values.yaml

---
nextcloud:
  debug: false
  # Disable use of internal database
  internalDatabase:
    enabled: false

  # Enable and configure MariaDB chart
  mariadb:
    enabled: true
    # Needed to fix https://open.greenhost.net/stackspin/nextcloud/issues/28#note_7070
    volumePermissions:
      image:
        pullSecrets: []
    # initdbScriptsConfigMap: "nextcloud-mariadb-initdbscripts"
    initdbScripts:
      setup.sql: |
        CREATE USER {{ .Values.global.onlyofficeDb.user }} IDENTIFIED BY '{{ .Values.global.onlyofficeDb.password }}';
        CREATE DATABASE {{ .Values.global.onlyofficeDb.name }};
        GRANT ALL PRIVILEGES ON {{ .Values.global.onlyofficeDb.name }}.* TO '{{ .Values.global.onlyofficeDb.user }}'@'%';

  # Use 2 GB of storage for NC storage (maybe make configurable later?)
  persistence:
    enabled: true
    size: 2Gi

  startupProbe:
    enabled: true
    failureThreshold: 60

apps:
  # OIDC consumer
  - name: sociallogin
    enabled: true
  # List of applications that are installed *and enabled*
  - name: onlyoffice
    enabled: true

setupApps:
  # How many times the setup-apps job can try and fail before it is marked as
  # definitely failed.
  backoffLimit: 6

# Necessary so the chart gets installed (because the requirements.yaml has a
# condition: `condition: mariadb.enabled`). Follow
# https://github.com/helm/helm/issues/5135 for more info.
mariadb:
  enabled: true

global:
  onlyofficeDb:
    # `host` defaults to "{{ .Release.Name }}-mariadb"
    name: onlyoffice
    port: 3306
    user: onlyoffice
    # password:


onlyoffice:
  # Default values for onlyoffice.

  replicaCount: 1

  jwtSecret: secret

  # Disable font generation during startup.
  # This takes a long time and is not needed if you don't provide custom
  # fonts.
  # See https://0xacab.org/infrared/platform_wg/docker-onlyoffice-documentserver/issues/10
  # for context.
  skipFontsGeneration: true

  # Allow chainging unauthorizedStorage and httpsHstsEnabled
  # Useful if you want to make Nextcloud and Onlyoffice work without proper
  # certificates, i.e. when testing or in CI
  # see https://open.greenhost.net/stackspin/nextcloud/-/issues/964
  # Default is to *not* allow unauthorizedStorage and to enforce HSTS
  unauthorizedStorage: false
  httpsHstsEnabled: true

  # Port of onlyoffice server inside docker container.
  containerPort: 8000

  # URL to the server running onlyoffice, replace this with your own domain!
  server_name: onlyoffice.domain

  image:
    repository: onlyoffice/documentserver
    tag: 7.1.1.23
    pullPolicy: Always

  strategy: Recreate

  ## Enable persistence using Persistent Volume Claims
  ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
  ##
  persistence:
    # ONLYOFFICE Data (/var/lib/onlyoffice)
    enabled: false
    annotations: {}
    ## nextcloud data Persistent Volume Storage Class
    ## If defined, storageClassName: <storageClass>
    ## If set to "-", storageClassName: "", which disables dynamic provisioning
    ## If undefined (the default) or set to null, no storageClassName spec is
    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
    ##   GKE, AWS & OpenStack)
    ##
    # storageClass: "-"

    ## A manually managed Persistent Volume and Claim
    ## Requires persistence.enabled: true
    ## If defined, PVC must be created manually before volume will be bound
    # existingClaim:

    accessMode: ReadWriteOnce
    size: 2Gi


  nameOverride: ''
  fullnameOverride: ''

  service:
    type: ClusterIP
    port: 9980

  ingress:
    enabled: false
    annotations:
      nginx.ingress.kubernetes.io/proxy-body-size: 20M
    paths: []
    hosts: []
    tls: []

  resources: {}
    # limits:
    #  cpu: 100m
    #  memory: 128Mi
    # requests:
    #  cpu: 100m
    #  memory: 128Mi

  # Custom labels to add to the onlyoffice documentserver deployment.
  deploymentLabels: {}
  # Custom labels to add to the onlyoffice documentserver pod.
  podLabels: {}
  # Custom annotations to add to the onlyoffice documentserver pod.
  podAnnotations: {}

  nodeSelector: {}

  tolerations: []

  securityContext: {}

  affinity: {}

  livenessProbe:
    enabled: true
    initialDelaySeconds: 0
    timeoutSeconds: 2
    periodSeconds: 30
    successThreshold: 1
    failureThreshold: 2

  readinessProbe:
    enabled: true
    initialDelaySeconds: 0
    timeoutSeconds: 2
    periodSeconds: 30
    successThreshold: 1
    failureThreshold: 2

  startupProbe:
    enabled: true
    timeoutSeconds: 2
    periodSeconds: 5
    successThreshold: 1
    failureThreshold: 120

redis:
  auth:
    # Disable redis password authentication altogether.
    enabled: false
  architecture: standalone

rabbitmq:
  auth:
    password: password
    erlangCookie: stub

sociallogin:
  update_profile_on_login: 1
  auto_create_groups: 1
  # Because of how we import these settings, single quotes (') are not allowed
  # in any of the values below
  custom_oidc:
    name: remote
    title: Remote login
    authorizeUrl: https://sso.stackspin.example.net/oauth2/auth
    tokenUrl: https://sso.stackspin.example.net/oauth2/token
    userInfoUrl: https://sso.stackspin.example.net/userinfo
    logoutUrl: ""
    clientId: nextcloud
    # clientSecret: YouReallyNeedToChangeThis
    scope: "openid profile email roles"
    groupsClaim: "roles"
    style: ""
    defaultGroup: ""
    groupMapping:
      admin: admin

tests:
  image:
    # https://hub.docker.com/r/cypress/included/tags
    repository: cypress/included
    tag: 10.4.0
    pullPolicy: IfNotPresent
  ssoLogin:
    # Set this to "true" to use the OIDC plugin to log in in the tests
    # Otherwise, username "admin" and nextcloud.nextcloud.password are used
    enabled: false
    username: admin
    passwordSecret:
      name: stackspin-single-sign-on-variables
      key: userbackend_admin_password
      namespace: flux-system
  cypress:
    # Set record key if cypress screenshots and videos should be uploaded
    # to the cypress dashboard
    recordKey: ""