image: tag: 22-fpm pullPolicy: Always nextcloud: host: share.gnu.one extraEnv: - name: HTTP_PROXY value: http://proxy-squid.proxy.svc.cluster.local:80 - name: HTTPS_PROXY value: http://proxy-squid.proxy.svc.cluster.local:80 - name: NO_PROXY value: .cluster.local existingSecret: enabled: true secretName: nextcloud-user usernameKey: username passwordKey: password smtpUsernameKey: smtp_username smtpPasswordKey: smtp_password configs: proxy.config.php: |- 'proxy-squid.proxy.svc.cluster.local:80', 'trusted_proxies' => array ( 0 => 'proxy-squid.proxy.svc.cluster.local', ), 'proxyexclude' => ['.cluster.local'], 'debug' => true, 'loglevel' => 1, ); extraSecurityContext: runAsUser: "33" runAsGroup: "33" runAsNonRoot: true readOnlyRootFilesystem: true phpConfigs: memory_limit.conf: | php_admin_value[memory_limit] = 512M tuning.conf: | pm = dynamic pm.max_children = 64 pm.start_servers = 12 pm.min_spare_servers = 8 pm.max_spare_servers = 24 pm.max_requests = 1000 ingress: enabled: true annotations: nginx.ingress.kubernetes.io/proxy-body-size: 4G kubernetes.io/ingress.class: "external" kubernetes.io/tls-acme: "true" cert-manager.io/cluster-issuer: letsencrypt # nginx.ingress.kubernetes.io/server-snippet: |- # server_tokens off; # proxy_hide_header X-Powered-By; # # rewrite ^/.well-known/webfinger /public.php?service=webfinger last; # rewrite ^/.well-known/host-meta /public.php?service=host-meta last; # rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json; # location = /.well-known/carddav { # return 301 $scheme://$host/remote.php/dav; # } # location = /.well-known/caldav { # return 301 $scheme://$host/remote.php/dav; # } # location = /robots.txt { # allow all; # log_not_found off; # access_log off; # } # location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { # deny all; # } # location ~ ^/(?:autotest|occ|issue|indie|db_|console) { # deny all; # } tls: - secretName: nextcloud-tls hosts: - share.gnu.one nginx: enabled: true cronjob: enabled: false curlInsecure: true internalDatabase: enabled: false externalDatabase: enabled: true type: postgresql host: nextcloud-postgresql.nextcloud.svc.cluster.local existingSecret: enabled: true secretName: nextcloud-postgres passwordKey: postgresql-password usernameKey: postgresql-username postgresql: enabled: true postgresqlDatabase: nextcloud postgresqlUsername: nextcloud existingSecret: nextcloud-postgres persistence: enabled: true redis: enabled: false architecture: standalone auth: existingSecret: nextcloud-redis existingSecretPasswordKey: password replica: replicaCount: 1 rbac: create: false podSecurityPolicy: enabled: true create: true persistence: enabled: true storageClass: local-path size: 100Gi persistence: enabled: true rbac: enabled: true readinessProbe: initialDelaySeconds: 60 livenessProbe: initialDelaySeconds: 60 startupProbe: initialDelaySeconds: 60