thomas/helm-charts
1
0
Fork 0
Code Issues 2 Pull Requests Packages Projects Releases Wiki Activity

Added nextcloud

Browse Source
This commit is contained in:
Thomas Blarre
2024-11-09 22:09:30 +00:00
parent 1901e0708a
commit d52e217a0f
8 changed files with 202 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

101
nextcloud-syncthing-argocd-apps/templates/nextcloud-main-chart.yaml Normal file
View File

@@ -0,0 +1,101 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: nextcloud-main-chart
namespace: {{ .Values.argocd.namespace }}
annotations:
argocd.argoproj.io/sync-wave: "0"
notifications.argoproj.io/subscribe.on-sync-succeeded.telegram: "-1002270587578"
spec:
project: {{ .Values.argocd.project }}
source:
repoURL: "https://nextcloud.github.io/helm"
chart: nextcloud
targetRevision: 6.x
helm:
releaseName: nextcloud
valuesObject:
image:
flavor: fpm
replicaCount: {{ .Values.nextcloud.replicaCount }}
ingress:
enabled: true
className: nginx
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/server-snippet: |-
server_tokens off;
proxy_hide_header X-Powered-By;
rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger last;
rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo last;
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
deny all;
}
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For"
tls:
- hosts:
- {{ .Values.nextcloud.url }}
secretname: nextcloud-cert
nextcloud:
host: {{ .Values.nextcloud.url }}
existingSecret:
enabled: true
secretName: nextcloud-user
usernameKey: nc-admin-username
passwordKey: nc-admin-password
trustedDomains: {{ .Values.nextcloud.trustedDomains }}
# extraInitContainers - might be useful to make sure the LUKS secret is present
nginx:
enabled: true
redis:
enabled: true
auth:
enabled: false
cronjob:
enabled: true
internalDatabase:
enabled: false
externalDatabase:
enabled: true
type: postgresql
host: "nextcloud-db-rw:5432"
existingSecret:
enabled: true
secretName: nextcloud-db-app
usernameKey: user
passwordKey: password
databaseKey: dbname
persistence:
enabled: true
existingClaim: {{ .Values.nextcloud.configPvc.name }}
nextcloudData:
enabled: true
existingClaim: {{ .Values.dataPvc.name }}
destination:
server: https://kubernetes.default.svc # Targeting the current Kubernetes cluster
namespace: {{ .Values.mainNamespace }}
syncPolicy:
automated:
prune: true # Automatically remove resources no longer in the repo
selfHeal: true # Automatically self-heal when drift is detected
syncOptions:
- ApplyOutOfSyncOnly=true
- ServerSideApply=true
- CreateNamespace=true

48
nextcloud-syncthing-argocd-apps/templates/thomflix-requirements-app.yaml Normal file
View File

@@ -0,0 +1,48 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: nc-syncthing-requirements
namespace: {{ .Values.argocd.namespace }}
annotations:
argocd.argoproj.io/sync-wave: "-1"
notifications.argoproj.io/subscribe.on-sync-succeeded.telegram: "-1002270587578"
spec:
project: {{ .Values.argocd.project }}
source:
repoURL: "https://git.blarre.net/thomas/helm-charts.git"
targetRevision: HEAD
path: nextcloud-syncthing-requirements
helm:
releaseName: nc-syncthing-requirements
valuesObject:
nextcloud:
enable: {{ .Values.nextcloud.enable }}
dbCluster:
numInstances: {{ .Values.nextcloud.dbCluster.numInstances }}
size: {{ .Values.nextcloud.dbCluster.size }}
configPvc:
name: {{ .Values.nextcloud.configPvc.name }}
storageClassName: {{ .Values.nextcloud.configPvc.storageClassName }}
size: {{ .Values.nextcloud.configPvc.size }}
syncthing:
enable: {{ .Values.syncthing.enable }}
configPvc:
name: {{ .Values.syncthing.configPvc.name }}
storageClassName: {{ .Values.syncthing.configPvc.storageClassName }}
size: {{ .Values.syncthing.configPvc.size }}
dataPvc:
name: {{ .Values.dataPvc.name }}
createEncryptedPvc: {{ .Values.dataPvc.createEncryptedPvc }}
storageClassName: {{ .Values.dataPvc.storageClassName }}
size: {{ .Values.dataPvc.size }}
destination:
server: {{ .Values.mainDestination }}
namespace: {{ .Values.mainNamespace }}
syncPolicy:
automated:
prune: true # Automatically remove resources no longer in the repo
selfHeal: true # Automatically self-heal when drift is detected
syncOptions:
- ApplyOutOfSyncOnly=true
- ServerSideApply=true
- CreateNamespace=true

28
nextcloud-syncthing-argocd-apps/values.yaml
View File

@@ -0,0 +1,28 @@
argocd:
namespace: argocd
project: default
nextcloud:
enable: true
dbCluster:
numInstances: 3
size: 4Gi
configPvc:
name: nextcloud-config-pvc
storageClassName: default
size: 1Gi
replicaCount: 1
url: nextcloud.domain.net
trustedDomains: office.domain.net
syncthing:
enable: true
configPvc:
storageClassName: default
size: 100Mi
dataPvc:
name: data-pvc
createEncryptedPvc: true
storageClassName: linode-block-storage-retain-luks
size: 40Gi

16
nextcloud-syncthing-requirements/templates/encrypted-storage.yaml Normal file
View File

@@ -0,0 +1,16 @@
{{- if .Values.dataPvc.createEncryptedPvc -}}
allowVolumeExpansion: true
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: linode-block-storage-retain-luks
namespace: kube-system
provisioner: linodebs.csi.linode.com
reclaimPolicy: Retain
parameters:
linodebs.csi.linode.com/luks-encrypted: "true"
linodebs.csi.linode.com/luks-cipher: "aes-xts-plain64"
linodebs.csi.linode.com/luks-key-size: "512"
csi.storage.k8s.io/node-stage-secret-namespace: luks-keys
csi.storage.k8s.io/node-stage-secret-name: nc-syncthing-data-luks-key
{{- end }}

2
nextcloud-syncthing-requirements/templates/pvc-data.yaml
View File

@@ -1,7 +1,7 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: data name: {{ .Values.dataPvc.name }}
spec: spec:
storageClassName: {{ .Values.dataPvc.storageClassName }} storageClassName: {{ .Values.dataPvc.storageClassName }}
accessModes: accessModes:

2
nextcloud-syncthing-requirements/templates/pvc-nextcloud-config.yaml
View File

@@ -2,7 +2,7 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: nextcloud-config-pvc name: {{ .Values.nextcloud.configPvc.name }}
spec: spec:
storageClassName: {{ .Values.nextcloud.configPvc.storageClassName }} storageClassName: {{ .Values.nextcloud.configPvc.storageClassName }}
accessModes: accessModes:

2
nextcloud-syncthing-requirements/templates/pvc-syncthing-config.yaml
View File

@@ -2,7 +2,7 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: syncthing-config-pvc name: {{ .Values.syncthing.configPvc.name }}
spec: spec:
storageClassName: {{ .Values.syncthing.configPvc.storageClassName }} storageClassName: {{ .Values.syncthing.configPvc.storageClassName }}
accessModes: accessModes:

8
nextcloud-syncthing-requirements/values.yaml
View File

@@ -4,15 +4,19 @@ nextcloud:
numInstances: 3 numInstances: 3
size: 4Gi size: 4Gi
configPvc: configPvc:
name: nextcloud-config-pvc
storageClassName: default storageClassName: default
size: 1Gi size: 1Gi
syncthing: syncthing:
enable: true enable: true
configPvc: configPvc:
name: syncthing-config-pvc
storageClassName: default storageClassName: default
size: 100Mi size: 100Mi
dataPvc: dataPvc:
storageClassName: default name: data-pvc
size: 100Mi createEncryptedPvc: true
storageClassName: linode-block-storage-retain-luks
size: 40Gi