ansible/roles/nextcloud/defaults/main.yaml

164 lines
5.5 KiB
YAML

nextcloud_enabled: true
nextcloud_publish: false
nextcloud_use_external_db: true
nextcloud_short_name: "nextcloud"
nextcloud_default_values:
image:
repository: nextcloud
tag: 20.0-apache
pullPolicy: Always
replicaCount: 1
ingress:
enabled: true
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
cert-manager.io/acme-dns01-provider: "rfc2136"
cert-manager.io/acme-challenge-type: "dns01"
kubernetes.io/ingress.class: "{{ external_ingress_class if nextcloud_publish else internal_ingress_class }}"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/server-snippet: |-
server_tokens off;
proxy_hide_header X-Powered-By;
rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
deny all;
}
tls:
- secretName: "{{ nextcloud_short_name }}.{{ domain }}-tls"
hosts:
- "{{ nextcloud_short_name }}.{{ domain }}"
nextcloud:
host: "{{ nextcloud_short_name }}.{{ domain }}"
username: admin
password: "{{ nextcloud_pass | default(nextcloud_password) }}"
update: 0
datadir: /var/www/html/data
tableprefix:
mail:
enabled: true
fromAddress: nextcloud
domain: "{{ mail_domain | default(domain) }}"
smtp:
host: "{{ mail_short_name | default('mail') }}.{{ mail_domain | default(domain) }}"
secure: ssl
port: 465
authtype: LOGIN
name: "{{ nexcloud_mail_user | default('nextcloud') }}"
password: "{{ nextcloud_mail_pass | default(nextcloud_mail_password) }}"
# PHP Configuration files
# Will be injected in /usr/local/etc/php/conf.d
phpConfigs: {}
# Default config files
# IMPORTANT: Will be used only if you put extra configs, otherwise default will come from nextcloud itself
# Default confgurations can be found here: https://github.com/nextcloud/docker/tree/master/16.0/apache/config
defaultConfigs:
# To protect /var/www/html/config
.htaccess: true
# Redis default configuration
redis.config.php: false
# Apache configuration for rewrite urls
apache-pretty-urls.config.php: true
# Define APCu as local cache
apcu.config.php: true
# Apps directory configs
apps.config.php: true
# Used for auto configure database
autoconfig.php: true
# SMTP default configuration
smtp.config.php: true
# Extra config files created in /var/www/html/config/
# ref: https://docs.nextcloud.com/server/15/admin_manual/configuration_server/config_sample_php_parameters.html#multiple-config-php-file
configs:
mail.fix.config.php: |-
<?php
$CONFIG = array (
"mail_smtptimeout" => 60,
);
fix.config.php: |-
<?php
$CONFIG = array (
'trusted_proxies' => ['{{ web_proxy_internal_ip }}'],
'overwriteprotocol' => 'https',
'overwrite.cli.url' => 'https://{{ nextcloud_short_name }}.{{ domain }}',
'mail_smtpstreamoptions' =>
array (
'ssl' =>
array (
'allow_self_signed' => true,
'verify_peer' => false,
'verify_peer_name' => false,
),
),
);
strategy:
type: RollingUpdate
internalDatabase:
enabled: false
name: nextcloud
# Disable Mariadb setup
mariadb:
enabled: false
# Enable Redis
redis:
enabled: false
cluster:
enabled: false
## External database configuration
externalDatabase:
enabled: true
## Supported database engines: mysql or postgresql
type: postgresql
## Database host
host: "{{ namespace }}-postgres.{{ postgres_db_namespace | default(namespace) }}.svc.cluster.local"
## Database name
database: nextcloud
user: "{{ nextcloud_db_username }}"
password: "{{ nextcloud_db_password }}"
## Cronjob to execute Nextcloud background tasks
## ref: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/background_jobs_configuration.html#cron-jobs
##
cronjob:
enabled: true
# Nexcloud image is used as default but only curl is needed
image:
repository: nextcloud
tag: 20.0-apache
schedule: "*/5 * * * *"
annotations: {}
# Set curl's insecure option if you use e.g. self-signed certificates
curlInsecure: false
failedJobsHistoryLimit: 1
successfulJobsHistoryLimit: 1
service:
type: ClusterIP
port: 8080
loadBalancerIP: nil
persistence:
# Nextcloud Data (/var/www/html)
enabled: true
storageClass: "{{ nextcloud_storage | default('nfs-ssd') }}"
accessMode: "{{ nextcloud_storage_mode | default('ReadWriteMany') }}"
size: "{{ nextcloud_size | default('100Gi') }}"