truecharts.local
/
catalog
mirror of https://github.com/truecharts/catalog.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Commit new Chart releases for TrueCharts 

Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
This commit is contained in:
TrueCharts-Bot 2023-12-20 15:32:19 +00:00
parent c1663caf86
commit 95b199fa46
47 changed files with 14188 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
stable/authentik/16.0.0/CHANGELOG.md Normal file
View File

@ -0,0 +1,99 @@
**Important:**
*for the complete changelog, please refer to the website*
## [authentik-16.0.0](https://github.com/truecharts/charts/compare/authentik-15.0.27...authentik-16.0.0) (2023-12-20)
## [authentik-15.0.27](https://github.com/truecharts/charts/compare/authentik-15.0.26...authentik-15.0.27) (2023-12-20)
### Chore
- Bump everything to force min/max scale version update
## [authentik-15.0.26](https://github.com/truecharts/charts/compare/authentik-15.0.25...authentik-15.0.26) (2023-12-16)
### Chore
- update helm general non-major ([#14784](https://github.com/truecharts/charts/issues/14784))
## [authentik-15.0.26](https://github.com/truecharts/charts/compare/authentik-15.0.25...authentik-15.0.26) (2023-12-16)
### Chore
- update helm general non-major ([#14784](https://github.com/truecharts/charts/issues/14784))
## [authentik-15.0.25](https://github.com/truecharts/charts/compare/authentik-15.0.24...authentik-15.0.25) (2023-12-03)
### Chore
- bump everything to ensure catalog has latest versions
- fix annotations again
- update annotations
- cleanup chart.yaml and add min-max scale version
## [authentik-15.0.24](https://github.com/truecharts/charts/compare/authentik-15.0.20...authentik-15.0.24) (2023-11-24)
### Chore
- update authentik to v2023.10.4[@e16028e](https://github.com/e16028e) (patch) ([#15260](https://github.com/truecharts/charts/issues/15260))
## [authentik-15.0.20](https://github.com/truecharts/charts/compare/authentik-15.0.19...authentik-15.0.20) (2023-11-18)
## [authentik-15.0.19](https://github.com/truecharts/charts/compare/authentik-15.0.18...authentik-15.0.19) (2023-11-17)
## [authentik-15.0.18](https://github.com/truecharts/charts/compare/authentik-15.0.17...authentik-15.0.18) (2023-11-10)
### Chore
- update container image tccr.io/truecharts/authentik to v2023.10.3 ([#14514](https://github.com/truecharts/charts/issues/14514))
## [authentik-15.0.17](https://github.com/truecharts/charts/compare/authentik-15.0.16...authentik-15.0.17) (2023-11-09)
### Chore
- update authentik to v2023.10.3 (patch) ([#14495](https://github.com/truecharts/charts/issues/14495))
## [authentik-15.0.16](https://github.com/truecharts/charts/compare/authentik-15.0.15...authentik-15.0.16) (2023-11-09)
### Chore
- update helm general non-major ([#14467](https://github.com/truecharts/charts/issues/14467))

44
stable/authentik/16.0.0/Chart.yaml Normal file
View File

@ -0,0 +1,44 @@
kubeVersion: ">=1.24.0-0"
apiVersion: v2
name: authentik
version: 16.0.0
appVersion: 2023.10.4
description: Authentik is an open-source Identity Provider focused on flexibility and versatility.
home: https://truecharts.org/charts/stable/authentik
icon: https://truecharts.org/img/hotlink-ok/chart-icons/authentik.png
deprecated: false
sources:
- https://ghcr.io/goauthentik/radius
- https://goauthentik.io/docs/
- https://github.com/goauthentik/authentik
- https://github.com/truecharts/charts/tree/master/charts/stable/authentik
maintainers:
- name: TrueCharts
email: info@truecharts.org
url: https://truecharts.org
keywords:
- authentik
dependencies:
- name: common
version: 16.2.5
repository: https://library-charts.truecharts.org
condition: ""
alias: ""
tags: []
import-values: []
- name: redis
version: 8.0.47
repository: https://deps.truecharts.org
condition: redis.enabled
alias: ""
tags: []
import-values: []
annotations:
max_scale_version: 23.10.2
min_scale_version: 23.10.0
truecharts.org/SCALE-support: "true"
truecharts.org/category: authentication
truecharts.org/max_helm_version: "3.13"
truecharts.org/min_helm_version: "3.12"
truecharts.org/train: stable
type: application

106
stable/authentik/16.0.0/LICENSE Normal file
View File

@ -0,0 +1,106 @@
Business Source License 1.1
Parameters
Licensor: The TrueCharts Project, it's owner and it's contributors
Licensed Work: The TrueCharts "Blocky" Helm Chart
Additional Use Grant: You may use the licensed work in production, as long
as it is directly sourced from a TrueCharts provided
official repository, catalog or source. You may also make private
modification to the directly sourced licenced work,
when used in production.
The following cases are, due to their nature, also
defined as 'production use' and explicitly prohibited:
- Bundling, including or displaying the licensed work
with(in) another work intended for production use,
with the apparent intend of facilitating and/or
promoting production use by third parties in
violation of this license.
Change Date: 2050-01-01
Change License: 3-clause BSD license
For information about alternative licensing arrangements for the Software,
please contact: legal@truecharts.org
Notice
The Business Source License (this document, or the “License”) is not an Open
Source license. However, the Licensed Work will eventually be made available
under an Open Source License, as stated in this License.
License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved.
“Business Source License” is a trademark of MariaDB Corporation Ab.
-----------------------------------------------------------------------------
Business Source License 1.1
Terms
The Licensor hereby grants you the right to copy, modify, create derivative
works, redistribute, and make non-production use of the Licensed Work. The
Licensor may make an Additional Use Grant, above, permitting limited
production use.
Effective on the Change Date, or the fourth anniversary of the first publicly
available distribution of a specific version of the Licensed Work under this
License, whichever comes first, the Licensor hereby grants you rights under
the terms of the Change License, and the rights granted in the paragraph
above terminate.
If your use of the Licensed Work does not comply with the requirements
currently in effect as described in this License, you must purchase a
commercial license from the Licensor, its affiliated entities, or authorized
resellers, or you must refrain from using the Licensed Work.
All copies of the original and modified Licensed Work, and derivative works
of the Licensed Work, are subject to this License. This License applies
separately for each version of the Licensed Work and the Change Date may vary
for each version of the Licensed Work released by Licensor.
You must conspicuously display this License on each original or modified copy
of the Licensed Work. If you receive the Licensed Work in original or
modified form from a third party, the terms and conditions set forth in this
License apply to your use of that work.
Any use of the Licensed Work in violation of this License will automatically
terminate your rights under this License for the current and all other
versions of the Licensed Work.
This License does not grant you any right in any trademark or logo of
Licensor or its affiliates (provided that you may use a trademark or logo of
Licensor as expressly required by this License).
TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON
AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS,
EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND
TITLE.
MariaDB hereby grants you permission to use this Licenses text to license
your works, and to refer to it using the trademark “Business Source License”,
as long as you comply with the Covenants of Licensor below.
Covenants of Licensor
In consideration of the right to use this Licenses text and the “Business
Source License” name and trademark, Licensor covenants to MariaDB, and to all
other recipients of the licensed work to be provided by Licensor:
1. To specify as the Change License the GPL Version 2.0 or any later version,
or a license that is compatible with GPL Version 2.0 or a later version,
where “compatible” means that software provided under the Change License can
be included in a program with software provided under GPL Version 2.0 or a
later version. Licensor may specify additional Change Licenses without
limitation.
2. To either: (a) specify an additional grant of rights to use that does not
impose any additional restriction on the right granted in this License, as
the Additional Use Grant; or (b) insert the text “None”.
3. To specify a Change Date.
4. Not to modify this License in any other way.

27
stable/authentik/16.0.0/README.md Normal file
View File

@ -0,0 +1,27 @@
# README
## General Info
TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
However only installations using the TrueNAS SCALE Apps system are supported.
For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/stable/authentik)
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
## Support
- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro).
- See the [Website](https://truecharts.org)
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
---
## Sponsor TrueCharts
TrueCharts can only exist due to the incredible effort of our staff.
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
*All Rights Reserved - The TrueCharts Project*

4
stable/authentik/16.0.0/app-changelog.md Normal file
View File

@ -0,0 +1,4 @@
## [authentik-16.0.0](https://github.com/truecharts/charts/compare/authentik-15.0.27...authentik-16.0.0) (2023-12-20)

8
stable/authentik/16.0.0/app-readme.md Normal file
View File

@ -0,0 +1,8 @@
Authentik is an open-source Identity Provider focused on flexibility and versatility.
This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/stable/authentik](https://truecharts.org/charts/stable/authentik)
---
TrueCharts can only exist due to the incredible effort of our staff.
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!

BIN
stable/authentik/16.0.0/charts/common-16.2.5.tgz Normal file
View File

Binary file not shown.

BIN
stable/authentik/16.0.0/charts/redis-8.0.47.tgz Normal file
View File

Binary file not shown.

498
stable/authentik/16.0.0/ix_values.yaml Normal file
View File

@ -0,0 +1,498 @@
image:
repository: ghcr.io/goauthentik/server
tag: 2023.10.4@sha256:f201d0515461ef5ec2afd37ead691247f09dfef231fdaa494fd48105b65913ca
pullPolicy: IfNotPresent
geoipImage:
repository: ghcr.io/maxmind/geoipupdate
tag: v6.0.0@sha256:e0d5c1dee7379d360e0f355557542d9672c616215dfdd5aaf917382de84cb84c
pullPolicy: IfNotPresent
ldapImage:
repository: ghcr.io/goauthentik/ldap
tag: 2023.10.4@sha256:e16028e4e6312dcb0fb35a9b537829efd9f7c0c3c1bbe966150fca5734211c6d
pullPolicy: IfNotPresent
radiusImage:
repository: ghcr.io/goauthentik/radius
tag: 2023.10.4@sha256:a5d36976190e4ccacb8caf315814534e75b983f789dc422bc327c4999a60cdab
pullPolicy: IfNotPresent
proxyImage:
repository: ghcr.io/goauthentik/proxy
tag: 2023.10.4@sha256:35217928c215f5221685289e09a076ad38767b17485b102661fad5aca184b8b1
pullPolicy: IfNotPresent
authentik:
credentials:
# Only works on initial install
email: my-mail@example.com
password: my-password
# Optional, only set if you want to use it
bootstrapToken: ""
general:
disableUpdateCheck: false
disableStartupAnalytics: true
allowUserChangeName: true
allowUserChangeEmail: true
allowUserChangeUsername: true
overwriteDefaultBlueprints: false
gdprCompliance: true
tokenLength: 128
impersonation: true
avatars:
- gravatar
- initials
footerLinks:
- name: Authentik
href: https://goauthentik.io
email:
host: ""
port: 587
username:
password:
useTLS: true
useSSL: false
timeout: 10
from: ""
ldap:
tlsCiphers: "null"
taskTimeoutHours: 2
logging:
# info, debug, warning, error, trace
logLevel: info
errorReporting:
enabled: false
sendPII: false
environment: customer
sentryDSN: ""
geoip:
enabled: false
# Ignored if enabled is true
# If enabled is false, and this is true, the
# built-in GeoIP database will be wiped
wipeBuiltInDb: false
editionID: GeoLite2-City
frequency: 8
accountID: ""
licenseKey: ""
outposts:
proxy:
enabled: false
token: ""
radius:
enabled: false
token: ""
ldap:
enabled: false
token: ""
# ===== DO NOT EDIT BELOW THIS LINE =====
workload:
# ===== Server =====
main:
enabled: true
type: Deployment
podSpec:
containers:
main:
enabled: true
primary: true
imageSelector: image
securityContext:
runAsUser: 1000
runAsGroup: 1000
# readOnlyRootFilesystem: false
envFrom:
- configMapRef:
name: server
- secretRef:
name: server-worker
- configMapRef:
name: server-worker
args:
- server
probes:
liveness:
enabled: true
type: exec
command:
- /lifecycle/ak
- healthcheck
readiness:
enabled: true
type: exec
command:
- /lifecycle/ak
- healthcheck
startup:
enabled: true
type: exec
command:
- /lifecycle/ak
- healthcheck
# ===== Worker =====
worker:
enabled: true
type: Deployment
podSpec:
containers:
worker:
enabled: true
primary: true
imageSelector: image
securityContext:
runAsUser: 1000
runAsGroup: 1000
# readOnlyRootFilesystem: false
envFrom:
- secretRef:
name: server-worker
- configMapRef:
name: server-worker
args:
- worker
probes:
liveness:
enabled: true
type: exec
command:
- /lifecycle/ak
- healthcheck
readiness:
enabled: true
type: exec
command:
- /lifecycle/ak
- healthcheck
startup:
enabled: true
type: exec
command:
- /lifecycle/ak
- healthcheck
# ===== PROXY =====
proxy:
enabled: true
type: Deployment
podSpec:
containers:
proxy:
enabled: true
primary: true
imageSelector: proxyImage
securityContext:
runAsUser: 1000
runAsGroup: 1000
envFrom:
- configMapRef:
name: proxy
- secretRef:
name: proxy
probes:
liveness:
enabled: true
type: exec
command:
- /proxy
- healthcheck
readiness:
enabled: true
type: exec
command:
- /proxy
- healthcheck
startup:
enabled: true
type: exec
command:
- /proxy
- healthcheck
# ===== RADIUS =====
radius:
enabled: true
type: Deployment
podSpec:
containers:
radius:
enabled: true
primary: true
imageSelector: radiusImage
securityContext:
runAsUser: 1000
runAsGroup: 1000
envFrom:
- configMapRef:
name: radius
- secretRef:
name: radius
probes:
liveness:
enabled: true
type: exec
command:
- /radius
- healthcheck
readiness:
enabled: true
type: exec
command:
- /radius
- healthcheck
startup:
enabled: true
type: exec
command:
- /radius
- healthcheck
# ===== LDAP =====
ldap:
enabled: true
type: Deployment
podSpec:
containers:
ldap:
enabled: true
primary: true
imageSelector: ldapImage
securityContext:
runAsUser: 1000
runAsGroup: 1000
envFrom:
- configMapRef:
name: ldap
- secretRef:
name: ldap
probes:
liveness:
enabled: true
type: exec
command:
- /ldap
- healthcheck
readiness:
enabled: true
type: exec
command:
- /ldap
- healthcheck
startup:
enabled: true
type: exec
command:
- /ldap
- healthcheck
# ===== GeoIP Updater =====
geoip:
enabled: true
type: Deployment
podSpec:
containers:
geoip:
enabled: true
primary: true
imageSelector: geoipImage
securityContext:
runAsUser: 0
runAsGroup: 0
capabilities:
disableS6Caps: true
envFrom:
- configMapRef:
name: geoip
- secretRef:
name: geoip
probes:
liveness:
enabled: false
readiness:
enabled: false
startup:
enabled: false
service:
# Server HTTPS
main:
ports:
main:
protocol: https
port: 10229
# Server HTTP
http:
enabled: true
type: ClusterIP
ports:
http:
enabled: true
protocol: http
port: 10230
# Proxy
proxy:
enabled: true
targetSelector: proxy
ports:
http:
enabled: true
protocol: http
port: 10227
targetSelector: proxy
https:
enabled: true
protocol: https
port: 10228
targetSelector: proxy
# Radius
radius:
enabled: true
targetSelector: radius
ports:
radius:
enabled: true
protocol: udp
targetSelector: radius
port: 1812
# LDAP
ldap:
enabled: true
targetSelector: ldap
ports:
ldap:
enabled: true
port: 389
targetSelector: ldap
# LDAPS
ldaps:
enabled: true
targetSelector: ldap
ports:
ldaps:
enabled: true
port: 636
targetSelector: ldap
# Server Metrics
servermetrics:
enabled: true
type: ClusterIP
ports:
servermetrics:
enabled: true
protocol: http
port: 10231
# Radius Metrics
radiusmetrics:
enabled: true
type: ClusterIP
targetSelector: radius
ports:
radiusmetrics:
enabled: true
protocol: http
port: 10232
targetSelector: radius
# LDAP Metrics
ldapmetrics:
enabled: true
type: ClusterIP
targetSelector: ldap
ports:
ldapmetrics:
enabled: true
protocol: http
port: 10233
targetSelector: ldap
# Proxy Metrics
proxymetrics:
enabled: true
type: ClusterIP
targetSelector: proxy
ports:
proxymetrics:
enabled: true
protocol: http
port: 10234
targetSelector: proxy
persistence:
media:
enabled: true
targetSelector:
main:
main:
mountPath: /media
worker:
worker:
mountPath: /media
templates:
enabled: true
targetSelector:
main:
main:
mountPath: /templates
worker:
worker:
mountPath: /templates
blueprints:
enabled: true
targetSelector:
worker:
worker:
# This will automatically change to `/blueprints`
# if `overwriteDefaultBlueprints` is set to `true
# Otherwise it will respect the value specified here
mountPath: /blueprints/custom
certs:
enabled: true
mountPath: /certs
targetSelector:
worker:
worker:
mountPath: /certs
geoip:
enabled: true
targetSelector:
main:
main:
mountPath: /geoip
worker:
worker:
mountPath: /geoip
geoip:
geoip:
mountPath: /usr/share/GeoIP
cnpg:
main:
enabled: true
user: authentik
database: authentik
redis:
enabled: true
portal:
open:
enabled: true
metrics:
# FIXME: Metrics do not work yet
servermetrics:
enabled: true
type: servicemonitor
endpoints:
- port: "{{ .Values.service.servermetrics.ports.servermetrics.port }}"
path: /metrics
prometheusRule:
enabled: false
radiusmetrics:
enabled: true
type: servicemonitor
endpoints:
- port: "{{ .Values.service.radiusmetrics.ports.radiusmetrics.port }}"
path: /metrics
prometheusRule:
enabled: false
ldapmetrics:
enabled: true
type: servicemonitor
endpoints:
- port: "{{ .Values.service.ldapmetrics.ports.ldapmetrics.port }}"
path: /metrics
prometheusRule:
enabled: false
proxymetrics:
enabled: true
type: servicemonitor
endpoints:
- port: "{{ .Values.service.proxymetrics.ports.proxymetrics.port }}"
path: /metrics
prometheusRule:
enabled: false
updated: true

4590
stable/authentik/16.0.0/questions.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

1
stable/authentik/16.0.0/templates/NOTES.txt Normal file
View File

@ -0,0 +1 @@
{{- include "tc.v1.common.lib.chart.notes" $ -}}

128
stable/authentik/16.0.0/templates/_config.tpl Normal file
View File

@ -0,0 +1,128 @@
{{/* Define the configmaps */}}
{{- define "authentik.configmaps" -}}
{{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $ -}}
{{- $serverHost := printf "https://%v:%v" $fullname .Values.service.main.ports.main.port -}}
{{- $host := .Values.chartContext.appUrl }}
server:
enabled: true
data:
AUTHENTIK_LISTEN__HTTPS: {{ printf "0.0.0.0:%v" .Values.service.main.ports.main.port | quote }}
AUTHENTIK_LISTEN__HTTP: {{ printf "0.0.0.0:%v" .Values.service.http.ports.http.port | quote }}
AUTHENTIK_LISTEN__METRICS: {{ printf "0.0.0.0:%v" .Values.service.servermetrics.ports.servermetrics.port | quote }}
server-worker:
enabled: true
data:
{{/* Dependencies */}}
AUTHENTIK_POSTGRESQL__NAME: {{ .Values.cnpg.main.database }}
AUTHENTIK_POSTGRESQL__USER: {{ .Values.cnpg.main.user }}
AUTHENTIK_POSTGRESQL__HOST: {{ .Values.cnpg.main.creds.host }}
AUTHENTIK_POSTGRESQL__PORT: "5432"
AUTHENTIK_REDIS__HOST: {{ .Values.redis.creds.plain }}
AUTHENTIK_REDIS__PORT: "6379"
{{/* Outposts */}}
AUTHENTIK_OUTPOSTS__DISCOVER: "false"
{{/* GeoIP */}}
{{- $geoipPath := (printf "/geoip/%v.mmdb" .Values.authentik.geoip.editionID) -}}
{{- if not .Values.authentik.geoip.enabled -}}
{{- $geoipPath = "/tmp/non-existent-file" -}}
{{- end -}}
{{- if or .Values.authentik.geoip.enabled .Values.authentik.geoip.wipeBuiltInDb }}
AUTHENTIK_GEOIP: {{ $geoipPath }}
{{- end }}
{{/* Mail */}}
AUTHENTIK_EMAIL__USE_TLS: {{ .Values.authentik.email.useTLS | quote }}
AUTHENTIK_EMAIL__USE_SSL: {{ .Values.authentik.email.useSSL | quote }}
{{- with .Values.authentik.email.port }}
AUTHENTIK_EMAIL__PORT: {{ . | quote }}
{{- end -}}
{{- with .Values.authentik.email.timeout }}
AUTHENTIK_EMAIL__TIMEOUT: {{ . | quote }}
{{- end }}
{{/* LDAP */}}
AUTHENTIK_LDAP__TASK_TIMEOUT_HOURS: {{ .Values.authentik.ldap.taskTimeoutHours | quote }}
AUTHENTIK_LDAP__TLS__CIPHERS: {{ .Values.authentik.ldap.tlsCiphers | quote }}
{{/* Logging */}}
AUTHENTIK_LOG_LEVEL: {{ .Values.authentik.logging.logLevel }}
{{/* Error Reporting */}}
AUTHENTIK_ERROR_REPORTING__ENABLED: {{ .Values.authentik.errorReporting.enabled | quote }}
AUTHENTIK_ERROR_REPORTING__SEND_PII: {{ .Values.authentik.errorReporting.sendPII | quote }}
{{- with .Values.authentik.errorReporting.environment }}
AUTHENTIK_ERROR_REPORTING__ENVIRONMENT: {{ . | quote }}
{{- end -}}
{{- with .Values.authentik.errorReporting.sentryDSN }}
AUTHENTIK_ERROR_REPORTING__SENTRY_DSN: {{ . | quote }}
{{- end -}}
{{- with .Values.authentik.general.avatars }}
AUTHENTIK_AVATARS: {{ join "," . }}
{{- end -}}
{{- with .Values.authentik.general.footerLinks }}
AUTHENTIK_FOOTER_LINKS: {{ toJson . | squote }}
{{- end }}
{{/* General */}}
AUTHENTIK_DISABLE_UPDATE_CHECK: {{ .Values.authentik.general.disableUpdateCheck | quote }}
AUTHENTIK_DISABLE_STARTUP_ANALYTICS: {{ .Values.authentik.general.disableStartupAnalytics | quote }}
AUTHENTIK_DEFAULT_USER_CHANGE_NAME: {{ .Values.authentik.general.allowUserChangeName | quote }}
AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL: {{ .Values.authentik.general.allowUserChangeEmail | quote }}
AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME: {{ .Values.authentik.general.allowUserChangeUsername | quote }}
AUTHENTIK_GDPR_COMPLIANCE: {{ .Values.authentik.general.gdprCompliance | quote }}
AUTHENTIK_DEFAULT_TOKEN_LENGTH: {{ .Values.authentik.general.tokenLength | quote }}
AUTHENTIK_IMPERSONATION: {{ .Values.authentik.general.impersonation | quote }}
{{- if .Values.authentik.outposts.proxy.enabled }}
proxy:
enabled: true
data:
AUTHENTIK_LISTEN__HTTP: {{ printf "0.0.0.0:%v" .Values.service.proxy.ports.http.port | quote }}
AUTHENTIK_LISTEN__HTTPS: {{ printf "0.0.0.0:%v" .Values.service.proxy.ports.https.port | quote }}
AUTHENTIK_LISTEN__METRICS: {{ printf "0.0.0.0:%v" .Values.service.proxymetrics.ports.proxymetrics.port | quote }}
AUTHENTIK_HOST: {{ $serverHost }}
AUTHENTIK_INSECURE: "true"
# TODO: node ip or ingress host
AUTHENTIK_HOST_BROWSER: {{ $host }}
{{- end -}}
{{- if .Values.authentik.outposts.radius.enabled }}
radius:
enabled: true
data:
AUTHENTIK_LISTEN__RADIUS: {{ printf "0.0.0.0:%v" .Values.service.radius.ports.radius.port | quote }}
AUTHENTIK_LISTEN__METRICS: {{ printf "0.0.0.0:%v" .Values.service.radiusmetrics.ports.radiusmetrics.port | quote }}
AUTHENTIK_HOST: {{ $serverHost }}
AUTHENTIK_INSECURE: "true"
# TODO: node ip or ingress host
AUTHENTIK_HOST_BROWSER: {{ $host }}
{{- end -}}
{{- if .Values.authentik.outposts.ldap.enabled }}
ldap:
enabled: true
data:
AUTHENTIK_LISTEN__LDAP: {{ printf "0.0.0.0:%v" .Values.service.ldap.ports.ldap.port | quote }}
AUTHENTIK_LISTEN__LDAPS: {{ printf "0.0.0.0:%v" .Values.service.ldaps.ports.ldaps.port | quote }}
AUTHENTIK_LISTEN__METRICS: {{ printf "0.0.0.0:%v" .Values.service.ldapmetrics.ports.ldapmetrics.port | quote }}
AUTHENTIK_HOST: {{ $serverHost }}
AUTHENTIK_INSECURE: "true"
# TODO: node ip or ingress host
AUTHENTIK_HOST_BROWSER: {{ $host }}
{{- end -}}
{{- if .Values.authentik.geoip.enabled }}
geoip:
enabled: true
data:
GEOIPUPDATE_EDITION_IDS: {{ .Values.authentik.geoip.editionID }}
GEOIPUPDATE_FREQUENCY: {{ .Values.authentik.geoip.frequency | quote }}
GEOIPUPDATE_DB_DIR: {{ .Values.persistence.geoip.targetSelector.geoip.geoip.mountPath | quote }}
{{- end -}}
{{- end -}}

74
stable/authentik/16.0.0/templates/_secret.tpl Normal file
View File

@ -0,0 +1,74 @@
{{/* Define the secrets */}}
{{- define "authentik.secrets" -}}
{{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $ -}}
{{- $fetchname := printf "%v-server-worker" $fullname -}}
{{- $secretKey := randAlphaNum 32 -}}
{{- with (lookup "v1" "Secret" .Release.Namespace $fetchname) -}}
{{- $secretKey = index .data "AUTHENTIK_SECRET_KEY" | b64dec -}}
{{- end }}
server-worker:
enabled: true
data:
{{/* Dependencies */}}
AUTHENTIK_POSTGRESQL__PASSWORD: {{ .Values.cnpg.main.creds.password | trimAll "\"" }}
AUTHENTIK_REDIS__PASSWORD: {{ .Values.redis.creds.redisPassword | trimAll "\"" }}
{{/* Secret Key */}}
AUTHENTIK_SECRET_KEY: {{ $secretKey }}
{{/* Initial credentials */}}
AUTHENTIK_BOOTSTRAP_EMAIL: {{ .Values.authentik.credentials.email | quote }}
AUTHENTIK_BOOTSTRAP_PASSWORD: {{ .Values.authentik.credentials.password | quote }}
{{- with .Values.authentik.credentials.bootstrapToken }}
AUTHENTIK_BOOTSTRAP_TOKEN: {{ . }}
{{- end }}
{{/* Mail */}}
{{- with .Values.authentik.email.host }}
AUTHENTIK_EMAIL__HOST: {{ . }}
{{- end -}}
{{- with .Values.authentik.email.username }}
AUTHENTIK_EMAIL__USERNAME: {{ . }}
{{- end -}}
{{- with .Values.authentik.email.password }}
AUTHENTIK_EMAIL__PASSWORD: {{ . }}
{{- end -}}
{{- with .Values.authentik.email.from }}
AUTHENTIK_EMAIL__FROM: {{ . }}
{{- end -}}
{{- if .Values.authentik.geoip.enabled }}
geoip:
enabled: true
data:
GEOIPUPDATE_VERBOSE: "0"
GEOIPUPDATE_PRESERVE_FILE_TIMES: "1"
GEOIPUPDATE_ACCOUNT_ID: {{ .Values.authentik.geoip.accountID | quote }}
GEOIPUPDATE_LICENSE_KEY: {{ .Values.authentik.geoip.licenseKey | quote }}
{{- end -}}
{{- if .Values.authentik.outposts.proxy.enabled }}
proxy:
enabled: true
data:
AUTHENTIK_TOKEN: {{ .Values.authentik.outposts.proxy.token | quote }}
{{- end -}}
{{- if .Values.authentik.outposts.radius.enabled }}
radius:
enabled: true
data:
AUTHENTIK_TOKEN: {{ .Values.authentik.outposts.radius.token | quote }}
{{- end -}}
{{- if .Values.authentik.outposts.ldap.enabled }}
ldap:
enabled: true
data:
AUTHENTIK_TOKEN: {{ .Values.authentik.outposts.ldap.token | quote }}
{{- end -}}
{{- end -}}

23
stable/authentik/16.0.0/templates/_validation.tpl Normal file
View File

@ -0,0 +1,23 @@
{{- define "authentik.validation" -}}
{{- range $outpost, $values := .Values.authentik.outposts -}}
{{- if (kindIs "dict" $values) -}}
{{- if and $values.enabled (not $values.token) -}}
{{- fail (printf "Authentik - Outpost [%v] is enabled, but [token] was not provided" ($outpost | upper)) -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if .Values.authentik.geoip.enabled -}}
{{- if not .Values.authentik.geoip.accountID -}}
{{- fail "Authentik - GeoIP is enabled but [accountID] was not provided" -}}
{{- end -}}
{{- if not .Values.authentik.geoip.licenseKey -}}
{{- fail "Authentik - GeoIP is enabled but [licenseKey] was not provided" -}}
{{- end -}}
{{- if contains " " .Values.authentik.geoip.editionID -}}
{{- fail "Authentik - GeoIP is enabled but [editionID] cannot contain spaces" -}}
{{- end -}}
{{- end -}}
{{- end -}}

20
stable/authentik/16.0.0/templates/_waitAuthentik.tpl Normal file
View File

@ -0,0 +1,20 @@
{{- define "authentik.wait.server" -}}
{{- $fullname := (include "tc.v1.common.lib.chart.names.fullname" $) -}}
{{- $serverUrl := printf "https://%v:%v/-/health/ready/" $fullname .Values.service.main.ports.main.port }}
enabled: true
type: init
imageSelector: alpineImage
command: /bin/sh
args:
- -c
- |
echo "Waiting Authentik Server [{{ $serverUrl }}] to be ready..."
until wget --no-check-certificate --spider --quiet "{{ $serverUrl }}";
do
echo "Waiting Authentik Server [{{ $serverUrl }}] to be ready..."
sleep 3
done
echo "Authentik [{{ $serverUrl }}] is ready..."
echo "Starting Outpost..."
{{- end -}}

97
stable/authentik/16.0.0/templates/common.yaml Normal file
View File

@ -0,0 +1,97 @@
{{/* Make sure all variables are set properly */}}
{{- include "tc.v1.common.loader.init" . }}
{{- include "authentik.validation" $ -}}
{{/* Render secrets for authentik and friends */}}
{{- $secrets := include "authentik.secrets" . | fromYaml -}}
{{- if $secrets -}}
{{ $secrets := (mustMergeOverwrite .Values.secret $secrets) }}
{{- $_ := set .Values "secret" $secrets -}}
{{- end -}}
{{/* Render configmaps for authentik and friends */}}
{{- $configmaps := include "authentik.configmaps" . | fromYaml -}}
{{- if $configmaps -}}
{{ $configmaps := (mustMergeOverwrite .Values.configmap $configmaps) }}
{{- $_ := set .Values "configmap" $configmaps -}}
{{- end -}}
{{- if .Values.authentik.general.overwriteDefaultBlueprints -}}
{{- $_ := set .Values.persistence.blueprints.targetSelector.worker.worker "mountPath" "/blueprints" -}}
{{- end -}}
{{- if .Values.authentik.geoip.enabled -}}
{{- $_ := set .Values.workload.geoip "enabled" true -}}
{{- else -}}
{{- $_ := set .Values.workload.geoip "enabled" false -}}
{{- $_ := set .Values.persistence.geoip "enabled" false -}}
{{- end -}}
{{- if or .Values.authentik.geoip.enabled .Values.authentik.geoip.wipeBuiltInDb -}}
{{- $_ := set .Values.persistence.geoip "enabled" true -}}
{{- end -}}
{{- if .Values.authentik.outposts.proxy.enabled -}}
{{- $_ := set .Values.workload.proxy "enabled" true -}}
{{- if not .Values.workload.proxy.podSpec.initContainers -}}
{{- $_ := set .Values.workload.proxy.podSpec "initContainers" dict -}}
{{- end -}}
{{- $_ := set .Values.workload.proxy.podSpec.initContainers "wait-server" (include "authentik.wait.server" . | fromYaml) -}}
{{- $_ := set .Values.service.proxy "enabled" true -}}
{{- $_ := set .Values.service.proxymetrics "enabled" true -}}
{{- $_ := set .Values.metrics.proxymetrics "enabled" true -}}
{{- else -}}
{{- $_ := set .Values.workload.proxy "enabled" false -}}
{{- $_ := set .Values.service.proxy "enabled" false -}}
{{- $_ := set .Values.service.proxymetrics "enabled" false -}}
{{- $_ := set .Values.metrics.proxymetrics "enabled" false -}}
{{- end -}}
{{- if .Values.authentik.outposts.radius.enabled -}}
{{- $_ := set .Values.workload.radius "enabled" true -}}
{{- if not .Values.workload.radius.podSpec.initContainers -}}
{{- $_ := set .Values.workload.radius.podSpec "initContainers" dict -}}
{{- end -}}
{{- $_ := set .Values.workload.radius.podSpec.initContainers "wait-server" (include "authentik.wait.server" . | fromYaml) -}}
{{- $_ := set .Values.service.radius "enabled" true -}}
{{- $_ := set .Values.service.radiusmetrics "enabled" true -}}
{{- $_ := set .Values.metrics.radiusmetrics "enabled" true -}}
{{- else -}}
{{- $_ := set .Values.workload.radius "enabled" false -}}
{{- $_ := set .Values.service.radius "enabled" false -}}
{{- $_ := set .Values.service.radiusmetrics "enabled" false -}}
{{- $_ := set .Values.metrics.radiusmetrics "enabled" false -}}
{{- end -}}
{{- if .Values.authentik.outposts.ldap.enabled -}}
{{- $_ := set .Values.workload.ldap "enabled" true -}}
{{- if not .Values.workload.ldap.podSpec.initContainers -}}
{{- $_ := set .Values.workload.ldap.podSpec "initContainers" dict -}}
{{- end -}}
{{- $_ := set .Values.workload.ldap.podSpec.initContainers "wait-server" (include "authentik.wait.server" . | fromYaml) -}}
{{- $_ := set .Values.service.ldap "enabled" true -}}
{{- $_ := set .Values.service.ldaps "enabled" true -}}
{{- $_ := set .Values.service.ldapmetrics "enabled" true -}}
{{- $_ := set .Values.metrics.ldapmetrics "enabled" true -}}
{{- else -}}
{{- $_ := set .Values.workload.ldap "enabled" false -}}
{{- $_ := set .Values.service.ldap "enabled" false -}}
{{- $_ := set .Values.service.ldaps "enabled" false -}}
{{- $_ := set .Values.service.ldapmetrics "enabled" false -}}
{{- $_ := set .Values.metrics.ldapmetrics "enabled" false -}}
{{- end -}}
{{/* FIXME: See values.yaml */}}
{{- $_ := set .Values.service.servermetrics "enabled" false -}}
{{- $_ := set .Values.service.proxymetrics "enabled" false -}}
{{- $_ := set .Values.service.radiusmetrics "enabled" false -}}
{{- $_ := set .Values.service.ldapmetrics "enabled" false -}}
{{- $_ := set .Values.metrics.servermetrics "enabled" false -}}
{{- $_ := set .Values.metrics.proxymetrics "enabled" false -}}
{{- $_ := set .Values.metrics.radiusmetrics "enabled" false -}}
{{- $_ := set .Values.metrics.ldapmetrics "enabled" false -}}
{{/* Render the templates */}}
{{ include "tc.v1.common.loader.apply" . }}

0
stable/authentik/16.0.0/values.yaml Normal file
View File

99
stable/jellyfin/16.0.0/CHANGELOG.md Normal file
View File

@ -0,0 +1,99 @@
**Important:**
*for the complete changelog, please refer to the website*
## [jellyfin-16.0.0](https://github.com/truecharts/charts/compare/jellyfin-15.1.4...jellyfin-16.0.0) (2023-12-20)
## [jellyfin-15.1.4](https://github.com/truecharts/charts/compare/jellyfin-15.1.3...jellyfin-15.1.4) (2023-12-20)
### Chore
- Bump everything to force min/max scale version update
## [jellyfin-15.1.3](https://github.com/truecharts/charts/compare/jellyfin-15.1.0...jellyfin-15.1.3) (2023-12-16)
### Chore
- fix move mistake and cleanup metadata
- update helm general non-major ([#14784](https://github.com/truecharts/charts/issues/14784))
- update container image docker.io/alpine/socat to 1.8.0.0[@af9a3db](https://github.com/af9a3db) ([#16139](https://github.com/truecharts/charts/issues/16139))
## [jellyfin-15.1.3](https://github.com/truecharts/charts/compare/jellyfin-15.1.0...jellyfin-15.1.3) (2023-12-16)
### Chore
- fix move mistake and cleanup metadata
- update helm general non-major ([#14784](https://github.com/truecharts/charts/issues/14784))
- update container image docker.io/alpine/socat to 1.8.0.0[@af9a3db](https://github.com/af9a3db) ([#16139](https://github.com/truecharts/charts/issues/16139))
## [jellyfin-15.1.2](https://github.com/truecharts/charts/compare/jellyfin-15.1.0...jellyfin-15.1.2) (2023-12-16)
### Chore
- fix move mistake and cleanup metadata
- update container image docker.io/alpine/socat to 1.8.0.0[@af9a3db](https://github.com/af9a3db) ([#16139](https://github.com/truecharts/charts/issues/16139))
## [jellyfin-15.1.1](https://github.com/truecharts/charts/compare/jellyfin-15.1.0...jellyfin-15.1.1) (2023-12-16)
### Chore
- update container image docker.io/alpine/socat to 1.8.0.0[@af9a3db](https://github.com/af9a3db) ([#16139](https://github.com/truecharts/charts/issues/16139))
## [jellyfin-15.1.1](https://github.com/truecharts/charts/compare/jellyfin-15.1.0...jellyfin-15.1.1) (2023-12-16)
### Chore
- update container image docker.io/alpine/socat to 1.8.0.0[@af9a3db](https://github.com/af9a3db) ([#16139](https://github.com/truecharts/charts/issues/16139))
## [jellyfin-15.1.0](https://github.com/truecharts/charts/compare/jellyfin-15.0.31...jellyfin-15.1.0) (2023-12-09)
### Chore
- update container image docker.io/alpine/socat to v1.8.0.0[@61c06c2](https://github.com/61c06c2) ([#15914](https://github.com/truecharts/charts/issues/15914))
## [jellyfin-15.0.31](https://github.com/truecharts/charts/compare/jellyfin-15.0.30...jellyfin-15.0.31) (2023-12-03)
### Chore
- bump everything to ensure catalog has latest versions
## [jellyfin-15.0.30](https://github.com/truecharts/charts/compare/jellyfin-15.0.29...jellyfin-15.0.30) (2023-12-02)
### Chore
- fix annotations again
- update annotations
- update container image docker.io/alpine/socat to 1.7.4.4[@13740b3](https://github.com/13740b3) ([#15598](https://github.com/truecharts/charts/issues/15598))

38
stable/jellyfin/16.0.0/Chart.yaml Normal file
View File

@ -0,0 +1,38 @@
kubeVersion: ">=1.24.0-0"
apiVersion: v2
name: jellyfin
version: 16.0.0
appVersion: 10.8.13
description: Jellyfin is a Free Software Media System
home: https://truecharts.org/charts/stable/jellyfin
icon: https://truecharts.org/img/hotlink-ok/chart-icons/jellyfin.png
deprecated: false
sources:
- https://github.com/jellyfin/jellyfin
- https://github.com/truecharts/charts/tree/master/charts/stable/jellyfin
- https://hub.docker.com/r/alpine/socat
maintainers:
- name: TrueCharts
email: info@truecharts.org
url: https://truecharts.org
keywords:
- jellyfin
- plex
- emby
dependencies:
- name: common
version: 16.2.5
repository: https://library-charts.truecharts.org
condition: ""
alias: ""
tags: []
import-values: []
annotations:
max_scale_version: 23.10.2
min_scale_version: 23.10.0
truecharts.org/SCALE-support: "true"
truecharts.org/category: media
truecharts.org/max_helm_version: "3.13"
truecharts.org/min_helm_version: "3.12"
truecharts.org/train: stable
type: application

27
stable/jellyfin/16.0.0/README.md Normal file
View File

@ -0,0 +1,27 @@
# README
## General Info
TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
However only installations using the TrueNAS SCALE Apps system are supported.
For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/stable/jellyfin)
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
## Support
- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro).
- See the [Website](https://truecharts.org)
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
---
## Sponsor TrueCharts
TrueCharts can only exist due to the incredible effort of our staff.
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
*All Rights Reserved - The TrueCharts Project*

4
stable/jellyfin/16.0.0/app-changelog.md Normal file
View File

@ -0,0 +1,4 @@
## [jellyfin-16.0.0](https://github.com/truecharts/charts/compare/jellyfin-15.1.4...jellyfin-16.0.0) (2023-12-20)

8
stable/jellyfin/16.0.0/app-readme.md Normal file
View File

@ -0,0 +1,8 @@
Jellyfin is a Free Software Media System
This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/stable/jellyfin](https://truecharts.org/charts/stable/jellyfin)
---
TrueCharts can only exist due to the incredible effort of our staff.
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!

BIN
stable/jellyfin/16.0.0/charts/common-16.2.5.tgz Normal file
View File

Binary file not shown.

98
stable/jellyfin/16.0.0/ix_values.yaml Normal file
View File

@ -0,0 +1,98 @@
image:
repository: docker.io/jellyfin/jellyfin
pullPolicy: IfNotPresent
tag: 10.8.13@sha256:05a9734d7e83086b957c5b7a16cbb5a60b5bb8d113ffb953e57547359dd05140
broadcastProxyImage:
repository: docker.io/alpine/socat
pullPolicy: IfNotPresent
tag: 1.8.0.0@sha256:af9a3db190ffc0d49d24796be0cdd29cdef0463ada13d22eaf56342f2cb31bfb
service:
main:
ports:
main:
port: 8096
targetPort: 8096
autodiscovery:
enabled: true
ports:
autodiscovery:
enabled: true
protocol: udp
port: 7359
targetPort: 7359
persistence:
config:
enabled: true
mountPath: "/config"
cache:
enabled: true
mountPath: "/cache"
type: "emptyDir"
transcode:
enabled: true
mountPath: "/config/transcodes"
type: "emptyDir"
portal:
open:
enabled: true
securityContext:
container:
readOnlyRootFilesystem: false
workload:
main:
podSpec:
containers:
main:
env:
JELLYFIN_PublishedServerUrl: "{{ $.Values.chartContext.appUrl }}"
broadcastproxy:
enabled: false
type: DaemonSet
podSpec:
hostNetwork: true
# Proxy doesn't seem to respect the TERM signal, so by default
# this ends up just hanging until the default grace period ends.
# This is unnecesary since this workload only proxies autodiscovery
# messages.
terminationGracePeriodSeconds: 3
containers:
broadcastproxy:
enabled: true
primary: true
imageSelector: broadcastProxyImage
securityContext:
readOnlyRootFilesystem: true
command: ["/bin/sh"]
# Quite a lot going on here:
# - Resolve Jellyfin's autodiscovery service IP from its FQDN via getent hosts
# - Export the IP to `$TARGET_IP`
# - Check `$TARGET_IP` is not empty (so we can crash if it is - will help to detect templating errors)
# - Touch `/tmp/healty` to use with the readiness, liveness and startup probes
# - Start socat in proxy mode
# - On exit remove `/tmp/healthy`
args:
- "-c"
- 'export TARGET_IP=$(getent hosts ''{{ printf "%v-autodiscovery" (include "tc.v1.common.lib.chart.names.fullname" $) }}'' | awk ''{ print $1 }'') && [[ ! -z $TARGET_IP ]] && touch /tmp/healthy && socat UDP-LISTEN:7359,fork,reuseaddr,rcvbuf=8096 UDP4-SENDTO:${TARGET_IP}:7359,rcvbuf=8096 ; rm -rf /tmp/healthy'
probes:
readiness:
enabled: true
type: exec
command:
- cat
- /tmp/healthy
liveness:
enabled: true
type: exec
command:
- cat
- /tmp/healthy
startup:
enabled: true
type: exec
command:
- cat
- /tmp/healthy
# -- enable Jellyfin autodiscovery on LAN
autodiscovery:
enabled: false
updated: true

2924
stable/jellyfin/16.0.0/questions.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

1
stable/jellyfin/16.0.0/templates/NOTES.txt Normal file
View File

@ -0,0 +1 @@
{{- include "tc.v1.common.lib.chart.notes" $ -}}

8
stable/jellyfin/16.0.0/templates/common.yaml Normal file
View File

@ -0,0 +1,8 @@
{{- include "tc.v1.common.loader.init" . }}
{{- if .Values.autodiscovery.enabled -}}
{{/* Add proxy workload */}}
{{- $_ := set .Values.workload.broadcastproxy "enabled" true -}}
{{- end -}}
{{- include "tc.v1.common.loader.apply" . -}}

0
stable/jellyfin/16.0.0/values.yaml Normal file
View File

99
stable/nextcloud/24.0.0/CHANGELOG.md Normal file
View File

@ -0,0 +1,99 @@
**Important:**
*for the complete changelog, please refer to the website*
## [nextcloud-24.0.0](https://github.com/truecharts/charts/compare/nextcloud-23.0.2...nextcloud-24.0.0) (2023-12-20)
## [nextcloud-23.0.2](https://github.com/truecharts/charts/compare/nextcloud-23.0.1...nextcloud-23.0.2) (2023-12-20)
### Chore
- Bump everything to force min/max scale version update
## [nextcloud-23.0.1](https://github.com/truecharts/charts/compare/nextcloud-23.0.0...nextcloud-23.0.1) (2023-12-18)
### Fix
- add nginx changes for nc 28 ([#16306](https://github.com/truecharts/charts/issues/16306))
## [nextcloud-23.0.0](https://github.com/truecharts/charts/compare/nextcloud-22.2.21...nextcloud-23.0.0) (2023-12-17)
### Chore
- update container image tccr.io/truecharts/nextcloud-fpm to v28.0.0[@a765a49](https://github.com/a765a49) by renovate ([#16069](https://github.com/truecharts/charts/issues/16069))
## [nextcloud-22.2.21](https://github.com/truecharts/charts/compare/nextcloud-22.2.20...nextcloud-22.2.21) (2023-12-17)
### Chore
- update container image collabora/code to v23.05.6.3.1[@6d21951](https://github.com/6d21951) by renovate ([#16097](https://github.com/truecharts/charts/issues/16097))
## [nextcloud-22.2.20](https://github.com/truecharts/charts/compare/nextcloud-22.2.19...nextcloud-22.2.20) (2023-12-17)
### Chore
- update container image tccr.io/truecharts/nextcloud-fpm to v[@e97e94d](https://github.com/e97e94d) ([#16037](https://github.com/truecharts/charts/issues/16037))
## [nextcloud-22.2.19](https://github.com/truecharts/charts/compare/nextcloud-22.2.18...nextcloud-22.2.19) (2023-12-16)
### Chore
- update helm general non-major ([#14784](https://github.com/truecharts/charts/issues/14784))
## [nextcloud-22.2.19](https://github.com/truecharts/charts/compare/nextcloud-22.2.18...nextcloud-22.2.19) (2023-12-16)
### Chore
- update helm general non-major ([#14784](https://github.com/truecharts/charts/issues/14784))
## [nextcloud-22.2.18](https://github.com/truecharts/charts/compare/nextcloud-22.2.17...nextcloud-22.2.18) (2023-12-11)
### Chore
- update container image clamav/clamav to 1.2.1[@d584c29](https://github.com/d584c29) ([#15962](https://github.com/truecharts/charts/issues/15962))
## [nextcloud-22.2.17](https://github.com/truecharts/charts/compare/nextcloud-22.2.16...nextcloud-22.2.17) (2023-12-08)
### Chore
- update container image tccr.io/truecharts/nextcloud-fpm to v27.1.4[@37c7521](https://github.com/37c7521) ([#15885](https://github.com/truecharts/charts/issues/15885))
- update container image nginxinc/nginx-unprivileged to 1.25.3[@1d026ae](https://github.com/1d026ae) ([#15884](https://github.com/truecharts/charts/issues/15884))
## [nextcloud-22.2.16](https://github.com/truecharts/charts/compare/nextcloud-22.2.15...nextcloud-22.2.16) (2023-12-06)
### Chore
- update container image nginxinc/nginx-unprivileged to 1.25.3[@a7ef461](https://github.com/a7ef461) ([#15718](https://github.com/truecharts/charts/issues/15718))

50
stable/nextcloud/24.0.0/Chart.yaml Normal file
View File

@ -0,0 +1,50 @@
kubeVersion: ">=1.24.0-0"
apiVersion: v2
name: nextcloud
version: 24.0.0
appVersion: 27.1.4
description:
A private cloud server that puts the control and security of your own
data back into your hands.
home: https://truecharts.org/charts/stable/nextcloud
icon: https://truecharts.org/img/hotlink-ok/chart-icons/nextcloud.png
deprecated: false
sources:
- https://github.com/nextcloud/helm
- https://github.com/truecharts/charts/tree/master/charts/stable/nextcloud
- https://github.com/truecharts/containers/tree/master/mirrornextcloud-fpm
- https://github.com/nextcloud/docker
maintainers:
- name: TrueCharts
email: info@truecharts.org
url: https://truecharts.org
keywords:
- nextcloud
- storage
- http
- web
- php
dependencies:
- name: common
version: 16.2.5
repository: https://library-charts.truecharts.org
condition: ""
alias: ""
tags: []
import-values: []
- name: redis
version: 6.0.66
repository: https://deps.truecharts.org
condition: redis.enabled
alias: ""
tags: []
import-values: []
annotations:
max_scale_version: 23.10.2
min_scale_version: 23.10.0
truecharts.org/SCALE-support: "true"
truecharts.org/category: cloud
truecharts.org/max_helm_version: "3.13"
truecharts.org/min_helm_version: "3.12"
truecharts.org/train: stable
type: application

106
stable/nextcloud/24.0.0/LICENSE Normal file
View File

@ -0,0 +1,106 @@
Business Source License 1.1
Parameters
Licensor: The TrueCharts Project, it's owner and it's contributors
Licensed Work: The TrueCharts "Blocky" Helm Chart
Additional Use Grant: You may use the licensed work in production, as long
as it is directly sourced from a TrueCharts provided
official repository, catalog or source. You may also make private
modification to the directly sourced licenced work,
when used in production.
The following cases are, due to their nature, also
defined as 'production use' and explicitly prohibited:
- Bundling, including or displaying the licensed work
with(in) another work intended for production use,
with the apparent intend of facilitating and/or
promoting production use by third parties in
violation of this license.
Change Date: 2050-01-01
Change License: 3-clause BSD license
For information about alternative licensing arrangements for the Software,
please contact: legal@truecharts.org
Notice
The Business Source License (this document, or the “License”) is not an Open
Source license. However, the Licensed Work will eventually be made available
under an Open Source License, as stated in this License.
License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved.
“Business Source License” is a trademark of MariaDB Corporation Ab.
-----------------------------------------------------------------------------
Business Source License 1.1
Terms
The Licensor hereby grants you the right to copy, modify, create derivative
works, redistribute, and make non-production use of the Licensed Work. The
Licensor may make an Additional Use Grant, above, permitting limited
production use.
Effective on the Change Date, or the fourth anniversary of the first publicly
available distribution of a specific version of the Licensed Work under this
License, whichever comes first, the Licensor hereby grants you rights under
the terms of the Change License, and the rights granted in the paragraph
above terminate.
If your use of the Licensed Work does not comply with the requirements
currently in effect as described in this License, you must purchase a
commercial license from the Licensor, its affiliated entities, or authorized
resellers, or you must refrain from using the Licensed Work.
All copies of the original and modified Licensed Work, and derivative works
of the Licensed Work, are subject to this License. This License applies
separately for each version of the Licensed Work and the Change Date may vary
for each version of the Licensed Work released by Licensor.
You must conspicuously display this License on each original or modified copy
of the Licensed Work. If you receive the Licensed Work in original or
modified form from a third party, the terms and conditions set forth in this
License apply to your use of that work.
Any use of the Licensed Work in violation of this License will automatically
terminate your rights under this License for the current and all other
versions of the Licensed Work.
This License does not grant you any right in any trademark or logo of
Licensor or its affiliates (provided that you may use a trademark or logo of
Licensor as expressly required by this License).
TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON
AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS,
EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND
TITLE.
MariaDB hereby grants you permission to use this Licenses text to license
your works, and to refer to it using the trademark “Business Source License”,
as long as you comply with the Covenants of Licensor below.
Covenants of Licensor
In consideration of the right to use this Licenses text and the “Business
Source License” name and trademark, Licensor covenants to MariaDB, and to all
other recipients of the licensed work to be provided by Licensor:
1. To specify as the Change License the GPL Version 2.0 or any later version,
or a license that is compatible with GPL Version 2.0 or a later version,
where “compatible” means that software provided under the Change License can
be included in a program with software provided under GPL Version 2.0 or a
later version. Licensor may specify additional Change Licenses without
limitation.
2. To either: (a) specify an additional grant of rights to use that does not
impose any additional restriction on the right granted in this License, as
the Additional Use Grant; or (b) insert the text “None”.
3. To specify a Change Date.
4. Not to modify this License in any other way.

27
stable/nextcloud/24.0.0/README.md Normal file
View File

@ -0,0 +1,27 @@
# README
## General Info
TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
However only installations using the TrueNAS SCALE Apps system are supported.
For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/stable/nextcloud)
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
## Support
- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro).
- See the [Website](https://truecharts.org)
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
---
## Sponsor TrueCharts
TrueCharts can only exist due to the incredible effort of our staff.
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
*All Rights Reserved - The TrueCharts Project*

4
stable/nextcloud/24.0.0/app-changelog.md Normal file
View File

@ -0,0 +1,4 @@
## [nextcloud-24.0.0](https://github.com/truecharts/charts/compare/nextcloud-23.0.2...nextcloud-24.0.0) (2023-12-20)

8
stable/nextcloud/24.0.0/app-readme.md Normal file
View File

@ -0,0 +1,8 @@
A private cloud server that puts the control and security of your own data back into your hands.
This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/stable/nextcloud](https://truecharts.org/charts/stable/nextcloud)
---
TrueCharts can only exist due to the incredible effort of our staff.
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!

BIN
stable/nextcloud/24.0.0/charts/common-16.2.5.tgz Normal file
View File

Binary file not shown.

BIN
stable/nextcloud/24.0.0/charts/redis-6.0.66.tgz Normal file
View File

Binary file not shown.

512
stable/nextcloud/24.0.0/ix_values.yaml Normal file
View File

@ -0,0 +1,512 @@
image:
repository: tccr.io/truecharts/nextcloud-fpm
pullPolicy: IfNotPresent
tag: v28.0.0@sha256:a765a49bafef4e3e6c1f874c5ee1c4d2ce39b2bd6793b9a2e044ed75645bbc1a
nginxImage:
repository: nginxinc/nginx-unprivileged
pullPolicy: IfNotPresent
tag: 1.25.3@sha256:1d026ae92e50e76c77ca776f234f154d4a1d39e33e8f813115e53c2a9b893bc9
imaginaryImage:
repository: tccr.io/truecharts/nextcloud-imaginary
pullPolicy: IfNotPresent
tag: v20230401@sha256:6a227d1b0200d29f25028e07b8852f60e3d91a5814048933e70eccee749dc04c
hpbImage:
repository: tccr.io/truecharts/nextcloud-push-notify
pullPolicy: IfNotPresent
tag: v0.6.3@sha256:b9c35ab123354eeac3996e361f8c30b8e4de6d2ccd69e5179a7c2a101a67b46f
clamavImage:
repository: clamav/clamav
pullPolicy: IfNotPresent
tag: 1.2.1@sha256:d584c29eefc29e138eb14f243abef2f6712cffecac52194626a2b2f6bb3ec2c7
collaboraImage:
repository: collabora/code
pullPolicy: IfNotPresent
tag: 23.05.6.3.1@sha256:6d21951e6376be4a12009b5058c57f3da7df06faf05c62406030b3652a3e78f6
nextcloud:
# Initial Credentials
credentials:
initialAdminUser: admin
initialAdminPassword: adminpass
# General settings
general:
# Custom Nextcloud Scripts
run_optimize: true
default_phone_region: GR
# IP used for exposing nextcloud,
# often the loadbalancer IP
accessIP: ""
# Allows Nextcloud to connect to unsecure (http) endpoints
force_enable_allow_local_remote_servers: false
# File settings
files:
shared_folder_name: Shared
max_chunk_size: 10485760
# Expiration settings
expirations:
activity_expire_days: 90
trash_retention_obligation: auto
versions_retention_obligation: auto
# Previews settings
previews:
enabled: true
# It will also deploy the container
imaginary: true
cron: true
schedule: "*/30 * * * *"
max_x: 2048
max_y: 2048
max_memory: 1024
max_file_size_image: 50
# Setting for Imaginary
max_allowed_resolution: 18.0
jpeg_quality: 60
square_sizes: 32 256
width_sizes: 256 384
height_sizes: 256
# Casings are important
# https://github.com/nextcloud/server/blob/master/config/config.sample.php#L1269
# Only the last part of the provider is needed
providers:
- PNG
- JPEG
# Logging settings
logging:
log_level: 2
log_file: /var/www/html/data/logs/nextcloud.log
log_audit_file: /var/www/html/data/logs/audit.log
log_date_format: d/m/Y H:i:s
# ClamAV settings
clamav:
# It will also deploy the container
# Note that this runs as root
enabled: false
stream_max_length: 26214400
file_max_size: -1
infected_action: only_log
# Notify Push settings
notify_push:
# It will also deploy the container
enabled: true
# Collabora settings
collabora:
# It will also deploy the container
enabled: false
# default|compact|tabbed
interface_mode: default
username: admin
password: changeme
dictionaries:
- de_DE
- en_GB
- en_US
- el_GR
- es_ES
- fr_FR
- pt_BR
- pt_PT
- it
- nl
- ru
onlyoffice:
# It will not deploy the container
# Only add the OnlyOffice settings
enabled: false
url: ""
internal_url: ""
verify_ssl: true
jwt: ""
jwt_header: Authorization
# PHP settings
php:
memory_limit: 1G
upload_limit: 10G
pm_max_children: 180
pm_start_servers: 18
pm_min_spare_servers: 12
pm_max_spare_servers: 30
opcache:
interned_strings_buffer: 32
max_accelerated_files: 10000
memory_consumption: 128
revalidate_freq: 60
jit_buffer_size: 128
# Do NOT edit below this line
workload:
# Nextcloud php-fpm
main:
type: Deployment
podSpec:
containers:
main:
enabled: true
primary: true
envFrom:
- configMapRef:
name: nextcloud-config
probes:
liveness:
enabled: true
type: exec
command: /healthcheck.sh
readiness:
enabled: true
type: exec
command: /healthcheck.sh
startup:
enabled: true
type: tcp
port: "{{ .Values.service.nextcloud.ports.nextcloud.targetPort }}"
nginx:
enabled: true
type: Deployment
strategy: RollingUpdate
replicas: 1
podSpec:
containers:
nginx:
enabled: true
primary: true
imageSelector: nginxImage
probes:
readiness:
enabled: true
path: /robots.txt
port: "{{ .Values.service.main.ports.main.port }}"
httpHeaders:
Host: kube.internal.healthcheck
liveness:
enabled: true
path: /robots.txt
port: "{{ .Values.service.main.ports.main.port }}"
httpHeaders:
Host: kube.internal.healthcheck
startup:
enabled: true
type: tcp
port: "{{ .Values.service.main.ports.main.port }}"
notify:
enabled: true
type: Deployment
strategy: RollingUpdate
replicas: 1
podSpec:
containers:
notify:
primary: true
enabled: true
imageSelector: hpbImage
envFrom:
- configMapRef:
name: hpb-config
probes:
readiness:
enabled: true
path: /push/test/cookie
port: 7867
httpHeaders:
Host: kube.internal.healthcheck
liveness:
enabled: true
path: /push/test/cookie
port: 7867
httpHeaders:
Host: kube.internal.healthcheck
startup:
enabled: true
type: tcp
port: 7867
imaginary:
enabled: true
type: Deployment
strategy: RollingUpdate
replicas: 1
podSpec:
containers:
imaginary:
primary: true
enabled: true
imageSelector: imaginaryImage
command: imaginary
args:
- -p
- "{{ .Values.service.imaginary.ports.imaginary.port }}"
- -concurrency
- "10"
- -max-allowed-resolution
- "{{ .Values.nextcloud.previews.max_allowed_resolution }}"
- -enable-url-source
- -return-size
probes:
readiness:
enabled: true
path: /health
port: "{{ .Values.service.imaginary.ports.imaginary.port }}"
liveness:
enabled: true
path: /health
port: "{{ .Values.service.imaginary.ports.imaginary.port }}"
startup:
enabled: true
type: tcp
port: "{{ .Values.service.imaginary.ports.imaginary.port }}"
clamav:
enabled: true
type: Deployment
strategy: RollingUpdate
replicas: 1
podSpec:
containers:
clamav:
primary: true
enabled: true
imageSelector: clamavImage
# FIXME: https://github.com/Cisco-Talos/clamav/issues/478
securityContext:
runAsUser: 0
runAsGroup: 0
runAsNonRoot: false
readOnlyRootFilesystem: false
envFrom:
- configMapRef:
name: clamav-config
probes:
readiness:
enabled: true
type: exec
command: clamdcheck.sh
liveness:
enabled: true
type: exec
command: clamdcheck.sh
startup:
enabled: true
type: tcp
port: "{{ .Values.service.clamav.ports.clamav.targetPort }}"
collabora:
enabled: true
type: Deployment
strategy: RollingUpdate
replicas: 1
podSpec:
containers:
collabora:
primary: true
enabled: true
imageSelector: collaboraImage
securityContext:
runAsUser: 100
runAsGroup: 102
readOnlyRootFilesystem: false
allowPrivilegeEscalation: true
capabilities:
add:
- CHOWN
- FOWNER
- SYS_CHROOT
- MKNOD
envFrom:
- configMapRef:
name: collabora-config
probes:
readiness:
enabled: true
type: http
path: /collabora/
port: "{{ .Values.service.collabora.ports.collabora.targetPort }}"
liveness:
enabled: true
type: http
path: /collabora/
port: "{{ .Values.service.collabora.ports.collabora.targetPort }}"
startup:
enabled: true
type: tcp
port: "{{ .Values.service.collabora.ports.collabora.targetPort }}"
cronjobs:
# Don't change names, it's used in the persistence
- name: nextcloud-cron
enabled: true
schedule: "*/5 * * * *"
cmd:
- echo "Running [php -f /var/www/html/cron.php] ..."
- php -f /var/www/html/cron.php
- echo "Finished [php -f /var/www/html/cron.php]"
- name: preview-cron
enabled: "{{ .Values.nextcloud.previews.cron }}"
schedule: "{{ .Values.nextcloud.previews.schedule }}"
cmd:
- echo "Running [occ preview:pre-generate] ..."
- occ preview:pre-generate
- echo "Finished [occ preview:pre-generate]"
service:
# Main service links to ingress easier
# That's why the nginx is swapped with nextcloud
main:
targetSelector: nginx
ports:
main:
targetSelector: nginx
port: 8080
nextcloud:
enabled: true
targetSelector: main
ports:
nextcloud:
enabled: true
targetSelector: main
port: 9000
targetPort: 9000
notify:
enabled: true
targetSelector: notify
ports:
notify:
enabled: true
primary: true
port: 7867
targetPort: 7867
targetSelector: notify
metrics:
enabled: true
port: 7868
targetSelector: notify
imaginary:
enabled: true
targetSelector: imaginary
ports:
imaginary:
enabled: true
port: 9090
targetSelector: imaginary
clamav:
enabled: true
targetSelector: clamav
ports:
clamav:
enabled: true
port: 3310
targetPort: 3310
targetSelector: clamav
collabora:
enabled: true
targetSelector: collabora
ports:
collabora:
enabled: true
port: 9980
targetPort: 9980
targetSelector: collabora
persistence:
php-tune:
enabled: true
type: configmap
objectName: php-tune
targetSelector:
main:
main:
mountPath: /usr/local/etc/php-fpm.d/zz-tune.conf
subPath: zz-tune.conf
readOnly: true
redis-session:
enabled: true
type: configmap
objectName: redis-session
targetSelector:
main:
main:
mountPath: /usr/local/etc/php/conf.d/redis-session.ini
subPath: redis-session.ini
readOnly: true
opcache-recommended:
enabled: true
type: configmap
objectName: opcache
targetSelector:
main:
main:
mountPath: /usr/local/etc/php/conf.d/opcache-recommended.ini
subPath: opcache-recommended.ini
readOnly: true
nginx:
enabled: true
type: configmap
objectName: nginx-config
targetSelector:
nginx:
nginx:
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
readOnly: true
nginx-temp:
enabled: true
type: emptyDir
targetSelector:
nginx:
nginx:
mountPath: /tmp/nginx
html:
enabled: true
targetSelector:
main:
main:
mountPath: /var/www/html
nextcloud-cron:
nextcloud-cron:
mountPath: /var/www/html
preview-cron:
preview-cron:
mountPath: /var/www/html
nginx:
nginx:
mountPath: /var/www/html
readOnly: true
config:
enabled: true
targetSelector:
main:
main:
mountPath: /var/www/html/config
nextcloud-cron:
nextcloud-cron:
mountPath: /var/www/html/config
preview-cron:
preview-cron:
mountPath: /var/www/html/config
notify:
notify:
mountPath: /var/www/html/config
readOnly: true
nginx:
nginx:
mountPath: /var/www/html/config
readOnly: true
data:
enabled: true
targetSelector:
main:
main:
mountPath: /var/www/html/data
init-perms:
mountPath: /var/www/html/data
nextcloud-cron:
nextcloud-cron:
mountPath: /var/www/html/data
preview-cron:
preview-cron:
mountPath: /var/www/html/data
nginx:
nginx:
mountPath: /var/www/html/data
readOnly: true
cnpg:
main:
enabled: true
user: nextcloud
database: nextcloud
redis:
enabled: true
username: default
portal:
open:
enabled: true
updated: true

3778
stable/nextcloud/24.0.0/questions.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

1
stable/nextcloud/24.0.0/templates/NOTES.txt Normal file
View File

@ -0,0 +1 @@
{{- include "tc.v1.common.lib.chart.notes" $ -}}

443
stable/nextcloud/24.0.0/templates/_configmap.tpl Normal file
View File

@ -0,0 +1,443 @@
{{- define "nextcloud.accessurl" -}}
{{- $accessUrl := .Values.chartContext.appUrl -}}
{{- if or (contains "127.0.0.1" $accessUrl) (contains "localhost" $accessUrl) -}}
{{- if .Values.nextcloud.general.accessIP -}}
{{- $prot := "http" -}}
{{- $host := .Values.nextcloud.general.accessIP -}}
{{- $port := .Values.service.main.ports.main.port -}}
{{/*
Allowing here to override protocol and port
should be enough to make it work with any rev proxy
*/}}
{{- $accessUrl = printf "%v://%v:%v" $prot $host $port -}}
{{- end -}}
{{- end -}}
{{- $accessUrl -}}
{{- end -}}
{{- define "nextcloud.accesshost" -}}
{{- $accessUrl := (include "nextcloud.accessurl" $) -}}
{{- $accessHost := regexReplaceAll ".*://(.*)" $accessUrl "${1}" -}}
{{- $accessHost = regexReplaceAll "(.*):.*" $accessHost "${1}" -}}
{{- $accessHost -}}
{{- end -}}
{{/* Define the configmap */}}
{{- define "nextcloud.configmaps" -}}
{{- $fullname := (include "tc.v1.common.lib.chart.names.fullname" $) -}}
{{- $fqdn := (include "tc.v1.common.lib.chart.names.fqdn" $) -}}
{{- $accessUrl := (include "nextcloud.accessurl" $) -}}
{{- $accessHost := (include "nextcloud.accesshost" $) -}}
{{- $accessHostPort := regexReplaceAll ".*://(.*)" $accessUrl "${1}" -}}
{{- $accessProtocol := regexReplaceAll "(.*)://.*" $accessUrl "${1}" -}}
{{- $redisHost := .Values.redis.creds.plainhost | trimAll "\"" -}}
{{- $redisPass := .Values.redis.creds.redisPassword | trimAll "\"" -}}
{{- $healthHost := "kube.internal.healthcheck" -}}
php-tune:
enabled: true
data:
zz-tune.conf: |
[www]
pm.max_children = {{ .Values.nextcloud.php.pm_max_children }}
pm.start_servers = {{ .Values.nextcloud.php.pm_start_servers }}
pm.min_spare_servers = {{ .Values.nextcloud.php.pm_min_spare_servers }}
pm.max_spare_servers = {{ .Values.nextcloud.php.pm_max_spare_servers }}
opcache:
enabled: true
data:
opcache-recommended.ini: |
opcache.enable=1
opcache.save_comments=1
opcache.jit=1255
opcache.interned_strings_buffer={{ .Values.nextcloud.opcache.interned_strings_buffer }}
opcache.max_accelerated_files={{ .Values.nextcloud.opcache.max_accelerated_files }}
opcache.memory_consumption={{ .Values.nextcloud.opcache.memory_consumption }}
opcache.revalidate_freq={{ .Values.nextcloud.opcache.revalidate_freq }}
opcache.jit_buffer_size={{ printf "%vM" .Values.nextcloud.opcache.jit_buffer_size }}
redis-session:
enabled: true
data:
redis-session.ini: |
session.save_handler = redis
session.save_path = {{ printf "tcp://%v:6379?auth=%v" $redisHost $redisPass | quote }}
redis.session.locking_enabled = 1
redis.session.lock_retries = -1
redis.session.lock_wait_time = 10000
hpb-config:
enabled: {{ .Values.nextcloud.notify_push.enabled }}
data:
NEXTCLOUD_URL: {{ printf "http://%v:%v" $fullname .Values.service.main.ports.main.port }}
HPB_HOST: {{ $healthHost }}
CONFIG_FILE: {{ printf "%v/config.php" .Values.persistence.config.targetSelector.notify.notify.mountPath }}
METRICS_PORT: {{ .Values.service.notify.ports.metrics.port | quote }}
clamav-config:
enabled: {{ .Values.nextcloud.clamav.enabled }}
data:
CLAMAV_NO_CLAMD: "false"
CLAMAV_NO_FRESHCLAMD: "true"
CLAMAV_NO_MILTERD: "true"
CLAMD_STARTUP_TIMEOUT: "1800"
collabora-config:
enabled: {{ .Values.nextcloud.collabora.enabled }}
data:
aliasgroup1: {{ $accessUrl }}
server_name: {{ $accessHostPort }}
dictionaries: {{ join " " .Values.nextcloud.collabora.dictionaries }}
username: {{ .Values.nextcloud.collabora.username | quote }}
password: {{ .Values.nextcloud.collabora.password | quote }}
DONT_GEN_SSL_CERT: "true"
# mount_jail_tree is only used for local storage
# not needed for WOPI https://github.com/CollaboraOnline/online/issues/3604#issuecomment-989833814
extra_params: |
--o:ssl.enable=false
--o:ssl.termination=true
--o:net.service_root=/collabora
--o:home_mode.enable=true
--o:welcome.enable=false
--o:logging.level=warning
--o:logging.level_startup=warning
--o:security.seccomp=true
--o:mount_jail_tree=false
--o:user_interface.mode={{ .Values.nextcloud.collabora.user_interface_mode }}
nextcloud-config:
enabled: true
data:
{{/* Database */}}
POSTGRES_DB: {{ .Values.cnpg.main.database | quote }}
POSTGRES_USER: {{ .Values.cnpg.main.user | quote }}
POSTGRES_PASSWORD: {{ .Values.cnpg.main.creds.password | trimAll "\"" }}
POSTGRES_HOST: {{ .Values.cnpg.main.creds.host | trimAll "\"" }}
{{/* Redis */}}
NX_REDIS_HOST: {{ $redisHost }}
NX_REDIS_PASS: {{ $redisPass }}
{{/* Nextcloud INITIAL credentials */}}
NEXTCLOUD_ADMIN_USER: {{ .Values.nextcloud.credentials.initialAdminUser | quote }}
NEXTCLOUD_ADMIN_PASSWORD: {{ .Values.nextcloud.credentials.initialAdminPassword | quote }}
{{/* PHP Variables */}}
PHP_MEMORY_LIMIT: {{ .Values.nextcloud.php.memory_limit | quote }}
PHP_UPLOAD_LIMIT: {{ .Values.nextcloud.php.upload_limit | quote }}
{{/* Notify Push */}}
NX_NOTIFY_PUSH: {{ .Values.nextcloud.notify_push.enabled | quote }}
{{- if .Values.nextcloud.notify_push.enabled }}
NX_NOTIFY_PUSH_ENDPOINT: {{ $accessUrl }}/push
{{- end }}
{{/* Previews */}}
NX_PREVIEWS: {{ .Values.nextcloud.previews.enabled | quote }}
NX_PREVIEW_PROVIDERS: {{ join " " .Values.nextcloud.previews.providers }}
NX_PREVIEW_MAX_X: {{ .Values.nextcloud.previews.max_x | quote }}
NX_PREVIEW_MAX_Y: {{ .Values.nextcloud.previews.max_y | quote }}
NX_PREVIEW_MAX_MEMORY: {{ .Values.nextcloud.previews.max_memory | quote }}
NX_PREVIEW_MAX_FILESIZE_IMAGE: {{ .Values.nextcloud.previews.max_file_size_image | quote }}
NX_JPEG_QUALITY: {{ .Values.nextcloud.previews.jpeg_quality | quote }}
NX_PREVIEW_SQUARE_SIZES: {{ .Values.nextcloud.previews.square_sizes | quote }}
NX_PREVIEW_WIDTH_SIZES: {{ .Values.nextcloud.previews.width_sizes | quote }}
NX_PREVIEW_HEIGHT_SIZES: {{ .Values.nextcloud.previews.height_sizes | quote }}
{{/* Imaginary */}}
NX_IMAGINARY: {{ and .Values.nextcloud.previews.enabled .Values.nextcloud.previews.imaginary | quote }}
{{- if and .Values.nextcloud.previews.enabled .Values.nextcloud.previews.imaginary }}
NX_IMAGINARY_URL: {{ printf "http://%v-imaginary:%v" $fullname .Values.service.imaginary.ports.imaginary.port }}
{{- end }}
{{/* Expirations */}}
NX_ACTIVITY_EXPIRE_DAYS: {{ .Values.nextcloud.expirations.activity_expire_days | quote }}
NX_TRASH_RETENTION: {{ .Values.nextcloud.expirations.trash_retention_obligation | quote }}
NX_VERSIONS_RETENTION: {{ .Values.nextcloud.expirations.versions_retention_obligation | quote }}
{{/* General */}}
NX_RUN_OPTIMIZE: {{ .Values.nextcloud.general.run_optimize | quote }}
NX_DEFAULT_PHONE_REGION: {{ .Values.nextcloud.general.default_phone_region | quote }}
NEXTCLOUD_DATA_DIR: {{ .Values.persistence.data.targetSelector.main.main.mountPath }}
NX_FORCE_ENABLE_ALLOW_LOCAL_REMOTE_SERVERS: {{ .Values.nextcloud.general.force_enable_allow_local_remote_servers | quote }}
{{/* Files */}}
NX_SHARED_FOLDER_NAME: {{ .Values.nextcloud.files.shared_folder_name | quote }}
NX_MAX_CHUNKSIZE: {{ .Values.nextcloud.files.max_chunk_size | mul 1 | quote }}
{{/* Logging */}}
NX_LOG_LEVEL: {{ .Values.nextcloud.logging.log_level | quote }}
NX_LOG_FILE: {{ .Values.nextcloud.logging.log_file | quote }}
NX_LOG_FILE_AUDIT: {{ .Values.nextcloud.logging.log_audit_file | quote }}
NX_LOG_DATE_FORMAT: {{ .Values.nextcloud.logging.log_date_format | quote }}
NX_LOG_TIMEZONE: {{ .Values.TZ | quote }}
{{/* ClamAV */}}
NX_CLAMAV: {{ .Values.nextcloud.clamav.enabled | quote }}
{{- if .Values.nextcloud.clamav.enabled }}
NX_CLAMAV_HOST: {{ printf "%v-clamav" $fullname }}
NX_CLAMAV_PORT: {{ .Values.service.clamav.ports.clamav.targetPort | quote }}
NX_CLAMAV_STREAM_MAX_LENGTH: {{ .Values.nextcloud.clamav.stream_max_length | mul 1 | quote }}
NX_CLAMAV_FILE_MAX_SIZE: {{ .Values.nextcloud.clamav.file_max_size | quote }}
NX_CLAMAV_INFECTED_ACTION: {{ .Values.nextcloud.clamav.infected_action | quote }}
{{- end }}
{{/* Collabora */}}
NX_COLLABORA: {{ .Values.nextcloud.collabora.enabled | quote }}
{{- if .Values.nextcloud.collabora.enabled }}
NX_COLLABORA_URL: {{ printf "%v/collabora" $accessUrl | quote }}
# Ideally this would be a combo of: public ip, pod cidr, svc cidr
# But not always people have static IP.
NX_COLLABORA_ALLOWLIST: "0.0.0.0/0"
{{- end }}
{{/* Only Office */}}
NX_ONLYOFFICE: {{ .Values.nextcloud.onlyoffice.enabled | quote }}
{{- if .Values.nextcloud.onlyoffice.enabled }}
NX_ONLYOFFICE_URL: {{ .Values.nextcloud.onlyoffice.url | quote }}
NX_ONLYOFFICE_INTERNAL_URL: {{ .Values.nextcloud.onlyoffice.internal_url | quote }}
NX_ONLYOFFICE_VERIFY_SSL: {{ .Values.nextcloud.onlyoffice.verify_ssl | quote }}
NX_ONLYOFFICE_NEXTCLOUD_INTERNAL_URL: {{ printf "http://%v.svc.cluster.local:%v" $fqdn .Values.service.main.ports.main.port }}
NX_ONLYOFFICE_JWT: {{ .Values.nextcloud.onlyoffice.jwt | quote }}
NX_ONLYOFFICE_JWT_HEADER: {{ .Values.nextcloud.onlyoffice.jwt_header | quote }}
{{- end }}
{{/* URLs */}}
NX_OVERWRITE_HOST: {{ $accessHostPort }}
NX_OVERWRITE_CLI_URL: {{ $accessUrl }}
# Return the protocol part of the URL
NX_OVERWRITE_PROTOCOL: {{ $accessProtocol | lower }}
# IP (or range in this case) of the proxy(ies)
NX_TRUSTED_PROXIES: |
{{ .Values.chartContext.podCIDR }}
{{ .Values.chartContext.svcCIDR }}
# fullname-* will allow access from the
# other services in the same namespace
NX_TRUSTED_DOMAINS: |
127.0.0.1
localhost
{{ $fullname }}
{{ printf "%v-*" $fullname }}
{{ $healthHost }}
{{- if not (contains "127.0.0.1" $accessHost) }}
{{- $accessHost | nindent 6 }}
{{- end -}}
{{- with .Values.nextcloud.general.accessIP }}
{{- . | nindent 6 }}
{{- end }}
# TODO: Replace locations with ingress
# like /push, /.well-known/carddav, /.well-known/caldav
# needs some work as nginx converts urls to pretty urls
# before matching them to locations, so ingress needs to
# take that into consideration.
nginx-config:
enabled: true
data:
nginx.conf: |
worker_processes auto;
error_log /var/log/nginx/error.log warn;
# Set to /tmp so it can run as non-root
pid /tmp/nginx.pid;
events {
worker_connections 1024;
}
http {
# Set to /tmp so it can run as non-root
client_body_temp_path /tmp/nginx/client_temp;
proxy_temp_path /tmp/nginx/proxy_temp_path;
fastcgi_temp_path /tmp/nginx/fastcgi_temp;
uwsgi_temp_path /tmp/nginx/uwsgi_temp;
scgi_temp_path /tmp/nginx/scgi_temp;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
# Prevent nginx HTTP Server Detection
server_tokens off;
keepalive_timeout 65;
#gzip on;
upstream php-handler {
server {{ printf "%v-nextcloud" $fullname }}:{{ .Values.service.nextcloud.ports.nextcloud.targetPort }};
}
server {
listen {{ .Values.service.main.ports.main.port }};
absolute_redirect off;
{{- if .Values.nextcloud.notify_push.enabled }}
# Forward Notify_Push "High Performance Backend" to it's own container
location ^~ /push/ {
# The trailing "/" is important!
proxy_pass http://{{ printf "%v-notify" $fullname }}:{{ .Values.service.notify.ports.notify.targetPort }}/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
{{- end }}
# HSTS settings
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# Set max upload size
client_max_body_size {{ .Values.nextcloud.php.upload_limit | default "512M" }};
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Pagespeed is not supported by Nextcloud, so if your server is built
# with the `ngx_pagespeed` module, uncomment this line to disable it.
#pagespeed off;
include mime.types;
types {
text/javascript js mjs;
}
# HTTP response headers borrowed from Nextcloud `.htaccess`
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root {{ .Values.persistence.html.targetSelector.nginx.nginx.mountPath }};
# Specify how to handle directories -- specifying `/index.php$request_uri`
# here as the fallback means that Nginx always exhibits the desired behaviour
# when a client requests a path that corresponds to a directory that exists
# on the server. In particular, if that directory contains an index.php file,
# that file is correctly served; if it doesn't, then the request is passed to
# the front-end controller. This consistent behaviour means that we don't need
# to specify custom rules for certain paths (e.g. images and other assets,
# `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
# `try_files $uri $uri/ /index.php$request_uri`
# always provides the desired behaviour.
index index.php index.html /index.php$request_uri;
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
location = / {
if ( $http_user_agent ~ ^DavClnt ) {
return 302 /remote.php/webdav/$is_args$args;
}
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Make a regex exception for `/.well-known` so that clients can still
# access it despite the existence of the regex rule
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
# for `/.well-known`.
location ^~ /.well-known {
# The rules in this block are an adaptation of the rules
# in `.htaccess` that concern `/.well-known`.
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
# Let Nextcloud's API for `/.well-known` URIs handle all other
# requests by passing them to the front-end controller.
return 301 /index.php$request_uri;
}
# Rules borrowed from `.htaccess` to hide certain paths from clients
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
# which handle static assets (as seen below). If this block is not declared first,
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
# to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) {
# Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
#fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
proxy_send_timeout 3600s;
proxy_read_timeout 3600s;
fastcgi_send_timeout 3600s;
fastcgi_read_timeout 3600s;
}
location ~ \.(?:css|js|svg|gif)$ {
try_files $uri /index.php$request_uri;
expires 6M; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
location ~ \.woff2?$ {
try_files $uri /index.php$request_uri;
expires 7d; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
# Rule borrowed from `.htaccess`
location /remote {
return 301 /remote.php$request_uri;
}
location / {
try_files $uri $uri/ /index.php$request_uri;
}
}
}
{{- end -}}

34
stable/nextcloud/24.0.0/templates/_cronjobs.tpl Normal file
View File

@ -0,0 +1,34 @@
{{- define "nextcloud.cronjobs" -}}
{{- range $cj := .Values.cronjobs }}
{{- $name := $cj.name | required "Nextcloud - Expected non-empty name in cronjob" -}}
{{- $schedule := $cj.schedule | required "Nextcloud - Expected non-empty schedule in cronjob" }}
{{ $name }}:
enabled: {{ $cj.enabled | quote }}
type: CronJob
schedule: {{ $schedule | quote }}
podSpec:
restartPolicy: Never
containers:
{{ $name }}:
enabled: true
primary: true
imageSelector: image
command:
- /bin/bash
- -c
- |
{{- range $cj.cmd }}
{{- . | nindent 12 }}
{{- else -}}
{{- fail "Nextcloud - Expected non-empty cmd in cronjob" -}}
{{- end }}
probes:
liveness:
enabled: false
readiness:
enabled: false
startup:
enabled: false
{{- end }}
{{- end -}}

24
stable/nextcloud/24.0.0/templates/_ingressInjector.tpl Normal file
View File

@ -0,0 +1,24 @@
{{- define "nextcloud.ingressInjector" -}}
{{- if .Values.ingress.main.enabled -}}
{{- $injectPaths := list -}}
{{- if .Values.nextcloud.collabora.enabled -}}
{{- $injectPaths = mustAppend $injectPaths (include "nextcloud.collabora.ingress" $ | fromYaml) -}}
{{- end -}}
{{/* Append more paths here if needed */}}
{{- range $host := .Values.ingress.main.hosts -}}
{{- $paths := $host.paths -}}
{{- $paths = concat $paths $injectPaths -}}
{{- $_ := set $host "paths" $paths -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "nextcloud.collabora.ingress" -}}
{{- $fullname := include "tc.v1.common.lib.chart.names.fullname" . }}
path: /collabora/
pathType: Prefix
service:
name: {{ printf "%v-collabora" $fullname }}
port: {{ .Values.service.collabora.ports.collabora.port }}
{{- end -}}

29
stable/nextcloud/24.0.0/templates/_initPerms.tpl Normal file
View File

@ -0,0 +1,29 @@
{{- define "nextcloud.init.perms" -}}
{{- $uid := .Values.securityContext.container.runAsUser -}}
{{- $gid := .Values.securityContext.container.runAsGroup -}}
{{- $path := .Values.persistence.data.targetSelector.main.main.mountPath }}
enabled: true
type: install
imageSelector: alpineImage
securityContext:
runAsUser: 0
runAsGroup: 0
runAsNonRoot: false
capabilities:
disableS6Caps: true
add:
- DAC_OVERRIDE
- FOWNER
- CHOWN
command: /bin/sh
args:
- -c
- |
echo "Setting permissions to 700 on data directory [{{ $path }}] ..."
chmod 770 {{ $path }} | echo "Failed to set permissions on data directory [{{ $path }}]"
echo "Setting ownership to {{ $uid }}:{{ $gid }} on data directory [{{ $path }}] ..."
chown {{ $uid }}:{{ $gid }} {{ $path }} | echo "Failed to set ownership on data directory [{{ $path }}]"
echo "Finished."
{{- end -}}

42
stable/nextcloud/24.0.0/templates/_validation.tpl Normal file
View File

@ -0,0 +1,42 @@
{{- define "nextcloud.validation" -}}
{{- if not (mustRegexMatch "^[0-9]+(M|G){1}$" .Values.nextcloud.php.memory_limit) -}}
{{- fail (printf "Nextcloud - Expected Memory Limit to be in format [1M, 1G] but got [%v]" .Values.nextcloud.php.memory_limit) -}}
{{- end -}}
{{- if not (mustRegexMatch "^[0-9]+(M|G){1}$" .Values.nextcloud.php.upload_limit) -}}
{{- fail (printf "Nextcloud - Expected Memory Limit to be in format [1M, 1G] but got [%v]" .Values.nextcloud.php.upload_limit) -}}
{{- end -}}
{{- if not (deepEqual .Values.nextcloud.previews.providers (uniq .Values.nextcloud.previews.providers)) -}}
{{- fail (printf "Nextcloud - Expected preview providers to be unique but got [%v]" .Values.nextcloud.previews.providers) -}}
{{- end -}}
{{- if and .Values.nextcloud.collabora.enabled .Values.nextcloud.onlyoffice.enabled -}}
{{- fail "Nextcloud - Expected only one of [Collabora, OnlyOffice] to be enabled" -}}
{{- end -}}
{{- if contains "$" .Values.nextcloud.collabora.password -}}
{{- fail "Nextcloud - Collabora [Password] cannot contain [$]" -}}
{{- end -}}
{{- if .Values.nextcloud.collabora.enabled -}}
{{- if lt (len .Values.nextcloud.collabora.password) 8 -}}
{{- fail "Nextcloud - Collabora [Password] must be at least 8 characters" -}}
{{- end -}}
{{- $collaboraUIModes := (list "default" "compact" "tabbed") -}}
{{- if not (mustHas .Values.nextcloud.collabora.interface_mode $collaboraUIModes) -}}
{{- fail (printf "Nextcloud - Expected [Interface Mode] in Collabora to be one of [%v], but got [%v]" (join "," $collaboraUIModes) .Values.nextcloud.collabora.interface_mode) -}}
{{- end -}}
{{- if not .Values.nextcloud.collabora.dictionaries -}}
{{- fail "Nextcloud - Expected non-empty Collabora [Dictionaries]" -}}
{{- end -}}
{{- if not (deepEqual .Values.nextcloud.collabora.dictionaries (uniq .Values.nextcloud.collabora.dictionaries)) -}}
{{- fail "Nextcloud - Collabora [Dictionaries] must be unique" -}}
{{- end -}}
{{- end -}}
{{- end -}}

25
stable/nextcloud/24.0.0/templates/_waitNextcloud.tpl Normal file
View File

@ -0,0 +1,25 @@
{{- define "nextcloud.wait.nextcloud" -}}
{{- $fullname := (include "tc.v1.common.lib.chart.names.fullname" $) -}}
{{- $ncURL := printf "%v-nextcloud:%v" $fullname .Values.service.nextcloud.ports.nextcloud.targetPort }}
enabled: true
type: init
imageSelector: image
securityContext:
command: /bin/sh
args:
- -c
- |
echo "Waiting Nextcloud [{{ $ncURL }}] to be ready and installed..."
until \
REQUEST_METHOD="GET" \
SCRIPT_NAME="status.php" \
SCRIPT_FILENAME="status.php" \
cgi-fcgi -bind -connect "{{ $ncURL }}" | grep -q '"installed":true';
do
echo "Waiting Nextcloud [{{ $ncURL }}] to be ready and installed..."
sleep 3
done
echo "Nextcloud is ready and installed..."
echo "Starting Nginx..."
{{- end -}}

80
stable/nextcloud/24.0.0/templates/common.yaml Normal file
View File

@ -0,0 +1,80 @@
{{/* Make sure all variables are set properly */}}
{{- include "tc.v1.common.loader.init" . -}}
{{- include "nextcloud.validation" $ -}}
{{/* Render configmaps for all pods */}}
{{- $configmaps := include "nextcloud.configmaps" . | fromYaml -}}
{{- if $configmaps -}}
{{- $_ := mustMergeOverwrite .Values.configmap $configmaps -}}
{{- end -}}
{{/* Create hostAliases (resolve ingress host to Node/LB IP) */}}
{{- $hostAlias := (list (dict
"ip" .Values.nextcloud.general.accessIP
"hostnames" (
list (include "nextcloud.accesshost" $)
)
)) -}}
{{/* Add [hostAliases] to nextcloud and collabora pod */}}
{{- $_ := set .Values.workload.main.podSpec "hostAliases" $hostAlias -}}
{{- $_ := set .Values.workload.collabora.podSpec "hostAliases" $hostAlias -}}
{{/* Add [init perms] container to nextcloud */}}
{{- if not (get .Values.workload.main.podSpec "initContainers") -}}
{{- $_ := set .Values.workload.main.podSpec "initContainers" dict -}}
{{- end -}}
{{- $initPerms := (include "nextcloud.init.perms" . | fromYaml) -}}
{{- $_ := set .Values.workload.main.podSpec.initContainers "init-perms" $initPerms -}}
{{/* Add [wait nextcloud] container to nginx */}}
{{- if not (get .Values.workload.nginx.podSpec "initContainers") -}}
{{- $_ := set .Values.workload.nginx.podSpec "initContainers" dict -}}
{{- end -}}
{{- $waitNextcloud := (include "nextcloud.wait.nextcloud" . | fromYaml) -}}
{{- $_ := set .Values.workload.nginx.podSpec.initContainers "wait-nextcloud" $waitNextcloud -}}
{{/* Disable [notify push] if requested */}}
{{- if not .Values.nextcloud.notify_push.enabled -}}
{{- $_ := set .Values.workload.notify "enabled" false -}}
{{- $_ := set .Values.service.notify "enabled" false -}}
{{- else -}}
{{/* Add [wait nextcloud] container to notify push */}}
{{- if not (get .Values.workload.notify.podSpec "initContainers") -}}
{{- $_ := set .Values.workload.notify.podSpec "initContainers" dict -}}
{{- end -}}
{{- $waitNextcloud := (include "nextcloud.wait.nextcloud" . | fromYaml) -}}
{{- $_ := set .Values.workload.notify.podSpec.initContainers "wait-nextcloud" $waitNextcloud -}}
{{- end -}}
{{/* Disable [clamav] if requested */}}
{{- if not .Values.nextcloud.clamav.enabled -}}
{{- $_ := set .Values.workload.clamav "enabled" false -}}
{{- $_ := set .Values.service.clamav "enabled" false -}}
{{- end -}}
{{/* Disable [previews] if requested */}}
{{- if or (not .Values.nextcloud.previews.imaginary) (not .Values.nextcloud.previews.enabled) -}}
{{- $_ := set .Values.workload.imaginary "enabled" false -}}
{{- $_ := set .Values.service.imaginary "enabled" false -}}
{{- end -}}
{{/* Disable [collabora] if requested */}}
{{- if not .Values.nextcloud.collabora.enabled -}}
{{- $_ := set .Values.workload.collabora "enabled" false -}}
{{- $_ := set .Values.service.collabora "enabled" false -}}
{{- end -}}
{{/* Create [cronjobs] defined */}}
{{- $cronjobs := include "nextcloud.cronjobs" . | fromYaml -}}
{{- if $cronjobs -}}
{{- $_ := mustMergeOverwrite .Values.workload $cronjobs -}}
{{- end -}}
{{/* TODO: Do we have to cleanup when something (eg Collabora) is disabled? */}}
{{- include "nextcloud.ingressInjector" $ -}}
{{/* Render the templates */}}
{{- include "tc.v1.common.loader.apply" . -}}

0
stable/nextcloud/24.0.0/values.yaml Normal file
View File