Commit new Chart releases for TrueCharts

Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
This commit is contained in:
TrueCharts-Bot
2022-07-27 09:54:11 +00:00
parent cb9c99c963
commit 81e299f1f8
29 changed files with 3764 additions and 13 deletions

View File

@@ -2,6 +2,15 @@
## [ztcuui-aio-0.0.3](https://github.com/truecharts/apps/compare/ztcuui-aio-0.0.2...ztcuui-aio-0.0.3) (2022-07-27)
### Feat
- Fix scale permission ([#3314](https://github.com/truecharts/apps/issues/3314))
## [ztcuui-aio-0.0.2](https://github.com/truecharts/apps/compare/ztcuui-aio-0.0.1...ztcuui-aio-0.0.2) (2022-07-26)
### Chore

View File

@@ -3,4 +3,4 @@ dependencies:
repository: https://library-charts.truecharts.org
version: 10.4.8
digest: sha256:57e44481adb7fd605739fb266e38ae0c04f147ec6de12d4423545322e1461bad
generated: "2022-07-26T16:44:43.138077816Z"
generated: "2022-07-27T09:46:54.862950536Z"

View File

@@ -17,7 +17,7 @@ maintainers:
name: ztcuui-aio
sources:
- https://github.com/key-networks/ztncui-aio
version: 0.0.2
version: 0.0.3
annotations:
truecharts.org/catagories: |
- network

View File

@@ -1,6 +1,6 @@
# ztcuui-aio
![Version: 0.0.2](https://img.shields.io/badge/Version-0.0.2-informational?style=flat-square) ![AppVersion: 1.2.11](https://img.shields.io/badge/AppVersion-1.2.11-informational?style=flat-square)
![Version: 0.0.3](https://img.shields.io/badge/Version-0.0.3-informational?style=flat-square) ![AppVersion: 1.2.11](https://img.shields.io/badge/AppVersion-1.2.11-informational?style=flat-square)
ZeroTier network controller user interface in a Docker container

View File

@@ -11,10 +11,12 @@ podSecurityContext:
runAsUser: 0
runAsGroup: 0
secretEnv:
ZTNCUI_PASSWD: "CHANGEME"
env:
HTTP_PORT: "{{ .Values.service.main.ports.main.port }}"
HTTP_ALL_INTERFACES: "yes"
ZTNCUI_PASSWD: "CHANGEME"
NODE_ENV: "production"
MYDOMAIN: "test.truecharts.org"
@@ -23,7 +25,7 @@ service:
ports:
main:
port: 10258
protocol: "HTTPS"
# protocol: "HTTPS"
other:
enabled: true
ports:

View File

@@ -168,9 +168,9 @@ questions:
label: "Value"
schema:
type: string
- variable: env
- variable: secretEnv
group: "Container Configuration"
label: "Image Environment"
label: "Image Secrets"
schema:
additional_attrs: true
type: dict
@@ -181,7 +181,20 @@ questions:
schema:
type: string
private: true
default: "CHANGEME"
default: ""
- variable: env
group: "Container Configuration"
label: "Image Environment"
schema:
additional_attrs: true
type: dict
attrs:
- variable: MYDOMAIN
label: "MYDOMAIN"
description: "MYDOMAIN"
schema:
type: string
default: ""
- variable: TZ
label: "Timezone"
group: "Container Configuration"
@@ -401,7 +414,7 @@ questions:
label: "Port Type"
schema:
type: string
default: "HTTPS"
default: "HTTP"
enum:
- value: HTTP
description: "HTTP"
@@ -1914,7 +1927,7 @@ questions:
label: "ReadOnly Root Filesystem"
schema:
type: boolean
default: true
default: false
- variable: allowPrivilegeEscalation
label: "Allow Privilege Escalation"
schema:
@@ -1924,7 +1937,7 @@ questions:
label: "runAsNonRoot"
schema:
type: boolean
default: true
default: false
- variable: capabilities
label: "Capabilities"
schema:
@@ -1964,13 +1977,13 @@ questions:
description: "The UserID of the user running the application"
schema:
type: int
default: 568
default: 0
- variable: runAsGroup
label: "runAsGroup"
description: "The groupID this App of the user running the application"
schema:
type: int
default: 568
default: 0
- variable: fsGroup
label: "fsGroup"
description: "The group that should own ALL storage."

View File

@@ -0,0 +1,99 @@
# Changelog
## [nextcloud-15.2.30](https://github.com/truecharts/apps/compare/nextcloud-15.2.29...nextcloud-15.2.30) (2022-07-26)
## [nextcloud-15.2.29](https://github.com/truecharts/apps/compare/nextcloud-15.2.28...nextcloud-15.2.29) (2022-07-26)
### Chore
- update home links ([#3291](https://github.com/truecharts/apps/issues/3291))
- update helm general non-major helm releases ([#3302](https://github.com/truecharts/apps/issues/3302))
## [nextcloud-15.2.28](https://github.com/truecharts/apps/compare/nextcloud-15.2.27...nextcloud-15.2.28) (2022-07-25)
### Chore
- Auto-update chart README [skip ci]
- update docker general non-major ([#3295](https://github.com/truecharts/apps/issues/3295))
## [nextcloud-15.2.28](https://github.com/truecharts/apps/compare/nextcloud-15.2.27...nextcloud-15.2.28) (2022-07-25)
### Chore
- update docker general non-major ([#3295](https://github.com/truecharts/apps/issues/3295))
## [nextcloud-15.2.27](https://github.com/truecharts/apps/compare/nextcloud-15.2.26...nextcloud-15.2.27) (2022-07-25)
### Chore
- update docker general non-major ([#3290](https://github.com/truecharts/apps/issues/3290))
## [nextcloud-15.2.26](https://github.com/truecharts/apps/compare/nextcloud-15.2.25...nextcloud-15.2.26) (2022-07-23)
### Chore
- Auto-update chart README [skip ci]
- Auto-update chart README [skip ci]
- update helm general non-major helm releases ([#3280](https://github.com/truecharts/apps/issues/3280))
## [nextcloud-15.2.26](https://github.com/truecharts/apps/compare/nextcloud-15.2.25...nextcloud-15.2.26) (2022-07-23)
### Chore
- Auto-update chart README [skip ci]
- update helm general non-major helm releases ([#3280](https://github.com/truecharts/apps/issues/3280))
## [nextcloud-15.2.26](https://github.com/truecharts/apps/compare/nextcloud-15.2.25...nextcloud-15.2.26) (2022-07-23)
### Chore
- update helm general non-major helm releases ([#3280](https://github.com/truecharts/apps/issues/3280))
## [nextcloud-15.2.25](https://github.com/truecharts/apps/compare/nextcloud-15.2.24...nextcloud-15.2.25) (2022-07-23)
### Chore
- update docker general non-major ([#3276](https://github.com/truecharts/apps/issues/3276))
## [nextcloud-15.2.24](https://github.com/truecharts/apps/compare/nextcloud-15.2.23...nextcloud-15.2.24) (2022-07-23)
### Chore
- update helm general non-major helm releases ([#3274](https://github.com/truecharts/apps/issues/3274))
## [nextcloud-15.2.23](https://github.com/truecharts/apps/compare/nextcloud-15.2.21...nextcloud-15.2.23) (2022-07-22)
### Chore

View File

@@ -0,0 +1,15 @@
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 10.4.8
- name: postgresql
repository: https://charts.truecharts.org/
version: 8.0.48
- name: collabora-online
repository: https://charts.truecharts.org/
version: 12.1.23
- name: redis
repository: https://charts.truecharts.org
version: 3.0.46
digest: sha256:167bb8c3b07a8e611c3aca56689b3aae87cfbd275edcc0076dcacb1bd862cf96
generated: "2022-07-27T09:47:07.687267Z"

View File

@@ -0,0 +1,46 @@
apiVersion: v2
appVersion: "24.0.3"
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 10.4.8
- condition: postgresql.enabled
name: postgresql
repository: https://charts.truecharts.org/
version: 8.0.48
- condition: collabora.enabled
name: collabora-online
repository: https://charts.truecharts.org/
version: 12.1.23
- condition: redis.enabled
name: redis
repository: https://charts.truecharts.org
version: 3.0.46
deprecated: false
description:
A private cloud server that puts the control and security of your own
data back into your hands.
home: https://github.com/truecharts/charts/tree/master/charts/stable/nextcloud
icon: https://truecharts.org/img/chart-icons/nextcloud.png
keywords:
- nextcloud
- storage
- http
- web
- php
kubeVersion: ">=1.16.0-0"
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: https://truecharts.org
name: nextcloud
sources:
- https://github.com/nextcloud/docker
- https://github.com/nextcloud/helm
type: application
version: 15.2.30
annotations:
truecharts.org/catagories: |
- cloud
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U

View File

@@ -0,0 +1,111 @@
# nextcloud
![Version: 15.2.30](https://img.shields.io/badge/Version-15.2.30-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 24.0.3](https://img.shields.io/badge/AppVersion-24.0.3-informational?style=flat-square)
A private cloud server that puts the control and security of your own data back into your hands.
TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
This readme is just an automatically generated general guide on installing our Helm Charts and Apps.
For more information, please click here: [nextcloud](https://truecharts.org/docs/charts/stable/nextcloud)
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
## Source Code
* <https://github.com/nextcloud/docker>
* <https://github.com/nextcloud/helm>
## Requirements
Kubernetes: `>=1.16.0-0`
## Dependencies
| Repository | Name | Version |
|------------|------|---------|
| https://charts.truecharts.org/ | collabora-online | 12.1.23 |
| https://charts.truecharts.org/ | postgresql | 8.0.48 |
| https://charts.truecharts.org | redis | 3.0.46 |
| https://library-charts.truecharts.org | common | 10.4.8 |
## Installing the Chart
### TrueNAS SCALE
To install this App on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/docs/manual/Quick-Start%20Guides/02-Installing-an-App/).
### Helm
To install the chart with the release name `nextcloud`
```console
helm repo add TrueCharts https://helm.truecharts.org
helm repo update
helm install nextcloud TrueCharts/nextcloud
```
## Uninstall
### TrueNAS SCALE
**Upgrading, Rolling Back and Uninstalling the Chart**
To upgrade, rollback or delete this App from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/docs/manual/Quick-Start%20Guides/04-Upgrade-rollback-delete-an-App/).
### Helm
To uninstall the `nextcloud` deployment
```console
helm uninstall nextcloud
```
## Configuration
### Helm
#### Available Settings
Read through the [values.yaml](./values.yaml) file. It has several commented out suggested values.
Other values may be used from the [values.yaml](https://github.com/truecharts/library-charts/tree/main/charts/stable/common/values.yaml) from the [common library](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common).
#### Configure using the Commandline
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
```console
helm install nextcloud \
--set env.TZ="America/New York" \
TrueCharts/nextcloud
```
#### Configure using a yaml file
Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart.
```console
helm install nextcloud TrueCharts/nextcloud -f values.yaml
```
#### Connecting to other apps
If you need to connect this App to other Apps on TrueNAS SCALE, please refer to our [Linking Apps Internally](https://truecharts.org/docs/manual/Quick-Start%20Guides/06-linking-apps/) quick-start guide.
## Support
- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/docs/manual/SCALE%20Apps/Quick-Start%20Guides/Important-MUST-READ).
- See the [Website](https://truecharts.org)
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
- Open a [issue](https://github.com/truecharts/apps/issues/new/choose)
---
## Sponsor TrueCharts
TrueCharts can only exist due to the incredible effort of our staff.
Please consider making a [donation](https://truecharts.org/docs/about/sponsor) or contributing back to the project any way you can!
---
All Rights Reserved - The TrueCharts Project

View File

@@ -0,0 +1,8 @@
A private cloud server that puts the control and security of your own data back into your hands.
This App is supplied by TrueCharts, for more information visit the manual: https://truecharts.org/charts/stable/nextcloud
---
TrueCharts can only exist due to the incredible effort of our staff.
Please consider making a [donation](https://truecharts.org/docs/about/sponsor) or contributing back to the project any way you can!

Binary file not shown.

Binary file not shown.

Binary file not shown.

View File

@@ -0,0 +1,11 @@
env:
# IP used for exposing nextcloud
# Often the service or nodePort IP
AccessIP: "127.0.0.1"
service:
main:
ports:
main:
port: 8080
targetPort: 8080

View File

@@ -0,0 +1,423 @@
image:
repository: tccr.io/truecharts/nextcloud-fpm
pullPolicy: IfNotPresent
tag: v24.0.3@sha256:a307c7d49d5c7c691916f2e6bdbb10bc698bbd58498de12c4db992c4755a7018
nginxImage:
repository: tccr.io/truecharts/nginx-unprivileged
pullPolicy: IfNotPresent
tag: 1.23.1@sha256:54510c4a9a85d0e4e3cfdad07bc26e5ca13065c3007d5e2170f5cc2931de76d8
imaginaryImage:
repository: h2non/imaginary
pullPolicy: IfNotPresent
tag: 1.2.4@sha256:7facb4221047a5e79b9e902f380247f4e5bf4376400d0badbeb738d3e1c2f654
securityContext:
readOnlyRootFilesystem: false
runAsNonRoot: false
podSecurityContext:
runAsUser: 0
runAsGroup: 0
fsGroup: 33
service:
main:
ports:
main:
port: 10020
targetPort: 8080
backend:
enabled: true
ports:
hpb:
enabled: true
port: 7867
targetPort: 7867
hpb-metrics:
enabled: true
port: 7868
targetPort: 7868
fpm:
enabled: true
port: 9000
targetPort: 9000
imaginary:
enabled: true
port: 9090
targetPort: 9090
hostAliases:
- ip: '{{ .Values.env.AccessIP | default "127.0.0.1" }}'
hostnames:
- "{{ if .Values.ingress.main.enabled }}{{ with (first .Values.ingress.main.hosts) }}{{ .host }}{{ end }}{{ else }}placeholder.fakedomain.dns{{ end }}"
secretEnv:
NEXTCLOUD_ADMIN_USER: "admin"
NEXTCLOUD_ADMIN_PASSWORD: "adminpass"
probes:
liveness:
custom: true
spec:
initialDelaySeconds: 25
httpGet:
path: /status.php
port: 8080
httpHeaders:
- name: Host
value: "test.fakedomain.dns"
readiness:
custom: true
spec:
initialDelaySeconds: 25
httpGet:
path: /status.php
port: 8080
httpHeaders:
- name: Host
value: "test.fakedomain.dns"
startup:
custom: true
spec:
initialDelaySeconds: 25
httpGet:
path: /status.php
port: 8080
httpHeaders:
- name: Host
value: "test.fakedomain.dns"
initContainers:
prestart:
image: '{{ include "tc.common.images.selector" . }}'
securityContext:
runAsUser: 0
runAsGroup: 0
privileged: true
command:
- "/bin/sh"
- "-c"
- |
/bin/bash <<'EOF'
if [[ -f /data/config/config.php ]] && [[ ! -f /html/config/config.php ]]; then
echo "migrating from single to dual PVC's..."
echo "moving to placeholder location..."
mv -f /var/www/html/data/* /var/www/html/data/tomigrate/
echo "moving userdata to data-pvc root..."
mv -f /var/www/html/data/tomigrate/data/* /var/www/html/data/
echo "removing old data folder..."
rm -rf /var/www/html/data/tomigrate/data
echo "moving config, apps, templates and other content to html-pvc root..."
mv -f /var/www/html/data/tomigrate/* /var/www/html/
echo "Removing migration temporary folder..."
rm -rf /var/www/html/data/tomigrate
fi
echo "Enforcing chmod 770 on data-dir..."
chmod 770 /var/www/html/data
echo "Migrating old data when found..."
EOF
volumeMounts:
- name: data
mountPath: "/var/www/html/data"
- name: html
mountPath: "/var/www/html"
env:
# IP used for exposing nextcloud
# Often the service or nodePort IP
# Defaults to the main serviceName for CI purposes.
AccessIP:
NEXTCLOUD_INIT_HTACCESS: true
PHP_MEMORY_LIMIT: 1G
PHP_UPLOAD_LIMIT: 10G
NEXTCLOUD_CHUNKSIZE: "31457280"
TRUSTED_PROXIES: "172.16.0.0/16 127.0.0.1"
POSTGRES_DB: "{{ .Values.postgresql.postgresqlDatabase }}"
POSTGRES_USER: "{{ .Values.postgresql.postgresqlUsername }}"
POSTGRES_PASSWORD:
secretKeyRef:
name: dbcreds
key: postgresql-password
POSTGRES_HOST:
secretKeyRef:
name: dbcreds
key: plainporthost
REDIS_HOST:
secretKeyRef:
name: rediscreds
key: plainhost
REDIS_HOST_PASSWORD:
secretKeyRef:
name: rediscreds
key: redis-password
envFrom:
- configMapRef:
name: nextcloudconfig
persistence:
html:
enabled: true
mountPath: "/var/www/html"
data:
enabled: true
mountPath: "/var/www/html/data"
varrun:
enabled: true
cache:
enabled: true
type: emptyDir
mountPath: /var/cache/nginx
medium: Memory
nginx:
enabled: "true"
mountPath: "/etc/nginx"
noMount: true
readOnly: true
type: "custom"
volumeSpec:
configMap:
name: '{{ include "tc.common.names.fullname" . }}-nginx'
items:
- key: nginx.conf
path: nginx.conf
configmap:
nginx:
enabled: true
data:
nginx.conf: |-
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
# Prevent nginx HTTP Server Detection
server_tokens off;
keepalive_timeout 65;
#gzip on;
upstream php-handler {
server 127.0.0.1:9000;
}
server {
listen 8080;
absolute_redirect off;
# Forward Notify_Push "High Performance Backend" to it's own container
location ^~ /push/ {
proxy_pass http://127.0.0.1:7867/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# HSTS settings
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Pagespeed is not supported by Nextcloud, so if your server is built
# with the `ngx_pagespeed` module, uncomment this line to disable it.
#pagespeed off;
# HTTP response headers borrowed from Nextcloud `.htaccess`
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/html;
# Specify how to handle directories -- specifying `/index.php$request_uri`
# here as the fallback means that Nginx always exhibits the desired behaviour
# when a client requests a path that corresponds to a directory that exists
# on the server. In particular, if that directory contains an index.php file,
# that file is correctly served; if it doesn't, then the request is passed to
# the front-end controller. This consistent behaviour means that we don't need
# to specify custom rules for certain paths (e.g. images and other assets,
# `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
# `try_files $uri $uri/ /index.php$request_uri`
# always provides the desired behaviour.
index index.php index.html /index.php$request_uri;
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
location = / {
if ( $http_user_agent ~ ^DavClnt ) {
return 302 /remote.php/webdav/$is_args$args;
}
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Make a regex exception for `/.well-known` so that clients can still
# access it despite the existence of the regex rule
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
# for `/.well-known`.
location ^~ /.well-known {
# The rules in this block are an adaptation of the rules
# in `.htaccess` that concern `/.well-known`.
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
# according to the documentation these two lines are not necessary, but some users are still recieving errors
location = /.well-known/webfinger { return 301 /index.php$uri; }
location = /.well-known/nodeinfo { return 301 /index.php$uri; }
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
# Let Nextcloud's API for `/.well-known` URIs handle all other
# requests by passing them to the front-end controller.
return 301 /index.php$request_uri;
}
# Rules borrowed from `.htaccess` to hide certain paths from clients
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
# which handle static assets (as seen below). If this block is not declared first,
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
# to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) {
# Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
#fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
fastcgi_send_timeout 300s;
fastcgi_read_timeout 300s;
}
location ~ \.(?:css|js|svg|gif)$ {
try_files $uri /index.php$request_uri;
expires 6M; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
location ~ \.woff2?$ {
try_files $uri /index.php$request_uri;
expires 7d; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
# Rule borrowed from `.htaccess`
location /remote {
return 301 /remote.php$request_uri;
}
location / {
try_files $uri $uri/ /index.php$request_uri;
}
}
}
cronjob:
enabled: true
generatePreviews: true
schedule: "*/5 * * * *"
annotations: {}
failedJobsHistoryLimit: 5
successfulJobsHistoryLimit: 2
hpb:
enabled: true
imaginary:
enabled: true
collabora:
enabled: false
env:
aliasgroup1:
configMapRef:
name: nextcloudconfig
key: aliasgroup1
dictionaries: "de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru"
extra_params: "--o:welcome.enable=false --o:logging.level=information --o:user_interface.mode=notebookbar --o:ssl.termination=true --o:ssl.enable=false "
server_name: ""
DONT_GEN_SSL_CERT: true
postgresql:
enabled: true
existingSecret: "dbcreds"
postgresqlUsername: nextcloud
postgresqlDatabase: nextcloud
redis:
enabled: true
existingSecret: "rediscreds"

File diff suppressed because it is too large Load Diff

View File

@@ -0,0 +1,36 @@
{{/* Define the configmap */}}
{{- define "nextcloud.configmap" -}}
{{- $hosts := "" }}
{{- if .Values.ingress.main.enabled }}
{{- range .Values.ingress }}
{{- range $index, $host := .hosts }}
{{- if $index }}
{{ $hosts = ( printf "%v %v" $hosts $host.host ) }}
{{- else }}
{{ $hosts = ( printf "%s" $host.host ) }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nextcloudconfig
data:
{{- $aliasgroup1 := ( printf "http://%s" ( .Values.env.AccessIP | default ( printf "%v-%v" .Release.Name "nextcloud" ) ) ) }}
{{- if .Values.ingress.main.enabled }}
{{- with (first .Values.ingress.main.hosts) }}
{{- $aliasgroup1 = ( printf "https://%s" .host ) }}
{{- end }}
{{- end }}
aliasgroup1: {{ $aliasgroup1 }}
NEXTCLOUD_TRUSTED_DOMAINS: {{ ( printf "%v %v %v %v %v %v %v %v" "test.fakedomain.dns" "localhost" "127.0.0.1" ( printf "%v:%v" "127.0.0.1" .Values.service.main.ports.main.port ) ( .Values.env.AccessIP | default "localhost" ) ( printf "%v-%v" .Release.Name "nextcloud" ) ( printf "%v-%v" .Release.Name "nextcloud-backend" ) $hosts ) | quote }}
{{- if .Values.ingress.main.enabled }}
APACHE_DISABLE_REWRITE_IP: "1"
{{- end }}
{{- end -}}

View File

@@ -0,0 +1,64 @@
{{/* Define the cronjob */}}
{{- define "nextcloud.cronjob" -}}
{{- if .Values.cronjob.enabled -}}
{{- $jobName := include "tc.common.names.fullname" . }}
---
apiVersion: batch/v1
kind: CronJob
metadata:
name: {{ printf "%s-cronjob" $jobName }}
labels:
{{- include "tc.common.labels" . | nindent 4 }}
spec:
schedule: "{{ .Values.cronjob.schedule }}"
concurrencyPolicy: Forbid
{{- with .Values.cronjob.failedJobsHistoryLimit }}
failedJobsHistoryLimit: {{ . }}
{{- end }}
{{- with .Values.cronjob.successfulJobsHistoryLimit }}
successfulJobsHistoryLimit: {{ . }}
{{- end }}
jobTemplate:
metadata:
spec:
template:
metadata:
spec:
restartPolicy: Never
{{- with (include "tc.common.controller.volumes" . | trim) }}
volumes:
{{- nindent 12 . }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: '{{ include "tc.common.images.selector" . }}'
imagePullPolicy: {{ default .Values.image.pullPolicy }}
command:
- "/bin/sh"
- "-c"
- |
/bin/bash <<'EOF'
echo "running nextcloud cronjob..."
php -f /var/www/html/cron.php
echo "cronjob finished"
{{- if .Values.cronjob.generatePreviews }}
echo "Pre-generating Previews..."
php /var/www/html/occ preview:pre-generate
echo "Previews generated."
{{- end }}
EOF
# Will mount configuration files as www-data (id: 33) by default for nextcloud
{{- with (include "tc.common.controller.volumeMounts" . | trim) }}
volumeMounts:
{{ nindent 16 . }}
{{- end }}
securityContext:
runAsUser: 33
runAsGroup: 33
readOnlyRootFilesystem: true
runAsNonRoot: true
resources:
{{ toYaml .Values.resources | indent 16 }}
{{- end -}}
{{- end -}}

View File

@@ -0,0 +1,133 @@
{{/* Define the hbp container */}}
{{- define "nextcloud.hpb" -}}
{{- $jobName := include "tc.common.names.fullname" . }}
image: '{{ include "tc.common.images.selector" . }}'
imagePullPolicy: '{{ .Values.image.pullPolicy }}'
securityContext:
runAsUser: 33
runAsGroup: 33
readOnlyRootFilesystem: true
runAsNonRoot: true
{{- with (include "tc.common.controller.volumeMounts" . | trim) }}
volumeMounts:
{{ nindent 2 . }}
{{- end }}
ports:
- containerPort: 7867
readinessProbe:
httpGet:
path: /push/test/cookie
port: 7867
httpHeaders:
- name: Host
value: "test.fakedomain.dns"
initialDelaySeconds: {{ .Values.probes.readiness.spec.initialDelaySeconds }}
periodSeconds: {{ .Values.probes.readiness.spec.periodSeconds }}
timeoutSeconds: {{ .Values.probes.readiness.spec.timeoutSeconds }}
failureThreshold: {{ .Values.probes.readiness.spec.failureThreshold }}
livenessProbe:
httpGet:
path: /push/test/cookie
port: 7867
httpHeaders:
- name: Host
value: "test.fakedomain.dns"
initialDelaySeconds: {{ .Values.probes.liveness.spec.initialDelaySeconds }}
periodSeconds: {{ .Values.probes.liveness.spec.periodSeconds }}
timeoutSeconds: {{ .Values.probes.liveness.spec.timeoutSeconds }}
failureThreshold: {{ .Values.probes.liveness.spec.failureThreshold }}
startupProbe:
httpGet:
path: /push/test/cookie
port: 7867
httpHeaders:
- name: Host
value: "test.fakedomain.dns"
initialDelaySeconds: {{ .Values.probes.startup.spec.initialDelaySeconds }}
periodSeconds: {{ .Values.probes.startup.spec.periodSeconds }}
timeoutSeconds: {{ .Values.probes.startup.spec.timeoutSeconds }}
failureThreshold: {{ .Values.probes.startup.spec.failureThreshold }}
command:
- "/bin/sh"
- "-c"
- |
/bin/bash <<'EOF'
set -m
echo "Waiting for notify_push file to be available..."
until [ -f /var/www/html/custom_apps/notify_push/bin/x86_64/notify_push ]
do
sleep 10
echo "Notify_push not found... waiting..."
done
echo "Waiting for Nextcloud to start..."
until $(curl --output /dev/null --silent --head --fail -H "Host: test.fakedomain.dns" http://127.0.0.1:8080/status.php); do
echo "Nextcloud not found... waiting..."
sleep 10
done
until $(curl --silent --fail -H "Host: test.fakedomain.dns" http://127.0.0.1:8080/status.php | jq --raw-output '.installed' | grep "true"); do
echo "Nextcloud not installed... waiting..."
sleep 10
done
echo "Nextcloud instance with Notify_push found... Launching High Performance Backend..."
/var/www/html/custom_apps/notify_push/bin/x86_64/notify_push /var/www/html/config/config.php &
{{- if .Values.imaginary.enabled }}
echo "Imaginary High Performance Previews enabled, enabling it on Nextcloud..."
php /var/www/html/occ config:system:set enabledPreviewProviders 6 --value='OC\Preview\Imaginary'
php /var/www/html/occ config:system:set preview_imaginary_url --value='http://127.0.0.1:9090'
{{- end }}
until $(curl --output /dev/null --silent --head --fail -H "Host: test.fakedomain.dns" http://127.0.0.1:7867/push/test/cookie); do
echo "High Performance Backend not running ... waiting..."
sleep 10
done
{{- $accessurl := ( printf "http://%v:%v" ( .Values.env.AccessIP | default ( printf "%v-%v" .Release.Name "nextcloud" ) ) .Values.service.main.ports.main.port ) }}
{{- if .Values.ingress.main.enabled }}
{{- with (first .Values.ingress.main.hosts) }}
{{- $accessurl = ( printf "https://%s" .host ) }}
{{- end }}
{{- end }}
until $(curl --output /dev/null --silent --head --fail {{ $accessurl }}/push/test/cookie); do
echo "High Performance Backend service not accessable ... waiting..."
sleep 10
done
echo "High Performance Backend found..."
echo "Configuring High Performance Backend for url: {{ $accessurl }}"
php /var/www/html/occ notify_push:setup {{ $accessurl }}/push
fg
EOF
env:
- name: NEXTCLOUD_URL
value: 'http://127.0.0.1:8080'
- name: METRICS_PORT
value: '7868'
- name: TRUSTED_PROXIES
value: "{{ .Values.env.TRUSTED_PROXIES }}"
- name: POSTGRES_DB
value: "{{ .Values.postgresql.postgresqlDatabase }}"
- name: POSTGRES_USER
value: "{{ .Values.postgresql.postgresqlUsername }}"
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: dbcreds
key: postgresql-password
- name: POSTGRES_HOST
valueFrom:
secretKeyRef:
name: dbcreds
key: plainporthost
- name: REDIS_HOST
valueFrom:
secretKeyRef:
name: rediscreds
key: plainhost
- name: REDIS_HOST_PASSWORD
valueFrom:
secretKeyRef:
name: rediscreds
key: redis-password
envFrom:
- configMapRef:
name: nextcloudconfig
{{- end -}}

View File

@@ -0,0 +1,40 @@
{{/* Define the imaginary container */}}
{{- define "nextcloud.imaginary" -}}
image: {{ .Values.imaginaryImage.repository }}:{{ .Values.imaginaryImage.tag }}
imagePullPolicy: '{{ .Values.image.pullPolicy }}'
securityContext:
runAsUser: 33
runAsGroup: 33
readOnlyRootFilesystem: true
runAsNonRoot: true
ports:
- containerPort: 9090
args: ["-enable-url-source"]
env:
- name: 'PORT'
value: '9090'
readinessProbe:
httpGet:
path: /
port: 9090
initialDelaySeconds: {{ .Values.probes.readiness.spec.initialDelaySeconds }}
periodSeconds: {{ .Values.probes.readiness.spec.periodSeconds }}
timeoutSeconds: {{ .Values.probes.readiness.spec.timeoutSeconds }}
failureThreshold: {{ .Values.probes.readiness.spec.failureThreshold }}
livenessProbe:
httpGet:
path: /
port: 9090
initialDelaySeconds: {{ .Values.probes.liveness.spec.initialDelaySeconds }}
periodSeconds: {{ .Values.probes.liveness.spec.periodSeconds }}
timeoutSeconds: {{ .Values.probes.liveness.spec.timeoutSeconds }}
failureThreshold: {{ .Values.probes.liveness.spec.failureThreshold }}
startupProbe:
httpGet:
path: /
port: 9090
initialDelaySeconds: {{ .Values.probes.startup.spec.initialDelaySeconds }}
periodSeconds: {{ .Values.probes.startup.spec.periodSeconds }}
timeoutSeconds: {{ .Values.probes.startup.spec.timeoutSeconds }}
failureThreshold: {{ .Values.probes.startup.spec.failureThreshold }}
{{- end -}}

View File

@@ -0,0 +1,54 @@
{{/* Define the nginx container */}}
{{- define "nextcloud.nginx" -}}
image: {{ .Values.nginxImage.repository }}:{{ .Values.nginxImage.tag }}
imagePullPolicy: '{{ .Values.image.pullPolicy }}'
securityContext:
runAsUser: 33
runAsGroup: 33
readOnlyRootFilesystem: true
runAsNonRoot: true
{{- with (include "tc.common.controller.volumeMounts" . | trim) }}
volumeMounts:
{{ nindent 2 . }}
{{- end }}
- mountPath: /etc/nginx/nginx.conf
name: nginx
readOnly: true
subPath: nginx.conf
ports:
- containerPort: 8080
readinessProbe:
httpGet:
path: /robots.txt
port: 8080
httpHeaders:
- name: Host
value: "test.fakedomain.dns"
initialDelaySeconds: {{ .Values.probes.readiness.spec.initialDelaySeconds }}
periodSeconds: {{ .Values.probes.readiness.spec.periodSeconds }}
timeoutSeconds: {{ .Values.probes.readiness.spec.timeoutSeconds }}
failureThreshold: {{ .Values.probes.readiness.spec.failureThreshold }}
livenessProbe:
httpGet:
path: /robots.txt
port: 8080
httpHeaders:
- name: Host
value: "test.fakedomain.dns"
initialDelaySeconds: {{ .Values.probes.liveness.spec.initialDelaySeconds }}
periodSeconds: {{ .Values.probes.liveness.spec.periodSeconds }}
timeoutSeconds: {{ .Values.probes.liveness.spec.timeoutSeconds }}
failureThreshold: {{ .Values.probes.liveness.spec.failureThreshold }}
startupProbe:
httpGet:
path: /robots.txt
port: 8080
httpHeaders:
- name: Host
value: "test.fakedomain.dns"
initialDelaySeconds: {{ .Values.probes.startup.spec.initialDelaySeconds }}
periodSeconds: {{ .Values.probes.startup.spec.periodSeconds }}
timeoutSeconds: {{ .Values.probes.startup.spec.timeoutSeconds }}
failureThreshold: {{ .Values.probes.startup.spec.failureThreshold }}
{{- end -}}

View File

@@ -0,0 +1,22 @@
{{/* Make sure all variables are set properly */}}
{{- include "tc.common.loader.init" . }}
{{/* Render configmap for nextcloud */}}
{{- include "nextcloud.configmap" . }}
{{- $newMiddlewares := append .Values.ingress.main.fixedMiddlewares "tc-nextcloud-chain" }}
{{- $_ := set .Values.ingress.main "fixedMiddlewares" $newMiddlewares -}}
{{- $_ := set .Values.additionalContainers "nginx" (include "nextcloud.nginx" . | fromYaml) -}}
{{- if .Values.imaginary.enabled -}}
{{- $_ := set .Values.additionalContainers "imaginary" (include "nextcloud.imaginary" . | fromYaml) -}}
{{- end -}}
{{- if .Values.hpb.enabled -}}
{{- $_ := set .Values.additionalContainers "hpb" (include "nextcloud.hpb" . | fromYaml) -}}
{{- end -}}
{{/* Render the templates */}}
{{ include "tc.common.loader.apply" . }}
{{/* Render cronjob for nextcloud */}}
{{- include "nextcloud.cronjob" . }}

View File