Commit new Chart releases for TrueCharts

Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
This commit is contained in:
TrueCharts-Bot 2022-11-21 22:04:22 +00:00
parent 7781f58449
commit bdcbb38505
18 changed files with 3224 additions and 0 deletions

View File

@ -0,0 +1,99 @@
**Important:**
*for the complete changelog, please refer to the website*
## [nextcloud-17.0.0](https://github.com/truecharts/charts/compare/nextcloud-16.0.2...nextcloud-17.0.0) (2022-11-10)
### Chore
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Major Change to GUI
- update helm general non-major ([#4342](https://github.com/truecharts/charts/issues/4342))
- update helm general non-major ([#4349](https://github.com/truecharts/charts/issues/4349))
- update docker general non-major ([#4355](https://github.com/truecharts/charts/issues/4355))
- update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329))
### Fix
- change container config label
## [nextcloud-16.0.6](https://github.com/truecharts/charts/compare/nextcloud-16.0.2...nextcloud-16.0.6) (2022-11-09)
### Chore
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- update docker general non-major ([#4355](https://github.com/truecharts/charts/issues/4355))
- update helm general non-major ([#4342](https://github.com/truecharts/charts/issues/4342))
- update helm general non-major ([#4349](https://github.com/truecharts/charts/issues/4349))
- update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329))
## [nextcloud-16.0.5](https://github.com/truecharts/charts/compare/nextcloud-16.0.2...nextcloud-16.0.5) (2022-11-08)
### Chore
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- update helm general non-major ([#4342](https://github.com/truecharts/charts/issues/4342))
- update helm general non-major ([#4349](https://github.com/truecharts/charts/issues/4349))
- update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329))
## [nextcloud-16.0.4](https://github.com/truecharts/charts/compare/nextcloud-16.0.2...nextcloud-16.0.4) (2022-11-08)
### Chore
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- update helm general non-major ([#4342](https://github.com/truecharts/charts/issues/4342))
- update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329))
## [nextcloud-16.0.4](https://github.com/truecharts/charts/compare/nextcloud-16.0.2...nextcloud-16.0.4) (2022-11-08)
### Chore
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- update helm general non-major ([#4342](https://github.com/truecharts/charts/issues/4342))
- update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329))
## [nextcloud-16.0.4](https://github.com/truecharts/charts/compare/nextcloud-16.0.2...nextcloud-16.0.4) (2022-11-08)
### Chore

View File

@ -0,0 +1,45 @@
apiVersion: v2
appVersion: "25.0.1"
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 11.0.3
- condition: postgresql.enabled
name: postgresql
repository: https://charts.truecharts.org/
version: 10.0.2
- condition: collabora.enabled
name: collabora-online
repository: https://charts.truecharts.org/
version: 14.0.2
- condition: redis.enabled
name: redis
repository: https://charts.truecharts.org
version: 5.0.3
deprecated: false
description: A private cloud server that puts the control and security of your own data back into your hands.
home: https://truecharts.org/docs/charts/stable/nextcloud
icon: https://truecharts.org/img/hotlink-ok/chart-icons/nextcloud.png
keywords:
- nextcloud
- storage
- http
- web
- php
kubeVersion: ">=1.16.0-0"
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: https://truecharts.org
name: nextcloud
sources:
- https://github.com/truecharts/charts/tree/master/charts/stable/nextcloud
- https://github.com/nextcloud/docker
- https://github.com/nextcloud/helm
type: application
version: 19.0.9
annotations:
truecharts.org/catagories: |
- cloud
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U

View File

@ -0,0 +1,110 @@
# nextcloud
A private cloud server that puts the control and security of your own data back into your hands.
TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
This readme is just an automatically generated general guide on installing our Helm Charts and Apps.
For more information, please click here: [nextcloud](https://truecharts.org/docs/charts/stable/nextcloud)
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
## Source Code
* <https://github.com/truecharts/charts/tree/master/charts/stable/nextcloud>
* <https://github.com/nextcloud/docker>
* <https://github.com/nextcloud/helm>
## Requirements
Kubernetes: `>=1.16.0-0`
## Dependencies
| Repository | Name | Version |
|------------|------|---------|
| https://charts.truecharts.org/ | collabora-online | 12.1.73 |
| https://charts.truecharts.org/ | postgresql | 8.0.122 |
| https://charts.truecharts.org | redis | 3.0.121 |
| https://library-charts.truecharts.org | common | 10.9.4 |
## Installing the Chart
### TrueNAS SCALE
To install this Chart on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/docs/manual/SCALE%20Apps/Installing-an-App).
### Helm
To install the chart with the release name `nextcloud`
```console
helm repo add TrueCharts https://charts.truecharts.org
helm repo update
helm install nextcloud TrueCharts/nextcloud
```
## Uninstall
### TrueNAS SCALE
**Upgrading, Rolling Back and Uninstalling the Chart**
To upgrade, rollback or delete this Chart from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/docs/manual/SCALE%20Apps/Upgrade-rollback-delete-an-App).
### Helm
To uninstall the `nextcloud` deployment
```console
helm uninstall nextcloud
```
## Configuration
### Helm
#### Available Settings
Read through the values.yaml file. It has several commented out suggested values.
Other values may be used from the [values.yaml](https://github.com/truecharts/library-charts/tree/main/charts/stable/common/values.yaml) from the [common library](https://github.com/truecharts/library-charts/tree/main/charts/common).
#### Configure using the command line
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
```console
helm install nextcloud \
--set env.TZ="America/New York" \
TrueCharts/nextcloud
```
#### Configure using a yaml file
Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart.
```console
helm install nextcloud TrueCharts/nextcloud -f values.yaml
```
#### Connecting to other charts
If you need to connect this Chart to other Charts on TrueNAS SCALE, please refer to our [Linking Charts Internally](https://truecharts.org/docs/manual/SCALE%20Apps/linking-apps) quick-start guide.
## Support
- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/docs/manual/SCALE%20Apps/Important-MUST-READ).
- See the [Website](https://truecharts.org)
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
- Open a [issue](https://github.com/truecharts/apps/issues/new/choose)
---
## Sponsor TrueCharts
TrueCharts can only exist due to the incredible effort of our staff.
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
---
All Rights Reserved - The TrueCharts Project

View File

@ -0,0 +1,4 @@
## [nextcloud-19.0.9](https://github.com/truecharts/charts/compare/nextcloud-19.0.8...nextcloud-19.0.9) (2022-11-21)

View File

@ -0,0 +1,8 @@
A private cloud server that puts the control and security of your own data back into your hands.
This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/docs/charts/stable/nextcloud](https://truecharts.org/docs/charts/stable/nextcloud)
---
TrueCharts can only exist due to the incredible effort of our staff.
Please consider making a [donation](https://truecharts.org/docs/about/sponsor) or contributing back to the project any way you can!

Binary file not shown.

Binary file not shown.

Binary file not shown.

View File

@ -0,0 +1,457 @@
image:
repository: tccr.io/truecharts/nextcloud-fpm
pullPolicy: IfNotPresent
tag: 25.0.1@sha256:bb87b5d4a1148a6e16e36fef19c6ceb770318a9d4e064a9f4236b2a22c6a10d1
nginxImage:
repository: tccr.io/truecharts/nginx-unprivileged
pullPolicy: IfNotPresent
tag: 1.23.2@sha256:f2beaccc87b13109dbd709c6cbf845f761d9ad1e6d43fcf6f01cd68a7339f567
imaginaryImage:
repository: h2non/imaginary
pullPolicy: IfNotPresent
tag: 1.2.4@sha256:7facb4221047a5e79b9e902f380247f4e5bf4376400d0badbeb738d3e1c2f654
securityContext:
readOnlyRootFilesystem: false
runAsNonRoot: false
podSecurityContext:
runAsUser: 0
runAsGroup: 0
fsGroup: 33
service:
main:
ports:
main:
port: 10020
targetPort: 8080
backend:
enabled: true
ports:
hpb:
enabled: true
port: 7867
targetPort: 7867
hpb-metrics:
enabled: true
port: 7868
targetPort: 7868
fpm:
enabled: true
port: 9000
targetPort: 9000
imaginary:
enabled: true
port: 9090
targetPort: 9090
hostAliases:
- ip: '{{ .Values.env.AccessIP | default "127.0.0.1" }}'
hostnames:
- "{{ if .Values.ingress.main.enabled }}{{ with (first .Values.ingress.main.hosts) }}{{ .host }}{{ end }}{{ else }}placeholder.fakedomain.dns{{ end }}"
secretEnv:
NEXTCLOUD_ADMIN_USER: "admin"
NEXTCLOUD_ADMIN_PASSWORD: "adminpass"
probes:
liveness:
custom: true
spec:
initialDelaySeconds: 25
httpGet:
path: /status.php
port: 8080
httpHeaders:
- name: Host
value: "test.fakedomain.dns"
readiness:
custom: true
spec:
initialDelaySeconds: 25
httpGet:
path: /status.php
port: 8080
httpHeaders:
- name: Host
value: "test.fakedomain.dns"
startup:
custom: true
spec:
initialDelaySeconds: 25
httpGet:
path: /status.php
port: 8080
httpHeaders:
- name: Host
value: "test.fakedomain.dns"
initContainers:
prestart:
image: '{{ include "tc.common.images.selector" . }}'
securityContext:
runAsUser: 0
runAsGroup: 0
privileged: true
command:
- "/bin/sh"
- "-c"
- |
/bin/bash <<'EOF'
echo "Forcing permissions on userdata folder..."
if nfs4xdr_getfacl && nfs4xdr_getfacl | grep -qv "Failed to get NFSv4 ACL"; then
echo "NFSv4 ACLs detected, Trying to override permissions using nfs4_setfacl..."
nfs4_setfacl -R -a A:g:33:RWX "/var/www/html/data"
else
echo "No NFSv4 ACLs detected, trying to override permissions using chown/chmod..."
echo "checking ownership..."
if [ $(stat -c %g .) -eq 33 ]; then
echo "Ownership already set to 33, skipping..."
else
echo "Changing ownership to group 33..."
chown -R :33 "/var/www/html/data"
fi
chmod 770 /var/www/html/data
fi
EOF
volumeMounts:
- name: data
mountPath: "/var/www/html/data"
- name: html
mountPath: "/var/www/html"
env:
# IP used for exposing nextcloud
# Often the service or nodePort IP
# Defaults to the main serviceName for CI purposes.
AccessIP:
NEXTCLOUD_INIT_HTACCESS: true
PHP_MEMORY_LIMIT: 1G
PHP_UPLOAD_LIMIT: 10G
NEXTCLOUD_CHUNKSIZE: "31457280"
TRUSTED_PROXIES: "172.16.0.0/16 127.0.0.1"
POSTGRES_DB: "{{ .Values.postgresql.postgresqlDatabase }}"
POSTGRES_USER: "{{ .Values.postgresql.postgresqlUsername }}"
NC_check_data_directory_permissions: "true"
POSTGRES_PASSWORD:
secretKeyRef:
name: dbcreds
key: postgresql-password
POSTGRES_HOST:
secretKeyRef:
name: dbcreds
key: plainporthost
REDIS_HOST:
secretKeyRef:
name: rediscreds
key: plainhost
REDIS_HOST_PASSWORD:
secretKeyRef:
name: rediscreds
key: redis-password
envFrom:
- configMapRef:
name: nextcloudconfig
persistence:
html:
enabled: true
mountPath: "/var/www/html"
data:
enabled: true
mountPath: "/var/www/html/data"
varrun:
enabled: true
cache:
enabled: true
type: emptyDir
mountPath: /var/cache/nginx
medium: Memory
nginx:
enabled: "true"
mountPath: "/etc/nginx"
noMount: true
readOnly: true
type: "custom"
volumeSpec:
configMap:
name: '{{ include "tc.common.names.fullname" . }}-nginx'
items:
- key: nginx.conf
path: nginx.conf
configmap:
nginx:
enabled: true
data:
nginx.conf: |-
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
# Prevent nginx HTTP Server Detection
server_tokens off;
keepalive_timeout 65;
#gzip on;
upstream php-handler {
server 127.0.0.1:9000;
}
server {
listen 8080;
absolute_redirect off;
# Forward Notify_Push "High Performance Backend" to it's own container
location ^~ /push/ {
proxy_pass http://127.0.0.1:7867/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# HSTS settings
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# set max upload size
client_max_body_size {{ .Values.env.PHP_UPLOAD_LIMIT | default "512M" }};
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Pagespeed is not supported by Nextcloud, so if your server is built
# with the `ngx_pagespeed` module, uncomment this line to disable it.
#pagespeed off;
# HTTP response headers borrowed from Nextcloud `.htaccess`
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/html;
# Specify how to handle directories -- specifying `/index.php$request_uri`
# here as the fallback means that Nginx always exhibits the desired behaviour
# when a client requests a path that corresponds to a directory that exists
# on the server. In particular, if that directory contains an index.php file,
# that file is correctly served; if it doesn't, then the request is passed to
# the front-end controller. This consistent behaviour means that we don't need
# to specify custom rules for certain paths (e.g. images and other assets,
# `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
# `try_files $uri $uri/ /index.php$request_uri`
# always provides the desired behaviour.
index index.php index.html /index.php$request_uri;
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
location = / {
if ( $http_user_agent ~ ^DavClnt ) {
return 302 /remote.php/webdav/$is_args$args;
}
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Make a regex exception for `/.well-known` so that clients can still
# access it despite the existence of the regex rule
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
# for `/.well-known`.
location ^~ /.well-known {
# The rules in this block are an adaptation of the rules
# in `.htaccess` that concern `/.well-known`.
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
# according to the documentation these two lines are not necessary, but some users are still recieving errors
location = /.well-known/webfinger { return 301 /index.php$uri; }
location = /.well-known/nodeinfo { return 301 /index.php$uri; }
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
# Let Nextcloud's API for `/.well-known` URIs handle all other
# requests by passing them to the front-end controller.
return 301 /index.php$request_uri;
}
# Rules borrowed from `.htaccess` to hide certain paths from clients
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
# which handle static assets (as seen below). If this block is not declared first,
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
# to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) {
# Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
#fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
fastcgi_send_timeout 300s;
fastcgi_read_timeout 300s;
}
location ~ \.(?:css|js|svg|gif)$ {
try_files $uri /index.php$request_uri;
expires 6M; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
location ~ \.woff2?$ {
try_files $uri /index.php$request_uri;
expires 7d; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
# Rule borrowed from `.htaccess`
location /remote {
return 301 /remote.php$request_uri;
}
location / {
try_files $uri $uri/ /index.php$request_uri;
}
}
}
cronjob:
enabled: true
generatePreviews: true
schedule: "*/5 * * * *"
annotations: {}
failedJobsHistoryLimit: 5
successfulJobsHistoryLimit: 2
hpb:
enabled: true
nextcloud:
# https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements
default_phone_region: ""
imaginary:
enabled: true
preview_max_x: 2048
preview_max_y: 2048
preview_max_memory: 512
preview_max_filesize_image: 150
preview_png: true
preview_jpeg: true
preview_gif: true
preview_bmp: true
preview_xbitmap: true
preview_mp3: true
preview_markdown: true
preview_opendoc: true
preview_txt: true
preview_krita: true
preview_illustrator: false
preview_heic: false
preview_movie: false
preview_msoffice2003: false
preview_msoffice2007: false
preview_msofficedoc: false
preview_pdf: false
preview_photoshop: false
preview_postscript: false
preview_staroffice: false
preview_svg: false
preview_tiff: false
preview_font: false
collabora:
enabled: false
env:
aliasgroup1:
configMapRef:
name: nextcloudconfig
key: aliasgroup1
dictionaries: "de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru"
extra_params: "--o:welcome.enable=false --o:logging.level=information --o:user_interface.mode=notebookbar --o:ssl.termination=true --o:ssl.enable=false "
server_name: ""
DONT_GEN_SSL_CERT: true
postgresql:
enabled: true
existingSecret: "dbcreds"
postgresqlUsername: nextcloud
postgresqlDatabase: nextcloud
redis:
enabled: true
existingSecret: "rediscreds"
portal:
enabled: true

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,36 @@
{{/* Define the configmap */}}
{{- define "nextcloud.configmap" -}}
{{- $hosts := "" }}
{{- if .Values.ingress.main.enabled }}
{{- range .Values.ingress }}
{{- range $index, $host := .hosts }}
{{- if $index }}
{{ $hosts = ( printf "%v %v" $hosts $host.host ) }}
{{- else }}
{{ $hosts = ( printf "%s" $host.host ) }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nextcloudconfig
data:
{{- $aliasgroup1 := ( printf "http://%s" ( .Values.env.AccessIP | default ( printf "%v-%v" .Release.Name "nextcloud" ) ) ) }}
{{- if .Values.ingress.main.enabled }}
{{- with (first .Values.ingress.main.hosts) }}
{{- $aliasgroup1 = ( printf "https://%s" .host ) }}
{{- end }}
{{- end }}
aliasgroup1: {{ $aliasgroup1 }}
NEXTCLOUD_TRUSTED_DOMAINS: {{ ( printf "%v %v %v %v %v %v %v %v" "test.fakedomain.dns" "localhost" "127.0.0.1" ( printf "%v:%v" "127.0.0.1" .Values.service.main.ports.main.port ) ( .Values.env.AccessIP | default "localhost" ) ( printf "%v-%v" .Release.Name "nextcloud" ) ( printf "%v-%v" .Release.Name "nextcloud-backend" ) $hosts ) | quote }}
{{- if .Values.ingress.main.enabled }}
APACHE_DISABLE_REWRITE_IP: "1"
{{- end }}
{{- end -}}

View File

@ -0,0 +1,64 @@
{{/* Define the cronjob */}}
{{- define "nextcloud.cronjob" -}}
{{- if .Values.cronjob.enabled -}}
{{- $jobName := include "tc.common.names.fullname" . }}
---
apiVersion: batch/v1
kind: CronJob
metadata:
name: {{ printf "%s-cronjob" $jobName }}
labels:
{{- include "tc.common.labels" . | nindent 4 }}
spec:
schedule: "{{ .Values.cronjob.schedule }}"
concurrencyPolicy: Forbid
{{- with .Values.cronjob.failedJobsHistoryLimit }}
failedJobsHistoryLimit: {{ . }}
{{- end }}
{{- with .Values.cronjob.successfulJobsHistoryLimit }}
successfulJobsHistoryLimit: {{ . }}
{{- end }}
jobTemplate:
metadata:
spec:
template:
metadata:
spec:
restartPolicy: Never
{{- with (include "tc.common.controller.volumes" . | trim) }}
volumes:
{{- nindent 12 . }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: '{{ include "tc.common.images.selector" . }}'
imagePullPolicy: {{ default .Values.image.pullPolicy }}
command:
- "/bin/sh"
- "-c"
- |
/bin/bash <<'EOF'
echo "running nextcloud cronjob..."
php -f /var/www/html/cron.php
echo "cronjob finished"
{{- if .Values.cronjob.generatePreviews }}
echo "Pre-generating Previews..."
php /var/www/html/occ preview:pre-generate
echo "Previews generated."
{{- end }}
EOF
# Will mount configuration files as www-data (id: 33) by default for nextcloud
{{- with (include "tc.common.controller.volumeMounts" . | trim) }}
volumeMounts:
{{ nindent 16 . }}
{{- end }}
securityContext:
runAsUser: 33
runAsGroup: 33
readOnlyRootFilesystem: true
runAsNonRoot: true
resources:
{{ toYaml .Values.resources | indent 16 }}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,167 @@
{{/* Define the hbp container */}}
{{- define "nextcloud.hpb" -}}
{{- $jobName := include "tc.common.names.fullname" . }}
image: '{{ include "tc.common.images.selector" . }}'
imagePullPolicy: '{{ .Values.image.pullPolicy }}'
securityContext:
runAsUser: 33
runAsGroup: 33
readOnlyRootFilesystem: true
runAsNonRoot: true
{{- with (include "tc.common.controller.volumeMounts" . | trim) }}
volumeMounts:
{{ nindent 2 . }}
{{- end }}
ports:
- containerPort: 7867
readinessProbe:
httpGet:
path: /push/test/cookie
port: 7867
httpHeaders:
- name: Host
value: "test.fakedomain.dns"
initialDelaySeconds: {{ .Values.probes.readiness.spec.initialDelaySeconds }}
periodSeconds: {{ .Values.probes.readiness.spec.periodSeconds }}
timeoutSeconds: {{ .Values.probes.readiness.spec.timeoutSeconds }}
failureThreshold: {{ .Values.probes.readiness.spec.failureThreshold }}
livenessProbe:
httpGet:
path: /push/test/cookie
port: 7867
httpHeaders:
- name: Host
value: "test.fakedomain.dns"
initialDelaySeconds: {{ .Values.probes.liveness.spec.initialDelaySeconds }}
periodSeconds: {{ .Values.probes.liveness.spec.periodSeconds }}
timeoutSeconds: {{ .Values.probes.liveness.spec.timeoutSeconds }}
failureThreshold: {{ .Values.probes.liveness.spec.failureThreshold }}
startupProbe:
httpGet:
path: /push/test/cookie
port: 7867
httpHeaders:
- name: Host
value: "test.fakedomain.dns"
initialDelaySeconds: {{ .Values.probes.startup.spec.initialDelaySeconds }}
periodSeconds: {{ .Values.probes.startup.spec.periodSeconds }}
timeoutSeconds: {{ .Values.probes.startup.spec.timeoutSeconds }}
failureThreshold: {{ .Values.probes.startup.spec.failureThreshold }}
command:
- "/bin/sh"
- "-c"
- |
/bin/bash <<'EOF'
set -m
echo "Waiting for notify_push file to be available..."
until [ -f /var/www/html/custom_apps/notify_push/bin/x86_64/notify_push ]
do
sleep 10
echo "Notify_push app not found... waiting..."
done
echo "Waiting for Nextcloud to start..."
until $(curl --output /dev/null --silent --head --fail -H "Host: test.fakedomain.dns" http://127.0.0.1:8080/status.php); do
echo "Nextcloud not responding... waiting..."
sleep 10
done
until $(curl --silent --fail -H "Host: test.fakedomain.dns" http://127.0.0.1:8080/status.php | jq --raw-output '.installed' | grep "true"); do
echo "Nextcloud not installed... waiting..."
sleep 10
done
echo "Nextcloud instance with Notify_push found... Launching High Performance Backend..."
/var/www/html/custom_apps/notify_push/bin/x86_64/notify_push /var/www/html/config/config.php &
{{- $accessurl := ( printf "http://%v:%v" ( .Values.env.AccessIP | default ( printf "%v-%v" .Release.Name "nextcloud" ) ) .Values.service.main.ports.main.port ) }}
{{- if .Values.ingress.main.enabled }}
{{- with (first .Values.ingress.main.hosts) }}
{{- $accessurl = ( printf "https://%s" .host ) }}
{{- end }}
{{- end }}
echo "Configuring CLI url..."
php /var/www/html/occ config:system:set overwrite.cli.url --value='{{ $accessurl }}/'
echo "Executing standard nextcloud version migration scripts to ensure they are actually ran..."
php /var/www/html/occ db:add-missing-indices
{{- if .Values.imaginary.enabled }}
echo "Imaginary High Performance Previews enabled, enabling it on Nextcloud..."
php /var/www/html/occ config:system:set preview_imaginary_url --value='http://127.0.0.1:9090'
php /var/www/html/occ config:system:set preview_max_x --value='{{ .Values.imaginary.preview_max_x }}'
php /var/www/html/occ config:system:set preview_max_y --value='{{ .Values.imaginary.preview_max_y }}'
php /var/www/html/occ config:system:set preview_max_memory --value='{{ .Values.imaginary.preview_max_memory }}'
php /var/www/html/occ config:system:set preview_max_filesize_image --value='{{ .Values.imaginary.preview_max_filesize_image }}'
# Remove all preview providers and re-add only selected
php /var/www/html/occ config:system:delete enabledPreviewProviders
# Add imaginary always
{{ $c := 0 }} # Initialize counter
php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\Imaginary'{{ $c = add1 $c }}
{{ if .Values.imaginary.preview_png }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\PNG'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_jpeg }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\JPEG'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_gif }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\GIF'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_bmp }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\BMP'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_xbitmap }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\XBitmap'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_mp3 }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\MP3'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_markdown }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\MarkDown'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_opendoc }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\OpenDocument'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_txt }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\TXT'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_krita }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\Krita'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_illustrator }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\Illustrator'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_heic }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\HEIC'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_movie }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\Movie'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_msoffice2003 }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\MSOffice2003'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_msoffice2007 }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\MSOffice2007'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_msofficedoc }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\MSOfficeDoc'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_pdf }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\PDF'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_photoshop }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\Photoshop'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_postscript }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\Postscript'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_staroffice }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\StarOffice'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_svg }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\SVG'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_tiff }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\TIFF'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_font }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\Font'{{ $c = add1 $c }}{{ end }}
{{- end }}
# Set default phone region
{{- with .Values.nextcloud.default_phone_region | upper }}
php /var/www/html/occ config:system:set default_phone_region --value='{{ . }}'
{{- end }}
echo "Configuring High Performance Backend for url: {{ $accessurl }}"
php /var/www/html/occ config:app:set notify_push base_endpoint --value='{{ $accessurl }}/push'
fg
EOF
env:
- name: NEXTCLOUD_URL
value: 'http://127.0.0.1:8080'
- name: METRICS_PORT
value: '7868'
- name: TRUSTED_PROXIES
value: "{{ .Values.env.TRUSTED_PROXIES }}"
- name: POSTGRES_DB
value: "{{ .Values.postgresql.postgresqlDatabase }}"
- name: POSTGRES_USER
value: "{{ .Values.postgresql.postgresqlUsername }}"
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: dbcreds
key: postgresql-password
- name: POSTGRES_HOST
valueFrom:
secretKeyRef:
name: dbcreds
key: plainporthost
- name: REDIS_HOST
valueFrom:
secretKeyRef:
name: rediscreds
key: plainhost
- name: REDIS_HOST_PASSWORD
valueFrom:
secretKeyRef:
name: rediscreds
key: redis-password
envFrom:
- configMapRef:
name: nextcloudconfig
{{- end -}}

View File

@ -0,0 +1,40 @@
{{/* Define the imaginary container */}}
{{- define "nextcloud.imaginary" -}}
image: {{ .Values.imaginaryImage.repository }}:{{ .Values.imaginaryImage.tag }}
imagePullPolicy: '{{ .Values.image.pullPolicy }}'
securityContext:
runAsUser: 33
runAsGroup: 33
readOnlyRootFilesystem: true
runAsNonRoot: true
ports:
- containerPort: 9090
args: ["-enable-url-source"]
env:
- name: 'PORT'
value: '9090'
readinessProbe:
httpGet:
path: /
port: 9090
initialDelaySeconds: {{ .Values.probes.readiness.spec.initialDelaySeconds }}
periodSeconds: {{ .Values.probes.readiness.spec.periodSeconds }}
timeoutSeconds: {{ .Values.probes.readiness.spec.timeoutSeconds }}
failureThreshold: {{ .Values.probes.readiness.spec.failureThreshold }}
livenessProbe:
httpGet:
path: /
port: 9090
initialDelaySeconds: {{ .Values.probes.liveness.spec.initialDelaySeconds }}
periodSeconds: {{ .Values.probes.liveness.spec.periodSeconds }}
timeoutSeconds: {{ .Values.probes.liveness.spec.timeoutSeconds }}
failureThreshold: {{ .Values.probes.liveness.spec.failureThreshold }}
startupProbe:
httpGet:
path: /
port: 9090
initialDelaySeconds: {{ .Values.probes.startup.spec.initialDelaySeconds }}
periodSeconds: {{ .Values.probes.startup.spec.periodSeconds }}
timeoutSeconds: {{ .Values.probes.startup.spec.timeoutSeconds }}
failureThreshold: {{ .Values.probes.startup.spec.failureThreshold }}
{{- end -}}

View File

@ -0,0 +1,54 @@
{{/* Define the nginx container */}}
{{- define "nextcloud.nginx" -}}
image: {{ .Values.nginxImage.repository }}:{{ .Values.nginxImage.tag }}
imagePullPolicy: '{{ .Values.image.pullPolicy }}'
securityContext:
runAsUser: 33
runAsGroup: 33
readOnlyRootFilesystem: true
runAsNonRoot: true
{{- with (include "tc.common.controller.volumeMounts" . | trim) }}
volumeMounts:
{{ nindent 2 . }}
{{- end }}
- mountPath: /etc/nginx/nginx.conf
name: nginx
readOnly: true
subPath: nginx.conf
ports:
- containerPort: 8080
readinessProbe:
httpGet:
path: /robots.txt
port: 8080
httpHeaders:
- name: Host
value: "test.fakedomain.dns"
initialDelaySeconds: {{ .Values.probes.readiness.spec.initialDelaySeconds }}
periodSeconds: {{ .Values.probes.readiness.spec.periodSeconds }}
timeoutSeconds: {{ .Values.probes.readiness.spec.timeoutSeconds }}
failureThreshold: {{ .Values.probes.readiness.spec.failureThreshold }}
livenessProbe:
httpGet:
path: /robots.txt
port: 8080
httpHeaders:
- name: Host
value: "test.fakedomain.dns"
initialDelaySeconds: {{ .Values.probes.liveness.spec.initialDelaySeconds }}
periodSeconds: {{ .Values.probes.liveness.spec.periodSeconds }}
timeoutSeconds: {{ .Values.probes.liveness.spec.timeoutSeconds }}
failureThreshold: {{ .Values.probes.liveness.spec.failureThreshold }}
startupProbe:
httpGet:
path: /robots.txt
port: 8080
httpHeaders:
- name: Host
value: "test.fakedomain.dns"
initialDelaySeconds: {{ .Values.probes.startup.spec.initialDelaySeconds }}
periodSeconds: {{ .Values.probes.startup.spec.periodSeconds }}
timeoutSeconds: {{ .Values.probes.startup.spec.timeoutSeconds }}
failureThreshold: {{ .Values.probes.startup.spec.failureThreshold }}
{{- end -}}

View File

@ -0,0 +1,22 @@
{{/* Make sure all variables are set properly */}}
{{- include "tc.common.loader.init" . }}
{{/* Render configmap for nextcloud */}}
{{- include "nextcloud.configmap" . }}
{{- $newMiddlewares := append .Values.ingress.main.fixedMiddlewares "tc-nextcloud-chain" }}
{{- $_ := set .Values.ingress.main "fixedMiddlewares" $newMiddlewares -}}
{{- $_ := set .Values.additionalContainers "nginx" (include "nextcloud.nginx" . | fromYaml) -}}
{{- if .Values.imaginary.enabled -}}
{{- $_ := set .Values.additionalContainers "imaginary" (include "nextcloud.imaginary" . | fromYaml) -}}
{{- end -}}
{{- if .Values.hpb.enabled -}}
{{- $_ := set .Values.additionalContainers "hpb" (include "nextcloud.hpb" . | fromYaml) -}}
{{- end -}}
{{/* Render the templates */}}
{{ include "tc.common.loader.apply" . }}
{{/* Render cronjob for nextcloud */}}
{{- include "nextcloud.cronjob" . }}

View File