image:
  tag: 22-fpm
  pullPolicy: Always

nextcloud:
  host: share.gnu.one
  extraEnv:
    - name: HTTP_PROXY
      value: http://proxy-squid.proxy.svc.cluster.local:80
    - name: HTTPS_PROXY
      value: http://proxy-squid.proxy.svc.cluster.local:80
    - name: NO_PROXY
      value: .cluster.local
  existingSecret:
    enabled: true
    secretName: nextcloud-user
    usernameKey: username
    passwordKey: password
    smtpUsernameKey: smtp_username
    smtpPasswordKey: smtp_password
  configs:
    proxy.config.php: |-
      <?php
        $CONFIG = array (
           'proxy' => 'proxy-squid.proxy.svc.cluster.local:80',
           'trusted_proxies' =>
              array (
                0 => 'proxy-squid.proxy.svc.cluster.local',
            ),
            'proxyexclude' => ['.cluster.local'],
            'debug' => true,
            'loglevel' => 1,
        );
  extraSecurityContext:
    runAsUser: "33"
    runAsGroup: "33"
    runAsNonRoot: true
    readOnlyRootFilesystem: true
  phpConfigs:
    memory_limit.conf: |
      php_admin_value[memory_limit] = 512M
    tuning.conf: |
      pm = dynamic
      pm.max_children = 64
      pm.start_servers = 12
      pm.min_spare_servers = 8
      pm.max_spare_servers = 24
      pm.max_requests = 1000
             
ingress:
  enabled: true
  annotations:
    nginx.ingress.kubernetes.io/proxy-body-size: 4G
    kubernetes.io/ingress.class: "external"
    kubernetes.io/tls-acme: "true"
    cert-manager.io/cluster-issuer: letsencrypt
#    nginx.ingress.kubernetes.io/server-snippet: |-
#      server_tokens off;
#      proxy_hide_header X-Powered-By;
#
#      rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
#      rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#      rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
#      location = /.well-known/carddav {
#        return 301 $scheme://$host/remote.php/dav;
#      }
#      location = /.well-known/caldav {
#        return 301 $scheme://$host/remote.php/dav;
#      }
#      location = /robots.txt {
#        allow all;
#        log_not_found off;
#        access_log off;
#      }
#      location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
#        deny all;
#      }
#      location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
#        deny all;
#      }
  tls:
    - secretName: nextcloud-tls
      hosts:
      - share.gnu.one

nginx:
  enabled: true

cronjob:
  enabled: false
  curlInsecure: true

internalDatabase:
  enabled: false

externalDatabase:
  enabled: true
  type: postgresql
  host: nextcloud-postgresql.nextcloud.svc.cluster.local
  existingSecret:
    enabled: true
    secretName: nextcloud-postgres
    passwordKey: postgresql-password
    usernameKey:  postgresql-username

postgresql:
  enabled: true
  postgresqlDatabase: nextcloud
  postgresqlUsername: nextcloud
  existingSecret: nextcloud-postgres
  persistence:
    enabled: true

redis:
  enabled: false
  architecture: standalone
  auth:
    existingSecret: nextcloud-redis
    existingSecretPasswordKey: password
  replica:
    replicaCount: 1
  rbac:
    create: false
  podSecurityPolicy:
    enabled: true
    create: true

persistence:
  enabled: true
  storageClass: local-path
  size: 100Gi
  persistence:
    enabled: true

rbac:
  enabled: true

readinessProbe:
  initialDelaySeconds: 60
livenessProbe:
  initialDelaySeconds: 60
startupProbe:
  initialDelaySeconds: 60