diff --git a/nextcloud/main.yaml b/nextcloud/main.yaml
index 8bdfd83..404f995 100644
--- a/nextcloud/main.yaml
+++ b/nextcloud/main.yaml
@@ -15,6 +15,187 @@ metadata:
name: nextcloud-collabora
---
apiVersion: v1
+data:
+ .htaccess: |-
+ # line below if for Apache 2.4
+
+ Require all denied
+
+ # line below if for Apache 2.2
+
+ deny from all
+
+ # section for Apache 2.2 and 2.4
+
+ IndexIgnore *
+
+ apache-pretty-urls.config.php: |-
+ '/',
+ );
+ apcu.config.php: |-
+ '\OC\Memcache\APCu',
+ );
+ apps.config.php: |-
+ array (
+ 0 => array (
+ 'path' => OC::$SERVERROOT.'/apps',
+ 'url' => '/apps',
+ 'writable' => false,
+ ),
+ 1 => array (
+ 'path' => OC::$SERVERROOT.'/custom_apps',
+ 'url' => '/custom_apps',
+ 'writable' => true,
+ ),
+ ),
+ );
+ autoconfig.php: |-
+ 'oc_',
+ 'instanceid' => 'ocb8bvdm3qvt',
+ 'passwordsalt' => '5nGOEkkEwGE+suDFOxm/yp0Sw1XHhq',
+ 'secret' => 'ttxARk+gXNdBBBO3AsH5Na2MPU9uy0UHzXqAKx686ykragmC',
+ );
+ redis.config.php: |-
+ '\OC\Memcache\Redis',
+ 'memcache.locking' => '\OC\Memcache\Redis',
+ 'redis' => array(
+ 'host' => getenv('REDIS_HOST'),
+ 'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'),
+ 'dbindex' => 1,
+ ),
+ );
+
+ if (getenv('REDIS_HOST_PORT') !== false) {
+ $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
+ } elseif (getenv('REDIS_HOST')[0] != '/') {
+ $CONFIG['redis']['port'] = 6379;
+ }
+ }
+ reverse-proxy.config.php: |-
+ 'smtp',
+ 'mail_smtphost' => getenv('SMTP_HOST'),
+ 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
+ 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
+ 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || getenv('SMTP_PASSWORD_FILE')),
+ 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
+ 'mail_smtpname' => getenv('SMTP_NAME') ?: '',
+ 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
+ 'mail_domain' => getenv('MAIL_DOMAIN'),
+ );
+
+ if (getenv('SMTP_PASSWORD_FILE')) {
+ $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE')));
+ } elseif (getenv('SMTP_PASSWORD')) {
+ $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD');
+ } else {
+ $CONFIG['mail_smtppassword'] = '';
+ }
+ }
+ upgrade-disable-web.config.php: |-
+ true,
+ );
+kind: ConfigMap
+metadata:
+ labels:
+ app.kubernetes.io/instance: nextcloud
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: nextcloud
+ app.kubernetes.io/version: 32.0.0
+ helm.sh/chart: nextcloud-8.4.0
+ name: nextcloud-config
+---
+apiVersion: v1
kind: Service
metadata:
labels:
@@ -105,7 +286,7 @@ spec:
metadata:
annotations:
hooks-hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
- nextcloud-config-hash: 8266a725d5474acb6adbf9f0609a3494dc3340a3ac306db90eac9ddb1b851960
+ nextcloud-config-hash: 5681a970550c159a349016d58d80be2fe35713759754bb0dfd631f21f38ee6bc
php-config-hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
labels:
app.kubernetes.io/component: app
@@ -145,9 +326,47 @@ spec:
key: nextcloud-password
name: nextcloud
- name: NEXTCLOUD_TRUSTED_DOMAINS
- value: cloud.borninpain.de
+ value: localhost cloud.borninpain.de iam.borninpain.de
- name: NEXTCLOUD_DATA_DIR
value: /var/www/html/data
+ - name: MAIL_FROM_ADDRESS
+ value: noreply
+ - name: MAIL_DOMAIN
+ value: borninpain.de
+ - name: SMTP_SECURE
+ value: ""
+ - name: SMTP_PORT
+ value: "587"
+ - name: SMTP_AUTHTYPE
+ value: LOGIN
+ - name: SMTP_HOST
+ valueFrom:
+ secretKeyRef:
+ key: smtp-host
+ name: nextcloud
+ - name: SMTP_NAME
+ valueFrom:
+ secretKeyRef:
+ key: smtp-username
+ name: nextcloud
+ - name: SMTP_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ key: smtp-password
+ name: nextcloud
+ - name: REDIS_HOST
+ value: redis-master.redis.svc.cluster.local
+ - name: REDIS_HOST_PORT
+ value: "6379"
+ - name: REDIS_HOST_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ key: redis-pass
+ name: nextcloud
+ - name: TRUSTED_PROXIES
+ value: 172.19.0.0/16 10.0.0.0/16
+ - name: FORWARDED_FOR_HEADERS
+ value: HTTP_X_FORWARDED HTTP_FORWARDED_FOR
image: nextcloud:32.0.0-apache
imagePullPolicy: IfNotPresent
livenessProbe:
@@ -158,8 +377,8 @@ spec:
value: cloud.borninpain.de
path: /status.php
port: 80
- initialDelaySeconds: 1000
- periodSeconds: 1000
+ initialDelaySeconds: 10
+ periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
name: nextcloud
@@ -175,8 +394,8 @@ spec:
value: cloud.borninpain.de
path: /status.php
port: 80
- initialDelaySeconds: 1000
- periodSeconds: 1000
+ initialDelaySeconds: 10
+ periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
resources: {}
@@ -202,6 +421,36 @@ spec:
- mountPath: /var/www/html/themes
name: nextcloud-main
subPath: themes
+ - mountPath: /var/www/html/config/custom.php
+ name: nextcloud-config
+ subPath: custom.php
+ - mountPath: /var/www/html/config/.htaccess
+ name: nextcloud-config
+ subPath: .htaccess
+ - mountPath: /var/www/html/config/apache-pretty-urls.config.php
+ name: nextcloud-config
+ subPath: apache-pretty-urls.config.php
+ - mountPath: /var/www/html/config/apcu.config.php
+ name: nextcloud-config
+ subPath: apcu.config.php
+ - mountPath: /var/www/html/config/apps.config.php
+ name: nextcloud-config
+ subPath: apps.config.php
+ - mountPath: /var/www/html/config/autoconfig.php
+ name: nextcloud-config
+ subPath: autoconfig.php
+ - mountPath: /var/www/html/config/redis.config.php
+ name: nextcloud-config
+ subPath: redis.config.php
+ - mountPath: /var/www/html/config/reverse-proxy.config.php
+ name: nextcloud-config
+ subPath: reverse-proxy.config.php
+ - mountPath: /var/www/html/config/smtp.config.php
+ name: nextcloud-config
+ subPath: smtp.config.php
+ - mountPath: /var/www/html/config/upgrade-disable-web.config.php
+ name: nextcloud-config
+ subPath: upgrade-disable-web.config.php
- command:
- /cron.sh
env:
@@ -236,9 +485,47 @@ spec:
key: nextcloud-password
name: nextcloud
- name: NEXTCLOUD_TRUSTED_DOMAINS
- value: cloud.borninpain.de
+ value: localhost cloud.borninpain.de iam.borninpain.de
- name: NEXTCLOUD_DATA_DIR
value: /var/www/html/data
+ - name: MAIL_FROM_ADDRESS
+ value: noreply
+ - name: MAIL_DOMAIN
+ value: borninpain.de
+ - name: SMTP_SECURE
+ value: ""
+ - name: SMTP_PORT
+ value: "587"
+ - name: SMTP_AUTHTYPE
+ value: LOGIN
+ - name: SMTP_HOST
+ valueFrom:
+ secretKeyRef:
+ key: smtp-host
+ name: nextcloud
+ - name: SMTP_NAME
+ valueFrom:
+ secretKeyRef:
+ key: smtp-username
+ name: nextcloud
+ - name: SMTP_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ key: smtp-password
+ name: nextcloud
+ - name: REDIS_HOST
+ value: redis-master.redis.svc.cluster.local
+ - name: REDIS_HOST_PORT
+ value: "6379"
+ - name: REDIS_HOST_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ key: redis-pass
+ name: nextcloud
+ - name: TRUSTED_PROXIES
+ value: 172.19.0.0/16 10.0.0.0/16
+ - name: FORWARDED_FOR_HEADERS
+ value: HTTP_X_FORWARDED HTTP_FORWARDED_FOR
image: nextcloud:32.0.0-apache
imagePullPolicy: IfNotPresent
name: nextcloud-cron
@@ -265,12 +552,45 @@ spec:
- mountPath: /var/www/html/themes
name: nextcloud-main
subPath: themes
+ - mountPath: /var/www/html/config/custom.php
+ name: nextcloud-config
+ subPath: custom.php
+ - mountPath: /var/www/html/config/.htaccess
+ name: nextcloud-config
+ subPath: .htaccess
+ - mountPath: /var/www/html/config/apache-pretty-urls.config.php
+ name: nextcloud-config
+ subPath: apache-pretty-urls.config.php
+ - mountPath: /var/www/html/config/apcu.config.php
+ name: nextcloud-config
+ subPath: apcu.config.php
+ - mountPath: /var/www/html/config/apps.config.php
+ name: nextcloud-config
+ subPath: apps.config.php
+ - mountPath: /var/www/html/config/autoconfig.php
+ name: nextcloud-config
+ subPath: autoconfig.php
+ - mountPath: /var/www/html/config/redis.config.php
+ name: nextcloud-config
+ subPath: redis.config.php
+ - mountPath: /var/www/html/config/reverse-proxy.config.php
+ name: nextcloud-config
+ subPath: reverse-proxy.config.php
+ - mountPath: /var/www/html/config/smtp.config.php
+ name: nextcloud-config
+ subPath: smtp.config.php
+ - mountPath: /var/www/html/config/upgrade-disable-web.config.php
+ name: nextcloud-config
+ subPath: upgrade-disable-web.config.php
securityContext:
fsGroup: 33
volumes:
- name: nextcloud-main
persistentVolumeClaim:
claimName: nextcloud-nextcloud
+ - configMap:
+ name: nextcloud-config
+ name: nextcloud-config
---
apiVersion: apps/v1
kind: Deployment
diff --git a/nextcloud/src/values.yaml b/nextcloud/src/values.yaml
index 87dbd25..426c1fb 100644
--- a/nextcloud/src/values.yaml
+++ b/nextcloud/src/values.yaml
@@ -93,18 +93,21 @@ nextcloud:
persistence:
subPath:
# if set, we'll template this list to the NEXTCLOUD_TRUSTED_DOMAINS env var
- trustedDomains: []
+ trustedDomains:
+ - localhost
+ - cloud.borninpain.de
+ - iam.borninpain.de
## SMTP configuration
mail:
- enabled: false
+ enabled: true
# the user we send email as
- fromAddress: user
+ fromAddress: noreply
# the domain we send email from
- domain: domain.com
+ domain: borninpain.de
smtp:
- host: domain.com
- secure: ssl
- port: 465
+ host: mxe965.netcup.net
+ secure: ""
+ port: 587
authtype: LOGIN
name: user
password: pass
@@ -200,11 +203,11 @@ nextcloud:
# Reverse proxy default configuration
reverse-proxy.config.php: true
# S3 Object Storage as primary storage
- s3.config.php: true
+ s3.config.php: false
# SMTP default configuration via environment variables
smtp.config.php: true
# Swift Object Storage as primary storage
- swift.config.php: true
+ swift.config.php: false
# disables the web based updater as the default nextcloud docker image does not support it
upgrade-disable-web.config.php: true
# -- imaginary support config
@@ -212,7 +215,15 @@ nextcloud:
# Extra config files created in /var/www/html/config/
# ref: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#multiple-config-php-file
- configs: {}
+ configs:
+ custom.php: |-
+ 'oc_',
+ 'instanceid' => 'ocb8bvdm3qvt',
+ 'passwordsalt' => '5nGOEkkEwGE+suDFOxm/yp0Sw1XHhq',
+ 'secret' => 'ttxARk+gXNdBBBO3AsH5Na2MPU9uy0UHzXqAKx686ykragmC',
+ );
# For example, to enable image and text file previews:
# previews.config.php: |-
#