GHP publish

roles/nextcloud/defaults/main.yaml

@@ -0,0 +1,167 @@
+nextcloud_enabled: true
+nextcloud_publish: false
+nextcloud_use_external_db: true
+nextcloud_default_values:
+  image:
+    repository: nextcloud
+    tag: 19.0-apache
+    pullPolicy: Always
+  replicaCount: 1
+  ingress:
+    enabled: true
+    annotations: 
+      cert-manager.io/cluster-issuer: "letsencrypt-prod"
+      cert-manager.io/acme-dns01-provider: "rfc2136"
+      cert-manager.io/acme-challenge-type: "dns01"
+      kubernetes.io/ingress.class: "{{ external_ingress_class if nextcloud_publish else internal_ingress_class }}"
+      nginx.ingress.kubernetes.io/proxy-body-size: "0"
+      nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
+      nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
+      kubernetes.io/tls-acme: "true"
+      nginx.ingress.kubernetes.io/server-snippet: |-
+        server_tokens off;
+        proxy_hide_header X-Powered-By;
+  
+        rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
+        rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
+        rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
+        location = /.well-known/carddav {
+          return 301 $scheme://$host/remote.php/dav;
+        }
+        location = /.well-known/caldav {
+          return 301 $scheme://$host/remote.php/dav;
+        }
+        location = /robots.txt {
+          allow all;
+          log_not_found off;
+          access_log off;
+        }
+        location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
+          deny all;
+        }
+        location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
+          deny all;
+        }
+    tls:
+      - secretName: "nextcloud.{{ domain }}-tls"
+        hosts:
+          - "nextcloud.{{ domain }}"
+  nextcloud:
+    host: "nextcloud.{{ domain }}"
+    username: admin
+    password: "{{ nextcloud_pass | default(nextcloud_password) }}"
+    update: 0
+    datadir: /var/www/html/data
+    tableprefix:
+    mail:
+      enabled: true
+      fromAddress: nextcloud
+      domain: "{{ mail_domain | default(domain) }}"
+      smtp:
+        host: "mail.{{ mail_domain | default(domain) }}"
+        secure: ssl
+        port: 465
+        authtype: LOGIN
+        name: "{{ nexcloud_mail_user | default('nextcloud') }}"
+        password: "{{ nextcloud_mail_pass | default(nextcloud_mail_password) }}"
+    # PHP Configuration files
+    # Will be injected in /usr/local/etc/php/conf.d
+    phpConfigs: {}
+    # Default config files
+    # IMPORTANT: Will be used only if you put extra configs, otherwise default will come from nextcloud itself
+    # Default confgurations can be found here: https://github.com/nextcloud/docker/tree/master/16.0/apache/config
+    defaultConfigs:
+      # To protect /var/www/html/config
+      .htaccess: true
+      # Redis default configuration
+      redis.config.php: true
+      # Apache configuration for rewrite urls
+      apache-pretty-urls.config.php: true
+      # Define APCu as local cache
+      apcu.config.php: true
+      # Apps directory configs
+      apps.config.php: true
+      # Used for auto configure database
+      autoconfig.php: true
+      # SMTP default configuration
+      smtp.config.php: true
+    # Extra config files created in /var/www/html/config/
+    # ref: https://docs.nextcloud.com/server/15/admin_manual/configuration_server/config_sample_php_parameters.html#multiple-config-php-file
+    configs:
+      mail.fix.config.php: |-
+        <?php
+        $CONFIG = array (
+          "mail_smtptimeout"  => 60,
+        );
+      fix.config.php: |-
+        <?php
+        $CONFIG = array (
+          'trusted_proxies' => ['{{ web_proxy_internal_ip }}'],
+          'overwriteprotocol' => 'https',
+          'overwrite.cli.url' => 'https://nextcloud.{{ domain }}',
+          'mail_smtpstreamoptions' =>
+          array (
+            'ssl' =>
+            array (
+              'allow_self_signed' => true,
+              'verify_peer' => false,
+              'verify_peer_name' => false,
+            ),
+          ),
+        );
+    strategy:
+      type: RollingUpdate
+  internalDatabase:
+    enabled: false
+    name: nextcloud
+  # Disable Mariadb setup
+  mariadb:
+    enabled: false
+  # Enable Redis
+  redis:
+    enabled: true
+    usePassword: false
+    cluster:
+      enabled: false
+  ## External database configuration
+  externalDatabase:
+    enabled: true
+    ## Supported database engines: mysql or postgresql
+    type: postgresql
+    ## Database host
+    host: "{{ namespace }}-postgres.{{ postgres_db_namespace | default(namespace) }}.svc.cluster.local"
+    ## Database name
+    database: nextcloud
+    user: "{{ nextcloud_db_username }}"
+    password: "{{ nextcloud_db_password }}"
+
+  ## Cronjob to execute Nextcloud background tasks
+  ## ref: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/background_jobs_configuration.html#cron-jobs
+  ##
+  cronjob:
+    enabled: true
+    # Nexcloud image is used as default but only curl is needed
+    image:
+      repository: nextcloud
+      tag: 19.0-apache
+    schedule: "*/5 * * * *"
+    annotations: {}
+    # Set curl's insecure option if you use e.g. self-signed certificates
+    curlInsecure: false
+    failedJobsHistoryLimit: 1
+    successfulJobsHistoryLimit: 1
+  service:
+    type: ClusterIP
+    port: 8080
+    loadBalancerIP: nil
+  persistence:
+    # Nextcloud Data (/var/www/html)
+    enabled: true
+    storageClass: "{{ gitea_storage | default('nfs-ssd') }}"
+    accessMode: "{{ gitea_storage_mode | default('ReadWriteMany') }}"
+    size: "{{ gitea_size | default('20Gi') }}"
+  livenessProbe:
+    enabled: false
+  readinessProbe:
+    enabled: false
+