innohub/k3s
7
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nextcloud reconfigured

Browse Source
This commit is contained in:
titver968
2025-10-17 08:33:35 +02:00
parent 9a8263f158
commit ced1758974
3 changed files with 221 additions and 102 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
argocd/apps/nextcloud/.nextcloud.bak.swp Normal file
View File

Binary file not shown.

128
argocd/apps/nextcloud/nextcloud.bak Normal file
View File

@@ -0,0 +1,128 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: nextcloud
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: 'https://nextcloud.github.io/helm/'
targetRevision: 8.*.*
helm:
parameters:
- name: image.repository
value: 'nextcloud'
- name: image.flavor
value: 'fpm'
- name: ingress.className
value: 'traefik'
- name: nginx.enabled
value: 'true'
- name: 'ingress.enabled'
value: 'true'
- name: ingress.servicePort
value: 'https'
- name: phpClientHttpsFix.enabled
value: 'true'
- name: phpClientHttpsFix.protocol
value: 'https'
- name: nextcloud.host
value: 'innocloud.innovation-hub-niedersachsen.de'
- name: nextcloud.password
value: 'InnoHubADMIN_2024!'
- name: internalDatabase.enabled
value: 'false'
- name: redis.enabled
value: 'true'
- name: redis.auth.password
value: 'redisInnoDBUser'
- name: postgresql.enabled
value: 'true'
- name: postgresql.global.postgresql.auth.password
value: 'pgInnoDBUser'
- name: postgresql.primary.persistence.enabled
value: 'true'
- name: 'endpoint'
value: 'innocloud.innovation-hub-niedersachsen.de'
- name: ingress.hosts[0]
value: 'innocloud.innovation-hub-niedersachsen.de'
- name: 'ingress.tls[0].hosts[0]'
value: 'innocloud.innovation-hub-niedersachsen.de'
- name: 'ingress.tls[0].secretName'
value: innocloud-tls
- name: ingress.annotations.kubernetes\.io\/ingress\.class
value: traefik
- name: ingress.annotations.traefik\.ingress\.kubernetes\.io\/router\.tls
value: 'true'
forceString: true
- name: ingress.annotations.traefik\.ingress\.kubernetes\.io\/router\.middlewares
value: 'kube-system-hsts@kubernetescrd'
- name: service\.annotations\.traefik\.ingress\.kubernetes\.io\/service\.sticky\.cookie
value: 'true'
- name: ingress.annotations.cert-manager\.io\/cluster-issuer
value: lets-encrypt
- name: persistence.enabled
value: 'true'
- name: persistence.nextcloudData.enabled
value: 'true'
- name: cronjob.enabled
value: 'true'
- name: nextcloud.mail.fromAddress
value: 'admin'
- name: nextcloud.mail.domain
value: 'innovation-hub-niedersachsen.de'
- name: nextcloud.mail.smtp.host
value: '192.168.4.125'
- name: nextcloud.mail.smtp.port
value: '25'
# AppAPI DinD Sidecar Configuration
- name: nextcloud.extraSidecarContainers[0].name
value: 'dind'
- name: nextcloud.extraSidecarContainers[0].image
value: 'docker:27-dind'
- name: nextcloud.extraSidecarContainers[0].securityContext.privileged
value: 'true'
- name: nextcloud.extraSidecarContainers[0].env[0].name
value: 'DOCKER_TLS_CERTDIR'
- name: nextcloud.extraSidecarContainers[0].env[0].value
value: ''
- name: nextcloud.extraSidecarContainers[0].volumeMounts[0].name
value: 'docker-sock'
- name: nextcloud.extraSidecarContainers[0].volumeMounts[0].mountPath
value: '/var/run'
- name: nextcloud.extraSidecarContainers[0].volumeMounts[1].name
value: 'dind-storage'
- name: nextcloud.extraSidecarContainers[0].volumeMounts[1].mountPath
value: '/var/lib/docker'
# Extra Volumes für DinD
- name: nextcloud.extraVolumes[0].name
value: 'docker-sock'
- name: nextcloud.extraVolumes[0].emptyDir
value: '{}'
- name: nextcloud.extraVolumes[1].name
value: 'dind-storage'
- name: nextcloud.extraVolumes[1].emptyDir
value: '{}'
# Mount Docker Socket in Nextcloud Container
- name: nextcloud.extraVolumeMounts[0].name
value: 'docker-sock'
- name: nextcloud.extraVolumeMounts[0].mountPath
value: '/var/run'
chart: nextcloud
destination:
server: 'https://kubernetes.default.svc'
namespace: nextcloud
syncPolicy:
managedNamespaceMetadata:
labels:
pod-security.kubernetes.io/enforce: "privileged"
automated:
selfHeal: true
prune: true
syncOptions:
- CreateNamespace=true

195
argocd/apps/nextcloud/nextcloud.yaml
View File

@@ -10,119 +10,110 @@ spec:
repoURL: 'https://nextcloud.github.io/helm/' repoURL: 'https://nextcloud.github.io/helm/'
targetRevision: 8.*.* targetRevision: 8.*.*
helm: helm:
parameters: values: |
- name: image.repository image:
value: 'nextcloud' repository: nextcloud
- name: image.flavor flavor: fpm
value: 'fpm'
- name: ingress.className
value: 'traefik'
- name: nginx.enabled
value: 'true'
- name: 'ingress.enabled'
value: 'true'
- name: ingress.servicePort
value: 'https'
- name: phpClientHttpsFix.enabled
value: 'true'
- name: phpClientHttpsFix.protocol
value: 'https'
- name: nextcloud.host
value: 'innocloud.innovation-hub-niedersachsen.de'
- name: nextcloud.password
value: 'InnoHubADMIN_2024!'
- name: internalDatabase.enabled
value: 'false'
- name: redis.enabled
value: 'true'
- name: redis.auth.password
value: 'redisInnoDBUser'
- name: postgresql.enabled
value: 'true'
- name: postgresql.global.postgresql.auth.password
value: 'pgInnoDBUser'
- name: postgresql.primary.persistence.enabled
value: 'true'
- name: 'endpoint'
value: 'innocloud.innovation-hub-niedersachsen.de'
- name: ingress.hosts[0]
value: 'innocloud.innovation-hub-niedersachsen.de'
- name: 'ingress.tls[0].hosts[0]'
value: 'innocloud.innovation-hub-niedersachsen.de'
- name: 'ingress.tls[0].secretName'
value: innocloud-tls
- name: ingress.annotations.kubernetes\.io\/ingress\.class
value: traefik
- name: ingress.annotations.traefik\.ingress\.kubernetes\.io\/router\.tls
value: 'true'
forceString: true
- name: ingress.annotations.traefik\.ingress\.kubernetes\.io\/router\.middlewares
value: 'kube-system-hsts@kubernetescrd'
- name: service\.annotations\.traefik\.ingress\.kubernetes\.io\/service\.sticky\.cookie
value: 'true'
- name: ingress.annotations.cert-manager\.io\/cluster-issuer
value: lets-encrypt
- name: persistence.enabled
value: 'true'
- name: persistence.nextcloudData.enabled
value: 'true'
- name: cronjob.enabled
value: 'true'
- name: nextcloud.mail.fromAddress
value: 'admin'
- name: nextcloud.mail.domain
value: 'innovation-hub-niedersachsen.de'
- name: nextcloud.mail.smtp.host
value: '192.168.4.125'
- name: nextcloud.mail.smtp.port
value: '25'
# AppAPI DinD Sidecar Configuration
- name: nextcloud.extraSidecarContainers[0].name
value: 'dind'
- name: nextcloud.extraSidecarContainers[0].image
value: 'docker:27-dind'
- name: nextcloud.extraSidecarContainers[0].securityContext.privileged
value: 'true'
- name: nextcloud.extraSidecarContainers[0].env[0].name
value: 'DOCKER_TLS_CERTDIR'
- name: nextcloud.extraSidecarContainers[0].env[0].value
value: ''
- name: nextcloud.extraSidecarContainers[0].volumeMounts[0].name
value: 'docker-sock'
- name: nextcloud.extraSidecarContainers[0].volumeMounts[0].mountPath
value: '/var/run'
- name: nextcloud.extraSidecarContainers[0].volumeMounts[1].name
value: 'dind-storage'
- name: nextcloud.extraSidecarContainers[0].volumeMounts[1].mountPath
value: '/var/lib/docker'
# Extra Volumes für DinD ingress:
- name: nextcloud.extraVolumes[0].name enabled: true
value: 'docker-sock' className: traefik
- name: nextcloud.extraVolumes[0].emptyDir servicePort: https
value: '{}' annotations:
- name: nextcloud.extraVolumes[1].name kubernetes.io/ingress.class: traefik
value: 'dind-storage' traefik.ingress.kubernetes.io/router.tls: "true"
- name: nextcloud.extraVolumes[1].emptyDir traefik.ingress.kubernetes.io/router.middlewares: kube-system-hsts@kubernetescrd
value: '{}' cert-manager.io/cluster-issuer: lets-encrypt
hosts:
- innocloud.innovation-hub-niedersachsen.de
tls:
- secretName: innocloud-tls
hosts:
- innocloud.innovation-hub-niedersachsen.de
# Mount Docker Socket in Nextcloud Container service:
- name: nextcloud.extraVolumeMounts[0].name annotations:
value: 'docker-sock' traefik.ingress.kubernetes.io/service.sticky.cookie: "true"
- name: nextcloud.extraVolumeMounts[0].mountPath
value: '/var/run' nginx:
enabled: true
phpClientHttpsFix:
enabled: true
protocol: https
nextcloud:
host: innocloud.innovation-hub-niedersachsen.de
password: InnoHubADMIN_2024!
mail:
enabled: true
fromAddress: admin
domain: innovation-hub-niedersachsen.de
smtp:
host: 192.168.4.125
port: 25
# DinD Sidecar für AppAPI
extraSidecarContainers:
- name: dind
image: docker:27-dind
securityContext:
privileged: true
env:
- name: DOCKER_TLS_CERTDIR
value: ""
volumeMounts:
- name: docker-sock
mountPath: /var/run
- name: dind-storage
mountPath: /var/lib/docker
extraVolumes:
- name: docker-sock
emptyDir: {}
- name: dind-storage
emptyDir: {}
extraVolumeMounts:
- name: docker-sock
mountPath: /var/run
internalDatabase:
enabled: false
redis:
enabled: true
auth:
password: redisInnoDBUser
postgresql:
enabled: true
global:
postgresql:
auth:
password: pgInnoDBUser
primary:
persistence:
enabled: true
persistence:
enabled: true
nextcloudData:
enabled: true
cronjob:
enabled: true
chart: nextcloud chart: nextcloud
destination: destination:
server: 'https://kubernetes.default.svc' server: 'https://kubernetes.default.svc'
namespace: nextcloud namespace: nextcloud
syncPolicy: syncPolicy:
managedNamespaceMetadata: managedNamespaceMetadata:
labels: labels:
pod-security.kubernetes.io/enforce: "privileged" pod-security.kubernetes.io/enforce: "privileged"
automated: automated:
selfHeal: true selfHeal: true
prune: true prune: true
syncOptions: syncOptions:
- CreateNamespace=true - CreateNamespace=true