diff --git a/stable/nextcloud/21.0.0/CHANGELOG.md b/stable/nextcloud/21.0.0/CHANGELOG.md
new file mode 100644
index 00000000000..d21dbbb272d
--- /dev/null
+++ b/stable/nextcloud/21.0.0/CHANGELOG.md
@@ -0,0 +1,13 @@
+**Important:**
+*for the complete changelog, please refer to the website*
+
+
+
+
+## [nextcloud-21.0.0](https://github.com/truecharts/charts/compare/nextcloud-20.1.2...nextcloud-21.0.0) (2023-06-22)
+
+### Feat
+
+- move to stable ([#9832](https://github.com/truecharts/charts/issues/9832))
+
+
\ No newline at end of file
diff --git a/stable/nextcloud/21.0.0/Chart.yaml b/stable/nextcloud/21.0.0/Chart.yaml
new file mode 100644
index 00000000000..d67d58a089c
--- /dev/null
+++ b/stable/nextcloud/21.0.0/Chart.yaml
@@ -0,0 +1,36 @@
+apiVersion: v2
+appVersion: "2.0.0"
+dependencies:
+ - name: common
+ repository: https://library-charts.truecharts.org
+ version: 12.14.1
+ - condition: redis.enabled
+ name: redis
+ repository: https://deps.truecharts.org
+ version: 6.0.48
+deprecated: false
+description: A private cloud server that puts the control and security of your own data back into your hands.
+home: https://truecharts.org/charts/incubator/nextcloud
+icon: https://truecharts.org/img/hotlink-ok/chart-icons/nextcloud.png
+keywords:
+ - nextcloud
+ - storage
+ - http
+ - web
+ - php
+kubeVersion: ">=1.16.0-0"
+maintainers:
+ - email: info@truecharts.org
+ name: TrueCharts
+ url: https://truecharts.org
+name: nextcloud
+sources:
+ - https://github.com/truecharts/charts/tree/master/charts/incubator/nextcloud
+ - https://github.com/nextcloud/docker
+ - https://github.com/nextcloud/helm
+type: application
+version: 21.0.0
+annotations:
+ truecharts.org/catagories: |
+ - cloud
+ truecharts.org/SCALE-support: "true"
diff --git a/stable/nextcloud/21.0.0/LICENSE b/stable/nextcloud/21.0.0/LICENSE
new file mode 100644
index 00000000000..33a8cbb23f0
--- /dev/null
+++ b/stable/nextcloud/21.0.0/LICENSE
@@ -0,0 +1,106 @@
+Business Source License 1.1
+
+Parameters
+
+Licensor: The TrueCharts Project, it's owner and it's contributors
+Licensed Work: The TrueCharts "Blocky" Helm Chart
+Additional Use Grant: You may use the licensed work in production, as long
+ as it is directly sourced from a TrueCharts provided
+ official repository, catalog or source. You may also make private
+ modification to the directly sourced licenced work,
+ when used in production.
+
+ The following cases are, due to their nature, also
+ defined as 'production use' and explicitly prohibited:
+ - Bundling, including or displaying the licensed work
+ with(in) another work intended for production use,
+ with the apparent intend of facilitating and/or
+ promoting production use by third parties in
+ violation of this license.
+
+Change Date: 2050-01-01
+
+Change License: 3-clause BSD license
+
+For information about alternative licensing arrangements for the Software,
+please contact: legal@truecharts.org
+
+Notice
+
+The Business Source License (this document, or the “License”) is not an Open
+Source license. However, the Licensed Work will eventually be made available
+under an Open Source License, as stated in this License.
+
+License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved.
+“Business Source License” is a trademark of MariaDB Corporation Ab.
+
+-----------------------------------------------------------------------------
+
+Business Source License 1.1
+
+Terms
+
+The Licensor hereby grants you the right to copy, modify, create derivative
+works, redistribute, and make non-production use of the Licensed Work. The
+Licensor may make an Additional Use Grant, above, permitting limited
+production use.
+
+Effective on the Change Date, or the fourth anniversary of the first publicly
+available distribution of a specific version of the Licensed Work under this
+License, whichever comes first, the Licensor hereby grants you rights under
+the terms of the Change License, and the rights granted in the paragraph
+above terminate.
+
+If your use of the Licensed Work does not comply with the requirements
+currently in effect as described in this License, you must purchase a
+commercial license from the Licensor, its affiliated entities, or authorized
+resellers, or you must refrain from using the Licensed Work.
+
+All copies of the original and modified Licensed Work, and derivative works
+of the Licensed Work, are subject to this License. This License applies
+separately for each version of the Licensed Work and the Change Date may vary
+for each version of the Licensed Work released by Licensor.
+
+You must conspicuously display this License on each original or modified copy
+of the Licensed Work. If you receive the Licensed Work in original or
+modified form from a third party, the terms and conditions set forth in this
+License apply to your use of that work.
+
+Any use of the Licensed Work in violation of this License will automatically
+terminate your rights under this License for the current and all other
+versions of the Licensed Work.
+
+This License does not grant you any right in any trademark or logo of
+Licensor or its affiliates (provided that you may use a trademark or logo of
+Licensor as expressly required by this License).
+
+TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON
+AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS,
+EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND
+TITLE.
+
+MariaDB hereby grants you permission to use this License’s text to license
+your works, and to refer to it using the trademark “Business Source License”,
+as long as you comply with the Covenants of Licensor below.
+
+Covenants of Licensor
+
+In consideration of the right to use this License’s text and the “Business
+Source License” name and trademark, Licensor covenants to MariaDB, and to all
+other recipients of the licensed work to be provided by Licensor:
+
+1. To specify as the Change License the GPL Version 2.0 or any later version,
+ or a license that is compatible with GPL Version 2.0 or a later version,
+ where “compatible” means that software provided under the Change License can
+ be included in a program with software provided under GPL Version 2.0 or a
+ later version. Licensor may specify additional Change Licenses without
+ limitation.
+
+2. To either: (a) specify an additional grant of rights to use that does not
+ impose any additional restriction on the right granted in this License, as
+ the Additional Use Grant; or (b) insert the text “None”.
+
+3. To specify a Change Date.
+
+4. Not to modify this License in any other way.
diff --git a/stable/nextcloud/21.0.0/README.md b/stable/nextcloud/21.0.0/README.md
new file mode 100644
index 00000000000..63d5d2c8fdc
--- /dev/null
+++ b/stable/nextcloud/21.0.0/README.md
@@ -0,0 +1,27 @@
+# README
+
+## General Info
+
+TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
+However only installations using the TrueNAS SCALE Apps system are supported.
+
+For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/incubator/)
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
+
+
+## Support
+
+- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE%20Apps/Important-MUST-READ).
+- See the [Website](https://truecharts.org)
+- Check our [Discord](https://discord.gg/tVsPTHWTtr)
+- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
+
+---
+
+## Sponsor TrueCharts
+
+TrueCharts can only exist due to the incredible effort of our staff.
+Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
+
+*All Rights Reserved - The TrueCharts Project*
diff --git a/stable/nextcloud/21.0.0/app-changelog.md b/stable/nextcloud/21.0.0/app-changelog.md
new file mode 100644
index 00000000000..a2b1756efad
--- /dev/null
+++ b/stable/nextcloud/21.0.0/app-changelog.md
@@ -0,0 +1,9 @@
+
+
+## [nextcloud-21.0.0](https://github.com/truecharts/charts/compare/nextcloud-20.1.2...nextcloud-21.0.0) (2023-06-22)
+
+### Feat
+
+- move to stable ([#9832](https://github.com/truecharts/charts/issues/9832))
+
+
\ No newline at end of file
diff --git a/stable/nextcloud/21.0.0/app-readme.md b/stable/nextcloud/21.0.0/app-readme.md
new file mode 100644
index 00000000000..1369f69bf57
--- /dev/null
+++ b/stable/nextcloud/21.0.0/app-readme.md
@@ -0,0 +1,8 @@
+A private cloud server that puts the control and security of your own data back into your hands.
+
+This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/stable/nextcloud](https://truecharts.org/charts/stable/nextcloud)
+
+---
+
+TrueCharts can only exist due to the incredible effort of our staff.
+Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
diff --git a/stable/nextcloud/21.0.0/charts/common-12.14.1.tgz b/stable/nextcloud/21.0.0/charts/common-12.14.1.tgz
new file mode 100644
index 00000000000..4a0cd31e1d5
Binary files /dev/null and b/stable/nextcloud/21.0.0/charts/common-12.14.1.tgz differ
diff --git a/stable/nextcloud/21.0.0/charts/redis-6.0.48.tgz b/stable/nextcloud/21.0.0/charts/redis-6.0.48.tgz
new file mode 100644
index 00000000000..e44b00ba818
Binary files /dev/null and b/stable/nextcloud/21.0.0/charts/redis-6.0.48.tgz differ
diff --git a/stable/nextcloud/21.0.0/ix_values.yaml b/stable/nextcloud/21.0.0/ix_values.yaml
new file mode 100644
index 00000000000..c08b980a662
--- /dev/null
+++ b/stable/nextcloud/21.0.0/ix_values.yaml
@@ -0,0 +1,495 @@
+image:
+ repository: tccr.io/truecharts/nextcloud-fpm
+ pullPolicy: IfNotPresent
+ tag: v2.0.0@sha256:c3ff63fa9613fbad94c7950743482c8bb2a2a659ac42b3daac8963e0bbaf5129
+nginxImage:
+ repository: tccr.io/truecharts/nginx-unprivileged
+ pullPolicy: IfNotPresent
+ tag: v1.24.0@sha256:f6386a703b6a0679b6274cc366a6efe7a06b8b5b3391353465d9d1649b4584ef
+imaginaryImage:
+ repository: tccr.io/truecharts/nextcloud-imaginary
+ pullPolicy: IfNotPresent
+ tag: v20230401@sha256:4f5e3895987a9d12336f772a64a77dd662c6c9bb2b96820b19ffbab58f3ff982
+hpbImage:
+ repository: tccr.io/truecharts/nextcloud-push-notify
+ pullPolicy: IfNotPresent
+ tag: v0.6.3@sha256:25c0a2f0c3eeb64e26be102cc3be09d8ce19b8d05397e188f73f94de8359d339
+clamavImage:
+ repository: tccr.io/truecharts/clamav
+ pullPolicy: IfNotPresent
+ tag: v1.1.0@sha256:ab196d867fcfddedc8dc965d67a2e6824ca65488cf616cc707e9c36efd54e086
+collaboraImage:
+ repository: tccr.io/truecharts/collabora
+ pullPolicy: IfNotPresent
+ tag: v23.05.0.5.1@sha256:a753bfe9d5479e992e914f5818bc96f33ff95dd3760cb10938ae2296286c416e
+
+nextcloud:
+ # Initial Credentials
+ credentials:
+ initialAdminUser: admin
+ initialAdminPassword: adminpass
+ # General settings
+ general:
+ # Custom Nextcloud Scripts
+ run_optimize: true
+ default_phone_region: GR
+ # IP used for exposing nextcloud,
+ # often the loadbalancer IP
+ accessIP: ""
+ # File settings
+ files:
+ shared_folder_name: Shared
+ max_chunk_size: 10485760
+ # Expiration settings
+ expirations:
+ activity_expire_days: 90
+ trash_retention_obligation: auto
+ versions_retention_obligation: auto
+ # Previews settings
+ previews:
+ enabled: true
+ # It will also deploy the container
+ imaginary: true
+ cron: true
+ schedule: "*/30 * * * *"
+ max_x: 2048
+ max_y: 2048
+ max_memory: 1024
+ max_file_size_image: 50
+ jpeg_quality: 60
+ square_sizes: 32 256
+ width_sizes: 256 384
+ height_sizes: 256
+ # Casings are important
+ # https://github.com/nextcloud/server/blob/master/config/config.sample.php#L1269
+ # Only the last part of the provider is needed
+ providers:
+ - PNG
+ - JPEG
+ # Logging settings
+ logging:
+ log_level: 2
+ log_file: /var/www/html/data/logs/nextcloud.log
+ log_audit_file: /var/www/html/data/logs/audit.log
+ log_date_format: d/m/Y H:i:s
+ # ClamAV settings
+ clamav:
+ # It will also deploy the container
+ # Note that this runs as root
+ enabled: false
+ stream_max_length: 26214400
+ file_max_size: -1
+ infected_action: only_log
+ # Notify Push settings
+ notify_push:
+ # It will also deploy the container
+ enabled: true
+ # Collabora settings
+ collabora:
+ # It will also deploy the container
+ enabled: false
+ # default|compact|tabbed
+ interface_mode: default
+ username: admin
+ password: changeme
+ dictionaries:
+ - de_DE
+ - en_GB
+ - en_US
+ - el_GR
+ - es_ES
+ - fr_FR
+ - pt_BR
+ - pt_PT
+ - it
+ - nl
+ - ru
+ onlyoffice:
+ # It will not deploy the container
+ # Only add the OnlyOffice settings
+ enabled: false
+ url: ""
+ jwt: ""
+ jwt_header: Authorization
+ # PHP settings
+ php:
+ memory_limit: 1G
+ upload_limit: 10G
+ pm_max_children: 180
+ pm_start_servers: 18
+ pm_min_spare_servers: 12
+ pm_max_spare_servers: 30
+
+# Do NOT edit below this line
+workload:
+ # Nextcloud php-fpm
+ main:
+ type: Deployment
+ podSpec:
+ containers:
+ main:
+ enabled: true
+ primary: true
+ envFrom:
+ - configMapRef:
+ name: nextcloud-config
+ probes:
+ liveness:
+ enabled: true
+ type: exec
+ command: /healthcheck.sh
+ readiness:
+ enabled: true
+ type: exec
+ command: /healthcheck.sh
+ startup:
+ enabled: true
+ type: tcp
+ port: "{{ .Values.service.nextcloud.ports.nextcloud.targetPort }}"
+ nginx:
+ enabled: true
+ type: Deployment
+ strategy: RollingUpdate
+ replicas: 1
+ podSpec:
+ containers:
+ nginx:
+ enabled: true
+ primary: true
+ imageSelector: nginxImage
+ probes:
+ readiness:
+ enabled: true
+ path: /robots.txt
+ port: "{{ .Values.service.main.ports.main.port }}"
+ httpHeaders:
+ Host: kube.internal.healthcheck
+ liveness:
+ enabled: true
+ path: /robots.txt
+ port: "{{ .Values.service.main.ports.main.port }}"
+ httpHeaders:
+ Host: kube.internal.healthcheck
+ startup:
+ enabled: true
+ type: tcp
+ port: "{{ .Values.service.main.ports.main.port }}"
+ notify:
+ enabled: true
+ type: Deployment
+ strategy: RollingUpdate
+ replicas: 1
+ podSpec:
+ containers:
+ notify:
+ primary: true
+ enabled: true
+ imageSelector: hpbImage
+ envFrom:
+ - configMapRef:
+ name: hpb-config
+ probes:
+ readiness:
+ enabled: true
+ path: /push/test/cookie
+ port: 7867
+ httpHeaders:
+ Host: kube.internal.healthcheck
+ liveness:
+ enabled: true
+ path: /push/test/cookie
+ port: 7867
+ httpHeaders:
+ Host: kube.internal.healthcheck
+ startup:
+ enabled: true
+ type: tcp
+ port: 7867
+ imaginary:
+ enabled: true
+ type: Deployment
+ strategy: RollingUpdate
+ replicas: 1
+ podSpec:
+ containers:
+ imaginary:
+ primary: true
+ enabled: true
+ imageSelector: imaginaryImage
+ command: imaginary
+ args:
+ - -p
+ - "{{ .Values.service.imaginary.ports.imaginary.port }}"
+ - -concurrency
+ - "10"
+ - -enable-url-source
+ - -return-size
+ probes:
+ readiness:
+ enabled: true
+ path: /health
+ port: "{{ .Values.service.imaginary.ports.imaginary.port }}"
+ liveness:
+ enabled: true
+ path: /health
+ port: "{{ .Values.service.imaginary.ports.imaginary.port }}"
+ startup:
+ enabled: true
+ type: tcp
+ port: "{{ .Values.service.imaginary.ports.imaginary.port }}"
+ clamav:
+ enabled: true
+ type: Deployment
+ strategy: RollingUpdate
+ replicas: 1
+ podSpec:
+ containers:
+ clamav:
+ primary: true
+ enabled: true
+ imageSelector: clamavImage
+ # FIXME: https://github.com/Cisco-Talos/clamav/issues/478
+ securityContext:
+ runAsUser: 0
+ runAsGroup: 0
+ runAsNonRoot: false
+ readOnlyRootFilesystem: false
+ envFrom:
+ - configMapRef:
+ name: clamav-config
+ probes:
+ readiness:
+ enabled: true
+ type: exec
+ command: clamdcheck.sh
+ liveness:
+ enabled: true
+ type: exec
+ command: clamdcheck.sh
+ startup:
+ enabled: true
+ type: tcp
+ port: "{{ .Values.service.clamav.ports.clamav.targetPort }}"
+ collabora:
+ enabled: true
+ type: Deployment
+ strategy: RollingUpdate
+ replicas: 1
+ podSpec:
+ containers:
+ collabora:
+ primary: true
+ enabled: true
+ imageSelector: collaboraImage
+ securityContext:
+ runAsUser: 100
+ runAsGroup: 102
+ readOnlyRootFilesystem: false
+ allowPrivilegeEscalation: true
+ capabilities:
+ add:
+ - CHOWN
+ - FOWNER
+ - SYS_CHROOT
+ - MKNOD
+ envFrom:
+ - configMapRef:
+ name: collabora-config
+ probes:
+ readiness:
+ enabled: true
+ type: http
+ path: /collabora/
+ port: "{{ .Values.service.collabora.ports.collabora.targetPort }}"
+ liveness:
+ enabled: true
+ type: http
+ path: /collabora/
+ port: "{{ .Values.service.collabora.ports.collabora.targetPort }}"
+ startup:
+ enabled: true
+ type: tcp
+ port: "{{ .Values.service.collabora.ports.collabora.targetPort }}"
+
+cronjobs:
+ # Don't change names, it's used in the persistence
+ - name: nextcloud-cron
+ enabled: true
+ schedule: "*/5 * * * *"
+ cmd:
+ - echo "Running [php -f /var/www/html/cron.php] ..."
+ - php -f /var/www/html/cron.php
+ - echo "Finished [php -f /var/www/html/cron.php]"
+ - name: preview-cron
+ enabled: "{{ .Values.nextcloud.previews.cron }}"
+ schedule: "{{ .Values.nextcloud.previews.schedule }}"
+ cmd:
+ - echo "Running [occ preview:pre-generate] ..."
+ - occ preview:pre-generate
+ - echo "Finished [occ preview:pre-generate]"
+
+service:
+ # Main service links to ingress easier
+ # That's why the nginx is swapped with nextcloud
+ main:
+ targetSelector: nginx
+ ports:
+ main:
+ targetSelector: nginx
+ port: 8080
+ nextcloud:
+ enabled: true
+ targetSelector: main
+ ports:
+ nextcloud:
+ enabled: true
+ targetSelector: main
+ port: 9000
+ targetPort: 9000
+ notify:
+ enabled: true
+ targetSelector: notify
+ ports:
+ notify:
+ enabled: true
+ primary: true
+ port: 7867
+ targetPort: 7867
+ targetSelector: notify
+ metrics:
+ enabled: true
+ port: 7868
+ targetSelector: notify
+ imaginary:
+ enabled: true
+ targetSelector: imaginary
+ ports:
+ imaginary:
+ enabled: true
+ port: 9090
+ targetSelector: imaginary
+ clamav:
+ enabled: true
+ targetSelector: clamav
+ ports:
+ clamav:
+ enabled: true
+ port: 3310
+ targetPort: 3310
+ targetSelector: clamav
+ collabora:
+ enabled: true
+ targetSelector: collabora
+ ports:
+ collabora:
+ enabled: true
+ port: 9980
+ targetPort: 9980
+ targetSelector: collabora
+
+persistence:
+ php-tune:
+ enabled: true
+ type: configmap
+ objectName: php-tune
+ targetSelector:
+ main:
+ main:
+ mountPath: /usr/local/etc/php-fpm.d/zz-tune.conf
+ subPath: zz-tune.conf
+ readOnly: true
+ redis-session:
+ enabled: true
+ type: configmap
+ objectName: redis-session
+ targetSelector:
+ main:
+ main:
+ mountPath: /usr/local/etc/php/conf.d/redis-session.ini
+ subPath: redis-session.ini
+ readOnly: true
+ nginx:
+ enabled: true
+ type: configmap
+ objectName: nginx-config
+ targetSelector:
+ nginx:
+ nginx:
+ mountPath: /etc/nginx/nginx.conf
+ subPath: nginx.conf
+ readOnly: true
+ nginx-temp:
+ enabled: true
+ type: emptyDir
+ targetSelector:
+ nginx:
+ nginx:
+ mountPath: /tmp/nginx
+ html:
+ enabled: true
+ targetSelector:
+ main:
+ main:
+ mountPath: /var/www/html
+ nextcloud-cron:
+ nextcloud-cron:
+ mountPath: /var/www/html
+ preview-cron:
+ preview-cron:
+ mountPath: /var/www/html
+ nginx:
+ nginx:
+ mountPath: /var/www/html
+ readOnly: true
+ config:
+ enabled: true
+ targetSelector:
+ main:
+ main:
+ mountPath: /var/www/html/config
+ nextcloud-cron:
+ nextcloud-cron:
+ mountPath: /var/www/html/config
+ preview-cron:
+ preview-cron:
+ mountPath: /var/www/html/config
+ notify:
+ notify:
+ mountPath: /var/www/html/config
+ readOnly: true
+ nginx:
+ nginx:
+ mountPath: /var/www/html/config
+ readOnly: true
+ data:
+ enabled: true
+ targetSelector:
+ main:
+ main:
+ mountPath: /var/www/html/data
+ init-perms:
+ mountPath: /var/www/html/data
+ nextcloud-cron:
+ nextcloud-cron:
+ mountPath: /var/www/html/data
+ preview-cron:
+ preview-cron:
+ mountPath: /var/www/html/data
+ nginx:
+ nginx:
+ mountPath: /var/www/html/data
+ readOnly: true
+
+cnpg:
+ main:
+ enabled: true
+ user: nextcloud
+ database: nextcloud
+
+redis:
+ enabled: true
+ username: default
+
+portal:
+ open:
+ enabled: true
diff --git a/stable/nextcloud/21.0.0/questions.yaml b/stable/nextcloud/21.0.0/questions.yaml
new file mode 100644
index 00000000000..41fdd7b4c6c
--- /dev/null
+++ b/stable/nextcloud/21.0.0/questions.yaml
@@ -0,0 +1,2636 @@
+groups:
+ - name: Container Image
+ description: Image to be used for container
+ - name: General Settings
+ description: General Deployment Settings
+ - name: Workload Settings
+ description: Workload Settings
+ - name: App Configuration
+ description: App Specific Config Options
+ - name: Networking and Services
+ description: Configure Network and Services for Container
+ - name: Storage and Persistence
+ description: Persist and Share Data that is Separate from the Container
+ - name: Ingress
+ description: Ingress Configuration
+ - name: Security and Permissions
+ description: Configure Security Context and Permissions
+ - name: Resources and Devices
+ description: "Specify Resources/Devices to be Allocated to Workload"
+ - name: Middlewares
+ description: Traefik Middlewares
+ - name: Metrics
+ description: Metrics
+ - name: Addons
+ description: Addon Configuration
+ - name: Advanced
+ description: Advanced Configuration
+ - name: Postgresql
+ description: Postgresql
+ - name: Documentation
+ description: Documentation
+portals:
+ open:
+ protocols:
+ - "$kubernetes-resource_configmap_tcportal-open_protocol"
+ host:
+ - "$kubernetes-resource_configmap_tcportal-open_host"
+ ports:
+ - "$kubernetes-resource_configmap_tcportal-open_port"
+questions:
+ - variable: global
+ group: General Settings
+ label: "Global Settings"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: stopAll
+ label: Stop All
+ description: "Stops All Running pods and hibernates cnpg"
+ schema:
+ type: boolean
+ default: false
+ - variable: workload
+ group: "Workload Settings"
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Type (Advanced)
+ schema:
+ type: string
+ default: Deployment
+ enum:
+ - value: Deployment
+ description: Deployment
+ - value: DaemonSet
+ description: DaemonSet
+ - variable: replicas
+ label: Replicas (Advanced)
+ description: Set the number of Replicas
+ schema:
+ type: int
+ show_if: [["type", "!=", "DaemonSet"]]
+ default: 1
+ - variable: podSpec
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: containers
+ label: Containers
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: Main Container
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: envList
+ label: Extra Environment Variables
+ description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..."
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: envItem
+ label: Environment Variable
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ - variable: value
+ label: Value
+ schema:
+ type: string
+ - variable: extraArgs
+ label: Extra Args
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: arg
+ label: Arg
+ schema:
+ type: string
+ - variable: advanced
+ label: Show Advanced Settings
+ description: Advanced settings are not covered by TrueCharts Support
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: command
+ label: Command
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: param
+ label: Param
+ schema:
+ type: string
+ - variable: TZ
+ label: Timezone
+ group: "General Settings"
+ schema:
+ type: string
+ default: "Etc/UTC"
+ $ref:
+ - "definitions/timezone"
+ - variable: nextcloud
+ group: App Configuration
+ label: Nextcloud
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: credentials
+ group: App Configuration
+ label: Initial Credentials
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: initialAdminUser
+ label: Initial Admin User
+ description: Sets the initial admin username
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: initialAdminPassword
+ label: Initial Admin Password
+ description: Sets the initial admin password
+ schema:
+ type: string
+ required: true
+ private: true
+ default: ""
+ - variable: general
+ group: App Configuration
+ label: General
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: run_optimize
+ label: Run Optimize Scripts
+ description: |
+ Runs the following commands at startup:
+ occ db:add-missing-indices
+ occ db:add-missing-columns
+ occ db:add-missing-primary-keys
+ yes | occ db:convert-filecache-bigint
+ occ maintenance:mimetype:update-js
+ occ maintenance:mimetype:update-db
+ occ maintenance:update:htaccess
+ schema:
+ type: boolean
+ default: false
+ - variable: default_phone_region
+ label: Default Phone Region
+ description: |
+ Sets the default phone region in ISO_3166-1 format (e.g. US).
+ https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements
+ schema:
+ type: string
+ valid_chars: '^[A-Z]{2}$'
+ required: true
+ default: ""
+ - variable: accessIP
+ label: Access IP
+ description: Set to the IP-Address used to reach Nextcloud.
+ schema:
+ type: string
+ required: true
+ $ref:
+ - "definitions/nodeIP"
+ - variable: files
+ group: App Configuration
+ label: Files Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: shared_folder_name
+ label: Shared Folder Name
+ schema:
+ type: string
+ required: true
+ default: Shared
+ - variable: max_chunk_size
+ label: Max Chunk Size
+ schema:
+ type: int
+ required: true
+ default: 10485760
+ - variable: expirations
+ group: App Configuration
+ label: Expirations Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: activity_expire_days
+ label: Activity Expire Days
+ schema:
+ type: int
+ required: true
+ default: 90
+ - variable: trash_retention_obligation
+ label: Trash Retention Obligation
+ schema:
+ type: string
+ required: true
+ default: auto
+ - variable: versions_retention_obligation
+ label: Versions Retention Obligation
+ schema:
+ type: string
+ required: true
+ default: auto
+ - variable: previews
+ group: App Configuration
+ label: Previews Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable Previews
+ schema:
+ type: boolean
+ default: true
+ show_subquestions_if: true
+ subquestions:
+ - variable: imaginary
+ label: Enable imaginary
+ description: |
+ Enable imaginary to generate previews in the background.
+ It will also deploy the needed container.
+ schema:
+ type: boolean
+ default: true
+ - variable: cron
+ label: Enable cron
+ description: |
+ Enable cron to generate previews in the background.
+ schema:
+ type: boolean
+ default: true
+ - variable: schedule
+ label: Cron Schedule
+ schema:
+ type: string
+ default: "*/30 * * * *"
+ - variable: max_x
+ label: Max X
+ schema:
+ type: int
+ required: true
+ default: 2048
+ - variable: max_y
+ label: Max Y
+ schema:
+ type: int
+ required: true
+ default: 2048
+ - variable: max_memory
+ label: Max Memory
+ schema:
+ type: int
+ required: true
+ default: 1024
+ - variable: max_file_size_image
+ label: Max File Size Image
+ schema:
+ type: int
+ required: true
+ default: 50
+ - variable: jpeg_quality
+ label: JPEG Quality
+ schema:
+ type: int
+ required: true
+ default: 60
+ - variable: square_sizes
+ label: Square Sizes
+ schema:
+ type: string
+ required: true
+ default: "32 256"
+ - variable: width_sizes
+ label: Width Sizes
+ schema:
+ type: string
+ required: true
+ default: "256 384"
+ - variable: height_sizes
+ label: Height Sizes
+ schema:
+ type: string
+ required: true
+ default: "256"
+ - variable: providers
+ label: Providers
+ schema:
+ type: list
+ empty: false
+ required: true
+ default:
+ - BMP
+ - GIF
+ - JPEG
+ - Krita
+ - MarkDown
+ - MP3
+ - OpenDocument
+ - PNG
+ - TXT
+ - XBitmap
+ items:
+ - variable: provider_entry
+ label: Provider Entry
+ schema:
+ type: string
+ required: true
+ default: ""
+ enum:
+ - value: BMP
+ description: BMP
+ - value: Font
+ description: Font
+ - value: GIF
+ description: GIF
+ - value: HEIC
+ description: HEIC
+ - value: Illustrator
+ description: Illustrator
+ - value: JPEG
+ description: JPEG
+ - value: Krita
+ description: Krita
+ - value: MarkDown
+ description: MarkDown
+ - value: Movie
+ description: Movie
+ - value: MP3
+ description: MP3
+ - value: MSOffice2003
+ description: MSOffice2003
+ - value: MSOffice2007
+ description: MSOffice2007
+ - value: MSOfficeDoc
+ description: MSOfficeDoc
+ - value: OpenDocument
+ description: OpenDocument
+ - value: PDF
+ description: PDF
+ - value: Photoshop
+ description: Photoshop
+ - value: PNG
+ description: PNG
+ - value: Postscript
+ description: Postscript
+ - value: StarOffice
+ description: StarOffice
+ - value: SVG
+ description: SVG
+ - value: TIFF
+ description: TIFF
+ - value: TXT
+ description: TXT
+ - value: XBitmap
+ description: XBitmap
+ - variable: Logging
+ group: App Configuration
+ label: Logging Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: log_level
+ label: Log Level
+ schema:
+ type: string
+ required: true
+ default: "2"
+ enum:
+ - value: "0"
+ description: Debug
+ - value: "1"
+ description: Info
+ - value: "2"
+ description: Warning
+ - value: "3"
+ description: Error
+ - value: "4"
+ description: Fatal
+ - variable: log_date_format
+ label: Log Date Format
+ schema:
+ type: string
+ required: true
+ default: d/m/Y H:i:s
+ - variable: notify_push
+ group: App Configuration
+ label: Notify Push Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable Notify Push
+ description: |
+ Enable and Configure Notify Push.
+ It will also deploy the needed container
+ schema:
+ type: boolean
+ default: true
+ - variable: clamav
+ group: App Configuration
+ label: ClamAV Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable ClamAV
+ description: |
+ Enable and configure ClamAV.
+ It will also deploy the needed container.
+ Keep in mind that this will run as root.
+ https://github.com/Cisco-Talos/clamav/issues/478
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: stream_max_length
+ label: Stream Max Length
+ schema:
+ type: int
+ required: true
+ default: 104857600
+ - variable: file_max_size
+ label: File Max Size
+ schema:
+ type: int
+ required: true
+ default: -1
+ - variable: infected_action
+ label: Infected Action
+ schema:
+ type: string
+ required: true
+ default: only_log
+ enum:
+ - value: delete
+ description: Delete
+ - value: only_log
+ description: Only Log
+ - variable: collabora
+ group: App Configuration
+ label: Collabora Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable Collabora
+ description: |
+ Enable and configure Collabora.
+ It will also deploy the needed container.
+ Keep in mind that this will run as root.
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: interface_mode
+ label: Interface Mode
+ schema:
+ type: string
+ required: true
+ default: default
+ enum:
+ - value: default
+ description: Default
+ - value: compact
+ description: Compact
+ - value: tabbed
+ description: Tabbed
+ - variable: username
+ label: Username
+ schema:
+ type: string
+ default: admin
+ required: true
+ - variable: password
+ label: Password
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: dictionaries
+ label: Dictionaries
+ schema:
+ type: list
+ empty: false
+ required: true
+ default:
+ - de_DE
+ - en_GB
+ - en_US
+ - el_GR
+ - es_ES
+ - fr_FR
+ - pt_BR
+ - pt_PT
+ - it
+ - nl
+ - ru
+ items:
+ - variable: dictionary
+ label: Dictionary
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: onlyoffice
+ group: App Configuration
+ label: Only Office Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable OnlyOffice
+ description: |
+ Enable and configure OnlyOffice.
+ This will NOT deploy the needed container.
+ You need to deploy it yourself.
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: url
+ label: URL
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: jwt
+ label: JWT
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: jwt_header
+ label: JWT Header
+ schema:
+ type: string
+ required: true
+ default: Authorization
+ - variable: php
+ group: App Configuration
+ label: PHP Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: memory_limit
+ label: Memory Limit
+ schema:
+ type: string
+ required: true
+ default: 1G
+ - variable: upload_limit
+ label: Upload Limit
+ schema:
+ type: string
+ required: true
+ default: 10G
+ - variable: pm_max_children
+ label: Max Children
+ schema:
+ type: int
+ required: true
+ default: 180
+ - variable: pm_start_servers
+ label: Start Servers
+ schema:
+ type: int
+ required: true
+ default: 18
+ - variable: pm_min_spare_servers
+ label: Minimum Spare Servers
+ schema:
+ type: int
+ required: true
+ default: 12
+ - variable: pm_max_spare_servers
+ label: Maximum Spare Servers
+ schema:
+ type: int
+ required: true
+ default: 30
+ - variable: podOptions
+ group: "General Settings"
+ label: "Global Pod Options (Advanced)"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: expertPodOpts
+ label: "Expert - Pod Options"
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: hostNetwork
+ label: "Host Networking"
+ schema:
+ type: boolean
+ default: false
+ - variable: dnsConfig
+ label: "DNS Configuration"
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: options
+ label: "Options"
+ schema:
+ type: list
+ default: [{"name": "ndots", "value": "1"}]
+ items:
+ - variable: optionsEntry
+ label: "Option Entry"
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: name
+ label: "Name"
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: "Value"
+ schema:
+ type: string
+ - variable: nameservers
+ label: "Nameservers"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: nsEntry
+ label: "Nameserver Entry"
+ schema:
+ type: string
+ required: true
+ - variable: searches
+ label: "Searches"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: searchEntry
+ label: "Search Entry"
+ schema:
+ type: string
+ required: true
+ - variable: service
+ group: Networking and Services
+ label: Configure Service(s)
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: Main Service
+ description: The Primary service on which the healthcheck runs, often the webUI
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the Service
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: type
+ label: Service Type
+ description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
+ schema:
+ type: string
+ default: LoadBalancer
+ enum:
+ - value: LoadBalancer
+ description: LoadBalancer (Expose Ports)
+ - value: ClusterIP
+ description: ClusterIP (Do Not Expose Ports)
+ - variable: loadBalancerIP
+ label: LoadBalancer IP
+ description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
+ schema:
+ show_if: [["type", "=", "LoadBalancer"]]
+ type: string
+ default: ""
+ - variable: ports
+ label: "Service's Port(s) Configuration"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: Main Service Port Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: Port
+ description: This port exposes the container port on the service
+ schema:
+ type: int
+ default: 12000
+ required: true
+ - variable: serviceexpert
+ group: Networking and Services
+ label: Show Expert Config
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: scaleExternalInterface
+ description: Add External Interfaces
+ label: Add external Interfaces
+ group: Networking
+ schema:
+ type: list
+ items:
+ - variable: interfaceConfiguration
+ description: Interface Configuration
+ label: Interface Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ $ref:
+ - "normalize/interfaceConfiguration"
+ attrs:
+ - variable: hostInterface
+ description: Please Specify Host Interface
+ label: Host Interface
+ schema:
+ type: string
+ required: true
+ $ref:
+ - "definitions/interface"
+ - variable: ipam
+ description: Define how IP Address will be managed
+ label: IP Address Management
+ schema:
+ additional_attrs: true
+ type: dict
+ required: true
+ attrs:
+ - variable: type
+ description: Specify type for IPAM
+ label: IPAM Type
+ schema:
+ type: string
+ required: true
+ enum:
+ - value: dhcp
+ description: Use DHCP
+ - value: static
+ description: Use Static IP
+ - variable: staticIPConfigurations
+ label: Static IP Addresses
+ schema:
+ type: list
+ show_if: [["type", "=", "static"]]
+ items:
+ - variable: staticIP
+ label: Static IP
+ schema:
+ type: ipaddr
+ cidr: true
+ - variable: staticRoutes
+ label: Static Routes
+ schema:
+ type: list
+ show_if: [["type", "=", "static"]]
+ items:
+ - variable: staticRouteConfiguration
+ label: Static Route Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: destination
+ label: Destination
+ schema:
+ type: ipaddr
+ cidr: true
+ required: true
+ - variable: gateway
+ label: Gateway
+ schema:
+ type: ipaddr
+ cidr: false
+ required: true
+ - variable: serviceList
+ label: Add Manual Custom Services
+ group: Networking and Services
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: serviceListEntry
+ label: Custom Service
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the service
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ - variable: type
+ label: Service Type
+ description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
+ schema:
+ type: string
+ default: LoadBalancer
+ enum:
+ - value: LoadBalancer
+ description: LoadBalancer (Expose Ports)
+ - value: ClusterIP
+ description: ClusterIP (Do Not Expose Ports)
+ - value: Simple
+ description: Deprecated CHANGE THIS
+ - variable: loadBalancerIP
+ label: LoadBalancer IP
+ description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
+ schema:
+ show_if: [["type", "=", "LoadBalancer"]]
+ type: string
+ default: ""
+ - variable: advancedsvcset
+ label: Show Advanced Service Settings
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: externalIPs
+ label: "External IP's"
+ description: "External IP's"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: externalIP
+ label: External IP
+ schema:
+ type: string
+ - variable: ipFamilyPolicy
+ label: IP Family Policy
+ description: Specify the IP Policy
+ schema:
+ type: string
+ default: SingleStack
+ enum:
+ - value: SingleStack
+ description: SingleStack
+ - value: PreferDualStack
+ description: PreferDualStack
+ - value: RequireDualStack
+ description: RequireDualStack
+ - variable: ipFamilies
+ label: IP Families
+ description: (Advanced) The IP Families that should be used
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: ipFamily
+ label: IP Family
+ schema:
+ type: string
+ - variable: portsList
+ label: Additional Service Ports
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: portsListEntry
+ label: Custom ports
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the Port
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: name
+ label: Port Name
+ schema:
+ type: string
+ default: ""
+ - variable: protocol
+ label: Port Type
+ schema:
+ type: string
+ default: tcp
+ enum:
+ - value: http
+ description: HTTP
+ - value: https
+ description: HTTPS
+ - value: tcp
+ description: TCP
+ - value: udp
+ description: UDP
+ - variable: targetPort
+ label: Target Port
+ description: This port exposes the container port on the service
+ schema:
+ type: int
+ required: true
+ - variable: port
+ label: Container Port
+ schema:
+ type: int
+ required: true
+ - variable: persistence
+ label: Integrated Persistent Storage
+ description: Integrated Persistent Storage
+ group: Storage and Persistence
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: html
+ label: App HTML Storage
+ description: Stores the Application HTML.
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Type of Storage
+ description: Sets the persistence type, Anything other than PVC could break rollback!
+ schema:
+ type: string
+ default: pvc
+ enum:
+ - value: pvc
+ description: PVC
+ - value: hostPath
+ description: Host Path
+ - value: emptyDir
+ description: emptyDir
+ - value: nfs
+ description: NFS Share
+ - variable: server
+ label: NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: path
+ label: Path on NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: setPermissions
+ label: Automatic Permissions
+ description: Automatically set permissions on install
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ hidden: true
+ type: boolean
+ default: false
+ - variable: autoPermissions
+ label: Automatic Permissions Configuration
+ description: Automatically set permissions
+ schema:
+ show_if: [["type", "!=", "pvc"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: chown
+ label: Run CHOWN
+ description: |
+ It will run CHOWN on the path with the given fsGroup
+ schema:
+ type: boolean
+ default: false
+ - variable: chmod
+ label: Run CHMOD
+ description: |
+ It will run CHMOD on the path with the given value
+ schema:
+ type: string
+ default: "775"
+ - variable: recursive
+ label: Recursive
+ description: |
+ It will run CHOWN and CHMOD recursively
+ schema:
+ type: boolean
+ default: false
+ - variable: readOnly
+ label: Read Only
+ schema:
+ type: boolean
+ default: false
+ - variable: hostPath
+ label: Host Path
+ description: Path inside the container the storage is mounted
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ type: hostpath
+ - variable: medium
+ label: EmptyDir Medium
+ schema:
+ show_if: [["type", "=", "emptyDir"]]
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: Default
+ - value: Memory
+ description: Memory
+ - variable: size
+ label: Size quotum of Storage (Do NOT REDUCE after installation)
+ description: This value can ONLY be INCREASED after the installation
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: 256Gi
+ - variable: config
+ label: App Config Storage
+ description: Stores the Application Config.
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Type of Storage
+ description: Sets the persistence type, Anything other than PVC could break rollback!
+ schema:
+ type: string
+ default: pvc
+ enum:
+ - value: pvc
+ description: PVC
+ - value: hostPath
+ description: Host Path
+ - value: emptyDir
+ description: emptyDir
+ - value: nfs
+ description: NFS Share
+ - variable: server
+ label: NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: path
+ label: Path on NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: setPermissions
+ label: Automatic Permissions
+ description: Automatically set permissions on install
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ hidden: true
+ type: boolean
+ default: false
+ - variable: autoPermissions
+ label: Automatic Permissions Configuration
+ description: Automatically set permissions
+ schema:
+ show_if: [["type", "!=", "pvc"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: chown
+ label: Run CHOWN
+ description: |
+ It will run CHOWN on the path with the given fsGroup
+ schema:
+ type: boolean
+ default: false
+ - variable: chmod
+ label: Run CHMOD
+ description: |
+ It will run CHMOD on the path with the given value
+ schema:
+ type: string
+ default: "775"
+ - variable: recursive
+ label: Recursive
+ description: |
+ It will run CHOWN and CHMOD recursively
+ schema:
+ type: boolean
+ default: false
+ - variable: readOnly
+ label: Read Only
+ schema:
+ type: boolean
+ default: false
+ - variable: hostPath
+ label: Host Path
+ description: Path inside the container the storage is mounted
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ type: hostpath
+ - variable: medium
+ label: EmptyDir Medium
+ schema:
+ show_if: [["type", "=", "emptyDir"]]
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: Default
+ - value: Memory
+ description: Memory
+ - variable: size
+ label: Size quotum of Storage (Do NOT REDUCE after installation)
+ description: This value can ONLY be INCREASED after the installation
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: 256Gi
+ - variable: data
+ label: User Data Storage
+ description: Stores the User Data.
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Type of Storage
+ description: Sets the persistence type, Anything other than PVC could break rollback!
+ schema:
+ type: string
+ default: pvc
+ enum:
+ - value: pvc
+ description: PVC
+ - value: hostPath
+ description: Host Path
+ - value: emptyDir
+ description: emptyDir
+ - value: nfs
+ description: NFS Share
+ - variable: server
+ label: NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: path
+ label: Path on NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: setPermissions
+ label: Automatic Permissions
+ description: Automatically set permissions on install
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ hidden: true
+ type: boolean
+ default: false
+ - variable: autoPermissions
+ label: Automatic Permissions Configuration
+ description: Automatically set permissions
+ schema:
+ show_if: [["type", "!=", "pvc"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: chown
+ label: Run CHOWN
+ description: |
+ It will run CHOWN on the path with the given fsGroup
+ schema:
+ type: boolean
+ default: false
+ - variable: chmod
+ label: Run CHMOD
+ description: |
+ It will run CHMOD on the path with the given value
+ schema:
+ type: string
+ default: "775"
+ - variable: recursive
+ label: Recursive
+ description: |
+ It will run CHOWN and CHMOD recursively
+ schema:
+ type: boolean
+ default: false
+ - variable: readOnly
+ label: Read Only
+ schema:
+ type: boolean
+ default: false
+ - variable: hostPath
+ label: Host Path
+ description: Path inside the container the storage is mounted
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ type: hostpath
+ - variable: medium
+ label: EmptyDir Medium
+ schema:
+ show_if: [["type", "=", "emptyDir"]]
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: Default
+ - value: Memory
+ description: Memory
+ - variable: size
+ label: Size quotum of Storage (Do NOT REDUCE after installation)
+ description: This value can ONLY be INCREASED after the installation
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: 256Gi
+ - variable: persistenceList
+ label: Additional App Storage
+ group: Storage and Persistence
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: persistenceListEntry
+ label: Custom Storage
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the storage
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: type
+ label: Type of Storage
+ description: Sets the persistence type, Anything other than PVC could break rollback!
+ schema:
+ type: string
+ default: hostPath
+ enum:
+ - value: pvc
+ description: PVC
+ - value: hostPath
+ description: Host Path
+ - value: emptyDir
+ description: emptyDir
+ - value: nfs
+ description: NFS Share
+ - variable: server
+ label: NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: path
+ label: Path on NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: setPermissions
+ label: Automatic Permissions
+ description: Automatically set permissions on install
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ type: boolean
+ default: false
+ - variable: readOnly
+ label: Read Only
+ schema:
+ type: boolean
+ default: false
+ - variable: hostPath
+ label: Host Path
+ description: Path inside the container the storage is mounted
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ type: hostpath
+ - variable: mountPath
+ label: Mount Path
+ description: Path inside the container the storage is mounted
+ schema:
+ type: string
+ default: ""
+ required: true
+ valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$'
+ - variable: medium
+ label: EmptyDir Medium
+ schema:
+ show_if: [["type", "=", "emptyDir"]]
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: Default
+ - value: Memory
+ description: Memory
+ - variable: size
+ label: Size Quotum of Storage
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: 256Gi
+ - variable: ingress
+ label: ""
+ group: Ingress
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: Main Ingress
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable Ingress
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: hosts
+ label: Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: hostEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: host
+ label: HostName
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: paths
+ label: Paths
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: pathEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: path
+ label: Path
+ schema:
+ type: string
+ required: true
+ default: "/"
+ - variable: pathType
+ label: Path Type
+ schema:
+ type: string
+ required: true
+ default: Prefix
+ - variable: certificateIssuer
+ label: Cert-Manager clusterIssuer
+ description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below'
+ schema:
+ type: string
+ default: ""
+ - variable: middlewares
+ label: Traefik Middlewares
+ description: Add previously created Traefik Middlewares to this Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: ingressList
+ label: Add Manual Custom Ingresses
+ group: Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: ingressListEntry
+ label: Custom Ingress
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable Ingress
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ - variable: ingressClassName
+ label: IngressClass Name
+ schema:
+ type: string
+ default: ""
+ - variable: hosts
+ label: Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: hostEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: host
+ label: HostName
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: paths
+ label: Paths
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: pathEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: path
+ label: Path
+ schema:
+ type: string
+ required: true
+ default: "/"
+ - variable: pathType
+ label: Path Type
+ schema:
+ type: string
+ required: true
+ default: Prefix
+ - variable: service
+ label: Linked Service
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Service Name
+ schema:
+ type: string
+ default: ""
+ - variable: port
+ label: Service Port
+ schema:
+ type: int
+ - variable: clusterIssuer
+ label: clusterIssuer
+ description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below'
+ schema:
+ type: string
+ default: ""
+ - variable: tls
+ label: TLS-Settings
+ schema:
+ type: list
+ default: []
+ show_if: [["clusterIssuer", "=", ""]]
+ items:
+ - variable: tlsEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: hosts
+ label: Certificate Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: host
+ label: Host
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: clusterIssuer
+ label: Use Cert-Manager clusterIssuer
+ description: 'add the name of your Cert-Manager clusterIssuer here for automatic tls certificates.'
+ schema:
+ type: string
+ default: ""
+ - variable: scaleCert
+ label: Use TrueNAS SCALE Certificate (Deprecated)
+ schema:
+ show_if: [["clusterIssuer", "=", ""]]
+ type: int
+ $ref:
+ - "definitions/certificate"
+ - variable: secretName
+ label: Use Custom Secret (Advanced)
+ schema:
+ type: string
+ show_if: [["clusterIssuer", "=", ""]]
+ default: ""
+ - variable: entrypoint
+ label: Traefik Entrypoint
+ description: Entrypoint used by Traefik when using Traefik as Ingress Provider
+ schema:
+ type: string
+ default: websecure
+ required: true
+ - variable: middlewares
+ label: Traefik Middlewares
+ description: Add previously created Traefik Middlewares to this Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: securityContext
+ group: Security and Permissions
+ label: Security Context
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: container
+ label: Container
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ # Settings from questions.yaml get appended here on a per-app basis
+ - variable: runAsUser
+ label: runAsUser
+ description: The UserID of the user running the application
+ schema:
+ type: int
+ default: 568
+ - variable: runAsGroup
+ label: runAsGroup
+ description: The groupID of the user running the application
+ schema:
+ type: int
+ default: 568
+ # Settings from questions.yaml get appended here on a per-app basis
+ - variable: PUID
+ label: Process User ID - PUID
+ description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps
+ schema:
+ type: int
+ show_if: [["runAsUser", "=", 0]]
+ default: 568
+ - variable: UMASK
+ label: UMASK
+ description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps
+ schema:
+ type: string
+ default: "0022"
+ - variable: advanced
+ label: Show Advanced Settings
+ description: Advanced settings are not covered by TrueCharts Support
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: privileged
+ label: "Privileged mode"
+ schema:
+ type: boolean
+ default: false
+ - variable: readOnlyRootFilesystem
+ label: "ReadOnly Root Filesystem"
+ schema:
+ type: boolean
+ default: true
+ - variable: pod
+ label: Pod
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: fsGroupChangePolicy
+ label: "When should we take ownership?"
+ schema:
+ type: string
+ default: OnRootMismatch
+ enum:
+ - value: OnRootMismatch
+ description: OnRootMismatch
+ - value: Always
+ description: Always
+ - variable: supplementalGroups
+ label: Supplemental Groups
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: supplementalGroupsEntry
+ label: Supplemental Group
+ schema:
+ type: int
+ # Settings from questions.yaml get appended here on a per-app basis
+ - variable: fsGroup
+ label: fsGroup
+ description: The group that should own ALL storage.
+ schema:
+ type: int
+ default: 568
+ - variable: resources
+ group: Resources and Devices
+ label: "Resource Limits"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: limits
+ label: Advanced Limit Resource Consumption
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: cpu
+ label: CPU
+ description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation"
+ schema:
+ type: string
+ default: 4000m
+ valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$'
+ - variable: memory
+ label: RAM
+ description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation"
+ schema:
+ type: string
+ default: 8Gi
+ valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$'
+ - variable: requests
+ label: "Minimum Resources Required (request)"
+ schema:
+ additional_attrs: true
+ type: dict
+ hidden: true
+ attrs:
+ - variable: cpu
+ label: CPU
+ description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation"
+ schema:
+ type: string
+ default: 10m
+ hidden: true
+ valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$'
+ - variable: memory
+ label: "RAM"
+ description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation"
+ schema:
+ type: string
+ default: 50Mi
+ hidden: true
+ valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$'
+ - variable: deviceList
+ label: Mount USB Devices
+ group: Resources and Devices
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: deviceListEntry
+ label: Device
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the Storage
+ schema:
+ type: boolean
+ default: true
+ - variable: type
+ label: (Advanced) Type of Storage
+ description: Sets the persistence type
+ schema:
+ type: string
+ default: device
+ hidden: true
+ - variable: readOnly
+ label: readOnly
+ schema:
+ type: boolean
+ default: false
+ - variable: hostPath
+ label: Host Device Path
+ description: Path to the device on the host system
+ schema:
+ type: path
+ - variable: mountPath
+ label: Container Device Path
+ description: Path inside the container the device is mounted
+ schema:
+ type: string
+ default: "/dev/ttyACM0"
+ - variable: scaleGPU
+ label: GPU Configuration
+ group: Resources and Devices
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: scaleGPUEntry
+ label: GPU
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ # Specify GPU configuration
+ - variable: gpu
+ label: Select GPU
+ schema:
+ additional_attrs: true
+ type: dict
+ $ref:
+ - "definitions/gpuConfiguration"
+ attrs: []
+ - variable: workaround
+ label: "Workaround"
+ schema:
+ type: string
+ default: workaround
+ hidden: true
+ - variable: metrics
+ group: Metrics
+ label: Prometheus Metrics
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: Main Metrics
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enabled
+ description: Enable Prometheus Metrics
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: prometheusRule
+ label: PrometheusRule
+ description: Enable and configure Prometheus Rules for the App.
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enabled
+ description: Enable Prometheus Metrics
+ schema:
+ type: boolean
+ default: false
+ # TODO: Rule List section
+# - variable: horizontalPodAutoscaler
+# group: Advanced
+# label: (Advanced) Horizontal Pod Autoscaler
+# schema:
+# type: list
+# default: []
+# items:
+# - variable: hpaEntry
+# label: HPA Entry
+# schema:
+# additional_attrs: true
+# type: dict
+# attrs:
+# - variable: name
+# label: Name
+# schema:
+# type: string
+# required: true
+# default: ""
+# - variable: enabled
+# label: Enabled
+# schema:
+# type: boolean
+# default: false
+# show_subquestions_if: true
+# subquestions:
+# - variable: target
+# label: Target
+# description: Deployment name, Defaults to Main Deployment
+# schema:
+# type: string
+# default: ""
+# - variable: minReplicas
+# label: Minimum Replicas
+# schema:
+# type: int
+# default: 1
+# - variable: maxReplicas
+# label: Maximum Replicas
+# schema:
+# type: int
+# default: 5
+# - variable: targetCPUUtilizationPercentage
+# label: Target CPU Utilization Percentage
+# schema:
+# type: int
+# default: 80
+# - variable: targetMemoryUtilizationPercentage
+# label: Target Memory Utilization Percentage
+# schema:
+# type: int
+# default: 80
+ - variable: networkPolicy
+ group: Advanced
+ label: (Advanced) Network Policy
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: netPolicyEntry
+ label: Network Policy Entry
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: enabled
+ label: Enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: policyType
+ label: Policy Type
+ schema:
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: Default
+ - value: ingress
+ description: Ingress
+ - value: egress
+ description: Egress
+ - value: ingress-egress
+ description: Ingress and Egress
+ - variable: egress
+ label: Egress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: egressEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: to
+ label: To
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: toEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: ipBlock
+ label: IP Block
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: cidr
+ label: CIDR
+ schema:
+ type: string
+ default: ""
+ - variable: except
+ label: Except
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: exceptint
+ label: ""
+ schema:
+ type: string
+ - variable: namespaceSelector
+ label: Namespace Selector
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: podSelector
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: ports
+ label: Ports
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: portsEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: Port
+ schema:
+ type: int
+ - variable: endPort
+ label: End Port
+ schema:
+ type: int
+ - variable: protocol
+ label: Protocol
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: TCP
+ description: TCP
+ - value: UDP
+ description: UDP
+ - value: SCTP
+ description: SCTP
+ - variable: ingress
+ label: Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: ingressEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: from
+ label: From
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: fromEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: ipBlock
+ label: IP Block
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: cidr
+ label: CIDR
+ schema:
+ type: string
+ default: ""
+ - variable: except
+ label: Except
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: exceptint
+ label: ""
+ schema:
+ type: string
+ - variable: namespaceSelector
+ label: Namespace Selector
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: podSelector
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: ports
+ label: Ports
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: portsEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: Port
+ schema:
+ type: int
+ - variable: endPort
+ label: End Port
+ schema:
+ type: int
+ - variable: protocol
+ label: Protocol
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: TCP
+ description: TCP
+ - value: UDP
+ description: UDP
+ - value: SCTP
+ description: SCTP
+ - variable: addons
+ group: Addons
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: codeserver
+ label: Codeserver
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: service
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Service Type
+ description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
+ schema:
+ type: string
+ default: LoadBalancer
+ enum:
+ - value: NodePort
+ description: Deprecated CHANGE THIS
+ - value: ClusterIP
+ description: ClusterIP
+ - value: LoadBalancer
+ description: LoadBalancer
+ - variable: loadBalancerIP
+ label: LoadBalancer IP
+ description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
+ schema:
+ show_if: [["type", "=", "LoadBalancer"]]
+ type: string
+ default: ""
+ - variable: ports
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: codeserver
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: Port
+ schema:
+ type: int
+ default: 36107
+ - variable: envList
+ label: Codeserver Environment Variables
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: envItem
+ label: Environment Variable
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: Value
+ schema:
+ type: string
+ required: true
+ - variable: netshoot
+ label: Netshoot
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: envList
+ label: Netshoot Environment Variables
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: envItem
+ label: Environment Variable
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: Value
+ schema:
+ type: string
+ required: true
+ - variable: vpn
+ label: VPN
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Type
+ schema:
+ type: string
+ default: disabled
+ enum:
+ - value: disabled
+ description: disabled
+ - value: gluetun
+ description: Gluetun
+ - value: tailscale
+ description: Tailscale
+ - value: openvpn
+ description: OpenVPN (Deprecated)
+ - value: wireguard
+ description: Wireguard (Deprecated)
+ - variable: openvpn
+ label: OpenVPN Settings
+ schema:
+ additional_attrs: true
+ type: dict
+ show_if: [["type", "=", "openvpn"]]
+ attrs:
+ - variable: username
+ label: Authentication Username (Optional)
+ description: Authentication Username, Optional
+ schema:
+ type: string
+ default: ""
+ - variable: password
+ label: Authentication Password
+ description: Authentication Credentials
+ schema:
+ type: string
+ show_if: [["username", "!=", ""]]
+ default: ""
+ required: true
+ - variable: tailscale
+ label: Tailscale Settings
+ schema:
+ additional_attrs: true
+ type: dict
+ show_if: [["type", "=", "tailscale"]]
+ attrs:
+ - variable: authkey
+ label: Authentication Key
+ description: Provide an auth key to automatically authenticate the node as your user account.
+ schema:
+ type: string
+ private: true
+ default: ""
+ - variable: auth_once
+ label: Auth Once
+ description: Only attempt to log in if not already logged in.
+ schema:
+ type: boolean
+ default: true
+ - variable: accept_dns
+ label: Accept DNS
+ description: Accept DNS configuration from the admin console.
+ schema:
+ type: boolean
+ default: false
+ - variable: userspace
+ label: Userspace
+ description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device.
+ schema:
+ type: boolean
+ default: false
+ - variable: routes
+ label: Routes
+ description: Expose physical subnet routes to your entire Tailscale network.
+ schema:
+ type: string
+ default: ""
+ - variable: dest_ip
+ label: Destination IP
+ description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched.
+ schema:
+ type: string
+ default: ""
+ - variable: sock5_server
+ label: Sock5 Server
+ description: The address on which to listen for SOCKS5 proxying into the tailscale net.
+ schema:
+ type: string
+ default: ""
+ - variable: outbound_http_proxy_listen
+ label: Outbound HTTP Proxy Listen
+ description: The address on which to listen for HTTP proxying into the tailscale net.
+ schema:
+ type: string
+ default: ""
+ - variable: extra_args
+ label: Extra Args
+ description: Extra Args
+ schema:
+ type: string
+ default: ""
+ - variable: daemon_extra_args
+ label: Tailscale Daemon Extra Args
+ description: Tailscale Daemon Extra Args
+ schema:
+ type: string
+ default: ""
+ - variable: killSwitch
+ label: Enable Killswitch
+ schema:
+ type: boolean
+ show_if: [["type", "!=", "disabled"]]
+ default: true
+ - variable: excludedNetworks_IPv4
+ label: Killswitch Excluded IPv4 networks
+ description: List of Killswitch Excluded IPv4 Addresses
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: networkv4
+ label: IPv4 Network
+ schema:
+ type: string
+ required: true
+ - variable: excludedNetworks_IPv6
+ label: Killswitch Excluded IPv6 networks
+ description: "List of Killswitch Excluded IPv6 Addresses"
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: networkv6
+ label: IPv6 Network
+ schema:
+ type: string
+ required: true
+ - variable: configFile
+ label: VPN Config File Location
+ schema:
+ type: string
+ show_if: [["type", "!=", "disabled"]]
+ default: ""
+
+ - variable: envList
+ label: VPN Environment Variables
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: envItem
+ label: Environment Variable
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: Value
+ schema:
+ type: string
+ required: true
+ max_length: 10240
+ - variable: docs
+ group: Documentation
+ label: Please read the documentation at https://truecharts.org
+ description: Please read the documentation at
+
https://truecharts.org
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: confirmDocs
+ label: I have checked the documentation
+ schema:
+ type: boolean
+ default: true
+ - variable: donateNag
+ group: Documentation
+ label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor
+ description: Please consider supporting TrueCharts, see
+
https://truecharts.org/sponsor
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: confirmDonate
+ label: I have considered donating
+ schema:
+ type: boolean
+ default: true
+ hidden: true
diff --git a/stable/nextcloud/21.0.0/templates/NOTES.txt b/stable/nextcloud/21.0.0/templates/NOTES.txt
new file mode 100644
index 00000000000..efcb74cb772
--- /dev/null
+++ b/stable/nextcloud/21.0.0/templates/NOTES.txt
@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}
diff --git a/stable/nextcloud/21.0.0/templates/_configmap.tpl b/stable/nextcloud/21.0.0/templates/_configmap.tpl
new file mode 100644
index 00000000000..527df08a216
--- /dev/null
+++ b/stable/nextcloud/21.0.0/templates/_configmap.tpl
@@ -0,0 +1,412 @@
+{{/* Define the configmap */}}
+{{- define "nextcloud.configmaps" -}}
+{{- $fullname := (include "tc.v1.common.lib.chart.names.fullname" $) -}}
+{{- $accessUrl := .Values.chartContext.APPURL -}}
+{{- if or (contains "127.0.0.1" $accessUrl) (contains "localhost" $accessUrl) -}}
+ {{- if .Values.nextcloud.general.accessIP -}}
+ {{- $prot := "http" -}}
+ {{- $host := .Values.nextcloud.general.accessIP -}}
+ {{- $port := .Values.service.main.ports.main.port -}}
+ {{/*
+ Allowing here to override protocol and port
+ should be enough to make it work with any rev proxy
+ */}}
+ {{- $accessUrl = printf "%v://%v:%v" $prot $host $port -}}
+ {{- end -}}
+{{- end -}}
+{{- $accessHost := regexReplaceAll ".*://(.*)" $accessUrl "${1}" -}}
+{{- $accessHost = regexReplaceAll "(.*):.*" $accessUrl "${1}" -}}
+{{- $accessHostPort := regexReplaceAll ".*://(.*)" $accessUrl "${1}" -}}
+{{- $accessProtocol := regexReplaceAll "(.*)://.*" $accessUrl "${1}" -}}
+{{- $redisHost := .Values.redis.creds.plainhost | trimAll "\"" -}}
+{{- $redisPass := .Values.redis.creds.redisPassword | trimAll "\"" -}}
+{{- $healthHost := "kube.internal.healthcheck" -}}
+
+php-tune:
+ enabled: true
+ data:
+ zz-tune.conf: |
+ [www]
+ pm.max_children = {{ .Values.nextcloud.php.pm_max_children }}
+ pm.start_servers = {{ .Values.nextcloud.php.pm_start_servers }}
+ pm.min_spare_servers = {{ .Values.nextcloud.php.pm_min_spare_servers }}
+ pm.max_spare_servers = {{ .Values.nextcloud.php.pm_max_spare_servers }}
+
+redis-session:
+ enabled: true
+ data:
+ redis-session.ini: |
+ session.save_handler = redis
+ session.save_path = {{ printf "tcp://%v:6379?auth=%v" $redisHost $redisPass | quote }}
+ redis.session.locking_enabled = 1
+ redis.session.lock_retries = -1
+ redis.session.lock_wait_time = 10000
+
+hpb-config:
+ enabled: {{ .Values.nextcloud.notify_push.enabled }}
+ data:
+ NEXTCLOUD_URL: {{ printf "http://%v:%v" $fullname .Values.service.main.ports.main.port }}
+ HPB_HOST: {{ $healthHost }}
+ CONFIG_FILE: {{ printf "%v/config.php" .Values.persistence.config.targetSelector.notify.notify.mountPath }}
+ METRICS_PORT: {{ .Values.service.notify.ports.metrics.port | quote }}
+
+clamav-config:
+ enabled: {{ .Values.nextcloud.clamav.enabled }}
+ data:
+ CLAMAV_NO_CLAMD: "false"
+ CLAMAV_NO_FRESHCLAMD: "true"
+ CLAMAV_NO_MILTERD: "true"
+ CLAMD_STARTUP_TIMEOUT: "1800"
+
+collabora-config:
+ enabled: {{ .Values.nextcloud.collabora.enabled }}
+ data:
+ aliasgroup1: {{ $accessUrl }}
+ server_name: {{ $accessHostPort }}
+ dictionaries: {{ join " " .Values.nextcloud.collabora.dictionaries }}
+ username: {{ .Values.nextcloud.collabora.username | quote }}
+ password: {{ .Values.nextcloud.collabora.password | quote }}
+ DONT_GEN_SSL_CERT: "true"
+ # mount_jail_tree is only used for local storage
+ # not needed for WOPI https://github.com/CollaboraOnline/online/issues/3604#issuecomment-989833814
+ extra_params: |
+ --o:ssl.enable=false
+ --o:ssl.termination=true
+ --o:net.service_root=/collabora
+ --o:home_mode.enable=true
+ --o:welcome.enable=false
+ --o:logging.level=warning
+ --o:logging.level_startup=warning
+ --o:security.seccomp=true
+ --o:mount_jail_tree=false
+ --o:user_interface.mode={{ .Values.nextcloud.collabora.user_interface_mode }}
+
+nextcloud-config:
+ enabled: true
+ data:
+ {{/* Database */}}
+ POSTGRES_DB: {{ .Values.cnpg.main.database | quote }}
+ POSTGRES_USER: {{ .Values.cnpg.main.user | quote }}
+ POSTGRES_PASSWORD: {{ .Values.cnpg.main.creds.password | trimAll "\"" }}
+ POSTGRES_HOST: {{ .Values.cnpg.main.creds.host | trimAll "\"" }}
+
+ {{/* Redis */}}
+ NX_REDIS_HOST: {{ $redisHost }}
+ NX_REDIS_PASS: {{ $redisPass }}
+
+ {{/* Nextcloud INITIAL credentials */}}
+ NEXTCLOUD_ADMIN_USER: {{ .Values.nextcloud.credentials.initialAdminUser | quote }}
+ NEXTCLOUD_ADMIN_PASSWORD: {{ .Values.nextcloud.credentials.initialAdminPassword | quote }}
+
+ {{/* PHP Variables */}}
+ PHP_MEMORY_LIMIT: {{ .Values.nextcloud.php.memory_limit | quote }}
+ PHP_UPLOAD_LIMIT: {{ .Values.nextcloud.php.upload_limit | quote }}
+
+ {{/* Notify Push */}}
+ NX_NOTIFY_PUSH: {{ .Values.nextcloud.notify_push.enabled | quote }}
+ {{- if .Values.nextcloud.notify_push.enabled }}
+ NX_NOTIFY_PUSH_ENDPOINT: {{ $accessUrl }}/push
+ {{- end }}
+
+ {{/* Previews */}}
+ NX_PREVIEWS: {{ .Values.nextcloud.previews.enabled | quote }}
+ NX_PREVIEW_PROVIDERS: {{ join " " .Values.nextcloud.previews.providers }}
+ NX_PREVIEW_MAX_X: {{ .Values.nextcloud.previews.max_x | quote }}
+ NX_PREVIEW_MAX_Y: {{ .Values.nextcloud.previews.max_y | quote }}
+ NX_PREVIEW_MAX_MEMORY: {{ .Values.nextcloud.previews.max_memory | quote }}
+ NX_PREVIEW_MAX_FILESIZE_IMAGE: {{ .Values.nextcloud.previews.max_file_size_image | quote }}
+ NX_JPEG_QUALITY: {{ .Values.nextcloud.previews.jpeg_quality | quote }}
+ NX_PREVIEW_SQUARE_SIZES: {{ .Values.nextcloud.previews.square_sizes | quote }}
+ NX_PREVIEW_WIDTH_SIZES: {{ .Values.nextcloud.previews.width_sizes | quote }}
+ NX_PREVIEW_HEIGHT_SIZES: {{ .Values.nextcloud.previews.height_sizes | quote }}
+
+ {{/* Imaginary */}}
+ NX_IMAGINARY: {{ and .Values.nextcloud.previews.enabled .Values.nextcloud.previews.imaginary | quote }}
+ {{- if and .Values.nextcloud.previews.enabled .Values.nextcloud.previews.imaginary }}
+ NX_IMAGINARY_URL: {{ printf "http://%v-imaginary:%v" $fullname .Values.service.imaginary.ports.imaginary.port }}
+ {{- end }}
+
+ {{/* Expirations */}}
+ NX_ACTIVITY_EXPIRE_DAYS: {{ .Values.nextcloud.expirations.activity_expire_days | quote }}
+ NX_TRASH_RETENTION: {{ .Values.nextcloud.expirations.trash_retention_obligation | quote }}
+ NX_VERSIONS_RETENTION: {{ .Values.nextcloud.expirations.versions_retention_obligation | quote }}
+
+ {{/* General */}}
+ NX_RUN_OPTIMIZE: {{ .Values.nextcloud.general.run_optimize | quote }}
+ NX_DEFAULT_PHONE_REGION: {{ .Values.nextcloud.general.default_phone_region | quote }}
+ NEXTCLOUD_DATA_DIR: {{ .Values.persistence.data.targetSelector.main.main.mountPath }}
+
+ {{/* Files */}}
+ NX_SHARED_FOLDER_NAME: {{ .Values.nextcloud.files.shared_folder_name | quote }}
+ NX_MAX_CHUNKSIZE: {{ .Values.nextcloud.files.max_chunk_size | mul 1 | quote }}
+
+ {{/* Logging */}}
+ NX_LOG_LEVEL: {{ .Values.nextcloud.logging.log_level | quote }}
+ NX_LOG_FILE: {{ .Values.nextcloud.logging.log_file | quote }}
+ NX_LOG_FILE_AUDIT: {{ .Values.nextcloud.logging.log_audit_file | quote }}
+ NX_LOG_DATE_FORMAT: {{ .Values.nextcloud.logging.log_date_format | quote }}
+ NX_LOG_TIMEZONE: {{ .Values.TZ | quote }}
+
+ {{/* ClamAV */}}
+ NX_CLAMAV: {{ .Values.nextcloud.clamav.enabled | quote }}
+ {{- if .Values.nextcloud.clamav.enabled }}
+ NX_CLAMAV_HOST: {{ printf "%v-clamav" $fullname }}
+ NX_CLAMAV_PORT: {{ .Values.service.clamav.ports.clamav.targetPort | quote }}
+ NX_CLAMAV_STREAM_MAX_LENGTH: {{ .Values.nextcloud.clamav.stream_max_length | mul 1 | quote }}
+ NX_CLAMAV_FILE_MAX_SIZE: {{ .Values.nextcloud.clamav.file_max_size | quote }}
+ NX_CLAMAV_INFECTED_ACTION: {{ .Values.nextcloud.clamav.infected_action | quote }}
+ {{- end }}
+
+ {{/* Collabora */}}
+ NX_COLLABORA: {{ .Values.nextcloud.collabora.enabled | quote }}
+ {{- if .Values.nextcloud.collabora.enabled }}
+ NX_COLLABORA_URL: {{ printf "%v/collabora" $accessUrl | quote }}
+ # Ideally this would be a combo of: public ip, pod cidr, svc cidr
+ # But not always people have static IP.
+ NX_COLLABORA_ALLOWLIST: "0.0.0.0/0"
+ {{- end }}
+
+ {{/* Only Office */}}
+ NX_ONLYOFFICE: {{ .Values.nextcloud.onlyoffice.enabled | quote }}
+ {{- if .Values.nextcloud.onlyoffice.enabled }}
+ NX_ONLYOFFICE_URL: {{ .Values.nextcloud.onlyoffice.url | quote }}
+ NX_ONLYOFFICE_JWT: {{ .Values.nextcloud.onlyoffice.jwt | quote }}
+ NX_ONLYOFFICE_JWT_HEADER: {{ .Values.nextcloud.onlyoffice.jwt_header | quote }}
+ {{- end }}
+
+ {{/* URLs */}}
+ NX_OVERWRITE_HOST: {{ $accessHostPort }}
+ NX_OVERWRITE_CLI_URL: {{ $accessUrl }}
+ # Return the protocol part of the URL
+ NX_OVERWRITE_PROTOCOL: {{ $accessProtocol | lower }}
+ # IP (or range in this case) of the proxy(ies)
+ NX_TRUSTED_PROXIES: |
+ {{ .Values.chartContext.podCIDR }}
+ {{ .Values.chartContext.svcCIDR }}
+ # fullname-* will allow access from the
+ # other services in the same namespace
+ NX_TRUSTED_DOMAINS: |
+ 127.0.0.1
+ localhost
+ {{ $fullname }}
+ {{ printf "%v-*" $fullname }}
+ {{ $healthHost }}
+ {{- if not (contains "127.0.0.1" $accessHost) }}
+ {{- $accessHost | nindent 6 }}
+ {{- end -}}
+ {{- with .Values.nextcloud.general.accessIP }}
+ {{- . | nindent 6 }}
+ {{- end }}
+
+# TODO: Replace locations with ingress
+# like /push, /.well-known/carddav, /.well-known/caldav
+# needs some work as nginx converts urls to pretty urls
+# before matching them to locations, so ingress needs to
+# take that into consideration.
+nginx-config:
+ enabled: true
+ data:
+ nginx.conf: |
+ worker_processes auto;
+
+ error_log /var/log/nginx/error.log warn;
+ # Set to /tmp so it can run as non-root
+ pid /tmp/nginx.pid;
+
+ events {
+ worker_connections 1024;
+ }
+
+ http {
+ # Set to /tmp so it can run as non-root
+ client_body_temp_path /tmp/nginx/client_temp;
+ proxy_temp_path /tmp/nginx/proxy_temp_path;
+ fastcgi_temp_path /tmp/nginx/fastcgi_temp;
+ uwsgi_temp_path /tmp/nginx/uwsgi_temp;
+ scgi_temp_path /tmp/nginx/scgi_temp;
+
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+
+ log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+ '$status $body_bytes_sent "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for"';
+
+ access_log /var/log/nginx/access.log main;
+
+ sendfile on;
+ #tcp_nopush on;
+
+ # Prevent nginx HTTP Server Detection
+ server_tokens off;
+
+ keepalive_timeout 65;
+
+ #gzip on;
+
+ upstream php-handler {
+ server {{ printf "%v-nextcloud" $fullname }}:{{ .Values.service.nextcloud.ports.nextcloud.targetPort }};
+ }
+
+ server {
+ listen {{ .Values.service.main.ports.main.port }};
+ absolute_redirect off;
+
+ {{- if .Values.nextcloud.notify_push.enabled }}
+ # Forward Notify_Push "High Performance Backend" to it's own container
+ location ^~ /push/ {
+ # The trailing "/" is important!
+ proxy_pass http://{{ printf "%v-notify" $fullname }}:{{ .Values.service.notify.ports.notify.targetPort }}/;
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "Upgrade";
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+ {{- end }}
+
+ # HSTS settings
+ # WARNING: Only add the preload option once you read about
+ # the consequences in https://hstspreload.org/. This option
+ # will add the domain to a hardcoded list that is shipped
+ # in all major browsers and getting removed from this list
+ # could take several months.
+ #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
+
+ # Set max upload size
+ client_max_body_size {{ .Values.nextcloud.php.upload_limit | default "512M" }};
+ fastcgi_buffers 64 4K;
+
+ # Enable gzip but do not remove ETag headers
+ gzip on;
+ gzip_vary on;
+ gzip_comp_level 4;
+ gzip_min_length 256;
+ gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
+ gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
+
+ # Pagespeed is not supported by Nextcloud, so if your server is built
+ # with the `ngx_pagespeed` module, uncomment this line to disable it.
+ #pagespeed off;
+
+ # HTTP response headers borrowed from Nextcloud `.htaccess`
+ add_header Referrer-Policy "no-referrer" always;
+ add_header X-Content-Type-Options "nosniff" always;
+ add_header X-Download-Options "noopen" always;
+ add_header X-Frame-Options "SAMEORIGIN" always;
+ add_header X-Permitted-Cross-Domain-Policies "none" always;
+ add_header X-Robots-Tag "noindex, nofollow" always;
+ add_header X-XSS-Protection "1; mode=block" always;
+
+ # Remove X-Powered-By, which is an information leak
+ fastcgi_hide_header X-Powered-By;
+
+ # Path to the root of your installation
+ root {{ .Values.persistence.html.targetSelector.nginx.nginx.mountPath }};
+
+ # Specify how to handle directories -- specifying `/index.php$request_uri`
+ # here as the fallback means that Nginx always exhibits the desired behaviour
+ # when a client requests a path that corresponds to a directory that exists
+ # on the server. In particular, if that directory contains an index.php file,
+ # that file is correctly served; if it doesn't, then the request is passed to
+ # the front-end controller. This consistent behaviour means that we don't need
+ # to specify custom rules for certain paths (e.g. images and other assets,
+ # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
+ # `try_files $uri $uri/ /index.php$request_uri`
+ # always provides the desired behaviour.
+ index index.php index.html /index.php$request_uri;
+
+ # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
+ location = / {
+ if ( $http_user_agent ~ ^DavClnt ) {
+ return 302 /remote.php/webdav/$is_args$args;
+ }
+ }
+
+ location = /robots.txt {
+ allow all;
+ log_not_found off;
+ access_log off;
+ }
+
+ # Make a regex exception for `/.well-known` so that clients can still
+ # access it despite the existence of the regex rule
+ # `location ~ /(\.|autotest|...)` which would otherwise handle requests
+ # for `/.well-known`.
+ location ^~ /.well-known {
+ # The rules in this block are an adaptation of the rules
+ # in `.htaccess` that concern `/.well-known`.
+
+ location = /.well-known/carddav { return 301 /remote.php/dav/; }
+ location = /.well-known/caldav { return 301 /remote.php/dav/; }
+
+ # According to the documentation these two lines are not necessary,
+ # but some users are still receiving errors
+ location = /.well-known/webfinger { return 301 /index.php$uri; }
+ location = /.well-known/nodeinfo { return 301 /index.php$uri; }
+
+ location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
+ location /.well-known/pki-validation { try_files $uri $uri/ =404; }
+
+ # Let Nextcloud's API for `/.well-known` URIs handle all other
+ # requests by passing them to the front-end controller.
+ return 301 /index.php$request_uri;
+ }
+
+ # Rules borrowed from `.htaccess` to hide certain paths from clients
+ location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
+ location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
+
+ # Ensure this block, which passes PHP files to the PHP process, is above the blocks
+ # which handle static assets (as seen below). If this block is not declared first,
+ # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
+ # to the URI, resulting in a HTTP 500 error response.
+ location ~ \.php(?:$|/) {
+ # Required for legacy support
+ rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
+
+ fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+ set $path_info $fastcgi_path_info;
+
+ try_files $fastcgi_script_name =404;
+
+ include fastcgi_params;
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ fastcgi_param PATH_INFO $path_info;
+ #fastcgi_param HTTPS on;
+
+ fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
+ fastcgi_param front_controller_active true; # Enable pretty urls
+ fastcgi_pass php-handler;
+
+ fastcgi_intercept_errors on;
+ fastcgi_request_buffering off;
+ proxy_send_timeout 3600s;
+ proxy_read_timeout 3600s;
+ fastcgi_send_timeout 3600s;
+ fastcgi_read_timeout 3600s;
+ }
+
+ location ~ \.(?:css|js|svg|gif)$ {
+ try_files $uri /index.php$request_uri;
+ expires 6M; # Cache-Control policy borrowed from `.htaccess`
+ access_log off; # Optional: Don't log access to assets
+ }
+
+ location ~ \.woff2?$ {
+ try_files $uri /index.php$request_uri;
+ expires 7d; # Cache-Control policy borrowed from `.htaccess`
+ access_log off; # Optional: Don't log access to assets
+ }
+
+ # Rule borrowed from `.htaccess`
+ location /remote {
+ return 301 /remote.php$request_uri;
+ }
+
+ location / {
+ try_files $uri $uri/ /index.php$request_uri;
+ }
+ }
+ }
+{{- end -}}
diff --git a/stable/nextcloud/21.0.0/templates/_cronjobs.tpl b/stable/nextcloud/21.0.0/templates/_cronjobs.tpl
new file mode 100644
index 00000000000..0fa050dba68
--- /dev/null
+++ b/stable/nextcloud/21.0.0/templates/_cronjobs.tpl
@@ -0,0 +1,34 @@
+{{- define "nextcloud.cronjobs" -}}
+{{- range $cj := .Values.cronjobs }}
+ {{- $name := $cj.name | required "Nextcloud - Expected non-empty name in cronjob" -}}
+ {{- $schedule := $cj.schedule | required "Nextcloud - Expected non-empty schedule in cronjob" }}
+
+{{ $name }}:
+ enabled: {{ $cj.enabled | quote }}
+ type: CronJob
+ schedule: {{ $schedule | quote }}
+ podSpec:
+ restartPolicy: Never
+ containers:
+ {{ $name }}:
+ enabled: true
+ primary: true
+ imageSelector: image
+ command:
+ - /bin/bash
+ - -c
+ - |
+ {{- range $cj.cmd }}
+ {{- . | nindent 12 }}
+ {{- else -}}
+ {{- fail "Nextcloud - Expected non-empty cmd in cronjob" -}}
+ {{- end }}
+ probes:
+ liveness:
+ enabled: false
+ readiness:
+ enabled: false
+ startup:
+ enabled: false
+{{- end }}
+{{- end -}}
diff --git a/stable/nextcloud/21.0.0/templates/_ingressInjector.tpl b/stable/nextcloud/21.0.0/templates/_ingressInjector.tpl
new file mode 100644
index 00000000000..37919189e21
--- /dev/null
+++ b/stable/nextcloud/21.0.0/templates/_ingressInjector.tpl
@@ -0,0 +1,24 @@
+{{- define "nextcloud.ingressInjector" -}}
+ {{- if .Values.ingress.main.enabled -}}
+ {{- $injectPaths := list -}}
+ {{- if .Values.nextcloud.collabora.enabled -}}
+ {{- $injectPaths = mustAppend $injectPaths (include "nextcloud.collabora.ingress" $ | fromYaml) -}}
+ {{- end -}}
+ {{/* Append more paths here if needed */}}
+
+ {{- range $host := .Values.ingress.main.hosts -}}
+ {{- $paths := $host.paths -}}
+ {{- $paths = concat $paths $injectPaths -}}
+ {{- $_ := set $host "paths" $paths -}}
+ {{- end -}}
+ {{- end -}}
+{{- end -}}
+
+{{- define "nextcloud.collabora.ingress" -}}
+{{- $fullname := include "tc.v1.common.lib.chart.names.fullname" . }}
+path: /collabora/
+pathType: Prefix
+service:
+ name: {{ printf "%v-collabora" $fullname }}
+ port: {{ .Values.service.collabora.ports.collabora.port }}
+{{- end -}}
diff --git a/stable/nextcloud/21.0.0/templates/_initPerms.tpl b/stable/nextcloud/21.0.0/templates/_initPerms.tpl
new file mode 100644
index 00000000000..ed94790ad93
--- /dev/null
+++ b/stable/nextcloud/21.0.0/templates/_initPerms.tpl
@@ -0,0 +1,29 @@
+{{- define "nextcloud.init.perms" -}}
+{{- $uid := .Values.securityContext.container.runAsUser -}}
+{{- $gid := .Values.securityContext.container.runAsGroup -}}
+{{- $path := .Values.persistence.data.targetSelector.main.main.mountPath }}
+enabled: true
+type: install
+imageSelector: alpineImage
+securityContext:
+ runAsUser: 0
+ runAsGroup: 0
+ runAsNonRoot: false
+ capabilities:
+ disableS6Caps: true
+ add:
+ - DAC_OVERRIDE
+ - FOWNER
+ - CHOWN
+command: /bin/sh
+args:
+ - -c
+ - |
+ echo "Setting permissions to 700 on data directory [{{ $path }}] ..."
+ chmod 770 {{ $path }} | echo "Failed to set permissions on data directory [{{ $path }}]"
+
+ echo "Setting ownership to {{ $uid }}:{{ $gid }} on data directory [{{ $path }}] ..."
+ chown {{ $uid }}:{{ $gid }} {{ $path }} | echo "Failed to set ownership on data directory [{{ $path }}]"
+
+ echo "Finished."
+{{- end -}}
diff --git a/stable/nextcloud/21.0.0/templates/_validation.tpl b/stable/nextcloud/21.0.0/templates/_validation.tpl
new file mode 100644
index 00000000000..5650c0f63fe
--- /dev/null
+++ b/stable/nextcloud/21.0.0/templates/_validation.tpl
@@ -0,0 +1,42 @@
+{{- define "nextcloud.validation" -}}
+
+ {{- if not (mustRegexMatch "^[0-9]+(M|G){1}$" .Values.nextcloud.php.memory_limit) -}}
+ {{- fail (printf "Nextcloud - Expected Memory Limit to be in format [1M, 1G] but got [%v]" .Values.nextcloud.php.memory_limit) -}}
+ {{- end -}}
+
+ {{- if not (mustRegexMatch "^[0-9]+(M|G){1}$" .Values.nextcloud.php.upload_limit) -}}
+ {{- fail (printf "Nextcloud - Expected Memory Limit to be in format [1M, 1G] but got [%v]" .Values.nextcloud.php.upload_limit) -}}
+ {{- end -}}
+
+ {{- if not (deepEqual .Values.nextcloud.previews.providers (uniq .Values.nextcloud.previews.providers)) -}}
+ {{- fail (printf "Nextcloud - Expected preview providers to be unique but got [%v]" .Values.nextcloud.previews.providers) -}}
+ {{- end -}}
+
+ {{- if and .Values.nextcloud.collabora.enabled .Values.nextcloud.onlyoffice.enabled -}}
+ {{- fail "Nextcloud - Expected only one of [Collabora, OnlyOffice] to be enabled" -}}
+ {{- end -}}
+
+ {{- if contains "$" .Values.nextcloud.collabora.password -}}
+ {{- fail "Nextcloud - Collabora [Password] cannot contain [$]" -}}
+ {{- end -}}
+
+ {{- if .Values.nextcloud.collabora.enabled -}}
+ {{- if lt (len .Values.nextcloud.collabora.password) 8 -}}
+ {{- fail "Nextcloud - Collabora [Password] must be at least 8 characters" -}}
+ {{- end -}}
+
+ {{- $collaboraUIModes := (list "default" "compact" "tabbed") -}}
+ {{- if not (mustHas .Values.nextcloud.collabora.interface_mode $collaboraUIModes) -}}
+ {{- fail (printf "Nextcloud - Expected [Interface Mode] in Collabora to be one of [%v], but got [%v]" (join "," $collaboraUIModes) .Values.nextcloud.collabora.interface_mode) -}}
+ {{- end -}}
+
+ {{- if not .Values.nextcloud.collabora.dictionaries -}}
+ {{- fail "Nextcloud - Expected non-empty Collabora [Dictionaries]" -}}
+ {{- end -}}
+
+ {{- if not (deepEqual .Values.nextcloud.collabora.dictionaries (uniq .Values.nextcloud.collabora.dictionaries)) -}}
+ {{- fail "Nextcloud - Collabora [Dictionaries] must be unique" -}}
+ {{- end -}}
+ {{- end -}}
+
+{{- end -}}
diff --git a/stable/nextcloud/21.0.0/templates/_waitNextcloud.tpl b/stable/nextcloud/21.0.0/templates/_waitNextcloud.tpl
new file mode 100644
index 00000000000..24946d640e8
--- /dev/null
+++ b/stable/nextcloud/21.0.0/templates/_waitNextcloud.tpl
@@ -0,0 +1,25 @@
+{{- define "nextcloud.wait.nextcloud" -}}
+{{- $fullname := (include "tc.v1.common.lib.chart.names.fullname" $) -}}
+{{- $ncURL := printf "%v-nextcloud:%v" $fullname .Values.service.nextcloud.ports.nextcloud.targetPort }}
+enabled: true
+type: init
+imageSelector: image
+securityContext:
+command: /bin/sh
+args:
+ - -c
+ - |
+ echo "Waiting Nextcloud [{{ $ncURL }}] to be ready and installed..."
+ until \
+ REQUEST_METHOD="GET" \
+ SCRIPT_NAME="status.php" \
+ SCRIPT_FILENAME="status.php" \
+ cgi-fcgi -bind -connect "{{ $ncURL }}" | grep -q '"installed":true';
+ do
+ echo "Waiting Nextcloud [{{ $ncURL }}] to be ready and installed..."
+ sleep 3
+ done
+
+ echo "Nextcloud is ready and installed..."
+ echo "Starting Nginx..."
+{{- end -}}
diff --git a/stable/nextcloud/21.0.0/templates/common.yaml b/stable/nextcloud/21.0.0/templates/common.yaml
new file mode 100644
index 00000000000..22ed3e0e564
--- /dev/null
+++ b/stable/nextcloud/21.0.0/templates/common.yaml
@@ -0,0 +1,68 @@
+{{/* Make sure all variables are set properly */}}
+{{- include "tc.v1.common.loader.init" . -}}
+
+{{- include "nextcloud.validation" $ -}}
+
+{{/* Render configmaps for all pods */}}
+{{- $configmaps := include "nextcloud.configmaps" . | fromYaml -}}
+{{- if $configmaps -}}
+ {{- $_ := mustMergeOverwrite .Values.configmap $configmaps -}}
+{{- end -}}
+
+{{/* Add [init perms] container to nextcloud */}}
+{{- if not (get .Values.workload.main.podSpec "initContainers") -}}
+ {{- $_ := set .Values.workload.main.podSpec "initContainers" dict -}}
+{{- end -}}
+
+{{- $initPerms := (include "nextcloud.init.perms" . | fromYaml) -}}
+{{- $_ := set .Values.workload.main.podSpec.initContainers "init-perms" $initPerms -}}
+
+{{/* Add [wait nextcloud] container to nginx */}}
+{{- if not (get .Values.workload.nginx.podSpec "initContainers") -}}
+ {{- $_ := set .Values.workload.nginx.podSpec "initContainers" dict -}}
+{{- end -}}
+{{- $waitNextcloud := (include "nextcloud.wait.nextcloud" . | fromYaml) -}}
+{{- $_ := set .Values.workload.nginx.podSpec.initContainers "wait-nextcloud" $waitNextcloud -}}
+
+{{/* Disable [notify push] if requested */}}
+{{- if not .Values.nextcloud.notify_push.enabled -}}
+ {{- $_ := set .Values.workload.notify "enabled" false -}}
+ {{- $_ := set .Values.service.notify "enabled" false -}}
+{{- else -}}
+ {{/* Add [wait nextcloud] container to notify push */}}
+ {{- if not (get .Values.workload.notify.podSpec "initContainers") -}}
+ {{- $_ := set .Values.workload.notify.podSpec "initContainers" dict -}}
+ {{- end -}}
+ {{- $waitNextcloud := (include "nextcloud.wait.nextcloud" . | fromYaml) -}}
+ {{- $_ := set .Values.workload.notify.podSpec.initContainers "wait-nextcloud" $waitNextcloud -}}
+{{- end -}}
+
+{{/* Disable [clamav] if requested */}}
+{{- if not .Values.nextcloud.clamav.enabled -}}
+ {{- $_ := set .Values.workload.clamav "enabled" false -}}
+ {{- $_ := set .Values.service.clamav "enabled" false -}}
+{{- end -}}
+
+{{/* Disable [previews] if requested */}}
+{{- if or (not .Values.nextcloud.previews.imaginary) (not .Values.nextcloud.previews.enabled) -}}
+ {{- $_ := set .Values.workload.imaginary "enabled" false -}}
+ {{- $_ := set .Values.service.imaginary "enabled" false -}}
+{{- end -}}
+
+{{/* Disable [collabora] if requested */}}
+{{- if not .Values.nextcloud.collabora.enabled -}}
+ {{- $_ := set .Values.workload.collabora "enabled" false -}}
+ {{- $_ := set .Values.service.collabora "enabled" false -}}
+{{- end -}}
+
+{{/* Create [cronjobs] defined */}}
+{{- $cronjobs := include "nextcloud.cronjobs" . | fromYaml -}}
+{{- if $cronjobs -}}
+ {{- $_ := mustMergeOverwrite .Values.workload $cronjobs -}}
+{{- end -}}
+
+{{/* TODO: Do we have to cleanup when something (eg Collabora) is disabled? */}}
+{{- include "nextcloud.ingressInjector" $ -}}
+
+{{/* Render the templates */}}
+{{- include "tc.v1.common.loader.apply" . -}}
diff --git a/stable/nextcloud/21.0.0/values.yaml b/stable/nextcloud/21.0.0/values.yaml
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/stable/nextcloud/item.yaml b/stable/nextcloud/item.yaml
new file mode 100644
index 00000000000..8ae51342531
--- /dev/null
+++ b/stable/nextcloud/item.yaml
@@ -0,0 +1,5 @@
+icon_url: https://truecharts.org/img/hotlink-ok/chart-icons/nextcloud.png
+categories:
+- cloud
+
+screenshots: []