---
nextcloud:
  debug: false
  # Disable use of internal database
  internalDatabase:
    enabled: false
  # Do not copy default "skeleton" (demo files) for new users.
  skeleton: false

  # Enable and configure MariaDB chart
  mariadb:
    enabled: true
    # Needed to fix https://open.greenhost.net/stackspin/nextcloud/issues/28#note_7070
    volumePermissions:
      image:
        pullSecrets: []
    # initdbScriptsConfigMap: "nextcloud-mariadb-initdbscripts"
    initdbScripts:
      setup.sql: |
        CREATE USER {{ .Values.global.onlyofficeDb.user }} IDENTIFIED BY '{{ .Values.global.onlyofficeDb.password }}';
        CREATE DATABASE {{ .Values.global.onlyofficeDb.name }};
        GRANT ALL PRIVILEGES ON {{ .Values.global.onlyofficeDb.name }}.* TO '{{ .Values.global.onlyofficeDb.user }}'@'%';

  redis:
    enabled: true
    architecture: standalone

  # Use 2 GB of storage for NC storage (maybe make configurable later?)
  persistence:
    enabled: true
    size: 2Gi

  startupProbe:
    enabled: true
    failureThreshold: 60

  nextcloud:
    extraVolumes:
      - name: nextcloud-onlyoffice-config
        configMap:
          name: nextcloud-onlyoffice-config-and-scripts
    extraVolumeMounts:
      - name: nextcloud-onlyoffice-config
        mountPath: /var/local

apps:
  default:
    - name: sociallogin
      # apps[0].enabled needs to be set to true if you want to enable login via an external
      # oauth server. In that case you need to configure all the values in `sociallogin`
      enabled: false
      # Line order is important here for renovatebot! first github_repository,
      # then version
      github_repository: zorn-v/nextcloud-social-login
      version: v5.4.3
      release_filename: release.tar.gz
    - name: onlyoffice
      # Line order is important here for renovatebot! first github_repository,
      # then version
      enabled: true
      github_repository: ONLYOFFICE/onlyoffice-nextcloud
      version: v8.2.0
      release_filename: onlyoffice.tar.gz

setupApps:
  # How many times the setup-apps job can try and fail before it is marked as
  # definitely failed.
  backoffLimit: 6

# Necessary so the chart gets installed (because the requirements.yaml has a
# condition: `condition: mariadb.enabled`). Follow
# https://github.com/helm/helm/issues/5135 for more info.
mariadb:
  enabled: true

global:
  onlyofficeDb:
    # `host` defaults to "{{ .Release.Name }}-mariadb"
    name: onlyoffice
    port: 3306
    user: onlyoffice
    # password: password


onlyoffice:
  # Default values for onlyoffice.

  replicaCount: 1

  # jwtSecret: secret

  # Enable font generation during startup.
  # This takes a long time and is not needed if you don't provide custom
  # fonts.
  # Sets the `GENERATE_FONTS` env var, see
  # https://github.com/ONLYOFFICE/Docker-DocumentServer#available-configuration-parameters
  generateFonts: false

  # Allow chainging unauthorizedStorage and httpsHstsEnabled
  # Useful if you want to make Nextcloud and Onlyoffice work without proper
  # certificates, i.e. when testing or in CI
  # see https://open.greenhost.net/stackspin/nextcloud/-/issues/964
  # Default is to *not* allow unauthorizedStorage and to enforce HSTS
  unauthorizedStorage: false
  httpsHstsEnabled: true

  # Port of onlyoffice server inside docker container.
  containerPort: 8000

  # URL to the server running onlyoffice, replace this with your own domain!
  server_name: onlyoffice.domain

  image:
    # https://hub.docker.com/r/onlyoffice/documentserver/tags
    repository: onlyoffice/documentserver
    tag: 7.2.2.56
    pullPolicy: Always

  strategy: Recreate

  ## Enable persistence using Persistent Volume Claims
  ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
  ##
  persistence:
    # ONLYOFFICE Data (/var/lib/onlyoffice)
    enabled: false
    annotations: {}
    ## nextcloud data Persistent Volume Storage Class
    ## If defined, storageClassName: <storageClass>
    ## If set to "-", storageClassName: "", which disables dynamic provisioning
    ## If undefined (the default) or set to null, no storageClassName spec is
    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
    ##   GKE, AWS & OpenStack)
    ##
    # storageClass: "-"

    ## A manually managed Persistent Volume and Claim
    ## Requires persistence.enabled: true
    ## If defined, PVC must be created manually before volume will be bound
    # existingClaim:

    accessMode: ReadWriteOnce
    size: 2Gi


  nameOverride: ''
  fullnameOverride: ''

  service:
    type: ClusterIP
    port: 9980

  ingress:
    enabled: false
    annotations:
      nginx.ingress.kubernetes.io/proxy-body-size: 20M
    paths: []
    hosts: []
    tls: []

  resources: {}
    # limits:
    #  cpu: 100m
    #  memory: 128Mi
    # requests:
    #  cpu: 100m
    #  memory: 128Mi

  # Custom labels to add to the onlyoffice documentserver deployment.
  deploymentLabels: {}
  # Custom labels to add to the onlyoffice documentserver pod.
  podLabels: {}
  # Custom annotations to add to the onlyoffice documentserver pod.
  podAnnotations: {}

  nodeSelector: {}

  tolerations: []

  securityContext: {}

  affinity: {}

  livenessProbe:
    enabled: true
    initialDelaySeconds: 0
    timeoutSeconds: 2
    periodSeconds: 30
    successThreshold: 1
    failureThreshold: 2

  readinessProbe:
    enabled: true
    initialDelaySeconds: 0
    timeoutSeconds: 2
    periodSeconds: 30
    successThreshold: 1
    failureThreshold: 2

  startupProbe:
    enabled: true
    timeoutSeconds: 2
    periodSeconds: 5
    successThreshold: 1
    failureThreshold: 120

rabbitmq:
  auth: {}
    # password: password
    # erlangCookie: stub

sociallogin:
  update_profile_on_login: 1
  auto_create_groups: 1
  # Because of how we import these settings, single quotes (') are not allowed
  # in any of the values below
  custom_oidc:
    name: remote
    title: Remote login
    authorizeUrl: https://sso.stackspin.example.net/oauth2/auth
    tokenUrl: https://sso.stackspin.example.net/oauth2/token
    userInfoUrl: https://sso.stackspin.example.net/userinfo
    logoutUrl: ""
    clientId: nextcloud
    # clientSecret: YouReallyNeedToChangeThis
    scope: "openid profile email roles"
    groupsClaim: "roles"
    style: ""
    defaultGroup: ""
    groupMapping:
      admin: admin

tests:
  image:
    # https://hub.docker.com/r/cypress/included/tags
    repository: cypress/included
    tag: 12.14.0
    pullPolicy: IfNotPresent
  ssoLogin:
    # Set this to "true" to use the OIDC plugin to log in in the tests
    # Otherwise, username "admin" and nextcloud.nextcloud.password are used
    enabled: false
    username: admin
    # # Uncomment and set to the password of the SSO user
    # password: SET_PASSWORD_HERE
  cypress:
    # Set project ID and record key if cypress screenshots and videos should be uploaded
    # to the cypress dashboard
    projectId: ""
    recordKey: ""
    # Optionally provide git details from selfhosted Gitlab CI
    # commitInfo:
    #   branch:
    #   message:
    #   author:
    #   sha: