nextcloud_enabled: true nextcloud_publish: false nextcloud_use_external_db: true nextcloud_short_name: "nextcloud" nextcloud_default_values: ingress: enabled: true className: "{{ external_ingress_class if nextcloud_publish else internal_ingress_class }}" annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/proxy-send-timeout: "600" kubernetes.io/tls-acme: "true" nginx.ingress.kubernetes.io/server-snippet: |- server_tokens off; proxy_hide_header X-Powered-By; rewrite ^/.well-known/webfinger /public.php?service=webfinger last; rewrite ^/.well-known/host-meta /public.php?service=host-meta last; rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json; location = /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; } location = /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; } location = /robots.txt { allow all; log_not_found off; access_log off; } location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { deny all; } location ~ ^/(?:autotest|occ|issue|indie|db_|console) { deny all; } tls: - secretName: "{{ nextcloud_short_name }}.{{ domain }}-tls" hosts: - "{{ nextcloud_short_name }}.{{ domain }}" phpClientHttpsFix: enabled: true protocol: https nextcloud: host: "{{ nextcloud_short_name }}.{{ domain }}" username: admin password: "{{ nextcloud_admin_pass | default(nextcloud_admin_password) }}" update: 0 datadir: /var/www/html/data tableprefix: mail: enabled: true fromAddress: nextcloud domain: "{{ mail_domain | default(domain) }}" smtp: host: "{{ mail_short_name | default('mail') }}.{{ mail_domain | default(domain) }}" secure: ssl port: 465 authtype: LOGIN name: "{{ nexcloud_mail_user | default('nextcloud') }}" password: "{{ nextcloud_mail_pass | default(nextcloud_mail_password) }}" # Extra config files created in /var/www/html/config/ # ref: https://docs.nextcloud.com/server/15/admin_manual/configuration_server/config_sample_php_parameters.html#multiple-config-php-file configs: mail.fix.config.php: |- 60, ); fix.config.php: |- ['{{ web_proxy_internal_ip }}'], 'overwriteprotocol' => 'https', 'overwrite.cli.url' => 'https://{{ nextcloud_short_name }}.{{ domain }}', 'mail_smtpstreamoptions' => array ( 'ssl' => array ( 'allow_self_signed' => true, 'verify_peer' => false, 'verify_peer_name' => false, ), ), ); strategy: type: RollingUpdate internalDatabase: enabled: false name: nextcloud # Disable Mariadb setup mariadb: enabled: false # Enable Redis redis: architecture: standalone enabled: true auth: enabled: true password: "{{ nextcloud_db_password | hash('md5') }}" ## External database configuration externalDatabase: enabled: true ## Supported database engines: mysql or postgresql type: postgresql ## Database host host: "{{ namespace }}-postgres.{{ postgres_db_namespace | default(namespace) }}.svc.cluster.local" ## Database name database: nextcloud user: "{{ nextcloud_db_username }}" password: "{{ nextcloud_db_password }}" ## Cronjob to execute Nextcloud background tasks ## ref: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/background_jobs_configuration.html#cron-jobs ## cronjob: enabled: true schedule: "*/5 * * * *" annotations: {} # Set curl's insecure option if you use e.g. self-signed certificates curlInsecure: false failedJobsHistoryLimit: 1 successfulJobsHistoryLimit: 1 service: type: ClusterIP port: 8080 loadBalancerIP: nil persistence: # Nextcloud Data (/var/www/html) enabled: true storageClass: "{{ nextcloud_storage | default('nfs-ssd') }}" accessMode: "{{ nextcloud_storage_mode | default('ReadWriteMany') }}" size: "{{ nextcloud_size | default('100Gi') }}"