image: repository: tccr.io/truecharts/nextcloud-fpm pullPolicy: IfNotPresent tag: v2.0.0@sha256:19e79737d94706af06b8b2d89a156749f73a16bb765ac3d1b3171873f915e982 nginxImage: repository: tccr.io/truecharts/nginx-unprivileged pullPolicy: IfNotPresent tag: v1.24.0@sha256:f6386a703b6a0679b6274cc366a6efe7a06b8b5b3391353465d9d1649b4584ef imaginaryImage: repository: tccr.io/truecharts/nextcloud-imaginary pullPolicy: IfNotPresent tag: v20230401@sha256:4f5e3895987a9d12336f772a64a77dd662c6c9bb2b96820b19ffbab58f3ff982 hpbImage: repository: tccr.io/truecharts/nextcloud-push-notify pullPolicy: IfNotPresent tag: v0.6.3@sha256:25c0a2f0c3eeb64e26be102cc3be09d8ce19b8d05397e188f73f94de8359d339 clamavImage: repository: tccr.io/truecharts/clamav pullPolicy: IfNotPresent tag: v1.1.0@sha256:ab196d867fcfddedc8dc965d67a2e6824ca65488cf616cc707e9c36efd54e086 collaboraImage: repository: tccr.io/truecharts/collabora pullPolicy: IfNotPresent tag: v23.05.0.5.1@sha256:a753bfe9d5479e992e914f5818bc96f33ff95dd3760cb10938ae2296286c416e nextcloud: # Initial Credentials credentials: initialAdminUser: admin initialAdminPassword: adminpass # General settings general: # Custom Nextcloud Scripts run_optimize: true default_phone_region: GR # IP used for exposing nextcloud, # often the loadbalancer IP accessIP: "" # File settings files: shared_folder_name: Shared max_chunk_size: 10485760 # Expiration settings expirations: activity_expire_days: 90 trash_retention_obligation: auto versions_retention_obligation: auto # Previews settings previews: enabled: true # It will also deploy the container imaginary: true cron: true schedule: "*/30 * * * *" max_x: 2048 max_y: 2048 max_memory: 1024 max_file_size_image: 50 jpeg_quality: 60 square_sizes: 32 256 width_sizes: 256 384 height_sizes: 256 # Casings are important # https://github.com/nextcloud/server/blob/master/config/config.sample.php#L1269 # Only the last part of the provider is needed providers: - PNG - JPEG # Logging settings logging: log_level: 2 log_file: /var/www/html/data/logs/nextcloud.log log_audit_file: /var/www/html/data/logs/audit.log log_date_format: d/m/Y H:i:s # ClamAV settings clamav: # It will also deploy the container # Note that this runs as root enabled: false stream_max_length: 26214400 file_max_size: -1 infected_action: only_log # Notify Push settings notify_push: # It will also deploy the container enabled: true # Collabora settings collabora: # It will also deploy the container enabled: false # default|compact|tabbed interface_mode: default username: admin password: changeme dictionaries: - de_DE - en_GB - en_US - el_GR - es_ES - fr_FR - pt_BR - pt_PT - it - nl - ru onlyoffice: # It will not deploy the container # Only add the OnlyOffice settings enabled: false url: "" jwt: "" jwt_header: Authorization # PHP settings php: memory_limit: 1G upload_limit: 10G pm_max_children: 180 pm_start_servers: 18 pm_min_spare_servers: 12 pm_max_spare_servers: 30 # Do NOT edit below this line workload: # Nextcloud php-fpm main: type: Deployment podSpec: containers: main: enabled: true primary: true envFrom: - configMapRef: name: nextcloud-config probes: liveness: enabled: true type: exec command: /healthcheck.sh readiness: enabled: true type: exec command: /healthcheck.sh startup: enabled: true type: tcp port: "{{ .Values.service.nextcloud.ports.nextcloud.targetPort }}" nginx: enabled: true type: Deployment strategy: RollingUpdate replicas: 1 podSpec: containers: nginx: enabled: true primary: true imageSelector: nginxImage probes: readiness: enabled: true path: /robots.txt port: "{{ .Values.service.main.ports.main.port }}" httpHeaders: Host: kube.internal.healthcheck liveness: enabled: true path: /robots.txt port: "{{ .Values.service.main.ports.main.port }}" httpHeaders: Host: kube.internal.healthcheck startup: enabled: true type: tcp port: "{{ .Values.service.main.ports.main.port }}" notify: enabled: true type: Deployment strategy: RollingUpdate replicas: 1 podSpec: containers: notify: primary: true enabled: true imageSelector: hpbImage envFrom: - configMapRef: name: hpb-config probes: readiness: enabled: true path: /push/test/cookie port: 7867 httpHeaders: Host: kube.internal.healthcheck liveness: enabled: true path: /push/test/cookie port: 7867 httpHeaders: Host: kube.internal.healthcheck startup: enabled: true type: tcp port: 7867 imaginary: enabled: true type: Deployment strategy: RollingUpdate replicas: 1 podSpec: containers: imaginary: primary: true enabled: true imageSelector: imaginaryImage command: imaginary args: - -p - "{{ .Values.service.imaginary.ports.imaginary.port }}" - -concurrency - "10" - -enable-url-source - -return-size probes: readiness: enabled: true path: /health port: "{{ .Values.service.imaginary.ports.imaginary.port }}" liveness: enabled: true path: /health port: "{{ .Values.service.imaginary.ports.imaginary.port }}" startup: enabled: true type: tcp port: "{{ .Values.service.imaginary.ports.imaginary.port }}" clamav: enabled: true type: Deployment strategy: RollingUpdate replicas: 1 podSpec: containers: clamav: primary: true enabled: true imageSelector: clamavImage # FIXME: https://github.com/Cisco-Talos/clamav/issues/478 securityContext: runAsUser: 0 runAsGroup: 0 runAsNonRoot: false readOnlyRootFilesystem: false envFrom: - configMapRef: name: clamav-config probes: readiness: enabled: true type: exec command: clamdcheck.sh liveness: enabled: true type: exec command: clamdcheck.sh startup: enabled: true type: tcp port: "{{ .Values.service.clamav.ports.clamav.targetPort }}" collabora: enabled: true type: Deployment strategy: RollingUpdate replicas: 1 podSpec: containers: collabora: primary: true enabled: true imageSelector: collaboraImage securityContext: runAsUser: 100 runAsGroup: 102 readOnlyRootFilesystem: false allowPrivilegeEscalation: true capabilities: add: - CHOWN - FOWNER - SYS_CHROOT - MKNOD envFrom: - configMapRef: name: collabora-config probes: readiness: enabled: true type: http path: /collabora/ port: "{{ .Values.service.collabora.ports.collabora.targetPort }}" liveness: enabled: true type: http path: /collabora/ port: "{{ .Values.service.collabora.ports.collabora.targetPort }}" startup: enabled: true type: tcp port: "{{ .Values.service.collabora.ports.collabora.targetPort }}" cronjobs: # Don't change names, it's used in the persistence - name: nextcloud-cron enabled: true schedule: "*/5 * * * *" cmd: - echo "Running [php -f /var/www/html/cron.php] ..." - php -f /var/www/html/cron.php - echo "Finished [php -f /var/www/html/cron.php]" - name: preview-cron enabled: "{{ .Values.nextcloud.previews.cron }}" schedule: "{{ .Values.nextcloud.previews.schedule }}" cmd: - echo "Running [occ preview:pre-generate] ..." - occ preview:pre-generate - echo "Finished [occ preview:pre-generate]" service: # Main service links to ingress easier # That's why the nginx is swapped with nextcloud main: targetSelector: nginx ports: main: targetSelector: nginx port: 8080 nextcloud: enabled: true targetSelector: main ports: nextcloud: enabled: true targetSelector: main port: 9000 targetPort: 9000 notify: enabled: true targetSelector: notify ports: notify: enabled: true primary: true port: 7867 targetPort: 7867 targetSelector: notify metrics: enabled: true port: 7868 targetSelector: notify imaginary: enabled: true targetSelector: imaginary ports: imaginary: enabled: true port: 9090 targetSelector: imaginary clamav: enabled: true targetSelector: clamav ports: clamav: enabled: true port: 3310 targetPort: 3310 targetSelector: clamav collabora: enabled: true targetSelector: collabora ports: collabora: enabled: true port: 9980 targetPort: 9980 targetSelector: collabora persistence: php-tune: enabled: true type: configmap objectName: php-tune targetSelector: main: main: mountPath: /usr/local/etc/php-fpm.d/zz-tune.conf subPath: zz-tune.conf readOnly: true redis-session: enabled: true type: configmap objectName: redis-session targetSelector: main: main: mountPath: /usr/local/etc/php/conf.d/redis-session.ini subPath: redis-session.ini readOnly: true nginx: enabled: true type: configmap objectName: nginx-config targetSelector: nginx: nginx: mountPath: /etc/nginx/nginx.conf subPath: nginx.conf readOnly: true nginx-temp: enabled: true type: emptyDir targetSelector: nginx: nginx: mountPath: /tmp/nginx html: enabled: true targetSelector: main: main: mountPath: /var/www/html nextcloud-cron: nextcloud-cron: mountPath: /var/www/html preview-cron: preview-cron: mountPath: /var/www/html nginx: nginx: mountPath: /var/www/html readOnly: true config: enabled: true targetSelector: main: main: mountPath: /var/www/html/config nextcloud-cron: nextcloud-cron: mountPath: /var/www/html/config preview-cron: preview-cron: mountPath: /var/www/html/config notify: notify: mountPath: /var/www/html/config readOnly: true nginx: nginx: mountPath: /var/www/html/config readOnly: true data: enabled: true targetSelector: main: main: mountPath: /var/www/html/data init-perms: mountPath: /var/www/html/data nextcloud-cron: nextcloud-cron: mountPath: /var/www/html/data preview-cron: preview-cron: mountPath: /var/www/html/data nginx: nginx: mountPath: /var/www/html/data readOnly: true cnpg: main: enabled: true user: nextcloud database: nextcloud redis: enabled: true username: default portal: open: enabled: true