FrankelJb · March 6, 2023 09:23
diff --git a/nextcloud-helm.yaml b/nextcloud-helm.yaml
 values:
    replicaCount: 1
    image:
      repository: gitea.${ROOT_DOMAIN}/gitea_admin/nextcloud-supervisord
      tag: 25.0.4
    internalDatabase:
      enabled: false
    externalDatabase:
      enabled: true
      host: ${POSTGRESQL_HOST}
      type: postgresql
      existingSecret:
        enabled: true
        secretName: nextcloud-secret
        usernameKey: DB_USER
        passwordKey: DB_PASS
    extraEnv:
      - name: OVERWRITEPROTOCOL
        value: https
      - name: OIDC_LOGIN_CLIENT_SECRET
        valueFrom:
          secretKeyRef:
            name: nextcloud-secret
            key: OIDC_LOGIN_CLIENT_SECRET
      - name: PHP_MEMORY_LIMIT
        value: 10G
      - name: REDIS_HOST
        value: ${REDIS_HOST}
      - name: REDIS_HOST_PORT
        value: "6379"
      - name: REDIS_HOST_PASSWORD
        value: ${REDIS_PASSWORD}
    nextcloud:
      configs:
        previews.config.php: |
          <?php
            $CONFIG = array (
            'preview_max_x' => 512,
            'preview_max_y' => 512,
            'enable_previews' => true,
            'enabledPreviewProviders' =>
              array (
                0 => 'OC\\Preview\\TXT',
                1 => 'OC\\Preview\\Image',
                2 => 'OC\\Preview\\Movie',
                3 => 'OC\\Preview\\MP4',
                4 => 'OC\\Preview\\HEIC',
              ),
            'previewgenerator' =>
              array (
                'squareSizes' => 256,
                'widthSizes' => 512,
                'heightSizes' => 512,
              ),
            );
        auth.config.php: |
          <?php
          $CONFIG = array (
              'allow_user_to_change_display_name' => false,
              'lost_password_link' => 'disabled',
              'oidc_login_provider_url' => 'https://auth.${ROOT_DOMAIN}',
              'oidc_login_client_id' => 'nextcloud',
              'oidc_login_client_secret' => getenv('OIDC_LOGIN_CLIENT_SECRET')
              'oidc_login_auto_redirect' => false,
              'oidc_login_end_session_redirect' => false,
              'oidc_login_button_text' => 'Log in with Authelia',
              'oidc_login_hide_password_form' => false,
              'oidc_login_use_id_token' => true,
              'oidc_login_attributes' => array (
                  'id' => 'preferred_username',
                  'name' => 'name',
                  'mail' => 'email',
                  'groups' => 'groups',
              ),
              'oidc_login_default_group' => 'oidc',
              'oidc_login_use_external_storage' => false,
              'oidc_login_scope' => 'openid profile email groups',
              'oidc_login_proxy_ldap' => false,
              'oidc_login_disable_registration' => true,
              'oidc_login_redir_fallback' => false,
              'oidc_login_alt_login_page' => 'assets/login.php',
              'oidc_login_tls_verify' => true,
              'oidc_create_groups' => false,
              'oidc_login_webdav_enabled' => false,
              'oidc_login_password_authentication' => false,
              'oidc_login_public_key_caching_time' => 86400,
              'oidc_login_min_time_between_jwks_requests' => 10,
              'oidc_login_well_known_caching_time' => 86400,
              'oidc_login_update_avatar' => false,
          );

      existingSecret:
        enabled: true
        secretName: nextcloud-secret
        usernameKey: ADMIN_USER
        passwordKey: ADMIN_PASS
      host: &host nextcloud.${ROOT_DOMAIN}
    resources:
      limits:
        cpu: 4000m
        memory: 16Gi
      requests:
        cpu: 1000m
        memory: 4Gi
    # this seems to be required for nextcloud initialization which takes a long time
    startupProbe:
      enabled: false
      initialDelaySeconds: 30
      periodSeconds: 10
      timeoutSeconds: 5
      failureThreshold: 30
      successThreshold: 1
    livenessProbe:
      enabled: false
    readinessProbe:
      enabled: false

    redis:
      enabled: false
    persistence:
      enabled: true
      existingClaim: nextcloud-pvc

    ingress:
      enabled: true
      className: nginx
      annotations:
        nginx.ingress.kubernetes.io/proxy-body-size: "10G"
        nginx.ingress.kubernetes.io/proxy-buffering: "off"
        nginx.ingress.kubernetes.io/proxy-request-buffering: "off"
        nginx.ingress.kubernetes.io/server-snippet: |-
          server_tokens off;
          proxy_hide_header X-Powered-By;
          rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
          rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
          rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
          location = /.well-known/carddav {
            return 301 $scheme://$host/remote.php/dav;
          }
          location = /.well-known/caldav {
            return 301 $scheme://$host/remote.php/dav;
          }
          location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
          }
          location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
            deny all;
          }
          location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
            deny all;
          }
      tls:
        - hosts:
            - *host
      path: /
      pathType: Prefix
	values:
	replicaCount: 1
	image:
	repository: gitea.${ROOT_DOMAIN}/gitea_admin/nextcloud-supervisord
	tag: 25.0.4
	internalDatabase:
	enabled: false
	externalDatabase:
	enabled: true
	host: ${POSTGRESQL_HOST}
	type: postgresql
	existingSecret:
	enabled: true
	secretName: nextcloud-secret
	usernameKey: DB_USER
	passwordKey: DB_PASS
	extraEnv:
	- name: OVERWRITEPROTOCOL
	value: https
	- name: OIDC_LOGIN_CLIENT_SECRET
	valueFrom:
	secretKeyRef:
	name: nextcloud-secret
	key: OIDC_LOGIN_CLIENT_SECRET
	- name: PHP_MEMORY_LIMIT
	value: 10G
	- name: REDIS_HOST
	value: ${REDIS_HOST}
	- name: REDIS_HOST_PORT
	value: "6379"
	- name: REDIS_HOST_PASSWORD
	value: ${REDIS_PASSWORD}
	nextcloud:
	configs:
	previews.config.php: \|
	<?php
	$CONFIG = array (
	'preview_max_x' => 512,
	'preview_max_y' => 512,
	'enable_previews' => true,
	'enabledPreviewProviders' =>
	array (
	0 => 'OC\\Preview\\TXT',
	1 => 'OC\\Preview\\Image',
	2 => 'OC\\Preview\\Movie',
	3 => 'OC\\Preview\\MP4',
	4 => 'OC\\Preview\\HEIC',
	),
	'previewgenerator' =>
	array (
	'squareSizes' => 256,
	'widthSizes' => 512,
	'heightSizes' => 512,
	),
	);
	auth.config.php: \|
	<?php
	$CONFIG = array (
	'allow_user_to_change_display_name' => false,
	'lost_password_link' => 'disabled',
	'oidc_login_provider_url' => 'https://auth.${ROOT_DOMAIN}',
	'oidc_login_client_id' => 'nextcloud',
	'oidc_login_client_secret' => getenv('OIDC_LOGIN_CLIENT_SECRET')
	'oidc_login_auto_redirect' => false,
	'oidc_login_end_session_redirect' => false,
	'oidc_login_button_text' => 'Log in with Authelia',
	'oidc_login_hide_password_form' => false,
	'oidc_login_use_id_token' => true,
	'oidc_login_attributes' => array (
	'id' => 'preferred_username',
	'name' => 'name',
	'mail' => 'email',
	'groups' => 'groups',
	),
	'oidc_login_default_group' => 'oidc',
	'oidc_login_use_external_storage' => false,
	'oidc_login_scope' => 'openid profile email groups',
	'oidc_login_proxy_ldap' => false,
	'oidc_login_disable_registration' => true,
	'oidc_login_redir_fallback' => false,
	'oidc_login_alt_login_page' => 'assets/login.php',
	'oidc_login_tls_verify' => true,
	'oidc_create_groups' => false,
	'oidc_login_webdav_enabled' => false,
	'oidc_login_password_authentication' => false,
	'oidc_login_public_key_caching_time' => 86400,
	'oidc_login_min_time_between_jwks_requests' => 10,
	'oidc_login_well_known_caching_time' => 86400,
	'oidc_login_update_avatar' => false,
	);

	existingSecret:
	enabled: true
	secretName: nextcloud-secret
	usernameKey: ADMIN_USER
	passwordKey: ADMIN_PASS
	host: &host nextcloud.${ROOT_DOMAIN}
	resources:
	limits:
	cpu: 4000m
	memory: 16Gi
	requests:
	cpu: 1000m
	memory: 4Gi
	# this seems to be required for nextcloud initialization which takes a long time
	startupProbe:
	enabled: false
	initialDelaySeconds: 30
	periodSeconds: 10
	timeoutSeconds: 5
	failureThreshold: 30
	successThreshold: 1
	livenessProbe:
	enabled: false
	readinessProbe:
	enabled: false

	redis:
	enabled: false
	persistence:
	enabled: true
	existingClaim: nextcloud-pvc

	ingress:
	enabled: true
	className: nginx
	annotations:
	nginx.ingress.kubernetes.io/proxy-body-size: "10G"
	nginx.ingress.kubernetes.io/proxy-buffering: "off"
	nginx.ingress.kubernetes.io/proxy-request-buffering: "off"
	nginx.ingress.kubernetes.io/server-snippet: \|-
	server_tokens off;
	proxy_hide_header X-Powered-By;
	rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
	rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
	rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
	location = /.well-known/carddav {
	return 301 $scheme://$host/remote.php/dav;
	}
	location = /.well-known/caldav {
	return 301 $scheme://$host/remote.php/dav;
	}
	location = /robots.txt {
	allow all;
	log_not_found off;
	access_log off;
	}
	location ~ ^/(?:build\|tests\|config\|lib\|3rdparty\|templates\|data)/ {
	deny all;
	}
	location ~ ^/(?:autotest\|occ\|issue\|indie\|db_\|console) {
	deny all;
	}
	tls:
	- hosts:
	- *host
	path: /
	pathType: Prefix