ansible/roles/nextcloud/defaults/main.yaml
2021-02-12 17:06:25 +03:00

133 lines
4.4 KiB
YAML

nextcloud_enabled: true
nextcloud_publish: false
nextcloud_use_external_db: true
nextcloud_short_name: "nextcloud"
nextcloud_default_values:
ingress:
enabled: true
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
kubernetes.io/ingress.class: "{{ external_ingress_class if nextcloud_publish else internal_ingress_class }}"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/server-snippet: |-
server_tokens off;
proxy_hide_header X-Powered-By;
rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
deny all;
}
tls:
- secretName: "{{ nextcloud_short_name }}.{{ domain }}-tls"
hosts:
- "{{ nextcloud_short_name }}.{{ domain }}"
nextcloud:
host: "{{ nextcloud_short_name }}.{{ domain }}"
username: admin
password: "{{ nextcloud_pass | default(nextcloud_password) }}"
update: 0
datadir: /var/www/html/data
tableprefix:
mail:
enabled: true
fromAddress: nextcloud
domain: "{{ mail_domain | default(domain) }}"
smtp:
host: "{{ mail_short_name | default('mail') }}.{{ mail_domain | default(domain) }}"
secure: ssl
port: 465
authtype: LOGIN
name: "{{ nexcloud_mail_user | default('nextcloud') }}"
password: "{{ nextcloud_mail_pass | default(nextcloud_mail_password) }}"
# Extra config files created in /var/www/html/config/
# ref: https://docs.nextcloud.com/server/15/admin_manual/configuration_server/config_sample_php_parameters.html#multiple-config-php-file
configs:
mail.fix.config.php: |-
<?php
$CONFIG = array (
"mail_smtptimeout" => 60,
);
fix.config.php: |-
<?php
$CONFIG = array (
'trusted_proxies' => ['{{ web_proxy_internal_ip }}'],
'overwriteprotocol' => 'https',
'overwrite.cli.url' => 'https://{{ nextcloud_short_name }}.{{ domain }}',
'mail_smtpstreamoptions' =>
array (
'ssl' =>
array (
'allow_self_signed' => true,
'verify_peer' => false,
'verify_peer_name' => false,
),
),
);
strategy:
type: RollingUpdate
internalDatabase:
enabled: false
name: nextcloud
# Disable Mariadb setup
mariadb:
enabled: false
# Enable Redis
redis:
enabled: true
usePassword: false
cluster:
enabled: false
## External database configuration
externalDatabase:
enabled: true
## Supported database engines: mysql or postgresql
type: postgresql
## Database host
host: "{{ namespace }}-postgres.{{ postgres_db_namespace | default(namespace) }}.svc.cluster.local"
## Database name
database: nextcloud
user: "{{ nextcloud_db_username }}"
password: "{{ nextcloud_db_password }}"
## Cronjob to execute Nextcloud background tasks
## ref: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/background_jobs_configuration.html#cron-jobs
##
cronjob:
enabled: true
schedule: "*/5 * * * *"
annotations: {}
# Set curl's insecure option if you use e.g. self-signed certificates
curlInsecure: false
failedJobsHistoryLimit: 1
successfulJobsHistoryLimit: 1
service:
type: ClusterIP
port: 8080
loadBalancerIP: nil
persistence:
# Nextcloud Data (/var/www/html)
enabled: true
storageClass: "{{ nextcloud_storage | default('nfs-ssd') }}"
accessMode: "{{ nextcloud_storage_mode | default('ReadWriteMany') }}"
size: "{{ nextcloud_size | default('100Gi') }}"