2023-06-16 21:10:56 +00:00
|
|
|
image:
|
2023-11-17 17:34:02 +00:00
|
|
|
repository: tccr.io/truecharts/nextcloud-fpm
|
2023-06-16 21:10:56 +00:00
|
|
|
pullPolicy: IfNotPresent
|
2023-12-17 14:51:46 +00:00
|
|
|
tag: v28.0.0@sha256:a765a49bafef4e3e6c1f874c5ee1c4d2ce39b2bd6793b9a2e044ed75645bbc1a
|
2023-06-16 21:10:56 +00:00
|
|
|
nginxImage:
|
2023-11-18 10:48:35 +00:00
|
|
|
repository: nginxinc/nginx-unprivileged
|
2023-06-16 21:10:56 +00:00
|
|
|
pullPolicy: IfNotPresent
|
2023-12-08 18:28:12 +00:00
|
|
|
tag: 1.25.3@sha256:1d026ae92e50e76c77ca776f234f154d4a1d39e33e8f813115e53c2a9b893bc9
|
2023-06-16 21:10:56 +00:00
|
|
|
imaginaryImage:
|
|
|
|
repository: tccr.io/truecharts/nextcloud-imaginary
|
|
|
|
pullPolicy: IfNotPresent
|
2023-12-06 06:33:24 +00:00
|
|
|
tag: v20230401@sha256:6a227d1b0200d29f25028e07b8852f60e3d91a5814048933e70eccee749dc04c
|
2023-06-16 21:10:56 +00:00
|
|
|
hpbImage:
|
|
|
|
repository: tccr.io/truecharts/nextcloud-push-notify
|
|
|
|
pullPolicy: IfNotPresent
|
2023-09-29 14:42:08 +00:00
|
|
|
tag: v0.6.3@sha256:b9c35ab123354eeac3996e361f8c30b8e4de6d2ccd69e5179a7c2a101a67b46f
|
2023-06-16 21:10:56 +00:00
|
|
|
clamavImage:
|
2023-11-18 10:48:35 +00:00
|
|
|
repository: clamav/clamav
|
2023-06-16 21:10:56 +00:00
|
|
|
pullPolicy: IfNotPresent
|
2023-12-11 06:26:59 +00:00
|
|
|
tag: 1.2.1@sha256:d584c29eefc29e138eb14f243abef2f6712cffecac52194626a2b2f6bb3ec2c7
|
2023-06-18 15:15:53 +00:00
|
|
|
collaboraImage:
|
2023-11-18 10:48:35 +00:00
|
|
|
repository: collabora/code
|
2023-06-18 15:15:53 +00:00
|
|
|
pullPolicy: IfNotPresent
|
2023-12-17 13:52:46 +00:00
|
|
|
tag: 23.05.6.3.1@sha256:6d21951e6376be4a12009b5058c57f3da7df06faf05c62406030b3652a3e78f6
|
2023-06-16 21:10:56 +00:00
|
|
|
nextcloud:
|
|
|
|
# Initial Credentials
|
|
|
|
credentials:
|
|
|
|
initialAdminUser: admin
|
|
|
|
initialAdminPassword: adminpass
|
|
|
|
# General settings
|
|
|
|
general:
|
|
|
|
# Custom Nextcloud Scripts
|
|
|
|
run_optimize: true
|
|
|
|
default_phone_region: GR
|
|
|
|
# IP used for exposing nextcloud,
|
|
|
|
# often the loadbalancer IP
|
|
|
|
accessIP: ""
|
2023-10-31 22:17:46 +00:00
|
|
|
# Allows Nextcloud to connect to unsecure (http) endpoints
|
|
|
|
force_enable_allow_local_remote_servers: false
|
2023-06-16 21:10:56 +00:00
|
|
|
# File settings
|
|
|
|
files:
|
|
|
|
shared_folder_name: Shared
|
|
|
|
max_chunk_size: 10485760
|
|
|
|
# Expiration settings
|
|
|
|
expirations:
|
|
|
|
activity_expire_days: 90
|
|
|
|
trash_retention_obligation: auto
|
|
|
|
versions_retention_obligation: auto
|
|
|
|
# Previews settings
|
|
|
|
previews:
|
|
|
|
enabled: true
|
|
|
|
# It will also deploy the container
|
|
|
|
imaginary: true
|
|
|
|
cron: true
|
|
|
|
schedule: "*/30 * * * *"
|
|
|
|
max_x: 2048
|
|
|
|
max_y: 2048
|
|
|
|
max_memory: 1024
|
|
|
|
max_file_size_image: 50
|
2023-07-22 08:02:21 +00:00
|
|
|
# Setting for Imaginary
|
|
|
|
max_allowed_resolution: 18.0
|
2023-06-16 21:10:56 +00:00
|
|
|
jpeg_quality: 60
|
|
|
|
square_sizes: 32 256
|
|
|
|
width_sizes: 256 384
|
|
|
|
height_sizes: 256
|
|
|
|
# Casings are important
|
|
|
|
# https://github.com/nextcloud/server/blob/master/config/config.sample.php#L1269
|
|
|
|
# Only the last part of the provider is needed
|
|
|
|
providers:
|
|
|
|
- PNG
|
|
|
|
- JPEG
|
|
|
|
# Logging settings
|
|
|
|
logging:
|
|
|
|
log_level: 2
|
|
|
|
log_file: /var/www/html/data/logs/nextcloud.log
|
|
|
|
log_audit_file: /var/www/html/data/logs/audit.log
|
|
|
|
log_date_format: d/m/Y H:i:s
|
|
|
|
# ClamAV settings
|
|
|
|
clamav:
|
|
|
|
# It will also deploy the container
|
|
|
|
# Note that this runs as root
|
|
|
|
enabled: false
|
|
|
|
stream_max_length: 26214400
|
|
|
|
file_max_size: -1
|
|
|
|
infected_action: only_log
|
|
|
|
# Notify Push settings
|
|
|
|
notify_push:
|
|
|
|
# It will also deploy the container
|
|
|
|
enabled: true
|
|
|
|
# Collabora settings
|
|
|
|
collabora:
|
2023-06-18 15:15:53 +00:00
|
|
|
# It will also deploy the container
|
2023-06-16 21:10:56 +00:00
|
|
|
enabled: false
|
2023-06-18 15:15:53 +00:00
|
|
|
# default|compact|tabbed
|
|
|
|
interface_mode: default
|
|
|
|
username: admin
|
|
|
|
password: changeme
|
|
|
|
dictionaries:
|
|
|
|
- de_DE
|
|
|
|
- en_GB
|
|
|
|
- en_US
|
|
|
|
- el_GR
|
|
|
|
- es_ES
|
|
|
|
- fr_FR
|
|
|
|
- pt_BR
|
|
|
|
- pt_PT
|
|
|
|
- it
|
|
|
|
- nl
|
|
|
|
- ru
|
2023-06-16 21:10:56 +00:00
|
|
|
onlyoffice:
|
|
|
|
# It will not deploy the container
|
|
|
|
# Only add the OnlyOffice settings
|
|
|
|
enabled: false
|
|
|
|
url: ""
|
2023-11-18 19:37:31 +00:00
|
|
|
internal_url: ""
|
|
|
|
verify_ssl: true
|
2023-06-16 21:10:56 +00:00
|
|
|
jwt: ""
|
|
|
|
jwt_header: Authorization
|
|
|
|
# PHP settings
|
|
|
|
php:
|
|
|
|
memory_limit: 1G
|
|
|
|
upload_limit: 10G
|
|
|
|
pm_max_children: 180
|
|
|
|
pm_start_servers: 18
|
|
|
|
pm_min_spare_servers: 12
|
|
|
|
pm_max_spare_servers: 30
|
2023-08-06 12:54:05 +00:00
|
|
|
opcache:
|
|
|
|
interned_strings_buffer: 32
|
|
|
|
max_accelerated_files: 10000
|
|
|
|
memory_consumption: 128
|
|
|
|
revalidate_freq: 60
|
|
|
|
jit_buffer_size: 128
|
2023-06-16 21:10:56 +00:00
|
|
|
# Do NOT edit below this line
|
|
|
|
workload:
|
|
|
|
# Nextcloud php-fpm
|
|
|
|
main:
|
|
|
|
type: Deployment
|
|
|
|
podSpec:
|
|
|
|
containers:
|
|
|
|
main:
|
|
|
|
enabled: true
|
|
|
|
primary: true
|
|
|
|
envFrom:
|
|
|
|
- configMapRef:
|
|
|
|
name: nextcloud-config
|
|
|
|
probes:
|
|
|
|
liveness:
|
|
|
|
enabled: true
|
|
|
|
type: exec
|
|
|
|
command: /healthcheck.sh
|
|
|
|
readiness:
|
|
|
|
enabled: true
|
|
|
|
type: exec
|
|
|
|
command: /healthcheck.sh
|
|
|
|
startup:
|
|
|
|
enabled: true
|
|
|
|
type: tcp
|
|
|
|
port: "{{ .Values.service.nextcloud.ports.nextcloud.targetPort }}"
|
|
|
|
nginx:
|
|
|
|
enabled: true
|
|
|
|
type: Deployment
|
|
|
|
strategy: RollingUpdate
|
|
|
|
replicas: 1
|
|
|
|
podSpec:
|
|
|
|
containers:
|
|
|
|
nginx:
|
|
|
|
enabled: true
|
|
|
|
primary: true
|
|
|
|
imageSelector: nginxImage
|
|
|
|
probes:
|
|
|
|
readiness:
|
|
|
|
enabled: true
|
|
|
|
path: /robots.txt
|
|
|
|
port: "{{ .Values.service.main.ports.main.port }}"
|
|
|
|
httpHeaders:
|
|
|
|
Host: kube.internal.healthcheck
|
|
|
|
liveness:
|
|
|
|
enabled: true
|
|
|
|
path: /robots.txt
|
|
|
|
port: "{{ .Values.service.main.ports.main.port }}"
|
|
|
|
httpHeaders:
|
|
|
|
Host: kube.internal.healthcheck
|
|
|
|
startup:
|
|
|
|
enabled: true
|
|
|
|
type: tcp
|
|
|
|
port: "{{ .Values.service.main.ports.main.port }}"
|
|
|
|
notify:
|
|
|
|
enabled: true
|
|
|
|
type: Deployment
|
|
|
|
strategy: RollingUpdate
|
|
|
|
replicas: 1
|
|
|
|
podSpec:
|
|
|
|
containers:
|
|
|
|
notify:
|
|
|
|
primary: true
|
|
|
|
enabled: true
|
|
|
|
imageSelector: hpbImage
|
|
|
|
envFrom:
|
|
|
|
- configMapRef:
|
|
|
|
name: hpb-config
|
|
|
|
probes:
|
|
|
|
readiness:
|
|
|
|
enabled: true
|
|
|
|
path: /push/test/cookie
|
|
|
|
port: 7867
|
|
|
|
httpHeaders:
|
|
|
|
Host: kube.internal.healthcheck
|
|
|
|
liveness:
|
|
|
|
enabled: true
|
|
|
|
path: /push/test/cookie
|
|
|
|
port: 7867
|
|
|
|
httpHeaders:
|
|
|
|
Host: kube.internal.healthcheck
|
|
|
|
startup:
|
|
|
|
enabled: true
|
|
|
|
type: tcp
|
|
|
|
port: 7867
|
|
|
|
imaginary:
|
|
|
|
enabled: true
|
|
|
|
type: Deployment
|
|
|
|
strategy: RollingUpdate
|
|
|
|
replicas: 1
|
|
|
|
podSpec:
|
|
|
|
containers:
|
|
|
|
imaginary:
|
|
|
|
primary: true
|
|
|
|
enabled: true
|
|
|
|
imageSelector: imaginaryImage
|
|
|
|
command: imaginary
|
|
|
|
args:
|
|
|
|
- -p
|
|
|
|
- "{{ .Values.service.imaginary.ports.imaginary.port }}"
|
|
|
|
- -concurrency
|
|
|
|
- "10"
|
2023-07-22 08:02:21 +00:00
|
|
|
- -max-allowed-resolution
|
|
|
|
- "{{ .Values.nextcloud.previews.max_allowed_resolution }}"
|
2023-06-16 21:10:56 +00:00
|
|
|
- -enable-url-source
|
|
|
|
- -return-size
|
|
|
|
probes:
|
|
|
|
readiness:
|
|
|
|
enabled: true
|
|
|
|
path: /health
|
|
|
|
port: "{{ .Values.service.imaginary.ports.imaginary.port }}"
|
|
|
|
liveness:
|
|
|
|
enabled: true
|
|
|
|
path: /health
|
|
|
|
port: "{{ .Values.service.imaginary.ports.imaginary.port }}"
|
|
|
|
startup:
|
|
|
|
enabled: true
|
|
|
|
type: tcp
|
|
|
|
port: "{{ .Values.service.imaginary.ports.imaginary.port }}"
|
|
|
|
clamav:
|
|
|
|
enabled: true
|
|
|
|
type: Deployment
|
|
|
|
strategy: RollingUpdate
|
|
|
|
replicas: 1
|
|
|
|
podSpec:
|
|
|
|
containers:
|
|
|
|
clamav:
|
|
|
|
primary: true
|
|
|
|
enabled: true
|
|
|
|
imageSelector: clamavImage
|
|
|
|
# FIXME: https://github.com/Cisco-Talos/clamav/issues/478
|
|
|
|
securityContext:
|
|
|
|
runAsUser: 0
|
|
|
|
runAsGroup: 0
|
|
|
|
runAsNonRoot: false
|
|
|
|
readOnlyRootFilesystem: false
|
|
|
|
envFrom:
|
|
|
|
- configMapRef:
|
|
|
|
name: clamav-config
|
|
|
|
probes:
|
|
|
|
readiness:
|
|
|
|
enabled: true
|
|
|
|
type: exec
|
|
|
|
command: clamdcheck.sh
|
|
|
|
liveness:
|
|
|
|
enabled: true
|
|
|
|
type: exec
|
|
|
|
command: clamdcheck.sh
|
|
|
|
startup:
|
|
|
|
enabled: true
|
|
|
|
type: tcp
|
|
|
|
port: "{{ .Values.service.clamav.ports.clamav.targetPort }}"
|
2023-06-18 15:15:53 +00:00
|
|
|
collabora:
|
|
|
|
enabled: true
|
|
|
|
type: Deployment
|
|
|
|
strategy: RollingUpdate
|
|
|
|
replicas: 1
|
|
|
|
podSpec:
|
|
|
|
containers:
|
|
|
|
collabora:
|
|
|
|
primary: true
|
|
|
|
enabled: true
|
|
|
|
imageSelector: collaboraImage
|
|
|
|
securityContext:
|
2023-06-21 08:00:28 +00:00
|
|
|
runAsUser: 100
|
|
|
|
runAsGroup: 102
|
2023-06-18 15:15:53 +00:00
|
|
|
readOnlyRootFilesystem: false
|
2023-06-21 08:00:28 +00:00
|
|
|
allowPrivilegeEscalation: true
|
|
|
|
capabilities:
|
|
|
|
add:
|
|
|
|
- CHOWN
|
|
|
|
- FOWNER
|
|
|
|
- SYS_CHROOT
|
|
|
|
- MKNOD
|
2023-06-18 15:15:53 +00:00
|
|
|
envFrom:
|
|
|
|
- configMapRef:
|
|
|
|
name: collabora-config
|
|
|
|
probes:
|
|
|
|
readiness:
|
|
|
|
enabled: true
|
|
|
|
type: http
|
2023-06-21 08:00:28 +00:00
|
|
|
path: /collabora/
|
2023-06-18 15:15:53 +00:00
|
|
|
port: "{{ .Values.service.collabora.ports.collabora.targetPort }}"
|
|
|
|
liveness:
|
|
|
|
enabled: true
|
|
|
|
type: http
|
2023-06-21 08:00:28 +00:00
|
|
|
path: /collabora/
|
2023-06-18 15:15:53 +00:00
|
|
|
port: "{{ .Values.service.collabora.ports.collabora.targetPort }}"
|
|
|
|
startup:
|
|
|
|
enabled: true
|
|
|
|
type: tcp
|
|
|
|
port: "{{ .Values.service.collabora.ports.collabora.targetPort }}"
|
2023-06-16 21:10:56 +00:00
|
|
|
cronjobs:
|
2023-10-07 23:01:20 +00:00
|
|
|
# Don't change names, it's used in the persistence
|
2023-06-16 21:10:56 +00:00
|
|
|
- name: nextcloud-cron
|
|
|
|
enabled: true
|
|
|
|
schedule: "*/5 * * * *"
|
|
|
|
cmd:
|
|
|
|
- echo "Running [php -f /var/www/html/cron.php] ..."
|
|
|
|
- php -f /var/www/html/cron.php
|
|
|
|
- echo "Finished [php -f /var/www/html/cron.php]"
|
|
|
|
- name: preview-cron
|
|
|
|
enabled: "{{ .Values.nextcloud.previews.cron }}"
|
|
|
|
schedule: "{{ .Values.nextcloud.previews.schedule }}"
|
|
|
|
cmd:
|
|
|
|
- echo "Running [occ preview:pre-generate] ..."
|
|
|
|
- occ preview:pre-generate
|
|
|
|
- echo "Finished [occ preview:pre-generate]"
|
|
|
|
service:
|
|
|
|
# Main service links to ingress easier
|
|
|
|
# That's why the nginx is swapped with nextcloud
|
|
|
|
main:
|
|
|
|
targetSelector: nginx
|
|
|
|
ports:
|
|
|
|
main:
|
|
|
|
targetSelector: nginx
|
|
|
|
port: 8080
|
|
|
|
nextcloud:
|
|
|
|
enabled: true
|
|
|
|
targetSelector: main
|
|
|
|
ports:
|
|
|
|
nextcloud:
|
|
|
|
enabled: true
|
|
|
|
targetSelector: main
|
|
|
|
port: 9000
|
|
|
|
targetPort: 9000
|
|
|
|
notify:
|
|
|
|
enabled: true
|
|
|
|
targetSelector: notify
|
|
|
|
ports:
|
|
|
|
notify:
|
|
|
|
enabled: true
|
|
|
|
primary: true
|
|
|
|
port: 7867
|
|
|
|
targetPort: 7867
|
|
|
|
targetSelector: notify
|
|
|
|
metrics:
|
|
|
|
enabled: true
|
|
|
|
port: 7868
|
|
|
|
targetSelector: notify
|
|
|
|
imaginary:
|
|
|
|
enabled: true
|
|
|
|
targetSelector: imaginary
|
|
|
|
ports:
|
|
|
|
imaginary:
|
|
|
|
enabled: true
|
|
|
|
port: 9090
|
|
|
|
targetSelector: imaginary
|
|
|
|
clamav:
|
|
|
|
enabled: true
|
|
|
|
targetSelector: clamav
|
|
|
|
ports:
|
|
|
|
clamav:
|
|
|
|
enabled: true
|
|
|
|
port: 3310
|
|
|
|
targetPort: 3310
|
|
|
|
targetSelector: clamav
|
2023-06-18 15:15:53 +00:00
|
|
|
collabora:
|
|
|
|
enabled: true
|
|
|
|
targetSelector: collabora
|
|
|
|
ports:
|
|
|
|
collabora:
|
|
|
|
enabled: true
|
|
|
|
port: 9980
|
|
|
|
targetPort: 9980
|
|
|
|
targetSelector: collabora
|
2023-06-16 21:10:56 +00:00
|
|
|
persistence:
|
|
|
|
php-tune:
|
|
|
|
enabled: true
|
|
|
|
type: configmap
|
|
|
|
objectName: php-tune
|
|
|
|
targetSelector:
|
|
|
|
main:
|
|
|
|
main:
|
|
|
|
mountPath: /usr/local/etc/php-fpm.d/zz-tune.conf
|
|
|
|
subPath: zz-tune.conf
|
|
|
|
readOnly: true
|
|
|
|
redis-session:
|
|
|
|
enabled: true
|
|
|
|
type: configmap
|
|
|
|
objectName: redis-session
|
|
|
|
targetSelector:
|
|
|
|
main:
|
|
|
|
main:
|
|
|
|
mountPath: /usr/local/etc/php/conf.d/redis-session.ini
|
|
|
|
subPath: redis-session.ini
|
|
|
|
readOnly: true
|
2023-08-06 12:54:05 +00:00
|
|
|
opcache-recommended:
|
|
|
|
enabled: true
|
|
|
|
type: configmap
|
|
|
|
objectName: opcache
|
|
|
|
targetSelector:
|
|
|
|
main:
|
|
|
|
main:
|
|
|
|
mountPath: /usr/local/etc/php/conf.d/opcache-recommended.ini
|
|
|
|
subPath: opcache-recommended.ini
|
|
|
|
readOnly: true
|
2023-06-16 21:10:56 +00:00
|
|
|
nginx:
|
|
|
|
enabled: true
|
|
|
|
type: configmap
|
|
|
|
objectName: nginx-config
|
|
|
|
targetSelector:
|
|
|
|
nginx:
|
|
|
|
nginx:
|
|
|
|
mountPath: /etc/nginx/nginx.conf
|
|
|
|
subPath: nginx.conf
|
|
|
|
readOnly: true
|
|
|
|
nginx-temp:
|
|
|
|
enabled: true
|
|
|
|
type: emptyDir
|
|
|
|
targetSelector:
|
|
|
|
nginx:
|
|
|
|
nginx:
|
|
|
|
mountPath: /tmp/nginx
|
|
|
|
html:
|
|
|
|
enabled: true
|
|
|
|
targetSelector:
|
|
|
|
main:
|
|
|
|
main:
|
|
|
|
mountPath: /var/www/html
|
|
|
|
nextcloud-cron:
|
|
|
|
nextcloud-cron:
|
|
|
|
mountPath: /var/www/html
|
|
|
|
preview-cron:
|
|
|
|
preview-cron:
|
|
|
|
mountPath: /var/www/html
|
|
|
|
nginx:
|
|
|
|
nginx:
|
|
|
|
mountPath: /var/www/html
|
|
|
|
readOnly: true
|
|
|
|
config:
|
|
|
|
enabled: true
|
|
|
|
targetSelector:
|
|
|
|
main:
|
|
|
|
main:
|
|
|
|
mountPath: /var/www/html/config
|
|
|
|
nextcloud-cron:
|
|
|
|
nextcloud-cron:
|
|
|
|
mountPath: /var/www/html/config
|
|
|
|
preview-cron:
|
|
|
|
preview-cron:
|
|
|
|
mountPath: /var/www/html/config
|
|
|
|
notify:
|
|
|
|
notify:
|
|
|
|
mountPath: /var/www/html/config
|
|
|
|
readOnly: true
|
|
|
|
nginx:
|
|
|
|
nginx:
|
|
|
|
mountPath: /var/www/html/config
|
|
|
|
readOnly: true
|
|
|
|
data:
|
|
|
|
enabled: true
|
|
|
|
targetSelector:
|
|
|
|
main:
|
|
|
|
main:
|
|
|
|
mountPath: /var/www/html/data
|
|
|
|
init-perms:
|
|
|
|
mountPath: /var/www/html/data
|
|
|
|
nextcloud-cron:
|
|
|
|
nextcloud-cron:
|
|
|
|
mountPath: /var/www/html/data
|
|
|
|
preview-cron:
|
|
|
|
preview-cron:
|
|
|
|
mountPath: /var/www/html/data
|
|
|
|
nginx:
|
|
|
|
nginx:
|
|
|
|
mountPath: /var/www/html/data
|
|
|
|
readOnly: true
|
|
|
|
cnpg:
|
|
|
|
main:
|
|
|
|
enabled: true
|
|
|
|
user: nextcloud
|
|
|
|
database: nextcloud
|
|
|
|
redis:
|
|
|
|
enabled: true
|
|
|
|
username: default
|
|
|
|
portal:
|
|
|
|
open:
|
|
|
|
enabled: true
|
2023-11-18 10:48:35 +00:00
|
|
|
updated: true
|