From e479fac8ede590c1fb0c5c30516858eac92f0243 Mon Sep 17 00:00:00 2001
From: Philip Haupt <“der.mad.mob@gmail.com”>
Date: Sun, 7 Dec 2025 19:08:33 +0100
Subject: [PATCH] nextcloud update

---
 nextcloud/main.yaml              |  71 ++++++++++++----------
 nextcloud/src/kustomization.yaml |   2 +-
 nextcloud/src/values.yaml        | 100 ++++++++++++++++++++++++-------
 3 files changed, 119 insertions(+), 54 deletions(-)

diff --git a/nextcloud/main.yaml b/nextcloud/main.yaml
index 866f89c..e223636 100644
--- a/nextcloud/main.yaml
+++ b/nextcloud/main.yaml
@@ -5,13 +5,13 @@ data:
 kind: ConfigMap
 metadata:
   annotations:
-    confighash: config-a0251c3c8340b1da71056e3746336992
+    confighash: config-ee2a94eb116f9a5697cf094b9203352a
   labels:
     app.kubernetes.io/instance: nextcloud
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: collabora
-    app.kubernetes.io/version: 24.04.5.2.1
-    helm.sh/chart: collabora-1.1.20
+    app.kubernetes.io/version: 25.04.7.2.1
+    helm.sh/chart: collabora-1.1.53
   name: nextcloud-collabora
 ---
 apiVersion: v1
@@ -57,10 +57,12 @@ data:
     );
   autoconfig.php: |-
     <?php
+
     $autoconfig_enabled = false;
+
     if (getenv('SQLITE_DATABASE')) {
-        $AUTOCONFIG["dbtype"] = "sqlite";
-        $AUTOCONFIG["dbname"] = getenv('SQLITE_DATABASE');
+        $AUTOCONFIG['dbtype'] = 'sqlite';
+        $AUTOCONFIG['dbname'] = getenv('SQLITE_DATABASE');
         $autoconfig_enabled = true;
     } elseif (getenv('MYSQL_DATABASE_FILE') && getenv('MYSQL_USER_FILE') && getenv('MYSQL_PASSWORD_FILE') && getenv('MYSQL_HOST')) {
         $AUTOCONFIG['dbtype'] = 'mysql';
@@ -70,11 +72,11 @@ data:
         $AUTOCONFIG['dbhost'] = getenv('MYSQL_HOST');
         $autoconfig_enabled = true;
     } elseif (getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) {
-        $AUTOCONFIG["dbtype"] = "mysql";
-        $AUTOCONFIG["dbname"] = getenv('MYSQL_DATABASE');
-        $AUTOCONFIG["dbuser"] = getenv('MYSQL_USER');
-        $AUTOCONFIG["dbpass"] = getenv('MYSQL_PASSWORD');
-        $AUTOCONFIG["dbhost"] = getenv('MYSQL_HOST');
+        $AUTOCONFIG['dbtype'] = 'mysql';
+        $AUTOCONFIG['dbname'] = getenv('MYSQL_DATABASE');
+        $AUTOCONFIG['dbuser'] = getenv('MYSQL_USER');
+        $AUTOCONFIG['dbpass'] = getenv('MYSQL_PASSWORD');
+        $AUTOCONFIG['dbhost'] = getenv('MYSQL_HOST');
         $autoconfig_enabled = true;
     } elseif (getenv('POSTGRES_DB_FILE') && getenv('POSTGRES_USER_FILE') && getenv('POSTGRES_PASSWORD_FILE') && getenv('POSTGRES_HOST')) {
         $AUTOCONFIG['dbtype'] = 'pgsql';
@@ -84,15 +86,16 @@ data:
         $AUTOCONFIG['dbhost'] = getenv('POSTGRES_HOST');
         $autoconfig_enabled = true;
     } elseif (getenv('POSTGRES_DB') && getenv('POSTGRES_USER') && getenv('POSTGRES_PASSWORD') && getenv('POSTGRES_HOST')) {
-        $AUTOCONFIG["dbtype"] = "pgsql";
-        $AUTOCONFIG["dbname"] = getenv('POSTGRES_DB');
-        $AUTOCONFIG["dbuser"] = getenv('POSTGRES_USER');
-        $AUTOCONFIG["dbpass"] = getenv('POSTGRES_PASSWORD');
-        $AUTOCONFIG["dbhost"] = getenv('POSTGRES_HOST');
+        $AUTOCONFIG['dbtype'] = 'pgsql';
+        $AUTOCONFIG['dbname'] = getenv('POSTGRES_DB');
+        $AUTOCONFIG['dbuser'] = getenv('POSTGRES_USER');
+        $AUTOCONFIG['dbpass'] = getenv('POSTGRES_PASSWORD');
+        $AUTOCONFIG['dbhost'] = getenv('POSTGRES_HOST');
         $autoconfig_enabled = true;
     }
+
     if ($autoconfig_enabled) {
-        $AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
+        $AUTOCONFIG['directory'] = getenv('NEXTCLOUD_DATA_DIR') ?: '/var/www/html/data';
     }
   custom.config.php: |-
     <?php
@@ -117,6 +120,10 @@ data:
       } elseif (getenv('REDIS_HOST')[0] != '/') {
         $CONFIG['redis']['port'] = 6379;
       }
+
+      if (getenv('REDIS_HOST_USER') !== false) {
+        $CONFIG['redis']['user'] = (string) getenv('REDIS_HOST_USER');
+      }
     }
   reverse-proxy.config.php: |-
     <?php
@@ -188,8 +195,8 @@ metadata:
     app.kubernetes.io/instance: nextcloud
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: nextcloud
-    app.kubernetes.io/version: 32.0.1
-    helm.sh/chart: nextcloud-8.5.2
+    app.kubernetes.io/version: 32.0.2
+    helm.sh/chart: nextcloud-8.6.0
   name: nextcloud-config
 ---
 apiVersion: v1
@@ -200,8 +207,8 @@ metadata:
     app.kubernetes.io/instance: nextcloud
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: nextcloud
-    app.kubernetes.io/version: 32.0.1
-    helm.sh/chart: nextcloud-8.5.2
+    app.kubernetes.io/version: 32.0.2
+    helm.sh/chart: nextcloud-8.6.0
   name: nextcloud
 spec:
   ports:
@@ -222,8 +229,8 @@ metadata:
     app.kubernetes.io/instance: nextcloud
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: collabora
-    app.kubernetes.io/version: 24.04.5.2.1
-    helm.sh/chart: collabora-1.1.20
+    app.kubernetes.io/version: 25.04.7.2.1
+    helm.sh/chart: collabora-1.1.53
     type: main
   name: nextcloud-collabora
 spec:
@@ -248,8 +255,8 @@ metadata:
     app.kubernetes.io/instance: nextcloud
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: nextcloud
-    app.kubernetes.io/version: 32.0.1
-    helm.sh/chart: nextcloud-8.5.2
+    app.kubernetes.io/version: 32.0.2
+    helm.sh/chart: nextcloud-8.6.0
   name: nextcloud-nextcloud
 spec:
   accessModes:
@@ -267,8 +274,8 @@ metadata:
     app.kubernetes.io/instance: nextcloud
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: nextcloud
-    app.kubernetes.io/version: 32.0.1
-    helm.sh/chart: nextcloud-8.5.2
+    app.kubernetes.io/version: 32.0.2
+    helm.sh/chart: nextcloud-8.6.0
   name: nextcloud
 spec:
   replicas: 1
@@ -364,7 +371,7 @@ spec:
           value: 172.19.0.0/16 10.0.0.0/16
         - name: FORWARDED_FOR_HEADERS
           value: HTTP_X_FORWARDED HTTP_FORWARDED_FOR
-        image: nextcloud:32.0.1-apache
+        image: docker.io/library/nextcloud:32.0.2-apache
         imagePullPolicy: IfNotPresent
         livenessProbe:
           failureThreshold: 3
@@ -523,7 +530,7 @@ spec:
           value: 172.19.0.0/16 10.0.0.0/16
         - name: FORWARDED_FOR_HEADERS
           value: HTTP_X_FORWARDED HTTP_FORWARDED_FOR
-        image: nextcloud:32.0.1-apache
+        image: docker.io/library/nextcloud:32.0.2-apache
         imagePullPolicy: IfNotPresent
         name: nextcloud-cron
         resources: {}
@@ -596,8 +603,8 @@ metadata:
     app.kubernetes.io/instance: nextcloud
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: collabora
-    app.kubernetes.io/version: 24.04.5.2.1
-    helm.sh/chart: collabora-1.1.20
+    app.kubernetes.io/version: 25.04.7.2.1
+    helm.sh/chart: collabora-1.1.53
   name: nextcloud-collabora
 spec:
   minReadySeconds: 0
@@ -616,7 +623,7 @@ spec:
     metadata:
       annotations:
         cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
-        confighash: config-a0251c3c8340b1da71056e3746336992
+        confighash: config-ee2a94eb116f9a5697cf094b9203352a
       labels:
         app.kubernetes.io/instance: nextcloud
         app.kubernetes.io/name: collabora
@@ -637,7 +644,7 @@ spec:
         envFrom:
         - configMapRef:
             name: nextcloud-collabora
-        image: collabora/code:24.04.5.2.1
+        image: collabora/code:25.04.7.2.1
         imagePullPolicy: IfNotPresent
         livenessProbe:
           failureThreshold: 4
diff --git a/nextcloud/src/kustomization.yaml b/nextcloud/src/kustomization.yaml
index fd35777..e1e7339 100644
--- a/nextcloud/src/kustomization.yaml
+++ b/nextcloud/src/kustomization.yaml
@@ -5,7 +5,7 @@ kind: Kustomization
 helmCharts:
   - name: nextcloud
     repo: https://nextcloud.github.io/helm/
-    version: 8.5.2
+    version: 8.6.0
     releaseName: nextcloud
     includeCRDs: true
     namespace: nextcloud
diff --git a/nextcloud/src/values.yaml b/nextcloud/src/values.yaml
index 6ba5b8a..91e85f6 100644
--- a/nextcloud/src/values.yaml
+++ b/nextcloud/src/values.yaml
@@ -1,7 +1,17 @@
+global:
+  image:
+   # -- if set it will overwrite all registry entries
+    registry:
+
+  security:
+    # required for bitnamilegacy repos
+    allowInsecureImages: true
+
 ## ref: https://hub.docker.com/r/library/nextcloud/tags/
 ##
 image:
-  repository: nextcloud
+  registry: docker.io
+  repository: library/nextcloud
   flavor: apache
   # default is generated by flavor and appVersion
   tag:
@@ -330,6 +340,10 @@ nextcloud:
     # Set postgresql initContainer securityContext parameters. For example, you may need to define runAsNonRoot directive
     securityContext: {}
 
+  # -- priority class for nextcloud.
+  # Overrides .Values.priorityClassName
+  priorityClassName: ""
+
 nginx:
   ## You need to set an fpm version of the image for nextcloud if you want to use nginx!
   enabled: false
@@ -425,11 +439,6 @@ externalDatabase:
     hostKey: host
     databaseKey: dbname
 
-global:
-  security:
-    # required for bitnamilegacy repos
-    allowInsecureImages: true
-
 ##
 ## MariaDB chart configuration
 ## ref: https://github.com/bitnami/charts/tree/main/bitnami/mariadb
@@ -441,6 +450,7 @@ mariadb:
   enabled: false
 
   image:
+    registry: docker.io
     repository: bitnamilegacy/mariadb
 
   # see: https://github.com/bitnami/charts/tree/main/bitnami/mariadb#global-parameters
@@ -459,7 +469,7 @@ mariadb:
   architecture: standalone
 
   ## Enable persistence using Persistent Volume Claims
-  ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
+  ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
   ##
   primary:
     persistence:
@@ -477,6 +487,7 @@ mariadb:
 postgresql:
   enabled: false
   image:
+    registry: docker.io
     repository: bitnamilegacy/postgresql
   global:
     postgresql:
@@ -531,6 +542,7 @@ externalRedis:
 redis:
   enabled: false
   image:
+    registry: docker.io
     repository: bitnamilegacy/redis
   auth:
     enabled: true
@@ -620,7 +632,7 @@ cronjob:
   # Note: crond requires root
   sidecar:
     ## Cronjob sidecar resource requests and limits
-    ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+    ## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
     ##
     resources: {}
 
@@ -640,14 +652,6 @@ cronjob:
     # The command the cronjob container executes.
     command:
       - /cron.sh
-    # Modify schedule
-      # - /bin/sh
-      # - -c
-      # - |
-      #   apt-get update && apt-get install -y gosu
-      #   mkdir -p /etc/crontabs
-      #   echo "*/1 * * * * gosu 33:33 php -f /var/www/html/cron.php" > /etc/crontabs/root
-      #   exec busybox crond -c /etc/crontabs -f -L /dev/stdout
 
   # Uses a Kubernetes CronJob to execute the Nextcloud cron tasks
   # Note: can run as non-root user. Should run as same user as the Nextcloud pod.
@@ -684,9 +688,14 @@ cronjob:
     #         topologyKey: kubernetes.io/hostname
 
     ## Resource requests and limits
-    ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+    ## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
     ##
     resources: {}
+
+    # -- priority class for the cron job.
+    # Overrides .Values.priorityClassName
+    priorityClassName: ""
+
     # Allow configuration of lifecycle hooks
     # ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/
     # Set securityContext parameters. For example, you may need to define runAsNonRoot directive
@@ -718,7 +727,7 @@ service:
   sessionAffinityConfig: {}
 
 ## Enable persistence using Persistent Volume Claims
-## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
+## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
 ##
 persistence:
   # Nextcloud Data (/var/www/html)
@@ -767,6 +776,12 @@ resources: {}
 #    cpu: 100m
 #    memory: 128Mi
 
+# -- Priority class for pods. This is the _default_
+# priority class for pods created by this deployment - it may be
+# overridden by more specific instances of priorityClassName -
+# e.g. cronjob.cronjob.priorityClassName
+priorityClassName: ""
+
 ## Liveness and readiness probe values
 ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
 ##
@@ -849,6 +864,10 @@ imaginary:
   # -- imaginary resources
   resources: {}
 
+  # -- priority class for imaginary.
+  # Overrides .Values.priorityClassName
+  priorityClassName: ""
+
   # -- Optional security context for the Imaginary container
   securityContext:
     runAsUser: 1000
@@ -914,6 +933,7 @@ metrics:
     update: false
 
   image:
+    registry: docker.io
     repository: xperimental/nextcloud-exporter
     tag: 0.8.0
     pullPolicy: IfNotPresent
@@ -921,7 +941,7 @@ metrics:
     #   - myRegistrKeySecretName
 
   ## Metrics exporter resource requests and limits
-  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+  ## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
   ##
   resources: {}
 
@@ -984,12 +1004,12 @@ metrics:
     jobLabel: ""
 
     ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped
-    ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+    #  ref: https://prometheus-operator.dev/docs/api-reference/api/#monitoring.coreos.com/v1.Endpoint
     ##
     interval: 30s
 
     ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended
-    ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+    #  ref: https://prometheus-operator.dev/docs/api-reference/api/#monitoring.coreos.com/v1.Endpoint
     ##
     scrapeTimeout: ""
 
@@ -1028,3 +1048,41 @@ rbac:
 ## @param securityContext for nextcloud pod @deprecated Use `nextcloud.podSecurityContext` instead
 securityContext: {}
 
+# -- Allows users to inject additional Kubernetes manifests (YAML) to be rendered with the release.
+# Could either be a list or a map
+# If a map, each key is the name of the manifest.
+# If an array, each item is a manifest, which can be a string (YAML block) or a YAML object.
+# Each item should be a string containing valid YAML. Example:
+# extraManifests:
+#   - |
+#     apiVersion: traefik.containo.us/v1alpha1
+#     kind: Middleware
+#     metadata:
+#       name: my-middleware
+#     spec:
+#       ...
+#   - |
+#     apiVersion: traefik.containo.us/v1alpha1
+#     kind: IngressRoute
+#     metadata:
+#       name: my-ingressroute
+#     spec:
+#       ...
+# Or as a map:
+# extraManifests:
+#   my-middleware:
+#     apiVersion: traefik.containo.us/v1alpha1
+#     kind: Middleware
+#     metadata:
+#       name: my-middleware
+#     spec:
+#       ...
+#   my-ingressroute:
+#     apiVersion: traefik.containo.us/v1alpha1
+#     kind: IngressRoute
+#     metadata:
+#       name: my-ingressroute
+#     spec:
+#       ...
+extraManifests: []
+