apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: nextcloud-main-chart namespace: {{ .Values.argocd.namespace }} annotations: argocd.argoproj.io/sync-wave: "0" notifications.argoproj.io/subscribe.on-sync-succeeded.telegram: "-1002270587578" spec: project: {{ .Values.argocd.project }} source: repoURL: "https://nextcloud.github.io/helm" chart: nextcloud targetRevision: 6.x helm: releaseName: nextcloud valuesObject: # image: # flavor: fpm replicaCount: {{ .Values.nextcloud.replicaCount }} ingress: enabled: false # className: nginx # annotations: # cert-manager.io/cluster-issuer: letsencrypt # nginx.ingress.kubernetes.io/server-snippet: |- # server_tokens off; # proxy_hide_header X-Powered-By; # rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger last; # rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo last; # rewrite ^/.well-known/host-meta /public.php?service=host-meta last; # rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json; # location = /.well-known/carddav { # return 301 $scheme://$host/remote.php/dav; # } # location = /.well-known/caldav { # return 301 $scheme://$host/remote.php/dav; # } # location = /robots.txt { # allow all; # log_not_found off; # access_log off; # } # location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { # deny all; # } # location ~ ^/(?:autotest|occ|issue|indie|db_|console) { # deny all; # } # nginx.ingress.kubernetes.io/enable-cors: "true" # nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For" # tls: # - hosts: # - {{ .Values.nextcloud.url }} # secretName: nextcloud-cert nextcloud: host: {{ .Values.nextcloud.url }} existingSecret: enabled: true secretName: nextcloud-user usernameKey: nc-admin-username passwordKey: nc-admin-password trustedDomains: {{ .Values.nextcloud.trustedDomains }} nextcloud: configs: previews.config.php: |- true, 'enabledPreviewProviders' => array ( 'OC\Preview\Movie', 'OC\Preview\PNG', 'OC\Preview\JPEG', 'OC\Preview\GIF', 'OC\Preview\BMP', 'OC\Preview\XBitmap', 'OC\Preview\MP3', 'OC\Preview\MP4', 'OC\Preview\TXT', 'OC\Preview\MarkDown', 'OC\Preview\PDF' ), ); proxy.config.php: |- array( 0 => '127.0.0.1', 1 => '10.0.0.0/8', ), 'forwarded_for_headers' => array('HTTP_X_FORWARDED_FOR'), ); trusted.config.php: | array ( 0 => 'localhost', 1 => '{{ .Values.nextcloud.url }}', 2 => '10.2.0.0/16', # Adjust this to match your pod CIDR 3 => '127.0.0.1', 4 => 'nextcloud', 5 => 'nextcloud.nextcloud.svc.cluster.local' ), ); # extraInitContainers - might be useful to make sure the LUKS secret is present # nginx: # enabled: true redis: enabled: true auth: enabled: false cronjob: enabled: true internalDatabase: enabled: false externalDatabase: enabled: true type: postgresql host: "nextcloud-db-rw:5432" existingSecret: enabled: true secretName: nextcloud-db-app usernameKey: user passwordKey: password databaseKey: dbname persistence: enabled: true existingClaim: {{ .Values.nextcloud.configPvc.name }} nextcloudData: enabled: true existingClaim: {{ .Values.dataPvc.name }} livenessProbe: enabled: false readinessProbe: enabled: false destination: server: {{ .Values.destination.server }} namespace: {{ .Values.destination.namespace }} syncPolicy: automated: prune: true # Automatically remove resources no longer in the repo selfHeal: true # Automatically self-heal when drift is detected syncOptions: - ApplyOutOfSyncOnly=true - ServerSideApply=true - CreateNamespace=true