---
nextcloud:
debug: false
# Disable use of internal database
internalDatabase:
enabled: false
# Enable and configure MariaDB chart
mariadb:
enabled: true
# Needed to fix https://open.greenhost.net/stackspin/nextcloud/issues/28#note_7070
volumePermissions:
image:
pullSecrets: []
# initdbScriptsConfigMap: "nextcloud-mariadb-initdbscripts"
initdbScripts:
setup.sql: |
CREATE USER {{ .Values.global.onlyofficeDb.user }} IDENTIFIED BY '{{ .Values.global.onlyofficeDb.password }}';
CREATE DATABASE {{ .Values.global.onlyofficeDb.name }};
GRANT ALL PRIVILEGES ON {{ .Values.global.onlyofficeDb.name }}.* TO '{{ .Values.global.onlyofficeDb.user }}'@'%';
# Use 2 GB of storage for NC storage (maybe make configurable later?)
persistence:
enabled: true
size: 2Gi
startupProbe:
enabled: true
failureThreshold: 60
apps:
# OIDC consumer
- name: sociallogin
enabled: true
# List of applications that are installed *and enabled*
- name: onlyoffice
enabled: true
setupApps:
# How many times the setup-apps job can try and fail before it is marked as
# definitely failed.
backoffLimit: 6
# Necessary so the chart gets installed (because the requirements.yaml has a
# condition: `condition: mariadb.enabled`). Follow
# https://github.com/helm/helm/issues/5135 for more info.
mariadb:
enabled: true
global:
onlyofficeDb:
# `host` defaults to "{{ .Release.Name }}-mariadb"
name: onlyoffice
port: 3306
user: onlyoffice
# password:
onlyoffice:
# Default values for onlyoffice.
replicaCount: 1
jwtSecret: secret
# Disable font generation during startup.
# This takes a long time and is not needed if you don't provide custom
# fonts.
# See https://0xacab.org/infrared/platform_wg/docker-onlyoffice-documentserver/issues/10
# for context.
skipFontsGeneration: true
# Allow chainging unauthorizedStorage and httpsHstsEnabled
# Useful if you want to make Nextcloud and Onlyoffice work without proper
# certificates, i.e. when testing or in CI
# see https://open.greenhost.net/stackspin/nextcloud/-/issues/964
# Default is to *not* allow unauthorizedStorage and to enforce HSTS
unauthorizedStorage: false
httpsHstsEnabled: true
# Port of onlyoffice server inside docker container.
containerPort: 8000
# URL to the server running onlyoffice, replace this with your own domain!
server_name: onlyoffice.domain
image:
repository: onlyoffice/documentserver
tag: 7.1.1.23
pullPolicy: Always
strategy: Recreate
## Enable persistence using Persistent Volume Claims
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
##
persistence:
# ONLYOFFICE Data (/var/lib/onlyoffice)
enabled: false
annotations: {}
## nextcloud data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
## A manually managed Persistent Volume and Claim
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
# existingClaim:
accessMode: ReadWriteOnce
size: 2Gi
nameOverride: ''
fullnameOverride: ''
service:
type: ClusterIP
port: 9980
ingress:
enabled: false
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: 20M
paths: []
hosts: []
tls: []
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Custom labels to add to the onlyoffice documentserver deployment.
deploymentLabels: {}
# Custom labels to add to the onlyoffice documentserver pod.
podLabels: {}
# Custom annotations to add to the onlyoffice documentserver pod.
podAnnotations: {}
nodeSelector: {}
tolerations: []
securityContext: {}
affinity: {}
livenessProbe:
enabled: true
initialDelaySeconds: 0
timeoutSeconds: 2
periodSeconds: 30
successThreshold: 1
failureThreshold: 2
readinessProbe:
enabled: true
initialDelaySeconds: 0
timeoutSeconds: 2
periodSeconds: 30
successThreshold: 1
failureThreshold: 2
startupProbe:
enabled: true
timeoutSeconds: 2
periodSeconds: 5
successThreshold: 1
failureThreshold: 120
redis:
auth:
# Disable redis password authentication altogether.
enabled: false
architecture: standalone
rabbitmq:
auth:
password: password
erlangCookie: stub
sociallogin:
update_profile_on_login: 1
auto_create_groups: 1
# Because of how we import these settings, single quotes (') are not allowed
# in any of the values below
custom_oidc:
name: remote
title: Remote login
authorizeUrl: https://sso.stackspin.example.net/oauth2/auth
tokenUrl: https://sso.stackspin.example.net/oauth2/token
userInfoUrl: https://sso.stackspin.example.net/userinfo
logoutUrl: ""
clientId: nextcloud
# clientSecret: YouReallyNeedToChangeThis
scope: "openid profile email roles"
groupsClaim: "roles"
style: ""
defaultGroup: ""
groupMapping:
admin: admin
tests:
image:
# TODO: Make a properly tagged Taiko-only image to use here
repository: open.greenhost.net:4567/stackspin/stackspin/stackspin-ci
tag: main
pullPolicy: IfNotPresent
ssoLogin:
# Set this to "true" to use the OIDC plugin to log in in the tests
# Otherwise, username "admin" and nextcloud.nextcloud.password are used
enabled: false
username: admin
passwordSecret:
name: stackspin-single-sign-on-variables
key: userbackend_admin_password
namespace: flux-system