redis.enabled + name: redis + repository: https://deps.truecharts.org + version: 6.0.48 +deprecated: false +description: A private cloud server that puts the control and security of your own data back into your hands. +home: https://truecharts.org/charts/incubator/nextcloud +icon: https://truecharts.org/img/hotlink-ok/chart-icons/nextcloud.png +keywords: + - nextcloud + - storage + - http + - web + - php +kubeVersion: ">=1.16.0-0" +maintainers: + - email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: nextcloud +sources: + - https://github.com/truecharts/charts/tree/master/charts/incubator/nextcloud + - https://github.com/nextcloud/docker + - https://github.com/nextcloud/helm +type: application +version: 21.0.0 +annotations: + truecharts.org/catagories: | + - cloud + truecharts.org/SCALE-support: "true" diff --git a/stable/nextcloud/21.0.0/LICENSE b/stable/nextcloud/21.0.0/LICENSE new file mode 100644 index 00000000000..33a8cbb23f0 --- /dev/null +++ b/stable/nextcloud/21.0.0/LICENSE @@ -0,0 +1,106 @@ +Business Source License 1.1 + +Parameters + +Licensor: The TrueCharts Project, it's owner and it's contributors +Licensed Work: The TrueCharts "Blocky" Helm Chart +Additional Use Grant: You may use the licensed work in production, as long + as it is directly sourced from a TrueCharts provided + official repository, catalog or source. You may also make private + modification to the directly sourced licenced work, + when used in production. + + The following cases are, due to their nature, also + defined as 'production use' and explicitly prohibited: + - Bundling, including or displaying the licensed work + with(in) another work intended for production use, + with the apparent intend of facilitating and/or + promoting production use by third parties in + violation of this license. + +Change Date: 2050-01-01 + +Change License: 3-clause BSD license + +For information about alternative licensing arrangements for the Software, +please contact: legal@truecharts.org + +Notice + +The Business Source License (this document, or the “License”) is not an Open +Source license. However, the Licensed Work will eventually be made available +under an Open Source License, as stated in this License. + +License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved. +“Business Source License” is a trademark of MariaDB Corporation Ab. + +----------------------------------------------------------------------------- + +Business Source License 1.1 + +Terms + +The Licensor hereby grants you the right to copy, modify, create derivative +works, redistribute, and make non-production use of the Licensed Work. The +Licensor may make an Additional Use Grant, above, permitting limited +production use. + +Effective on the Change Date, or the fourth anniversary of the first publicly +available distribution of a specific version of the Licensed Work under this +License, whichever comes first, the Licensor hereby grants you rights under +the terms of the Change License, and the rights granted in the paragraph +above terminate. + +If your use of the Licensed Work does not comply with the requirements +currently in effect as described in this License, you must purchase a +commercial license from the Licensor, its affiliated entities, or authorized +resellers, or you must refrain from using the Licensed Work. + +All copies of the original and modified Licensed Work, and derivative works +of the Licensed Work, are subject to this License. This License applies +separately for each version of the Licensed Work and the Change Date may vary +for each version of the Licensed Work released by Licensor. + +You must conspicuously display this License on each original or modified copy +of the Licensed Work. If you receive the Licensed Work in original or +modified form from a third party, the terms and conditions set forth in this +License apply to your use of that work. + +Any use of the Licensed Work in violation of this License will automatically +terminate your rights under this License for the current and all other +versions of the Licensed Work. + +This License does not grant you any right in any trademark or logo of +Licensor or its affiliates (provided that you may use a trademark or logo of +Licensor as expressly required by this License). + +TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON +AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS, +EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND +TITLE. + +MariaDB hereby grants you permission to use this License’s text to license +your works, and to refer to it using the trademark “Business Source License”, +as long as you comply with the Covenants of Licensor below. + +Covenants of Licensor + +In consideration of the right to use this License’s text and the “Business +Source License” name and trademark, Licensor covenants to MariaDB, and to all +other recipients of the licensed work to be provided by Licensor: + +1. To specify as the Change License the GPL Version 2.0 or any later version, + or a license that is compatible with GPL Version 2.0 or a later version, + where “compatible” means that software provided under the Change License can + be included in a program with software provided under GPL Version 2.0 or a + later version. Licensor may specify additional Change Licenses without + limitation. + +2. To either: (a) specify an additional grant of rights to use that does not + impose any additional restriction on the right granted in this License, as + the Additional Use Grant; or (b) insert the text “None”. + +3. To specify a Change Date. + +4. Not to modify this License in any other way. diff --git a/stable/nextcloud/21.0.0/README.md b/stable/nextcloud/21.0.0/README.md new file mode 100644 index 00000000000..63d5d2c8fdc --- /dev/null +++ b/stable/nextcloud/21.0.0/README.md @@ -0,0 +1,27 @@ +# README + +## General Info + +TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE. +However only installations using the TrueNAS SCALE Apps system are supported. + +For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/incubator/) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + + +## Support + +- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE%20Apps/Important-MUST-READ). +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/charts/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! + +*All Rights Reserved - The TrueCharts Project* diff --git a/stable/nextcloud/21.0.0/app-changelog.md b/stable/nextcloud/21.0.0/app-changelog.md new file mode 100644 index 00000000000..a2b1756efad --- /dev/null +++ b/stable/nextcloud/21.0.0/app-changelog.md @@ -0,0 +1,9 @@ + + +## [nextcloud-21.0.0](https://github.com/truecharts/charts/compare/nextcloud-20.1.2...nextcloud-21.0.0) (2023-06-22) + +### Feat + +- move to stable ([#9832](https://github.com/truecharts/charts/issues/9832)) + + \ No newline at end of file diff --git a/stable/nextcloud/21.0.0/app-readme.md b/stable/nextcloud/21.0.0/app-readme.md new file mode 100644 index 00000000000..1369f69bf57 --- /dev/null +++ b/stable/nextcloud/21.0.0/app-readme.md @@ -0,0 +1,8 @@ +A private cloud server that puts the control and security of your own data back into your hands. + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/stable/nextcloud](https://truecharts.org/charts/stable/nextcloud) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! diff --git a/stable/nextcloud/21.0.0/charts/common-12.14.1.tgz b/stable/nextcloud/21.0.0/charts/common-12.14.1.tgz new file mode 100644 index 00000000000..4a0cd31e1d5 Binary files /dev/null and b/stable/nextcloud/21.0.0/charts/common-12.14.1.tgz differ diff --git a/stable/nextcloud/21.0.0/charts/redis-6.0.48.tgz b/stable/nextcloud/21.0.0/charts/redis-6.0.48.tgz new file mode 100644 index 00000000000..e44b00ba818 Binary files /dev/null and b/stable/nextcloud/21.0.0/charts/redis-6.0.48.tgz differ diff --git a/stable/nextcloud/21.0.0/ix_values.yaml b/stable/nextcloud/21.0.0/ix_values.yaml new file mode 100644 index 00000000000..c08b980a662 --- /dev/null +++ b/stable/nextcloud/21.0.0/ix_values.yaml @@ -0,0 +1,495 @@ +image: + repository: tccr.io/truecharts/nextcloud-fpm + pullPolicy: IfNotPresent + tag: v2.0.0@sha256:c3ff63fa9613fbad94c7950743482c8bb2a2a659ac42b3daac8963e0bbaf5129 +nginxImage: + repository: tccr.io/truecharts/nginx-unprivileged + pullPolicy: IfNotPresent + tag: v1.24.0@sha256:f6386a703b6a0679b6274cc366a6efe7a06b8b5b3391353465d9d1649b4584ef +imaginaryImage: + repository: tccr.io/truecharts/nextcloud-imaginary + pullPolicy: IfNotPresent + tag: v20230401@sha256:4f5e3895987a9d12336f772a64a77dd662c6c9bb2b96820b19ffbab58f3ff982 +hpbImage: + repository: tccr.io/truecharts/nextcloud-push-notify + pullPolicy: IfNotPresent + tag: v0.6.3@sha256:25c0a2f0c3eeb64e26be102cc3be09d8ce19b8d05397e188f73f94de8359d339 +clamavImage: + repository: tccr.io/truecharts/clamav + pullPolicy: IfNotPresent + tag: v1.1.0@sha256:ab196d867fcfddedc8dc965d67a2e6824ca65488cf616cc707e9c36efd54e086 +collaboraImage: + repository: tccr.io/truecharts/collabora + pullPolicy: IfNotPresent + tag: v23.05.0.5.1@sha256:a753bfe9d5479e992e914f5818bc96f33ff95dd3760cb10938ae2296286c416e + +nextcloud: + # Initial Credentials + credentials: + initialAdminUser: admin + initialAdminPassword: adminpass + # General settings + general: + # Custom Nextcloud Scripts + run_optimize: true + default_phone_region: GR + # IP used for exposing nextcloud, + # often the loadbalancer IP + accessIP: "" + # File settings + files: + shared_folder_name: Shared + max_chunk_size: 10485760 + # Expiration settings + expirations: + activity_expire_days: 90 + trash_retention_obligation: auto + versions_retention_obligation: auto + # Previews settings + previews: + enabled: true + # It will also deploy the container + imaginary: true + cron: true + schedule: "*/30 * * * *" + max_x: 2048 + max_y: 2048 + max_memory: 1024 + max_file_size_image: 50 + jpeg_quality: 60 + square_sizes: 32 256 + width_sizes: 256 384 + height_sizes: 256 + # Casings are important + # https://github.com/nextcloud/server/blob/master/config/config.sample.php#L1269 + # Only the last part of the provider is needed + providers: + - PNG + - JPEG + # Logging settings + logging: + log_level: 2 + log_file: /var/www/html/data/logs/nextcloud.log + log_audit_file: /var/www/html/data/logs/audit.log + log_date_format: d/m/Y H:i:s + # ClamAV settings + clamav: + # It will also deploy the container + # Note that this runs as root + enabled: false + stream_max_length: 26214400 + file_max_size: -1 + infected_action: only_log + # Notify Push settings + notify_push: + # It will also deploy the container + enabled: true + # Collabora settings + collabora: + # It will also deploy the container + enabled: false + # default|compact|tabbed + interface_mode: default + username: admin + password: changeme + dictionaries: + - de_DE + - en_GB + - en_US + - el_GR + - es_ES + - fr_FR + - pt_BR + - pt_PT + - it + - nl + - ru + onlyoffice: + # It will not deploy the container + # Only add the OnlyOffice settings + enabled: false + url: "" + jwt: "" + jwt_header: Authorization + # PHP settings + php: + memory_limit: 1G + upload_limit: 10G + pm_max_children: 180 + pm_start_servers: 18 + pm_min_spare_servers: 12 + pm_max_spare_servers: 30 + +# Do NOT edit below this line +workload: + # Nextcloud php-fpm + main: + type: Deployment + podSpec: + containers: + main: + enabled: true + primary: true + envFrom: + - configMapRef: + name: nextcloud-config + probes: + liveness: + enabled: true + type: exec + command: /healthcheck.sh + readiness: + enabled: true + type: exec + command: /healthcheck.sh + startup: + enabled: true + type: tcp + port: "{{ .Values.service.nextcloud.ports.nextcloud.targetPort }}" + nginx: + enabled: true + type: Deployment + strategy: RollingUpdate + replicas: 1 + podSpec: + containers: + nginx: + enabled: true + primary: true + imageSelector: nginxImage + probes: + readiness: + enabled: true + path: /robots.txt + port: "{{ .Values.service.main.ports.main.port }}" + httpHeaders: + Host: kube.internal.healthcheck + liveness: + enabled: true + path: /robots.txt + port: "{{ .Values.service.main.ports.main.port }}" + httpHeaders: + Host: kube.internal.healthcheck + startup: + enabled: true + type: tcp + port: "{{ .Values.service.main.ports.main.port }}" + notify: + enabled: true + type: Deployment + strategy: RollingUpdate + replicas: 1 + podSpec: + containers: + notify: + primary: true + enabled: true + imageSelector: hpbImage + envFrom: + - configMapRef: + name: hpb-config + probes: + readiness: + enabled: true + path: /push/test/cookie + port: 7867 + httpHeaders: + Host: kube.internal.healthcheck + liveness: + enabled: true + path: /push/test/cookie + port: 7867 + httpHeaders: + Host: kube.internal.healthcheck + startup: + enabled: true + type: tcp + port: 7867 + imaginary: + enabled: true + type: Deployment + strategy: RollingUpdate + replicas: 1 + podSpec: + containers: + imaginary: + primary: true + enabled: true + imageSelector: imaginaryImage + command: imaginary + args: + - -p + - "{{ .Values.service.imaginary.ports.imaginary.port }}" + - -concurrency + - "10" + - -enable-url-source + - -return-size + probes: + readiness: + enabled: true + path: /health + port: "{{ .Values.service.imaginary.ports.imaginary.port }}" + liveness: + enabled: true + path: /health + port: "{{ .Values.service.imaginary.ports.imaginary.port }}" + startup: + enabled: true + type: tcp + port: "{{ .Values.service.imaginary.ports.imaginary.port }}" + clamav: + enabled: true + type: Deployment + strategy: RollingUpdate + replicas: 1 + podSpec: + containers: + clamav: + primary: true + enabled: true + imageSelector: clamavImage + # FIXME: https://github.com/Cisco-Talos/clamav/issues/478 + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + readOnlyRootFilesystem: false + envFrom: + - configMapRef: + name: clamav-config + probes: + readiness: + enabled: true + type: exec + command: clamdcheck.sh + liveness: + enabled: true + type: exec + command: clamdcheck.sh + startup: + enabled: true + type: tcp + port: "{{ .Values.service.clamav.ports.clamav.targetPort }}" + collabora: + enabled: true + type: Deployment + strategy: RollingUpdate + replicas: 1 + podSpec: + containers: + collabora: + primary: true + enabled: true + imageSelector: collaboraImage + securityContext: + runAsUser: 100 + runAsGroup: 102 + readOnlyRootFilesystem: false + allowPrivilegeEscalation: true + capabilities: + add: + - CHOWN + - FOWNER + - SYS_CHROOT + - MKNOD + envFrom: + - configMapRef: + name: collabora-config + probes: + readiness: + enabled: true + type: http + path: /collabora/ + port: "{{ .Values.service.collabora.ports.collabora.targetPort }}" + liveness: + enabled: true + type: http + path: /collabora/ + port: "{{ .Values.service.collabora.ports.collabora.targetPort }}" + startup: + enabled: true + type: tcp + port: "{{ .Values.service.collabora.ports.collabora.targetPort }}" + +cronjobs: + # Don't change names, it's used in the persistence + - name: nextcloud-cron + enabled: true + schedule: "*/5 * * * *" + cmd: + - echo "Running [php -f /var/www/html/cron.php] ..." + - php -f /var/www/html/cron.php + - echo "Finished [php -f /var/www/html/cron.php]" + - name: preview-cron + enabled: "{{ .Values.nextcloud.previews.cron }}" + schedule: "{{ .Values.nextcloud.previews.schedule }}" + cmd: + - echo "Running [occ preview:pre-generate] ..." + - occ preview:pre-generate + - echo "Finished [occ preview:pre-generate]" + +service: + # Main service links to ingress easier + # That's why the nginx is swapped with nextcloud + main: + targetSelector: nginx + ports: + main: + targetSelector: nginx + port: 8080 + nextcloud: + enabled: true + targetSelector: main + ports: + nextcloud: + enabled: true + targetSelector: main + port: 9000 + targetPort: 9000 + notify: + enabled: true + targetSelector: notify + ports: + notify: + enabled: true + primary: true + port: 7867 + targetPort: 7867 + targetSelector: notify + metrics: + enabled: true + port: 7868 + targetSelector: notify + imaginary: + enabled: true + targetSelector: imaginary + ports: + imaginary: + enabled: true + port: 9090 + targetSelector: imaginary + clamav: + enabled: true + targetSelector: clamav + ports: + clamav: + enabled: true + port: 3310 + targetPort: 3310 + targetSelector: clamav + collabora: + enabled: true + targetSelector: collabora + ports: + collabora: + enabled: true + port: 9980 + targetPort: 9980 + targetSelector: collabora + +persistence: + php-tune: + enabled: true + type: configmap + objectName: php-tune + targetSelector: + main: + main: + mountPath: /usr/local/etc/php-fpm.d/zz-tune.conf + subPath: zz-tune.conf + readOnly: true + redis-session: + enabled: true + type: configmap + objectName: redis-session + targetSelector: + main: + main: + mountPath: /usr/local/etc/php/conf.d/redis-session.ini + subPath: redis-session.ini + readOnly: true + nginx: + enabled: true + type: configmap + objectName: nginx-config + targetSelector: + nginx: + nginx: + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf + readOnly: true + nginx-temp: + enabled: true + type: emptyDir + targetSelector: + nginx: + nginx: + mountPath: /tmp/nginx + html: + enabled: true + targetSelector: + main: + main: + mountPath: /var/www/html + nextcloud-cron: + nextcloud-cron: + mountPath: /var/www/html + preview-cron: + preview-cron: + mountPath: /var/www/html + nginx: + nginx: + mountPath: /var/www/html + readOnly: true + config: + enabled: true + targetSelector: + main: + main: + mountPath: /var/www/html/config + nextcloud-cron: + nextcloud-cron: + mountPath: /var/www/html/config + preview-cron: + preview-cron: + mountPath: /var/www/html/config + notify: + notify: + mountPath: /var/www/html/config + readOnly: true + nginx: + nginx: + mountPath: /var/www/html/config + readOnly: true + data: + enabled: true + targetSelector: + main: + main: + mountPath: /var/www/html/data + init-perms: + mountPath: /var/www/html/data + nextcloud-cron: + nextcloud-cron: + mountPath: /var/www/html/data + preview-cron: + preview-cron: + mountPath: /var/www/html/data + nginx: + nginx: + mountPath: /var/www/html/data + readOnly: true + +cnpg: + main: + enabled: true + user: nextcloud + database: nextcloud + +redis: + enabled: true + username: default + +portal: + open: + enabled: true diff --git a/stable/nextcloud/21.0.0/questions.yaml b/stable/nextcloud/21.0.0/questions.yaml new file mode 100644 index 00000000000..41fdd7b4c6c --- /dev/null +++ b/stable/nextcloud/21.0.0/questions.yaml @@ -0,0 +1,2636 @@ +groups: + - name: Container Image + description: Image to be used for container + - name: General Settings + description: General Deployment Settings + - name: Workload Settings + description: Workload Settings + - name: App Configuration + description: App Specific Config Options + - name: Networking and Services + description: Configure Network and Services for Container + - name: Storage and Persistence + description: Persist and Share Data that is Separate from the Container + - name: Ingress + description: Ingress Configuration + - name: Security and Permissions + description: Configure Security Context and Permissions + - name: Resources and Devices + description: "Specify Resources/Devices to be Allocated to Workload" + - name: Middlewares + description: Traefik Middlewares + - name: Metrics + description: Metrics + - name: Addons + description: Addon Configuration + - name: Advanced + description: Advanced Configuration + - name: Postgresql + description: Postgresql + - name: Documentation + description: Documentation +portals: + open: + protocols: + - "$kubernetes-resource_configmap_tcportal-open_protocol" + host: + - "$kubernetes-resource_configmap_tcportal-open_host" + ports: + - "$kubernetes-resource_configmap_tcportal-open_port" +questions: + - variable: global + group: General Settings + label: "Global Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: stopAll + label: Stop All + description: "Stops All Running pods and hibernates cnpg" + schema: + type: boolean + default: false + - variable: workload + group: "Workload Settings" + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type (Advanced) + schema: + type: string + default: Deployment + enum: + - value: Deployment + description: Deployment + - value: DaemonSet + description: DaemonSet + - variable: replicas + label: Replicas (Advanced) + description: Set the number of Replicas + schema: + type: int + show_if: [["type", "!=", "DaemonSet"]] + default: 1 + - variable: podSpec + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: containers + label: Containers + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Container + schema: + additional_attrs: true + type: dict + attrs: + - variable: envList + label: Extra Environment Variables + description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..." + schema: + type: list + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: extraArgs + label: Extra Args + schema: + type: list + default: [] + items: + - variable: arg + label: Arg + schema: + type: string + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: command + label: Command + schema: + type: list + default: [] + items: + - variable: param + label: Param + schema: + type: string + - variable: TZ + label: Timezone + group: "General Settings" + schema: + type: string + default: "Etc/UTC" + $ref: + - "definitions/timezone" + - variable: nextcloud + group: App Configuration + label: Nextcloud + schema: + additional_attrs: true + type: dict + attrs: + - variable: credentials + group: App Configuration + label: Initial Credentials + schema: + additional_attrs: true + type: dict + attrs: + - variable: initialAdminUser + label: Initial Admin User + description: Sets the initial admin username + schema: + type: string + required: true + default: "" + - variable: initialAdminPassword + label: Initial Admin Password + description: Sets the initial admin password + schema: + type: string + required: true + private: true + default: "" + - variable: general + group: App Configuration + label: General + schema: + additional_attrs: true + type: dict + attrs: + - variable: run_optimize + label: Run Optimize Scripts + description: | + Runs the following commands at startup:
+ occ db:add-missing-indices
+ occ db:add-missing-columns
+ occ db:add-missing-primary-keys
+ yes | occ db:convert-filecache-bigint
+ occ maintenance:mimetype:update-js
+ occ maintenance:mimetype:update-db
+ occ maintenance:update:htaccess
+ schema: + type: boolean + default: false + - variable: default_phone_region + label: Default Phone Region + description: | + Sets the default phone region in ISO_3166-1 format (e.g. US).
+ https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements + schema: + type: string + valid_chars: '^[A-Z]{2}$' + required: true + default: "" + - variable: accessIP + label: Access IP + description: Set to the IP-Address used to reach Nextcloud. + schema: + type: string + required: true + $ref: + - "definitions/nodeIP" + - variable: files + group: App Configuration + label: Files Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: shared_folder_name + label: Shared Folder Name + schema: + type: string + required: true + default: Shared + - variable: max_chunk_size + label: Max Chunk Size + schema: + type: int + required: true + default: 10485760 + - variable: expirations + group: App Configuration + label: Expirations Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: activity_expire_days + label: Activity Expire Days + schema: + type: int + required: true + default: 90 + - variable: trash_retention_obligation + label: Trash Retention Obligation + schema: + type: string + required: true + default: auto + - variable: versions_retention_obligation + label: Versions Retention Obligation + schema: + type: string + required: true + default: auto + - variable: previews + group: App Configuration + label: Previews Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Previews + schema: + type: boolean + default: true + show_subquestions_if: true + subquestions: + - variable: imaginary + label: Enable imaginary + description: | + Enable imaginary to generate previews in the background.
+ It will also deploy the needed container. + schema: + type: boolean + default: true + - variable: cron + label: Enable cron + description: | + Enable cron to generate previews in the background. + schema: + type: boolean + default: true + - variable: schedule + label: Cron Schedule + schema: + type: string + default: "*/30 * * * *" + - variable: max_x + label: Max X + schema: + type: int + required: true + default: 2048 + - variable: max_y + label: Max Y + schema: + type: int + required: true + default: 2048 + - variable: max_memory + label: Max Memory + schema: + type: int + required: true + default: 1024 + - variable: max_file_size_image + label: Max File Size Image + schema: + type: int + required: true + default: 50 + - variable: jpeg_quality + label: JPEG Quality + schema: + type: int + required: true + default: 60 + - variable: square_sizes + label: Square Sizes + schema: + type: string + required: true + default: "32 256" + - variable: width_sizes + label: Width Sizes + schema: + type: string + required: true + default: "256 384" + - variable: height_sizes + label: Height Sizes + schema: + type: string + required: true + default: "256" + - variable: providers + label: Providers + schema: + type: list + empty: false + required: true + default: + - BMP + - GIF + - JPEG + - Krita + - MarkDown + - MP3 + - OpenDocument + - PNG + - TXT + - XBitmap + items: + - variable: provider_entry + label: Provider Entry + schema: + type: string + required: true + default: "" + enum: + - value: BMP + description: BMP + - value: Font + description: Font + - value: GIF + description: GIF + - value: HEIC + description: HEIC + - value: Illustrator + description: Illustrator + - value: JPEG + description: JPEG + - value: Krita + description: Krita + - value: MarkDown + description: MarkDown + - value: Movie + description: Movie + - value: MP3 + description: MP3 + - value: MSOffice2003 + description: MSOffice2003 + - value: MSOffice2007 + description: MSOffice2007 + - value: MSOfficeDoc + description: MSOfficeDoc + - value: OpenDocument + description: OpenDocument + - value: PDF + description: PDF + - value: Photoshop + description: Photoshop + - value: PNG + description: PNG + - value: Postscript + description: Postscript + - value: StarOffice + description: StarOffice + - value: SVG + description: SVG + - value: TIFF + description: TIFF + - value: TXT + description: TXT + - value: XBitmap + description: XBitmap + - variable: Logging + group: App Configuration + label: Logging Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: log_level + label: Log Level + schema: + type: string + required: true + default: "2" + enum: + - value: "0" + description: Debug + - value: "1" + description: Info + - value: "2" + description: Warning + - value: "3" + description: Error + - value: "4" + description: Fatal + - variable: log_date_format + label: Log Date Format + schema: + type: string + required: true + default: d/m/Y H:i:s + - variable: notify_push + group: App Configuration + label: Notify Push Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Notify Push + description: | + Enable and Configure Notify Push.
+ It will also deploy the needed container + schema: + type: boolean + default: true + - variable: clamav + group: App Configuration + label: ClamAV Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable ClamAV + description: | + Enable and configure ClamAV.
+ It will also deploy the needed container.
+ Keep in mind that this will run as root.
+ https://github.com/Cisco-Talos/clamav/issues/478 + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: stream_max_length + label: Stream Max Length + schema: + type: int + required: true + default: 104857600 + - variable: file_max_size + label: File Max Size + schema: + type: int + required: true + default: -1 + - variable: infected_action + label: Infected Action + schema: + type: string + required: true + default: only_log + enum: + - value: delete + description: Delete + - value: only_log + description: Only Log + - variable: collabora + group: App Configuration + label: Collabora Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Collabora + description: | + Enable and configure Collabora.
+ It will also deploy the needed container.
+ Keep in mind that this will run as root. + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: interface_mode + label: Interface Mode + schema: + type: string + required: true + default: default + enum: + - value: default + description: Default + - value: compact + description: Compact + - value: tabbed + description: Tabbed + - variable: username + label: Username + schema: + type: string + default: admin + required: true + - variable: password + label: Password + schema: + type: string + default: "" + required: true + - variable: dictionaries + label: Dictionaries + schema: + type: list + empty: false + required: true + default: + - de_DE + - en_GB + - en_US + - el_GR + - es_ES + - fr_FR + - pt_BR + - pt_PT + - it + - nl + - ru + items: + - variable: dictionary + label: Dictionary + schema: + type: string + required: true + default: "" + - variable: onlyoffice + group: App Configuration + label: Only Office Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable OnlyOffice + description: | + Enable and configure OnlyOffice.
+ This will NOT deploy the needed container.
+ You need to deploy it yourself. + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: url + label: URL + schema: + type: string + required: true + default: "" + - variable: jwt + label: JWT + schema: + type: string + required: true + default: "" + - variable: jwt_header + label: JWT Header + schema: + type: string + required: true + default: Authorization + - variable: php + group: App Configuration + label: PHP Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: memory_limit + label: Memory Limit + schema: + type: string + required: true + default: 1G + - variable: upload_limit + label: Upload Limit + schema: + type: string + required: true + default: 10G + - variable: pm_max_children + label: Max Children + schema: + type: int + required: true + default: 180 + - variable: pm_start_servers + label: Start Servers + schema: + type: int + required: true + default: 18 + - variable: pm_min_spare_servers + label: Minimum Spare Servers + schema: + type: int + required: true + default: 12 + - variable: pm_max_spare_servers + label: Maximum Spare Servers + schema: + type: int + required: true + default: 30 + - variable: podOptions + group: "General Settings" + label: "Global Pod Options (Advanced)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: expertPodOpts + label: "Expert - Pod Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostNetwork + label: "Host Networking" + schema: + type: boolean + default: false + - variable: dnsConfig + label: "DNS Configuration" + schema: + type: dict + additional_attrs: true + attrs: + - variable: options + label: "Options" + schema: + type: list + default: [{"name": "ndots", "value": "1"}] + items: + - variable: optionsEntry + label: "Option Entry" + schema: + type: dict + additional_attrs: true + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: value + label: "Value" + schema: + type: string + - variable: nameservers + label: "Nameservers" + schema: + type: list + default: [] + items: + - variable: nsEntry + label: "Nameserver Entry" + schema: + type: string + required: true + - variable: searches + label: "Searches" + schema: + type: list + default: [] + items: + - variable: searchEntry + label: "Search Entry" + schema: + type: string + required: true + - variable: service + group: Networking and Services + label: Configure Service(s) + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Service + description: The Primary service on which the healthcheck runs, often the webUI + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Service Port Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + description: This port exposes the container port on the service + schema: + type: int + default: 12000 + required: true + - variable: serviceexpert + group: Networking and Services + label: Show Expert Config + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: scaleExternalInterface + description: Add External Interfaces + label: Add external Interfaces + group: Networking + schema: + type: list + items: + - variable: interfaceConfiguration + description: Interface Configuration + label: Interface Configuration + schema: + additional_attrs: true + type: dict + $ref: + - "normalize/interfaceConfiguration" + attrs: + - variable: hostInterface + description: Please Specify Host Interface + label: Host Interface + schema: + type: string + required: true + $ref: + - "definitions/interface" + - variable: ipam + description: Define how IP Address will be managed + label: IP Address Management + schema: + additional_attrs: true + type: dict + required: true + attrs: + - variable: type + description: Specify type for IPAM + label: IPAM Type + schema: + type: string + required: true + enum: + - value: dhcp + description: Use DHCP + - value: static + description: Use Static IP + - variable: staticIPConfigurations + label: Static IP Addresses + schema: + type: list + show_if: [["type", "=", "static"]] + items: + - variable: staticIP + label: Static IP + schema: + type: ipaddr + cidr: true + - variable: staticRoutes + label: Static Routes + schema: + type: list + show_if: [["type", "=", "static"]] + items: + - variable: staticRouteConfiguration + label: Static Route Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: destination + label: Destination + schema: + type: ipaddr + cidr: true + required: true + - variable: gateway + label: Gateway + schema: + type: ipaddr + cidr: false + required: true + - variable: serviceList + label: Add Manual Custom Services + group: Networking and Services + schema: + type: list + default: [] + items: + - variable: serviceListEntry + label: Custom Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the service + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: (Advanced) The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: portsList + label: Additional Service Ports + schema: + type: list + default: [] + items: + - variable: portsListEntry + label: Custom ports + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Port + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Port Name + schema: + type: string + default: "" + - variable: protocol + label: Port Type + schema: + type: string + default: tcp + enum: + - value: http + description: HTTP + - value: https + description: HTTPS + - value: tcp + description: TCP + - value: udp + description: UDP + - variable: targetPort + label: Target Port + description: This port exposes the container port on the service + schema: + type: int + required: true + - variable: port + label: Container Port + schema: + type: int + required: true + - variable: persistence + label: Integrated Persistent Storage + description: Integrated Persistent Storage + group: Storage and Persistence + schema: + additional_attrs: true + type: dict + attrs: + - variable: html + label: App HTML Storage + description: Stores the Application HTML. + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: pvc + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: setPermissions + label: Automatic Permissions + description: Automatically set permissions on install + schema: + show_if: [["type", "=", "hostPath"]] + hidden: true + type: boolean + default: false + - variable: autoPermissions + label: Automatic Permissions Configuration + description: Automatically set permissions + schema: + show_if: [["type", "!=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: chown + label: Run CHOWN + description: | + It will run CHOWN on the path with the given fsGroup + schema: + type: boolean + default: false + - variable: chmod + label: Run CHMOD + description: | + It will run CHMOD on the path with the given value + schema: + type: string + default: "775" + - variable: recursive + label: Recursive + description: | + It will run CHOWN and CHMOD recursively + schema: + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size quotum of Storage (Do NOT REDUCE after installation) + description: This value can ONLY be INCREASED after the installation + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: config + label: App Config Storage + description: Stores the Application Config. + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: pvc + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: setPermissions + label: Automatic Permissions + description: Automatically set permissions on install + schema: + show_if: [["type", "=", "hostPath"]] + hidden: true + type: boolean + default: false + - variable: autoPermissions + label: Automatic Permissions Configuration + description: Automatically set permissions + schema: + show_if: [["type", "!=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: chown + label: Run CHOWN + description: | + It will run CHOWN on the path with the given fsGroup + schema: + type: boolean + default: false + - variable: chmod + label: Run CHMOD + description: | + It will run CHMOD on the path with the given value + schema: + type: string + default: "775" + - variable: recursive + label: Recursive + description: | + It will run CHOWN and CHMOD recursively + schema: + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size quotum of Storage (Do NOT REDUCE after installation) + description: This value can ONLY be INCREASED after the installation + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: data + label: User Data Storage + description: Stores the User Data. + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: pvc + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: setPermissions + label: Automatic Permissions + description: Automatically set permissions on install + schema: + show_if: [["type", "=", "hostPath"]] + hidden: true + type: boolean + default: false + - variable: autoPermissions + label: Automatic Permissions Configuration + description: Automatically set permissions + schema: + show_if: [["type", "!=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: chown + label: Run CHOWN + description: | + It will run CHOWN on the path with the given fsGroup + schema: + type: boolean + default: false + - variable: chmod + label: Run CHMOD + description: | + It will run CHMOD on the path with the given value + schema: + type: string + default: "775" + - variable: recursive + label: Recursive + description: | + It will run CHOWN and CHMOD recursively + schema: + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size quotum of Storage (Do NOT REDUCE after installation) + description: This value can ONLY be INCREASED after the installation + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: persistenceList + label: Additional App Storage + group: Storage and Persistence + schema: + type: list + default: [] + items: + - variable: persistenceListEntry + label: Custom Storage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the storage + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: hostPath + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: setPermissions + label: Automatic Permissions + description: Automatically set permissions on install + schema: + show_if: [["type", "=", "hostPath"]] + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: mountPath + label: Mount Path + description: Path inside the container the storage is mounted + schema: + type: string + default: "" + required: true + valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$' + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size Quotum of Storage + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: ingress + label: "" + group: Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: certificateIssuer + label: Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below' + schema: + type: string + default: "" + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: ingressList + label: Add Manual Custom Ingresses + group: Ingress + schema: + type: list + default: [] + items: + - variable: ingressListEntry + label: Custom Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: ingressClassName + label: IngressClass Name + schema: + type: string + default: "" + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: service + label: Linked Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Service Name + schema: + type: string + default: "" + - variable: port + label: Service Port + schema: + type: int + - variable: clusterIssuer + label: clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below' + schema: + type: string + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + default: [] + show_if: [["clusterIssuer", "=", ""]] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: clusterIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your Cert-Manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: scaleCert + label: Use TrueNAS SCALE Certificate (Deprecated) + schema: + show_if: [["clusterIssuer", "=", ""]] + type: int + $ref: + - "definitions/certificate" + - variable: secretName + label: Use Custom Secret (Advanced) + schema: + type: string + show_if: [["clusterIssuer", "=", ""]] + default: "" + - variable: entrypoint + label: Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + required: true + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: securityContext + group: Security and Permissions + label: Security Context + schema: + additional_attrs: true + type: dict + attrs: + - variable: container + label: Container + schema: + additional_attrs: true + type: dict + attrs: + # Settings from questions.yaml get appended here on a per-app basis + - variable: runAsUser + label: runAsUser + description: The UserID of the user running the application + schema: + type: int + default: 568 + - variable: runAsGroup + label: runAsGroup + description: The groupID of the user running the application + schema: + type: int + default: 568 + # Settings from questions.yaml get appended here on a per-app basis + - variable: PUID + label: Process User ID - PUID + description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps + schema: + type: int + show_if: [["runAsUser", "=", 0]] + default: 568 + - variable: UMASK + label: UMASK + description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps + schema: + type: string + default: "0022" + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: privileged + label: "Privileged mode" + schema: + type: boolean + default: false + - variable: readOnlyRootFilesystem + label: "ReadOnly Root Filesystem" + schema: + type: boolean + default: true + - variable: pod + label: Pod + schema: + additional_attrs: true + type: dict + attrs: + - variable: fsGroupChangePolicy + label: "When should we take ownership?" + schema: + type: string + default: OnRootMismatch + enum: + - value: OnRootMismatch + description: OnRootMismatch + - value: Always + description: Always + - variable: supplementalGroups + label: Supplemental Groups + schema: + type: list + default: [] + items: + - variable: supplementalGroupsEntry + label: Supplemental Group + schema: + type: int + # Settings from questions.yaml get appended here on a per-app basis + - variable: fsGroup + label: fsGroup + description: The group that should own ALL storage. + schema: + type: int + default: 568 + - variable: resources + group: Resources and Devices + label: "Resource Limits" + schema: + additional_attrs: true + type: dict + attrs: + - variable: limits + label: Advanced Limit Resource Consumption + schema: + additional_attrs: true + type: dict + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" + schema: + type: string + default: 4000m + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: RAM + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" + schema: + type: string + default: 8Gi + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: requests + label: "Minimum Resources Required (request)" + schema: + additional_attrs: true + type: dict + hidden: true + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" + schema: + type: string + default: 10m + hidden: true + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: "RAM" + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" + schema: + type: string + default: 50Mi + hidden: true + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: deviceList + label: Mount USB Devices + group: Resources and Devices + schema: + type: list + default: [] + items: + - variable: deviceListEntry + label: Device + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Storage + schema: + type: boolean + default: true + - variable: type + label: (Advanced) Type of Storage + description: Sets the persistence type + schema: + type: string + default: device + hidden: true + - variable: readOnly + label: readOnly + schema: + type: boolean + default: false + - variable: hostPath + label: Host Device Path + description: Path to the device on the host system + schema: + type: path + - variable: mountPath + label: Container Device Path + description: Path inside the container the device is mounted + schema: + type: string + default: "/dev/ttyACM0" + - variable: scaleGPU + label: GPU Configuration + group: Resources and Devices + schema: + type: list + default: [] + items: + - variable: scaleGPUEntry + label: GPU + schema: + additional_attrs: true + type: dict + attrs: + # Specify GPU configuration + - variable: gpu + label: Select GPU + schema: + additional_attrs: true + type: dict + $ref: + - "definitions/gpuConfiguration" + attrs: [] + - variable: workaround + label: "Workaround" + schema: + type: string + default: workaround + hidden: true + - variable: metrics + group: Metrics + label: Prometheus Metrics + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Metrics + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + description: Enable Prometheus Metrics + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: prometheusRule + label: PrometheusRule + description: Enable and configure Prometheus Rules for the App. + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + description: Enable Prometheus Metrics + schema: + type: boolean + default: false + # TODO: Rule List section +# - variable: horizontalPodAutoscaler +# group: Advanced +# label: (Advanced) Horizontal Pod Autoscaler +# schema: +# type: list +# default: [] +# items: +# - variable: hpaEntry +# label: HPA Entry +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: name +# label: Name +# schema: +# type: string +# required: true +# default: "" +# - variable: enabled +# label: Enabled +# schema: +# type: boolean +# default: false +# show_subquestions_if: true +# subquestions: +# - variable: target +# label: Target +# description: Deployment name, Defaults to Main Deployment +# schema: +# type: string +# default: "" +# - variable: minReplicas +# label: Minimum Replicas +# schema: +# type: int +# default: 1 +# - variable: maxReplicas +# label: Maximum Replicas +# schema: +# type: int +# default: 5 +# - variable: targetCPUUtilizationPercentage +# label: Target CPU Utilization Percentage +# schema: +# type: int +# default: 80 +# - variable: targetMemoryUtilizationPercentage +# label: Target Memory Utilization Percentage +# schema: +# type: int +# default: 80 + - variable: networkPolicy + group: Advanced + label: (Advanced) Network Policy + schema: + type: list + default: [] + items: + - variable: netPolicyEntry + label: Network Policy Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: policyType + label: Policy Type + schema: + type: string + default: "" + enum: + - value: "" + description: Default + - value: ingress + description: Ingress + - value: egress + description: Egress + - value: ingress-egress + description: Ingress and Egress + - variable: egress + label: Egress + schema: + type: list + default: [] + items: + - variable: egressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: to + label: To + schema: + type: list + default: [] + items: + - variable: toEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: ingress + label: Ingress + schema: + type: list + default: [] + items: + - variable: ingressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: from + label: From + schema: + type: list + default: [] + items: + - variable: fromEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: addons + group: Addons + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: Codeserver + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: service + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: NodePort + description: Deprecated CHANGE THIS + - value: ClusterIP + description: ClusterIP + - value: LoadBalancer + description: LoadBalancer + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + default: 36107 + - variable: envList + label: Codeserver Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: netshoot + label: Netshoot + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: envList + label: Netshoot Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: vpn + label: VPN + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type + schema: + type: string + default: disabled + enum: + - value: disabled + description: disabled + - value: gluetun + description: Gluetun + - value: tailscale + description: Tailscale + - value: openvpn + description: OpenVPN (Deprecated) + - value: wireguard + description: Wireguard (Deprecated) + - variable: openvpn + label: OpenVPN Settings + schema: + additional_attrs: true + type: dict + show_if: [["type", "=", "openvpn"]] + attrs: + - variable: username + label: Authentication Username (Optional) + description: Authentication Username, Optional + schema: + type: string + default: "" + - variable: password + label: Authentication Password + description: Authentication Credentials + schema: + type: string + show_if: [["username", "!=", ""]] + default: "" + required: true + - variable: tailscale + label: Tailscale Settings + schema: + additional_attrs: true + type: dict + show_if: [["type", "=", "tailscale"]] + attrs: + - variable: authkey + label: Authentication Key + description: Provide an auth key to automatically authenticate the node as your user account. + schema: + type: string + private: true + default: "" + - variable: auth_once + label: Auth Once + description: Only attempt to log in if not already logged in. + schema: + type: boolean + default: true + - variable: accept_dns + label: Accept DNS + description: Accept DNS configuration from the admin console. + schema: + type: boolean + default: false + - variable: userspace + label: Userspace + description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device. + schema: + type: boolean + default: false + - variable: routes + label: Routes + description: Expose physical subnet routes to your entire Tailscale network. + schema: + type: string + default: "" + - variable: dest_ip + label: Destination IP + description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched. + schema: + type: string + default: "" + - variable: sock5_server + label: Sock5 Server + description: The address on which to listen for SOCKS5 proxying into the tailscale net. + schema: + type: string + default: "" + - variable: outbound_http_proxy_listen + label: Outbound HTTP Proxy Listen + description: The address on which to listen for HTTP proxying into the tailscale net. + schema: + type: string + default: "" + - variable: extra_args + label: Extra Args + description: Extra Args + schema: + type: string + default: "" + - variable: daemon_extra_args + label: Tailscale Daemon Extra Args + description: Tailscale Daemon Extra Args + schema: + type: string + default: "" + - variable: killSwitch + label: Enable Killswitch + schema: + type: boolean + show_if: [["type", "!=", "disabled"]] + default: true + - variable: excludedNetworks_IPv4 + label: Killswitch Excluded IPv4 networks + description: List of Killswitch Excluded IPv4 Addresses + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv4 + label: IPv4 Network + schema: + type: string + required: true + - variable: excludedNetworks_IPv6 + label: Killswitch Excluded IPv6 networks + description: "List of Killswitch Excluded IPv6 Addresses" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv6 + label: IPv6 Network + schema: + type: string + required: true + - variable: configFile + label: VPN Config File Location + schema: + type: string + show_if: [["type", "!=", "disabled"]] + default: "" + + - variable: envList + label: VPN Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + max_length: 10240 + - variable: docs + group: Documentation + label: Please read the documentation at https://truecharts.org + description: Please read the documentation at +
https://truecharts.org + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDocs + label: I have checked the documentation + schema: + type: boolean + default: true + - variable: donateNag + group: Documentation + label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor + description: Please consider supporting TrueCharts, see +
https://truecharts.org/sponsor + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDonate + label: I have considered donating + schema: + type: boolean + default: true + hidden: true diff --git a/stable/nextcloud/21.0.0/templates/NOTES.txt b/stable/nextcloud/21.0.0/templates/NOTES.txt new file mode 100644 index 00000000000..efcb74cb772 --- /dev/null +++ b/stable/nextcloud/21.0.0/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "tc.v1.common.lib.chart.notes" $ -}} diff --git a/stable/nextcloud/21.0.0/templates/_configmap.tpl b/stable/nextcloud/21.0.0/templates/_configmap.tpl new file mode 100644 index 00000000000..527df08a216 --- /dev/null +++ b/stable/nextcloud/21.0.0/templates/_configmap.tpl @@ -0,0 +1,412 @@ +{{/* Define the configmap */}} +{{- define "nextcloud.configmaps" -}} +{{- $fullname := (include "tc.v1.common.lib.chart.names.fullname" $) -}} +{{- $accessUrl := .Values.chartContext.APPURL -}} +{{- if or (contains "127.0.0.1" $accessUrl) (contains "localhost" $accessUrl) -}} + {{- if .Values.nextcloud.general.accessIP -}} + {{- $prot := "http" -}} + {{- $host := .Values.nextcloud.general.accessIP -}} + {{- $port := .Values.service.main.ports.main.port -}} + {{/* + Allowing here to override protocol and port + should be enough to make it work with any rev proxy + */}} + {{- $accessUrl = printf "%v://%v:%v" $prot $host $port -}} + {{- end -}} +{{- end -}} +{{- $accessHost := regexReplaceAll ".*://(.*)" $accessUrl "${1}" -}} +{{- $accessHost = regexReplaceAll "(.*):.*" $accessUrl "${1}" -}} +{{- $accessHostPort := regexReplaceAll ".*://(.*)" $accessUrl "${1}" -}} +{{- $accessProtocol := regexReplaceAll "(.*)://.*" $accessUrl "${1}" -}} +{{- $redisHost := .Values.redis.creds.plainhost | trimAll "\"" -}} +{{- $redisPass := .Values.redis.creds.redisPassword | trimAll "\"" -}} +{{- $healthHost := "kube.internal.healthcheck" -}} + +php-tune: + enabled: true + data: + zz-tune.conf: | + [www] + pm.max_children = {{ .Values.nextcloud.php.pm_max_children }} + pm.start_servers = {{ .Values.nextcloud.php.pm_start_servers }} + pm.min_spare_servers = {{ .Values.nextcloud.php.pm_min_spare_servers }} + pm.max_spare_servers = {{ .Values.nextcloud.php.pm_max_spare_servers }} + +redis-session: + enabled: true + data: + redis-session.ini: | + session.save_handler = redis + session.save_path = {{ printf "tcp://%v:6379?auth=%v" $redisHost $redisPass | quote }} + redis.session.locking_enabled = 1 + redis.session.lock_retries = -1 + redis.session.lock_wait_time = 10000 + +hpb-config: + enabled: {{ .Values.nextcloud.notify_push.enabled }} + data: + NEXTCLOUD_URL: {{ printf "http://%v:%v" $fullname .Values.service.main.ports.main.port }} + HPB_HOST: {{ $healthHost }} + CONFIG_FILE: {{ printf "%v/config.php" .Values.persistence.config.targetSelector.notify.notify.mountPath }} + METRICS_PORT: {{ .Values.service.notify.ports.metrics.port | quote }} + +clamav-config: + enabled: {{ .Values.nextcloud.clamav.enabled }} + data: + CLAMAV_NO_CLAMD: "false" + CLAMAV_NO_FRESHCLAMD: "true" + CLAMAV_NO_MILTERD: "true" + CLAMD_STARTUP_TIMEOUT: "1800" + +collabora-config: + enabled: {{ .Values.nextcloud.collabora.enabled }} + data: + aliasgroup1: {{ $accessUrl }} + server_name: {{ $accessHostPort }} + dictionaries: {{ join " " .Values.nextcloud.collabora.dictionaries }} + username: {{ .Values.nextcloud.collabora.username | quote }} + password: {{ .Values.nextcloud.collabora.password | quote }} + DONT_GEN_SSL_CERT: "true" + # mount_jail_tree is only used for local storage + # not needed for WOPI https://github.com/CollaboraOnline/online/issues/3604#issuecomment-989833814 + extra_params: | + --o:ssl.enable=false + --o:ssl.termination=true + --o:net.service_root=/collabora + --o:home_mode.enable=true + --o:welcome.enable=false + --o:logging.level=warning + --o:logging.level_startup=warning + --o:security.seccomp=true + --o:mount_jail_tree=false + --o:user_interface.mode={{ .Values.nextcloud.collabora.user_interface_mode }} + +nextcloud-config: + enabled: true + data: + {{/* Database */}} + POSTGRES_DB: {{ .Values.cnpg.main.database | quote }} + POSTGRES_USER: {{ .Values.cnpg.main.user | quote }} + POSTGRES_PASSWORD: {{ .Values.cnpg.main.creds.password | trimAll "\"" }} + POSTGRES_HOST: {{ .Values.cnpg.main.creds.host | trimAll "\"" }} + + {{/* Redis */}} + NX_REDIS_HOST: {{ $redisHost }} + NX_REDIS_PASS: {{ $redisPass }} + + {{/* Nextcloud INITIAL credentials */}} + NEXTCLOUD_ADMIN_USER: {{ .Values.nextcloud.credentials.initialAdminUser | quote }} + NEXTCLOUD_ADMIN_PASSWORD: {{ .Values.nextcloud.credentials.initialAdminPassword | quote }} + + {{/* PHP Variables */}} + PHP_MEMORY_LIMIT: {{ .Values.nextcloud.php.memory_limit | quote }} + PHP_UPLOAD_LIMIT: {{ .Values.nextcloud.php.upload_limit | quote }} + + {{/* Notify Push */}} + NX_NOTIFY_PUSH: {{ .Values.nextcloud.notify_push.enabled | quote }} + {{- if .Values.nextcloud.notify_push.enabled }} + NX_NOTIFY_PUSH_ENDPOINT: {{ $accessUrl }}/push + {{- end }} + + {{/* Previews */}} + NX_PREVIEWS: {{ .Values.nextcloud.previews.enabled | quote }} + NX_PREVIEW_PROVIDERS: {{ join " " .Values.nextcloud.previews.providers }} + NX_PREVIEW_MAX_X: {{ .Values.nextcloud.previews.max_x | quote }} + NX_PREVIEW_MAX_Y: {{ .Values.nextcloud.previews.max_y | quote }} + NX_PREVIEW_MAX_MEMORY: {{ .Values.nextcloud.previews.max_memory | quote }} + NX_PREVIEW_MAX_FILESIZE_IMAGE: {{ .Values.nextcloud.previews.max_file_size_image | quote }} + NX_JPEG_QUALITY: {{ .Values.nextcloud.previews.jpeg_quality | quote }} + NX_PREVIEW_SQUARE_SIZES: {{ .Values.nextcloud.previews.square_sizes | quote }} + NX_PREVIEW_WIDTH_SIZES: {{ .Values.nextcloud.previews.width_sizes | quote }} + NX_PREVIEW_HEIGHT_SIZES: {{ .Values.nextcloud.previews.height_sizes | quote }} + + {{/* Imaginary */}} + NX_IMAGINARY: {{ and .Values.nextcloud.previews.enabled .Values.nextcloud.previews.imaginary | quote }} + {{- if and .Values.nextcloud.previews.enabled .Values.nextcloud.previews.imaginary }} + NX_IMAGINARY_URL: {{ printf "http://%v-imaginary:%v" $fullname .Values.service.imaginary.ports.imaginary.port }} + {{- end }} + + {{/* Expirations */}} + NX_ACTIVITY_EXPIRE_DAYS: {{ .Values.nextcloud.expirations.activity_expire_days | quote }} + NX_TRASH_RETENTION: {{ .Values.nextcloud.expirations.trash_retention_obligation | quote }} + NX_VERSIONS_RETENTION: {{ .Values.nextcloud.expirations.versions_retention_obligation | quote }} + + {{/* General */}} + NX_RUN_OPTIMIZE: {{ .Values.nextcloud.general.run_optimize | quote }} + NX_DEFAULT_PHONE_REGION: {{ .Values.nextcloud.general.default_phone_region | quote }} + NEXTCLOUD_DATA_DIR: {{ .Values.persistence.data.targetSelector.main.main.mountPath }} + + {{/* Files */}} + NX_SHARED_FOLDER_NAME: {{ .Values.nextcloud.files.shared_folder_name | quote }} + NX_MAX_CHUNKSIZE: {{ .Values.nextcloud.files.max_chunk_size | mul 1 | quote }} + + {{/* Logging */}} + NX_LOG_LEVEL: {{ .Values.nextcloud.logging.log_level | quote }} + NX_LOG_FILE: {{ .Values.nextcloud.logging.log_file | quote }} + NX_LOG_FILE_AUDIT: {{ .Values.nextcloud.logging.log_audit_file | quote }} + NX_LOG_DATE_FORMAT: {{ .Values.nextcloud.logging.log_date_format | quote }} + NX_LOG_TIMEZONE: {{ .Values.TZ | quote }} + + {{/* ClamAV */}} + NX_CLAMAV: {{ .Values.nextcloud.clamav.enabled | quote }} + {{- if .Values.nextcloud.clamav.enabled }} + NX_CLAMAV_HOST: {{ printf "%v-clamav" $fullname }} + NX_CLAMAV_PORT: {{ .Values.service.clamav.ports.clamav.targetPort | quote }} + NX_CLAMAV_STREAM_MAX_LENGTH: {{ .Values.nextcloud.clamav.stream_max_length | mul 1 | quote }} + NX_CLAMAV_FILE_MAX_SIZE: {{ .Values.nextcloud.clamav.file_max_size | quote }} + NX_CLAMAV_INFECTED_ACTION: {{ .Values.nextcloud.clamav.infected_action | quote }} + {{- end }} + + {{/* Collabora */}} + NX_COLLABORA: {{ .Values.nextcloud.collabora.enabled | quote }} + {{- if .Values.nextcloud.collabora.enabled }} + NX_COLLABORA_URL: {{ printf "%v/collabora" $accessUrl | quote }} + # Ideally this would be a combo of: public ip, pod cidr, svc cidr + # But not always people have static IP. + NX_COLLABORA_ALLOWLIST: "0.0.0.0/0" + {{- end }} + + {{/* Only Office */}} + NX_ONLYOFFICE: {{ .Values.nextcloud.onlyoffice.enabled | quote }} + {{- if .Values.nextcloud.onlyoffice.enabled }} + NX_ONLYOFFICE_URL: {{ .Values.nextcloud.onlyoffice.url | quote }} + NX_ONLYOFFICE_JWT: {{ .Values.nextcloud.onlyoffice.jwt | quote }} + NX_ONLYOFFICE_JWT_HEADER: {{ .Values.nextcloud.onlyoffice.jwt_header | quote }} + {{- end }} + + {{/* URLs */}} + NX_OVERWRITE_HOST: {{ $accessHostPort }} + NX_OVERWRITE_CLI_URL: {{ $accessUrl }} + # Return the protocol part of the URL + NX_OVERWRITE_PROTOCOL: {{ $accessProtocol | lower }} + # IP (or range in this case) of the proxy(ies) + NX_TRUSTED_PROXIES: | + {{ .Values.chartContext.podCIDR }} + {{ .Values.chartContext.svcCIDR }} + # fullname-* will allow access from the + # other services in the same namespace + NX_TRUSTED_DOMAINS: | + 127.0.0.1 + localhost + {{ $fullname }} + {{ printf "%v-*" $fullname }} + {{ $healthHost }} + {{- if not (contains "127.0.0.1" $accessHost) }} + {{- $accessHost | nindent 6 }} + {{- end -}} + {{- with .Values.nextcloud.general.accessIP }} + {{- . | nindent 6 }} + {{- end }} + +# TODO: Replace locations with ingress +# like /push, /.well-known/carddav, /.well-known/caldav +# needs some work as nginx converts urls to pretty urls +# before matching them to locations, so ingress needs to +# take that into consideration. +nginx-config: + enabled: true + data: + nginx.conf: | + worker_processes auto; + + error_log /var/log/nginx/error.log warn; + # Set to /tmp so it can run as non-root + pid /tmp/nginx.pid; + + events { + worker_connections 1024; + } + + http { + # Set to /tmp so it can run as non-root + client_body_temp_path /tmp/nginx/client_temp; + proxy_temp_path /tmp/nginx/proxy_temp_path; + fastcgi_temp_path /tmp/nginx/fastcgi_temp; + uwsgi_temp_path /tmp/nginx/uwsgi_temp; + scgi_temp_path /tmp/nginx/scgi_temp; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + # Prevent nginx HTTP Server Detection + server_tokens off; + + keepalive_timeout 65; + + #gzip on; + + upstream php-handler { + server {{ printf "%v-nextcloud" $fullname }}:{{ .Values.service.nextcloud.ports.nextcloud.targetPort }}; + } + + server { + listen {{ .Values.service.main.ports.main.port }}; + absolute_redirect off; + + {{- if .Values.nextcloud.notify_push.enabled }} + # Forward Notify_Push "High Performance Backend" to it's own container + location ^~ /push/ { + # The trailing "/" is important! + proxy_pass http://{{ printf "%v-notify" $fullname }}:{{ .Values.service.notify.ports.notify.targetPort }}/; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + {{- end }} + + # HSTS settings + # WARNING: Only add the preload option once you read about + # the consequences in https://hstspreload.org/. This option + # will add the domain to a hardcoded list that is shipped + # in all major browsers and getting removed from this list + # could take several months. + #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; + + # Set max upload size + client_max_body_size {{ .Values.nextcloud.php.upload_limit | default "512M" }}; + fastcgi_buffers 64 4K; + + # Enable gzip but do not remove ETag headers + gzip on; + gzip_vary on; + gzip_comp_level 4; + gzip_min_length 256; + gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; + gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + + # Pagespeed is not supported by Nextcloud, so if your server is built + # with the `ngx_pagespeed` module, uncomment this line to disable it. + #pagespeed off; + + # HTTP response headers borrowed from Nextcloud `.htaccess` + add_header Referrer-Policy "no-referrer" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Download-Options "noopen" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "noindex, nofollow" always; + add_header X-XSS-Protection "1; mode=block" always; + + # Remove X-Powered-By, which is an information leak + fastcgi_hide_header X-Powered-By; + + # Path to the root of your installation + root {{ .Values.persistence.html.targetSelector.nginx.nginx.mountPath }}; + + # Specify how to handle directories -- specifying `/index.php$request_uri` + # here as the fallback means that Nginx always exhibits the desired behaviour + # when a client requests a path that corresponds to a directory that exists + # on the server. In particular, if that directory contains an index.php file, + # that file is correctly served; if it doesn't, then the request is passed to + # the front-end controller. This consistent behaviour means that we don't need + # to specify custom rules for certain paths (e.g. images and other assets, + # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus + # `try_files $uri $uri/ /index.php$request_uri` + # always provides the desired behaviour. + index index.php index.html /index.php$request_uri; + + # Rule borrowed from `.htaccess` to handle Microsoft DAV clients + location = / { + if ( $http_user_agent ~ ^DavClnt ) { + return 302 /remote.php/webdav/$is_args$args; + } + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Make a regex exception for `/.well-known` so that clients can still + # access it despite the existence of the regex rule + # `location ~ /(\.|autotest|...)` which would otherwise handle requests + # for `/.well-known`. + location ^~ /.well-known { + # The rules in this block are an adaptation of the rules + # in `.htaccess` that concern `/.well-known`. + + location = /.well-known/carddav { return 301 /remote.php/dav/; } + location = /.well-known/caldav { return 301 /remote.php/dav/; } + + # According to the documentation these two lines are not necessary, + # but some users are still receiving errors + location = /.well-known/webfinger { return 301 /index.php$uri; } + location = /.well-known/nodeinfo { return 301 /index.php$uri; } + + location /.well-known/acme-challenge { try_files $uri $uri/ =404; } + location /.well-known/pki-validation { try_files $uri $uri/ =404; } + + # Let Nextcloud's API for `/.well-known` URIs handle all other + # requests by passing them to the front-end controller. + return 301 /index.php$request_uri; + } + + # Rules borrowed from `.htaccess` to hide certain paths from clients + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; } + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } + + # Ensure this block, which passes PHP files to the PHP process, is above the blocks + # which handle static assets (as seen below). If this block is not declared first, + # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php` + # to the URI, resulting in a HTTP 500 error response. + location ~ \.php(?:$|/) { + # Required for legacy support + rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; + + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + set $path_info $fastcgi_path_info; + + try_files $fastcgi_script_name =404; + + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $path_info; + #fastcgi_param HTTPS on; + + fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice + fastcgi_param front_controller_active true; # Enable pretty urls + fastcgi_pass php-handler; + + fastcgi_intercept_errors on; + fastcgi_request_buffering off; + proxy_send_timeout 3600s; + proxy_read_timeout 3600s; + fastcgi_send_timeout 3600s; + fastcgi_read_timeout 3600s; + } + + location ~ \.(?:css|js|svg|gif)$ { + try_files $uri /index.php$request_uri; + expires 6M; # Cache-Control policy borrowed from `.htaccess` + access_log off; # Optional: Don't log access to assets + } + + location ~ \.woff2?$ { + try_files $uri /index.php$request_uri; + expires 7d; # Cache-Control policy borrowed from `.htaccess` + access_log off; # Optional: Don't log access to assets + } + + # Rule borrowed from `.htaccess` + location /remote { + return 301 /remote.php$request_uri; + } + + location / { + try_files $uri $uri/ /index.php$request_uri; + } + } + } +{{- end -}} diff --git a/stable/nextcloud/21.0.0/templates/_cronjobs.tpl b/stable/nextcloud/21.0.0/templates/_cronjobs.tpl new file mode 100644 index 00000000000..0fa050dba68 --- /dev/null +++ b/stable/nextcloud/21.0.0/templates/_cronjobs.tpl @@ -0,0 +1,34 @@ +{{- define "nextcloud.cronjobs" -}} +{{- range $cj := .Values.cronjobs }} + {{- $name := $cj.name | required "Nextcloud - Expected non-empty name in cronjob" -}} + {{- $schedule := $cj.schedule | required "Nextcloud - Expected non-empty schedule in cronjob" }} + +{{ $name }}: + enabled: {{ $cj.enabled | quote }} + type: CronJob + schedule: {{ $schedule | quote }} + podSpec: + restartPolicy: Never + containers: + {{ $name }}: + enabled: true + primary: true + imageSelector: image + command: + - /bin/bash + - -c + - | + {{- range $cj.cmd }} + {{- . | nindent 12 }} + {{- else -}} + {{- fail "Nextcloud - Expected non-empty cmd in cronjob" -}} + {{- end }} + probes: + liveness: + enabled: false + readiness: + enabled: false + startup: + enabled: false +{{- end }} +{{- end -}} diff --git a/stable/nextcloud/21.0.0/templates/_ingressInjector.tpl b/stable/nextcloud/21.0.0/templates/_ingressInjector.tpl new file mode 100644 index 00000000000..37919189e21 --- /dev/null +++ b/stable/nextcloud/21.0.0/templates/_ingressInjector.tpl @@ -0,0 +1,24 @@ +{{- define "nextcloud.ingressInjector" -}} + {{- if .Values.ingress.main.enabled -}} + {{- $injectPaths := list -}} + {{- if .Values.nextcloud.collabora.enabled -}} + {{- $injectPaths = mustAppend $injectPaths (include "nextcloud.collabora.ingress" $ | fromYaml) -}} + {{- end -}} + {{/* Append more paths here if needed */}} + + {{- range $host := .Values.ingress.main.hosts -}} + {{- $paths := $host.paths -}} + {{- $paths = concat $paths $injectPaths -}} + {{- $_ := set $host "paths" $paths -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{- define "nextcloud.collabora.ingress" -}} +{{- $fullname := include "tc.v1.common.lib.chart.names.fullname" . }} +path: /collabora/ +pathType: Prefix +service: + name: {{ printf "%v-collabora" $fullname }} + port: {{ .Values.service.collabora.ports.collabora.port }} +{{- end -}} diff --git a/stable/nextcloud/21.0.0/templates/_initPerms.tpl b/stable/nextcloud/21.0.0/templates/_initPerms.tpl new file mode 100644 index 00000000000..ed94790ad93 --- /dev/null +++ b/stable/nextcloud/21.0.0/templates/_initPerms.tpl @@ -0,0 +1,29 @@ +{{- define "nextcloud.init.perms" -}} +{{- $uid := .Values.securityContext.container.runAsUser -}} +{{- $gid := .Values.securityContext.container.runAsGroup -}} +{{- $path := .Values.persistence.data.targetSelector.main.main.mountPath }} +enabled: true +type: install +imageSelector: alpineImage +securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + capabilities: + disableS6Caps: true + add: + - DAC_OVERRIDE + - FOWNER + - CHOWN +command: /bin/sh +args: + - -c + - | + echo "Setting permissions to 700 on data directory [{{ $path }}] ..." + chmod 770 {{ $path }} | echo "Failed to set permissions on data directory [{{ $path }}]" + + echo "Setting ownership to {{ $uid }}:{{ $gid }} on data directory [{{ $path }}] ..." + chown {{ $uid }}:{{ $gid }} {{ $path }} | echo "Failed to set ownership on data directory [{{ $path }}]" + + echo "Finished." +{{- end -}} diff --git a/stable/nextcloud/21.0.0/templates/_validation.tpl b/stable/nextcloud/21.0.0/templates/_validation.tpl new file mode 100644 index 00000000000..5650c0f63fe --- /dev/null +++ b/stable/nextcloud/21.0.0/templates/_validation.tpl @@ -0,0 +1,42 @@ +{{- define "nextcloud.validation" -}} + + {{- if not (mustRegexMatch "^[0-9]+(M|G){1}$" .Values.nextcloud.php.memory_limit) -}} + {{- fail (printf "Nextcloud - Expected Memory Limit to be in format [1M, 1G] but got [%v]" .Values.nextcloud.php.memory_limit) -}} + {{- end -}} + + {{- if not (mustRegexMatch "^[0-9]+(M|G){1}$" .Values.nextcloud.php.upload_limit) -}} + {{- fail (printf "Nextcloud - Expected Memory Limit to be in format [1M, 1G] but got [%v]" .Values.nextcloud.php.upload_limit) -}} + {{- end -}} + + {{- if not (deepEqual .Values.nextcloud.previews.providers (uniq .Values.nextcloud.previews.providers)) -}} + {{- fail (printf "Nextcloud - Expected preview providers to be unique but got [%v]" .Values.nextcloud.previews.providers) -}} + {{- end -}} + + {{- if and .Values.nextcloud.collabora.enabled .Values.nextcloud.onlyoffice.enabled -}} + {{- fail "Nextcloud - Expected only one of [Collabora, OnlyOffice] to be enabled" -}} + {{- end -}} + + {{- if contains "$" .Values.nextcloud.collabora.password -}} + {{- fail "Nextcloud - Collabora [Password] cannot contain [$]" -}} + {{- end -}} + + {{- if .Values.nextcloud.collabora.enabled -}} + {{- if lt (len .Values.nextcloud.collabora.password) 8 -}} + {{- fail "Nextcloud - Collabora [Password] must be at least 8 characters" -}} + {{- end -}} + + {{- $collaboraUIModes := (list "default" "compact" "tabbed") -}} + {{- if not (mustHas .Values.nextcloud.collabora.interface_mode $collaboraUIModes) -}} + {{- fail (printf "Nextcloud - Expected [Interface Mode] in Collabora to be one of [%v], but got [%v]" (join "," $collaboraUIModes) .Values.nextcloud.collabora.interface_mode) -}} + {{- end -}} + + {{- if not .Values.nextcloud.collabora.dictionaries -}} + {{- fail "Nextcloud - Expected non-empty Collabora [Dictionaries]" -}} + {{- end -}} + + {{- if not (deepEqual .Values.nextcloud.collabora.dictionaries (uniq .Values.nextcloud.collabora.dictionaries)) -}} + {{- fail "Nextcloud - Collabora [Dictionaries] must be unique" -}} + {{- end -}} + {{- end -}} + +{{- end -}} diff --git a/stable/nextcloud/21.0.0/templates/_waitNextcloud.tpl b/stable/nextcloud/21.0.0/templates/_waitNextcloud.tpl new file mode 100644 index 00000000000..24946d640e8 --- /dev/null +++ b/stable/nextcloud/21.0.0/templates/_waitNextcloud.tpl @@ -0,0 +1,25 @@ +{{- define "nextcloud.wait.nextcloud" -}} +{{- $fullname := (include "tc.v1.common.lib.chart.names.fullname" $) -}} +{{- $ncURL := printf "%v-nextcloud:%v" $fullname .Values.service.nextcloud.ports.nextcloud.targetPort }} +enabled: true +type: init +imageSelector: image +securityContext: +command: /bin/sh +args: + - -c + - | + echo "Waiting Nextcloud [{{ $ncURL }}] to be ready and installed..." + until \ + REQUEST_METHOD="GET" \ + SCRIPT_NAME="status.php" \ + SCRIPT_FILENAME="status.php" \ + cgi-fcgi -bind -connect "{{ $ncURL }}" | grep -q '"installed":true'; + do + echo "Waiting Nextcloud [{{ $ncURL }}] to be ready and installed..." + sleep 3 + done + + echo "Nextcloud is ready and installed..." + echo "Starting Nginx..." +{{- end -}} diff --git a/stable/nextcloud/21.0.0/templates/common.yaml b/stable/nextcloud/21.0.0/templates/common.yaml new file mode 100644 index 00000000000..22ed3e0e564 --- /dev/null +++ b/stable/nextcloud/21.0.0/templates/common.yaml @@ -0,0 +1,68 @@ +{{/* Make sure all variables are set properly */}} +{{- include "tc.v1.common.loader.init" . -}} + +{{- include "nextcloud.validation" $ -}} + +{{/* Render configmaps for all pods */}} +{{- $configmaps := include "nextcloud.configmaps" . | fromYaml -}} +{{- if $configmaps -}} + {{- $_ := mustMergeOverwrite .Values.configmap $configmaps -}} +{{- end -}} + +{{/* Add [init perms] container to nextcloud */}} +{{- if not (get .Values.workload.main.podSpec "initContainers") -}} + {{- $_ := set .Values.workload.main.podSpec "initContainers" dict -}} +{{- end -}} + +{{- $initPerms := (include "nextcloud.init.perms" . | fromYaml) -}} +{{- $_ := set .Values.workload.main.podSpec.initContainers "init-perms" $initPerms -}} + +{{/* Add [wait nextcloud] container to nginx */}} +{{- if not (get .Values.workload.nginx.podSpec "initContainers") -}} + {{- $_ := set .Values.workload.nginx.podSpec "initContainers" dict -}} +{{- end -}} +{{- $waitNextcloud := (include "nextcloud.wait.nextcloud" . | fromYaml) -}} +{{- $_ := set .Values.workload.nginx.podSpec.initContainers "wait-nextcloud" $waitNextcloud -}} + +{{/* Disable [notify push] if requested */}} +{{- if not .Values.nextcloud.notify_push.enabled -}} + {{- $_ := set .Values.workload.notify "enabled" false -}} + {{- $_ := set .Values.service.notify "enabled" false -}} +{{- else -}} + {{/* Add [wait nextcloud] container to notify push */}} + {{- if not (get .Values.workload.notify.podSpec "initContainers") -}} + {{- $_ := set .Values.workload.notify.podSpec "initContainers" dict -}} + {{- end -}} + {{- $waitNextcloud := (include "nextcloud.wait.nextcloud" . | fromYaml) -}} + {{- $_ := set .Values.workload.notify.podSpec.initContainers "wait-nextcloud" $waitNextcloud -}} +{{- end -}} + +{{/* Disable [clamav] if requested */}} +{{- if not .Values.nextcloud.clamav.enabled -}} + {{- $_ := set .Values.workload.clamav "enabled" false -}} + {{- $_ := set .Values.service.clamav "enabled" false -}} +{{- end -}} + +{{/* Disable [previews] if requested */}} +{{- if or (not .Values.nextcloud.previews.imaginary) (not .Values.nextcloud.previews.enabled) -}} + {{- $_ := set .Values.workload.imaginary "enabled" false -}} + {{- $_ := set .Values.service.imaginary "enabled" false -}} +{{- end -}} + +{{/* Disable [collabora] if requested */}} +{{- if not .Values.nextcloud.collabora.enabled -}} + {{- $_ := set .Values.workload.collabora "enabled" false -}} + {{- $_ := set .Values.service.collabora "enabled" false -}} +{{- end -}} + +{{/* Create [cronjobs] defined */}} +{{- $cronjobs := include "nextcloud.cronjobs" . | fromYaml -}} +{{- if $cronjobs -}} + {{- $_ := mustMergeOverwrite .Values.workload $cronjobs -}} +{{- end -}} + +{{/* TODO: Do we have to cleanup when something (eg Collabora) is disabled? */}} +{{- include "nextcloud.ingressInjector" $ -}} + +{{/* Render the templates */}} +{{- include "tc.v1.common.loader.apply" . -}} diff --git a/stable/nextcloud/21.0.0/values.yaml b/stable/nextcloud/21.0.0/values.yaml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/stable/nextcloud/item.yaml b/stable/nextcloud/item.yaml new file mode 100644 index 00000000000..8ae51342531 --- /dev/null +++ b/stable/nextcloud/item.yaml @@ -0,0 +1,5 @@ +icon_url: https://truecharts.org/img/hotlink-ok/chart-icons/nextcloud.png +categories: +- cloud + +screenshots: []