nextcloud reconfigured

2025-10-17 08:33:35 +02:00
parent 9a8263f158
commit ced1758974
3 changed files with 221 additions and 102 deletions
--- a/argocd/apps/nextcloud/nextcloud.yaml
+++ b/argocd/apps/nextcloud/nextcloud.yaml
@@ -10,119 +10,110 @@ spec:
    repoURL: 'https://nextcloud.github.io/helm/'
    targetRevision: 8.*.*
    helm:
-      parameters:
-        - name: image.repository
-          value: 'nextcloud'
-        - name: image.flavor
-          value: 'fpm'
-        - name: ingress.className
-          value: 'traefik'
-        - name: nginx.enabled
-          value: 'true'  
-        - name: 'ingress.enabled'
-          value: 'true'
-        - name: ingress.servicePort
-          value: 'https'
-        - name: phpClientHttpsFix.enabled
-          value: 'true'
-        - name: phpClientHttpsFix.protocol
-          value: 'https'
-        - name: nextcloud.host
-          value: 'innocloud.innovation-hub-niedersachsen.de'
-        - name: nextcloud.password
-          value: 'InnoHubADMIN_2024!'
-        - name: internalDatabase.enabled
-          value: 'false'
-        - name: redis.enabled
-          value: 'true'  
-        - name: redis.auth.password
-          value: 'redisInnoDBUser'          
-        - name: postgresql.enabled
-          value: 'true'
-        - name: postgresql.global.postgresql.auth.password
-          value: 'pgInnoDBUser'
-        - name: postgresql.primary.persistence.enabled
-          value: 'true'
-        - name: 'endpoint'
-          value: 'innocloud.innovation-hub-niedersachsen.de'
-        - name: ingress.hosts[0]
-          value: 'innocloud.innovation-hub-niedersachsen.de'
-        - name: 'ingress.tls[0].hosts[0]'
-          value: 'innocloud.innovation-hub-niedersachsen.de'
-        - name: 'ingress.tls[0].secretName'
-          value: innocloud-tls
-        - name: ingress.annotations.kubernetes\.io\/ingress\.class
-          value: traefik
-        - name: ingress.annotations.traefik\.ingress\.kubernetes\.io\/router\.tls
-          value: 'true'
-          forceString: true
-        - name: ingress.annotations.traefik\.ingress\.kubernetes\.io\/router\.middlewares
-          value: 'kube-system-hsts@kubernetescrd'  
-        - name: service\.annotations\.traefik\.ingress\.kubernetes\.io\/service\.sticky\.cookie
-          value: 'true'
-        - name: ingress.annotations.cert-manager\.io\/cluster-issuer
-          value: lets-encrypt
-        - name: persistence.enabled
-          value: 'true'
-        - name: persistence.nextcloudData.enabled
-          value: 'true'
-        - name: cronjob.enabled
-          value: 'true'
-        - name: nextcloud.mail.fromAddress
-          value: 'admin'
-        - name: nextcloud.mail.domain
-          value: 'innovation-hub-niedersachsen.de'
-        - name: nextcloud.mail.smtp.host
-          value: '192.168.4.125'
-        - name: nextcloud.mail.smtp.port
-          value: '25'
-
-        # AppAPI DinD Sidecar Configuration
-        - name: nextcloud.extraSidecarContainers[0].name
-          value: 'dind'
-        - name: nextcloud.extraSidecarContainers[0].image
-          value: 'docker:27-dind'
-        - name: nextcloud.extraSidecarContainers[0].securityContext.privileged
-          value: 'true'
-        - name: nextcloud.extraSidecarContainers[0].env[0].name
-          value: 'DOCKER_TLS_CERTDIR'
-        - name: nextcloud.extraSidecarContainers[0].env[0].value
-          value: ''
-        - name: nextcloud.extraSidecarContainers[0].volumeMounts[0].name
-          value: 'docker-sock'
-        - name: nextcloud.extraSidecarContainers[0].volumeMounts[0].mountPath
-          value: '/var/run'
-        - name: nextcloud.extraSidecarContainers[0].volumeMounts[1].name
-          value: 'dind-storage'
-        - name: nextcloud.extraSidecarContainers[0].volumeMounts[1].mountPath
-          value: '/var/lib/docker'
+      values: |
+        image:
+          repository: nextcloud
+          flavor: fpm
        
-        # Extra Volumes für DinD
-        - name: nextcloud.extraVolumes[0].name
-          value: 'docker-sock'
-        - name: nextcloud.extraVolumes[0].emptyDir
-          value: '{}'
-        - name: nextcloud.extraVolumes[1].name
-          value: 'dind-storage'
-        - name: nextcloud.extraVolumes[1].emptyDir
-          value: '{}'
+        ingress:
+          enabled: true
+          className: traefik
+          servicePort: https
+          annotations:
+            kubernetes.io/ingress.class: traefik
+            traefik.ingress.kubernetes.io/router.tls: "true"
+            traefik.ingress.kubernetes.io/router.middlewares: kube-system-hsts@kubernetescrd
+            cert-manager.io/cluster-issuer: lets-encrypt
+          hosts:
+            - innocloud.innovation-hub-niedersachsen.de
+          tls:
+            - secretName: innocloud-tls
+              hosts:
+                - innocloud.innovation-hub-niedersachsen.de
        
-        # Mount Docker Socket in Nextcloud Container
-        - name: nextcloud.extraVolumeMounts[0].name
-          value: 'docker-sock'
-        - name: nextcloud.extraVolumeMounts[0].mountPath
-          value: '/var/run'
+        service:
+          annotations:
+            traefik.ingress.kubernetes.io/service.sticky.cookie: "true"
+        
+        nginx:
+          enabled: true
+        
+        phpClientHttpsFix:
+          enabled: true
+          protocol: https
+        
+        nextcloud:
+          host: innocloud.innovation-hub-niedersachsen.de
+          password: InnoHubADMIN_2024!
+          mail:
+            enabled: true
+            fromAddress: admin
+            domain: innovation-hub-niedersachsen.de
+            smtp:
+              host: 192.168.4.125
+              port: 25
          
+          # DinD Sidecar für AppAPI
+          extraSidecarContainers:
+            - name: dind
+              image: docker:27-dind
+              securityContext:
+                privileged: true
+              env:
+                - name: DOCKER_TLS_CERTDIR
+                  value: ""
+              volumeMounts:
+                - name: docker-sock
+                  mountPath: /var/run
+                - name: dind-storage
+                  mountPath: /var/lib/docker
+          
+          extraVolumes:
+            - name: docker-sock
+              emptyDir: {}
+            - name: dind-storage
+              emptyDir: {}
+          
+          extraVolumeMounts:
+            - name: docker-sock
+              mountPath: /var/run
+        
+        internalDatabase:
+          enabled: false
+        
+        redis:
+          enabled: true
+          auth:
+            password: redisInnoDBUser
+        
+        postgresql:
+          enabled: true
+          global:
+            postgresql:
+              auth:
+                password: pgInnoDBUser
+          primary:
+            persistence:
+              enabled: true
+        
+        persistence:
+          enabled: true
+          nextcloudData:
+            enabled: true
+        
+        cronjob:
+          enabled: true
+    
    chart: nextcloud
  destination:
    server: 'https://kubernetes.default.svc'
    namespace: nextcloud
  syncPolicy:
    managedNamespaceMetadata:
-      labels: 
+      labels:
        pod-security.kubernetes.io/enforce: "privileged"
    automated:
      selfHeal: true
      prune: true
    syncOptions:
-      - CreateNamespace=true
+      - CreateNamespace=true