k8s/apps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nextcloud config

Browse Source
This commit is contained in:
Philip Haupt
2025-10-12 22:03:30 +02:00
parent 4c00c8aa58
commit c2d1117e1b
2 changed files with 353 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

334
nextcloud/main.yaml
View File

@@ -15,6 +15,187 @@ metadata:
name: nextcloud-collabora
---
apiVersion: v1
data:
.htaccess: |-
# line below if for Apache 2.4
<ifModule mod_authz_core.c>
Require all denied
</ifModule>
# line below if for Apache 2.2
<ifModule !mod_authz_core.c>
deny from all
</ifModule>
# section for Apache 2.2 and 2.4
<ifModule mod_autoindex.c>
IndexIgnore *
</ifModule>
apache-pretty-urls.config.php: |-
<?php
$CONFIG = array (
'htaccess.RewriteBase' => '/',
);
apcu.config.php: |-
<?php
$CONFIG = array (
'memcache.local' => '\OC\Memcache\APCu',
);
apps.config.php: |-
<?php
$CONFIG = array (
'apps_paths' => array (
0 => array (
'path' => OC::$SERVERROOT.'/apps',
'url' => '/apps',
'writable' => false,
),
1 => array (
'path' => OC::$SERVERROOT.'/custom_apps',
'url' => '/custom_apps',
'writable' => true,
),
),
);
autoconfig.php: |-
<?php
$autoconfig_enabled = false;
if (getenv('SQLITE_DATABASE')) {
$AUTOCONFIG["dbtype"] = "sqlite";
$AUTOCONFIG["dbname"] = getenv('SQLITE_DATABASE');
$autoconfig_enabled = true;
} elseif (getenv('MYSQL_DATABASE_FILE') && getenv('MYSQL_USER_FILE') && getenv('MYSQL_PASSWORD_FILE') && getenv('MYSQL_HOST')) {
$AUTOCONFIG['dbtype'] = 'mysql';
$AUTOCONFIG['dbname'] = trim(file_get_contents(getenv('MYSQL_DATABASE_FILE')));
$AUTOCONFIG['dbuser'] = trim(file_get_contents(getenv('MYSQL_USER_FILE')));
$AUTOCONFIG['dbpass'] = trim(file_get_contents(getenv('MYSQL_PASSWORD_FILE')));
$AUTOCONFIG['dbhost'] = getenv('MYSQL_HOST');
$autoconfig_enabled = true;
} elseif (getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) {
$AUTOCONFIG["dbtype"] = "mysql";
$AUTOCONFIG["dbname"] = getenv('MYSQL_DATABASE');
$AUTOCONFIG["dbuser"] = getenv('MYSQL_USER');
$AUTOCONFIG["dbpass"] = getenv('MYSQL_PASSWORD');
$AUTOCONFIG["dbhost"] = getenv('MYSQL_HOST');
$autoconfig_enabled = true;
} elseif (getenv('POSTGRES_DB_FILE') && getenv('POSTGRES_USER_FILE') && getenv('POSTGRES_PASSWORD_FILE') && getenv('POSTGRES_HOST')) {
$AUTOCONFIG['dbtype'] = 'pgsql';
$AUTOCONFIG['dbname'] = trim(file_get_contents(getenv('POSTGRES_DB_FILE')));
$AUTOCONFIG['dbuser'] = trim(file_get_contents(getenv('POSTGRES_USER_FILE')));
$AUTOCONFIG['dbpass'] = trim(file_get_contents(getenv('POSTGRES_PASSWORD_FILE')));
$AUTOCONFIG['dbhost'] = getenv('POSTGRES_HOST');
$autoconfig_enabled = true;
} elseif (getenv('POSTGRES_DB') && getenv('POSTGRES_USER') && getenv('POSTGRES_PASSWORD') && getenv('POSTGRES_HOST')) {
$AUTOCONFIG["dbtype"] = "pgsql";
$AUTOCONFIG["dbname"] = getenv('POSTGRES_DB');
$AUTOCONFIG["dbuser"] = getenv('POSTGRES_USER');
$AUTOCONFIG["dbpass"] = getenv('POSTGRES_PASSWORD');
$AUTOCONFIG["dbhost"] = getenv('POSTGRES_HOST');
$autoconfig_enabled = true;
}
if ($autoconfig_enabled) {
$AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
}
custom.php: |-
<?php
$CONFIG = array (
'dbtableprefix' => 'oc_',
'instanceid' => 'ocb8bvdm3qvt',
'passwordsalt' => '5nGOEkkEwGE+suDFOxm/yp0Sw1XHhq',
'secret' => 'ttxARk+gXNdBBBO3AsH5Na2MPU9uy0UHzXqAKx686ykragmC',
);
redis.config.php: |-
<?php
if (getenv('REDIS_HOST')) {
$CONFIG = array(
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => getenv('REDIS_HOST'),
'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'),
'dbindex' => 1,
),
);
if (getenv('REDIS_HOST_PORT') !== false) {
$CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
} elseif (getenv('REDIS_HOST')[0] != '/') {
$CONFIG['redis']['port'] = 6379;
}
}
reverse-proxy.config.php: |-
<?php
$overwriteHost = getenv('OVERWRITEHOST');
if ($overwriteHost) {
$CONFIG['overwritehost'] = $overwriteHost;
}
$overwriteProtocol = getenv('OVERWRITEPROTOCOL');
if ($overwriteProtocol) {
$CONFIG['overwriteprotocol'] = $overwriteProtocol;
}
$overwriteCliUrl = getenv('OVERWRITECLIURL');
if ($overwriteCliUrl) {
$CONFIG['overwrite.cli.url'] = $overwriteCliUrl;
}
$overwriteWebRoot = getenv('OVERWRITEWEBROOT');
if ($overwriteWebRoot) {
$CONFIG['overwritewebroot'] = $overwriteWebRoot;
}
$overwriteCondAddr = getenv('OVERWRITECONDADDR');
if ($overwriteCondAddr) {
$CONFIG['overwritecondaddr'] = $overwriteCondAddr;
}
$trustedProxies = getenv('TRUSTED_PROXIES');
if ($trustedProxies) {
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
}
$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
if ($forwardedForHeaders) {
$CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
}
smtp.config.php: |-
<?php
if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) {
$CONFIG = array (
'mail_smtpmode' => 'smtp',
'mail_smtphost' => getenv('SMTP_HOST'),
'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || getenv('SMTP_PASSWORD_FILE')),
'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
'mail_smtpname' => getenv('SMTP_NAME') ?: '',
'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
'mail_domain' => getenv('MAIL_DOMAIN'),
);
if (getenv('SMTP_PASSWORD_FILE')) {
$CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE')));
} elseif (getenv('SMTP_PASSWORD')) {
$CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD');
} else {
$CONFIG['mail_smtppassword'] = '';
}
}
upgrade-disable-web.config.php: |-
<?php
$CONFIG = array (
'upgrade.disable-web' => true,
);
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: nextcloud
app.kubernetes.io/version: 32.0.0
helm.sh/chart: nextcloud-8.4.0
name: nextcloud-config
---
apiVersion: v1
kind: Service
metadata:
labels:
@@ -105,7 +286,7 @@ spec:
metadata:
annotations:
hooks-hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
nextcloud-config-hash: 8266a725d5474acb6adbf9f0609a3494dc3340a3ac306db90eac9ddb1b851960
nextcloud-config-hash: 5681a970550c159a349016d58d80be2fe35713759754bb0dfd631f21f38ee6bc
php-config-hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
labels:
app.kubernetes.io/component: app
@@ -145,9 +326,47 @@ spec:
key: nextcloud-password
name: nextcloud
- name: NEXTCLOUD_TRUSTED_DOMAINS
value: cloud.borninpain.de
value: localhost cloud.borninpain.de iam.borninpain.de
- name: NEXTCLOUD_DATA_DIR
value: /var/www/html/data
- name: MAIL_FROM_ADDRESS
value: noreply
- name: MAIL_DOMAIN
value: borninpain.de
- name: SMTP_SECURE
value: ""
- name: SMTP_PORT
value: "587"
- name: SMTP_AUTHTYPE
value: LOGIN
- name: SMTP_HOST
valueFrom:
secretKeyRef:
key: smtp-host
name: nextcloud
- name: SMTP_NAME
valueFrom:
secretKeyRef:
key: smtp-username
name: nextcloud
- name: SMTP_PASSWORD
valueFrom:
secretKeyRef:
key: smtp-password
name: nextcloud
- name: REDIS_HOST
value: redis-master.redis.svc.cluster.local
- name: REDIS_HOST_PORT
value: "6379"
- name: REDIS_HOST_PASSWORD
valueFrom:
secretKeyRef:
key: redis-pass
name: nextcloud
- name: TRUSTED_PROXIES
value: 172.19.0.0/16 10.0.0.0/16
- name: FORWARDED_FOR_HEADERS
value: HTTP_X_FORWARDED HTTP_FORWARDED_FOR
image: nextcloud:32.0.0-apache
imagePullPolicy: IfNotPresent
livenessProbe:
@@ -158,8 +377,8 @@ spec:
value: cloud.borninpain.de
path: /status.php
port: 80
initialDelaySeconds: 1000
periodSeconds: 1000
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
name: nextcloud
@@ -175,8 +394,8 @@ spec:
value: cloud.borninpain.de
path: /status.php
port: 80
initialDelaySeconds: 1000
periodSeconds: 1000
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
resources: {}
@@ -202,6 +421,36 @@ spec:
- mountPath: /var/www/html/themes
name: nextcloud-main
subPath: themes
- mountPath: /var/www/html/config/custom.php
name: nextcloud-config
subPath: custom.php
- mountPath: /var/www/html/config/.htaccess
name: nextcloud-config
subPath: .htaccess
- mountPath: /var/www/html/config/apache-pretty-urls.config.php
name: nextcloud-config
subPath: apache-pretty-urls.config.php
- mountPath: /var/www/html/config/apcu.config.php
name: nextcloud-config
subPath: apcu.config.php
- mountPath: /var/www/html/config/apps.config.php
name: nextcloud-config
subPath: apps.config.php
- mountPath: /var/www/html/config/autoconfig.php
name: nextcloud-config
subPath: autoconfig.php
- mountPath: /var/www/html/config/redis.config.php
name: nextcloud-config
subPath: redis.config.php
- mountPath: /var/www/html/config/reverse-proxy.config.php
name: nextcloud-config
subPath: reverse-proxy.config.php
- mountPath: /var/www/html/config/smtp.config.php
name: nextcloud-config
subPath: smtp.config.php
- mountPath: /var/www/html/config/upgrade-disable-web.config.php
name: nextcloud-config
subPath: upgrade-disable-web.config.php
- command:
- /cron.sh
env:
@@ -236,9 +485,47 @@ spec:
key: nextcloud-password
name: nextcloud
- name: NEXTCLOUD_TRUSTED_DOMAINS
value: cloud.borninpain.de
value: localhost cloud.borninpain.de iam.borninpain.de
- name: NEXTCLOUD_DATA_DIR
value: /var/www/html/data
- name: MAIL_FROM_ADDRESS
value: noreply
- name: MAIL_DOMAIN
value: borninpain.de
- name: SMTP_SECURE
value: ""
- name: SMTP_PORT
value: "587"
- name: SMTP_AUTHTYPE
value: LOGIN
- name: SMTP_HOST
valueFrom:
secretKeyRef:
key: smtp-host
name: nextcloud
- name: SMTP_NAME
valueFrom:
secretKeyRef:
key: smtp-username
name: nextcloud
- name: SMTP_PASSWORD
valueFrom:
secretKeyRef:
key: smtp-password
name: nextcloud
- name: REDIS_HOST
value: redis-master.redis.svc.cluster.local
- name: REDIS_HOST_PORT
value: "6379"
- name: REDIS_HOST_PASSWORD
valueFrom:
secretKeyRef:
key: redis-pass
name: nextcloud
- name: TRUSTED_PROXIES
value: 172.19.0.0/16 10.0.0.0/16
- name: FORWARDED_FOR_HEADERS
value: HTTP_X_FORWARDED HTTP_FORWARDED_FOR
image: nextcloud:32.0.0-apache
imagePullPolicy: IfNotPresent
name: nextcloud-cron
@@ -265,12 +552,45 @@ spec:
- mountPath: /var/www/html/themes
name: nextcloud-main
subPath: themes
- mountPath: /var/www/html/config/custom.php
name: nextcloud-config
subPath: custom.php
- mountPath: /var/www/html/config/.htaccess
name: nextcloud-config
subPath: .htaccess
- mountPath: /var/www/html/config/apache-pretty-urls.config.php
name: nextcloud-config
subPath: apache-pretty-urls.config.php
- mountPath: /var/www/html/config/apcu.config.php
name: nextcloud-config
subPath: apcu.config.php
- mountPath: /var/www/html/config/apps.config.php
name: nextcloud-config
subPath: apps.config.php
- mountPath: /var/www/html/config/autoconfig.php
name: nextcloud-config
subPath: autoconfig.php
- mountPath: /var/www/html/config/redis.config.php
name: nextcloud-config
subPath: redis.config.php
- mountPath: /var/www/html/config/reverse-proxy.config.php
name: nextcloud-config
subPath: reverse-proxy.config.php
- mountPath: /var/www/html/config/smtp.config.php
name: nextcloud-config
subPath: smtp.config.php
- mountPath: /var/www/html/config/upgrade-disable-web.config.php
name: nextcloud-config
subPath: upgrade-disable-web.config.php
securityContext:
fsGroup: 33
volumes:
- name: nextcloud-main
persistentVolumeClaim:
claimName: nextcloud-nextcloud
- configMap:
name: nextcloud-config
name: nextcloud-config
---
apiVersion: apps/v1
kind: Deployment

37
nextcloud/src/values.yaml
View File

@@ -93,18 +93,21 @@ nextcloud:
persistence:
subPath:
# if set, we'll template this list to the NEXTCLOUD_TRUSTED_DOMAINS env var
trustedDomains: []
trustedDomains:
- localhost
- cloud.borninpain.de
- iam.borninpain.de
## SMTP configuration
mail:
enabled: false
enabled: true
# the user we send email as
fromAddress: user
fromAddress: noreply
# the domain we send email from
domain: domain.com
domain: borninpain.de
smtp:
host: domain.com
secure: ssl
port: 465
host: mxe965.netcup.net
secure: ""
port: 587
authtype: LOGIN
name: user
password: pass
@@ -200,11 +203,11 @@ nextcloud:
# Reverse proxy default configuration
reverse-proxy.config.php: true
# S3 Object Storage as primary storage
s3.config.php: true
s3.config.php: false
# SMTP default configuration via environment variables
smtp.config.php: true
# Swift Object Storage as primary storage
swift.config.php: true
swift.config.php: false
# disables the web based updater as the default nextcloud docker image does not support it
upgrade-disable-web.config.php: true
# -- imaginary support config
@@ -212,7 +215,15 @@ nextcloud:
# Extra config files created in /var/www/html/config/
# ref: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#multiple-config-php-file
configs: {}
configs:
custom.php: |-
<?php
$CONFIG = array (
'dbtableprefix' => 'oc_',
'instanceid' => 'ocb8bvdm3qvt',
'passwordsalt' => '5nGOEkkEwGE+suDFOxm/yp0Sw1XHhq',
'secret' => 'ttxARk+gXNdBBBO3AsH5Na2MPU9uy0UHzXqAKx686ykragmC',
);
# For example, to enable image and text file previews:
# previews.config.php: |-
# <?php
@@ -256,6 +267,10 @@ nextcloud:
##
## Extra environment variables
extraEnv:
- name: TRUSTED_PROXIES
value: "172.19.0.0/16 10.0.0.0/16"
- name: FORWARDED_FOR_HEADERS
value: "HTTP_X_FORWARDED HTTP_FORWARDED_FOR"
# - name: SOME_SECRET_ENV
# valueFrom:
# secretKeyRef:
@@ -487,7 +502,7 @@ postgresql:
## External Redis configuration
##
externalRedis:
enabled: false
enabled: true
## Redis host
host: redis-master.redis.svc.cluster.local