mastodon: bump to v4.5.3, helm chart 6.6.3

nextcloud: bump to v32.0.3, helm chart v8.7.0
nextcloud: add support for latest nextcloud helm chart 8.7.0 values
2026-01-05 17:43:16 +03:00 · 2026-01-05 17:42:48 +03:00 · 2026-01-05 17:42:37 +03:00
6 changed files with 19 additions and 19 deletions
--- a/inventory/ghp/sample/group_vars/all/versions.yaml
+++ b/inventory/ghp/sample/group_vars/all/versions.yaml
@@ -53,10 +53,10 @@ gitea_act_runner_version: 0.1.14
 harbor_version: 1.12.4

 # Mastodon
-mastodon_version: 6.5.4
+mastodon_version: 6.6.3

 # Nextcloud
-nextcloud_version: 5.0.2
+nextcloud_version: 8.7.0

 # Email
 dovecot_version: 0.1.8
--- a/roles/external-ingress-nginx/defaults/main.yaml
+++ b/roles/external-ingress-nginx/defaults/main.yaml
@@ -6,6 +6,7 @@ external_ingress_nginx_default_values:
      use-proxy-protocol: true
      use-forward-headers: true
      compute-full-forward-for: true
+      annotations-risk-level: Critical
    publishService:
      enabled: true
    scope:
@@ -17,3 +18,4 @@ external_ingress_nginx_default_values:
    ingressClassResource:
      name: "{{ external_ingress_class }}"
      controllerValue: "k8s.io/{{ external_ingress_class }}"
+    allowSnippetAnnotations: true
--- a/roles/gitea/defaults/main.yaml
+++ b/roles/gitea/defaults/main.yaml
@@ -122,6 +122,8 @@ gitea_publish_ingress_nginx_values:
 gitea_ingress_nginx_chart_ref: "ingress-nginx/ingress-nginx"
 gitea_ingress_nginx_default_values:
  controller:
+    config:
+      annotations-risk-level: Critical
    containerPort:
      ssh: 22
      http: 80
@@ -148,6 +150,7 @@ gitea_ingress_nginx_default_values:
    ingressClassResource:
      name: "{{ gitea_ingress_class }}"
      controllerValue: "k8s.io/{{ gitea_ingress_class }}"
+    allowSnippetAnnotations: true
  tcp: 
    22: "{{ gitea_namespace | default(namespace) }}/{{ namespace }}-gitea-ssh:22"

--- a/roles/internal-ingress-nginx/defaults/main.yaml
+++ b/roles/internal-ingress-nginx/defaults/main.yaml
@@ -1,6 +1,8 @@
 internal_ingress_nginx_chart_ref: "ingress-nginx/ingress-nginx"
 internal_ingress_nginx_default_values:
  controller:
+    config:
+      annotations-risk-level: Critical
    publishService:
      enabled: true
    scope:
@@ -11,3 +13,4 @@ internal_ingress_nginx_default_values:
    ingressClassResource:
      name: "{{ internal_ingress_class }}"
      controllerValue: "k8s.io/{{ internal_ingress_class }}"
+    allowSnippetAnnotations: true
--- a/roles/local-ingress-nginx/defaults/main.yaml
+++ b/roles/local-ingress-nginx/defaults/main.yaml
@@ -1,6 +1,8 @@
 local_ingress_nginx_chart_ref: "ingress-nginx/ingress-nginx"
 local_ingress_nginx_default_values:
  controller:
+    config:
+      annotations-risk-level: Critical
    publishService:
      enabled: true
    scope:
@@ -11,3 +13,4 @@ local_ingress_nginx_default_values:
    ingressClassResource:
      name: "{{ local_ingress_class }}"
      controllerValue: "k8s.io/{{ local_ingress_class }}"
+    allowSnippetAnnotations: true
--- a/roles/nextcloud/defaults/main.yaml
+++ b/roles/nextcloud/defaults/main.yaml
@@ -16,8 +16,8 @@ nextcloud_default_values:
      nginx.ingress.kubernetes.io/server-snippet: |-
        server_tokens off;
        proxy_hide_header X-Powered-By;
-  
-        rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
+        rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger last;
+        rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo last;
        rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
        rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
        location = /.well-known/carddav {
@@ -48,9 +48,7 @@ nextcloud_default_values:
    host: "{{ nextcloud_short_name }}.{{ domain }}"
    username: admin
    password: "{{ nextcloud_admin_pass | default(nextcloud_admin_password) }}"
-    update: 0
-    datadir: /var/www/html/data
-    tableprefix:
+    trustedDomains: ["{{ nextcloud_short_name }}.{{ domain }}"]
    mail:
      enabled: true
      fromAddress: nextcloud
@@ -112,23 +110,14 @@ nextcloud_default_values:
    database: nextcloud
    user: "{{ nextcloud_db_username }}"
    password: "{{ nextcloud_db_password }}"
-
  ## Cronjob to execute Nextcloud background tasks
  ## ref: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/background_jobs_configuration.html#cron-jobs
  ##
  cronjob:
    enabled: true
-    schedule: "*/5 * * * *"
-    annotations: {}
-    # Set curl's insecure option if you use e.g. self-signed certificates
-    curlInsecure: false
-    failedJobsHistoryLimit: 1
-    successfulJobsHistoryLimit: 1
-  service:
-    type: ClusterIP
-    port: 8080
-    loadBalancerIP: nil
-
+  ## Enable persistence using Persistent Volume Claims
+  ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
+  ##
  persistence:
    # Nextcloud Data (/var/www/html)
    enabled: true
Author	SHA1	Message	Date
ace	0fe80007e3	mastodon: bump to v4.5.3, helm chart 6.6.3 nextcloud: bump to v32.0.3, helm chart v8.7.0	2026-01-05 17:43:16 +03:00
ace	6321d89bcd	nextcloud: add support for latest nextcloud helm chart 8.7.0 values	2026-01-05 17:42:48 +03:00
ace	bdbdab8383	add annotations-risk-level: Critical and use allowSnippetAnnotations	2026-01-05 17:42:37 +03:00